Re: [qubes-users] xsel via qrexec fails to set clipboard, "conversion refused"

2019-02-01 Thread Dave C 
On Sunday, January 13, 2019 at 5:53:12 PM UTC-8, Dave C wrote:
> On Sunday, January 13, 2019 at 2:15:31 AM UTC-8, 799 wrote:
> > Hello Dave,
> > 
> > 
> > 
> > On Fri, 28 Dec 2018 at 19:28, Dave C  wrote:
> > I've written a qrexec script which, among other things, attempts to place 
> > something into the clipboard, using `xsel`.
> > 
> > xsel fails, with error: "xsel: Conversion refused"
> > 
> > 
> > 
> > I don't know what xsel is doing. I have written a script which uses xclip 
> > (which needs to be installed as an additional package).
> > 
> > Maybe you can get some info from there:
> > 
> > 
> > 
> > Copy content from the dom0clipboard to an AppVMs clipboard including a 
> > notification
> > 
> > https://github.com/one7two99/my-qubes/blob/master/home/bin/qvm-xclip-to-vm
> > 
> > 
> > 
> > --- --- ---
> > #!/bin/bash
> > # name : qvm-xclip-to-vm
> > # purpose: Copy the clipboard of dom0 to the clipboard of an appvm
> > # Usage : qvm-xclip-to-vm 
> > 
> > 
> > AppVM=$1
> > xclip -o | qvm-run --pass-io $AppVM 'cat | xclip -selection clipboard 
> > &>/dev/null'
> > notify-send --urgency low --icon image --expire-time=5000 "$0" "Clipboard 
> > pasted from dom0 to $AppVM"
> > 
> > --- 8< --- --- ---
> > 
> > 
> > The other way around:
> > 
> > https://github.com/one7two99/my-qubes/blob/master/home/bin/qvm-xclip-from-vm
> > 
> > 
> > Additionaly there's a script to do the same for screenshots:
> > https://github.com/one7two99/my-qubes/blob/master/home/bin/qvm-screenshot-to-clipboard.sh
> > 
> > 
> > O.
> 
> Hey, good idea.  Not sure why I hadn't thought to try `xclip` earlier.  While 
> I'd still like to know what xsel is complaining about, I'm able to get it 
> working with xclip.
> 
> I've started making a qubes-specific version of `go-hash`, a tool for 
> managing passwords.  I like one feature in particular: open a URL while 
> copying a password to the clipboard.  I renamed my version `qpass`, and 
> created command "appvm" which opens a URL in an appvm while copying the 
> password to that appvm's clipboard.  The "dispvm" command is similar, but 
> opens a disposable vm.
> 
> Work (still a bit in progress) is here: 
> https://github.com/dncohen/qpass/tree/qpass
> 
> The idea is to run `qpass` in a vault, and use it to launch URLs in app vms 
> that have network access.  While qubes copy/paste is pretty good, I find that 
> I can get sloppy with it, sometimes manually pasting to the wrong vm.  I'm 
> hoping this approach is a little more idiot-proof.
> 
> -Dave

Just to update this thread... it turns out I was trying to have xsel work with 
an invalid utf8 string.  I fixed a bug in the code generating a password 
string.  Once it was proper utf8, xsel works fine (although running verbose, it 
still warns "conversion refused" - no idea what it is referring to.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/340cb2b5-e1e5-4c5f-b672-1086797247b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qpass - password manager with qubes-specific features

2019-02-01 Thread Dave C 
I recently got interested in a terminal-friendly password manager called 
"go-hash".  It stores usernames, urls and passwords in an encrypted database.  
It calls these "entries" and supports "groups" of entries.  It allows you to 
launch a URL, while putting the password in the clipboard.

I've forked this password manager with some qubes-specific features, under the 
name "qpass". Features include: if you give a "group" the same name as an 
appvm, you can launch the URL in that appvm and with your password copied to 
that appvm's clipboard.  Also, you could launch the URL in a dispvm, again with 
password copied to the dispvm's clipboard.

In short, from a "vault" vm terminal, you can quickly launch an appvm, open a 
URL, and have the password in the appvm clipboard.  Sure, qubes provides easy 
keyboard shortcuts for copying and pasting; but for my flow, the approach of 
this password manager seems a little better.  Example: "appvm personal:gmail" 
would launch the personal vm, open a browser to gmail, and have your password 
in the personal clipboard.

You can build this tool with golang, via `go get github.com/dncohen/qpass`.  To 
launch appvms, you'll need to install a qubes-rpc script in the template vm, 
and also `xsel` or `xclip`.  Details: 
https://github.com/dncohen/qpass, and 
https://github.com/dncohen/qpass/tree/master/qubes

I share this here for a couple reasons.  First, others may be interested in 
using this tool.  Second, I'd appreciate this group's opinions regarding 
go-hash's approach and security.  See the readme for details, i.e. its use of 
Argon2.  I was drawn to it because I noticed the "group" feature could be used 
to know which appvm to launch, and I'm not necessarily qualified to audit other 
aspects for security.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19f1a99b-7609-49e0-ad10-1d1160fe85bd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SECURITY ALERT

2019-02-01 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 01/02/2019 9.07 PM, Andrew David Wong wrote:
> On 01/02/2019 3.14 PM, kitchm wrote:
>> No worries.
> 
>> For those who don't know what it means, a "canary" comes
>> from the phrase "canary in a coal mine".  In olden times, a
>> live canary, or other small bird, was taken down into the
>> coal mine with the miners.  If the bird fell over dead, they
>> knew that there was too much carbon monoxide gas present and
>> they needed to leave the mine.  The small bird reacted
>> faster than large humans to the danger, and therefore it was
>> a kind of warning.
> 
>> In computer technology, there needs to be a way for users to
>> know if a governmental agency has issued a warrant to get
>> into the data stream of the service provider's server and is
>> monitoring the customer usage.  Since it is a secret
>> process, the service provider is not allowed to notify the
>> customers of the receipt of the warrant.
> 
>> Therefore the only notification must be a negative one.  In
>> other words, there has to be a "canary" in the system to let
>> people know, by its absence, that something is wrong.  When
>> you do not see the published notice, you should worry.
> 
>> The link here, https://www.qubes-os.org/security/canaries/,
>> shows the canaries by date.  The last one was #17,
> 
> I could have sworn I added #18 to that list when we published it.
> Added now. Sorry about that.
> 

