date:20190528

drok...@gmail.com wrote on 5/28/19 1:54 AM:

On Monday, May 27, 2019 at 6:32:20 PM UTC-7,
bm-2ctjsegdfzqngqw...@bitmessage.ch wrote:

Interestingly, this apparently problematic 4.19.43 kernel did not break
my Dom0 or Fedora-29, but instead, broke sys-whonix: I can connect
through any chain of net-vms to clearnet, including through debian-9
VMs with 4.19.43. However, I could not get out to the internet via
sys-whonix, until selecting an older kernel in sys-whonix itself. I'm
not sure if that issue has been noted yet. A further twist is that
updates via tor to onion repos still worked with the bad kernel in
sys-whonix. It was only non-update traffic that could not make it
through sys-whonix. This all happens with 4.19.43 in Dom0, and with
kernel-latest (5-something) in Dom0, which had no impact on the issue.

Whonix updating/working fine here. Maybe try creating a new sys-whonix2 VM
from the template, and switch to it.

Try 4.19.46-3 (in current-testing right now). I'm running it and tested
debian-9, fedora-29, and whonix-ws through sys-whonix with no problems.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/562bb56f-a107-f7b6-53b7-1bbe311bb84e%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Unable to upgrade Debian and whonix templates

Bryan Travers wrote on 5/28/19 9:56 AM:

https://www.qubes-os.org/doc/installation-guide/#qubes-401-warning

Thank you.

Bryan

On May 27, 2019, at 9:23 PM, awokd wrote:

sahara090...@gmail.com wrote on 5/27/19 9:51 PM:

Utilizing the code posted on the QubesOS website under “Warning”, I am unable
to execute these upgrades. Sometimes they say the VM name is too long, other
times it says it can’t find the name of the upgrade. getting frustrated and
tried several times from different internet connections, always with the same
result.

Please link to the Warning to which you're referring.

Thanks. CC'ing the qubes-users group back in. That way if people run
into the same problem as you, they can search and find the solution here.

Anyways, not sure why you're experiencing trouble there. Did you scroll
all the way to the right? Another way to accomplish the same procedure
is to run "sudo qubes-dom0-update" in a dom0 terminal, then after a
reboot use the Update widget (sun like icon up by the clock) to update
the templates.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ccaad5ba-343e-43b7-092a-7038e8253eea%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-usb not showing up for attached USB


haaber wrote on 5/28/19 1:43 AM:


I experience (linked or not) a similar pb: all qvm-device
(block/usb.etc) operations are quitted by "ERROR: Got empty response
from qubesd.". Can I restart this service (since it runs apparently
badly). Need I to reboot?

I always reboot when I get that error since it leaves other Qubes 
services in an indeterminate state, and I'm not certain just restarting 
the qubesd service is enough.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7426ff82-3a8f-5e1b-9037-13a7676bebfe%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Openbsd HVM - Network Issues

2019-05-28 Thread ronpunz

Re Qubes 4.0.
I have a openbsdVM but am unable to connect to internet. I'm using ip
adresses from qubes manager i.e ip=10.137.0.28 netmask=255.255.255.255
gateway=10.137.0.6 dns=10.139.1.1 & 10.139.1.2.
I'm able to ping 10.137.0.28 and 10.137.0.6 but unable to ping say
google.com.

I've tried without success copying the output from the command
"ifconfig" & "route show" - maybe someone can give me advice on how to
post the output to this forum?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/65c31e6d8bcbb9f5cba72837d5c0cfc8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Openbsd HVM - Network Issues


ronp...@riseup.net wrote on 5/28/19 11:57 AM:

Re Qubes 4.0.
I have a openbsdVM but am unable to connect to internet. I'm using ip
adresses from qubes manager i.e ip=10.137.0.28 netmask=255.255.255.255
gateway=10.137.0.6 dns=10.139.1.1 & 10.139.1.2.
I'm able to ping 10.137.0.28 and 10.137.0.6 but unable to ping say
google.com.

I've tried without success copying the output from the command
"ifconfig" & "route show" - maybe someone can give me advice on how to
post the output to this forum?

Try making your netmask 255.255.255.0. You need to have Qubes Tools 
running for clipboard integration, so you might only be able to post 
screenshots if necessary.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9764d3a-f661-f3a7-7c69-6606232aff0e%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-28 Thread brendan . hoar

On Saturday, May 25, 2019 at 8:50:57 PM UTC-4, unman wrote:
> Docs also say that where a thin pool is used primarily for thin
> provisioning a larger value is optional.

Did you mean to say "optimal" or did the docs really say that larger cluster 
sizes are optional?

In any case, I think the docs I read had a bit of a hedge: they stated a larger 
value is better for performance, but a smaller value may be better for heavy 
COW usage.
 
> This isnt a Qubes choice - it's Fedora, (and, I think, dependent on the
> size of the pool.)

Sure.

Sounds like a lot of folks around here want to get out from under the thumb of 
Big Red. :P

Brendan

PS - opened three new issues...

#5053 - Qubes Disk Widget - please inform about/alert on pool metadata space
#5054 - LVM Pool metadata default size is too small
#5055 - Add fstrim on shutdown of templates and template-based VMs

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26ac4263-4508-48d0-9f7e-940631061349%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

2019-05-28 Thread brendan . hoar

On Saturday, May 25, 2019 at 2:28:13 PM UTC-4, Chris Laprise wrote:
> I think the only _good_ way to deal with COW metadata expansion, since 
> its always related to data fragmentation, is to keep expanding it and 
> let system performance degrade accordingly.

Yup.

One could argue that the same solution could be *actively* applied to prevent 
running out of free space. :) My recollection is that my old Drobo used to do 
this (for free space, though presumably both).

> This simply makes 
> de-fragmentation maintenance issue (defrag to shrink metadata and get 
> performance back). This is what Microsoft did with NTFS and it was the 
> right choice; clinging to fixed metadata sizes is merely a state of 
> denial that leads to peoples' disks suddenly becoming unusable.

Lack of COW aside, NTFS's odd "separation plus mixing" of storage and metadata 
is fascinating. I mean, it works! And works pretty well! And is ancient!

It *does* keep you on your toes, though, mitigating for forensics..."NTFS: oh, 
you have a small file? Well, I'll just store that over here in the metadata 
stream. You want to delete it? Sure, I'll mark it deleted. Erasing free space? 
go right ahead, I'll be over here waiting. Oh, it's still here? Well...better 
talk to Mr. Russinovich if you want to figure out how to really destroy that 
file..."*

-Brendan
* upon review, I read that in the Q voice, for maximum nerdiness.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61d159fe-b7e1-46a3-adba-1fa2c359bf26%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Openbsd HVM - Network Issues

2019-05-28 Thread ronpunz

On 2019-05-28 12:10, 'awokd' via qubes-users wrote:
> ronp...@riseup.net wrote on 5/28/19 11:57 AM:
>> Re Qubes 4.0.
>> I have a openbsdVM but am unable to connect to internet. I'm using ip
>> adresses from qubes manager i.e ip=10.137.0.28 netmask=255.255.255.255
>> gateway=10.137.0.6 dns=10.139.1.1 & 10.139.1.2.
>> I'm able to ping 10.137.0.28 and 10.137.0.6 but unable to ping say
>> google.com.
>>
>> I've tried without success copying the output from the command
>> "ifconfig" & "route show" - maybe someone can give me advice on how to
>> post the output to this forum?
>>
> Try making your netmask 255.255.255.0. You need to have Qubes Tools
> running for clipboard integration, so you might only be able to post
> screenshots if necessary.

