[qubes-users] Re: liklihood of an fx 8350 amd processor working

[Ron Qubed]

On Friday, November 17, 2017 at 6:22:03 AM UTC-7, Styles Grant wrote:
> I did see some evidence of one guy who got a ryzen to work, and another who 
> got an a 10 series to work. I'd nab an a 10, but this old fx 8350 is on sale.
> 
> What do you think?

I'm running on an FX-6300, and it's working great for me. I was a little 
worried when I started reading the docs and saw there were issues with AMD 
support, but no problems. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21c2cb9c-026a-4735-a3b0-e14156fd12b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: When transferring file between Qubes, MD5 changes.

[vegetarianstoat]

The nature of the error was deterministic, deterministic as in "stupid human."

I really appreciate all the support but I had some really similar file names 
and way too much faith in my command line history.  

Sorry guys.
(I had also been working 16+ hours at the time.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6439518f-dbb6-4ffd-be03-09ffd31bf5b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How To Fix Libvirt Internal Error

[Person]

First of all - which Qubes version? 
I run Qubes 3.2. 

Where is the ISO you want to attach - in dom0, or in some other VM? 
I put the ISO in another VM, sys-net.

I took a look at /var/log/libvirt/libxl/libxl-driver.log for some details. 
The log looked like this: 
https://imgur.com/a/rK9Bq 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87dd2f00-4da4-4dcc-926b-c20737125793%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Canary #13

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-11-17 19:56, Gordon Rice wrote:
>>
>> The warning is evident: Andrew's key is not signed. Questions about this
>> have been asked before, and the reason is probably that most of the
>> Qubes team are using split-gpg (www.qubes-os.org/doc/split-gpg) with
>> subkeys. If you review that page then you will see that one of the
>> downsides of using subkeys is that it's not possible to sign other
>> people's keys.
>>
>> This doesnt mean that you cant trust Andrew's key - there are many
>> things you can do to check that it is the right key and belongs to him.
>> What you cant do is hand off that process of establishing trust to some
>> one else (and that is what the web of trust does).
>>
>> Hope that's somewhat clear
>>
>> unman
> 
> Perfectly clear. I had noticed the subkey, but hadn't connected the dots. 
> Thank you for taking the time to answer. 
> 

Unman's explanation is great, as usual. I'll just add links to some
sources that may be helpful in establishing the validity of my key, in
case you're interested:

https://www.qubes-os.org/team/#andrew-david-wong (fingerprint)
https://andrewdavidwong.com/ (fingerprint)
https://andrewdavidwong.com/adw.asc (key)
https://andrewdavidwong.com/fingerprints.txt (signed statement of other 
fingerprints)
https://keybase.io/adw (fingerprint, key, and social media proofs)
https://github.com/andrewdavidwong/keys (keys)

We always strongly recommend reading this (if you haven't already):
https://www.qubes-os.org/security/verifying-signatures/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaD5t4AAoJENtN07w5UDAwzQoP/0cRZqFpbhHKXEJhpbDe/4hq
vh7u3+8Ey6hUBrhOF/l8W6Fms6xfOgewo45tOiREVkAva/rCTw3wQTrCffKYLUhi
QQyldLlqReMTsd6XVGCXJ3OL7uyiCN7uonliFCqx1cRbX9h1lLzIvK+pg6kIp9+R
IoJfQFSWffuOeajlp4QXNYDlLp3ezEf+9GA6AIZnaIdv4WzZ9kbG7KG6VmfrVkfH
cqH0rvF/mzb+LzkKmbyqfl5cs9zD4Gy+Ozuse5xDq/csr+LW6w/GhE9x1M/4EHak
aweMHx8dQULQ31mqcs7p20kVYqtaXws3ur981VaqE1WLmQT13KheS6wrpej7cSyN
jWkYr+QZiCdv8IxZ0yyVL1AqoBJ7jFj9tRwCS7Voh2CAS1uWOJLM6Xo/9yG9X6tj
PAyXn+BXegk4LdO4wipuL5fX212zn8PasDZwNYtr01zlPPQpLKPtVtfNKVyJnY75
FjyIi1H4Gllc8VcfCy3kEvg/SCLPWR/ijdF6VeBGQCksMxT+CPWX6fpG4p3u+pzr
Wb38Zfb0jMqpOS+Rds67qIt0DoknCQR18iJQY1d2fDHmvlmhxO5KNuOef3AzdnXc
mlR+myyoYnnR8u4bZYwH6gb2rP575CfV6uC68bF596WiE0R0bt466vUd5hyqaR7A
ngz9hXVOciQIqqIjjx7Y
=HxBu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc7acd23-bc81-ee96-a07f-ce5596ab124d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Canary #13

