Re: [qubes-users] R3.2 rc2 blank screen - screenlock issue?
On Thursday, 1 September 2016 01:54:38 UTC+10, Desobediente wrote: > I use KDE (XFCE is installed but never used) and I don't have the option > of using the keyboard. The num/caps/scroll lock lights won't change and > the keyboard doesn't seem to respond. > > As I stated, the processes seem to be running, if there's a music > player, I can still hear it. > > Will check SETUP settings (a.k.a. BIOS/UEFI) I've had the same issues since Qubes 2, when I first started using Qubes. So it's an ongoing issue that has yet to be resolved. It has been the topic of a few threads. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c790532-bc7f-4eac-870a-7737bd388b73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] OSError: [Errno 2] while reinstalling a TemplateVM
I made the mistake to run this command in my debian-8 TemplateVM : sudo apt-get autoremove gnome-keyring Then I wasn't able to get a terminal for the debian-8 TemplateVM and all appVM's in relation to this TemplateVM. So, I used this tutorial to reinstall a new debian-8 TemplateVM : https://www.qubes-os.org/doc/reinstall-template/ The old-debian-8 template is deleted. The new-debian-8 template is created and updated. Now here's the problem ... when I try to change from dummy template to the new-debian-8 template I get this message : [Dom0] Houston, we have a problem ... OSError: [Errno 2] No such file or directory: '/var/lib/qubes/vm-templates/dummy/apps.templates' This is most likely a bug in the Qubes Manager I want to access my files which are still in the appVM's created with the old-debian-8 template. Thanks for your help -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/879a7872-a280-4082-84ef-3a24ef3c41ff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 31, 2016 at 10:05:59PM -, johnyju...@sigaint.org wrote: > I'm curious to some mentions-in-passing about Andrew's hate for USB > keyboards. USB-anything isn't good for security, but what in particular > so much worse about USB? Both USB and PS/2 can keylog, or play predefined > scripts to try and exploit the system. One of the dangers of rogue USB > devices is that they can suddenly pretend to be a keyboard (which Linux > will accept without confirmation, something I'm not thrilled about). It is mostly not about the keyboard itself, but other devices on the same bus. Anything that can control the bus to which keyboard is connected, can control the keyboard / pretend to be a keyboard. In addition, USB is quite complex and as with all complex code there are bugs. If you (or someone else) plug a malicious USB device that will exploit some bug in one of million USB device drivers, it can do whatever it want with the other USB devices on the same bus. And if that USB controller live in dom0, it's game over even without injecting malicious keystrokes. PS/2 is much better, because you can't connect anything else than input devices there, and attack surface is much smaller. Some mitigation would be to use separate USB controller for USB keyboard/mouse and have it in dedicated VM (separate form all-purposes sys-usb). This will guard you from potentially malicious devices *you* plug into the system, but not from someone else plugging it instead of keyboard (so into that keyboard-only USB controller). To plug that hole, that USB-keyboard VM should be configured to reject any non-keyboard device before allowing any driver to talk to it. This will still left you vulnerable for bug in USB stack itself, but the attack surface is much, much smaller than all the USB devices drivers (some unmanaged for years). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXx5GcAAoJENuP0xzK19cstXgH/2+qnvTd7y00TSaUuAqjgUUI waSjgeZnXfuGn8WMIRaGn4sIAqG4VgL1JP8sStWGHzAktOnqU/BHmaMAgipVvDpy 60a0SumEE1kZ8RUbIzINuTlZVmXw/7Dt1NCA0FOJbkjn4UeiuRvCkKceedJXrV9a m3HoCGTu1qgZB9B4m+TvPtgeqUrUj/bvsLkgPJbVKiOWevIJ7M57cabDk/6P3p0q QMHT6yPqcEXrA3SKAay/LDTvwP6C67jXjkCsvQYPX1TNrCZzEkvYyA3P4ycblBlM Pq3MmSlPTLkiHorupOERDZi7mON2lss23aaj0AXvClgO03V8ArPjDnnmxHEWW9A= =za1M -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160901022532.GE24732%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt InterVM Configuration explorations and pitfalls in 3.2-rc2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 31, 2016 at 03:47:31PM -0700, nekroze.law...@gmail.com wrote: > Does anyone have any thoughts on a way to template in the IP address of an > appVM so it can be used to define a file.managed state with the IP in the > filename such as tinyproxy requires? Take a look at grains - there is a standard `ipv4` available. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXx4zjAAoJENuP0xzK19cs+jYH/2hzpEpQ8WR2/yiMc3KJiUW+ vnuGxoFgM72z7nfQmXswi0g6Q0NY3lo5gGWqRt/ZF5bves8ZXeZ7M81DDPF1gLMZ fHoBSTmJq58J0PpmBS56ekZiVYndPeNTVqLLpgZGwubgjAAXZeCyyAcZiQvSxqom 4zgs3ev50yEfJ9/PoSAeON3Yf76LVbsyRxEgGN01yg9yssvpdBEdwV5bTQ+ZGe/f sKiQpJAk0ACByFyJN9z8C2SWqCMAmXnALIteJssDuHVT8oS2L/BRG7Juk0/JMx6V J4htQO/ZQGbqUWlQCbXJWmc9NVtvmsuMeB/o08BlDnNmBKZltUFsOxbWniD6d5E= =LLQP -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160901020524.GD24732%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] installing Signal on Qubes mini-HOWTO
