[qubes-users] sync-ntp-clock

[Drew White]

Hi folks,

I'm wondering what keeps calling  "/usr/lib/qubes/sync-ntp-clock" every minute, 
and what it's actually used for please?

I found that everything is set to call ntp.org, not whatever the parent is set 
to.

It should be altered for everything to just query the parent as the NTP server 
and thus filter to it's NetVM and then only the NetVM will call the NTP server.

That way, it only gets one query every minute, instead of getting hit with 
15-20 a minute.

If you could please let me know what uses that, and what it's used for, and why 
it's called every minute, that would be great.

Thanks!

Sincerely,
Drew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f23942e6-b589-4a68-84ae-d559cc47704f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Mirage .1 for NetVM?

[Reg Tiangha]

On 2017-02-01 5:19 PM, Drew White wrote:
> Hi folks,
> 
> I was always told that mirage would be a good external firewall/netvm for 
> qubes, however I am unable to get it to work for unknown reason.
> 
> Anyone out there been able to get it to work?
> 
> Or does anyone know of another similar item that can be made to be a netvm?
> 
> Sincerely,
> Drew.
> 

FirewallVM should work fine by default. NetVM may not work because (if I
understand how it's made correctly) the Mirage Firewall kernel has no
hardware networking drivers included in it at all. So it wouldn't work
with your network card and thus, wouldn't be able to connect out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o6ul58%241tr%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Mirage .1 for NetVM?

[Tim W]

On Wednesday, February 1, 2017 at 7:19:28 PM UTC-5, Drew White wrote:
> Hi folks,
> 
> I was always told that mirage would be a good external firewall/netvm for 
> qubes, however I am unable to get it to work for unknown reason.
> 
> Anyone out there been able to get it to work?
> 
> Or does anyone know of another similar item that can be made to be a netvm?
> 
> Sincerely,
> Drew.


Drew,

Did you read thru this thread:  
https://groups.google.com/forum/#!searchin/qubes-users/Unikernels$20and$20Qubes/qubes-users/h03-1hiNMCc/DlWjysajEAAJ

Not sure if the links within are still gtg but I know a number of people per 
the thread got it working.  For me at the very least I think the sys-vms should 
have only what is need in there build for their there function and NOTHING 
more.  Keep it light and the least amount of overhead and code a possible.  UK 
are light and seem to be a good fit.  

For me at the very least linux kernel with only what is needed for that 
specific sys-vm function.  Not exactly sure why it was not done that way from 
the start.  The templates are easy enough such as the minimal ones.

Post up if you get this working and some details.  I would not mind trying it 
out myself for testing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8aa44da2-f590-43be-a255-d5df60156aab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] auto attach and mount internal hard drive in appVM on boot

[Ted Brenner]

Hi all,

Is it possible, via a config file, to attach a device to a appVM during
boot up and mount it? I'd like to pass an HDD to my personal appVM without
having to manually attach it and mount it each time I open the vm.

Thanks!

-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutz8NEcz2e7MZSUGT5SfAeFGy5tz7FY5sEUmqchGiAOaLg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[raahelps]

On Tuesday, January 31, 2017 at 9:30:41 PM UTC-5, RSS wrote:
> > > no support for ipv6  
> > 
> > not really a problem. it is 2017 and I still haven't encountered any
> > situation where IPv6 is actually being used, despite working a lot
> > with computers and routers (IPv6 is there but nobody is using it...
> > Never ever had to use those ridiculous IPv6 addresses, yet)
> 
> Actually, I run IPv6-enabled mail servers, and I am (at least some
> times) getting IPv6 connections with Google's mail servers. This is
> fairly recent behavior. A good chunk of Amazon AWS has recently enabled
> IPv6. 
> 
> I rent (very cheap) two servers that have no public IPv4 IP addresses,
> only IPv6.
> 
> IPv6 is coming, count on it.

my isp going to start pushing ipv6 in a week or two.  I'm scared lol.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df5ab178-35d7-4212-9340-6c0e7b275b2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible to get usable Win7 gui?

[raahelps]

On Saturday, January 28, 2017 at 11:58:23 AM UTC-5, Jarle Thorsen wrote:
>  :
> 
> 
> 
> 
> hmm weird,  my windows 7 vm is a little laggy,  but I figured its normal.   
> it doesn't increase over time for me and doesn't seem that bad.  Have you 
> tried to set the windows system setting to performance mode?
> 
> 
> 
> If you try to do gpu intensive tasks it might be an issue though.
> 
> 
> The only Windows version I have tried is Windows 7 Enterprise 64-bit, with 
> all default settings apart from installing Qubes Windows tools.
> Tried this HVM on both a "normal" system and a performance system with 
> *plenty* of resources. Assigning the win 7 HVM 16 vcpu and 10GB RAM makes no 
> difference 
> 
> I do not see any increase in lag over time though, as observed by Robert.
> 
> 
> 
> Maybe I'll try a different version of Windows just to be sure...

