Discussion: Qubes as my main operating system?

[Richard]

I have been using Qubes now for a number of months and would like to use it as my main operating system.  However, the two computers that are running Qubes both experienced different issues that rendered Qubes inaccessible for days.  I understand these things happen and I'm prepared to invest the time resolving these issues. 

However, every now and then I run into issues that I cannot fix alone and receiving the necessary help can sometimes be very difficult to obtain.  Most recently, one of my computers running Qubes went down on January 31 after I applied updates and I still don't know what happened or how to fix it despite a number of requests (see: https://groups.google.com/forum/#!topic/qubes-users/J29MR31OBrw )

Maybe the answer is simply that Qubes isn't at the stage where it can be replied upon.  I'm hoping that is not the answer.  Maybe the answer is that ITL could offer annual support services and receive a steady source of income. 

I'm looking forward to hear your thoughts,

Kind regards,
Richard

[raah...@gmail.com]

need more information, what do you mean went down? Any error messages?

[Tim W]

If you do not mind, what was/is you daily use OS?  Windows Mac Linux Distro?

First I hope you are making backups of any pc you are using for anything important..   You did not give a lot of info but if you were doing bkups did you try re-installing + the bkups from before the update.  That should have at least got you back up and running and you could then find out what the issues might be and not install those updates until you are comfortable its been resolved.  ( of course other steps prior like pulling log files error statements etc) This is how I see things when it comes to running a stable system.,  If you at any version point have a stable system that does all the functions you need (excluding security patches) if you are doing bkups then you basically are GTG for daily use.

Qubes IMHO is certainly daily use ready but you must keep a proper disaster recovery stratigey.  It does not have all those automated (stealling all your personal data) built in apps like Windows or Apple.  

I also think it matters in what are your expectations?   

[Richard H]

Thank you raahelps for your questions, however the purpose of this post is not to get help for my broken Qubes as that is being discussed in a separate thread ( https://groups.google.com/forum/#!topic/qubes-users/J29MR31OBrw).

I started this thread to discuss whether people think Qubes is ready to be used as a main operating system.

[Jeremy Rand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/04/2016 09:45 PM, Richard H wrote:

> I started this thread to discuss whether people think Qubes is
> ready to be used as a main operating system.

For me, Qubes is usable as a main OS; it's been my exclusive OS since
August 2015 (I ran it from an external drive for about a month before
deciding to install it on my internal drive). Before Qubes, I used
Fedora for a year, and Linux Mint for a year before that. So I have a
fairly good understanding of Linux usage.

My experience is that Qubes is slightly more difficult to use than
Fedora, but not by much. And most of the issues I did have were in
the R3.0 release candidates, which were fixed by the final R3.0
release, so I can't really blame the Qubes devs for this; it was my
choice to go with a release candidate. In my opinion, the improved
security is more than worth the slightly more difficult learning
curve. However, for users who haven't used Linux before, I'm guessing
the learning curve will be much worse than I experienced, so my
experience may not be applicable to those users.

Relatedly, Qubes actually is more usable than Fedora in one key way:
backups and computer migrations. Just backup all of your VM's with
the GUI tool, and you have all you need to restore your exact setup if
something goes wrong later. Granted, backups take about 12 hours for
me because of no incremental backups. But other than that, the backup
procedure is quite a bit nicer than what other OS's (both Linux and
Windows) make you do. And the backups have built-in encryption and
integrity checking.

Hope this perspective is helpful. Other people's experience may vary.

- -Jeremy Rand
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWtB+YAAoJEAHN/EbZ1y06t0oP/0ZLLJRkAdv0ub9qTj7PPEJ6
VQChVIoit3jFD6ncpcYZ6DQtVChx+kdxtyHD47hrxk24c3jcWW7J6IuShJuVNhbW
N+1/zNy3roUwjk550ha/ReWYyBsEta7aETYBeQeA52Tby8TQRLdGE3Udb7EHXVeJ
i5SNYWbZJR0sm7MRDpfMlvhf+RVzv3zWXJ9hJq7AkqrT+aNcrs4ahBi8y3ab0Ehd
Wm1T9iR4clMJNNEqHxaJ7xvfqiw2EU8DtdEWNmtYqM584Ljbiko+x4rH4aSaj/0e
38njeU0txJ6SDnwRua00WMuEGL3Mtc77tgqR4zbBCoSRriCX6VOVhOxP8gp3fwoR
8dUpv+x61vQriOb3pjVLxECC0VgWTZiK/02b44mGAEy7QRRMe6U3b72pZYnCPiVQ
lQ84kUgwiqS6LYP2ZrjS++wHTCldUXwzwIFpsXbLodzf0LLc+Rw3Su23fAFYgMLb
uY/cwsqvSDADZ5fZPFh5Mssfr9Z2DglSiWE30LpN610F2eGUhkHAaRb2ao61zCrr
IMtqvpTXXJDXmMrDg1fR4iiP9LUiW88zYIAAAVvB9kN6R6Z47eilyNx1scH8UbMj
p7I6pHL7z3YFTmwSAG9BSYRn4UjxmGSpMMGgQrHRZDG0Ak/JaAyDmrvk/k6frTQf
pZokCCvKkm0YqCFXVhE3
=1wMs
-----END PGP SIGNATURE-----

[Richard H]

Thank you Tim for your reply, I'm running a number of computers, some with Windows and others with Linux (two of which have Qubes).

I appreciate your comments with respect to backups and I haven't lost any important information with the Qubes crash.  I was testing Qubes and using it to see if it would work as my main operating system.  Considering that this was the second time in as many months that I had a system crippling event with Qubes, it made me further think about the larger picture and whether Qubes is ready to be used as a main operating system. 

This is in no way a slight against Qubes, I love Qubes and would love to dump my Window machines and make Qubes my main operating system.  But I rely on my computers every day and can't afford to have computers down for days on end while I try to fix them.  Which goes to your very valid comment about ones expectations.  Which is why I started this post to see whether I was expecting too much from Qubes.

[Richard H]

--

Thank you Jeremy, that is very helpful.

[Tim W]

I think if either 3.0 or 3.1 at any point work reliably for you.  Then as long as you are doing reg bkups then yes.    Since I got my final config of 3.0 set I have not had my system be unsuable just a minor issue here and there but nothing that effected normal use.  I am not at 3.1rc2 with the same.

I do think using a PC or laptop that is one used or very similar to the development team helps.i.e using certain lenovos etc..

[raah...@gmail.com]

On Thursday, February 4, 2016 at 10:46:41 PM UTC-5, Richard wrote:

I think so. If you haven't had any initial hardware problems I think it mainly depends on how comfortable you are using it, which might take a little time to get used to. I have had some minor problems here and there mostly with setting things up, but thanks to this forum I've been able to work them out every time.

I can't tell you how many times fedora has broke or stopped booting on me in the past year. I've only been using qubes since the live usb came out, but ironically qubes hasn't died on me yet.

[Tim W]

In no way did I take it as a slight against Qubes.  Hey its a very advanced system doing something no one else has really done to this level for the public.   But sure its still has some growing pains to get thru.  But its moving fast.  Still I think it does take more than a basic user to keep this system working.   Lets face it most basic users need to be able to do EVERYTHING from GUI; no term.   Qubes has come a long way there a very long way especially with its VMM.   I do think making sure your PC has all wildly supported HW and that its specifically runs well in qubes.    Again this is one of the reasons Lenovo Thinkpad line was one of the first I looked to.

[Alex]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/05/2016 05:06 AM, Jeremy Rand wrote:
> On 02/04/2016 09:45 PM, Richard H wrote:
>
>> I started this thread to discuss whether people think Qubes is
>> ready to be used as a main operating system.
>
> For me, Qubes is usable as a main OS; it's been my exclusive OS
> since August 2015 (I ran it from an external drive for about a
> month before deciding to install it on my internal drive). Before
> Qubes, I used Fedora for a year, and Linux Mint for a year before
> that. So I have a fairly good understanding of Linux usage.

I've been using Qubes as my main OS since R2 rc2, and I went through
the pain of upgrading to R3, which needed a little witchcraft...

I do work as a freelance .NET/Java/python/php developer/code
maintainer, and I used to have a Windows workstation. I still keep
Windows on my laptop and tablet, but I mostly use them for on-the-go
internet access.

I was not 100% sure for both Visual Studio and the Office suite; I
already used firefox and thunderbird on my workstation, and moving
them to Qubes proved easy (and a nice opportunity to clean up the
cruft left by many years of upgrades and plugins in their data directory
).

