date:20170202

On Thursday, February 2, 2017 at 6:51:19 PM UTC-5, Chris Laprise wrote:
> On 02/01/2017 02:59 PM, Franz wrote:
> >
> >
> > On Wed, Feb 1, 2017 at 2:34 PM, Chris Laprise  > > wrote:
> >
> > On 02/01/2017 01:16 AM, Franz wrote:
> >
> >
> >
> > On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise
> > mailto:tas...@openmailbox.org>
> >  > >> wrote:
> >
> > On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:
> >
> > I keep reading examples where people are using
> > something like
> > mobile routers between thier phone/computer and public
> > wifi
> > spots, example like the blackholecloud
> > device or apparently Mike
> > Perry
> > of the tor project told arstechnica
> >
> > 
> >  > 
> > 
> >
> > 
> >  > 
> > >>that
> > "He suggests leaving the prototype in airplane mode and
> > connecting to the Internet through a second, less-trusted
> > phone, or a cheap Wi-Fi cell router."
> >
> >
> > This is pretty dubious advice. What is to stop an attacker
> > from
> > breaking into the mobile router and using that as an attack
> > platform to break into your main device? A few minutes...?
> >
> >
> > But doesn't a firewall add some additional security? Otherwise
> > which is the purpose of having a firewall?
> >
> >
> > A layer 3 service cannot protect you against a layer 2 attack.
> >
> > Now, if we're going to pretend that NIC-DMA attacks are not a part
> > of the threat model, then we can just run a regular OS instead of
> > Qubes.
> >
> > Router firewalls were a "good" option in 2002, and the word
> > "firewall" itself is powerful and insists we place trust in it.
> > But it was folly to place trust in network infrastructure in the
> > first place and now router-firewalls are popular targets. They
> > contain NICs with imperfect and obscure hardware and firmware.
> >
> >
> > Thanks Chris. Would you think the same of openwrt firmware?  Qubes 
> > firewall architecture is obviously the way to go. But phones, netbooks 
> > etc cannot afford Qubes. While they would deserve some sort of perhaps 
> > minor protection.
> > Best
> > Fran
> 
> I have installed Openwrt myself. It doesn't have better architecture, 
> but its open and security updates are more readily available. Beyond 
> that, I haven't thought about better routers in years because I've seen 
> no sign of a breakthrough in architecture, and I've also become more 
> mindful of the maxim that net infrastructure shouldn't be trusted. 
> Endpoint security is the one truly good type of security practice, and 
> Qubes is like the "fine point" on the endpoint. :)
> 
> Papers are starting to circulate that call-for or describe better 
> security architecture for IoT, including Qubes' approach of isolating 
> NICs and such. To me, IoT is very similar to (if not the same as) net 
> infrastructure, but in smaller packages. The attention gives me reason 
> to hope that even tablets and phones will significantly improve.
> 
> But for now, we should remind ourselves that smartphones have one main 
> design goal over other devices: Ultra-convenience. We shouldn't 
> automatically assume they are appropriate for whatever use case, and 
> I find it a little disturbing that the Tor Project's interest in hardware 
> has gone in this direction. But the odd thing about such projects they 
> have a history of catering to mostly Windows users and absorb some of 
> the blindness that platform engenders.
> 
> Chris

Quote from Chris:
"I find it a little disturbing that the Tor Project's interest in hardware 
> has gone in this direction. But the odd thing about such projects they 
> have a history of catering to mostly Windows users and absorb some of 
> the blindness that platform engenders."

You might want to consider where the majority of the funding for many of the 
most popular privacy and anonymity software comes fromUS Gov.  This 
includes Tor.  The same gov that allows NSA surveillance of its own citizens 
and breaking encryption and security schemes within its own countries.  Yet we 
are then suppose to trust its other division NIST that gives us recommendations 
for infosec.  The same NIST that had culpability

Re: [qubes-users] Archlinux Community Template Qubes OS 3.2

On Saturday, December 31, 2016 at 3:00:40 PM UTC-5, hed...@tutanota.com wrote:
> @Olivier Medoc
> 
> 
> First off, thank you for all the work you've clearly put into the Arch Linux 
> build and documentation for Qubes.
> 
> 
> FYI, I'd just like to add my own experiences when I tried to use the new 
> template. (Since I was using the ready-built template, I skipped your build 
> instructions and started at section "Package Manager Proxy Setup Section".):
> 
> 
> 1. After the initial download, the template VM wouldn't close down and was 
> eventually killed by the qubes-dom0-update script. That behaviour was 
> repeated after I started and tried to shutdown the template VM myself.
> 2. Just like Francesco, I had difficulty reading the command lines, because 
> it is virtually impossible to distinguish a single- from a double-dash and 
> copy/paste wasn't working. I tried in both Firefox and Chromium so it wasn't 
> browser related. A fixed-pitch font should do the trick.
> 3. Since gnome-terminal wouldn't open, it would have been useful if you had 
> specifically named the "archlinux terminal app" for those of us not versed in 
> Arch Linux. I used xterm as a fallback, which worked, but later found out 
> that there is an xfce4-terminal that is very like gnome-terminal.
> 4. Step 3 Install Pacman failed with an error about a database file not 
> existing. Some research led me to try "pacman -Syy" (I think without "sudo") 
> which did the trick. 
> 5. Step 7 Configure Powerpill...  the description (though not the example) 
> omits the need for a comma on the preceding line.
> 
> 
> Otherwise, it's now all up and running. Now all I have to do is get my head 
> around Arch!
> 
> 
> Mike