I use the qubes windows tools maybe that would help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90217de6-f3f3-4376-b6fe-f1c130735106%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Unable to locate package linux-headers

[Aneer Qadri]

'TimMeskov' via qubes-users:
> Hello
> I'm trying to install kernel in debian 9 but some errors show up
> Running this command
> sudo apt-get install linux-headers-$(uname -r)
> 
> the result is
> Unable to locate package linux-headers-4.4.38.11.pvops.qubes.x86_64
> Couldn't find any package by glob 'linux-headers-4.4.38.11.pvops.qubes.x86_64'
> Couldn't find any package by regex 
> 'linux-headers-4.4.38.11.pvops.qubes.x86_64'
> 
> 
> with this
> 
> sudo apt-cache search linux-headers
> 
> says me there is linux-headers-4.9.0-1, then I install it but running the 
> first command the same answer appears.
> Also with apt-get update, upgrade, dist-upgrade, reboot and another time
> 
> sudo apt-get install linux-headers-$(uname -r)
> 
> 
> 
> These are my source lists :
> 
> /etc/apt/sources.list
> 
> deb http://deb.debian.org/debian stretch main contrib non-free
> #deb-src http://http.deb.debian.net/debian main/stretch main contrib non-free
> 
> deb http://security.debian.org stretch/updates main contrib non-free
> #deb-src http://security.debian.org stretch/updates main contrib non-free
> 
> /etc/apt/sources.list.d
> 
> # Main qubes updates repository
> deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch main
> #deb-src http://deb.qubes-os.org/r3.2/vm stretch main
> 
> #Qubes updates candidates repository
> #deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-testing main
> #deb-src http://deb.qubes-os.org/r3.2/vm stretch-testing main
> 
> #Qubes security updates testing repository
> #deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-securitytesting main
> #deb-src http://deb.qubes-os.org/r3.2/vm stretch-securitytesting main
> 
> #Qubes experimental/unstable repository
> #deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-unstable main
> #deb-src http://deb.qubes-os.org/r3.2/vm stretch-unstable main
> 
> Thank you. Hoping to solve it.
> 

I'm not sure if this is the only way to do it but this is how I
aproached it when I had this problem

You have to install the headers specific to the debian architecture that
you're using. You won't find the qubes headers, but you will find the
headers that you would have used if debian was running bare metal on
your device.

https://packages.debian.org/search?searchon=names=linux-headers

Download whichever one of those corresponds to your architecture. If
you're not sure, download a debian live iso and burn it then run echo
linux-headers-$(uname -r) or something like that in there.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o6u4ol%24mtd%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can't get Qubes 3.2 to install on a Lenovo E560 Thinkpad [novice user]

[mindflowerstudio]

Ok I'm making a little bit of progress I think. I have gotten Qubes to boot 
using a grub rescue live CD. Trying to follow the directions to repair the boot 
code at 

https://www.qubes-os.org/doc/uefi-troubleshooting/

 for Qubes 3.2 which states I need to add a few lines to 

/boot/efi/EFI/qubes/xen.cfg

I tried to edit this file (which is empty, not what I was expecting per the 
repair docs) using VIM but I have no idea how to use VIM and couldn't easily 
figure it out. I was able to copy the file out of dom0 using command 

qvm-copy-to-vm  

to the work VM where I had access to gedit a editor I am much more familiar 
with. I added the code

mapbs=1
noexitboot=1

to the empty xen.cfg file and saved it. The snag now is getting the modified 
file back to dom0, I get why this isn't easy with dom0 having root directory 
like privileges I tried command

qvm-run --pass-io  'cat /path/to/file_in_src_domain' > 
/path/to/file_name_in_dom0

as per the docs but I don't understand the syntax. What value does  
expect? Can someone walk me through how to get the xen.cfg file into the right 
place in dom0 to hopefully fix these boot problems please? My modified xen.cfg 
file is currently in directory "work dom0" how do I get it into 
"/boot/efi/EFI/qubes/" replacing the (empty) "xen.cfg"? 

Thanks this is very confusing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10157f48-d48f-4800-bfc7-7f557963852c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Custom config not functioning.

[Drew White]

On Thursday, 2 February 2017 12:11:17 UTC+11, Drew White  wrote:
> Hi folks,
> 
> I've set up a custom config and it just isn't working.
> 
> xvda, xvdb, xvdc, xvdd are as per Qubes set up.
> 
> I added xvde, xvdf, xvdg and use it to perform startup and it isn't getting 
> the other 3 drives into the system, can't even see them using fdisk or 
> anything.
> 
> Is there a restriction on the number per guest?

Nevermind, all sorted. Was a small misconfiguration that wasn't reported as an 
error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7b30b1b-3d0b-4610-b41e-d9267d96f357%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Custom config not functioning.

[Drew White]

Hi folks,

I've set up a custom config and it just isn't working.

xvda, xvdb, xvdc, xvdd are as per Qubes set up.

I added xvde, xvdf, xvdg and use it to perform startup and it isn't getting the 
other 3 drives into the system, can't even see them using fdisk or anything.

Is there a restriction on the number per guest?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c329bba-7139-4e1e-86f7-1ba849089294%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ios in Qubes

[Drew White]

On Thursday, 2 February 2017 12:00:41 UTC+11, pixel fairy  wrote:
> another option, if you must, are cloud services. here are the first 3 from 
> google.
> 
> 
> https://www.macincloud.com/
> https://xcloud.me/
> https://www.hostmyapple.com/

If you want to never know where your stuff is or who is looking at it, use the 
"cloud" by all means.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/056a8fff-7e49-4f27-9e05-12ef019923c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ios in Qubes

[pixel fairy]

another option, if you must, are cloud services. here are the first 3 from 
google.


https://www.macincloud.com/
https://xcloud.me/
https://www.hostmyapple.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0cc2d16-794c-452e-bc52-60ca9893756d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB wifi adapter

[Unman]

On Wed, Feb 01, 2017 at 10:27:05AM +, goi...@hushmail.com wrote:
> I have seen the adapter divers supports only linux kernel up to 3.10,
> my qubes kernel is 3.19. Can do anything? 
> On 1/31/2017 at 11:37 PM, "Unman"  wrote:On Tue, Jan 31, 2017 at
> 05:33:33PM +, goi...@hushmail.com wrote:
> > Hello
> > How can I install a wifi adapter in Qubes? I have some drivers but
> > don't now where and how to install them. When I insert the usb,
> Qubes
> > doesn't detect it  and I haven't found doc on the site that can help
> > me.
> > 
> > Best Regards
> 
> If you have a sys-usb then it has captured the wifi adapter. If not,
> then you should have one.
> 
> What you can do is to switch the relevant USB controller to your
> sys-net.
> In the template backing sys-net install the drivers for the wifi
> adapter.
> Reboot.(Easiest way after reallocating the controller to new qube)
> The adapter should show up in sys-net and you can use it from there.
> Look in a terminal in sys-net to see what's happening, but if you have
> right drivers it should work.
> 
> unman

Please don't top post.

