[qubes-users] Re: Cant get it to install

2019-01-23 Thread gunnarmarino 
Also, when trying to shut down from the shell (booted from usb), the computer 
gets stuck at "[   OK   ] Reached target Shutdown" and then never shuts down.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94ad21ef-253b-4a03-ad85-5cd4d2c58178%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Which parts of qubes-builder are guaranteed to work/supported?

2019-01-23 Thread Frédéric Pierret 
On 1/23/19 8:21 AM, Foppe de Haan wrote:
> On Wednesday, January 2, 2019 at 10:35:37 PM UTC+1, Frédéric Pierret 
> (fepitre) wrote:
>> Le mercredi 2 janvier 2019 21:49:22 UTC+1, Achim Patzner a écrit :
>>> Hi!
>>>
>>>
>>> Is it worth creating issues if certain parts of the Builder tools do not 
>>> work (e. g. template-local-centos7 or template-local-fc29+xfce) which would 
>>> be creating things not in the Qubes distribution?
>>>
>>>
>>>
>>>
>>> Achim
>> What do you mean by 'parts'? The build of CentOS 7 and Fedora 29 with XFCE 
>> flavor works well. I did a build last week for both of them. Can you be more 
>> precise please?
>>
>> Frédéric
> OT, but could you briefly clarify the benefit of running the xfce flavor over 
> the generic f29 template?
>
Sure. I globally don't like gnome 3 tools/desktop. I prefer to use XFCE
tools/desktop directly in my AppVM. It's simple, flexible and easily
customizable. It's really a matter of taste. They are still some minor
UX tuning to do like default tray-icon of power management and
dnfdragora appearing but it's working fine and I'm using these flavors
since a very long time. So if there is also some feedback from other
users, it will help me to fix UX bugs I have not seen yet.

Frédéric


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8465237c-0b7a-fca3-b70c-c78ca6d22432%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] sys-net & sys-firewall fail to start, new install

2019-01-23 Thread Mike Keehan 
On Tue, 22 Jan 2019 12:26:00 -0800 (PST)
Bryce  wrote:

> On Saturday, January 19, 2019 at 6:37:47 AM UTC-5, Mike Keehan wrote:
> > 
> > Ah, what a shame.  It does seem as if your iommu is a problem.
> > 
> > Without any other ideas, the only thing I can suggest is that you
> > try the latest Qubes 3.2 just to allow you to try out Qubes.  It
> > doesn't require the vt-d stuff, so might work on your box.
> > 
> > The other thing you can do is try googling for iommu and your cpu
> > together to see if others have had problems (not necessarily in
> > Qubes, just in general use).
> >  
> >   Mike.  
> 
> Well, just to put this out there, it seems as if my CPU doesn't
> support SLAT and maybe that's why (I thought from intel's page it
> did). Installing the latest 3 stable and I don't get any errors about
> IOMMU like I did with 4, but just like with 4 I do have to disable
> vt-d in bios in order to boot to the installer.
> 
> Unfortunately as soon as I turn vt-d back on, the system goes thru
> post, I see qubes start to boot and then after a minute (about when I
> think I'd see the disk password prompt) I get a message from my
> monitor that the input timing is wrong, which I've never seen on
> several other operating systems! Wierldy, I was able to reproduce
> this behavior by turning off vt-d, booting up fully and then was able
> to update without issues unlike in 4. Rebooted twice without issues,
> then turned vt-d back on and got the exact same behavior.
> 
> So I guess I just try out using 3.2 without vt-d.
> 
> I'll take a look around the users' group, but I don't see any real
> details on the qubes site for what the key differences are between 3
> & 4 are, can anyone point me to something that will tell me how worth
> it (secure) that it is to use 3.2 instead of replacing hardware to
> run 4?
> 

Hi Bryce,

Glad you got something working for you :)

This is a good description of the changes in Qubes 4.0 :-
   https://www.qubes-os.org/doc/releases/4.0/release-notes/

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123112857.72b8ec98.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Star Labs - Star LabTop (Mk III)

2019-01-23 Thread Stephen Edworthy 
Please find attached the reports that have been run on our Star LabTop Mk
III.

No issues to report.

All functions keys have been internally tested as working.
-- 
Kind regards,

StephenEdworthy

Technical Analyst
[image: address]

Star Labs
Eashing Farm
Eashing
GU72QB
[image: contact]

+44 (0) 1483 904400
[image: mail]

stephen@starlabs.systems
[image: site]

https://starlabs.systems

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEsBh4fty1uSybV3U4BcS2jzDZgJ-mrwZLeY5jO%3DAu2AvVhJuQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Star_Labs-LabTop-20190123-115831.yml
Description: application/yaml


Qubes-HCL-Star_Labs-LabTop-20190123-115831.cpio.gz
Description: application/gzip

[qubes-users] Re: 4.0.1 persistent external LVM block device attach

2019-01-23 Thread brendan . hoar 
On Tuesday, January 22, 2019 at 2:26:16 PM UTC-5, Eric wrote:
> qvm-block does not accept a UUID (not documented
> and gives an error: not exposed) I suspect that
> should be added as an issue.

[Out of curiosity, I ask, since I am away from the Qubes systems at the moment:]

By "qvm-block does not accept a UUID", may I interpret that to mean "cannot 
utilize a source device using the link in the sub-tree: /dev/disk/by-id "? 

If so, that would be worth opening an issue for in qubes-issues, I think. From 
what I can glean from docs, xl block-attach and virsh attach-disk both support 
the source being a symbolic link to the real device at the /dev level (and I 
believe qvm-block is based on virsh and/or libvirt, which utilizes xl block-* 
in the back-end).

Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0fead00a-fd09-4ee8-a5ea-fec889620d5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] diff files across appvms

2019-01-23 Thread john . e . maher 
On Tuesday, January 22, 2019 at 8:18:48 PM UTC-5, unman wrote:
> On Tue, Jan 22, 2019 at 01:23:54PM -0800,  wrote:
> > Is it possible to compare (diff) files across appvms. Or (and), is it 
> > possible to pass arguments to an appvm through a dom0 terminal. 
> > 
> > Basically, I want to check if a Keepassxc file in my vault is different 
> > than a Keepassxc file in my appvm. 
> > 
> > Thanks for any ideas.
> > 
> > John
> > 
> 
> You can do this using qvm-run-vm or by using qvm-run in dom0.
> Look at the policy file in /etc/qubes-rpc/policy/qubes.VMShell and the
> warning.
> 
> If all you want to do is see if the files differ, then you can just
> generate hashes: from vault -
> qvm-run-vm appvm 'md5sum db.kdbx'
> Compare that with local hash.
> 
> I dont think you can diff the files themselves.

unman, I don't have qvm-run (perhaps that's for 3.2?), and running hash command 
example you gave (modified to point to a file that exists in the appvm) 
produced no output. Specifically:

$ qvm-run vault 'md5sum file.kdbx'
Running 'md5sum file.kdbx' on vault

But no output. Any ideas?

Thanks.
John

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7be12dc-3ec5-4529-8400-398589dea367%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking widget in KDE on qubes

2019-01-23 Thread billollib 
I recently installed 4.0.1 on my laptop and it seems to be working great, 
though I'm still working through some of the how-do-you-copy-files stuff and 
some of the networking stuff.  But, it's just a different way of doing things, 
and that can be learned.


I followed the directions in the qubes docs for installing KDE, and it worked 
great. Thanks to the folk who made *that* work so well.  I know that KDE is in 
bad odor because of its size, etc., but I still like it. And with my shiny new 
SSD drive, it's plenty zippy for me.  I've pretty much figured out how to 
customize it manually.

But I'm having a problem with the networking widget.

I apparently can't upload a screenshot, but were you to see it, you'd see that 
all my monitoring widgets (cpu, hard disk, etc) are working fine, but the 
Network Monitor is blank -- because there's no device for it to look at.  I 
understand that the desktop runs in dom0, and dom0 doesn't have networking, but 
(and this is my conceptual problem) that would mean that the network manager 
must run somewhere else than dom0, right?  Where is it, and is there a way to 
get my networking widget to talk to wherever that is?

Thanks,

billo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4705b3f9-56b8-4860-ba4e-b441d9573264%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] V3.2 script does not work on v4.01

2019-01-23 Thread Franz 
Hello
I moved to Qubes 4 and my script to start various VMs and programs, which
worked fine with V3.2, now just executes only the first command and stops
there. Why?

Script
qvm-start untrusted
wmctrl -s 1
qvm-run untrusted firefox
qvm-run untrusted nautilus
qvm-start personal
 and many others commands

It stops with:
sh script.sh
Running 'firefox' on untrusted

I get nothing more than that. Why does not it start also nautilus and many
other stuff as it did with Qubes 3.2?

best
Franz

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qCDdgMzg79CZfzCa%3DDpHSd2gc10UQ8g1c4ypBZVt89J3w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] diff files across appvms

2019-01-23 Thread unman 
On Wed, Jan 23, 2019 at 05:38:42AM -0800, john.e.ma...@gmail.com wrote:
> On Tuesday, January 22, 2019 at 8:18:48 PM UTC-5, unman wrote:
> > On Tue, Jan 22, 2019 at 01:23:54PM -0800,  wrote:
> > > Is it possible to compare (diff) files across appvms. Or (and), is it 
> > > possible to pass arguments to an appvm through a dom0 terminal. 
> > > 
> > > Basically, I want to check if a Keepassxc file in my vault is different 
> > > than a Keepassxc file in my appvm. 
> > > 
> > > Thanks for any ideas.
> > > 
> > > John
> > > 
> > 
> > You can do this using qvm-run-vm or by using qvm-run in dom0.
> > Look at the policy file in /etc/qubes-rpc/policy/qubes.VMShell and the
> > warning.
> > 
> > If all you want to do is see if the files differ, then you can just
> > generate hashes: from vault -
> > qvm-run-vm appvm 'md5sum db.kdbx'
> > Compare that with local hash.
> > 
> > I dont think you can diff the files themselves.
> 
> unman, I don't have qvm-run (perhaps that's for 3.2?), and running hash 
> command example you gave (modified to point to a file that exists in the 
> appvm) produced no output. Specifically:
> 
> $ qvm-run vault 'md5sum file.kdbx'
> Running 'md5sum file.kdbx' on vault
> 
> But no output. Any ideas?
> 
> Thanks.
> John
> 

In qubes, you should have qvm-run-vm tool. In dom0, qvm-run. The
capabilities (and controls) are different.

