Re: [qubes-users] Qubes 4.0.1 fails to install on dell latitude e5xxx

['awokd' via qubes-users]

jonull...@gmail.com wrote on 2/6/19 8:43 PM:


Installing works in Legacy External device boot



->sh-4.3# efibootmgr
EFI variables are not supported on this system.



trying to allocate efivars, but cannot find it, and a few grubs directories.

 From what i understand it's not necessary to run grubs in UEFI.


Having a bit of trouble following what you wrote. If you installed in 
Legacy mode, Qubes will use Grub to boot instead of UEFI, so there 
wouldn't be a xen.cfg or EFI menu entry/variables. Did you notice on the 
first Qubes install stage which boot system it installed, and were there 
any errors?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/475a0bc6-4729-c9d6-fe0b-15eaa0a57fb3%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VMs unable to start after forced reboot (see issue #3964 - VMs cannot start)

['awokd' via qubes-users]

whatev...@tuta.io wrote on 2/6/19 12:04 PM:


Domain sys-net-deb failed to start:
Logical Volume "vm-sys-net-deb-volatile" already exists in volume group 
"qubes_dom0"

or its vm-sys-net-deb-root-snap or sys-net-deb-private-snap variant.


sys-usb (no network, USB controller assigned) throws similar errors, but 
referencing itself instead of sys-net-deb.



For most VMs without network VM assigned:

Domain  has failed to start: device-mapper:message 
ioctl on (253:3) failed: File exists

Failed to process thin pool message "create_snap 1666 1649".
Failed to suspend qubes_dom0/pool00 with queued messages.
Any attempt to sudo lvremove qubes_dom0/vm--volatile, -root-snap or 
-private-snap to date ended unsuccessfully with:

device-mapper:message ioctl on (253:3) failed: File exists
Failed to process thin pool message "create_snap 1666 1649".
  Failed to suspend qubes_dom0/pool00 with queued messages.
Failed to update pool qubes_dom0/pool00.


This looks similar to your issue: 
https://www.linuxglobal.com/fix-lvm-thin-cant-create-snapshot-failed-suspend-vg01pool0-queued-messages/.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f3cf699-ef84-56b8-8f6c-12fa247bb84a%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Librem 13 V3

[pixel fairy]

On Wednesday, February 6, 2019 at 1:58:24 AM UTC-8, m...@militant.dk wrote:

> These faults are actually a dealbreaker for me. I can't live with this device 
> anymore, so I'm looking to switch it out with a mac mini size device or 
> something similar, that can run 4k @ 60Hz, like normal machines, claiming to 
> support 4k, should.
> 
> Enjoy

im pretty happy with system76 galago. 4k at 60Hz over display port. think it 
was 30Hz over hdmi, which was still usable. 

the only issue is if you start an appvm in single display mode, then plug in 
the display port, apps in that vm wont take input when on the external display 
until you restart that vm. dont remember having that problem with hdmi. also, 
in xfce, plugging and unplugging display port seemed to reset the display, so 
it would always shuffle windows around and ask you to reconfigure the displays. 
in kde, this isnt a problem. it remembers how you set it up before. but, the 
window input issue is still there.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8dd456d6-a287-421e-9895-5e031ab0bc08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[John Goold]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/6/19 1:52 PM, kit...@tutanota.com wrote:
> Yeah, good buddy, we are all making the same assumptions.  Knowing
> about the extent the Five Eyes will go to gather your personal
> information makes two points; one is that if they do it, they must
> have a right to do it, and two, because they are, we must fight
> against it 24/7.  You are very wise in not keeping records.  I
> couldn't agree more.
> 
> So then I must ask you, how do you feel about your name being kept,
> as part of your international dossier, associated with the mailing
> list?
> 

Actually, I do not mind people knowing my name or roughly where I live
(Newfoundland and Labrador, Canada). I do not mind people knowing I am
a 73-year old male.

What does bother me is a concept I came across, decades ago when I
first starting working on mainframe computers and before The Internet
was publicly accessible. It was the subject of a book called
"Databanks in a Free Society" (I remember the title, but not the name
of the author).

Privacy in my Grandparents age (possibly your Great-Grandparents) was
not ensured because of the lack of access to information. One could
travel to a person's city and look up information about who owned what
property and what price they bought it for, search the registry of
births and deaths, etc. and eventually, often at great cost, put
together a pretty detailed dossier on a person. Part of that was
because it required a lot of investigation — it might even be
difficult to determine where a person was born (not just the city, but
even the state or country).

That great cost gave people a degree of privacy, as did the difficulty
of confirming or disproving a random individual's identity.

Then, starting around 1948, computers were developed enough and made
available to anyone with the money to buy one (i.e. large enough
businesses like insurance companies, large banks,... that could afford
a mainframe computer and the facilities to house it). And, of course,
governments started to store records on computer media (often reels of
tape).

The premise of the book was that it was "now" possible for large
corporations and, especially the various divisions of a government, to
exchange, correlate, merge and massage disparate lots of information
and build up dossiers on people cheaply enough to make it practical to
do so. So, how would those "Databanks" be used in "a Free Society"?
What about an individual's right to privacy?

Of course, we are well past that stage. Information on people is
almost trivially gathered, correlated and massaged. Because of that,
our expectation of privacy (and anonymity) has been shattered.

We can only maintain a fraction of the privacy that my grandparents
had. And, it has become harder for individuals to maintain even a
modicum of privacy, never mind "live off the grid".

Finally, to answer your question: I do not mind my name being
associated with this mailing list.

What I do worry about is my identity being "stolen"; that is, someone
(or some people) being able to impersonate me in a convincing way. I
worry about people being able to access my bank accounts fraudulently
or incur debts that appear to be my debts. About someone destroying or
stealing records I have on my computer that, once upon a time, were
paper records...

Does sharing my name and a few bits of personal information make it
easier for someone to do the above? Probably. But I do not want to
live as a recluse.
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEe8Wcf7Po7bts2Rl4jWN9/rQYsRwFAlxbUcwACgkQjWN9/rQY
sRwaNAf/Roj69lCiMg5JNUp/6K+ibPK+QxkG3nx//vz0Cpbduom/h3Q7zL7jumpv
yD3IQGcPJhkbffteg5F6jkx57ZCW4ms2QUy/goUyyiG+0X9gGupEB2Y/5Xc+dQUg
iOb99fxU7Et+wXITY56OfImhCiBEypG2/bTNZ65DO6zJr7BH8pluFmuIucK68ALW
Ydx9/uQabDkhbvinq9Y21Kwk8ngR4RQAsu2GHNaZ8cbWErm2u7PDxF4oDBVKddN+
o/cLjjRZg2VtRAETlUHSGXbi+mrmtVWina+NG75RNzPDe7GHQmBrnVFATnLMJozz
Q+IHIRaFHjkyLSOdataZjPLM1PaIbg==
=Td9w
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4143bd5c-3a9e-3b67-8589-15197a4dc9c0%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Suggestion about an UI detail

[Dupéron Georges]

> I rearrange the shortcuts in one so that something innocuous like "x-term" is 
> first, and the drop down arrow leads to the other frequently used items.