On Debian I think you can use the firnware-realtek package - have you
tried that? I think it's an rtl8192cu.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170202003804.GC15729%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

[Connor Page]

actually I think that reliance on mangle can be avoided since routing table 
selection can be done by source address rather than firewall marks. marks are 
good to differentiate different types of traffic but in our case all traffic 
should be trated the same.
there is difference in how traffic from the vpn vm is routed. this leads to two 
different attack vectors by a potentially compromised server. for the official 
solution routing tables can be manipulated, for Rudd-O's tool problems may 
arise from martian packets. some thought need to be given to proper firewalling.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6603fa95-46f6-488b-8b90-13ee95543c18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Mirage .1 for NetVM?

[Drew White]

Hi folks,

I was always told that mirage would be a good external firewall/netvm for 
qubes, however I am unable to get it to work for unknown reason.

Anyone out there been able to get it to work?

Or does anyone know of another similar item that can be made to be a netvm?

Sincerely,
Drew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6325993c-62b2-406c-85b8-3bf264f759be%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Remove menu entries in XFCE on Qubes

[Unman]

On Wed, Feb 01, 2017 at 10:57:27AM -0800, '01v3g4n10' via qubes-users wrote:
> On Wednesday, February 1, 2017 at 12:08:38 PM UTC-6, qubes-user-000 wrote:
> > On Tuesday, January 31, 2017 at 11:57:48 AM UTC-5, 01v3g4n10 wrote:
> > > On Tuesday, January 31, 2017 at 9:36:03 AM UTC-6, 
> > > b...@students.ptcollege.edu wrote:
> > > > I'm trying to remove an entry in the applications menu for fedora 23 
> > > > that's still there from when I updated to 24. How can I do this?
> > > 
> > > https://www.qubes-os.org/doc/remove-vm-manually/
> > 
> > I did that months ago. It doesn't work. Fedora 23 is still in the XFCE 
> > Applications menu.
> > http://i.imgur.com/wkrB0BT.png
> 
> Did you try including "*" at the end of fedora23? It's not there in your pic.
> 
> rm ~/.local/share/applications/fedora23*
> 

Yes, have you actually looked in that folder to see what's there?
Also, as raaahelps points put you can directly edit the menu contents
- if you "hide" all the entries from a menu then the menu entry will
itself also disappear from the applications menu.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170202001442.GB15729%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ios in Qubes

[Drew White]

On Wednesday, 1 February 2017 08:43:46 UTC+11, Patrick Bouldin  wrote:
> On Tuesday, January 31, 2017 at 3:57:35 PM UTC-5, Patrick Bouldin wrote:
> > Hi, I'm not seeing that as an option, is that correct?
> > 
> > I thought maybe I could avoid buying an Apple in order to do some mobile 
> > app development if I could load the OS into a VM.
> > 
> > Thanks,
> > Patrick
> 
> Ok, thanks much to you both. Yuk.
> Patrick



You can get OSX integration for Qubes from an earlier post.

If you contact them and get permission to do it then you are legally allowed 
to. it states that in the EULA.

I tried to get them to add in the OSX support ages ago, but they wouldn't 
because they said it was illegal and all.

But if they put in the availability, those of us with permission can then use 
Qubes to it's full extent and also have OSX on there. If people choose to use 
that functionality without permission from Apple, then it's not Qubes at fault, 
but those that used it the wrong way without permission from Apple.

So I run OSX in a VM under a VM because Qubes wouldn't put it into the builds.

So, it's not against the law or the agreement, IF you get permission from Apple.

iOS can run on x86 if you run the ARM packages for QEMU on the system.
(But you still need permission from Apple.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dff50ed7-9011-4558-b540-95743b7d6636%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Workaround for building Ubuntu xenial+desktop with qubes-builder

[Unman]

