Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-05-08 23:47, cooloutac wrote:
> On Tuesday, May 9, 2017 at 12:47:11 AM UTC-4, cooloutac wrote:
>> On Sunday, May 7, 2017 at 12:33:54 PM UTC-4, nick...@kulinacs.com
>> wrote:
>>> On May 7, 2017 10:39:22 AM CDT, Andrew David Wong
>>>  wrote:
> On 2017-05-07 10:32, nickl...@kulinacs.com wrote:
>> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong 
>>  wrote: On 2017-05-07 10:10, 
>> nickl...@kulinacs.com wrote:
> What benefit does this have over simply ysing 
> qubes-split-gpg-client-wrapper, like done here: 
> https://github.com/kulinacs/pass-qubes It seems
> like a lot of overhead for not a lot of gain.
> 
> On May 7, 2017 9:50:26 AM CDT, "Manuel Amador
> (Rudd-O)"  wrote:
>> Building on the excellent pass
>> (https://passwordstore.org), it gives me great
>> pleasure to announce the initial release of
>> qubes-pass — an inter-VM password manager and
>> store for Qubes OS.
>> 
>> Check it out here!
>> 
>> https://github.com/Rudd-O/qubes-pass
>> 
>> 
>> What are the advantages of either of these over the
>> traditional Qubes model of having a normal password
>> manager in a vault VM and using the inter-VM clipboard to
>> copy/paste passwords out of it?
>> 
>> 
>> I prefer Pass because it uses GPG for encryption, meaning
>> I can manage fewer secrets over all (as it backends into
>> my normal GPG key) and then track my password files in
>> git. To do this with the traditional Keepass method, you
>> either need to back up the password database somewhere
>> secure or remember another password for it.
>> 
> 
> Why not just back up the entire vault with qvm-backup?
> 
>>> 
>>> Git has less storage overhead (as you're backing up a bunch of
>>> text files, not an entire VM), allows proper versioning, so it
>>> is trivial to see your passwords at a point in time, and can be
>>> used cross platform if you chose to keep your GPG key on
>>> another system.
>> 
>> I just back up the database file. its encrypted.
> 
> I don't think backing up the whole vault is a good idea if you
> don't have to.
> 

Why? No need to encrypt the database file if the whole VM is
encrypted. Also, if your database file doesn't use authenticated
encryption, that's another thing to worry about. You may also worry
about file-level metadata leakage.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZEVYkAAoJENtN07w5UDAwuAUQAMxJvs6Z5SK+2jJ7AaKPUnSQ
9sj2z7S4XzteTNRmV6e3c8MIiMuVUuO491B9/1p+s3ndsIZjQV2bK8gKwhsEvcJQ
/jGoRpq+cTsYN7PCup17oP+hXqZMO6w23ehgJa5KTDnHl8DzQWoaG3QqCmkFSPL3
W2QdJ2wYgH14xlIwwqsDdsawZsjHs18OLO8u5tsaUqYZZDkhKN9SIABXjCfm+4bN
za2xxcQlXX0HLEtGqHSRlBt36AKM0IYjQDh8ArM109E58uf+QWI/rXYe0U1bIRxR
7VyDSnNIH9qJ5GP25ZnTUu0czPTA3sh6Dr0y2gLfbvoEUmZfNRDX7IrSyVsG7q6P
+GKrr10Cawym8tLr/v3pSZ2DLRG+3Am/zsEOyGUY3Cg5xUG0lSyVJp8WIb2xGtND
o9mkaMaFV+iFFIxPzld5Wc9nwy7h+d3eF0b/fX32PsI+CpIVudOOpwibtPh1pte6
VMgclD00eQnabTjT3Egw6+8EvBsvDJc4smCJ/blWWRWgirRgdPwATlJ7CwxEICtW
8bwJTMXQsIeHqduEcBZO1qnI+sqaUF86KME2p6leD51qb+BUC/463l5En8terTe+
auIKVGdzcF5QRXihEMdJSDGrUgTsSUxoAdLFDEZGLWa1po62++3C0225DVvgOpp+
03AmrJMi0eyaJ0ndGJG+
=soty
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17b4002e-ec43-1acd-ad8e-9b26af3e2a81%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Re-adding dom0 shortcuts to Start Menu

[cooloutac]

On Wednesday, May 3, 2017 at 2:58:18 PM UTC-4, wordsw...@gmail.com wrote:
> Not sure how, but I've randomly lost all my dom0 shortcuts, eg Logout, System 
> Settings, Terminal. Possibly through running the Qubes Automated Build System 
> or by attempting a dom0 update when there was none available.
> 
> How can I rebuild the menu, or manually re-add these shortcuts?

you can follow the suggestions here.  
https://groups.google.com/forum/#!searchin/qubes-users/dom0$20shortcuts|sort:relevance/qubes-users/Ub2y-7Hd_LM/q8hQF3ecBAAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9b3d8f-c708-4844-a0d9-1ecf58c13621%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS

[cooloutac]

On Tuesday, May 9, 2017 at 12:47:11 AM UTC-4, cooloutac wrote:
> On Sunday, May 7, 2017 at 12:33:54 PM UTC-4, nick...@kulinacs.com wrote:
> > On May 7, 2017 10:39:22 AM CDT, Andrew David Wong  wrote:
> > >-BEGIN PGP SIGNED MESSAGE-
> > >Hash: SHA512
> > >
> > >On 2017-05-07 10:32, nickl...@kulinacs.com wrote:
> > >> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong 
> > >>  wrote: On 2017-05-07 10:10, 
> > >> nickl...@kulinacs.com wrote:
> > > What benefit does this have over simply ysing 
> > > qubes-split-gpg-client-wrapper, like done here: 
> > > https://github.com/kulinacs/pass-qubes It seems like a lot
> > > of overhead for not a lot of gain.
> > > 
> > > On May 7, 2017 9:50:26 AM CDT, "Manuel Amador (Rudd-O)" 
> > >  wrote:
> > >> Building on the excellent pass (https://passwordstore.org),
> > >> it gives me great pleasure to announce the initial release
> > >> of qubes-pass — an inter-VM password manager and store for
> > >> Qubes OS.
> > >> 
> > >> Check it out here!
> > >> 
> > >> https://github.com/Rudd-O/qubes-pass
> > >> 
> > >> 
> > >> What are the advantages of either of these over the traditional 
> > >> Qubes model of having a normal password manager in a vault VM and 
> > >> using the inter-VM clipboard to copy/paste passwords out of it?
> > >> 
> > >> 
> > >> I prefer Pass because it uses GPG for encryption, meaning I can 
> > >> manage fewer secrets over all (as it backends into my normal GPG 
> > >> key) and then track my password files in git. To do this with the 
> > >> traditional Keepass method, you either need to back up the password
> > >> database somewhere secure or remember another password for it.
> > >> 
> > >
> > >Why not just back up the entire vault with qvm-backup?
> > >
> > >- -- 
> > >Andrew David Wong (Axon)
> > >Community Manager, Qubes OS
> > >https://www.qubes-os.org
> > >-BEGIN PGP SIGNATURE-
> > >
> > >iQIcBAEBCgAGBQJZDz+kAAoJENtN07w5UDAwVdEQAKyEUNffYrCLsTK8TyRvWnyi
> > >3dz15oDFHAL/PXkUHptcn4NJfU3BrmPBcf8DaBM2ROlXVJQayYZq9QwE1wlftxjr
> > >+ZblvNOuYbc/+FGxGNpqimc7jSC5TSaaduMW47THp66xemYH55pVChD2WT3X/dk4
> > >gn51SLYKE7tixnsOaqNEQSawpwbDsVaL4hLDgV4NLDKeZTbhLLxLbFlvikoMsUxY
> > >BXj19mfje2oJrDAXEDUtDK9qq8tOjttK4EomVG0HQVinyhpKiLn/Nil91xQnKvES
> > >H8QG9sEUUEGs0/GsYsXIkb3VJqRdkns5A1Cp5FR3/WTiIxBARfewXY3klQKO0UFj
> > >zTovVZ3OgjuqmqDlkLLGRI5bn1NHZ2k9IFly4+8VUYXPOVBNdkKmIpqS3x0EPhuO
> > >rFZmg/1OYHeT3FLt6WwDJilNGzN2I/FByx7AbwiEHGgspQYVviDRha2n6eCDGh0R
> > >uIZ3/8iYj+QA+glXZFGj5ghIKjBiA6rcn7vTh7/r+9rGaOCCDCGY6L4ZrgL8Ao76
> > >VOw1MnnzVHIOGjGQ0RacDN9qZ8D/YTy2BqZVUdF1RXoBb77LQgAfVfVAeIjzuWg7
> > >KIlXI9ScIFqEbbcxC7w4SC1LHbEcET81q5B0tNzJUJ+QL0/CZQ9avrPHBOq9kVRs
> > >NK8zRvknFnPargpog2UK
> > >=vzjL
> > >-END PGP SIGNATURE-
> > 
> > Git has less storage overhead (as you're backing up a bunch of text files, 
> > not an entire VM), allows proper versioning, so it is trivial to see your 
> > passwords at a point in time, and can be used cross platform if you chose 
> > to keep your GPG key on another system.
> 
> I just back up the database file. its encrypted.

