Re: [qubes-users] Simple Dom0 password manager for an imperfect-but-strong security upgrade?

[cooloutac]

Didn't bother reading the anarchical walls of text haha.  but Ya I agree with 
Jean that sounds like you would be exposing dom0 to stuff for really no 
reason...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb595d36-d1eb-4b18-83cc-52c9317f0d28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Updates Qubes Builder details?

[Drew White]

On Wednesday, 29 March 2017 09:54:30 UTC+11, Unman  wrote:
> On Sun, Mar 26, 2017 at 08:32:27PM -0700, Drew White wrote:
> > Just a thought for the future builder. :}
> > 
> > Is anyone by chance going to some day update the Qubes Builder details so 
> > that they actually make sense?
> > 
> > Example, it doesn't say how to build a specific version or a specific 
> > variant of qubes.
> > 
> > 
> > "The build system creates build environments in chroots and so no other 
> > packages are needed on the host. "
> > What does this mean?
> > Does this mean that it doesn't use the version of Unix that you want and 
> > have put the builder under?
> > 
> > 
> > Hope to see it updated to make sense someday with all those things that are 
> > unanswered, answered.
> > 
> 
> Hello Drew
> 
> There are quite a few pages about the build process, as well as more
> information in the qubes-builder/doc directory. Also, there are a number
> of config files in example-configs. Finally, if you run ./setup in the
> builder directory you can choose the flavour you want - also , this
> will generate quite detailed builder.conf which should make the options a
> little clearer.
> 
> Finally, you are quite right. The build process creates chroots for the
> distribution you are building. So if you select Jessie, then a
> chroot-jessie will be setup and the actual build will take place in that
> chroot.
> 
> cheers
> 
> unman

Heya Unman,

That's what I thought happened by the way everything was explained, however 
that isn't really that good.

Because what if the flavour isn't in the list?

What do I do then?

How do I build it onto an operating system that isn't in the list at all?
Do I need to customise the build script until the build script works?

There isn't anything in the build docs or files or anything that tells me what 
I'm trying to find out, nor anything that I have asked about certain things in 
the past.

So I ask every now and again things to see if things have progressed and been 
able to get things worked out and fixed or not so that the instructions are 
there for those that do custom build, not just a generic build according to 
what qubes says it requires.

I have a system, I want Qubes to be built into it, it has XEN.

I don't want Jessie or anything, I just want the files downloaded, built, and 
installed correctly.

It's source code, so it should just be easy enough to do if the instructions 
were there as to what was required for each part of qubes, what is needed to be 
able to install each, what X is required, the list of details for everything, 
not just a little piece of information that tells you next to nothing.

It's what I've been after for a long time now.

I try an uninstall Qubes from a guest, and it tells me it's going to uninstall 
half the system, thus the system would then stop working. Nothing I can do 
about that, I don't know what is required for what..

I try and uninstall one thing, and it says it has to uninstall everything.

Nothing there tells me anything about it.


If the documentation had everything in it, even the things that the creators of 
Qubes don't know since they don't fully know what Qubes requires, as they said 
in the past, then I wouldn't have to ask these details. I wouldn't have to try 
to find out from users what the creators/developers can't tell me.

All I ever get told is go to the documentation.

If the info was n the documentation, I wouldn't have to ask.

I go to the docs first, I search this google forum first, I search the 
developers forum too.. I search on GitHub for the bug list.. (Which doesn't 
contain the bugs that have been reported and in Qubes since version 2 that are 
still in 3 and most likely 4.

I'm just trying to get the details I need to know what I need in the system so 
that I can install them and then get it all done properly and working.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c853c6bd-792c-420c-bcd9-bd5ddf901850%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Gigabyte B150 Mobo / Intel i7-6700k CPU / WD Blue M.2 1TB SSD

[Joe Thielen]

Machine seems to work well, having run overnight.  16GB RAM currently but
will be upgrading to 32GB.  No TPM.

