date:20180407

Please share your experience with qubes-builder! I need help. Is that what you
are
doing?

Check out my notes:
I created a Template called Dev. This template is responsible for compiling the
kernel and qubes-builder. Its based on the latest stable Fedora. (FC27?)
Packages
installed include:
the list posted here:
https://github.com/rtiangha/qubes-linux-kernel/tree/devel-4.14-hard
as well as busybox, ncurses, ncurses-devel, rpm-sign, sparse, openssl-devel...
and possibly a few others.

I set up qubes-builder to run only my current Fedora and the only errors were
on Privileges. There is a command I used that fixed most of the privileges,
(and I dont have it right now, but I can find it again if anyone needs it)
then the errors posted that qubes-builder did not have correct privileges
for...
oh what was that file it was a common file in the /etc dir I think? Ill have
to go back and look that one up too.

Hope this helps. Let me know if you have any ideas for me. Ill update this when
I get a better grip.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/90ac9b1d-cc6f-49c4-a1a6-dc8e68b645b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] User issues with Qubes 4.0

2018-04-07 Thread frkla1234

Yes it seems to be the same problem!

I tried also with debian 9. The same problem.

During watching Youtube Videos with 720p it's jerkying. 

For the moment I'm watching at 480p and I'm trying not moving the cursor. Than 
it's not jerkying a lot.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b058e5c-7261-4d63-9000-68ffb653b0b7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] suggestion for quakity assurance of documentation

where is your email? I will email you. 

I too have found many problems. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11597ae5-f356-4fc4-a598-e50d4534588e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0 and HVM's

The proper way to create an HVM can be found here:
https://www.qubes-os.org/doc/hvm/

HVMs should be created from the terminal in dom0. Open a terminal:
$ qvm-create win7 --class StandaloneVM --property virt_mode=hvm --property
kernel="" --property memory=4096 --property maxmem=4096 --property debug=True
--label green

1. Your NetBSD-vm should have its netVM set as your default sys-firewall.
And your sys-firewall should have its netVM set to sys-net. sys-net should
then be connected to the internet using NetworkManager or your choice. After
that you will start your NetBSD-vm with the boot-cd/iso file.
$ qvm-start NetBSD-vm --cdrom=vault:/home/user/Downloads/NetBSD.iso
If you start it twice, the second time you start it you should use the
automatically created loop device. Otherwise, Qubes will continue to make
new loop devices and kill your RAM.
$ qvm-start NetBSD-vm --cdrom=dom0:loop1

2. 10Gb is the default for your root file system (rootfs) and 2Gb is default
for your homedir. If you didnt change these on your own, then I assume that
you would install /root to the 10Gb and /home to the 2Gb. Maybe you should
also change the 10Gb to 15Gb? Or 20Gb?

3. Maybe it hangs and does weird things because you did not set all the settings
with the terminal, as stated above?

Be careful you do not install NetBSD to the wrong partition. Try this:
Open a terminal in dom0. Type:
$ sudo pvs
$ sudo lvs
One of these commands will list all of your virtual machines. Take note that
any VM you have will list 3 VMs here. I installed kali recently and kali shows
3 different VMs instead of 2. I installed on the wrong one and now qubes is
broken. You do not seem to have this problem.

You could also change your VM to 0Gb for your private storage and 20Gb for your
system storage and see NetBSD reflect that when you try to install.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/251db4ea-f4a0-48fb-8342-f415ff1f4e7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] I think I found a moderately serious bug. And I could use some help with recovery. (kali/HVM/rootfs)

I tried to install kali again. Last time I couldnt get it to run, but with your
help, I correctly created an HVM. Now I did something stupid.

When partitioning, you will be shown 3 virtual drives. If you type 'pvs' (or is
it
'lvs'?) into the dom0 terminal, you will see 3 virtual partitions: kali,
kali-private and kali-root. Or something of the like.

I assume that is the 3 that you see in the kali-vm in qubes-manager.