And here's a list of links to timestamped entries on websites outside
of our control to provide reassurance that Canary #18 was actually
published on time:

https://github.com/QubesOS/qubes-secpack/blob/master/canaries/canary-018-2019.txt
https://groups.google.com/d/topic/qubes-devel/ZcaM8qZQ6Bs/discussion
https://groups.google.com/d/topic/qubes-users/k0o13ELrssQ/discussion
https://twitter.com/QubesOS/status/1082832984867262464
https://www.reddit.com/r/Qubes/comments/ae2dm0/qubes_canary_18/
https://www.facebook.com/QubesOS/posts/938700706326627
https://web.archive.org/web/20190119231828/https://www.qubes-os.org/news/2019/01/08/canary-18/
 (earliest available)

>> which stated in part:
>> Quote:
>>> We plan to publish the next of these canary statements
>>> in the first
>>> two weeks of January 2019. Special note should be taken
>>> if no new canary
>>> is published by that time or if the list of statements
>>> changes without
>>> plausible explanation.
> 
>> I have since found this link, not on that main page:
>> https://www.qubes-os.org/news/2019/01/08/canary-18/
>> so it does appear that we can breathe a sigh of relief.
> 
>> At least for a little while.?.? :? 
> 
>> I hope that helps a little.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxVC7QACgkQ203TvDlQ
MDCw2A/+PoATgdZOIh0miOW1WNsqBEk2mcAT5fFZYNsD8hKfV4aBg4Hqeh6GlehU
ewmZiwh9EHbI9WcHMzAM67A9ttY75fTahjKa0RdBi4nGFn9pwz8GFvJJd8D3frCV
xqYvntaoLbuQkjIWERJ6aLFbr9HH3klSgIhGkrlq+zIQ5ixt4hJhkPJuYM3c5UDo
VZ6WeVUs6fcLTAdLycCECPrrIqDrCxuU1qNU1Jgj7HqOECQ3aEb6Dw91BQxIfmf0
LPnai+FzK43GK8xtE3yd/tp7k8GVtbQ+0aysshQHWVimLOpCLGoA46ipbaW+L7zM
csTX36za1hWVBD9FsGAKwCJoKM/SB6xN8q8TJptl33GZd6cSe/pOUI/1PxWk0FiT
k+f7uWvwS13ldn+awOHV/cCtn1srn8IyeEakOmUAwUnspAdR3ZuVI4vTbhQWge1h
tMZdqTOlY5MvfhT80A3+sHzSO/X0yBr+GUZe8uw7QPcxluvmYW/fDMa2AuGYtK5b
jGe6CR5VyUMmJrb9tZdQP1noavhtf7H1vRxVzj3jcNQsA+4383vwAamxpGmlS7ae
Q9DqPe1hhceu5zMHw0+KBAu0QWNumrrOk9iKyCI34kt0iSIXds1yWmBMZBHSMPeg
Z6+/av0AgaweuTaMKBGGoe0ThbUjtw8Kb9yujgDTqeOGCz3+H24=
=75Sz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20262f70-1ee5-bab8-82d9-e0fb6806599f%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SECURITY ALERT

2019-02-01 Thread jrg . desktop 
I have no idea what this post means. Can you explain it in
more detail for those of us less knowlegeable?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a49.5c54a8e5%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SECURITY ALERT

2019-02-01 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 01/02/2019 3.14 PM, kitchm wrote:
> No worries.
> 
> For those who don't know what it means, a "canary" comes
> from the phrase "canary in a coal mine".  In olden times, a
> live canary, or other small bird, was taken down into the
> coal mine with the miners.  If the bird fell over dead, they
> knew that there was too much carbon monoxide gas present and
> they needed to leave the mine.  The small bird reacted
> faster than large humans to the danger, and therefore it was
> a kind of warning.
> 
> In computer technology, there needs to be a way for users to
> know if a governmental agency has issued a warrant to get
> into the data stream of the service provider's server and is
> monitoring the customer usage.  Since it is a secret
> process, the service provider is not allowed to notify the
> customers of the receipt of the warrant.
> 
> Therefore the only notification must be a negative one.  In
> other words, there has to be a "canary" in the system to let
> people know, by its absence, that something is wrong.  When
> you do not see the published notice, you should worry.
> 
> The link here, https://www.qubes-os.org/security/canaries/,
> shows the canaries by date.  The last one was #17,

I could have sworn I added #18 to that list when we published it.
Added now. Sorry about that.

> which stated in part:
> Quote:
>> We plan to publish the next of these canary statements
>> in the first
>> two weeks of January 2019. Special note should be taken
>> if no new canary
>> is published by that time or if the list of statements
>> changes without
>> plausible explanation.
> 
> I have since found this link, not on that main page:
> https://www.qubes-os.org/news/2019/01/08/canary-18/
> so it does appear that we can breathe a sigh of relief.
> 
> At least for a little while.?.? :? 
> 
> I hope that helps a little.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxVCYgACgkQ203TvDlQ
MDC6fw/7Bmhic5/dppFgHFb9Z5QC4avjCWmLFFWX6twjpv//IKMZuQvJMkWBNNZn
VCe2DYP024YwfBZrnnheW+O05jB2Mas1gwpjeVgfwnLLZcMA0rdCrArhsknJh3PD
OCdRcDS313NjHeoldikq+FDB+P45m37+lSaKVk9oS53IruPJQ9sRuEJC5FkS9Qhw
j/LAcgiObk9qa1bSwkZ3Ulc6yae5XMlq1OLfkB+fcjyVXn7OBf6XCrMdLOTJOdWX
s2uSnzBkli/P3ztNJY10YxXSDuscvdY9kiM45qSi6jdfG+GRPGdh7N2Of6uqnWRU
X5HbsSEzwLosCQh+zeHg2Cf2GGPGQAybOU9uCx3YaAJXaTWqv95Of/NGC05sO9FE
um0aIJl+/kDtAeyI1Uf34ubAnkiFiUc4M3vh+UAT9cPEqfrZIr3mn+VzZh0OdRVg
X6El1xkNJ+MTmCpGnbt0AIKelVk0MLsSHOk4aypbPVeauFL+Hs7AsQLWWDhGggaP
ce4j7OCdTTdlD+n8MxaNJdEiDZyw+lEiWRFES1g7bBpSoEN6NXRM4iZiUbRH9m9a
+H8Lh6BBjVCjwTl7MquRtU+9J+n4T1gJtT1IZJlAm7Z3oy3m5zOqJo3lffeSvT71
zffWrsZn8S6WcBQbb86KYSDyFfgw3/exrTcDuWkAdR5Jo/oyT9A=
=NJB+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/955b8587-a56a-b07e-9e92-9c0c7971ab3e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] SECURITY ALERT