As for Visual Studio, Monodevelop did fit the minimum requirements;
sometimes I miss IntelliSense, sometimes it unexpectedly stops
understanding (and coloring/underlining) the source code for several
seconds, but it managed to open and compile most of the solutions I
had with VS and can successfully debug all of my code. I use Mercurial
for versioning, so I had no problem with that either (I just had to
install it in the template for the Work AppVM, like I had for Monodevelo
p)

For the Office suite, LibreOffice does meet my minimum requirements; I
do not use much of the advanced functions of the software in the
Office suite, but I expect to be able to manipulate simple
Word/Excel/Powerpoint files, and LibreOffice sort of does that. The
main problem here has been with fonts.

And yes, last but not least, we've come a looooooong way with Fedora
23 (the Fedora 20 I started with was a royal PITA in many ways:
monodevelop and libreoffice from stone age, default shitty fonts), but
the problem of serious fonts remains. I had to install msttcorefonts
and tweak something in the fonts.conf (mainly about rendering hints)
and something with gnome-tweak-tool about aliasing, and I feel that
those customizations could be had from the beginning. But still, now
it's something that can be looked at without having my eyes bleeding
from horror.

I do recommend Pinta as an image editor (a blend of Paint and the
basic functions from Photoshop - like layers) instead of the GIMP and
BLESS as an Hex editor.

On the "hardware" side, I've been using Qubes with two laptops (Asus
Zenbook UX32VD and Asus K550JD) and my current self-built desktop,
with an ASUS Z89A motherboard and some Intel i5 I don't remember more
about. All of them work(ed) nicely, and I use(d) all of them with 3
monitors. I had some problems with Zenbook's Optimus, because of the
NVidia drivers, but in the end it worked. Since Qubes R3 I don't have
NVidia hardware anymore, so I don't know first-hand if there are still
problems with that. I usually put to sleep my computers, and it worked
since R2; I had some problems with hibernation, but didn't try again
since at least 6 months ago, so they may have been fixed now (or may
have depended on hardware I don't use anymore).

What I love about Qubes is separation of my work life, with its set of
firefox bookmarks and its 7 e-mail addresses (mainly postmasters) and
its Pictures folder where I keep the collections of icons I use or
screenshot I prepared for my clients, and the personal life, with its
own set of firefox bookmarks, e-mail addresses, and a Pictures folder
where I keep other stuff =) Still, both of them are on the same
machine and I can use them together without mixing them, like I ended
up doing on Windows.

Long mail, but since the thread calls for personal experiences and
pure discussion, I think it fits. Hope this helps,
- --
Alex

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWtFcPAAoJENNOJZnNP8uDMfIP/3lBM8ItIRqecunuoDGwXdRH
tkb8TqX2H5RqwHlH+9xlAHqef5+d11ErtShQLhAbl2gUilhu/gMUYHs/84ve2vnx
7fWtHw7W5UIrJw1kdxa0A1IjrUg2pxlMcgl51cAOrWG8gOORD8s3aC2EsFZW8QoQ
728xC44M0elO87ys68YOJw75dHCSEUiXYFvvAegjWvrWSii9TgSk2fC6yW9Oowo6
Wyrul6glYR/idBLNmtfVmJ4oKKfgBQav+1szR4FLUeLrDcqWxljFPiBblhnOm77Y
x1BCYCUq8lB+OhipQlBrtNuRmkwLd/GBgo9jRwEbzVOEXYjpNfOXjVezA4Gnn6Ve
T9RUJrkHipqltg25ipujLbMWvH1szAhhoH6GJCfRkkksUqu3rhXC25Gg5EP+1PkN
3cZXP37kF/JTZHTzpx3FwUKfOJoB9Jl20FBKCORSXirYuOXhoVFYOImMjzY24Vrx
xYPT3XjZml9Z4tQ6iVGXM3lzuRZvgD0OwQUGu2G6ZCRkZK4sLzUpjaeLRv12kufU
7zO0xhSeqDFuvYcisDuoUDLAbLLYJN7rQaYfsfGitLbZ8pmd7dm6V/ZBw4VrPZzu
miA93LtIlIYBRG97iyMB0X9b8PP0/XstIvJhNlMxFBkDPrq/15Xt5Giv9ABGH5qo
Ekubzp/5OGWjUyNRiIVt
=kFoN
-----END PGP SIGNATURE-----

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/05/2016 01:35 AM, Richard wrote:
> I have been using Qubes now for a number of months and would like
> to use it as my main operating system.

I'm using Qubes as my main OS since R1-rc2/3
'R1 stable' however had only a pretty short lifetime because of the
new features introduced in R2 - then that's become the most used
version for me.

I'm tried the 3.0 in an early stage - then switched back to R2 -
because that was the real stable version for me.

Now I'm successfully migrated to 3.1-rc2 - and skipped the 3.0.

> However, every now and then I run into issues that I cannot fix
> alone and receiving the necessary help can sometimes be very
> difficult to obtain.

Well if you using a "self managed" operating system, You have to be
able to fix (or workaround) ANY problems. If you are not able to do
that - then you should by some support.
However Linux based desktop support is really not what the average
people are able to afford.

And I do not know any company offering Qubes support yet - not even ITL

> Maybe the answer is simply that Qubes isn't at the stage where it
> can be replied upon.

Depends on how you define: "relied upon"

As I described before I'm using Qubes for ages as my main OS. And
those ages showed that my Qubes laptop was the most secure, the most
reliable, and the shortest "disaster recovery" (backup/restore) plan I
was able to actually USE with - compared to ANY other Linux and or
Windows based workstation used by ma colleges.


Because I was testing qubes versions in really early stages, I made a
lot of backup restore sessions and ALL was smooth. The problems I
mostly faced was always HARDWARE related.




Currently I can't really imagine any other OS to install as my main
desktop than Qubes OS.


- --
Zrubi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWtFoCAAoJEC3TtYFBiXSvyIQP/jEMleT03VTPsSCvC4PZiyIZ
mdWVv2FzSjNVKNWjq0PDaZr8v6BL1sLzF6Hudiw5s1YCZq3k30+diP3ss3HQGT1E
6WQlxcXcQYXMsFri0xY+2m5BvRMc83rx4qoJcIrRCHgVQOkI72xFSZ/+VfMkeLrD
X+cwEq6DcWYAJUGkjsZWURcPDQf91iN7K5+45nNcFljhxQVOd5uSIK7ygR08TwF4
GEzpDrQlM/xfbxA7et5x5yIBfa0R6hdJVUxYwmj6aj6ihD3eVTasBbRvlEZ7iIb8
4qPmO8jN+8POiTGlVQtjqOQwuRxErfLgIsLN8vcRIWptm9fRBJ0JFOhtYgxr1tpx
seHUYorkjoxwYb5xCofWBirJiv6E2/XH7EIfHvH/NHutM6N1retm7q4leq6HS26N
bAy1WgvnmJR+2kEZES2JD7EqRk/jvWDFkXXTUArbF1joljQ3opR0nGN/YAaOsqol
Kpecr4sfcZZ+vJqwopCYZr+rcxexPlZJP9bttz0BQ/riNLaTGc18olI79YNqxlAP
KYsn+94gp/bLVBEHZVlQXVTgh4A2MOtN0jzbhjhoRHEAFoZygfs2KdB+/FJcFTyP
pRxw8VVNy9Qi2PzRF215Z4j9nE3Q3Hw7oTF8SjtEFOv2Tpe+VeUePfjLDgAQbDR3
dBScqJ0YBCSLUgFwMvb5
=R9v/
-----END PGP SIGNATURE-----

[Richard H]

Thank you Zrubi and Alex for sharing, I'm finding it very helpful.

[timet...@gmail.com]

On Thursday, February 4, 2016 at 5:35:47 PM UTC-7, Richard wrote:

> Maybe
> the answer is simply that Qubes isn't at the stage where it can be
> replied upon.  I'm hoping that is not the answer. 

IMO that is the answer.

I think you know that, and are disappointed by it, and hoping someone will tell you something different to enable you. Not me. Qubes isn't ready for "prime time". Period.

