Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]

[Laurent]

Le lundi 20 novembre 2017 19:51:07 UTC+1, awokd a écrit :
> On Mon, November 20, 2017 11:17, Laurent wrote:
> > Hello,
> >
> > I've just installed Qubes OS on my laptop (Dell Precision 5510) and I'm
> > not able to use my PCI Network card :
> >
> > lspci (on Dom0) return
> > 03:00.0 Unassigned class [ff00]: Realtek Semiconductor CO., Ltd.  RTS525A
> > PCI Express Card reader (rev01)
> 
> 03:00.0 Unassigned class [ff00]: Realtek Semiconductor CO., Ltd.  RTS525A
> PCI Express Card reader (rev01) is an SD card reader, not a network card.
> Can you provide the full output of lspci?

Oups !!! Sorry for this mistake ..

Here is the output of lspci :
00:00.0 Host bridge: Intel Corporation Skylake Host Bridge/DRAM Registers (rev 
07)
00:01.0 PCI bridge: Intel Corporation Skylake PCIe Controller (x16) (rev 07)
00:02.0 VGA compatible controller: Intel Corporation HD Graphics 530 (rev 06)
00:04.0 Signal processing controller: Intel Corporation Skylake Processor 
Thermal Subsystem (rev 07)
00:14.0 USB controller: Intel Corporation Sunrise Point-H USB 3.0 xHCI 
Controller (rev 31)
00:14.2 Signal processing controller: Intel Corporation Sunrise Point-H Thermal 
subsystem (rev 31)
00:15.0 Signal processing controller: Intel Corporation Sunrise Point-H Serial 
IO I2C Controller #0 (rev 31)
00:15.1 Signal processing controller: Intel Corporation Sunrise Point-H Serial 
IO I2C Controller #1 (rev 31)
00:16.0 Communication controller: Intel Corporation Sunrise Point-H CSME HECI 
#1 (rev 31)
00:17.0 SATA controller: Intel Corporation Sunrise Point-H SATA controller 
[AHCI mode] (rev 31)
00:1c.0 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #1 
(rev f1)
00:1c.1 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #2 
(rev f1)
00:1d.0 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #9 
(rev f1)
00:1d.4 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #13 
(rev f1)
00:1d.6 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #15 
(rev f1)
00:1f.0 ISA bridge: Intel Corporation Sunrise Point-H LPC Controller (rev 31)
00:1f.2 Memory controller: Intel Corporation Sunrise Point-H PMC (rev 31)
00:1f.3 Audio device: Intel Corporation Sunrise Point-H HD Audio (rev 31)
00:1f.4 SMBus: Intel Corporation Sunrise Point-H SMBus (rev 31)
01:00.0 3D controller: NVIDIA Corporation GM107GLM [Quadro M1000M] (rev a2)
02:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a)
03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS525A PCI 
Express Card Reader (rev 01)
04:00.0 Non-Volatile memory controller: Toshiba America Info Systems Device 
010f (rev 01)

Rgds.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2aeca3e1-caae-46bc-a2ca-9266c5b4bc4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Help? Support?

['zyl stra' via qubes-users]

There is no Help or Support link in either the top or bottom menu of the Qubes 
website.  How are potential users/contributors supposed to receive help from 
the Qubes community, or is there none?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84c7207b-6caa-419c-a3a9-1f0746362547%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: While updating Debian

[elsiebuck105]

apt-get clean took care of the problem! Thank you very much.

Cheers,
Elsie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a0b9dc6-a603-4496-b24e-887d78b7281e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Whonix update error in Qubes 3.2, release file expired

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-11-20 13:07, Eric Duncan wrote:
> On Monday, November 20, 2017 at 12:39:58 PM UTC-5, Unman wrote:
>> On Mon, Nov 20, 2017 at 09:04:35AM -0800, Eric Duncan wrote:
>>> On Monday, November 20, 2017 at 11:55:35 AM UTC-5, Adrian Rocha wrote:
 Hi,

 When I try to update my Whonix gateway I have the following error:

 user@host:~$ sudo apt-get update 
 Hit http://deb.whonix.org jessie InRelease 
 
 Hit http://deb.qubes-os.org jessie InRelease   
 
 E: Release file for http://deb.whonix.org/dists/jessie/InRelease is 
 expired (invalid since 4h 5min 45s). Updates for this repository will not 
 be applied.
 user@host:~$