Updated BIOS before installing Qubes using mobo built-in installer.

Had some issues getting the Qubes installer to work (USB).  Playing with
the boot settings convinced it to work.  I seem to recall choosing to boot
from the USB partition #1, not from the drive itself as playing a factor.
The BIOS "compatibility module" settings did not help, I recall turning
those off.  Also had to turn on the items for VT-d & VT-x (in separate
places on the menus).  The first time the install actually ran is crashed
after language selection.  I rebooted and it ran fine the second time.

Video works - using VGA.  Mobo also has HDMI & DVI, have not tried those
(no plans on it).

Networking works.

No use for sound, have not tried it.

M.2 SSD seems to work great.  Copying VMs takes a little longer than I
would expect, but still faster than a traditional HD.

I've had several CentOS 7 HVMs (CLI, no GUI - Although the installer was
GUI and ran fine) running concurrently as well as a work VM with multiple
terminals and Firefox running, all speedy.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAM9FSFwjT7%2BLeiHSDbQXqJrxVnj0%2BKJ7Kep2XNdK5ZHavhyM0w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-System_manufacturer-System_Product_Name-20170329-173008.cpio.gz
Description: GNU Zip compressed data


Qubes-HCL-System_manufacturer-System_Product_Name-20170329-173008.yml
Description: application/yaml

[qubes-users] Re: off topic - invite codes to 'riseup'

[cooloutac]

sounds cool.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c5b06eb-7362-4dbb-9697-9ce3ceff6aeb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HP EliteBook 820 G4

[cooloutac]

On Monday, March 27, 2017 at 4:00:29 PM UTC-4, xet7 wrote:
> Hi,
> I'm trying to install Qubes 3.2 iso from USB 2.0 stick to HP EliteBook G4 
> that has NVME harddisk. It's in usb boot menu loop.
> 
> I tried this:
> chainloader /EFI/BOOT/xen.efi placeholder qubes-verbose /mapbs /noexitboot
> 
> And somehow got to this this error:
> /EndEntire
> file path: 
> /ACPI(a0341d0)/PCI(0,14)/USB(1,0)/File(\EFI\BOOT)/File(xen.efi)/EndEntire
> 
> How can I continue install from USB stick ?
> 
> BR,
> x
I assume you already checked https://www.qubes-os.org/doc/uefi-troubleshooting/ 
  otherwise is there legacy boot mode option in bios?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/346ccdf1-5093-4a66-86fa-52fc3a7de0b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How much important is TPM?

[cooloutac]

On Tuesday, March 28, 2017 at 2:40:11 AM UTC-4, Vít Šesták wrote:
> AFAIU, TPM is useful mostly for AEM. But AEM requires Intel TXT (which is 
> missing even on some high-end CPUs). But TXT has various vulnerabilities. How 
> much real protection can it offer? Is it worth the hassle (finding a laptop 
> with both TPM and TXT and installing and using AEM)?
> 
> To be honest, I don't know much about TPM/AEM/TXT.
> 
> Regards,
> Vít Šesták 'v6ak'

if you worried about physical compromise more likely.  like if you travel with 
a laptop probably a good idea.  for a home desktop that would depend, but less 
likely in most cases, because then you got other more important security 
problems then your computer.  

Also i'm not sure but does using a usb boot key affect sys-usb? possibly a 
tradeoff maybe someone else can chime in.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/52c79991-3dbb-4bb0-b843-4cfad3d0cd64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: dnf over VPN with qubes-updates-proxy

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/28/2017 02:14 PM, Nemo wrote:
> Doing updates through the VPN would be perfect if possible.

For this you can simply skip the updates proxy, and let your template
access the same networks as you appVMs.

You just have to edit the /etc/dnf/dnf.conf in your template, and
comment out the qubes proxy line.

Of course this will disable the original "template protection" where
you can only reach the updates proxy.


