[qubes-users] Qubes Certified Desktop

[Anil]

I know there is at least one Qubes Certified Laptop.

Is there an analogous setup for Desktop? Or at least some desktop hardware
that can be setup in the same way as ThinkPad x230, with ME neutered etc.
and which is considered as suitable as x230? It could be an assembled
system perhaps? Or better, some older version of NUC or other mini PC?

I know Purism is selling a mini PC, but other than that.

Regards,

Anil Eklavya
-- 
अनिल एकलव्य
(Anil Eklavya)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAPfsu9BizQzXh53yf0%2BjJDF9HM_sA0cLJ6YH_M9T-qABokbaQ%40mail.gmail.com.

[qubes-users] Re: Fedora 30 approaching EOL, Fedora 31 TemplateVM available, Fedora 32 TemplateVM in testing

[seshu]

One question that just occured to me about upgrading the template VM's. 
Many of the comments and posts in this forum are assuming Qubes is 
installed on a laptop. I have it installed on a desktop, and my keyboard / 
mouse uses sys-usb. I need to have this appVM running to use the peripheral 
obviously. But, since the appVM is running, I can't update the templateVM?

Is their any workaround, or do I need to go get a ps/2 keyboard and then 
turn off sys-usb, update the template and then restart it? Is that the only 
option I have? IT seems like there could be a better way?

Thanks!

On Thursday, April 30, 2020 at 2:01:16 PM UTC, Andrew David Wong wrote:
>
> Dear Qubes Community, 
>
> This announcement includes several updates regarding Fedora TemplateVMs. 
>
> Fedora 30 approaching EOL 
> = 
>
> With the release of Fedora 32 on April 28, Fedora 30 is expected to 
> reach EOL (end-of-life) [1] on May 26, 2020. 
>
>
> Fedora 31 TemplateVM available 
> == 
>
> A new Fedora 31 TemplateVM is now available for both Qubes 4.0 and 4.1. 
> Instructions are available for upgrading Fedora TemplateVMs. [2]  We 
> also provide a fresh Fedora 31 TemplateVM package through the official 
> Qubes repositories, which you can get with the following commands (in 
> dom0). 
>
> Standard [3] Fedora 31 TemplateVM: 
>
> $ sudo qubes-dom0-update qubes-template-fedora-31 
>
> Minimal [4] Fedora 31 TemplateVM: 
>
> $ sudo qubes-dom0-update qubes-template-fedora-31-minimal 
>
> After upgrading to a Fedora 31 TemplateVM, please remember to switch all 
> qubes that were using the old template to use the new one. [5] 
>
>
> Fedora 32 TemplateVM in testing 
> === 
>
> For advanced users, a new Fedora 32 TemplateVM is currently available in 
> the `qubes-templates-itl-testing` repository for both Qubes 4.0 and 4.1. 
> We would greatly appreciate testing and feedback [6] from the community 
> regarding this template. 
>
>
> [1] https://fedoraproject.org/wiki/End_of_life 
> [2] https://www.qubes-os.org/doc/template/fedora/upgrade/ 
> [3] https://www.qubes-os.org/doc/templates/fedora/ 
> [4] https://www.qubes-os.org/doc/templates/minimal/ 
> [5] https://www.qubes-os.org/doc/templates/#switching 
> [6] https://www.qubes-os.org/doc/testing/#providing-feedback 
>
> This announcement is also available on the Qubes website: 
> https://www.qubes-os.org/news/2020/04/30/fedora-31-template-available/ 
>
> -- 
> Andrew David Wong (Axon) 
> Community Manager, Qubes OS 
> https://www.qubes-os.org 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69349c46-081f-4349-9534-586fd23f6491%40googlegroups.com.

Re: [qubes-users] Change CLI Screen Size / Resolution

[unman]

On Thu, Apr 30, 2020 at 11:51:59PM +, 'Zsolt Bicskey' via qubes-users wrote:
> > > If I install a standlone HVM linux server with no gui then how can I 
> > > change the screen size on it? By default it is way too small
> > 
> 
> > Try setting GRUB_GFXMODE and GRUB_GFXPAYLOAD_LINUX="keep" in grub.cfg
> 
> Those values are not present in the grub.cfg
> Did you want me to add those at the end of the file? 
> 

Why not search those terms? Then you can learn how to use them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200501012458.GA27128%40thirdeyesecurity.org.

Re: [qubes-users] Clipboard Copy Paste From HVMs

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, Apr 30, 2020 at 11:07:35PM +, Zsolt Bicskey wrote:
> So if I want to have the ability to use the clipboard from RHEL or CentOS or 
> Kali or any HVM other than Debin or Fedora then I would have to build the 
> entire OS from scratch with the Qubes Builder? I cannot just add a repo and 
> download a package that would make it work? 

No you wouldn't build the entire OS from scratch. The qubes-builder
builds the Qubes related packages and downloads all the other binaries
of an OS from their repos to build a respective template RPM. That 
means that after the builder ran you now have a template but also a
folder with all the Qubes specific packages. You can then copy those
packages and apply them to your HVM. 

Maybe I can best describe that based on my use case: Ubuntu

- - first I created a StandaloneVM names qubes-builder based on
  fedora-minimal
- - then I followed the instructions from the Qubes website to install the
  dependencies, clone the repository and run the setup scripts
- - next I build the actual Ubuntu bionic template 
- - again following the instructions from the Qubes website I then copied
  the resulting RPM into dom0 and installed the template

This last step you do only one time of course. Now you clone the
template, customize it, install apps...

Here is what I do every day:

- - in qubes-builder I do a git pull and if there are changes I rerun the
  setup script
- - then I run the make commands
- - when the build is done I use qvm-copy to copy the Qubes specific
  bionic packages to my sys-firewall (it runs an instance of webfs)
- - in sys-firewall I have a script that now copies the packages from
  QubesIncoming to the location webfs uses. The script also runs the
  reprepro command to prepare the additional info files required.
- - in my templates I added a file into /etc/apt/sources.list.d/ that
  points to the IP address of my sys-firewall (the webfs instance)
- - so now I can run a normal sudo apt update in my templates and all is
  good.

In summary: you use qubes-builder to build the Qubes related packages
and then copy / install them in your respective qube.