 I tried to clean the cache, change the URL protocol to https, but the 
 error continues. Any ideas?
>>>
>>> Yeah, i was just about to post this as well.  
>>>
>>> I think Whonix needs to update the file?  As it looks like it was created 
>>> 30 days ago.
>>>
>>> Looking at the file, it shows this:
>>>
>>> -BEGIN PGP SIGNED MESSAGE-
>>> Hash: SHA512
>>>
>>> Origin: whonix
>>> Label: Whonix
>>> Codename: jessie
>>> Date: Fri, 20 Oct 2017 12:41:17 UTC
>>> Valid-Until: Mon, 20 Nov 2017 12:41:17 UTC
>>> Architectures: amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 
>>> kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64el s390x sparc
>>> Components: main
>>> Description: Whonix jessie APT Repository
>>>
>> You're right Eric.
>> It's on the server side.
>> ccing Patrick in case he isnt aware.
> 
> Here's who last signed the file list:
> 
> :signature packet: algo 1, keyid CB8D50BB77BB3C48
>   version 4, created 1508503277, md5len 0, sigclass 0x01
>   digest algo 10, begin of digest bf 10
>   hashed subpkt 33 len 21 (issuer fpr v4 
> 6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48)
>   hashed subpkt 2 len 4 (sig created 2017-10-20)
>   hashed subpkt 20 len 94 (notation: 
> issuer-...@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48)
>   subpkt 16 len 8 (issuer key ID CB8D50BB77BB3C48)
>   data: [4092 bits]
> 

Tracking: https://github.com/QubesOS/qubes-issues/issues/3323

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaE4YzAAoJENtN07w5UDAwutEP/Rk8YAtb1iCp6CEaOrswSOmS
cgi6Iiv2BBgUTMSeQJ+rx5kvZBpyHEQzknUduCyxToKVDOMwyMJzPYM+TYyvDjSo
ne2tQoiwVo1JpO58Ruwg2f4FzW0ttI+uzGVqMrrU6yOViPRhBIQodA1DAypAPZZ/
gIuKh9qIUF9SfewOqD+3BnzwuoMz4Kdtx4juJqiSp4/LsCN9Mu7af8xLkc4RT/wQ
Jgh/u2AA07gxbKVrE07RQnJMNPJp/jhjVAcU0AR5ivQNxraY65AjbO/8oectRdSK
IHrxIG39o3bPqOzTjqzpfv4//GkFTunNuMO/0zLz3OJmwjEgGXChgn5PVKZoFI0W
jCZUx3LuBd+Xpd6WCmRNMKK/pv6Z3cXO6E5JLzCoOZDg4a96NEUK3ygfDU5/hrgM
lZZ2RG0+/j/Aj+0TrLHWFONLoMsRR45ciTTnbTVeYpETTVLZAomEpQWN9GcL0bg7
Dp+4/lGJmJ9E97uQSK5N9l3kVgxMhkOb1w7OWo9ZIPENxXhqlmfN3XZEzQ6HCTXe
XNo3s3+Nv+d4RKjX7kWqHRS7QMjRpOeW3h9k++gDJ6RR+XFVkkix0a1x2MGjuk8v
qDOUOm6JrarvEgOSqh0b2RCwa/6aeZPO4zB7TlZ2L2Whlj/42HwF5PzQZVV1ck17
aA2w3J9oV/ECyw6ZNdVq
=BlYS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7fe29af0-17ae-e117-011e-e75759c976a1%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[Jean-Philippe Ouellet]

On Mon, Nov 20, 2017 at 6:04 PM, taii...@gmx.com  wrote:
> On 11/20/2017 04:36 AM, Jean-Philippe Ouellet wrote:
>
>> That statement is demonstrably false. For example, we don't filter
>> CPUID vendor IDs in either mode.
>
> How come?

See discussion at https://github.com/QubesOS/qubes-issues/issues/1142

> I didn't know you were a dev :0

Eh, I'm not really, I just spend some free time working on things that
are either interesting or that bother me :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_Cv9BKo0G4sxqXMNqgQZw5GRGPj5PDWvW9WjykSx_RptQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[Jean-Philippe Ouellet]

On Mon, Nov 20, 2017 at 5:59 PM, taii...@gmx.com  wrote:
> On 11/19/2017 07:17 PM, riggedegg...@gmail.com wrote:
>
> Does this hold any water? Does the switch from paravirtualization to
> HVM/SLAT degrade privacy by allowing easier hardware fingerprinting?
>
> It holds no water.
>
> There is no such thing as "hardware fingerprinting"

Then what do you call checking e.g. clock drift, disk bandwidth, etc.?

> what is usually done
> for DRM or w/e is simply reading the model names and serial numbers of
> hardware installed - nothing truly "magic".
>
> You can easily change what is displayed in lscpu for example no matter if
> you are using HVM or software virt.
> In any virt system the graphics device name isn't displayed in the VM nor
> your total amount of RAM or serial numbers of drives.
>
> Self proclaimed experts on reddit who mention something provocative but
> provide no technical information almost always have no idea what they are
> talking about.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_AuzkWZrpbay0NYSqyPGFST7Hfgo1k4wPZx3TPC7rjQoA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[taii...@gmx.com]

On 11/20/2017 04:36 AM, Jean-Philippe Ouellet wrote:


That statement is demonstrably false. For example, we don't filter
CPUID vendor IDs in either mode.

How come?
I didn't know you were a dev :0

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa07d54f-b160-843c-326f-7e9d3a46721e%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[taii...@gmx.com]

On 11/19/2017 07:17 PM, riggedegg...@gmail.com wrote:


Does this hold any water? Does the switch from paravirtualization to HVM/SLAT 
degrade privacy by allowing easier hardware fingerprinting?