On Mon, Jan 30, 2017 at 11:00:41AM -0800, Andrew M wrote:
> Thanks Unman,
> 
> This bug is currently affecting my work so it would be greatly
> appreciated if it were resolved :)
> 
> 
> On 01/29/2017 06:38 PM, Unman wrote:
> > On Sat, Jan 28, 2017 at 12:31:38PM +, Nick Darren wrote:
> >> /Hi all,/
> >>
> >>
> >> On 01/24/2017 06:59 AM, anoa wrote:
> >>> Hey all,
> >>>
> >>> Today I was trying to build the Ubuntu 16.04 Xenial+Desktop template
> >>> using qubes-builder with help from these instructions:
> >>>
> >>> https://github.com/QubesOS/qubes-builder
> >>>
> >>> Everything was alright until the `make qubes-vm` step where it would
> >>> fail on the following:
> >>>
>  dpkg-source: error: can't build with source format '3.0 (quilt)': no 
>  upstream tarball found at ../xen_4.6.3.orig.tar.{bz2,gz,lzma,xz}
>  dpkg-buildpackage: error: dpkg-source -b debian-vm gave error exit 
>  status 255
>  /home/user/qubes-builder/qubes-src/builder-debian/Makefile.qubuntu:196: 
>  recipe for target 'dist-package' failed
> >>> The build was looking for xen_4.6.3 when in fact xen_4.6.4 is in the
> >>> folder. As a workaround, simply copying the xen_4.6.4 to be named
> >>> xen.4.6.3 allowed the build to continue and eventually complete
> >>> successfully:
> >>>
>  cd /path/to/qubes-builder/chroot-xenial/home/user/qubes-src/vmm-xen; 
>  sudo cp -pr ./xen_4.6.4.orig.tar.gz ./xen_4.6.3.orig.tar.gz
> >> /It doesn't work by just rename the 'xen_4.6.4.orig.tar.gz' on
> >> chroot-xenial. On my case (on testing to build xenial-desktop) needs to
> >> copy the file to /path/to/qubes-builder/qubes-src/vmm-xen/. there. Then,
> >> it will skip the error message and allowed the build successfully./
> >>
> >>> Hope this helps someone while the script is being updated.
> >>>
> >> /I have another weird situation. The build was succeed but the problem
> >> is, terminal and some others application cannot be launched due to an
> >> error, normally on ubuntu's standard installation caused by locales
> >> issue. Tried to fix it the way it used to be on normal ubuntu
> >> installation or archlinux. But the problem still persists after
> >> rebooting the template-vm or any appvms that's based on it./
> >>
> >> user@ubuntu-xenial:~$ Error constructing proxy for
> >> org.gnome.Terminal:/org/gnome/Terminal/Factory0: Error calling
> >> StartServiceByName for org.gnome.Terminal:
> >> GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildSignaled: Process
> >> org.gnome.Terminal received signal 5
> >>
> >> /Test on executing gedit from xterm/UXterm/urvtx:/
> >>
> >> user@ubuntu-xenial:~$ gedit
> >> Gedit failure to execute.
> >> (gedit:5697): GLib-GIO-ERROR **: No GSettings schemas are installed on
> >> the system
> >> Trace/breakpoint trap (core dumped)
> >>
> >>
> >> /The same error happen when I execute the 'xfce4-terminal' or
> >> 'terminator'. Still the same 'Trace/breakpoint trap (core dumped)'
> >> issues here and there./
> >>
> >>
> >> 
> >>
> >> /Locale was set in order to avoid gnome-terminal error, but it' useless
> >> on this case and still failed to work./
> >>
> >> user@ubuntu-xenial:~$ localectl
> >>System Locale: LANG=en_US.UTF-8
> >>VC Keymap: us
> >>   X11 Layout: us
> >>X11 Model: pc105+inet
> >>  X11 Options: terminate:ctrl_alt_bksp
> >>
> >> 
> >>
> >> /On checking qubes local packages installed on the 'xenial-desktop' system.
> >> /
> >> libqubes-rpc-filecopy2/now 3.2.3+xenialu1 amd64 [installed,local]
> >>   Qubes file copy protocol library
> >>
> >> libqubesdb/now 3.2.3-1+xenialu1 amd64 [installed,local]
> >>   QubesDB libs.
> >>
> >> libvchan-xen/now 3.2.0-1+xenialu1 amd64 [installed,local]
> >>   Qubes Xen core libraries
> >>
> >> libxen-4.6/now 2001:4.6.3-25+xenialu1 amd64 [installed,local]
> >>   Libraries for Xen tools
> >>
> >> qubes-core-agent/now 3.2.15-1+xenialu1 amd64 [installed,local]
> >>   Qubes core agent
> >>
> >> qubes-gui-agent/now 3.2.13-1+xenialu1 amd64 [installed,local]
> >>   Makes X11 windows available to qubes dom0
> >>
> >> qubes-utils/now 3.2.3+xenialu1 amd64 [installed,local]
> >>   Qubes Linux utilities
> >>
> >> qubesdb/now 3.2.3-1+xenialu1 amd64 [installed,local]
> >>   QubesDB management tools and daemon.
> >>
> >> qubesdb-vm/now 3.2.3-1+xenialu1 amd64 [installed,local]
> >>   QubesDB VM service.
> >>
> >> xserver-xorg-input-qubes/now 3.2.13-1+xenialu1 amd64 [installed,local]
> >>   X input driver for injecting events from qubes-gui-agent
> >>
> >> xserver-xorg-video-dummyqbs/now 3.2.13-1+xenialu1 amd64 [installed,local]
> >>   Dummy X video driver for qubes-gui-agent
> >>
> >> --
> >>
> >> /So, I would like to know if there's any errors like above happened to
> >> you guys too? Or is it me the only person? If it was just me facing the
> >> issues, then I would like to know if any missing qubes packaged that's
> >> not listed on my side shown like above? You can just check your qubes
> >> packages to 

[qubes-users] Re: cross operating system shortcuts in a VM?

[Drew White]

On Thursday, 2 February 2017 05:12:07 UTC+11, Oleg Artemiev  wrote:
> Is it possible to separate linux/wine/windows names w/ a postfix or prefix?
> 
> I've added notepad, executed and found that this is not native linux
> app - wine configuratuion started.
> 
> Is separation of names in Qubes menu possible when app is executed via
> Wine or someth. alike ?

Edit it manually? That's the only way I can think of accurately doing it.

I edit the sychronised menu myself, that way I get rid of the extra text and 
comments and more.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/017091e7-437f-45c3-b718-0ba8f5ba7b4d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible to get usable Win7 gui?

