Re: [qubes-users] How to setup Win10 HVM ?

[A E]

søn. 16. feb. 2020 kl. 05.33 skrev Thierry Laurion - Insurgo Technologies
Libres / Open Technologies :

>
>
> On February 15, 2020 2:18:33 PM UTC, A E  wrote:
> >fre. 14. feb. 2020 kl. 12.56 skrev unman :
> >
> >> On Fri, Feb 14, 2020 at 08:19:13AM +0100, A E wrote:
> >> > Okay, I read your message again.
> >> >
> >> > It shall just turn up in the file list of dom0.
> >> >
> >> > I???ll look later.
> >> >
> >> >
> >> > fre. 14. feb. 2020 kl. 08.14 skrev A E :
> >> >
> >> > > Okay, thanks.
> >> > >
> >> > > How can I see if the "install.sh" file has been created in dom0 ?
> >> > >
> >> > >
> >>
> >> The convention here is not to top-post.
> >> Please scroll to the bottom of the message before you start typing.
> >Or
> >> reply inline.
> >> It only takes you seconds, makes it much easier to follow threads,
> >and
> >> cumulatively saves your fellow users hours.
> >> Thanks.
> >> unman
> >>
> >> --
> >> You received this message because you are subscribed to a topic in
> >the
> >> Google Groups "qubes-users" group.
> >> To unsubscribe from this topic, visit
> >>
> >https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to
> >> qubes-users+unsubscr...@googlegroups.com.
> >> To view this discussion on the web visit
> >>
> >
> https://groups.google.com/d/msgid/qubes-users/20200214115648.GA688%40thirdeyesecurity.org
> >> .
> >>
> >
> >
> >Yes, install.sh was copied to dom0. I just thought the terminal would
> >say
> >so after it did this.
> >
> >The pc is downloading now.
> >
> >I wonder why Windows 7 has to be installed before Windows 10...
> >especially
> >as Microsoft has stopped supporting it and it takes about 2 hours to
> >download it and I don’t have any product code for it. So maybe I can’t
> >even
> >use it.
>
> Has someone tried to active with a windows 7 license?
>
> >
> >Besides that, I appreciate and thanks Elliot Killick for the easy to
> >use
> >installation script.
>
> -- Sent from /e/ Mail
>

To get through the whole installation process, can I then:

1)  Somehow continue the installation process and if so how... ?

Or

2)  Do I have to start the installation process from scratch again ?
 And if so, shall I delete more than the windows domain, and if so what
?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUH7vPCt1n8JoovXgnhtwx8HUidrJ8KO61cjPG%3DJsB%3DKeQ%40mail.gmail.com.

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

[A E]

søn. 16. feb. 2020 kl. 06.55 skrev 'awokd' via qubes-users <
qubes-users@googlegroups.com>:

> A E:
> > lør. 15. feb. 2020 kl. 16.07 skrev A E :
>
> >> It didn’t help to set “lock screen after” to 720. It still locks
> >> immediately when the screen blanks.
> >>
> >> I wonder if I actually have changed the settings of the screensaver that
> >> Qubes uses at dom0, or just a unused one in the app menu similar to the
> >> network manager in the same menu.
> >>
> > If it isn’t possible to change the settings of the screensaver that Qubes
> > OS is actually using, then I would like to hear how I can either disable
> or
> > delete it in Qubes ?
> >
> If you're changing the settings in Qubes menu/System Tools/Screensaver,
> once you uncheck "lock after" go to File/Restart Daemon. Otherwise, your
> changes don't take effect until a reboot.
>
> --
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/uMl6_djER5E/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/5a954c8b-7a17-681b-7d9d-951caa261d1a%40danwin1210.me
> .
>

I’ll try that.

But I have tried to change the “blank after” and “lock after” to 720
minutes and restart the pc afterwards. And there still seems to go just
about 10 minutes before the screen goes blank and lock. And I have checked
that the settings of the screensaver still say 720 after the restart, and
it does. But it doesn’t seem to make any difference...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUF9h604UTgmjXdUQewMoBdRVkKu-dLOWDfgkC8-TdjpbQ%40mail.gmail.com.

Re: [qubes-users] How to install and get Linux Mint running in Qubes OS 4.0.3 ?

