Re: [qubes-users] Re: Q wipe files

2016-07-04 Thread 109438'019384'091843'0918'430918'024398 
Hello,

on the application layer I can find some better encryption, which is 
polymorphic. This will prevent that someone find the leverage point to kick the 
crypto out.

https://www.youtube.com/watch?v=aApTVqeGJMw

But sadly this PMC is running only under windows.

https://www.youtube.com/watch?v=aApTVqeGJMw

Ok I can do it on a WinVM under Qubes.
But Windows is not a real time system and so nobody knows what is really going 
on.
The only task is to encrypt the original file and delete/wipe the original file.
So a real-time OS would be much better, than a multitasking system.

If the wipe/shred perhaps or perhaps not will work, there is only one solution 
to make sure that the disk is clean:
 
https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq
 

But never mind, Q OS uses a full disk encryption, which is quite smart. This 
means every original file and any temps or other randomized shadow-files are as 
well encrypted by default. So I don't need to destroy my PC after I send one 
email, because I can remove the WinVM.

But now I came to the old question, is the LUKS disk encryption perhaps or 
perhaps not it will be safe?

I think the only clean support will be the possibility to plug in the own 
parallel encryption.

Is there some tutorial, how I can use a API to plug in my own encryption as a 
per-process f before LUKS begins his crypt-process?

This will be a multi-layer security system in the end.

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/918f266f-92ad-4368-84b7-9ff570ca883c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes top priorities suggestions for me as an user.

2016-07-04 Thread jurisdan 
1) qubes is a system for security and isolation. But when you install, you have 
no encryption options.
distros thinks that if a user wants some strong crypto thing, they must 
research themselves and do all manually. We dont even find nothing about qubes 
encryption in docs. That is wrong. First thing we must do out-of-the-box is to 
offer strong full disk encryption, like veracrypt ones, with options, 
iteractions, etc., and inform the user about that. Even tails for just a live 
browser with storage capability does that. Even distros like PARTED MAGIC for 
managing partitions now come with veracrypt installed as default in live-cds. 
To me, Qubes is neglecting what the user wants to read and do in encryption 
aspects.

I usually use mint strong encryption. But even that i must do manually. Imagine 
ALL users trying to do this on their own. They wont. i use appendix A configs 
from links below, much stronger.

https://community.linuxmint.com/tutorial/view/2026 (bios)
https://community.linuxmint.com/tutorial/view/2061 (uefi)

2) Qubes face 2 problems nowadays for engaging new users with real security.

a) Qubes is a system for HIGH END computers with lots of RAM. Usually if for 
people that has WINDOWS and GAMES also, a good GPU, and wont waste their 
machine on a UNIQUE linux system at least without dual boot. 

b) Nvidia spy on people, with their streaming @!^@^% they put in new gpus, 
network, etc, and people are suspicious amd too. But most consumers are from 
nvidia. nvidia now spy on hardware level. Does not matter the system security. 

The solution? REAL windows virtualization with GPU PASSTROUGH. So, the high end 
computers can use windows for what they need and even play games. Plus, if you 
do use nvidia in dom-0, they WILL capture the screen on hardware level. Nouveau 
is not working right for a long time. Onboard or gpu 1 for dom-0 and nvidia or 
amd high end for windows VM. If the person doesnt have 2 monitors, it can 
change the vga adapter from 1 to other to use windows after starting the vm. 
that would be perfect.

So we give a finger to nvidia and the drivers problems they cause, and we 
isolate their spying inside windows vm, plus eliminating the need for a dual 
boot and for everyone not using their gaming gpus.

So, XEN is not good for that? consider passing to KVM.

- To create a real secure isolation OS, it`s primal to ensure best disk 
encryption avaliable, with CHOICE for speed/security, eliminate the windows 
host multi boot needs, and make good use and usability for windows and gpus. 
You will reach that when you direct the efforts to adapting the system for what 
the global user WANTS AND NEEDS, and not adapting the user to the system that 1 
person in 1 chair dream for its personal needs. Ubuntu did not follow this 
lesson with their unity thing and they paid the price. 

3) Consider offering PFSENSE as optional firewall vm installed out of the box. 
It`s very hard and time consuming to do that inside qubes system without 
studying all, for managing internal ip structure etc. It is the most perfect 
firewall for use inside a VM, qubes is a system for VMs, and i did use it even 
inside windows in virtualbox. But i was in WINDOWS, and that means, no real 
security at all.

I would like also to give 2 more suggestions for people to considerate, 
concerning whonix, since patrick is a developer here:

4) People need a pop-up window to explain them to NEVER use an existing normal 
vm trough the whonix proxy vm, just NEW ONES. Because they have already 
fingerprints, identifiers, browser behavior, browser plugins identification, 
aplication updates, specially in windows. If they connect that with once used 
real wan IP, game over for anonymity.

5) i will use this post to state that tor behaves differently to connect in 
windows tor browser, or linux tor browser, compared to whonix, and i dont know 
why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with speed of 
30 to 60 kB/s of downloads, and in tor browser outside whonix, i get 500 to 1 
Mb kB/s downloads. Thats really strange and wasn`t expected. I get this 
behavior for almost 2 years, and i dont have the expertize to know why. after 
some googling, i saw i am not the only one getting different special routes in 
tor using whonix.

Sorry for my bad english, is not my main language, i hope people can understand 
what i wrote. And forgive me if i wrote stupid things. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8efb8d91-de6b-4a6d-b215-65bca333a81f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Q3.2rc1] XFCE bugs with locale, suspend bug and some other

2016-07-04 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

(Please don't make duplicate -- or partially duplicate -- threads.)

On 2016-07-04 06:45, Eva Star wrote:
> 
> 1) Failed to start any VM after suspend (tested on xfce)
> 
> Qubes Manager show icon with the following error: Error starting
> vm internal error: libxenlight failed to create new domain Log
> file say: libvchen_is_eof
> 

(Replied on duplicate thread:
https://groups.google.com/d/msg/qubes-users/8MDPxl41jRw/p-IKs9gXBAAJ)

> 
> 2) Some characters does not show on title of XFCE windows. Is it 
> possible to fix this? https://i.imgur.com/xqLqHGD.png
> 

(Replied on duplicate thread.)

> 3) About issue with losing "System Tools" links at Application menu
> you are already noticed? https://i.imgur.com/rCMiymX.png It's also
> not available under right click of the mouse.
> 

(Replied on duplicate thread.)

> 4) At the Qubes website I see some bad character. What is it? 
> https://i.imgur.com/j4bMt05.png
> 

It's a heart icon. You probably have some kind of browser extension
that's blocking it.

> 
> Suggestion: Qubes Manager UX:
> 
> 1) Add possibility to sort menu items up and down. It's useful in 
> big list to keep some most used application at the top. 
> https://i.imgur.com/gctZoJl.png
> 

(Replied on duplicate thread.)

> 2) Related to issue number 1 on this post: It's only show the error
> icon per vm and need to hover to get the error message. Why not to
> add this errors to the log of VM?
> 

(Replied on duplicate thread.)

> 3) As there is a new issue on the tracker from Joanna:
> 
> https://github.com/QubesOS/qubes-issues/issues/2132
> 
> It is all fine to simplify Qubes Manager and add some 
> panel addons. But as the new user of Qubes I can suggest to stay 
> with advanced Qubes Manager available. As for me, I'm only use 
> start menu because of Qubes Manager does not have some icon near 
> AppVM name to click on it with LEFT mouse button like Joanna want 
> and receive list of available shortcuts to start.
> 
> If this will be available on QM then **only one** left mouse click
>  need to access and start some application.
> 
> Compare it with Start menu: (1 click) open menu (2 click) choose
> VM on the BIG list with eye research (3 click) launch application.
> 
> So, there is TWO additional click with Start menu and some eye 
> research. While  new Qubes Manager can provide as the better UX in
>  same scenarios. And some users will forget about Start menu at 
> all.
> 
> 4) Why Qubes Manager written on phyton code? Is it compatibility 
> issue? Why not to write it on C++ with Gt/Gtk ?
> 
> 
> Some additational questions:
> 
> Is it "safe" to give "yes to all" permissions to vm with 
> Enigmail(PGP) to access vaultVM through slip-pgp-key?
> 

(Replied on duplicate thread.)

