Re: [qubes-users] QUBES 3.2 taskbar icons are useless - they only show padlock icon
Hi, Not sure if he meant taskbar or application menu, but on a perhaps related note, I recently changed my taskbar to switch between 'activities' rather than applications. I have found it quite intuitive to basically have an activity for each VM, so I can effectively switch between VMs as if they were different desktops. Whilst it's still useful to be able to have VM's share the screen (particularly when only a couple of applications are open), it would be good if the applications could open on a predefined activity, rather than just the active activity (screen). I could then always adjust the activity (screen) by right-clicking the title bar on occasion, but with the current setup I need to control all the activity assignments manually every time I want to open a program. Is there a better way to work with Activities in KDE/Qubes? Another thought I had was whether it was worth grouping entries in the application bar by application, rather than by VM. Note: This was more relevent when I was on XCFE whereas now I'm just using KDE and the search box kind of makes this a non-issue. Ben -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/591fae32-6461-41e5-a7c1-221395ef03e9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Do I need a /boot partition if I use /boot/efi?
So this could be on my end. But in 3.1 I have to install /boot and /boot/efi. Otherwise it would not let me install. It does boot which is cool. On 3.2 I can install /boot or /boot/efi, or both, and it won't boot(cant find the drive). Tomorrow I will try and update 3.1 kernel to 3.2 and see if it still works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23f51333-88f3-4024-9124-90922c3c0e6f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to log all the websites accessed by a VM
On 07/25/2016 02:20 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 03:14:02PM -0300, Franz wrote: ok now it works, it outputted a list of addresses. But I have to paste this list on firewall rules of that VM and this is on Qubes Manager that is on Dom0, so normal copy paste between VMs does not work. I can only imagine of writing the addresses on a text file, then copying the file to Dom0, using qvm-run --pass-io 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 opening the file in Dom0 (which seems half prohibited) and finally copying the adresses to Qubes Manager. Otherwise I'll have to digit manually the addresses to Qubes Manager. Which is the suggested way to do that? Personally I do some thing like: qvm-run --pass-io 'cat output-of-that-command' Then copy selected lines into shell (those are ready commands to add firewall entries). - -- A less tedious method to get a somewhat similar effect is to install 'HTTPS Everywhere' extension in Firefox and turn on the "block all unencrypted" feature. Then create some bookmarks for the (HTTPS) sites you wish to use. You can control it further by adding the 'Request Policy' extension and use it to whitelist the 3rd party sites as you encounter them (the extension will remember your choices). Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e5029f2-82b6-2c03-36d6-40d1bd181357%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can't start hvm with a cdrom