[Gordon Rice]

> 
> The warning is evident: Andrew's key is not signed. Questions about this
> have been asked before, and the reason is probably that most of the
> Qubes team are using split-gpg (www.qubes-os.org/doc/split-gpg) with
> subkeys. If you review that page then you will see that one of the
> downsides of using subkeys is that it's not possible to sign other
> people's keys.
> 
> This doesnt mean that you cant trust Andrew's key - there are many
> things you can do to check that it is the right key and belongs to him.
> What you cant do is hand off that process of establishing trust to some
> one else (and that is what the web of trust does).
> 
> Hope that's somewhat clear
> 
> unman

Perfectly clear. I had noticed the subkey, but hadn't connected the dots. Thank 
you for taking the time to answer. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b67c796b-1290-4eba-bcf7-d85e4a659105%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Canary #13

[Unman]

On Fri, Nov 17, 2017 at 11:47:06AM -0800, d5od...@gmail.com wrote:
> On Friday, September 29, 2017 at 6:31:15 PM UTC-7, Andrew David Wong wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > Dear Qubes community,
> > 
> > On 2017-09-12, we published Qubes Canary #13. The text of this canary is
> > reproduced below. This canary and its accompanying signatures will always be
> > available in the Qubes Security Pack (qubes-secpack).
> > 
> > View Canary #13 in the qubes-secpack:
> > 
> > 
> > 
> > Learn about the qubes-secpack, including how to obtain, verify, and read it:
> > 
> > 
> > 
> > View all past canaries:
> > 
> > 
> > 
> > ```
> > ---===[ Qubes Canary #13 ]===---
> > 
> > 
> > Statements
> > - ---
> > 
> > The Qubes core developers who have digitally signed this file [1]
> > state the following:
> > 
> > 1. The date of issue of this canary is September 12, 2017.
> > 
> > 2. There have been 33 Qubes Security Bulletins published so far.
> > 
> > 3. The Qubes Master Signing Key fingerprint is:
> > 
> > 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
> > 
> > 4. No warrants have ever been served to us with regard to the Qubes OS
> > Project (e.g. to hand out the private signing keys or to introduce
> > backdoors).
> > 
> > 5. We plan to publish the next of these canary statements in the first
> > two weeks of December 2017. Special note should be taken if no new canary
> > is published by that time or if the list of statements changes without
> > plausible explanation.
> > 
> > Special announcements
> > - --
> > 
> > None.
> > 
> > Disclaimers and notes
> > - --
> > 
> > We would like to remind you that Qubes OS has been designed under the
> > assumption that all relevant infrastructure is permanently
> > compromised.  This means that we assume NO trust in any of the servers
> > or services which host or provide any Qubes-related data, in
> > particular, software updates, source code repositories, and Qubes ISO
> > downloads.
> > 
> > This canary scheme is not infallible. Although signing the declaration
> > makes it very difficult for a third party to produce arbitrary
> > declarations, it does not prevent them from using force or other
> > means, like blackmail or compromising the signers' laptops, to coerce
> > us to produce false declarations.
> > 
> > The news feeds quoted below (Proof of freshness) serves to demonstrate
> > that this canary could not have been created prior to the date stated.
> > It shows that a series of canaries was not created in advance.
> > 
> > This declaration is merely a best effort and is provided without any
> > guarantee or warranty. It is not legally binding in any way to
> > anybody. None of the signers should be ever held legally responsible
> > for any of the statements made here.
> > 
> > Proof of freshness
> > - ---
> > 
> > $ date -R -u
> > Mon, 11 Sep 2017 17:54:05 +
> > 
> > $ feedstail -1 -n5 -f '{title}' -u 
> > https://www.spiegel.de/international/index.rss
> > A Shrinking Giant: EU Worries Grow over U.S. Economic Chaos
> > Iranian Vice President Salehi on Nuclear Deal: 'Our Partners Have More To 
> > Lose Than We Do'
> > Is Moscow Planning Something?: Germany Prepares for Possible Russian 
> > Election Meddling
> > Where Dreams Come to Die: Migrant Path in Europe Ends at Brenner Pass
> > Stemming the Flow: Why Europe's Migrant Strategy Is an Illusion
> > 
> > $ feedstail -1 -n5 -f '{title}' -u 
> > http://rss.nytimes.com/services/xml/rss/nyt/World.xml
> > Desperation Mounts in Caribbean Islands: ‘All the Food Is Gone’
> > Mexico Mourns After Quake: ‘We Have No Idea How We Are Going to Rebuild’
> > Rohingya Crisis in Myanmar Is ‘Ethnic Cleansing,’ U.N. Rights Chief Says
> > Need to Catch Up on the German Election? Here’s a Guide
> > U.S. Weakens Resolution on North Korea to Gain Chinese and Russian Support
> > 
> > $ feedstail -1 -n5 -f '{title}' -u 
> > http://feeds.bbci.co.uk/news/world/rss.xml
> > Hurricane Irma: Florida launches huge relief operation
> > Rohingya crisis: UN sees 'ethnic cleansing' in Myanmar
> > Catalan independence rally: Thousands gather in Barcelona
> > Trump on 9/11 anniversary: "Our nation will endure"
> > Venezuela accuses UN of lying over alleged rights abuses
> > 
> > $ feedstail -1 -n5 -f '{title}' -u 
> > http://feeds.reuters.com/reuters/worldnews
> > U.N. Security Council to vote Monday on weakened North Korea sanctions: 
> > diplomats
> > Afghanistan will never again be militant sanctuary: U.S. ambassador
> > U.N. rights boss sees possible "crimes against humanity" in Venezuela
> > Russia, Jordan agree to speed de-escalation zone in south Syria
> > U.N. brands Myanmar violence a 'textbook' example of ethnic cleansing
> > 
> > $ curl -s 