I don't think backing up the whole vault is a good idea if you don't have to.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc2b9af1-1599-48ca-91e5-969627f9ca15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS

[cooloutac]

On Sunday, May 7, 2017 at 12:33:54 PM UTC-4, nick...@kulinacs.com wrote:
> On May 7, 2017 10:39:22 AM CDT, Andrew David Wong  wrote:
> >-BEGIN PGP SIGNED MESSAGE-
> >Hash: SHA512
> >
> >On 2017-05-07 10:32, nickl...@kulinacs.com wrote:
> >> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong 
> >>  wrote: On 2017-05-07 10:10, 
> >> nickl...@kulinacs.com wrote:
> > What benefit does this have over simply ysing 
> > qubes-split-gpg-client-wrapper, like done here: 
> > https://github.com/kulinacs/pass-qubes It seems like a lot
> > of overhead for not a lot of gain.
> > 
> > On May 7, 2017 9:50:26 AM CDT, "Manuel Amador (Rudd-O)" 
> >  wrote:
> >> Building on the excellent pass (https://passwordstore.org),
> >> it gives me great pleasure to announce the initial release
> >> of qubes-pass — an inter-VM password manager and store for
> >> Qubes OS.
> >> 
> >> Check it out here!
> >> 
> >> https://github.com/Rudd-O/qubes-pass
> >> 
> >> 
> >> What are the advantages of either of these over the traditional 
> >> Qubes model of having a normal password manager in a vault VM and 
> >> using the inter-VM clipboard to copy/paste passwords out of it?
> >> 
> >> 
> >> I prefer Pass because it uses GPG for encryption, meaning I can 
> >> manage fewer secrets over all (as it backends into my normal GPG 
> >> key) and then track my password files in git. To do this with the 
> >> traditional Keepass method, you either need to back up the password
> >> database somewhere secure or remember another password for it.
> >> 
> >
> >Why not just back up the entire vault with qvm-backup?
> >
> >- -- 
> >Andrew David Wong (Axon)
> >Community Manager, Qubes OS
> >https://www.qubes-os.org
> >-BEGIN PGP SIGNATURE-
> >
> >iQIcBAEBCgAGBQJZDz+kAAoJENtN07w5UDAwVdEQAKyEUNffYrCLsTK8TyRvWnyi
> >3dz15oDFHAL/PXkUHptcn4NJfU3BrmPBcf8DaBM2ROlXVJQayYZq9QwE1wlftxjr
> >+ZblvNOuYbc/+FGxGNpqimc7jSC5TSaaduMW47THp66xemYH55pVChD2WT3X/dk4
> >gn51SLYKE7tixnsOaqNEQSawpwbDsVaL4hLDgV4NLDKeZTbhLLxLbFlvikoMsUxY
> >BXj19mfje2oJrDAXEDUtDK9qq8tOjttK4EomVG0HQVinyhpKiLn/Nil91xQnKvES
> >H8QG9sEUUEGs0/GsYsXIkb3VJqRdkns5A1Cp5FR3/WTiIxBARfewXY3klQKO0UFj
> >zTovVZ3OgjuqmqDlkLLGRI5bn1NHZ2k9IFly4+8VUYXPOVBNdkKmIpqS3x0EPhuO
> >rFZmg/1OYHeT3FLt6WwDJilNGzN2I/FByx7AbwiEHGgspQYVviDRha2n6eCDGh0R
> >uIZ3/8iYj+QA+glXZFGj5ghIKjBiA6rcn7vTh7/r+9rGaOCCDCGY6L4ZrgL8Ao76
> >VOw1MnnzVHIOGjGQ0RacDN9qZ8D/YTy2BqZVUdF1RXoBb77LQgAfVfVAeIjzuWg7
> >KIlXI9ScIFqEbbcxC7w4SC1LHbEcET81q5B0tNzJUJ+QL0/CZQ9avrPHBOq9kVRs
> >NK8zRvknFnPargpog2UK
> >=vzjL
> >-END PGP SIGNATURE-
> 
> Git has less storage overhead (as you're backing up a bunch of text files, 
> not an entire VM), allows proper versioning, so it is trivial to see your 
> passwords at a point in time, and can be used cross platform if you chose to 
> keep your GPG key on another system.

I just back up the database file. its encrypted.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40489a94-f31d-40be-b221-e9cd0e38748b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: What did qubes do to my laptop?

[cooloutac]

On Monday, May 8, 2017 at 10:29:14 PM UTC-4, Myron Weber wrote:
> On Monday, May 8, 2017 at 6:21:27 PM UTC-7, cooloutac wrote:
> > wow thats weird.  maybe something to do with your gpu or monitor.
> 
> Maybe, but it's the same onboard Intel graphics and laptop screen that ran 
> Qubes before. Not criticizing your idea - this is a mystery. I'll probably 
> never know - hope to never duplicate.

ya but maybe powering it off and stuff happening with power resources just 
started to make it wear out now.  monitors do retain images,  better ones 
retain them less then cheaper ones so probably somethign to that as well.  
maybe osmething overheated on something and was cooling off.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4826f41-dd88-4416-bdaa-ae211a150bdf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

[cooloutac]

