Re: [qubes-users] 3.2.1 / An updated 3.2 iso?
Le dimanche 24 décembre 2017 11:03:56 UTC+1, awokd a écrit : > On Sun, December 24, 2017 9:47 am, Frédéric Pierret (fepitre) wrote: > > > Hi, I have also some free time (holidays!), as I have already prepared > > updated ISO for myself, I will give you some help on it. > > Thanks! I'll ping you off list. I suceed to build a release3.2 with Fedora 25 as dom0. It is done with some adjustments: xen-4.6.6 with a gmp patch, core-libvirt v3.1.0 (due to python version), and just a backport of some commits related to mgmt-salt, and some adjustments in the installer for default template Fedora 26 and Debian 9. In my repos I named it release3.3 (almost finish to push every minor changes). Should I do a complete report for let you rebuild the whole thing Marek or you would like to skip this release? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/230d5e29-b792-42ce-abc1-621a3856a36b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2.1 / An updated 3.2 iso?
On Tue, December 26, 2017 10:40 am, Frédéric Pierret (fepitre) wrote: > Le dimanche 24 décembre 2017 11:03:56 UTC+1, awokd a écrit : > >> On Sun, December 24, 2017 9:47 am, Frédéric Pierret (fepitre) wrote: >> >> >>> Hi, I have also some free time (holidays!), as I have already >>> prepared updated ISO for myself, I will give you some help on it. >> >> Thanks! I'll ping you off list. >> > > I suceed to build a release3.2 with Fedora 25 as dom0. It is done with > some adjustments: xen-4.6.6 with a gmp patch, core-libvirt v3.1.0 (due to > python version), and just a backport of some commits related to > mgmt-salt, and some adjustments in the installer for default template > Fedora 26 and Debian 9. In my repos I named it release3.3 (almost finish > to push every minor changes). Should I do a complete report for let you > rebuild the whole thing Marek or you would like to skip this release? I emailed you a couple times with no reply, am I getting spam filtered at your end? Anyways, the build I'm working on addresses a couple other issues as well besides changing the default templates. I didn't dare trying to upgrade dom0. I've been doing full builds and testing the install on physical machines, so it takes a long time! Maybe our two builds should be merged somehow, but I'll leave that up to the professionals. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6cebb88e397b269f261da9b14d690a0.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
>> ...switch to cookie authentication and forget the password, that way when >> the zero-day >> happens you only lose your cookie which is probably not as powerful as >> the actual password(ie I dont think you can change your password with >> just the cookie) plus the zero day can't "permanently" compromise >> thunderbird cause you opened it in a disposable yes, it can't probably change the password. but this is useless, is again like "admin vs not". stealing a cookie *ONCE* and you: -can't change password -CAN impersonate user -CAN read all mails in other words can do everything someone does with his mail... and mails works in other way so... i think that Qubes way is much better than any other thing, use it and don't worry about some impractical scenarios. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/247e0dfe-3c2d-3a1f-fedb-d65df200feea%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2.1 / An updated 3.2 iso?
Le mardi 26 décembre 2017 13:36:40 UTC+1, awokd a écrit : > On Tue, December 26, 2017 10:40 am, Frédéric Pierret (fepitre) wrote: > > Le dimanche 24 décembre 2017 11:03:56 UTC+1, awokd a écrit : > > > >> On Sun, December 24, 2017 9:47 am, Frédéric Pierret (fepitre) wrote: > >> > >> > >>> Hi, I have also some free time (holidays!), as I have already > >>> prepared updated ISO for myself, I will give you some help on it. > >> > >> Thanks! I'll ping you off list. > >> > > > > I suceed to build a release3.2 with Fedora 25 as dom0. It is done with > > some adjustments: xen-4.6.6 with a gmp patch, core-libvirt v3.1.0 (due to > > python version), and just a backport of some commits related to > > mgmt-salt, and some adjustments in the installer for default template > > Fedora 26 and Debian 9. In my repos I named it release3.3 (almost finish > > to push every minor changes). Should I do a complete report for let you > > rebuild the whole thing Marek or you would like to skip this release? > > I emailed you a couple times with no reply, am I getting spam filtered at > your end? Oops..indeed it was in the SPAM box...(really sorry...i did not checked it on the webmail) > > Anyways, the build I'm working on addresses a couple other issues as well > besides changing the default templates. I didn't dare trying to upgrade > dom0. I've been doing full builds and testing the install on physical > machines, so it takes a long time! Maybe our two builds should be merged > somehow, but I'll leave that up to the professionals. Sure. Let Marek decides what ever we should adopt as strategy. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b906e776-52a2-4848-a586-ba7255da7695%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