You are trying to run in dom0 - to get output there you need to use;:
qvm-run -p vault 'md5sum file.kdbx'
The '-p' allows for stdio from the running program to be passed to dom0
- be aware of the potential risks. Otherwise the command is run (and
stdio kept) in the target qube.

In qubes, you use qvm-run-vm - you must have considered
/etc/qubes-rpc/policy/qubes.VMShell
So, from vault run "qvm-run-vm appvm 'md5sum file.kdbx'", and the output
of that command run on appvm will appear in vault, and you will be able
to make the comparison.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123145448.pefoxs4boi56w2fc%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking widget in KDE on qubes

2019-01-23 Thread unman 
On Wed, Jan 23, 2019 at 06:21:44AM -0800, billol...@gmail.com wrote:
> I recently installed 4.0.1 on my laptop and it seems to be working great, 
> though I'm still working through some of the how-do-you-copy-files stuff and 
> some of the networking stuff.  But, it's just a different way of doing 
> things, and that can be learned.
> 
> 
> I followed the directions in the qubes docs for installing KDE, and it worked 
> great. Thanks to the folk who made *that* work so well.  I know that KDE is 
> in bad odor because of its size, etc., but I still like it. And with my shiny 
> new SSD drive, it's plenty zippy for me.  I've pretty much figured out how to 
> customize it manually.
> 
> But I'm having a problem with the networking widget.
> 
> I apparently can't upload a screenshot, but were you to see it, you'd see 
> that all my monitoring widgets (cpu, hard disk, etc) are working fine, but 
> the Network Monitor is blank -- because there's no device for it to look at.  
> I understand that the desktop runs in dom0, and dom0 doesn't have networking, 
> but (and this is my conceptual problem) that would mean that the network 
> manager must run somewhere else than dom0, right?  Where is it, and is there 
> a way to get my networking widget to talk to wherever that is?
> 
> Thanks,
> 
> billo
> 

I'm afraid it is one of the last issues bedevilling KDE in dom0 - the
icon is "there" but does not appear. 
As you say, dom0 does not have networking, but sys-net does. That is
where the NetworkManager applet runs, and the output should be passed to
dom0 for display. (Currently dom0 controls all the gui.) In Xfce this
works fine but in KDE the mechanism is broker currently.
The icon is there, and you can discover it by mousing over it, and
interact with it as expected. Once you understand this the absence
proves less of a problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123150145.vfwfcnqlpyidl7la%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] V3.2 script does not work on v4.01

2019-01-23 Thread unman 
On Wed, Jan 23, 2019 at 11:43:39AM -0300, Franz wrote:
> Hello
> I moved to Qubes 4 and my script to start various VMs and programs, which
> worked fine with V3.2, now just executes only the first command and stops
> there. Why?
> 
> Script
> qvm-start untrusted
> wmctrl -s 1
> qvm-run untrusted firefox
> qvm-run untrusted nautilus
> qvm-start personal
>  and many others commands
> 
> It stops with:
> sh script.sh
> Running 'firefox' on untrusted
> 
> I get nothing more than that. Why does not it start also nautilus and many
> other stuff as it did with Qubes 3.2?
> 
> best
> Franz

As you've discovered in 4.0 qvm-run blocks on the program being run.
You need to use:
qvm-run untrusted firefox &
etc

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123150759.vpvmpr2w3jp6ipln%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] vault color (black?) & window decorations

2019-01-23 Thread unman 
On Tue, Jan 22, 2019 at 08:05:03AM -0800, brendan.h...@gmail.com wrote:
> On Tuesday, January 22, 2019 at 10:53:30 AM UTC-5, chuc...@gmail.com wrote:
> > On Monday, October 15, 2018 at 8:07:38 AM UTC-5, awokd wrote:
> > > bre...ail.com:
> > > > Hi folks,
> > > > 
> > > > Regarding the default R4 color scheme...
> > > > 
> > > > ...does anyone else find that the default color for vault (black?) 
> > > > makes it nearly impossible to see the window titles and/or windows 
> > > > controls (close, maximize, minimize)?
> > > > 
> > > > Why does that color scheme set the window title (and controls) to dark 
> > > > text/controls on a dark background?
> > > > 
> > > Have noticed it but it hasn't bothered me enough yet to change it! I 
> > > think there's an issue somewhere out there mentioning it.
> > 
> > Is it possible to user-modify (or, more specifically, add to) the existing 
> > available window colors? I'm adding some additional "zones" and have been 
> > trying to figure it out.
> 
> My workaround was setting all my templates to use the black backgrounds with 
> impossible to read window titles and shifting other VMs to more reasonable 
> colors.
> 
> Brendan
> 

There is a longstanding open issue about adding more
colours/decorations. I dont believe at present that this can be easily
changed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123151805.tfaa3oouadqwiuid%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] diff files across appvms

2019-01-23 Thread john . e . maher 
On Wednesday, January 23, 2019 at 9:54:50 AM UTC-5, unman wrote:
> On Wed, Jan 23, 2019 at 05:38:42AM -0800, john.e.ma...@gmail.com wrote:
> > On Tuesday, January 22, 2019 at 8:18:48 PM UTC-5, unman wrote:
> > > On Tue, Jan 22, 2019 at 01:23:54PM -0800,  wrote:
> > > > Is it possible to compare (diff) files across appvms. Or (and), is it 
> > > > possible to pass arguments to an appvm through a dom0 terminal. 
> > > > 
> > > > Basically, I want to check if a Keepassxc file in my vault is different 
> > > > than a Keepassxc file in my appvm. 
> > > > 
> > > > Thanks for any ideas.
> > > > 
> > > > John
> > > > 
> > > 
> > > You can do this using qvm-run-vm or by using qvm-run in dom0.
> > > Look at the policy file in /etc/qubes-rpc/policy/qubes.VMShell and the
> > > warning.
> > > 
> > > If all you want to do is see if the files differ, then you can just
> > > generate hashes: from vault -
> > > qvm-run-vm appvm 'md5sum db.kdbx'
> > > Compare that with local hash.
> > > 
> > > I dont think you can diff the files themselves.
> > 
> > unman, I don't have qvm-run (perhaps that's for 3.2?), and running hash 
> > command example you gave (modified to point to a file that exists in the 
> > appvm) produced no output. Specifically:
> > 
> > $ qvm-run vault 'md5sum file.kdbx'
> > Running 'md5sum file.kdbx' on vault
> > 
> > But no output. Any ideas?
> > 
> > Thanks.
> > John
> > 
> 
> In qubes, you should have qvm-run-vm tool. In dom0, qvm-run. The
> capabilities (and controls) are different.
> 
> You are trying to run in dom0 - to get output there you need to use;:
> qvm-run -p vault 'md5sum file.kdbx'
> The '-p' allows for stdio from the running program to be passed to dom0
> - be aware of the potential risks. Otherwise the command is run (and
> stdio kept) in the target qube.
> 
> In qubes, you use qvm-run-vm - you must have considered
> /etc/qubes-rpc/policy/qubes.VMShell
> So, from vault run "qvm-run-vm appvm 'md5sum file.kdbx'", and the output
> of that command run on appvm will appear in vault, and you will be able
> to make the comparison.

unman, thank you for this. I understand the difference now, and using qvm-run 
-p in dom0 works fine. I cannot get qvm-run-vm to work, because I'm presented 
with "Request refused". I don't understand the significance of 
/etc/qubes-rpc/policy/qubes.VMShell, but I don't actually have a directory 
called policy, so that file path is /etc/qubes-rpc/qubes.VMShell.

I can make this work using dom0, but I suspect (but don't know for sure) that 
that is unwise.

John

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb75e360-3e6e-469b-8203-6cc515e2aee9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cant get it to install

2019-01-23 Thread billollib 
It is the only OS on the drive?  I gotta tell you, I had nothing but headaches 
trying to do a dual boot installation, either with Windows 10 or Fedora 29.  
Since I have a hybrid disk machine, I ended up creating two MBRs, two 
/boot/efi's, etc, one on the SSD and on on the SATA drive.  One of the problems 
I had was even though I *thought* was doing a clean install, I wasn't. For 
either then qubes or one of the other OSs, I can't remember which, it wasn't 
wiping/formatting the /boot/efi partition, but instead just modifying it.  I 
ended up getting so frustrated, I just completely wiped both drives completely 
and removed *all* the partitions.  Then it installed...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/616b658e-5a7f-4c41-8fbc-1746d799c3d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cant get it to install

2019-01-23 Thread billollib 
The other thing I did wrong was to use the usb writer in a mode other than 
"dd."  It doesn't sound like you made that mistake, since you got as far as you 
did, but that caused me a few hours of amusement also.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2fac0f4-c13a-4a4b-b11e-652a8d6cbe5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Firefox Account SyncVM

2019-01-23 Thread John Goold 
On Thursday, January 17, 2019 at 12:20:32 PM UTC-6, R A F wrote:
> Hi Everyone,
> 
> I'm trying to find a way to sync firefox bookmarks but I do not want to use 
> firefox account. So my question to all of you is:
> Does anyone knows if there is a possible way to create local account that 
> will be hosted on standalone VM so I could connect all Firefox Apps to 
> connect to that source ans sync bookmarks, plugins, etc. The whole point here 
> is to keep all bookmarks in safe place that same way some people keep their 
> passwords keys etc.
> Maybe if there is no such a solution someone could start new project? I would 
> do that myself, but currently do not have advanced coding skills :-(
> 
> Thanks for all replays 
> BR
> Raf

After re-reading the thread, I realized I was over simplifying your question — 
sorry.