On Monday, May 8, 2017 at 11:09:57 PM UTC-4, Ted Brenner wrote:
> Yes, my multimedia template uses Debian 8 as I had read it had good support. 
> But I hadn't installed the gnome-desktop or totem. I'll try that out. Thanks!
> 
> 
> On Mon, May 8, 2017 at 6:17 PM, Chris Laprise  wrote:
> On 05/08/2017 02:25 PM, Ted Brenner wrote:
> 
> 
> Yeah, I've just struggled with installing the libraries to play
> 
> protected content. The documentation for Linux doesn't seem to be very
> 
> good nor very up-to-date. But I can attach the DVD in an AppVM and I do
> 
> have VLC installed. Just can't get over the next hurdle.
> 
> 
> 
> 
> 
> 
> Have you tried the Debian template? It has good codec support.
> 
> 
> 
> Installation:
> 
> 
> 
> dom0$ sudo qubes-dom0-update qubes-template-debian-8
> 
> 
> 
> Setup:
> 
> 
> 
> debian$ sudo tasksel install desktop gnome-desktop
> 
> (this will pull in programs like LibreOffice, too)
> 
> 
> 
> debian$ sudo apt-get install vlc totem
> 
> 
> 
> -- 
> 
> 
> 
> Chris Laprise, tas...@openmailbox.org
> 
> https://twitter.com/ttaskett
> 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
> 
> 
> 
> 
> 
> -- 
> 
> Sent from my Deskto

ya fedora is a pain,  I still have to install gstreamer good on debian which 
brings in a single package I can't remember for what, and psyched to see 
gstreamer1.0-libav was already pre-installed so thats cool.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb43727c-3c10-4dbd-8dbf-73da2dbc1bb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Windows hanging at starting up screen (changing xen video -> cirrus not working?)

[cooloutac]

On Monday, May 8, 2017 at 10:33:45 PM UTC-4, Gaiko wrote:
> Thanks for that. I gave both ideas a try (fingers crossed and all) but no go 
> :(
> 
> 
> I am still very much open to suggestions. When I have time I will probably 
> try to make the template on another machine, back it up, then restore it onto 
> this one... or see if that works.
> 
> 
> On Mon, May 8, 2017 at 1:31 AM, Jean-Philippe Ouellet  wrote:
> On Sat, Apr 29, 2017 at 10:34 AM, Gaiko Kyofusho
> 
>  wrote:
> 
> 
> 
> > I am trying to setup a win7 template. I started with the:
> 
> >
> 
> > qvm-create --hvm-template win7-x64-template -l green
> 
> >
> 
> > which seemed to work well enough, then tried to install windows (win7 pro
> 
> > x64). When I try using:
> 
> >
> 
> > qvm-start win7-x64-template --cdrom=/home/user/win7.iso
> 
> >
> 
> > It starts up and then hangs (I've tried leaving it overnight, no progress)
> 
> > at the glowing starting windows. I then searched around and found two posts
> 
> > and the github work around of
> 
> >
> 
> > cp /var/lib/qubes/appvms/win7/win7.conf /tmp
> 
> >
> 
> > then mod'ing the  line to cirrus then
> 
> > running
> 
> >
> 
> > qvm-start win7-x64-template --cdrom=/home/user/win7.iso
> 
> > --custom-config=/tmp/win7.conf
> 
> >
> 
> > now I get an error:
> 
> >
> 
> > --> Loading the VM (type = TemplateHVM)...
> 
> > Traceback (most recent call last):
> 
> >   File "/usr/bin/qvm-start", line 136, in 
> 
> >     main()
> 
> >   File "/usr/bin/qvm-start", line 120, in main
> 
> >     xid = vm.start(verbose=options.verbose,
> 
> > preparing_dvm=options.preparing_dvm, start_guid=not options.noguid,
> 
> > notify_function=tray_notify_generic if options.tray else None)
> 
> >   File
> 
> > "/usr/lib64/python2.7/site-packages/qubes/modules/02QubesTemplateHVm.py",
> 
> > line 94, in start
> 
> >     return super(QubesTemplateHVm, self).start(*args, **kwargs)
> 
> >   File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py",
> 
> > line 335, in start
> 
> >     return super(QubesHVm, self).start(*args, **kwargs)
> 
> >   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
> 
> > line 1972, in start
> 
> >     self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
> 
> >   File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in
> 
> > createWithFlags
> 
> >     if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed',
> 
> > dom=self)
> 
> > libvirt.libvirtError: internal error: libxenlight failed to create new
> 
> > domain 'win7'
> 
> >
> 
> > thoughts?
> 
> 
> 
> That stack trace suggests xen/libvirt/qubes-manager state mismatch
> 
> I've seen happen on rare occasion.
> 
> 
> 
> Shot in the dark, try:
> 
> [user@dom0 ~]$ sudo systemctl restart libvirtd.service
> 
> 
> 
> or try re-creating with different VM name.

do u mean you have had a working template before in the past? or you want to 
try making one on another machine, ya why not.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13851205-f838-4b25-8f0e-23087b6516ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Multi Boot Question

[cooloutac]

On Monday, May 8, 2017 at 11:53:17 PM UTC-4, Patrick Bouldin wrote:
> On Monday, May 8, 2017 at 7:28:55 PM UTC-4, Unman wrote:
> > On Fri, May 05, 2017 at 09:39:28PM -0700, Patrick Bouldin wrote:
> > > I was attempting to go by the instructions here:
> > > https://www.qubes-os.org/doc/multiboot/
> > > 
> > > Confused on which instructions to execute. First, I repartitioned, then 
> > > installed Windows 7 - it booted fine. Then I installed Qubes on the other 
> > > position - and Qubes now boots fine to that partition. With that in mind, 
> > > do I follow the instructions under Windows or Linux on the guidelines?
> > > 
> > > And, if I'm to use the Windows instructions, then when doing a blkid in 
> > > order to get the volume for windows and substituting that name into the X 
> > > in the "ntldr (hd1,X)/bootmgr" line of the /etc/grub.d/40_custom  file - 
> > > I am unclear as to what to use there. If I blkid I see this: 
> > > 
> > > /dev/sdal: LABEL="System Reserved" UUID="lotsOfcharacters", and then 
> > > type, and then PARTUUID="othercharacters".  So, which do I want for the X 
> > > substitution. Either way upon boot I get "error: hd1 cannot get C/H/S 
> > > values"
> > > 
> > > Thank you,
> > > Patrick
> > > 
> > 
> > That error suggests that the drive is not identified correctly.
> > It would help if the page made it clear that these are examples, not to
> > be followed blindly.
> > You need to understand how grub identifies disks and partitions.
> > 
> > grub2 will reference sda (the first disk) as hd0.
> > But partitions are numbered from 1.
> > So sda1, which you identify as the System reserved partition , should be
> > identified as (hd0,1)
> > 
> > The relevant line should therefore be:
> >  ntldr (hd0,1)/bootmgr
> > 
> > Try that and see what happens.
> > 
> > unman
> 
> Thanks unman, that actually worked. However, apparently the QubesOS install 
> apparently corrupted the Windows OS partition that was installed first. I 
> guess that's a different problem! Do you think I need to start over? If I try 
> to boot to the USB windows7 ISO it doesn't recognize it, but I know the ISO 
> is good.
> 
> Patrick

you might of deleted a ntfs boot partition by accident. usually its the other 
way around lol.  but you say that windows usb won't boot now, thats weird. 
Maybe you disabled it in bios and forgot?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc9b28ad-75e9-45a3-a144-36bc2f2d1d74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Multi Boot Question

[Patrick Bouldin]