To avoid accidental clicks starting an application and have a larger
clickable zone:

Right-click on the XFCE launcher → Advanced → Arrow button position:
Inside Button.

Cheers,
Georges Dupéron

-- 
Georges Dupéron

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAKQnwqbwaTm6Xvf1TqJYqp8aQ4ybw%2BeJB5c7RKUEHo_ZMiV0aw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.0.1 fails to install on dell latitude e5xxx

[jonull101]

BIOS:
--General--
Boot Sequence
 -UEFI
Advanced Boot Options
 -Enable Legacy Option ROMs

--System Configuration--
SATA Operation
 -AHCI

TPM
 -ON


Installing works in Legacy External device boot
-USB Storage Device
else i get penguins.


Troubleshooting
->Rescue a Qubes system
->1) Continue
->LUKS passphrase
->{Enter] to get a shell
->sh-4.3#
-->Following the, which by the way should be updated:
https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing

Part:
Installation finished but “Qubes” boot option is missing and xen.cfg is empty

->vi xen.cfg <-> is empty
here is the uefi-troubleshooting by qubes a config for 3.2
*does the same config work for 4.0.1?

->running the config from 3.2, adjusting kernel version and filesystem location 
, looks OK!

Now:
---
4. 

Create boot entry in EFI firmware (replace /dev/sda with your disk name and -p 
1 with /boot/efi partition number):

efibootmgr -v -c -u -L Qubes -l /EFI/qubes/xen.efi -d /dev/sda -p 1 
"placeholder /mapbs /noexitboot"

---
->sh-4.3# efibootmgr
EFI variables are not supported on this system.

which means efivars kernel module is probably not enabled.
->sh-4.3#modprobe efivars
modprobe: FATAL: Module efivars not found in directory 
/lib/modules/4.14.74-1.pvops.qubes.x86_64

trying to allocate efivars, but cannot find it, and a few grubs directories.

>From what i understand it's not necessary to run grubs in UEFI.


Am i missing something? Besides that the troubleshooting guide for UEFI is very 
poor and not updated.

Would appreciate if someone could give me a hand on this one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6c534fe-98e2-4057-bdd2-ecacb1e6dc71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Stuart Perkins]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On Wed, 6 Feb 2019 12:51:04 -0600
John Goold  wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>On 2/6/19 10:36 AM, unman wrote:
>> On Wed, Feb 06, 2019 at 10:15:54AM -0600, John Goold wrote: On
>> 2/6/19 1:12 AM, 'awokd' via qubes-users wrote:  
> kitchm via Forum:
>   
>> ...  
>> It is currently illegal by federal law to clear your
>> browser history.  
> 
> Cite?  
>> 
>> What one does with one's browser history, even assuming one's
>> browser has a browser history, is clearly not governed by law,
>> except perhaps in countries like China and Russion.
>> 
>> Actually, it may be governed by law in the US, but not in Russia. 
>> The  FBI have interpreted Sarbanes-Oxley as creating a felony
>> offence where one deletes browser history where there was 
>> reasonable expectation of investigation. It has been used against
>> Matanov, a friend of the Boston bombers, and David Kernell, who
>> hacked Sarah Palin's email. The EFF have highlighted this
>> interpretation of Sarbanes Oxley as egregious, but no doubt the
>> authorities deem it necessary.
>> 
>> Note that it is NOT illegal in the US to clear your browser
>> history: but it may prove a felony offence to do so. In the two
>> cases cited there were reasonable grounds to suppose that a federal
>> investigation would take place.
>>   
>
>I think it should go without saying that anyone that violates a court
>order issued against them is committing an offense.
>
>Hmmm... So, in the U.S., if you are in a position that there was "a
>reasonable expectation of investigation", any attempt to maintain your
>privacy may be construed (at least by the FBI) to be a felony offence?
> Wow! Egregious seems to be an understatement.
>
>It seems a bit surreal. A person was not expecting to be the target of
>a government/justice system investigation, but someone or some group
>say the person should have expected to be investigated... I can see
>this happening in a non-democratic regime, but it seems unreal in a
>nation professing to be at the forefront of democracy.
>
>Anyway, I do not have to worry about this as I do not allow my browser
>to keep track of my browsing history (unless the browser is doing so
>surreptitiously). So I have no browser history to delete. However, I
>suppose if I became the subject of an investigation, any of my
>attempts (all mild) to maintain my privacy would be interpreted as
>nefarious.
>
>Anyway, as you implied, I was making assumptions based on my
>expectations of living in a democracy.
>
>It's an interesting discussion.

Of course the main reason to lunch the ME in bios (for those with systems the 
right vintage, or at least set the HAP bit) and running Qubes to begin with is 
to make it difficult for prying eyes to see what we do on our computers.  Not 
that we are doing anything "nefarious", but as far as I'm concerned, my 
business is exactly that...my business.  It pays to always use...private 
browsing and/or disposable VM for general internet stuff.  That way you never 
overtly act to "hide" anything, so whether or not you have a reasonable 
expectation of being investigated is a non-starter.
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEg3cTCwPFs8wewas+M1E7j4SmKVQFAlxbRToACgkQM1E7j4Sm
KVTNHAf+PYKCKraumNHXgKdIrx/4OUX4vHT16SQ4dCwrn6DkasceILGPqkvPrJwJ
/S8rHcjQlOoVP74GcZSuAryHy/IoKLOP1h2E6sDsQdfpZPmAZ3EAq0CsSK7bNoWs
c7sL1D1tn/YGIrvyrH6eHw3f9KXlcMTL+3LD4F4JMbrsOGAfXfdgdio+FJqGvmwr
T8PqLhte4oCe/JeE3v3qI7Hd0He3jvjRrmvyexc2dRrt/l0RCpUPJIVQgl/W8dAn
94y+bTwD3y5I5dUCyiOroSvoede0jfbpggeNDdAJvNag0E+2SKXN6z8A02hhrrii
LQzeVAgrWYrPI6DLniqCGN6Ga3z6mw==
=5sAN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190206143609.59f81581%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: SECURITY ALERT

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/6/19 5:12 PM, kitchm via Forum wrote:
> Do we agree, Andrew, that if a person is concerned with anonymity
> and privacy, he would not use social media?

wrong.

1. Anonymity and privacy are different things.
2. "person" is not meaningful in your sentence.

You can have many different digital identity, may or may not be
connected to a real person.

Some social media require you to connect them, others may not.

- - Facebook EULA require that you have to use your real identity.
However they are just loosely checking/forcing it.


- - twitter/google is not connected to a real person if you not want to.

So qubes mailing list - and the Qubes community in general - is not
forcing you to use a digital identity connected to a real person. So
you can be remain anonymous. Even if you have a google account.

Hence, it is not easy to achieve in practice.


On the other hand, most of the time reputation is more important than
anonymity. At least for me.