Thanks for your prompt reply. I have tried netmask 255.255.255.0 - but
no success.
As you suggested, attached is a screenshot of the command "ifconfig" 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/daa0c029a6cbd858a68062f7bc4741f0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Device showing up in Qubes sys-usb terminal but not devices icon, and attach error in dom0

2019-05-28 Thread brendan . hoar

On Monday, May 27, 2019 at 8:05:07 PM UTC-4, awokd wrote:
> Stumpy wrote on 5/27/19 4:09 PM:
> > I am trying to use an onlykey U2F but have run into some issues like it
> > showing up in dom0 and sys-usb but seems like i cant use it.
> > 
> > in sys-usb:
> > [user@sys-usb ~]$ lsusb | grep Only
> > Bus 004 Device 010: ID 1d50:60fc OpenMoko, Inc. OnlyKey Two-factor
> > Authentication and Password Solution
> > 
> > and in Dom0:
> > [ralph@dom0 ~]$ qvm-usb | grep ONLY ; sudo qvm-usb a sys-usb sys-usb:42
> > sys-usb:4-2 CRYPTOTRUST_ONLYKEY_346etc
> > Device attach failed:
> > [ralph@dom0 ~]$
> > 
> > I decided to go with the chrome app but even though sys-usb seems to see 
> > the onlykey I cant seem to attach it to the chrome appvm i made?
> > 
> If you are using a custom template for your Chrome AppVM, don't forget 
> to install the necessary qubes-usb package in it.

Also:
1) Is it a composite USB device (multiple services on a single endpoint, not a 
hub).
2) Is one or more service based on the HID interface and possibly blocked as it 
is seen as a keyboard?

Similar issues occur with yubikeys, I believe there are documents that may help 
on the qubes-os.org site related to making yubikeys work.

Brendan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd282497-0342-45e3-95d0-7d7cb1ac4a81%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Openbsd HVM - Network Issues

ronp...@riseup.net:

On 2019-05-28 12:10, 'awokd' via qubes-users wrote:

ronp...@riseup.net wrote on 5/28/19 11:57 AM:

Re Qubes 4.0.
I have a openbsdVM but am unable to connect to internet. I'm using ip
adresses from qubes manager i.e ip=10.137.0.28 netmask=255.255.255.255
gateway=10.137.0.6 dns=10.139.1.1 & 10.139.1.2.
I'm able to ping 10.137.0.28 and 10.137.0.6 but unable to ping say
google.com.

I've tried without success copying the output from the command
"ifconfig" & "route show" - maybe someone can give me advice on how to
post the output to this forum?

Try making your netmask 255.255.255.0. You need to have Qubes Tools
running for clipboard integration, so you might only be able to post
screenshots if necessary.

Thanks for your prompt reply. I have tried netmask 255.255.255.0 - but
no success.
As you suggested, attached is a screenshot of the command "ifconfig"

Screenshot looks fine. "Route show" says your default route is to
10.137.0.6? Maybe reboot the HVM for good luck, if you haven't since the
subnet mask update. Seems like you're almost there since you can ping
10.137.0.6.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/062c3712-867b-4cb8-d23a-db6bb3de4c43%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to automate cloud backups of trusted vault files?

2019-05-28 Thread 'Side Realiq' via qubes-users

> 
> From: David Hobach 
> Sent: Tue May 28 10:11:18 CEST 2019
> To: Side Realiq , 
> Subject: Re: [qubes-users] How to automate cloud backups of trusted vault 
> files?
> 
> 
> 
> 
> On 5/27/19 3:05 PM, David Hobach wrote:
> > 
> > 
> > On 5/27/19 12:52 PM, 'Side Realiq' via qubes-users wrote:
> >> How to automate backups of files from a very trusted vault to the 
> >> cloud? What are some best practices for that?
> >>
> >> My current issue is that the files in the trusted vault do not have 
> >> internet connection, so the cloud backup software should not be 
> >> running in the vault, and needs to run in a separate "backup" internet 
> >> connected qube. But I don't know how I can automate copying the files 
> >> from the vault to the backup qube. The qvm-copy command requires 
> >> manual choice of the target VM, which is not automated.
> > 
> > This depends on your Qubes RPC policy, which you can manage with the 
> > /etc/qubes-rpc/policy files in dom0. Also see [1].
> > So you can automate qvm-copy usage, if you want to.
> > 
> > Another option is to entirely attach your data from the source VM to the 
> > backup VM using qvm-block, which should be faster as it doesn't involve 
> > copy operations between VMs. See e.g [2] for that method.
> > 
> > I'd also recommend to
> > a) use software you trust for backups.
> > b) use encrypted containers (e.g. dm-crypt) for backups unless you 
> > completely trust your cloud provider (I certainly don't).
> > 
> > [1] https://www.qubes-os.org/doc/rpc-policy/
> > [2] https://github.com/3hhh/blib/blob/master/lib/os/qubes4/dom0#L955
> 
> I had received another few private questions about this that I'd like to 
> respond to:
> 
> 1. "You mentioned "use encrypted containers" when backups are made they 
> are encrypted correct? How about AppVMs, are they encrypted by default?"
> 
> The default backups made by Qubes OS are encrypted and should be the 
> overall preferred way of doing backups.
> 
> Since the OP was asking about only backing up dedicated files rather 
> than the entire AppVM (what the Qubes OS backup does), he'd have to 
> implement the encryption part himself.
> 
> It might make also sense to put the data meant to be backed up inside a 
> dedicated VM and then use the default backup mechanism with your cloud 
> provider. Of course you'd have to mount the cloud provider file system 
> inside your backup VM first.
> 
> Personally, I don't use the default mechanism for speed reasons - my 
> internet connection is too slow to push 100+ GB over it for every 
> backup. sparsebak might help here [3], but is not official yet.
> 
> [3] https://github.com/tasket/sparsebak
> 
> 2. "For option 2) the function b_dom0_attachVMDisk attaches "the entire 
> private disk image (private.img) of the source VM to the target VM". In 
> my vault there is a folder with the encrypted files, and another with 
> decrypted files and I don't want to expose the decrpyted files to 
> another VM. Can I attach only a specified folder (with the encrypted 
> files) to another VM? If yes how?"
> 
> You can only attach devices to other VMs with qvm-block. So you'd have 
> to put your file inside a loop device, which you could then attach to 
> the backup VM. If "encrypted files" means a dm-crypt container, you can 
> map the decrypted data from your AppVM to your backup VM (cryptsetup 
> creates a /dev/mapper/something device after decryption, which you can 
> then use with qvm-block).
> 
> I'll also release some software in a month or so to simplify dm-crypt 
> usage with Qubes OS.
> 
> Alternatively you could separate the files you'd like to backup from 
> those you don't by using different VMs for them.

Thank you!