It holds no water.

There is no such thing as "hardware fingerprinting" - what is usually 
done for DRM or w/e is simply reading the model names and serial numbers 
of hardware installed - nothing truly "magic".


You can easily change what is displayed in lscpu for example no matter 
if you are using HVM or software virt.
In any virt system the graphics device name isn't displayed in the VM 
nor your total amount of RAM or serial numbers of drives.


Self proclaimed experts on reddit who mention something provocative but 
provide no technical information almost always have no idea what they 
are talking about.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f5196bf-3a86-cf47-c5c5-d8eb119673c6%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How To Fix Libvirt Internal Error

[Person]

What does the text in the error log mean?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb70d70f-33d4-4666-b67b-a9a5bf125cda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] While updating Debian

[Unman]

On Mon, Nov 20, 2017 at 01:14:09PM -0800, elsiebuck...@gmail.com wrote:
> While updating Debian, I got "you don't have enough free space in 
> /var/cache/apt/archives/."
> 
> I came up empty handed while doing a search here. Can someone post a link? 
> I'm sure it's been covered before.
> 
> Thanks in advanced.
> 
> Elsie
> 

Well it suggest you are seriously out of space - what 'does df -h' show?
You may be able to clear some space by 'apt-get clean' which will delete
all cached package files.
Or (If you've overloaded the template filesystem) you could allocate
more disk space than the default 10G.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171120220314.humsr6mzhxcoa2pm%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] While updating Debian

[elsiebuck105]

While updating Debian, I got "you don't have enough free space in 
/var/cache/apt/archives/."

I came up empty handed while doing a search here. Can someone post a link? I'm 
sure it's been covered before.

Thanks in advanced.

Elsie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/baed85e7-0612-48e9-a969-b074f92286e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] A lot of trouble with qubes 4.0 rc2

[Chris Laprise]

On 11/20/2017 12:16 PM, Bernhard wrote:

Hello,

I jumped into cold water and have a fresh install of 4.0rc2. It seems
almost completely disfunctional at this stage. Problems are:

1) starting (larger) appvms result in a systematic qrexec-daemon error.
First I thought this would be debian specific, but it is not. I have 16G
ram, and try to start a single f25 based appvm ...I read some people
suggesting to install  xen-hvm-stubdom-linux 2001:4.8.2-10.fc25  -- I
tried this, but no notable change (after coldboot). I tested if HVM / PV
could help. Quick answer: No.


If possible, you should try doing a full update with testing release:

qubes-dom0-update --enablerepo=qubes*testing


2) I created a large (150G) personal appvm. The "max system storage" is
still 10G and I don't see how/where this could be changed.   When
playing back backups, the fs is de facto limited to these 10G - so rsync
fails at some stage;  from this moment on reboots fail as well (with
qrexec-error). journalctl gives no help (the journal keeps silent while
launching "qvm-start personal" in the neighbour terminal).


System storage (the template) is different than private storage, and I 
believe its the latter you should be concerned about. Not sure just how 
you are using rsync... a lot depends on what your source and target are.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dfd31e77-e652-e052-22d3-de06c8e26312%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[Chris Laprise]

On 11/20/2017 02:22 PM, riggedegg...@gmail.com wrote:

Cheers, Jean-Philippe! Thanks for the reply.

Would you be able to point me in the direction of any unique privacy-specific 
functions Qubes OS allows me to take advantage of (other than obvious stuff 
like Whonix)? Is there anything of that sort?

Thanks again!



One thing that is a bit similar to Whonix in terms of privacy is the VPN 
clients can be configured on Qubes. With a dedicated VPN VM, leaks 
around the VPN tunnel can be prevented much better than on a regular OS. 
There is a VPN guide in the Qubes docs site.


Overall, what makes Qubes great for privacy is that privacy is best 
implemented on top of strong security.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/912a67d1-e192-e00e-bd13-c31eedd5b1fd%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?

[Chris Laprise]

On 11/19/2017 07:55 PM, vel...@tutamail.com wrote:

On Sunday, November 19, 2017 at 4:03:44 PM UTC-6, Chris Laprise wrote:

On 11/19/2017 01:48 PM, v wrote:

I have been using Qubes 3.2 for about 5 months and love it...thank you all who 
have contributed!

I am a noobie so be gentle...I am also by no means an expert at Linux however I 
have been forced to learn quick.

I managed to upgrade my Fedora template to 25 and have most of my VMs running 
on Fedora25 except for the default Debian8(Which I have reinstalled since my 
initial Qubes installation), my Whonix WS and GW are also defaults. I have also 
periodically upgraded these templates.

I have some basic questions I am hoping I can get some help with:

1) It seems that alot of the experts use Debian as thier working VMs(Personal, 
Work, Banking, etc...) and have Fedora as the sys-firewall, sys-net, etc...is 
it more secure to use Debian in this way? Am I just as secure as using Fedora 
for my working VMs? I would have to think hacking Xen, then Fedora, then Debian 
would be harder...