[Drew White]

On Saturday, 28 January 2017 01:17:35 UTC+11, Jarle Thorsen  wrote:
> søndag 1. januar 2017 21.17.39 UTC+1 skrev Robert Fisk følgende:
> > > Can anybody please confirm that it is indeed possible to have a lag-free 
> > > Windows experience under QubesOS?
> > > 
> 
> > I work around the issue by using Remmina (or other RDP client) in an
> > appVM, and allowing IP forwarding in the firewall vm. This solution does
> > not suffer from increasing lag, and should be usable for everything
> > except gaming.
> 
> After struggling with a very slow Win7 for a while (after pressing a mouse 
> button there would be apx 1 second delay before any response from the GUI, 
> moving/resizing windows was a drag) I finally tested RDP connection from a 
> Fedora VM running Remmina:
> 
> WOW! Now everything is snappy and usable again!
> 
> Any idea what might cause the normal Windows HVM GUI to be so slow in 
> comparison?
> 
> Windows tools (latest version) is installed.

To give you a rough breakdown...

3.2.1.3 was working but they broke 3.2.2.3.

I have not received an update for Qubes Windows Tools yet.
I would recommend you go back to verson 3.2.1.3 if that isn't what is installed.

As for your resolution, it does make a difference with the way Qubes is 
designed, and it does affect things. However the lag in it isn't because of 
your resolution. I run multiple monitora in 1920 x 1080 and 1600x900 mode and I 
have no issue with 3.2.1.3 and lag like in 3.2.2.3.

Every time I post letting them know there is an issue, or to find if there is a 
workaround, it gets ignored. So, in relation to Windows, I can only guess that 
they just don't have enough time to assess all the critical bugs before they 
release an update, and they can't get it updated fast enough to please everyone.

So the critical bugs stay on the back burner while they sort out the tiny small 
ones until they can get the larger ones sorted out.

If you are having great issue with it, uninstall the tools, and do NOT install 
the video driver. Then you will have no issue with the latest version. No 
seamless mode, but it will run just fine with 2 threads and 4 GB RAM with ease. 
You can even have Win7 at 1 thread and 2 GB RAM if you so want.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a6abf27-c761-4090-bba4-0fbc3df4cfbf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to locate package linux-headers

['TimMeskov' via qubes-users]

Hello
I'm trying to install kernel in debian 9 but some errors show up
Running this command
sudo apt-get install linux-headers-$(uname -r)

the result is
Unable to locate package linux-headers-4.4.38.11.pvops.qubes.x86_64
Couldn't find any package by glob 'linux-headers-4.4.38.11.pvops.qubes.x86_64'
Couldn't find any package by regex 'linux-headers-4.4.38.11.pvops.qubes.x86_64'


with this

sudo apt-cache search linux-headers

says me there is linux-headers-4.9.0-1, then I install it but running the first 
command the same answer appears.
Also with apt-get update, upgrade, dist-upgrade, reboot and another time

sudo apt-get install linux-headers-$(uname -r)



These are my source lists :

/etc/apt/sources.list

deb http://deb.debian.org/debian stretch main contrib non-free
#deb-src http://http.deb.debian.net/debian main/stretch main contrib non-free

deb http://security.debian.org stretch/updates main contrib non-free
#deb-src http://security.debian.org stretch/updates main contrib non-free

/etc/apt/sources.list.d

# Main qubes updates repository
deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch main

#Qubes updates candidates repository
#deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-testing main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch-testing main

#Qubes security updates testing repository
#deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-securitytesting main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch-securitytesting main

#Qubes experimental/unstable repository
#deb [arch=amd64] http://deb.qubes-os.org/r3.2/vm stretch-unstable main
#deb-src http://deb.qubes-os.org/r3.2/vm stretch-unstable main

Thank you. Hoping to solve it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/WCW_sGHebLpJrWwof2WSvhPxvJM8P0_qTlyWmhliqxeqMqlG8Ept654cK2EexrKnEscS5CesDXwTCP5R5J2dClsgDfjeLvJSE70W5eHEIfo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] "Backup VMs" does not backup salt configuration

[john.david.r.smith]

On 01/02/17 21:30, qu...@posteo.de wrote:

Hi,

I have now nearly a complete salt configuration for all my templates so I do 
not need to backup them anymore and save a lot of space by this.

So I have ran a backup including dom0 and realized that the salt configuration 
("/srv/salt") does not seem to be included because it is much bigger than the 
MB listed for dom0.

Is there a way to back it up right now with this method or do I manually have 
to copy everything outside of dom0?

Thx in advance



i put my files in ~/salt and symlinked them to /srv/salt
then backups should work

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba5ec9f2-6b8c-7bf0-570d-7c3e6aac5c84%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] "Backup VMs" does not backup salt configuration

[qubes]

Hi,

I have now nearly a complete salt configuration for all my templates so 
I do not need to backup them anymore and save a lot of space by this.


So I have ran a backup including dom0 and realized that the salt 
configuration ("/srv/salt") does not seem to be included because it is 
much bigger than the MB listed for dom0.


Is there a way to back it up right now with this method or do I manually 
have to copy everything outside of dom0?


Thx in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c65360dab475f3f0bc91ba72d62effc%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Advantage of connecting through a mobile router in public?