However, after reading your original question more carefully, I am left 
wondering what exactly it is you wish to accomplish (again, sorry if I am being 
dim-witted).

It sounds like you are discussing a single computer running Qubes. It is not 
clear to me whether you want to synchronize bookmarks among instances of 
Firefox running on different appVMs (doing so would appear to compromise 
security as discussed elsewhere) or whether you just want to be able to back-up 
your bookmarks (possibly from multiple appVMs).

Having just recently made the transition to Qubes, I had to migrate my data 
which included my bookmarks. I did not use Firefox's Sync., to do this, but 
simply backed up my bookmarks from my laptop computer. I then transferred the 
backup to my new desktop, Qubes computer. I copied them to the appVMs that I 
would be running Firefox on. After restoring the bookmarks, I deleted any 
non-relevant bookmarks from each appVM. For example, I deleted all but the 
banking/financial bookmarks from the "finances" appVM (and deleted those from 
every other appVM).

I also made sure that remembering history, passwords, etc., was turned off for 
Firefox on every appVM. Also, which probably goes without saying, I turned off 
all reporting back to Mozilla.

I have also decided on my backup strategy being to use Qubes backup to backup 
VMs (including template VMs) to an external USB drive (accepting there may be 
some slight USB-related exposure).

So, the bottom line is, what do you really want to do?

If it is just back-ups, then use either Firefox's bookmarks backup/restore or 
backup the relevant Qubes (or both).

If you really want to synchronize bookmarks among your appVMs, I think you 
would be needlessly jeopardizing your security with no real gain. Personally I 
would recommend against doing this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62803c17-0634-47b8-af61-4fad72c654f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-net & sys-firewall fail to start, new install

2019-01-23 Thread Bryce 
On Wednesday, January 23, 2019 at 6:29:04 AM UTC-5, Mike Keehan wrote:
> 
> Hi Bryce,
> 
> Glad you got something working for you :)
> 
> This is a good description of the changes in Qubes 4.0 :-
>https://www.qubes-os.org/doc/releases/4.0/release-notes/
> 
> Mike.

Thanks Mike

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f31a100e-afc2-4917-a2fe-1979b499d2cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] vault color (black?) & window decorations

2019-01-23 Thread 22rip 
If you go to:

Qubes Icon -> System Tools -> Windows Manager -> Style Tab -> Theme

There you can pick different themes for your windows...I use "TGC" which shows 
the icons pretty good(although not with black). "Sassandra" looks pretty good 
with black...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f9398a5-a1d5-4923-8721-74445b77f2bb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] diff files across appvms

2019-01-23 Thread unman 
On Wed, Jan 23, 2019 at 07:19:14AM -0800, john.e.ma...@gmail.com wrote:
> On Wednesday, January 23, 2019 at 9:54:50 AM UTC-5, unman wrote:
> > On Wed, Jan 23, 2019 at 05:38:42AM -0800, john.e.ma...@gmail.com wrote:
> > > On Tuesday, January 22, 2019 at 8:18:48 PM UTC-5, unman wrote:
> > > > On Tue, Jan 22, 2019 at 01:23:54PM -0800,  wrote:
> > > > > Is it possible to compare (diff) files across appvms. Or (and), is it 
> > > > > possible to pass arguments to an appvm through a dom0 terminal. 
> > > > > 
> > > > > Basically, I want to check if a Keepassxc file in my vault is 
> > > > > different than a Keepassxc file in my appvm. 
> > > > > 
> > > > > Thanks for any ideas.
> > > > > 
> > > > > John
> > > > > 
> > > > 
> > > > You can do this using qvm-run-vm or by using qvm-run in dom0.
> > > > Look at the policy file in /etc/qubes-rpc/policy/qubes.VMShell and the
> > > > warning.
> > > > 
> > > > If all you want to do is see if the files differ, then you can just
> > > > generate hashes: from vault -
> > > > qvm-run-vm appvm 'md5sum db.kdbx'
> > > > Compare that with local hash.
> > > > 
> > > > I dont think you can diff the files themselves.
> > > 
> > > unman, I don't have qvm-run (perhaps that's for 3.2?), and running hash 
> > > command example you gave (modified to point to a file that exists in the 
> > > appvm) produced no output. Specifically:
> > > 
> > > $ qvm-run vault 'md5sum file.kdbx'
> > > Running 'md5sum file.kdbx' on vault
> > > 
> > > But no output. Any ideas?
> > > 
> > > Thanks.
> > > John
> > > 
> > 
> > In qubes, you should have qvm-run-vm tool. In dom0, qvm-run. The
> > capabilities (and controls) are different.
> > 
> > You are trying to run in dom0 - to get output there you need to use;:
> > qvm-run -p vault 'md5sum file.kdbx'
> > The '-p' allows for stdio from the running program to be passed to dom0
> > - be aware of the potential risks. Otherwise the command is run (and
> > stdio kept) in the target qube.
> > 
> > In qubes, you use qvm-run-vm - you must have considered
> > /etc/qubes-rpc/policy/qubes.VMShell
> > So, from vault run "qvm-run-vm appvm 'md5sum file.kdbx'", and the output
> > of that command run on appvm will appear in vault, and you will be able
> > to make the comparison.
> 
> unman, thank you for this. I understand the difference now, and using qvm-run 
> -p in dom0 works fine. I cannot get qvm-run-vm to work, because I'm presented 
> with "Request refused". I don't understand the significance of 
> /etc/qubes-rpc/policy/qubes.VMShell, but I don't actually have a directory 
> called policy, so that file path is /etc/qubes-rpc/qubes.VMShell.
> 
> I can make this work using dom0, but I suspect (but don't know for sure) that 
> that is unwise.
> 
> John

It's not ideal because you are parsing the output of an (unknown) command
run in a qube in dom0.

You are getting the "request refused" because you have not set a policy
rule allowing vault to run commands in appvm.
I dont have /etc/qubes-rpc/qubes.VMShell, and I do have
/etc/qubes-rpc/policy.
I've just checked this on a number of boxes, including a clean 4.0 image
and they all have the same.
It occurs to me that you are looking in the qube, and not in dom0 - can
you check this? You need to set the policy in dom0, and it will be
applied in individual qubes.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123160439.z4vxeg6osuauiwq2%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: vault color (black?) & window decorations

2019-01-23 Thread John Goold 
On Monday, October 15, 2018 at 7:38:56 AM UTC-5, Brendan Hoar wrote:
> Hi folks,
> 
> Regarding the default R4 color scheme...
> 
> ...does anyone else find that the default color for vault (black?) makes it 
> nearly impossible to see the window titles and/or windows controls (close, 
> maximize, minimize)? 
> 
> Why does that color scheme set the window title (and controls) to dark 
> text/controls on a dark background?
> 
> Thanks,
> Brendan

Yes, it makes it nearly impossible to see the window titles, etc.; however:

* Similar to others, I simply used a different colour for qubes that were 
assigned black (I had purple unused, so I chose it). I haven't changed all of 
them yet, but…

* The window with the focus is highlit in the panel at the top of the screen. 
Since it only uses the appVM's assigned colour for the icon, the title is easy 
to read. A window that does not have the focus, including ones assigned black, 
are readable (though the title is a mid-grey, so not a strong contrast).

* The window with the focus can be minimized either by pressing Alt+F9 or by 
clicking on its tab in the panel at the top of the screen.

It might be annoying, but in my opinion, it is a long way from being a 
show-stopper.

Cheers

*

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ff804052-90ae-4c4c-a3d2-d66e8c9770e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cant get it to install

2019-01-23 Thread gunnarmarino 
On Wednesday, January 23, 2019 at 9:25:44 AM UTC-6, bill...@gmail.com wrote:
> It is the only OS on the drive?  I gotta tell you, I had nothing but 
> headaches trying to do a dual boot installation, either with Windows 10 or 
> Fedora 29.  Since I have a hybrid disk machine, I ended up creating two MBRs, 
> two /boot/efi's, etc, one on the SSD and on on the SATA drive.  One of the 
> problems I had was even though I *thought* was doing a clean install, I 
> wasn't. For either then qubes or one of the other OSs, I can't remember 
> which, it wasn't wiping/formatting the /boot/efi partition, but instead just 
> modifying it.  I ended up getting so frustrated, I just completely wiped both 
> drives completely and removed *all* the partitions.  Then it installed...

Will qubes install its own boot loader? I'll try again and make sure its a 
clean drive with the /boot/efi partition gone

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f75c3366-9f05-4fbb-b52c-bb8ee06a4a80%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cant get it to install

2019-01-23 Thread gunnarmarino 
On Wednesday, January 23, 2019 at 9:27:02 AM UTC-6, bill...@gmail.com wrote:
> The other thing I did wrong was to use the usb writer in a mode other than 
> "dd."  It doesn't sound like you made that mistake, since you got as far as 
> you did, but that caused me a few hours of amusement also.

