Re: [qubes-users] Re: old version of xscreensaver

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 1/2/19 11:16 PM, seshu wrote:
> On Wednesday, January 2, 2019 at 9:42:47 PM UTC-7, pixel fairy
> wrote:
>> xscreensaver complains about being an old version. doubt this
>> matters, but might scare some users.
> 
> I just started noticing the message also.
> 

Yes, this is a known issue:

https://github.com/QubesOS/qubes-issues/issues/3652

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwttHkACgkQ203TvDlQ
MDCb3hAAuZAyO2vQqj9HKKY2blRAS4bW6Oxdjn8tdc/xEGNMfVh5MP76lJLlB+1h
UghUFqPCu2Yn6Sr2rXCGFoU2mWFlooRVPOt8Tw7XcUlwxY2bNA7nbndaEMIuQSXh
A9I4yxCGhEmQ5qQg+09vHq1pYAtxJPwIRvRosnIU6/lLTrqqTT6eivMmKumTfibs
962VMGR8t8cWZk5JkLdVsPdln2YVWpdShf7IKzk3CDJuV2+3ZXmQ1J3S2ufMjlHx
0+YZ4iVtaCQIpYuQgVz1wCjvIC3AlKmHYFJ5Ww8b829DBWPVE51sj3JNSp0Fo8zM
mws78ibQdkGKU29JrqwMsSJj/mLOM9xVI9uA65H18s9HlYeJJ/2fedneEEqxd4Og
P466G6tQI8wOomNnxctcg1p/JbXqIRp1T7nyq6sJeIzyy3vhxYb7fhcxMnH5a4Yi
UP0tLaCjAm3Qf6yfn9pFwDh0vRKvbcCyk//EuTNpSE5ENKxSbrDRE26kyd3uvRpm
PnF4Q/eXs4DpPSn1igvhBwFKRr/ZDw9aMTmRKdKIupWVFQFKgeaMV4YCc6MEIvFt
YVPgHtEob012F8P2u88DUdsGfL1dkqtW3Ox1oIber+l2wwcP/aZ/6fAzwAIq7xx1
HqhKzw9GVyyaS1qcrwr3N+z+7dZdKiAnmFQQhUyiAz/bwjd9rww=
=Feki
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f94edf5-ec40-99d5-03db-e6d2ff0fd641%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: old version of xscreensaver

[seshu]

On Wednesday, January 2, 2019 at 9:42:47 PM UTC-7, pixel fairy wrote:
> xscreensaver complains about being an old version. doubt this matters, but 
> might scare some users.

I just started noticing the message also.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c9509b2-27ac-4c51-9de6-de1d7921d3d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] old version of xscreensaver

[pixel fairy]

xscreensaver complains about being an old version. doubt this matters, but 
might scare some users.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7090547a-5ce8-43a5-9ef1-20cbb15763e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL -

[Ed Thompson]

This has been the best Linux laptop I have owned. Qubes 4.0 is somewhat
limited by the 8 Gbytes of RAM. I can only run two or three qubes at once.
Video works nicely, dual video support works, audio works and is decent for
the laptop size. Laptop hibernates correctly. Battery life is good.
Touchpad is a bit fidgety for me, but it was under Ubuntu also. Brightness
and sound function keys work correctly. Wifi works correctly.


-- 
Ed Thompson
edt...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACmnumrLJ_pRvzSJ%2Bt3QJ09cHcz8F1UGG_4BPTJrttXWaGUqbQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASUSTeK_COMPUTER_INC_-UX330UAK-20190102-231837.yml
Description: application/yaml

Re: [qubes-users] Help setting up a expressvpn proxy VM

[Chris Laprise]

On 01/02/2019 07:44 PM, 799 wrote:


On Thu, 3 Jan 2019 at 01:19, Chris Laprise > wrote:


Hmmm, that 3.x language should be changed in the doc. Where its says
"proxyVM", that simply means "appVM with provides network" in Qubes 4.0.


I thought U found out how to have OpenVPN auto-connect after the sys-vpn 
AppVM has launched:


1) right click in on the network manager applet icon of the sys-vpn AppVM
2) edit connections
3) Choose the ethernet (NOT the VPN connection) and then preferences
4) 1st Tab "General" choose "Automatically connect to VPN when using 
this connection"

and choose the ExpressVPN connection here.

As far as I understand this makes it unnecessary to run step 4 from the 
Qubes VPN howto.


Actually IIRC step 4 was added because NM also has (or had) a bug in its 
automatic VPN startup.


Only step 5 ("Make the network fail-close for the AppVMs if the 
connection to the VPN breaks") is then needed.


Recommended.

I also tested this by closing and restarting sys-vpn but it seems that 
enabling this option "automatically connect to VPN doesn't survice 
reboots of the AppVM.
I guess that this setting has also to be placed in the network manager 
config file for the ethernet connection which is placed in 
/rw/config/NM-system-connections/qubes-uplink-eth0

but I don't know the right options to write into the file yet.

You're right there is a kind of forwarding (via dnat) issue to take
care
of, however that and anti-leak are what the vpn doc and
Qubes-vpn-support were created for. The latter (which is my own
project)
has only 4 basic steps with no editing necessary.

BTW, the expressvpn app doesn't deal with the Qubes forwarding
issue, so
you can be sure it doesn't address security fully either. That is a
recipe for leaking unencrypted packets.


I think I do not fully understand what this means? If I disable the VPN 
connection in sys-vpn my AppVMs which are using this VM as netvm can't 
connect to the network and this should mean that no leakage should 
happen correctly (and all traffic goes through the VPN).
Additionally I am using browser plugins like https everywhere and 
disable unecrypted connections.


Under various circumstances, your vpn vm could behave like sys-firewall 
when the vpn connection stops. In such cases, traffic could pass through 
without encryption. The best blanket policy to stop any chance of that 
happening is in step 5.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99ea7c3d-2d56-e049-ade3-5f33f6ae1c4c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Split gpg is just too cool.

[John Smiley]

BTW, there is an excellent split config in Qubes for OTP that leverages the 
standard Linux oathtool, which does exactly the same thing as Google 
Authenticator, Lastpass Authenticator, etc.  They all implement TOTP and 
generate the same keys given the same starting key and an accurate clock.

https://www.qubes-os.org/doc/multifactor-authentication/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abc174e9-69da-439d-9de9-fe4cfa05655e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Split gpg is just too cool.