[A E]

søn. 16. feb. 2020 kl. 02.50 skrev unman :

> On Sat, Feb 15, 2020 at 07:50:53AM -0800, A wrote:
> > 1)  How to install and get Linux Mint running in Qubes OS 4.0.3 ?
> >
> Download a mint iso in to a qube - make sure you have enough space to do
> this - up Private storage size if needed.
>
> Create an HVM and boot it from a Mint iso. (Instructions on this can be
> found here - https://www.qubes-os.org/doc/standalone-and-hvm/ )
> Or use the GUI - in Qube Manager, select Qube - "Create New qube".
> Give it name and set type "Empty  Standalone qube.."
> Select "open Settings after creation."
> In Settings window go to Advanced pane and set initial memory to 4000MB
> - you can always reduce after installation.
> Then select "Boot qube from CDROM" button, and select the qube where you
> downloaded the Mint iso.
> On start you should see Mint boot in live mode.
> Note the IP address of the new mint qube (either from Qube Manager , or
> using `qvm-ls -n `
> Edit the Network settings for ipv4 to "manual" and enter the IP address
> and gateway. For DNS you can use 9.9.9.9
> Select option to install to disk.
>
> After installation, shutdown the qube.
> Restart.
> Your new Mint qube should start up.
> If you get a black screen, kill it. In terminal in dom0 , use
> `qvm-features  video-model cirrus` and restart.
>
> Since Mint is based off Ubuntu, you can try installing some qubes
> packages built for Ubuntu , to et copy/paste etc working. (I have
> packages at qubes.3isec.org you could try, but I haven't tested this
> myself - i suggest you get Mint running properly, then clone it and try
> installing packages in to the clone.)
>
> > 2)  Is it possible to use Linux Mint for surfing the net in a secure
> way, and if so how ?
> >
>
> ???
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/jBHgC2TFggY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20200216015008.GA8620%40thirdeyesecurity.org
> .
>

Thank you very much for your detailed guide.

Just to be sure: Shall I create the new qube the same way if I install
Linux Mint from a DVD ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUE8EXNXmdUY0Vb%2B3PiOYgNnU%3Di94_LeE_3R7Uy7z_nY3g%40mail.gmail.com.

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

['awokd' via qubes-users]

A E:

lør. 15. feb. 2020 kl. 16.07 skrev A E :



It didn’t help to set “lock screen after” to 720. It still locks
immediately when the screen blanks.

I wonder if I actually have changed the settings of the screensaver that
Qubes uses at dom0, or just a unused one in the app menu similar to the
network manager in the same menu.


If it isn’t possible to change the settings of the screensaver that Qubes
OS is actually using, then I would like to hear how I can either disable or
delete it in Qubes ?

If you're changing the settings in Qubes menu/System Tools/Screensaver, 
once you uncheck "lock after" go to File/Restart Daemon. Otherwise, your 
changes don't take effect until a reboot.


--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a954c8b-7a17-681b-7d9d-951caa261d1a%40danwin1210.me.

Re: [qubes-users] Re: Tor not connecting over DSL

['awokd' via qubes-users]

Anil:

On Wed, 12 Feb 2020 at 22:53, Anil  wrote:


I have setup a DSL modem (D-Link ASL DSL-520B) with Qubes 4 latest release
on Dell XPS 13. I am able to connect to the Internet, but the Tor
connection does not complete. I have tried with the two default bridges
also. One time that it connected without any bridge, it took a long time to
connect, but Internet over Tor doesn't work.


Tor in sys-whonix doesn't know or care what kind of Internet connection 
sys-net is using. If you use some other computer not running Qubes, can 
Tor connect over that same DSL? You might be getting blocked upstream.



By the way, even with other internet connections, when I try to connect to
connect to Tor with the Connection Wizard, it always says Unknown Bootstrap
Tag and please report it. Does that indicate some problem?


Not sure which wizard you mean, but I don't see that on mine.


I have tried changing the DNS servers also, but that doesn't change the
status.




--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6fcb99a-53df-8794-f119-c7078f262481%40danwin1210.me.

Re: [qubes-users] How to setup Win10 HVM ?