2019-02-01 Thread kitchm 
There has been no promised canary published, so users must
assume that the authorities have issued warrants to the
administration.

Warning to everyone!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2b.5c53429a%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

2019-02-01 Thread jean-henri via qubes-users 
marmot-te wrote on Wed, 30 January 2019 23:32
> hi here,
> 
> I understand that list mail is pretty useful,
> 
> but ... come on, this is not really common
> user-friendly
> example 1 : I cannot know what it be said before I
> subscribe to it
> example 2 : I know some users of Qubes than who don't
> give a chance to
> that mail list, cause it is a new level of complexity
> (use of a good
> mailing software) for people who already have already
> some troubles with
> the very! useful man pages.

Just use the forum then: 
https://qubes-os.info

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a15.5c528fca%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

2019-02-01 Thread kitchm 
@marmot-te
I couldn't agree more.  I have never seen such a poor
support forum example (and I've seen and used a ton of
them).  To add insult to injury, we are forced to use one of
the worst company's services when it comes to privacy.

Lack of intuitive design and poor interface makes the whole
thing abhorrent.

Thanks for that comment.

(By the way, I am going to use qubes-os.info from now on. 
Give it a try.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2a.5c533ff1%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: QSB #46: reinstalling debian-9 template

2019-02-01 Thread Jon deps 
On 2/2/19 12:25 AM, Chris Laprise wrote:
> On 2/1/19 4:30 PM, J.M. Porup wrote:
>> according to QSB #46, reinstalling debian-9 from repo
>> qubes-template-community-testing should yield version
>>
>>  qubes-template-debian-9-4.0.1-201901230644
>>
>> but running
>>
>>  sudo qubes-dom0-update
>> --enablerepo=qubes-templates-community-testing
>>  qubes-template-debian-9
>>
>> in Qubes 4.0.1
>>
>> tells me it will install
>>
>>  qubes-template-debian-9 version 4.0.1-201812091508
>>
>> what does this mean, and how do I fix it?
>>
>> thanks!
>>
>> jmp
>>
>>
> 
> You may have mis-typed the 'enablerepo...' part, so it didn't see the
> newer version.
> 
> Alternately, you could use a simpler method I described here:
> 
> https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net
> 
> 

same thing happened to myself I used

--enablerepo=qubes*testing  instead YMMV

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e769b86-82a2-1308-71d7-fd96238e6a02%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0.1 Dell Inspiron 7380

2019-02-01 Thread 'awokd' via qubes-users 

mrf...@t-online.de wrote on 1/27/19 8:13 PM:

Hello again,

does any one have a clue or a hint for me please?

Further I would like to know do you think this fits for issue tracker?

1:07:55,633 WARNING kernel:[    0.00] ACPI BIOS Warning (bug): 
Incorrect checksum in table [FACP] - 0x8B, should be 0xBF 
(20170728/tbprint-211)
21:07:55,636 INFO kernel:[    0.546000] PCI: Using host bridge windows 
from ACPI; if necessary, use "pci=nocrs" and report a bug


Thank you in advance for effort!! & looking forward to hopefully hearing 
from you :)


Kind Regards,
Fabian



On 1/13/19 2:11 AM, mrf...@t-online.de wrote:

Hello all,

first in advance: -> THANK YOU for taking time & excuse my bad English!

I really wanted to get this issue fixed by my own trough searching 
qubes website, forums, newsgroups and so on...
Unfortunately "the graphical installation interface /*still*/ fails to 
start" :(


Current uefi settings:
- latest firmware
- any legacy on
- disabled stuff like camera, bluetooth, and so on (for testing some 
various more like audio)


My last tries were on 4.0.1 rc2 (with Troubleshooting) and some 
previous Qubes versions with different custom kernel parameters.
I also tried an usb2ethernet adapter for vnc install option without 
success.
The next boarder: try using inst.text option and prepare an empty disc 
with cryptsetup because:
    "encryption requested for LUKS device nvme0n1p2 but no encryption 
key specified for this drive." (lsblk & fdisk lists nvme0n1 only)

 -> do I have to create that device & encryption key how ever?
 -> does inst.text option needs a kickstart because there is no 
prompt available for passphrase input during setup?
 -> will Qubes show an other behavior after the installation 
regarding graphic issues?


After spend a few hours on it I would be very very happy for any hints 
and support!!!
If I had to guess I would say it depends on event in file X.log row 
contains 34.992 + 35.068 V_BIOS address * out of range

But I have no clue to come along or deal with it...
Therefore I collect log files which hopefully will help to clarify and 
eliminate that nightmare.


I kindly ask you please help me get this solved and run Qubes - 
appreciate it ;)




From your X log, I think this is the problem:

(EE) VESA(0): V_BIOS address 0x4f9f0 out of range

Can you switch to a different video card?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16ebbdec-22ca-9d84-94bd-89a2801a3163%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-02-01 Thread Stuart Perkins 
I have a couple.  One I use a lot, loaded with disinformation.  Two are even 
less complete, but rarely used.

I lost access to a fourth by accidentally trying to login over tor, and it 
insisted on ID to unlock it...so I just ignore that one now.