[Franz]

On Wed, Feb 1, 2017 at 2:34 PM, Chris Laprise 
wrote:

> On 02/01/2017 01:16 AM, Franz wrote:
>
>>
>>
>> On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise > > wrote:
>>
>> On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:
>>
>> I keep reading examples where people are using something like
>> mobile routers between thier phone/computer and public wifi
>> spots, example like the blackholecloud
>> device or apparently Mike Perry
>> of the tor project told arstechnica
>> > e-google-hostility-android-open-source/
>> > e-google-hostility-android-open-source/>>that
>> "He suggests leaving the prototype in airplane mode and
>> connecting to the Internet through a second, less-trusted
>> phone, or a cheap Wi-Fi cell router."
>>
>>
>> This is pretty dubious advice. What is to stop an attacker from
>> breaking into the mobile router and using that as an attack
>> platform to break into your main device? A few minutes...?
>>
>>
>> But doesn't a firewall add some additional security? Otherwise which is
>> the purpose of having a firewall?
>>
>
> A layer 3 service cannot protect you against a layer 2 attack.
>
> Now, if we're going to pretend that NIC-DMA attacks are not a part of the
> threat model, then we can just run a regular OS instead of Qubes.
>
> Router firewalls were a "good" option in 2002, and the word "firewall"
> itself is powerful and insists we place trust in it. But it was folly to
> place trust in network infrastructure in the first place and now
> router-firewalls are popular targets. They contain NICs with imperfect and
> obscure hardware and firmware.
>
>
Thanks Chris. Would you think the same of openwrt firmware?  Qubes firewall
architecture is obviously the way to go. But phones, netbooks etc cannot
afford Qubes. While they would deserve some sort of perhaps minor
protection.
Best
Fran

Chris
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qA_bmQmm4Dxw_QWtTnuv3nQwGfwJ6%3DkSxru49-xFKJTBA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

[Chris Laprise]

On 02/01/2017 08:06 AM, Connor Page wrote:

relying on the main routing table that can be messed up.


This point tends to be overstated. I haven't seen an example of the 
blocking commands in the routing table getting "messed up". The commands 
get refreshed each and every time qubes-firewall makes a change, and the 
fact they are managed along with all the other Qubes firewall rules 
should be seen as a plus. For a VM environment that is dedicated to a 
specific purpose (no extra firewall-management services configured) the 
subject is moot.


IIRC, the other solution relies on the integrity of 'mangle' table to 
make the custom chain work. I'm not saying that's a bad choice, but its 
not inherently better.



  However, that requires relaxing the reverse path filter and I don't remember 
any mitigation for potential attacks by VPN servers exploiting this.
The main advantage is that an rpm package is produced so there's an easy way 
for creating and maintaining multiple VPN VMs based on the same template = 
easier updates.



Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/766de2de-6ca8-869f-afa3-822e9ed6112a%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Weird DHCP Problems in sys-net (Qubes 3.2)

[raahelps]

On Tuesday, January 31, 2017 at 12:10:25 PM UTC-5, na...@riseup.net wrote:
> Hello,
> 
> a friend of mine updated recently from Q3.1 to Q3.2. Since then he has weird
> issues with connecting to the internet. It looks like sys-net is not able to
> get an IP-address via DHCP. If he sets up a manual connection with fixed
> IP-addresses it works. We unsuccessfully tried to hunt down the problems
> source.
> - He tried to change the template on which sys-net is based from Fedora
> 23 to
>   Fedora 24 (from the official Qubes repository)
> - He tried out to use different kernels: 4.4.11-11 and 4.4.38-11
> - It works on the same machine with a xubuntu-live-system.
> - Here is a log from a DHCP attempt:
> 
> [user@sys-net Documents]$ cat NM_log.txt
> -- Logs begin at Mon 2017-01-30 13:53:38 CET. --
> Jan 31 00:09:03 sys-net dhclient[1181]: DHCPDISCOVER on wlp0s1 to
> 255.255.255.255 port 67 interval 20 (xid=0x40ab3d7d)
> Jan 31 00:09:07 sys-net dhclient[1181]: receive_packet failed on wlp0s1:
> Network is down
> Jan 31 00:09:07 sys-net NetworkManager[540]:   WiFi hardware radio
> set disabled
> Jan 31 00:09:07 sys-net NetworkManager[540]:   (wlp0s1): device
> state change: IP-config -> unavailable (reason 'none') [70 20 0]
> Jan 31 00:09:07 sys-net NetworkManager[540]:   (wlp0s1): canceled
> DHCP transaction, DHCP client pid 1181
> Jan 31 00:09:07 sys-net NetworkManager[540]:   (wlp0s1): DHCPv4
> state changed unknown -> done
> Jan 31 00:09:07 sys-net NetworkManager[540]:   NetworkManager
> state is now DISCONNECTED
> Jan 31 00:09:07 sys-net NetworkManager[540]:   WiFi now disabled
> by radio killswitch
> Jan 31 00:09:07 sys-net NetworkManager[540]:   Failed to
> GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not
> connected: disconnect.
> Jan 31 00:09:07 sys-net NetworkManager[540]:   Failed to
> GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not
> connected: disconnect.
> Jan 31 00:09:29 sys-net NetworkManager[540]:   WiFi hardware radio
> set enabled
> Jan 31 00:09:30 sys-net NetworkManager[540]:   WiFi now enabled by
> radio killswitch
> Jan 31 00:09:30 sys-net NetworkManager[540]:   (wlp0s1) supports 5
> scan SSIDs
> Jan 31 00:09:30 sys-net NetworkManager[540]:   (wlp0s1):
> supplicant interface state: starting -> ready
> Jan 31 00:09:30 sys-net NetworkManager[540]:   (wlp0s1): device
> state change: unavailable -> disconnected (reason
> 'supplicant-available') [20 30 42]
> Jan 31 00:09:32 sys-net NetworkManager[540]:   (wlp0s1):
> supplicant interface state: ready -> inactive
> Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
> Activation: starting connection 'Hide'
> (8d633039-62bf-4625-8639-b23b318c13ff)
> Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1): device
> state change: disconnected -> prepare (reason 'none') [30 40 0]
> Jan 31 00:09:39 sys-net NetworkManager[540]:   NetworkManager
> state is now CONNECTING
> Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1): device
> state change: prepare -> config (reason 'none') [40 50 0]
> Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
> Activation: (wifi) connection 'Hide' has security, and secrets
> exist.  No new secrets needed.
> Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added
> 'ssid' value 'Hide'
> Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added
> 'scan_ssid' value '1'
> Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added
> 'key_mgmt' value 'WPA-PSK'
> Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added 'psk'
> value ''
> Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: set
> interface ap_scan to 1
> Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
> supplicant interface state: inactive -> associating
> Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
> supplicant interface state: associating -> associated
> Jan 31 00:09:40 sys-net NetworkManager[540]:   (wlp0s1):
> supplicant interface state: associated -> completed
> Jan 31 00:09:40 sys-net NetworkManager[540]:   (wlp0s1):
> Activation: (wifi) Stage 2 of 5 (Device Configure) successful.
> Connected to wireless network 'Hide'.
> Jan 31 00:09:40 sys-net NetworkManager[540]:   (wlp0s1): device
> state change: config -> IP-config (reason 'none') [50 70 0]
> Jan 31 00:09:40 sys-net NetworkManager[540]:   Activation (wlp0s1)
> Beginning DHCPv4 transaction (timeout in 45 seconds)
> Jan 31 00:09:40 sys-net NetworkManager[540]:   dhclient started
> with pid 1503
> Jan 31 00:09:40 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
> 255.255.255.255 port 67 interval 6 (xid=0xf3604a3b)
> Jan 31 00:09:46 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
> 255.255.255.255 port 67 interval 12 (xid=0xf3604a3b)
> Jan 31 00:09:58 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
> 255.255.255.255 port 67 interval 16 (xid=0xf3604a3b)
> Jan 31 00:10:14 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
> 

