Qubes OS 4.0 first release candidate (rc1) has been released!

2054 views
Skip to first unread message

Marek Marczykowski-Górecki

unread,
Jul 31, 2017, 7:43:28 AM7/31/17
to qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

We have just released Qubes 4.0-rc1:

https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZfxfZAAoJENuP0xzK19cswOMH/0k+rDX8EuoGXduK+q7zltmT
nZ06yFh5nzUIA0x8gi6XyFAL/Ph68d0WARKIB2r7X+e2IChG9WbXnBZAzLmnpwRP
G0PwkYSMQNeVxv7dT9cTyOXtFScZlfhTJtJAhd40LuuLB1tMbfA+wEQVYT4eR7r3
q7wftZRz5L6AAYZ2ofeDAkraIYF2i0PBC7NZeDnKKR6vT09S4a590HzqJukDz+Ob
HbOB3PhumFbCpISNjIhtPNgUitXbUreC1Wfc3hFF35UgzMatWzskP/lXeIZxztUI
TO+X7FsO3QO7LXJXidD7IZrPH6FWLfIL1Dhms8sj2MVuA1Ug5bayuYwJ/G4ci3Y=
=SV8T
-----END PGP SIGNATURE-----

f.tut...@gmail.com

unread,
Jul 31, 2017, 2:09:57 PM7/31/17
to qubes-users
I don't like that Qubes Manager was removed.
I am also looking for an icon for Backup/Restore. As long as I can't find this option I can't restore my VMs and this release is useless for me.

P R

unread,
Jul 31, 2017, 2:37:14 PM7/31/17
to f.tut...@gmail.com, qubes-users
Hello,

Am 31.07.2017 8:09 nachm. schrieb <f.tut...@gmail.com>:
I don't like that Qubes Manager was removed.

I can understand that this might feel strange, but after getting used to it you can do anything (even more than with Qubes Manager) from the command line/CLI.

As far as I have understand, the option is there that someone can program a Qubes GUI, but this is not in scope of the Qubes Core Team, which seem ro be focussed more on the "real"/difficult Qubes stuff.
I think this is a good decision, but having something like a "legacy" Qubes Manager for Newbies might be helpful for beginners.

I am also looking for an icon for Backup/Restore.

You can do backup and restores from the CLI (at least on Qubes 3.2) and I am sure that this can also be done in Qubes 4 RC1.
In dom0:
qubes-backup-restore --help
... will tell you exactly what you need to do.

 As long as I can't find this option I can't restore my VMs and this release is useless for me.

Have you tried to do a restore via CLI?
If you run into problems, just tell us where exactly the problem is and we'll figure it out.

I'll download RC1 this evening and will also restore my Qubes 3.2 VMs.
I can then update this post with a short how-to.

- PhR

Foppe de Haan

unread,
Jul 31, 2017, 3:04:07 PM7/31/17
to qubes-users, f.tut...@gmail.com
Tiny bug with 4rc1 (clean install): qvm-copy-to-vm doesn't exit once done transferring data.

Eva Star

unread,
Jul 31, 2017, 3:14:43 PM7/31/17
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Very good news, thanks :)

On 07/31/2017 02:43 PM, Marek Marczykowski-Górecki wrote:
> Hello,
>
> We have just released Qubes 4.0-rc1:
>
> https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/
>
>

- --
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZf4FCAAoJEGSin3PC/C0A/ZMQALsV5RzgmGmCu0JoDUROzG5u
a2nkQjtlh2uIeDOtd1xkYdOjtpoOv6Jllpjef/PJF01txwgz5paNRyvu+cW2hc2C
LNVeff6alf7rhDlZX11ZY6WI17ld/P/yQv/rlW6gQjW6Is5prMb6DKIhzx+1XoGS
W4SQmHThkT8ZGZ/fiuqxLHXKgSh/JWxG/De1KpSf0CByU6ugh2CGbOKV4RPHwa4X
Z6WMfvECr+KCvl7vqYmwQaBwKD2gNag5bKuy0DNpXKIyHf33CGFHVvfT6uPoTg40
RtRUSp/uw+mZAjKIzCzOn82gt4aeLVvczF3jvE2Prk0Td8CThQCwUxPXw4IcUZ8m
RSuxYspYYKz11WLZtM7pCDl+CkfrlM/ZUU88RJJ6waeVRPa2m0oM0d4dFn210usk
Uc5UOC0/sKqh15ZH3rlaHK0+CfKyMYyNEMYN6vGME1bzLkOZ3g/ZLmL5EzUuL7mn
NwlS1JkCX5yXUfZ+Xa0SnI4ZIWDxqzvyjY4VORAZxTua72R3iOYOKb/xU/N7CX91
vhZ9yamW3F3mnbiUYrP38tiVhH6XKhsfxzdotBVq5CuIccKlK1BrkEfKXZJDQuze
55MdXmbTaIDpivA5zfWjA7CDPHy82az3Aa7+XwaieD3jmX+jPYNXbXWBnRnLTCUz
oBTFff76TAPKfQt8kouU
=KJGq
-----END PGP SIGNATURE-----

f.tut...@gmail.com

unread,
Jul 31, 2017, 3:42:07 PM7/31/17
to qubes-users, f.tut...@gmail.com
I was able to restore all of my VMs via CLI but after restoring I couldn't start any VM.
Will downgrade to 3.2 and will wait for final release of 4.0 and I hope that this will then be fixed.

miki

unread,
Jul 31, 2017, 4:10:08 PM7/31/17
to qubes-users

Hi,
HVM Standalone option is greyed out. Also the --cdrom option no longer exists with the qvm-start command. Does anyone know if this is related to some Stubdom changes/problems and will be supported again in the final release?

P R

unread,
Jul 31, 2017, 4:12:06 PM7/31/17
to f.tut...@gmail.com, qubes-users
Hello,


Am 31.07.2017 9:42 nachm. schrieb <f.tut...@gmail.com>:

I was able to restore all of my VMs via CLI but after restoring I couldn't start any VM.
Will downgrade to 3.2 and will wait for final release of 4.0 and I hope that this will then be fixed.

Of course you can go straight back to 3.2 but as this is release candidate feedback could be helpful.
What happens when you start one of the AppVMs from the CLI?
Output/Error messages?

Have you tried to launch a template VM also, not only the AppVMs?

- PhR

Holger Levsen

unread,
Jul 31, 2017, 4:42:59 PM7/31/17
to Marek Marczykowski-Górecki, qubes-users
On Mon, Jul 31, 2017 at 01:43:20PM +0200, Marek Marczykowski-Górecki wrote:
> We have just released Qubes 4.0-rc1:

awesome!

I've installed it on a lenovo x260 and upon the end of the installation I had some
error concerning sys-firewall stating "could not find capabilities for arch=x86_64",
despite that the installation seemed successful. But then when I logged into the
installed system and ran "qvm-run personal xterm" I got the same:

$ qvm-run personal xterm
Running 'xterm' on personal
personal: Start failed: invalid argument: could not find capabilities for arch=x86_64

IOW: this doesnt work for me at all. Happy to test+debug further though if someone
has an idea what to do…


--
cheers,
Holger
signature.asc

Marek Marczykowski-Górecki

unread,
Jul 31, 2017, 4:46:30 PM7/31/17
to qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Do you have VT-x enabled in BIOS?

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZf5ccAAoJENuP0xzK19csMK0IAIYI/zVfwmAj7Zn8Ywja8oRQ
+s4EjLS+okL5bGDt+l86BOuVrtFi0W/9ugKWQgwab+MUEzfot4Y1IMUcIQG57Ee0
UPXXSFxY9TG93wgtgq1qPLp3j6rU7gD14DYiE8hoSkAa7XmqT5eMA/u4kKD7Mp0Q
cvGtcj+2qNiN2Klt+rSqAZhnQU/SbPNJncRTsI3QeU0Jvny2RT2/M5re261wa3cO
JlNv0vLojgQQ0TIaL/ObeZLN4RfQScCldNTlkecjgjASEFiiNokfLRFC1wAtvlOe
CGcY09DV0AXGKexmTxxE2rj6ayDloYGzhG7CWXHxCB9N3yHuCF2dHyPgA+F9Ff4=
=OXeO
-----END PGP SIGNATURE-----

Holger Levsen

unread,
Jul 31, 2017, 5:17:51 PM7/31/17
to Marek Marczykowski-Górecki, qubes-users
On Mon, Jul 31, 2017 at 10:46:19PM +0200, Marek Marczykowski-Górecki wrote:
> Do you have VT-x enabled in BIOS?

doh, indeed it was disabled. (Which slightly puzzles me as I had running Qubes 3.2 running
on this machine before…)

Now I get another error OTOH, but I'll try a fresh reinstallation of 4.0rc1 first, before
reporting that exact error…

Thanks!


--
cheers,
Holger
signature.asc

Micah Lee

unread,
Jul 31, 2017, 5:23:20 PM7/31/17
to qubes...@googlegroups.com
On 07/31/2017 04:43 AM, Marek Marczykowski-Górecki wrote:
> Hello,
>
> We have just released Qubes 4.0-rc1:
>
> https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

I just installed Qubes 4.0-rc1 on a Lenovo ThinkPad T440 which runs
Qubes 3.2 without a problem. After installing it, when I boot up, grub
works, but then as soon as Qubes starts to boot the computer reboots,
and I end up back in grub.

Any ideas on how to start troubleshooting?

Foppe de Haan

unread,
Jul 31, 2017, 5:34:35 PM7/31/17
to qubes-users, mi...@micahflee.com
start by pressing esc to switch to text boot. Maybe get a camera so you can capture the error msg before reboot. If that doesn't provide enough info, you can try enabling debugging in the boot options by adding the relevant parameter.

Rusty Bird

unread,
Jul 31, 2017, 6:23:22 PM7/31/17
to Micah Lee, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Micah Lee:
> I just installed Qubes 4.0-rc1 on a Lenovo ThinkPad T440 which runs
> Qubes 3.2 without a problem. After installing it, when I boot up, grub
> works, but then as soon as Qubes starts to boot the computer reboots,
> and I end up back in grub.

I ran into the same behavior on a T420. Removing iommu=no-igfx from
the Xen command line fixed it. [1]

If that doesn't help, _adding_ console=vga should let you see what's
going on.