/Sven



- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6ra4cACgkQ2m4We49U
H7bnWQ/+IbFlPSxUt9jiUJ/Tm5F7F3JcideVhyH4NCfAcE1FwtiWPe0vjOthGn6N
dB0WLOl0tgyRfdbuGYfXCm92awjQFVg7/eaKIF+vP1dERkPBvoBog3oznQD6058Q
IcIaPRlmFgtWgteFWBhMLj6QEXb+fksVO1K+gG330IMro2tOqJkrADdZ3H7bZb+F
RV661o31OSYGqTD+ZMiy7NmZawF/eusOJXkRAGvL2u6kFC5XEhRmNONuEclHsdlS
6lOAPK0xQ81C1kQaDGXocXzJeiglAEWFTFWITEPM2iG2QjTLzR1wzABisaHT2KGc
1wUvAp+j6UL8mt1hgkCs4REzpICB7jMnUCYojUz3yQaOxAIpM0h1wkjosydm6bK2
VPVxOA8076rcuQYM31ItqKvSGehnoGZlBpObtn1OnWFIC0VgekNdattpqjceDd/u
UuR4a1Kd1WMUEGoIGIfuFfqSL72piFPWkWAHco2a2gusC5WKfPHJjjPyFXe310fs
mi2vpLkZsCKwkuOfN6M4S8KXUN8PnF5SpXa+3gRmOzxmOAXzqfNQV6KUtw7n88Sx
rE9paSrR+AZCngVkqbFNAuJVRzAWV5ilj0Df0FY4J9k1ypO/fJw0erCBqj4gtoCx
GZploPRwNWzYdyUuugCvN1Um93ZrSLtLsV0CkVKeRzgnbSjzqW4=
=DKP0
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200501002127.GA1302%40app-email-private.

Re: [qubes-users] Change CLI Screen Size / Resolution

['Zsolt Bicskey' via qubes-users]

> > If I install a standlone HVM linux server with no gui then how can I change 
> > the screen size on it? By default it is way too small
> 

> Try setting GRUB_GFXMODE and GRUB_GFXPAYLOAD_LINUX="keep" in grub.cfg

Those values are not present in the grub.cfg
Did you want me to add those at the end of the file? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/z-jbox2pHrjvQV-VL0Qcl4smc1sLRoNkrX0chQ-4FTzcvx8MQxI7Vuy4PnWbU-5iP0MjEsdf-JUHb34MMlxuw9mqzEi2T875-sQKatS9CCo%3D%40protonmail.com.


publickey - letmereadit@protonmail.com - 0xEE010E73.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Change CLI Screen Size / Resolution

[unman]

On Wed, Apr 29, 2020 at 06:37:42PM +, 'Zsolt Bicskey' via qubes-users wrote:
> If I install a standlone HVM linux server with no gui then how can I change 
> the screen size on it? By default it is way too small
> 

Try setting GRUB_GFXMODE and GRUB_GFXPAYLOAD_LINUX="keep" in grub.cfg

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430233515.GB25568%40thirdeyesecurity.org.

Re: [qubes-users] Clipboard Copy Paste From HVMs

[unman]

On Thu, Apr 30, 2020 at 11:07:35PM +, 'Zsolt Bicskey' via qubes-users wrote:
> 
> 
> 
> 
> 
> ? Original Message ?
> On Thursday, April 30, 2020 5:34 PM, Sven Semmler  
> wrote:
> 
> > On Thu, Apr 30, 2020 at 07:28:20PM +, Zsolt Bicskey wrote:
> > 
> 
> > > How can I install those qubes-core-agent packages?
> > 
> 
> > In case of Fedora, Debian/Whonix the Qubes project itself hosts the
> > respecitve repositories. The easiest way to discover them is to load a
> > Qubes provided template and inspect the /etc/dnf and /etc/apt
> > directories respectively.
> > 
> 
> > In case of other distributions (Ubuntu, CentOS, Archlinux) you will need
> > to have the qubes-builder[1] up and running and build them yourself.
> > 
> 
> > For Ubuntu unman offers a repository[2].
> > 
> 
> > You can also search the qubes-users[4] archive and see e.g. unman
> > guiding many including myself through their first steps. Personally I
> > very much like Ubuntu and build the packets myself and then serve them
> > up through a little webfs instance in my sys-firewall.
> > 
> 
> > > I have heard of those templates but haven't used them. Most of the 
> > > machines I installed had a specific reason/setup. Where can I find the 
> > > full list of available templates?
> > 
> 
> > On the Qubes OS website[3]. Please don't top post and always reply to
> > the list.
> > 
> 
> > /Sven
> > 
> 
> > [1] https://www.qubes-os.org/doc/qubes-builder/
> > [2] https://qubes.3isec.org/
> > [3] https://www.qubes-os.org/doc/templates/
> > 
> 
> > ---
> > 
> 
> > public key: https://www.svensemmler.org/0x8F541FB6.asc
> > fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
> 
> 
> Thank you Sven. This does not make much sense to me. Could you pleae help me 
> understand better? So if I want to have the ability to use the clipboard from 
> RHEL or CentOS or Kali or any HVM other than Debin or Fedora then I would 
> have to build the entire OS from scratch with the Qubes Builder? I cannot 
> just add a repo and download a package that would make it work? 

Unless someone is willing to host a repo then you have to build the
package yourself.
Note that qubes-builder is modular - you don't have to "build the
entire OS", you just make the package that you want.
You then have to get it in to the target qube to install it there.

Incidentally, you could try using Fedora packages in RHEL, and Debian in
Kali.  Kali is based on Debian testing so you need packages for bullseye.
Clone the target before you try so if it goes horribly wrong you can
simply recover.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430232830.GA25568%40thirdeyesecurity.org.