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-31 15:50, IX4 Svs wrote: > On Wed, Aug 24, 2016 at 11:10 PM, Andrew David Wong> wrote: > >> >> On 2016-08-15 14:43, IX4 Svs wrote: >>> On Mon, Aug 15, 2016 at 10:19 AM, Andrew David Wong >>> wrote: >>> On 2016-08-14 15:22, IX4 Svs wrote: > Just spent a few minutes to figure this out so I thought I'd > share. > Thanks, Alex! Would you mind if we added this to the docs at some point? >>> Not at all - especially if you improve my clumsy way of creating the >> custom >>> shortcut (steps 7-12) and use the proper Qubes way that Nicklaus >>> linked to. >>> >>> Cheers, >>> >>> Alex >>> >> >> Added: >> >> https://www.qubes-os.org/doc/signal/ >> >> > Andrew, thanks for adding this to the documentation. > > I'm afraid my DIY shortcut kludge does not survive some(potentially boot > time) script and is wiped away from the taskbar, only to be replaced by a > default "Chrome browser" shortcut. I admit I don't quite comprehend what > the actual implementation of > https://www.qubes-os.org/doc/managing-appvm-shortcuts/#tocAnchor-1-1-1 > should be. Neither do I. I've always make my custom shortcuts the same general way you do. > A worked example that replaces all but the first step of the " Creating a > Shortcut in KDE" section of https://www.qubes-os.org/doc/signal/ would be > very much welcome. > Agreed. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXx4J9AAoJENtN07w5UDAw1J8P/0PUipLZrTwzQheBpmhbf5Dv M0womOAbxLi+obMXQJtIVwQpWEkGEoPT41xfRwYwTeZqgCIMX3RHaRk2KPjDPbiC tyY/F9FF+5DWV8cuqFAir4uFmBUdaH4orbWQLf+Qai5RbumEonx0ZuwrzH/xQE9r nE8o+mAYUZnQP9TGUCmKkzm/+Wc2yPDvcWgqwbaVOpz5SHlhNAMVYXMy/9hQ7M+V 6eDlbvgLAe4E78aZ1WIuizGaQlH0pYdsIuZ1mPDT7KGf1p/2tOpRCpsrXF5a1+z5 QdDa88mMZR8MqNJUlbPqSgWPrWq1mAv9KFPF61myb3ZkAVFZQs7BkFclJXP1lJtq ptfXB7fEVko2eAgmECITmghezk6z7iAkkSTuxmoENQ1Gq1duz/vceRAl5sUsqfN9 LXA2myp3uC7ZjoWhmdzYheEg8nOqQACPn5/J04XBbnPl49uv0T3ITrc9gkPGy380 f67DC+QTwuZkNQSDbt/TUwWJu25Z1TFs6TRKRnc9icuS5qoOKxtNSpVTbIjcApKW ixEts+Vhu1FguarFW7vsMvwvD2q+RYEf3BYrlCFqChJQDlEdzgibRwkYyz9TTVG0 9D89RvpGiOFJWQ6rwIgNA9Q1IPY2xY0TkiLv5yNPWGOHohJK4mbC/dGhZqNXcgDr CFeVikKS+OHd78PFVmYj =x3qa -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b8915080-54ca-1253-29c1-2db48cf2156b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 rc3 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 31, 2016 at 09:18:37PM -, johnyju...@sigaint.org wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > Details here: > > https://www.qubes-os.org/news/2016/08/31/qubes-OS-3-2-rc3-has-been-released/ > > > > As usual, you can download new image from: > > https://www.qubes-os.org/downloads/ > > > > Users of R3.2 rc1 or rc2 can just install updates, no need for full > > reinstall. > > For older releases check above page for upgrade instructions. > > Congrats on another milestone. > > For those of us tracking testing, we're automatically swept along with our > updates (just as users of rc1/rc2), correct? If you're using 3.1 or older (with testing repos enabled or not), you need to go through upgrade procedure explicitly to have latest 3.2 version. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXx3deAAoJENuP0xzK19csqGwH+gN0OHompcIDoCKBAdPC7Bqo SdiEB1yayCRkE/esEnOpD3ajxmtiK2O3bAApPx9ixGaiUEbcCaK5cQ0V6v5w5y+g fgnCtt7Zn5PLtd1hgbYI7wgYi/+y8SrDMWpPvrwN4QomQ/IPc3711Wdp0NmTbjWh Sua2blMYRZkWno/6eQ1xSx+TMW7CuJOeMtNhm9BeI7+kxUvYGpS0hhDMGFAoFYRT rIZP6d7mPQEyP01KhSF7xBZwdWmYakvZWPfrzj9C4G+82FB2bjfOW+S9d8SxSDNs 3BVaQJHhu8x6vVTWD+bouF1muZSFrtYBLRYrKdJk7OXIBRgprD/x7291fq4xg5A= =2w6z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160901003335.GA24732%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] installing Signal on Qubes mini-HOWTO
On Wed, Aug 24, 2016 at 11:10 PM, Andrew David Wongwrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-15 14:43, IX4 Svs wrote: > > On Mon, Aug 15, 2016 at 10:19 AM, Andrew David Wong > > wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > >> > >> On 2016-08-14 15:22, IX4 Svs wrote: > >>> Just spent a few minutes to figure this out so I thought I'd share. > >>> > >> > >> Thanks, Alex! Would you mind if we added this to the docs at some point? > >> > >> > > Not at all - especially if you improve my clumsy way of creating the > custom > > shortcut (steps 7-12) and use the proper Qubes way that Nicklaus linked > > to. > > > > Cheers, > > > > Alex > > > > Added: > > https://www.qubes-os.org/doc/signal/ > > Andrew, thanks for adding this to the documentation. I'm afraid my DIY shortcut kludge does not survive some(potentially boot time) script and is wiped away from the taskbar, only to be replaced by a default "Chrome browser" shortcut. I admit I don't quite comprehend what the actual implementation of https://www.qubes-os.org/doc/managing-appvm-shortcuts/#tocAnchor-1-1-1 should be. A worked example that replaces all but the first step of the " Creating a Shortcut in KDE" section of https://www.qubes-os.org/doc/signal/ would be very much welcome. Cheers, Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTc-35h1cHsr5kW7cXd_o6M3_Q_4qH0SfK%2B_nHL5O9d%3Deg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VMs cannot start (Error, 0), eek... and fixed