On Fri, 1 Feb 2019 22:58:31 +
"'awokd' via qubes-users"  wrote:

>unman wrote on 2/1/19 4:05 PM:
>> On Mon, Jan 28, 2019 at 01:44:37PM +, 'awokd' via qubes-users wrote:  
>>> unman wrote on 1/27/19 5:21 PM:  
 (As an aside I'm always baffled by people querying
 how they can use Facebook under Tor or Whonix. What are they thinking?)  
>>>
>>> There are good reasons for it. See
>>> https://www.wired.com/2014/10/facebook-tor-dark-site/ for example. To the
>>> thread's topic, using Debian's onion repositories helps avoid MITM attacks.
>>> Of course, can't protect against compromise of the repositories themselves,
>>> but that's not a problem that can be solved at the communications layer.  
>> 
>> You missed my point because I wasn't clear enough.
>> I know that Facebook is accessible over Tor.
>> But why would anyone concerned with privacy ,(presumably why they are
>> using Tor or Whonix), want to sup with the devil of Facebook? I don't
>> think any spoon is long enough, not even one passing through 3 hops.
>>   
>
>Understood. I'm picturing a pseudonymous female blogger who wants to 
>organize in a country where they aren't allowed to use the internet. Not 
>sure how compatible that noble goal is with Facebook's real name policy.
>A more trite example would be a normal Facebook user who doesn't 
>necessarily want them and all their 3rd party advertisers to know from 
>what location/IP address he's logging in. However, I've never had the 
>desire to create a Facebook account either!
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201184123.3639af02%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes friendly audio / video and 2d animation apps?

2019-02-01 Thread pixel fairy 
anyone here do any a/v or 2d animation (motion graphics, not making cartoons) 
in qubes? blender works for now, and i may just use the old version for a 
while, but now seems like a good time to look at alternatives.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49266822-f074-48e2-aac3-79e7b6c2cc74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QSB #46: reinstalling debian-9 template

2019-02-01 Thread Chris Laprise 

On 2/1/19 4:30 PM, J.M. Porup wrote:

according to QSB #46, reinstalling debian-9 from repo
qubes-template-community-testing should yield version

 qubes-template-debian-9-4.0.1-201901230644

but running

 sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing
 qubes-template-debian-9

in Qubes 4.0.1

tells me it will install

 qubes-template-debian-9 version 4.0.1-201812091508

what does this mean, and how do I fix it?

thanks!

jmp




You may have mis-typed the 'enablerepo...' part, so it didn't see the 
newer version.


Alternately, you could use a simpler method I described here:

https://groups.google.com/d/msgid/qubes-users/f4d997d5-7191-06d0-e7bb-ef42745a7db5%40posteo.net

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74e5fefd-06b3-737b-276c-680a4cc3f254%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] remote 3d options

2019-02-01 Thread pixel fairy 
recently did a chrome remote desktop session over cable modem. the other side 
was watching a youtube video and it was really smooth. anyone here try any 
remote 3d options? preferably linux on the other end, and with sound would be 
great.

gonna look at virtualgl and turbovnc. any others worth looking at?

i know you can pci pass a gpu, but id like to keep it simple, and have the 
option of working from a laptop.

the app im interested in is blender. the current version, 2.79 works fine in 
qubes, but the ui overhaul in 2.8 resulted in a not so usable blender. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d71fded-e24b-4000-9d67-d85423d504f1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-02-01 Thread 'awokd' via qubes-users 

unman wrote on 2/1/19 4:05 PM:

On Mon, Jan 28, 2019 at 01:44:37PM +, 'awokd' via qubes-users wrote:

unman wrote on 1/27/19 5:21 PM:

(As an aside I'm always baffled by people querying
how they can use Facebook under Tor or Whonix. What are they thinking?)


There are good reasons for it. See
https://www.wired.com/2014/10/facebook-tor-dark-site/ for example. To the
thread's topic, using Debian's onion repositories helps avoid MITM attacks.
Of course, can't protect against compromise of the repositories themselves,
but that's not a problem that can be solved at the communications layer.


You missed my point because I wasn't clear enough.
I know that Facebook is accessible over Tor.
But why would anyone concerned with privacy ,(presumably why they are
using Tor or Whonix), want to sup with the devil of Facebook? I don't
think any spoon is long enough, not even one passing through 3 hops.



Understood. I'm picturing a pseudonymous female blogger who wants to 
organize in a country where they aren't allowed to use the internet. Not 
sure how compatible that noble goal is with Facebook's real name policy.
A more trite example would be a normal Facebook user who doesn't 
necessarily want them and all their 3rd party advertisers to know from 
what location/IP address he's logging in. However, I've never had the 
desire to create a Facebook account either!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/296d4c0d-9c3e-c26a-601d-fd16c8bde040%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

2019-02-01 Thread Mike Keehan 
On Fri, 01 Feb 2019 16:24:22 -0500
kitchm  wrote:

> I think that it is far more helpful for someone who has
> actually done it to clearly and carefully explain the steps
> involved to use the mail list (or google group postings or
> whatever you call them) in Thunderbird and other e-mail
> clients, as well as Firefox and other web browsers or within
> Tutanota itself.
> 
> I have read everything that has been posted, plus the direct
> administrator's comments about how to do it, without finding
> anything that works so far.
> 
> Personal beliefs mean little when people are crying out for
> help.  If something can be proven to be intuitive, then
> speak up, or else hold your tongue.  The bottom line remains
> that it provably does not work at this point in time.
> 
> Thank you.
> 

What doesn't work?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201225726.145c80b0.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora-29 Template Updates Kernel Question

2019-02-01 Thread scoobyscrappy 
On Friday, February 1, 2019 at 10:54:21 AM UTC-8, Chris Laprise wrote:
> On 2/1/19 1:14 PM, scoobyscra...@gmail.com wrote:
> > Hi All,
> > 
> > I updated my Fedora-29 template today and I noticed that it installed 
> > vmlinux-4.20.5-200.fc29.x86_64.  After a reboot, the fedora-29 template 
> > says 4.14.74-1.pvops.qubes.x86_64 which is the same as dom0.
> > 
> > I am new to Qubes so I do not understand why the fedora-29 updated the 
> > kernel to 4.20 but did not boot to that kernel but instead stayed at 4.14 
> > like dom0.
> > 
> > tia
> > 
> 
> By default the VM kernel is supplied by dom0 at start time and the 
> template kernel is ignored. This is normal and allows the VMs to operate 
> in PVH mode which is optimal for Qubes.
> 
> -- 
> 
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/188ce967-0cd6-4be6-8636-a1fc8ce17d49%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dom0 clock keeps resetting to wrong time again