Re: [qubes-users] Clipboard Copy Paste From HVMs

['Zsolt Bicskey' via qubes-users]

‐‐‐ Original Message ‐‐‐
On Thursday, April 30, 2020 5:34 PM, Sven Semmler  wrote:

> On Thu, Apr 30, 2020 at 07:28:20PM +, Zsolt Bicskey wrote:
> 

> > How can I install those qubes-core-agent packages?
> 

> In case of Fedora, Debian/Whonix the Qubes project itself hosts the
> respecitve repositories. The easiest way to discover them is to load a
> Qubes provided template and inspect the /etc/dnf and /etc/apt
> directories respectively.
> 

> In case of other distributions (Ubuntu, CentOS, Archlinux) you will need
> to have the qubes-builder[1] up and running and build them yourself.
> 

> For Ubuntu unman offers a repository[2].
> 

> You can also search the qubes-users[4] archive and see e.g. unman
> guiding many including myself through their first steps. Personally I
> very much like Ubuntu and build the packets myself and then serve them
> up through a little webfs instance in my sys-firewall.
> 

> > I have heard of those templates but haven't used them. Most of the machines 
> > I installed had a specific reason/setup. Where can I find the full list of 
> > available templates?
> 

> On the Qubes OS website[3]. Please don't top post and always reply to
> the list.
> 

> /Sven
> 

> [1] https://www.qubes-os.org/doc/qubes-builder/
> [2] https://qubes.3isec.org/
> [3] https://www.qubes-os.org/doc/templates/
> 

> ---
> 

> public key: https://www.svensemmler.org/0x8F541FB6.asc
> fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6


Thank you Sven. This does not make much sense to me. Could you pleae help me 
understand better? So if I want to have the ability to use the clipboard from 
RHEL or CentOS or Kali or any HVM other than Debin or Fedora then I would have 
to build the entire OS from scratch with the Qubes Builder? I cannot just add a 
repo and download a package that would make it work? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/m5wLkXf8R7PluHBIWFjTSi8aThygN7sZrBwxtyJDkWLmm7wK75AUy85OesaP0OGtEt5qg0Zxpneq3BIpHfZ_u7UCkE6WTw1yTkTwf-PKqdY%3D%40protonmail.com.


publickey - letmereadit@protonmail.com - 0xEE010E73.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] How To Make Windows10 To A Disposable VM Template

['Zsolt Bicskey' via qubes-users]

This is it! Thank you very much. This is incredible. 





‐‐‐ Original Message ‐‐‐
On Thursday, April 30, 2020 6:36 PM, Sven Semmler  wrote:

> On Thu, Apr 30, 2020 at 07:22:32PM +, Zsolt Bicskey wrote:
> 

> > It is a standalone VM installed from an ISO. That's only way I knew how to 
> > install a Windows VM. Is there any other way?
> 

> There are many ways. Searching the mailing list archive will illuminate
> that for you.
> 

> You might be in luck if you installed the windows qube without QWT and
> have not moved the profile folder to the private volume (QWT does that
> automatically, otherwise you'd know you've done it). In that case you
> could simply run:
> 

> qvm-clone --class TemplateVM standalone-win template-win
> qvm-create --template template-win --label red dvm-win
> 

> Now if you run dvm-win is is effectively a dispvm since everytime you
> restart the root volume get's restored from the TemplateVM.
> 

> Would that work for you?
> 

> Also: please use the "Reply all" function to make sure your emails are
> posted to the list.
> 

> /Sven
> 

> 
> 

> public key: https://www.svensemmler.org/0x8F541FB6.asc
> fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/xMq24G7sMnmi4s891K96vc9G19MgBQ0Rn_8IGkbeYGI-LDRkUiluHchcwYC59w7VlIJCT11q2WTUdmAiUyxHLiBimWRzWvdmfR9lSeTAEeA%3D%40protonmail.com.


publickey - letmereadit@protonmail.com - 0xEE010E73.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] How To Make Windows10 To A Disposable VM Template

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, Apr 30, 2020 at 07:22:32PM +, Zsolt Bicskey wrote:
> It is a standalone VM installed from an ISO.  That's only way I  knew how to 
> install a Windows VM. Is there any other way? 

There are many ways. Searching the mailing list archive will illuminate
that for you.

You might be in luck if you installed the windows qube without QWT and
have not moved the profile folder to the private volume (QWT does that
automatically, otherwise you'd know you've done it). In that case you
could simply run:

qvm-clone --class TemplateVM standalone-win template-win
qvm-create --template template-win --label red dvm-win

Now if you run dvm-win is is effectively a dispvm since everytime you
restart the root volume get's restored from the TemplateVM.

Would that work for you?

Also: please use the "Reply all" function to make sure your emails are
posted to the list.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rUwYACgkQ2m4We49U
H7bFeRAAvfI48ZsZBMynyy0s9fxygckl+/4obyAwdomOUDmUEG3ROKNFDxfLkDiO
fNUxJppWhMEWeBoCOxKnD8AZsb5gRxJ8vXHXrB+nyYOPu5KgJ6gncnnXFDB2t+se
gFxoKeCbmxc7U0Z+/WoibKZZoK8FXtAfpL20jzzY1YZrrnfL+Ff9YqmKj7T9FEZL
ruenKZr9sPeUOj62PWH3j6BE2MxHlbn9ojZ1A5xt0oYstTXIIrsda8cHnVhnOqL5
LsLK195mN2PGxr3p+X6GW+p2ykvjyxKPgKi8YzysuDTrUywPyqmSBJKI/ADNTwEv
CwWaxTnJCNB/9/m0zReI/9vt6LKMDB/s2YgX4a77UBKgDInAVo4jLtIRGsvkibik
2z+8aKUthrYhmNR10Uerqf4k2Tw4+vJOuEX+fvmLStTrmJNWpKIo9+CwAJMmW+ei
SMPVp8VZ7X6DlBwbhxKfaikla69MJxt9r0GtibHLFb0c7DOb/46KXvIJyIKuAYcx
H+pXnfEpPEzzpH9yqkYfYmOdKVUSk6hRTi7r5d/2DD3HmhAHKFU1+51t+jM5w5FK
NeJ9F+CxOU0OKMmo6rIJ5oUE189jkQHzmq2f/hTYBEAJ6aN2jvpEa9dLLUeg1Pkh
t1dV4NEzmnv2CgfveWi/uTmBnExcjhDgfI6t+9beaPc3Zbt5BNo=
=INGl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430223654.GH1347%40app-email-private.