Mike,

The errors in syntax in the instructions are my fault.  I helped update the 
entire instruction guide and obviously there are some typos.   While I did post 
it all up for review those must have slipped thru.  It was alot of new 
instructions and images.  I was trying to make it so people could c&p the 
various cmds to try and make it that much easier.   The issue being that some 
of them did not obviously transfer correctly and or I typo'd.  Not sure how it 
happened as I took the images and c&p the cmds as part of a full template build 
which was successful but somehow it seems it did happen.

The reason powerpill was not given specific configs was at the time a number of 
people had posted that pacman should have had a option to config the proxy ip 
which ended up not being the case at least not from anything I could find.  I 
left it up to the end user then to decide as it was not a direct part of 
building the actual archlinux template.

I am happy to add the powerpill config instructions but if you do a basic 
search on its use of aria2 that it uses its straight forward.  Its a basic 
config file with single line item config with very basic syntax.  It would have 
to be for me to get it to work LOL.

The instruction page is 100% editable for change submissions so any errors you 
see you can submit the changes to fix it.  If you prefer list them here giving 
me the step number and the error and I can go back and fix it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/167cd847-e907-46d1-bff3-f4138099910b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Installing using pacman command

On Thursday, February 2, 2017 at 9:14:45 AM UTC-5, trule...@gmail.com wrote:
> Hi, Tim. Olivier said :
> 
> "Archlinux currently upgraded xorg and pulseaudio, however the integrated 
> archlinux gui agent must be build for strict versions of xorg-server and 
> pulseaudio. For this reason, you have to rebuild the agent using the 
> most recent qubes repository, or wait for binary agents to be available. "
> 
> Powerpill or Pacman, it doesn't matter, update system and break dependency 
> and can't install anything.

Ok I miss understood the issue.   Yes that is the same issue we ran into if you 
do a search on the template a while back.  For that is was pulseaudio.   When 
xorg or pulseaduio versions are updated by ARchlinux we end up having to 
rebuild the template from source.  If not you just get the failed errors when 
trying to update.

The issue I was originally speaking of was not being able to assign pacman a 
proxy ip to use the qubes update proxy.  AT least not without breaking the 
security model for it hence the while powerpill etc comments.  

THere is another thread running concurrently that is dealing with the same 
issue so maybe best to just use that thread to address the issue.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4bc2bfac-00dc-41e9-a032-69d541fd384d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Advantage of connecting through a mobile router in public?

On 02/01/2017 02:59 PM, Franz wrote:

On Wed, Feb 1, 2017 at 2:34 PM, Chris Laprise > wrote:

On 02/01/2017 01:16 AM, Franz wrote:

On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise
mailto:tas...@openmailbox.org>
>> wrote:

On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:

I keep reading examples where people are using
something like
mobile routers between thier phone/computer and public
wifi
spots, example like the blackholecloud
device or apparently Mike
Perry
of the tor project told arstechnica

>>that
"He suggests leaving the prototype in airplane mode and
connecting to the Internet through a second, less-trusted
phone, or a cheap Wi-Fi cell router."

This is pretty dubious advice. What is to stop an attacker
from
breaking into the mobile router and using that as an attack
platform to break into your main device? A few minutes...?

But doesn't a firewall add some additional security? Otherwise
which is the purpose of having a firewall?

A layer 3 service cannot protect you against a layer 2 attack.

Now, if we're going to pretend that NIC-DMA attacks are not a part
of the threat model, then we can just run a regular OS instead of
Qubes.

Router firewalls were a "good" option in 2002, and the word
"firewall" itself is powerful and insists we place trust in it.
But it was folly to place trust in network infrastructure in the
first place and now router-firewalls are popular targets. They
contain NICs with imperfect and obscure hardware and firmware.

Thanks Chris. Would you think the same of openwrt firmware? Qubes
firewall architecture is obviously the way to go. But phones, netbooks
etc cannot afford Qubes. While they would deserve some sort of perhaps
minor protection.

