[qubes-users] Re: how to add "Files" manually to AppVM

[Taehwan Kim]

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ddccd97-5759-459e-a9a3-e55cb9083c9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how to add "Files" manually to AppVM

[sevas]

> I tried to attach 1 hdd(storage block) to different vm at the same time) 
> something like this
> 
> qvm-block attach work dom0:sdd --persistent
> 
> qvm-block attach personal dom0:sdd --persistent
> 
> then if hdd is attached one appvm, it won't work in another appvm(not even 
> starting a appvm).
> 
> is it normal behavior?


Yes that is normal functionality. If you want to add a device with persistence
you must have the Virtual Machines turned off. AND you can only have one VM 
running at a time. The Qubes Team did make a reference to this here. 

https://www.qubes-os.org/doc/assigning-devices/
"While PCI device can only be used by one powered on VM at a time, it is 
possible to assign the same device to more than one VM at a time. This means 
that you can use the device in one VM, shut that VM down, start up a different 
VM (to which the same device is also assigned), then use the device in that VM. 
This can be useful if, for example, you have only one USB controller, but you 
have multiple security domains which all require the use of different USB 
devices."

As well, if you attach a usb device to multiple VMs, you are drawing an attack 
vector line from one to the next. USB devices, are inherently not trusted. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf5c94cc-d769-40c8-8bcf-7cc12b093826%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo

[berto00000001]

> It's in a bit of an indeterminate state right now:
> https://github.com/QubesOS/qubes-issues/issues/2971. Did regenerating
> initramfs with host only fix it for you, or did you just leave the
> keyboard setting on US on the reinstall?

Actually, I just pressed the keys as on an imaginary US keyboard after 
realizing one key was in a different position. That's a quite common method for 
non-US users -- you just need to be aware that you are dealing with a moved key 
in the first place. And there is no feedback when typing a password as first 
task on a new OS, obviously.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cbe34eb-5852-45a4-8e1d-ad4a53b56abb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2

[Chris Laprise]

On 03/27/2018 07:49 PM, vel...@tutamail.com wrote:

My Fedora setup is still working great. Passes OpenDNS check when they are 
added to config, reconnects generally after I turn off my wireless.

I am trying to get this to work with a stock Debian9 template(upgraded from 
Debian8 with stock install).

I can't seem to get it to work with Debian, the closest I have come is to a pop-up alert 
saying "Ready to connect" or words to that effect. I feel like I am missing a 
basic step in adding OpenVPN. I am adding the following commands:

su
apt-get install openvpn
apt-get install nautilus
apt-get install network-manager-openvpn-gnome   ?

It just works using the Fedora 26 template(Not minimal template)...

Any suggestions?

Thanks in advance...



An upgraded Debian 8 to 9 template is what I use normally. Adding 
network-manager bits is unnecessary.


If you get "Ready to connect" but nothing after, its possible you didn't 
add the vpn/vpn-client.conf file (via the command that starts with "ln 
-s"). The journalctl log would say somewhere that the file wasn't found, 
or could point out some other problem you need to address.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99bb189e-3317-8183-386a-151a62ad79ae%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how to add "Files" manually to AppVM

[velcro]

In Debian you need to install it:

su
apt-get install nautilus

By no means an expert...but I struggled with this in the Debian template AppVMs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d24e398b-1f86-4ea0-898c-efaffabad6b4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Setting up privateinternetaccess on qubes 3.2

[velcro]

My Fedora setup is still working great. Passes OpenDNS check when they are 
added to config, reconnects generally after I turn off my wireless.

I am trying to get this to work with a stock Debian9 template(upgraded from 
Debian8 with stock install).

I can't seem to get it to work with Debian, the closest I have come is to a 
pop-up alert saying "Ready to connect" or words to that effect. I feel like I 
am missing a basic step in adding OpenVPN. I am adding the following commands:

su
apt-get install openvpn
apt-get install nautilus
apt-get install network-manager-openvpn-gnome   ?

It just works using the Fedora 26 template(Not minimal template)...

Any suggestions?