Hello, I searched the archives and saw this has come up before regarding firewall rules. https://github.com/QubesOS/qubes-issues/issues/1570 I had half an email composed when I tried something and it unexpectedly worked. So for posterity I wanted to add is that it is possible that *no* VM will start if you have exceeded the maximum number of firewall rules on *any* VM. find /var/lib/qubes -name firewall.xml -exec wc -l '{}' \; # found offending VMs with 38 - 40 lines (and hence 36-38 rules) On a side note, does anyone have great ideas for dealing with CDNs like Fastly? Which allocate the same host IP for a service, say pypi.python.org, in many /24s. Big phew! and cheers, =D -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAGq7KhoxoqSBTFWrWFJBGHWaKz%2BFY%3D2HDYvQehoberARh39iHg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 rc3 has been released!
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Details here: > https://www.qubes-os.org/news/2016/08/31/qubes-OS-3-2-rc3-has-been-released/ > > As usual, you can download new image from: > https://www.qubes-os.org/downloads/ > > Users of R3.2 rc1 or rc2 can just install updates, no need for full > reinstall. > For older releases check above page for upgrade instructions. Congrats on another milestone. For those of us tracking testing, we're automatically swept along with our updates (just as users of rc1/rc2), correct? Sorry if that's a stupid question. JJ > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXxzpPAAoJENuP0xzK19cszD4H/j4jPpG9aEaa6xx+FoDN+7cI > 4P3PU3GtvDO+k97O9at/4Gsq5ziUgyFcJxD+3KId7gTsDML5w7ge93Zyvc5lRms/ > cu+skFnrLpeOKSv+aeRTzeeZQ6EbEePLqXLpgMcLIN93hKiPqN6UPPUJ0ya5Ijhg > qol6fbEwLYdyazq378QcEmgqAE9C3iEmVpthLl3qw+vITJHIutHtxJgzV7kYR6q+ > euF0dVjijY/qeu0R/Jds6WYlB9WCdzuDRfRGO5BYEc3PtjvrCLW0g02SGyplQwDk > nFqnrB69czNPMgs6Gsb5arIKco4tm6a9VOUyT+XCgPX5Vbw+4FSH7pw7EsRK4bk= > =Uo8f > -END PGP SIGNATURE- > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/20160831201304.GH9166%40mail-itl. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b13db8d9e8da36a50ab07b75782f0184.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Adding individual partitions from Manager
While qvm-block is a wonderfully handy tool for adding individual partitions to a VM, the Qubes VM Manager can only add entire devices from its GUI. I think that it's a pretty strong argument Qubes' spirit of "protecting the user from him/herself" to make sure this feature (maybe in a nested menu or something) is added at some point. Keeping a VM from pooching a partition table and a whole drive, and at the very worst messing with a single partition, is a pretty significant protection of the user from himself, as well as prevention of escalation of any VM compromise. If a compromised VM can tamper with the partition table (to hide away its payload, trash partitions), or worse, modify the boot sector of a drive, it's a *way* worse end result that's possible that messing with an individual partition. (Although they have boot sectors of their own.) e.g. on a typical Linux drive, mounting /dev/sdx5 with the data to play around with, while preventing /dev/sdx1 (the /boot partition) or /dev/sdx (the boot sector/paritition) from being corrupted is a major win for security (and stupidity) in my books. I know 4.0 is going to rework (deconstruct?) this stuff a lot, but it'd be nice to make sure some equivalent feature is in 4.0, in not sooner. Also, is there a limit to the # of devices you can add to a VM? I seemed to hit the wall at /dev/xvdl, which the Qubes VM Manager and qvm-block seemed to think had been assigned to my VM, but the VM never saw it, and there was some strange error in dmesg. (I neglected to save it, sorry.) Granted, I was doing way more in that one VM that I should have been (things just got out of hand, lol) and I restarted things and split up the tasks, and all is well. Just curious if there is a hard limit. 3 is a fairly low limit for devices (xvdi/xvdj/xvdk), although there were a lot of partitions about (one had 7 partitions, another had 5). Thanks. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0c8e8cd831a1dc106bc771febeea5a5.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Why not a Whonix (or TOR) Disposible VM?