[John Smiley]

On Wednesday, January 2, 2019 at 11:54:57 AM UTC-8, John S.Recdep wrote:
> On 12/26/18 4:49 AM,
> brendan.hoar-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:
> > On Tuesday, December 25, 2018 at 9:56:40 PM UTC-5, John Smiley wrote:
> >> U2F Proxy is not so cool. So far no joy getting it to work. Someone on 
> >> reddit
> >> had similar issues and questions and resolved by installing USB keyboard
> >> support. That’s not mentioned in the Qubes docs and I hope we don’t have to
> >> resort to that.
> > 
> > I haven't yet tried the U2F proxy, it is on my todo list.
> > 
> > I'm also not quite so happy about the complexity of getting a security 
> > focused device (yubikey) working with a security focused OS (QubesOS). 
> > 
> > I believe I understand the nature of the yubikey problem, though: Qubes is 
> > engineered to protect you from untrusted peripherals...and this somewhat 
> > conflicts with the design of yubikeys on multiple fronts: we want to use 
> > yubikeys across multiple VMs (using devices across VMs increases risk); 
> > yubikeys are composite USB devices, which means they often have multiple 
> > endpoints for different functions (HID keyboard plus, CCID 
> > smartcard/javacard, U2F) which makes securely proxying them more complex; 
> > and for those who have serious safety risks, a fake yubikey could destroy 
> > one's opsec in multiple ways...even a real one could if you are not careful 
> > with your usage.
> > 
> > In my case, I have decided to somewhat compromise QubesOS security a bit 
> > and disable the USB/HID keyboard protections in Qubes dom0 for now so that 
> > I could log into LastPass with my yubikey OTP in a couple of my VMs without 
> > too much fiddling. I have kept notes on the changes and how to reverse them.
> > 
> > So, as I said above, I haven't addressed the U2F compatibility on my 
> > current R4 build (but neither do I have a multipmedia VM set up with Chrome 
> > yet :) ). So, I use my backup method of yubico authenticator on another 
> > device and type in six-digit TOTP codes instead of using the U2F 
> > functionality.
> > 
> > Anyway, I suggest keeping a running log of modifications/configurations 
> > (both TODO and done) somewhere easily accessible across devices (I use a 
> > google doc) to speed future configurations/rebuilds. I don't keep anything 
> > that needs to be secure there, just notes, simple scripts, etc.
> > 
> >> If that were a requirement, surely the docs would have
> >> mentioned it.
> > 
> > Haha. Er, I mean, that *should* be the case... :)
> > 
> > Brendan
> > 
> 
> I'd like to see your "notes" on the yubikey and lastpass,  as I long ago
> gave up  on using my Yubikey in OTP mode, despite many trials 
> 
> I have the U2F proxy working it seems but just use it for 2FA for gmail
> and such , lastpass I'm stuck using the Authenticator on a Mobile phone
> . because I can't use the OTP
> 
> my qubes system has a USB -> PS/2  converter, I might run qubes on
> another computer but it has no PS/2  port and I fear botching the
> sys-usb and getting locked out of the install again . so I don't try

If I need to use the YubiKey for OTP, I attach it directly to the qube that 
needs it and then disconnect it once I no longer need it.  For LastPass, I have 
a Qube just for that which uses a browser that I have marked as trusted, so I 
only need the YubiKey every 30 days.  Not the best solution, but that's where 
all of my personal keys are.  For anon stuff, I have different accounts and use 
KeepassX on a clone of Vault which is much more secure.  I also use different 
sets of YubiKeys for anon than I do for personal.  Those sites that allow for 
U2F I configure to use the proxy.  Those that don't I use the vault.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe8c891b-90bd-4695-995a-6604260ca188%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up a expressvpn proxy VM

[799]

On Thu, 3 Jan 2019 at 01:19, Chris Laprise  wrote:

> Hmmm, that 3.x language should be changed in the doc. Where its says
> "proxyVM", that simply means "appVM with provides network" in Qubes 4.0.
>

I thought U found out how to have OpenVPN auto-connect after the sys-vpn
AppVM has launched:

1) right click in on the network manager applet icon of the sys-vpn AppVM
2) edit connections
3) Choose the ethernet (NOT the VPN connection) and then preferences
4) 1st Tab "General" choose "Automatically connect to VPN when using this
connection"
and choose the ExpressVPN connection here.

As far as I understand this makes it unnecessary to run step 4 from the
Qubes VPN howto.
Only step 5 ("Make the network fail-close for the AppVMs if the connection
to the VPN breaks") is then needed.
I also tested this by closing and restarting sys-vpn but it seems that
enabling this option "automatically connect to VPN doesn't survice reboots
of the AppVM.
I guess that this setting has also to be placed in the network manager
config file for the ethernet connection which is placed in
/rw/config/NM-system-connections/qubes-uplink-eth0
but I don't know the right options to write into the file yet.

You're right there is a kind of forwarding (via dnat) issue to take care
> of, however that and anti-leak are what the vpn doc and
> Qubes-vpn-support were created for. The latter (which is my own project)
> has only 4 basic steps with no editing necessary.
>
> BTW, the expressvpn app doesn't deal with the Qubes forwarding issue, so
> you can be sure it doesn't address security fully either. That is a
> recipe for leaking unencrypted packets.
>

I think I do not fully understand what this means? If I disable the VPN
connection in sys-vpn my AppVMs which are using this VM as netvm can't
connect to the network and this should mean that no leakage should happen
correctly (and all traffic goes through the VPN).
Additionally I am using browser plugins like https everywhere and disable
unecrypted connections.

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vDEutK2QFcPMEzWzBTU-tTG0TDgxJXonfOxDLeh3x4ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up a expressvpn proxy VM

[Chris Laprise]

On 01/02/2019 05:46 PM, 799 wrote:

The other problem I have is that this site in the Qubes Docs:
https://www.qubes-os.org/doc/vpn/
... is not that easy to understand as I don't have the option to choose 
a "Proxy VM" in Qubes 4.


Hmmm, that 3.x language should be changed in the doc. Where its says 
"proxyVM", that simply means "appVM with provides network" in Qubes 4.0.


You're right there is a kind of forwarding (via dnat) issue to take care 
of, however that and anti-leak are what the vpn doc and 
Qubes-vpn-support were created for. The latter (which is my own project) 
has only 4 basic steps with no editing necessary.


BTW, the expressvpn app doesn't deal with the Qubes forwarding issue, so 
you can be sure it doesn't address security fully either. That is a 
recipe for leaking unencrypted packets.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa9967e5-4e22-634d-1fd7-54b05fa25dec%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up a expressvpn proxy VM

[799]

Hello,

On Wed, 2 Jan 2019 at 23:46, 799  wrote:

> [...]
> I am willing to write a more Qubes 4 targeted howto if I go it working and
> maybe even with the focus how to configure VPN services like ExpressVPN /
> Private Internet Access or others as this might be a common task (to have
> some AppVms routing traffic via a VPN service).
> [...]
>

after some trial and error I have been able to get everything running.
Thank you Chris for pointing me in the right direction and use OpenVPN
instead of the ExpressVPN Client.