That's why I using gpg, and signing ~every mail I sent to a mailing
list. It is not anonym for sure, even if it still just a digital
identity. But my intention is that you should be able to connect this
digital identity to my real life identity.

- -- 
Zrubi
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxbNhoACgkQVjGlenYH
FQ0O8A/+K4gpkBxBhn7aUxySGcHODqTyNOK7nZlNwTa6+f/73JlPf6buX0Te4Tmb
IbmT1R82dXcATLZA99Etnk2s8wSrUl9Tj4sJ73jjj1AdL/e5f75ituIL6akB8SUW
ucB/mCBfo5AJhbH2Nb5wW5eGvFeUKI3iZeAvt4FXZSsNS3RNdNzXcxVSitnPibEg
RKkbXTGNaDibORa1mBkQHu0kLngZIzAlv+PrA8gBSApKlSHdxz8HXmrGkQEhmPSG
X27pnL8ADynsMadSzvXpW01QuYFwo8Uc9lnjKVV54BU69n0yNKj/ph8YHhgAry7v
zEk9BSvvN8KnXd5L8qGVL6cQ9nZliusb4xmOSQIhxxabnSR2HJAGR/IgNKB8yDaw
QJo/nJHejJXrbBxtYx+TNHgRNJkuGNaAYqsrfW6ChxfGkY3PczVl6MBM2V9QVdD6
HSw3HTMrrj8JD3gVCyWD/AvUZIN6u+0Re0XlSdj21K4/1czYoTWjXOMjOOr0QZ/8
s40worLipjchRa2uiJLmpnWB8hhfXNsEcWggp79VzdWbQggihGD54LnaxiiCUIDq
yR+u9xSvhDZa2AJ5K3V3ic9Jxtk694D1Xf85zw3p77yk6XR60K0qaUgmgyNtaKsl
g1QV4C+0yJ+6QTRgVZ+xuRaDc3mocXP4YkMNApqBVfy2IMDbCv8=
=qNBo
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61fbdc2f-cc4c-8e7d-985f-2998e18c1058%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Holger Levsen]

On Wed, Feb 06, 2019 at 12:51:04PM -0600, John Goold wrote:
> It's an interesting discussion.

yes, but it's also entirely off-topic for this list. please stop it.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190206190554.7r65i44csmp477k7%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

[qubes-users] Re: "Sensors plugin" in dom0 generates 2 "audit:" dmesg messages on every temperature refresh

[Marcus Linsner]

On Wednesday, February 6, 2019 at 6:49:06 PM UTC, Marcus Linsner wrote:
> On Wednesday, February 6, 2019 at 5:25:23 PM UTC, Marcus Linsner wrote:
> > On Wednesday, February 6, 2019 at 5:59:56 PM UTC+1, Marcus Linsner wrote:
> > > On Wednesday, August 22, 2018 at 11:08:44 PM UTC+2, Marcus Linsner wrote:
> > > > "Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) 
> > > > temperatures in the panel. (eg. RMB on panel, Panel->Add New 
> > > > Items...->Search: ->Sensor plugin)
> > > > 
> > > > Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 
> > > > second, however this means it would generate 2 dmesg audit messages 
> > > > every second AND they are flushed to the disk(judging by the case HDD 
> > > > led flashing).
> > > > 
> > > > [   93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 
> > > > uid=1000 auid=1000 ses=2 msg='op=PAM:authentication 
> > > > grantors=pam_localuser acct="root" exe="/usr/sbin/userhelper" 
> > > > hostname=? addr=? terminal=? res=success'
> > > > [   93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 
> > > > uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit 
> > > > acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? 
> > > > res=success'
> > > > 
> > > > 
> > > > Is there some way to turn these off? if not all the audit messages.
> > > 
> > > audit=0 in /proc/cmdline did it
> > > that is, for me, 
> > > sudo vim /boot/efi/EFI/qubes/xen.cfg
> > > and add it at the end of lines like:
> > > 
> > > kernel=vmlinuz-4.19.12-3.pvops.qubes.x86_64 
> > > root=/dev/mapper/qubes_dom0-root 
> > > rd.luks.uuid=luks-9ed952b5-2aa8-4564-b700-fb23f5c9e94b 
> > > rd.lvm.lv=qubes_dom0/root i915.alpha_support=1 rd.luks.options=discard 
> > > root_trim=yes rd.luks.allow-discards ipv6.disable=1 loglevel=15 
> > > log_buf_len=16M printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on 
> > > mminit_loglevel=0 memory_corruption_check=1 fbcon=scrollback:4096k 
> > > fbcon=font:ProFont6x11 net.ifnames=1 pax_sanitize_slab=full console=tty1 
> > > earlyprintk=vga systemd.log_target=kmsg 
> > > systemd.journald.forward_to_console=1 udev.children-max=1256 
> > > rd.udev.children-max=1256 rhgb sysrq_always_enabled random.trust_cpu=off 
> > > audit=0
> > > 
> > > however now I've:
> > > [11487.420448] userhelper[9870]: running '/usr/sbin/hddtemp -n -q 
> > > /dev/sda' with root privileges on behalf of 'ctor'
> > > as a spam, every second.
> > > 
> > > I've noticed that /usr/sbin/hddtemp wasn't already suid root, so I've set 
> > > it now via:
> > > sudo chmod u+s /usr/sbin/hddtemp
> > > 
> > > the spam still happens, but maybe a reboot is in order, unless 
> > > xfce4-sensors-plugin is calling userhelper itself? 
> > > 
> > > [ctor@dom0 ~]$ rpm -qf `which userhelper`
> > > usermode-1.111-8.fc24.x86_64
> > > 
> > > I'll go reboot, if it works I won't post again, otherwise I'll keep 
> > > trying to find a way to get rid of this spam.
> > 
> > suid+reboot didn't work, but looks like I've encountered this before here: 
> > https://groups.google.com/d/msg/qubes-devel/NfVQi0HXWEY/uiw23yq2CgAJ
> > and it is a loglevel 15 message
> > <15>[   87.005717] userhelper[4027]: running '/usr/sbin/hddtemp -n -q 
> > /dev/sda' with root privileges on behalf of 'ctor'
> > 
> > so, in the worst case all I have to do is find out how to tell 
> > systemd/journald to not store it, which frankly I've no idea how, since it 
> > only accepts 0-7 numbers according to man journald.conf for MaxLevelStore= 
> > and yet that level 15 message still lands in journalctl -b 0
> > but perhaps other forwarding settings are in effect which make it so.
> > 
> > MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, 
> > MaxLevelWall=
> >Controls the maximum log level of messages that are stored on 
> > disk, forwarded to syslog, kmsg, the console or wall (if that is enabled, 
> > see above).
> >As argument, takes one of "emerg", "alert", "crit", "err", 
> > "warning", "notice", "info", "debug", or integer values in the range of 0-7
> >(corresponding to the same levels). Messages equal or below the 
> > log level specified are stored/forwarded, messages above are dropped. 
> > Defaults to
> >"debug" for MaxLevelStore= and MaxLevelSyslog=, to ensure that 
> > the all messages are written to disk and forwarded to syslog. Defaults to 
> > "notice"
> >for MaxLevelKMsg=, "info" for MaxLevelConsole=, and "emerg" for 
> > MaxLevelWall=.
> > 
> > So, since 'debug' is 7, it stands to reason that a level 15 message won't 
> > be seen, unless ... I'm missing something.
> 
> ok, that message is log level 5 aka notice
> https://pagure.io/usermode/blob/a501560b8f25e9ddc1a3213a1f865564e5a9a34c/f/userhelper.c#_1943
> 
> and it can't be disabled! unless I tell journald.conf to maxlevel warning 
> which would waste a lot of log messages and is unacceptable...
> 
> so the only thing left is to re

Re: [qubes-users] Re: why mail-list?