Re: [qubes-users] disp-vm firefox addons

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, Apr 30, 2020 at 02:31:08PM +0200, haaber wrote:
> Hello, I consider that a disp-vm should start with a fully equipped
> firefox, say having  noscript & some ad-blocker installed. But I am not
> sure how to do so: am I supposed to install them, say, inside my
> debian-10 template? Is that safe? Template-vm's have no direct i-net
> acces, so am I required to ship the .xpi file into in with qvm-copy?
> Something else / better to think of?  Cheers,  Bernhard

Your DispVM is based on a DispVM template, which in turn is an AppVM
based on a TemplateVM. In practice that means:

qvm-create --template fedora --label red web-dvm
qvm-prefs web-dvm template_for_dispvms true
qvm-features web-dvm appmenus-dispvm 1

This is what you already have. If you start e.g. [web-dvm] firefox from
your appmenu a new dispvm start with firefox. However, you can start the
dispvm template (not the TemplateVM!) from dom0 like this:

qvm-run -a web-dvm firefox &

... now you'll run firefox in the dispvm template and can configure it.
When done shutdown the dispvm template:

qvm-shutdown --wait web-dvm

If you now launch [web-dvm] firefox from your appmenu it will reflect
the changes you just made in the dispvm template.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rS8AACgkQ2m4We49U
H7abpxAAiY8sn5pCUQzlSTrcly1IR6S4zlSKl+dWj0zt/8dX7AQZ1LJtujFgTdcK
3bviPtw+OWQkcv5ag5P+M7ozNIjfMy1DVOE8nDmVNN5wAwZ36ALthlXD9WAsHd5j
HQqu0cCRoIgcVcc8U3YDmUaVuGRrCuqbdSZDtPsKkCP10UCtzfGolQ3kGAmE8aB+
vQTCQenCse8W+t4YcuFy7CuIbG9SH7q7AyanpIftU38DBdDiTVFSuRsocf0yGii+
Az7LnMuyOehwMBGg9rHl8fYPIDJC3EgLRInZcIchrwy8tC8YEwG6wwm2D/yhfphb
N3cTuRl2Qe6Lqp3OVeIYWkJkuscREu1vRrHm3O4DlLIUKFkl0SoEtH5dv3qCAzyD
3Dn0xDr94y+g971ODI5kuTYlxEOH7itcSWhewgaSZ/GCYS1Lh1EIE/s40F1xXIqW
8n+SYPF0IDJvOismqKSrRBgdC4sBRM6LAxzhWV7UhlcW4Xwt2mzpORWyDQse6o4O
mp5rQ4mFnzszK4XqnWs5GUbpXTlkCvDiXbbK/WawdxxnH6hKp2B19qPdPna7ByJx
Wkedf3tqRd41EbCVLR6NNisSwxLpqpavYblsZPrqWkgrYKRGKRj6+lMKWsZLbDz6
wG0sViL6lXFVgE4VMcOmP2+kS8/tGgjmByqNCmJMKoab4FZLAg8=
=MPxu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430220552.GG1347%40app-email-private.

Re: [qubes-users] Anyone here try VMware in place of QUBES?

[Catacombs]

Thanks for replying. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/405c7656-64d2-49d5-9336-a57defdad7f9%40googlegroups.com.

Re: [qubes-users] Anyone here try VMware in place of QUBES?

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, Apr 30, 2020 at 09:09:59AM -0700, Catacombs wrote:
> How much more Secure is what I do with QUBEs versus something like VMware.  

A lot. Xen is bare metal. Setting the BIOS/ME aside, as long as you keep
your dom0 clean and keep confidential information in qubes that are
always offline (have no netvm) all you have to worry about is people
with physical access including yourself and XEN virtualization escapes.

VMWare run on-top of another OS... game over. Anything that can happen
to your host OS whether it's FOSS or not happens to your VMs
(keyloggers, screen grabbers, network monitoring ... everything). 

I am fully aware you can make the same argument about the ME ... but
usable security is never absolut. So you got to pick your battles and
think about what you are protecting against. 

Qubes is definetly next level compared to everything else. 

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rSiMACgkQ2m4We49U
H7ao8A//Tj7Hp+yJBmZquISu20qxnQUNA+sfJOTANvJRthpnnIdhmdg15pL6Ox9y
vbEdvo7C/ArHlN+DHIMmNZ8csyrjjM6BFm6ywJ35cy7VO18wrZV/qmhFbg18d552
xyTBUVEOVO5J4AYndRNruIOfJqnAE6+09EDz1sQWv8JiMvYy2C6f9q/P0oKpWhzO
1aMzM1lerN9W4U0vyIPahJG9vdGc2sWlKcvYwxmioCk9+nCtsmBl4E/TkMhX2qUd
2qlbpNj5K9eBiibOLtyL/VXy1pF2wlrQQ+Ydth+tRykOeBwPrXUqHjjeLtvBPhil
dtZf8deqzhpQpT2ZDV6XKs8oXH6b/kKpJDLZqERugkKfyKhjUuKzHSwVTfXDJv+R
y/826u0ZDyjjLg7An5Fo6vFq2sN1Li+MpBuzK4+3Dm0JymwEWD3fSDXQP3dvf6ey
q9Nqq55zw/HhhKcECdquZs0SvDHUCPKxxyoNnjAST1hWsDmn9s2T42PI7D8O4QfH
hMR4suZNomCpp4Da5C73HAnUiNgh89l1VgxliXDB53H1MgJdWG6EQXSdvx7TKf1l
P5qHDapidWma9Df3lGLDMFYMQjBJ5dZt7ixLdpjaPJ83u81cWVC/ioJHw0G93/Mq
hlslIgh1o9r5u2zhXU83C+yEYxGdSPGqfrr3tz7xfUc9J4UTOcY=
=ag77
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430215859.GF1347%40app-email-private.

Re: [qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, Apr 29, 2020 at 10:26:15PM +0100, lik...@gmx.de wrote:
> Right. That was my 5th non-working attempt, because I get this error, when 
> trying to attach my USB controler from my Lenovo L380:
> 
> Start failed: internal error: Unable to reset PCI device :00:15.0: no 
> FLR, PM reset or bus reset available, see 
> /var/log/libvirt/libxl/libxl-driver.log for details:
> 2020-04-29 21:03:20.397+: libxl: 
> libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support reset 
> from sysfs for PCI device :00:14.0
> 
> How have you've chosen the correct USB controller?