On Tuesday, 26 December 2017 00:56:30 CET mmm...@gmail.com wrote: > "So make sure your software is from a trusted source." > Right but even if it is trusted at one point it can become less > trustworthy later(infection) so I wanted to keep it perfectly "fresh" by > using disposables. Aha. In Qubes you *use* AppVM based virtual machines. Those are unable to change software because the actual software is owned by a TemplateVM. As such this idea of keeping it fresh is already done by normal daily usage of Qubes. The disposable VM concept goes one step up by isolating changes to your private data (downloaded files, config, etc). For your goal the dispVM doesn't add anything, AppVMs already do what you want. > "Personally, I' d avoid thunderbird and anything from mozilla, but thats > just me." > Do they have a bad track record(I planned on researching my apps later > =p). Just last month they added an invisible plugin in their binary builds which was programmed to not show up in the 'add-on' screen and had the ability to alter page content. Someone didn't actually program it well enough and the whole thing got leaked and after a lot of heat, a lot of bad press they eventually apologised. I'm more concerned that they tried then how they failed. It leaves a bad taste in my mouth. Google for "looking glass" and "mozilla" if you want to know more. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2452051.NKi2Ta5ZWQ%40cherry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can I use paranoid mode from a 3.2 backup?
On Saturday, December 23, 2017 at 8:40:08 PM UTC-5, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Dec 20, 2017 at 10:35:26AM -0800, cooloutac wrote: > > Thinking of upgrading to 4.0. > > if I want to restore vms from 3.2, possibly compromised, system. Can I use > > the paranoid restore mode in 4.0, or would that only work from 4.0 backup. > > This isn't properly documented yet. The general idea is to restore the > backup using some dedicated VM (maybe even disposable VM), instead of > dom0. See here: > https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/#sandboxed-paranoid-backup-restores > In the section "Simple management VM demo", you can find required steps > to setup qrexec policy to allow such operation. > > Our previous tests weren't very successful: > https://github.com/QubesOS/qubes-issues/issues/2986 > > But things have improved since then and hopefully(*) it works now. > > (*) which reminds me to add automated test for this case of backup > too... > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > > iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlo/BXEACgkQ24/THMrX > 1yzWLAf+M3aaE2f654BE0K1GKeMQvKn9Aj2ZeWeGQJGyWSY2Or2yP56mqQ83sb71 > Pl/fdV0f+PX2PkZbvezHawni+kuTLJ7I7B6njrfbOZvjNNozP/P8e9AuRRa4G9Jw > RgNY88BF5UmOU/ZK6RnDeLi9DSiQZI1olNmsNn3emrvu6Y2gilt0vmxCAa7mfKYd > 7sk/Xt0oyH/q260kZwdNysu66gULnq1x3lwtGrhpWD0Zui/StKZ56yHicX5liau+ > foap465e1gwhtuIkO50KAqAZHYrWWmh1yMUeoqfouUDBe0wYZ1MPyzSTEILkKsYx > 3NasV/1rPOhGNnPMkFKRy+FNyK2RQQ== > =ty+y > -END PGP SIGNATURE- tks when I get a chance I'll give it a shot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9cae2caa-2385-4c3e-80a9-6adbaff45154%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Duplicate MAC address error
wonder if your system runs low on ram? Could also try using system without iommu and see if it still happens. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/69bbf1b5-c559-42d4-a8f6-e4f956d70c08%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: how to clone template (fedora?), and print from cloned template in disposable vm? printer configuration
On Saturday, December 23, 2017 at 5:45:47 PM UTC-5, jerry wrote: > https://www.qubes-os.org/doc/dom0-tools/qvm-clone/ then install printer in the cloned template, using your printer models linux instructions. You can download the drivers using a disposable vm then transfer them to the template or temporarily allow net access to the conled template to install drivers. Set your diposable vm to use the new template as its netvm. https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bfbecd46-ef10-4acf-8061-f4aa2154f47f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Dumping BIOS
On Friday, December 15, 2017 at 8:25:53 PM UTC-5, tai...@gmx.com wrote: > On 12/15/2017 12:54 PM, Matteo wrote: > > >> I disagree when you say nooone is going to backdoor your bios. I think > >> its very common nowadays. > Actually no it isn't - unless you have managed to ruffle the feathers of > a state actor such as the FSB or MSS. > > I have never heard of a real proven BIOS hack of anyone even a serious > military intelligence target let alone a common law abiding citizen who > simply managed to piss off some guy in a chat-room or what not, I am > sure it has been done many times but despite being active in the > firmware modification community I haven't heard about it. > > as far as i know there is computrace that is an anti theft system that > > gain persistence over the os by dropping an exe that windows will load > > at boot time but this works only over fat32 and ntfs (not encrypted). > > i heard also about lenovo doing the same thing for ads or whatever. and > > after people got angry they released a bios patch to opt-out. > > but i wouldn't say "very common". > Computrace uses a windows utility to do this not direct code injection > so using linux