If someone is interesting how to setup ExpressVPN in Qubes and use an own
"expressvpn-NetVM" to which other AppVMs can connect to, I had to run the
following steps:

1) Install network-manager-openvpn and network-manager-openvpn-gnome in the
VPN Template VM.
I have choosen to use a fedora-28-minimal template named t-fedora-28-sys
which has all packages installed for my sys-* AppVMs and the new sys-vpn VM.

2) Create a new VPN AppVM (I named it sys-vpn) which is based on this
template.
enable "This VM provides Networking" or qvm-prefs --set sys-vpn netvm True

3) Launch  "Network Connections" and in the NM Applet icon choose "VPN
Connections", then Configure VPN

4) Login into your expressvpn account and go to manual install
https://www.expressvpn.com/setup#manual
Download the OpenVPN Config file and get your username and password from
the right sidebar.

5) qvm-copy the OpenVPN config file to your sys-vpn AppVM and import it
into the OpenVPN Plugin (window from step 3)
make sure to use a name without blanks for this VPN connection so that you
don't run into problems when you reference to the config file later.

6) Add the credentials from your express vpn account into User Name /
Password (and User key password).
Not sure if it has to be in both password location, but this is how I did
it.

7) Click on the small Icon on the right in the password field and make sure
to choose "store the password for all users" in both password fields.

8) run the steps 4) and 5) which are described in the Qubes VPN howto here:
Set up a ProxyVM as a VPN gateway using NetworkManager
https://www.qubes-os.org/doc/vpn/

9) You need to edit those files via vi in a root-terminal in the sys-vpn
AppVM.
qvm-rum --user root sys-vpn xterm
The file which is named "file-vpn-conn" in the howto is the OpenVPN config
file which has been autogenerated after importing the OpenVPN config file
in step 5.
In my case ExpressVPN-Frankfurt

Hint:
It can take a few seconds until an AppVM which has the sys-vpn as netvm
gets its initial network connection.
if you run into problems, maybe restart both VMs.

If you have further questions feel free to mail me, maybe I'll add more
information if this is not enough and upload it to the qubes documentation
repository.

ONE PROBLEM:
The OpenVPN connection will not start automatically after launching my
sys-vpn AppVM.
according to the qubes docs this should work as described in step 4 here:
https://www.qubes-os.org/doc/vpn/

Any idea how I can force the OpenVPN connection to happen?

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uJHMon2UqEEK6fENt4XAd_v8_5L6wy1kaW-X5L-xoKGg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Which parts of qubes-builder are guaranteed to work/supported?

[unman]

On Wed, Jan 02, 2019 at 09:13:40PM +0100, Achim Patzner wrote:
> Hi!
> 
> Is it worth creating issues if certain parts of the Builder tools do
> not work (e. g. template-local-centos7 or template-local-fc29+xfce)
> which would be creating things not in the Qubes distribution?
> 
> 
> Achim
> 

I would say ALL parts are "intended to work" rather than "guaranteed to work".
Anything that is included in builder *should* work - if it doesn't, it
may be an issue, but I'd suggest raising it here first before heading
over to github. You've already encountered this.
(I exclude live iso build which hasnt worked as written for years.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190103000239.c5w3rvq27jswnzpn%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] missing support for sd card reader in qubes4 kernel

[unman]

On Wed, Jan 02, 2019 at 05:50:15PM +0100, ludwig jaffe wrote:
> Hi all, I have a dell note book that includes the following sd controller.
> Which is supported in other linux kernels.
> Please include support for this controller in the kernel and modules which
> is shipped with qubes-os 4.0.
> 
> Thanks in advance
> 
> 
> Ludwig
> 
> lspci -v
> 
> 
> 
> 00:07.0 SD Host controller: O2 Micro, Inc. SD/MMC Card Reader Controller
> (rev 01) (prog-if 01)
> Subsystem: Dell SD/MMC Card Reader Controller
> Physical Slot: 7
> Flags: fast devsel, IRQ 44
> Memory at f2026000 (32-bit, non-prefetchable) [size=4K]
> Memory at f2027000 (32-bit, non-prefetchable) [size=4K]
> Capabilities: 
> Kernel modules: sdhci_pci

I think you'll find bug reports for that device against a number of
older and some newer kernels too, certainly reported against fc25 and
fc28 stock kernels.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190102235653.uvnabcba6sforrvl%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Thanks and howto install Python version >= 2.6.4 on debian-9 template?

[unman]

On Wed, Jan 02, 2019 at 05:08:50PM +0100, gone wrote:
> 
> On 1/1/19 10:19 PM, Chris Laprise wrote:
> > On 01/01/2019 02:37 PM, gone wrote:
> > > Hello, 1st of all, I want to thank all the developers and supporters
> > > for that great stuff called Qubes OS. My first question here after
> > > some hard time of setting up version 4.0, updating it step by step
> > > and studying is the following:
> > > 
> > > I have a debian-9 template running and for some application to get
> > > installed on it I need Python with Version >= 3.6 as a prerequisite.
> > > 
> > > Since the preinstalled versions in debian-9 are 2.7 and 3.5 I
> > > attempted to install version 3.6.4 from source as described at
> > > https://www.rosehosting.com/blog/how-to-install-python-3-6-4-on-debian-9/
> > > in order not to run into problems with incompatibilities when
> > > switching to another repo.
> > > 
> > > Installing the build tools with "sudo apt-get install -y ..." worked
> > > fine but the next step, downloading the source file, with
> > > 
> > > "wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz;
> > > 
> > > brings "... failed: Temporary failure in name resolution.
> > > wget: unable to resolve host address ‘www.python.org’ "
> > > 
> > > As I am neither an expert nor an experienced from-source-installer I
> > > need some help and hope to get it here. Thanks very much in advance
> > > and all the best for 2019.
> > 
> > 
> > Installing from Debian testing is much easier and it has Python 3.7.
> > Just set the default release as in the following link, then add a line
> > for "testing" in your /etc/apt/sources.list (and then 'apt update'):
> > 
> > https://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-default-version
> > 
> > 
> Thanks Chris for the explanation. Yes, it may be easier to change to the
> testing repo, but in general I would like to stay on the stable path with
> that template. Switching to the testing repo and 'apt update' would probably
> cause trouble with other software running smoothly so far. Or can I use that
> only for python install and then fall back?
> 
If you follow the instructions that Chris linked to you should be fine.
apt update just updates the list of available packages. It doesn't in
itself do anything more.