I only got one. ;-) But it has the same issue yours has ... most of them
do. Try this:

qvm-pci attach win --persistent --option no-strict-reset=True dom0:00_15.0

Assuming your controller is dom0:00_15.0 and your qube is called 'win'.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rRjoACgkQ2m4We49U
H7YZDxAApxVpzqHJVD4YGTAT9g/fWzQCmT2xl7YOu4rrEc7ALCKmxN2oiyFbreBh
i8RTcb8EmoHv/A+iFtSpHrZFKAmj6hjg3mQyCDb0DTiUKNfpE+zs28JBuyDSQC6D
/mIcicvFK6v0kzBHdsRYY5xnlR4wh15W235roYxDnvWysO8+Opr1x0R2fxPPxRBi
EeBz0zMEOh3w+DzQWBVnaOTHSrU/2qGT3AMV6JHw7pHln0/nCYT19yTYSUbSM49q
nZGWpizrMhufyUXZwmv1fGV+yoIcpN3DQL3DvXjlXNVyQf7s+zF1BYdcPYKDTqwy
8Mc9t96R8vi4euak046hlOLk5mwm85znuURGY4rGtLTWIwS9OMfDECnNSWyktJza
HYEUruMExNgxpAGuZ6ehqj3EbV134jG/grsNIOpREWZclrtCxF/rKQl7VTgSo0Pj
sW/jxa8HdhKzCnzA2xS52mJLpxGvsbXfNozc2EO+HXKiQbQJ1HWmAsjCTa8rJmBT
0+HizIzoGi9zCDVG2Y/5xo9/alRQXhZIAPDPMAvuz8JcDXjduCOjq5sWYv1rJmK8
IwBJgcuGkmT+fRVcDJoqAm5I0RdVvzvDrYiSc4ZlG6A1j7mA6k4xfQwbv0FuO3GD
IueJdMpTxqZm2Nq3ghOboNM1KR0j4kvGN/gwCTycH1T2d/1HeNc=
=AG5l
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430214218.GE1347%40app-email-private.

Re: [qubes-users] Clipboard Copy Paste From HVMs

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Thu, Apr 30, 2020 at 07:28:20PM +, Zsolt Bicskey wrote:
> How can I install those qubes-core-agent packages?

In case of Fedora, Debian/Whonix the Qubes project itself hosts the
respecitve repositories. The easiest way to discover them is to load a
Qubes provided template and inspect the /etc/dnf and /etc/apt
directories respectively.

In case of other distributions (Ubuntu, CentOS, Archlinux) you will need
to have the qubes-builder[1] up and running and build them yourself.

For Ubuntu unman offers a repository[2].

You can also search the qubes-users[4] archive and see e.g. unman
guiding many including myself through their first steps. Personally I
very much like Ubuntu and build the packets myself and then serve them
up through a little webfs instance in my sys-firewall.

> I have heard of those templates but haven't used them. Most of the machines I 
> installed had a specific reason/setup. Where can I find the full list of 
> available templates? 

On the Qubes OS website[3]. Please don't top post and always reply to
the list.

/Sven

[1] https://www.qubes-os.org/doc/qubes-builder/
[2] https://qubes.3isec.org/
[3] https://www.qubes-os.org/doc/templates/

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rRG8ACgkQ2m4We49U
H7ZxbxAArhbws69R0xRK6POpdDksUfKgLMO2TXBoHjXKnhTL7LPojru1kXUBZ+op
iqvoBnaaHyq8fseJqg5gj9mfvFwzziQ7RuDZpPzKtgodT/VYQbN7iVb2/NdR1qDg
Ea5dQ4G/iuQdYQHdfjlAAZ8MMvX4npBmHpjoa+XogCV2bwqoqp0VPWbbSAZ8rxmK
vWLCEnAiD4c+An5jONavtLDOrph+G/i0b2cskOnil3zr2w0WUXp1cjyE1ScAT+Zm
1afAzSBm2ywunSjIDXJ5mxM/+mfTAHyTLVCPWpVLcbBY6mAOPGuUE+30uuIq1rBe
pJIoMdl0EAY2oFhDGo+jQTCyRaVnb4DL+IgJRr0ZdOhLs/fU5ujwyEo1dYE0WYUN
RjTKG1VwiaYsssYLt+yNpiyprOSCt3y+8yXjVF1rV7LzNW62iyBC3cmwF8sEwBH+
GOTt5k5oCF3dSTPTZeH6fRgFBUJrdKe4UhEO72fsswiACMbD95ZXjXPoDejKUiwy
J8cLJ21bd8ViKg6FNOMb7UAAO8mbRY183QvaP0m7mvpWdJIpJOktxfNy7j9+ME+z
lZSxTacZubgB4QrWSKOhlR81jGq7klN95pJKU008HySiL04wIpvT5ihXkqi1NF93
FlxDNo/NWPjxwOD6YXAkD5D1JA4JaqUyPZMFlXqv9MeSETPAwao=
=e40P
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430213439.GD1347%40app-email-private.

Re: [qubes-users] Clipboard Copy Paste From HVMs

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, Apr 29, 2020 at 06:12:44PM +, 'Zsolt Bicskey' via qubes-users wrote:
> I would like to have the ability to use the clipboard copy paste from any 
> machine. Obviously it's very easy with TemplateVM, or AppVM but I couldn't 
> figure it out how to make that happen when I install HVM from an ISO. I have 
> Debian, RHEL, Ubuntu, CentOS, and Windows 10 machines setup.
> 
> PS: I was able to install the Windows Tools on one of the Win10 HVMs but not 
> the other. Both were idential, actually clones of each other. So that's an 
> odd things too

Just as with your Windows qubes need the QWT installed the other Linux
installs need the qubes-core-agent* packages installed. I am unclear
which ones exactly are responsible for the copy & paste. You'd probably
need to digg into the qubes-builder to figure this out. 

Are you aware that there are qubes tempaltes for

- debian (jessie, stretch & buster)
- ubuntu (xenial & bionic)
- centos 7
- even archlinux

...?

qubes-builder is your friend ;-)

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rJQoACgkQ2m4We49U
H7apVQ//Wz9S34Oghb//g16JtwrwUT59f82f7YBnhVRRNTlWcA6XZ+tTQBVZ/840
29lDml3wsG0QZD8NpBcrziFvdYz0sn8xvyN+DZwySEHS1gm0IKUT9U9jkw3Armp1
gtf8oJodaytN5NHiyFIgU3PQNOLkzq8eyHFd9VnNknBmFHBtYfeb29QW6yaTNLhM
jSXCJ0+CrJI7dwndkCiCecyI5WkMQtqwrNgTAbN8W5AlLeI9bcFv/sJjLTz6EDr6
aDqwYINOds1fUdV5/J7NMQOnOs0tfwVKqUsfmzVHk5J+qbCaRm9Qoi1sTdT/4zKB
Mprujad7ORgVXNQFBnFYMbJ5kTFUbeaEpM1h+1H54Bhr2On/qgzWq/NLLIO3dOOJ
BFSDw6xM3Qte44esJE3Yc+P6HXBMMhapAe5QXruoz8qUYL2JBqzEBHQyje0wVdbm
VwvtDil5XAnRxRwWtlBO0twA2okdb9r5OkA6CYRl9FXZdPgwi0q149AoM++WPaS1
mmhhIXl30wwW6T36ntkHjgHApj1NqzMs2ZH2ImoL9KKW4phClwogZqIKwXyem8Ye
nFwmzlEwz9rR5YSlSBrsY2THWn5SlEr4v1fs/YuGtePvgap90VRoAWFO+4+IyXJF
Ncz4gCl8x9ZT6PPnXTyJZoBf8oA51knRCB6y7l5zZSIPci16uTs=
=1muW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430192042.GC1347%40app-email-private.