On Monday, May 8, 2017 at 7:28:55 PM UTC-4, Unman wrote:
> On Fri, May 05, 2017 at 09:39:28PM -0700, Patrick Bouldin wrote:
> > I was attempting to go by the instructions here:
> > https://www.qubes-os.org/doc/multiboot/
> > 
> > Confused on which instructions to execute. First, I repartitioned, then 
> > installed Windows 7 - it booted fine. Then I installed Qubes on the other 
> > position - and Qubes now boots fine to that partition. With that in mind, 
> > do I follow the instructions under Windows or Linux on the guidelines?
> > 
> > And, if I'm to use the Windows instructions, then when doing a blkid in 
> > order to get the volume for windows and substituting that name into the X 
> > in the "ntldr (hd1,X)/bootmgr" line of the /etc/grub.d/40_custom  file - I 
> > am unclear as to what to use there. If I blkid I see this: 
> > 
> > /dev/sdal: LABEL="System Reserved" UUID="lotsOfcharacters", and then type, 
> > and then PARTUUID="othercharacters".  So, which do I want for the X 
> > substitution. Either way upon boot I get "error: hd1 cannot get C/H/S 
> > values"
> > 
> > Thank you,
> > Patrick
> > 
> 
> That error suggests that the drive is not identified correctly.
> It would help if the page made it clear that these are examples, not to
> be followed blindly.
> You need to understand how grub identifies disks and partitions.
> 
> grub2 will reference sda (the first disk) as hd0.
> But partitions are numbered from 1.
> So sda1, which you identify as the System reserved partition , should be
> identified as (hd0,1)
> 
> The relevant line should therefore be:
>  ntldr (hd0,1)/bootmgr
> 
> Try that and see what happens.
> 
> unman

Thanks unman, that actually worked. However, apparently the QubesOS install 
apparently corrupted the Windows OS partition that was installed first. I guess 
that's a different problem! Do you think I need to start over? If I try to boot 
to the USB windows7 ISO it doesn't recognize it, but I know the ISO is good.

Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08cca803-86ce-455c-92fa-a4df51976f69%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Windows hanging at starting up screen (changing xen video -> cirrus not working?)

[Drew White]

On Tuesday, 9 May 2017 12:33:45 UTC+10, Gaiko  wrote:
> Thanks for that. I gave both ideas a try (fingers crossed and all) but no go 
> :(
> 
> 
> I am still very much open to suggestions. When I have time I will probably 
> try to make the template on another machine, back it up, then restore it onto 
> this one... or see if that works.


So what did you actually try?
Did you do all the 5 things?
Or only 2 of the 5?

No log files from debug mode either? (6)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28de0122-77b7-4cd3-9c95-f48cadf1b51d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

[Ted Brenner]

Yes, my multimedia template uses Debian 8 as I had read it had good
support. But I hadn't installed the gnome-desktop or totem. I'll try that
out. Thanks!

On Mon, May 8, 2017 at 6:17 PM, Chris Laprise 
wrote:

> On 05/08/2017 02:25 PM, Ted Brenner wrote:
>
>> Yeah, I've just struggled with installing the libraries to play
>> protected content. The documentation for Linux doesn't seem to be very
>> good nor very up-to-date. But I can attach the DVD in an AppVM and I do
>> have VLC installed. Just can't get over the next hurdle.
>>
>>
> Have you tried the Debian template? It has good codec support.
>
> Installation:
>
> dom0$ sudo qubes-dom0-update qubes-template-debian-8
>
> Setup:
>
> debian$ sudo tasksel install desktop gnome-desktop
> (this will pull in programs like LibreOffice, too)
>
> debian$ sudo apt-get install vlc totem
>
> --
>
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>



-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutz%3DTU%2BG7F6eJwNgmab9heBNVVh0gMOu9AMsmr2Ln%3Df2pQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: What did qubes do to my laptop?

[Myron Weber]

On Monday, May 8, 2017 at 7:04:40 PM UTC-7, Chris Laprise wrote:
> Maybe someone is trying out Intel ME backdoor exploits? Or a freak 
> glitch from a cosmic ray...
Better than any explanation I've got...

> My advice would be to remove the battery and AC cord to totally 
> power-off the machine. But that's not easy now since newer laptops have 
> internal batteries. You should also check for a BIOS firmware update.
Good points. In this case, because my 3.2 install failed, I had just updated to 
the latest March-17 BIOS from Lenovo yesterday. And the BIOS has a way to 
temporarily disable the internal battery, which I had done along with removing 
the main battery and unplugging - and it was like that for about 10 minutes 
while I switched the SSD back to MATE. But it didn't exorcise the ghost.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/079c1217-e0a2-42b5-aa1a-6300c03945a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

[Chris Laprise]

On 05/08/2017 02:25 PM, Ted Brenner wrote:

Yeah, I've just struggled with installing the libraries to play
protected content. The documentation for Linux doesn't seem to be very
good nor very up-to-date. But I can attach the DVD in an AppVM and I do
have VLC installed. Just can't get over the next hurdle.



Have you tried the Debian template? It has good codec support.

Installation:

dom0$ sudo qubes-dom0-update qubes-template-debian-8

Setup:

debian$ sudo tasksel install desktop gnome-desktop
(this will pull in programs like LibreOffice, too)

debian$ sudo apt-get install vlc totem

--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b74c106-702d-423e-5a7b-4164eaffdda3%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] What did qubes do to my laptop?

[Myron Weber]

Sorry, this is long, but it's perhaps the strangest thing I've ever seen happen 
to a computer - and I started programming in 1979 when I was in Jr. High...

I have a Lenovo ThinkPad T460 laptop that previously had Qubes OS 3.1 installed 
and functioning, but I removed it and installed Ubuntu Mate because some of the 
things I needed to do (i.e. Skype) weren't easy to do on Qubes. When I read 
about some of the improvements in 3.2, I decided to try it. I pulled the Ubuntu 
drive and tried to install 3.2 this weekend to a new SSD. But I couldn't get it 
to install - just stuck in a reboot loop, even after I tried some of the UEFI 
bug fixes. So this morning I decided to install 3.1 and see if I could upgrade 
to 3.2. That's when things started to get weird.

After the 3.1 install completed and I logged in to the configured OS, the 
screen came up asking if a wanted to use the default configuration, and as soon 
as I touched the mouse, the screen went blank. Keep in mind this is the exact 
same computer that previously ran 3.1 flawlessly. What I found over the course 
of several reboots and a reinstall (which still had the same problem) is that 
after I logged in, moving the mouse pointer (with the trackpad, pointing stick, 
or external mouse) would cause the display to go blank. (I didn't get a chance 
to test it with an external monitor because of what I'll describe below.) By 
randomly moving the mouse pointer, the screen would flicker between black and 
normal, and if I got lucky I could get the screen to redisplay so I could see 
it. At that point, if I didn't touch the mouse, I could use the keyboard to 
interact with the OS. I launched a terminal, updated Dom0 - no change after 
reboot to the weird mouse/display thing. 

So I was using a different computer to research options while my Qubes OS 
desktop was logged in (I had moved the mouse randomly until the screen was 
displaying). Then after a few minutes I noticed the display rapidly flickering 
- now not from normal to black but from normal to very bright. I found that the 
screen was frozen - no response to any keyboard or mouse. So I held down the 
power button for a hard shutdown. That's when things got REALLY weird.

When I restarted the computer, as the Lenovo logo screen came up, the screen 
was flickering as before and the exact Qubes OS screen that was displayed prior 
to the shutdown was displayed along with it - like a screenshot (but 
flickering) overlayed on the normal display. It continued all the way through 
the boot and login, then the screen froze and continued to flicker the same 
image. Over the course of several restarts, and going to the BIOS menu, etc., 
this flickering Qubes desktop was like it was burned into the screen. I was 
pretty freaked out. I powered completely down and put the Ubuntu Mate drive in, 
and even then the flickering Qubes ghost image displayed with the Mate desktop. 
At a loss, I shut down and got some work done with my other computer. 