On 25/07/16 22:17, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 10:06:56PM +0200, john.david.r.smith wrote: On 25/07/16 21:56, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 09:11:03PM +0200, john.david.r.smith wrote: hi. i want to install windows 8 in an hvm (so i can update it). but somehow i can't start the vm with an iso. (see output below) [user@dom0 ~]$ qvm-start w8 --cdrom=data:/home/user/w8.iso --> Loading the VM (type = HVM)... Traceback (most recent call last): File "/usr/bin/qvm-start", line 131, in main() File "/usr/bin/qvm-start", line 115, in main xid = vm.start(verbose=options.verbose, preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, notify_function=tray_notify_generic if options.tray else None) File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 326, in start return super(QubesHVm, self).start(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 1901, in start self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in createWithFlags if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self) libvirt.libvirtError: internal error: libxenlight failed to create new domain 'w8' what am i doing wrong? i tried different isos, but the error is the same. i get the same error, if i try to attach a nonexistent file. (but starting the vm without an iso works (the vm starts and then shuts down, since there is no bootable medium)) any idea how i can fix this? Are you sure the path is correct? If so, check /var/log/libvirt/libxl/libxl-driver.log for more details. i am pretty sure the path is correct: [user@data ~]$ ls -l /home/user/w8.iso -rwxrwxrwx 1 user user 3758010368 Sep 16 2013 /home/user/w8.iso in libxl-driver.log are more details, but nothing i understand 2016-07-25 22:01:39 CEST libxl: error: libxl_dm.c:1671:stubdom_xswait_cb: Stubdom 21 for 20 startup: startup timed out 2016-07-25 22:01:39 CEST libxl: error: libxl_create.c:1339:domcreate_devmodel_started: device model did not start: -9 Stubdomain startup timeout. Probably something wrong with that 'data' domain which serves as a backend for your iso image. Is the 'data' domain based on minimal template? If so, install perl there. Also check if you have xen-blkback kernel module loaded. If none of this helps, check /var/log/xen/xen-hotplug.log in data VM and /var/log/xen/console/guest-w8-dm.log in dom0. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXlnPoAAoJENuP0xzK19cs8loH/ApbUQXfNmB/7bpN5fPWB9Tl wMBShn8piejQakQE11gFF8xGrF+C1LtFN6jELYyMRE6XBh65WVks3R/8MAI/N8PH 3LuM2maaaANu8Vx+zVXKBKnU8aR6vzfyKU/QXR/kSnwvTN9vSS27+Jdkb8fmhxJ1 yUIbPzji9AjuQ7HAxLWtsqEApfL9mnSGM7pkqDBZpO/29LlauqilmREw3YvDutMz xWQvk9D6t+Jy5H4oR7owFVAd+/5bRR3iZurgZZY5NA3thqsDN8rx2/Yt4xJDHb+k Xdg4LSTUxCeae7vJJqDdqX/CskEBL2zFHA8WIc0YlWRFFiNwSOzgHQSEwI/kQGg= =bWUQ -END PGP SIGNATURE- yes it was a minimal template. i installed perl and now it works. (the kernel module is loaded, too) thanks a lot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ce1cb40e-91db-a353-76d2-4f94bb8670fb%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VPN Link Up, NetVM set to VpnVM but AppVMs still don't have net access?
On Thursday, July 21, 2016 at 9:41:57 PM UTC+12, gaikokuji...@gmail.com wrote: > On Wednesday, July 20, 2016 at 4:17:32 PM UTC-8, Chris Laprise wrote: > > On 07/20/2016 02:59 PM, gaikokujinkyofu...@gmail.com wrote: > > > On Saturday, July 16, 2016 at 5:09:48 PM UTC-4, gaikokuji...@gmail.com > > > wrote: > > >> > > >> I tried the 'sudo iptables -L -v -t nat' anyway and to be honest I am > > >> not sure I understand the output: > > >> > > >> [user@VPN ~]$ sudo iptables -L -v -t nat > > >> Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) > > >> pkts bytes target prot opt in out source > > >> destination > > >> 0 0 PR-QBS all -- anyany anywhere > > >> anywhere > > >> 0 0 PR-QBS-SERVICES all -- anyany anywhere > > >> anywhere > > >> > > >> Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > > >> pkts bytes target prot opt in out source > > >> destination > > >> > > >> Chain OUTPUT (policy ACCEPT 432 packets, 30668 bytes) > > >> pkts bytes target prot opt in out source > > >> destination > > >> > > >> Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) > > >> pkts bytes target