Well, one is obviously my rootfs and one is my homedir. The third has a direct
correlation with the homedir. So when you change the size of the homedir, so
changes the other one.

The bug I think I have found is that when this third partition vm, if
overwritten,
overwrites dom0 from a virtual domain.

I tried to install kali on this third vm and the next time I booted Qubes,
errors were given that qubes-manager did not exist. I still could boot, but
no VMs could start.

Its possible that this could have something to do with loop devices and having
too many of them, maybe a buffer overflow? But I doubt it. After starting kali
repeatedly, loop devices were made again and again eventually denying me any
RAM
space to do anything including saving a text doc.

Now, I really dont want to reinstall everything but sometimes this is much
faster
than troubleshooting the issue. But does anyone have any good ideas?

Ive downloaded the source code for qubes-manager and Im going to try tomorrow
to compile it. But Ive never done this before, I dont know what all I have to
do.

$ sudo make rpms , right? Then what? Im going to have to boot into recovery
mode just to get the qubes-manager onto the machine.

Can I do
$ sudo dnf reinstall qubes-manager? or $ qubes-dom0-update --reinstall
qubes-manager?

What if I cant get internet access? Is the rpm still on my machine?

Thanks many!!

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e8a59a06-cc87-4553-aa71-fc2d2b410c90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] Updating migrated templates from 3.2

On Saturday, April 7, 2018 at 7:52:52 PM UTC-4, cooloutac wrote:
> On Saturday, April 7, 2018 at 3:20:36 PM UTC-4, p.o.m...@gmail.com wrote:
> > I mainly ask the question because I already had templates that were 
> > up-to-date in terms of software packages, so there's no real reason to be 
> > starting over there.
> > 
> > It would be nicer to be able to update whatever they need for their Qubes 
> > backend and keep the template going.
> > 
> > This is especially true for templates that are built on other distros, like 
> > Arch or Ubuntu.  I have to imagine the larger Qubes community will be 
> > looking for some way to migrate existing templates in a more seamless 
> > manner.
> 
> yes you can do that but you have to give it a non default name.   If its the 
> same name as default template then you will most likely run into problems.
> 
> I have had no problem restoring cloned templates from 3.2 into 4.0.  But I 
> have not tried to restore any appvms or templatevms with default names.

I'm sorry actually i have restored appvms with default names,  just not 
templates.  only cloned ones with non default names.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c770a8e3-ce94-40f9-bb34-b7319c36cddf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Issues with Yubikey 4 input

There’s one more thing I just learned; by default, usb keyboards are blocked 
from all VMs. You have to modify /etc/qubes-rpc/policy/qubes.InputKeyboard to 
allow the Yubikey to be connected to a specific VM if the classic yubico otp 
slots are enabled...because they mimic a keyboard.

Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67d6ca72-c437-4f64-9b0b-5514c3a1958c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Error: Failed to synchronize cache for repo 'qubes-vm-r4.0-current' with Fedora and 4.0?



Ohh in the terminal...doh!yes this fixes this error for me in fedora when 
using whonix as default updatevm for templates.  Tks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cfa396d2-1d88-45b5-a65e-e3a5e561b231%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: sys-net no network access after wake from sleep

Saw suggestion on github for people who have this issue on their lenovo laptops 
to add wifi module to blacklist.  I tried adding my ethernet module to the 
/rw/config/blacklist file in sys-net but it didn't help.

Neither did restarting network manager or network service from sys-net terminal 
after a resume from suspend.

Only thing that works is restarting sys-net vm.

There must be something i'm missing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69df71bf-2877-4221-8690-db3f7abe2d94%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Cloudflare DNS-over-HTTPS in Qubes?