Best
Fran

I have installed Openwrt myself. It doesn't have better architecture,
but its open and security updates are more readily available. Beyond
that, I haven't thought about better routers in years because I've seen
no sign of a breakthrough in architecture, and I've also become more
mindful of the maxim that net infrastructure shouldn't be trusted.
Endpoint security is the one truly good type of security practice, and
Qubes is like the "fine point" on the endpoint. :)

Papers are starting to circulate that call-for or describe better
security architecture for IoT, including Qubes' approach of isolating
NICs and such. To me, IoT is very similar to (if not the same as) net
infrastructure, but in smaller packages. The attention gives me reason
to hope that even tablets and phones will significantly improve.

But for now, we should remind ourselves that smartphones have one main
design goal over other devices: Ultra-convenience. We shouldn't
automatically assume they are appropriate for whatever use case, and I
find it a little disturbing that the Tor Project's interest in hardware
has gone in this direction. But the odd thing about such projects they
have a history of catering to mostly Windows users and absorb some of
the blindness that platform engenders.

Chris

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5760399b-9d7e-0024-425f-131c65db215c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Number of cores and other CPU characteristics

On 02/02/2017 04:50 AM, Vít Šesták wrote:

Choosing the right CPU is about choosing the right tradeoff. The tradeoff is
not only between price, power consumption and performance. We can also balance
single-core performance to multi-core performance, or we might want some
enhancements for some specific tasks, like AES-NI. And many more.

I'd say its the details that the PC vendor execute on the motherboard
that matter more than anything. The specific way chipsets are wired, the
way the BIOS initializes certain features, peripheral chips that might
not be FOSS-friendly, etc. Plus, the number of USB controllers and the
way the keyboard is wired (PS2 vs USB). These things make or break
compatibility with secure Qubes configurations.

So, until we have a running pre-release of R4, we won't really know
which models work.

As for the CPU itself, AES-NI seems like the must-have to me. IIRC it
can prevent side-channel attacks whereas software AES cannot. Luckily,
its a common option on x86 processors aimed at PCs. Of course, I'll also
recommend TXT and TPM if it makes Anti Evil Maid work.

RAM is also a security issue because of attacks like rowhammer. Some
people recommend an ECC-capable CPU or chipset to help mitigate them.

4. Is there anything else I should be aware of when looking at recent i7 (or
maybe i5) CPUs?

Hmmm... 'Evil Inside' perhaps?

Chris

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/bd53a3a7-6c43-dffa-41a8-39647763af7a%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: sync-ntp-clock

2017-02-02 Thread Drew White

Further information:

It appears it runs every 6 minutes in a guest.

But why does it run every 6 minutes?

Why can't it just run on boot and maybe twice a day?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94249393-4d36-4275-bf5f-e75b765b2939%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki


On 02/01/2017 07:36 PM, Connor Page wrote:

actually I think that reliance on mangle can be avoided since routing table 
selection can be done by source address rather than firewall marks. marks are 
good to differentiate different types of traffic but in our case all traffic 
should be trated the same.
there is difference in how traffic from the vpn vm is routed. this leads to two 
different attack vectors by a potentially compromised server. for the official 
solution routing tables can be manipulated, for Rudd-O's tool problems may 
arise from martian packets. some thought need to be given to proper firewalling.


That's why I have iptables block according to the *interface*, which 
bypasses issues caused by odd routing. Anti-leak measures are best 
performed by watching below the IP layer.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34a0877c-39a1-c691-2722-0337aef4f4d5%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Devilspie2 integration


On 02/02/2017 09:09 AM, Hack wrote:

Hi,

Could it be possible to provide Qubes OS with Devilspie2 at first 
install?


Like this, we could have, by default? some virtual desktops attributed 
to some task.


For example:

 * Desktop 1 = administration tasks (sys-firewall, sys-net, etc…)
 * Desktop 2 = Personal
 * Desktop 3 = Work
 * and so on

Maybe with some color "matching" on the tool bars?

Of course, with the option to customize it.



This is one of the things I love about using KDE on Qubes.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/efa6a0ff-0af6-a253-6e5d-c842e3b0e0eb%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problems with mount of an external BR-Burner

2017-02-02 Thread Arnulf Maria Bultmann

when I connect my external (USB 3.0) BR-burner to qubes it shows up as 
/dev/sr0. So far so good... but I cannot mount it neither via the menu nor in 
the terminal via 'mount /dev/sr0 /home/user/CD', the path exists.
the error notice: bad superblock
Any idea?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8405d02b-179e-42c0-a2d1-1039d101d0ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: wlan with kernel 4.8 (Re: [qubes-users] HCL - Lenovo ThinkPad X1 Yoga 2016 (20FQ005UGE))

2017-02-02 Thread Robin Schneider

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/02/2017 03:44 PM, Holger Levsen wrote:
> Hi,
> 
> On Sun, Jan 15, 2017 at 10:24:01PM +0100, Robin Schneider wrote:
>> Adding to the reports about the Thinkpad X1 Carbon 4th gen (20FB), here
>> are my experiences with the ThinkPad X1 Yoga 20FQ005UGE:
> 
> another skylake system here…
> 
>> WLAN works after installing firmware-iwlwifi in Debian 9. The only
>> problem is that almost all times after resuming from S3, the net VM needs
>> to be restarted to get wlan working again. The following is logged in
>> sys-net:
> 
> I have the same problem with WLAN :/ After suspend I need to restart
> sys-net, which requires shutting down all VMs using it, so that's pretty
> super annoying :/ My sys-net VM still runs fedora-23…