prot opt in out source > > >> destination > > >> 0 0 ACCEPT all -- anyvif+anywhere > > >> anywhere > > >> 3 192 ACCEPT all -- anylo anywhere > > >> anywhere > > >> 12 812 MASQUERADE all -- anyany anywhere > > >> anywhere > > >> > > >> Chain PR-QBS (1 references) > > >> pkts bytes target prot opt in out source > > >> destination > > >> 0 0 DNAT udp -- anyany anywhere > > >> 10.137.4.1 udp dpt:domain to:10.137.2.1 > > >> 0 0 DNAT tcp -- anyany anywhere > > >> 10.137.4.1 tcp dpt:domain to:10.137.2.1 > > >> 0 0 DNAT udp -- anyany anywhere > > >> 10.137.4.254 udp dpt:domain to:10.137.2.254 > > >> 0 0 DNAT tcp -- anyany anywhere > > >> 10.137.4.254 tcp dpt:domain to:10.137.2.254 > > >> > > >> Chain PR-QBS-SERVICES (1 references) > > >> pkts bytes target prot opt in out source > > >> destination > > > Hi, I don't think I am using Network Manager to connect, that is I went > > > only by the Qubes VPN wiki but while trying to diag the problem I read > > > about /etc/resolv.conf in some other doc while searching so thought I'd > > > try (obviously no luck). > > > > > > As for the sudo sg qvpn -c ping whateversite, does returning one thing > > > back and hanging count for anything? I am thinking not as I am not able > > > to connect to the net via the VpnVM. > > > > > > Any thoughts on the DNS dnat rules? > > > > Pinging from my vpn vm is probably the same as yours, now that I've > > checked it: I get a DNS response but the pings themselves aren't permitted. > > > > I think the real problem is shown in your PR-QBS chain above. You see > > that the 'to' addresses on the right are still pointing to a Qubes > > internal subnet '10.137.x.x'. Something about the DHCP fetching of your > > DNS servers or the way qubes-vpn-handler.sh is executing is not working. > > You can verify this by taking the IP address for 'whateversite' and > > pinging it from your appvm (connected to vpn vm)... that should work > > even though DNS doesn't. > > > > Cause of the problem should be a misconfigured .ovpn (the 3 lines for > > scripting) or the qubes-vpn-handler.sh script itself can't execute > > because the execute flag is not set, or the shebang at the start was > > left out, etc. > > > > Chris > > well you are right about being able to ping an IP from the appvm that is > connected to the vpnvm, it works fine. > > As for the misconfigured .opvn I can't make heads or tails of that as the > first time I just used the exact same file that I had backed up, I rechecked > it and I think its ok (I also got a new pre-configured one from my vpn > provider, c/p the needed edits in, and still get the same error). I checked > the permissions user of the two files and I think they are ok? > > -rw-r--r-- 1 root root 423 Jul 21 21:28 openvpn-client.ovpn > -rwxr-xr-x 1 root root 1089 Jul 10 21:15 qubes-vpn-handler.sh > > I didn't quite follow you about the shebang? What parts at the begining do > you think might have been left out? Are you refering to the configuration of > the VM when I was creating it? (like setting as a proxyvm etc?) The last three lines you refered to, of the .ovpn, I believe I added as the Qubes VPN doc instructed, anyway I just c/p'd from the .ovpn I have: script-security 2 up 'qubes-vpn-handler.sh up' down 'qubes-vpn-handler.sh down' Is that what you were referring to? -- You received this message
Re: [qubes-users] can't start hvm with a cdrom