2) I created a loop device in the vault VM, attached it to the cloudVM. I can 
see that the files which were in the vaultVM loop device are also accessible 
from the cloudVM. I created a new file in the vaultVM loop device, but the file 
didn't show up the attached folder in the cloudVM. Why is that and how can I 
make them sync? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1278756646.143966.1559050620561%40ichabod.co-bxl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is it safe to update dom0 now?

2019-05-28 Thread scurge1tl

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> 


> 
> 'awokd' via qubes-users:
 scurge1tl:
> I am reading the threads related to the issues with the 
> dom0 update. Do I understand it properly that now it is 
> safe to update the dom0 and the mentioned issues are not 
> spawning anymore?
> 
> Should I better backup my qubes before proceeding to the 
> USB?
 
 Yes, the newer branch of kernel has been temporarily pulled 
 from updates. It is still a good idea to do a backup before 
 major updates.
 
> 
> 
> 
> How would one know if an update is a major one? Or you mean every 
> dom0 update should be considered to be major?
> 
> 
> Kernel updates and/or Xen updates for dom0 are considered major.
> 
> Basically, you should update all other qubes as you normally
> would, but when it says there are dom0 updates, check them out
> first.
> 
>> From Qubes Manager:
> 
> dom0 -> Upgrade qube
> 
> It will download updates, but before installing, will show you
> what they are, and ask if you want to install.  If you see kernel
> and/or xen updates, it's always a good idea of cancelling the
> update, and do a backup first.  And check here for problems too.
> 


Is it a good practice to backup the Templates as well? It is a bit
large, but I guess if I would like to restore the qubes from backup, I
will need to have the templates installed to make it successful,
right? Or is it enough to backup the important VMs only?


-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztPj1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzA4RAAkHhfH8OhsxNa2OKpdgwM3//zAePxInV4tK3hknm54czDRP9jnZwXLnyS
E6ni8pneWu+3pja16o97ivr1gzJiz7lY+TmMH+uyAs8xUKQytl9qaTlw6B89jg8r
3C3i495QrHGRerWS9rD5B3l47Ukhc/wS+oEBTwgdWpm2KB0pz0I6QI2Oc+zPruGQ
QTK3QwCBAfX6QxOW5pJhHFG0wj49xuhdbseSfia0MjhobNSEsMJgPAAVs5ABvm27
BM/2g5xU5RvfP6iToh5htLfWQflSzwxmpNXVY+OFyGunPTj80zAW7iTtI7BIi+KN
0Y8jIkw8Gopxrc4qa9y5uZNXtmAZmbIify35/Bglms+DW5+wFOhxNUfSpsq9YkFt
f5nyxa0qpnb81CzWRlmoiOqZuA3sLg1ACs4TEhw3tIsqaOmqn+xgI6SNkycNCrRG
xOEHQTWe9iZA6aWtX7nnAElcqljZCVdmiMNyM1K2MqtfH7EQ+P4DRO0nNe/KY3NN
QCZizlY1uvHyoVqoOpoMaOmVpefg3qpshDLt6gu02TJNm3JRd1wwY7RcLqvp5PoF
1+5r+TTsf2ncPIXUsYJJ/Fka7i3Rmr3R9ofyRUsRL6gr+0iRvgU1ZdsDEXgY1RHs
OqOyyxotG6NTnP7SQQJi08HOJWgANIqVeqQzDA74Zm+vKXyrTvA=
=47bF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e68dcedf-49c7-9342-be2e-120a0a2cbebb%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Openbsd HVM - Network Issues

2019-05-28 Thread ronpunz

On 2019-05-28 13:15, 'awokd' via qubes-users wrote:
> ronp...@riseup.net:
>> On 2019-05-28 12:10, 'awokd' via qubes-users wrote:
>>> ronp...@riseup.net wrote on 5/28/19 11:57 AM:
 Re Qubes 4.0.
 I have a openbsdVM but am unable to connect to internet. I'm using ip
 adresses from qubes manager i.e ip=10.137.0.28 netmask=255.255.255.255
 gateway=10.137.0.6 dns=10.139.1.1 & 10.139.1.2.
 I'm able to ping 10.137.0.28 and 10.137.0.6 but unable to ping say
 google.com.

 I've tried without success copying the output from the command
 "ifconfig" & "route show" - maybe someone can give me advice on how to
 post the output to this forum?

>>> Try making your netmask 255.255.255.0. You need to have Qubes Tools
>>> running for clipboard integration, so you might only be able to post
>>> screenshots if necessary.
>>
>> Thanks for your prompt reply. I have tried netmask 255.255.255.0 - but
>> no success.
>> As you suggested, attached is a screenshot of the command "ifconfig"
>>
> Screenshot looks fine. "Route show" says your default route is to
> 10.137.0.6? Maybe reboot the HVM for good luck, if you haven't since
> the subnet mask update. Seems like you're almost there since you can
> ping 10.137.0.6.
As you suggested, I rebooted but it complained about netmask
255.255.255.0 and refused to ping anything.
I tried reverting to netmask 255.255.255.255 and now cannot ping
10.137.06
I'm adjusting these settings in /etc/hostname.xnf0 which now reads inet
10.137.0.28 255.255.255.255 10.137.0.6 Does that look right to you?
After changing these setting i run "sh /etc/netstart" Which I think is
equivalent to rebooting?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/79f1b3e3c32bce483a35aa1ff7d167e8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Updating Fedora-template

2019-05-28 Thread josefh.maier via qubes-users

Hello forum.
I am new to Qubes and Fedora... is there an equivalent to the Debian
'apt-get update upgrade' ?
Thank's a lot for your feedback!

Joe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190528153202.0E2012010D%40smtp.hushmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Updating Fedora-template

2019-05-28 Thread scurge1tl

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



josefh.maier via qubes-users:
> Hello forum. I am new to Qubes and Fedora... is there an equivalent
> to the Debian 'apt-get update upgrade' ? Thank's a lot for your
> feedback!
> 
> Joe
> 

apt-get of debian is equal to dnf in fedora

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztVaVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxgJA//SfVfi/QgI4lz6BWRuHTzc1QuQVpT4hLpNQdOHmpFWw19toHVu4Lrq+Jp
GQzUhfDBjcv98fpXJFzSoHhqDqbvwkJNIyG0JQRV95XxoaBPlW3HiZ9FBbIW0GHY
LtsbXXrefI5OLC9O4E8QPUoPatBRvIpJkDxOjwp+9b5AsOnGMA3p5Q2D6eOkqYkQ
xAQKUdms2pwbYXIyAMzbXUJQlFMdm9seH2++RLL0MjbaMI6IO/8iq4GtpyFYabhy
2k1v/be1KQeYYioFI9bkL+ukD0T0RxCq9P54v33a91qJyPPs9HQZxzMeXBXhn5QQ
mqeR6nlW00rBUk9/syudJYIRbzVD7iD0knDWgKmgyXFqrPEfzXzM5GJl8HsLtSQ9
dGXut6XWUZwWwQyTAu5g3u74+feJ1M/ppL981/aQpM+TlSJ1M+s63n+TZVGddHuB
NFCEzk85sz/SUvfWA7VqrKO5sU36PkTBhdFvHwtTXIWLN7DV/ptulImi0yGKkZTU
SX6WGHkheQQgWI3rmCxfHTT8axWXEtXRxoNUUH868otN6BHee0FVhPPTWqxOqiBB
0mT8UABm0VTryFkKzvpanrYL9Ddm4POTzsJOFG08U/MCh0apFwHCGfoihfVA1iE9
y839ExqvoFXJHS2YAoXE2XFg0AS4DmqQlOl+JwHDREBLhy9o9ds=
=MGnb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/594ed318-d404-0445-4adc-d7277e250d85%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] R4.0.1 Thinkpad e590 igfx graphic issues uefi, legacy not installable

2019-05-28 Thread laurischfelix

I installed qubes 4.0.1 multiple times and still can not get the graphics to 
work properly 
I have the slow screen rendering issues from the intel graphics troubleshooting 
page and also had the iommu=noigfx and alpha...=1 flags enabled by default

I thought it would go away after updating but i can not update dom0

I tried installing it in legacy mode but it crashes with an ACPI error.