[Thierry Laurion - Insurgo Technologies Libres / Open Technologies]

On February 15, 2020 2:18:33 PM UTC, A E  wrote:
>fre. 14. feb. 2020 kl. 12.56 skrev unman :
>
>> On Fri, Feb 14, 2020 at 08:19:13AM +0100, A E wrote:
>> > Okay, I read your message again.
>> >
>> > It shall just turn up in the file list of dom0.
>> >
>> > I???ll look later.
>> >
>> >
>> > fre. 14. feb. 2020 kl. 08.14 skrev A E :
>> >
>> > > Okay, thanks.
>> > >
>> > > How can I see if the "install.sh" file has been created in dom0 ?
>> > >
>> > >
>>
>> The convention here is not to top-post.
>> Please scroll to the bottom of the message before you start typing.
>Or
>> reply inline.
>> It only takes you seconds, makes it much easier to follow threads,
>and
>> cumulatively saves your fellow users hours.
>> Thanks.
>> unman
>>
>> --
>> You received this message because you are subscribed to a topic in
>the
>> Google Groups "qubes-users" group.
>> To unsubscribe from this topic, visit
>>
>https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> qubes-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>>
>https://groups.google.com/d/msgid/qubes-users/20200214115648.GA688%40thirdeyesecurity.org
>> .
>>
>
>
>Yes, install.sh was copied to dom0. I just thought the terminal would
>say
>so after it did this.
>
>The pc is downloading now.
>
>I wonder why Windows 7 has to be installed before Windows 10...
>especially
>as Microsoft has stopped supporting it and it takes about 2 hours to
>download it and I don’t have any product code for it. So maybe I can’t
>even
>use it.

Has someone tried to active with a windows 7 license?

>
>Besides that, I appreciate and thanks Elliot Killick for the easy to
>use
>installation script.

-- Sent from /e/ Mail

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7B09E9CA-3B10-4EB6-9B13-9FCAB1D992E4%40gmail.com.

Re: [qubes-users] Encrypt disk after installation

['ukernel' via qubes-users]

Chris,

Thank you very much for your help. I think it is a great advantage to be able 
to backup VMs so easily. Wich allowed me to reinstall and leave my 
configuration very easily. I appreciate you taking your time to respond.

Best regards

Sent from ProtonMail mobile

 Original Message 
On Feb 13, 2020, 12:39 PM, Chris Laprise wrote:

> On 2/13/20 1:30 AM, 'ukernel' via qubes-users wrote:
>> For some reason despite the fact that during installation I selected the
>> encryption checkbox and set a password but the partition where I
>> installed Qubes OS was not encrypted.  I found a command to encrypt on
>> the same page of Qubes OS however it says that it overwrite all the
>> information.  I need to know how to encrypt my disk without reinstalling
>> everything.
>>
>>
>> Could you help me please?
>>
>> cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512
>> --use-random --iter-time 1 --verify-passphrase luksFormat /dev/sda2
>>
>> https://www.qubes-os.org/doc/custom-install/
>
> Those are not instructions for encrypting after installation, but before
> before installation.
>
> Overall, the best approach is probably to backup your data and
> re-install Qubes. If you think the installer isn't encrypting your
> custom configuration due to a bug, then you can follow the
> custom-install example you linked to just before install (I'm pretty
> sure that doc exists bc other users encountered the same problem you did).
>
> In-place conversion to LUKS encryption is rare and not supported by LUKS
> itself, however a tool called 'luksipc' exists to do this. However I
> don't think it works with LVM which is what Qubes uses for storage.
>
> Another method requires allocating an unused partition, setting it up
> with cryptsetup and LVM, then copying from old volumes to new and
> adjusting the boot parameters to use the new setup. The following is
> *loosely* how it might be done, although it does not setup a thin pool
> for LVM so you would need to combine it with instructions from step 5 of
> the Qubes custom-install doc...
>
> https://askubuntu.com/questions/366749/enable-disk-encryption-after-installation/1107295#1107295
>
> Its rather complicated so I suggest re-installing instead.
>
> --
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/OgZM6Akz2lilnVdxdl3o0L1slgY5Bdczdyq4eJsL8jEdpQvvLnpbcX2-GzCABleLGsHwUQhPKQtxteFdLmlwmvc_0MmCRx3tzdF_A7EJoDw%3D%40protonmail.com.

Re: [qubes-users] How to install and get Linux Mint running in Qubes OS 4.0.3 ?

[unman]

On Sat, Feb 15, 2020 at 07:50:53AM -0800, A wrote:
> 1)  How to install and get Linux Mint running in Qubes OS 4.0.3 ?
> 
Download a mint iso in to a qube - make sure you have enough space to do
this - up Private storage size if needed.