Yea I got that one right... thanks though

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0799313-1745-4298-9bec-b55b71bd03fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] diff files across appvms

2019-01-23 Thread john . e . maher 
On Wednesday, January 23, 2019 at 11:04:40 AM UTC-5, unman wrote:
> On Wed, Jan 23, 2019 at 07:19:14AM -0800, john.e.ma...@gmail.com wrote:
> > On Wednesday, January 23, 2019 at 9:54:50 AM UTC-5, unman wrote:
> > > On Wed, Jan 23, 2019 at 05:38:42AM -0800, john.e.ma...@gmail.com wrote:
> > > > On Tuesday, January 22, 2019 at 8:18:48 PM UTC-5, unman wrote:
> > > > > On Tue, Jan 22, 2019 at 01:23:54PM -0800,  wrote:
> > > > > > Is it possible to compare (diff) files across appvms. Or (and), is 
> > > > > > it possible to pass arguments to an appvm through a dom0 terminal. 
> > > > > > 
> > > > > > Basically, I want to check if a Keepassxc file in my vault is 
> > > > > > different than a Keepassxc file in my appvm. 
> > > > > > 
> > > > > > Thanks for any ideas.
> > > > > > 
> > > > > > John
> > > > > > 
> > > > > 
> > > > > You can do this using qvm-run-vm or by using qvm-run in dom0.
> > > > > Look at the policy file in /etc/qubes-rpc/policy/qubes.VMShell and the
> > > > > warning.
> > > > > 
> > > > > If all you want to do is see if the files differ, then you can just
> > > > > generate hashes: from vault -
> > > > > qvm-run-vm appvm 'md5sum db.kdbx'
> > > > > Compare that with local hash.
> > > > > 
> > > > > I dont think you can diff the files themselves.
> > > > 
> > > > unman, I don't have qvm-run (perhaps that's for 3.2?), and running hash 
> > > > command example you gave (modified to point to a file that exists in 
> > > > the appvm) produced no output. Specifically:
> > > > 
> > > > $ qvm-run vault 'md5sum file.kdbx'
> > > > Running 'md5sum file.kdbx' on vault
> > > > 
> > > > But no output. Any ideas?
> > > > 
> > > > Thanks.
> > > > John
> > > > 
> > > 
> > > In qubes, you should have qvm-run-vm tool. In dom0, qvm-run. The
> > > capabilities (and controls) are different.
> > > 
> > > You are trying to run in dom0 - to get output there you need to use;:
> > > qvm-run -p vault 'md5sum file.kdbx'
> > > The '-p' allows for stdio from the running program to be passed to dom0
> > > - be aware of the potential risks. Otherwise the command is run (and
> > > stdio kept) in the target qube.
> > > 
> > > In qubes, you use qvm-run-vm - you must have considered
> > > /etc/qubes-rpc/policy/qubes.VMShell
> > > So, from vault run "qvm-run-vm appvm 'md5sum file.kdbx'", and the output
> > > of that command run on appvm will appear in vault, and you will be able
> > > to make the comparison.
> > 
> > unman, thank you for this. I understand the difference now, and using 
> > qvm-run -p in dom0 works fine. I cannot get qvm-run-vm to work, because I'm 
> > presented with "Request refused". I don't understand the significance of 
> > /etc/qubes-rpc/policy/qubes.VMShell, but I don't actually have a directory 
> > called policy, so that file path is /etc/qubes-rpc/qubes.VMShell.
> > 
> > I can make this work using dom0, but I suspect (but don't know for sure) 
> > that that is unwise.
> > 
> > John
> 
> It's not ideal because you are parsing the output of an (unknown) command
> run in a qube in dom0.
> 
> You are getting the "request refused" because you have not set a policy
> rule allowing vault to run commands in appvm.
> I dont have /etc/qubes-rpc/qubes.VMShell, and I do have
> /etc/qubes-rpc/policy.
> I've just checked this on a number of boxes, including a clean 4.0 image
> and they all have the same.
> It occurs to me that you are looking in the qube, and not in dom0 - can
> you check this? You need to set the policy in dom0, and it will be
> applied in individual qubes.

unman, thank you for being so generous with your time. I appreciate the 
education. Yes, I was looking in appvms. I'm starting to understand better what 
needs to be done. I'll see how far I get.

John

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/692340e7-1194-4788-9db2-71bf5de11551%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login

2019-01-23 Thread xalldux 
I'm having the same problem.

> Do you see text login available? Maybe on tty2 (alt+ctrl+f2)? You can
> login there and see lightdm service status (`sudo systemctl status
> lightdm`), which is responsible for the graphical login. If it's failed,
> what it says there (you should have few log lines there)?
> It would be also useful to check X server log - /var/log/Xorg.0.log -
> especially if you see any error message at the end.

Linux console is working fine, lightdm is also working correctly IMO. Nothing 
out of the ordinary in /var/log/Xorg.0.log nor /var/log/lightdm/ligthdm.log. 
But /var/log/lightdm/x-0.log has some errors https://hastebin.com/apamuvazey.txt
as do dmesg https://hastebin.com/tijufefego.txt (only errors attached)
Both are radeon related (I have Radeon HD 7790). 

Sergio do you also have a radeon card?


> You should be able to choose older version in grub menu.

That's what works for me, no problems at all on 4.14.74-1 kernel.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f301554-dcca-401f-8b5c-ecf5fb415e12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Cant get it to install

2019-01-23 Thread gunnarmarino 
On Wednesday, January 23, 2019 at 9:25:44 AM UTC-6, bill...@gmail.com wrote:
> It is the only OS on the drive?  I gotta tell you, I had nothing but 
> headaches trying to do a dual boot installation, either with Windows 10 or 
> Fedora 29.  Since I have a hybrid disk machine, I ended up creating two MBRs, 
> two /boot/efi's, etc, one on the SSD and on on the SATA drive.  One of the 
> problems I had was even though I *thought* was doing a clean install, I 
> wasn't. For either then qubes or one of the other OSs, I can't remember 
> which, it wasn't wiping/formatting the /boot/efi partition, but instead just 
> modifying it.  I ended up getting so frustrated, I just completely wiped both 
> drives completely and removed *all* the partitions.  Then it installed...

Actually yea it was the only OS on the drive, I had windows on a seperate drve 
though. After installing qubes on the blank drive I had no /boot/efi partition.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03eae05a-fdb4-483d-8829-5ea83e560c9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] add flashrom and coreboot-utils to dom0 rpm packages for internal flashing

2019-01-23 Thread travorfirefuelcan 
Hi again. 

You can flash internally with flashrom after IFD is unlocked and you have 
coreboot installed.

All we need is coreboot-utils package
https://aur.archlinux.org/packages/coreboot-utils-git/
(cbfstool and ifdtool)

and flashrom
https://flashrom.org/


this is convenient if you need to modify the config without disassembling the 
laptop

flashrom -p internal:laptop=force_I_want_a_brick ...

./cbfstool coreboot.rom extract -n grubtest.cfg -f grubtest.cfg

and other... :)

What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/089b9250-dbb2-48fe-9faf-dac7d3a4497d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Qubes Community,

We have just published Qubes Security Bulletin (QSB) #46:
APT update mechanism vulnerability.
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB #46 in the qubes-secpack:



Learn about the qubes-secpack, including how to obtain, verify, and read it:



View all past QSBs:



```


 ---===[ Qubes Security Bulletin #46 ]===---

 2019-01-23

APT update mechanism vulnerability


Summary


The Debian Security Team has announced a security vulnerability
(DSA-4371-1) in the Advanced Package Tool (APT).  The vulnerability lies
in the way APT performs HTTP redirect handling when downloading
packages. Exploitation of this vulnerability could lead to privilege
escalation [1] inside an APT-based VM, such as a Debian or Whonix VM.
This bug does _not_ allow escape from any VM or enable any attacks on
other parts of the Qubes system. In particular, this bug does _not_
affect dom0, the Xen hypervisor, or any non-APT-based VMs. Nevertheless,
we have decided to release this bulletin, because if a TemplateVM is
affected, then every VM based on that template is affected.


Description


As described in [1]:

| Max Justicz discovered a vulnerability in APT, the high level package
| manager.  The code handling HTTP redirects in the HTTP transport
| method doesn't properly sanitize fields transmitted over the wire.
| This vulnerability could be used by an attacker located as a
| man-in-the-middle between APT and a mirror to inject malicious content
| in the HTTP connection. This content could then be recognized as a
| valid package by APT and used later for code execution with root
| privileges on the target machine.


Impact
===

Users who use Debian or Whonix VMs are affected. Users who use only
Fedora VMs are not affected.  Although we do not provide any other
official or community APT-based templates, any other APT-based VMs that
users have installed on their own should also be assumed to be affected.


Discussion
===

Normally, we do not release Qubes Security Bulletins (QSBs) to address
vulnerabilities that only affect VMs internally without affecting the
rest of the Qubes system, i.e. vulnerabilities that do not undermine the
Qubes security model.

For example, we do not release QSBs to address bugs in Firefox or Linux
kernel USB stacks, because Qubes OS was designed under the primary
assumption that in a typical desktop OS there will be countless such
bugs and that humankind will never be able to patch all of them promptly
(at least not as quickly as developers introduce new bugs). This is, in
fact, the very reason we designed Qubes OS as an implementation of the
security-by-compartmentalization approach.

The APT update bug discussed today is, however, somewhat special.
While it is indeed a bug that only affects VMs internally, it could
allow an attacker to compromise TemplateVMs, which are used as a basis
for creating other VMs, such as AppVMs and ServiceVMs. If a TemplateVM
is compromised, then all the VMs based on that TemplateVM will be
compromised. Since AppVMs operate directly on user data, and since
ServiceVMs can be critical to user privacy (especially in the case of
Whonix and VPN ProxyVMs), this is a serious matter.

In Qubes OS, we take special precautions to make TemplateVMs difficult
to compromise. For example, we block all network connections to and from
templates, with one exception: We allow templates to connect to the
so-called "Update Proxy" (which runs in the NetVM). This allows the
TemplateVM to retrieve updates while protecting users from accidentally
using TemplateVMs to perform risky activities, such as browsing the web.

Since the bug under discussion has the potential to subvert this very
protection mechanism, we've decided to issue this QSB.

We would like to point out, however, that Qubes OS does a good job of
mitigating this kind of a vulnerability. Instead of having to reinstall
the whole operating system from scratch, Qubes users may need only to
reinstall the affected template(s).

If users are concerned that potential attackers may have compromised not
only the root filesystem of the template, but also attempted to infect
user files in AppVM filesystems (e.g. ~/.bashrc or a Web browser profile
directory), Qubes allows for mounting each of the suspected AppVM
private images into a different, trusted VM, based on a trusted
template, for "offline" analysis and cleanup, allowing users to preserve
their data.


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
o

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Brendan Hoar 
Thank you, Marek et al, for your work over what was presumably a longer
than usual work day.

B

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOajFedqetKhXx9FOCUW4OTydnrPxJzjw2SPQL49Y8bAcqCNOg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread seshu 
On Wednesday, January 23, 2019 at 5:32:38 PM UTC, Brendan Hoar wrote:
> Thank you, Marek et al, for your work over what was presumably a longer than 
> usual work day.
> 
> 
> B

Agreed, thanks everyone!  One question Marek, the ubuntu distros you recently 
made available to the community could be affected also? They are APT based 
distro's right?

If so, I'm assuming I'll have to apply the same procedure for those right?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23a34e4e-413a-4acb-b739-b04fe1dd75c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Backup stops when the backup file reaches 3Gb

2019-01-23 Thread Mike Keehan 
Hi,

I'm using Qubes Backup to save some of my qubes into another VM.
The backup VM has 18 Gb of storage available, but whenever the
backup file reaches 3Gb, the backup process just hangs.

No CPU usage, no error messages, just stops.  The backup window
shows 40% complete, but never moves any further (different % for
different combinations of qubes in the backup list).

After waiting a considerable time (well, 5-10 minutes), hitting
Cancel in the backup window does cancel it.  The rest of the
system is continuing to work without problem.  Happens every
time I try to use Qubes backup.

The Qubes Disk Space widget shows less than 50% disk used overall,
the backupVM shows only 18% disk used when the 3Gb file has been
saved.

I'm stumped.

Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190123174938.1371fa26.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Lenovo Thinkpad P52

2019-01-23 Thread Aly Abdellatif 
Hi everyone,


Current Condition: Everything works perfectly(kali-rolling,offline
penstesting lab,audio,bluetooth,wifi,updates,whonix,etc...) in legacy mode
with discrete graphics for installation(with rufus) and hybrid graphics
after disabling nouveau :Only problem is the ethernet
Uefi works too but problems with wake and sleep after closing the
lid(Nvidia problem): I also followed
https://github.com/QubesOS/qubes-issues/issues/3411 and
https://groups.google.com/forum/#!msg/qubes-users/TmGDlkluJgM/fn4wc2E5CQAJ
with no success.

For more informations :

First trial:

*SecureBoot : Disabled*
*Graphics:Discrete(Hybrid won't work in uefi)*

*Boot: Uefi only*
*uefi usb enabled*

First of all , I followed every steps regarding the uefi Installation for
newer thinkpads(fedora-live-cd). The installation would begin than I would
be stuck in the "Installation source: Error setting up base repository"
With dd the installation would begin and i will be stucked in the middle
with an  error : transaction couldn't load source or something like that.

Finally with rufus I could install Qubes correctly with two problems :
first of all sys-net will not start unless I remove the Ethernet device
from the settings. My Second problem was the suspend: If I close the lid ,
I have to hard shutdown the laptop and then reboot. This problem is related
to nvidia and nouveau. Sadly, there wasn't any grub installed(grub and
grub2 were empty folders) so I couldn't follow the steps regarding the
nvidia troubleshooting to disable nouveau. I also didn't want to debug and
try to install a grub .

Second Trial: Finally I reinstalled everything with :

*SecureBoot : Disabled*
*Graphics:Discrete*
*Boot: legacy mode*

Same problem with the ethernet.
In legacy mode the grub is installed and preconfigured.
This time I could follow the steps for the nvidia troubleshooting to
disable nouveau:

*In dom0*

   -

   *cd /etc/default/
   sudo nano grub
   *



   -

   *Edit GRUB_CMDLINE_LINUX, add the following to it at the end:*

   *nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off
   *

   -

   *sudo grub2-mkconfig -o /boot/grub2/grub.cfg*

   -

   After that you reboot and you will be stucked in the loading screen
. You have to change the graphics in the BIOS to Hybrid so that he can
use your integrated graphics.


Now when you close the lid and then you open it you have the XscreenSaver
which is what we wanted :) !!!.

I will try now to fix the ethernet and the nvidia drivers . I will keep you
updated .



My Laptop Specifications:

Lenovo Thinkpad P52
BiOS 1.18(latest)
Intel Xeon E-176M
64GB RAM(16 X 4) NO ECC
1TB SSD nvme Samsung (QUBES OS)
1TB SATA which I use for backup(qvm-block , mount).
Nividia Quadro p2000






Best Regards

Aly Abdellatif

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANx%2BM24H1rMj6Xa0PDGYK9GJqaqYKk36Xe5OJFZQVRhFB%3DHUbw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20M9CTO1WW-20190123-195941.yml
Description: application/yaml


Qubes-HCL-LENOVO-20M9CTO1WW-20190123-200338.cpio.gz
Description: application/gzip

[qubes-users] Re: HCL - Lenovo Thinkpad P52

2019-01-23 Thread Aly Abdellatif 
I sent the downloaded .yml file, This is the one I updated it .

On Wed, Jan 23, 2019 at 8:40 PM Aly Abdellatif 
wrote:

> Hi everyone,
>
>
> Current Condition: Everything works perfectly(kali-rolling,offline
> penstesting lab,audio,bluetooth,wifi,updates,whonix,etc...) in legacy mode
> with discrete graphics for installation(with rufus) and hybrid graphics
> after disabling nouveau :Only problem is the ethernet
> Uefi works too but problems with wake and sleep after closing the
> lid(Nvidia problem): I also followed
> https://github.com/QubesOS/qubes-issues/issues/3411 and
> https://groups.google.com/forum/#!msg/qubes-users/TmGDlkluJgM/fn4wc2E5CQAJ
> with no success.
>
> For more informations :
>
> First trial:
>
> *SecureBoot : Disabled*
> *Graphics:Discrete(Hybrid won't work in uefi)*
>
> *Boot: Uefi only*
> *uefi usb enabled*
>
> First of all , I followed every steps regarding the uefi Installation for
> newer thinkpads(fedora-live-cd). The installation would begin than I would
> be stuck in the "Installation source: Error setting up base repository"
> With dd the installation would begin and i will be stucked in the middle
> with an  error : transaction couldn't load source or something like that.
>
> Finally with rufus I could install Qubes correctly with two problems :
> first of all sys-net will not start unless I remove the Ethernet device
> from the settings. My Second problem was the suspend: If I close the lid ,