I really want this and bought a thinkpad just for qubes.

What can i do?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74c9915e-60db-4017-9a25-1f7e55d391f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] X230 vs Purism - real world attack probability

2019-05-28 Thread scurge1tl

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



taii...@gmx.com:
> On 05/21/2019 09:52 AM, scurge1tl wrote:
>> I have a question related to the decision about what laptop is
>> the better option for Qubes usage, from the security point of
>> view, in the real world.
>> 
>> The question is related to the IME on Intel, PSP on AMD and
>> other Hardware holes. I took these laptop examples to sample the
>> differences somehow.
>> 
>> Pose the non-existent micro controllers updates, like in case of
>> X230 with IME disabled and corebooted, which doesn't but get
>> these updates anymore,
> 
> What updates? who told you that? What micro controllers?

I heard that many times during discussions. I am not a programmer so I
have to rely on others to evaluate the situation.

> 
>> higher risk than only partial disabling of the IME by Purism 
>> which still but gets the micro controllers updates? Or is it a
>> vice versa?
>> 
>> If I would like to have a strong security position, in case of
>> the laptop Hardware with Qubes, and would decide in between the
>> two, which variant will be more prone to the real world attacks?
>> What attack vectors are available in both cases? For example, is
>> one of the cases more resistant to the remote exploitation. Is
>> one of the options forcing an attacker more to execute an attack
>> with physical access than the other option?
>> 
> 
> pur.company is junk, they are an incredibly dishonest company that
> sells "coreboot open firmware librem" machines that have a hw init
> process that is entirely performed via the Intel FSP binary blob.
> 
> The x230 is far more free than anything pur.company could sell
> you, freeing intel fsp won't happen due to how difficult it would
> be without documentation and how long it would take and it is both
> impossible and illegal to free Intel ME.
> 
> Illegal? Yes - ME/PSP is a DRM mechanism and bypassing them is
> illegal in the usa where they are based.
> 
> But since the 230 still has an ME abit more nerfed than the
> purijunk you should get a G505S which has no ME/PSP and is the most
> free laptop option.

You mention G505S. Can it run Qubes without issues?

> 
> Pur.junk = me kernel+init code run (not disabled), HW init 100%
> blobbed - performed via Intel FSP X230 = me init code runs (not
> disabled), HW init is open source G505S = No ME/PSP, CPU/RAM hw
> init is open source, graphics/power mgmt requires blob but IOMMU
> prevents them from messing with stuff. - the most free

Can the G505S be bought in the setup you mentioned, with CPU/RAM HW
init opensource and so on, or it is needed to hack it myself?
What is the performance of the X230 versus G505S? Seems that X230 and
G505S have 1366x768. Is there full HD option? Can the Ram be upgraded
to 16GB on both?

> 
> pur.company lies by claiming their ME is "disabled" when the kernel
> and init code still run.
> 
> 
> I don't want to say their name as they send someone out of the
> woodwork to defend them and waste my time every time someone
> mentions them in a negative light they go and start claiming that
> they are "doing their best" - whereas various other much newer
> companies are actually selling owner controlled libre firmware
> trustworthy general computing hardware proving their claims of
> "doing our best" to be bullshit.
> 
> If you want more info see my other posts as I have made many of
> them re: pur.company or laptop/desktop/workstation selections.
> 
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztYvBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uy78A/+N+BL/lLBodnYBR7yfrOisHvUtxMacQ2A/m6+4OAsZSRyGVN+qxSOg269
LZgxwZfaJuWZuuhPGuLftY7j7Vz4zopgPjlcVQ0UR01HD9jx16lXD3E2mvGxxuSr
gwOY1FlrknV15qFl/V1HvGXKXpqOCKOyPUjdjSyGpB8kc0lvjAaC1KDj09G6CzXF
scp98rOLFYbvIairEfWuiIvwjTmfwyTxNQRrG7hYomiE5EzDslPT4Owpoky9RGzj
T3ICHJq2pq/8GqgnX7DarxkPRlKt7VNMg6ZdfoCkeN+zqty0T2WMvre77kgAlykQ
HMh+hdkrGztFapM1lA1PBifxNhznxDcsICEzl5khPyey3sZYkA1HVZ37Z+SVMYyB
XtbFc+vFx8l0uEhyXlJkotgxg+1liguReK3KCn1t75CpUsiVrQI2dtxC7Ns3SjmI
H/Hlg30Ju4KV9emb0icNHwtv9HhE9huOnFzKS3KjGHTn+GrS0ubzQXfvRmfrAFbC
Kwz6OYQP6VsX4FwJek6UwS+rfTyHi50Uef/QvxKqN3OyukonVfGFzB+l7EWZthpd
U63IdtVD0dcHag27qh65ayPXwTTLLHxpa+52eHxnxI+19u2RT5XErhdEDBzL9UDC
kghFEw/Rmt1sGaG93+vRRVFpyph1JWnyyQEbnji/FAx72ALv754=
=YmLb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a16d0794-a892-0a75-16f9-6bf20aa2fb29%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] dsa-4371-update

2019-05-28 Thread Dominique St-Pierre Boucher

Good day Qubes community,

I created a debian-10 template and I cannot use the qubes-manager to start the 
update because of the dsa-4371-update that is looking for a either 8.0 or 9.0 
in the /etc/debian-version and I have a 10.0.

How do I fix this?

Thanks!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4b61177-5760-4950-b3b2-64fbd2ae7042%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R4.0.1 Thinkpad e590 igfx graphic issues uefi, legacy not installable

2019-05-28 Thread rogertobler via qubes-users

The newest kernel updatev(a day old) solved that problem for me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/831f58b0-c3d0-43e9-9479-7dbc05dddaef%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: dsa-4371-update

2019-05-28 Thread Dominique St-Pierre Boucher

Hello again,

Found it by myself. I modified the script located in 
Dom0:/usr/libexec/qubes-manager/dsa-4371-update

I added those lines:
10.*)
codename="buster"
pkg="libapt-pkg5.0"
fixed_version="1.8.1"
;;

Seems to be working fine for now!!!

Any comments?