Re: [qubes-users] Re: Qubes Canary #13

[Gordon Rice]

Thank you for the answer to the first question. The back ticks took care of not 
finding the file. The warning pops up for the `git describe` now though:

$ git tag -v `git describe`
object 8567fa1b877d5afa5789448a0027717a44329cd3
type commit
tag adw_8567fa1b
tagger Andrew David Wong > 1510443087 -0600

Tag for commit 8567fa1b877d5afa5789448a0027717a44329cd3
gpg: Signature made Sat 11 Nov 2017 03:31:27 PM PST using RSA key ID 39503030
gpg: Good signature from "Andrew David Wong >"
gpg: aka "Andrew David Wong >"
gpg: aka "Andrew David Wong >"
gpg: aka "Andrew David Wong >"
gpg: aka "Andrew David Wong >"
gpg: aka "Andrew David Wong >"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the owner.
Primary key fingerprint: BBAF 910D 1BC9 DDF4 1043  629F BC21 1FCE E9C5 4C53
 Subkey fingerprint: 650E EB09 85F4 8F78 5E9C  61F5 DB4D D3BC 3950 3030
$ 

Again, the signature is good, but the key is not certified. What are the 
implications of this message?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03e75ad8-b1fe-4c6e-99f1-1f9c95435e19%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Hope to install the OS on an SSD and /home on a spinning disk

[Ron Qubed]

On Friday, November 17, 2017 at 7:49:00 AM UTC-7, toront...@gmail.com wrote:
> I intend to reinstall 3.2 which is currently running on somewhat undersized 
> SSD. This time I would like to keep most of the semi-static portions of the 
> OS and templates on the SSD for speed and to reduce wear on the SSD and the 
> more dynamic parts on a spinning disk. If this were a conventional Linux 
> distro, I would put /tmp, /var, /home in separate partitions on the spinner 
> and the rest on the SSD. I would tend to put swap on the spinner also because 
> with the amount of memory in this box, I do not expect swap to be used much, 
> if at all and would rather wast space on the disk than the SSD.
> 
> The problem is that the more I think about it, the more convinced I have 
> become that I do not actually understand the file system structure in Qubes 
> OS.
> 
> I have done some keyword searches here but have not found what I need. I 
> would appreciate any pointers as to where I could find this info or if it is 
> compact, a list of what to put where would be great. I am fully comfortable 
> with fdisk so I do not need help with the partitioning itself, unless there 
> is some unusual gotchas in Qubes.
> 
> I think I need to still put /tmp and /Var on the disk but I think I 
> understand that the /home for each of the VMs actually reside in /var but I 
> do not know what is happening with /tmp.
> 
> Thank you in advance.

I did this when I installed 3.2, but with a tweak to what's described in the 
docs: rather than symlinks (which it says break the backups), I used the 
existing directory as a mountpoint. I have some detailed notes I've meant to 
write up properly. I'll see if I can get them pasted in here later. But 
basically I:

1. Installed QubesOS normally, using just the SSD (with a tiny swap space, just 
to stop Qubes from complaining every boot, but that's optional). 