[John Goold]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/6/19 10:36 AM, unman wrote:
> On Wed, Feb 06, 2019 at 10:15:54AM -0600, John Goold wrote: On
> 2/6/19 1:12 AM, 'awokd' via qubes-users wrote:
 kitchm via Forum:
 
> ...
> It is currently illegal by federal law to clear your
> browser history.
 
 Cite?
> 
> What one does with one's browser history, even assuming one's
> browser has a browser history, is clearly not governed by law,
> except perhaps in countries like China and Russion.
> 
> Actually, it may be governed by law in the US, but not in Russia. 
> The  FBI have interpreted Sarbanes-Oxley as creating a felony
> offence where one deletes browser history where there was 
> reasonable expectation of investigation. It has been used against
> Matanov, a friend of the Boston bombers, and David Kernell, who
> hacked Sarah Palin's email. The EFF have highlighted this
> interpretation of Sarbanes Oxley as egregious, but no doubt the
> authorities deem it necessary.
> 
> Note that it is NOT illegal in the US to clear your browser
> history: but it may prove a felony offence to do so. In the two
> cases cited there were reasonable grounds to suppose that a federal
> investigation would take place.
> 

I think it should go without saying that anyone that violates a court
order issued against them is committing an offense.

Hmmm... So, in the U.S., if you are in a position that there was "a
reasonable expectation of investigation", any attempt to maintain your
privacy may be construed (at least by the FBI) to be a felony offence?
 Wow! Egregious seems to be an understatement.

It seems a bit surreal. A person was not expecting to be the target of
a government/justice system investigation, but someone or some group
say the person should have expected to be investigated... I can see
this happening in a non-democratic regime, but it seems unreal in a
nation professing to be at the forefront of democracy.

Anyway, I do not have to worry about this as I do not allow my browser
to keep track of my browsing history (unless the browser is doing so
surreptitiously). So I have no browser history to delete. However, I
suppose if I became the subject of an investigation, any of my
attempts (all mild) to maintain my privacy would be interpreted as
nefarious.

Anyway, as you implied, I was making assumptions based on my
expectations of living in a democracy.

It's an interesting discussion.
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEe8Wcf7Po7bts2Rl4jWN9/rQYsRwFAlxbLJIACgkQjWN9/rQY
sRxbAgf/bBRwIhE+EQ7FVHig6psIg+DDl15Jx8s/13mEjAvKlc45hgxjaShJAQvn
n/nakGzdmzWwrgMAqeOzINGRMdfFaavVxck0+NL0hvVJJ/EONl8hYYloy5k+nUvA
1BoCgUk8LlLRNFSEvtltQod5GDkLAnaXPdxau4sY9u8YL60L3wnjJ8PPpa+lp8/G
0c8iwlwMSn8Yp4t8pJ7Rl7R7ikByY+v1BOt9R6x9zVmHi9SY00BjCKkLegJ5dhVE
MGSA4BA43LsVvyNilQQ/AFMyUCVPo753rYvMjd0ED1hZJqpCJeXpjtBBS8Yg6enj
FIY5+pkFU/X+p3wiSRdhMGnZKYh/Hw==
=xIVp
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d2f305d-c7d4-d43a-33a6-d227515920ce%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: "Sensors plugin" in dom0 generates 2 "audit:" dmesg messages on every temperature refresh

[Marcus Linsner]

On Wednesday, February 6, 2019 at 5:25:23 PM UTC, Marcus Linsner wrote:
> On Wednesday, February 6, 2019 at 5:59:56 PM UTC+1, Marcus Linsner wrote:
> > On Wednesday, August 22, 2018 at 11:08:44 PM UTC+2, Marcus Linsner wrote:
> > > "Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) 
> > > temperatures in the panel. (eg. RMB on panel, Panel->Add New 
> > > Items...->Search: ->Sensor plugin)
> > > 
> > > Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 
> > > second, however this means it would generate 2 dmesg audit messages every 
> > > second AND they are flushed to the disk(judging by the case HDD led 
> > > flashing).
> > > 
> > > [   93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 
> > > uid=1000 auid=1000 ses=2 msg='op=PAM:authentication 
> > > grantors=pam_localuser acct="root" exe="/usr/sbin/userhelper" hostname=? 
> > > addr=? terminal=? res=success'
> > > [   93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 
> > > uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit 
> > > acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? 
> > > res=success'
> > > 
> > > 
> > > Is there some way to turn these off? if not all the audit messages.
> > 
> > audit=0 in /proc/cmdline did it
> > that is, for me, 
> > sudo vim /boot/efi/EFI/qubes/xen.cfg
> > and add it at the end of lines like:
> > 
> > kernel=vmlinuz-4.19.12-3.pvops.qubes.x86_64 
> > root=/dev/mapper/qubes_dom0-root 
> > rd.luks.uuid=luks-9ed952b5-2aa8-4564-b700-fb23f5c9e94b 
> > rd.lvm.lv=qubes_dom0/root i915.alpha_support=1 rd.luks.options=discard 
> > root_trim=yes rd.luks.allow-discards ipv6.disable=1 loglevel=15 
> > log_buf_len=16M printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on 
> > mminit_loglevel=0 memory_corruption_check=1 fbcon=scrollback:4096k 
> > fbcon=font:ProFont6x11 net.ifnames=1 pax_sanitize_slab=full console=tty1 
> > earlyprintk=vga systemd.log_target=kmsg 
> > systemd.journald.forward_to_console=1 udev.children-max=1256 
> > rd.udev.children-max=1256 rhgb sysrq_always_enabled random.trust_cpu=off 
> > audit=0
> > 
> > however now I've:
> > [11487.420448] userhelper[9870]: running '/usr/sbin/hddtemp -n -q /dev/sda' 
> > with root privileges on behalf of 'ctor'
> > as a spam, every second.
> > 
> > I've noticed that /usr/sbin/hddtemp wasn't already suid root, so I've set 
> > it now via:
> > sudo chmod u+s /usr/sbin/hddtemp
> > 
> > the spam still happens, but maybe a reboot is in order, unless 
> > xfce4-sensors-plugin is calling userhelper itself? 
> > 
> > [ctor@dom0 ~]$ rpm -qf `which userhelper`
> > usermode-1.111-8.fc24.x86_64
> > 
> > I'll go reboot, if it works I won't post again, otherwise I'll keep trying 
> > to find a way to get rid of this spam.
> 
> suid+reboot didn't work, but looks like I've encountered this before here: 
> https://groups.google.com/d/msg/qubes-devel/NfVQi0HXWEY/uiw23yq2CgAJ
> and it is a loglevel 15 message
> <15>[   87.005717] userhelper[4027]: running '/usr/sbin/hddtemp -n -q 
> /dev/sda' with root privileges on behalf of 'ctor'
> 
> so, in the worst case all I have to do is find out how to tell 
> systemd/journald to not store it, which frankly I've no idea how, since it 
> only accepts 0-7 numbers according to man journald.conf for MaxLevelStore= 
> and yet that level 15 message still lands in journalctl -b 0
> but perhaps other forwarding settings are in effect which make it so.
> 
> MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, 
> MaxLevelWall=
>Controls the maximum log level of messages that are stored on 
> disk, forwarded to syslog, kmsg, the console or wall (if that is enabled, see 
> above).
>As argument, takes one of "emerg", "alert", "crit", "err", 
> "warning", "notice", "info", "debug", or integer values in the range of 0-7
>(corresponding to the same levels). Messages equal or below the 
> log level specified are stored/forwarded, messages above are dropped. 
> Defaults to
>"debug" for MaxLevelStore= and MaxLevelSyslog=, to ensure that the 
> all messages are written to disk and forwarded to syslog. Defaults to "notice"
>for MaxLevelKMsg=, "info" for MaxLevelConsole=, and "emerg" for 
> MaxLevelWall=.
> 
> So, since 'debug' is 7, it stands to reason that a level 15 message won't be 
> seen, unless ... I'm missing something.