There are three issues that stand out for me:

* Fedora is the only distro I've seen that doesn't sign their repository
manifest. The idea is if you want full security for updates you pay $$$
for RHEL (Red Hat controls the Fedora project).

* Fedora releases expire (stop getting security updates) after a
relatively short period (again, idea is pay $$$ to Red Hat for long-term
updates).

* Fedora repositories are pretty sparse compared to the software
available in Debian and Ubuntu.

These are the main reasons I choose to use Debian over Fedora. Debian
templates also work great for sys-net and firewall/VPN.



2) I have been able to copy/move files from Fedora VMs to other Fedora VMs but I have struggled to try and copy/move 
files from Debian(or Whonix-ws) to Fedora? Fedora has the "File" option from my "Q" menu(top 
right), when I am in the files I can right click and "Copy to Other AppVM" or "Open in DispVM". How 
do I access Debians version?

The debian-8 template is close to a 'minimal' release and comes without
a file browser. You can copy from the terminal with the 'qvm-copy-to-vm'
command, or install a supported file browser (the one used in Fedora
template is nautilus).

When installing nautilus, remember that its meant to work in concert
with the rest of Gnome... it may not work right if you install it by
specifying 'nautilus' (also you will have to install the python-gtk2
package separately). The easiest way to get this working like it does in
Fedora is to run 'sudo tasksel' and select the Gnome desktop for
installation.

--

Chris Laprise,
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Thank you Chris...instead of asking a myriad of follow up questions, do you or anybody 
else have some good resources for detailed "how tos" on how to configure the 
Debian Template for the laymans use?


A good start is to clone your Debian template, then upgrade to Debian 9 
and finally doing the 'tasksel' for Gnome desktop (in that order). That 
will give you current Debian packages, most GUI tools and also good 
audio/video support.


The upgrade instructions for Debian template are here:

https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/

FYI, Qubes R4 has a pre-made Debian 9 template (just needs a simple 
workaround for issue #2913).



I managed to get LibreOffice loaded but my wish list would be an up-to-date 
Firefox, Nautilus(file manager) and what ever is required to get my wireless 
working with sys-net?


For wifi, you may have to install a firmware package. For example with 
Intel wifi you can 'apt-get install firmware-iwlwifi'. Of course, Debian 
9 should have newer drivers available than 8.



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ed6a17f-1011-487b-90b6-b3004daa9b00%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes 4.0rc2 install on corebooted Lenovo G505s (AMD)

[awokd]

On Sun, November 19, 2017 17:13, taii...@gmx.com wrote:

> IR is an additional security and performance measure, it is supported in
> the firmware so I don't understand as to why it isn't present. I would
> say that is a xen issue.

This turned out to be a known bug but believe it's cosmetic only:
https://github.com/QubesOS/qubes-issues/issues/3208

> I would install qubes on different hardware on the same drive then swap
> the drive back so we can get a better shell and see what is happening.

Did this. Good news is my daily driver is going to work once I'm ready to
upgrade it to 4.0.

Bad news- Pulled the drive and put it back in the G505s. Successfully
booted once to the desktop because the NetVM still had the other machine's
NICs assigned to it which prevented it from starting. I "fixed" it by
assigning the G505s's wireless NIC to it and setting Autostart to No, but
starting the VM caused the hard lock again. Rebooted but now it's hard
locking up shortly after entering the disk password. Suppose it's trying
to autostart the NetVM anyways due to a time sync dependency or something.

I can boot Debian on the same machine from a USB drive and hopefully get
the right Qubes partition mounted so I'm going to try to figure out some
way to break the NetVM template again in qubes.xml. Then I should be able
to get back to the desktop again.

PS I tried to email you off-list but Barracuda bounced me with a bad
reputation. Anyways, your offer to assist is much appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1e5faaf3e3a96f6304cab210a5fb198%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qvm-usb not functioning

[awokd]

On Mon, November 20, 2017 02:32, Drew White wrote:
> Hi folks, sys-usb still isn't functioning and allowing me to attach a
> device.
>
> help please?


Managed to find your thread from a couple months ago. What happened when
you tried Foppe's suggestion of:

>Ran into this a couple of months ago. Rafael Susewind's fix:
>start the template for sys-usb, or in dom0: edit
>/usr/lib/qubes/udev-usb-add-change and add
>
>ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`
>
>immediately before
>
>DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea4c20eb7214da90a227c39e63f664e0%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[Alex]

Cheers, Jean-Philippe! Thanks for the reply.

Would you be able to point me in the direction of any unique privacy-specific 
functions Qubes OS allows me to take advantage of (other than obvious stuff 
like Whonix)? Is there anything of that sort?

Thanks again!

Qubes OS's main focus is security, not privacy: since Qubes OS is an 
operating system it is, architecturally, infrastructure, and 
infrastructure does not directly provide privacy.