2. Set up two hard drives mirrored with mdraid, and encrypted with LUKS.

3. Manually decrypted and mounted the drive (the two drives are seen as one md0 
drive) to a temporary mount point.

4. Ensured all appvms were shutdown, and moved all of them to the new drive 
(these were the only ones I was really worried about; the rest I can get with a 
reinstall).

5. Unmounted md0 and remounted it on top of the old appvms directory.

6. Tested that everything worked as expected (appvms startup, function, and 
shutdown properly).

7. Edited fstab, crypttab, and mdadm.conf to ensure these get mounted during 
boot.

8. Rebooted, and all was good. A few more steps, but no symlinks, appvms all on 
a separate, encrypted, mirrored drive. A nice little feature too is that since 
I used the same passphrase for md0 as for the SSD, it only prompts once for 
them during boot.

Ron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3da29ed4-046a-4dee-acfe-d5d2b2e43f51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes Canary #13

[Jean-Philippe Ouellet]

On Fri, Nov 17, 2017 at 2:47 PM,   wrote:
> On Friday, September 29, 2017 at 6:31:15 PM UTC-7, Andrew David Wong wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> Dear Qubes community,
>>
>> On 2017-09-12, we published Qubes Canary #13. The text of this canary is
>> reproduced below. This canary and its accompanying signatures will always be
>> available in the Qubes Security Pack (qubes-secpack).
>>
>> View Canary #13 in the qubes-secpack:
>>
>> 
>>
>> Learn about the qubes-secpack, including how to obtain, verify, and read it:
>>
>> 
>>
>> View all past canaries:
>>
>> 
>>
>> ```
>> ---===[ Qubes Canary #13 ]===---
>>
>>
>> Statements
>> - ---
>>
>> The Qubes core developers who have digitally signed this file [1]
>> state the following:
>>
>> 1. The date of issue of this canary is September 12, 2017.
>>
>> 2. There have been 33 Qubes Security Bulletins published so far.
>>
>> 3. The Qubes Master Signing Key fingerprint is:
>>
>> 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
>>
>> 4. No warrants have ever been served to us with regard to the Qubes OS
>> Project (e.g. to hand out the private signing keys or to introduce
>> backdoors).
>>
>> 5. We plan to publish the next of these canary statements in the first
>> two weeks of December 2017. Special note should be taken if no new canary
>> is published by that time or if the list of statements changes without
>> plausible explanation.
>>
>> Special announcements
>> - --
>>
>> None.
>>
>> Disclaimers and notes
>> - --
>>
>> We would like to remind you that Qubes OS has been designed under the
>> assumption that all relevant infrastructure is permanently
>> compromised.  This means that we assume NO trust in any of the servers
>> or services which host or provide any Qubes-related data, in
>> particular, software updates, source code repositories, and Qubes ISO
>> downloads.
>>
>> This canary scheme is not infallible. Although signing the declaration
>> makes it very difficult for a third party to produce arbitrary
>> declarations, it does not prevent them from using force or other
>> means, like blackmail or compromising the signers' laptops, to coerce
>> us to produce false declarations.
>>
>> The news feeds quoted below (Proof of freshness) serves to demonstrate
>> that this canary could not have been created prior to the date stated.
>> It shows that a series of canaries was not created in advance.
>>
>> This declaration is merely a best effort and is provided without any
>> guarantee or warranty. It is not legally binding in any way to
>> anybody. None of the signers should be ever held legally responsible
>> for any of the statements made here.
>>
>> Proof of freshness
>> - ---
>>
>> $ date -R -u
>> Mon, 11 Sep 2017 17:54:05 +
>>
>> $ feedstail -1 -n5 -f '{title}' -u 
>> https://www.spiegel.de/international/index.rss
>> A Shrinking Giant: EU Worries Grow over U.S. Economic Chaos
>> Iranian Vice President Salehi on Nuclear Deal: 'Our Partners Have More To 
>> Lose Than We Do'
>> Is Moscow Planning Something?: Germany Prepares for Possible Russian 
>> Election Meddling
>> Where Dreams Come to Die: Migrant Path in Europe Ends at Brenner Pass
>> Stemming the Flow: Why Europe's Migrant Strategy Is an Illusion
>>
>> $ feedstail -1 -n5 -f '{title}' -u 
>> http://rss.nytimes.com/services/xml/rss/nyt/World.xml
>> Desperation Mounts in Caribbean Islands: ‘All the Food Is Gone’
>> Mexico Mourns After Quake: ‘We Have No Idea How We Are Going to Rebuild’
>> Rohingya Crisis in Myanmar Is ‘Ethnic Cleansing,’ U.N. Rights Chief Says
>> Need to Catch Up on the German Election? Here’s a Guide
>> U.S. Weakens Resolution on North Korea to Gain Chinese and Russian Support
>>
>> $ feedstail -1 -n5 -f '{title}' -u http://feeds.bbci.co.uk/news/world/rss.xml
>> Hurricane Irma: Florida launches huge relief operation
>> Rohingya crisis: UN sees 'ethnic cleansing' in Myanmar
>> Catalan independence rally: Thousands gather in Barcelona
>> Trump on 9/11 anniversary: "Our nation will endure"
>> Venezuela accuses UN of lying over alleged rights abuses
>>
>> $ feedstail -1 -n5 -f '{title}' -u http://feeds.reuters.com/reuters/worldnews
>> U.N. Security Council to vote Monday on weakened North Korea sanctions: 
>> diplomats
>> Afghanistan will never again be militant sanctuary: U.S. ambassador
>> U.N. rights boss sees possible "crimes against humanity" in Venezuela
>> Russia, Jordan agree to speed de-escalation zone in south Syria
>> U.N. brands Myanmar violence a 'textbook' example of ethnic cleansing
>>
>> $ curl -s 'http://blockchain.info/blocks/?format=json'
>>
>> $ python3 -c 'import sys, json; 
>> print(json.load(sys.stdin)['\''blocks'\''][10]['\''hash'\''])'
>> 