ok, that message is log level 5 aka notice
https://pagure.io/usermode/blob/a501560b8f25e9ddc1a3213a1f865564e5a9a34c/f/userhelper.c#_1943

and it can't be disabled! unless I tell journald.conf to maxlevel warning which 
would waste a lot of log messages and is unacceptable...

so the only thing left is to remove the file that hddtemp package added into 
/etc/pam.d/  (named: hddtemp)
and set hddtemp as suid root(as I already did above)
(all of this in dom0)
ok, apparently that's not good enough, because for some reason it's asking for 
a password when xfce4-sensors-plugin is

[qubes-users] Re: "Sensors plugin" in dom0 generates 2 "audit:" dmesg messages on every temperature refresh

[Marcus Linsner]

On Wednesday, February 6, 2019 at 5:59:56 PM UTC+1, Marcus Linsner wrote:
> On Wednesday, August 22, 2018 at 11:08:44 PM UTC+2, Marcus Linsner wrote:
> > "Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) 
> > temperatures in the panel. (eg. RMB on panel, Panel->Add New 
> > Items...->Search: ->Sensor plugin)
> > 
> > Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 
> > second, however this means it would generate 2 dmesg audit messages every 
> > second AND they are flushed to the disk(judging by the case HDD led 
> > flashing).
> > 
> > [   93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 
> > uid=1000 auid=1000 ses=2 msg='op=PAM:authentication grantors=pam_localuser 
> > acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? 
> > res=success'
> > [   93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 
> > uid=1000 auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit 
> > acct="root" exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? 
> > res=success'
> > 
> > 
> > Is there some way to turn these off? if not all the audit messages.
> 
> audit=0 in /proc/cmdline did it
> that is, for me, 
> sudo vim /boot/efi/EFI/qubes/xen.cfg
> and add it at the end of lines like:
> 
> kernel=vmlinuz-4.19.12-3.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root 
> rd.luks.uuid=luks-9ed952b5-2aa8-4564-b700-fb23f5c9e94b 
> rd.lvm.lv=qubes_dom0/root i915.alpha_support=1 rd.luks.options=discard 
> root_trim=yes rd.luks.allow-discards ipv6.disable=1 loglevel=15 
> log_buf_len=16M printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on 
> mminit_loglevel=0 memory_corruption_check=1 fbcon=scrollback:4096k 
> fbcon=font:ProFont6x11 net.ifnames=1 pax_sanitize_slab=full console=tty1 
> earlyprintk=vga systemd.log_target=kmsg systemd.journald.forward_to_console=1 
> udev.children-max=1256 rd.udev.children-max=1256 rhgb sysrq_always_enabled 
> random.trust_cpu=off audit=0
> 
> however now I've:
> [11487.420448] userhelper[9870]: running '/usr/sbin/hddtemp -n -q /dev/sda' 
> with root privileges on behalf of 'ctor'
> as a spam, every second.
> 
> I've noticed that /usr/sbin/hddtemp wasn't already suid root, so I've set it 
> now via:
> sudo chmod u+s /usr/sbin/hddtemp
> 
> the spam still happens, but maybe a reboot is in order, unless 
> xfce4-sensors-plugin is calling userhelper itself? 
> 
> [ctor@dom0 ~]$ rpm -qf `which userhelper`
> usermode-1.111-8.fc24.x86_64
> 
> I'll go reboot, if it works I won't post again, otherwise I'll keep trying to 
> find a way to get rid of this spam.

suid+reboot didn't work, but looks like I've encountered this before here: 
https://groups.google.com/d/msg/qubes-devel/NfVQi0HXWEY/uiw23yq2CgAJ
and it is a loglevel 15 message
<15>[   87.005717] userhelper[4027]: running '/usr/sbin/hddtemp -n -q /dev/sda' 
with root privileges on behalf of 'ctor'

so, in the worst case all I have to do is find out how to tell systemd/journald 
to not store it, which frankly I've no idea how, since it only accepts 0-7 
numbers according to man journald.conf for MaxLevelStore= 
and yet that level 15 message still lands in journalctl -b 0
but perhaps other forwarding settings are in effect which make it so.

MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=, MaxLevelConsole=, MaxLevelWall=
   Controls the maximum log level of messages that are stored on disk, 
forwarded to syslog, kmsg, the console or wall (if that is enabled, see above).
   As argument, takes one of "emerg", "alert", "crit", "err", 
"warning", "notice", "info", "debug", or integer values in the range of 0-7
   (corresponding to the same levels). Messages equal or below the log 
level specified are stored/forwarded, messages above are dropped. Defaults to
   "debug" for MaxLevelStore= and MaxLevelSyslog=, to ensure that the 
all messages are written to disk and forwarded to syslog. Defaults to "notice"
   for MaxLevelKMsg=, "info" for MaxLevelConsole=, and "emerg" for 
MaxLevelWall=.