or simply disabling it in your vendor BIOS would solve > the issue of an out-dated problematic exe being forcibly loaded. > > If you wish for better security you can use a coreboot board with open > source silicon init (not purism, get the libre RYF kcma-d8 or the lenovo > g505s laptop for instance) otherwise while you can use an external flash > clip to read back the BIOS and make sure it hasn't been modified you > still would be vulnerable to manufacturer security problems, ME etc. I would get the same responses from people in the 90s. Can't believe its still parroted in 2017 when we see so many real life examples and poc's. Bios devs claim bios's are more safer now, but I think they are less safe. Its why I'm a big fan of ITL, they keep it real. You forget all the hacking teams out there getting their data pilfered by 15 year olds. Or the story about intel's backdoor that has been there for years and years, who knows how many people knew. Its also holiday season right now. Satans claws are coming to town and everything is on sale for everyone lol I think part of the problem is old school mentalities like yours have a hard time not only admitting that a bios can be infected in the first place, but also that it can be infected remotely. Its also very hard to admit to something like this, because what can we really do against it? I still remember the look on everyones face on the panel of the Logan CIJ Symposium 2016 when Joanna said maybe there is no point if we can't trust companies or developers or the hardware is backdoored. Doesn't purism use secure boot on their latest model? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d814b0f-85ff-49e2-9b52-18b9022cf20e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Lenovo G505S Coreboot
Le mardi 26 décembre 2017 00:05:28 UTC+1, tai...@gmx.com a écrit : > On 12/25/2017 12:16 PM, Blooorp wrote: > > > Le lundi 25 décembre 2017 16:27:11 UTC+1, awokd a écrit : > >> On Mon, December 25, 2017 3:07 pm, Blooorp wrote: > >>> "Devices/Add a VGA BIOS image (don't specify location or IDs, let it > >>> auto-populate) " > >>> > >>> make: *** No rule to make target 'vgabios.bin', needed by > >>> 'build/coreboot.pre'. Stop. > >>> > >>> > >>> Looks like it didn't work, should I put the location and ID of the one I > >>> extracted from the stock bios? > >> I think I copied mine to the top level coreboot folder as "vgabios.bin" > >> and let it find it there. > >> > >> Email me directly if it's still not working and I can help, we're off > >> topic from qubes-users now... > > Everything works now, my mistake was using the wrong vgabios.bin, the stock > > bios contains the ones for each version of the laptop but I didn't know > > that so I took the first that I found, with device ID 6663. > > The one I then searched for and that worked, thanks to awokd, was with > > device ID 990b, appropriate for the G505s with integrated graphics and not > > discrete card. > > > Don't forget about that microcode update - it is mandatory both for for > security and IOMMU. > > Use the patch that awoke made, a true service to the community - the > lenovo g505s is now properly working and is the best laptop for qubes as > it supports an open source init version of coreboot without ME/PSP > unlike purisms laptops with the not really disabled ME and entirely > blobbed silicon init via intel FSP. Didn't forget about it, he did some awesome work :) I took my time to choose the right laptop to get into Qubes, really feels that I made the right choice ! But now, I need to make Qubes work on it, I'm collecting the issues haha -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a2a17389-fa86-4ef1-be57-26eab8feb169%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: how to use "Rescue a Qubes system" or save my data, won't boot
On Friday, December 15, 2017 at 12:08:55 PM UTC-5, jer...@disroot.org wrote: > I first used a konsole, using the guide on qubes's site "Using and Managing > USB Devices" > 1. Enable sys-usb > > using the command sudo qubesctl top.enable qvm.sys-usb > 2. Apply the configuration: > using the command sudo qubesctl state.highstate > > then it froze, restarted system, and when in passphrase entering the > encryption code, keyboard didn't work, but when i press a button it > highlights the num button, and if i hold any button on keyboard the num > highlight is turned on, when i release the light is off... > > i reinstalled qubes choosing manual partition (not the automatic), i'm > un-sure if i deleted or damaged my data.. (see note below) > now it still doesn't boot qubes, keyboard works on passphrase encryption of > disk, but when it's loaded, it gets stuck, if i click alt+tab it counts some > numbers and says unlimited. > > note: i still think i have the data, maybe, i have something like > luks-23232-f-sdf-saf-sad-sa-ds and also dom0-root-00 something (not accurate > name) You would have had to edit grub and remove the hide all line to be able to enter passphrase. https://www.qubes-os.org/doc/usb/ WHat you can do for keyboard if you have a ps2 port is use a usb to ps2 adapter. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bac55e60-05be-4508-9ba2-e0c95c3a61a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] how to forward webcam to a VM?