Re: [qubes-users] How To Make Windows10 To A Disposable VM Template

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, Apr 29, 2020 at 05:59:26PM +, 'Zsolt Bicskey' via qubes-users wrote:
> I have a Window 10 HVM installed. I want to to use it for Malware analysis. 
> Is there any way I can make a disposable VM template?

Is it a StandaloneVM or a Template based AppVM?

In case it is the later, have you set the template_for_dispvms property
to true?

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rIb8ACgkQ2m4We49U
H7aUxxAAtqFZzpgw57oyPPSf1pCko22M2hVp4LG2fVVHe3VOymuqQr1g3ZFAy/++
S+A1YO4fP0oZTxN1goSQSKWKVVhtxXJ6INKMK6IXvDDgYXOTjCmYzR/wsrYUSfW4
ginjef1mKLkkcKbIzhW31sNbRljxmJjKIOkFGQLwI3U3H8Xq/be6D5vXnQ76x7hu
8WKeVxB6UvBOeHRg046vjO2TI7VfDRxAWYzU3G2jgerqQefMFFN4TBt1+mh9gl3y
MMe3mTS/TMR8K+wSWurcsa3PkFI25uk6jf3p3D2dduCUGOCN1fwieUkpzf86UW0H
hvP9ERmaFnFUqagv6GoEvFTTjbt8Wx6vg6qf9FBUkk8YBeZ+lEMEcLY6uyEn+cxW
60yJWAD3mHOJaCUqOmC/P6AxNhpmPDM+v/BIF4DjwjXQcTw+qyp3fsGqLPKtACz3
KWcx4pY54h5iojpvmz2mmCNlzTX6svczAIR193BYk3ZU+ZjzfJfVqWnAcpshPJoF
vsWrhtf64encSErfYhZmQYEfqCC19O23BOZubMqyZgseKFY20ZynihKbSF1KDRnA
iJ/Rj77UmewYaZ0n6rXeT3Fp4p80OZdwBONQ0LW0N5niEAcWU3A8Isp3H+llnJD0
shLcq79CF/V0TFlciZwoSvUu4WoZSY3PSL6n1YcFzlwedl5sVm4=
=relF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430190639.GB1347%40app-email-private.

Re: [qubes-users] Kali rolling template can't find source to update.

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Wed, Apr 29, 2020 at 05:00:24PM +, lo...@threatmodel.io wrote:
> I followed the instructions for building a debian-based rolling Kali template 
> found at:
> https://www.qubes-os.org/doc/pentesting/kali/#templatevm-from-debian4_0
> 
> My qube was running well for a few months when suddenly I got the following 
> error when updating with  apt-get:
> 
> E: Can't find a source to download version '4.0.51-1+deb11u1' of 
> 'qubes-core-agent-passwordless-root:amd64'

Kali is a rolling distro and you have probably created the qube based on
Debian 10 (buster) and Kali has now moved on to Debian 11 (bullseye).
Also note that the above linked website contains a hint:

For installation based on Debian 10 stable, please note that the security 
repository of Debian testing has recently been renamed from /update to -security. To account for that change, 
execute the following command.

[user@kali ~]$ sudo sed -i 's/bullseye\/updates/bullseye-security/g' 
/etc/apt/sources.list

In any case I am pretty confident your issue is that the files in your
/etc/apt/sources.list point to buster instead of bullseye or to the
/update insead -security repo.

> I can't seem to find any similar issues online. Any advice is appreciated.

Also search qubes-issues on github. 

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6rIQcACgkQ2m4We49U
H7bxCRAA1SA65Vixf5qDMV0etYs3pEpPk6NIswaM9+2HuRCVGVovgRxEy8KIF/zW
4VDtK+JKkzDWs9QHZVq68fF5gJyNRnzxNYnE7onZ6vDYmP2MhyGNQDAvWXII+PDn
6pZAmrHIma77dXIfMQ8Kgx9gILfr7cx3lbLYKJxuSt8zbFFOr5HvYb0vSF96sZ+l
8N15Zm8pxlLjZhZHus1a/545N2vpI6/CG7TGKpKybzGgXAcr63wLkoJZ/6hOBS13
3LkchPQNxx/2BbVxR3618znmmEcOC6c6WmYRCxmhczkp2C67iH2elNq1zqG4LeK6
eHA5K1X4vQpg6Y5tKbvi09/FoPfEBio3iV7wsjxH8uwEc0jxGrGrMdgujhNjEcdu
qN0CMe9DPBgbeLw/r/KBshczajNyIpgILtBGUE0zDWT4PBAWvVBreFTm/oRopOVc
3qep0NxRkfM/fEmH6lfG4Nm4Begx0VJZPqIQTM8Nvh9Q4jprFFH7/8mu4ngeKZ5C
iWnAcUuq4sEf76H0rbzPdzMbVwAVymJR5iUbrdt8yaSUfyVQ2Yd5M4hxqFwyzn0w
rOF2IN8Z9wLg2HZ43MQPLIdM8Wajo7rlC3Rn+TmmnHc48WtvF5LMHawPkgqY9EsA
PBimKnaEvNoA+p0lJ59GzSnGvHk9733rSC7SwL0LwI9/GsoW/K0=
=+4gG
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200430190335.GA1347%40app-email-private.

Re: [qubes-users] How To Set Up Traffic Mirroring To Security Onion

[Aret]

Hi,

Duknow if make actual sense on Qubes, but i used the following 
successfully on XenServer/XCP-ng, inbound traffic is not visible to 
SecurityOnion otherwise as originally targetting the tapped network from 
my understanding:


https://blog.rootshell.be/2013/09/09/xenserver-port-mirroring/

Hope that helps,

Peace!


On 29/04/2020 15:28, 'Zsolt Bicskey' via qubes-users wrote:


I am building a lab inside QubesOS. I have two gateways, two 
firewalls. Behind the pentest-firewall I want all machines to see each 
other. Since I have both Win and Linux machines and for simplicity's 
sake I am doing this from the firewall.