An hour later, I started it up again and the flickering Qubes image was still 
there, but fainter. Basically over the course of about 5 hours, each time I 
booted the computer, the flickering Qubes ghost image was successively fainter 
until finally it was gone. 

What happened? What did Qubes do to my laptop?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d29d07e0-dac6-4a40-979b-9d4931aa6a7c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] undo'ing default template for dvm please

[Unman]

On Mon, May 08, 2017 at 10:35:34PM +, yreb-bird wrote:
> OK I just did this :
> 
> Changing the DVM Template
> 
> You may want to use a non-default template the DVM Template. One example
> is to use a less-trusted template with some less trusted, 3rd party,
> often unsigned, applications installed, such as e.g. 3rd part printer
> drivers.
> 
> In order to regenerate the Disposable VM “snapshot” (called ‘savefile’
> on Qubes) one can use the following command in Dom0:
> 
> [user@dom0 ~]$ qvm-create-default-dvm 
> 
> This would create a new Disposable VM savefile based on the custom
> template. Now, whenever one opens a file (from any AppVM) in a
> Disposable VM, a Disposable VM based on this template will be used.
> 
> One can easily verify if the new Disposable VM template is indeed based
> on a custom template (in the example below the template called
> “f17-yellow” was used as a basis for the Disposable VM):
> 
> --
> but, I've given up  how  would  I put the default  template  back  to
> default ?
> [user@dom0 ~]$ qvm-create-default-dvm fedora-23
> 
> ??
> 

Yes, just like that.
[user@dom0 ]$ qvm-create-default-dvm fedora-23

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170508230635.GA29985%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] undo'ing default template for dvm please

[yreb-bird]

OK I just did this :

Changing the DVM Template

You may want to use a non-default template the DVM Template. One example
is to use a less-trusted template with some less trusted, 3rd party,
often unsigned, applications installed, such as e.g. 3rd part printer
drivers.

In order to regenerate the Disposable VM “snapshot” (called ‘savefile’
on Qubes) one can use the following command in Dom0:

[user@dom0 ~]$ qvm-create-default-dvm 

This would create a new Disposable VM savefile based on the custom
template. Now, whenever one opens a file (from any AppVM) in a
Disposable VM, a Disposable VM based on this template will be used.

One can easily verify if the new Disposable VM template is indeed based
on a custom template (in the example below the template called
“f17-yellow” was used as a basis for the Disposable VM):

--
but, I've given up  how  would  I put the default  template  back  to
default ?
[user@dom0 ~]$ qvm-create-default-dvm fedora-23

??


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc467532-db07-141d-38cd-fd86edf3f382%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

['PR' via qubes-users]

On 05/08/2017 08:22 PM, Jean-Philippe Ouellet wrote:

On Mon, May 8, 2017 at 2:15 PM, Ted Brenner 
  wrote:

I've struggled with multimedia as well. I've just been trying to play a DVD
but not be able to get it to work. Though I think this is not a Qubes issue
so much as a Linux issue. I have an old Mac that use for this so I haven't
been highly motivated to make it work. But I'm definitely interested in what
others find as I'd like to have one computer that can solve all my needs.

On Mon, May 8, 2017 at 12:45 PM, Grzesiek Chodzicki
   wrote:

W dniu poniedziałek, 8 maja 2017 19:30:16 UTC+2 użytkownik Piit napisał:

(...)
I tried to find out what is best practise to use spotify/netflix/amazon
prime/... etc. with Qubes, but it seems that this is not a common
usecase.

The problem is, that I can't those apps ins a
"multimedia-windows-app-VM" as there is no sound-support for windows
within Qubes.

And unfortunately Netflix & Co don't work out of the box with Linux.

Question: How do you use Qubes with those or similar
multimedia-services?

(...)

Tidal works in Chrome which does have a Linux client so I installed chrome
and use it to listen to music.


I've started to built a multimedia App-VM, to get Spotify/Netflix etc. 
working.

I've choosen to the Debian Template.

I had to run the following steps, is worth to add this to a new 
documentation page "multimedia under Qubes OS"?:


- How to enjox Spotify
- How to enjox Netflix
- How to enjox Amzon Prime



=
  How to enjoy Spotify under Qubes OS
=
Install-Howto: https://www.spotify.com/de/download/linux/ 



Detailed steps:

1) sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 
 --recv-keys 
BBEBDCB318AD50EC6865090613B00F1FD2C19886
2) echo deb http://repository.spotify.com stable non-free | sudo tee 
/etc/apt/sources.list.d/spotify.list

3) sudo apt-get update
4) sudo apt-get install spotify-client

I could then start the native spotify client .. easy.


==
  How to enjoy Netflix under Qubes OS
==
The built in Firefox (from the Debian Template VM) was Firefox ESR 45.3.0
According to the "supported browser" list Mozilla Firefox >= 47.x is needed.
I've thereoff installed Firefox v53.0.2 according to this manual:
http://libre-software.net/how-to-install-firefox-on-ubuntu-linux-mint/ 



1) download firefox from https://www.mozilla.org/en-US/firefox/new/?scene=2
direct download link:
https://download-installer.cdn.mozilla.net/pub/firefox/releases/53.0.2/linux-x86_64/en-US/firefox-53.0.2.tar.bz2 



2) unpack the downloaded file
tar -xjf firefox-53.0.2.tar.bz2

3) move the unpacked folder:
sudo mv firefox /opt/firefox53

4) Create a symlink to the new firefox version:
if you want to use the new installed firefox as "standard firefox", 
rename the original link in case you want to go back to the previous version

sudo mv /usr/bin/firefox /usr/bin/firefox-old
Create a link to the new firefox version
sudo ln -s /opt/firefox53/firefox /usr/bin/firefox

5) Launch firefox and open Preferences, Content and enable "Play DRM 
content"


That's it, login into Netflix and enjoy.



  How to enjoy Amazon Prime under Qubes OS


If you have setup everything to watch netflix (see above), Amazon Prime 
should also work.

Enjoy"

Kind regards

- P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09f3a1e7-fd58-2e95-0bd5-8b4d74c539af%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Youtube/Video Problem

[cooloutac]

On Sunday, May 7, 2017 at 7:19:27 PM UTC-4, Manuel Amador (Rudd-O) wrote:
> On 05/07/2017 07:07 PM, cooloutac wrote:
> > there is also vlc plugin for firefox browser. vlc uses its own codecs
> > don't think it installs anything for systemwide. You have to install
> > gstreamer packages for that. Although you shouldn't need to to for
> > youtube, but i had to install gstreamer1-libav to play mp4 streams,
> > maybe installing some codecs would help you also even though you
> > shouldn't have to.
> > This happens in all vms? 
> 
> This has to be an unrelated-to-codecs problem, because YouTube knows to
> serve HTML video + WebM to YouTube.
> 
> -- 
> Rudd-O
> http://rudd-o.com/

yes but the youtube html plugin is worth a shot.  I don't know what he'd do for 
other sites though.

on another note I can't stream my usual sites either cause I have to install 
mp3 and mp4 codecs on this fresh install.  ugh.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c51d9bf9-2981-488f-b0ec-63d9d728c29a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can't start sys-usb on fresh install of 3.2

[cooloutac]