Thanks in advance...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a96b06fc-0bec-43e1-9c20-806a66ce11cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

['awokd' via qubes-users]

On Tue, March 27, 2018 7:35 pm, G wrote:
> On 2018-03-27 18:10, G wrote:
>
>> Hello,
>> since it took a while for me to sum up all piece and a lot of trial and
>> error to get the whole setup working i took some notes to help other who
>> want to try something similar. Please note that everything written there
>> is public domain (so copy-edit-whatever).
>>
>> https://git.lsd.cat/g/thinkad-coreboot-qubes
>>
>>
>> I did it today in a hurry so any feedback, modification or
>> contribution is welcome.
>>
>>
>> Giulio
>>
>
> There's a typo in the url: should be
> https://git.lsd.cat/g/thinkpad-coreboot-qubes

Nice write up, and congratulations! I was pretty happy to get Coreboot
running on my system too.

PS Have you seen Heads? http://osresearch.net/


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33a5d37a086a73e27233a1543979d23e.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

['awokd' via qubes-users]

On Mon, March 26, 2018 6:36 am, qubesthrowa...@gmail.com wrote:

Could you please trim emails when you reply? It was hard to find your
questions in all that text!

> Would it be a bad idea to run a PCIe SSD off of this instead of the WiFi
> card?

I'm not sure you could fit one in there, the hole is only big enough for
half-height mini-PCIe cards.

> Would 1866MHz @ CL10 be as good/better?

Not sure on this one; Coreboot can be picky on memory timings. Might have
to dig in to the source code to see if that is supported, if nobody else
knows.

> I just ordered a G505S and several of these upgrades and I'm excited to
> try flashing coreboot and getting Qubes going on it.  Thanks for all the
> tips/help.

Welcome! Some of us G505s users are putting together a page with tips on
Coreboot and Qubes, but I'm not sure where it will end up yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e08ce7eb54c001a711c200acb10e0024.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

[G]

On 2018-03-27 18:10, G wrote:

Hello,
since it took a while for me to sum up all piece and a lot of trial
and error to get the whole setup working i took some notes to help
other who want to try something similar.
Please note that everything written there is public domain (so
copy-edit-whatever).

https://git.lsd.cat/g/thinkad-coreboot-qubes

I did it today in a hurry so any feedback, modification or
contribution is welcome.


Giulio


There's a typo in the url: should be
https://git.lsd.cat/g/thinkpad-coreboot-qubes

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9c690caf8abd16540d5d99e905fdff2%40anche.no.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - FUJITSU T937

[mein . angebot]

I'm absolutley new to linux, thus i had many difficulties and will stay 
for first to a simpler os like ubuntu.


Card ready is working. I hve not been able to get the network devices 
working.


The installation works well but i had to use this (also in txt):



Boot device not recognized after installing

Some firmware will not recognize the default Qubes EFI configuration. As 
such, it will have to be manually edited to be bootable (this will need 
to be done after every kernel and Xen update.)


    1. Copy /boot/efi/EFI/qubes/ to /boot/efi/EFI/BOOT/.
    2. Rename /boot/efi/EFI/BOOT/xen.efi to /boot/efi/EFI/BOOT/BOOTX64.efi.
    3. Rename /boot/efi/EFI/BOOT/xen.cfg to /boot/efi/EFI/BOOT/BOOTX64.cfg.

https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing



Another Problem was, that the integrated keyboard was not recognized for 
unloking the encrpted drive, there i had to use an external usb 
keyboard. later the notebooks integrated keyboard works fine.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b793feb-49b1-a809-4afc-5daa5e58ddbd%40gmx.de.
For more options, visit https://groups.google.com/d/optout.
---
layout:
  'hcl'
type:
  'convertible'
hvm:
  'yes'
iommu:
  'no'
slat:
  'yes'
tpm:
  'unknown'
brand: |
  FUJITSU
model: |
  LIFEBOOK T937
bios: |
  Version 1.12
cpu: |
  Intel(R) Core(TM) i5-7300U CPU @ 2.60GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Device [8086:5904] (rev 02)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation Device [8086:5916] (rev 02) (prog-if 00 [VGA controller])
  Intel Corporation Device [8086:9d35] (rev 21)
gpu-short: |
  FIXME
network: |
  Intel Corporation Ethernet Connection (4) I219-LM (rev 21)
  Intel Corporation Device 24fd (rev 78)
memory: |
  8056
scsi: |


versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R3.2
  xen: |
4.6.1
  kernel: |
4.4.14-11
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