[prance...@sigaint.org]

Tim, Zrubi and Alex all make excellent points, so I'll be brief. I came to
qubes from windows with relatively little linux experience. It was a bit
of a steep learning curve, and took some time and effort to get used to,
but no more than it would have switching to debian or fedora. And if you
want to do what qubes excels at: digital partitioning, virtual machine
networking, anonymity and security, then it is actually far easier than
any other OS. I couldn't imagine using anything else now. But if you have
special requirements, particularly if you rely on windows' software, then
you will need to put effort into transitioning. That's a general FOSS
hurdle, not a qubes specific one. The qubes specific problem is hardware.
It's not unlikely that you will need to buy new equipment to run it
stably.

Qubes can definitely be many people's main OS, whether or not it can be
yours depends entirely on you. What you need out of an OS, how much work
you're willing to put in, etc. You may be happier finding a cheap laptop
that is known to be compatible and reserving it for secure work.

[Franz]

I have been using Qubes as main system for 4 years. So lot of experience. The real point is hardware. Qubes is more reliable than Windows and Linux because of the excellent backup system, but ONLY on selected hardware.  To have something really productive you should buy a suitable laptop just to run Qubes and select it on the HCL. Lenovo seems among the most suitable. This is the real problem and the solution.

Yes, when a major architecture change is first released as R3, the first edition may have serious bugs. But nobody would install the last cutting edge experiment for productive use. I recently used R2 and did not even try to install R3 until the current last release appeared. But this seems basic prudence that should be used with any OS.

Best

Fran

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/99097911-e669-42e2-a900-f7fb52fb5cb5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Chris Laprise]

> --

Hi Richard,

I've been using Qubes since 2013 and it has been my main system for over
a year. It does about 75% of what I currently need, and I have had zero
problems with the system becoming unrecoverable (at least not without
some experimentation on my part). I have also found the backup and
restore functions to be adequate for a long time now.

You don't seem to have mentioned what hardware you're using. I think Tim
W's point about that should not be taken lightly: The typical Linux
enthusiast attitude that "it should work if its on a PC" never did that
OS justice on a great many computer models. It instead led to
frustration for many who ignored hardware compatibility lists and
certifications. Just because Windows works smoothly on most models
doesn't mean that Microsoft didn't put considerable effort into fixing
and fine-tuning specific hardware in partnership with PC OEMs; Its easy
to gloss over this aspect of the PC market... which in reality is simply
not a playground for FOSS operating systems. When you then combine the
needs of Linux with Xen, and the fact that Qubes uses Xen in a very
particular way, the field of possibility becomes mostly pitfalls. In my
view, this 'finicky' aspect of Qubes is entirely forgivable given that
we have more than a few recent models that work well with it, and that
the devs recognize this reality and don't create unrealistic expectations.

Hardware/firmware quality and reliability are also factors here.

Knowing this, the best approach is to use the Qubes HCL for choosing a
system. You may notice certain 'mainstay' brands, Lenovo Thinkpad being
primary among them because of their historic status with system
developers, and also their willingness to test and certify certain
models as Linux compatible. Beyond that, you can also try using
Linux-oriented hardware compatibility lists as a rough guide to what may
work with Qubes; For instance, if a model is 3 years old and it still
hasn't shown up as compatible in the Ubuntu HCL (probably the most
complete HCL by far) then chances are you will have significant problems
using Qubes on it.

Chris

[raah...@gmail.com]

I don't see this list being updated though. I think its very important new reports get added to that list, I wouldn't sell it short. Some people have told me they have sent in their report twice and its still not on the list.

I'm about to build a desktop for my mother to use qubes, so I guess that shows you how confident I am it can be used as a main os even by someone who is not computer savvy. The developers have done a good job making sure everything the avg person would need to do in qubes is a point and click away.

What i've been doing is just researching how certain boards run on linux installs, and making sure the manual screenshots of the bios have the properly named settings, for example vt-d. or intel txt...

I'm going with a specific mobo model, and if that doesn't work right with vt-d (although i'm confident it will) I will go with another model recommended to me on #hardware on freenode by a couple guys, and where someone actually tested qubes on it for me with the live usb.

[Richard]

Thank you everyone for your comments, they are very much appreciated.

Richard

[raah...@gmail.com]

welp, now I'm thinking twice about making qubes my mothers main os after reading the thread about installing usb printer. I wasn't even thinking about printing yet it should be one of the first things that comes to mind. I can't believe i overlooked that.

It seems like no matter what printing anything with any method would undermine security of qubes, because printers are just so insecure. But the real issue is mostly how complicated it would be for her regardless.

[Alex]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I do have a Samsung Xpress M2022 usb printer, connected via an
inexpensive TPLink USB-ethernet print server, and installed it in a
separate qubes template (cloned from my main fedora 23 template)

I did set that template as the default for dispVM, so I can easily
print documents with that template.

I don't know (but can imagine) the trouble if I were to set up a
directly-connected USB printer, but an inexpensive USB print server
could really ease the pain.

If you use inexpensive print servers, though, be sure to lock them up
(i.e. no ipv6 address, only local printing, no default password, etc).

- --
Alex

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWtwBAAAoJENNOJZnNP8uDvTkP/2hIBu04rUcGjotHITdxWI60
5NMdcz3HoP5dumTJPsle5ZMfEgqfBnTCPRdJuXHExe2yU/bhrAaEXvQH9hk6bObL
psIjjnhDHf8PNym9QR2nxh6HBI4hEYL9R+o3kxphc0ZBLh14ZwBbUiWyEwxSAaUK
o9ewMjKUjBwJZhwbIThRZltup6GYjXhxu8oenGfViaRcvCSZG0/Kz7RRlRsTw8aJ
Aw4L5JI9gRWnMCvA6NZyPcgNgJt70+JvT+KGca4Ni6ccXvZ8+/I80AU5UBxaRtNH
enmpmhDsKJLDUVsT+7CmXni7QnFjqDV0Bk29wARIU5rirhVe02jxsiRDNcsjpE6C
TgPaGBb1cqfezj+e2jq7DfwgzHOyua6taJztUZYIWra9YMoqoUGxxBIxyerhlllt
ROSkP4bYoAX8zNUQxiY8iViptnLBI93toTLzpF2/vPUAVHKlcbbZWvmz9kpKDNdm
p5O2ghHE0XnCtSRDtkTxhVD2XAX+4RPy5X98L8HOI6YHe6HcBIbJ5Ne42zm13Xil
+5MBpl+FmIDBsoNyBNnjpZLhVTnW/af2PkC7a9jvklG1pGxv997I8PiZY65mbVID
ordo6w2dU8KAN/ZhLiug6bDtqD2Yv+kXTClvJ2xgUT/x7Pk7DA904CdROk3l/oh7
B9gtlXqBbH2lnL3sJ+mp
=wmrV
-----END PGP SIGNATURE-----

[raah...@gmail.com]

Ty Alex, this is going to be my plan, do you recommend any cheap printer server models? I saw francesco recommended one of the same brand in another thread that sells for 40 dollars I was going to look at.

[Alex]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Sorry - I forgot to mention my actual print server... I bought a
TP-Link TL-PS310U - the cheapest I could find on my local Amazon store.

I actually modded it into the printer itself, so I have one power
adapter less and the desk is a little cleaner =) the samsung printer
has some extra empty space on the left, inside the plastic case, and
removing the plastic case of the TPL left me with a circuit small
enough to fit there. It receives power only when the printer is
powered on.

As for the printer drivers, if anybody's going to use a Samsung, their
Universal Printer Driver has to be downloaded and compiled on the
templatevm; the problem is that such driver may leave your exact
printer model behind! When I bought the printer I was on fedora 21, I
downloaded the driver, compiled, installed, and everything was ok - I
could find my exact model from the driver list in the printer settings
panel (system-config-printer). But when I moved to F23 I thought I
could update the drivers, and didn't bother keeping the old
installation files. Now the universal printer driver does not have the
exact model of my printer. Selecting the most similar one (M262x-282x
in my case) did work, but I have the printed page a little smaller
than the actual page - looks like a zoom 95% applied to the original
before printing.