On Friday, December 15, 2017 at 2:19:40 PM UTC-5, evo wrote: > Am 15.12.2017 um 20:11 schrieb awokd: > > On Fri, December 15, 2017 11:13 am, evo wrote: > > > >> so i've tried it, but i get this error by starting webcam-vm after adding > >> the usb-device to it: "libxenlight could not create a new domain > >> "webcam-vm" > >> > >> > >> if i try it one more time, i get: UnicodeDecodeError: ascii codec can't > >> decode byte 0xc3 in position 34: ordinal not in range(128). > >> > >> i've tried all three usb devices that are shown on sys-usb > > > > You are running Qubes 3.2? Not sure what's going on then, that usually > > fixes it for me... > > > > > > > yes, the last version of qubes (3.2) :-/ shot in the dark. what if you use a usb 2.0 port instead of 3.0? or vice versa? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1be7e5bc-1f1d-46e7-9489-a7b12ac1a9f7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Duplicate MAC address error
On Tue, Dec 26, 2017 at 8:18 PM, cooloutac wrote: > > wonder if your system runs low on ram? Could also try using system without > iommu and see if it still happens. > I have 32GB here on a T470. I hope that is okay :) Kushal -- Staff, Freedom of the Press Foundation CPython Core Developer Director, Python Software Foundation https://kushaldas.in -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAzeMbxejFzUDSswmTA4mXGtKEuMztFV%3DayYVrZ3Okg_9e601A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Intel NUC7i5BNH
WiFi fails after sleep. UEFI disabled / legacy enabled. Graphic install failed to load for Qubes 3.2; 4.0 rc3 installed without apparent issue. Have not tested Thunderbolt. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAE7XU-biEhONt0Nzat%3DOCRzL5eq%3DB0pavDnYr1e2Jd9RkuUQFQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Intel_Corporation-NUC7i5BNH-20171226-140508.cpio.gz Description: GNU Zip compressed data Qubes-HCL-Intel_Corporation-NUC7i5BNH-20171226-140508.yml Description: application/yaml
Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?