Boot device not recognized after installing

Some firmware will not recognize the default Qubes EFI configuration. As such, 
it will have to be manually edited to be bootable (this will need to be done 
after every kernel and Xen update.)

1. Copy /boot/efi/EFI/qubes/ to /boot/efi/EFI/BOOT/.
2. Rename /boot/efi/EFI/BOOT/xen.efi to /boot/efi/EFI/BOOT/BOOTX64.efi.
3. Rename /boot/efi/EFI/BOOT/xen.cfg to /boot/efi/EFI/BOOT/BOOTX64.cfg.

https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing

[qubes-users] Guide on installing Qubes and Coreboot with encrypted boot on thinkpads

[G]

Hello,
since it took a while for me to sum up all piece and a lot of trial and 
error to get the whole setup working i took some notes to help other who 
want to try something similar.
Please note that everything written there is public domain (so 
copy-edit-whatever).


https://git.lsd.cat/g/thinkad-coreboot-qubes

I did it today in a hurry so any feedback, modification or contribution 
is welcome.



Giulio

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b86e10cc71df1700ed87b110a142a131%40anche.no.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo

[gluvfox]

On Sunday, March 25, 2018 at 2:15:31 AM UTC-7, berto0...@gmail.com wrote:
> I'm having the same issue on a Thinkpad X230 with the latest Lenovo BIOS 
> (2.71). Installation went fine, XEN is booting and throwing many lines 
> without any obvious errors (please let me know how to obtain that log as text 
> if possible, else I have an actual photo of the screen), the the screen is 
> going black.
> 
Regarding "how to obtain that log" - I took a video of the boot process and 
typed it in. I couldn't find any logs on the system. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2462c5c6-4274-4d17-923a-a4a551c8f85b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Enigmail v2.0 broke split-gpg

[Michael Carbone]

On 03/27/2018 06:45 AM, Michael Carbone wrote:
> On 03/27/2018 06:41 AM, 'Eric Barrett' via qubes-users wrote:
>> On Tuesday, March 27, 2018 at 5:45:56 AM UTC-4, Michael Carbone wrote:
>>> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
>>> the time being.
>>>
>>> You can do the same by downloading v1.9.9 and manually installing in
>>> thunderbird (and unchecking "update addons automatically"):
>>>
>>> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
>>
>> Thanks, Michael. That worked for me. How can we follow any updates if this 
>> is an Enigmail bug, at least in so far as we can know when we can update to 
>> the latest version?
> 
> You can follow the enigmail-users mailing list & the thread I created to
> watch for updates:
> 
> https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-March/004854.html

also there is a qubes-issues issue that has a workaround:

https://github.com/QubesOS/qubes-issues/issues/3750

Thanks TFQOS for clarifying what the issue is.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e992e2d8-a131-b1d2-5db2-a0ae0fd78a4a%40accessnow.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

[qubesthrowaway]