On Saturday, April 7, 2018 at 8:56:34 AM UTC-4, tai...@gmx.com wrote:
> On 04/05/2018 04:54 PM, 799 wrote:
> 
> 
> 
>   Hello,
> 
> 
> On 5 April 2018 at 22:38, tai...@gmx.com  wrote:
> 
> 
>   
> Wow people are actually falling for cloudflares "privacy respecting"
> bullshit from a service that uses for example browser fingerprinting on
> every computer that it serves and blacklists sites based on how the CEO
> is feeling that morning. [...]
> 
> 
>   
>   Can your provide some additonal information to cover this?
> Regarding the blacklisting you are refering to the "Daily Stormer" case?
> Discussed also here;
> https://blog.cloudflare.com/why-we-terminated-daily-stormer/
> 
> Yes - today the lunatic fringe next the normal you and me websites -
> ex: now in court the rights enforcement companies are using that
> decision to argue that cloudflare can and should remove websites see
> the ALS-Scan case.
> 
> 
> 
> I don't trust a company that makes choices based on the CEO's
> feelings instead of boardroom policy.
> 
>   What exactly do you mean by browser fingerprinting?
> 
> You have to have javascript enabled to view a cloudflare website
> because it wants to fingerprint your computer.
> 
>   Are you talking about Browser Integrity Checks?
> 
> Oh yeah its for our own good and companies never lie.
> 
>   
> https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-
> 
> "[...] Cloudflare's Browser Integrity Check (BIC) is similar to Bad
> Behavior and looks for common HTTP
>  headers abused most commonly by spammers and denies access to your page.
> It will also challenge
>  visitors that do not have a user agent or a non standard user agent (also
> commonly used by abuse
>  bots, crawlers or visitors) [...]"
> 
> You wrote: "They are a front for an intelligence agency"
> 
> In general I'd like to that see claims - no matter which - are based on
> evidence or at least facts.
> How do you come to this conclusion?
> 
> 
> Because they are now able to monitor most of the internet? Tell me
> that isn't an absolutely perfect situation.

They are the same guys that have protected booter sites and many other shady 
sites to the chagrin of many So they don't cave to gov't pressure that easy 
if it makes you feel any better,  but ya what dns servers do you recommend?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd775842-654b-4c9e-a09d-b577568a762d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: desktop recommendations?

ya checked hcl report on my i5 and it says slat is enabled.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f62efbd0-ac0b-4286-98da-107aea0da4e5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] Updating migrated templates from 3.2

On Saturday, April 7, 2018 at 3:20:36 PM UTC-4, p.o.m...@gmail.com wrote:
> I mainly ask the question because I already had templates that were 
> up-to-date in terms of software packages, so there's no real reason to be 
> starting over there.
> 
> It would be nicer to be able to update whatever they need for their Qubes 
> backend and keep the template going.
> 
> This is especially true for templates that are built on other distros, like 
> Arch or Ubuntu.  I have to imagine the larger Qubes community will be looking 
> for some way to migrate existing templates in a more seamless manner.

yes you can do that but you have to give it a non default name.   If its the 
same name as default template then you will most likely run into problems.

I have had no problem restoring cloned templates from 3.2 into 4.0.  But I have 
not tried to restore any appvms or templatevms with default names.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9626792b-9dd0-4c2e-9d0f-cd0272a9c694%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Issues with Yubikey 4 input

2018-04-07 Thread john

On 03/15/2018 09:50 PM, ThierryIT wrote:

Le vendredi 9 mars 2018 19:34:06 UTC+2, Jon R. a écrit :

Hello,

I've scoured around the mailing lists / SO / Reddit and haven't come across a
solution to this yet. I'm running 4.0 (R4.0) and when I attempt to use my
Yubikey it's seemingly not picking up any input on the button press.

It's detecting the USB properly and I can attach it fine:

[cloe@dom0 Desktop]$ qvm-usb
BACKEND:DEVID DESCRIPTION USED BY
sys-usb:2-1 Yubico_Yubikey_4_OTP+CCID

[cloe@dom0 Desktop]$ qvm-usb attach work sys-usb:2-1

[cloe@dom0 Desktop]$ qvm-usb
BACKEND:DEVID DESCRIPTION USED BY
sys-usb:2-1 Yubico_Yubikey_4_OTP+CCID work

However upon button presses on the Yubikey in the "work" domain there is no
action. I've tested this in gedit, the terminal and elsewhere to no avail.