re: /var/tmp is dom0 I am unable to cut and paste from dom0 what I see is /dev/mapper/qubes_dom0-root 952848292 780151168(used) 123272164(available) 87% / and various others smaller directories ; I don't know what a "partial restore" would look like ; I never touch dom0 :0 >>> >>> It would be some large directories in /var/tmp that start with >>> `restore_`. But it sounds like that's not your problem. Pretty >>> sure it's what we diagnosed above (large backups in dom0 home). >>> >> >> - And *Once something is in dom0 files it can't be moved >> *out to any other VMs , > > You can move files from dom0 to other VMs: > > https://www.qubes-os.org/doc/copy-from-dom0/ > >> so guess I need to delete the large AppVM backup, that is >> *indeed in dom0 /home and re-back it up to an another internal >> HD would seem to be preferable , that backing up to dom0 to >> dom0 (since I guess I'll be backing up "everything" and if that's >> too large then maybe I'll skip the Templates... Well I rm 'd all but the 1 large successful photo AppVM. And instead of re-backing it up to backupVM (AppVM) I attached another internal HD to the backupVM and am trying to back to it( by 1st doing qvm-copy-to-vm , however it's complaining "qfile-dom0-agent: File copy: no space left on device" I do note that whatever qubes_dom0-root ?file is above is stating 87% used . (this qubest install is running on a 1GB HD there should be plenty of run, I have a lot of AppVM perhaps each one walls off a certain amount of the HD whether they are used or not ? or perhaps I need to allow backupVM AppVM more "Basic-> Disk storage -> private storage max size: which is currently set to 2048MB ? l0l change that to 512000 MB maybe ? >> But, again just curious, are the Templates , Whonix, and AppVMs, >> dom0 going to be *importable into Qubes 4.0 ? in general , I >> don't really use Deb-8 which it sounds like will be in Q4.0, and >> Fedora's Templates will be F26 *not F25 ... ? >> > > I haven't personally experimented with this much, so I'll leave it to > someone who has done so to comment on whether it's possible. Isn't part of the purpose for a 3.2 backup being to enable to eventually "import" their VMs into 4.0 from 3.2 ??? Seems to me this would be something basic task that folks are going to do? or maybe it's so trivial for all the pro users out there , doesn't need commenting ? or: if 4.0 is going to come stock with Fedora 26 , are AppVMs based on Fedora 25 even going to be "import"-able into 4.0 ? I'd really not have to re-tweak all my Firefox instances again for example :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54c0c72dd023e1bc2477006d6a1d7206%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?
fwiw, I am unable to actually add backupVM diskspace for the same reason, duh. I think my only option is to remove the huge dom0 file , but I'm still wondering how do I get a system wide understanding of how 3.2 is using the 1GB HD, seems should be otherwise plenty of room to run 3.2 ... sigh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/84c38c96a40f58423c01f4ba3e75980c%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?
On Tue, December 26, 2017 7:15 pm, yreb...@riseup.net wrote: > fwiw, I am unable to actually add backupVM diskspace for the same reason, > duh. I think my only option is to remove the huge dom0 file , but I'm > still wondering how do I get a system wide understanding of how 3.2 is > using the 1GB HD, seems should be otherwise plenty of room to run 3.2 > ... sigh In dom0, do cd / du -hd1 then cd into large directories and repeat du -hd1. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/39687cdd55b534d5e5930247568256b5.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
AW: [qubes-users] Re: how to clone template (fedora?), and print from cloned template in disposable vm? printer configuration
x x xxx xx x xxx "xj Gesendet von ProtonMail mobile Original-Nachricht An 26. Dez. 2017, 15:53, cooloutac schrieb: > On Saturday, December 23, 2017 at 5:45:47 PM UTC-5, jerry wrote: >> > > https://www.qubes-os.org/doc/dom0-tools/qvm-clone/ > > then install printer in the cloned template, using your printer models linux > instructions. You can download the drivers using a disposable vm then > transfer them to the template or temporarily allow net access to the conled > template to install drivers. > > Set your diposable vm to use the new template as its netvm. > https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/ > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/bfbecd46-ef10-4acf-8061-f4aa2154f47f%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/jUrhaibkZUOIGXgz2gAiIO8sKkqjV_dU5WqnlRxrAskfNhX4xXQoLZ9IkUuUoDJ4J8C7xvV_wiiHGbq7XZl4GwKKWBjBM1oJrd5tlZPwb48%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Which 3.2 VMs to backup and for eventual 4.0 migration?