Privacy is a feature of behaviour and services, not infrastructure; 
that's why any User can keep a privacy-oriented behaviour (e.g. by using 
pseudonyms, wearing masks, or even taking part in a theatrical play: if 
actors are not named, you only know the character) and/or use privacy 
friendly services (e.g. that don't keep logs or don't force specific 
types of identities, or that actively mix network traffic to avoid 
correlation).


In this context you should understand that Qubes OS or Whonix are 
neither services nor behaviours, and that's why you can use Whonix 
without any privacy (just log in to Facebook and post as yourself, or 
record a vlog post on Youtube).


Infrastructure, like Whonix and Qubes, may ease privacy by configuring 
software (e.g. to run over TOR) or preventing the circumvention of 
behaviours (e.g. avoid tracking network traffic), but they don't provide 
privacy by themselves.


Same goes for anonymity, which (imho, but that's a pretty big 
digression) is a specific type of privacy.


Please look at the switch away from paravirtualization from a technical 
point of view, and only when the infrastructural implications are clear 
then you can take into account the impact (if any) for privacy-enabling 
behaviours and services.


--
Alex

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f892aa3c-5be1-5925-8501-ab30d5bfc6ff%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?

[awokd]

On Mon, November 20, 2017 00:55, vel...@tutamail.com wrote:
> On Sunday, November 19, 2017 at 4:03:44 PM UTC-6, Chris Laprise wrote:
>> When installing nautilus, remember that its meant to work in concert
>> with the rest of Gnome... it may not work right if you install it by
>> specifying 'nautilus' (also you will have to install the python-gtk2
>> package separately). The easiest way to get this working like it does in
>> Fedora is to run 'sudo tasksel' and select the Gnome desktop for
>> installation.

>
> Thank you Chris...instead of asking a myriad of follow up questions, do
> you or anybody else have some good resources for detailed "how tos" on how
> to configure the Debian Template for the laymans use?
>
> I managed to get LibreOffice loaded but my wish list would be an
> up-to-date Firefox, Nautilus(file manager) and what ever is required to
> get my wireless working with sys-net?
>
> I tried changing sys-net to Debian and my wireless wouldn't turn
> on(Couldn't find the option in my network icon in the top right of my
> screen).

I'm not aware of a detailed "how to" anywhere, unfortunately.

First of all, see if a Debian Stretch template is available with "sudo
qubes-dom0-update qubes-template-debian-9" in dom0 terminal. Use that
instead if it's available and see if it works better. Debian Jessie will
be going away eventually.

Next, do these from your TemplateVM, not an AppVM:
- Like Chris said, "run 'sudo tasksel' and select the Gnome desktop for
installation." This should get you Nautilus.
- Firefox would be "sudo apt install firefox".
- For your wireless, look in the NetVM (extra firmware) section here and
follow the instructions, except use "apt" instead of "dnf" on Debian:
https://www.qubes-os.org/doc/templates/fedora-minimal . You may also need
to install some of the packages listed in the NetVM section on the same
link, again using apt instead of dnf.





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2823f7475094538b270713fa26d71a50%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[riggedeggcam]

Cheers, Jean-Philippe! Thanks for the reply. 

Would you be able to point me in the direction of any unique privacy-specific 
functions Qubes OS allows me to take advantage of (other than obvious stuff 
like Whonix)? Is there anything of that sort? 

Thanks again!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ce35f3d7-9c7a-4a5f-b8ff-b9d93fbe9365%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes 4.0rc2 - debian appvm fails with qrexec-daemon message

[awokd]

On Mon, November 20, 2017 12:13, Bernhard wrote:
> Hello,
> with your nice help I happily installed Q4.0rc2.  Then I created a bunch
> of debian-8 based appvm's, to copy my data back from the backup. But
> they don't start, finishing with "Cannot execute qrexec-daemon" error. I
> hate that error : no clue where it comes from.   Any hints? Thank you!
> Bernhard

Check
https://github.com/QubesOS/qubes-issues/issues/3187#issuecomment-340440288
and the rest of this thread for other ideas:
https://mail-archive.com/qubes-users@googlegroups.com/msg16026.html



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f24f34a575e0cefaef625381412ffa14%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Whonix update error in Qubes 3.2, release file expired

[Eric Duncan]