Adi Carlisle: > On Saturday, 27 August 2016 18:50:20 UTC+1, Cube wrote: >> This would be more in the style of Tails - no persistent state. > > TAILS hvm? > Would require disposable HVM, I don't think Qubes has implemented that at this time. Also DispVMs do not feature anti-forensics yet: https://github.com/QubesOS/qubes-issues/issues/904 Cheers, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a5c49fc-4d95-ec65-1c09-cb595a3d2135%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using Whonix Tor instance from other VMs
Raphael Susewind: > Is there an easy way to use the Whonix Tor instance from other VMs, > namely those assigned a different firewall VM? > > I do have a couple of Tor Hidden Services which I'd like to access via > SSH from my work VM (using connect-proxy). I could of course run my own > Tor instance within the work VM, but thought why bother if a Tor > instance is already running elsewhere... > https://www.whonix.org/wiki/Other_Operating_Systems -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc340dcd-14cb-616a-2481-a2dd57406daa%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] change date
On 08/31/2016 04:29 PM, Eva Star wrote: How to change date/timezone reported by `date` at dom0 terminal and used by other AppVMs? Previously, I do this with KDE tools, but now with Xfce I can not find how to change it correctly. Now, it's reported as EDT (not UTC) at dom0... Why? How to change it for dom0? How to change timezone for all/some AppVms. Thanks Found the solution! Why it does not in the FAQ? At Dom0 if you want to keep it at UTC (date command will report time at UTC, all programs at dom0 will work with UTC time, but you can set up XFCE time at the panel from properties. ---command executed at dom0 will set timezone to UTC for dom0. --- timedatectl set-timezone 'UTC' -- Then if you want to change you AppVM timezone per VM, you can do it at 1) /rw/config/rc.local with the following command: timedatectl set-timezone 'Europe/SomeCity' (get the list from timedatectl list-timezones) 2) Or you can do the same at TemplateVM -- Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a42848dd-0afc-3dcd-187d-6b4f6b5b8b38%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2 rc3 has been released!
On 08/31/2016 04:13 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Details here: https://www.qubes-os.org/news/2016/08/31/qubes-OS-3-2-rc3-has-been-released/ As usual, you can download new image from: https://www.qubes-os.org/downloads/ Users of R3.2 rc1 or rc2 can just install updates, no need for full reinstall. For older releases check above page for upgrade instructions. - -- Qubes Manager systray icon is gone now... Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c93973fa-35d3-3572-ae52-0b5133f24257%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.2 rc3 has been released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Details here: https://www.qubes-os.org/news/2016/08/31/qubes-OS-3-2-rc3-has-been-released/ As usual, you can download new image from: https://www.qubes-os.org/downloads/ Users of R3.2 rc1 or rc2 can just install updates, no need for full reinstall. For older releases check above page for upgrade instructions. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxzpPAAoJENuP0xzK19cszD4H/j4jPpG9aEaa6xx+FoDN+7cI 4P3PU3GtvDO+k97O9at/4Gsq5ziUgyFcJxD+3KId7gTsDML5w7ge93Zyvc5lRms/ cu+skFnrLpeOKSv+aeRTzeeZQ6EbEePLqXLpgMcLIN93hKiPqN6UPPUJ0ya5Ijhg qol6fbEwLYdyazq378QcEmgqAE9C3iEmVpthLl3qw+vITJHIutHtxJgzV7kYR6q+ euF0dVjijY/qeu0R/Jds6WYlB9WCdzuDRfRGO5BYEc3PtjvrCLW0g02SGyplQwDk nFqnrB69czNPMgs6Gsb5arIKco4tm6a9VOUyT+XCgPX5Vbw+4FSH7pw7EsRK4bk= =Uo8f -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160831201304.GH9166%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes R3.2rc3 Schedule
On 2016-08-31 13:25, "Andrew David Wong"wrote: > Yes, we expect to release R3.2-rc3 today: > > https://twitter.com/rootkovska/status/770930679882416128 Thank you for the information! Now, I see it on the FTP site. :-) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ae91b7ff1c6f23b64c26c5cc0f352a0.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [3.2rc2] Pulseaudio 100% CPU load at dom0
Eva Star: > 3.2rc2 - clean install (on 3.2rc1 with updates I do not have this problem) > > At dom0 pulseaudio proccess always eat 100% of CPU. > If I kill it, then it starts again! > Please, help. Hot to fix this issue or how to disable pulseaudio start after > kill. > Had similar symptoms on Qubes 3.1. If you have multiple audio adapters (ie Onboard + HDMI), disable one. (On KDE, it was PulseAudio Volume Control > Configuration. Don't know XFCE.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1451b40-159c-608a-8868-405dd4125441%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: epoxy on ram to prevent cold boot attacks?