You don’t have to restart all the VMs, luckily, which I learned shortly after
posting this. There is a pretty simple trick going around. Just set your
sys-firewall to no net vm, restart your net vm and reattach your sys-firewall
back to the net vm :)

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYk3j3AAoJEIb9mAu/GkD49BEP/ivBq8NePQ+4rHTXPh30ZULp
PJvc7YkKc93/NfXJH8J7V23yfPadZJCGZndcF2XkuWETFuAuM75r2Xpl1Xb1zoyQ
mWgtAKueCEwKzZ8FM/CgKpBaFeA02BcLB1OpzB9iVuFARMvV0wXhh1N1nk0jkFMB
yoY7warhbefbskTy8MKXJ/GDb7GwqhOgQrnomExW+QThJOtoOPIu12jGV63ppmRq
xUiKg7m51j1ufY4+/7FyQojytNTNmvq+LxPju1qxQI1GjT3ULTLrXlAFZ4VZnI3G
TGgR4r9DOGHHIMAul1CTuV/8NUy3sug8oAJLJUuA1q+3VPv57WPYaFWUnREN4B1S
xwjSvCXPgeHcsNoenRfOStuCVzmrG++mwOZjnegXlFEuBBq550/p3cTlqQBSDoVy
AzsY7FzRNHjm2+B+HguE2h8LDllOfdpgTTrkN+rTSNyTlwF0M9W49YnXOo9G6Xoo
xyRV0RdweIVeEEfFtBDOQ4Pa367WmgL/1h0gBIzd6xYttwVcz0D9gJLnwvoKYjgT
GXPVw50HR3EZIjX7PjftuYOSYKmlAqBOdilWJCu5VmJoanHr3nWW4ekjRwWwopW+
jNqT/d4+0Loh/T/cJyfnjDM2cxQGDuTm6ni6ghFDgy81Pfe0M7ICUxomdXuIhXWd
DHdNJ6HhkX5eiXvMvqa1
=aEbR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58fb74e5-eef8-1a2b-d938-4affe1de8786%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Asus G750JW

2017-02-02 Thread Loren Rogers

Sent with [ProtonMail](https://protonmail.com) Secure Email.

 Original Message 
Subject: Hardware report
Local Time: January 30, 2017 1:27 PM
UTC Time: January 30, 2017 6:27 PM
From: lo...@lorentrogers.com
To: qubes-users 

Hi all,

I've attached a hardware report for an Asus G750JW. I can say that Qubes 
appears to run just fine overall, but with a few limitations. The most 
important is the wifi -- the Broadcom unit installed isn't supported, so no 
wifi out of the box. Somewhat annoying, but workable, is the monitor - the 
display brightness doesn't work, so it's stuck at 100%. This is a known issue 
with the kernel, and may be fixed in future releases. Could be worse, but still 
annoying. Also, the keyboard functions don't work out of the box. Things like 
the keyboard backlight brightness, wireless on/off, enable/disable touchpad, 
all don't work. However, the volume buttons do work, along with the monitor-off 
button. I didn't really try any of the other functions or the webcam/mic.

Loren

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/VJwONYKRZLfN2jBzfwytkjCRqc4vOTOSpuueRtgtmwVMnEm3KszLRN7T71n8xyTq6kg0TgetGaFsB3rD00ZEDGZ5N9_K1tH-yiQ2Oww5U9M%3D%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.

Qubes-HCL-ASUSTeK_COMPUTER_INC_-G750JW-20170130-125955.yml
Description: application/yaml

[qubes-users] HCL - Lenovo Thinkpad X201T

2017-02-02 Thread Loren Rogers

Sent with [ProtonMail](https://protonmail.com) Secure Email.

 Original Message 
Subject: Lenovo X201t Thinkpad Report
Local Time: January 30, 2017 1:31 PM
UTC Time: January 30, 2017 6:31 PM
From: lo...@lorentrogers.com
To: qubes-users 

Figured I'd send along a report for my Thinkpad as well. (Attached.) Everything 
seems to be working fine with this setup, but it does tend to overheat 
occasionally. Pretty annoying, but for everyday workloads it seems to be fine.

Loren


Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6FshwbRZZeECiTTsR2adbe8tm8S65IG639PuAprT6caQobQ7FK0PdrGy925GOZ7IUBVdKKvOhWcEFQuj0qJCApzjWXgTW7I9XF4dUMt4FlI%3D%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-2985F4U-20170130-132918.yml
Description: application/yaml

[qubes-users] Monitor won't wake up after temporary hdmi switchover

2017-02-02 Thread Patrick Bouldin

Hello again, this problem is really causing issues. I have multiple hdmi 
connections on my monitor. Whenever I switch over, away from the Qubes machine, 
and then back again, the Qubes machine loses its hdmi connection. I can tell 
the machine is still running, and ok, but I can't see anything!