On Monday, November 20, 2017 at 12:39:58 PM UTC-5, Unman wrote:
> On Mon, Nov 20, 2017 at 09:04:35AM -0800, Eric Duncan wrote:
> > On Monday, November 20, 2017 at 11:55:35 AM UTC-5, Adrian Rocha wrote:
> > > Hi,
> > > 
> > > When I try to update my Whonix gateway I have the following error:
> > > 
> > > user@host:~$ sudo apt-get update 
> > > Hit http://deb.whonix.org jessie InRelease
> > >  
> > > Hit http://deb.qubes-os.org jessie InRelease  
> > >  
> > > E: Release file for http://deb.whonix.org/dists/jessie/InRelease is 
> > > expired (invalid since 4h 5min 45s). Updates for this repository will not 
> > > be applied.
> > > user@host:~$
> > > 
> > > I tried to clean the cache, change the URL protocol to https, but the 
> > > error continues. Any ideas?
> > 
> > Yeah, i was just about to post this as well.  
> > 
> > I think Whonix needs to update the file?  As it looks like it was created 
> > 30 days ago.
> > 
> > Looking at the file, it shows this:
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > Origin: whonix
> > Label: Whonix
> > Codename: jessie
> > Date: Fri, 20 Oct 2017 12:41:17 UTC
> > Valid-Until: Mon, 20 Nov 2017 12:41:17 UTC
> > Architectures: amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 
> > kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64el s390x sparc
> > Components: main
> > Description: Whonix jessie APT Repository
> > 
> You're right Eric.
> It's on the server side.
> ccing Patrick in case he isnt aware.

Here's who last signed the file list:

:signature packet: algo 1, keyid CB8D50BB77BB3C48
version 4, created 1508503277, md5len 0, sigclass 0x01
digest algo 10, begin of digest bf 10
hashed subpkt 33 len 21 (issuer fpr v4 
6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48)
hashed subpkt 2 len 4 (sig created 2017-10-20)
hashed subpkt 20 len 94 (notation: 
issuer-...@notations.openpgp.fifthhorseman.net=6E979B28A6F37C43BE30AFA1CB8D50BB77BB3C48)
subpkt 16 len 8 (issuer key ID CB8D50BB77BB3C48)
data: [4092 bits]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d128c56-12d8-48c1-845f-2e2495daf66e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

[awokd]

On Mon, November 20, 2017 10:01, pr0xy wrote:
> Please help a somewhat noob who wants to use Qubes in the office.
>
> I got the OK to try using Qubes R3.2 in my company network as a
> workstation. They have a very restrictive proxy that forces all traffic
> through an HTTP/HTTPS proxy like:
>
> proxy.example.com:8080
>
> How could I force all Qubes traffic to go through that proxy and that
> port?
>
> Would that be in sys-net, or a Firewall VM?

Check https://www.qubes-os.org/doc/vpn/ . Ignore the parts about VPN setup
but you should be able to set up your proxy redirect in the Proxy VM. I'm
assuming local traffic like DNS lookups would not go through the proxy.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1262784e42013589d71eb7028916a94a%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Whonix update error in Qubes 3.2, release file expired

[Unman]

On Mon, Nov 20, 2017 at 09:04:35AM -0800, Eric Duncan wrote:
> On Monday, November 20, 2017 at 11:55:35 AM UTC-5, Adrian Rocha wrote:
> > Hi,
> > 
> > When I try to update my Whonix gateway I have the following error:
> > 
> > user@host:~$ sudo apt-get update 
> > Hit http://deb.whonix.org jessie InRelease  
> >
> > Hit http://deb.qubes-os.org jessie InRelease
> >
> > E: Release file for http://deb.whonix.org/dists/jessie/InRelease is expired 
> > (invalid since 4h 5min 45s). Updates for this repository will not be 
> > applied.
> > user@host:~$
> > 
> > I tried to clean the cache, change the URL protocol to https, but the error 
> > continues. Any ideas?
> 
> Yeah, i was just about to post this as well.  
> 
> I think Whonix needs to update the file?  As it looks like it was created 30 
> days ago.
> 
> Looking at the file, it shows this:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Origin: whonix
> Label: Whonix
> Codename: jessie
> Date: Fri, 20 Oct 2017 12:41:17 UTC
> Valid-Until: Mon, 20 Nov 2017 12:41:17 UTC
> Architectures: amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 
> kfreebsd-amd64 kfreebsd-i386 mips mipsel powerpc ppc64el s390x sparc
> Components: main
> Description: Whonix jessie APT Repository
> 
You're right Eric.
It's on the server side.
ccing Patrick in case he isnt aware.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171120173952.ardwhxocn4h3ju7p%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] A lot of trouble with qubes 4.0 rc2

[Bernhard]

Hello,

I jumped into cold water and have a fresh install of 4.0rc2. It seems
almost completely disfunctional at this stage. Problems are:

1) starting (larger) appvms result in a systematic qrexec-daemon error.
First I thought this would be debian specific, but it is not. I have 16G
ram, and try to start a single f25 based appvm ...I read some people
suggesting to install  xen-hvm-stubdom-linux 2001:4.8.2-10.fc25  -- I
tried this, but no notable change (after coldboot). I tested if HVM / PV
could help. Quick answer: No.

2) I created a large (150G) personal appvm. The "max system storage" is
still 10G and I don't see how/where this could be changed.   When
playing back backups, the fs is de facto limited to these 10G - so rsync
fails at some stage;  from this moment on reboots fail as well (with
qrexec-error). journalctl gives no help (the journal keeps silent while
launching "qvm-start personal" in the neighbour terminal).