Can someone point me in the right direction as to what may be happening? I've
successfully attached storage devices and other smart card related devices
without any issue so it seems to be isolated to the Yubikey itself. I've tried
2 separate Yubikey 4's and an older version to no avail.

Thank you for your time.

- Cody

I had the same problem than yours ...
I was able, after a looong period of fight, to attached my Yubikey but it was
not working ...
I have found that it was not working with Firefox but only with Chrome ... I am
only using mu Yubikey to manage my PGP kys and to be authenticated on web site
like Github ...

Thx

By "Chrome" did you mean "chromium" or only "Chrome" , if so be curious
how you installed "Chrome", as I recall, Chrome was supposed to built
in U2F for gmail 2FAuth ; however FFox never has, and there is/was
probably a defunct "extension" for the U2F.

Personally, I am needing urgently to have HOTP / OTP to work for my
lastpass password manager.

The latest is I've installed new Yubikey packages in Fedora-26 and Dom0
and tried attaching the key and the other USB "biometric" thing via
the widget (in 4.0) both individually and together, to no avail.

I'm wondering if this might have something to do with Yubikey's design
of actually mimic'ing a keyboard

PS: Thisisn't just with the " Yubikey 4 "(I don't have that
key...& as another poster posted in this thread), I have 2 of the
earlier Yubi keys the Neo and another earlier one

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fc560462-d198-0dc2-1880-f5dbe3449da0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] Updating migrated templates from 3.2

2018-04-07 Thread p . o . mosier

I mainly ask the question because I already had templates that were up-to-date 
in terms of software packages, so there's no real reason to be starting over 
there.

It would be nicer to be able to update whatever they need for their Qubes 
backend and keep the template going.

This is especially true for templates that are built on other distros, like 
Arch or Ubuntu.  I have to imagine the larger Qubes community will be looking 
for some way to migrate existing templates in a more seamless manner.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8eede070-a7e2-4591-b8dd-107518ed62cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] Updating debian-9 template fails

2018-04-07 Thread p . o . mosier

This appears to have been fixed when I changed over the updateProxy value 
(which I brought up in another thread).  So everything here seems to work now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b13742b7-8e60-4385-8d77-7febf6f197c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] UpdateVM in global settings does nothing

2018-04-07 Thread p . o . mosier

That did it - thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/170803bd-f3b5-48d4-8704-f59929ca3304%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.0 and HVM's

2018-04-07 Thread lilleytrust89

Hello there, can you help me create HVM domains on Qubes OS?

create qubes vm -> standalone qube not based on a template -> random distro > 
boot CD from random domain

1. How to properly configure the network so that the system can be installed 
from the mirrors? ( the qubes settings show only gw, ip and the mask, google 
dns not work on me)

2. On which of xvdX to install the system correctly? (etc lsblk shows one disk 
volume of 2GB, the second is 10GB, i dont understand where i need to install 
system)

3. why during the installation process hangs and nothing happens? and sometimes 
the window is turned off and the domain is turned off? how and where do I see 
the console what's going on?

Big thanx, Ann.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1fb2357-5514-4bf1-b5ff-fe361432aae2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best pratice for crypto-currency wallets?

2018-04-07 Thread qubenix

Dave C:
> On Monday, August 21, 2017 at 8:33:32 PM UTC-7, Francesco wrote:
>> Anguilla
>>
>>
>>
>>
>> On Mon, Aug 21, 2017 at 8:14 PM,   wrote:
>> I'd like to use Qubes for my crypto-currency wallets.
>>
> 
> I scratched my own itch and made a qubes-friendly tool for XRP transactions.  
> I'd like to build the same for BTC, etc... but I don't yet know those as well.
> 
> Details on https://www.dave-cohen.com/blog/rcl-tool/
> 
> -Dave
> 
>  
> 
You can put any wallet in an offline VM and use qrexec to forward the
needed ports from your daemon. Here's a guide for doing it with monero:
https://getmonero.org/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.html.
The same basic procedure can be used for most crypto wallets.