By setting the default release to stable, you ensure that you wont be
"accidentally" installing stuff from testing. That will only happen if
you explicitly specify the testing repo:
apt-get -t testing install foo

I'd strongly recommend aptitude, which does an excellent job of dealing
with  packages from different releases, and allows you to explicilt
choose the version you want. It also lets you review in detail what the
consequnces will be , so you are always able to roll back.

And, of course, with Qubes it's trivial to clone the template, try out
your proposed update from testing, and make sure that everything works
fine before you commit your precious qubes to use the new template.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190102235043.convhd6nsv76zliv%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dom0 bell

[unman]

On Wed, Jan 02, 2019 at 10:24:45PM +0100, haaber wrote:
> > > > 
> > > > Try these:
> > > > As root rmmod pcspkr, should stop it in running machine.
> > > > Edit /etc/modprobe.d/blacklist, and insert a line:
> > > > blacklist pcspkr
> > > That helps in dom0 terminal, but neither on dom0 login screen nor dom0
> > > xterm. Funny.
> > > 
> > > > If that doesnt work, put the rmmod command in a startup script.
> > > I'd love to place it in /etc/rc.local -- but there is none! Can I create
> > > it??  Can I blacklist it somewhere else on boot (grub??)
> > > 
> > > > The ultimate sanction is to unplug the leads to the internal speaker
> > > > from motherboard.
> > > Yes. That would be a joyful step, too. I am afraid if I have to cut the 
> > > red
> > > or the blue cable first, to avoid detonantion :))  Let us try startup
> > > scripts first ...  Bernhard
> > 
> > Can you check with lsmod to see if pcspkr is being loaded?
> > 
> Yes, despite /etc/modprobe.d/blacklist it is being loaded. I remove it
> manually with rmmod in the momemt but that is odd. This is why I earch where
> to put a line in some init script ..  Bernhard

Try changing that line to:
install pcspkr true

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190102234044.q56ninevozohmtdj%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up a expressvpn proxy VM

[799]

The other problem I have is that this site in the Qubes Docs:
https://www.qubes-os.org/doc/vpn/
... is not that easy to understand as I don't have the option to choose a
"Proxy VM" in Qubes 4.
I am willing to write a more Qubes 4 targeted howto if I go it working and
maybe even with the focus how to configure VPN services like ExpressVPN /
Private Internet Access or others as this might be a common task (to have
some AppVms routing traffic via a VPN service).

- O

On Wed, 2 Jan 2019 at 23:40, 799  wrote:

>
>
> On Wed, 2 Jan 2019 at 23:14, Chris Laprise  wrote:
>
>>
>> They don't seem to have understood Qubes security model. I don't blame
>> you for wanting a different setup
>
>
> glad that you have the same understanding which I had after reading the
> howto ;-)
>
>> .
>>
>> > But I'd like to use an own AppVM so that I am more flexible and I can
>> > choose that only certain AppVM will use the expressvpn as netvm.
>> >
>> > What I did so far:
>> > 1) clone the template I am also using for my sys-firewall to a new
>> template
>> > which has qvm-prefs set to netvm True
>>
>> Its not clear to me what you're trying to do here. In most cases, you
>> would create a new appVM with "provides network" checked and use that to
>> run VPN software. Prefs for a template wouldn't have a bearing on the
>> appVM.
>>
>> If their homebrew app doesn't work out, I would download their config
>> file and use it with Qubes-vpn-support:
>>
>> https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-with-openvpn/#download
>> https://github.com/tasket/Qubes-vpn-support/
>> That is probably the most secure option.
>>
>
> as mentioned my "VPN" AppVM is working and can connect to the internet.
> Just for a test I have installed firefox in the new "VPN" AppVm to test if
> this is working.
> The problem which I have is that even when this VM is set as NetVM via:
> qvm-prefs --set sys-vpn provides_network True
> ... the other AppVM which has the "VPN" AppVM set as netvm can't connect
> to the web.
> I had the same problem when I tried to setup a VPN VM which used Cisco
> AnyConnect to connect to our corporate LAN.
>
>
>> As an alternative, you could try the first section of Qubes VPN doc
>> (Network Manager) and combine it with expressvpn's Network Manager
>> instructions. This also involves creating an appVM with "provides
>> network" checked, and then enabling NM for it.
>>
>
> Maybe this is an option which would leave the ExpressVPN out of the
> equation but as mentioned, as the VPN VM has network connectivity I think
> that there is some kind of forwarding problem.
> The "VPN" AppVM has already IP forwarding enabled:
>
> # sysctl -w net.ipv4.ip_forward=1
> net.ipv4.ip_forward = 1
>
> therefor I am currently stuck ... is there a way to disable the firewall
> which is running in an AppVM?
> I tried systemctl disable|stop firewalld|iptables but nothing worked.
>
> - O.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2u2g88werPDSrc1%2BBs9OLmEiODHHpKYPm%2Bxc3oqCSM49w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up a expressvpn proxy VM

[799]

On Wed, 2 Jan 2019 at 23:14, Chris Laprise  wrote:

>
> They don't seem to have understood Qubes security model. I don't blame
> you for wanting a different setup


glad that you have the same understanding which I had after reading the
howto ;-)

> .
>
> > But I'd like to use an own AppVM so that I am more flexible and I can
> > choose that only certain AppVM will use the expressvpn as netvm.
> >
> > What I did so far:
> > 1) clone the template I am also using for my sys-firewall to a new
> template
> > which has qvm-prefs set to netvm True
>
> Its not clear to me what you're trying to do here. In most cases, you
> would create a new appVM with "provides network" checked and use that to
> run VPN software. Prefs for a template wouldn't have a bearing on the
> appVM.
>
> If their homebrew app doesn't work out, I would download their config
> file and use it with Qubes-vpn-support:
>
> https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-with-openvpn/#download
> https://github.com/tasket/Qubes-vpn-support/
> That is probably the most secure option.
>

as mentioned my "VPN" AppVM is working and can connect to the internet.
Just for a test I have installed firefox in the new "VPN" AppVm to test if
this is working.
The problem which I have is that even when this VM is set as NetVM via:
qvm-prefs --set sys-vpn provides_network True
... the other AppVM which has the "VPN" AppVM set as netvm can't connect to
the web.
I had the same problem when I tried to setup a VPN VM which used Cisco
AnyConnect to connect to our corporate LAN.


> As an alternative, you could try the first section of Qubes VPN doc
> (Network Manager) and combine it with expressvpn's Network Manager
> instructions. This also involves creating an appVM with "provides
> network" checked, and then enabling NM for it.
>

Maybe this is an option which would leave the ExpressVPN out of the
equation but as mentioned, as the VPN VM has network connectivity I think
that there is some kind of forwarding problem.
The "VPN" AppVM has already IP forwarding enabled:

# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

therefor I am currently stuck ... is there a way to disable the firewall
which is running in an AppVM?
I tried systemctl disable|stop firewalld|iptables but nothing worked.