PS - on boot, I'm still always getting this error:
[FAILED] Failed to start Load Kernel Modules.

Could this be related? It seems to operate fine, except for the hdmi monitor.


Thank you,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d92-5779-4a1d-98d2-6fadaaa71f2e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Remove menu entries in XFCE on Qubes

2017-02-02 Thread qubes-user-000

My mistake, it was in here > ~/.local/share/applications/
I got rid of it by doing rm fedora-23*
Thanks for the help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb834344-e5f8-4d68-8b2b-ebcfc5575cac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Remove menu entries in XFCE on Qubes

2017-02-02 Thread qubes-user-000

On Wednesday, February 1, 2017 at 1:21:18 PM UTC-5, raah...@gmail.com wrote:
> On Tuesday, January 31, 2017 at 10:36:03 AM UTC-5, qubes-user-000 wrote:
> > I'm trying to remove an entry in the applications menu for fedora 23 that's 
> > still there from when I updated to 24. How can I do this?
> 
> I think its alt f3 to get the editing mode for start menu.

This works to hide it but hidden is still there in a sense. Seems a little 
goofy that there's no way to do this, no?
I understand Qubes has its parts separate intentionally but I think there's a 
problem in some places, like this one; where you aren't able to do something as 
simple as remove a menu entry.
Just my 2c if there really is no way to do this properly.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f844d4ad-0e6e-408c-8554-4e26f362dcf6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

I decided to look for information on AMD. And he found a much better version of 
the performance, which is suitable in general for all the requirements rel.4. 
>From https://libreboot.org/faq/#compatibility 
"The Platform Security Processor (PSP) is built in on all Family 16h + systems 
(basically anything post-2013)"

https://en.wikipedia.org/wiki/Steamroller_(microarchitecture) It says
"Integrated custom ARM Cortex-A5 co-processor[22] with TrustZone Security 
Extensions[23]"


But there is no such
https://en.wikipedia.org/wiki/Piledriver_(microarchitecture) 
Everything Is AMD Piledriver Family 15h safe?
Please help me!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/be130495-8d0e-41e1-b4ce-9d2f80f60944%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

wlan with kernel 4.8 (Re: [qubes-users] HCL - Lenovo ThinkPad X1 Yoga 2016 (20FQ005UGE))

2017-02-02 Thread Holger Levsen

Hi,

On Sun, Jan 15, 2017 at 10:24:01PM +0100, Robin Schneider wrote:
> Adding to the reports about the Thinkpad X1 Carbon 4th gen (20FB), here are my
> experiences with the ThinkPad X1 Yoga 20FQ005UGE:
 
another skylake system here…

 
> ### Kernel update

the default 4.4.38-11 kernel worked mostly nicely for me, until it suddenly
went into suspend and wouldnt wake up anymore… 

so I switched to 4.8.12-12 like this:

> `qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel` and `dnf upgrade
> kernel` worked!

which gave me somewhat higher battery life and so far no sudden suspend. But:
 
> WLAN works after installing firmware-iwlwifi in Debian 9. The only problem is
> that almost all times after resuming from S3, the net VM needs to be restarted
> to get wlan working again. The following is logged in sys-net:

I have the same problem with WLAN :/ After suspend I need to restart sys-net,
which requires shutting down all VMs using it, so that's pretty super annoying 
:/
My sys-net VM still runs fedora-23…