[qubes-users] When transferring file between Qubes, MD5 changes.

[Vít Šesták]

Is it random, or deterministic?

Do you observe any signs of unstable system (e.g., freezes, app crashes, VM 
crashes, system crashes…)? If you do, it might be a faulty RAM.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e90d12e7-5423-4c5a-bb1b-88dc5d4b7cb7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Canary #13

[d5od102]

On Friday, September 29, 2017 at 6:31:15 PM UTC-7, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear Qubes community,
> 
> On 2017-09-12, we published Qubes Canary #13. The text of this canary is
> reproduced below. This canary and its accompanying signatures will always be
> available in the Qubes Security Pack (qubes-secpack).
> 
> View Canary #13 in the qubes-secpack:
> 
> 
> 
> Learn about the qubes-secpack, including how to obtain, verify, and read it:
> 
> 
> 
> View all past canaries:
> 
> 
> 
> ```
> ---===[ Qubes Canary #13 ]===---
> 
> 
> Statements
> - ---
> 
> The Qubes core developers who have digitally signed this file [1]
> state the following:
> 
> 1. The date of issue of this canary is September 12, 2017.
> 
> 2. There have been 33 Qubes Security Bulletins published so far.
> 
> 3. The Qubes Master Signing Key fingerprint is:
> 
> 427F 11FD 0FAA 4B08 0123  F01C DDFA 1A3E 3687 9494
> 
> 4. No warrants have ever been served to us with regard to the Qubes OS
> Project (e.g. to hand out the private signing keys or to introduce
> backdoors).
> 
> 5. We plan to publish the next of these canary statements in the first
> two weeks of December 2017. Special note should be taken if no new canary
> is published by that time or if the list of statements changes without
> plausible explanation.
> 
> Special announcements
> - --
> 
> None.
> 
> Disclaimers and notes
> - --
> 
> We would like to remind you that Qubes OS has been designed under the
> assumption that all relevant infrastructure is permanently
> compromised.  This means that we assume NO trust in any of the servers
> or services which host or provide any Qubes-related data, in
> particular, software updates, source code repositories, and Qubes ISO
> downloads.
> 
> This canary scheme is not infallible. Although signing the declaration
> makes it very difficult for a third party to produce arbitrary
> declarations, it does not prevent them from using force or other
> means, like blackmail or compromising the signers' laptops, to coerce
> us to produce false declarations.
> 
> The news feeds quoted below (Proof of freshness) serves to demonstrate
> that this canary could not have been created prior to the date stated.
> It shows that a series of canaries was not created in advance.
> 
> This declaration is merely a best effort and is provided without any
> guarantee or warranty. It is not legally binding in any way to
> anybody. None of the signers should be ever held legally responsible
> for any of the statements made here.
> 
> Proof of freshness
> - ---
> 
> $ date -R -u
> Mon, 11 Sep 2017 17:54:05 +
> 
> $ feedstail -1 -n5 -f '{title}' -u 
> https://www.spiegel.de/international/index.rss
> A Shrinking Giant: EU Worries Grow over U.S. Economic Chaos
> Iranian Vice President Salehi on Nuclear Deal: 'Our Partners Have More To 
> Lose Than We Do'
> Is Moscow Planning Something?: Germany Prepares for Possible Russian Election 
> Meddling
> Where Dreams Come to Die: Migrant Path in Europe Ends at Brenner Pass
> Stemming the Flow: Why Europe's Migrant Strategy Is an Illusion