- O.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uw7Ee95vrYS5idjTWZU%2BqTXvVKuR6zZwcyxj8bQD83rQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Help setting up a expressvpn proxy VM

[Chris Laprise]

On 01/02/2019 04:28 PM, 799 wrote:

Hello,

I'm trying to setup ExpressVPN with Qubes.
In their howto the suggestion is to install the Expressway Client in the 
sys-net VM.


They don't seem to have understood Qubes security model. I don't blame 
you for wanting a different setup.


But I'd like to use an own AppVM so that I am more flexible and I can 
choose that only certain AppVM will use the expressvpn as netvm.


What I did so far:
1) clone the template I am also using for my sys-firewall to a new template
which has qvm-prefs set to netvm True


Its not clear to me what you're trying to do here. In most cases, you 
would create a new appVM with "provides network" checked and use that to 
run VPN software. Prefs for a template wouldn't have a bearing on the appVM.




2) installed expressvpn client app in this template, described here:
https://www.expressvpn.com/de/support/vpn-setup/app-for-qubes-os/

3) Created an AppVM from this new template and run through the setup
expressvpn connected successfully

4) I then created a normal appvm and choose the expressvpn AppVm as netvm.

but unfortunately this AppVM is unable to connect to the internet, even 
when expressvpn netvm is connected.


Setup is:

sys-net (netvm)*  <-- sys-expressvpn (netvm)** <-- AppVM***

* and ** = can connect to the internet
*** = no internet connection

Am I missing something?


If their homebrew app doesn't work out, I would download their config 
file and use it with Qubes-vpn-support:


https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-with-openvpn/#download

https://github.com/tasket/Qubes-vpn-support/

That is probably the most secure option.

As an alternative, you could try the first section of Qubes VPN doc 
(Network Manager) and combine it with expressvpn's Network Manager 
instructions. This also involves creating an appVM with "provides 
network" checked, and then enabling NM for it.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37cae94c-f885-0be8-391a-82d75a5853cb%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Right now I'm not even getting to centos-7:

make get-sources get-sources-extra qubes-vm is stopping at

-> Installing core RPM packages...
error: Failed dependencies:
glibc = 2.28-9.fc29 is needed by
glibc-all-langpacks-2.28-9.fc29.x86_64
glibc-common = 2.28-9.fc29 is needed by
glibc-all-langpacks-2.28-9.fc29.x86_64
make[1]: *** 
[/home/user/qubes-builder/qubes-src/builder-rpm/Makefile-leg
acy.rpmbuilder:35: 
/home/user/qubes-builder/chroot-fc29/home/user/.prepared_bas
e] Error 1
make: *** [Makefile:217: vmm-xen-vm] Error 1


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68d.5c2d3178%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing: Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

[Steve Coleman]

On 1/2/19 11:41 AM, LefC wrote:

Τη Τετάρτη, 2 Ιανουαρίου 2019 - 5:06:31 μ.μ. UTC+2, ο χρήστης steve.coleman 
έγραψε:

On 1/2/19 9:12 AM, LefC wrote:

Hi, i'm trying to install Qubes for the first time, i am a total newb but eager 
to learn more about this interesting OS.
So i attempted an installation to my old wiped laptop and got this message

Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

And the warning that Qubes might not work properly. Does that mean that my 
machine is not able to run Qubes at all?? Is there anything that i may can do 
to make it work somehow?
To be honest, i did proceed with the installation, which completed normally 
without any issue but then the system was and is not able to boot Qubes. It 
leads to some Fail/error messages while booting. Is it because of the lacking 
hardware?
Is there any hope for my laptop and Qubes?



Before giving up, go check your BIOS settings for the required features
listed above. In all likelihood you may actually have the necessary
hardware but have them disabled in BIOS by default.

Without knowing *exactly* what system processor and chipset you have we
can not give you any better advice than to check these settings.

Try enabling those settings in BIOS, and then try to install again.
Failing that, you might check to see if you have the latest vendor BIOS
update.  Take notes on what it says about your specific hardware, and
let us know what happens.


Thanks for the answer,
Well, the laptop is a samsung model NP300V5A

Intel Core i5 2410M / 2.30 GHz ( Dual-Core )
with a GeForce GT 520M

I looked up the BIOS settings as you suggested, there's nowhere something like 
the missing features. Only VT-x which says 'Supported'. Its Phoenix BIOS v.08F1
Not sure how to update this, i must look it up and ask again. Also most of its 
options seem to be locked by the manufacturer



Well you can take a look here:
https://www.samsung.com/us/support/owners/product/np300v5a

I didn't see VT-d listed anywhere on the spec page. There is a BIOS 
installer ver 1.0.0.2 listed, but from way back in 2011. If you don't 
have the VT-d hardware there isn't much point to installing Qubes.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11f6c44e-4b44-b7a7-5933-530eee4f22cb%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Which parts of qubes-builder are guaranteed to work/supported?

[fepitre]

Le mercredi 2 janvier 2019 21:49:22 UTC+1, Achim Patzner a écrit :
> Hi!
> 
> 
> Is it worth creating issues if certain parts of the Builder tools do not work 
> (e. g. template-local-centos7 or template-local-fc29+xfce) which would be 
> creating things not in the Qubes distribution?
> 
> 
> 
> 
> Achim

What do you mean by 'parts'? The build of CentOS 7 and Fedora 29 with XFCE 
flavor works well. I did a build last week for both of them. Can you be more 
precise please?

Frédéric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/085abddc-39ee-45cd-ba4a-fb935b7e27c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dom0 bell

[haaber]

Try these:
As root rmmod pcspkr, should stop it in running machine.
Edit /etc/modprobe.d/blacklist, and insert a line:
blacklist pcspkr

That helps in dom0 terminal, but neither on dom0 login screen nor dom0
xterm. Funny.


If that doesnt work, put the rmmod command in a startup script.

I'd love to place it in /etc/rc.local -- but there is none! Can I create
it??  Can I blacklist it somewhere else on boot (grub??)


The ultimate sanction is to unplug the leads to the internal speaker
from motherboard.

Yes. That would be a joyful step, too. I am afraid if I have to cut the red
or the blue cable first, to avoid detonantion :))  Let us try startup
scripts first ...  Bernhard


Can you check with lsmod to see if pcspkr is being loaded?