> I have to hard shutdown the laptop and then reboot. This problem is related
> to nvidia and nouveau. Sadly, there wasn't any grub installed(grub and
> grub2 were empty folders) so I couldn't follow the steps regarding the
> nvidia troubleshooting to disable nouveau. I also didn't want to debug and
> try to install a grub .
>
> Second Trial: Finally I reinstalled everything with :
>
> *SecureBoot : Disabled*
> *Graphics:Discrete*
> *Boot: legacy mode*
>
> Same problem with the ethernet.
> In legacy mode the grub is installed and preconfigured.
> This time I could follow the steps for the nvidia troubleshooting to
> disable nouveau:
>
> *In dom0*
>
>-
>
>*cd /etc/default/
>sudo nano grub
>*
>
>
>
>-
>
>*Edit GRUB_CMDLINE_LINUX, add the following to it at the end:*
>
>*nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off
>*
>
>-
>
>*sudo grub2-mkconfig -o /boot/grub2/grub.cfg*
>
>-
>
>After that you reboot and you will be stucked in the loading screen . You 
> have to change the graphics in the BIOS to Hybrid so that he can use your 
> integrated graphics.
>
>
> Now when you close the lid and then you open it you have the XscreenSaver
> which is what we wanted :) !!!.
>
> I will try now to fix the ethernet and the nvidia drivers . I will keep
> you updated .
>
>
>
> My Laptop Specifications:
>
> Lenovo Thinkpad P52
> BiOS 1.18(latest)
> Intel Xeon E-176M
> 64GB RAM(16 X 4) NO ECC
> 1TB SSD nvme Samsung (QUBES OS)
> 1TB SATA which I use for backup(qvm-block , mount).
> Nividia Quadro p2000
>
>
>
>
>
>
> Best Regards
>
> Aly Abdellatif
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANx%2BM24jzifD4KyOm-zNGB-LtUUuLMPMt7viv0PDGv6Q0Mog_Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20M9CTO1WW-20190123-200338.yml
Description: application/yaml

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone 
seshu wrote on Wed, 23 January 2019 17:49
> On Wednesday, January 23, 2019 at 5:32:38 PM UTC,
> Brendan Hoar wrote:
> >  Thank you, Marek et al, for your work over what was
> > presumably a longer than usual work day.
> >  
> >  
> >  B
> 
> Agreed, thanks everyone! 
> 
> --

I'd also like to thank you for doing all that.

I've tried it for the debian-9 template with sudo
qubes-dom0-update
--enablerepo=qubes-templates-community-testing
qubes-template-debian-9 but this only brings up the
4.0.1.-201812091508 version.
Is that repo only right for the whonix tempate as in the
example or is there another reason? What have I done wrong?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/929.5c48c937%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo Thinkpad P52

2019-01-23 Thread Achim Patzner 
On 20190123 at 20:40 +0100 Aly Abdellatif wrote:

> Current Condition: Everything works perfectly(kali-rolling,offline
> penstesting lab,audio,bluetooth,wifi,updates,whonix,etc...) in legacy
> mode with discrete graphics for installation(with rufus) and hybrid
> graphics after disabling nouveau

Check if all CPU cores are running...

> Only problem is the ethernet

That's not a problem with "permissive=true" and "no-strict-rest=true".

> Uefi works too but problems with wake and sleep after closing the
> lid(Nvidia problem)

Actually using Fn+Backspace, too.

> Graphics:Discrete(Hybrid won't work in uefi)

Works for me since firmware 1.06

> Sadly, there wasn't
> any grub installed(grub and grub2 were empty folders) so I couldn't
> follow the steps regarding the nvidia troubleshooting to disable 

You can do that in xen.cfg.

> I will try now to fix the ethernet and the nvidia drivers . I will
> keep you updated.

To get nouveau working you have to create an xorg.conf. By hand, of
course, to make it more fun.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/386c545b05adbf2afe12afc6843f0abc4ab5f823.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login

2019-01-23 Thread Sergio Matta 

> Sergio do you also have a radeon card?
> 

Yes. Mine is RX-560.
I already installed the amdgpu and vulkan drivers, but it still not working 
with kernel 4-19. Works fine with 4-14 and the drivers too.

> 
> > You should be able to choose older version in grub menu.
> 
> That's what works for me, no problems at all on 4.14.74-1 kernel.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69c97955-8bc8-48e7-b098-1289d426760c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: removal of debian-9 template fails because is marked as installed by packetmanager.

2019-01-23 Thread gone 
Hello unman,

thanks again for your answer. I tried it now in conjunction
with Marek's post about QSB #46. See here if you like: 
https://qubes-os.info/index.php?t=msg&goto=2345&#msg _2345

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92c.5c48ca4b%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login

2019-01-23 Thread Sergio Matta 
> Do you see text login available? Maybe on tty2 (alt+ctrl+f2)? You can
> login there and see lightdm service status (`sudo systemctl status
> lightdm`), which is responsible for the graphical login. If it's failed,
> what it says there (you should have few log lines there)?


Yes, It fails because the video driver. My card is a radeon rx-560 but there 
was no radeon driver installed. It was working with vesa driver. 
Now I already installed it but the error continues when I choose kernel-4-19 on 
grub.
The testing repository was enabled in my yum repo cfg.

Don't worry, it is working fine with kernel-4.14. If you need, there is some 
log files bellow.


> It would be also useful to check X server log - /var/log/Xorg.0.log -
> especially if you see any error message at the end.
> 
> You should be able to choose older version in grub menu.

Yes, that was what I did and I change to automatically boot the kernel-4.14.

I love Qubes! Thank you!!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03f1ef47-cf11-43ca-af9e-2037af39b215%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread seshu 
On Wednesday, January 23, 2019 at 8:06:20 PM UTC, gone wrote:
> seshu wrote on Wed, 23 January 2019 17:49
> > On Wednesday, January 23, 2019 at 5:32:38 PM UTC,
> > Brendan Hoar wrote:
> > >  Thank you, Marek et al, for your work over what was
> > > presumably a longer than usual work day.
> > >  
> > >  
> > >  B
> > 
> > Agreed, thanks everyone! 
> > 
> > --
> 
> I'd also like to thank you for doing all that.
> 
> I've tried it for the debian-9 template with sudo
> qubes-dom0-update
> --enablerepo=qubes-templates-community-testing
> qubes-template-debian-9 but this only brings up the
> 4.0.1.-201812091508 version.
> Is that repo only right for the whonix tempate as in the
> example or is there another reason? What have I done wrong?

I followed the same steps you did and I did get the right version.  I did 
notice that after deleting the old templateVMs I needed to reboot my system. 
Not necessarily to get or see the new versions but, I was getting a signature 
error when I downloaded the new version and dnf wouldn't install them because 
it did not match the signature of the 201812091508 version.  

But, after rebooting the system, that seemed to clean the cache or something 
and then the qubes-dom0-update process worked.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e690329e-e33c-46e4-8a2d-d1fc8f4c35c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login

2019-01-23 Thread Foppe de Haan 
On Wednesday, January 23, 2019 at 9:11:31 PM UTC+1, Sergio Matta wrote:
> > Do you see text login available? Maybe on tty2 (alt+ctrl+f2)? You can
> > login there and see lightdm service status (`sudo systemctl status
> > lightdm`), which is responsible for the graphical login. If it's failed,
> > what it says there (you should have few log lines there)?
> 
> 
> Yes, It fails because the video driver. My card is a radeon rx-560 but there 
> was no radeon driver installed. It was working with vesa driver. 
> Now I already installed it but the error continues when I choose kernel-4-19 
> on grub.
> The testing repository was enabled in my yum repo cfg.
> 
> Don't worry, it is working fine with kernel-4.14. If you need, there is some 
> log files bellow.
> 
> 
> > It would be also useful to check X server log - /var/log/Xorg.0.log -
> > especially if you see any error message at the end.
> > 
> > You should be able to choose older version in grub menu.
> 
> Yes, that was what I did and I change to automatically boot the kernel-4.14.
> 
> I love Qubes! Thank you!!

rx 560? Have you tried adding 'amdgpu.dc=1' to the kernel parameters?
hd7790 should work fine using the old radeon driver though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed23da2f-7b72-4770-93e4-d4ab81e578ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone 
@seshu: OK, thanks, so I'll try and reboot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/930.5c48cf43%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Lenovo Thinkpad P52

2019-01-23 Thread Aly Abdellatif 
Thanks for your reply,

The 6 cores are working .

Even with fn+space it wasn't working with me in uefi .

I guess I will just keep it in legacy mode.

Thanks for the ethernet tip.


*To get nouveau working you have to create an xorg.conf. By hand, of
course, to make it more fun.*

I'm not familiar with it . I will give it a try !


*Thanks*

On Wed, Jan 23, 2019 at 9:07 PM Achim Patzner  wrote:

> On 20190123 at 20:40 +0100 Aly Abdellatif wrote:
>
> > Current Condition: Everything works perfectly(kali-rolling,offline
> > penstesting lab,audio,bluetooth,wifi,updates,whonix,etc...) in legacy
> > mode with discrete graphics for installation(with rufus) and hybrid
> > graphics after disabling nouveau
>
> Check if all CPU cores are running...
>
> > Only problem is the ethernet
>
> That's not a problem with "permissive=true" and "no-strict-rest=true".
>
> > Uefi works too but problems with wake and sleep after closing the
> > lid(Nvidia problem)
>
> Actually using Fn+Backspace, too.
>
> > Graphics:Discrete(Hybrid won't work in uefi)
>
> Works for me since firmware 1.06
>
> > Sadly, there wasn't
> > any grub installed(grub and grub2 were empty folders) so I couldn't
> > follow the steps regarding the nvidia troubleshooting to disable
>
> You can do that in xen.cfg.
>
> > I will try now to fix the ethernet and the nvidia drivers . I will
> > keep you updated.
>
> To get nouveau working you have to create an xorg.conf. By hand, of
> course, to make it more fun.
>
>
> Achim
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/386c545b05adbf2afe12afc6843f0abc4ab5f823.camel%40noses.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANx%2BM243FcuyxFmcxsjqFK5gxOWA%2B_gvFHgBbjnmkE4AR4zpgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone 