On Thursday, January 19, 2017 at 7:28:12 AM UTC-6, qma ster wrote:
> четверг, 19 января 2017 г., 12:16:12 UTC+3 пользователь qmast...@gmail.com 
> написал:
> > четверг, 19 января 2017 г., 7:08:46 UTC+3 пользователь Asterysk написал:
> > > On Thursday, 19 January 2017 03:04:32 UTC+4, tai...@gmx.com  wrote:
> > > > As always physical access is a checkmate situation, you need to not be 
> > > > an idiot and don't leave your stuff in overseas hotel rooms or not have 
> > > > secure locks on your door.
> > > 
> > > Unless USB port seals (e.g. 
> > > http://www.padjack.com/padjack-versions/usb-port-lock/) are put in place 
> > > as soon as the laptop is removed from the manufacturers box it is 
> > > impossible to know whether someone has installed a device that has in 
> > > turn infected firmware. A similar situation for any DMA access ports 
> > > (Thunderbolt etc) 
> > > 
> > > I'm interested in being able to take a possibly infected laptop (i.e. 
> > > infected with firmware malware) and reset it to a known safe starting 
> > > point. Coreboot seems to handle the BIOS (thank you for clarification 
> > > that it completely rewrite legacy and UEFI). Replacing the HD with a new 
> > > SSD should handle that firmware attack vector. That leaves the other 
> > > EEPROMS.
> > > 
> > > I figure, if I'm going to strip down my G505S to reflash with Coreboot, I 
> > > should see what other EEPROMs I can reflash.
> > > 
> > > Apart from the obvious RAM and SSD upgrade and possible putting switches 
> > > on peripherals, are there any other hardware mods you can suggest for the 
> > > G505S.
> > > 
> > > Having sorted out the hardware, I am then going to be looking to use 
> > > Qubes to protect against any attempts to reflash through Malware and 
> > > after thats done, I'll be looking for ways to detect that any attack is 
> > > being attempted.
> > > 
> > > All in all I think I've got about a years work ahead !
> > 
> > To reduce the number of "EEPROMs" you could disconnect: a touch pad, DVD 
> > drive, web camera ; Maybe also a small board with LS-9901P part number 
> > (dont confuse with LA-9901P), see its' google pictures online - and 
> > according to G505S laptop's LA-A091P motherboard datasheet (which also 
> > contains a datasheet for laptop's smaller boards) this board has a Realtek 
> > chip for card reader. By the way, you could either find out what lines of 
> > flex cable the card reader is using, and install a custom jumper on them ; 
> > or maybe get a flex cable with the same number of pins / same pitch between 
> > them , find (from datasheet?) what lines that lonely USB port is using to 
> > get to Bolton-M3 FCH, get a USB female header and solder a custom adapter 
> > which adds only a USB port to laptop (so no card reader chip). Probably the 
> > hardest thing to do is to disconnect a web camera - you will need to tear 
> > down a screen which is quite risky. BTW screen also contains the internal 
> > reprogrammable memory (e.g. for storing EDID), and a malicious firmware 
> > could cause screen to transfer information through electromagnetic impulses 
> > (TEMPEST? - http://www.surasoft.com/articles/tempest.php )
> > 
> > Actually it is possible to remove a motherboard with CPU, CPU Fan, 
> > Heatsink, Power Jack Wire, and Power Button Board attached (could make a 
> > custom power button adapter with huge convenient buttons!) and create a 
> > custom case for all this stuff. If you are lucky you could find someone 
> > selling a used G505S with broken screen for very cheap price, and do that. 
> > This way you avoid webcam, screen, dvd drive, touchpad, card reader chip, 
> > and internal keyboard (see below why)
> > 
> > Maybe don't need to seal the USB ports yet: it not just seriously reducing 
> > the usability of this laptop, but also makes it impossible to connect a USB 
> > keyboard. Maybe you would prefer that, when you type, your keystrokes are 
> > going through external keyboard's USB controller, rather than through 
> > laptop's Embedded Controller KB9012 which has a closed source firmware and 
> > controls PS/2-like laptop's internal keyboard. You could make your own open 
> > hardware USB keyboard with open source firmware, and using it will be 
> > slightly safer (and slightly less convenient) than laptop's internal one
> > 
> > Also, another possible hardware mod (not related to security) - instead of 
> > DVD drive you could install a fan for extra cooling, see 
> > http://forum.notebookreview.com/threads/10mm-5v-cooler-instead-of-laptops-dvd-slimline-sata.797064/
> >  . Although dont know if it worth it, because some really great external 
> > USB coolers are available - 
> > https://www.aliexpress.com/item/Mini-LCD-Vacuum-USB-Cooler-Air-Extracting-Cooling-Fan-Turbo-Radiator-Low-Noise-Desgin-for-Laptop/32231641439.html
> 
> Please read a message above... If we are talking about the motherboard, main 
> board of this laptop : aside from 4MB BIOS flash chip and 128KB EC KB9012's 
> 

[qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo

[gluvfox]

On Sunday, March 25, 2018 at 2:15:31 AM UTC-7, berto0...@gmail.com wrote:
> I'm having the same issue on a Thinkpad X230 with the latest Lenovo BIOS 
> (2.71). Installation went fine, XEN is booting and throwing many lines 
> without any obvious errors (please let me know how to obtain that log as text 
> if possible, else I have an actual photo of the screen), the the screen is 
> going black.

Regarding "hot to obtain that log" - I took a video of the boot process and 
typed it in. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a514ddb-6b10-4063-a15c-cee0130a2f01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Enigmail v2.0 broke split-gpg

['TFQOS' via qubes-users]

Workaround proposed in https://github.com/QubesOS/qubes-issues/issues/3750 
works for me in R3.2
I added a well formatted patch in the comments.

TFQOS - Thanks For Qubes OS

‐‐‐ Original Message ‐‐‐
On 27 March 2018 5:40 PM, cubit  wrote:

> 27. Mar 2018 09:45 by mich...@qubes-os.org:
>
>> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
>> the time being.
>>
>> You can do the same by downloading v1.9.9 and manually installing in
>> thunderbird (and unchecking "update addons automatically"):
>>
>> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
>>
>> I will email Enigmail mailing list so that they are aware.
>
> Is anyone else who downgraded back to 1.9.9 getting stuck with a big 
> autocrypt header being displayed and a missing email body when receiving 
> emails from enigmail 2.0 users?
>
> Any persons got the workaround listed here: 
> https://github.com/QubesOS/qubes-issues/issues/3750 to work in 3.2?   Is 
> there a particular line it needs to be done on.When I add it to the file, 
> all that happens is my work VM connects to my vault VM and I get a blank 
> email no decrypted message
>
> cubit.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/L8c6SKz--3-0%40tutanota.com](https://groups.google.com/d/msgid/qubes-users/L8c6SKz--3-0%40tutanota.com?utm_medium=email_source=footer).
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LsbWMYGjJroUnS691z0fRirMOZayMHDvX7kJ1eGnj_b8yXL9657wGQjc-wyGSZUr58jNuorZidc4_dfRKfZVnSvte8Uy3_N6lkRZrKwMKTo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how to add "Files" manually to AppVM

[Ivan Mitev]

On 03/27/2018 07:11 PM, Taehwan Kim wrote:
> Hi!
> as title says, How can I add manuaaly "Files" to my appvm menu?
> 
> I can't find it in APplication list in appvm and templatevm also.

The "Files" app is provided by the "nautilus" package; it's installed by
default in both the standard and minimal fedora-26 templates (assuming
you use one of these templates) so it's strange that you don't see it in
the VM's "Qubes Settings" / applications tab.

Did you try to click on "refresh the applications" ?


> Where can I find it?
> 
> and 1 more question.
> I tried to attach 1 hdd(storage block) to different vm at the same time) 
> something like this
> 
> qvm-block attach work dom0:sdd --persistent
> 
> 
> qvm-block attach personal dom0:sdd --persistent
> 
> then if hdd is attached one appvm, it won't work in another appvm(not even 
> starting a appvm).
> 
> is it normal behavior?

accessing the same device with a non-cluster aware filesystem from
multiple locations is a receipt for file corruption so I imagine the
qubes dev have implemented a fail-safe. Can't say for sure though.

> 
> Thanks!
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fec6cf4f-3788-6c08-bfef-6727896c9bae%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to add "Files" manually to AppVM

[Taehwan Kim]

Hi!
as title says, How can I add manuaaly "Files" to my appvm menu?