> Is it possible to use subkeys on Enigmail? Enigmail does not give 
> to select subkey. Only primary key available for signing messages.
> 

(Replied on duplicate thread.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXeyL2AAoJENtN07w5UDAwPFoP/Rx6CU5xL+PmGrvU/iuoFFgR
EIxH441957Gt84dSrMVx4uAjES0ZmtE3uD5qQbMGdVcXw32tB4Zkqhi7hrvzNis1
GHkH4sm3sh+eB+HO7cqQkj/PJqopJMB12zg6eJf0dwy4UYQUpEQYvOJwvpdr1D/D
6riZ4GOJvVA9U7OMUU83vI8lre8nIQ7F8euh1W2qCUPY9wXQWBZxXv6Pu3GWbjER
RHQXNIceIbPWJpQtlOSJDFq5chQh7dNx0CBkA1Wih63y3giGvryVxxCBI/Gh6L15
v3wBefJuVIzDGmgJOtKtkIQa1JiZWpma3XT/RqNB2+3atTwVhj47Ys7c9u6+UH+k
pgfECFVJAMgWh+N8Gueb0YZXoUfPsBBOTUSh6cG4MDYwDlc9VPspIaYak/m0/xuI
CtE4V/BsZ4zoWbWS9mACbnEA+VUu4tCC1juASy/L4VEvK5dvyjjcw5VNR7tZge5L
TA+OEsVIszliweUHVlY1TaXye6swaeLN8uVv7DcUIvZrvM/uMbh+GlAgxbDJm3F/
Nwx7xRCz16KrScecv8HWiJ5k6wyEw/fO0qx7EfDcktbqbg4thLMmarTH1nWC2bOq
7E5aN1S5JxHy0+PKTaXq6zjQHX4VAxe01Ev95Q7ZAiQOFMnPI58GmDCO1RUWQZt+
pqfwlx5AVNpAvnPuvBsx
=xXJm
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/65b569c7-e000-9eec-5ea5-aa8ac3ead398%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Q3.2rc1] XFCE bugs with locale and suspend

2016-07-04 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-03 18:05, Eva Star wrote:
> 1) Failed to start any VM after suspend (tested on xfce)
> 
> Qubes Manager show icon with following error: Error starting vm 
> internal error: libxenlight failed to create new domai n
> 
> Log file: libvchen_is_eof
> 

Tracking:

https://github.com/QubesOS/qubes-issues/issues/2153

> 
> 2) Some characters does not show. It's on XFCE. Is it possible to 
> fix this? https://i.imgur.com/xqLqHGD.png
> 

For security, window titles are sanitized for ASCII-only characters by
default. You can disable this setting (globally or per-VM) in
/etc/qubes/guid.conf (in dom0).

Previous discussion:

https://groups.google.com/d/topic/qubes-users/l_yqreeNTRc/discussion

> 3) Related to first issue: It's only show error icon per vm and 
> need to hover to get the error. Why not to add this errors to log?
> 

Tracking:

https://github.com/QubesOS/qubes-issues/issues/2154

> 4) About issue with losing "System Tools" links at Application
> menu you are already noticed? https://i.imgur.com/rCMiymX.png It's
> also not available under right click of the mouse.
> 

Added:

https://github.com/QubesOS/qubes-issues/issues/2122#issuecomment-
230376188

> Some questions: Is it "safe" to give "yes to all" permissions to vm
> with Enigmail(PGP) to access vaultvm through slip-pgp-key?

It depends on your threat model, but in many common use cases, yes,
it's safe.

> And seems it's not possible to use subkeys on such configuration?


It is indeed possible to use subkeys with Split GPG:

https://www.qubes-os.org/doc/split-gpg/#tocAnchor-1-1-6

> Enigmail does not give to select subkey. Only primary key
> available for signing messages.
> 

This sounds like it may just be how subkeys (are supposed to) work.
(If not, it could possibly be a limitation of Enigmail).

> Suggestion: Qubes Manager UX - Add possibility to sort meny items 
> up and down. It's useful in big list to keep some most used 
> application at the top. https://i.imgur.com/gctZoJl.png

Added:

https://github.com/QubesOS/qubes-issues/issues/1870#issuecomment-
230376093

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXex/JAAoJENtN07w5UDAwgo4P/AvYVlzm8KxNpK/EQzOW9ctG
hSOd2ihiumasbrtIsx9godZByqhvvXyQBxIGgisA7CgD4m+RxfbTpS1R/1synp5y
Kr9Z7v3fy57zkmsA6Pd5tigs6ykktW7m9TzGDjBBUtyU9XGn7Z04A86ukk1R1hpC
w+YWtfdNtgn1dXuoXnUzDBl/iTfymi3B1dSORiSNFBvyxTy2fm/jvOBl6D6wsFg1
qbkzLXb9mV7GLQ9rpGmPBuJwscQ3JC5GteS9OxJIv/+uWwHK2tS20hjIYHTd7Ut3
Gn9zoBXdpRwsnNXs3ESAu2Jxe7Qr00h8McBokKA5QMwJaExi+AX3vUglxLkJQV30
FN6XqflmFC7d994zyTA7ufGxRtPrzlj+kXD8RLPA2fHs0EVQ5Gh94or7o3I/Kvnj
5goOimFxNQrowXIU4yeeSH/Cqq8yqKyC/NUxpt4ZBiCn/zufwzE02V9xaRbcOH9r
00F4U4P+E203sK3kms+dDIcy+e8jvT8BAM86sngA95EF4Zuz0k4IaPU2cpk125M5
nLLmG9zWBlC5s9wNEScSsb+9FvTWKsbMJHOZSesUDxG0CRxVmjaVKpQzjUdq1KT8
YNmpWh4e51aEiiuBqL2ixQYBCIheM1eua60PQaL/mBHtCnZzDruKYoLJZkG5u16y
hQvtzb57C7wqJ7TKXEUc
=yfOh
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38a96cd8-5b40-40b3-5628-4d9c868aab9c%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] security app suggestions if some coders are interested

2016-07-04 Thread Syd Brisby 
There are some people - like Eva Star - developing some apps/scripts for 
Qubes. I would like to make a couple of suggestions for coders who might 
like a development challenge.

* A GUI applet for the CLI program "rfkill", that is enabled on the desktop 
(or management console) by default to easily show the on/off status of 
network devices. (I don't think this would be too difficult.)

* An app to scramble or obscure the network ports, which can be set to 
automatically start on bootup to give immediate protection. There a few 
such (CLI) apps available, but an improved GUI-based one would be even 
better. 

Any help in this area for victims of wireless hacking would be appreciated. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/140d14bb-20d4-4a12-91bb-051c27b0ecd4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

2016-07-04 Thread gaikokujinkyofusho 
On Monday, July 4, 2016 at 11:51:26 AM UTC+6, Chris Laprise wrote:
> On 07/04/2016 11:33 AM, gaikokujinkyofu...@gmail.com wrote:
> > On Sunday, July 3, 2016 at 11:32:53 PM UTC-3:30, Chris Laprise wrote:
> >> On 07/03/2016 10:10 PM, gaikokujinkyofu...@gmail.com wrote:
> >>> On Sunday, July 3, 2016 at 9:56:15 PM UTC+3, Chris Laprise wrote:
>  On 07/03/2016 09:14 PM, gaikokujinkyofu...@gmail.com wrote:
> > Some things came up so I hadn't gotten around to trying it out until 
> > now.
> >
> > I created a new VM, VpnVM, and ran
> >
> > openvpn openvpn.ovpn
> >
> > and yeah! it connected and I opened firefox from VpnVM, and it was 
> > using the vpn, then ran PersonalVM using VpnVM as my NetVM and 
> > PersonalVM also showed up as using the VPN so first hurdle cleared?
>  Yes.
> 
> > Lots more hurdles though as my understanding of it all drops off 
> > precipitously.
> >
> > I modified the /rw/config/openvpn/openvpn-client.ovpn file with the
> >
> > script-security 2
> > up 'qubes-vpn-handler.sh up'
> > down 'qubes-vpn-handler.sh down'
> >
> > lines
> >
> > and I created the qubes-vpn-handler.sh and changed permissions.
> >
> > I then tried to start openvpn /rw/config/openvpn/openvpn-client.ovpn
> >
> > and no go. I get errors:
> >
> > Options error: --ca fails with ca.crt: No such file or directory
> > Options error: --crl-verify failes crl.prm: no such file or dir
> > Options error: please correct these errors
> >
> > I didn't get these errors before I added the qubes-vpn-handler.sh
> >
> > thoughts?
>  It looks like you switched to the example ovpn config from
>  https://github.com/ttasket/Qubes-vpn-support
> 
>  I'd recommend you use your original working ovpn and just add the 3
>  script lines to that.
> 
>  Chris
> >>> Actually I am using the ovpn that the vpn provider gives, and am just 
> >>> adding the 3 lines that step "2. Set up OpenVPN." of 
> >>> https://www.qubes-os.org/doc/vpn/ page suggest to the ovpn config file 
> >>> that the vpn provider gave.
> >>>
> >>> That file seems to work until I modify it with the 3 lines. While I don't 
> >>> understand the script I would assume there is something in the handler 
> >>> script that my setup doesn't like as the 3 lines are just invoking the 
> >>> qubes-vpn-handler.sh right?
> >> Above, you switched from 'openvpn.ovpn' to...
> >> '/rw/config/openvpn/openvpn-client.ovpn' so make sure they are the same.
> >>
> >> Changing the location of the files or your current directory while
> >> omitting the '--cd' directive would cause the errors. Try starting it
> >> with 'openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn'.
> >>
> >> Chris
> > Ah sorry. Thanks. I guess, some of my lazy shorthand confused things. I can 
> > promise though I have been going off the https://www.qubes-os.org/doc/vpn/ 
> > doc, wasn't actually aware of the github one.
> >
> > When I try to execute it what dir should I be doing this from? I tried the 
> > line you suggested
> > openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn
> >
> > but got the same options errors as before (just for the heck of it I tried 
> > from my home dir and from the /rw/config/openvpn dir)
> 
> My bad, I should have said 'sudo openvpn --cd /rw/config/openvpn/ 
> --config openvpn-client.ovpn'. You want to run it with 'sudo'.
> 
> It shouldn't matter where you start openvpn from as long as you use '--cd'.
> 
> Also, verify that the two 'missing' files are in the /rw/config/openvpn 
> dir. Do an 'ls -l' there to check they are owned by root.
> 
> Chris

No worries, honestly I should have thought of the sudo myself.