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 10:06:56PM +0200, john.david.r.smith wrote: > On 25/07/16 21:56, Marek Marczykowski-Górecki wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Mon, Jul 25, 2016 at 09:11:03PM +0200, john.david.r.smith wrote: > > > hi. > > > i want to install windows 8 in an hvm (so i can update it). > > > but somehow i can't start the vm with an iso. (see output below) > > > > > > [user@dom0 ~]$ qvm-start w8 --cdrom=data:/home/user/w8.iso > > > --> Loading the VM (type = HVM)... > > > Traceback (most recent call last): > > > File "/usr/bin/qvm-start", line 131, in > > > main() > > > File "/usr/bin/qvm-start", line 115, in main > > > xid = vm.start(verbose=options.verbose, > > > preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, > > > notify_function=tray_notify_generic if options.tray else None) > > > File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", > > > line 326, in start > > > return super(QubesHVm, self).start(*args, **kwargs) > > > File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", > > > line 1901, in start > > > self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED) > > > File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in > > > createWithFlags > > > if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', > > > dom=self) > > > libvirt.libvirtError: internal error: libxenlight failed to create new > > > domain 'w8' > > > > > > what am i doing wrong? > > > i tried different isos, but the error is the same. > > > i get the same error, if i try to attach a nonexistent file. (but starting > > > the vm without an iso works (the vm starts and then shuts down, since > > > there > > > is no bootable medium)) > > > > > > any idea how i can fix this? > > > > Are you sure the path is correct? If so, check > > /var/log/libvirt/libxl/libxl-driver.log for more details. > > i am pretty sure the path is correct: > > [user@data ~]$ ls -l /home/user/w8.iso > -rwxrwxrwx 1 user user 3758010368 Sep 16 2013 /home/user/w8.iso > > in libxl-driver.log are more details, but nothing i understand > > 2016-07-25 22:01:39 CEST libxl: error: libxl_dm.c:1671:stubdom_xswait_cb: > Stubdom 21 for 20 startup: startup timed out > 2016-07-25 22:01:39 CEST libxl: error: > libxl_create.c:1339:domcreate_devmodel_started: device model did not start: > -9 Stubdomain startup timeout. Probably something wrong with that 'data' domain which serves as a backend for your iso image. Is the 'data' domain based on minimal template? If so, install perl there. Also check if you have xen-blkback kernel module loaded. If none of this helps, check /var/log/xen/xen-hotplug.log in data VM and /var/log/xen/console/guest-w8-dm.log in dom0. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXlnPoAAoJENuP0xzK19cs8loH/ApbUQXfNmB/7bpN5fPWB9Tl wMBShn8piejQakQE11gFF8xGrF+C1LtFN6jELYyMRE6XBh65WVks3R/8MAI/N8PH 3LuM2maaaANu8Vx+zVXKBKnU8aR6vzfyKU/QXR/kSnwvTN9vSS27+Jdkb8fmhxJ1 yUIbPzji9AjuQ7HAxLWtsqEApfL9mnSGM7pkqDBZpO/29LlauqilmREw3YvDutMz xWQvk9D6t+Jy5H4oR7owFVAd+/5bRR3iZurgZZY5NA3thqsDN8rx2/Yt4xJDHb+k Xdg4LSTUxCeae7vJJqDdqX/CskEBL2zFHA8WIc0YlWRFFiNwSOzgHQSEwI/kQGg= =bWUQ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160725201744.GQ32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] can't start hvm with a cdrom
On 25/07/16 21:56, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 09:11:03PM +0200, john.david.r.smith wrote: hi. i want to install windows 8 in an hvm (so i can update it). but somehow i can't start the vm with an iso. (see output below) [user@dom0 ~]$ qvm-start w8 --cdrom=data:/home/user/w8.iso --> Loading the VM (type = HVM)... Traceback (most recent call last): File "/usr/bin/qvm-start", line 131, in main() File "/usr/bin/qvm-start", line 115, in main xid = vm.start(verbose=options.verbose, preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, notify_function=tray_notify_generic if options.tray else None) File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 326, in start return super(QubesHVm, self).start(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 1901, in start