On Monday, May 8, 2017 at 4:29:12 PM UTC-4, cooloutac wrote:
> On Monday, May 8, 2017 at 3:46:43 PM UTC-4, cooloutac wrote:
> > When I add the controllers to it and try to start it says, 
> > 
> > Unable to reset pci device no FLR, PM, or reset bus reset available.
> > 
> > I never had an issue with previous installation.  Also for some reason I 
> > think Qubes is seeing more controllers then it should for some reason?  It 
> > should only be seeing two but its seeing six.  
> > 
> > Anyone have similar issue?
> 
> ok well just removed all the other controllers I never seen before, 13.1-3, 
> lspci says they usb controller. I basically supposed to have ohci and ehci. 
> 12.1 and 12.2.  don't know what the 13s are maybe they card readers showing 
> up as usb on this machine,  its been a while so maybe I don't remember them.  
>  Usb sticks in all the ports I use go to sys-usb. so I guess its all good? 
> lol.

no actually I remember now,  this never happened before. known issue?   adding 
them w/e they are,   i get the error and sys-usb won't start.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddc921df-b526-4b52-bd22-0ead6ef897eb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can't start sys-usb on fresh install of 3.2

[cooloutac]

On Monday, May 8, 2017 at 3:46:43 PM UTC-4, cooloutac wrote:
> When I add the controllers to it and try to start it says, 
> 
> Unable to reset pci device no FLR, PM, or reset bus reset available.
> 
> I never had an issue with previous installation.  Also for some reason I 
> think Qubes is seeing more controllers then it should for some reason?  It 
> should only be seeing two but its seeing six.  
> 
> Anyone have similar issue?

ok well just removed all the other controllers I never seen before, 13.1-3, 
lspci says they usb controller. I basically supposed to have ohci and ehci. 
12.1 and 12.2.  don't know what the 13s are maybe they card readers showing up 
as usb on this machine,  its been a while so maybe I don't remember them.   Usb 
sticks in all the ports I use go to sys-usb. so I guess its all good? lol.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e7bbc7e-fd97-4e0c-b46b-1a6352a96f74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] can't start sys-usb on fresh install of 3.2

[cooloutac]

When I add the controllers to it and try to start it says, 

Unable to reset pci device no FLR, PM, or reset bus reset available.

I never had an issue with previous installation.  Also for some reason I think 
Qubes is seeing more controllers then it should for some reason?  It should 
only be seeing two but its seeing six.  

Anyone have similar issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1151611d-399b-41c7-9c5b-6241508ec304%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to create sys-net and sys-firewall

[cooloutac]

On Monday, May 8, 2017 at 1:04:28 PM UTC-4, rw...@adrianou.gq wrote:
> I didn't configure anything at initial setup. Because if I try to create 
> any VMs,Qubes always freeze at networking setting.
> 
> So I want to know how to create sys-net and sys-firewall manually.
> 
> So
> 
> 
> At moment, I want my privacy to be protected.
> https://mytemp.email/

You can use Qubes manager under VM,  hit create NEW VM.  name it sys-net, make 
it red color,  make it a netvm,  and select fedora as the template (or debian 
if you prefer).

Then you have to add your network controller to it.  you can use the lspci 
command in dom0 to identify your network controller.  Then add that device to 
the sys-net in vm settings, devices section.  Then reboot the vm and check 
network manager.

To make a sys-firewall create another new vm,  but instead of netvm,  set that 
one as proxy vm and make sys-firewall its netvm.  then done.

Then when you create an appvm you make sys-firewall its default netvm.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c84a7422-102f-4697-b37c-e8cfd85fcfac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] say it out (loud) - Qubes OS Stickers

[cooloutac]

On Tuesday, May 2, 2017 at 5:56:54 PM UTC-4, Darren Fix wrote:
> On Tuesday, May 2, 2017 at 12:29:28 PM UTC-6, cooloutac wrote:
> > On Monday, May 1, 2017 at 2:44:08 PM UTC-4, Darren Fix wrote:
> > > On Monday, May 1, 2017 at 12:37:56 PM UTC-6, cooloutac wrote:
> > > > On Friday, April 28, 2017 at 9:59:03 PM UTC-4, Darren Fix wrote:
> > > > > On Tuesday, April 25, 2017 at 9:09:06 AM UTC-6, cooloutac wrote:
> > > > > > On Monday, April 24, 2017 at 3:32:57 AM UTC-4, lok...@gmail.com 
> > > > > > wrote:
> > > > > > > On Saturday, 22 April 2017 07:46:28 UTC+8, Dominique St-Pierre 
> > > > > > > Boucher  wrote:
> > > > > > > 
> > > > > > > > I would love a big logo like the one on the Twitter post in 
> > > > > > > > 2015. I would also 
> > > > > > > > like to have a small on to cover that windows logo on the 
> > > > > > > > keyboard... I would also 
> > > > > > > > like one with "Qubes inside"...
> > > > > > > 
> > > > > > > If you want a sticker, wouldn't it make more sense to have 
> > > > > > > something without text. I'd argue that the best symbol for a 
> > > > > > > secure laptop is one without any symbols or stickers at all. Just 
> > > > > > > a single colour no-label laptop.
> > > > > > > 
> > > > > > > If there was a way to remove the vendor label (Dell, HP, etc...) 
> > > > > > > from a latpop, I'd do it. :-)
> > > > > > 
> > > > > > I mean I guess you have a point though from a security point of 
> > > > > > view. But I use a desktop.
> > > > > > 
> > > > > > I wonder does xfce have a windows desktop theme? lol
> > > > > 
> > > > > All right! I had some high quality stickers made by stickermule and 
> > > > > they arrived today. I paid $66 for 100 of them. My plan is to send 34 
> > > > > to the Qubes team and charge $1 + shipping apiece for the remaining 
> > > > > 66. I haven't figured out the details yet, but if you're interested 
> > > > > hit me up with a private response with the following four pieces of 
> > > > > information: Qubes sticker in the subject, Min number of stickers, 
> > > > > Max number of stickers, cost of 1st class shipping from USA to where 
> > > > > you live. 
> > > > > 
> > > > > Once I've figured out what the demand is and a fair way to distribute 
> > > > > them as widely as possible, I'll try to get back to you to get 
> > > > > shipping information, etc. 
> > > > > 
> > > > > Just so we're clear, the $1 price per sticker is paying for the 
> > > > > stickers that I'm going to send to the developers/team, so any 
> > > > > stickers that you buy will indirectly help them... kinda.
> > > > > 
> > > > > https://goo.gl/photos/rnqetfXjeekJS6yv9
> > > > > 
> > > > > Cheers!
> > > > > 
> > > > > Darren
> > > > 
> > > > I'll take one but I don't know how to do private response.
> > > > 
> > > > Also, I think Qubes should sell usb sticks with ISO on them.  I would 
> > > > pay extra for that.
> > > 
> > > If you're using the groups.google.com interface, you can just click on 
> > > the down arrow at the right of the post and select "Reply privately to 
> > > author".
> > 
> > I sent you a private message but don't think I got a response.
> 
> it should go directly to your gmail account (or whatever account you're using 
> for google groups.) I actually sent you two... I changed my mind on the first 
> one! hahahaha

stickers look good tks man!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/820c0d7f-6c82-4ea1-b421-aa0f1d44377c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Intel ME exploitable

[cooloutac]