Well, running it with sudo and it went swimmingly, it connected so that is 
good, another hurdle cleared.

I am now back to one of your earlier posts in this thread, regarding the 
qubes-firewall-user-script.

I have to admit that I am not totally clear on needing to run the groupadd (it 
seems to be run in the firewall script?) but I ran it (and it shows up in 
/etc/group so I guess thats good?) but then on the next line:

sudo sg qvpn -c openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn

I get an error saying:
Options error: In [CMD-LINE]:1: Error opening configuration 
file:openvn-client.ovpn

I don't understand groups and ids very well so am not sure where there 
breakdown is here, perhaps I need to set something regarding the 
openvpn-client.ovpn file?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fdd853e-9e54-4c93-99ad-def7b03ace5c%40googlegroups.com.
For

Re: [qubes-users] [Q3.2rc1] XFCE bugs with locale, suspend bug and some other

2016-07-04 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Jul 04, 2016 at 04:45:23PM +0300, Eva Star wrote:
> 
> 1) Failed to start any VM after suspend (tested on xfce)
> 
> Qubes Manager show icon with the following error:
> Error starting vm internal error: libxenlight failed to create new domain
> Log file say: libvchen_is_eof
> 
> 
> 2) Some characters does not show on title of XFCE windows. Is it
> possible to fix this?
> https://i.imgur.com/xqLqHGD.png

This is expected. By default only ASCII is allowed.
https://github.com/QubesOS/qubes-issues/issues/1059

> 3) About issue with losing "System Tools" links at Application menu
> you are already noticed?
> https://i.imgur.com/rCMiymX.png
> It's also not available under right click of the mouse.

https://github.com/QubesOS/qubes-issues/issues/2129

> 4) At the Qubes website I see some bad character. What is it?
> https://i.imgur.com/j4bMt05.png

Probably some missing font...

> Suggestion:
> Qubes Manager UX:
> 
> 1) Add possibility to sort menu items up and down.
> It's useful in big list to keep some most used application at the top.
> https://i.imgur.com/gctZoJl.png

Do you mean to control order of items in xfce menu from Qubes Manager?
I'm afraid it isn't possible (it's always sorted by name).

> 2) Related to issue number 1 on this post: It's only show the error
> icon per vm and need to hover to get the error message. Why not to add
> this errors to the log of VM?

It is logged, in /var/log/libvirt/libxl/libxl-driver.log. Which BTW
should contains some more information - can you check what exactly?

> 3) As there is a new issue on the tracker from Joanna:
> 
> https://github.com/QubesOS/qubes-issues/issues/2132
> 
> It is all fine to simplify Qubes Manager and add some panel
> addons.
> But as the new user of Qubes I can suggest to stay with advanced Qubes
> Manager available. As for me, I'm only use start menu because of Qubes
> Manager does not have some icon near AppVM name to click on it with
> LEFT mouse button like Joanna want and receive list of available
> shortcuts to start.
> 
> If this will be available on QM then **only one** left mouse click
> need to access and start some application.
> 
> Compare it with Start menu: (1 click) open menu (2 click) choose VM on
> the BIG list with eye research (3 click) launch application.
> 
> So, there is TWO additional click with Start menu and some eye
> research. While  new Qubes Manager can provide as the better UX in
> same scenarios. And some users will forget about Start menu at all.

Generally I agree, but current Qubes Manger code base is horrible to
maintain and we want to rewrite it. This may mean we'll not have
resources to add also this feature.

> 4) Why Qubes Manager written on phyton code? Is it compatibility
> issue? Why not to write it on C++ with Gt/Gtk ?

Because it's much easier to write and debug python code. You don't need
to worry about hard to debug memory related errors (corruptions,
use-after-free, overflows etc).
Current manager uses Qt4 (PyQt4), but the plan for the new one is to use
(Py)GTK.

> Some additational questions:
> 
> Is it "safe" to give "yes to all" permissions to vm with Enigmail(PGP)
> to access vaultVM through slip-pgp-key?

In most cases yes.

> Is it possible to use subkeys on Enigmail?
> Enigmail does not give to select subkey. Only primary key available
> for signing messages.

I don't know, but in theory yes:
https://www.qubes-os.org/doc/split-gpg/#tocAnchor-1-1-6

PS I see you make heavy use of your new screenshooting tool :)

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXevPhAAoJENuP0xzK19csQlsIAJfHCNgx1Cm9Vcxd48PQjYoV
cVs1qJL9r0wCOd7p39N3+rXtGE9AN+A9lu8iuXqliV6rWGMElvcewrAf6W7zifvs
Rl4zHdweTYqla7EePtdNmiaL6By5mkdnKOogS0B3exTCdF18p64Vf5wr+fAUI6Om
M6CcTJpF2/BNku+9oXegk6b6n+B1tPBto8AwA3YNzDHT56cqDvrvNc1QdTej1gO7
ggMnx4znKjTnHWssTW6+B4OvaJkpack3jRKAqvgJb6SzpxVUO8AaTpxbWw0sMkpB
Q/bNjhwCDgTPPxnnMhRb/3sOj7T3j7GpfhCWSOsmkcFky5Eg17FRdViuzgFZmbY=
=ZUBZ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160704234017.GE4609%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Screenshot Tool with imgurl auto upload available. [beta]

2016-07-04 Thread Adrian Rocha 
Many thanks Eva,

I'm testing it. First at all, its a great idea and, I appreciate very much 
your work.

I have two minor issues with the script:

1)
[user@dom0 Imágenes]$ ./qvm-screenshot-tool.sh 
[FATAL] no "zenity" tool at dom0 installeted use: \n\nsudo 
qubed-dom0-update zenity command to add it first

(Instead of "qubed-dom0-update is "qubes-dom0-update")
As I understand, in some versions of bash, the "\n" don't works as 
expected. So, I propose to change "echo" by "printf". You just have to add 
a "\n" at the end.

2) I have dom0 in spanish. So, my Pictures folder is /home/user/Imágenes/ 
instead of /home/user/Pictures/. But when I run the script, it is saving 
the pictures in "/home/user/Pictures/" instead of ".../Imágenes"
To obtain the correct directory to save the file you can use this command:
xdg-user-dir PICTURES
/home/user/Imágenes

Best Regards!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/118cc2b5-6de8-4eb2-979c-679d0c35e264%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't open an attachment from thunderbird (3.2 rc-1)

2016-07-04 Thread Todd Lasman 
There is a PDF in an email attachment I'd like to open in a dispVM from
Thunderbird. When I choose that option, I get this error message:

qopen-in-vm: Fatal error: send filename to dispVM (error type: Broken pipe)

Shouldn't this be "qvm-open-in-vm..."? Or is there another issue I'm
missing. FWIW, this is the first time I've tried this in 3.2rc-1. In
3.1, this procedure worked as expected.

Todd

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2b628f2-0ab9-57ee-a224-81a15dfb1d69%40nowlas.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes and sugarsync

2016-07-04 Thread Franz 
On Mon, Jul 4, 2016 at 7:28 AM, Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-07-03 23:13, Nicola Schwendener wrote:
> > Hi Andrew, thank you for your answer and your time. I'm not sure
> > to understand what you say, but doing that means I double the space
> > of the data (redundancy of data) between VM. If I share the data
> > from one VM, the data will be only in one place. thank you very
> > much best regards Nick
> >
>
> Instead of sharing the same data between two VMs, perhaps it would
> make more sense to have a single VM? You're unlikely to get many (if
> any) isolation benefits by sharing the same data between two VMs like
> that. However, if it's merely so that you can run both Linux and
> Windows software while accessing the same data (in other words, it's
> about compatibility, not security), then perhaps that makes sense. In
> that case, I recommend taking a look at the firewall page (link below).
>
>
> P.S. - Please avoid top posting.
>
>
I do not see the point of sharing data between different VMs when the
reason of having different VMs is exactly the contrary, that is to separate
you digital life in strictly separated compartments.