On 2017-12-26 10:14, awokd wrote: > On Tue, December 26, 2017 7:15 pm, yreb...@riseup.net wrote: >> fwiw, I am unable to actually add backupVM diskspace for the same reason, >> duh. I think my only option is to remove the huge dom0 file , but I'm >> still wondering how do I get a system wide understanding of how 3.2 is >> using the 1GB HD, seems should be otherwise plenty of room to run 3.2 >> ... sigh > > In dom0, do > cd / > du -hd1 > > then cd into large directories and repeat du -hd1. Ok, thx only thing seems strange is in a Debian AppVM (my only Deb AppVM) I have 2 files private.img and volatile.img which end up *near 1.3Gb any idea if this is normal ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3400f0c49c70f0f85b09e13f436bc599%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Lenovo G505s with Coreboot and Qubes R4-rc3 fails to boot
I installed Qubes with Encryption on my laptop, all looked fine exept for a popup saying that my hardware doesn't support Interrupt Remapping, which shouldn't fail my install. Then on first boot, after I enter my password, the graphical loading screen appears for a few seconds, black screen, a series of console outputs(too fast to grasp much of it, tho I noticed a "kernel panic - not syncing: fatal exception" and back to boot. The same happened at each boot, sometimes it didn't even ask me for my password and failed the same way. I reinstalled Qubes without encryption but the same happened. I tried to reboot without my wifi card or without the "iommu=no-igfx" parameter in the GRUB boot menu but no result. Any idea what may be happening? Any way to save the boot logs? I tried making journalctl persistent and export the files with the troubleshooting tool from the installation media, but nothing was saved. I'm pretty much using the same machine with the same coreboot build and the same version of Qubes than Awokd but he doesn't have this issue. Thanks in advance :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59860cb4-a8ce-49cb-9ace-a77b8a24569d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to install software on templates (Qubes 4.0)
Per this, in Qubes 4.0 software is to be installed using Qubes tools. https://groups.google.com/d/msg/qubes-users/aBE-U9YKhjU/0t7hspsbAgAJ Is there at this time any documentation of how that's done? The current list of CLI tools doesn't seem to include anything that relates. I looked at Yum Extender under System Tools, but don't see any way to either install arbitrary RPMs or add new repos. This: https://unix.stackexchange.com/questions/334117/how-to-add-software-sources-for-dom0-in-qubes ...suggests that the correct way to do it is to temporarily add a repo, then remove it when you're done installing. 1. Is that the canonical method? 2. How would we retrieve updates? 3. What if we need to install a package that's not available via a repo? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ad1c37a-062a-47c8-8edc-5b49298a6e63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Password security/disposable vm security
Kk, thanks for all the information as long as that AppVM thing is true I'm happy enough. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8bf2c54-a135-486b-b9f1-dd0cfd6fd896%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install software on templates (Qubes 4.0)
In short, software is to be installed in your template exactly the same as you would do it in the ‘upstream’ way. So if you are using a debian template, you’d be able to go to the debian wiki pages that explain how to do it. So your question 1 and two are answers with; “like in the upstream distro". > 3. What if we need to install a package that's not available via a repo? This opens a bit more complex situation because software not available for a public repo may cause the issue of it not being trusted. I don’t trust skype, for instance. Technically the installation is not too difficult, you just follow the instructions from the place you find the software. But it is important to assess how much you trust this software and its installer because changes made in a template will have an effect on ALL qubes that are based on it. Installing untrusted software in a template may end up exposing your data in the “work” qube that is based on it. You may consider creating a new AppVM where you install the software (again, using the instructions from the place where you find the software). Check the /rw/config dir, there is a binds configuration that allows you to specify which files or directories are kept between restarts. Hope this helps. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4259797.hveZSERC7u%40strawberry. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Lenovo G505s with Coreboot and Qubes R4-rc3 fails to boot
Le mardi 26 décembre 2017 22:26:10 UTC+1, Blooorp a écrit : > I installed Qubes with Encryption on my laptop, all looked fine exept for a > popup saying that my hardware doesn't support Interrupt Remapping, which > shouldn't fail my install. > > Then on first boot, after I enter my password, the graphical loading screen > appears for a few seconds, black screen, a series of console outputs(too fast > to grasp much of it, tho I noticed a "kernel panic - not syncing: fatal > exception" and back to boot. > > The same happened at each boot, sometimes it didn't even ask me for my > password and failed the same way. I reinstalled Qubes without encryption but > the same happened. > > I tried to reboot without my wifi card or without the "iommu=no-igfx" > parameter in the GRUB boot menu but no result. > > Any idea what may be happening? > Any way to save the boot logs? I tried making journalctl persistent and > export the files with the troubleshooting tool from the installation media, > but nothing was saved. > > I'm pretty much using the same machine with the same coreboot build and the > same version of Qubes than Awokd but he doesn't have this issue. > > Thanks in advance :) Some additional input I forgot to add : I have the version of the G505s with integrated HD 8650G + discrete R5 M230 graphics. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8efe6ff4-49ca-4543-8cf4-7c4cf9283ebc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install software on templates (Qubes 4.0)
Sorry, I guess I'm not understanding your answer. The 'usual way' to install in
an upstream distro would be to connect to the network. Again, as I understand
it, in Qubes 4, we can't do that anymore from templates:
Templates don't have Net-VM's in Qubes 4. All updates are run over the
Qubes-tools, and are no longer networked.