On Monday, May 8, 2017 at 1:16:26 AM UTC-4, Vít Šesták wrote:
> While I sometimes use the arguments “in such case e, attacker gains nothing, 
> because it assumes you are already compromised”, one has to be careful with 
> this, because compromise doesn't imply a total compromise.
> 
> A simple example (unrelated to ME) of this catch: One might think that giving 
> user full permissions for all the files does not decrease the security if the 
> user can simply sudo anything. While this is not mostly true when considering 
> RCE vulnerabilities (or running a trojan), it doesn't apply to 
> path-traversal-like vulnerability – attacker is not automatically in the 
> position where she can simply call sudo.
> 
> I don't know ME well, but maybe this catch also applies to ME. Note that 
> whole ME includes not only some persistently running chip and its firmware, 
> it also includes some (optional) software for the OS, which is BTW actually 
> recommended to be removed by the Intel's security advisory. I don't know what 
> is it exactly capable of, it can probably give the admin access to OS shell, 
> and maybe something more. (And BTW, you can see it in dom0 by lsmod.) This 
> just illustrates that ME is actually a complex beast and it's hard to 
> properly reason about it.
> 
> Regards,
> Vít Šesták 'v6ak'

as far as I've always understood one of main purposes of  amt/vpro/ME, w/e you 
call it,  was so you can recover a crashed os remotely.  I doubt removing stuff 
even from kernel is a total solution.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ee5fc02-78aa-4de3-a58b-24cf640dbfe6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: No network connection v2

[cooloutac]

On Sunday, May 7, 2017 at 10:29:34 PM UTC-4, babel wrote:
> On Saturday, May 6, 2017 at 7:38:16 PM UTC+2, menthols wrote:
> > Today installed Qubes 3rd release, but no network connection. Spent hours 
> > trying to fix it, but to no avail. Network card is recognized. I have two 
> > cables connected, no WiFi. I try to put qubes on Dell poweredge, Intel Xeon 
> > e3, 8 GB RAM, Broadcom NetXtreme Gigabit Ethernet PCIe, two 1 TB 
> > harddrives. I used option "Test and install" at installation, no error 
> > message. I have choosed both harddisks at install, hope there is someway to 
> > configure the soft raid. Before tried to install other Linux flavors before 
> > (Debian-8 and Fedora-23) and none of them had any trouble connecting to the 
> > internet immediately (updates downloaded during install). Maybe need to 
> > activate some more PCI devices. What's the best I can do? Wait for the next 
> > release? Buy another machine? ;-)
> > 
> > 
> > Opened netvm terminal and checked the following things: 
> > 
> > 1. Does 'lspci' list your network adapter?  
> > Yes, i've tried both debian-8 and fedora-23 both list the network cards.
> > 
> > 2. Do you have interface detected (does 'ifconfig -a' contains en* device)? 
> > No, none of them detect the interface using ifconfig.
> > 
> > 3. Does kernel messages ('dmesg') contains some errors regarding network 
> > device initialization? 
> > No, there is no message regarding network at all.
> > 
> > 4. Check if linux-firmware package is installed (rpm -q linux-firmware).
> > Yes it is installed.
> > 
> > 
> > Ethernet controller: Broadcom Corporation NetXtreme BCM5720 Gigabit 
> > Ethernet PCIe
> 
> Same here on a NUC7i3bn...
> check 
> lspci -nnk
> which was shoowing me that the kernel modules for both the ethernet port 
> (i219-v intel gigabit ethernet controller) and the 8265 wireless module were 
> not loading.  
> Sorry to disappoint you, but I still haven't found a solution.  If you have 
> the same problem and find a solution, please let me know.

are you able to load them manually with modprobe?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bbd641d-80a9-40ca-89cd-d31d51aae39f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

[cooloutac]

On Monday, May 8, 2017 at 2:25:51 PM UTC-4, Ted Brenner wrote:
> Yeah, I've just struggled with installing the libraries to play protected 
> content. The documentation for Linux doesn't seem to be very good nor very 
> up-to-date. But I can attach the DVD in an AppVM and I do have VLC installed. 
> Just can't get over the next hurdle. 
> 
> 
> On Mon, May 8, 2017 at 1:22 PM, Jean-Philippe Ouellet  wrote:
> On Mon, May 8, 2017 at 2:15 PM, Ted Brenner  wrote:
> 
> > I've struggled with multimedia as well. I've just been trying to play a DVD
> 
> > but not be able to get it to work. Though I think this is not a Qubes issue
> 
> > so much as a Linux issue. I have an old Mac that use for this so I haven't
> 
> > been highly motivated to make it work. But I'm definitely interested in what
> 
> > others find as I'd like to have one computer that can solve all my needs.
> 
> >
> 
> > On Mon, May 8, 2017 at 12:45 PM, Grzesiek Chodzicki
> 
> >  wrote:
> 
> >>
> 
> >> W dniu poniedziałek, 8 maja 2017 19:30:16 UTC+2 użytkownik Piit napisał:
> 
> >> > Hello,
> 
> >> >
> 
> >> > I tried to find out what is best practise to use spotify/netflix/amazon
> 
> >> > prime/... etc. with Qubes, but it seems that this is not a common
> 
> >> > usecase.
> 
> >> >
> 
> >> > The problem is, that I can't those apps ins a
> 
> >> > "multimedia-windows-app-VM" as there is no sound-support for windows
> 
> >> > within Qubes.
> 
> >> >
> 
> >> > And unfortunately Netflix & Co don't work out of the box with Linux.
> 
> >> >
> 
> >> > Question: How do you use Qubes with those or similar
> 
> >> > multimedia-services?
> 
> >> >
> 
> >> > - P.
> 
> >>
> 
> >> Tidal works in Chrome which does have a Linux client so I installed chrome
> 
> >> and use it to listen to music.
> 
> 
> 
> DVDs should be exposed as regular block devices that you can attach to
> 
> a media-playing VM (with VLC installed or whatever) via qvm-block [1].
> 
> 
> 
> [1]: https://www.qubes-os.org/doc/dom0-tools/qvm-block/
> 
> 
> 
> 
> 
> -- 
> 
> Sent from my Desktop

for HBO and stuff like that you need install HAL and flash and use firefox.

Another option instead of installing flash is intall pipelight and enable 
wildvine and flash throught that.   Another option for netflix is to enable 
silverlight through that if you rather use ff for netflix.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6c505eb-890d-4e58-9593-5dd812489df7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

[cooloutac]

On Monday, May 8, 2017 at 1:30:16 PM UTC-4, Piit wrote:
> Hello,
> 
> I tried to find out what is best practise to use spotify/netflix/amazon 
> prime/... etc. with Qubes, but it seems that this is not a common usecase.
> 
> The problem is, that I can't those apps ins a 
> "multimedia-windows-app-VM" as there is no sound-support for windows 
> within Qubes.
> 
> And unfortunately Netflix & Co don't work out of the box with Linux.
> 
> Question: How do you use Qubes with those or similar multimedia-services?
> 
> - P.

you can use google chrome for netflix and amazon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c03b142-5506-4018-ba11-d788f7fdef3d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as primary OS? Multimedia Experience: Spotofy / Netflix / Amazon Prime / how to make it work?

[Ted Brenner]

Yeah, I've just struggled with installing the libraries to play protected
content. The documentation for Linux doesn't seem to be very good nor very
up-to-date. But I can attach the DVD in an AppVM and I do have VLC
installed. Just can't get over the next hurdle.