-- 
qubenix
GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/560af0d7-da9e-94b8-1f76-4030bd31d458%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best pratice for crypto-currency wallets?

2018-04-07 Thread Dave C

On Monday, August 21, 2017 at 8:33:32 PM UTC-7, Francesco wrote:
> Anguilla
> 
> 
> 
> 
> On Mon, Aug 21, 2017 at 8:14 PM,   wrote:
> I'd like to use Qubes for my crypto-currency wallets.
> 

I scratched my own itch and made a qubes-friendly tool for XRP transactions.  
I'd like to build the same for BTC, etc... but I don't yet know those as well.

Details on https://www.dave-cohen.com/blog/rcl-tool/

-Dave

 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc48c2bc-60ca-4777-bffd-5825f6cbe4c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 and Private Internet Access? Tasket VPN solution...

2018-04-07 Thread Chris Laprise

On 04/06/2018 06:41 PM, vel...@tutamail.com wrote:

Totally willing to try to "avoid
the initial failure and restart, add a 2sec delay "sleep 2s" in rc.local
just before the first systemctl command; it will start quicker." Would you be
open to sharing the commands for this?

The command is just "sleep 2s".

If I am launching a VM from the GUI when would I put "sleep 2s" into the
terminal? I am learning but not there yet...

This is not important as it only saves about 8 seconds at startup.

I am using "openvpn-ip" file from PIA under Advanced OpenVPN SSL Restrictive
Configuration: https://www.privateinternetaccess.com/pages/client-support/
I then move each of the 3 individual files mentioned above into the
/rw/config/vpn folder.

Thanks again for the help...

Got your log... I think the real culprit shows up here:

"AUTH: Received control message: AUTH_FAILED"

This could mean the user/password weren't entered correctly. You can see
how its stored by issuing this command:

sudo cat /rw/config/vpn/userpassword.txt

To fix it you can edit that file, or run the --config step again from
the instructions.

Thanks for that tip...the password is good. Tested it with another application
and it is correct and working. The VPN proxy also had the correct password.

What else could this be?

I researched the error and it indicates there is a problem with the
username or password. You could try running the --config step again to
re-enter them.

You could also try checking that /tmp/userpassword.txt has the login
info as well...

sudo cat /tmp/userpassword.txt

If it doesn't have the info then there is something wrong with the
startup script.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/2f8048b4-cf7b-3c14-4fe3-08559247ea41%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] attached usb drives cant be used and removed

2018-04-07 Thread 'oralp' via qubes-users

Hello Qubes community,
I posted current problems here;
https://github.com/QubesOS/qubes-issues/issues/3797

I am unable to do anything with external drives, can you please help?

thank you all for your attention!

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dJ52c18NRbqA9Qgr2VVHDGukxwUJhaoSCqjvuVB5C747m9rEC7EaTdbk4k76_y1xD6CUFn50dp3DJnE0_X20dGj4sNPun-kYkJVpXrpgth0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: desktop recommendations?

On Saturday, April 7, 2018 at 9:03:39 AM UTC-4, Thierry Laurion wrote:
> Le sam. 7 avr. 2018 08:26,   a écrit :
> On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> > I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.
> 
> Which CPU in particular? Did you look it up at the following link?
> 
>   https://ark.intel.com/Search/FeatureFilter?productType=processors
> 
> > At least, they don't SAY they do.
> 
> SLAT exist on Intel i3 i5 and i7 from their first generation (nehalem). Its 
> nothing new.

After reviewing, I concur Re: SLAT/EPT.