However I do share data with different computers and NAS (via NFS), but it
is just one low security VM that does that.
Best
Fran


> > On Saturday, July 2, 2016 at 3:59:20 AM UTC+2, Andrew David Wong
> > wrote:
> >>
> > On 2016-07-01 08:01, Nicola Schwendener wrote:
>  Hello all, I wish to move away from my windows pc to qubes
>  os. in my configuration I still will use windows HVM because
>  I need to run some software (and some office macro) in it.
>  I've some questions about storages and cloud accounts. I've
>  a crashplan account that I wish to continue using in linux.
>  I saw that there is the crashplan linux version and I wish
>  to know how to create a storagevm that shares via NFS to
>  windows VM and some other VM the content available in the
>  storageVM (should be attached to some external disks and the
>  NAS). then there is sugarsync. this software provides a
>  synchronization between different PC I've on different
>  locations. for this software there is a windows only version.
>  what I wish is that this software should run (I guess via
>  wine) in the storageVM in order to not duplicate data between
>  VMs. is it feasable? could someone explain me how to create a
>  storage VM and share data to other VMs? thank you very much
>  best regards Nick
> 
> >
> > Since you say you're new to Qubes, I hope you don't mind me
> > asking: Have you considered that it might not be optimal to attempt
> > to reproduce your current setup in Qubes? Many users (myself
> > included) have found that the functionality offered by Qubes is
> > very different from that of a conventional OS, so much of what we
> > used to do on conventional OSes no longer makes sense (or can be
> > accomplished in better ways).
> >
> > For example, instead of sharing files via NFS directly between
> > your CrashPlan VM and your Windows VM (which is possible [1]), you
> > could consider storing your files in your Windows VM, where you
> > use them, then sending your Qubes backups [2] to your CrashPlan
> > VM.
> >
> > This is just one example. It may not apply to your specific
> > situation, but that's ok. It's mean to illustrate a more general
> > point, which is that you should be open to considering the new
> > possibilities that Qubes enables, rather than insisting on
> > replicating old systems (that were built on the assumption of a
> > single, monolithic OS) in Qubes, since doing so usually results in
> > compromising the security by compartmentalization Qubes provides.
> >
> > [1]: https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4
> > [2]: https://www.qubes-os.org/doc/backup-restore/
> >
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJXejpbAAoJENtN07w5UDAwZycP/RmMfo1KirJa8jYetjG6WSg3
> mJ+MoHuNSIEcZuPsjv3S4+nIjgTSdw8JNdXs9ccWBGu1Ys2qDAbkZ8Jdv94A/3tE
> MzP8xHZWL+38+JNQM0gCg1OPPJ0nap+/HJRA85anRIrDSU8AaJ2Ev3DIVX11NTeu
> 0KJbgoKJizivshxJVUXo7ygnsHCJ0f+/Zp6V5jv7ee3pRevCj4UhdeUG2TLzcny0
> QH4Tqt4FEpcqABqr5AdROXq8GH2dYkmDS8bpQYOGANb5ICufp9yK3N6Exh7RRVmn
> PNNGergWOozzNknX3yA8JifrBUT+uzXuZU5zWvTZQFIgy9l2Mql7Oqr1n1+RyduC
> O05RXxr+P72g590Q/DeMw+DS99oCMTOM5x6wUxyhpSYjoeFKHJJJ2XTcADRLkk56
> zz2M2XFqbcrsIHHyeaCAfsvFgBbYWWHvbkAqtgOM3ugrxzejxpRix0M889cxgaxi
> 6bmjQio44rbR0JVm8dMpiyD8Z5b2wugdsmtGO0jJhJcUk/PJuSjUq+lvG0z7omGM
> GVXLeGEizJ3co11kuyDHUHvMs+8O0HquSSugQEiXmGboNxxnOPoquMwor9uBm+yW
> fiKJzQaXkTJRz28D/kF+2yUQSVlBPapL0/VayTmjrRqxAIe1mLKOyoANyNMO0w3z
> jMctMLuHXMdRG8gMM/M9
> =Ksob
> -END PGP SIGNATURE-
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and

Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)

2016-07-04 Thread gaikokujinkyofusho 
On Sunday, July 3, 2016 at 11:32:53 PM UTC-3:30, Chris Laprise wrote:
> On 07/03/2016 10:10 PM, gaikokujinkyofu...@gmail.com wrote:
> > On Sunday, July 3, 2016 at 9:56:15 PM UTC+3, Chris Laprise wrote:
> >> On 07/03/2016 09:14 PM, gaikokujinkyofu...@gmail.com wrote:
> >>>
> >>> Some things came up so I hadn't gotten around to trying it out until now.
> >>>
> >>> I created a new VM, VpnVM, and ran
> >>>
> >>> openvpn openvpn.ovpn
> >>>
> >>> and yeah! it connected and I opened firefox from VpnVM, and it was using 
> >>> the vpn, then ran PersonalVM using VpnVM as my NetVM and PersonalVM also 
> >>> showed up as using the VPN so first hurdle cleared?
> >> Yes.
> >>
> >>> Lots more hurdles though as my understanding of it all drops off 
> >>> precipitously.
> >>>
> >>> I modified the /rw/config/openvpn/openvpn-client.ovpn file with the
> >>>
> >>> script-security 2
> >>> up 'qubes-vpn-handler.sh up'
> >>> down 'qubes-vpn-handler.sh down'
> >>>
> >>> lines
> >>>
> >>> and I created the qubes-vpn-handler.sh and changed permissions.
> >>>
> >>> I then tried to start openvpn /rw/config/openvpn/openvpn-client.ovpn
> >>>
> >>> and no go. I get errors:
> >>>
> >>> Options error: --ca fails with ca.crt: No such file or directory
> >>> Options error: --crl-verify failes crl.prm: no such file or dir
> >>> Options error: please correct these errors
> >>>
> >>> I didn't get these errors before I added the qubes-vpn-handler.sh
> >>>
> >>> thoughts?
> >> It looks like you switched to the example ovpn config from
> >> https://github.com/ttasket/Qubes-vpn-support
> >>
> >> I'd recommend you use your original working ovpn and just add the 3
> >> script lines to that.
> >>
> >> Chris
> > Actually I am using the ovpn that the vpn provider gives, and am just 
> > adding the 3 lines that step "2. Set up OpenVPN." of 
> > https://www.qubes-os.org/doc/vpn/ page suggest to the ovpn config file that 
> > the vpn provider gave.
> >
> > That file seems to work until I modify it with the 3 lines. While I don't 
> > understand the script I would assume there is something in the handler 
> > script that my setup doesn't like as the 3 lines are just invoking the 
> > qubes-vpn-handler.sh right?
> 
> Above, you switched from 'openvpn.ovpn' to... 
> '/rw/config/openvpn/openvpn-client.ovpn' so make sure they are the same.
> 
> Changing the location of the files or your current directory while 
> omitting the '--cd' directive would cause the errors. Try starting it 
> with 'openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn'.
> 
> Chris

Ah sorry. Thanks. I guess, some of my lazy shorthand confused things. I can 
promise though I have been going off the https://www.qubes-os.org/doc/vpn/ doc, 
wasn't actually aware of the github one.

When I try to execute it what dir should I be doing this from? I tried the line 
you suggested 
openvpn --cd /rw/config/openvpn/ --config openvpn-client.ovpn

but got the same options errors as before (just for the heck of it I tried from 
my home dir and from the /rw/config/openvpn dir)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/392e3dc3-fbd1-492f-a9d2-2dc6771d0f81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] newbie question about port forwarding and remote connection

2016-07-04 Thread Nicola Schwendener 
Hi Eva,
this isn't a bad solution, but I'm using windows 8.1 and settings between 
windows versions (a least some) are different. but this idea isn't bad at 
all!!
thank you
best regards
Nick

On Monday, July 4, 2016 at 3:52:51 PM UTC+2, Eva Star wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On 07/04/2016 04:29 PM, Nicola Schwendener wrote: 
> > Hello all, I'm totally new in Qubes OS. I'm moving from Windows and 
> > a "single" OS doing all... I'm posing some (stupid) questions that 
> > maybe I understand better how to migate it: Right now I've 
> > NoMachine running on my windows pc, allowing connection through 
> > sshd daemon and let me doing whatever I want on the PC how can I 
> > accomplish that on qubes? If I install on the fedora template, how 
> > can I manage the application to run (and in which AppVM)? I don't 
> > think is the case to expose the dom0 in order to allow working 
> > remotely as I were at home. thank you very much best regards Nick 
>
> Simple migration way for Windows user: 
>
> 1) Buckup all of your Windows data to USB Flash with all programs and 
> add to it some windws.iso to install it on Qubes. 
> 2) Install Qubes Os 
> 3) Install Windows on Qubes using windows.iso 
> 4) Mount you flash USB to FedoraVM that is available by default and 
> copy all your data to your new virtual Windows. 
> 5) Use Windows as you do it regular and learn QubeOS in parallel. 
>
>
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQIcBAEBCAAGBQJXemouAAoJEGSin3PC/C0AemAP/jwD7msDUuFYpXjZnmdZ9UDp 
> WGbTpGbHlrtOPbJld4KyByyTvA83fWmlNJ5rmLhruV6PW0KX/xSivS8JjvndU8Vo 
> /hN2Cb+PCp4Vf3ZyweItfp0INmxig4uy8yiqftR7aNvNj/Iqd1kMUKYFQZaV6QQD 
> 8PTdGqn3MtVLk97iHRImnuInuPDcizq5+10x1gXYkFZN7NSJJ99mLd93giZvzK+I 
> iggSv947YiGR93fXxb7/ePX4QhDVHJQS3BwYZqafdAvRLP/S+Di2z9t3UtUE+XBy 
> esr5LBFXzksiqULj71h/E1aBo1uA+0siSaUGZJXmuiS9tgbYjWak7hfyVYn1Xx4n 
> +43mDnUIPH6BfgUt1tIlkRtOlfL4XiDGhDVJGRGTtWyTSBUEfFbahU6GWaRZcW1N 
> fYTZctu56qt6V2AY8huw6FWgviPmWg1UqH56nValGMDvV+hQyJz2GZdJtWeDwIMT 
> 48yTlkQB8IctF5xa1oOhZ9QHpujwL/WBNGLg+YPmiGWlbtIXw9jlQYhFxu7mquO+ 
> 4AmhRNTtcAlTmxbB0Q3QbEM3HsDvT1beynYhdq7LeCs2k/gcICL2stCy0b5H7m13 
> xBPtK9nI6syaMwgYEDwaGw7PWskSVjvSh0V1S1sG1m2XruKfujgW1MGNohvVlfao 
> SP4b43P8FsJ8LwnGoCp8 
> =yUKV 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19f9c6cf-543d-4bfd-85ec-8f8e18fbf812%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

2016-07-04 Thread Chris Laprise 
If I replace the kernel with 4.1 from R3.1, it can make it to the AEM 
target and the decrypt prompt. It chokes just after decrypting the 
volumes, but that's to be expected. The 4.4 kernel appears to introduce 
some factor that causes the crash.