> [14543.999216] e1000e: eth0 NIC Link is Down
> [14548.117695] e1000e: eth0 NIC Link is Down
> [14548.314301] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> [23785.273315] e1000e: eth0 NIC Link is Down
> [23785.307940] wlan0: deauthenticating from xx:xx:xx:xx:xx:xx by local choice
> (Reason: 3=DEAUTH_LEAVING)
> [23786.152843] Freezing user space processes ... (elapsed 0.001 seconds) done.
> [23786.154342] Freezing remaining freezable tasks ... (elapsed 0.000 seconds)
> done.
> [23786.155692] PM: freeze of devices complete after 0.347 msecs
> [23786.155697] suspending xenstore...
> [23786.155764] PM: late freeze of devices complete after 0.065 msecs
> [23786.171420] PM: noirq freeze of devices complete after 15.649 msecs
> [23786.172443] xen:grant_table: Grant tables using version 1 layout
> [23786.172443] PM: noirq thaw of devices complete after 0.708 msecs
> [23786.172443] PM: early thaw of devices complete after 0.086 msecs
> [23786.172846] PM: thaw of devices complete after 0.407 msecs
> [23786.172846] Restarting tasks ... done.
> [23809.722077] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> [23810.002035] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
> [23810.006535] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
> [23810.008657] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23810.010616] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23815.012114] iwlwifi :00:01.0: Failed to load firmware chunk!
> [23815.012150] iwlwifi :00:01.0: Could not load the [0] uCode section
> [23815.012182] iwlwifi :00:01.0: Failed to start INIT ucode: -110
> [23815.012208] iwlwifi :00:01.0: Failed to run INIT ucode: -110
> [23815.042145] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23815.044004] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23820.043139] iwlwifi :00:01.0: Failed to load firmware chunk!
> [23820.043194] iwlwifi :00:01.0: Could not load the [0] uCode section
> [23820.043230] iwlwifi :00:01.0: Failed to start INIT ucode: -110
> [23820.043249] iwlwifi :00:01.0: Failed to run INIT ucode: -110
> [23820.049489] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23820.051445] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23825.054064] iwlwifi :00:01.0: Failed to load firmware chunk!
> [23825.054078] iwlwifi :00:01.0: Could not load the [0] uCode section
> [23825.054088] iwlwifi :00:01.0: Failed to start INIT ucode: -110
> [23825.054093] iwlwifi :00:01.0: Failed to run INIT ucode: -110
> [23835.017335] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
> [23835.019072] iwlwifi :00:01.0: L1 Enabled - LTR Enabled

basically the same with f23:

[ 1656.511666] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[ 1656.514413] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[ 1661.517205] iwlwifi :00:01.0: Failed to load firmware chunk!
[ 1661.517248] iwlwifi :00:01.0: Could not load the [0] uCode section
[ 1661.517283] iwlwifi :00:01.0: Failed to start INIT ucode: -110
[ 1661.517308] iwlwifi :00:01.0: Failed to run INIT ucode: -110
[ 1661.522957] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[ 1661.524946] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[ 1666.527193] iwlwifi :00:01.0: Failed to load firmware chunk!
[ 1666.527240] iwlwifi :00:01.0: Could not load the [0] uCode section
[ 1666.527292] iwlwifi :00:01.0: Failed to start INIT ucode: -110
[ 1666.527326] iwlwifi :00:01.0: Failed to run INIT ucode: -110

and then I noted this:

[user@sys-net ~]$ uname -a
Linux sys-net 4.4.38-11.pvops.qubes.x86_64 #1 SMP Mon Dec 12 23:24:39 UTC 2016 
x86_64 x86_64 x86_64 GNU/Linux

while uname -a in dom0 shows the 4.8.12-12.pvops.qubes.X86_64 kernel.

Could this be related? And how do I upgrade the kernel in sys-net?
"rpm -qa | egrep (kernel|linux)" doesnt show it installed, how come it's
4.4 and not 4.8?

Is the solution to upgrade the iwl$Bla-firmware package in sys-net?

Shall I file a github issue?


-- 
ch

[qubes-users] Re: Two ways of "true" security.

I decided to look for information on AMD. And he found a much better version of 
the performance, which is suitable in general for all the requirements rel.4. 
Ruler Trinity processors. From https://libreboot.org/faq/#compatibility it does 
not support the PSP and therefore supports the RVI is the best option of all 
that there is to QUBES rel.4

Conclusion.
Maximum perfomance and safety for qubes rel.4 - AMD A10-5800K.
Maximum perfomance and safety for qubes rel.3 - nForce 790i + xeon e5472.
Other - is unsafe or too slow.

Your opinion?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ec9edc5-7b0f-46e3-b640-ae5e7ac7cc06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

2017-02-02 Thread derreckhardy

Can someone provide me with a invite for riseup as well? thanks. 
derreckha...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8267aa58-053d-40cd-ab65-08f73ae57972%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

2017-02-02 Thread derreckhardy

On Tuesday, 28 October 2014 18:26:49 UTC, bm-2cu9wcijafoqtf6...@bitmessage.ch  
wrote:
> Dear qubes-users,
> 
> I am long time qubes follower and user. I apologize in advance if anyone 
> feels this request is spam.
> 
> I am looking for two invite codes needed to sign up to anonymous 
> riseup.net email service.
> 
> I am hoping there are some qubes users who are riseup.net account 
> holders.
> 
> Can anyone please send me a couple of invite codes that I might be able 
> to sign up?
> 
> Thank you in advance.

Can someone provide me with a invite for riseup as well? thanks. 
derreckha...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c5df45b-3a10-4073-8011-7c118f95a036%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] untar'ing an archive with /dev files crashes qrexec

2017-02-02 Thread Holger Levsen

Hi,

so, I've started to use Qubes for real, and I can say I'm already quite very
happy how nicely it works (VM seperation etc) and also how "easy" it is to use.
Kudos & thanks to all involved making this happen!

That said, I will now write a serious of mails with some small issues I'm 
having.