The BIOS will still need to enable VT-x to make things work. And for Qubes 4.0, 
you will need to verify vt-d/IOMMU is supported and enabled in/by BIOS as well.

Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17681f81-3440-43f5-801e-d8a3ff1fd90f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: desktop recommendations?

2018-04-07 Thread Thierry Laurion

Le sam. 7 avr. 2018 08:26,  a écrit :

> On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> > On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion  wrote:
> > > You seem to have misunderstood. Ivy bridge and beyond on the Intel
> side will provide you with SLAT capabilities, IOMMU and virtualization,
> which is all that is required.  A x230 with 16gb ram and a i5 or i7 will
> provide you akk the power needed if you have an sad drive.
> >
> > I only went on what I was told. I have Ivy Bridge, and they don't have
> SLAT.
>
> Which CPU in particular? Did you look it up at the following link?
>   https://ark.intel.com/Search/FeatureFilter?productType=processors
>
> > At least, they don't SAY they do.
>
SLAT exist on Intel i3 i5 and i7 from their first generation (nehalem). Its
nothing new.

https://en.m.wikipedia.org/wiki/Second_Level_Address_Translation

Check Qubes HCL:
https://www.qubes-os.org/hcl/



> Which "they" are we talking about? If you mean Intel, they are on top of
> keeping the ark pages updated with this information.
>
> > Do they sometimes not say they have it even when they do?
>
> I doubt it. But CPU-reporting tools might misreport information due to a
> bug, or might report how the BIOS has configured the CPU rather than what
> the CPU is capable of.
>
> In addition to the CPU having to support certain features, many
> manufacturers don't enable the requisite virtualization features in the
> BIOS startup. Ignoring the closed-source firmware controversy (I don't want
> engage deeply on that, other than to say there are some complex ways of
> working around the BIOS issues with coreboot, etc. but there is no
> guarantee)...the BIOS issue is why I would recommend Thinkpad and Dell
> workstation-laptops from 2011 onward if the installed CPU has been verified
> in ARK* to have the supported features: VT-x with EPT or RVI *AND* VT-d or
> AMD-Vi aka IOMMU. These manufacturers went out of their way to do things
> correctly for their business-oriented machines, ensuring that all the
> higher-end CPU features could be utilized.
>
> E.g. why the "manufactured after 20xx" approach does not work...
>
> - I have a stack of purchased-used Thinkpad W520s here: manufactured in
> 2011 and 2012, they meet the prerequisites, as they have Sandy Bridge CPUs
> and proper support in BIOS.
>
> Sadly the embedded CPU in my GPX Pocket, manufactured in 2017, has an Atom
> x7-Z8750 (Cherry Trail family of power-efficient CPUs). While that CPU was
> released to market in 2016, and while it support VT-x, both EPT and VT-d
> are missing, so no QUBES 4.0 support. :(
>
> Last caveat: some Intel CPUs had broken support for these features in
> early steppings (manufacturer run tweaks), e.g. this one, which did not
> support EPT until the C2 stepping:
> https://ark.intel.com/products/63697/Intel-Core-i7-3930K-Processor-12M-Cache-up-to-3_80-GHz
>
> Brendan
>
> * AMD likely has a similar site to Intel's ARK site for use in gathering
> information on CPU features, but I haven't dug into that.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/747a5aa5-0540-4e94-9184-52cb849c09a2%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzJznzaE8FB%2BjdzuLnmKLRPaiwbxZCKnTwYtTAfy2kedK5iAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Cloudflare DNS-over-HTTPS in Qubes?