Rusty


1. https://github.com/QubesOS/qubes-issues/issues/2841#issuecomment-318172669
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJZf62qXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfGk4P/A0pdDRjuAVchC6oy4XF4cqB
pYRckVY4hET5yvMY3bqU2NIILbfwkK0XGztAvoKEuF9eqT6sfeq8ZwKdtL02gXD0
O14Nig4oXXg3+uRhBaDA12wMKu6wuPRZ0fUjtPZk/KyP6/v24sGIxHTicSDJUpve
8u+yqJYOzqZSw8907YdMwe6vEZoDAeqXbb0nA7ngdmzSdIX3z5T2iG5SOEnRjZ64
U/1uS5OdEir7tbks+L/Xh+NSWmfk4pnMKFmF8rV1+3/bVToMmOWOQAcbgQIoMElL
tK+3aWqPOHX1+66qk07xIC8Uq+ORQOsHRRA0c2wUX03EY/23RNW1OzYlRlmBIWyb
xfJOdw5U8R2wSheO1wUyMO1hQ52W3fx8e927UjTaTAGzJ7t1UJ8wN1e5ZyurKLuI
iwVCaCq0o4AHsQbHsOdoRNNuIrzy12N3ZHPMaDQrw3UAX840/fDPAeg8aCi0Sr/6
CAKcu/wJUXTb24/6mRYBlDIRGtMd8f8UAAq37ikUBxOZB2EdYdYZHoedoTyqzSP6
SfponcAUSUG9KIOPLJDWG5OJSCuVJisMA0ScdnByRCdULvDaFcMlDWwee/7f8bbQ
JJ6IxF1BgyJdJ/8OoQViSx2055Glj8tYPivm7I0XDfTs0Cx6zGhlAWNv7ro30xYT
Pt+Wa4/IsIzuLB8HhlnL
=IbPe
-----END PGP SIGNATURE-----

Holger Levsen

unread,
Aug 1, 2017, 1:19:21 AM8/1/17
to Marek Marczykowski-Górecki, qubes-users
On Mon, Jul 31, 2017 at 09:17:43PM +0000, Holger Levsen wrote:
> Now I get another error OTOH, but I'll try a fresh reinstallation of 4.0rc1 first, before
> reporting that exact error…

whoohooo - that fresh installation on an x260 for the first time showed
reliable suspend+resumes, I've done 42 suspends of the machine (which, granted,
was not doing anything) and it successfully resumed 42 times \o/

which to me is quite very amazing, running qubes 3.2 I'd estimate the success
rate rather to be 60% or so, maybe 70%… (while the same machine running
Debian 8 also had 99.x% successful resumes…)

so far so very good. i'm curious whether this will also be the case with qubes
3.2.1 and a 4.9 kernel (so far only tried with the older 4.8 one from the
qubes repos…)

(but then, see the other mail on this list about my problems installing the
4.9 kernel on qubes 3.2…)

OTOH, wireless didnt work after a few resumes (qubes 4.0rc1), i assume this
can be fixed by unloading+reloading the module, but…

I'm happy as long as resume works.


--
cheers,
Holger, who really did those 42 suspends and resumes…
signature.asc

f.tut...@gmail.com

unread,
Aug 1, 2017, 2:56:53 AM8/1/17
to qubes-users, f.tut...@gmail.com

I can't start any VM (AppVM & Template VM) even the Template VM that was created freshly with 4.0 installation can't start.

lok...@gmail.com

unread,
Aug 1, 2017, 3:27:44 AM8/1/17
to qubes-users, marm...@invisiblethingslab.com, hol...@layer-acht.org
On Tuesday, 1 August 2017 13:19:21 UTC+8, Holger Levsen wrote:

> so far so very good. i'm curious whether this will also be the case with qubes
> 3.2.1 and a 4.9 kernel (so far only tried with the older 4.8 one from the
> qubes repos…)
>
> (but then, see the other mail on this list about my problems installing the
> 4.9 kernel on qubes 3.2…)

I'm having hangs on resume with kernel 4.9 on a Latitude E7470. That suggests to me that you'll probably have the same problem.

Zrubi

unread,
Aug 1, 2017, 5:25:23 AM8/1/17
to Marek Marczykowski-Górecki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07/31/2017 01:43 PM, Marek Marczykowski-Górecki wrote:
> https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

My Very First Impressions:

- - the "test this media & install Qubes" is hanging forever on my T450.
Before the graphical "qubes loader screen", I see some strange error
messages. Need to be fast to capture however. Was not lucky to get it.

- - The isntall process is really looooong.
Not debugged jet but the creating initramfs seems to be running forever.
But at least was successfull at the end :)

- - the missing Qubes Manager is a pain.
- - the 'replacement' in the task bar is small and buggy:
the tooltip? like thing is randomly shirk to unusable. But too
samll in general. I have 40 vm's right now.

- - the vm setting windows is the old one, no new features are usable
from that GUI :(

- - memory balancing are enabled on PCI asigned VM's.

- - network manager applet is (still?) not show on first start.
need to restart the sys-net VM to shown.


- - still only 8 available colors for the VM's. :(((
Again: I have 40 of them.

- - no VM status GUI. :(
The old Qubes manager would be fine till a the new tools(?) not ready
for use.

- - the 'new' Qubes firewall solution causing more confusions.
- mixed iptables and nftables? why?
- the old GUI not allow to use the new features.
- even if Allow is the default policy I see a DROP rule at the end.
Why? :o

- - qubes-hcl-report is not included.
just tested it (the latest version from github) and it working with
4.0 out of the box.

- - no KDE group available
Maybe the same reason with the recent 3.2?
Probably I'm the last KDE user under Qubes - and I just started to
migrate to XFCE because of the unresolved issues with KDE since the
3.2 release. And see no progress in 4.0

So I would really appreciate some statement if Qubes will really drop
KDE support. I can accept that, but then I not waste my time trying to
make it work. Instead focusing to fix the XFCE issues I have ;)

- - the default login screen is just ugly. I know that this is not the
first priority, and not even a technical issue. But new users will see
that ugly thing first. So it's should be a Qubes skinned one. at least.


- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZgEjuAAoJEH7adOMCkunmiz8QAIESj31RZibLg4BapsXKIk5a
gUxZVMOkhDrc+N5serF28S1Ps5UnYemPOKSoYPUfZyk4C+5l8jk3GeyU5nO6Tvp0
Hrwsxj3gzgBUxYkSatqTCkICXtoR2K+X93IAPJWtjmOUi6VLQG00IpiPyHsdPPHF
MSjtQ6iJB4qyHzeUe0hzul/AektyOz2APO/ebojcdwlEZLVZpJZjrKD5YIUQYDzA
fafJE6una8ZxC1FULKFoqWCRbUMe396D1tuo1FIUhXG1Cnc/o8x4Xp2FW6SkzZRl
IEoKJPX4vFoHysUCeefOgfhjHKF5if+E3g47eZb+63sFvaS9aCFNAoPH4CiXnEkO
PaLLggR12etQP+4KQacnszKdl+mh4h+5ZAlus/LjPdlNUVh7t/M1dfv3J1qLAzcw
cDM9+OKFGmP9ThIHD+SgiNxIKsWSCctt4IdYsXjEJMEN+X6LHVOQY6F038ekkDZe
dhTaNv/RRrzR8sIEtafLQzBA0R2DLXM5sOPrZXKmcv4B3UTMFfo5sfS0xtqPn1z5
xjOjnk/uC9+pNOoAH1lusSHp/mUbFcikF1t9yMe6GFBeKIzQbJba+Hac6zPS4lIM
EK2/RksLRxKXP6/3u6lVMc2f5DK5IOVGW3aBEVsSa6C8Ve+O84ElVXs7/ueY8U8F
D2SOB+X0NIUUkEWk+936
=qI1g
-----END PGP SIGNATURE-----

Marek Marczykowski-Górecki

unread,
Aug 1, 2017, 7:02:27 AM8/1/17
to Zrubi, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Aug 01, 2017 at 11:25:11AM +0200, Zrubi wrote:
> On 07/31/2017 01:43 PM, Marek Marczykowski-Górecki wrote:
> > https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/
>
> My Very First Impressions:
>
> - the "test this media & install Qubes" is hanging forever on my T450.
> Before the graphical "qubes loader screen", I see some strange error
> messages. Need to be fast to capture however. Was not lucky to get it.

I've seen some problems with USB 3.0 on T460p. Basically it throws a lot
of I/O errors - sometimes during boot, sometimes in the middle of
installation. Using USB 2.0 stick, or USB 2.0 hub (or just cable)
helped.

> - The isntall process is really looooong.
> Not debugged jet but the creating initramfs seems to be running forever.
> But at least was successfull at the end :)

Is it just about initramfs and "post installation tasks" - compared to
the whole installation time? There may be some bug causing initramfs
being generated twice (or more...) - I think I've fixed something like
this before, but maybe not all the places. If you think it's important,
please open issue on github.

> - the missing Qubes Manager is a pain.
> - the 'replacement' in the task bar is small and buggy:
> the tooltip? like thing is randomly shirk to unusable. But too
> samll in general. I have 40 vm's right now.

What do you mean by "randomly shirk to unusable"? Can you provide a
screenshot?

> - the vm setting windows is the old one, no new features are usable
> from that GUI :(

Sadly that's true. Working on major features (like Admin API) took much
more time than anticipated, and we didn't want to delay 4.0 any further.
In practice there are not so much missing things, that are useful for
normal usage. I'd say this list:
- booting from external disk (useful to install windows)
- firewall rules
- network settings (custom IP, etc)
- allow starting DispVM out of this AppVM

I've created this ticket to track it:
https://github.com/QubesOS/qubes-issues/issues/2949

If you think some more will be useful, please comment there.

> - memory balancing are enabled on PCI asigned VM's.

In practice it is not, because VM itself have it disabled if have some
PCI device. So the issue is reporting it in GUI.

> - network manager applet is (still?) not show on first start.
> need to restart the sys-net VM to shown.
>
> - still only 8 available colors for the VM's. :(((
> Again: I have 40 of them.

Most backend code to support more labels is done. The (important!)
missing part is window manager support. AFAIR currently only awesome and
xfce4 generate colorful borders dynamically, other window managers
(especially KDE) have it hardcoded.

If you want to try, take a look here:
https://www.qubes-os.org/doc/admin-api/
Then use qubesd-query tool to issue those API calls. For example:
echo -n 0x00ffff | qubesd-query dom0 admin.label.Create dom0 cyan

(testing this, I've found you need to kill `qvm-start-gui --all --watch`
process and start it again after creating label)

> - no VM status GUI. :(
> The old Qubes manager would be fine till a the new tools(?) not ready
> for use.