So, I copied my data into one big VM (a mistake…) and am now creating tar-balls
which I'm qvm-copy-to-vm'ing to other VMs. One of these tarballs contained a
chroot for a live-system. Upon untar'ing mknod was complaining that it couldnt
create those files in ./dev and appearantly that crashed qrexec on the VM!

(This is on Qubes 3.2 with a 4.8er kernel, the VM runs Debian 8.)

After reproducing this 3 times I've excluded that old chroot from that tarball, 
after which I could untar it without problems…

Is this a known issue or should I create one on github for this? Is it
avoidable at all?


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170202142713.GA22207%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Digital signature

[qubes-users] Devilspie2 integration

2017-02-02 Thread Hack


Hi,

Could it be possible to provide Qubes OS with Devilspie2 at first install?

Like this, we could have, by default? some virtual desktops attributed 
to some task.


For example:

 * Desktop 1 = administration tasks (sys-firewall, sys-net, etc…)
 * Desktop 2 = Personal
 * Desktop 3 = Work
 * and so on

Maybe with some color "matching" on the tool bars?

Of course, with the option to customize it.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o6veip%24n88%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Installing using pacman command

2017-02-02 Thread truleeeeeed

Hi, Tim. Olivier said :

"Archlinux currently upgraded xorg and pulseaudio, however the integrated 
archlinux gui agent must be build for strict versions of xorg-server and 
pulseaudio. For this reason, you have to rebuild the agent using the 
most recent qubes repository, or wait for binary agents to be available. "

Powerpill or Pacman, it doesn't matter, update system and break dependency and 
can't install anything.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04b22290-685a-448f-b74f-b1c8cb1329df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

четверг, 2 февраля 2017 г., 17:33:46 UTC+5 пользователь Connor Page написал:
> I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for 
> something more recent but well supported by Linux, reflash and put a 
> non-Intel network card for peace of mind.
> ideally a free BIOS would be desirable but that restricts the selection to 
> quite old generations of chips where another problem exists - they all have 
> errors that Intel either can't or won't fix...


Could you show the instructions and write here your chipset?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5af1ae23-1fa0-4b3f-b38f-5b7887ee2fd9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

2017-02-02 Thread Connor Page

I have successfully castrated ME firmware on 2 Haswell laptops so I'd go for 
something more recent but well supported by Linux, reflash and put a non-Intel 
network card for peace of mind.
ideally a free BIOS would be desirable but that restricts the selection to 
quite old generations of chips where another problem exists - they all have 
errors that Intel either can't or won't fix...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77afe505-4ff9-4e1b-a19c-5413329ee550%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Two ways of "true" security.

On Thursday, February 2, 2017 at 5:07:08 AM UTC-5, mr@gmail.com wrote:
> This text was written using Google translate.
> As we know, there are two potentially dangerous technology Hardware Trojan: 
> Intel ME and AMD PSP
> I have not seen AMD, so I decided to make the maximum performance and 
> security system based on intel. First, I began to choose the chipset. After 
> reading about the technology intel amt my choice fell on the p965 and n790i. 
> I needed a chipset meets the following conditions:
> 1). No intel amt.
> 2). maximum capacity
> 3) not less than FSB 1333 for the installation of fast xeon
> 4). DDR3
> 
> The chipsets p965 not natively support 1333 FSB CPUs, but there is a 
> development from the company gigabyte allowing the use of this frequency on 
> these chipsets. This is possible on the board (the last revision ONLY):
> GA-965P-DQ6;
> GA-965P-DS4;
> GA-965P-DS3P;
> GA-965P-DS3;
> GA-965P-S3.
> Unfortunately, these boards do not support DDR3.
> 
> But the chipset nForce 790i decide my problems! 1600 MHz FSB, DDR3 2000 MHz! 
> Ideally! Plus, the Intel Xeon E5472 support.
> It seemed, would have found a solution ... But there is no support EPT, and 
> VT-d, required for qubes rel.4.
> 
> Based on the above, there are two ways:
> 1). Use Qubes Release 4.x, and be subject to the influence of Hardware Trojan 
> Intel (AMD?).
> 2). Use Qubes Release 3.x and be subject to the influence of XSA 148 types of 
> errors.
> 
> Which path to choose?

There are bios hardware flash that will disable/uninstall all but 2 packages of 
Intel ME IIRC removing 5 packages.  This is so far the best I have seen for 
getting as close as we can with limiting what amounts to a intel low level OS 
which tech has the power to circumvent anything we do at the user OS level.  No 
longer does the baremetal term apply as it use to in the past.  The CPU and 
chipset manf as wanting and taking more and more control away from the primary 
OS thus locking us down more and more and increasing their control of the 
entire PC.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9532583e-c2ee-4703-8212-b1965c687249%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Installing using pacman command

On Thursday, January 12, 2017 at 9:54:59 AM UTC-5, joseph@gmail.com wrote:
> On Thursday, January 12, 2017 at 2:18:08 PM UTC, tezeb wrote:
> > On 01/12/17 15:14, joseph.yeng...@gmail.com wrote:
> > > I forgot to add, but I've modified the pacman.conf as specified in the 
> > > Qubes documentation for the creation of an Archlinux Template VM.
> > > 
> > 
> > Are you running it in TemplateVM or AppVM?
> > Do you allow it to connect via update proxy? (Firewall Rules->Allow
> > connection to Updates Proxy)?
> 
> Template VM. Yes.