- --
Alex
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWuElaAAoJENNOJZnNP8uDS/EP/2OiLzf6OUOWywtq2SMgXC/o
p53qcdBFw2kAMskyiEyQgeCs4sRNU0aRqjAMaGXeBFn7cu9aAxy8L9QEqUU8YQkE
PxkoE20fzvksA1y0rTODvjyNpIeTuXk+RgC96dO/CCiJ9uhsjF8yXthsdEBv6WHI
46hj1Sppvb3EbI5UjAzeATdC7XkMFro3BAcnpjj+Z9OdoGRGBu/kI0jE2OV3FGoi
92Kxi7xBWBw9nw+ovTQj4L+8ENofXN5Z2RuOPUQO1jrkWbe8LNRBdZ2PYWLQBq80
wBRENH6V5zATpyWUmKafq8udvXVC2j5pBglVnuz5wXe0se2mpa+rwIZdhweQhx4C
NLmEDLA8is9t/B5NYNMZq9lnnVU44CJZ+CRjzR4oJYyUqvwA8rEkurZup0q2YHnI
lhh+QC/FhJOXO88pPQ/nDAymJK9qf2pLTfzeFFVAI+pTeRLcFDH030OTg3eJM8Ai
X+9i8vge3hgfR3oNoTD/HQheKTeMvnbOaUSsGmUWUCJc2PAP5x6G4VMTz0QZJcxr
2Ussjq2QIruZsy0B+T/T6lWL6WNZy1qev/paN4/bLVJrydfBl4H7AB57GVQVKwve
NGPU/ZFq/tqvr0T33yzj/QsS0K/bmfZAZtSIQbv9Xg/RUJo5CThWIG/SU+buLZpg
qyu+5pPjAk3Rem+IyGw0
=aF+e
-----END PGP SIGNATURE-----

[raah...@gmail.com]

wow pretty cool. I notice that one doesn't say linux under system requirements though like the TP-Link TL-PS110U. Although the firmware upgrade for both of them is windows utility, well i can probably do that from a win 7 vm.

[ohhe...@gmail.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Why have you not reported the motherboard "ASUS Z89A" on the Hardware Compatibility List? (https://www.qubes-os.org/hcl/)
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJWydaJAAoJELl89Kfp5xgBQjoP/RY5y1bkeGugLBJqiZlWCUZe
VmSfFoab6Vl63gaxhkzcaKBeAJdXdbpkb1X0Oc00mk79KlhJYKdRNDoafLBRt2Jj
FZzGLVErrjBZJ2ZcqVPdB9RWIsf2QwzJEn4zeRnBMM6p9mfiq4uILTgQa7Of+8Xx
XU3r2b7epUav0rnlRfEC0Nc1SzGjhLlvB4WXRayacowUvmSunfJMQq2ExEkfHmDO
4hv6HWgehk2MgkApY+5g1a07SN5oUbZ10TX1ngd2mP42Qw8SvB0oqFygGpyR+hl+
69VceYtSgThtyN9Qd9y9NOsMMtpUUwjbf68+GaL8oDdlQjIEww7vb+Gr/0svPzL7
RdE5PBLXsKp/AejH6p5rVmNTdlvfPLL/RR7BUHi4/+6fRR/nVQiNBc/SMzkSezkN
TdaVrKlZloukb/dNXjEpWtaX6y7R+tt/x1cc+pt9Z+yyNH2agkXwzxcEYY2C7iBc
2b0X3H4xj9C669YWXRRsqA366aGq1RfIIsFBE+wiGeIz/SKKVaBJhOa8+NSX8x8f
sNfr4qjkn5sia2KfrkQzjUgMNZsk4lJULX08tPhUip0n9oMDTx2yw0tJp95Je3q9
UaHaFGDvT/O8Xlmd+RNWbs35oiC5UEil8vlG/J5KZTuQ1tH226+xrF5WKdGFi8KR
yemCG6a6dXQsdqf3BF5P
=3aBG
-----END PGP SIGNATURE-----

[Jeremy Rand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/21/2016 09:26 AM, ohhe...@gmail.com wrote:
> On Thursday, February 4, 2016 at 10:06:26 PM UTC-6, Jeremy Rand

> -Jeremy Rand

>
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
>
> Why have you not reported the motherboard "ASUS Z89A" on the
> Hardware Compatibility List? (https://www.qubes-os.org/hcl/)
> -----BEGIN PGP SIGNATURE----- Comment: GPGTools -
> https://gpgtools.org
>
> iQIcBAEBCgAGBQJWydaJAAoJELl89Kfp5xgBQjoP/RY5y1bkeGugLBJqiZlWCUZe
> VmSfFoab6Vl63gaxhkzcaKBeAJdXdbpkb1X0Oc00mk79KlhJYKdRNDoafLBRt2Jj
> FZzGLVErrjBZJ2ZcqVPdB9RWIsf2QwzJEn4zeRnBMM6p9mfiq4uILTgQa7Of+8Xx
> XU3r2b7epUav0rnlRfEC0Nc1SzGjhLlvB4WXRayacowUvmSunfJMQq2ExEkfHmDO
> 4hv6HWgehk2MgkApY+5g1a07SN5oUbZ10TX1ngd2mP42Qw8SvB0oqFygGpyR+hl+
> 69VceYtSgThtyN9Qd9y9NOsMMtpUUwjbf68+GaL8oDdlQjIEww7vb+Gr/0svPzL7
> RdE5PBLXsKp/AejH6p5rVmNTdlvfPLL/RR7BUHi4/+6fRR/nVQiNBc/SMzkSezkN
> TdaVrKlZloukb/dNXjEpWtaX6y7R+tt/x1cc+pt9Z+yyNH2agkXwzxcEYY2C7iBc
> 2b0X3H4xj9C669YWXRRsqA366aGq1RfIIsFBE+wiGeIz/SKKVaBJhOa8+NSX8x8f
> sNfr4qjkn5sia2KfrkQzjUgMNZsk4lJULX08tPhUip0n9oMDTx2yw0tJp95Je3q9
> UaHaFGDvT/O8Xlmd+RNWbs35oiC5UEil8vlG/J5KZTuQ1tH226+xrF5WKdGFi8KR
> yemCG6a6dXQsdqf3BF5P =3aBG -----END PGP SIGNATURE-----
>

I'm lost; are you talking to me, or are you replying in the wrong
thread? I don't recall saying that I use an ASUS motherboard....

- -Jeremy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWyhK1AAoJEAHN/EbZ1y06KNwQAMlw29jdYC4Uj9grrU/6EouP
bmswLYmCA0it4dzagYpIP68xksGJtohEZOmBxtbu1o3r5MhomNDl7CG/0vORIPSi
qQzqxqj7vq2pM07MDHspM5wfKSi3FFzseeZeMCRNLWMjrLo9hHY2Wo5607y5/KRY
APwxjMHnuKM0O1CQQ67FmnW9VC4DnCG0vFOTqFhF3HeEoVZPcHeQwWM0eVf79trY
NWQLuogRJlFT6O/tc04kc9y33FMqTtB1avPS12BIaUCYkwWbC+2qdBQF0a40Gzqt
rEVAirGt2RgudYXYd682M8V2hyoV9PdLxnqCl3oNPzMtvZx0LWGsAk7LPC2DcJXd
CIyBsbnlrQtPmQFZxZQD4P8br6hBhkWmxytwN1zBzDP5tmhh0mFs7XY+RIWfZqtr
UJdiyLB7Cxz0QP1GEkzyAR4E9g/zxHsKMbpklDMOdRfXfEGvN/pJpDVU7CKvvjlQ
IabbRIVhEX0La33c0q/qi9lP9odNLl2kYfbTqGUHXr3uvTe22bmZAeZCQ35SB0Fp
k5G3ePAEGZdfeesfYZ73Ok4ZlZysi68z8zCxpUXwA7/h+L9lf4oJwZ2LT9nErC+2
qkPY61UacRRC5J8q2N6TO2W/L8il49giVN4YTMgOtKNW45wb3TqLlrymxJr1vJL6
Y7lpBie8uRaIRSiazS9D
=ruPo
-----END PGP SIGNATURE-----

[raah...@gmail.com]

Doesn't seem like they ever update that list even when people send their report multiple times...

I guess the only thing to do would be see if manual, especially screenshot, shows it has vt-d supported, and see if any reviews on the board being used with linux.

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, Feb 21, 2016 at 11:59:19AM -0800, raah...@gmail.com wrote:
> Doesn't seem like they ever update that list even when people send their report multiple times...

Actually the list was recently updated with all the reports from past 6
months. If you notice any missing report there, let us know.