Swapping xen 4.6.1 with 4.6.0 has no visible effect either way.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2806248-ec97-631e-70b2-7b4d0e96fbfc%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Split GPG and ssh keys

2016-07-04 Thread Eva Star 

This issue can be simply solved by moving to New GPG version and not
need to realize something form SSH, because of GnuPG 2.1 seems support
them by default with --enable-ssh-support key:

https://github.com/QubesOS/qubes-issues/issues/1962

Please update the ticket

Proof link, search for `ssh` term on the page:
https://gnupg.org/faq/whats-new-in-2.1.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nldqmn%24ts7%241%40ger.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] newbie question about port forwarding and remote connection

2016-07-04 Thread Chris Laprise 

On 07/04/2016 09:29 AM, Nicola Schwendener wrote:

Hello all,
I'm totally new in Qubes OS. I'm moving from Windows and a "single" OS 
doing all...
I'm posing some (stupid) questions that maybe I understand better how 
to migate it:
Right now I've NoMachine running on my windows pc, allowing connection 
through sshd daemon and let me doing whatever I want on the PC
how can I accomplish that on qubes? If I install on the fedora 
template, how can I manage the application to run (and in which AppVM)?
I don't think is the case to expose the dom0 in order to allow working 
remotely as I were at home.

thank you very much
best regards
Nick
--


Hi,

There is a helpful guide on port-forwarding for Qubes appvms:
https://www.qubes-os.org/doc/qubes-firewall/

You could install nomachine in either a template or a standalone appvm. 
If you do the former, you may want to also use 'systemctl disable' on 
the nomachine service in the template... then you would enable it in the 
appvm which uses that template. (You would have to re-enable it each 
time you booted the appvm, however.)


With a standalone appvm, installing the software is much the same as any 
regular OS. You just have to take care of port forwarding (see above link).


dom0 isn't a networked domain, and its against Qubes security philosophy 
to access it remotely. Of course, you can find ways to circumvent this.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0d06d13-4626-5e81-17cd-7c899d02053b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] newbie question about port forwarding and remote connection

2016-07-04 Thread Eva Star 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/04/2016 04:29 PM, Nicola Schwendener wrote:
> Hello all, I'm totally new in Qubes OS. I'm moving from Windows and
> a "single" OS doing all... I'm posing some (stupid) questions that
> maybe I understand better how to migate it: Right now I've
> NoMachine running on my windows pc, allowing connection through
> sshd daemon and let me doing whatever I want on the PC how can I
> accomplish that on qubes? If I install on the fedora template, how
> can I manage the application to run (and in which AppVM)? I don't
> think is the case to expose the dom0 in order to allow working 
> remotely as I were at home. thank you very much best regards Nick

Simple migration way for Windows user:

1) Buckup all of your Windows data to USB Flash with all programs and
add to it some windws.iso to install it on Qubes.
2) Install Qubes Os
3) Install Windows on Qubes using windows.iso
4) Mount you flash USB to FedoraVM that is available by default and
copy all your data to your new virtual Windows.
5) Use Windows as you do it regular and learn QubeOS in parallel.


-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXemouAAoJEGSin3PC/C0AemAP/jwD7msDUuFYpXjZnmdZ9UDp
WGbTpGbHlrtOPbJld4KyByyTvA83fWmlNJ5rmLhruV6PW0KX/xSivS8JjvndU8Vo
/hN2Cb+PCp4Vf3ZyweItfp0INmxig4uy8yiqftR7aNvNj/Iqd1kMUKYFQZaV6QQD
8PTdGqn3MtVLk97iHRImnuInuPDcizq5+10x1gXYkFZN7NSJJ99mLd93giZvzK+I
iggSv947YiGR93fXxb7/ePX4QhDVHJQS3BwYZqafdAvRLP/S+Di2z9t3UtUE+XBy
esr5LBFXzksiqULj71h/E1aBo1uA+0siSaUGZJXmuiS9tgbYjWak7hfyVYn1Xx4n
+43mDnUIPH6BfgUt1tIlkRtOlfL4XiDGhDVJGRGTtWyTSBUEfFbahU6GWaRZcW1N
fYTZctu56qt6V2AY8huw6FWgviPmWg1UqH56nValGMDvV+hQyJz2GZdJtWeDwIMT
48yTlkQB8IctF5xa1oOhZ9QHpujwL/WBNGLg+YPmiGWlbtIXw9jlQYhFxu7mquO+
4AmhRNTtcAlTmxbB0Q3QbEM3HsDvT1beynYhdq7LeCs2k/gcICL2stCy0b5H7m13
xBPtK9nI6syaMwgYEDwaGw7PWskSVjvSh0V1S1sG1m2XruKfujgW1MGNohvVlfao
SP4b43P8FsJ8LwnGoCp8
=yUKV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4878331b-5944-c611-cd72-d03f41d08595%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [Q3.2rc1] XFCE bugs with locale, suspend bug and some other

2016-07-04 Thread Eva Star 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256


1) Failed to start any VM after suspend (tested on xfce)

Qubes Manager show icon with the following error:
Error starting vm internal error: libxenlight failed to create new domain
Log file say: libvchen_is_eof


2) Some characters does not show on title of XFCE windows. Is it
possible to fix this?
https://i.imgur.com/xqLqHGD.png

3) About issue with losing "System Tools" links at Application menu
you are already noticed?
https://i.imgur.com/rCMiymX.png
It's also not available under right click of the mouse.

4) At the Qubes website I see some bad character. What is it?
https://i.imgur.com/j4bMt05.png


Suggestion:
Qubes Manager UX:

1) Add possibility to sort menu items up and down.
It's useful in big list to keep some most used application at the top.
https://i.imgur.com/gctZoJl.png

2) Related to issue number 1 on this post: It's only show the error
icon per vm and need to hover to get the error message. Why not to add
this errors to the log of VM?

3) As there is a new issue on the tracker from Joanna:

https://github.com/QubesOS/qubes-issues/issues/2132

It is all fine to simplify Qubes Manager and add some panel
addons.
But as the new user of Qubes I can suggest to stay with advanced Qubes
Manager available. As for me, I'm only use start menu because of Qubes
Manager does not have some icon near AppVM name to click on it with
LEFT mouse button like Joanna want and receive list of available
shortcuts to start.

If this will be available on QM then **only one** left mouse click
need to access and start some application.

Compare it with Start menu: (1 click) open menu (2 click) choose VM on
the BIG list with eye research (3 click) launch application.

So, there is TWO additional click with Start menu and some eye
research. While  new Qubes Manager can provide as the better UX in
same scenarios. And some users will forget about Start menu at all.

4) Why Qubes Manager written on phyton code? Is it compatibility
issue? Why not to write it on C++ with Gt/Gtk ?


Some additational questions:

Is it "safe" to give "yes to all" permissions to vm with Enigmail(PGP)
to access vaultVM through slip-pgp-key?

Is it possible to use subkeys on Enigmail?
Enigmail does not give to select subkey. Only primary key available
for signing messages.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXemhzAAoJEGSin3PC/C0AQJ4QALmClERHWaFpvEVjaPy1X8oH
LhuZ9QqTXPvcaLrtJZsi/uY6BxTlb+ePYvwKgSDCtZ4wxERnDMU3qIRpjtQf34Mb
ouQb+NG5uPoSqyn4WGK7Hpr47h2z5T4VbrjCqFd7PwzDLWkHqBUqTo/KWLLU9uu0
aa60Dawoa5yEz8OffBKb7X8eYmFBV7ySZCIq3tTNzhvPNp3XIYeKkl+ad+xBeFZ8
9VQ5q2T7/a/oqxZMDFvO7viHZJzMCIEuKN8ivay8IKOWQLL+A3poFWV6p2XvbcTV
SjGcyJRifN6vYFW2jj3fHlEA/o3qRqGdrgK2i0U0As1bwobat6PFNGuQdP75UGN7
u+p41Pff+KgKJGUhif7nbbao0PpQu2p6EK4sk879Rp84ySvnvBCw8Nl8Go5XlyPd
J6H/IKcwYjQYOcUHK1pQuPp8q/8XbjDL77BY+AOP8DtYZWuwn2V6/KrO+SgOsY5z
cRFGxKo4ZNowQZSU+YXK0WCJRWjMAFmc4uOFR3Ysmxnfzx6BIki71FLz68mo9Seg
5I+UKA/naRM0oUsMnxbjF9/Da1ePC29b8XZ2zQEyfp+4+j+o/K4DG8RbD1uX+a/5
29PLHf1YXp8zy3tgKkMqDjzw1jmeco3oxc+BOBlcizujNPxlkWyHFtRk6Nz8I8Zy
9N7yzB9y0V1VPqDe5JbJ
=Xy3X
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6d41ac3-000e-8a21-43e7-2c91cac8d5ac%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Q wipe files

2016-07-04 Thread Eva Star 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/04/2016 03:17 PM, Andrew David Wong wrote:

> By default, the default LUKS parameters are used. So, this question
> (and the answer) should be the same for many (most?) OSes that use
> LUKS/dm-crypt for full disk encryption.
> 

Okey, Are you really want amount on psychical security that common OS
provides or you want high level of security? I will describe my
through about "layer 2" of encryption on other thread. But we really
need them! And it must use other peace of software to do that!