Thanks

On Tuesday, May 28, 2019 at 12:36:29 PM UTC-4, Dominique St-Pierre Boucher 
wrote:
> Good day Qubes community,
> 
> I created a debian-10 template and I cannot use the qubes-manager to start 
> the update because of the dsa-4371-update that is looking for a either 8.0 or 
> 9.0 in the /etc/debian-version and I have a 10.0.
> 
> How do I fix this?
> 
> Thanks!
> 
> Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50ddd851-c162-4a4e-b45d-007bc2b463f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R4.0.1 Thinkpad e590 igfx graphic issues uefi, legacy not installable

2019-05-28 Thread laurischfelix

Yes i have just seen your post and it did it for me as well :)
FINALLY haha 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0cde0aed-d46e-4a1c-bc1c-593d355079b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is it safe to update dom0 now?


scurge1tl wrote on 5/28/19 1:57 PM:


Is it a good practice to backup the Templates as well? It is a bit
large, but I guess if I would like to restore the qubes from backup, I
will need to have the templates installed to make it successful,
right? Or is it enough to backup the important VMs only?


You don't exactly need to backup templates, but it can make recovery 
easier if you have heavily customized them. If you're only using 
templates that come with Qubes, the only difference compared to newly 
installed ones are updates.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/befdc04c-3bac-f951-edbb-42025c5284d7%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Openbsd HVM - Network Issues


ronp...@riseup.net wrote on 5/28/19 2:29 PM:


As you suggested, I rebooted but it complained about netmask
255.255.255.0 and refused to ping anything.
I tried reverting to netmask 255.255.255.255 and now cannot ping
10.137.06
I'm adjusting these settings in /etc/hostname.xnf0 which now reads inet
10.137.0.28 255.255.255.255 10.137.0.6 Does that look right to you?
After changing these setting i run "sh /etc/netstart" Which I think is
equivalent to rebooting?

Sorry, you've exceeded my minimal knowledge of BSD already. All HVM 
networking works the same, so I don't get why it's not here. I know some 
people have been able to get OpenBSD working; try searching this mailing 
list if you haven't yet or hopefully one of them will chime in.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f6faa962-c220-8de8-334b-f9273516523c%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] whonix tor browser noscript button missing?

2019-05-28 Thread mossy

Hello Qubes Community,

Has anyone noticed the blue/white noscript S button is missing since a
recent whonix-torbrowser update?  AFAIK this is needed use javascript in
whonix.

Anyone notice this or have a workaround?

thx!

-m0ssy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c70e49c8-7755-1df1-db2d-703a67787ef5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] whonix tor browser noscript button missing?

2019-05-28 Thread g80vmgmsqw

mossy:
> Hello Qubes Community,
> 
> Has anyone noticed the blue/white noscript S button is missing since a
> recent whonix-torbrowser update?  AFAIK this is needed use javascript in
> whonix.
> 
> Anyone notice this or have a workaround?
> 
> thx!
> 
> -m0ssy
> 

See https://trac.torproject.org/projects/tor/ticket/30600 .

It's a pretty contentious issue, with Tor Browser devs closing as
WONTFIX because they plan to introduce a new permissions UI sometime in
the future.

The NoScript widget still exists, and in fact its use is apparently
still necessary for some sites to work, but you'll have to manually add
the widget back to the toolbar (Settings button > Customize... >
Right-click NoScript > Add to Toolbar).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f921a240-bfee-ca49-800f-525a7e7009e5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: WARNING: don't update qubes, will break your install


for the record from the github


qubes-bot said

The package kernel-4.19.46-3.pvops.qubes has been pushed to the r4.0 
testing repository for dom0.

To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing


I did a dom0 update but  haven't rebooted yet, I am at uptime of 10 
days,   shall I install over the top  of  the last  dom0 update  with 
the above ???





personally I don't even backup 1x/month, but then I am not creating very 
many files locally


those are in the Vault , and rarely do I add anything to it 

I can't recall the last dom0 reinstall ,  nice thing is  I can fail on 
the Templates and just  reinstall those   akin to borking a computer 
OS, without the risk to my local files as they live in the AppVMs   :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9dd30c6d-6761-a06b-f941-223c49bfe694%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: WARNING: don't update qubes, will break your install


On 5/26/19 1:32 AM, drokmed-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

I just noticed on the Fedora forums they released Fedora 30 today.

Qubes runs Fedora 29, so I don't know if today's updates had anything to do 
with f30, but it might be related.  Checking to see if anyone else on fedora 
forums has similar issue as mine.




Are you saying you think your Fedora-29  template  caused your  dom0 
domain to fail ?


afaik the Qubes Fedora-29 template is not going to auto update to 
Fedora-30like with $dnf upgrade   or something


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e48de006-2a47-aed8-0078-4cd3475c44e0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Updating Fedora-template


On 5/28/19 3:32 PM, josefh.maier via qubes-users wrote:

Hello forum.
I am new to Qubes and Fedora... is there an equivalent to the Debian
'apt-get update upgrade' ?
Thank's a lot for your feedback!

Joe



for debian it's
$ sudo apt-get update && apt-get dist-upgrade

for fedora seems to be

$sudo dnf update && sudo dnf upgrade

but I am just at qubes 'kludge' level as to what is upgraded in both , 
though suppose could find the answer somewherez


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c4d117b-7e31-9fe4-b848-6fae623baacc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: WARNING: don't update qubes, will break your install

2019-05-28 Thread drokmed

On Tuesday, May 28, 2019 at 11:37:07 AM UTC-7, Jon deps wrote:
> for the record from the github
> 
> 
> qubes-bot said
> 
> The package kernel-4.19.46-3.pvops.qubes has been pushed to the r4.0 
> testing repository for dom0.
> To test this update, please install it with the following command:
> 
> sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
> 
> 
> I did a dom0 update but  haven't rebooted yet, I am at uptime of 10 
> days,   shall I install over the top  of  the last  dom0 update  with 
> the above ???
> 
> 
> 
> 
> personally I don't even backup 1x/month, but then I am not creating very 
> many files locally
> 
> those are in the Vault , and rarely do I add anything to it 
> 
> I can't recall the last dom0 reinstall ,  nice thing is  I can fail on 
> the Templates and just  reinstall those   akin to borking a computer 
> OS, without the risk to my local files as they live in the AppVMs   :)

I see the new kernel is back in the dom0 repository, same name/version, no idea 
if it's a fix or the original.

I spent the whole weekend getting my laptop working again, not ready to break 
it again.  I'll hold off a few days on this one.  Work to do.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d887804-8f97-47cf-8701-94e21fe487ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Kernel 4.19.43 breaks sys-whonix too?

2019-05-28 Thread BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3

On Tue, 28 May 2019 10:56:30 +
"'awokd' via qubes-users"  wrote:

> drok...@gmail.com wrote on 5/28/19 1:54 AM:
> > On Monday, May 27, 2019 at 6:32:20 PM UTC-7,
> > bm-2ctjsegdfzqngqw...@bitmessage.ch wrote:  
> >> Interestingly, this apparently problematic 4.19.43 kernel did not
> >> break my Dom0 or Fedora-29, but instead, broke sys-whonix: I can
> >> connect through any chain of net-vms to clearnet, including
> >> through debian-9 VMs with 4.19.43. However, I could not get out to
> >> the internet via sys-whonix, until selecting an older kernel in
> >> sys-whonix itself. I'm not sure if that issue has been noted yet.
> >> A further twist is that updates via tor to onion repos still
> >> worked with the bad kernel in sys-whonix. It was only non-update
> >> traffic that could not make it through sys-whonix. This all
> >> happens with 4.19.43 in Dom0, and with kernel-latest (5-something)
> >> in Dom0, which had no impact on the issue.  
> > 
> > Whonix updating/working fine here.  Maybe try creating a new
> > sys-whonix2 VM from the template, and switch to it. 