> I guess the only thing to do would be see if manual, especially screenshot, shows it has vt-d supported, and see if any reviews on the board being used with linux.
>

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWyiB2AAoJENuP0xzK19csnu8H/jWAuA8JJ2NOcoqCTk1W22PE
+VToU0yu0QqKLh4pRge8X8dXRxZEYniFqObZlx0RtEWOElLN0+AECSDxdRss2Rt7
RRySOZ4OaL0xItdgVHpPtBON+fCB9A+2qhMorlyXohZfIMRQvea7S4IqXEjugxdu
/Mt4Wsz1hMw3EKmkpgCrQy+rFuFAY/pURQpbcVj7z9izrJtHn/IDVCo/vMaHvnQW
KTj2XOGznWG3tqqcyeKfN6BlGV9tn/2aJmS1WKjeY0DFY9zBLnHeWntQZn9FS6ur
NWMKg34kA+AZ2MKNPzfGLa66CGl3vjM3/L8pVHBb+MB1glyL2wFlogFtpqbfFWw=
=3V1S
-----END PGP SIGNATURE-----

[raah...@gmail.com]

off the top of my head i remember the asrock b85m pro4 guy posted here twice about it. can't find the thread for some reason.

[raah...@gmail.com]

found it https://groups.google.com/forum/#!searchin/qubes-users/asrock/qubes-users/Z82g5jrJ35M/MF9rIcvRBgAJ

[raah...@gmail.com]

On Sunday, February 21, 2016 at 4:24:13 PM UTC-5, raah...@gmail.com wrote:
> found it https://groups.google.com/forum/#!searchin/qubes-users/asrock/qubes-users/Z82g5jrJ35M/MF9rIcvRBgAJ

is the problem that posting to the mailing list is not the proper way to do it?

[raah...@gmail.com]

if you just type HCL in the search box alot of them are not list, at a quick glance lenovo z50-75, lenovo t550, elitebook 2560p ...

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

That laptops missing was a bug in HCL rendering script, how should be fixed[1].

But for the missing asrock, no idea yet. Theoretically raport is
included here[2] but indeed not listed. Ah, I see - there is missing "-"
at the beginning (should be "---", but is "--"). Fixed too.

[1]
https://github.com/QubesOS/qubesos.github.io/commit/87d3311c13de5dc85e22ea4c4996694b92dfb6d6
(dmidecode sometimes reports type 'laptop', but sometimes 'notebook')
[2]
https://github.com/QubesOS/qubes-hcl/blob/master/ASRock-B85M_Pro4-20160201-220556.yml

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWyjKIAAoJENuP0xzK19cszV4H/0+eaZ1Deki4NwwRJ1vNvGSN
M2pNs2IuURbTYvsw3SGJynL8Fu12Q5gpxzrlZ5Grel01s0IYEa1CSqUA5LPk5mdh
9QZkkMrl63b95YyGztn/ZhczrWEvTzo3tflXs+MCb/Lf2cBnOxgJb/tptEywbzoK
xDJUPXDlctlv6pQJgUJT9L9q5iM+gOrdqhEoQ9RHvtJjaAz+IcOzl02OeURYTX1k
PZbbCb5cuEb/cbM+n7lkMf1GPyVVtV6kMSoIaGJRhIX9wmRwUF1jOGTn+epMgSFt
tFyQDPnPH8PMyyXMTPWLg1Xlkmo6/lPvLezI6k0Nv3AVbv9mBJVTIrXTXdFOCbk=
=Wc9R
-----END PGP SIGNATURE-----

[Bill Wether]

>> Doesn't seem like they ever update that list even when people send their report multiple
> times...

>Actually the list was recently updated with all the reports from past 6
>months. If you notice any missing report there, let us know.

My Supermicro AMD box report wasn't there when I looked earlier today.

Cheers

BillW

[Axon]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

raah...@gmail.com:

That's the right way to do it according to the website, but bear in
mind that keeping the HCL updated is mostly a volunteer project. Sure,
Marek can do it, but that kind of manual data entry is a huge waste of
his time and skills.

Marek, instead of instructing people to send their reports to the ML,
why not instruct them to submit a PR to qubes-hcl with the data
pre-formatted? Then it would be much faster and easier to approve
requests and keep the list updated.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWymSJAAoJEJh4Btx1RPV8J64P/RzSWpmYbJTII7QBmMxvanb0
289n5dWyIpJijI3O6HyJ8jjc9nMqy2FKjDXhzMmawrH6sQ3rimSoXsA2sOTdaTUF
UfmcM8BVulHZizuTzMbE1yVRUkMkHYyUmAq1D18K4uhnJHknn+8xPAQjhE3jK2Y6
4daVEXkJFJW4677UU/QL4X0S1LfvOG7vqEdUKvssuYOgh4/vpkMb00u6mwqPqge/
HSquEVMTawed9Wn0LKs42guW3dXlcZDjxf/iRPP6npf8Eu1aYLCiUDt+8LrBP9Un
QYUygJY7cjkrRNPDNAhNyAeLoGGVRvjZsKj0zW6HJSfCLUX5VGRA9JWMFZPtcpSx
F9wb17VcCCFQXfA01VLuS0McHG6kebGQGg1/ftXWffMsbKXbYidgIgmIEyP1QSX+
dO1eEyfe4RQ3ecYm6Dkzq064JYROgDtyttttHWs17nakKNYKPIkUz1D4iiXFFhUS
AVFBl8k/zbLo4n8E/LJVlJ+pl2U7jnKVS7EHaWbtLaCvz/hd4DhtrqFUpl8GfonZ
/CgJjjWsdDsMlW4b/10A69CeYy8L0GGYEuQcAuwENVe5M3QvUuW/ioxCYgIH6Aws
tROstEsI76zGvmZGFsq6Z5xAXDnMxPucW36hvlLcSGkrqRsV6sUqj82h+ZkkX91p
RgS4n4vTVoybfpKLZmxJ
=m5zR
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Feb 22, 2016 at 01:30:05AM +0000, Axon wrote:
> raah...@gmail.com:
> > On Sunday, February 21, 2016 at 4:24:13 PM UTC-5, raah...@gmail.com
> > wrote:
> >> found it
> >> https://groups.google.com/forum/#!searchin/qubes-users/asrock/
> >> qubes-users/Z82g5jrJ35M/MF9rIcvRBgAJ
> >
> >>
> > is the problem that posting to the mailing list is not the proper
> > way to do it?
> >
>
> That's the right way to do it according to the website, but bear in
> mind that keeping the HCL updated is mostly a volunteer project. Sure,
> Marek can do it, but that kind of manual data entry is a huge waste of
> his time and skills.

Actually HCL is maintained by Zrubi.

> Marek, instead of instructing people to send their reports to the ML,
> why not instruct them to submit a PR to qubes-hcl with the data
> pre-formatted? Then it would be much faster and easier to approve
> requests and keep the list updated.

That's right, but I fear much less people would submit them then.
In current website, including a new HCL entry is just a matter of
copying file (sometimes with little manual edit, like "remarks"
section), so not that much work.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJWynAGAAoJENuP0xzK19csLhYH/1Q4s1pGaq24oseNqTfmDo9r
8sf+fa76CeyfcvWeX+0NdTyLJaU0rLGK8Lz2EYwyedNZqqB1dauggvLMjp/NjwuJ
eHoSaxfFNg4kCpS4V1UIF6DgVN7skDtsC3/F8EEVCYouT9LVJNjMlqcFW2eoMmJw
IEJ4bohb1BLCBHNMWYW+cPnN90APMNMJBY401ernyyikSEA9q4sFT84wQK4UTSsX
loqB0ZjKv8RLcMyy+mha23L8wjkbnxRuTCC1/ajzggCsY7CRETtdZmA6wg7WtPiu
iocMtx+P5Cr6+eLzZ+ysolaAys0JIdGYhaoplpGLEalroNStmojCxZXC327b2Ew=
=6ZoO
-----END PGP SIGNATURE-----

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Then how would anyone think that hidden reports are going to be
included on the HC L page?

If the reporter follow the process described here:
https://www.qubes-os.org/doc/hcl/

It will be included on the HCL page - sonner or later :)

As it was turned out I'm the only one who willing to maintain that
page. And because I'm doing it in my free time - there is no garantie
that I'm able to do it at all.

As Marek already explained we just updated the HCL page.

But even if I keep doing (I will) this (not so interesting) job - I do
not have time to dig the whole mailing list for hidden reports.
Moreover I'm skipping bad/partial/confusing/copy-pasted reports for sure
.