On top of this I have a Security Onion running to capture all traffic 
internal to internal and internal to external. I have PolarProxy 
installed on it to decrypt HTTPS traffic 
(https://www.netresec.com/?page=Blog=2020-01=Sniffing-Decrypted-TLS-Traffic-with-Security-Onion)



*This rule opens up all internal communication on the pentest-firewall:*

iptables -I FORWARD -i vif+ -o vif+ -j ACCEPT

*These rules should forward all HTTPS to the Security Onion:*

iptables -A FORWARD -i eth0 -d 10.137.0.24 -p tcp --dport 10443 -m 
state --state NEW -j ACCEPT


iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to 
10.137.0.24:10443


iptables -t nat -A POSTROUTING -o eth0 -d 10.137.0.24 -p tcp --dport 
10443 -j MASQUERADE


*Important IPs/Details:*

SecurityOnion 10.137.0.24

Security Onion interface eth0

Firewall IP: 10.137.0.6

*QUESTION*

How can I set up full traffic mirroring to that Security Onion 
machine? It's easy with a physical switch but I cannot make it work 
with iptables. Please help.





--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78x2nonu3gggbCdEbEiYRDG03EeDX0TS7Uhd9wSTMo_FAf3wjmjIfP6i4Q8sKu5EmRxoKE-FsaLckb0zt_eOQGrtfC-ASPdg3r1hi8Oyepo%3D%40protonmail.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21956a8a-2bac-98e8-0bf9-455d5d2a40f6%40dofishswim.com.

Re: [qubes-users] Anyone here try VMware in place of QUBES?

[Catacombs]

On Thursday, April 30, 2020 at 11:09:59 AM UTC-5, Catacombs wrote:
>
> My apple is from 2009.  Which I upgraded until I got to Mac OS 10 Lion. 
>  One of the Apple tech support suggested to defer OS 10 updates as the 
> features added were for Syncing between different devices like IPhone, 
> IPad, ICloud, other Apple computers.  I would call them security holes. 
>  Besides Apple uses Broadcom for internet connection.  Not Foss.  And TAILS 
> says brooadcom  can not be spoofed.   
>
> My thought being to use Linux distro as the host.  Perhaps, pen testing.  
> A Linux Distro that has an extensive outgoing Firewall.  Then put VMware on 
> top of that, for $250.00.   
>
> But I am not anxious to do so if VMware is the total black box suggested 
> by poster.   
>
> I recall several years ago, a huge security hole, created in open source, 
> coding left to a group of enthusiasts, in Java.  A guy was begging not to 
> be banned for writing the security hole.  Pointing out his Patch had been 
> approved by very knowledgeable developers and he clearly had no intent to 
> create a security hole.   
>
> My point being open source and FOSS are not perfect.  Plus.  What no one 
> every talks about.  The NSA is one of the largest employers of 
> Mathematicians in the world.  I would guess the NSA is also one of the 
> biggest employers of really well trained Linux programmers.  That is. They 
> don’t, as Hollywood might suggests, hire their tech guys from script 
> kiddies who are in jail or probation.  They hire first rate minds who had 
> the work ethic to get a  Masters from places like MIT. USC.  First rate 
> Computer Science  programs.  These NSA tech guys are likely spending some 
> of their employers time in helping to fix Fedora, Debian, Perhaps Tails and 
> Qubes as well.   
>
> I am pretty sure China. China with the big C who is reputed to have a lot 
> of their who used computers in some way the government did not approve. 
> Such as, Telling the Truth of events.  Or just violating the big China 
> Firewall.  Big China has a large group of Linux programmers, who might be 
> helping Linux Distros as well.  Of course. In some small countries I 
> suspect their security services are not well trained computer specialists. 
>   Perhaps individuals who left schooling before middle school. But their 
> interrogation is more blunt bruising instruments. Heated objects.  Ropes. 
>  Cold water.   I might have gone to elementary school with some like that, 
> here in the US.
>
> Still China may have more qualified Linux programmers to pull apart Tor. 
> Tails. Qubes. Than their are qualified Linux people trying to make it work. 
>   
>
> There is another group of security concerns we never write about on the 
> Qubes site.  Our connection with the internet. Servers.  ISP software. 
> Server software.  Well actually we now hear of the 5G hazards.   
>
> How much more Secure is what I do with QUBEs versus something like VMware. 
>  Also assuming I am careful of how I use it.  That I have a formula to use. 
>  Reminding myself that “Encryption is more likely broken in Practice than 
> in Theory.”  That is. If we use poor techniques. Then all the encryption 
> available will not help us.   
>
> All that said. I will continue to use QUBEs. Because at least they try.   
>
> But another question obvious to many experienced QUBEs users.  Why Fedora 
> is emphasized over.  Say CentOS. Which is supposed to be the same as Red 
> Hat, CentOS having a delay in implementation?  Or a very limited hardened 
> Debian?


 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a84b7ad5-a2eb-4581-8eae-01ed7d0c4143%40googlegroups.com.

Re: [qubes-users] Anyone here try VMware in place of QUBES?

[Catacombs]

My apple is from 2009.  Which I upgraded until I got to Mac OS 10 Lion.  One of 
the Apple tech support suggested to defer OS 10 updates as the features added 
were for Syncing between different devices like IPhone, IPad, ICloud, other 
Apple computers.  I would call them security holes.  Besides Apple uses 
Broadcom for internet connection.  Not Foss.  And TAILS says can not be 
spoofed.  

My thought being to use Linux as a host.  Perhaps, pen testing.  Linux that has 
an extensive outgoing Firewall.  Then put VMware on top of that, for $250.00.  

But I am not anxious to do so if VMware is the total black box suggested by 
poster.  

I recall several years ago, a huge security hole, created in open source, 
coding left to a group of enthusiasts.  A guy was begging not to be banned for 
writing the security hole.  Pointing out his Patch had been approved by very 
knowledgeable developers and he clearly had no intent to create a security 
hole.  

My point being open source and FOSS are not perfect.  Plus.  What no one every 
talks about.  The NSA is one of the largest employers of Mathematicians in the 
world.  I would guess the NSA is also one of the biggest employers of really 
well trained Linux programmers.  That is. They don’t, as Hollywood might 
suggest hire their tech guys from script kiddies who are in jail or probation.  
They hire first rate minds who have Masters from places like MIT. USC.  First 
rate CS programs.  These NSA tech guys are likely spending some of their 
employers time in helping to fix Fedora, Debian, Perhaps Tails and Qubes as 
well.  