2019-02-01 Thread Jon deps 
On 1/21/19 10:25 AM, Marcus Linsner wrote:
> On Sunday, January 20, 2019 at 7:02:34 PM UTC+1, john s. wrote:
>> On 1/20/19 12:06 AM, Andrew David Wong wrote:
>>> On 19/01/2019 5.08 PM, John S.Recdep wrote:
 On 1/14/19 9:55 PM, John S.Recdep wrote:
> On 1/14/19 10:10 AM, John S.Recdep wrote:
>> Hello,
>>
>> I believe my Bios time is UTC
>>
>> qubes-prefs shows my clockvm  as sys-net
>>
>> I have been trying to use sudo date --set <"localtime TZ">  to
>> get my dom0 correct.  Which it does but within 30-60  it is
>> changing to another TZ I don't recognize
>>
>> I have also tried  qvm-sync-clock  ,  and tried a qubes group
>> search as I remember fighting this out many times   with whonix
>> issues , however
>>
>> I am at a loss what to do further to problem-solve fix this  , 
>> appreciate your help
>>
>>
>> maybe I can switch the template for sys-net back to fedora-28
>> instead of -29  . ?
>>
>
> 1-14-19
>
> changing the clockvm to fed-28 and rerunning qvm-sync-clock did
> nothing BUT*  changing sys-net to debian-9  and qvm-sync-clock
> fixed it   sigh
>
> case anyone else gets this issue again ; prolly will fix
> whonixcheck complaints if any as well
>
> 'solved'
>
>>>
 Must be related to this 
 https://github.com/QubesOS/qubes-issues/issues/3983
>>>
 for myself it's not the  minimal fedora-29 its the regular one ;
 and it appears if fedora-29 is having time issues  that  that may
 be why my thunderbird appvm based on it,  is also  timestamping the
 messages wrong ?
>>>
>>>
>>> Try the workaround mentioned in the comments on that issue, if you
>>> haven't already. It's worked for me so far.
>>>
>>>
>>
>>
>> well if you mean:
>>
>> in the Fedora-29 template doing
>>
>> sudo chmod 700 /var/lib/private
>>
>>
>> [user@fedora-29 ~]$ sudo ls -l /var/lib/private/
>> total 4
> this looks inside the private dir, but what you want is to look at the dir 
> itself, here's two ways:
> [user@sys-firewall ~]$ stat /var/lib/private/
>   File: /var/lib/private/
>   Size: 4096  Blocks: 8  IO Block: 4096   directory
> Device: ca03h/51715d  Inode: 397353  Links: 3
> Access: (0700/drwx--)  Uid: (0/root)   Gid: (0/root)
> Access: 2018-05-24 01:13:40.23200 +0200
> Modify: 2018-05-24 01:13:40.23200 +0200
> Change: 2018-12-20 03:21:32.44700 +0100
>  Birth: -
> 
> [user@sys-firewall ~]$ ls -la /var/lib/|grep private
> drwx--  3 rootroot4096 May 24  2018 private
> 
> 
>> drwxr-xr-x 2 root root 4096 Dec  9 15:37 systemd
>> [user@fedora-29 ~]$ sudo chmod 700 /var/lib/private/
> now that you've already run this, it should be fixed already :)
>> [user@fedora-29 ~]$ sudo ls -l /var/lib/private/
>> total 4
>> drwxr-xr-x 2 root root 4096 Dec  9 15:37 systemd
>>
>>
>> doesn't seem to change any permissions on the systemd  directory  so
>> . doesn't seem like that is going to fix anything ?  maybe I'm
>> missing something basic?
> 

btw, what does it mean if I have no /var/lib/private  dir at all?

I use sys-net  as the qubes-pref  clockvm do you use  sys-firewall ?

in sys-net  I also  have no  /var/lib/private  fwiw


my dom0 clock is fine now with Fedora-29 or Debian-9  but my Fedora
app-based qubes VMs  are set to UTC and I'd like them set to  local
timezone  , as long as this doesn't mess up whonixcheck s ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/580cde02-0567-f8db-fd5e-13fb09c74a8b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] QSB #46: reinstalling debian-9 template

2019-02-01 Thread J.M. Porup 
according to QSB #46, reinstalling debian-9 from repo
qubes-template-community-testing should yield version

qubes-template-debian-9-4.0.1-201901230644

but running

sudo qubes-dom0-update --enablerepo=qubes-templates-community-testing
qubes-template-debian-9

in Qubes 4.0.1

tells me it will install

qubes-template-debian-9 version 4.0.1-201812091508

what does this mean, and how do I fix it?

thanks!

jmp


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201213058.GA934%40fedora-23-dvm.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

2019-02-01 Thread kitchm 
I think that it is far more helpful for someone who has
actually done it to clearly and carefully explain the steps
involved to use the mail list (or google group postings or
whatever you call them) in Thunderbird and other e-mail
clients, as well as Firefox and other web browsers or within
Tutanota itself.

I have read everything that has been posted, plus the direct
administrator's comments about how to do it, without finding
anything that works so far.

Personal beliefs mean little when people are crying out for
help.  If something can be proven to be intuitive, then
speak up, or else hold your tongue.  The bottom line remains
that it provably does not work at this point in time.

Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4d.5c54b906%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: passhprase or os boot doesn't prompt from gui anymore?

2019-02-01 Thread Jon deps 
On 1/29/19 11:31 PM, cooloutac wrote:
> Just want to make sure this is normal behavior.  I noticed a couple weeks ago 
> the passphrase asks me type in from boot prompt and doesn't ask me to type in 
> passphrase from gui screen anymore.   Is this normal?
> 
> Thanks, 
> Rich.
> 

not normal on my system

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea71e4d3-316a-91b8-7b0e-833473f12cf1%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SECURITY ALERT

2019-02-01 Thread kitchm 
No worries.