So, since 'debug' is 7, it stands to reason that a level 15 message won't be 
seen, unless ... I'm missing something.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a93d3ae-5811-4fd3-b69c-8bb10f1e9123%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: "Sensors plugin" in dom0 generates 2 "audit:" dmesg messages on every temperature refresh

[Marcus Linsner]

On Wednesday, August 22, 2018 at 11:08:44 PM UTC+2, Marcus Linsner wrote:
> "Sensors plugin" is an xfce4-panel plugin which shows the CPU(and SSD) 
> temperatures in the panel. (eg. RMB on panel, Panel->Add New 
> Items...->Search: ->Sensor plugin)
> 
> Its default refresh is 60 seconds. I've set it to 5. But I want it on 1 
> second, however this means it would generate 2 dmesg audit messages every 
> second AND they are flushed to the disk(judging by the case HDD led flashing).
> 
> [   93.223814] audit: type=1100 audit(1534971421.712:183): pid=3748 uid=1000 
> auid=1000 ses=2 msg='op=PAM:authentication grantors=pam_localuser acct="root" 
> exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? res=success'
> [   93.223828] audit: type=1101 audit(1534971421.712:184): pid=3748 uid=1000 
> auid=1000 ses=2 msg='op=PAM:accounting grantors=pam_permit acct="root" 
> exe="/usr/sbin/userhelper" hostname=? addr=? terminal=? res=success'
> 
> 
> Is there some way to turn these off? if not all the audit messages.

audit=0 in /proc/cmdline did it
that is, for me, 
sudo vim /boot/efi/EFI/qubes/xen.cfg
and add it at the end of lines like:

kernel=vmlinuz-4.19.12-3.pvops.qubes.x86_64 root=/dev/mapper/qubes_dom0-root 
rd.luks.uuid=luks-9ed952b5-2aa8-4564-b700-fb23f5c9e94b 
rd.lvm.lv=qubes_dom0/root i915.alpha_support=1 rd.luks.options=discard 
root_trim=yes rd.luks.allow-discards ipv6.disable=1 loglevel=15 log_buf_len=16M 
printk.always_kmsg_dump=y printk.time=y printk.devkmsg=on mminit_loglevel=0 
memory_corruption_check=1 fbcon=scrollback:4096k fbcon=font:ProFont6x11 
net.ifnames=1 pax_sanitize_slab=full console=tty1 earlyprintk=vga 
systemd.log_target=kmsg systemd.journald.forward_to_console=1 
udev.children-max=1256 rd.udev.children-max=1256 rhgb sysrq_always_enabled 
random.trust_cpu=off audit=0

however now I've:
[11487.420448] userhelper[9870]: running '/usr/sbin/hddtemp -n -q /dev/sda' 
with root privileges on behalf of 'ctor'
as a spam, every second.

I've noticed that /usr/sbin/hddtemp wasn't already suid root, so I've set it 
now via:
sudo chmod u+s /usr/sbin/hddtemp

the spam still happens, but maybe a reboot is in order, unless 
xfce4-sensors-plugin is calling userhelper itself? 

[ctor@dom0 ~]$ rpm -qf `which userhelper`
usermode-1.111-8.fc24.x86_64

I'll go reboot, if it works I won't post again, otherwise I'll keep trying to 
find a way to get rid of this spam.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53d079cf-2994-4e78-935b-e9398e51b174%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Holger Levsen]

On Wed, Feb 06, 2019 at 11:34:57AM -0500, kitchm via Forum wrote:
> [...]  BTW, you are certainly not polite,
> but you are obviously such a whiner since you continue to
> whine about me and make this personal.

can you all please stop your ad-hominem attacks and off-topic
discussions and keep this list about Qubes OS?! (Also, please accept that
there are different use-cases for Qubes OS and different definitions of
privacy, security and everything.)

Thanks already.


-- 
tschau,
Holger

---
   holger@(debian|reproducible-builds|layer-acht).org
   PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190206165018.hj5vevtk4cokwloi%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

Re: [qubes-users] Re: why mail-list?

[unman]

On Wed, Feb 06, 2019 at 10:15:54AM -0600, John Goold wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 2/6/19 1:12 AM, 'awokd' via qubes-users wrote:
> > kitchm via Forum:
> > 
> ...
> >> It is currently illegal by federal law to clear your browser 
> >> history.
> > 
> > Cite?
> 
> What one does with one's browser history, even assuming one's browser
> has a browser history, is clearly not governed by law, except perhaps
> in countries like China and Russion.
> -BEGIN PGP SIGNATURE-
> 
> iQEzBAEBCAAdFiEEe8Wcf7Po7bts2Rl4jWN9/rQYsRwFAlxbCDgACgkQjWN9/rQY
> sRwFfQf+MRGgCma20R/XDSkO0X94ul0kb8p/GfUBQbw7/bbdNKXtawkUtzGqe44I
> IExLLsikRRTdHGIMvHVpBXNjQGm2Qh6MdL4v+cd/CN2vtj5Yh2ifk5OF5xt5hb0A
> EX+8EYoo5GoF+2urI3IU6NTKBL0tCDiKIcjVIMuxg9ah0mo1QTO5+ewlX5AGlyLS
> c2dVDHB3svCIKQ9xrHZxcNLL3WKL6lrOwP/oGuM6NLGJtnBDbS7ihkJA1GMu7m5H
> 3hHQFq7vb8/6vNf6L8jqC3MPDbp/zXXwCk1UjLofnbUX+ExVDKPZF43qI8yMiGwN
> UkdsgfCZfIQjh1jKGDXhJ2/xyhySvw==
> =zjDq
> -END PGP SIGNATURE-

Actually, it may be governed by law in the US, but not in Russia.
The  FBI have interpreted Sarbanes-Oxley as creating a
felony offence where one deletes browser history where there was
reasonable expectation of investigation.
It has been used against Matanov, a friend of the Boston bombers, and
David Kernell, who hacked Sarah Palin's email.
The EFF have highlighted this interpretation of Sarbanes Oxley as
egregious, but no doubt the authorities deem it necessary.

Note that it is NOT illegal in the US to clear your browser history:
but it may prove a felony offence to do so. In the two cases cited there
were reasonable grounds to suppose that a federal investigation would
take place.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190206163608.t24cbnwjpkffsomp%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

[kitchm via Forum]

It is called a Trump-ism.  Believing that whatever one says
is truth.

So did you not read Stuart's post where he states "My
current client has a court order to NEVER delete another
e-mail"?  Have you not read about the Boston Bomber case? 
Have you not read books by experts such as Kevin Mitnick? 
We who have, know the truth, because we keep abreast of what
the experts say.  It is not our own opinion.  Further,
anyone who is concerned about anonymity and privacy should
be doing the same.  Pretending to know doesn't make it so.

Awokd, you have legitimate and good questions.  Please note
the following from the RFC you referenced.  "This memo does
not specify an Internet standard of any kind."

You also wrote, "Multiple people have suggested using
Zrubi's forum, which does not require a Google account."  I
couldn't agree more; as I have mentioned before.  Zrubi is a
Godsend.