self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in createWithFlags if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self) libvirt.libvirtError: internal error: libxenlight failed to create new domain 'w8' what am i doing wrong? i tried different isos, but the error is the same. i get the same error, if i try to attach a nonexistent file. (but starting the vm without an iso works (the vm starts and then shuts down, since there is no bootable medium)) any idea how i can fix this? Are you sure the path is correct? If so, check /var/log/libvirt/libxl/libxl-driver.log for more details. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXlm7wAAoJENuP0xzK19cscLkH/RyMDckqkNrP4P2WjN9gt7Hb bS7pR+dFQdri9lTAG0iDJsUaq7uKhtWm7I6N50xHOBLCTkNAUSC0dSWQT+pUCsyx x1feNrRONyDuQajtnpp5in4UUSsadkxGH/kRCFbZ5Y+XojvImfWZh68ar5doC3N3 ZjQr6y8XU94FTYplUQvVKQxFMzv2LbBPHv3R+Y0GynFck3jUQCXGH0/mfcCtirIF qmUk26hP59bOmGCnjw4ZRp68kXSSjBYIrkvroanBGryTyZgbJtzIja6AtFI6mrtC w4HP/RBb/tOzokGrbTY9L8816ZAm2g3r8I7aAHH7R5Gjw9BQWNlMjr0vtMyrLKM= =8+vV -END PGP SIGNATURE- i am pretty sure the path is correct: [user@data ~]$ ls -l /home/user/w8.iso -rwxrwxrwx 1 user user 3758010368 Sep 16 2013 /home/user/w8.iso in libxl-driver.log are more details, but nothing i understand 2016-07-25 22:01:39 CEST libxl: error: libxl_dm.c:1671:stubdom_xswait_cb: Stubdom 21 for 20 startup: startup timed out 2016-07-25 22:01:39 CEST libxl: error: libxl_create.c:1339:domcreate_devmodel_started: device model did not start: -9 2016-07-25 22:01:39 CEST libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: /etc/xen/scripts/block remove [10827] exited with error status 1 2016-07-25 22:01:39 CEST libxl: error: libxl_device.c:1084:device_hotplug_child_death_cb: script: /etc/xen/scripts/block failed; error detected. 2016-07-25 22:01:39 CEST libxl: error: libxl_exec.c:118:libxl_report_child_exitstatus: /etc/xen/scripts/block remove [10819] exited with error status 1 2016-07-25 22:01:39 CEST libxl: error: libxl_device.c:1084:device_hotplug_child_death_cb: script: /etc/xen/scripts/block failed; error detected. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bed72892-8cc5-586d-b820-3cd97cb231f4%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] can't start hvm with a cdrom
hi. i want to install windows 8 in an hvm (so i can update it). but somehow i can't start the vm with an iso. (see output below) [user@dom0 ~]$ qvm-start w8 --cdrom=data:/home/user/w8.iso --> Loading the VM (type = HVM)... Traceback (most recent call last): File "/usr/bin/qvm-start", line 131, in main() File "/usr/bin/qvm-start", line 115, in main xid = vm.start(verbose=options.verbose, preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, notify_function=tray_notify_generic if options.tray else None) File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 326, in start return super(QubesHVm, self).start(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 1901, in start self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in createWithFlags if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', dom=self) libvirt.libvirtError: internal error: libxenlight failed to create new domain 'w8' what am i doing wrong? i tried different isos, but the error is the same. i get the same error, if i try to attach a nonexistent file. (but starting the vm without an iso works (the vm starts and then shuts down, since there is no bootable medium)) any idea how i can fix this? -john -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4de76cda-197e-368e-521b-dcd73d4dd633%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to log all the websites accessed by a VM