For those who don't know what it means, a "canary" comes
from the phrase "canary in a coal mine".  In olden times, a
live canary, or other small bird, was taken down into the
coal mine with the miners.  If the bird fell over dead, they
knew that there was too much carbon monoxide gas present and
they needed to leave the mine.  The small bird reacted
faster than large humans to the danger, and therefore it was
a kind of warning.

In computer technology, there needs to be a way for users to
know if a governmental agency has issued a warrant to get
into the data stream of the service provider's server and is
monitoring the customer usage.  Since it is a secret
process, the service provider is not allowed to notify the
customers of the receipt of the warrant.

Therefore the only notification must be a negative one.  In
other words, there has to be a "canary" in the system to let
people know, by its absence, that something is wrong.  When
you do not see the published notice, you should worry.

The link here, https://www.qubes-os.org/security/canaries/,
shows the canaries by date.  The last one was #17, which
stated in part:
Quote:
> We plan to publish the next of these canary statements
> in the first
> two weeks of January 2019. Special note should be taken
> if no new canary
> is published by that time or if the list of statements
> changes without
> plausible explanation.

I have since found this link, not on that main page:
https://www.qubes-os.org/news/2019/01/08/canary-18/
so it does appear that we can breathe a sigh of relief.

At least for a little while.?.? :? 

I hope that helps a little.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4b.5c54b6b1%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora-29 Template Updates Kernel Question

2019-02-01 Thread Chris Laprise 

On 2/1/19 1:14 PM, scoobyscra...@gmail.com wrote:

Hi All,

I updated my Fedora-29 template today and I noticed that it installed 
vmlinux-4.20.5-200.fc29.x86_64.  After a reboot, the fedora-29 template says 
4.14.74-1.pvops.qubes.x86_64 which is the same as dom0.

I am new to Qubes so I do not understand why the fedora-29 updated the kernel 
to 4.20 but did not boot to that kernel but instead stayed at 4.14 like dom0.

tia



By default the VM kernel is supplied by dom0 at start time and the 
template kernel is ignored. This is normal and allows the VMs to operate 
in PVH mode which is optimal for Qubes.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef227e35-ebb7-588f-df0a-b5c4584a30f9%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora-29 Template Updates Kernel Question

2019-02-01 Thread scoobyscrappy 
Hi All,

I updated my Fedora-29 template today and I noticed that it installed 
vmlinux-4.20.5-200.fc29.x86_64.  After a reboot, the fedora-29 template says 
4.14.74-1.pvops.qubes.x86_64 which is the same as dom0.

I am new to Qubes so I do not understand why the fedora-29 updated the kernel 
to 4.20 but did not boot to that kernel but instead stayed at 4.14 like dom0.

tia

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba01bf31-b83c-4b8d-a43c-7d8ee95ff0a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-02-01 Thread 'awokd' via qubes-users 

Alexandre Belgrand wrote on 1/29/19 8:13 AM:

Le mardi 29 janvier 2019 à 09:51 +0200, Ilpo Järvinen a écrit :

Yeah yeah, the only modification was that chip as claimed in the
article?
Magically all the necessary signal pins were routed to its location
but nothing else was changed (and you cannot have that many pins in
that sized chip anyway which will seriously limit the possible
functionality
and processing speed). ...But it must all be true and present in
thousands
of servers because a sensational article so claims (funny though that
the
so claimed victims of the attack consistently denied presence of such
a
chip in their servers but I guess you'll anyway think they must be
lying
for the benefit of the Chinese, damage control, because of the
"investigation", or whatever reason).



Good point. Obviously, this article has had access to classified
informations and is  part of a new "name and shame" policy. So can we
trust it?


No. That Bloomberg article is a good example of FUD. Simplest 
explanation is it's sown by someone looking to make a quick buck by 
shorting Supermicro stock. Slightly more paranoid is it's coming 
verbatim from Chinese intelligence services to introduce distrust into 
supply lines, similar to what CIA did with Russian pipelines decades 
ago. More paranoid is it's from domestic intelligence services seeking 
to increase their own obscene budgets by offering to protect us from 
these scary threats. In conclusion, it should be ignored until there is 
independent confirmation from multiple sources.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c647b876-cf94-5666-7ff9-591bc62b8501%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL HP ENVY 13-ad008nw

2019-02-01 Thread 'awokd' via qubes-users 

R A F wrote on 1/18/19 9:49 PM:

Hello Team

In attachment you can find HCL from my laptop HP ENVY 13-ad008nw
Qubes OS is new to me so I still do not know much about it but so far this
laptop has issue with installation from UEFI .After system was installed
during the boot displays following messages (please check file_nr_1 ) Also
In this HCL test it shows that TMP device is not found  but in Bios TMP is
enabled. For know I do not see any other issues but as a Qubes beginner I
would like to share with you some feedback on improvement I see right away.
Most difficult was to understand how those VM are connected so it would be
nice if in future versions you guys could create some GUI to manage
networks. It also would be nice if from that GUI user can create his own IP
configuration and connect so specific VM (something like in vmware)


Not exactly what you are looking for, but in Qube Setting for each VM 
you specify what network VM it connects to.



Also I'm volunteering to join your project if of course this is possible
because security is part of my life and it is  very important to me as I
believe that balance in that area was destroyed and we need to work
together to restore that balance. Couple weeks ago I read following line
"Think about your privacy like about your Money" and I must say kind agree
with that. What is yours it is yours and that is it.
So looking forward to work with you guys and share my other ideas how to
make this project better.


I am a fellow user but if you want to join the project, just jump in! 
See https://www.qubes-os.org/doc/contributing/ for ways to help. Welcome 
to Qubes!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d84365cd-9f19-83a8-effe-736db79ae6b8%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Boot / Installer Problem

2019-02-01 Thread 'awokd' via qubes-users 

'1221328' via qubes-users wrote on 1/19/19 1:15 PM:

Qubes OS version: R4.0.1

Hello. I have been trying to install Qubes OS but I am not able to. Here are 
some details.