I can't find it in APplication list in appvm and templatevm also.
Where can I find it?

and 1 more question.
I tried to attach 1 hdd(storage block) to different vm at the same time) 
something like this

qvm-block attach work dom0:sdd --persistent


qvm-block attach personal dom0:sdd --persistent

then if hdd is attached one appvm, it won't work in another appvm(not even 
starting a appvm).

is it normal behavior?

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/365abc19-b63b-4685-a606-b240d3eee612%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Enigmail v2.0 broke split-gpg

[cubit]

27. Mar 2018 09:45 by mich...@qubes-os.org :

> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
> the time being.
>
> You can do the same by downloading v1.9.9 and manually installing in
> thunderbird (and unchecking "update addons automatically"):
>
> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
>  
> 
>
> I will email Enigmail mailing list so that they are aware.
>







Is anyone else who downgraded back to 1.9.9 getting stuck with a big autocrypt 
header being displayed and a missing email body when receiving emails from 
enigmail 2.0 users?




Any persons got the workaround listed here: 
https://github.com/QubesOS/qubes-issues/issues/3750 
 to work in 3.2?   Is 
there a particular line it needs to be done on.    When I add it to the file, 
all that happens is my work VM connects to my vault VM and I get a blank email 
no decrypted message








cubit.










-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L8c6SKz--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Using Qubes for forensic/Data extraction of a raw image that should stay RO

[Thierry Laurion]

Hello all,

I've been extracting raw disk data from a 1TB from ddrescue for the past week. 
The last pass is showing a lot of errors, which means that I will have to 
repair the data before extracting it elsewhere, and i'm lacking space.

What I want to do is use Qubes to use that disk as a Standalone template, and 
save the changes elsewhere for the created VM, limiting the sizes of COW for 
only the reperations that will occur.

How would I accomplish that? The extracted file disk image is on another disk, 
mounted in sys-usb. Would it be possible to boot that disk an a newly created 
AppVM using that disk image? How would I do that?

Thanks a bunch! Thierry

Note: also posted here: 
https://www.reddit.com/r/Qubes/comments/87jbfm/using_qubes_for_forensicdata_extraction_of_a_raw/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/861436a7-b6ae-4af7-9a49-900f48b85aa5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Enigmail v2.0 broke split-gpg

[mossy]

Michael Carbone:
> On 03/27/2018 06:41 AM, 'Eric Barrett' via qubes-users wrote:
>> On Tuesday, March 27, 2018 at 5:45:56 AM UTC-4, Michael Carbone wrote:
>>> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
>>> the time being.
>>>
>>> You can do the same by downloading v1.9.9 and manually installing in
>>> thunderbird (and unchecking "update addons automatically"):
>>>
>>> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
>>
>> Thanks, Michael. That worked for me. How can we follow any updates if this 
>> is an Enigmail bug, at least in so far as we can know when we can update to 
>> the latest version?
> 
> You can follow the enigmail-users mailing list & the thread I created to
> watch for updates:
> 
> https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-March/004854.html
> 
> Michael
> 

Thanks, Michael, for being so on top of development of enigmail, which
so many people rely on.

My preferred fix would be for Linux enigmail users *never* to rely on
the Thunderbird Add-ons/Extensions menu to install Enigmail -- instead,
uninstall Engimail from Thunderbird Add-ons/Extensions menu, shut down
Thunderbrid, then install Enigmail from your Linux distribution
repository.  In Qubes, shut down your email client Qube/AppVm, the from
its templateVM:

[user@debian-9 ~]$ sudo apt-get install enigmail

[user@fedora-26 ]$ sudo dnf install thunderbird-enigmail

The version is still 1.99 in the repos.  Once 2.0 lands in
debian-unstable I'll see if it breaks and file a qubes bug report, so
that the qubes split-gpg community can be on top of this when the
"stable" repos go to Enigmail 2.x -- note that debian only has 2.0 in
the "experimental (rc-buggy)" repository, so it seems best not to
trouble Qubes devs with this issue just yet.