I hope I can get some help here, since I will have to reinstall 3.2
otherwise :(

Thank you, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b92699b1-688b-3384-c063-babe6eb41bc2%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Whonix update error in Qubes 3.2, release file expired

[Eric Duncan]

On Monday, November 20, 2017 at 11:55:35 AM UTC-5, Adrian Rocha wrote:
> Hi,
> 
> When I try to update my Whonix gateway I have the following error:
> 
> user@host:~$ sudo apt-get update 
> Hit http://deb.whonix.org jessie InRelease
>  
> Hit http://deb.qubes-os.org jessie InRelease  
>  
> E: Release file for http://deb.whonix.org/dists/jessie/InRelease is expired 
> (invalid since 4h 5min 45s). Updates for this repository will not be applied.
> user@host:~$
> 
> I tried to clean the cache, change the URL protocol to https, but the error 
> continues. Any ideas?

Yeah, i was just about to post this as well.  

I think Whonix needs to update the file?  As it looks like it was created 30 
days ago.

Looking at the file, it shows this:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Origin: whonix
Label: Whonix
Codename: jessie
Date: Fri, 20 Oct 2017 12:41:17 UTC
Valid-Until: Mon, 20 Nov 2017 12:41:17 UTC
Architectures: amd64 arm64 armel armhf hurd-i386 hurd-amd64 i386 kfreebsd-amd64 
kfreebsd-i386 mips mipsel powerpc ppc64el s390x sparc
Components: main
Description: Whonix jessie APT Repository

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d45673e-8091-4026-a0e9-145819153661%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Whonix update error in Qubes 3.2, release file expired

[Adrian Rocha]

Hi,

When I try to update my Whonix gateway I have the following error:

user@host:~$ sudo apt-get update 
Hit http://deb.whonix.org jessie InRelease 
Hit http://deb.qubes-os.org jessie InRelease   
E: Release file for http://deb.whonix.org/dists/jessie/InRelease is expired 
(invalid since 4h 5min 45s). Updates for this repository will not be applied.
user@host:~$

I tried to clean the cache, change the URL protocol to https, but the error 
continues. Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db4f84a7-487c-4ce2-8f4a-8b102e4b520c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes 4.0rc2 - debian appvm fails with qrexec-daemon message

[Bernhard]

Hello,
with your nice help I happily installed Q4.0rc2.  Then I created a bunch
of debian-8 based appvm's, to copy my data back from the backup. But
they don't start, finishing with "Cannot execute qrexec-daemon" error. I
hate that error : no clue where it comes from.   Any hints? Thank you!
Bernhard


P.S: First, I thought that this is the annoying but harmless
"after-tempate-change-xfce-menu-messy"  bug (which forces to go to VM
settings, remove all Applications, save, go there again, put them back &
save again to get all symlinks right). But the problem is somewhere else.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2af9d708-912a-a7b6-09e8-d510f4bdfda8%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]

[Laurent]

Hello,

I've just installed Qubes OS on my laptop (Dell Precision 5510) and I'm not 
able to use my PCI Network card : 

lspci (on Dom0) return
03:00.0 Unassigned class [ff00]: Realtek Semiconductor CO., Ltd.  RTS525A PCI 
Express Card reader (rev01)


I tried to add this device to my sys-net


[user@sys-net ~]$ sudo lspci -v
00:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a)
Subsystem: Intel Corporation Device 0050
Flags: bus master, fast devsel, latency 0, IRQ 29, NUMA node 0
Memory at ddc0 (64-bit, non-prefetchable) [size=8K]
Capabilities: [c8] Power Management version 3
Capabilities: [d0] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [40] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Device Serial Number e4-a4-71-ff-ff-13-92-e1
Capabilities: [14c] Latency Tolerance Reporting
Capabilities: [154] L1 PM Substates
Kernel driver in use: iwlwifi
Kernel modules: iwlwifi
00:01.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTS525A PCI 
Express Card Reader (rev 01)
Subsystem: Dell Device 06e5
Flags: bus master, fast devsel, latency 0, IRQ 27, NUMA node 0
Memory at dd10 (32-bit, non-prefetchable) [size=4K]
Capabilities: [80] Power Management version 3
Capabilities: [90] MSI: Enable+ Count=1/1 Maskable- 64bit+
Capabilities: [b0] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [148] Device Serial Number 00-00-00-01-00-4c-e0-00
Capabilities: [158] Latency Tolerance Reporting
Capabilities: [160] L1 PM Substates
Kernel driver in use: rtsx_pci
Kernel modules: rtsx_pci




[user@sys-net ~]$ ifconfig 
lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1  (Local Loopback)
RX packets 52  bytes 5084 (4.9 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 52  bytes 5084 (4.9 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vif21.0: flags=4163  mtu 1500
inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
inet6 fe80::fcff::feff:  prefixlen 64  scopeid 0x20
ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
RX packets 1616  bytes 274265 (267.8 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 2378  bytes 1535955 (1.4 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s0: flags=4163  mtu 1500
inet 192.168.13.105  netmask 255.255.255.0  broadcast 192.168.13.255
inet6 fe80::e6a4:71ff:fe13:92e1  prefixlen 64  scopeid 0x20
ether e4:a4:71:13:92:e1  txqueuelen 1000  (Ethernet)
RX packets 2385  bytes 1541585 (1.4 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 1668  bytes 348099 (339.9 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



Thanks in advance.
L.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a37e7523-184f-4d98-ba38-c2523115f4fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes in a corporate network behind HTTP proxy

[pr0xy]

Please help a somewhat noob who wants to use Qubes in the office.