unfortunately the reboot brought no change. Still the
201812091508 version.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/932.5c48d7c4%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Can't launch installer in EFI mode

2019-01-23 Thread gunnarmarino 
When I launch the installer in EFI mode instead of legacy, I get a block of 
text at the top left of my screen then the screen just goes black, the computer 
stays on though.

I tried adding "nouveau.modeset=0 rd.driver.blacklist=nouveau video=vesa:off" 
to my BOOTX64.cfg and that doesn't work. If I use Qubes 3.2.1, I get to the 
grub menu but eventually have a different problem that prevents me from 
installing (I want to install 4.0.1 so I didn't try for long).

I'm on a Dell G7 15

Is anyone able to help? I can show a video of what happens when booting the usb 
if needed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4c73890-6e64-4c0e-a0e3-3887bef7d793%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Chris Laprise 

On 01/23/2019 12:05 PM, Marek Marczykowski-Górecki wrote:


Patching
=

If you are a Qubes user, you should remove all APT-based (including
Debian and Whonix) TemplateVMs and StandaloneVMs, then install fresh
ones. You can do this by performing the following steps on each such
TemplateVM:



A shortened update procedure for debian-9:

1. If your "debian-9" template is customized or contains data, you may 
wish to back it up with qvm-clone first...


[dom0]$ qvm-clone debian-9 d9-backup

2. Run the upgrade command...

[dom0]$ sudo qubes-dom0-update qubes-template-debian-9 \
--enablerepo=qubes*testing --action=upgrade

This will display package info as it begins downloading. The package 
version-date should begin with "4.0.1-20190123" or later.


3. Shutdown all VMs so the upgrade can take effect...

[dom0]$ qvm-shutdown --all --wait --timeout=30

This method also works with whonix-gw-14 and whonix-ws-14 templates.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread goldsmith 
On 2019-01-23 21:08, gone wrote:
> unfortunately the reboot brought no change. Still the
> 201812091508 version.

Try sudo
qubes-dom0-update
--enablerepo=qubes-templates-itl-testing
qubes-template-debian-9

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13bb066f990aff75a307a5589d1fdd5b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread John S.Recdep 
On 1/23/19 9:08 PM, gone wrote:
> unfortunately the reboot brought no change. Still the
> 201812091508 version.
> 


this is for Fedora, is there something akin to this for  Debian ?


--
What you can do to get the differences between two templates:

1) run "dnf list installed > packagelist1.txt
Do the same in the other VM

2) compare both lists:
grep -Fxv -f packagelist1.txt packagelist2.txt



The problem with that is that it outputs version numbers, which isnt
particularly helpful.
dnf repoquery --qf "%{name}" --userinstalled
Will give you just the names.
--

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6924c217-3eb9-0cb6-1560-b626bbccdcb8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using Untangle as Qubes firewall

2019-01-23 Thread scoobyscrappy 
On Tuesday, January 22, 2019 at 5:20:17 PM UTC-8, unman wrote:
> On Tue, Jan 22, 2019 at 11:32:22AM -0800, scoobyscra...@gmail.com wrote:
> > Hello,
> > 
> > I am new to Qubes running on 4.0.  I would like to test the Untangle 
> > firewall and have it run in place of sys-firewall and still use the default 
> > sys-net.
> > 
> > I created the Untangle firewall as a HVM VM but it only shows one 
> > interface.  How do I add the virtual interface?  What else am I missing?
> > 
> > TIA
> > 
> 
> You should be able to set the HVM as netvm for another qube and the vif
> will be set. Try it.

In the untangle-firewall HVM, I added sys-net in the Networking field.  I have 
a disposable qube which has the untangle-firewall in the Networking field.  
When I start the disposable qube, I do see that the untangle-firewall qube 
added a vif interface but it has no ip address and is down and the untangle 
firewall does not recognize the vif interface in its configuration gui.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa21f110-4b40-4e22-9c44-7790c002e06e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 4.0.1 persistent external LVM block device attach

2019-01-23 Thread Eric 
Yes qvm-block does not accept any symlink, (mapper/...,
disk/by-uuid/... or -L , -U flags like mount) so will open
the issue and there is a *possible* related issue that a non
existent device fail of qube start may happen if the device
is not up yet, since they obviously happen in parallel.
Can't test now.

Any ideas for a hack?

Also noticed that the front device spec is NOT optional for
persistent attaches (if there are more than one) as they
will all try to grab xvdi on qube start with the second one
(not necessarily the second one originally entered) causing
a failure - unlike typing the attach commands into dom0.
Separate issue (check on entry) or just doc update? Needs
man update.

Thanks, Eric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/938.5c490910%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread gone 
has worked fine with debian-9. Thank you Chris.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/939.5c490d51%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread jsnow 

Marek Marczykowski-Górecki:

Summary


The Debian Security Team has announced a security vulnerability
(DSA-4371-1) in the Advanced Package Tool (APT).  The vulnerability lies
in the way APT performs HTTP redirect handling when downloading
packages. Exploitation of this vulnerability could lead to privilege
escalation [1] inside an APT-based VM, such as a Debian or Whonix VM.
This bug does _not_ allow escape from any VM or enable any attacks on
other parts of the Qubes system. In particular, this bug does _not_
affect dom0, the Xen hypervisor, or any non-APT-based VMs. Nevertheless,
we have decided to release this bulletin, because if a TemplateVM is
affected, then every VM based on that template is affected.


Hi,

Does this vulnerability apply to whonix users who download updates over 
tor from .onion repos?


My understanding is that it shouldn't, since the exit node operator or 
any other MITM doesn't even know it's apt traffic, they just see 
encrypted traffic to a hidden service.


Is this right, or am i not understanding something?

--
Jackie

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0276ef7-cee4-ed9e-6323-6928ca61dbeb%40bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Backup stops when the backup file reaches 3Gb

2019-01-23 Thread jsnow 

Mike Keehan:

Hi,

I'm using Qubes Backup to save some of my qubes into another VM.
The backup VM has 18 Gb of storage available, but whenever the
backup file reaches 3Gb, the backup process just hangs.

No CPU usage, no error messages, just stops.  The backup window
shows 40% complete, but never moves any further (different % for
different combinations of qubes in the backup list).

After waiting a considerable time (well, 5-10 minutes), hitting
Cancel in the backup window does cancel it.  The rest of the
system is continuing to work without problem.  Happens every
time I try to use Qubes backup.

The Qubes Disk Space widget shows less than 50% disk used overall,
the backupVM shows only 18% disk used when the 3Gb file has been
saved.

I'm stumped.

Mike.


Hi,

You may have to wait longer than 5-10 minutes. I experience something 
similar when doing a full backup, except it's worse because i'm backing 
up like 2.5TB. It appears to hang for several hours at a time (and this 
happens more than once), but it does eventually make visible progress 
again. The whole process takes over 24 hours. This is why i do full 
backups very infrequently.


For you it shouldn't take nearly as long because it's a lot less data, 
but the progress appearing to hang for a while seems to be normal.


I'm using 3.2 tho, and i know they made changes to the backup mechanism 
under the hood in 4.0, so i'm not sure if this issue still applies in 4.0.


--
Jackie

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5406576f-66c0-3af8-d74e-fbb6b9d4a952%40bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login

2019-01-23 Thread Sergio Matta 

> rx 560? Have you tried adding 'amdgpu.dc=1' to the kernel parameters?
> hd7790 should work fine using the old radeon driver though.

Yes. It is working with kernel 4-14 and this boot option, thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cfaf243-8833-4d14-9e92-b2de1d8347f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jan 24, 2019 at 01:10:42AM +, js...@bitmessage.ch wrote:
> Marek Marczykowski-Górecki:
> > Summary
> > 
> > 
> > The Debian Security Team has announced a security vulnerability
> > (DSA-4371-1) in the Advanced Package Tool (APT).  The vulnerability lies
> > in the way APT performs HTTP redirect handling when downloading
> > packages. Exploitation of this vulnerability could lead to privilege
> > escalation [1] inside an APT-based VM, such as a Debian or Whonix VM.
> > This bug does _not_ allow escape from any VM or enable any attacks on
> > other parts of the Qubes system. In particular, this bug does _not_
> > affect dom0, the Xen hypervisor, or any non-APT-based VMs. Nevertheless,
> > we have decided to release this bulletin, because if a TemplateVM is
> > affected, then every VM based on that template is affected.
> 
> Hi,
> 
> Does this vulnerability apply to whonix users who download updates over tor
> from .onion repos?
> 
> My understanding is that it shouldn't, since the exit node operator or any
> other MITM doesn't even know it's apt traffic, they just see encrypted
> traffic to a hidden service.
> 
> Is this right, or am i not understanding something?

In case of onion indeed MitM attack is not that easy, but if someone
takes over Debian (or Whonix) mirrors still could perform the attack.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxJE2sACgkQ24/THMrX
1yxbaAf+LBDndywJFQnv8ecVh3MADbYF3I1fpBJuPFP58MW3Iti2zB1US0jcxFbk
9GevFxLRd0f0u6sblyX+lko8f469gGhl/N0eK5Tl77omJNQc2on5uZb9pPotuuAi
0S8f49SJhl7B1WaJLKV9MAL2sXraHfZ59juQaLmQiSearuJcanPJAqEM/D0OI/aT
BWTc/fsjDpfQ9hV/BQcEOjoOqKuwnZDBLSrXR/ychWFA0zRPzmFtJjA6shFprPf1
NGxhdabDWSEzcKGyUW+GM/eoBo3qwH7cvQk9tHBFJfSpDDUAmgkodCO3PfVYw44L
5wAONEFFZZJH8xs7V/NSo9nqZVjuKQ==
=zzzU
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190124012252.GA9610%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread pixel fairy 
is whonix in the repo? i keep getting "Error: Unable to find a match"
tried copy/pasting from the command to delete the templates to make sure 
they're spelled right. tried qubes-templates-itl and 