On Mon, Jul 25, 2016 at 3:20 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Jul 25, 2016 at 03:14:02PM -0300, Franz wrote: > > On Mon, Jul 25, 2016 at 2:51 PM, Marek Marczykowski-Górecki < > > marma...@invisiblethingslab.com> wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > On Mon, Jul 25, 2016 at 02:46:55PM -0300, Franz wrote: > > > > On Mon, Jul 25, 2016 at 1:24 PM, Marek Marczykowski-Górecki < > > > > marma...@invisiblethingslab.com> wrote: > > > > > On Mon, Jul 25, 2016 at 12:06:54PM -0300, Franz wrote: > > > > > > On Mon, Jul 25, 2016 at 11:11 AM, Marek Marczykowski-Górecki < > > > > > > marma...@invisiblethingslab.com> wrote: > > > > > > > On Mon, Jul 25, 2016 at 09:37:10AM -0400, Steve Coleman wrote: > > > > > > Anyway regarding Marek script I tried it in a dispVM, it writes: > > > > > > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture > size > > > > > > 262144 bytes > > > > > > > > > > > > but then if on the same dispVM I use firefox to go to a gmail > > > account or > > > > > > another account, nothing appears on the terminal. > > > > > > > > > > > > I even looked if anything changed on dispVM firewall rules, but > found > > > > > > nothing different. > > > > > > > > > > > > So how is this script working? > > > > > > > > > > I've just tried and it is still working. It should output list of > > > > > blocked destinations in format of qvm-firewall commands ready to > load > > > > > into Qubes firewall. > > > > > > > > > , > > > > "blocked destinations"? This makes me think that I should block > > > > destinations somehow before running the script. Is that so? > > > > > > Yes, change VM firewall to deny by default. > > > > > > > > ok now it works, it outputted a list of addresses. But I have to paste > this > > list on firewall rules of that VM and this is on Qubes Manager that is on > > Dom0, so normal copy paste between VMs does not work. > > > > I can only imagine of writing the addresses on a text file, then copying > > the file to Dom0, using > > > > qvm-run --pass-io 'cat /path/to/file_in_src_domain' > > > /path/to/file_name_in_dom0 > > > > opening the file in Dom0 (which seems half prohibited) and finally > copying > > the adresses to Qubes Manager. > > > > Otherwise I'll have to digit manually the addresses to Qubes Manager. > > > > Which is the suggested way to do that? > > Personally I do some thing like: > qvm-run --pass-io 'cat output-of-that-command' > > After much trying I am unable to figure out how to get this command working. If anybody may give an example I would appreciate. Best Fran Then copy selected lines into shell (those are ready commands to > add firewall entries). > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXllhsAAoJENuP0xzK19cs3D8H+wXB/P9g5h93qcWnyxXajP7w > q+idjhGTUpMUZ2iXDvxnKABt2B4gkoGcjXtRbo7kO1j/iJvd2huMXxl/27iL5X3g > 6U2ZVoE7GD4YPecNfAQj/QKCmU4oyydoFqHu2QZMM9sRawwjjksnETCLm9U1FSxW > jfbHn3srorRRxHBSQQnseYKyIk6HLVYNdh9YW1gBNbatbVgff9fWTPWni5BI2bfo > 01mPlbVX+whfL+5WpBtEPuulTxfp27yfou2FtqI73SSTbpnM/J025cGA8YcQ40Xy > 5Dcuax/p1s75YzAe63yfwngb+/h3WGRNm33LFtHKQdtLIPjKD9p1P7giCXbqyJk= > =W3m8 > -END PGP SIGNATURE- > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qCng7-1%2ByPTAehXs0wmz9pWMVGeNmL2C5xyimijTJgfpQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [3.2rc1] Re-install boot loader
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 05:30:15PM +0200, David Hobach wrote: > > > On 07/24/2016 02:05 PM, Marek Marczykowski-Górecki wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Sun, Jul 24, 2016 at 01:51:54PM +0200, David Hobach wrote: > > > Dear all, > > > > > > I tried installing /boot & /boot/efi to an external USB flash drive which > > > worked (after many clicks in the installer), but doesn't boot (laptop > > > claims > > > that there's no boot device). > > > > > > I guess the grub installer got confused by the install flash drive also > > > attached to the laptop during the installation? > > > I also noticed that my /boot/grub folder only contains a splash.xpm.gz > > > file > > > and the /boot/grub2 folder only some themes folder (thought there'd be > > > some > > > config file somewhere?)