Achim, you wrote "So what".  Really?  You don't see the
significance in that?  BTW, you are certainly not polite,
but you are obviously such a whiner since you continue to
whine about me and make this personal.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aec.5c5b0cb1%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[John Goold]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/6/19 1:12 AM, 'awokd' via qubes-users wrote:
> kitchm via Forum:
> 
...
>> It is currently illegal by federal law to clear your browser 
>> history.
> 
> Cite?

What one does with one's browser history, even assuming one's browser
has a browser history, is clearly not governed by law, except perhaps
in countries like China and Russion.
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEe8Wcf7Po7bts2Rl4jWN9/rQYsRwFAlxbCDgACgkQjWN9/rQY
sRwFfQf+MRGgCma20R/XDSkO0X94ul0kb8p/GfUBQbw7/bbdNKXtawkUtzGqe44I
IExLLsikRRTdHGIMvHVpBXNjQGm2Qh6MdL4v+cd/CN2vtj5Yh2ifk5OF5xt5hb0A
EX+8EYoo5GoF+2urI3IU6NTKBL0tCDiKIcjVIMuxg9ah0mo1QTO5+ewlX5AGlyLS
c2dVDHB3svCIKQ9xrHZxcNLL3WKL6lrOwP/oGuM6NLGJtnBDbS7ihkJA1GMu7m5H
3hHQFq7vb8/6vNf6L8jqC3MPDbp/zXXwCk1UjLofnbUX+ExVDKPZF43qI8yMiGwN
UkdsgfCZfIQjh1jKGDXhJ2/xyhySvw==
=zjDq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19e32b12-d3f7-a5ca-3009-21744df7414a%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R.I.S.K.S. - Relatively Insecure System for Keys and Secrets (for Qubes OS)

[kitchm via Forum]

1900, thanks for the good research.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aea.5c5b07fb%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SECURITY ALERT

[kitchm via Forum]

Do we agree, Andrew, that if a person is concerned with
anonymity and privacy, he would not use social media?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae9.5c5b075c%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Stuart Perkins]

On Tue, 05 Feb 2019 13:34:04 -0500
kitchm via Forum  wrote:

>Some comments based on what has been posted so far:
>...
> It is currently illegal by
>federal law to clear your browser history.
>...

Illegal for who?  Perhaps a Federal employee...on a work computer.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190206073355.526d1712%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Os

['Frédéric ASDRUBAL' via qubes-users]

Merci bcp

Toda (Hb)

_
Frédéric ASDRUBAL
fasdru...@pm.me
[Simple plan de Salut](https://www.godssimpleplan.org/languages-in-print)

Sent with [ProtonMail](https://protonmail.com) Secure Email.

‐‐‐ Original Message ‐‐‐
Le mercredi 6 février 2019 09:06, Frédéric Pierret 
 a écrit :

> Hi,
>
> Even if I can answer the question in French, please ask to the list first 
> instead of me directly for such question as other will probably be interested 
> by your question.
>
> Currently, as far as I know (please Andrew confirm), there is only 
> documentation in English.
>
> French:
>
> "De ce que je sais, il n'existe pas de documentation à l'heure actuelle en 
> français."
>
> Best,
>
> Frédéric
>
> On 2/6/19 2:01 PM, Frédéric ASDRUBAL wrote:
>
>> Bonjour,
>> Est-il possible de trouver de la doc sur Qubes Os en français ?
>> Merci
>>
>> _
>> Frédéric ASDRUBAL
>> fasdru...@pm.me
>> [Simple plan de Salut](https://www.godssimpleplan.org/languages-in-print)
>>
>> Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5OBMvU9euBGv_d3hngBREYifKI5C5-uWuw-xWpqUmCudYxh2Zp_rl3m1O78SC6S5YZmRVouRrmYAxnaW-gKpU3A2hvmcY22T75PilenECg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Achim Patzner]

Am Dienstag, den 05.02.2019, 13:34 -0500 schrieb kitchm via Forum:
> - Google is never a secure option.

And so what? This is a public mailing list with very little
requirements.

> - No one has ever explained how to archive on a local
> computer.

Yeah, well, learn to use the tools you are dealing with. Or pay for a
teacher.

> - Prohibiting top posting is a bad idea because we don't do
> that with the e-mail standard.

You mean "Outlook standard". Before Microsoft encroached upon the world
top posting was a clear request to be shunned. You should have tried it
on Usenet...

Again: If you want to be art of a group, adapt to their standards. or
make up your own environment and live with feeling very lonely there.

- We must all recognize the lowest common denominator which
> are interfaces such as Tutanota.  If you've never used a
> web-mail interface you probably don't understand this.

No. Stop patronizin "us". We don't have to do anything. Learn to find
appropriate tools or live with the things you have. You're the land of
the grown ups.

> The mailing list sends everything.  That's
> just another form of spam.

I just saw Picard and Riker sneaking around the corner doing a double
facepalm.

- There is no reasonable organization to mailing lists, and
> as such they are misleading.

And now Janeway is joining them. Can it get any better?

> By the way, to everyone who wants anonymity, you cannot use
> a mailing list or a forum.  It is currently illegal by
> federal law to clear your browser history.

Wich federation? And if that's a problem just leave the Alpha quadrant.

> What do you
> think would be the ruling regarding deleting an archive? 
> You had better not keep the info on your computer, and you
> had better make sure you are anonymous and untrackable.

You might be better off in "Tinfoil-Hat Folding 101".


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/675a53fd764778a8f18ba08e09a2218d41c44c1a.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Os

[Frédéric Pierret]

Hi,

Even if I can answer the question in French, please ask to the list
first instead of me directly for such question as other will probably be
interested by your question.

Currently, as far as I know (please Andrew confirm), there is only
documentation in English.

French:

"De ce que je sais, il n'existe pas de documentation à l'heure actuelle
en français."

Best,

Frédéric

On 2/6/19 2:01 PM, Frédéric ASDRUBAL wrote:
> Bonjour,
> Est-il possible de trouver de la doc sur Qubes Os en français ?
> Merci
>
> _
> *Frédéric ASDRUBAL*
> /fasdru...@pm.me /
> Simple plan de Salut 
>
> Sent with ProtonMail  Secure Email.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9dbf3ec-281e-1eb3-c884-73240e11a87a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: why mail-list?

[Achim Patzner]

Am Dienstag, den 05.02.2019, 13:32 -0500 schrieb kitchm via Forum:
> @Achim Patzner - noses, Google groups is not intuitive by
> any standard.

So what? Stop being an entitled whiner and learn to use the tools that
are available instead of demanding the world to rotate around you.

> if you truly believed that holding
> your tongue was a good idea, then why did you comment
> further?

It was a polite way of telling you to stop whining and grow a pair.


Achim


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32540534d5c34d47a6a9d1996cabefd332e8bb0d.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] VMs unable to start after forced reboot (see issue #3964 - VMs cannot start)

[whatevrrr]

I posted the problem description to Qubes issue tracker last month - appending 
at that time closed issue #3964 - 
https://github.com/QubesOS/qubes-issues/issues/3964 
 - VMs cannot start. 

Quoting my post here (see the link for whole thread): 

...