Acer Spin 1 SP111-32N
BIOS version 1.08 (latest).
Secure Boot disabled.
UEFI (no option to even change it and try Legacy).
TPM enabled (also tried with disabled).

This was happening in Qubes OS R4.0 too.

I download the .ISO image.
I download the Rufus.
I go through the guide on the official website.
I turn off the laptop.
I turn it on.
I try to boot it.
It shows this -

Xen 4.8.3 (c/s ) EFI loader Using configuration file “BOOTX64.cfg” vmlinuz: 
[some numbers and letters] initrd.img: [some numbers and letters] 0x :0x00 
:0x02. 0x0: ROM: 0x1 bytes at 0x76891018

And that’s all. It shuts down, restarts, starts again trying to boot, shows the 
same and loop.

I was trying to redownload the image and reinstall it many times but it does 
not work.

I was able to install and boot it in VMware (I know it is not supported, it is 
true that it also is not supported but it was working, that’s what I wanted to 
check/test), 2.6.X 64-bit kernel and as an Ubuntu 64-bit. It did not work well 
but it has worked. My CPU should support Intel VT-x. Thanks for help.



Try 
https://www.qubes-os.org/doc/uefi-troubleshooting/#installation-freezes-before-getting-to-anaconda-qubes-40 
?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6b92dbd-213f-9087-9219-8b581dc0162b%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-02-01 Thread unman 
On Mon, Jan 28, 2019 at 01:44:37PM +, 'awokd' via qubes-users wrote:
> unman wrote on 1/27/19 5:21 PM:
> > (As an aside I'm always baffled by people querying
> > how they can use Facebook under Tor or Whonix. What are they thinking?)
> 
> There are good reasons for it. See
> https://www.wired.com/2014/10/facebook-tor-dark-site/ for example. To the
> thread's topic, using Debian's onion repositories helps avoid MITM attacks.
> Of course, can't protect against compromise of the repositories themselves,
> but that's not a problem that can be solved at the communications layer.

You missed my point because I wasn't clear enough.
I know that Facebook is accessible over Tor.
But why would anyone concerned with privacy ,(presumably why they are
using Tor or Whonix), want to sup with the devil of Facebook? I don't
think any spoon is long enough, not even one passing through 3 hops.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201160520.sngsqzec3ykz47mh%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] APC UPS daemon

2019-02-01 Thread 'awokd' via qubes-users 

Achim Patzner wrote on 1/18/19 5:48 PM:


connection to a separate VM which in turn notifies dom0 using RPC. 


How did you do this step?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af82fa73-87f4-3201-75d7-95b494dba40f%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-02-01 Thread 'awokd' via qubes-users 

unman wrote on 1/27/19 5:21 PM:

(As an aside I'm always baffled by people querying
how they can use Facebook under Tor or Whonix. What are they thinking?)


There are good reasons for it. See 
https://www.wired.com/2014/10/facebook-tor-dark-site/ for example. To 
the thread's topic, using Debian's onion repositories helps avoid MITM 
attacks. Of course, can't protect against compromise of the repositories 
themselves, but that's not a problem that can be solved at the 
communications layer.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ecbeb8ce-af33-fb63-4dc3-c4793b8ad273%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

2019-02-01 Thread unman 
On Thu, Jan 31, 2019 at 10:33:33PM -0300, Franz wrote:
> On Thu, Jan 31, 2019 at 2:11 PM Stuart Perkins 
> wrote:
> 
> >
> >
> > On Thu, 31 Jan 2019 18:01:58 +0100 (CET)
> > 19hundreds <19hundr...@tutanota.com> wrote:
> >
> > >
> > >I agree at some level with what you are saying however, the current
> > mailing list has a lot of valuable information so I believe it's gonna be
> > hard to se it replaced with something else.
> > >
> > >Beside the unofficial resources listed by others, I add
> > https://reddit.com/r/qubes  (it's SO
> > comfortable!)
> > >
> >
> > Some of us who keep e-mails off line have the additional benefit of having
> > an archive of all e-mails since joining the list.  I can search them for
> > something BEFORE asking a new question.  I have done so with this group a
> > few times already and not had to bother asking something which was already
> > asked and answered.
> >
> > I use claws-mail to retrieve all of my e-mails (about 27 different e-mail
> > accounts...one paid for [legal expectation of privacy] and several
> > gmail/hotmail/yahoo) and since claws-mail is configured to store e-mails as
> > discrete files, I can search them with grep and other *nix utilities.  I
> > have an archive going back almost 30 years with over 700,000 discrete
> > e-mails from the many groups I used to belong to, as well as private
> > stuff.  It is far easier to just store them than to sort through them for
> > deletion...but they are organized by folders/directories to make it easy to
> > ignore the ones not pertinent for the time.
> >
> >
> Unbelievable!! I always thought that the only practical way to retrieve old
> emails was using a google account, but you seem to suggest that you are
> able to do the same  with claws-mail. How much space does 700K emails take?
> Because you seem to keep them on your computer, correct? And does the
> search of old emails work as convenient as google?
> 

mutt+notmuch

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201121026.okiazkivpc7ae6vg%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

2019-02-01 Thread unman 
On Thu, Jan 31, 2019 at 09:47:33PM -0500, kitchm wrote:
> The basic concept here is clarify what is being discussed. 
> There appears to be two things; one is how a mail-list works
> and the other is how a mail-list is not as good as a forum.
> 
> Being able to retrieve old e-mails assumes one has a mail
> store.  Either one keeps them on their own computer by
> downloading them from the server thru POP3, he accesses them
> from the server by IMAP or she has to access a mail-list
> server so see them thru the web interface.
> 
> In the case of the mail-list server, one may also use his or
> her own e-mail client program, such as Thunderbird, Claws or
> other program.  Both of these programs can handle newsgroups
> and Usenet listings.
> 
> Google bought Dejanews archives of the postings on Usenet. 
> They then started Google Groups while still maintaining a
> gateway to Usenet.  It makes some sense that if one can
> handle newsgroups then one should be able to handle
> googlegroups.  Sadly, such is not the case.
> 
> Being Google, they opted for a proprietary setup and do not
> allow access like the standard methodology of the Usenet. 
> Another strike against Google.
> 
> Therefore, there is no reason to use Google Groups at all. 
> If I have to go to another program to view the information
> shared between people, then I will use a forum.  At least I
> can see that in a properly graphical way.  Not only that,
> but all postings after my initial one will come right to my
> e-mail client.