qubes-templates-itl-testing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b29c776f-2da3-4d04-932a-ae6387576130%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 23/01/2019 8.53 PM, pixel fairy wrote:
> is whonix in the repo? i keep getting "Error: Unable to find a
> match" tried copy/pasting from the command to delete the templates
> to make sure they're spelled right. tried qubes-templates-itl and
> qubes-templates-itl-testing.
> 

The Whonix packages are in qubes-templates-community-testing.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxJL/sACgkQ203TvDlQ
MDBw/w//YOWTVN8shPoHSzkKUmz6tnG3PZ4xr0gq4Nc3eJeC1Oz9GJT92TJwQZiU
O0BGHg5vI6lXes5KYJWPl0aKVCmbdI23HoSGh/9C0PryGapAJ8+b+Y0M4DE3tA1k
znQKRZezs5XudXfX0Zy2jR1wXGON59D8XIOK1SDQQLQjha8jFPBwCNcjDPvmibX+
9lx+Gt8+SOkOI13Bg3WBruZ10mSAJhC7nVKLMkEy9xE2UlSJeCxfdKqyCTdnCG7R
VSaDRsX4b46XjiSVnVgCoKG/00wPeU2Ix+p9CmsYIbtNmKB4jybHIvX/6Qa365Fl
ieBHy0lEMIhs9cDeFRYM4Lo+tdCslwMEkk1Acx90kP/PQI4moo5qRR3yMxwYmXNX
llua+ijV6ONE9nDhj/Lvi62GzSMhZwq18pwTUqDUXKm8Z8hUAwmaZL3Ay4o2/qE5
3LFgaBIgY8HHdV96xxZZxOpcp1itNgU17xpkz9gphIpCLIkccjrjulQilRdSHKa1
1KH1DnVxKtC/TM4RFOFywuFX7GpZklPEBPXRAtHhzmfkENX//+3h1rKXA9k3iCam
axTGjQGOnmA2tXkGYEUi6VOJ/6WD6K6YPcovlEm7ao2d3HZU+SQKKiJ53B41dJJO
stk9jV51h0r19XIA/1dcYbKaMgZDdWF7Z0TW/AhyuqVUCMsuvG0=
=iiJY
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7560a230-3e75-fbdf-dfb5-2a9f00da53ad%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread pixel fairy 
On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote:
 
> The Whonix packages are in qubes-templates-community-testing.


$ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing 
qubes-template-whonix-gw-14 
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some 
time...
Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019.
No match for argument: qubes-template-whonix-gw-14
Error: Unable to find a match

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/832a3574-1531-4fbf-93df-a5b0c55b423d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 23/01/2019 9.36 PM, pixel fairy wrote:
> On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote:
>  
>> The Whonix packages are in qubes-templates-community-testing.
> 
> 
> $ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing 
> qubes-template-whonix-gw-14 
> Using sys-firewall as UpdateVM to download updates for Dom0; this may take 
> some time...
> Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019.
> No match for argument: qubes-template-whonix-gw-14
> Error: Unable to find a match
> 

That's strange. I was just able to install them with the same command.
Maybe try it again with --clean?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxJM4UACgkQ203TvDlQ
MDA6xg//f6Z108hVsOt0NShRKr0ymesvupANPfoVSE4LmuNr3rh3sHiRCNrUQUFw
jbX2K05aig82smbqwya/+qxTs5IY50zLzPYaBHMVLthFNI2YRXir0VFPGf2z5YA0
59/dEjxXWkmB+itSZ94dFLEwiwwPJwl1nzYSPb5xCfhT6gTus0Ur0Ig1HL71jgTz
HWmXKkUHMrXl92ET87yCEBB9yT4NKyhii8qQKauyrCKsDL2Z1Xr1jbO6ezY34Mjw
EKYiau97vvpdEEPH9xHkXkFSZI22PJ5TNcsbFOYWwevQdlWonSX9u9EQqV+DVueP
0jGiA+68cV9ih99mhciOt6cKajPmD7sMak0TqgBGET0s21Jal0vBLbJhK4kYIpYf
DJ8TOHKsSogEI0stxyqyGZgJ1Nlj1urffXdYsuJL53WtlNy9X06Qxa5aGYM/Kk1+
HWAVMkG5pjAxtlJ73+MVO4/7pRWsYOwma67bmcpQ+D6mcj/IPn4FFVue6bOq4t5t
iWOlPvzMH8xm8yPlmEdtOkdE1BbsxcORlXQig/5b+T3W0ZCSDXPLkO+Cgn6Yb6P9
URxspGf+lU/7R5lUDWjV2X/b3dAVNzUHyQ0tlNqAdqmfg6abi21YgnAl2nFPkHtF
9wYajSzhRK7ytFGcGT7UKY8yjZEbG58nMOO+XHJxc2ixYbpP+Jo=
=oMb9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b65af735-4a3a-5db6-a3d2-c5f40baff68a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - 20HRCTO1WW Lenovo Thinkpad X1 Carbon

2019-01-23 Thread Berne Campbell 
Lenovo Thinkpad X1 Carbon 20HRCTO1WW

I had to disable secure-boot to boot of USB stick for installation (Used
Rufus in Windows in DD mode, MBR partition scheme). Perhaps a signed shim
could be used to ease installation.

Builtin LCD display is working
Internal Keyboard is working
TrackPoint (including scrolling) is working
TrackPad is working
Wireless networking is working
Battery/AC power monitoring is working
Bluetooth doesn't due to Qubes OS Security stance on BT
Bluetooth mouse connected via USB cable is not working - not sure if it has
a wired-mode or if its just for charging.
Hot Keys: -
  - Volume Up, Down, Mute working
  - Microphone Mute not working
  - LCD Brightness Up/Down is working
  - Display (external/mirror/etc) is working (brings up display dialog)
  - Wireless/RF kill button is not working
  - Settings button not working
  - Bluetooth button removes/adds USB device (8087_0a2b)
  - Keyboard button (F11) does nothing
  - Star button (F12) does nothing
Keyboard backlight works (Fn+Space)
USB Mass Storage works
Internal mass storage NVME works

So far, looking good. Thanks for the hardwork ITL and the Qubes OS team.

I'm happy to share further details.

Cheers,
Berne

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHjMUdnDpD-b%3DfbtGRhXRnH_yFF%3DkSxhc5aUeWXLyOfGzz8rBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-20HRCTO1WW-20190124-151450.yml
Description: application/yaml

[qubes-users] Re: vault color (black?) & window decorations

2019-01-23 Thread pixel fairy 
On Monday, October 15, 2018 at 5:38:56 AM UTC-7, Brendan Hoar wrote:
> Hi folks,
> 
> Regarding the default R4 color scheme...
> 
> ...does anyone else find that the default color for vault (black?) makes it 
> nearly impossible to see the window titles and/or windows controls (close, 
> maximize, minimize)? 

have you tried a different display? or your monitor settings? i just looked on 
my laptop and an external display, and i see a dark gray background and light 
gray or black title depending on focus. both are easy to read, but its close 
enough that going from unfocused to focused does make it "disappear" in my eyes 
for a sec.

or just change it to gray. problem solved.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a8c6fae-2414-43af-ab58-a5b0594a9a7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

2019-01-23 Thread Chris Laprise 

On 01/23/2019 10:39 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 23/01/2019 9.36 PM, pixel fairy wrote:

On Wednesday, January 23, 2019 at 7:24:57 PM UTC-8, Andrew David Wong wrote:
  

The Whonix packages are in qubes-templates-community-testing.



$ sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing 
qubes-template-whonix-gw-14
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some 
time...
Last metadata expiration check: 1:08:18 ago on Wed Jan 23 18:22:56 2019.
No match for argument: qubes-template-whonix-gw-14
Error: Unable to find a match



That's strange. I was just able to install them with the same command.
Maybe try it again with --clean?


That's why I found its better to just specify qubes*testing for the 
templates:


https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net

Also, using the 'upgrade' action is a lot less confusing. The official 
steps are needlessly painful.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eac8fdff-5e8a-8031-e60f-dbac1b71cacb%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Backup stops when the backup file reaches 3Gb

2019-01-23 Thread Chris Laprise 

On 01/23/2019 08:15 PM, js...@bitmessage.ch wrote:

Mike Keehan:

Hi,

I'm using Qubes Backup to save some of my qubes into another VM.
The backup VM has 18 Gb of storage available, but whenever the
backup file reaches 3Gb, the backup process just hangs.

No CPU usage, no error messages, just stops.  The backup window
shows 40% complete, but never moves any further (different % for
different combinations of qubes in the backup list).

After waiting a considerable time (well, 5-10 minutes), hitting
Cancel in the backup window does cancel it.  The rest of the
system is continuing to work without problem.  Happens every
time I try to use Qubes backup.

The Qubes Disk Space widget shows less than 50% disk used overall,
the backupVM shows only 18% disk used when the 3Gb file has been
saved.

I'm stumped.

Mike.


Hi,

You may have to wait longer than 5-10 minutes. I experience something 
similar when doing a full backup, except it's worse because i'm backing 
up like 2.5TB. It appears to hang for several hours at a time (and this 
happens more than once), but it does eventually make visible progress 
again. The whole process takes over 24 hours. This is why i do full 
backups very infrequently.


For you it shouldn't take nearly as long because it's a lot less data, 
but the progress appearing to hang for a while seems to be normal.


I'm using 3.2 tho, and i know they made changes to the backup mechanism 
under the hood in 4.0, so i'm not sure if this issue still applies in 4.0.


Marek,

Isn't this the null bytes bug in GNU tar?

https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net

It would be a good idea to update this in dom0. My own backup tool uses 
GNU tar as well.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54678bc8-8091-fb49-92ac-7ad1b59e42d4%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

2019-01-23 Thread offizielledge 
Hello, I need a invite code, please send my one! Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7db54867-fb73-4e22-a365-7af70c903176%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

2019-01-23 Thread offizielledge 
Hello, I need a invite code for riseup,

please send my one :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d21a03fb-cfd3-418b-8c3b-551b144ae9a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Boot option not appearing (qubes 3.2.1)

2019-01-23 Thread gunnarmarino 
I finally got qubes 3.2.1 to install in UEFI mode, and the xen.cfg is there and 
I can see the efi boot manager entry by using efibootmgr. However, there is no 
boot option for qubes. What could be causing this?

Dell G7 15

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a18bc9ce-ac45-4109-9453-4c3f5158fc9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Boot option not appearing (qubes 3.2.1)

2019-01-23 Thread gunnarmarino 
On Thursday, January 24, 2019 at 12:22:11 AM UTC-6, gunnar...@gmail.com wrote:
> I finally got qubes 3.2.1 to install in UEFI mode, and the xen.cfg is there 
> and I can see the efi boot manager entry by using efibootmgr. However, there 
> is no boot option for qubes. What could be causing this?
> 
> Dell G7 15

Nevermind, got it fixed shortly after this post. I fixed it by following the 
steps "Boot device not recognized after installing" taken from 
https://www.qubes-os.org/doc/uefi-troubleshooting/

I am now having an issue booting... havent figured out what it is yet though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/146b89f7-88bb-4ac1-a89e-fd4e598e245c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.