>It seems I hit similar problem on Thursday. I installed latest dom0 updates 
>(including e.g. qubes-manager-4.0.26-1; ), rebooted, tried to update all 
>relevant templates using the new, now (after this last update) functioning, 
>qubes-update-gui. Update went fine (except for whonix-14 - a problem with a 
>fix already described elsewhere), but after finishing it, while I was trying 
>to restart all AppVMs, system (dom0) stopped responding on (Debian 9 based) 
>network VM (sys-net-deb) startup (used to happen in the past on each start 
>with NIC assigned without no strict reset AND permissive mode specified - a 
>problem already solved, but, as I assumed, maybe somehow reintroduced by some 
>setting change resulting from the last update).
>
>I forced (HW button) system restart and, seeing that sys-net-deb startup on 
>Qubes boot failed, reselected sys-net-deb assigned devices and reenabled 
>no-strict-reset for these devices using Qube Manager. On the next restart I 
>finally noticed it's not just sys-net-deb that isn't starting.
>
>Now, even after few succeeding restarts, no VM (except dom0) is starting.
>
>I get these errors on each attempted VM startup:
For VMs connected to sys-net-deb through sys-firewall:
>Domain sys-net-deb failed to start:
>Logical Volume "vm-sys-net-deb-volatile" already exists in volume group 
>"qubes_dom0"
or its vm-sys-net-deb-root-snap or sys-net-deb-private-snap variant.
>
>sys-usb (no network, USB controller assigned) throws similar errors, but 
>referencing itself instead of sys-net-deb.
>
>For most VMs without network VM assigned:
Domain  has failed to start: device-mapper:message 
ioctl on (253:3) failed: File exists
> Failed to process thin pool message "create_snap 1666 1649".
> Failed to suspend qubes_dom0/pool00 with queued messages.
>Any attempt to sudo lvremove qubes_dom0/vm--volatile, -root-snap or 
>-private-snap to date ended unsuccessfully with:
>
>device-mapper:message ioctl on (253:3) failed: File exists
> Failed to process thin pool message "create_snap 1666 1649".
> Failed to suspend qubes_dom0/pool00 with queued messages.
> Failed to update pool qubes_dom0/pool00.
>>lvs output:
>pool00 Data%: 74.56, Meta%: 50.37
>one of the appvms -private and -private-*-back Data% at around 98% (I don't 
>assume it means anything - it hasn't been run for ages and it's just an AppVM)
>>Output for different VMs:
>for most AppVMs there is only vm--private and corresponding -*-back entry
for AppVMs with assigned devices (sys-net-deb, sys-usb) there are -volatile, 
-private-snap and -root-snap entries as well; the same applies to whonix-gw-14 
(although it has no device attached (and never had), it is a template and is 
set to standard PVH virtualization mode) and two (random?) AppVMs (one based on 
Debian 9, one on Fedora 28) which I don't remember running recently, nor having 
ever any devices assigned
>for most templates there are just -private, -root and root-*-back entries


I'd like to ask here for some advice regarding recovery of my system from the 
described (still unchanged) state without data loss. I have minimal/no 
knowledge of Xen and LVM Thin Provisioning administration, so I'm pretty 
cluess. Thanks for any help. 

--
Whatevrr

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LY1XqMd--3-1%40tuta.io.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R.I.S.K.S. - Relatively Insecure System for Keys and Secrets (for Qubes OS)

[qubes-fan]

Jan 25, 2019, 1:43 PM by 19hundr...@tutanota.com:

>
> I just published R.I.S.K.S. (> https://19hundreds.github.io/risks-workflow 
> > ). The source repo is > 
> https://github.com/19hundreds/risks-workflow 
> >  .
>
>
> I've been searching for a viable system for managing my own secrets since a 
> while and I'm still on it.
>
>
> Inspired by Snowden's experience with journalists, projects like Enough (> 
> https://enough.community/ > ) and determined to 
> contribute the way I can against digital abuses (monitoring, tapping etc.) I 
> decided to sum up what I know in a step-by-step guide providing a reasonable 
> setup (hopefully) for defending user's secrets.
>
>
> I don't know if many feel the need for such a guide but I crafted it in the 
> hope to be helpful to the vast majority of the audience.
>
>
>
>
> I'd greatly appreciate any feedback, comment, critic and advice driven to 
> improve R.I.S.K.S.
>
> ---
> 1900
>
>
>
>

It is really interesting collection. Did you consider to:

- use the Hidden Volume function like provided in the Vera Crypt? Today in the 
US and GB, and more, you can be forced to unlock any encrypted partition under 
the threat to be locked up indefinitely. Plausible deniability of Hidden 
Volumes can help here. These risks are today very real.
- use some secure USB key, like Notrokey (I know, issue of trusting the vendor, 
but it is similar to an SD card trust). It decreases the need to remember more 
passphrases (all of it can theoretically sleep nicely on the secure USB). It 
can be used with Heads to provide an interesting protection against Evil Maid. 
It also decreases the behind shoulder watching of input of long-strong 
passwords in exposed areas. You just use few-char-pass to unlock the HD or log 
into the system and more.
- use even the Hidden operating system on the secure USB, like that of Nitrokey 
Storage. 

Combining the above mentioned with your attitude, could be very interesting. 
You maybe considered what I mentioned and didn't opt for it for some reason. If 
so, why?

Nice work tbh, good luck!


>
>
>
> --
>  You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
>  To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
>  To post to this group, send email to > qubes-users@googlegroups.com 
> > .
>  To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LX4F0AN--3-1%40tutanota.com 
> >
>  .
>  For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LY1PT7u--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Librem 13 V3

[max via qubes-users]

søndag den 3. februar 2019 kl. 23.45.02 UTC+1 skrev zac...@gmail.com:
> On Saturday, July 7, 2018 at 2:21:50 PM UTC-7, Elburz Sorkhabi wrote:
> > Empty Message
> 
> Did you have to take any additional steps to get Qubes working on the Librem 
> 13 v2?
> 
> Any success with Qubes R4.0.1?

I did a reinstall of 4.0.1 last week and it went smooth, so you should be good, 
if your coreboot is fairly recent

I run Qubes 4.0.1 on Purism Librem 13v2 laptop with all the bells and whistles 
(16GB, nvme pro). 4k is only working @ 26Hz through the HDMI port, so that is 
the definition of laggy right there. Terrible. Horrible. The keyboard mapping 
is also faulty, from the factory, so you have to adjust it in rc.local or 
similar.

I wrote up my experiences a while back, and just updated it with the latest 4K 
annoyances: 
https://www.militant.dk/2018/02/22/ordering-a-purism-librem-13v2-to-run-qubes-4-0rc4/

These faults are actually a dealbreaker for me. I can't live with this device 
anymore, so I'm looking to switch it out with a mac mini size device or 
something similar, that can run 4k @ 60Hz, like normal machines, claiming to 
support 4k, should.

Enjoy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/638b9c4d-42b3-4109-b0ad-60040a37162e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.