>> How much operations need to brute "one" password?
> 
> The answer will depend *heavily* on the length and entropy of the 
> passphrase.
> 

I understand that. But lets count the time for 8 or 10 characters
password. I will try to do that later if somebody will not share this
info with us.

ps. sorry I send you direct email. It's my mistake while I only start
using maillist via email.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXemFFAAoJEGSin3PC/C0AKX8P/22DFmmwn+95Zi1JYl5ZvAGn
15DKiZTjuK5o2nyj8WREwZIUmQEtjmMnEvzlojKldO/Cb9O3RUtLISXgw3A+wQ1w
gWgyDy0LFx1TBCmk/RN1Jg3r3X/GmHy1gHLBrgmzMPeIe9tDj4Scbj+l7qishk5g
sb6KzL4d/Y2x0z5s7/JtenTKrg3gabwFI8J3MA1FGiofOdtlnUwZ1KnYquqxbcJ/
d71rJ+Mu57uvGAvQOVsYqvnZjUZIaSBZl1XLFBa8mTBLqzhW7qDrUeXw5kaNo0JS
iyLZs/KXXEgSnYgonwvDK2DTl3P2wbFq8i+CSOgRAPFq1AqdSIiEYAMvOY3PUjrR
MsM41hzya+9F2OGI/d8qYgI++xKVY4qB/JdUVUbjgoHnVv4L4xwLJqE/wtuAp1l0
nyNyDN66U6sUfzF7BE7wy0NKDQ9bn0EhM7+2iV5Bp0FgeXovQsbwXEc765NJuqKR
vQETaispNEv7SokshfFrgepriQ4mBxD9DxjLjw+laVCtYUIyIVzlVixwFSdcVHUE
PC6MjzpDhFcODeZX+fDYN2Vu4U6hYhjJnjGuBk2/0qqmvS9LFSevXqH/rPhzJIpU
opVG6apdvozcbVPETYx8z35glsNbecfLxXxFVNdNW1PuAsxdk93wCgZLrvrGP6jd
D5LJrykqeNwhBSKNQN+l
=x57P
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d97cc4d0-0cd4-990a-3b7c-7310ef3dbe8c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Will KDE be deprecated? Migration for in-place upgrades?

2016-07-04 Thread Achim Patzner 
Am 01.07.2016 um 19:53 schrieb Marek Marczykowski-Górecki:
> On Fri, Jul 01, 2016 at 03:43:00PM +, Patrick Schleizer wrote:
> > Therefore my question, will KDE be deprecated? Or will it still be
> > somewhat supported?
>
> It will still be available in repositories, but but will not be included
> in installation image and Xfce will be the default environment for new
> installations.

And you have tested it on a HiDPI display, I suppose?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da9ea919-aef5-8d9d-f130-4528fe18c64a%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 - XFCE empty space on bottom of the desktop

2016-07-04 Thread Patrick Schleizer 
Marek Marczykowski-Górecki:
> On Sat, Jul 02, 2016 at 05:26:00PM +, Patrick Schleizer wrote:
>> I used 'default task bar' in XFCE.
> 
>> When I start a dom0 terminal, if maximized, it uses all space no the screen.
> 
>> When I start a VM terminal, even if maximized, it leaves a small area at
>> the bottom empty. (Even if there is no task bar.)
> 
>> How to fix this?
> 
> Do you mean empty panel at the bottom? If you don't use it, you can
> remove it (right click on it).
> 
> 

Yes. I will try that.

Cheers,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c22ed2b-91dd-a886-e066-66b14785640f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

2016-07-04 Thread Chris Laprise 

On 07/04/2016 07:26 AM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Jul 03, 2016 at 09:20:47PM -0400, Chris Laprise wrote:


AEM is now causing reboots for me as well, after installing it under
R3.2rc1.

Has there been any progress on this? I don't see any signed sources of the
newer tboot versions, so I'm reluctant to try them.

Try setting `pci_e820_host` property to false on sys-net and sys-usb.

- --


I tried it anyway (without success), but the reset is occurring well 
before the decryption prompt. It happens just after the 'Loading...' 
grub screen vanishes and there is a cursor at the top of a black screen 
(before plymouth GUI screen would appear).


I still have a boot image with a working AEM. If I could use it to help 
eliminate some possible causes, like the new kernel version for instance...


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37e04782-65ef-924e-ba17-567ca3993068%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Q wipe files

2016-07-04 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-04 02:37, Eva Star wrote:
> I want also disscuss the related topic about "how strong the
> encryption of Qubes os by default" when in the world available many
> supercomputers and bot networks with over 93 petaflops (93
> quadrillion floating-point operations per second)
> 

By default, the default LUKS parameters are used. So, this question
(and the answer) should be the same for many (most?) OSes that use
LUKS/dm-crypt for full disk encryption.

> How much operations need to brute "one" password?

The answer will depend *heavily* on the length and entropy of the
passphrase.

> Can we count the time to brute some regular container on regular
> pc that encrypted with default crypt setup settings on some 
> supercomputer that is already official available?

Here are some links for you:

http://security.stackexchange.com/a/25392
http://security.stackexchange.com/q/79319
http://security.stackexchange.com/q/61346
http://security.stackexchange.com/q/82389
http://www.eetimes.com/document.asp?doc_id=1279619

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXelPVAAoJENtN07w5UDAwvJQP/jEKpvg8nvxrfe0RG7bLHc0h
hcbwZLcMBvYRSPRYJQENlHBNyhAfA8vyxQnb5vDH4+MmwdJNfCyAgU3R44QHyqAs
eloAIQJJa+r09xlLvIEwE/eHxe/zqjr76joYF1SayJH1nGKOpCCY9gxb34hhdrf3
MGmAZIsIk8VTyzr6nxEn/YRTnWmynqEOFxJNpdHi1plsFVOP8oIUWN2s0i6lfeqn
1iK87M1JOeMHoNYjHJAhu+/AjDXYueknRdp8U5bni+radKnj2unT/If9qYGG7ult
n7z/MPtVbsvzd0B5WRAZcaP0T/tYVLtS4JYZvV8u8WRFPFvmaJsVr8aa3KjVOHG2
K6+AC67RZ4fQFi4ne9dzN61dvCjOznVHod8kdVFbEGwowGaGu1u1YLkYnQAQhYWF
Qg9tjFvVdVYQ+9fD9PvkIXHj0JoXkrKKQSgJ41tpkzAoCt0vdhAXTkzRnPg9quMG
I5TI9JeNM4zeiBEMcnnWna8M/42AFNOhXCV2u+gIYe7WX/SpJfvxPcbLo5vLJlAs
d9dyyndVU6gqegm75nx4rnM2KL082ahHGPKETZDlrRIMoUCPJ7Yxnbc2bOscojXz
gGsfSUPTg/z3TvwlhyEsnES08MF6XAdgXBGwwxhXoZhd2GLPaNydW2IZo6KTwHMC
KerY+ZC3u3zlS1DW0zNK
=d/ab
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5808e21-8b7c-bbff-446b-bd37a6627c25%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [mail list] Can not write by email

2016-07-04 Thread Eva Star 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/04/2016 02:15 PM, Marek Marczykowski-Górecki wrote:

> 
> That was the case... I've added you to a whitelist (at least in
> theory).
> 
> 

Thanks.
(testing message)
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXekbIAAoJEGSin3PC/C0AhxEP/07Qfcvh5zCLWakXQfR+H+xA
XsE5XTIdUTJ2QsWcs4tDq/95Q99xiKXZ4PyA30JG/OnamnSARZF4p2MOX4ixKdep
hkcSXIWbEmjEp4YIrYO8CsofaNhMJA/uyK90wsxBku9Q+aN0rYmh3gurZtznwXgZ
WXenvdAJh3+VCKYEIRdQQ9HnGcNpa+8VuMVkgQrSm5XCh2BXkIdiMM5yQhSpACCq
0L93/OOubNzn8R0jfk3RN+BuV7m8492CfcWyr84VSTB0hnpbWjc47f90rQyA1Rf0
Z1Mkk1Cv2QR5b4dms3mu5ZS6mE1n33OF0eMjQ6NXMd/xwmKDKxElZPYhtIytf15k
OrD6nUC8dh/+hv0GpfYmv97TpbdRi9uxGEsv0aXSBy12IltJh/WMAB/+xtk9RXGC
xnBStxvwXaywd4uuQHJCVhhoNC2KEWclWMB29We5M3KqrHI5fsH8CzL4+RT6BanR
Efiw63j2+jjyRLK+QNzzlr29Vr1085f3sCNZt7iLf2Y5HbOdLoThbq+i3IDOlji2
JWMkn7pZmPAMOjPsp+4iRnEyOYkFF4U2RdrQE1dUwYam4rxBYlNmdj+DVTxDwC41
DdctORXu4rTD3Ho9lpPwvpC9OvE2lb6H9BxO4YCOl9LQwrkAk/gj/77o1Y+gVvDP
58ItG6ovR/7tAImFDcRi
=7/+n
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b1497647-6235-ba81-db42-12ccb861d9c5%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [mail list] Can not write by email