What do you mean? Domains widget is specifically there to show you
VM status.

> - the 'new' Qubes firewall solution causing more confusions.
> - mixed iptables and nftables? why?

What do you mean by mixed? Setting for VMs are applied using nftables if
supported (Fedora), or iptables when not (Debian). Not both.

> - the old GUI not allow to use the new features.
> - even if Allow is the default policy I see a DROP rule at the end.
> Why? :o

To fail closed - if something goes wrong, there will be that DROP rule
at the end anyway.

> - qubes-hcl-report is not included.
> just tested it (the latest version from github) and it working with
> 4.0 out of the box.

Oh, I don't know how it happened. Will fix it shortly.

> - no KDE group available
> Maybe the same reason with the recent 3.2?

Probably, I will look into it shortly.

> Probably I'm the last KDE user under Qubes - and I just started to
> migrate to XFCE because of the unresolved issues with KDE since the
> 3.2 release. And see no progress in 4.0
>
> So I would really appreciate some statement if Qubes will really drop
> KDE support. I can accept that, but then I not waste my time trying to
> make it work. Instead focusing to fix the XFCE issues I have ;)

I think we can say that KDE migrated from "ITL supported" to "community
supported". OTOH Fedora 25 in dom0 brings also updated KDE, so maybe
some issues are fixed.

> - the default login screen is just ugly. I know that this is not the
> first priority, and not even a technical issue. But new users will see
> that ugly thing first. So it's should be a Qubes skinned one. at least.

Hmm, I do see Qubes logo in the background there. Do you have something
different?

Thanks for detailed report/review, we really appreciate it!
We receive a lot of emails, so if there is some actionable items, better
create issue on github, so we will not loose it...

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZgF+7AAoJENuP0xzK19csyZ8H/R20VMWtuRrdTUHt/24Kpeer
w4wqxoNgW2kcXOBORGV5aWk4S7HBA74g50G/Uk+SdfkTkvTNgFxw0UY8yYlDuHnO
buWob7x8psbidgDfmlo2CkZN114qbJ7jzCpKWM1uyODrvGmASnBaBMLmlT3Cxxyp
aPCzr7SddNqi/rTG2UGoctLEMztVekTg9ACbXKd07w/vt03BCDLCowtcIfx3E4vm
te36EsNHR8O+VDIYSO20G9FabaknMuGy6IIthRot6zmWk+jdFglrKjSf6DjOo34S
297Eu43CVmtxkGVAiFoERI+7hj6jyR86onOuRrDC0qdO9WJLxkVpjSQSMU8Bjio=
=65ED
-----END PGP SIGNATURE-----

Rusty Bird

unread,
Aug 1, 2017, 7:04:25 AM8/1/17
to Zrubi, Marek Marczykowski-Górecki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Zrubi:
> So I would really appreciate some statement if Qubes will really drop
> KDE support. I can accept that, but then I not waste my time trying to
> make it work. Instead focusing to fix the XFCE issues I have ;)
>
> - the default login screen is just ugly. I know that this is not the
> first priority, and not even a technical issue. But new users will see
> that ugly thing first. So it's should be a Qubes skinned one. at least.

Or, if the login screen isn't needed anymore (to switch between XFCE
and KDE), why not get rid of it entirely:

# mkdir /etc/lightdm/lightdm.conf.d
# cat >>/etc/lightdm/lightdm.conf.d/99-autologin.conf <<END
[SeatDefaults]
autologin-user=USERNAME
END

Rusty
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJZgF/WXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfSPUP/jbW0wXOz2sljJXz4jQhy5Qq
6CY/MseG+8XkqS34QEZMOQpJTrA0j86faPxr5Sl4DGgi/lRrT2dcGdn5vCgIDYqF
71ITz0yieJ0iaX/Kt1H92qNm5Rfl7PV0kUvog3wfmj2pZfLixBFp83yzScLPOWbV
gZ3ZSGPncq75WVVVWn/1NJAIPZtLUqFQnoxt4Z3wrglpFaaoLESHbBFLIq1sVEwh
iA6Rf0dLu0yqXBXR41abUqR42XRodQETB10cK1glTDNZN4qhEfzCJJJ3wN6Ow0e9
012XbI4NBvWkdiSo+jSPUvoym4vs+B9WLsd86AtaeeZRFSQu8+Y/PRb6rMwfRMaZ
sDQNLxb38d/9TId5+Sgz026aL16/MlZOOMKQ1X93Wx/pv6u2y95gYYXlnrmv7pNC
KFR+emmV5Yr2eJytXrwRY+ZUzM6TPPu6rhVaWS78PV/Ns3lgWdvY+WULt6PPdR3l
Hrdbvs7G/IJfFhTf+79msKazelqjPEEBWCc36AeGxrJHHFPB4LfwR0UX7x4PJDqh
0UFpR+s/R0HgVwE/jU3rRi6NkfSfl0oyb5PVM/lsZjBpYm6y10Xf0XLq20KJ4iEy
x/NsUNj4uEZzBU1Xm8F4YYy1LwaTrQJRFIPkabz57/PPyvKwhsAOx86MdCQCucAn
n2zJdS86zae/7kezosVA
=CApl
-----END PGP SIGNATURE-----

Jean-Philippe Ouellet

unread,
Aug 1, 2017, 10:51:26 AM8/1/17
to Zrubi, Marek Marczykowski-Górecki, qubes-users
On Tue, Aug 1, 2017 at 7:02 AM, Rusty Bird <rust...@openmailbox.org> wrote:
> Zrubi:
>> So I would really appreciate some statement if Qubes will really drop
>> KDE support. I can accept that, but then I not waste my time trying to
>> make it work. Instead focusing to fix the XFCE issues I have ;)
>>
>> - the default login screen is just ugly. I know that this is not the
>> first priority, and not even a technical issue. But new users will see
>> that ugly thing first. So it's should be a Qubes skinned one. at least.
>
> Or, if the login screen isn't needed anymore (to switch between XFCE
> and KDE), why not get rid of it entirely:
>
> # mkdir /etc/lightdm/lightdm.conf.d
> # cat >>/etc/lightdm/lightdm.conf.d/99-autologin.conf <<END
> [SeatDefaults]
> autologin-user=USERNAME
> END

Consider a briefly-unattended laptop protected by only a lock screen.

Normally the attacker would need a way to kill the X screensaver
without killing the X session. Would the above make crashing the X
session (and thus being dropped back to the display manager which
auto-logs-in) sufficient to gain access?

If so, this sounds like a bad idea (or at least an argument for
something like physlock).

tiopa...@googlemail.com

unread,
Aug 1, 2017, 1:47:37 PM8/1/17
to qubes-users
Why not include the Qubes Manager? It's a good simple tool, and those who wish to use the CLI instead would still be free to do so.

Thanks for all the work on 4.0 BTW. And 3.2. And 3.1 ...

Rusty Bird

unread,
Aug 1, 2017, 2:01:14 PM8/1/17
to Jean-Philippe Ouellet, Marek Marczykowski-Górecki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jean-Philippe Ouellet:
Ah, I hadn't thought about that. I've been using physlock since
forever, if only to avoid seeing XScreenSaver's fonts...

Rusty
-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJZgMHXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfyhoQAJOGYIxs/dD8H81yHH+cBQSj
r5pDoBgiWqsyBaa1RgxnfKaODRCVs3HT5CnuchxNMobTrPleH2JF04MpQ0NDHvfu
Us6OQ52CC27TxyXUkE0pa0TPGSPD4Y7aTbXVLRQ3jDDnbmOdXYvvlFrEIIWNTVCQ
p6PkHdhSet9guAXNEYV2xGQO12fxfWaqHUxHXViJ10vaYc+Puex/RgGegQp3V35W
nf4V7Mex+v5oalvKPhCR93PyVt2/pVZHbC1s/sDc4kNkrrs6Ji85cWI+KgNz6fu4
STSp3Gu/boD6pgUzjZ07zBa/LkN6hpGgcUl+tkw3iW095AI7YKO6U59wI5jyEI+T
s9W0Oo3NxaI1piBek0StV6vJ2TnLxDslhR2tENQiYeA9z0isRb8QQ4RLBqM65k/5
rxBZq+z+vhdjxehIxKkeyeSGvfUc6jMOHNEPFviHtVbWnXCqdmo3ErntExvlB1Tc
oouM+lhrfpbjkmSwE/RmJ8RIO8aoGOkdg4stO//NeNmBifM4KLWBiuirWknggptf
tiwaFFYgbMPHmBtHaPkCfNCVzBKCW/TxQ35f+91MJxRp0mN0HJqh3eIl5ki/yurD
ui9rY81OWRnwXbdt0LUMAvDG/U+gXgdLPh68PPkSqxPb90P20nMG8q71eoVwtfdJ
naFo4nRhSAC1ifxQCies
=b2nC
-----END PGP SIGNATURE-----

Foppe de Haan

unread,
Aug 1, 2017, 3:35:04 PM8/1/17
to qubes-users, j...@vt.edu, marm...@invisiblethingslab.com
Question: if we install 4.0, then restore backups, should we consider replacing pv template with hvm ones, and how would you advise going about that? (If this will be addressed in one of the upcoming blog posts, I can of course wait. :) )

mikih...@gmail.com

unread,
Aug 1, 2017, 3:42:01 PM8/1/17
to qubes-users
Some bugs, one pretty deal breaking:

If I remove an application from the appmenu, I am unable to set it again. More specifically I can set it in the VM-settings, but it won't show up in the Appmenu again.
The color of a VM can be changed, but again this is not reflected in the Appmenu. The VM itself (the running apps) have the correct window color.
Overall performance is OK, starting a Fedora VM takes longer than usual, about 1min. Work VM (not app) didn't start when I selected the chromium app from the appmenu. I had to start the VM from cli and then I could start Chromium.
The Qubes Manager is greatly missed! Especially the backup-restore. I tried to restore VMs from 3.2 which didn't work at all:
First it showed a lot of my VMs with the prefix "disps" ? (The backup had only templates and 2 AppVms).
I had to exclude -x a lot of Vms, honestly a pain when I just wanted one important VM to restore, but got several python errors STDOUT and read errors. Restoring all was the same and I had a list with 20 broken VMs, no apps in their menu, starting gave libxl error. I used verbose and the 2 ignore options.
Removing them with cli, all a bit tedious ;(

Finally, If someone knows how to create a VM for iso booting from CLI I would greatly appreciate a short info here. Looking forward to some docs/explanation on the changed qvm* tools since we are now supposed to do it from the command line. E.g. How to make net/proxy/app VM (qvm-create has some classes now...?) qvm-prefs options (kernel boot extern/intern and netvm settings), changes with LVM pools(? there was a option --boot-root-from-file?) , booting VM from iso file etc.

regards

Marek Marczykowski-Górecki

unread,
Aug 1, 2017, 4:47:43 PM8/1/17
to miki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Mon, Jul 31, 2017 at 01:10:08PM -0700, miki wrote:
>
> Hi,
> HVM Standalone option is greyed out. Also the --cdrom option no longer exists with the qvm-start command. Does anyone know if this is related to some Stubdom changes/problems and will be supported again in the final release?