[https://groups.google.com/d/msg/qubes-users/aBE-U9YKhjU/0t7hspsbAgAJ]
What I imagine I'll try next is to get the RPM into the template filesystem and
use command line tools to install it. Is that what you mean by "the usual
methods"? That still leaves the package without a clear way to be updated.
As far as the 'trusted' or 'not trusted' nature of a particular piece of
software: We need to install what we need to install. If the system prevents
people from doing what they need to do, they won't use the system -- that's
axiomatic. So that's a net reduction in security. ('The best security is the
security you use.')
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/05a419ca-8940-4b49-8acf-d19cea29c7fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install software on templates (Qubes 4.0)
On Tuesday, 26 December 2017 23:58:36 CET Eric Scoles wrote: > Sorry, I guess I'm not understanding your answer. The 'usual way' to > install in an upstream distro would be to connect to the network. Your ‘yum’, ‘pacman’, ‘apt-get’ have access to the internet via a proxy solution. Please give it a try. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22619918.86Z0RbBJyT%40strawberry. For more options, visit https://groups.google.com/d/optout.
Mozilla (was: Re: [qubes-users] Password security/disposable vm security)
On 12/26/2017 03:25 PM, 'Tom Zander' via qubes-users wrote:>> "Personally, I' d avoid thunderbird and anything from mozilla, but thats >> just me." >> Do they have a bad track record(I planned on researching my apps later >> =p). > > Just last month they added an invisible plugin in their binary builds which > was programmed to not show up in the 'add-on' screen and had the ability to > alter page content. > Someone didn't actually program it well enough and the whole thing got > leaked and after a lot of heat, a lot of bad press they eventually > apologised. > > I'm more concerned that they tried then how they failed. > It leaves a bad taste in my mouth. > > Google for "looking glass" and "mozilla" if you want to know more. (disclaimer: I once was an intern for Mozilla, though I do not have any bond with Mozilla right now) tl;dr: please do google for “looking glass” and “mozilla” Erhm. This is a *really* biased way of putting things. They did push an (opt-out) study through the (opt-out, iirc) studies subsystem, that did have the ability to alter page content. That said, the add-on was not programmed to not show up in the ‘add-on’ screen (that I know of), it was just a regular opt-out shield study. Now, the handling of this particular instance has indeed been stupid: this study was actually no study, but a promotional event organized with the Mr. Robot series (which explains the ability to alter page content, though I'm obviously not saying anyone wanted it), and in addition to this it appeared with the suspicious “My reality is different than yours” message, which made some users think they had been infected by some virus. So I'm not saying this was not a particularly stupid action and that they did not end up with woefully bad press (especially damaging given they had just outed Firefox 57 and its long-awaited changes), but it's nowhere near as bad as what you imply, ie. that they would already have willingly pushed a malicious add-on. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/421f892b-2758-d853-1bea-33b9e1bc24f1%40gaspard.io. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Weak connection. Cannot reinstall borked template, download will not resume.
Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my debian template by removing qubes-gui-agent and pulseaudio. Was unable to find way to undo damage. Opted to reinstall template, but I cannot download it without my connection dropping, and thus timing me out. dnf does not resume the download, despite it claiming to be saving the download to cache. I have put keepcache=true in dnf.conf, with no results. cannot wget from dom0. Should I wget from some other VM? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3908f022-5c27-4336-a53c-7977e226e5bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.
On Tuesday, December 26, 2017 at 6:02:57 PM UTC-8, dangm...@gmail.com wrote: > Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my > debian template by removing qubes-gui-agent and pulseaudio. > > Was unable to find way to undo damage. > > Opted to reinstall template, but I cannot download it without my connection > dropping, and thus timing me out. dnf does not resume the download, despite > it claiming to be saving the download to cache. > > I have put keepcache=true in dnf.conf, with no results. > > > cannot wget from dom0. Should I wget from some other VM? Qubes 3.2 qubes-dom0-update --action=reinstall qubes-template-debian-8 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/748506e5-9c7f-431e-8a5d-8d0c35826868%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