Create an HVM and boot it from a Mint iso. (Instructions on this can be
found here - https://www.qubes-os.org/doc/standalone-and-hvm/ )
Or use the GUI - in Qube Manager, select Qube - "Create New qube".
Give it name and set type "Empty  Standalone qube.."
Select "open Settings after creation."
In Settings window go to Advanced pane and set initial memory to 4000MB
- you can always reduce after installation. 
Then select "Boot qube from CDROM" button, and select the qube where you
downloaded the Mint iso.
On start you should see Mint boot in live mode.
Note the IP address of the new mint qube (either from Qube Manager , or
using `qvm-ls -n `
Edit the Network settings for ipv4 to "manual" and enter the IP address
and gateway. For DNS you can use 9.9.9.9
Select option to install to disk. 

After installation, shutdown the qube.
Restart.
Your new Mint qube should start up.
If you get a black screen, kill it. In terminal in dom0 , use
`qvm-features  video-model cirrus` and restart. 

Since Mint is based off Ubuntu, you can try installing some qubes
packages built for Ubuntu , to et copy/paste etc working. (I have
packages at qubes.3isec.org you could try, but I haven't tested this
myself - i suggest you get Mint running properly, then clone it and try
installing packages in to the clone.)

> 2)  Is it possible to use Linux Mint for surfing the net in a secure way, and 
> if so how ?
> 

???

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200216015008.GA8620%40thirdeyesecurity.org.

[qubes-users] How to install and get Linux Mint running in Qubes OS 4.0.3 ?

[A]

1)  How to install and get Linux Mint running in Qubes OS 4.0.3 ?

2)  Is it possible to use Linux Mint for surfing the net in a secure way, and 
if so how ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/558b4a36-64d4-4796-a649-5e2aff4a5ce9%40googlegroups.com.

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

[A E]

lør. 15. feb. 2020 kl. 16.07 skrev A E :

> tor. 13. feb. 2020 kl. 21.10 skrev A E :
>
>> tor. 13. feb. 2020 kl. 18.48 skrev Mike Keehan :
>>
>>>
>>>
>>> On 2/13/20 5:27 PM, A E wrote:
>>> > tor. 13. feb. 2020 kl. 11.11 skrev A >> > >:
>>> >
>>> > How to set the screensaver to either show keyboard language or not
>>> > to lock screen as default ?
>>> >
>>> > I have tried to set it to not lock the screen by uncheck it in the
>>> > Screensaver settings. But it still continues to lock the screen.
>>> >
>>> > --
>>> > You received this message because you are subscribed to a topic in
>>> > the Google Groups "qubes-users" group.
>>> > To unsubscribe from this topic, visit
>>> >
>>> https://groups.google.com/d/topic/qubes-users/uMl6_djER5E/unsubscribe.
>>> > To unsubscribe from this group and all its topics, send an email to
>>> > qubes-users+unsubscr...@googlegroups.com
>>> > .
>>> > To view this discussion on the web visit
>>> >
>>> https://groups.google.com/d/msgid/qubes-users/4ba32760-f4ea-4f1f-b92f-588306d2fa5d%40googlegroups.com
>>> .
>>> >
>>> >
>>> > Every time the screensaver lock the screen, I need to reset/restart
>>> the
>>> > pc as I can’t know which keyboard layout is used and that is just a
>>> > little bit annoying ! 
>>> >
>>> > So I hope someone can explain to me how I can get it to show the
>>> > keyboard layout or not locking the screen.
>>> >
>>> > If that isn’t possible, can I then somehow disable or uninstall the
>>> > screensaver ?
>>> >
>>>
>>> In screensaver preferences, set "Lock screen after" to 0 minutes.
>>>
>>>
>> You’re right, I forgot once again that Linux/Qubes OS consist of small
>> programs that is made by different other creators.
>>
>> Setting “lock screen after” 0 minutes just makes the screensaver to lock
>> immediately when the screensaver gets activated.
>>
>> I have wrote to the creator of the screensaver, and he says X11 sucks and
>> makes it impossible to get the keyboard layout showed.
>>
>> So I have to disable the lock.
>>
>> One option is to set the lockTimeout to a large number so that it won’t
>> lock. lockTimeout control have long after a blank screen the lock will be
>> activated.
>>
>> Another solution is to disable or uninstall the program.
>>
>>
>
> It didn’t help to set “lock screen after” to 720. It still locks
> immediately when the screen blanks.
>
> I wonder if I actually have changed the settings of the screensaver that
> Qubes uses at dom0, or just a unused one in the app menu similar to the
> network manager in the same menu.
>
If it isn’t possible to change the settings of the screensaver that Qubes
OS is actually using, then I would like to hear how I can either disable or
delete it in Qubes ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUE157Kb%3D9TL7me%2BxWQD7fRdnsqd42nG-dKPwTwKdwKp5w%40mail.gmail.com.