On Mon, May 8, 2017 at 1:22 PM, Jean-Philippe Ouellet  wrote:

> On Mon, May 8, 2017 at 2:15 PM, Ted Brenner  wrote:
> > I've struggled with multimedia as well. I've just been trying to play a
> DVD
> > but not be able to get it to work. Though I think this is not a Qubes
> issue
> > so much as a Linux issue. I have an old Mac that use for this so I
> haven't
> > been highly motivated to make it work. But I'm definitely interested in
> what
> > others find as I'd like to have one computer that can solve all my needs.
> >
> > On Mon, May 8, 2017 at 12:45 PM, Grzesiek Chodzicki
> >  wrote:
> >>
> >> W dniu poniedziałek, 8 maja 2017 19:30:16 UTC+2 użytkownik Piit napisał:
> >> > Hello,
> >> >
> >> > I tried to find out what is best practise to use
> spotify/netflix/amazon
> >> > prime/... etc. with Qubes, but it seems that this is not a common
> >> > usecase.
> >> >
> >> > The problem is, that I can't those apps ins a
> >> > "multimedia-windows-app-VM" as there is no sound-support for windows
> >> > within Qubes.
> >> >
> >> > And unfortunately Netflix & Co don't work out of the box with Linux.
> >> >
> >> > Question: How do you use Qubes with those or similar
> >> > multimedia-services?
> >> >
> >> > - P.
> >>
> >> Tidal works in Chrome which does have a Linux client so I installed
> chrome
> >> and use it to listen to music.
>
> DVDs should be exposed as regular block devices that you can attach to
> a media-playing VM (with VLC installed or whatever) via qvm-block [1].
>
> [1]: https://www.qubes-os.org/doc/dom0-tools/qvm-block/
>



-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutxYgvUS_N0BFMtC2iNb7Df8%3DbLxB0EQSAFqVjA766aQ7Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: No network connection v2

[menthols]

On Monday, May 8, 2017 at 5:29:34 AM UTC+3, babel wrote:
> On Saturday, May 6, 2017 at 7:38:16 PM UTC+2, menthols wrote:
> > Today installed Qubes 3rd release, but no network connection. Spent hours 
> > trying to fix it, but to no avail. Network card is recognized. I have two 
> > cables connected, no WiFi. I try to put qubes on Dell poweredge, Intel Xeon 
> > e3, 8 GB RAM, Broadcom NetXtreme Gigabit Ethernet PCIe, two 1 TB 
> > harddrives. I used option "Test and install" at installation, no error 
> > message. I have choosed both harddisks at install, hope there is someway to 
> > configure the soft raid. Before tried to install other Linux flavors before 
> > (Debian-8 and Fedora-23) and none of them had any trouble connecting to the 
> > internet immediately (updates downloaded during install). Maybe need to 
> > activate some more PCI devices. What's the best I can do? Wait for the next 
> > release? Buy another machine? ;-)
> > 
> > 
> > Opened netvm terminal and checked the following things: 
> > 
> > 1. Does 'lspci' list your network adapter?  
> > Yes, i've tried both debian-8 and fedora-23 both list the network cards.
> > 
> > 2. Do you have interface detected (does 'ifconfig -a' contains en* device)? 
> > No, none of them detect the interface using ifconfig.
> > 
> > 3. Does kernel messages ('dmesg') contains some errors regarding network 
> > device initialization? 
> > No, there is no message regarding network at all.
> > 
> > 4. Check if linux-firmware package is installed (rpm -q linux-firmware).
> > Yes it is installed.
> > 
> > 
> > Ethernet controller: Broadcom Corporation NetXtreme BCM5720 Gigabit 
> > Ethernet PCIe
> 
> Same here on a NUC7i3bn...
> check 
> lspci -nnk
> which was shoowing me that the kernel modules for both the ethernet port 
> (i219-v intel gigabit ethernet controller) and the 8265 wireless module were 
> not loading.  
> Sorry to disappoint you, but I still haven't found a solution.  If you have 
> the same problem and find a solution, please let me know.

Hello babel,

my solution was to buy an additional PCIe netcard and use it :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c6165f5-826c-47a1-82bc-1ac6d0f338fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] android on a vm

[mattiapasinetti23]

Hello, i am trying to install an android operating system in a virtual machine 
of qubes os, i tried to start the iso of remix os but it only works in guest 
mode and with a mouse bug i downloaded another version in rpm package But i 
have no idea how to install it, my question is some of you know how to install 
a version of android as remix os or pheonixos that can be installed in a vm 
without any problems?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae4c4a70-f52f-4bef-b0b4-0986f1cd437e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Intel ME exploitable

[Vít Šesták]

> Get some code running in there, you're root.

True, but at this moment, you are supposing attacker has already RCEd it. A 
logic flaw might allow one to do quite less than RCE. For example, it might 
mount a block device. In such case, it would be better to be mounted to some 
dummy VM rather than dom0.

But maybe I am getting too theoretical there and it is not going to make a huge 
difference.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa8b7759-2d54-401a-a3a3-107539361d7a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] OpenWhisper Systems Signal not quite right in Qubes 3.2/Fedora23/Chromium

[Manuel Amador (Rudd-O)]

On 05/08/2017 02:05 AM, Neal Rauhauser wrote:
>
> I installed Qubes 3.2 on a Dell Precision M4600 (slick) and I've been trying 
> to migrate a portion of my day to day work to it.
>
>
> I have many contacts who use Open Whisper Systems Signal App for 
> communication. I've used the Google Chrome extension on both OSX and Linux 
> without any troubles.
>
> Using a Fedora 23 VM I found Chrome installs to be clumsy, while yum install 
> chromium just works. The Signal Chrome App installs and runs, but the 
> directory function is broke. Existing conversations are fine, but they are 
> with phone numbers rather than names, and I can't look up any other contacts 
> to initiate conversations, I have to wait for them to come to me.
>
> Has anyone else already resolved this problem? This is a "beachhead issue" 
> for me - if I can get Signal going, I can switch a good sized chunk of what I 
> do to Qubes.
>
Have you tried running an Android x86 distro as a VM?

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d528f7e4-9577-fe80-3002-cebf82b839fc%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Intel ME exploitable

[Manuel Amador (Rudd-O)]

On 05/08/2017 05:16 AM, Vít Šesták wrote:
> While I sometimes use the arguments “in such case e, attacker gains nothing, 
> because it assumes you are already compromised”, one has to be careful with 
> this, because compromise doesn't imply a total compromise.

True, yet see below.

>
> A simple example (unrelated to ME) of this catch: One might think that giving 
> user full permissions for all the files does not decrease the security if the 
> user can simply sudo anything. While this is not mostly true when considering 
> RCE vulnerabilities (or running a trojan), it doesn't apply to 
> path-traversal-like vulnerability – attacker is not automatically in the 
> position where she can simply call sudo.

True, yet nowhere near the gravity of access to ME.  ME is running an OS
that has effectively the security properties of MS-DOS.  Get some code
running in there, you're root.  Except you're root on the entire
machine.  Even if you don't get code running there, commandeering it is
enough to do remote screen and remote reprovision.

>
> I don't know ME well, but maybe this catch also applies to ME. Note that 
> whole ME includes not only some persistently running chip and its firmware, 
> it also includes some (optional) software for the OS, which is BTW actually 
> recommended to be removed by the Intel's security advisory. I don't know what 
> is it exactly capable of, it can probably give the admin access to OS shell, 
> and maybe something more. (And BTW, you can see it in dom0 by lsmod.) This 
> just illustrates that ME is actually a complex beast and it's hard to 
> properly reason about it.
>
The removal of the software just makes it harder for attackers (now they
have to have system privileges to talk to the I/O ports or PCI, so
exploit chaining would be needed).  It is sound security advice to
reduce the attack surface in this way, as it isn't a given that
exploiting Microsoft Internet Exploder (or whatever they're calling it
these days) will yield system access.

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59740614-3744-1ef3-bc1f-ee89f5d45c16%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.