Some things for others on this thread to consider:

* you shouldn't be using fedora-25 templates anymore, mate!  They've not
received security updates for many months now.  Upgrade your template
like so:

https://www.qubes-os.org/doc/template/fedora/upgrade-25-to-26

Or install from scratch and change your AppVM templates and system-wide
default template.  From a dom0 terminal:

[username@dom0 ~] sudo qubes-dom0-update qubes-template-fedora-26

* over years of doing community group thunderbird+enigmail trainings
I've found that almost invariably Linux users will have some random
problem using the Thunderbird Add-on/Extension version, and that the
distro repo version fixes this.

* using qubes split-gpg in some cases it seems that the passphrase
prompt is broken, so you may have to clear the passphrase.  Qubes
developers consider the gpg passphrase to add no significant protection
(i.e. an attacker of gaining access to your machine to obtain your
private key would find it trivial to also obtain the passphrase; an
exception might be for external backups, in which case your backup
images and/or drive should be protected with a strong passphrase anyway).

Stay safe out there,

-m0ssy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29017d82-08c9-0565-7bd2-89ee8e10b70d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo

['awokd' via qubes-users]

On Tue, March 27, 2018 1:44 pm, berto0...@gmail.com wrote:
>

>> Are you using a non-default keyboard layout? You might have to
>> regenerate initramfs with the host only option.
>
> Thanks. It turned out that Qubes always assumes an US keyboard layout for
> the LUKS unlock, even if a different keyboard was specified in the
> installation. I had an ASCII character in my password that is on a
> different key; I had never noticed that before.
>
> Is the fixed keyboard layout by design or should it be considered a bug?

It's in a bit of an indeterminate state right now:
https://github.com/QubesOS/qubes-issues/issues/2971. Did regenerating
initramfs with host only fix it for you, or did you just leave the
keyboard setting on US on the reinstall?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90efcefb73a202c6e324303ce7ca8b21.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Q4-rc5] Blank screen on boot after installation on Lenovo

[berto00000001]

> Are you using a non-default keyboard layout? You might have to regenerate
> initramfs with the host only option.

Thanks. It turned out that Qubes always assumes an US keyboard layout for the 
LUKS unlock, even if a different keyboard was specified in the installation. I 
had an ASCII character in my password that is on a different key; I had never 
noticed that before. 

Is the fixed keyboard layout by design or should it be considered a bug?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a572d56-847d-4302-839d-04b2d19ce531%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Spilt-GPG help - 3.2

[velcro]

I am not sure if the "Split-GPG" is for email signing and encryption only but I 
am being prompted to enter a password for a VM that I use for email. Is this 
expected? I like the idea of a password to access this VM but is there a better 
way to secure this?  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c91db6ae-f686-4b88-a267-200543eeda2f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Enigmail v2.0 broke split-gpg

[Michael Carbone]

On 03/27/2018 06:41 AM, 'Eric Barrett' via qubes-users wrote:
> On Tuesday, March 27, 2018 at 5:45:56 AM UTC-4, Michael Carbone wrote:
>> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
>> the time being.
>>
>> You can do the same by downloading v1.9.9 and manually installing in
>> thunderbird (and unchecking "update addons automatically"):
>>
>> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
> 
> Thanks, Michael. That worked for me. How can we follow any updates if this is 
> an Enigmail bug, at least in so far as we can know when we can update to the 
> latest version?

You can follow the enigmail-users mailing list & the thread I created to
watch for updates:

https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-March/004854.html

Michael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1167516c-f54e-e8fb-ff71-b0618e3f3ef6%40accessnow.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Enigmail v2.0 broke split-gpg

['Eric Barrett' via qubes-users]

On Tuesday, March 27, 2018 at 5:45:56 AM UTC-4, Michael Carbone wrote:
> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
> the time being.
> 
> You can do the same by downloading v1.9.9 and manually installing in
> thunderbird (and unchecking "update addons automatically"):
> 
> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream

Thanks, Michael. That worked for me. How can we follow any updates if this is 
an Enigmail bug, at least in so far as we can know when we can update to the 
latest version?

Eric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e14eb68a-5eef-4716-8272-3a823fa6616b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.