> 
> $ feedstail -1 -n5 -f '{title}' -u 
> http://rss.nytimes.com/services/xml/rss/nyt/World.xml
> Desperation Mounts in Caribbean Islands: ‘All the Food Is Gone’
> Mexico Mourns After Quake: ‘We Have No Idea How We Are Going to Rebuild’
> Rohingya Crisis in Myanmar Is ‘Ethnic Cleansing,’ U.N. Rights Chief Says
> Need to Catch Up on the German Election? Here’s a Guide
> U.S. Weakens Resolution on North Korea to Gain Chinese and Russian Support
> 
> $ feedstail -1 -n5 -f '{title}' -u http://feeds.bbci.co.uk/news/world/rss.xml
> Hurricane Irma: Florida launches huge relief operation
> Rohingya crisis: UN sees 'ethnic cleansing' in Myanmar
> Catalan independence rally: Thousands gather in Barcelona
> Trump on 9/11 anniversary: "Our nation will endure"
> Venezuela accuses UN of lying over alleged rights abuses
> 
> $ feedstail -1 -n5 -f '{title}' -u http://feeds.reuters.com/reuters/worldnews
> U.N. Security Council to vote Monday on weakened North Korea sanctions: 
> diplomats
> Afghanistan will never again be militant sanctuary: U.S. ambassador
> U.N. rights boss sees possible "crimes against humanity" in Venezuela
> Russia, Jordan agree to speed de-escalation zone in south Syria
> U.N. brands Myanmar violence a 'textbook' example of ethnic cleansing
> 
> $ curl -s 'http://blockchain.info/blocks/?format=json'
> 
> $ python3 -c 'import sys, json; 
> print(json.load(sys.stdin)['\''blocks'\''][10]['\''hash'\''])'
> 0052fe6212dab65bf03f15711c74c835fd6d42802f8cae51
> 
> Footnotes
> - --
> 
> [1] This file should be signed in two ways: (1) via detached PGP
> 

[qubes-users] Does v4 RC2 get updated?

[Ray Joseph]

Mine is not working, it won't load VMs.

If this replace prior to scheduled release date?

When I go to the download page and click on 'version', focus changes to the 
bottom of the page but I don't find anything about interim releases.

Ray

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30fd2529-13f5-451b-8e06-6e954d6a7539%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How To Fix Libvirt Internal Error

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Nov 16, 2017 at 06:18:00PM -0800, Person wrote:
> Whenever I try to attach an ISO to a VM, I receive an error: “internal error: 
> libxenlight failed to create new domain”.
> 
> I have tried running different commands on Qubes. Disabling AppArmor doesn’t 
> work, and starting xendriverdomain.service doesn’t work, because it’s not 
> even installed. Some suggest getting xen-hvm-stubdom-linux (or they call it 
> vmm-xen-stubdom-linux), but I don’t even know how to get it. I’ve tried 
> downgrading libvirt, but all my packages are already at the lowest possible 
> level. 

First of all - which Qubes version?
Where is the ISO you want to attach - in dom0, or in some other VM?
Also, take a look at /var/log/libvirt/libxl/libxl-driver.log for some
details.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJaDzViAAoJENuP0xzK19csS3QIAJSrgblWy5lE39vIq953IVme
PSvoIbbJpM1y9L5Wl6aRUOLvZGhgG50f1/SFAtOQRrRK15356ABNPCXT0ylvV9wf
HQ1lSVMzUQpj94VsJqgZjSKIDTArDIVkSMuRJh00KNYLm3BOIxwRf9/rQImoKeUZ
sEti40T8+Ck4p7jrbUqo3qFb7wcAdfPO8iC9CcKpX7JQAJ834SJ+RQwybDdU2+eI
49HfqDpF/PpIOgc4BHEF9LmKpRGmxbKCnosy1WFVGzHUAOUc9FgtU6uOiU2obQHm
Q/DgjUvsJF+QZPSYiPeY+zHlPPYIOtAnQKubnXCRvmFybxtujV7KwZpzUkXSk1w=
=oGRC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171117191546.GA3255%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Hope to install the OS on an SSD and /home on a spinning disk