This is something that will be fixed. See here:
https://github.com/QubesOS/qubes-issues/issues/2951

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZgOjoAAoJENuP0xzK19cs/NIH/RWSTp/Cm1v4rbl3RI6PMIZb
j2KcP+H5lV7xo6/klZyNed+AtfswrdiENmD4qI3km1cSu9n8H2ODE2P5/+UKWbIC
c8b+XFZpfQShFexg3ya//QT4gTzwa6JViwKxuIhPU5YTejIKcQsb4Z7SH41GTLRa
A/gtJ14ZjmJ2vEAzV703U1UWO0SaXRNnLc1CY91ePftMvu4XnxK4rbRjOeTAxnD5
zDB2OP2Lv4Q54Kgw0nO78b4V/6QrFfQfszlaDxx7GWN34JMlYGHAZrBlvPd8iGUv
/XjbKNtXQaxL5KRvfVW9DgHTU7ZDLxN3EvOsloaD4vLHzr3jcLDrBkRxdPNPTuQ=
=il/n
-----END PGP SIGNATURE-----

Marek Marczykowski-Górecki

unread,
Aug 1, 2017, 4:47:52 PM8/1/17
to Foppe de Haan, qubes-users, j...@vt.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Aug 01, 2017 at 12:35:04PM -0700, Foppe de Haan wrote:
> Question: if we install 4.0, then restore backups, should we consider replacing pv template with hvm ones, and how would you advise going about that? (If this will be addressed in one of the upcoming blog posts, I can of course wait. :) )

The easiest thing to do is to switch restored VMs to use templates
installed with Qubes 4.0. Templates from 3.x should work too, even as
HVM. But some features may be missing.
We'll prepare instruction how to upgrade such templates, but it isn't
done yet.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZgOjyAAoJENuP0xzK19csyBcH/0Cb1NFN/7wZZuwtW6l16O1k
DkvcSWPeY2hfeldr8KTwZZ+jKz1bYVnXGpfpXeX314BrgnaYquu8D3umSgHZobXr
ldCAOmhIRAyb/xqj9QddXsFuvLuO6/mvKO2A1O0Q8MPI4G9fdhIMNmxOSI8JXSLk
uQl4tl6TJVfMRaCgDIw8bFkmqRqZ14nihfST/dCoWZ6err8y3ksJLazxtqEwIqtI
0N66r+EbPOb8LSgji4OH5vaE+CnSy/r3QJh/WMTMZ8lmeluToqN03ebt2AuMNBIi
yDZEOGnoEz4kRwJNoQSoXizZRS9zbUGGpUIuZHJ7oI6ikTU83+m4wqCTm9wEJaY=
=1YQi
-----END PGP SIGNATURE-----

Marek Marczykowski-Górecki

unread,
Aug 1, 2017, 4:47:58 PM8/1/17
to mikih...@gmail.com, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Aug 01, 2017 at 12:42:01PM -0700, mikih...@gmail.com wrote:
> Some bugs, one pretty deal breaking:

Thanks for the report.

> If I remove an application from the appmenu, I am unable to set it again. More specifically I can set it in the VM-settings, but it won't show up in the Appmenu again.
> The color of a VM can be changed, but again this is not reflected in the Appmenu. The VM itself (the running apps) have the correct window color.

Created ticket for this:
https://github.com/QubesOS/qubes-issues/issues/2952
You can see there for a workaround.

> Overall performance is OK, starting a Fedora VM takes longer than usual, about 1min. Work VM (not app) didn't start when I selected the chromium app from the appmenu. I had to start the VM from cli and then I could start Chromium.

That's weird, did you get any error?

> The Qubes Manager is greatly missed! Especially the backup-restore. I tried to restore VMs from 3.2 which didn't work at all:
> First it showed a lot of my VMs with the prefix "disps" ? (The backup had only templates and 2 AppVms).

This is because how 4.0 deals with different DispVM settings. To restore
setting of 3.2 as much as possible, it create dispvm for each netvm used
there.

> I had to exclude -x a lot of Vms, honestly a pain when I just wanted one important VM to restore,

Instead of excluding, you can list VMs to include, just after backup
path.

> but got several python errors STDOUT and read errors. Restoring all was the same and I had a list with 20 broken VMs, no apps in their menu, starting gave libxl error. I used verbose and the 2 ignore options.

Do you have those messages saved somewhere? That would be really useful
to track down the issue...

> Removing them with cli, all a bit tedious ;(
>
> Finally, If someone knows how to create a VM for iso booting from CLI I would greatly appreciate a short info here.

This is a missing part...
https://github.com/QubesOS/qubes-issues/issues/2951

> Looking forward to some docs/explanation on the changed qvm* tools since we are now supposed to do it from the command line.

There will be separate post about it, but see below.

> E.g. How to make net/proxy/app VM (qvm-create has some classes now...?)

This one is possible also from GUI - in main menu you have "Create Qubes
VM" option and there you have "provides network" option which allow you
to create net/proxy VM.

> qvm-prefs options (kernel boot extern/intern and netvm settings),

There is qvm-prefs --help-properties, which shows details about each
property.

> changes with LVM pools(? there was a option --boot-root-from-file?) , booting VM from iso file etc.

See above...

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZgOj4AAoJENuP0xzK19csBtYIAIrt+ILqpdjskeg4aaHKa2JM
hAGHwbKSvAorCkx3DCd9eSvF7cnBOzsFuoYDjnvIC1D9W0f/5dxl6H8GP9JSH2oo
NM4vEA5QPH7C6Ed/s05HCT4D4yFE7jqM6vT71xAklI6niJxTf+AJ4oJtectBBFeA
g2S/4i65KbaBGW3Smec3ZvnY2eGSvxi9bvJXOWE8ks8siVPhhWRmsZDfmjeGmv9S
au0yuDa4Bmx1TW3hRB8wDWuXdLEm5YDn4F+EUbuAVZgl2XM3UlRK/flcQxCzzWN9
CyGO98c/DN5+7SZ5nzbEb2ZFucdVo+aij6Twp8XVt4mjMc5OYHEzNYLPUcp38bk=
=Iz/7
-----END PGP SIGNATURE-----

cooloutac

unread,
Aug 1, 2017, 7:46:38 PM8/1/17
to qubes-users
am I reading this right? There is no qubes-manager in 4.0? Does that mean everything must be done in a terminal? Tell me I read that wrong lol.

Jean-Philippe Ouellet

unread,
Aug 1, 2017, 7:53:45 PM8/1/17
to cooloutac, qubes-users
On Tue, Aug 1, 2017 at 7:46 PM, cooloutac <raah...@gmail.com> wrote:
> am I reading this right? There is no qubes-manager in 4.0? Does that mean everything must be done in a terminal? Tell me I read that wrong lol.

tl;dr - https://github.com/QubesOS/qubes-issues/issues/2132

cooloutac

unread,
Aug 1, 2017, 8:04:31 PM8/1/17
to qubes-users, raah...@gmail.com

oh ok I see, so a taskbar widget or something to replace the manager. I thought they lost their minds for a second. My immediate thought was what about attaching drives, and seeing if updates available? Joanna addressed all my concerns but I'm gonna have to wait and see what happens with this. Hopefully it doesn't turn out to be more confusing then the manager.

Right now my mother and family are able to use qubes no problem with no terminal actions required. none at all. I don't know why that shocks some people when I tell them. I hope that remains the same becvause they wouldn't be using Qubes without it.

codge...@hotmail.com

unread,
Aug 2, 2017, 7:45:54 AM8/2/17
to qubes-users, mi...@micahflee.com
Having the EXACT same issue with my T430s

P R

unread,
Aug 2, 2017, 7:58:24 AM8/2/17
to codge...@hotmail.com, mi...@micahflee.com, qubes-users
Hello,

Am 02.08.2017 1:45 nachm. schrieb <codge...@hotmail.com>:
On Monday, July 31, 2017 at 5:23:20 PM UTC-4, Micah Lee wrote:
> On 07/31/2017 04:43 AM, Marek Marczykowski-Górecki wrote:
(...), when I boot up, grub

> works, but then as soon as Qubes starts to boot the computer reboots,
> and I end up back in grub.

Having the EXACT same issue with my T430s

Have you tried the suggestions from "Rusty Bird":

I ran into the same behavior on a T420. Removing iommu=no-igfx from
the Xen command line fixed it. [1]
If that doesn't help, _adding_ console=vga should let you see what's
going on.

@codgedodger:
Did this help in your case?

Kind regards

- PhR

justi...@gmail.com

unread,
Aug 2, 2017, 9:37:19 AM8/2/17
to qubes-users, codge...@hotmail.com, mi...@micahflee.com
I had this issue on my Thinkpad X230 with a fresh install of 4.0-rc1 and the fix let me boot, but, when I shutdown, the system hangs and when I hit escape on the shutdown screen, I see errors in device-mapper failing to remove ioctl on the VMs and then a bunch of the error "failed to write error node for backend/" for xen-pciback and vbd.

turb...@gmail.com

unread,
Aug 2, 2017, 12:38:24 PM8/2/17
to qubes-users
Have successful fresh install on T430
Message has been deleted

tmc

unread,
Aug 2, 2017, 5:45:30 PM8/2/17
to qubes-users
> We have just released Qubes 4.0-rc1:
>
> https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

On a thinkpad x1, after removing iommu=no-igfx I got to initial-setup-graphical but that is failing on "qubes-prefs default-template fedora-25" with qubesadmin.exc.QubesVMNotFoundError: "No such domain: "fedora-25"'.

I see a qubesd warning a little before:

WARNING: Sum of all thin volume sizes (226.01 Gib) exceeds the size of thin pool qubes_dom0/pool00 and the size of the whole volume group (222.57 GiB)!

perhaps related.

tmc

unread,
Aug 2, 2017, 7:10:43 PM8/2/17
to qubes-users

FWIW: setup completed successfully after a re-install.