... > > > > > > So how can I re-install the boot loader in 3.2rc1? Unfortunately I'm not > > > used to EFI boot yet and grub2-install does not appear to be available in > > > a > > > chroot dom0 environment (tried the Qubes recovery mode). > > > > > > Any other ideas why booting might not work? > > > > If you are using EFI, there is no grub involved at all. Your USB drive > > should be have appropriate layout so EFI firmware will recognize it: > > 1. Needs to have GPT partition table > > 2. Needs a partition of type "EFI System", formatted as vfat > > 3. Content of /boot/efi should be there (especially EFI/qubes) > > > > Only /boot/efi is needed to boot in EFI mode, /boot may be left on your > > main disk, inside encrypted root volume. > > Thanks for that last note! > > Other than that my issues were caused by HP (I was testing with a current HP > Elitebook 850 G3) implementing the UEFI standard their (incorrect) way... > > So the HP "BIOS" apparently only loads the efi file \EFI\Boot\Bootx64.efi > and of course the Microsoft one automatically, cf. > http://fomori.org/blog/?p=892 (not my blog). Apparently they also removed > this "customized boot" option mentioned by the author for the 850 series > (the most recent BIOS was installed, if I recall correctly). > > So Qubes installed correctly, but didn't work afterwards (the installer uses > \EFI\Boot\Bootx64.efi, the Qubes installation used a custom path). > > Nevertheless I was able to boot Qubes by using a "Boot from efi file" entry > in the boot menu & manually navigating to the Qubes efi file. Quite > cumbersome though... You can rename /boot/efi/EFI/qubes to /boot/efi/EFI/BOOT, then inside that directory rename xen.efi to bootx64.efi and xen.cfg to bootx64.cfg. It should work, but you'll need to do it again after every kernel/xen update. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXlljKAAoJENuP0xzK19cssU4H/ig4vtkOMltXZRveO9PIqjMs 1pz6IDTH2f8HW+gSwaNxhiMPbxyOORkqreoGU6BcjbAF1L5Etj/ofXFg64iRJIEi ranqmeL/Q7ovoihea7qZPDeHCGIc2F6JbtHGnYWf/qPMTIdsjwzv/DKTY+CNL5ui gbI3VutruTsiYSj0bQyemPABuLBe4CA1KZCsR0X4FuqvLod19vpOCSeK476D3F+9 HawCMKtdGKB8vn6snN3kO6En58yndlyi0DnNtbEfwec8W7C7aHY9ixFsOifUke9v RmT/zrp49PIWoNbvpb9VtK44KpZeSwR5iIapZWPBiexU1vAx/8m/1TJkOMXrbRs= =5oaL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160725182202.GL32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to log all the websites accessed by a VM
On Mon, Jul 25, 2016 at 2:51 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Jul 25, 2016 at 02:46:55PM -0300, Franz wrote: > > On Mon, Jul 25, 2016 at 1:24 PM, Marek Marczykowski-Górecki < > > marma...@invisiblethingslab.com> wrote: > > > On Mon, Jul 25, 2016 at 12:06:54PM -0300, Franz wrote: > > > > On Mon, Jul 25, 2016 at 11:11 AM, Marek Marczykowski-Górecki < > > > > marma...@invisiblethingslab.com> wrote: > > > > > On Mon, Jul 25, 2016 at 09:37:10AM -0400, Steve Coleman wrote: > > > > Anyway regarding Marek script I tried it in a dispVM, it writes: > > > > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size > > > > 262144 bytes > > > > > > > > but then if on the same dispVM I use firefox to go to a gmail > account or > > > > another account, nothing appears on the terminal. > > > > > > > > I even looked if anything changed on dispVM firewall rules, but found > > > > nothing different. > > > > > > > > So how is this script working? > > > > > > I've just tried and it is still working. It should output list of > > > blocked destinations in format of qvm-firewall