[qubes-users] Re: can't get Qubes 3.2 to install on a Lenovo E560 Thinkpad [novice user]

[raahelps]

On Tuesday, January 31, 2017 at 10:33:59 PM UTC-5, mindflow...@gmail.com wrote:
> Hello. I am trying to install Qubes, I burned and verified it on a DVD. The 
> problem I am having is the install disk boots up, but while installing it 
> reboots during initrd.img loading. I followed this link which describes my 
> problem, but the installer does not have the options to edit the bootcode 
> that is described in this work around as far as I can figure. Any help 
> appreciated, thanks.

if legacy boot is an option on your board it will save you some headache.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0a27a71-0aa5-49b6-b7a9-265e46b9fad0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Memory and network problems

[raahelps]

dom0 has no network by design.  A major point of qubes security.

The failed to start load kernel modules message is safe to ignore.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df2fc4ef-f9c2-4701-acf1-d2765832d7f9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Remove menu entries in XFCE on Qubes

[raahelps]

On Tuesday, January 31, 2017 at 10:36:03 AM UTC-5, qubes-user-000 wrote:
> I'm trying to remove an entry in the applications menu for fedora 23 that's 
> still there from when I updated to 24. How can I do this?

I think its alt f3 to get the editing mode for start menu.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cacf3854-30d8-48ed-aad6-a3446a549b40%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Remove menu entries in XFCE on Qubes

[bl7]

On Tuesday, January 31, 2017 at 11:57:48 AM UTC-5, 01v3g4n10 wrote:
> On Tuesday, January 31, 2017 at 9:36:03 AM UTC-6, b...@students.ptcollege.edu 
> wrote:
> > I'm trying to remove an entry in the applications menu for fedora 23 that's 
> > still there from when I updated to 24. How can I do this?
> 
> https://www.qubes-os.org/doc/remove-vm-manually/

I did that months ago. It doesn't work. Fedora 23 is still in the XFCE 
Applications menu.
http://i.imgur.com/wkrB0BT.png

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c3252cc-281e-4a48-adaf-2b42113a54e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Advantage of connecting through a mobile router in public?

[Chris Laprise]

On 02/01/2017 01:16 AM, Franz wrote:



On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise > wrote:


On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:

I keep reading examples where people are using something like
mobile routers between thier phone/computer and public wifi
spots, example like the blackholecloud
device or apparently Mike Perry
of the tor project told arstechnica

>that
"He suggests leaving the prototype in airplane mode and
connecting to the Internet through a second, less-trusted
phone, or a cheap Wi-Fi cell router."


This is pretty dubious advice. What is to stop an attacker from
breaking into the mobile router and using that as an attack
platform to break into your main device? A few minutes...?


But doesn't a firewall add some additional security? Otherwise which 
is the purpose of having a firewall?


A layer 3 service cannot protect you against a layer 2 attack.

Now, if we're going to pretend that NIC-DMA attacks are not a part of 
the threat model, then we can just run a regular OS instead of Qubes.


Router firewalls were a "good" option in 2002, and the word "firewall" 
itself is powerful and insists we place trust in it. But it was folly to 
place trust in network infrastructure in the first place and now 
router-firewalls are popular targets. They contain NICs with imperfect 
and obscure hardware and firmware.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da9a3d80-ebc2-b43f-a479-681a1f91ec54%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Advantage of connecting through a mobile router in public?