Thank you for the education. 
You can interact with the googlegroups list entirely through email.
If you want to use a forum use Zrubi's:
https://qubes-os.info

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201120924.bbxmlo4eokx32gdg%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

2019-02-01 Thread unman 
On Thu, Jan 31, 2019 at 11:39:42PM -0500, Eric wrote:
> What is all the fuss about? I am replying here from the
> Qubes user forum that is integrated into the mailing list
> since October last year. A link to this thread:
> https://qubes-os.info/index.php?t=msg&th=650&start=0&;
> This forum is currently unofficial but seems to work fine.
> Only has a few months worth of data so far but a Google
> search pulls up the groups entries for older stuff.

Indeed- what *is* the fuss about..
The main users list is available as a google group - you can use that
as a mailing list, or using the web interface. You dont need a google
account.
Thanks to Zrubi's efforts, the same content is available as a standard
Forum.
The content is also available archived at
https://www.mail-archive.com/qubes-users@googlegroups.com/
(The content also used to be available via Gmane before the breakage.)

All this is explained at:
https://www.qubes-os.org/support/

To anyone who cant search their archived mail, just one word
(two?):notmuch.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201120457.aqbthz5notixtbh7%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] Template disappeared: qubes-template-fedora-29-minimial

2019-02-01 Thread Elias Mårtenson 
On Friday, 1 February 2019 18:21:46 UTC+8, Marek Marczykowski-Górecki  wrote:

> Probably something gone wrong with removing the template. Templates
> which are still installed are excluded from being installed again.
> Verify this with:
> 
> rpm -q qubes-template-fedora-29-minimial
> 
> If the template package is still there, but actual template is gone (not
> listed by qvm-ls tool), you can forcibly remove the package with:
> 
> sudo rpm -e --noscripts qubes-template-fedora-29-minimial

Thank you! That worked.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6622c7d5-448a-4cc7-96f5-646a3a27147b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] Template disappeared: qubes-template-fedora-29-minimial

2019-02-01 Thread Marek Marczykowski-Górecki 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

[Moving to qubes-users]

On Thu, Jan 31, 2019 at 10:14:26PM -0800, Elias Mårtenson wrote:
> I installed qubes-template-fedora-29-minimial by running the usual command:
> 
> $ sudo qubes-dom0-update qubes-template-fedora-29-minimial
> 
> This worked, but I messed up the template itself when doing some 
> experimentation. So, I removed said template and attempted to reinstall it.
> 
> When I try to perform the reinstall, I get an error message saying that the 
> package does not exist. What could be the cause of this?

Probably something gone wrong with removing the template. Templates
which are still installed are excluded from being installed again.
Verify this with:

rpm -q qubes-template-fedora-29-minimial

If the template package is still there, but actual template is gone (not
listed by qvm-ls tool), you can forcibly remove the package with:

sudo rpm -e --noscripts qubes-template-fedora-29-minimial

See also https://www.qubes-os.org/doc/reinstall-template/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxUHbMACgkQ24/THMrX
1yxpYQgAjW/MjSP6FmBPGC8Qz/GmTDcbJ53XNAt+NQLG4PeoEclkF9bEW0SQgtwW
z0jnMyPcUWTMmVW2cDwMB5v0u3AMf/ZITDvDqROj6eqE0pNlSQV5B/UTMEkvzE3u
dSN+N1TpM8HbFPKY6LLYU1bRrh98GY+yQ/G40CfwPEz1cPj2U94GkHq8WqRox/Kc
6HkHIdvtuZQlCZpoGjJqMBrJcyCgECCnwsMa1vDcqf/ZpBKBrMlpEc1WKMu85hCX
eHzPjAmKIwXrSeQ0KSksNJENwIcM/nJxP11TpHlOZtQeeqdmOksWNsqndWLciwN8
K0DJ4g0ttvsgqYISrn8PGGKIOF1oTA==
=HJRN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190201102138.GA2830%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Reversing dom0 testing repo installation

2019-02-01 Thread qubes-fan 




Jan 31, 2019, 3:06 PM by un...@thirdeyesecurity.org:

> On Wed, Jan 30, 2019 at 03:28:17PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>>
>> Just a humble reminder for my question. I tried to research the topic, but 
>> didn't move anywhere. Can anyone advice me please?
>>
>> Jan 28, 2019, 3:59 PM by >> qubes-...@tutanota.com 
>> >> :
>>
>> > hi, I accidentaly downloaded and installed the dom0 update from the 
>> > testing repo. Is there any way to reverse the action and keep only the 
>> > stable version?
>> >
>> > I already disabled the testing repo in the /etc/yum.repos.d/qubes-dom0.repo
>> >
>> > Thank you
>> >
>>
>
> Check /var/log/dnf** to see exactly what changes have been made to your
> system
>
> If you are using a Fedora based qube as UpdateVM, then you can use the
> downgrade option:
> qubes-dom0-upgrade action=downgrade 
>
> I'm not familiar with this and don't use it. It isn't an option if you are
> using Whonix or another Debian based UpgradeVM
>
> In that case, you can get a list of all the available versions:
> qubes-dom-update --action=list --showduplicates 
>
> And then should be able to install a specific version:
> qubes-dom-update package-version
>
> It's a little more long winded, but you are exercising full control.
> Hope that helps somewhat.
>
> unman
>
Thank you, but it seems like bit advanced. I will wait till the stable rewrites 
the testing when out. Hope this works too. 

The only issue I encountered is the password entry at boot - the GUI doesnt 
appear and I am entering the pass terminal-like. 

>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20190131150632.tjsrviwzynazc...@thirdeyesecurity.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXcL6BT--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.