- -- 
Zrubi
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJY23AqAAoJEH7adOMCkunmBJMP/RL0i7xF/tY3+xdtvMuXiCUt
W6jsuUcvsC2VlTsW2WSskBnixGEZuZlFaTxo6yA1HXpRCTgOiJm6mHrmLLcyV4im
jbuEpkI/wcoKodSzyhvQ6NBIj1PUBZehuOIbK3NoBkasnzqSDQ/cSB30z72QljOn
S/T/njAQ3PFju3+yA6l7jrE7gJiICXecR2zwN78Y2b9KdxSs/JwnQBVdh+ahvxI4
A4fEF45gvtJ+5QkK3A2zmrnkhl39k/b54NjglN993LL0uUB4j8cbgUUjG6mjnPYj
YEW4MlvSKbAHp8wzwDpWT1yb1zCzDt2F45K3ILDwO0G119TBC1Ur8qwz5YELRwcm
9ZDrDK9gLaVfWxj4aBv4N1ecZZu9pVN8RKtFsFHuvFGkCjLoDPVKjkgpSLMhDNpi
aUAo61cpsVxgE6AocepbHykrbrhyQnncUO0LcZT1Ozl9g9hCyFT5LgMvRN3k9vRb
QwNZVptA2ktps7X9BtjPSjcYUgdhEFxqxxt85Sy0BS61bfH2UlgPzEIr+I7XRxaa
SIj6yUG9SpRTz/HBaP2Rt3IzKkwLzkOaQDRKebNofsl8X+z9fF3Oq7cVOSFqj2X5
LM+t/NXnkwCciwbD0V5m4v9qNorj5GYTdzlauAROLA4tRmAqPddOl7rfhMqnnlXs
S7P4liRGjwwbyYeK02y6
=h4kr
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04d1b2db-bb80-056f-8fdd-c37cf07b2702%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] again usb problems

[haaber]

> On Mon, Mar 20, 2017 at 11:13:12PM +0100, haaber wrote:
>>> On Mon, Mar 20, 2017 at 10:45:26PM +0100, haaber wrote:
 Hello,
 I need some help with USB. I cant mount them apart in sys-usb.
 Concretely, I have the following contradicting informations:

 On one hand:

 [ me@dom0 ~]$ qvm-usb -l
 sys-usb:3-213fe:4100 _USB_DISK_2.0_070A273523959238
 [ me@dom0 ~]$ qvm-usb -a private sys-usb:3-2
 ERROR: qubes-usb-proxy not installed in the VM

 Although

 [user @ private ]
 sudo apt-get install qubes-usb-proxy
 Reading package lists... Done
 Building dependency tree
 Reading state information... Done
 qubes-usb-proxy is already the newest version.

 The AppVM "private" runs on a up-to-date  debian8 template. How can I
 narow down the problem? Thank you!  Bernhard
>>>
>>> What template are you using for sys-usb?
>>> Have you checked that you have qubes-usb-proxy installed there?
>>
>> Hi Unman, thank you for helping.
>> the template for sys-usb is a fedora-24-minimal clone, that I called
>> fedora-24-usb. It has  qubes-usb-proxy-1.5.0-1 installed.
>>
>> Bernhard
> 
> Hello Bernhard,
> 
> Can you check that you have /etc/qubes-rpc/qubes.USB present in both the
> sys-usb and the "private" qube.
> 
> As you are using a disk, you could try using qvm-block to attach the
> storage - can you try that for me? (You can also use the "Block devices"
> menu from the Qubes Manager icon.)