[Gaiko Kyofusho]

On Wednesday, February 1, 2017 at 7:48:06 AM UTC-5, Michael Carbone wrote:
> Franz:
> > On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise 
> > wrote:
> > 
> >> On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:
> >>
> >>> I keep reading examples where people are using something like mobile
> >>> routers between thier phone/computer and public wifi spots, example like
> >>> the blackholecloud device or apparently
> >>> Mike Perry of the tor project told arstechnica <
> >>> https://arstechnica.com/security/2016/11/tor-phone-prototyp
> >>> e-google-hostility-android-open-source/>that "He suggests leaving the
> >>> prototype in airplane mode and connecting to the Internet through a 
> >>> second,
> >>> less-trusted phone, or a cheap Wi-Fi cell router."
> >>>
> >>
> >> This is pretty dubious advice. What is to stop an attacker from breaking
> >> into the mobile router and using that as an attack platform to break into
> >> your main device? A few minutes...?
> 
> The point of Mike Perry's strategy is to (1) protect against baseband
> access/tracking by only using a phone's WiFi and to (2) protect against
> the current poor situation of firewalling in Android to *protect against
> non-Tor identity leaks*.
> 
> It seems pretty orthogonal to what you want to discuss with this thread
> - using mobile routers as a firewall for non-phone devices (Qubes)
> against active attackers.

Sorry yes, mentioning MP's use of a phone here was perhaps a bit tangential but 
as he seems to be a fairly well respected sec/priv person and uses an 
external/mobile router (a model that I thought could be applied to my Qubes 
opsec useage if it was applicable/made-sense) I thought I'd ask.

Anyway, according to Chris it seems that its a bit moot as I think he confirmed 
that Qubes separate firewall and net VMs kind of serve the same purpose?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e6be693-ef51-4c57-83c8-455fca923b68%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Minimal Template - Nautilus cannot copy to other VM

[mittendorf]

Hey there,

I want to use nautilus for qvm-copy-to-cm in a minimal template.
The bash command works, however using the context menu of nautilus
causes an error (stderr:

(nautilus:1602): dconf-WARNING **: failed to commit changes to dconf:
The connection is closed
Traceback (most recent call last):
  File "/usr/bin/qvm-mru-entry", line 24, in 
import gtk
  File "/usr/lib64/python2.7/site-packages/gtk-2.0/gtk/__init__.py",
line 40, in 
from gtk import _gtk
ImportError: No module named cairo
)

I installed pycairo, but that does not solve the problem.
Any ideas?

thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc4eddd7-5ee7-7d8c-e1f3-1dc8370df009%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

[Connor Page]

Rudd-O's solution uses a separate routing table thus ensuring that all traffic 
from VMs go either to VPN or a "blackhole". This is more robust than relying on 
the main routing table that can be messed up. However, that requires relaxing 
the reverse path filter and I don't remember any mitigation for potential 
attacks by VPN servers exploiting this.
The main advantage is that an rpm package is produced so there's an easy way 
for creating and maintaining multiple VPN VMs based on the same template = 
easier updates.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b7aff2c-c714-4520-a45c-b14314192c10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Advantage of connecting through a mobile router in public?

[Michael Carbone]

Franz:
> On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise 
> wrote:
> 
>> On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:
>>
>>> I keep reading examples where people are using something like mobile
>>> routers between thier phone/computer and public wifi spots, example like
>>> the blackholecloud device or apparently
>>> Mike Perry of the tor project told arstechnica <
>>> https://arstechnica.com/security/2016/11/tor-phone-prototyp
>>> e-google-hostility-android-open-source/>that "He suggests leaving the
>>> prototype in airplane mode and connecting to the Internet through a second,
>>> less-trusted phone, or a cheap Wi-Fi cell router."
>>>
>>
>> This is pretty dubious advice. What is to stop an attacker from breaking
>> into the mobile router and using that as an attack platform to break into
>> your main device? A few minutes...?

The point of Mike Perry's strategy is to (1) protect against baseband
access/tracking by only using a phone's WiFi and to (2) protect against
the current poor situation of firewalling in Android to *protect against
non-Tor identity leaks*.

It seems pretty orthogonal to what you want to discuss with this thread
- using mobile routers as a firewall for non-phone devices (Qubes)
against active attackers.

-- 
Michael Carbone

Qubes OS | https://www.qubes-os.org
@QubesOS 

PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5afcadcd-76ec-2e21-1c2e-50349051401e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

[mittendorf]

Hello fellow Qubes users,

I am aware of two ways o achive a "leakproof" VPN-ProxyVM.

The sollution by Rudd-O
https://github.com/Rudd-O/qubes-vpn

and the "more involved" method in the Qubes wiki

https://www.qubes-os.org/doc/vpn/

both with anti-leak preventive measures and both based on OpenVPN.

Questions:
- are the different or is Rudd-Os tool "just" a user-friendly interface
for the same method?
- If not, which method do you prefer and why?

thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/235945b3-5993-93b4-7d85-a372f368f335%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Memory and network problems

[Chris Willard]

Hello Andrew,

Wednesday, February 1, 2017, 3:29:46 AM, you wrote:

> - From which VM are you issuing these pings?

I'm  pinging  from  the Untrusted domain as I believe that dom0 has no
networking.

I  have  other PCs that can access the internet so I know it's working
OK.

I  have  done a traceroute to 4.2.2.1 which gets to the IP assigned by
my router but no further, I can't ping the router either!

Also there was a "failed to start Load Kernel Modules" when booting.

Hope this makes sense!


-- 
Best regards,
 Chrismailto:ch...@thewillards.co.uk

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/MTAwMDAyNy5hbmF0b21pYw.1485941943%40quikprotect.
For more options, visit https://groups.google.com/d/optout.