Yes, despite /etc/modprobe.d/blacklist it is being loaded. I remove it 
manually with rmmod in the momemt but that is odd. This is why I earch 
where to put a line in some init script ..  Bernhard


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a7a4e313-eb9e-ce0b-00dd-7c2f02cf38e1%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Help setting up a expressvpn proxy VM

[799]

Hello,

I'm trying to setup ExpressVPN with Qubes.
In their howto the suggestion is to install the Expressway Client in the
sys-net VM.
But I'd like to use an own AppVM so that I am more flexible and I can
choose that only certain AppVM will use the expressvpn as netvm.

What I did so far:
1) clone the template I am also using for my sys-firewall to a new template
which has qvm-prefs set to netvm True

2) installed expressvpn client app in this template, described here:
https://www.expressvpn.com/de/support/vpn-setup/app-for-qubes-os/

3) Created an AppVM from this new template and run through the setup
expressvpn connected successfully

4) I then created a normal appvm and choose the expressvpn AppVm as netvm.

but unfortunately this AppVM is unable to connect to the internet, even
when expressvpn netvm is connected.

Setup is:

sys-net (netvm)*  <-- sys-expressvpn (netvm)** <-- AppVM***

* and ** = can connect to the internet
*** = no internet connection

Am I missing something?

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2t5kfF6Ukw6h8aG4auqixwjvFER6pN6D7RceUmuyWsCpg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Which parts of qubes-builder are guaranteed to work/supported?

[Achim Patzner]

Hi!

Is it worth creating issues if certain parts of the Builder tools do
not work (e. g. template-local-centos7 or template-local-fc29+xfce)
which would be creating things not in the Qubes distribution?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59d8e3c7dad130ac0f6a83f8706e96cf267bee32.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Split gpg is just too cool.

[John S.Recdep]

On 12/26/18 4:49 AM,
brendan.hoar-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:
> On Tuesday, December 25, 2018 at 9:56:40 PM UTC-5, John Smiley wrote:
>> U2F Proxy is not so cool. So far no joy getting it to work. Someone on reddit
>> had similar issues and questions and resolved by installing USB keyboard
>> support. That’s not mentioned in the Qubes docs and I hope we don’t have to
>> resort to that.
> 
> I haven't yet tried the U2F proxy, it is on my todo list.
> 
> I'm also not quite so happy about the complexity of getting a security 
> focused device (yubikey) working with a security focused OS (QubesOS). 
> 
> I believe I understand the nature of the yubikey problem, though: Qubes is 
> engineered to protect you from untrusted peripherals...and this somewhat 
> conflicts with the design of yubikeys on multiple fronts: we want to use 
> yubikeys across multiple VMs (using devices across VMs increases risk); 
> yubikeys are composite USB devices, which means they often have multiple 
> endpoints for different functions (HID keyboard plus, CCID 
> smartcard/javacard, U2F) which makes securely proxying them more complex; and 
> for those who have serious safety risks, a fake yubikey could destroy one's 
> opsec in multiple ways...even a real one could if you are not careful with 
> your usage.
> 
> In my case, I have decided to somewhat compromise QubesOS security a bit and 
> disable the USB/HID keyboard protections in Qubes dom0 for now so that I 
> could log into LastPass with my yubikey OTP in a couple of my VMs without too 
> much fiddling. I have kept notes on the changes and how to reverse them.
> 
> So, as I said above, I haven't addressed the U2F compatibility on my current 
> R4 build (but neither do I have a multipmedia VM set up with Chrome yet :) ). 
> So, I use my backup method of yubico authenticator on another device and type 
> in six-digit TOTP codes instead of using the U2F functionality.
> 
> Anyway, I suggest keeping a running log of modifications/configurations (both 
> TODO and done) somewhere easily accessible across devices (I use a google 
> doc) to speed future configurations/rebuilds. I don't keep anything that 
> needs to be secure there, just notes, simple scripts, etc.
> 
>> If that were a requirement, surely the docs would have
>> mentioned it.
> 
> Haha. Er, I mean, that *should* be the case... :)
> 
> Brendan
> 

I'd like to see your "notes" on the yubikey and lastpass,  as I long ago
gave up  on using my Yubikey in OTP mode, despite many trials 

I have the U2F proxy working it seems but just use it for 2FA for gmail
and such , lastpass I'm stuck using the Authenticator on a Mobile phone
. because I can't use the OTP

my qubes system has a USB -> PS/2  converter, I might run qubes on
another computer but it has no PS/2  port and I fear botching the
sys-usb and getting locked out of the install again . so I don't try

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c85ee45a-b685-c6d3-0fc4-f4a6a9120af0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4.0 UEFI Installation not recognizing

[John S.Recdep]

On 1/1/19 12:14 PM,
brandonmaytham06-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:
> Hi all,
> 
> I have a new PC and I want to setup Qubes with UEFI however after the install 
> with UEFI the HDD isn't detected.
> 
> If I change to legacy/UEFI the HDD shows I have seen the article which says 
> to edit the boot loader file however there never seems to be that file on any 
> USB I make.
> 

What is your "new" hardware?

please post the URL link or "the article"

and what "file"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/940b27ad-39c3-1a43-6fda-79f4081d8cca%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Documentation needed: How to build a fedora-29 template for sys-net / sys-usb / sys-firewall

[799]

Hello,

I have already tried several times to move my sys-VMs from
fedora-28-minimal to fedora-29-minimal but didn't suceed.
As sys-net and sys-firewall are the connection point to the internet, I'd
like to use a recent OS.
Currently I am using a clone of a fedora-28-minimal template which has
additional packages installed to be used for sys-net / sys-firewall /
sys-usb.
I have followed this guide:
https://www.qubes-os.org/doc/templates/fedora-minimal/#qubes-40
... plus some additional packages for my wifi card.

Strangely I am unable to build a working package when applying the same
steps to a fedora-29-minimal template.
But if I choose to use the default ("fat") fedora-29 packages as template
for sys-net / sys-usb / sys-firewall those VM work, therefor it is possible
to use fedora 29 for the sys-VMs.

Honestly I don't understand why we don't have a prebuild
qubes-template-fedora-29-sys which has only the minimal packages required
to use fedora-29 as template for the sys-VMs.
Has someone already successfully build a minimal sys-template based on
fedora-29-minimal?

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vztCtaE0t7gXY4%2BbJOdMT5kxkxLX0k-GSdLN2JFKwcrg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: sys-firewall command failed with code : 1

[one7two99]

On Friday, 14 December 2018 16:16:37 UTC+1, cooloutac  wrote:
> Notice this error message when updating dom0.   Should I be concerned?

sys-firewall command failed with code : 1

> Not sure if related but was also having trouble updating fedora templates.   
> after updating to new fedora 28.  Kept telling me failed to synchronize 
> cache.  using clean all command didn't help.  
> 
> Finally realized that it was because I was using sys-whonix to update 
> everything, which was outdated.   So I set both the fedora update proxies and 
> global qubes manager back to sys-firewall.
> Everything seems to be updating fine now but I am seeing this error message 
> and wondering if I should be concerned or what action should I take?