Eva Star

unread,
Aug 2, 2017, 8:49:28 PM8/2/17
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/02/2017 03:04 AM, cooloutac wrote:

> oh ok I see, so a taskbar widget or something to replace the
> manager. I thought they lost their minds for a second. My
> immediate thought was what about attaching drives, and seeing if
> updates available? Joanna addressed all my concerns but I'm gonna
> have to wait and see what happens with this. Hopefully it doesn't
> turn out to be more confusing then the manager.

It is a miscalculation. How about the words "we must make Qubes user
friendly for all users non IT advanced" and release Qubes without
manager? :(

Maybe, widgets is not a good idea, but Qubes Manager is one of the
important part that make Qubes useful to manage all vms with mouse.
Some UX to old one QM + start menu links to right mouse action and it
will be amazing.



- --
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZgnLPAAoJEGSin3PC/C0AyIUP/AuxhZfxWdFGYzLzUQX2fzn/
5ajxXWVNtTXWgpmUqzu1Ov/HMp9W7hFerw4GXwMotXDDXrIbf+8WEayS+q+SdXBn
qanSZ0EmBkwoFVptP+1TNQqQIcRLEF3gN3o3vq8tGaq2dUZ4HW9hSXBUZ71WcjXR
g95QUBBpl05/l//Vozu0GEUxpLBrzAhji95awd39vn/2BRKr6q4pGlNsi6BdqgCJ
WzmeaSTrYjNkBHypYjgpCXT6MQLRXEmlqX8OVxI5jopP7tYNZh5+bKp+1/U9vccJ
q4ddOTDlaCwY5bmQgWl05MNI4+OWr8xBlrfVCMmfxVO5dOBvoCjCrMTEySh3sPL7
gGMcT1349yiIllPPP0vhdm+0d0n0hWLR160WExQoF+oUgCbXFnf5sBT1bjWxXBOl
EEwg6IMElKgjI0jG0izCX7M3rn5m1H95KOGR2nn+IyJIzgJwk4+4YTWgFFfnwQyX
k9EcN8vffpokLz9I3u2qZSdDDYz71KVRAHMxL3h2WxEro7RVRtOcbpXO3ctcsdV0
QZfEwW2SAeZz798InY/Qb+7NmtpSsZUl3rCYUY7i5mubkGgnbtklCSUEzxZZ+4hx
SD6nV8tTjrNMxSNEytvIYd6wJZYrHkvA7Kf7KtNtxa7+mMr89LzL5qLHk/W15R14
iXk4BnVvkdfLntZ+Pa84
=ILr0
-----END PGP SIGNATURE-----

Franz

unread,
Aug 2, 2017, 11:43:34 PM8/2/17
to Eva Star, qubes...@googlegroups.com
On Wed, Aug 2, 2017 at 9:47 PM, Eva Star <eva...@openmailbox.org> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/02/2017 03:04 AM, cooloutac wrote:

> oh ok I see,  so a taskbar widget or something to replace the
> manager.  I thought they lost their minds for a second. My
> immediate thought was what about attaching drives, and seeing if
> updates available?  Joanna addressed all my concerns but I'm gonna
> have to wait and see what happens with this.   Hopefully it doesn't
> turn out to be more confusing then the manager.

It is a miscalculation. How about the words "we must make Qubes user
friendly for all users non IT advanced" and release Qubes without
manager? :(

Maybe, widgets is not a good idea, but Qubes Manager is one of the
important part that make Qubes useful to manage all vms with mouse.
Some UX to old one QM + start menu links to right mouse action and it
will be amazing.


Well, I never use the start menu on the left lower side of the screen because it is too complicated, too many items and needs customization that I am too lazy to do or have better things to do. I do everything with the Qubes Manager that is so well organized and compact. I am afraid that the new arrangement may make things more difficult to find for a new user since items are spread over different buttons/places.  

I would suggest to mitigate this risk putting links to the other places on the widget/window that opens when you click on one of them. You can separate things, but better put links to find them again.

Also I imagine that somewhere I'll find the list of VMs. There please
1. keep the "run command in VM" choice and
2. add something new: the chance to show only preferred VM

The first is very important to avoid using the start button.
The second is important to simplify the view and speed up the most common routines

Cooloutac made me smile telling of his mother and family using Qubes.  I had my wife using Qubes for some years, but recently she rised up against Qubes telling that it is too complicated for her to be able to master it without help. She wanted a Mac.  Really it is impossible to maintain Qubes without the CLI and this makes it beyond limits for most people.  But perhaps if we are able to find a stable architecture and then Qubes matures enough, this may change. But we are not there yet.
Best
Fran


- --
Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZgnLPAAoJEGSin3PC/C0AyIUP/AuxhZfxWdFGYzLzUQX2fzn/
5ajxXWVNtTXWgpmUqzu1Ov/HMp9W7hFerw4GXwMotXDDXrIbf+8WEayS+q+SdXBn
qanSZ0EmBkwoFVptP+1TNQqQIcRLEF3gN3o3vq8tGaq2dUZ4HW9hSXBUZ71WcjXR
g95QUBBpl05/l//Vozu0GEUxpLBrzAhji95awd39vn/2BRKr6q4pGlNsi6BdqgCJ
WzmeaSTrYjNkBHypYjgpCXT6MQLRXEmlqX8OVxI5jopP7tYNZh5+bKp+1/U9vccJ
q4ddOTDlaCwY5bmQgWl05MNI4+OWr8xBlrfVCMmfxVO5dOBvoCjCrMTEySh3sPL7
gGMcT1349yiIllPPP0vhdm+0d0n0hWLR160WExQoF+oUgCbXFnf5sBT1bjWxXBOl
EEwg6IMElKgjI0jG0izCX7M3rn5m1H95KOGR2nn+IyJIzgJwk4+4YTWgFFfnwQyX
k9EcN8vffpokLz9I3u2qZSdDDYz71KVRAHMxL3h2WxEro7RVRtOcbpXO3ctcsdV0
QZfEwW2SAeZz798InY/Qb+7NmtpSsZUl3rCYUY7i5mubkGgnbtklCSUEzxZZ+4hx
SD6nV8tTjrNMxSNEytvIYd6wJZYrHkvA7Kf7KtNtxa7+mMr89LzL5qLHk/W15R14
iXk4BnVvkdfLntZ+Pa84
=ILr0
-----END PGP SIGNATURE-----

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscribe@googlegroups.com.
To post to this group, send email to qubes...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a4c1304-cbcb-e447-97dc-9db848eae1fd%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Foppe de Haan

unread,
Aug 3, 2017, 7:05:42 AM8/3/17
to qubes-users, eva...@openmailbox.org
Anybody know what this stuff about thin volumes that I start seeing after rebooting vms a few times is about?
tmp_IMG_20170803_1212052123642504.jpg

Unman

unread,
Aug 3, 2017, 11:18:31 AM8/3/17
to Franz, Eva Star, qubes...@googlegroups.com
I completely disagree with you, and I'm with cooloutac on this.
I have a number of Qubes users who are fine, and NEVER touch the command
line. (Most of them would go to pieces at the prospect.) Most of them
rarely touch the Manager.

I suspect your wife suffered from your (self confessed ) laziness -
If you spend some time customizing the menu, creating shortcuts, and
hiding the infrastructure as much as possible, then in my experience,
most users are fine with Qubes.
The problems they report are user problems - funny copy/paste between
qubes/ difficulty with full screen playback/ inability to open lots of
images in the same disposableVM/ Qubes toggling wifi hardware switch on
boot.
For these users, the loss of QubesManager will be almost completely
irrelevant.

BUT, the new widget seems to me to be unreliable ,and doesn't keep
updated as qubes start.
Also,the very slow load times and lack of any user feedback on qubes
start are a major UX fail imo. Sometimes I see qubes fail to start for
no apparent reason, or loading with times in excess of 45 secs. Without
feedback that forces users to the command line, which is, I think, the
opposite of the intention. These are the major pain points for me.

unman

Micah Lee

unread,
Aug 3, 2017, 1:40:18 PM8/3/17
to qubes...@googlegroups.com
On 07/31/2017 03:22 PM, Rusty Bird wrote:
> Micah Lee:
>> I just installed Qubes 4.0-rc1 on a Lenovo ThinkPad T440 which runs
>> Qubes 3.2 without a problem. After installing it, when I boot up, grub
>> works, but then as soon as Qubes starts to boot the computer reboots,
>> and I end up back in grub.
>
> I ran into the same behavior on a T420. Removing iommu=no-igfx from
> the Xen command line fixed it. [1]

Thank you, this fixed it!

Micah Lee

unread,
Aug 3, 2017, 2:30:53 PM8/3/17
to qubes...@googlegroups.com
I've finally got Qubes 4.0-rc1 booted! I've got a couple questions.

Without the VM Manager, is there a GUI way to delete VMs? I know you can
run "qvm-remove" from a dom0 terminal.

Is there a GUI way to start VMs without actually opening an application
in them? (I often configure stuff to autostart when the VM is started.)

I'm also noticing some strange USB VM stuff. On this computer I've opted
to make sys-net both my netvm and usbvm, and I've confirmed that sys-net
has my USB controller PCI devices attached.

By default, my sys-net uses memory balancing, even though it has the
warning message, "Dynamic memory balancing can result in some devices
not working!" Should I turn off memory balancing?

The devices systray applet thing for me lists these devices:

sys-firewall:1-1 QEMU_QEMU_USB_Tablet_42
sys-net:2-7 8087_07dc
sys-net:2-8 SunplusIT_INC._Integrated_Camera
dom0:mic Microphone

What is this qemu thing in sys-firewall? When I run lsusb in
sys-firewall I see two devices, "Adomax Technology Co., Ltd" and "Linux
Foundation 1.1 root hub". I confirm that sys-firewall doesn't have any
USB controller PCI devices. But even weirder, when I boot a different
AppVM, like personal, lsusb shows me the same USB devices, but it
doesn't appear in the Qubes devices systray applet.

And finally, when I plug in a USB device, the systray applet doesn't
seem to see it. I plugged in a Yubikey, and when I run qvm-usb in dom0
it displays:

sys-net:2-1 Yubico_Yubikey_4_OTP+U2F+CCID

And running lsusb in sys-net displays it as well. But the devices
dropdown doesn't list this.

Also, I noticed that qrexec clients now require an extra step. If I run
"qvm-copy-to-vm work example.txt" in my personal AppVM, the dom0 window
that pops up asks me to select the target ("work", in this case) before
clicking OK to allow it. This seems fine to me, and in fact I like how
clear it's being, but "work" isn't pre-filled in, so I have to manually
select it, or type it, each time, instead of just pressing enter.