[qubes-users] HCL - Lenovo Thinkpad E570

[General]

Everything works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01020170496808ab-c917dd82-93ad-4321-aa7b-77bb9166a60e-00%40eu-west-1.amazonses.com.


Qubes-HCL-LENOVO-20H5CTO1WW-20200215-151051.yml
Description: application/yaml

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

[A E]

tor. 13. feb. 2020 kl. 21.10 skrev A E :

> tor. 13. feb. 2020 kl. 18.48 skrev Mike Keehan :
>
>>
>>
>> On 2/13/20 5:27 PM, A E wrote:
>> > tor. 13. feb. 2020 kl. 11.11 skrev A > > >:
>> >
>> > How to set the screensaver to either show keyboard language or not
>> > to lock screen as default ?
>> >
>> > I have tried to set it to not lock the screen by uncheck it in the
>> > Screensaver settings. But it still continues to lock the screen.
>> >
>> > --
>> > You received this message because you are subscribed to a topic in
>> > the Google Groups "qubes-users" group.
>> > To unsubscribe from this topic, visit
>> >
>> https://groups.google.com/d/topic/qubes-users/uMl6_djER5E/unsubscribe.
>> > To unsubscribe from this group and all its topics, send an email to
>> > qubes-users+unsubscr...@googlegroups.com
>> > .
>> > To view this discussion on the web visit
>> >
>> https://groups.google.com/d/msgid/qubes-users/4ba32760-f4ea-4f1f-b92f-588306d2fa5d%40googlegroups.com
>> .
>> >
>> >
>> > Every time the screensaver lock the screen, I need to reset/restart the
>> > pc as I can’t know which keyboard layout is used and that is just a
>> > little bit annoying ! 
>> >
>> > So I hope someone can explain to me how I can get it to show the
>> > keyboard layout or not locking the screen.
>> >
>> > If that isn’t possible, can I then somehow disable or uninstall the
>> > screensaver ?
>> >
>>
>> In screensaver preferences, set "Lock screen after" to 0 minutes.
>>
>>
> You’re right, I forgot once again that Linux/Qubes OS consist of small
> programs that is made by different other creators.
>
> Setting “lock screen after” 0 minutes just makes the screensaver to lock
> immediately when the screensaver gets activated.
>
> I have wrote to the creator of the screensaver, and he says X11 sucks and
> makes it impossible to get the keyboard layout showed.
>
> So I have to disable the lock.
>
> One option is to set the lockTimeout to a large number so that it won’t
> lock. lockTimeout control have long after a blank screen the lock will be
> activated.
>
> Another solution is to disable or uninstall the program.
>
>

It didn’t help to set “lock screen after” to 720. It still locks
immediately when the screen blanks.

I wonder if I actually have changed the settings of the screensaver that
Qubes uses at dom0, or just a unused one in the app menu similar to the
network manager in the same menu.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUEKF_i1Nt-03sYMj9%2BR41%2BTY2_Nf1dHwmdv%2BKvxC0GTUQ%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?

[A E]

fre. 14. feb. 2020 kl. 12.56 skrev unman :

> On Fri, Feb 14, 2020 at 08:19:13AM +0100, A E wrote:
> > Okay, I read your message again.
> >
> > It shall just turn up in the file list of dom0.
> >
> > I???ll look later.
> >
> >
> > fre. 14. feb. 2020 kl. 08.14 skrev A E :
> >
> > > Okay, thanks.
> > >
> > > How can I see if the "install.sh" file has been created in dom0 ?
> > >
> > >
>
> The convention here is not to top-post.
> Please scroll to the bottom of the message before you start typing. Or
> reply inline.
> It only takes you seconds, makes it much easier to follow threads, and
> cumulatively saves your fellow users hours.
> Thanks.
> unman
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20200214115648.GA688%40thirdeyesecurity.org
> .
>


Yes, install.sh was copied to dom0. I just thought the terminal would say
so after it did this.

The pc is downloading now.