I have the same error message, while updating in dom0 do work.
Is this maybe a bug which has come to life with an update?
my sys-net and sys-firewall are custom build fedora-28-minimal based AppVMs.

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f4ebece-cc05-4c33-8ad9-4c7a5461cb0c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dom0 update: sys-whonix: command failed with code: 1

[John S.Recdep]

On 1/1/19 12:29 PM, qubes-fan-q7wo9g+UVklWk0Htik3J/w...@public.gmane.org wrote:
> Hi, during dom0 update I get following output:
> 
> $ sudo qubes-dom0-update
> Using sys-whonix as UpdateVM to download updates fro dom0; this may take some 
> time...
> sys-whonix: command failed with code: 1
> No new updates available
> Qubes OS Repository for Dom0  23 MB/s | 52 kB
> 
> The update than goes as normal. What does that mean and is there any action 
> needed from my side?
> 

ditto here except mine is sys-net  code:1

fwiw

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/442de159-48d6-85da-71f3-15954a6cfdb5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problem after using onedrived: Directories have quotes in name

[799]

On Wed, 2 Jan 2019 at 03:17, unman  wrote:

> [...]
> You should be able to escape the space, or use quotes:
> cd "FIRSTPART SECONDPART" or cd FIRSTPART\ SECONDPART
> You can rename them like this:
> rename 's/ /_/g' *
>

Thank you, I'm totally embarassed as the single quote character is (of
course!) only viewable in bash/CLI and not part of the directory.

Example:
mkdir test\ directory
ls
will show: 'test directory'

Thanks for your help.

- O

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uQsdMXkD%3DMbgu8qVpFQXHRV-f-uQFuAy4asnAjYLnDnw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Thanks and howto install Python version >= 2.6.4 on debian-9 template?

[gone]

On 1/1/19 10:19 PM, Chris Laprise wrote:

On 01/01/2019 02:37 PM, gone wrote:
Hello, 1st of all, I want to thank all the developers and supporters 
for that great stuff called Qubes OS. My first question here after 
some hard time of setting up version 4.0, updating it step by step 
and studying is the following:


I have a debian-9 template running and for some application to get 
installed on it I need Python with Version >= 3.6 as a prerequisite.


Since the preinstalled versions in debian-9 are 2.7 and 3.5 I 
attempted to install version 3.6.4 from source as described at 
https://www.rosehosting.com/blog/how-to-install-python-3-6-4-on-debian-9/ 
in order not to run into problems with incompatibilities when 
switching to another repo.


Installing the build tools with "sudo apt-get install -y ..." worked 
fine but the next step, downloading the source file, with


"wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz;

brings "... failed: Temporary failure in name resolution.
wget: unable to resolve host address ‘www.python.org’ "

As I am neither an expert nor an experienced from-source-installer I 
need some help and hope to get it here. Thanks very much in advance 
and all the best for 2019.



Installing from Debian testing is much easier and it has Python 3.7. 
Just set the default release as in the following link, then add a line 
for "testing" in your /etc/apt/sources.list (and then 'apt update'):


https://www.debian.org/doc/manuals/apt-howto/ch-apt-get.en.html#s-default-version 



Thanks Chris for the explanation. Yes, it may be easier to change to the 
testing repo, but in general I would like to stay on the stable path 
with that template. Switching to the testing repo and 'apt update' would 
probably cause trouble with other software running smoothly so far. Or 
can I use that only for python install and then fall back?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13cd0d6e-a87a-3e53-7abe-af807f55af56%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] missing support for sd card reader in qubes4 kernel

[ludwig jaffe]

Hi all, I have a dell note book that includes the following sd controller.
Which is supported in other linux kernels.
Please include support for this controller in the kernel and modules which
is shipped with qubes-os 4.0.

Thanks in advance


Ludwig

lspci -v



00:07.0 SD Host controller: O2 Micro, Inc. SD/MMC Card Reader Controller
(rev 01) (prog-if 01)
Subsystem: Dell SD/MMC Card Reader Controller
Physical Slot: 7
Flags: fast devsel, IRQ 44
Memory at f2026000 (32-bit, non-prefetchable) [size=4K]
Memory at f2027000 (32-bit, non-prefetchable) [size=4K]
Capabilities: 
Kernel modules: sdhci_pci

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAP7JdrJWeNv_17d3H%3DOv3bUWhcgExFLkKWyNBFs1PVGK3bDJjw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing: Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

[LefC]

Τη Τετάρτη, 2 Ιανουαρίου 2019 - 5:06:31 μ.μ. UTC+2, ο χρήστης steve.coleman 
έγραψε:
> On 1/2/19 9:12 AM, LefC wrote:
> > Hi, i'm trying to install Qubes for the first time, i am a total newb but 
> > eager to learn more about this interesting OS.
> > So i attempted an installation to my old wiped laptop and got this message
> > 
> > Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping
> > 
> > And the warning that Qubes might not work properly. Does that mean that my 
> > machine is not able to run Qubes at all?? Is there anything that i may can 
> > do to make it work somehow?
> > To be honest, i did proceed with the installation, which completed normally 
> > without any issue but then the system was and is not able to boot Qubes. It 
> > leads to some Fail/error messages while booting. Is it because of the 
> > lacking hardware?
> > Is there any hope for my laptop and Qubes?
> > 
> 
> Before giving up, go check your BIOS settings for the required features 
> listed above. In all likelihood you may actually have the necessary 
> hardware but have them disabled in BIOS by default.
> 
> Without knowing *exactly* what system processor and chipset you have we 
> can not give you any better advice than to check these settings.
> 
> Try enabling those settings in BIOS, and then try to install again. 
> Failing that, you might check to see if you have the latest vendor BIOS 
> update.  Take notes on what it says about your specific hardware, and 
> let us know what happens.

Thanks for the answer,
Well, the laptop is a samsung model NP300V5A

Intel Core i5 2410M / 2.30 GHz ( Dual-Core )
with a GeForce GT 520M

I looked up the BIOS settings as you suggested, there's nowhere something like 
the missing features. Only VT-x which says 'Supported'. Its Phoenix BIOS v.08F1
Not sure how to update this, i must look it up and ask again. Also most of its 
options seem to be locked by the manufacturer

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8bab723f-73ff-4ff3-8a3e-c285dd685a05%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Installing: Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

[Steve Coleman]

On 1/2/19 9:12 AM, LefC wrote:

Hi, i'm trying to install Qubes for the first time, i am a total newb but eager 
to learn more about this interesting OS.
So i attempted an installation to my old wiped laptop and got this message

Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

And the warning that Qubes might not work properly. Does that mean that my 
machine is not able to run Qubes at all?? Is there anything that i may can do 
to make it work somehow?
To be honest, i did proceed with the installation, which completed normally 
without any issue but then the system was and is not able to boot Qubes. It 
leads to some Fail/error messages while booting. Is it because of the lacking 
hardware?
Is there any hope for my laptop and Qubes?