2016-07-04 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Jul 04, 2016 at 03:35:09AM -0700, Andrew David Wong wrote:
> On 2016-07-04 03:04, Eva Star wrote:
> > Want to setup Thrunderbird to read and write to the maillist. I do
> > all like qubes docs said:
> > 
> > 1. I subscribe from other email to qubes-users 2. send replies and
> > they do not appear on the qubes maillist
> > 
> > I also tried to do the same via news.gname I receive confirmation
> > email, send confirmation answer... but my reply still not on the
> > mail list.
> > 
> > What I do wrong???
> > 
> 
> Please make sure you follow the instructions here precisely:
> 
> https://www.qubes-os.org/mailing-lists/
> 
> Did you send a blank email to qubes-users+subscr...@googlegroups.com?
> 
> Did you try different methods of confirming in response to the
> confirmation email (replying, clicking the link)?
> 
> (It's also possible that your email got caught in the spam filter, in
> which case it should show up once Marek has a chance to get to it.)

That was the case... I've added you to a whitelist (at least in theory).

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXekVcAAoJENuP0xzK19csitcIAInwHMHOB58lrq5fHQxRkJqE
u1EtfId2J9Dd+5kSFSe0BDex1zlc/mng89btY+a/5NPwRaM6uiQCA9mmFn9oSAbE
gva+7CdYeExrfUmdKutUilFXVAPg9hlULOVdJlTS/1V06O0J8UOg8QndsCQ4P9i+
EOiFm8OOuFq3tuKnBwFpVhkVWO5uoaPq96Ay0m7twQiuuV0zBFKQBDl8Ec7zW0Yl
PUaJ1CPNTEnI8HSzqtKFziYDvBYd4/Rj8aWj+kyn5ovhvUfMH41wZm9hYpv0wMVa
xlY3glzfZNgX24u/0jmovXskcPhlCv94TygRXC7yOfUWGRNkRhR/xT0JdyHAhEs=
=F48P
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160704111540.GC1464%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [Q3.2rc1] XFCE bugs with locale and suspend

2016-07-04 Thread Eva Star 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

1)
Failed to start any VM after suspend (tested on xfce)

Qubes Manager show icon with following error:
Error starting vm internal error: libxenlight failed to create new domai
n

Log file: libvchen_is_eof

- 

2) Some characters does not show. It's on XFCE. Is it possible to fix
this?
https://i.imgur.com/xqLqHGD.png

3) Related to first issue: It's only show error icon per vm and need
to hover to get the error. Why not to add this errors to log?

4) About issue with losing "System Tools" links at Application menu
you are already noticed?
https://i.imgur.com/rCMiymX.png
It's also not available under right click of the mouse.

Some questions:
Is it "safe" to give "yes to all" permissions to vm with Enigmail(PGP)
to access vaultvm through slip-pgp-key?
And seems it's not possible to use subkeys on such configuration?
Enigmail does not give to select subkey. Only primary key available
for signing messages.

Suggestion:
Qubes Manager UX - Add possibility to sort meny items up and down.
It's useful in big list to keep some most used application at the top.
https://i.imgur.com/gctZoJl.png

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXebZoAAoJEGSin3PC/C0A4fgP/2/uKNATRsMXzOclFttIQI/g
bEiOpVZFc+o6Thq+ys7+U1hhBtn5EMR3iyL30jW0q3P/0ksx9pMIRdy5OqGjeUfH
xAUWlwCL9bdzZnTer5hpYRLw/nlx1fSdzErBJP0t9hZpkpiBf+crmQfqNtsoVP+E
d76yKeCSg61F5uvPUYMqEQfpKkDZd3c6QKG6SNf9KymakWkZyxTcLa2YQnn44osS
8U1CZnV8+yotLM+SsKAOybKvFa9adUI1tXLMTSyTIG1EV8uWqGwzhaJHgXU/oxsv
ksUliR4esyDm0UXG+HU4MS6JzrpPrIHouZ2hAEooK2NN0POwmfrjvOrW0zUDn7O+
SfMQCpDHNqv7/zZS3hZRpOLcXQ0dEj4gKdZSOm/H2ixe81SIQUzNvsBD3L1XtyqE
OpTIhQSC6zXw33mmVNPgzADJLPAk1VjZqLsb0c5dH3oLZp4Yjm1a/aKgEcQWz5hP
i/uNtpauQtilggNMZ1YGUqAracTIQLd7tAdQtdFLmZvsFDEjhh1qCP4EtKvWrGcE
WuN6CEXFZiKngNKm5vu3v5m1Nee036byGWNKYxbTnOGhfuWB2wGSsWjp+aGTVO/h
qddOLx44x4Gwl1H3RyEiD0tRRTOWvWXoYKDTTBbVv7sTDjmehy7ynELTU6hdiqYH
brXqK5ZC1pWXkOtdpvWt
=e0/z
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ffabf9d0-9657-43e5-e097-75c905f65019%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [mail list] Can not write by email

2016-07-04 Thread Eva Star 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 07/04/2016 01:04 PM, Eva Star wrote:
> Want to setup Thrunderbird to read and write to the maillist. I do
> all like qubes docs said:

Testing from mail.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJXejUxAAoJEGSin3PC/C0AqQwQAI4xIV6Kjr5mOFlIJAu9q8yU
yjGVrdftzgtRjgizlRlr88mg+Pz4xL2tpQaOKa6ZtNRhZJq9Nz+HYk1QhI7CP15V
11Vdr5KLDIWvDBjwvI6eVqAtpxY9hx1orpWoc+2/bZ2kTOQizSI9kfQ3x4KfD7R7
F34ls95JV4G0zRLkQlW9c0mq2bqSQgoM1CEnL7chBAMYjT/7Ath0njKuwTNnWIAc
dJnHJiB3O5N78KN7325QblaB4NccuH2yGhEPAQAcZlyYdzlrSIIFdoT6AgUWJheY
3pzC8/OKMc496lBQ59D2H7lz98dhC68HN6vg7425tCPvpwwkf7a3k5A/JUbZx5FX
sPE3fR874piXa2bGCrFHKr/JWG6Nz3AqX/ePuGiCbVDwN+6e37OAossG6p9kpZzZ
uCQHs8fs3RSd9L8gAXk8jWVE1rAd0j1clswhE6T260VKDRhTRyFNfVHSZhZJ0NuF
gwWXjPIaLC6JWTU16Uu+4KMLMQi8z7AWuZeVOZ2g2hrjvzj+LkUvzocE7LvAei/8
oGvIXfkWz/7seo2dH45s+Iy78rbwjpU2giOJnkfHmnzClRpLJOstck4/Q4yCRgg0
vGgQPq7R0XrtIZY582Wxu7zw1D0BUG+Low5R8O1n4qPZkh6sSBPV0v62wynn5pZ+
CTB5l2I7hbOJZOnTeJrv
=UpiQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ab368ca-14cb-4eca-acdf-22e29ccd9323%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to correctly install software to template from binary archives

2016-07-04 Thread Eva Star 

> Those links are generated from standard location: /usr/share/applications
> You need to put .desktop file for your application. Take a look at
> existing files there for examples.
> 
> After you create new file there, execute `qvm-sync-appmenus` in dom0
> (with template VM name as an argument).


Thanks for the information  Seems its works only for TemplateVM?
Is it possible to somehow add custom links from AppVM to Start menu ->
AppVM(domain)?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c142c19-6433-fa12-f9d8-942e736e79e0%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] [mail list] Can not write by email

2016-07-04 Thread Eva Star 

>
> Please make sure you follow the instructions here precisely: 
>
> https://www.qubes-os.org/mailing-lists/ 
>
> Did you send a blank email to qubes-user...@googlegroups.com ? 
>
>
> Did you try different methods of confirming in response to the 
> confirmation email (replying, clicking the link)? 
>
> (It's also possible that your email got caught in the spam filter, in 
> which case it should show up once Marek has a chance to get to it.) 
>

Yes, sure. All done as described. And I receive notification from google 
about "You have joined the group".
But can not send replies and create new thread. First, I was thinking that 
is because I start with the thread that contain links to imgurl, but clean 
test also ignored. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cb45e25-369d-4a28-8aef-7d452cffdc84%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [mail list] Can not write by email

2016-07-04 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-07-04 03:04, Eva Star wrote:
> Want to setup Thrunderbird to read and write to the maillist. I do
> all like qubes docs said:
> 
> 1. I subscribe from other email to qubes-users 2. send replies and
> they do not appear on the qubes maillist
> 
> I also tried to do the same via news.gname I receive confirmation
> email, send confirmation answer... but my reply still not on the
> mail list.
> 
> What I do wrong???
> 

Please make sure you follow the instructions here precisely:

https://www.qubes-os.org/mailing-lists/

Did you send a blank email to qubes-users+subscr...@googlegroups.com?