So any of you are feeling the power to make the Qubes HCL page more up
to date - do not hesitate to apply for this role - I'm happy to share
the secrets ;)



- --
Zrubi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWyrXsAAoJEC3TtYFBiXSvrFIP/0H0clUQx0CJczTf08+bDFPQ
8t+pNGdQFUB2LMjtkwAXEqdPk3dAQ3ekz/kRvFamSsig1xM9Q/Gmi//2x+GaqqS4
xC3O3rkjFbaJCUTivpeIkP9JBzoimNyQGKaO3Kp6ZxyjMQGDj0mNo67HeJuRlbPT
A4lTwNlc0RIil49VMkpRlOPbarLVoFWWMCHjEByYbmGE5olXpXnfRCaAqE0mbe9T
vmMbabAGnV3AtJ5WIwwoz/HLM17Zmtx4BNmZ5+mkQI1ZEb91kxJq8YAqtmTjDKtN
hoZkmpAIlYv6kapSDP2f7eB3NkoXXPZnG21aK186NV6aALddGhKCnPWrAP2JQ9IN
j+oPWfC5cf2S6fK2KgtxHSVUqKe6DNrjQRYTM4/NK3PbKVOjCp1dlNKzkBOkXNBy
0Y3o9VTCApTc6H2iZa3xhbpSa1q13E4XAhnNpeoDq9MQMjxTZCXoFldHIa1jsPz/
WwtgN946P80HJ0xOqjsxWcAZAZGx5X0OTIsjCgTUFizortbiZBz6+EcfuLDhWTBC
6FI0gDxAzSVc/wacJzg3mm8VQEUPbTWZJ+I/eI9kmTgKw2tiRbKt43g03bkhnlGd
aD+m5PpTwZCQHIgcBq8TNWcRdi7nRjUxftgRCnhbNy6caZUCOhmV9Ror1/c3zSPC
M/rJAboHBMFi/rIG/0xD
=qInr
-----END PGP SIGNATURE-----

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/22/2016 03:18 AM, Marek Marczykowski-Górecki wrote:

>> Marek, instead of instructing people to send their reports to the
>> ML, why not instruct them to submit a PR to qubes-hcl with the
>> data pre-formatted? Then it would be much faster and easier to
>> approve requests and keep the list updated.
>
> That's right, but I fear much less people would submit them then.
> In current website, including a new HCL entry is just a matter of
> copying file (sometimes with little manual edit, like "remarks"
> section), so not that much work.

We would be able to make it fully automatic, but this is not Windows
10, its Qubes OS
And Qubes care about your privacy, therefore not stealing your data.

The price is the gappy and outdated HCL page.


- --
Zrubi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWyrf0AAoJEC3TtYFBiXSviNUP/0VIe4LsbLEWv7OCoLo/OIpN
fp09+NgQTBSCb/tCbXf7qnWEiQRJeobbOewtWEP2+pJ0QHJGL0w5y7oM1IY5xCmr
FJbb5/i6b/U+RJ6/u0StRnsqNrLqo2QyJdKDkzdCC3IXRN4YUACZsqvX8xcc0O8R
oYhXrp2kzf36SZnwKBqYrRBQPNsSVAi763z92QLUGnz4IjFtGfnAZYMF5uveAOML
oo6o3p7AhkROCiaIRiYgW/Dbop5cPE8Pzh3YzHYBtP9VvsrolGamWyuTUQV3cle0
270cRaznTWN98/zYFlLWIsnmXHO7Lg8kBHD2yyg1tZF2iDMvSg6OZyQwBwRUe+wt
GzyZkNKUdJVwSwkXbkGhX58rdUX+eQzXTvUxe4p9sVFh3lg4/iGmuU8qvhcKqNlT
P222Cx+2T6nJNgYi6i23UMKJtC429wQ3n8lrRljS2TS5s6faEpE+TtZbP7b+mEjo
Wudcsc8243hdKnLealS2L2CLcLa36vkpMFDYGkKXpV8VrDkyRlxdSU6XJP7UMB1l
uxHSzMrxwh7tJUn1IsreS4a7GDqTbKNKgOl2y7KrTBlyJ1qGoP36NQjzvZBp2qEp
kOp3TuLnfyTRxqPaNkOaY/+mmPSzyqIvzCu+MuLcL54EJcSUN1mMyBkPr5NR3bRb
JMeQ1rgkcydFwBy3o3+5
=cMlO
-----END PGP SIGNATURE-----

[Marek Marczykowski-Górecki]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Feb 22, 2016 at 08:25:46AM +0100, Zrubi wrote:
> On 02/22/2016 03:18 AM, Marek Marczykowski-Górecki wrote:
>
> >> Marek, instead of instructing people to send their reports to the
> >> ML, why not instruct them to submit a PR to qubes-hcl with the
> >> data pre-formatted? Then it would be much faster and easier to
> >> approve requests and keep the list updated.
> >
> > That's right, but I fear much less people would submit them then.
> > In current website, including a new HCL entry is just a matter of
> > copying file (sometimes with little manual edit, like "remarks"
> > section), so not that much work.
>
>
> We would be able to make it fully automatic, but this is not Windows
> 10, its Qubes OS
> And Qubes care about your privacy, therefore not stealing your data.
>
> The price is the gappy and outdated HCL page.

An idea: a script which takes mailbox in maildir format and extract HCL
reports automatically. The basic version should be easy (search for
HCL in subject, extract attachment, add link to that mail - from the
footer attached by google groups).

Anyone want to write such script?

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJW0DzhAAoJENuP0xzK19csd8kH/1386iwgIxdH54ScKGWwuVgJ
LLDkF1F3JqM0qW09yBaaamFccClQ+CE+Ng4yMZkKNCUOLH94fN1i//JeZQ6qTyuK
msdNe5QfVNktxzU0ktFXsINt2a/q9gR5h0CXECy96EBYK9e/LiyycaBYYxOu8o+e
BtY7RW3nnqiZTMd8f31xv0Nc6F+l6udPWu2CaZGypXvsSV1O2BY4jQxc9tDk7kmW
iuElrkCxNPWvXjHqVBjVhFGcDkmmmzCXLSJUhbs90EFkw6DQf1DiQPyQKd0HmERM
/9n4QzDK45VPDUUI6ud2XebWlyRBXpXe+mhHUWFFc5r5irWcwAliPIKi8IDCVVM=
=day+
-----END PGP SIGNATURE-----

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/26/2016 12:54 PM, Marek Marczykowski-Górecki wrote:

> An idea: a script which takes mailbox in maildir format and extract
> HCL reports automatically. The basic version should be easy (search
> for HCL in subject, extract attachment, add link to that mail -
> from the footer attached by google groups).

Here are the manual steps for processing the HCL reports:


* open the qubes-users list:
https://groups.google.com/forum/qubes-users

* search for HCL, and process every single report as:

- Download the attached .yml file

- rename the file (remove the Qubes-HCL- 'pre tag')

- edit the file (replace the missing/FIXME tags)
- search for the chipset name by PCI ID (https://pci-ids.ucw.cz)
- READ the HCL mail - to decide how it is works: yes|no|partial
- 'read more' link to the thread:
- credit: Author
- link: link to the single HCL mail


* push all the final report files to git.



I'm not sure if it is worth to build a script for reading a personal
mailbox - but that's my opinion.

My idea is to push the report directly to some server instead - just
like the auto crash reports implemented in many distros out there.


- --
Zrubi

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW0EfAAAoJEC3TtYFBiXSvRPYP/Rk07Z66mMvKjbDt0QSFlm/r
FjDcPP1+3AS0PUJf4PBh4Kg/GJ1I0H7onkNUif7mRFdbEhzdccDNddthqBYNX1Mp
ZDLl/PqSHbp+vN2XbAxxfiV3MsmS/+Av+DxaTK1vLkNIeHbwE7FL6xnS6FcvDJ06
6EuDZ0+jZpX8bNT0uMrljMD5cyXDY/1Pt/uIULig6gZHOOC5O2Bw17xt4KHZ/6q4
bHWKMhA1wVOc6SG6ohnhDv8si5q5OCKAtVTUHkHyFWKKMzlFlEe3OLHb61g+RrGE
2hL912mo44prntqQ7YXkeKf/sIH6YA6WUoEqOgu6ZSxsOmCKwzQLLFhMwe3H4HFS
BPHBg5io+6Mv9+6vmnttIQmSNkvSsahOcAGqpSrKqOxflHc71LPr+xBnmrwAf9q9
osQ0xmNMphcdjP1GSpl5lEtI25PQzUFnlQUS4PDy5hrqGcvwadKxoDoLYtZ0m7w6
cp2ytPzFU+FA4yDJi1lYzOfCgNNUXD6sM6Vfy5XAJtqiWx1V2BO46/wX0atpgPk4
uXu/x+xYe3oLwMstZjoM3lsb6KMP78w6ZokapOACs7XlrOR885oCcFU7t6Fa6iZZ
BJC732AvebzsfT5Q66jw7QcZ8/JGLPGnTzWIimq8qg7H08xc8vQmiU7vfDl+YRJY
l01Mf0ax5+4KJUVUrdVK
=nF/J
-----END PGP SIGNATURE-----

[raah...@gmail.com]

is there a way to submit an hcl report anonymously?