Strange, I could update just fine, and the sys-whonix connected to tor
internally just fine, but VMs connecting through it had issues. The same
was true when I made a new  sys-whonix2 on the same kernel (not older
ones).


> Try 4.19.46-3 (in current-testing right now). I'm running it and
> tested debian-9, fedora-29, and whonix-ws through sys-whonix with no
> problems.

Will have to figure out how to grab just this from testing and try,
thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/A09AB2E5-B979-40CE-9223-51159FB7F928%40mail.bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to automate cloud backups of trusted vault files?

On 5/28/19 5:04 AM, Side Realiq wrote:

From: Chris Laprise 
Sent: Mon May 27 19:58:35 CEST 2019
To: David Hobach , Side Realiq , 

Subject: Re: [qubes-users] How to automate cloud backups of trusted vault files?

On 5/27/19 9:05 AM, David Hobach wrote:

On 5/27/19 12:52 PM, 'Side Realiq' via qubes-users wrote:

How to automate backups of files from a very trusted vault to the
cloud? What are some best practices for that?

My current issue is that the files in the trusted vault do not have
internet connection, so the cloud backup software should not be
running in the vault, and needs to run in a separate "backup" internet
connected qube. But I don't know how I can automate copying the files
from the vault to the backup qube. The qvm-copy command requires
manual choice of the target VM, which is not automated.

This depends on your Qubes RPC policy, which you can manage with the
/etc/qubes-rpc/policy files in dom0. Also see [1].
So you can automate qvm-copy usage, if you want to.

Another option is to entirely attach your data from the source VM to the
backup VM using qvm-block, which should be faster as it doesn't involve
copy operations between VMs. See e.g [2] for that method.

I'd also recommend to
a) use software you trust for backups.
b) use encrypted containers (e.g. dm-crypt) for backups unless you
completely trust your cloud provider (I certainly don't).

[1] https://www.qubes-os.org/doc/rpc-policy/
[2] https://github.com/3hhh/blib/blob/master/lib/os/qubes4/dom0#L955

You can also orchestrate the backups from dom0 using 'qvm-run'. This
gets rid of any need to set rpc policies or other sidestepping of
interactive prompts. For example:

qvm-run -u root -p vault 'cryptsetup luksOpen /home/user/backup.img
backup --key-file key.dat && mount /dev/mapper/backup /mnt/backup'

qvm-run -u root -p vault 'cp -au /home/user/Documents /mnt/backup &&
umount /mnt/backup && cryptsetup luksClose backup'

qvm-run -u root -p vault 'cat /home/user/backup.img' | qvm-run -p
cloudvm 'ssh u...@dest.com "cat >backup.img"'

The above opens a LUKS encrypted container (disk image file), updates
the files within it using 'cp -au', then unmounts and closes the
container. Finally, it pipes the container img file through ssh to the
destination system.

Initial setup of the container looks like (in vault vm):

truncate -s 50M backup.img # Size is 50 megabytes
cryptsetup luksFormat backup.img
cryptsetup luksOpen backup.img backup
mkfs.ext4 /dev/mapper/backup
cryptsetup luksClose backup
sudo mkdir /mnt/backup

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Thank you for the detailed instructions!

I executed them until the SSH piping. What should I enter as u...@dest.com?
I assume user@ ? But I get connection refused. In the firewall documentation 
one can enable networking between two qubes with iptables. "qvm-ls -n" shows the IP 
of the cloudvm, but the vault does not have IP.

There should be no need to adjust the Qubes firewall.

The ssh command and u...@dest.com is just an example of a network/cloud 
protocol and destination address. You can choose whatever cloud 
destination suits you as long as you have an account with them. If they 
don't support ssh, you would have to substitute the ssh command with 
something else, such as 'aws'.

Also, please see my next reply...

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bc75d39-fa2c-63c5-82c5-9f5087ac26a7%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to automate cloud backups of trusted vault files?

On 5/28/19 9:37 AM, 'Side Realiq' via qubes-users wrote:

From: David Hobach 
Sent: Tue May 28 10:11:18 CEST 2019
To: Side Realiq , 
Subject: Re: [qubes-users] How to automate cloud backups of trusted vault files?

On 5/27/19 3:05 PM, David Hobach wrote:

On 5/27/19 12:52 PM, 'Side Realiq' via qubes-users wrote:

How to automate backups of files from a very trusted vault to the
cloud? What are some best practices for that?

My current issue is that the files in the trusted vault do not have
internet connection, so the cloud backup software should not be
running in the vault, and needs to run in a separate "backup" internet
connected qube. But I don't know how I can automate copying the files
from the vault to the backup qube. The qvm-copy command requires
manual choice of the target VM, which is not automated.

This depends on your Qubes RPC policy, which you can manage with the
/etc/qubes-rpc/policy files in dom0. Also see [1].
So you can automate qvm-copy usage, if you want to.

Another option is to entirely attach your data from the source VM to the
backup VM using qvm-block, which should be faster as it doesn't involve
copy operations between VMs. See e.g [2] for that method.

I'd also recommend to
a) use software you trust for backups.
b) use encrypted containers (e.g. dm-crypt) for backups unless you
completely trust your cloud provider (I certainly don't).

[1] https://www.qubes-os.org/doc/rpc-policy/
[2] https://github.com/3hhh/blib/blob/master/lib/os/qubes4/dom0#L955

I had received another few private questions about this that I'd like to
respond to:

1. "You mentioned "use encrypted containers" when backups are made they
are encrypted correct? How about AppVMs, are they encrypted by default?"

The default backups made by Qubes OS are encrypted and should be the
overall preferred way of doing backups.

Since the OP was asking about only backing up dedicated files rather
than the entire AppVM (what the Qubes OS backup does), he'd have to
implement the encryption part himself.

It might make also sense to put the data meant to be backed up inside a
dedicated VM and then use the default backup mechanism with your cloud
provider. Of course you'd have to mount the cloud provider file system
inside your backup VM first.

Personally, I don't use the default mechanism for speed reasons - my
internet connection is too slow to push 100+ GB over it for every
backup. sparsebak might help here [3], but is not official yet.

[3] https://github.com/tasket/sparsebak

2. "For option 2) the function b_dom0_attachVMDisk attaches "the entire
private disk image (private.img) of the source VM to the target VM". In
my vault there is a folder with the encrypted files, and another with
decrypted files and I don't want to expose the decrpyted files to
another VM. Can I attach only a specified folder (with the encrypted
files) to another VM? If yes how?"

You can only attach devices to other VMs with qvm-block. So you'd have
to put your file inside a loop device, which you could then attach to
the backup VM. If "encrypted files" means a dm-crypt container, you can
map the decrypted data from your AppVM to your backup VM (cryptsetup
creates a /dev/mapper/something device after decryption, which you can
then use with qvm-block).