On Wednesday, August 31, 2016 at 10:40:23 AM UTC-7, grzegorz@gmail.com wrote: > An actual protection would be some kind of a chemical that would destroy the > ram chips if they ever reach certain (lower than room) temperature. the epoxy is likely to damage them in most means of removal. i know of things that can do their damage when they reach a certain temperature or higher. never heard of one set off by going below a certain temp. erasing on power loss would be good too, esp if the attacker doesnt know about it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11f811f4-eaaf-41dc-824e-7f39b374bbdd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Unable to assign audio device
Adi Carlisle: > OK, update, I reinstalled my Qubes 3.1 but this time I used sys-usb (& > sys-net option) Sound worked on all VM's. > **Didn't get a chance to test it on Win7** because I tested the mute function > now it doesn't work again. > https://www.qubes-os.org/doc/windows-appvms/: > There is currently no audio support for Windows HVMs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/79f7b675-7f7e-54e9-3d51-17d7576fa8fd%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: epoxy on ram to prevent cold boot attacks?
W dniu środa, 31 sierpnia 2016 18:25:33 UTC+2 użytkownik pixel fairy napisał: > poured some epoxy over where the ram connects to the motherboard, and where > the clips are that you would use to take it out. the chips themselves dont > have any, just the surrounding pcb. > > this was couple days ago. so far its survived 2 reinstalls of test qubes > releases, and is doing one of rc3. > > i have this feeling im about to find out theres some simple way around this > and its not really a protection against cold boot attacks. i know some > laptops have easy bios resets, so thats one way. An actual protection would be some kind of a chemical that would destroy the ram chips if they ever reach certain (lower than room) temperature. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37b7279f-2f8b-4f74-97d7-46171c02a7b5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt InterVM Configuration explorations and pitfalls in 3.2-rc2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Aug 30, 2016 at 11:00:30PM +0200, Marek Marczykowski-Górecki wrote: > On Mon, Aug 29, 2016 at 11:07:33PM -0700, nekroze.law...@gmail.com wrote: > > Also, I am not sure when, but the pkg.uptodate state does nothing in > > templates now. It used to work on this qubes install and it still succeeds > > (without changes) each run but if I use qubes-manager to do the update > > there is stuff to be done. > > Which template? I use it regularly and it works... Have you included "refresh: true" option? Otherwise it may simply not refresh repository metadata. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxwbQAAoJENuP0xzK19cs0O0IAI6ERhxfjmqEjGwe7ca3HJK8 6mfxtLQPFJnUA0fuSwqoJlPK95jZjg0ergHg4GsPpqWggtht+noeAItei9fLTp/6 or0BW9zeYut+C6GljLmd7hRsU/JzqdXGGP2iMAmvHuoMrzJTglvvBsuczqTBk+WU yq8Woiv+y5M0hLUw2chqcI0GGXsC154MtBq2Ezk5D3z8YV3UQ+uKceqdF5wM+On4 ZhmIGt6ZdApN+JSe41awlrOdeYNe5Gck+e+uiTWsj9aGavjRDuYjmCe8lueXlbfb FN//ML6VerD0nUr092yc0T3B0knqjzxd/DKwGasIQPUsNe7Wlu8Zuk5RLhe40cA= =EYl1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160831163320.GD11005%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: torvm / whonix / Tor Browser / P.O.R.T.A.L ?
On Wednesday, August 31, 2016 at 8:54:05 AM UTC-7, 499eph+30e...@guerrillamail.com wrote: > Hi, > > Which of these tools provides a better privacy and security for a threat > model that intends to protect against massive surveillance (the intention is > not to protect against state actors as this is barely impossible) and > compromised networks? the whonix setup provided with qubes should be fine. its functionally torbrowser + portal. but, if tor is censored or dangerous in your situation, you'll have some extra work to set it up. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47484ddb-fbe4-4157-84f6-470a141806c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] epoxy on ram to prevent cold boot attacks?
poured some epoxy over where the ram connects to the motherboard, and where the clips are that you would use to take it out. the chips themselves dont have any, just the surrounding pcb. this was couple days ago. so far its survived 2 reinstalls of test qubes releases, and is doing one of rc3. i have this feeling im about to find out theres some simple way around this and its not really a protection against cold boot attacks. i know some laptops have easy bios resets, so thats one way. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a154edd-c4f9-4ec2-a89e-464ab3d1230e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2 rc2 blank screen - screenlock issue?
I use KDE (XFCE is installed but never used) and I don't have the option of using the keyboard. The num/caps/scroll lock lights won't change and the keyboard doesn't seem to respond. As I stated, the processes seem to be running, if there's a music player, I can still hear it. Will check SETUP settings (a.k.a. BIOS/UEFI) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8bf93477-f017-8fc8-abed-4b44cd6475d2%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2 rc2 blank screen - screenlock issue?