I got the OK to try using Qubes R3.2 in my company network as a
workstation. They have a very restrictive proxy that forces all traffic
through an HTTP/HTTPS proxy like:

proxy.example.com:8080

How could I force all Qubes traffic to go through that proxy and that
port?

Would that be in sys-net, or a Firewall VM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d2788c287b252827a8a98f13cd393c6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Possible privacy concerns with Qubes 4 and the transition away from paravirtualization?

[Jean-Philippe Ouellet]

On Sun, Nov 19, 2017 at 7:17 PM,   wrote:
> Here's one such comment, taken from an r/privacy Reddit thread.
>
> "[...]paravirtualization makes hardware profiling impossible unless an 
> exploit is found to defeat it."

That statement is demonstrably false. For example, we don't filter
CPUID vendor IDs in either mode.

https://xkcd.com/386/

Cheers,
Jean-Philippe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_BT4ZGKZejThqir%3D_HbjupGbfr-GipJke2n2gmbeush_Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Migrating data from R3 to R4 without making a backup

[Jean-Philippe Ouellet]

Hello,

I've written a script [1] to import VMs directly from a Qubes R3 hard
drive into a Qubes R4 machine without needing to make a backup first.

I would definitely recommend making a full backup on R3 and restore on
R4 instead of using this. I just figured I'd share in case anybody
else is unable to make a backup for whatever reason (e.g. [2]) but
really must migrate data anyway.

Unfortunately the script is a mess and probably difficult to audit. I
didn't have time to write something nice suitable for upstreaming, I
just had to get my data migrated. Of course, you should never run
giant messes of code in dom0 that you get from random people on the
mailing list (including me)! If it breaks you get to keep both pieces
;)

Cheers,
Jean-Philippe

[1]: https://github.com/jpouellet/qubes-r3-importer
[2]: https://github.com/QubesOS/qubes-issues/issues/1588

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_CaDOkriioyVF-FjvvuhujV5EDTTDQvqDGDv2_xYaBKsg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: R3.2 Upgrading Fedora 25 --> 26 templates - PulseAudio issue

[fepitre]

Le dimanche 19 novembre 2017 22:51:10 UTC+1, Gaijin a écrit :
> On 2017-11-19 11:53, Frédéric Pierret wrote:
> > For pulseaudio issue in Fedora 26, you need to enable the
> > current-testing to update the qubes-gui-agent-linux for which the spec
> > has been updated (see
> > https://github.com/fepitre/qubes-gui-agent-linux/commit/251f5a4be505d6a268fd16bf15e33d9957c36b49).
> > Also, if you want, you can build the Fedora 26 for R3.2 and soon
> > Fedora 27 (see my post
> > https://groups.google.com/d/msg/qubes-devel/MLjj0RNYTe8/H-85bI8cBQAJ).
> > 
> > Do not hesitate to check what happen on the qubes-devel list notably
> > for such problem related to newer version of Fedora.
> 
> I see the documentation to enable current-testing in the VM
> https://www.qubes-os.org/doc/software-update-vm/ and I assume that we
> would add that in the upgrade step in the template somewhat like this: 
> 
> sudo dnf --releasever=26 distro-sync
> --enablerepo=qubes-vm-fedora-26-current-testing
It's only 'qubes-vm-r3.2-current-testing'.

> However, I don't seem to be able to guess the correct repo-name to add
> in here. I get 'unknown repo' with "fedora-26", "fedora26", & "fc26".
> How would I find the correct Repo name to put in here?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae63b18a-ec3f-4256-b278-fef48472fd0d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes 4.0rc2 install question

[Bernhard]

On 11/20/2017 05:38 AM, taii...@gmx.com wrote:
> I tried toinstall Q4.0-rc2 today. To my surprise the installer warns me
>> about hardware incompatibilities that should not exist, according to the
>> HCL : I have a i7-4600U cpu that has VT-x with EPT and VT-d as it
>> should.
>> So I am confused ... qubes-hcl-report says "HVM not active", same for
>> "I/O MMU" and further "no HAP". Is this a maybe BIOS setting I have to
>> change? Or another (non-cpu) hardware incompatibility?  Thank you,
>> Bernhard
> You gotta enable them in the BIOS configuration menu of course,
> assuming your motherboard has implemented those features.

Thank you, that was all. I am astonished that features of the CPU must
be enabled by BIOS, this was out of horizon of imagination to me.

Best, Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b8c8035-d366-ddaf-524a-fc6b833761c6%40web.de.
For more options, visit https://groups.google.com/d/optout.