Finally, pro tip: In xfce, and especially in Qubes, I find pressing
Alt-F3 and typing the name of a program much quicker than using the
start menu. If I want to open Firefox in the personal AppVM, I type
"personal:" and it shows me all the menu entries for personal, and
"personal: f" is enough to select Firefox by pressing enter.

Foppe de Haan

unread,
Aug 4, 2017, 3:13:05 AM8/4/17
to qubes-users, mi...@micahflee.com
I would (also) appreciate having a GUI for the qubes-backup functionality, so we can easily pick/choose which VMs to restore.

Zrubi

unread,
Aug 4, 2017, 7:12:38 AM8/4/17
to Marek Marczykowski-Górecki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/01/2017 01:02 PM, Marek Marczykowski-Górecki wrote:
> On Tue, Aug 01, 2017 at 11:25:11AM +0200, Zrubi wrote:

>> - The isntall process is really looooong. Not debugged jet but
>> the creating initramfs seems to be running forever. But at least
>> was successfull at the end :)
>
> Is it just about initramfs and "post installation tasks" - compared
> to the whole installation time? There may be some bug causing
> initramfs being generated twice (or more...) - I think I've fixed
> something like this before, but maybe not all the places.
Yes, this is the case.
But have no time to install it again and again to identify the root
cause :(


>
>> - the missing Qubes Manager is a pain. - the 'replacement' in the
>> task bar is small and buggy: the tooltip? like thing is randomly
>> shirk to unusable. But too samll in general. I have 40 vm's right
>> now.
>
> What do you mean by "randomly shirk to unusable"? Can you provide
> a screenshot?
#2970


> What do you mean? Domains widget is specifically there to show you
> VM status.

Can't see the networking stuff.
The most important is (at least for me) the actual NetVM used by a Qube.


>> - the 'new' Qubes firewall solution causing more confusions. -
>> mixed iptables and nftables? why?
>
> What do you mean by mixed? Setting for VMs are applied using
> nftables if supported (Fedora), or iptables when not (Debian). Not
> both.

the default "self defending rules" are Iptables based, the VM traffic
forwarding rules are nftables based.

Custom firewall scripts now have to handle both.
My opinion that there is no real need for nftables until it can really
replace iptables. We are using just a really few rules here and the VM
based chains achievable by iptables too.

BTW:
I plan to continue the L7 filtering thing I started to play with. Can
you point the related documentation - if any - or at least the VM side
code processing the Qubes firewall rules please?

>> - even if Allow is the default policy I see a DROP rule at the
>> end. Why? :o
>
> To fail closed - if something goes wrong, there will be that DROP
> rule at the end anyway.

:)
It should be decided by the user, by selecting default policy.
IMHO Qubes should not try to override the user decisions.

>> - the default login screen is just ugly. I know that this is not
>> the first priority, and not even a technical issue. But new users
>> will see that ugly thing first. So it's should be a Qubes skinned
>> one. at least.
>
> Hmm, I do see Qubes logo in the background there. Do you have
> something different?

Nope, I see the qubes backround. :)

But still feels like a bare naked login screen.
IMHO this should be just as important as the Qubes boot (splash) screen.


- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZhFaWAAoJEH7adOMCkunmwEwQAIbwUTS/qKwczyhclNTPRknb
lSNTH9xPuh44fx3Iql+cwU6EpcDRvTswTZ0uuMsrCE5vk1XsZlgyRbJSL5n0Nmof
Ax+x6nMoEiOo3pbKOYRmqc5SmWCdi6rUbHRYmOa0eij7+rvdStAD6opca5x8lhkO
rStnTKVMTQSSYk/BHT7V2P27tChDAiD2ahB3tvi00SrszhHGrxW/oZ/8RPwkHEWi
XEdsqEqJWDS1BkR85IYV0bzoED/uDEtfNqMzPpvAaIORDGdClQi6Ky31BR7dxJRZ
o3ngKj9F/lvOd/1HYeD2bErB/y5LJSzgX/18lMiaA+CJa3cXwjzGMEuho7Hra0dK
ts1G5bfBDomHfriQElXhspggsleHV+V0aQJnMKd4gGfY0/5/h+xgeUMi/RevVScX
nCDvjguDJoktoUQXK8dgt5hwauvPWsSTyJjk5h9I94ij9hMGkbfRzwA+2gEriZw/
g8Dl3WGzm3kX5aOzO9S3CqKY2bQoJwWTO11q9VcjfdE3Qtnu7Y44ECa3bi59B1AD
UMc2RQEs9RZ37hUXd5Yfdj68fTD1qCuTX0NRBwxGddT/tOZYXvwEUjs8HqXsM2qf
mRGspB/OnHZ2F48J1q6uE4JE+Hyap1lJeSgXaUKpMtzvLBwQTC8v/v5wF8j581ao
vwPw7/gGelMGQ4qIAS6S
=zTfv
-----END PGP SIGNATURE-----

Marek Marczykowski-Górecki

unread,
Aug 4, 2017, 8:20:15 AM8/4/17
to Zrubi, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Aug 04, 2017 at 01:12:29PM +0200, Zrubi wrote:
> On 08/01/2017 01:02 PM, Marek Marczykowski-Górecki wrote:
> > On Tue, Aug 01, 2017 at 11:25:11AM +0200, Zrubi wrote:
>
> >> - The isntall process is really looooong. Not debugged jet but
> >> the creating initramfs seems to be running forever. But at least
> >> was successfull at the end :)
> >
> > Is it just about initramfs and "post installation tasks" - compared
> > to the whole installation time? There may be some bug causing
> > initramfs being generated twice (or more...) - I think I've fixed
> > something like this before, but maybe not all the places.
> Yes, this is the case.
> But have no time to install it again and again to identify the root
> cause :(

I have some other installer issues to debug, so may look into this too.

> >> - the missing Qubes Manager is a pain. - the 'replacement' in the
> >> task bar is small and buggy: the tooltip? like thing is randomly
> >> shirk to unusable. But too samll in general. I have 40 vm's right
> >> now.
> >
> > What do you mean by "randomly shirk to unusable"? Can you provide
> > a screenshot?
> #2970
>
>
> > What do you mean? Domains widget is specifically there to show you
> > VM status.
>
> Can't see the networking stuff.
> The most important is (at least for me) the actual NetVM used by a Qube.

So, you switch netvm for VMs frequently? Doesn't it mean you should have
separate VMs, instead of switching one between two (or more) networks?

Anyway, adding such information to domains widget shouldn't be a big
problem. Just don't show it by default (see reasoning why dropping old
manager, in announcement post).

> >> - the 'new' Qubes firewall solution causing more confusions. -
> >> mixed iptables and nftables? why?
> >
> > What do you mean by mixed? Setting for VMs are applied using
> > nftables if supported (Fedora), or iptables when not (Debian). Not
> > both.
>
> the default "self defending rules" are Iptables based, the VM traffic
> forwarding rules are nftables based.

Ah I see.

> Custom firewall scripts now have to handle both.
> My opinion that there is no real need for nftables until it can really
> replace iptables. We are using just a really few rules here and the VM
> based chains achievable by iptables too.

The main reason for nftables is to simplify custom scripts. If you
have nftables, qubes-firewall no longer flush standard tables - it
register its own. This means you don't need to re-apply own rules every
time qubes-firewall change something. And you can register own tables
before or after qubes-firewall.
And in theory you can still use iptables for your custom rules.

> BTW:
> I plan to continue the L7 filtering thing I started to play with. Can
> you point the related documentation - if any - or at least the VM side
> code processing the Qubes firewall rules please?

It's here:
https://github.com/QubesOS/qubes-core-agent-linux/blob/master/qubesagent/firewall.py

I think you can extend one or both of those classes and use them instead
of default ones. Or submit a patch.
This code unfortunately do not have (yet?) nice interface to extend it
for other rule types.

> >> - even if Allow is the default policy I see a DROP rule at the
> >> end. Why? :o
> >
> > To fail closed - if something goes wrong, there will be that DROP
> > rule at the end anyway.
>
> :)
> It should be decided by the user, by selecting default policy.
> IMHO Qubes should not try to override the user decisions.

If you choose to have default action "allow", there will be appropriate
rule just before it.

> >> - the default login screen is just ugly. I know that this is not
> >> the first priority, and not even a technical issue. But new users
> >> will see that ugly thing first. So it's should be a Qubes skinned
> >> one. at least.
> >
> > Hmm, I do see Qubes logo in the background there. Do you have
> > something different?
>
> Nope, I see the qubes backround. :)
>
> But still feels like a bare naked login screen.
> IMHO this should be just as important as the Qubes boot (splash) screen.

Which also have similar aesthetic.
Do you think about just some better background there, or some bigger
change?

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZhGZ5AAoJENuP0xzK19csrEUH/1oHKMAGQKfnD36j3CKN3qvb
JisyZ7AUhICjM7vVoWNw07PUMLtq4ijRdVjra1vNbZ6QHq5Hm7Er5DwOzstEIfYC
j96nWHLUczh5lqXEV/E2Yg+A8LEt8VodyhWrzNM8L/bYeyKK8pn+vS8Ofxqxr6pm
z2MO0APzOoR3I5Alru4W1+JA6c+kOGWjHzPIinL0v2xe7ROrkIczfL8+D4pj7PsQ
Sh74J6H8c8drRhixB9db2TomaB0gb0Hdzq065lUoVQtbjRwAYvsqkAfNMbrnejn2
YmUDMhJ6Xtefn+WK/1tWao1GbsK7Nv8sXOhi98NJDpXgK5Dk9NEdPsauyxOOd5o=
=COcE
-----END PGP SIGNATURE-----

Zrubi

unread,
Aug 4, 2017, 9:03:08 AM8/4/17
to Micah Lee, qubes...@googlegroups.com, marek Marczykowski-Górecki
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/03/2017 08:30 PM, Micah Lee wrote:
> The devices systray applet thing for me lists these devices:
>
> sys-firewall:1-1 QEMU_QEMU_USB_Tablet_42

>
> What is this qemu thing in sys-firewall?
Ihave the same issue, opened a ticket to track:
https://github.com/QubesOS/qubes-issues/issues/2969

- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZhHB7AAoJEH7adOMCkunmi/YP/RqQnkvTFedQmEI3GC64oebG
OvtHdsfxqOkecdPQyug7qTTImpN6IB3w7WwdoS09FcYq4FepOx08e672JQpMZeaT
nA1jMmgkS/PM4jUiX0/oDU7GP+gphANeHnV86KOhHxRBQz9yH2SjJ9iBsC3QNvWD
8ISaZt7nh+lZuig6IKLtA3AzmYnk1ZazQAkJgDqNw6QctnJ67fuhXAYoSexafEDX
A+esyTgBmWIELeloTkikksDlJpE4e3TKFEmk9n4/nouGTk7cArIeXOFgcRWo/5qI
LN2PAemSMjUyBG7ez3hG2kAXqRxAxztNBKnxwumgcqbio+G2BJd4OaPCn05p3MgQ
xY2+pZ6hwITDa0ouTbXL+xCn1f0m5hMlHvSvBLI2U927O+KIHLjoD7INuKejDdUj
puJ7UCwNgnGGmm9xx43VIdFZt6f1z2wOpIq53djHiOoMT2JzrSyk9Qu35iq/ik27
EzL1Bbnd31gX6mahtV2trpReWyk0GGhEgvi5Rugnfi1HGfkrq36hum3qjgNzM7FP
9pj9LquW9htdOTFyitIvVFMEF1Np0p8CkGsp62aMwitv/dgHAh52+lGzbiYkCtDP
fPRqCOkEd9g29S11Qt4y4IOjoK8rAdXb9ZL1OszzzA7284OB3lDxiEWJibrllA4+
fBhbT0oE8Nkl5MiyMSON
=+Lv7
-----END PGP SIGNATURE-----

Zrubi

unread,
Aug 4, 2017, 10:19:19 AM8/4/17
to Marek Marczykowski-Górecki, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 08/04/2017 02:20 PM, Marek Marczykowski-Górecki wrote:
> On Fri, Aug 04, 2017 at 01:12:29PM +0200, Zrubi wrote:

>> Can't see the networking stuff. The most important is (at least
>> for me) the actual NetVM used by a Qube.
>
> So, you switch netvm for VMs frequently? Doesn't it mean you should
> have separate VMs, instead of switching one between two (or more)
> networks?

No.
I'm using separate WiFi, and Ethernet VM's, I have several VPN proxy
VM's as well, my dispVM start without net access. And need to use/test
lot of things with different network exits.


> Anyway, adding such information to domains widget shouldn't be a
> big problem. Just don't show it by default (see reasoning why
> dropping old manager, in announcement post).

I do not really agree with the reasoning tho.
But if it would be customizable? - just like the old Qubes manager ;)


> The main reason for nftables is to simplify custom scripts. If you
> have nftables, qubes-firewall no longer flush standard tables - it
> register its own. This means you don't need to re-apply own rules
> every time qubes-firewall change something. And you can register
> own tables before or after qubes-firewall. And in theory you can
> still use iptables for your custom rules.

Let's talk about these in a separate thread or ticket
Will collect my ideas and share it soon.

Currently even the basic networking looks unreliable, so I can't even
test my custom firewall rules...


>> But still feels like a bare naked login screen. IMHO this should
>> be just as important as the Qubes boot (splash) screen.
>
> Which also have similar aesthetic. Do you think about just some
> better background there, or some bigger change?

A would say it's needs a bigger change.
But of course this is really subjective, and currently do not have
time to design a qubes related skin for the login manager :(

So this is just my (and my surroundings) opinion.
Handle with sustenance ;)


- --
Zrubi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJZhIJVAAoJEH7adOMCkunmTksP/3lDt5xZoRzMCdQWfdVGhvVk
qQOxLQq05QXi5r1+lxbg8gBHGiG3h/J1mLmeeqUjKgi1ywyxi6JUMOfwEyC77gtH
IG0Dz4yz0W/B1BsUngJFqPurvYJknmcQsughkwJGV17SiOoj71GBBPKkm7Dlow2w
BMrw8az4We5hulSSokSLKQGunZ9iPvm6e0pvRjhKtK/hlhao1w3/9UKKJEGGoIqN
kAAFiq9y4LYLTx8PHPZgNMnxw6XvxpXWRtAXeheG7VMuVO+1A8n4B0Th4hzB55Gs
bC+xCTJL7pJUbT0BtlnlqlM3CdiVVMRZo2GKGuAupjJ6UOm/6q1k2g2ZCF2aS5w2
3vPH0oFB6/E6Znfc/cxDJ+daAAN2vdcgbt9ExyAoUSr79sp9mYvKqaJftA9OAj99
XH35FlbuSPLxOrQ+1uKCImvmkHtAL6SV9Cnb8gWxiFTxMQ0FTw63W7oAkfzTFNEI
FT1sgBMv7RoxW/kpQf4LQOuyaLs4OUlgoK5V/pyw4M6IXNrQBL2leanbKeQkNlxQ
UlpFO/LvP261vlGV0znWCmnifffPtcTcfBI/b+Fxw4XsNzmJb3/Bzh9NRJ317gS1
WWleM0JdIQo4bp3qF3D4BsmdK8a+eUBNePlVaF/TB57DAAlAhh+YvOooFaI0QL0Z
QxiU4qQldkhOGdyG0nK/
=Qvvd
-----END PGP SIGNATURE-----

Micah Lee

unread,
Aug 4, 2017, 12:18:34 PM8/4/17
to qubes...@googlegroups.com
On 08/04/2017 07:19 AM, Zrubi wrote:
>>> But still feels like a bare naked login screen. IMHO this should
>>> be just as important as the Qubes boot (splash) screen.
>> Which also have similar aesthetic. Do you think about just some
>> better background there, or some bigger change?
> A would say it's needs a bigger change.
> But of course this is really subjective, and currently do not have
> time to design a qubes related skin for the login manager :(
>
> So this is just my (and my surroundings) opinion.
> Handle with sustenance ;)

On a related note, I would love to see some better Qubes graphics
design. Especially, in my opinion, better built-in choices for the
desktop wallpaper.

Good default wallpaper makes a big difference in first impression of an
OS. (And until #215 is implemented, users who aren't comfortable with
Linux will have a hard time figuring out how to set a custom dom0
wallpaper themselves, and will probably expose dom0 to an untrusted
image in any case.)

Maybe there are some graphics designers or professional photographers in
the Qubes community. I wonder if a call for wallpaper submissions or
something similar could help?

yura...@gmail.com

unread,
Aug 4, 2017, 3:08:43 PM8/4/17
to qubes-users
I'm excited about the work you did on Qubes 4, it looks good so far. Can't wait to see the final stable version.

Obvious bugs during alpha/beta stages aside, I do feel sorrow for the lack of the Qubes VM Manager as well., and some other minor things that may have major user impact for some people.

- VM Backup GUI seems missing. Is this perhaps something still being worked on and is coming later? Seems really odd that it's missing. I am by no means worried about using the terminal, but it's often extra work. Which is really bad when it takes away valuable time, especially when on the move and in a hurry. It is also a disadvantage for people who are visually stronger to gather a mental overview of their system.

- Seems like there is a missing ability to see inactive VM's for the visual users (Just like the 3.2 VM Manager can show inactive VM's). This is really important for some people, while not important for some others. Albeit, perhaps I just missed the feature to turn it on in the widget?

- Not sure of this one, it might just be due to the VM starting bug, but it seems like we can't easily have an overview of used memory/drive space for each VM anymore? If true, this is a big problem for people on limited hardware resources, who need to be mindful of what is currently running in order not to spend it all up. For example (A contrast example), I never worry if I use all memory, it's essentially almost impossible for me to use it all up inside normal use cases. However on my "8GB ram/128GB SDD" laptop/tablet hybrid running Qubes, this is a very, very different story altogether.
Devices are only getting smaller, the inability to upgrade drives or memory in the near future, seems to make smart software more important than ever before. Having good overview of VM resources is imho a really, really good thing.
Especially because not everyone runs around with laptops that have 12-16+ GB memory.

- VM colors? It might be my limited knowledge here, but adding extra colors, even if just a few, shouldn't take long? 5-10 minutes to add? I might just be super naive here. But having said that, even a few extra colors would be really nice. Heck, even light and dark color versions, like for example light/dark variants of (blue,red,purple,green, etc.).


I did not have much time to look around, so perhaps I just missed some of the changes, but this is my first impression nontheless.

Having said that, I'm really, really excited about the increased virtualization security and the AdminVM features. Can't say nothing else but that it's an amazing job you guys did there (and a lot of hard work too, which we end users should appreciate more).

Franz

unread,
Aug 4, 2017, 9:25:03 PM8/4/17
to Unman, Eva Star, qubes...@googlegroups.com

Sorry, but I do not believe that. How can your users perform the following basic required actions without a CLI:
 1. verify iso
2. put the iso on a usb stick
3. print (you need a custom DVM)
4. scan
5. update templates after EOL
6. update dom0 and templates when the same Manager command does not work for some reason. How many times it happened?
7. solve various issues when something simply does not work as expected, such as the last one with the wrong kernel when you Unman kindly helped me to solve it with the terminal because it did not work with the Manager

Most of them
rarely touch the Manager.


How can they update templates and dom0 without touching the Manager?

You users may be able to use Qubes only because you kindly help them with the above and other issues. Nothing wrong with that of course, you are a very nice person, but they are not autonomous. If they have to travel a couple of months and something wrong happens, as with my wife that had wifi dead, then they are unable to solve it. Worse,  NOBODY is able to help because when they see Qubes they declare inability.  In that case I was lucky to be able on the phone to tell her to connect with ethernet and upgrade Fedora 24 to Fedora 25 and it fixed it. But it was just luck that it worked and that she was able to correctly do what I told her. What was broken? No idea.

Without you, coouloutac  or even me, always ready to help, how can a normal person use Qubes without using the CLI. No way. Now Qubes is still a project for geeks. Too many issues. And it is obvious that this state cannot improve until we are obliged to continuously change architecture such as the last one release 4 for the Xen issues. But hopefully this is the last change we need to do and can concentrate on maturing Qubes into a more mainstream product.
Best
Fran

yura...@gmail.com

unread,
Aug 4, 2017, 10:01:48 PM8/4/17
to qubes-users, un...@thirdeyesecurity.org, eva...@openmailbox.org
A worry I've been thinking about regarding the backup feature missing, is that it seems like it's intended to be used through the AdminVM over a network. In other words, this seems more like a move towards business users, rather than the regular every day user that might prefer an external USB drive through a GUI window.

Qubes is moving towards business users, we already know that much. But are the regular users getting ignored now as a result? or are both still being seen as primary users?