Hi Doug That might be the clue. I waited until it happened again, did Ctrl-F2 and then restarted then xfsettingsd process with a kill -HUP. Ctrl-F1 then got me back to the login for the X without having to reboot or restart VMs. I've only tried this once ... if it's repeatable over the next few days it is at least a workaround until it's fixed in Xfce. -- Richard On Sunday, 28 August 2016 23:42:11 UTC+1, Doug Hill wrote: > > Hi, I'm having a similar issue, which I believe may be caused by a bug > in xfce. I posted about it here in a previous thread: > > https://groups.google.com/d/msg/qubes-users/qwMzj2au6uE/qd_hU6EUBQAJ > > Best of luck! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/45422632-e56c-43db-9588-b92381d9f1ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Wrong timezone in VMs: where the value for qubesdb-read /qubes-timezone comes from?
El miércoles, 31 de agosto de 2016, 13:02:06 (UTC), Andrew David Wong escribió: > > On 2016-08-31 05:42, Pablo Di Noto wrote: > > El miércoles, 31 de agosto de 2016, 12:26:42 (UTC), Andrew David Wong > > escribió: > > > >> On 2016-08-31 04:48, Pablo Di Noto wrote: > >>> Hello, > >>> > >>> Somewhere along the update from 3.1 to 3.2rc1 I started to have all my > >>> VMs take UTC as their timezone. > >>> > >>> dom0 has the correct "America/Argentina/Cordoba" timezone, but all VMs > >>> get incorrectly set to "Argentina/Cordoba", which does not exists thus > >>> leaving them at UTC. > >>> > >>> I know may have manually set somehow the wrong timezone (without the > >>> required "America/" prefix) at install or update. Now all my templates > >>> get set to "Argentina/Cordoba", which is the value they get from > >>> "qubesdb-read /qubes-timezone" at every boot by qubes-sysinit.sh > >>> script. > >>> > >>> I cannot figure out where that values comes from and how to fix it. > >>> > >>> Thanks in advance, ///Pablo > >>> > >> > >> It might be worth trying to set the locale in your TemplateVM(s). For > >> example, these commands should work on fedora-23 (and some other > >> distros): > >> > >> To display your currently set locale: > >> > >> $ locale > >> > >> To set a locale: > >> > >> # localectl set-locale > >> > >> For a list of available locales: > >> > >> $ localectl list-locales > >> > > > > Thanks for the suggestion. In fact, something similar is what I use as > > workaround into the browsing VMs. > > > > The drawback is that I have to set the correct timezone for each VM upon > > booting, each time, as the setting will be overriden at next boot by the > > init script. > > > > Regards, ///Pablo > > > > Two options: > > 1. Change the locale in the TemplateVM instead of the AppVM so that the > overriding value is the desired one. There is no difference setting it at the TemplateVM, as it is also overridden by the script there. > 2. Add the command to change to the desired locale to /rw/config/rc.local (in > the AppVM), then make that file executable (chmod +x). Every command in that > file is executed as root each time the AppVM is started. Thanks Andrew! This works, but still makes you reset the timezone on each TemplateVM when traveling. Not a big deal. I will keep trying to find the root cause of this, albeit to understand the mechanics behind the scenes. Regards, ///Pablo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57658dc1-7e46-48ca-a988-c9e57c92e280%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] AMD Zen Secure Encrypted Virtualization (SEV)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Aug 19, 2016 at 11:58:18AM -0700, kev27 wrote: > > Secure Encrypted Virtualization (SEV) integrates main memory encryption > > capabilities with the existing AMD-V virtualization architecture to support > > encrypted virtual machines. Encrypting virtual machines can help protect > > them not only from physical threats but also from other virtual machines or > > even the hypervisor itself. SEV thus represents a new virtualization > > security paradigm that is particularly applicable to cloud computing where > > virtual machines need not fully trust the hypervisor and administrator of > > their host system. > > http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf > > https://support.amd.com/TechDocs/55766_SEV-KM%20API_Spec.pdf > Thanks for the pointers. Next time I suggest to send such stuff to qubes-devel ;) > Is this something Qubes OS could work with in the future to improve its > security on AMD Zen chips? Maybe something to keep an eye on. Maybe. For either SGX or SEV to make sense for Qubes OS (i.e. a desktop OS) it would need to allow some form of protected HID/video from/to the SGX/SEV-protected VM. Currently none of these technologies seem to support this. Specifically the white paper you referenced explicitly states: > One important consideration for an SEV-enabled guest is that DMA into guest > encrypted memory is not allowed by the SEV hardware for security reasons. All > DMA, whether from a real hardware or a HV emulated device, must occur to > shared guest memory. The guest OS can therefore choose to allocate memory > pages for DMA as shared (C-bit clear), or may copy data to/from a special > buffer (aka “bounce buffer”) for DMA purposes. Some operating systems have > existing support for bounce buffers which may be used for this purpose, such > as the swiotlb Linux functionality. It's thinkable that the IOMMU could transparently decrypt DMAs (from select) devices, allowing communication between these devices (XHCI, GPU) and the protected guest, without the hypervisor being able to sniff or inject the data (e.g. the actual keystrokes, framebuffers). Let's hope they do that one day. Cheers, joanna. -BEGIN PGP SIGNATURE- iQIcBAEBCAAGBQJXxtzVAAoJEDOT2L8N3GcYSiYQAL69fzVC4PVInuGNeXPPkhN0 qr8ahmRzDCZECi/b26fqfWZ/GrW9sf569m0cVT8VImL3Ki0gvV2WPcqiCypNjX6E dMQKKnPmkNAbTpKFtv6IIDsC3PxdtvGjcLXSr/R123DLNpbN2/IN5MvrrYCEhfDz CpI6YuSzWLwLAEk/MoEfm3Dk+ninRsLY+2bt0YVwfTj2X7/Q+p0VPCY2ImtL1h3k OhvYCtIKkMTAvrY4t0gV9Ndm3UNxHAHslZkl9Kcj6Gqp/mkC1GXCK1KemolCcLQE MvW9NUlhscpVYYIBmExnQPOPLb8eyD1DqxiZC0FaJz/UxQUCHhLaX6RCqr4MHqQX ytPPeNXW/Q3jgfgNewVslbwEOkehWWZgATKuHRMB6W3d/dXtcct7DDSBcqk8pCTr jn5Bq55zjylMvRE46seIFR4T4lRNVGsSeKe90N5ouO31v51q9fLAUWoEvF6/4rKA d8m/OrbtZf9DFCCXIsVXdTVI6fDzBDKAZSZOlgSpDTiApZyTfOZox6K2rPXO3RuN cI3Wf36aCH6gDMJciDOMbWMa2Gf5NxjJJhZ+PXDiqTxIJlf8yzLu2nAvEcGv3XIh EWQL6sKNxb4xFgRYCZn4Ekl8vBy9/0rYqpxdhSclg9BX5vJGhrCb6XxHfY6yjRJl ToSrhIQPHr1JUZfCqcDv =JJWX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160831133413.GA20414%40work-mutt. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Recover VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-31 01:52, katerim...@sigaint.org wrote: > Hello I have deleted a VM accidentally, is possible to recover it? Thank > you > Without a backup, there's no straightforward way to recover it. (But the data forensics experts on this list might have some tips for you.) If you have a backup, recovery is easy via Qubes Manager (or qvm-backup-restore). If you're not already making backups, please start now: https://www.qubes-os.org/doc/backup-restore/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxtGLAAoJENtN07w5UDAwJTIP+wRHyCFmt10wU2CB0TcbQvzq j8IjUskib8nO2dKj3ke+yuyE5Kh3GEb/ByKZ+h48UoGi8Ga3JSXGeNYYQW2haasr 0u88vKpKN0M2CVmvNiiOBiBukbo5PYoD/LWEfacaahMYF6DcbgpBnGKWQhPPmI3H MZqUltDasiEqABEyMqpeJcjV6uUNmM/htzZ+TPpVhUMk1TlWOGgqtWBdXgUqJxfY E5Y7VVnpiQOEy7HSCW/XXq7+PQGRyTxK8lqW2Fazyml9cRtYp8xUs84bWpXbXh1q 4Py0yrCEHxe8Ds80LbUKcYuFGs2WQapftZmmfMnw+AnWvzR07dw4WSwjuIDA7zD1 iOFw+Q8wZqItflV2DYhpI0qQT6pfVL5HdBHoJ8HxA1mhtm1Xv5FWvxluqouMuEb2 iU6mUAQS8UmxllcKahg7qaPgl4ZvBfPUPE5z20IRd3iuhvpqCmLXI+g7HNm7B2Dw Ot+gRGEAKK8wKDR9QfO8mbtfVyNmVRUAhstueIpZgQLzZO8M03PIy6l1n/j/3wbK 4Rifl3D41yRRu+qQVTK0PwOy2pNFoyWcUwUpCGuC57cmOc6jEJETBJ/dBdFCI7SA rg6g5/nd9GiKuxRq+7nfjxXKjOB0+JHGwr/abupTj7Ut9MSNsH5Ejld1cTStdAD2 9UZOkHXS0IXHD00iL9BP =3SC/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a86c696-5b06-9429-6bc1-3dd89d96a174%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Wrong timezone in VMs: where the value for qubesdb-read /qubes-timezone comes from?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-31 04:48, Pablo Di Noto wrote: > Hello, > > Somewhere along the update from 3.1 to 3.2rc1 I started to have all my VMs > take UTC as their timezone. > > dom0 has the correct "America/Argentina/Cordoba" timezone, but all VMs get > incorrectly set to "Argentina/Cordoba", which does not exists thus leaving > them at UTC. > > I know may have manually set somehow the wrong timezone (without the > required "America/" prefix) at install or update. Now all my templates get > set to "Argentina/Cordoba", which is the value they get from "qubesdb-read > /qubes-timezone" at every boot by qubes-sysinit.sh script. > > I cannot figure out where that values comes from and how to fix it. > > Thanks in advance, ///Pablo > It might be worth trying to set the locale in your TemplateVM(s). For example, these commands should work on fedora-23 (and some other distros): To display your currently set locale: $ locale To set a locale: # localectl set-locale For a list of available locales: $ localectl list-locales - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxst9AAoJENtN07w5UDAw+0cP/RTPei1sTPFIryrOIfzn8HKE rgi13ApkCAwD/Am7qfvrv39RHuNm1R5n/WA4qZzjgxGNV/vMaKbjgIQZeS5iqG76 WKIHy/1T66a0bvBs0A6IJ29dWtLzFguDeJTio7c/4pCrMdRFK5aMI0BlTJHssn/3 tsAGg/d4zlvTsCt9MoEeRjpIqp7EV9GTZV6+F1id1F8MEzNtYJ/Fk/LL9wyMF384 YWJxqvm/2HrzaIiMDnPepcD4BAPO6krPjfe8iFzJtfyPrKhS3wtXMqwJZ6Ed+keE 8qgtd9p4MWz4J7I+xXw/FCaB/aIWBUomSbtrKGYicGIC5o/Ghw7uzoopl7+TUvgy 6w1dBHpwYWEDqgmqxPCWKDl6KHyyV8pyM3KZ8ni5PtEcvbQxTAewun1WWvRNm+8u 9LRZYOqATWbJFkwlQ63OjRFgmYtlEZYvoY98pg2ul105FCsnmlFGyIbEJhyZOY/R /AUJgJPU5bKMmYV6/mEolKYQcMsdzt+4WLpX1Q05iPHI/V8H357x0wA5gOxD/A6J 3DgCfl3auVbEWlCl5piWTON9D2gcETyNZQfDKSfflLXrBblIWwYe2WVrbfeRNEd3 LUWp0qmr792lvbezdUWf2Qk3gNZ4IRKBVtEyOjXFEqlHXOueu0WnOTqYQ2D4SBAp LQEsDV4u3WwIliPdsrPT =T+WS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ba970ef-9d9c-29a7-9ddd-edd626575302%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run only available from dom0?