[torontojohnrt]

On Friday, November 17, 2017 at 9:49:00 AM UTC-5, toront...@gmail.com wrote:
> I intend to reinstall 3.2 which is currently running on somewhat undersized 
> SSD. This time I would like to keep most of the semi-static portions of the 
> OS and templates on the SSD for speed and to reduce wear on the SSD and the 
> more dynamic parts on a spinning disk. If this were a conventional Linux 
> distro, I would put /tmp, /var, /home in separate partitions on the spinner 
> and the rest on the SSD. I would tend to put swap on the spinner also because 
> with the amount of memory in this box, I do not expect swap to be used much, 
> if at all and would rather wast space on the disk than the SSD.
> 
> The problem is that the more I think about it, the more convinced I have 
> become that I do not actually understand the file system structure in Qubes 
> OS.
> 
> I have done some keyword searches here but have not found what I need. I 
> would appreciate any pointers as to where I could find this info or if it is 
> compact, a list of what to put where would be great. I am fully comfortable 
> with fdisk so I do not need help with the partitioning itself, unless there 
> is some unusual gotchas in Qubes.
> 
> I think I need to still put /tmp and /Var on the disk but I think I 
> understand that the /home for each of the VMs actually reside in /var but I 
> do not know what is happening with /tmp.
> 
> Thank you in advance.

Thank you Chris. I'll sit down and have a read this weekend.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c56786ae-8478-4e22-8fa2-d6aac9a113fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes4 rc2 - sys-firewall fails at 1st boot

[Chris Laprise]

On 11/17/2017 07:49 AM, 'Grogins' via qubes-users wrote:
Fresh install of Qubes rc2 but cannot start sys-firewall - Getting 
error during dom0 setup as follows: [usr/bin/qvm-start sys-firewall] 
failed stdout stderr Cannot execute qrexec daemon.


I've noticed the same issue reported on github - No 3153 on 8 October 
2017 against Qubes4 rc1


Any solution yet?


A recent update seems to have helped on my system. If you can get 
sys-net working, try updating dom0 with:


sudo qubes-dom0-update --enablerepo=qubes*testing

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a850591b-6b23-7aa0-cec5-4c39a4dcd1d6%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Hope to install the OS on an SSD and /home on a spinning disk

[Chris Laprise]

On 11/17/2017 09:49 AM, torontojoh...@gmail.com wrote:

I intend to reinstall 3.2 which is currently running on somewhat undersized 
SSD. This time I would like to keep most of the semi-static portions of the OS 
and templates on the SSD for speed and to reduce wear on the SSD and the more 
dynamic parts on a spinning disk. If this were a conventional Linux distro, I 
would put /tmp, /var, /home in separate partitions on the spinner and the rest 
on the SSD. I would tend to put swap on the spinner also because with the 
amount of memory in this box, I do not expect swap to be used much, if at all 
and would rather wast space on the disk than the SSD.

The problem is that the more I think about it, the more convinced I have become 
that I do not actually understand the file system structure in Qubes OS.

I have done some keyword searches here but have not found what I need. I would 
appreciate any pointers as to where I could find this info or if it is compact, 
a list of what to put where would be great. I am fully comfortable with fdisk 
so I do not need help with the partitioning itself, unless there is some 
unusual gotchas in Qubes.

I think I need to still put /tmp and /Var on the disk but I think I understand 
that the /home for each of the VMs actually reside in /var but I do not know 
what is happening with /tmp.

Thank you in advance.


These are the two methods for R3.2:

https://www.qubes-os.org/doc/secondary-storage/

https://www.qubes-os.org/doc/storage-pools/

The first uses symlinks for each appVM folder. I'm not sure but I think 
you can symlink the whole appvms folder if you want all appVM storage to 
go to the other drive automatically.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b1b157a-7bc7-184b-d7e1-f3fb21be5e87%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] liklihood of an fx 8350 amd processor working

[taii...@gmx.com]

On 11/17/2017 08:22 AM, Styles Grant wrote:


I did see some evidence of one guy who got a ryzen to work, and another who got 
an a 10 series to work. I'd nab an a 10, but this old fx 8350 is on sale.