Did you try different methods of confirming in response to the
confirmation email (replying, clicking the link)?

(It's also possible that your email got caught in the spam filter, in
which case it should show up once Marek has a chance to get to it.)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXejvbAAoJENtN07w5UDAw9sMQAJGIbkybVb9fy0DBUZXalRT+
x0ykZLcFfZ16U/ekC5Qhn+Jgn1/BbYtpK8xd28qm4TjeMjSMqPR3VHC9w5bGlm/u
zM2WFuj08OXxmOgxFIf9cIMA9FS2NprqXYi3qEnSFBxokRT9zmNrckVXp/vKSDWg
QxKx75Ekdwir41bMFFZXnqo3hvu4ir8/oMVQ6Jz5PppJ9V7gmo9F+2bNBo94MLOo
gSXdOtKpME+YpygmMoQbJord7lSXL6yLMBC5e7gnloyF165ch3daJm3WUoibyEiz
i/dhGoFiVZOPrxy2bmhPbcIau5xfFWiKFAEhWm46pI7grWYnqksdSg5SpjXmGLv2
tXXoYAVdOAk8Fw2h7cMDdt9+k7Fo+IVsTaS72LENf5PsavPVvBKZTHP3H6qU8lbu
ZhN8KvlC9u2tL4B/zPp5VuANbBLhFRLOv72Mu6fxxGlFx8VC0VjQSSJyLQevJnOa
bWWL+YX3X1ELrgIKPOEEcW/Wias0/+B7T8J0Z5lG0cKp6JTp2Aqd7mUbz7uDUdgi
gweuTwmCuFOoVxPUbnnyh8Nh8DNv3Zc5luwaMgPz9HsWX+wJBfntAF6dDUbY8kmp
f0zkPQ99sPsOeHcFX9mQqK36qBlSelrzYjkqmwcL1Bg9KvqCqXnSxwo7jB0Og9b8
WjM0J+pJ/RLvlqTCVBVO
=0e0F
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/950235be-4cd9-9d56-13ab-b4f82f3526fc%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking problem with Windows 7 HVM (with PVM parts)

2016-07-04 Thread Achim Patzner 
Hi!


In order to get things a bit less messy I asked the IT department of a
customer who handed me a VM for personal use to add XEN PV network
drivers to the VM. Since adding the driver I've got network problems on
every second boot as the network interface could not be started. Going
to the device manager I can deactivate and reactivate it which cuases it
to apear as a new LAN connection (... #) or just resign and reboot
after which it will be working until the next reboot. The device this
network connection is attached to is always "XEN PV Network Device #0".


Obviously the idea of cluttering up the registry with more and more LAN
connections doesn't seem too appealing. The LAN adapter doesn't seem to
be changing in any obvious way every time I boot. What could be
different each time the VM is started?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d128b41b-01c6-623c-ad7f-e2f93952d68e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [mail list] Can not write by email

2016-07-04 Thread Eva Star 
Want to setup Thrunderbird to read and write to the maillist. 
I do all like qubes docs said:

1. I subscribe from other email to qubes-users
2. send replies and they do not appear on the qubes maillist

I also tried to do the same via news.gname
I receive confirmation email, send confirmation answer... but my reply 
still not on the mail list.

What I do wrong???

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/480c3431-3877-42bd-9a48-d6e0508c2f67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes R3.1 : black screen at luks prompt at first reboot after install

2016-07-04 Thread Lurked Got 
  writes:

> 
> Hello.
> 
> I have installed a couple of times Qubes R3.1 on my machine without 
> problem. I messed around with those installs and therefore decided to 
> clean install again.
> 
> The install process still terminates correctly but on first boot i just 
> get a warm black screen. When i press [echap] i get to the text mode 
> prompt of luks which doesn't seem to respond to keyboard input.
> 
> I have checked my bios settings : all virtualization tech enabled 
> including IOMMU ; legacy+uefi mode ; IGP mode (i disabled my strong GPU 
> in favor of the iGPU solution but did not physically uninstall strong 
> GPU ; want to play with PCIE passthrought) ; i installed from a usb 2 
> stick on a usb 2 port (but did not disable usb 3 support in bios).
> 
> Thank you ; ask me for any missing information.
> 
Hello.

I have physically uninstalled my dedicated GPU and it works. Most things are
not worth preserving. Althought it would be cool to run D3D heavy games in
domU. Label device as "dirty" and do not allow for it to attach to dom0.

Just som random noise I guess..

Good luck.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/loom.20160704T100104-456%40post.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes and sugarsync

2016-07-04 Thread Nicola Schwendener 
Hi Andrew,
thank you for your answer and your time. I'm not sure to understand what 
you say, but doing that means I double the space of the data (redundancy of 
data) between VM. If I share the data from one VM, the data will be only in 
one place. 
thank you very much
best regards
Nick

On Saturday, July 2, 2016 at 3:59:20 AM UTC+2, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> On 2016-07-01 08:01, Nicola Schwendener wrote: 
> > Hello all, I wish to move away from my windows pc to qubes os. in 
> > my configuration I still will use windows HVM because I need to run 
> > some software (and some office macro) in it. I've some questions 
> > about storages and cloud accounts. I've a crashplan account that I 
> > wish to continue using in linux. I saw that there is the crashplan 
> > linux version and I wish to know how to create a storagevm that 
> > shares via NFS to windows VM and some other VM the content 
> > available in the storageVM (should be attached to some external 
> > disks and the NAS). then there is sugarsync. this software provides 
> > a synchronization between different PC I've on different locations. 
> > for this software there is a windows only version. what I wish is 
> > that this software should run (I guess via wine) in the storageVM 
> > in order to not duplicate data between VMs. is it feasable? could 
> > someone explain me how to create a storage VM and share data to 
> > other VMs? thank you very much best regards Nick 
> > 
>
> Since you say you're new to Qubes, I hope you don't mind me asking: 
> Have you considered that it might not be optimal to attempt to 
> reproduce your current setup in Qubes? Many users (myself included) 
> have found that the functionality offered by Qubes is very different 
> from that of a conventional OS, so much of what we used to do on 
> conventional OSes no longer makes sense (or can be accomplished in 
> better ways). 
>
> For example, instead of sharing files via NFS directly between your 
> CrashPlan VM and your Windows VM (which is possible [1]), you could 
> consider storing your files in your Windows VM, where you use them, 
> then sending your Qubes backups [2] to your CrashPlan VM. 
>
> This is just one example. It may not apply to your specific situation, 
> but that's ok. It's mean to illustrate a more general point, which is 
> that you should be open to considering the new possibilities that 
> Qubes enables, rather than insisting on replicating old systems (that 
> were built on the assumption of a single, monolithic OS) in Qubes, 
> since doing so usually results in compromising the security by 
> compartmentalization Qubes provides. 
>
> [1]: https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4 
> [2]: https://www.qubes-os.org/doc/backup-restore/ 
>
> - -- 
> Andrew David Wong (Axon) 
> Community Manager, Qubes OS 
> https://www.qubes-os.org 
> -BEGIN PGP SIGNATURE- 
>
> iQIcBAEBCgAGBQJXdx/uAAoJENtN07w5UDAw5NkQAMePYiAGe6rvgmzuTd/qB1RJ 
> DYxZDMbLCvnf2lgbRBcjwRDtieS7r5+/YW4wg43GBoloI/rRh8tZ+DhexhQitX/H 
> E0uE1Zlh9V0jdRSfNmiddc32EQlHFTgAlXNev6yp9+ltAKBxxEWNaIzxbrjj+eWa 
> Ci6ADB+oYSR+u0twHGLjRk9/8sMCUQeoIUUQJ9gjJ9cAPwE8QeJOd/e3hJ3XOaRt 
> sK0bLDXlXkFLQZP9oKZwcg8U4/oVRInIQcBLZcBHqDsePLQGczFbMc78pv6f7BWE 
> I9EOL3bGJvX/IaIyI7km58QMrxVHld21fjfziqnOEvNpsEi9nF8/MqcQkqSgh7xv 
> nVcvfUMKWGf7EiY/yX4sNv3sOoUuEIPInvrVnzqrNZBDeMKiSYS7R/BNqeJne5GP 
> 2VjD5Yd9KjfeXg5cId0pVliRieFZ2qBvL5jrPsl9ISB5Y7v7JaJilxmI42pDcdyr 
> IJQwM2opY8ZRZmQYWF7TfJyv1Q+/72Q1g56XpCW9v4eFUaOShDNH8/JS1EhgA//8 
> 6e5qXeCt8A1ah+cYL2A3k+Hz+2AC/crAUSaVu0n4LAqX64SyX8Ud2YOdUoBe7GKp 
> lpcvroXyZTnxUZTE9HWYpLd7C5hN6FX/0EQsKamLuRp1tojrItJzs9NZPszKJ2VE 
> ufXw0znuJkhG6SVHM8sF 
> =R/Nn 
> -END PGP SIGNATURE- 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ae0df46-3b1d-4049-9473-3e9fe2115f30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.