[Zrubi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 02/29/2016 03:18 AM, raah...@gmail.com wrote:
> is there a way to submit an hcl report anonymously?
>

As far as I know the only solution if you send it from an 'anonymous'
email address.


Because:
We always need some user experience feedback. Without that the whole
HCL report is nearly useless.


The other option would be to make some more sophisticated reporting
GUI - like the crash reporting tools out there. But currently we don't
have infrastructure for such a solution.

- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJW1C7pAAoJEC3TtYFBiXSvjJsP/AgbchrC1RZ9ttvpunG9fQN5
SRCl3LBMU3+I+UCjVyNxaQyRFChXtXFpdL5Fvt+uXqEbgIWgNJjkOpnxsW1jcdP5
/vfx1E4AQEcgtIKxjdPDpXR//SCNhA3Q8+rZFgTMd9HrZC/MpbQSmS4H1VyGafvK
wd0NUlKz4R8djwSv+jlwgLUWCFWMEzD+WKUF8Uy19eB8BAYjBJ/WzDD8eSUVZyJq
T2gHDaazBpohpni4AtX5JrdukPKVvR+zaLErpyositrIuJz7SgMHen7u4FTYMt0x
6eFF1fiNLDOx8olw3FSXyQZfASHE9d8vzfiHkq+O2M1vl3qEvSpC8PraQrQZNBCe
gbpHVqqugPXb3WForrBiZ6Ommup/T486MhXIr0W7aKixg5HId6+JYL3s7AYL4lyD
LE1DJ3rcufykKWtafdXGp+y1RwMSzuxYEg2g4oLbXFSnJQKjmocWE9fwteoyLFRG
Dy/4v2kKsJRj0XZddh7FbKPoq3cbsWKX1YGLYS3ZOtMZW6OYmpP32dlyQkXNHaQo
dES681teRqJO8oMDQ11xpMWb8e7gP1ex4UWusLYuj2PLosntEnBNQkPeA6xuCrfn
oeXzLBTEm+kWGZf54YtG5bpWS8SdeJOfDR0xgR91b0lEHrkntosvEOUHDYWWlAlx
Ih83haKAn8lTMSb3pdCq
=MW3f
-----END PGP SIGNATURE-----

[raah...@gmail.com]

Well I think if there was an option to send reports to a non mailing list address, and when peoples names or handles weren't put on the hcl list, more people would send in reports. I don't see why that would stop user feedback. just my opinion.

[Manuel Amador (Rudd-O)]

On 02/29/2016 11:43 AM, Zrubi wrote:
> On 02/29/2016 03:18 AM, raah...@gmail.com wrote:
> > is there a way to submit an hcl report anonymously?
>
>
> As far as I know the only solution if you send it from an 'anonymous'
> email address.
>
>
> Because:
> We always need some user experience feedback. Without that the whole
> HCL report is nearly useless.
>
>
> The other option would be to make some more sophisticated reporting
> GUI - like the crash reporting tools out there. But currently we don't
> have infrastructure for such a solution.
>

I would be willing to set up some sort of server that would process HCL
HTTP POST uploads and then provide an API to query those uploads, as
well as an API to browse / download those uploads in bulk or
interactively (in that case, as text/plain, not as text/html). Happy to
do so, in fact. But that system would require some user interaction, or
some heavy validation at the very least, because I don't want it to
become a pastebin system for bullshit.

Come to think of it, I could set up a Gopher server to do that job :-)
None of that HTTP spam shit.

--
Rudd-O
http://rudd-o.com/

[george]

I love Qubes OS. I use it on my main computer, (mainly for isolating different contextual identities online and to restrict Webcam and microphone. I'm paranoid and now I feel a lot safer.)
I'm getting used to it, little by little, and I don't plan to switch away from it. Some people say that 2 passwords to get in and isolating everything is "overkill". I don't know, but to me... it's reasonably secure ;)
I love bragging to my friends that I use Qubes, too. I got my Linux school teacher interested, too.

- George -

[raah...@gmail.com]

I feel more paranoid then ever. A week after building a qubes machine for my family I believe some people on irc stole our credit cards and maxed them out...

Now some will say well its my fault for pissing people off on irc. Or its probably not qubes that got compromised but some remote server, or vendor, or mitm attack somewhow.

And while that all may be true, the timing sure is an amazing coincidence. I was already inquiring about these things expecting this might happen because I know I'm a target but qubes didn't help us much. We were extra careful and I feel like someone did this to prove a point. And I don't know how far they went. I sure don't feel too good anymore using an os thats only securing us by isolation and is not really hardened at all. I was under the impression that qubes protected the bios somehow, but the more I think about it, how is that even possible? Maybe i'm misunderstanding how qubes protects the bios compared to a regular os. But for example if the network card gets compromised, like we assume it will, isn't it possible it will affect the bios? I also don't like using an os where I don't have full control of the firewall or even have any insight into the io or network activity thats going on in the background, so not like i would know if the qubes machine was doing anything strange anyway.

When talking to qubes users who are "security experts" they act like a browser attack is something rare, and as if you need / for a persistent compromise.

We went back to a windows 10 machine because why torture my family with a buggy o/s that doesn't even shutdown properly half the time unless you manually close all the appvms. Thats always showing failed to return memory messages in the qubes manager. Where there is a 50 percent chance a vm will break somehow when attaching a block device to it. Where its frustrating to use a usb printer and scanner. Where we can't even take advantage of the hardware performance like usb 3.0 port or gpu. Where the windows hvm is hit or miss it will work properly. A couple times i've wiped vms or formatted usb sticks, to find out information was still saved on the pc somehow when reloading the vms.... I can go on and on, its definitely nothing more then just a cool tech experiment which I can't take seriously anymore.

IMO I'm better off using an oem machine with intel bootguard and a hardened live linux amnesiac cdrom for sensitive things like banking and online transactions.

[qu...@qubu16.sbrk.co.uk]

On Wed, Mar 09, 2016 at 11:34:41AM -0800, raah...@gmail.com wrote:
> I feel more paranoid then ever. A week after building a qubes machine
> for my family I believe some people on irc stole our credit cards and
> maxed them out...

That does indeed sound very paranoid.

> Now some will say well its my fault for pissing people off on irc.
> Or its probably not qubes that got compromised but some remote server,
> or vendor, or mitm attack somewhow.

I don't believe any reasonable person would say it's your fault.

> IMO I'm better off using an oem machine with intel bootguard and a
> hardened live linux amnesiac cdrom for sensitive things like banking
> and online transactions.

I don't see how this makes you better off. Intel bootguard appears
to help you assert that some worthless bios configuration is as
worthless as it once was. I'm not asserting that qubes proves
anything stronger.

If you can't verify that your BIOS and option ROMs aren't what
they were when you first bought the machine (or after you upgraded
them), what does it matter if you boot from CD?

Paul

[R.B.]

On 03/09/2016 08:34 PM, raah...@gmail.com wrote:
> We went back to a windows 10 machine because why torture my family with a buggy o/s that doesn't even shutdown properly half the time unless you manually close all the appvms. Thats always showing failed to return memory messages in the qubes manager. Where there is a 50 percent chance a vm will break somehow when attaching a block device to it. Where its frustrating to use a usb printer and scanner. Where we can't even take advantage of the hardware performance like usb 3.0 port or gpu. Where the windows hvm is hit or miss it will work properly. A couple times i've wiped vms or formatted usb sticks, to find out information was still saved on the pc somehow when reloading the vms.... I can go on and on, its definitely nothing more then just a cool tech experiment which I can't take seriously anymore.
>
> IMO I'm better off using an oem machine with intel bootguard and a hardened live linux amnesiac cdrom for sensitive things like banking and online transactions.
>

As a long-time Linux user - 16 years now - I've experienced the
hit-and-miss on Linux when it comes to hardware. Sometimes you get
lucky, sometimes you end-up with tech you can't use, these days I pick
my hardware more carefully. My Lenovo x200t was a well thought-out
choice. Windows was gone the same day it got in. I got lucky when
Qubes-OS came along and worked pretty much out of the box.