I am pretty sure China. China with the big C who is reputed to have a lot of 
folks who used computers in some way the government did not approve. Telling 
the Truth of events.  Or just violating the big China Firewall.  Of course. In 
some small countries I suspect their security services are not well trained 
computer specialists.   Perhaps individuals who left schooling before middle 
school. But their interrogation is more blunt bruising instruments. Heated 
objects.  Ropes.  Cold water.  


Still China may have more qualified Linux programmers to pull apart Tor. Tails. 
Qubes. Than their are qualified Linux people trying to make it work.  

There is another group of security concerns we never write about on the Qubes 
site.  Our connection with the internet. Servers.  ISP software. Server 
software.  Well actually we now hear of the 5G hazards.  

How much more Secure is what I do with QUBEs versus something like VMware.  
Also assuming I am careful of how I use it.  That I have a formula to use.  
Reminding myself that “Encryption is more likely broken in Practice than in 
Theory.”  That is. If we use poor techniques. Then all the encryption available 
will not help us.  

All that said. I will continue to use QUBEs. Because at least they try.  

But another question obvious to many experienced QUBEs users.  Why Fedora is 
emphasized over.  Say CentOS. Which is supposed to be the same as RedHat, with 
delay in implementation?  Or a very limited hardened Debian?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e5bf794-3515-439e-9302-c56ce0f68cf9%40googlegroups.com.

[qubes-users] fastboot in qubes

[taran1s]

Does anyone have an experience with flashing the android phone with new
OS, like GrapheneOS on Pixel 3 XL for example with QubesOS? If you do,
how did you do that?

-- 
Kind regards
taran1s

gpg: 12DDA1FE5FB39C110F3D1FD5A664B90BD3BE59B3

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55f88632-9a80-1999-065f-c6b7e6c063d3%40mailbox.org.


0xA664B90BD3BE59B3.asc
Description: application/pgp-keys

Re: [qubes-users] Anyone here try VMware in place of QUBES?

[Steve Coleman]

On Wed, Apr 29, 2020, 11:03 PM Catacombs  wrote:

> I have used VMware on a Mac.  I do not the idea of OS X being the base of
> my security,  however like they say about a lot of Apple, it just works.
>

I have to ask why you reject  OSX for being the base of your security?
Because you can not audit the code? No way to be sure if you can trust it?
Then there is no difference then between OSX and VMware.

Xen was chosen because it is both small in size (comparatively) and open
source and is therefore auditable. You know what it will do when you use
it. With VMware its just you trusting a black box, and you have no way to
know what its doing under the hood without reverse engineering the binary
code.

That is why Qubes uses Xen instead.


You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/fc43c85d-4cde-4607-927d-5adc8d057b8e%40googlegroups.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ5FDng5sfpCE3iEi5mYN8_5yBzzTpZbJSpjWHAZEPGX34%3DLbg%40mail.gmail.com.

[qubes-users] Fedora 30 approaching EOL, Fedora 31 TemplateVM available, Fedora 32 TemplateVM in testing

[Andrew David Wong]

Dear Qubes Community,

This announcement includes several updates regarding Fedora TemplateVMs.

Fedora 30 approaching EOL
=

With the release of Fedora 32 on April 28, Fedora 30 is expected to
reach EOL (end-of-life) [1] on May 26, 2020.


Fedora 31 TemplateVM available
==

A new Fedora 31 TemplateVM is now available for both Qubes 4.0 and 4.1.
Instructions are available for upgrading Fedora TemplateVMs. [2]  We
also provide a fresh Fedora 31 TemplateVM package through the official
Qubes repositories, which you can get with the following commands (in
dom0).

Standard [3] Fedora 31 TemplateVM:

$ sudo qubes-dom0-update qubes-template-fedora-31

Minimal [4] Fedora 31 TemplateVM:

$ sudo qubes-dom0-update qubes-template-fedora-31-minimal

After upgrading to a Fedora 31 TemplateVM, please remember to switch all
qubes that were using the old template to use the new one. [5]


Fedora 32 TemplateVM in testing
===

For advanced users, a new Fedora 32 TemplateVM is currently available in
the `qubes-templates-itl-testing` repository for both Qubes 4.0 and 4.1.
We would greatly appreciate testing and feedback [6] from the community
regarding this template.


[1] https://fedoraproject.org/wiki/End_of_life
[2] https://www.qubes-os.org/doc/template/fedora/upgrade/
[3] https://www.qubes-os.org/doc/templates/fedora/
[4] https://www.qubes-os.org/doc/templates/minimal/
[5] https://www.qubes-os.org/doc/templates/#switching
[6] https://www.qubes-os.org/doc/testing/#providing-feedback

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2020/04/30/fedora-31-template-available/

-- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9f1e15b-8fdb-984c-1cea-476005ccdda7%40qubes-os.org.

[qubes-users] disp-vm firefox addons

[haaber]

Hello, I consider that a disp-vm should start with a fully equipped
firefox, say having  noscript & some ad-blocker installed. But I am not
sure how to do so: am I supposed to install them, say, inside my
debian-10 template? Is that safe? Template-vm's have no direct i-net
acces, so am I required to ship the .xpi file into in with qvm-copy?
Something else / better to think of?  Cheers,  Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f242c230-7a83-346d-6cce-c2a00cd38423%40web.de.

Re: [qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

[Jarrah]

> Right. That was my 5th non-working attempt, because I get this error,
> when trying to attach my USB controler from my Lenovo L380:
>
> Start failed: internal error: Unable to reset PCI device :00:15.0:
> no FLR, PM reset or bus reset available, see
> /var/log/libvirt/libxl/libxl-driver.log for details:
> 2020-04-29 21:03:20.397+: libxl:
> libxl_pci.c:1202:libxl__device_pci_reset: The kernel doesn't support
> reset from sysfs for PCI device :00:14.0
>
This will be an issue with the controller not respecting PCI reset. try
with `-o no-strict-reset`. This is less secure, theoretically some state
from the original VM/dom0 can persist to the new VM. In practice, it is
up to your judgement. See `man qvm-pci` for more info.
> How have you've chosen the correct USB controller?
Usually I'll pick a controller, assign it to a VM with no USB devices
attached to any ports and see which ports are assigned to the VM by
plugging a trusted device in. It's not easy to match them.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e9866ca-5952-15fc-b94d-8613f2fafa4e%40undef.tools.