It's clear that Qubes 4 took a lot of hard work, so perhaps there just wasn't enough time to work on everyday touch and feels, like proper GUI and user experience.

But the deep worry that Qubes might or might not be giving up on normal users, is definitely there for me. I have high hopes for Qubes to change the PC/Mobile environment of the future, forcing the hand on any other OS out there. There should be no issues to support both users and businesses.

It's not that I believe this, but the elephant is still in the room. Are users getting ignored now? or was it just because Qubes 4 had so much work that there was little time left for anything else?

If the latter is indeed the case, what is the next everyday user experience development in planning? Gnome 3? Return of GUI tools such as backup? Graphics in VM's for high end graphics? Gaming even? I mean, I do believe if these mentioned issues were fixed, Qubes could draw in quite a lot of new users.
Heck many gamers care about privacy and security too, there is a large user-base there if you manage to make gaming through virtualization work smoothly.
Think about it, how highly connected gamers are through gaming news etc., if gaming worked in Qubes, it'd in my opinion draw a lot of positive attention, and a likely substantial Qubes userbase growth. Getting graphics to work in Qubes is being seen as a low priority, for the life of me, I cannot see why this is the case, with so many potential new Qubes users laying in wait.

P R

unread,
Aug 4, 2017, 10:28:54 PM8/4/17
to Marek Marczykowski-Górecki, qubes-users
Hello,

Am 31.07.2017 1:43 nachm. schrieb "Marek Marczykowski-Górecki" <marm...@invisiblethingslab.com>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

We have just released Qubes 4.0-rc1:

https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

I installed Qubes 4rc1 on my Lenovo X200, Installation took some time, but successful.

After the first boot I choosed to configure sys-net, sys-firewall, sys-usb.
After a few minutes I got an error message (attached).
I was able to login into Qubes afterwards but I can't start any VM except sys-net:

qvm-start sys-firewall, results in:

Start failed: internal error: libxenlight failed to create new domain 'sys-firewall'

If I enter qvm-ls I can see that a sys-firewall AppVM is present and that it is based on the same fedora-25 template like sys-net.

Any ideas where to continue from here?

I have also tried to add a new AppVM based on the same template but I get the same error message when starting it.

- PhR



IMG_20170805_041544.jpg

Marek Marczykowski-Górecki

unread,
Aug 5, 2017, 3:44:27 AM8/5/17
to P R, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Aug 04, 2017 at 10:28:45PM -0400, P R wrote:
> I installed Qubes 4rc1 on my Lenovo X200, Installation took some time, but
> successful.
>
> After the first boot I choosed to configure sys-net, sys-firewall, sys-usb.
> After a few minutes I got an error message (attached).
> I was able to login into Qubes afterwards but I can't start any VM except
> sys-net:
>
> qvm-start sys-firewall, results in:
>
> Start failed: internal error: libxenlight failed to create new domain
> 'sys-firewall'

Make sure you have VT-x and VT-d enabled in BIOS.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZhXdUAAoJENuP0xzK19csSuUH/i69emcMrP6gFtdG/CpoMdHd
sXxTx7qbJ03vgaXnkCCS1weJHYgqnyApTKSvYTAsX6hUgQaaC9hGS0Xj3yoPMXYl
/O0X/49X//CudLbTAXm1LSs6ajo5KQXc5m+m8dZhAtZ2b4kBA8PdZC0jszF1aJ2Q
8J2yFh9WuRvrX2jxLnumtz/81PkonuHFgsaRPfblG6S6G5C4aSl2Oz1sgx/H8aVM
Rrw/roKw2a6j0qQlj/Wu+JFgnwUTzXX1hL+lbKy5i410YlQ7F/6KSj5Kbua2Nmsu
1hOeLizVPhUrmXonvKHLoATBnBc3prYdrvkNgFxrNnOm6BxxwV8Q20KA43cbo90=
=msxX
-----END PGP SIGNATURE-----

P R

unread,
Aug 5, 2017, 4:04:30 AM8/5/17
to Marek Marczykowski-Górecki, qubes-users
Hello Marek,

Am 05.08.2017 9:44 vorm. schrieb "Marek Marczykowski-Górecki" <marm...@invisiblethingslab.com>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, Aug 04, 2017 at 10:28:45PM 
> Start failed: internal error: libxenlight failed to create new domain
> 'sys-firewall'

Make sure you have VT-x and VT-d enabled in BIOS.

Indeed, I have checked BIOS setting and vt-d was disabled for some strange reason (it was enabled under Qubes 3.2 before).

If I try to start the AppVMs and also the Fedora-25 Template VM I get the same error.
As I also got the message at the end of the Qubes installation process, do you suggest to reinstall, now that vt-d is enabled?

Another strange issue is that I can only see 'Start' in the list of available applications in all Fedora VMs.

As I haven't read this before, it seems that something is broken.
Guess reinstalling  is the best option??

- PhR

Marek Marczykowski-Górecki

unread,
Aug 5, 2017, 4:28:37 AM8/5/17
to P R, qubes-users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sat, Aug 05, 2017 at 04:04:27AM -0400, P R wrote:
> Hello Marek,
>
> Am 05.08.2017 9:44 vorm. schrieb "Marek Marczykowski-Górecki" <
> marm...@invisiblethingslab.com>:
>
> On Fri, Aug 04, 2017 at 10:28:45PM
> > Start failed: internal error: libxenlight failed to create new domain
> > 'sys-firewall'
>
> Make sure you have VT-x and VT-d enabled in BIOS.
>
>
> Indeed, I have checked BIOS setting and vt-d was disabled for some strange
> reason (it was enabled under Qubes 3.2 before).
>
> If I try to start the AppVMs and also the Fedora-25 Template VM I get the
> same error.
> As I also got the message at the end of the Qubes installation process, do
> you suggest to reinstall, now that vt-d is enabled?
>
> Another strange issue is that I can only see 'Start' in the list of
> available applications in all Fedora VMs.
>
> As I haven't read this before, it seems that something is broken.
> Guess reinstalling is the best option??

Probably yes - without VT-x and VT-d, initial configuration failed.

- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZhYGuAAoJENuP0xzK19csojcH/iilrBnK1RpMqsB1SNP/MXmh
kD08X+4JgEImhph2xHWzKbU5DCb4gmVlfvfLdSOmvybE3G9QqAEyZouUN13/jW/O
LrTqZVRxC4eLqKZNI2lXc4AQHc5QATKaZoAFXmKMQerV/BTz9F9oD1IZYCWbPyzp
scDIFR4qRZXBEmqinqCTDI+vNwng7ZV0M+WOoD9Poq+RTc03vILeySb4uVAbPt++
Nmt3nwDHG/W5hIPhD+XfWOIh2stjK1GX/0bwEcmp8+JBd0WL8OqzhJfX6ROF+AFo
ZxH1nwpKuEtcs74bcPWurNQ5sopqiT/+4mxdegg38o2OO1RL5QvVUjOwtimAu0M=
=qYuI
-----END PGP SIGNATURE-----

P R

unread,
Aug 5, 2017, 6:49:55 AM8/5/17
to Marek Marczykowski-Górecki, qubes-users
Hello,

Am 05.08.2017 10:28 vorm. schrieb "Marek Marczykowski-Górecki" <marm...@invisiblethingslab.com>:
(...)
Probably yes - without VT-x and VT-d, initial configuration failed.

I have no restarted installation on my Lenovo X200 with VT-x and VT-d enabled but it seems that the installation hangs after booting up.
I have removed rhgb quiet and set console=vga to see what is happening. After the first few lines the displays clears and I get a black screen while the drive LED is on (so there seems to be some activity, but nothing happens.

I remember that there were some issues with installing Qubes on a X200.

Question: is there any setting I can tweak during grub boot to be able to run the Qubes OS installed with VT-x and VT-d enabled?

Anyone else tried to install Qubes 4 on a Lenovo X200?

- PhR

P R

unread,
Aug 5, 2017, 6:59:24 AM8/5/17
to Marek Marczykowski-Górecki, qubes-users
Additional information, I forgot to mention:

Am 05.08.2017 12:49 nachm. schrieb "P R" <p.rasc...@googlemail.com>:
Hello,


Am 05.08.2017 10:28 vorm. schrieb "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>:
(...)
Probably yes - without VT-x and VT-d, initial configuration failed.

I have no restarted installation on my Lenovo X200 with VT-x and VT-d enabled but it seems that the installation hangs after booting up.
I have removed rhgb quiet and set console=vga to see what is happening. After the first few lines the displays clears and I get a black screen while the drive LED is on (so there seems to be some activity, but nothing happens.

I remember that there were some issues with installing Qubes on a X200.
(...)

When I boot with VT-d disabled the Qubes 4 installer works and is booting into the Graphical installation GUI.

So it seems that there is a problem launching the installer with VT-d enabled.
But without VT-d I get error messages after the installation has finished, which means that I am currently out of luck installation Qubes 4 on my X200.

:-/

- PhR

yura...@gmail.com

unread,
Aug 5, 2017, 8:17:01 AM8/5/17
to qubes-users, p.rasc...@googlemail.com
Marek, no ill intentions meant here, but the concerns of the release isn't just technical ones. There are questions regarding which target group whom Qubes want to spend time and resources on.
Will these issues not be addressed? Are there no one in the Qubes team whom work with with public relation role, to address these issues,, especially during a major release?

Again, no ill intentions here, but it would be nice to know if your focus is now entirely business users, or if you also intend to make a system for the everyday users as originally planned.
Do regular users take a backseat now? or are both being kept in focus?

This is not a a complaint, but rather, it would just be nice to know rather than keeping it a secret. I do not believe you intend to make it a secret, but it can come across as such, that's why I request a statement on the matter.

cooloutac

unread,
Aug 5, 2017, 10:32:31 AM8/5/17
to qubes-users, eva...@openmailbox.org
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>
> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a4c1304-cbcb-e447-97dc-9db848eae1fd%40openmailbox.org.
>
>
>
> For more options, visit https://groups.google.com/d/optout.

I always wished the start menu was organized identical to the qubes-manger. IMO thats what made it confusing for some.

cooloutac

unread,
Aug 5, 2017, 10:34:53 AM8/5/17
to qubes-users, eva...@openmailbox.org
On Wednesday, August 2, 2017 at 11:43:34 PM UTC-4, Francesco wrote:
> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>
> To post to this group, send email to qubes...@googlegroups.com.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a4c1304-cbcb-e447-97dc-9db848eae1fd%40