I'll also release some software in a month or so to simplify dm-crypt
usage with Qubes OS.

Alternatively you could separate the files you'd like to backup from
those you don't by using different VMs for them.

Thank you!

2) I created a loop device in the vault VM, attached it to the cloudVM. I can 
see that the files which were in the vaultVM loop device are also accessible 
from the cloudVM. I created a new file in the vaultVM loop device, but the file 
didn't show up the attached folder in the cloudVM. Why is that and how can I 
make them sync?

If the security of vaultVM matters to you at all, don't do it this way. 
As I mentioned in my other response, encryption must first be applied.

Since you're not well acquainted with the specifics, I'd suggest 
dropping the requirement to backup individual folders and instead using 
a passphrase with Qubes backup to backup the vaultvm to the backupvm, 
then use whatever file transfer software your cloud provider requires in 
the backupvm.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63e53e10-62b1-06bb-5a49-6f9b79d8c6eb%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Kernel 4.19.43 breaks sys-whonix too?

bm-2ctjsegdfzqngqwuqjswro6jrwlc9b3...@bitmessage.ch wrote on 5/28/19 
7:45 PM:



Will have to figure out how to grab just this from testing and try,
thanks!


sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing kernel 
kernel-qubes-vm --best --allowerasing


(Had it in my history buffer anyways!)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56b3552f-17d1-1d04-2ddf-faff696c34b3%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Q4.0 - LVM Thin Pool volumes - lsblk returns very large (256kb) MIN-IO and DISC-GRAN values

On 5/28/19 8:42 AM, brendan.h...@gmail.com wrote:

On Saturday, May 25, 2019 at 2:28:13 PM UTC-4, Chris Laprise wrote:

I think the only _good_ way to deal with COW metadata expansion, since
its always related to data fragmentation, is to keep expanding it and
let system performance degrade accordingly.

Yup.

One could argue that the same solution could be *actively* applied to prevent
running out of free space. :) My recollection is that my old Drobo used to do
this (for free space, though presumably both).

It would not be too presumptuous for Qubes to define thin lvm metadata
as being in the same class as, say, filesystem metadata and let the
system consume available vg space as needed. The best way to start this
process is to lay down a rule saying you should only create/use one thin
pool per volume group on a Qubes system. If the vg is dedicated to
housing the one pool, then the gnarly questions around competing for
storage space disappear.

There is already an implicit policy that the user has to keep their eye
on overall used space in the pool because of over-provisioning. Just
extend that policy to 'volume group' and you can keep expanding tmeta
automatically.

The best possible (or at least better) implementation of this is to have
a hook in lvm block layer itself that can briefly halt file operations
while tmeta is expanded.

This simply makes
de-fragmentation maintenance issue (defrag to shrink metadata and get
performance back). This is what Microsoft did with NTFS and it was the
right choice; clinging to fixed metadata sizes is merely a state of
denial that leads to peoples' disks suddenly becoming unusable.

Lack of COW aside, NTFS's odd "separation plus mixing" of storage and metadata
is fascinating. I mean, it works! And works pretty well! And is ancient!

In my view, NTFS has "COW++". Shouldn't we in Unix land change our
terminology and start calling the combination of COW and snapshots
shadow copy? :)

It *does* keep you on your toes, though, mitigating for forensics..."NTFS: oh, you
have a small file? Well, I'll just store that over here in the metadata stream. You want
to delete it? Sure, I'll mark it deleted. Erasing free space? go right ahead, I'll be
over here waiting. Oh, it's still here? Well...better talk to Mr. Russinovich if you want
to figure out how to really destroy that file..."*

-Brendan
* upon review, I read that in the Q voice, for maximum nerdiness.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f6618f4d-e9f4-fac7-3ba6-136369e73305%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Backup while VMs are running??

On 5/28/19 2:51 AM, Claudio Chinicz wrote:

Hi All,

I make few backups because I fear doing backups while using my VMs, specially
Windows 10 and Linux Mint HVMs. So, I do it once in a while, when I have have
some free time and can spen not using the computer while it prepares the
backups, after having shut down the VMs.

All the discussion about updates breaking Qubes makes me wonder I should do
backups more often.

Is it possible to do backups of HVMs and VMs in general while using them? I'm
afraid I may have an issue when restoring.

If you installed Qubes with the disk/storage defaults, which uses LVM
snapshots – or if you manually set it to install with Btrfs – then its
safe to backup while VMs are running. The backup will simply use the
snapshot from the last time the VM was shut down.

OTOH, if you manually changed the Qubes install to use Ext4 filesystem,
there might be a problem in that case.

The disk usage widget in the system tray will tell you what kind of
storage system your Qubes is using; if you used the default LVM it will
say "lvm" with the usage stats to the right.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/af598aec-0a29-4f3c-65c2-2216bb16e88e%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: real and virtual storage usage by qubes

On 5/27/19 8:18 PM, 'awokd' via qubes-users wrote:

Jon deps wrote on 5/27/19 4:58 PM:

On 5/27/19 8:23 AM, Eva Star wrote:

Hello,

Qubes Manager show virtual storage per qube? If qube storage increase
on day then decreased again Qubes Manager will still show maximum?
How to make it show real size? And how to check real storage usage
per qube?

Thanks

I believe once you increase it, you can't decrease it, all you can do
it make a new smaller qube and qvm-move the files over ; hence I
don't think of it as virtual storage

If you run fstrim -av inside the qube, it's supposed to release unused
space back to the thin filesystem.

Keep in mind this will probably cause the volume to consume more LVM
metadata or 'tmeta'. The filesystem probably avoids sending trim/discard
for smaller chunks to avoid filling up the tmeta area (at which point
the storage pool becomes unusable).

Thread
https://groups.google.com/d/msgid/qubes-users/44f1ae64-2da1-480f-aa30-98c5f22653ba%40googlegroups.com

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/2c4e0b4a-d360-2867-cb26-78ac7428519b%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Backup while VMs are running??

2019-05-28 Thread unman

On Mon, May 27, 2019 at 11:51:02PM -0700, Claudio Chinicz wrote:
> Hi All,
> 
> I make few backups because I fear doing backups while using my VMs, specially 
> Windows 10 and Linux Mint HVMs. So, I do it once in a while, when I have have 
> some free time and can spen not using the computer while it prepares the 
> backups, after having shut down the VMs.
> 
> All the discussion about updates breaking Qubes makes me wonder I should do 
> backups more often.
> 
> Is it possible to do backups of HVMs and VMs in general while using them? I'm 
> afraid I may have an issue when restoring.
> 
> Thanks in advance,
> Claudio
> 

If you backup a running qube with Qubes backup, it will backup the state before 
you
started it. May or may not be what you want.