2018-04-07 Thread taii...@gmx.com

On 04/05/2018 04:54 PM, 799 wrote:

> Hello,
>
>
> On 5 April 2018 at 22:38, taii...@gmx.com  wrote:
>
>> Wow people are actually falling for cloudflares "privacy respecting"
>> bullshit from a service that uses for example browser fingerprinting on
>> every computer that it serves and blacklists sites based on how the CEO
>> is feeling that morning. [...]
>>
> Can your provide some additonal information to cover this?
> Regarding the blacklisting you are refering to the "Daily Stormer" case?
> Discussed also here;
> https://blog.cloudflare.com/why-we-terminated-daily-stormer/
Yes - today the lunatic fringe next the normal you and me websites - ex:
now in court the rights enforcement companies are using that decision to
argue that cloudflare can and should remove websites see the ALS-Scan case.

I don't trust a company that makes choices based on the CEO's feelings
instead of boardroom policy.
> What exactly do you mean by browser fingerprinting?
You have to have javascript enabled to view a cloudflare website because
it wants to fingerprint your computer.
> Are you talking about Browser Integrity Checks?
Oh yeah its for our own good and companies never lie.
> https://support.cloudflare.com/hc/en-us/articles/200170086-What-does-the-Browser-Integrity-Check-do-
>
> "[...] Cloudflare's Browser Integrity Check (BIC) is similar to Bad
> Behavior and looks for common HTTP
>  headers abused most commonly by spammers and denies access to your page.
> It will also challenge
>  visitors that do not have a user agent or a non standard user agent (also
> commonly used by abuse
>  bots, crawlers or visitors) [...]"
>
> You wrote: "They are a front for an intelligence agency"
>
> In general I'd like to that see claims - no matter which - are based on
> evidence or at least facts.
> How do you come to this conclusion?
Because they are now able to monitor most of the internet? Tell me that
isn't an absolutely perfect situation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cceea20e-d466-cfbb-43a1-c21880915653%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys

Re: [qubes-users] Re: desktop recommendations?

On Friday, April 6, 2018 at 9:27:11 PM UTC-4, Drew White wrote:
> On Saturday, 7 April 2018 10:41:13 UTC+10, Thierry Laurion  wrote:
> > You seem to have misunderstood. Ivy bridge and beyond on the Intel side 
> > will provide you with SLAT capabilities, IOMMU and virtualization, which is 
> > all that is required.  A x230 with 16gb ram and a i5 or i7 will provide you 
> > akk the power needed if you have an sad drive.
> 
> I only went on what I was told. I have Ivy Bridge, and they don't have SLAT.

Which CPU in particular? Did you look it up at the following link?
  https://ark.intel.com/Search/FeatureFilter?productType=processors

> At least, they don't SAY they do.

Which "they" are we talking about? If you mean Intel, they are on top of 
keeping the ark pages updated with this information.

> Do they sometimes not say they have it even when they do?

I doubt it. But CPU-reporting tools might misreport information due to a bug, 
or might report how the BIOS has configured the CPU rather than what the CPU is 
capable of.

In addition to the CPU having to support certain features, many manufacturers 
don't enable the requisite virtualization features in the BIOS startup. 
Ignoring the closed-source firmware controversy (I don't want engage deeply on 
that, other than to say there are some complex ways of working around the BIOS 
issues with coreboot, etc. but there is no guarantee)...the BIOS issue is why I 
would recommend Thinkpad and Dell workstation-laptops from 2011 onward if the 
installed CPU has been verified in ARK* to have the supported features: VT-x 
with EPT or RVI *AND* VT-d or AMD-Vi aka IOMMU. These manufacturers went out of 
their way to do things correctly for their business-oriented machines, ensuring 
that all the higher-end CPU features could be utilized.

E.g. why the "manufactured after 20xx" approach does not work...

- I have a stack of purchased-used Thinkpad W520s here: manufactured in 2011 
and 2012, they meet the prerequisites, as they have Sandy Bridge CPUs and 
proper support in BIOS.