Did this get resolved.  If not try opening up the firewall setting for 10 mins 
and try the download.   I know recently the archlinux build has been fixed to 
allow update proxy via Qubes update proxy setting.  Prior this it could not be 
done directly thru Pacman without breaking the proxy firewall rule.  You needed 
to install and use Powerpill wrapper for Pacman.  Set update proxy IP in Aria2. 
 I think I had this all in the Qubes Doc for Archlinux with example of the 
config file settings.   IMHO Powerpill wrapper is far superior in every way to 
default Pacman with Wget or Curl.  Its faster for granular config, allows for 
parallel and segmented downloads.  With Reflector you can get the very fastest 
up today mirrors for you location.  XYNE controls all the code for those apps 
and from my experience has been restive to requests and suggestions.

Anyways take a look. 

The only issue with reflector is no place to enter a proxy IP which I will be 
asking of xyne to see if he can add it.   This is tech a sep issue from Pacman 
and Powerpill which the later has proxy line entry in config via Aria2 config 
keeping to update proxy secpol.  

With that said according to the post by Olivier update proxy now functions 
properly with pacman.  I have not personally tested this yet so can no comment 
personally beyond what I read.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9624a69-f30a-48f6-a7cf-209a054c85c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Archlinux Community Template Qubes OS 3.2

On Friday, December 30, 2016 at 3:05:55 AM UTC-5, Olivier Médoc wrote:
> On 12/30/2016 03:59 AM, Franz wrote:
> 
> 
> 
>   
> 
> 
> 
> 
> 
>   
> On Thu, Dec 29, 2016 at 2:41 AM,
> Franz <169...@gmail.com>
> wrote:
> 
> 
>   
> 
> 
> 
> 
> 
>   
> On Mon,
>   Dec 19, 2016 at 3:06 PM, J. Eppler 
> 
>   wrote:
> 
>   Hello,
> 
> 
> 
> I just wanted to thank the person who created
> and uploaded the qubes-template-archlinux 3.0.6
> to the Qubes OS 3.2 rpm repo.
> 
> 
> 
> Saved a lot of work.
> 
> 
> 
> You can installed it with:
> 
> sudo qubes-dom0-update
> --enablerepo=qubes-templates-community
> qubes-template-archlinux
> 
> 
> 
> 
> 
>   
>   
> 
> 
>   
> 
> 
> A really nice Christmas present! Thanks
> 
>   
> 
> 
> 
> When I digit 
> 
>    sudo pacman-key -populate archlinux
> 
> 
> 
> I get
> 
> 
> 
> pacman-key: invalid option -- 'p'
> 
>   
> 
> 
>   
> 
>   
> 
> 
> 
> 
> 
> 
> I found the issue, there is a small clerical error in
>   the documentation with a single"-". It should be 
> 
>   sudo pacman-key --populate archlinux
> 
> 
> 
> not
> 
>   sudo pacman-key -populate archlinux 
> 
> 
>   
> 
>   
> 
> 
> 
> By the way, the Qubes Update Proxy Service is now supported and most
> of the pacman configuration occurs in /etc/pacman.d/ files with
> requiring specific changes.
> 
> 
> 
> 
> 
> 
> 
> I will check that based on a new template and fix the documentation
> accordingly.

Oiivier,

Its great pacman is now supported for updating.  When I was working with others 
to update the  build and doc to work with newer archlinux versions I tried most 
everything asking many on the archlinux forum for help.  No one could offer a 
good solution that did not break update security or require manual opening and 
closing of the firewall access.

https://groups.google.com/forum/#!searchin/qubes-users/tim$20w$20pacman/qubes-users/vT_ETcU5BvQ/sDhu879WDQAJ
 I also had a thread on dev.  

How was the functionality added?  To pacman to allow for proxy addition without 
going thru wget or thru a change in qubes update proxy service?  

I found the powerpill pacman wrapper which used aria2 to allow for proxy 
without breaking update proxy security to be at the time the best avenue not to 
mention its added power and speed.  The only issue to have made everything 
completely smooth was the reflector app to keep update mirror list current had 
no option to allow for a proxy entry.  I planned to send a email to xyne to see 
if he could add it as he has been quite responsive in the past to similar 
request.

Really glad its now working.  The reason I ask about how it was addressed is I 
wondered if it would allow reflector program to go thru or does it have still 
have the proxy option to plug in the ip?

Thanks again for keeping the distro updated and working.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d54b2320-db95-4e0a-a7e2-7590691123c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Two ways of "true" security.