I wonder why Windows 7 has to be installed before Windows 10... especially
as Microsoft has stopped supporting it and it takes about 2 hours to
download it and I don’t have any product code for it. So maybe I can’t even
use it.

Besides that, I appreciate and thanks Elliot Killick for the easy to use
installation script.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUEegrqObpRdyVPgj_ptBsPqt05bWS5rsWMKEFuYNMK5JQ%40mail.gmail.com.

Re: [qubes-users] Manual VPN installation issues

[unman]

On Fri, Feb 14, 2020 at 11:40:28PM +, 'e.sparks15' via qubes-users wrote:
> Hello,
> Sorry that this is a bit long, but I've been working on the problem for 
> awhile, and even though I've tried to give the most succinct explanation I 
> can of what I've tried so far, it still takes up some space.
> 
> I'm attempting to install expressvpn in a qube designated specifically for 
> that purpose. When I try to install it manually as per the instructions in 
> step two of the [Qubes VPN 
> documentation](https://github.com/tasket/Qubes-vpn-support), but the config 
> files I can get from expressvpn don't seem to be in that format. I tried 
> using their manual config process instead, but it's for ubuntu, and since I'm 
> a total linux newb I wasn't able to figure out how to convert it.
> 
> I did get as far with express' config as to get the config files in the right 
> place so that I had a vpn connection listed in network manager but it can't 
> connect, probably because when i tried 'sudo dnf-install 
> network-manager-openvpn-gnome' it always said that 
> network-manager-openvpn-gnome was not a valid target. I then contacted 
> expressvpn's tech support and they asked me to reboot and try again. When I 
> did, I found that everything had disappeared. I found some stuff online about 
> a bug on Fedora 24 with non-persistence, but that was awhile ago and it 
> doesn't seem to apply.
> 
> There are two things I'll add that might be helpful to people smarter than 
> me. First, I've been getting the following error on startup since I last 
> performed upgrades:

There seems to be something missing here.
Did you not include the text of the error?

> 
> Also, I haven't been able to perform any upgrades since then.

Did you mean in dom0 or in any of your templates?
If you run `sudo qubes-dom0-update` at the terminal in dom0, what is the
output?

> 
> And second, it seems like there are a couple of different places that talk 
> about vpn setup. The documentation above, expressvpn's page, and [more Qubes 
> documentation](https://www.qubes-os.org/doc/vpn/). I think I've kept them all 
> separate and not done myself in by combining multiple methods, but at this 
> point I'm not sure.
> 

In general, it's better to use *one* source, rather
than many, as you are more likely to fall in to error.
I've had a quick look at the expressvpn instructions for Linux. You
havent saud which method you are trying to use, and I see there is a
method for NetworkManager which should carry straight across to the
NetworkManager in Fedora (the default template for sys-net).
If you're not able to complete those instructions please explain at what
step you are getting lost.


 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200215140752.GA6185%40thirdeyesecurity.org.

[qubes-users] Manual VPN installation issues

['e.sparks15' via qubes-users]

Hello,
Sorry that this is a bit long, but I've been working on the problem for awhile, 
and even though I've tried to give the most succinct explanation I can of what 
I've tried so far, it still takes up some space.

I'm attempting to install expressvpn in a qube designated specifically for that 
purpose. When I try to install it manually as per the instructions in step two 
of the [Qubes VPN documentation](https://github.com/tasket/Qubes-vpn-support), 
but the config files I can get from expressvpn don't seem to be in that format. 
I tried using their manual config process instead, but it's for ubuntu, and 
since I'm a total linux newb I wasn't able to figure out how to convert it.

I did get as far with express' config as to get the config files in the right 
place so that I had a vpn connection listed in network manager but it can't 
connect, probably because when i tried 'sudo dnf-install 
network-manager-openvpn-gnome' it always said that 
network-manager-openvpn-gnome was not a valid target. I then contacted 
expressvpn's tech support and they asked me to reboot and try again. When I 
did, I found that everything had disappeared. I found some stuff online about a 
bug on Fedora 24 with non-persistence, but that was awhile ago and it doesn't 
seem to apply.

There are two things I'll add that might be helpful to people smarter than me. 
First, I've been getting the following error on startup since I last performed 
upgrades:

Also, I haven't been able to perform any upgrades since then.

And second, it seems like there are a couple of different places that talk 
about vpn setup. The documentation above, expressvpn's page, and [more Qubes 
documentation](https://www.qubes-os.org/doc/vpn/). I think I've kept them all 
separate and not done myself in by combining multiple methods, but at this 
point I'm not sure.