What do you think?

It'll work great, unlike the first gen ryzen boards the 
bulldozer/piledriver AMD-Vi actually works.


It is the third best pre-PSP/ME x86-64 CPU and 8 cores will be good for 
many VM's.


I however would consider purchasing a KCMA-D8 if you want to install 
libre firmware, and getting one of the compatible opteron cpu's for it - 
you will want this eventually anyway and you might as well get one 
before they stop selling them.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7cf0f48-acd8-e908-7b77-c099c2b70117%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Hope to install the OS on an SSD and /home on a spinning disk

[torontojohnrt]

I intend to reinstall 3.2 which is currently running on somewhat undersized 
SSD. This time I would like to keep most of the semi-static portions of the OS 
and templates on the SSD for speed and to reduce wear on the SSD and the more 
dynamic parts on a spinning disk. If this were a conventional Linux distro, I 
would put /tmp, /var, /home in separate partitions on the spinner and the rest 
on the SSD. I would tend to put swap on the spinner also because with the 
amount of memory in this box, I do not expect swap to be used much, if at all 
and would rather wast space on the disk than the SSD.

The problem is that the more I think about it, the more convinced I have become 
that I do not actually understand the file system structure in Qubes OS.

I have done some keyword searches here but have not found what I need. I would 
appreciate any pointers as to where I could find this info or if it is compact, 
a list of what to put where would be great. I am fully comfortable with fdisk 
so I do not need help with the partitioning itself, unless there is some 
unusual gotchas in Qubes.

I think I need to still put /tmp and /Var on the disk but I think I understand 
that the /home for each of the VMs actually reside in /var but I do not know 
what is happening with /tmp.

Thank you in advance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a03b37c-2602-4eef-936a-98f72f41d35c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] liklihood of an fx 8350 amd processor working

[Styles Grant]

I did see some evidence of one guy who got a ryzen to work, and another who got 
an a 10 series to work. I'd nab an a 10, but this old fx 8350 is on sale.

What do you think? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bfb6aeb5-f5c7-42d6-80bc-f0dc111dabc7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes4 rc2 - sys-firewall fails at 1st boot

['Grogins' via qubes-users]

Fresh install of Qubes rc2 but cannot start sys-firewall - Getting error during 
dom0 setup as follows: [usr/bin/qvm-start sys-firewall] failed stdout stderr 
Cannot execute qrexec daemon.

I've noticed the same issue reported on github - No 3153 on 8 October 2017 
against Qubes4 rc1

Any solution yet?

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/hCow_uUvRYk4J3_YD57m_BwjlWTzV_5tVSgHCnlFFyER6lAeeaPVnbIpDkCrcPXrnOTvKB7OLZFUlpgojQI1JmxeZswZizRPpsHeIc002cU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dispvms saving its sessions?

[Unman]

On Thu, Nov 16, 2017 at 11:57:44PM -0800, pandakaas...@gmail.com wrote:
> I just saw that in the directory containing my default dvm 
> (/var/lib/qubes/appvms/whonix-ws-ws-dvm/) contains alot of files named like 
> this:
> disp1.conf
> disp2.conf
> disp3.conf
> And it keeps going on for a while, but I cannot seem to discover where they 
> are coming from, since creating new and restarting the dvms does not  solve 
> it.
> Is this normal behavior, or is this some weird configuration issue?
> 

It is normal behaviour - if you don't change the dispVM then I think all
those files will be identical. If you switch around netvm etc then they
will differ according to allocated IP. If you upgrade dispVMTemplate
then they will differ by kernel version.

I use disposableVMs a lot and they tend to build up so I cull them by
hand now and then. 
Probably not intended but harmless, I think.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171117122407.7zj4ig76fvk5oky6%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't make PCI arbitrator less strict

[sebmajerus]

Hi everyone,

Following the documentation there 
(https://www.qubes-os.org/doc/assigning-devices/#possible-issues) I tried to 
make my PCI arbitrator less strict.

When booting the new service "qubes_pre_netvm.service", it fails with the error 
:

"/bin/sh line 0 echo: write error : no peripheral of that type"

Once booted I can see that the file is existing 
(/sys/bus/pci/drivers/pciback/permissive).

Is it possible that at the time the service is started the file system 
concerned is not mounted ?

Have you already had that kind of problem ? Have a solution ?

Thanks !

Sebastien

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb957196-0c27-4f69-bf84-785d99228a9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.