Hello Unman,

1)  /etc/qubes-rpc/qubes.USB is present (also -attach & -detach) in
sys-usb and in private

2) the "DISK" was a usb-key - that my mother took home in the meantime.
But the problem is generic, so I just grabbed another USB key (this time
from my wife :)

[ me@dom0 ~]$ qvm-usb
sys-usb:3-3.4   058f:6366 Generic_Flash_Card_Reader_Writer_058F63666438

[ me@dom0 ~]$ qvm-usb -a private sys-usb:3-3.4
ERROR: qubes-usb-proxy not installed in the VM

3) qvm-block test:

[ me@dom0 ~]$ qvm-block -l
sys-usb:sda Card_Reader () 29 GiB
sys-usb:sda1Card_Reader () 29 GiB

[ me@dom0 ~]$ qvm-block -a private sys-usb:sda1

[ user@private] lsblk
xvdi   202:128  1 29.1G  0 disk

[ user@private] mount /dev/xvdi /mnt

works perfect ! Thank you Unman. It does solve USB-key / USB-disc
problems at least ... (and insures backups :)



On the other hand, of course, my built-in camera

sys-usb:2-1.7   05c8:0369 SunplusIT_INC._HP_HD_Webcam

won't be available in my  " phone & video "  qube. So there remains a
little path to go. If you have another hint for that?

Thanks, Bernard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29c31917-f460-19d0-8913-381761a940a2%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes OS 3.1 reaches EOL on 2017-03-29

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-01 01:01, Andrew David Wong wrote:
> Dear Qubes community,
> 
> Qubes OS releases are normally supported for six months after each subsequent
> major or minor release (see [Supported Versions] and [Version Scheme]). In
> accordance with this policy, Qubes 3.1, which was released on 2016-03-09, is
> scheduled to reach end-of-life (EOL) on 2017-03-29 --- six months after Qubes
> 3.2 was released on 2016-09-29. We strongly urge all current Qubes 3.1 users 
> to
> upgrade to Qubes 3.2 or newer before 2017-03-29. As always, newer releases are
> available on the [downloads] page.
> 
> You can view this announcement on the Web at:
> https://www.qubes-os.org/news/2017/03/01/qubes-os-3-1-eol-on-2017-03-29/
> 
> [Supported Versions]: https://www.qubes-os.org/doc/supported-versions/
> [Version Scheme]: https://www.qubes-os.org/doc/version-scheme/
> [downloads]: https://www.qubes-os.org/downloads/
> 

This is a reminder that Qubes 3.1 has now reached EOL as of 2017-03-29.
Please upgrade to Qubes 3.2 immediately if you have not done so already.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJY22C2AAoJENtN07w5UDAwFPMQAJYU6Ykfm1b7P8zjxg1MaSgD
2KQexQHzdeKMGoECdOzsvmeXkDt+L2cIb7YKnZ33bw8R0/kpgpFtrU/ukxcri1fZ
nw9TPewMmxLa9xkqcS4bo1s3c/pA2czc2eP9+BXPGLLDc6eU3y91+h9WzxHhDA5X
kjq9pXhmqvQivFukGX/kK6Q851vr3td4j4EMfN2hogJ5WYYopnlITaSvijW8t/+r
rTM7pZ9xuij3rDaI7WlTzkegAI7QiFXc1XAa6VGvf+wjpgOORMsB0i9y3VxSTAkX
EXe/HHH1Yruw/8XMD+MdzmLKBJs5bC78LxjvTd+FkcCeWZPdmwCud1Vvss+KJmKR
/tP+QM89lcA/XrojVeQ67QXTwopFBmU2EGepLghnvxmmQQT+gv9FOB40ODc6hmQG
vP+kqXy3Ekt9nntmDgEqELz5jqV5Y+oQnpVepUHvoqD5un7FUvdY3qBAN1fy8yjv
qmvy04yVB2mQohprANyrn2Dj9QlYDn63SW2bDWnnOOItwbMgqarURklFEemvbRdo
GUdTdBkbsApa3hJybRg3Y4b51aIbnRLNhqeP2dE9QP7aWoh51ZCGUfMSVZBB8gHi
OorvqM0DcJewv0WL3bnzmHrHCsvzteySEYXJpu7kORQNbwEk/VO6Pmghp+GkhOkI
JFQy9H2TFwP7I7/K91s0
=acfE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/96a7fb88-0cca-7f18-cf39-8b7b87809447%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.