Sadly the embedded CPU in my GPX Pocket, manufactured in 2017, has an Atom 
x7-Z8750 (Cherry Trail family of power-efficient CPUs). While that CPU was 
released to market in 2016, and while it support VT-x, both EPT and VT-d are 
missing, so no QUBES 4.0 support. :(

Last caveat: some Intel CPUs had broken support for these features in early 
steppings (manufacturer run tweaks), e.g. this one, which did not support EPT 
until the C2 stepping: 
https://ark.intel.com/products/63697/Intel-Core-i7-3930K-Processor-12M-Cache-up-to-3_80-GHz

Brendan 

* AMD likely has a similar site to Intel's ARK site for use in gathering 
information on CPU features, but I haven't dug into that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/747a5aa5-0540-4e94-9184-52cb849c09a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0: Can't connect to network over Ethernet

On Friday, April 6, 2018 at 7:04:38 PM UTC-4, hdct...@gmail.com wrote:
> THANK YOU! That fixed the problem.
> 
> I'm sorry for my slow reply, I had skipped the debian-9 template during the 
> install so I had to reinstall a couple of times (due to mistakes on my part) 
> to get it.
> 
> Once I switched sys-net to debian-9 I was able to connect and ping 
> successfully. I don't know how you knew to do that (are there different 
> drivers in the debian-9 template?) but it worked.

Indeed there are. In fact, on my Thinkpad W520, the network *doesn't* work in 
debian-9 due to a wireless driver issue. debian-8 does work though. I'll figure 
it out sometime...but I'm good for now. :)

Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/96df7925-7c47-41f4-8e44-51189ac7a5f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Easy way to convert AppVM to ProxyVM without editing?

On Sat, April 7, 2018 12:25 am, Drew White wrote:
> Is there an easy way to convert a guest without editing the XML and
> restarting all the time?

In Qubes R4.0, shutdown the AppVM, then:

qvm-prefs  provides_network True


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24514278b5de37f1867fec96be1079ae.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [4.0] qvm-create --class StandaloneVM throws exception in qubesd

On Fri, April 6, 2018 10:43 am, alej.apari...@gmail.com wrote:

>
> $ qvm-create vmname --class StandaloneVM --template fedora-26 --label
> orange app: Error creating VM: Got empty response from qubesd. See
> journalctl in dom0 for details.

I see you got an answer in
https://github.com/QubesOS/qubes-issues/issues/3793.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd262eac7d01b915c68dbf8d6341d44d.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] Updating migrated templates from 3.2

On Fri, April 6, 2018 2:02 pm, p.o.mos...@gmail.com wrote:
> Hello,
>
>
> I'm trying to get a fedora-25 template from Qubes 3.2 updated to Fedora
> 26 on Qubes 4.0.  This template has a variety of packages already
> installed and I thought it would be easier to bring this forward to
> Fedora 26 rather than trying to reinstall everything on the default
> fedora-26 template.
>
> It appears that the template update process is very different in Qubes
> 4.0, with networking changes and a number of repo updates.  Is there any
> documentation on how to get this to work, such as what files need to be
> updated and what configuration settings tweaked?

Usually you're going to be further ahead starting from the fedora-26
provided with 4.0 and re-adding packages, but if you want to try upgrading
from 3.2 25, search this mailing list. I think others have attempted it,
but don't believe there's an "officially supported" procedure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64062f31590f8f23594f00c0961419dd.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] Updating debian-9 template fails

On Fri, April 6, 2018 1:59 pm, p.o.mos...@gmail.com wrote:
> Hello,
>
>
> I recently migrated from Qubes 3.2 to 4.0 and it appears that the
> networking for all the template VMs is shut off by default.
>
> To update the default debian-9 template, I turned networking on and
> attached it to sys-firewall.  But when I run the template, it appears
> that I can't connect out to sys-net or to the outside world (any ping
> fails).  Is this a configuration bug?
>
> (In the meantime, how do I change the firewall to break through?)

https://www.qubes-os.org/doc/software-update-vm/#technical-details-r40

TL;DR version- templates don't need networking to update in 4.0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9d59df97978347ed57d95002ba61bcf.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Qubes 4.0] UpdateVM in global settings does nothing