Thanks so much for taking the time to read! I greatly appreciate it, and if you 
can think of anything I should try, I'd greatly appreciate you letting me know 
that, as well!

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o0lDLaFMUFWigUSj5eje1dD2OT453caUdJ0hYO8MN8OdjvftjLJw8fVG6JmNyhR5KN6IqmvJVr92M84cHCklFITgigGdI3sAk1WOvZN9gY0%3D%40protonmail.com.

Re: Re: [qubes-users] Scary Systemd Security Report

[Steve Coleman]

On 2020-02-12 01:09, ronp...@riseup.net wrote:

APL external email warning: Verify sender 
qubes-users+bncbci3h2v54mhrbjnnr3zakgqe4jht...@googlegroups.com before clicking 
links or attachments

On 2020-02-11 11:39, unman wrote:

On Tue, Feb 11, 2020 at 01:34:15AM -0800, ronp...@riseup.net wrote:

I've been reading a blog from the renowned Daniel Aleksandersen at
https://www.ctrl.blog/entry/systemd-service-hardening.html

The output from a Debian-10 based Appvm looks a little scary!! Should I
be concerned?

user@tmp3:~$ systemd-analyze security
UNIT EXPOSURE PREDICATE HAPPY
ModemManager.service  5.6 MEDIUM
NetworkManager.service7.6 EXPOSED   
avahi-daemon.service  9.5 UNSAFE
cron.service  9.5 UNSAFE
cups-browsed.service  9.5 UNSAFE
cups.service  9.5 UNSAFE
dbus.service  9.5 UNSAFE
dm-event.service  9.5 UNSAFE
emergency.service 9.5 UNSAFE
exim4.service 9.5 UNSAFE
getty@tty1.service9.5 UNSAFE
haveged.service   5.6 MEDIUM
lvm2-lvmpolld.service 9.5 UNSAFE
polkit.service9.5 UNSAFE
qubes-db.service  9.5 UNSAFE
qubes-firewall.service9.5 UNSAFE
qubes-gui-agent.service   9.5 UNSAFE
qubes-meminfo-writer.service  9.5 UNSAFE
qubes-qrexec-agent.service9.5 UNSAFE
qubes-sync-time.service   9.5 UNSAFE
qubes-updates-proxy.service   9.5 UNSAFE
rc-local.service  9.5 UNSAFE

rescue.service9.5 UNSAFE
rsyslog.service   9.5 UNSAFE
rtkit-daemon.service  6.9 MEDIUM
serial-getty@hvc0.service 9.5 UNSAFE
systemd-ask-password-console.service  9.3 UNSAFE
systemd-ask-password-wall.service 9.3 UNSAFE
systemd-fsckd.service 9.5 UNSAFE
systemd-initctl.service   9.3 UNSAFE
systemd-journald.service  4.3 OK
systemd-logind.service4.1 OK
systemd-networkd.service  2.8 OK
systemd-timesyncd.service 2.0 OK
systemd-udevd.service 8.3 EXPOSED   
tinyproxy.service 8.7 EXPOSED   
udisks2.service   9.5 UNSAFE
user@1000.service 9.1 UNSAFE
wpa_supplicant.service9.5 UNSAFE
xendriverdomain.service   9.5 UNSAFE



It does look scary.
The output from a Fedora based qube looks much the same..
You should run the analysis against each service and see where you think
they could be hardened. Post back your conclusions here.
Also, I see that you have many services that need not be there - some
of these will be disabled by Qubes- some you do not need in every qube
(cups-browsed, exim4, tinyproxy etc).
You need to review what services you are running, and disable those you
do not want. My list in an ordinary qube looks rather different from
yours. Those are steps you should be taking in any case.
Also, bear in mind that the analysis doesn't take in to account any
security features in the programs themselves, or other mitigations.
So you need to do a good deal more work before reaching any conclusions
about your system.
Look forward to hearing from you
unman


As I read it, your suggesting that the output is influence by User
preferences as opposed to default system settings? To test that theory,
I loaded a vanilla version of Qubes 4.0.3 onto a spare box and ran the
command systemd-analyze security against the virgin Debian-10 Template.
The output is identical to the one I originally posted. As you inferred,
the output from Fedora Template is similar.