Before giving up, go check your BIOS settings for the required features 
listed above. In all likelihood you may actually have the necessary 
hardware but have them disabled in BIOS by default.


Without knowing *exactly* what system processor and chipset you have we 
can not give you any better advice than to check these settings.


Try enabling those settings in BIOS, and then try to install again. 
Failing that, you might check to see if you have the latest vendor BIOS 
update.  Take notes on what it says about your specific hardware, and 
let us know what happens.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba6c7721-4cb4-9060-86ce-e082eee5b2d8%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installing: Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

[LefC]

Hi, i'm trying to install Qubes for the first time, i am a total newb but eager 
to learn more about this interesting OS.
So i attempted an installation to my old wiped laptop and got this message 

Missing features: IOMMU/VT-d/AMD-Vi, Interrupt Remapping

And the warning that Qubes might not work properly. Does that mean that my 
machine is not able to run Qubes at all?? Is there anything that i may can do 
to make it work somehow?
To be honest, i did proceed with the installation, which completed normally 
without any issue but then the system was and is not able to boot Qubes. It 
leads to some Fail/error messages while booting. Is it because of the lacking 
hardware?
Is there any hope for my laptop and Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c63fb7d6-4d41-4be9-9624-482644bfce14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: dom0 update: sys-whonix: command failed with code: 1

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 1/1/19 10:10 PM, 22...@tutamail.com wrote:
> Same thing here...no answers/solutions but your not alone!
> 

The fix is already in testing:

https://github.com/QubesOS/qubes-issues/issues/4616

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwssIIACgkQ203TvDlQ
MDA0Jg/7Bk2KUHRMDuxIWFPrxgeOulc9Q2UdmApl6fgp9PU8BPkY4GISdi39uixH
Yu9Af2GU/MWfDu3j0zqYcyIQYY6qnVa038ZNYd3BSwjhk1K4sqPY27T7+HAzF3Uy
W1CGQWmLh+ry7uCisiPbbBTaT8IGP/Fohzp+vr0UhtR/vrXU5gzc+R8fw6vBDaPY
Inv8D1+Tl/+z3oumAFxb2eWn0rRTSdwILLVo2bR4Rd2RpSszENaCBQvChB94MHw8
SLRn0YiDJZM6UXMGlpunHVrihbv9Irue75LFcpSUa2SWIlTNoINv8VpcugnhybuD
WjuCqiuuNCD8KZEtYrZg8L+zX+uuo0p/rcfDFoaEHQTrCXQW/cZRpqIaGOySBuQS
x1P/vDX3YwAJjpXeJALVFZzndd8HqpxlL45qgLI0xD7eGa0lqsD1DpSfDt6S08oU
y8yZdCPnlOWvRRF7Xb7OA2y94ClRoHzoOW1tJgDQeZ462/I3qXtHIwTfYDhO9B3/
UJoB5zniVh5CKvCuYYr4miL98NIa92xoH5Vgj80A32Qz+ih7S2iraL4lIiqozXet
Db6X4e5V6miQULpix6LDXs/am44O6hKjHpPf3iCvcfdybW2oF7+O04Uu7K4nT96B
i7DCdAzuw/nLK/7yalez9ADM9xh60DF5XK2UqF1t90PRhGOiPQc=
=EiKP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7828b6e0-8d82-ea10-11c1-8fe9eafc3b7b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] dom0 bell

[unman]

On Wed, Jan 02, 2019 at 07:07:20AM +0100, haaber wrote:
> On 12/31/18 11:17 AM, unman wrote:
> > On Sun, Dec 30, 2018 at 10:32:16PM +0100, haaber wrote:
> > > Hi, I never understood the purpose of the loudspeaker bell in linux, but 
> > > on
> > > my machine, it is particularly loud and annoying. Is there a reasonable 
> > > way
> > > to deactivate it forever?  Thank you (and a happy new year), Bernhard
> > 
> > Try these:
> > As root rmmod pcspkr, should stop it in running machine.
> > Edit /etc/modprobe.d/blacklist, and insert a line:
> > blacklist pcspkr
> That helps in dom0 terminal, but neither on dom0 login screen nor dom0
> xterm. Funny.
> 
> > If that doesnt work, put the rmmod command in a startup script.
> I'd love to place it in /etc/rc.local -- but there is none! Can I create
> it??  Can I blacklist it somewhere else on boot (grub??)
> 
> > The ultimate sanction is to unplug the leads to the internal speaker
> > from motherboard.
> Yes. That would be a joyful step, too. I am afraid if I have to cut the red
> or the blue cable first, to avoid detonantion :))  Let us try startup
> scripts first ...  Bernhard

Can you check with lsmod to see if pcspkr is being loaded?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190102110701.keog6bq5xnehrelo%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes without futzing

[unman]

On Wed, Jan 02, 2019 at 01:09:34PM +0545, Frank Beuth wrote:
> On Fri, Dec 28, 2018 at 08:58:37PM -0800, John Smiley wrote:
> > 
> > I researched far and wide and decided to drop down a level and not aim
> > for the very latest hardware. I ended up with a Thinkpad T480 with i7
> > quad core, Intel graphics, 2k display, 32GB memory, etc.  And it was in
> > sale for 70% off. Done. I love that little guy. It runs everything with
> > nary a compant. I tried Ubuntu, Fedora, Pop!, Debian, and Manjaro. They
> > all installed and ran without me having to do anything special. I was
> > about to settle on Ubuntu even though they made some choices I didn’t
> > like, but for a no fuss system, it’s hard to beat Ubuntu. Then i
> > discovered Qubes. The rest is history. Futzing became my new way of life
> > but I felt I was spending that time fruitfully. So far am happy with the
> > choice.
> 
> If anyone has ever run Qubes without futzing, what was the trick? Using
> well-supported hardware? A previous life as a Fedora admin? Voodoo
> incantations every morning?

Well supported hardware is the key, I think. If you spend some time
researching HCL and available options, then pain can be  minimised.
And, of course, having a system set up for you is ideal. It's that that
can make Qubes work for people who don't know admin or voodoo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190102105530.ljfuwm5irufpmoix%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.