You can use file backups to capture anything since qube started.

btrfs will let you snapshot running systems.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190528232916.4jmlhu4le4vl2u5x%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Openbsd HVM - Network Issues

2019-05-28 Thread unman

On Tue, May 28, 2019 at 07:29:31AM -0700, ronp...@riseup.net wrote:
> On 2019-05-28 13:15, 'awokd' via qubes-users wrote:
> > ronp...@riseup.net:
> >> On 2019-05-28 12:10, 'awokd' via qubes-users wrote:
> >>> ronp...@riseup.net wrote on 5/28/19 11:57 AM:
>  Re Qubes 4.0.
>  I have a openbsdVM but am unable to connect to internet. I'm using ip
>  adresses from qubes manager i.e ip=10.137.0.28 netmask=255.255.255.255
>  gateway=10.137.0.6 dns=10.139.1.1 & 10.139.1.2.
>  I'm able to ping 10.137.0.28 and 10.137.0.6 but unable to ping say
>  google.com.
> 
>  I've tried without success copying the output from the command
>  "ifconfig" & "route show" - maybe someone can give me advice on how to
>  post the output to this forum?
> 
> >>> Try making your netmask 255.255.255.0. You need to have Qubes Tools
> >>> running for clipboard integration, so you might only be able to post
> >>> screenshots if necessary.
> >>
> >> Thanks for your prompt reply. I have tried netmask 255.255.255.0 - but
> >> no success.
> >> As you suggested, attached is a screenshot of the command "ifconfig"
> >>
> > Screenshot looks fine. "Route show" says your default route is to
> > 10.137.0.6? Maybe reboot the HVM for good luck, if you haven't since
> > the subnet mask update. Seems like you're almost there since you can
> > ping 10.137.0.6.
> As you suggested, I rebooted but it complained about netmask
> 255.255.255.0 and refused to ping anything.
> I tried reverting to netmask 255.255.255.255 and now cannot ping
> 10.137.06
> I'm adjusting these settings in /etc/hostname.xnf0 which now reads inet
> 10.137.0.28 255.255.255.255 10.137.0.6 Does that look right to you?
> After changing these setting i run "sh /etc/netstart" Which I think is
> equivalent to rebooting?

man hostname.if
man myname

Keep the 255.255.255.0 netmask
Put 10.137.0.6 in /etc/mygate

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190528233641.jcmea2kmb3kyyqlj%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Updating Fedora-template

2019-05-28 Thread unman

On Tue, May 28, 2019 at 06:43:36PM +, Jon deps wrote:
> On 5/28/19 3:32 PM, josefh.maier via qubes-users wrote:
> > Hello forum.
> > I am new to Qubes and Fedora... is there an equivalent to the Debian
> > 'apt-get update upgrade' ?
> > Thank's a lot for your feedback!
> > 
> > Joe
> > 
> 
> for debian it's
> $ sudo apt-get update && apt-get dist-upgrade
> 
> for fedora seems to be
> 
> $sudo dnf update && sudo dnf upgrade
> 
> but I am just at qubes 'kludge' level as to what is upgraded in both ,
> though suppose could find the answer somewherez

You can just use 'dnf update'
In dom0 use 'qubes-dom0-update'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190528234352.zo3gkrq2a5cs77qu%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recover from /boot wipe

2019-05-28 Thread Connor Schunk


May 27, 2019, 7:46 PM by awokd:

> Connor Schunk wrote on 5/26/19 11:30 PM:
>
>> After installing Qubes, I attempted to install Windows as a dualboot option.
>>
>> Unfortunately, I didn't check to make sure windows wouldn't wipe my boot 
>> partitions, so now I have nothing under /boot other than the Linux .imgs in 
>> the LVM partition.
>>
>> Is there a way to recover the old install? I installed Qubes onto a 
>> different partition to get the /boot files back, what lines do I need to 
>> change to point to the correct encrypted LVM partition?
>>
> Probably safest bet is to boot Qubes Rescue mode from USB (or some other live 
> image), then mount your encrypted partition and copy out data you want to 
> keep.
>
Would it be possible to extract the qubes from the partition you think? Or at 
least some configs?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Lg-tHVN--3-1%40schunkc.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] whonix tor browser noscript button missing?

2019-05-28 Thread mossy

g80vmgm...@riseup.net:
> mossy:
>> Hello Qubes Community,
>>
>> Has anyone noticed the blue/white noscript S button is missing since a
>> recent whonix-torbrowser update?  AFAIK this is needed use javascript in
>> whonix.
>>
>> Anyone notice this or have a workaround?
>>
>> thx!
>>
>> -m0ssy
>>
> 
> See https://trac.torproject.org/projects/tor/ticket/30600 .
> 
> It's a pretty contentious issue, with Tor Browser devs closing as
> WONTFIX because they plan to introduce a new permissions UI sometime in
> the future.
> 
> The NoScript widget still exists, and in fact its use is apparently
> still necessary for some sites to work, but you'll have to manually add
> the widget back to the toolbar (Settings button > Customize... >
> Right-click NoScript > Add to Toolbar).
> 

Hey, thanks!

So really just annoying in Qubes to have to re-enable the widget in
(whonix) disp-VMs.

Appreciate the link to the tor project issue.

-m0ssy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10576ca2-3a69-8362-ea4a-c9a2159a8ae8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] fedora-30 template update, problem with fuse

2019-05-28 Thread Eva Star

https://i.imgur.com/EdJIHgq.png
How to fix? Thanks


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6273d00b-8eb9-4562-8d24-2867b10ba3af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes-tunnel service fails in VPN ProxyVM

2019-05-28 Thread 'b17b7bdb' via qubes-users

I set up a VPN gateway in a ProxyVM using the qubes-tunnel service, but the 
service fails after restarting the VM.
journalctl -u qubes-tunnel shows the failure happening after:
... qtunnel-setup[663]: -su: notify-send: command not found
... systemd[1]: qubes-tunnel.service: Control process exited. code=exited 
status=127

the command:  /usr/lib/qubes/qtunnel-setup --config
worked fine, so I'm not sure what's going awry.  fwiw, I had the same setup 
working in R3.2, but started from scratch in R4.0.1.  I downloaded the github 
project and installed it in the template VM before completing the following 
instructions in the ProxyVM:
https://github.com/tasket/qubes-doc/blob/tunnel/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-the-qubes-tunnel-service

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3voGBReT1G57oqJvBCbSloJrWsuryNYAYKe7p2Kq0RaXllYqs5xHrmJhHMjtsl-Wol1ncidoA-akXsoFbWXFG5aPJpWRhsohXhypBHSFYOE%3D%40protonmail.ch.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: whonix tor browser noscript button missing?


On 5/29/19 12:02 AM, mossy wrote:

g80vmgmsqw-sgozh3hwpm2stnjn9+b...@public.gmane.org:

mossy:

Hello Qubes Community,

Has anyone noticed the blue/white noscript S button is missing since a
recent whonix-torbrowser update?  AFAIK this is needed use javascript in
whonix.

Anyone notice this or have a workaround?

thx!

-m0ssy



See https://trac.torproject.org/projects/tor/ticket/30600 .

It's a pretty contentious issue, with Tor Browser devs closing as
WONTFIX because they plan to introduce a new permissions UI sometime in
the future.

The NoScript widget still exists, and in fact its use is apparently
still necessary for some sites to work, but you'll have to manually add
the widget back to the toolbar (Settings button > Customize... >
Right-click NoScript > Add to Toolbar).



Hey, thanks!

So really just annoying in Qubes to have to re-enable the widget in
(whonix) disp-VMs.

Appreciate the link to the tor project issue.

-m0ssy



in 8.5  its still there

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e79a507f-0d15-7350-5574-8894216d3016%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-tunnel service fails in VPN ProxyVM