I'm not sure if you'll agree, but my conclusion from this experiment is
that the Qubes Team have some work to do in hardening Qubes? Like you
say,"I see that you have many services that need not be there"; so my
question is, why are they present in a vanilla version of Qubes?



I ran the report on my fedora-30, but then scripted up a test to see 
what services listed in this report were actually running.


atd.service - Deferred execution scheduler
cups.service - CUPS Scheduler
getty@tty1.service - Getty on tty1
haveged.service - Entropy Daemon based on the HAVEGE algorithm
polkit.service - Authorization Manager
qubes-db.service - Qubes DB agent
qubes-gui-agent.service - Qubes 

Re: [qubes-users] Disk image backup - dd / partclone / clonezilla?

[General]

Many thanks for your helpful reply Chris.

>> You also have to configure Qubes not to disable USB at boot time if
> your boot drive is USB. 

Ah, this is why it was not working for me! I shall try installing the OS
directly onto the USB drive and then make the clones from there. It
occurs that the USB isolation in Qubes is valuable and therefore running
a USB boot drive may not be sensible.

> If backup speed is the main issue, take a look at Wyng

I have installed this in Dom0 and made a backup, also using your helpful
instruction:


file: /lib/systemd/system-shutdown/10_root_snapshot.shutdown
```
#!/bin/sh
/usr/sbin/lvremove --noudevsync --force -An qubes_dom0/root-autosnap || true
/usr/sbin/lvcreate --noudevsync --ignoremonitoring -An -kn -pr -s
qubes_dom0/root -n root-autosnap
```

to enable snapshots of the root volume.

Incremental backups are indeed very fast and this is what I was looking
for. I need to build another box to run a test restore procedure.
Perhaps this could be scripted now.

Thanks again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0102017048a5271a-1b47e3b4-94bc-4e4c-9e07-271c7ced1262-00%40eu-west-1.amazonses.com.

Re: [qubes-users] Disk image backup - dd / partclone / clonezilla?

[General]

Many thanks for your helpful reply Chris.

> > You also have to configure Qubes not to disable USB at boot time if
> your boot drive is USB. 

Ah, this is why it was not working for me! I shall try installing the OS
directly onto the USB drive and then make the clones from there. It
occurs that the USB isolation in Qubes is valuable and therefore running
a USB boot drive may not be sensible.

> If backup speed is the main issue, take a look at Wyng

I have installed this in Dom0 and made a backup, also using your helpful
instruction:


file: /lib/systemd/system-shutdown/10_root_snapshot.shutdown
```
#!/bin/sh
/usr/sbin/lvremove --noudevsync --force -An qubes_dom0/root-autosnap || true
/usr/sbin/lvcreate --noudevsync --ignoremonitoring -An -kn -pr -s
qubes_dom0/root -n root-autosnap
```

to enable snapshots of the root volume.

Incremental backups are indeed very fast and this is what I was looking
for. I need to build another box to run a test restore procedure.
Perhaps this could be scripted now.

Thanks again.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0102017048a34fe6-ae59d14a-83be-4a6f-9c8a-75c82255811d-00%40eu-west-1.amazonses.com.

Re: [qubes-users] Disk image backup - dd / partclone / clonezilla?

[General]

Procedure to restore from Wyng backup to a new install of Qubes.

These are the steps I followed.


1. Install Qubes 4.0.3 from ISO image.

2. In a disposable qube, download Chris' public key and git
verify-commit the wyng repo.

3. Copy wyng to Dom0 using qvm-run --pass-io and cat

4. Create a "backup" qube and mount the external drive containing the
wyng backup

5. Restore the images as follows:

a) list all the folders in the wyng repo

b) import each using --from and renaming to restored-${VMNAME}

c) for each lvrename the original volume (if present) to ${VMNAME}-old

d) lvrename each restored-${VMNAME} to ${VMNAME}

6. Restore the root snapshot to root-restored

7. Edit the xen.cfg in /boot replacing /dev/qubes_dom0/root with
/dev/qubes_dom0/root-restored

8. Umount everything and reboot


Unfortunately this did not lead to a working Qubes system for me. On
reboot, I enter the luks passphrase and the system does not load beyond
some Dracut messages. Perhaps it is wrong to use the root volume from a
different hardware configuration?

If so, what would be the Qubes/wyng way to restore a full system backup
to a new host?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0102017048776345-b05638d5-e5d6-4d14-abb7-cc143590fa9a-00%40eu-west-1.amazonses.com.