> On 2016-08-30 01:16, johnyju...@sigaint.org wrote: >> Say someone compromises the dom0 encrypted drive password, and >> then goes shuffling through the private.img file of the AppVM's to >> get at Firefox's passwords...? The VM itself wouldn't have to be >> running corrupt code for that, and keeping the passwords out of >> Firefox prevents that attack. >> >> (Firefox's master password could also help prevent such attack, I >> guess. Is strong crypto used for that? It's still a single point >> of failure, but so is the keepass master password. At least with >> keyfiles and physically taking the device with me, that keepass >> single point of failure is mitigated.) >> > > Qubes is designed with the assumption that if dom0 is compromised, the > whole system is compromised. So, from a "standard" Qubes perspective, > it doesn't really make sense to talk about protecting Firefox > passwords when dom0 is assumed to be compromised. If your threat model > differs significantly from this assumption, then you may need to > specify it in more detail. Understood. I think most of my security violations in the past were done remotely, and with dom0 having no networking, that risk is quite low. There have been occasions where I suspected physical access and a keylogger/camera, however. Notwithstanding "dom0 is compromised and you're screwed," there is one threat model where Firefox passwords are less safe, possibly: With a hardware keylogger or an over-the-shoulder-camera, one can glom the root disk password (and any Firefox master password). Then when you're out (or via a network card management mode, BIOS trojan, whatever) get into the system, go through the .img files to find the Firefox passwords. All of your online passwords are revealed at that point. If the passwords only existed in keepass on a removable USB drive, then they're safely with you. Even if that keylogger grabbed your keepass password, it's no good to any attacker. And the passwords have never been typed, so any keylogger/camera doesn't have them. Yes, an attacker who gets into the system could at that point plant trojans, but if you have in place other intrusion detection mechanisms (not necessarily just on the computer) you can be aware of that fact, and redo the system from a backup. Your computer may be toast, but your email and online world is still safe. I guess if you never typed your Firefox master password, but used keepass for it, too, and assuming Firefox's password storage is strongly encrypted, then your passwords are still pretty safe in case of a dom0 violation. Whenever you start stacking "if's" like that, though, I start feeling less secure. :) I do know the passwords can't be stolen if they're not on the system and have never been typed, short of the system already having been compromised. I don't know enough about Firefox's master password encryption to trust it 100%. Faulty assumptions have cost me dearly in the past, so I try to make as few as possible these days. > P.S. - Please keep the list CCed (unless there's a special need for > privacy, in which case, use PGP). I definitely will share the results with the group. There's won't be anything in the setup whose revelation would reduce my own security. :) But I appreciate the sensitivity. > I've noticed that you keep CCing > "qubes-users@goog" instead of "qubes-users@googlegroups.com". Apologies. I'll be more careful cleaning up the To/Cc on mailing list replies in the future. sigaint was truncating the field, and I neglected to notice (until the bounce). Hey, at least I'm not still top posting. :) JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/31e6bb44f35bf1ca07a10ddc3c8bb34f.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] wacom pressure?
is there a way to turn on tilt or pressure sensitivity for pens? using qubes 3.2rc2 with xfce (test box, not production) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9269e09-7c4d-469b-8244-e204263be0d6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Recover VM
Hello I have deleted a VM accidentally, is possible to recover it? Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ac9c468271e8818cf5ea786329f299d.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.