Now I got that Dell XPS 13 that is a complete hit when it comes to Linux
(if you count Ubuntu), but a sour miss when I tried Qubes. This is an
example where for one part I choose my Hardware carefully concerning
Linux in general, but missed miserably when it came to Qubes.
Still, I use Qubes-OS on a regular basis and I'm getting more used to
it. I use compartmentalization more and more. USB-2 goes to a separate
VM for sticks-and-disks and USB 1.1 is for dom0 (USB-HID). One private
domain is for mail and stuff, but shopping, banking or surfing in
general is done is a dispvm. On the other hand, I'm still aware that my
hardware security is weak, so I have to act accordingly.

Maybe the issues of Raahelps could be caused by an evil-maid -like
attack or lack of domain-hygiene (Multi-purpose domains are dangerous).
Still we have to remember, if you are a target, there are no guarantees.
No matter what platform you use.
Good luck to you @Raahelps with recovering.

Every platform has it's issues. For me, the human part is still the
weakest link. I wouldn't dare to put my family on Qubes-OS and expect
them to work with it like I know is good for security. Just look around
and see how people react to (perceived) barriers. They find way around
them with the result that the security measures put in place become
nullified. For people to work with a platform like this, in a secure
way, it has to be in their interest _and_ within their "field of
vision". If people can't see the benefits of the (perceived) barriers,
then compartmentalization just won't work and you might as well use
Linux, Windows or Mac without virtualisation.

I can speak from experience when it comes to security vs usability as
perceived by normal users. Even tech-savvy people are more likely to cut
corners than to uphold security-best-practices. Or in case of Qubes-OS,
domain-hygiene. You might have more luck with experienced, trained and
with knowledge of how computers can be hacked.

To get back on topic. Sorry people ;-)
I find the OS fascinating, but I have no illusions that it works on
whatever hardware platform. I've used anything from Linux From Scratch,
Gentoo to Ubuntu SuSe and Fedora and now Qubes-OS. Linux based platforms
provide a challenge for me, but I'm careful to advice it to others. It
all depends on the software used or willingness to invest in a learning
curve.

I do hope more people will find Qubes-OS a valuable platform and are
able and willing to help to support it.

Special Thanks to Joanna and Marek for this awesome and innovative platform!

RB

[raah...@gmail.com]

Paul, the digital world is no different then the physical. Thats the first thing people in the industry fail to realize. Its also true that the guy that robs your house is someone you've come in contact with 9 times out of 10.

Its also always user error 9 times out of 10, in any definition of the words you look at. Whether socially or technically.

It is my understanding that intel bootguard tries to prevent a bios compromise in the first place. As opposed to something like aem which basically just lets you know when its time to replace your hardware. I don't know what you mean by "worthless bios configuration".

You might have the money to replace your hardware everytime your tpm fails, that is if it actually detects anything thats changed.(reading joannas latest papers has me wondering) But i'm more worried about not detecting anything in the os rather then the firmware at this point.

[raah...@gmail.com]

I had no trouble finding hardware that works properly with qubes. IMO< if the manual specifically says it supports vt-d, has legacy bios support, and is not too cutting edge but also not ancient, there should be no problems using it with qubes. My hardware issues with usb 3.0 and gpu are qubes or virtualization problems or by design. As far as all the other issues I have, these are general bugs the qubes team has to work out.

I do find it insulting to your family, that you would think they are not capable of separating personal stuff with a personal vm, or banking or shopping vm, or a random browsing untrusted vm. Thats just silly. Qubes is really not that hard to use and I think some people just want to believe it is so they can feel special using it. I find what helps in your trusted vms is firewall settings to https only, hardened browser with noscript, etc. This way if your family member accidentally clicks a link in an email or social media it won't even load a page most likely. The part that takes more getting used to is copying and pasting between vms, updating templates. Or opening files in a disposablevm. If they have victims of a cyber crime, which 1 out of 3 americans have been. I think they would have no problems doing these things and would deem them "in their best interest".

The problem really becomes the fact we also have to trust the servers and websites we are connecting to even in our trusted vms. We have to trust the browsers have no 0 days currently being shared among the criminal elite. And we have to hope noone is targeting us specifically knowing we are running qubes. At this point i think everything should be done in a disposable vm at all times if possible. And if thats the case I'll feel even more comfortable just using a hardened live cdrom.

[R.B.]

On 03/10/2016 04:08 AM, raah...@gmail.com wrote:
> On Wednesday, March 9, 2016 at 4:29:28 PM UTC-5, R.B. wrote:
>> On 03/09/2016 08:34 PM, raah...@gmail.com wrote:
>>> We went back to a windows 10 machine because why torture my
>>> family with a buggy o/s that doesn't even shutdown properly half
>>> the time unless you manually close all the appvms. Thats always
>>> showing failed to return memory messages in the qubes manager.
>>> Where there is a 50 percent chance a vm will break somehow when
>>> attaching a block device to it. Where its frustrating to use a
>>> usb printer and scanner. Where we can't even take advantage of
>>> the hardware performance like usb 3.0 port or gpu. Where the
>>> windows hvm is hit or miss it will work properly. A couple
>>> times i've wiped vms or formatted usb sticks, to find out
>>> information was still saved on the pc somehow when reloading the
>>> vms.... I can go on and on, its definitely nothing more then
>>> just a cool tech experiment which I can't take seriously
>>> anymore.
>>>
>>> IMO I'm better off using an oem machine with intel bootguard and
>>> a hardened live linux amnesiac cdrom for sensitive things like
>>> banking and online transactions.
>>>

>> Maybe the issues of Raahelps could be caused by an evil-maid -like
>> attack or lack of domain-hygiene (Multi-purpose domains are
>> dangerous). Still we have to remember, if you are a target, there
>> are no guarantees. No matter what platform you use. Good luck to
>> you @Raahelps with recovering.
>>
>> Every platform has it's issues. For me, the human part is still
>> the weakest link. I wouldn't dare to put my family on Qubes-OS and
>> expect them to work with it like I know is good for security. Just
>> look around and see how people react to (perceived) barriers. They
>> find way around them with the result that the security measures put
>> in place become nullified. For people to work with a platform like
>> this, in a secure way, it has to be in their interest _and_ within
>> their "field of vision". If people can't see the benefits of the
>> (perceived) barriers, then compartmentalization just won't work and
>> you might as well use Linux, Windows or Mac without
>> virtualisation.
>>

> I do find it insulting to your family, that you would think they are
> not capable of separating personal stuff with a personal vm, or
> banking or shopping vm, or a random browsing untrusted vm. Thats
> just silly. Qubes is really not that hard to use and I think some
> people just want to believe it is so they can feel special using it.

Looks like families don't compare to one-another. I'm sorry you see it
that way. There are more things to consider apart from fan-boy-ish
behavior. I do try to show people how easy it is, but lets just say I
have different audience apparently...

> I find what helps in your trusted vms is firewall settings to https
> only, hardened browser with noscript, etc. This way if your family
> member accidentally clicks a link in an email or social media it
> won't even load a page most likely.

Nice touches... Thanks for sharing the firewall-part.

> The part that takes more
> getting used to is copying and pasting between vms, updating
> templates. Or opening files in a disposablevm. If they have victims
> of a cyber crime, which 1 out of 3 americans have been. I think they
> would have no problems doing these things and would deem them "in
> their best interest".

No shortage of motivation indeed....

[raah...@gmail.com]

people still think linux is as hard to use as when you started 16 years ago. But in reality ubuntu is as easy to use as windows. Imo, there is 0 difference in usability. It usually boils down to not wanting to change programs someone is familiar with which may not be cross platform compatible or have an equivalent program available.

But this has nothing to do with a learning curve. The problem is people assume their family and friends won't be able to learn linux, or they refuse to hold their hand with tech support or show them the alternatives, so the false perception that linux is much harder to use then windows is spread.

I don't think it boils down to "fan-boy-ism" I think it boils down to inferiority complexes and the need to feel superiorly intelligent over others. This also leads to people giving overly complicated solutions to what otherwise should be simple and practical ones.