commands ready to load > > > into Qubes firewall. > > > > > , > > "blocked destinations"? This makes me think that I should block > > destinations somehow before running the script. Is that so? > > Yes, change VM firewall to deny by default. > > ok now it works, it outputted a list of addresses. But I have to paste this list on firewall rules of that VM and this is on Qubes Manager that is on Dom0, so normal copy paste between VMs does not work. I can only imagine of writing the addresses on a text file, then copying the file to Dom0, using qvm-run --pass-io 'cat /path/to/file_in_src_domain' > /path/to/file_name_in_dom0 opening the file in Dom0 (which seems half prohibited) and finally copying the adresses to Qubes Manager. Otherwise I'll have to digit manually the addresses to Qubes Manager. Which is the suggested way to do that? > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJXllGTAAoJENuP0xzK19cswBgH/A0OxAIaR7hzEfET8uAcNeiC > IjTNevVwL/z1ymB4HLwdQmOi3AQ5q8db/AoMd37AC06yzxEJkEQzt5HsMbnEK4UI > SFlKbKr5t7/eyK9R7B6dQH2dBL69ODZf8wQWl5T3oEJj3cZOCLOkAQZcjNHgPefU > AX2cKoi3q7TLxy810f08o+KicA2VclBA5Q66tf6GSoFG44VWfBtxZgkHTZ/s9aWW > cUvNfHIZtSZNiIOEJKLHP3y7tLAFZXOvdtIqIo2/jxWIJSc+47ypPxpOSiAdiA79 > erUry7spy9ta5GNlblBf5fSGaQaYRBeEGl91+b++pX/zTg1/sMbv3hoCFpVHYnI= > =XmDi > -END PGP SIGNATURE- > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAkrSuhjckktz83kK3oqZBuapkcgmNqMGFAvtwakeudqA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Do I need a /boot partition if I use /boot/efi?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 25, 2016 at 06:08:48AM -0700, jmarkdavi...@gmail.com wrote: > I am working on custom partition configs to boot qubes into an nvMe drive and > was wondering if, when using efi boot, I still need /boot. The help screen > just states that efi boot needs to be >200mb and /boot needs to be >=500 mb. > I took this as meaning it needs both but now I got to thinking maybe it needs > just the efi boot? On EFI boot, only /boot/efi needs to be a separate partition. > If so, and it's the only boot partition, should it be 500mb or is 200 enough > for efi boot? In theory 200M should be enough, but its close, so better have 500M: Every kernel uses about 5MB (vmlinuz) + up to 50MB (initramfs). By default Qubes allows having last 3 kernels. This gives 165MB + some much smaller files (like xen.efi or xen.cfg). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXlhHtAAoJENuP0xzK19csM9wH/27rL8juXK/xd+DiAMXQB8Yl vmI2J+6a03xSVxwuTBGSEtEkAipNVK1gGQlewuf8MxctADbYfWgkNtBHGVDFvFkN p3N72/yZDD+Wrx0kOSlRvZBhSslo7osdTgsdPGW5IvrOx6I4pgwwQvKaUSutfCs3 T3/N52LGJzDGIkMPa8uQPggMkQy733jy4AbvcmsK1BZ7FbPbcEiHXgz2xWtFoYLr 1Tb0qM5FMmbuAq+MU7qpJcKqJYs1DZGJNFEFn/7qlF11AKfPRCcfjV/f+Cr+gIeE tIjl95wfK+aPuqL9xEIAk5xadOnTyGyojEvFfugdLEvrhLnA1pw7udWYHWZcgj0= =yqTm -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160725131941.GF32095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Do I need a /boot partition if I use /boot/efi?
I am working on custom partition configs to boot qubes into an nvMe drive and was wondering if, when using efi boot, I still need /boot. The help screen just states that efi boot needs to be >200mb and /boot needs to be >=500 mb. I took this as meaning it needs both but now I got to thinking maybe it needs just the efi boot? If so, and it's the only boot partition, should it be 500mb or is 200 enough for efi boot? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9d5e383c-4a00-4b55-a64c-6242f033ac3a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cryptsetup LUKS Nuke Option
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-25 01:27, 0'192348'019438'0194328'0914328'0931 wrote: > Hallo, > > perhaps a fast option will be a strong encrypted disk and the nuke feature > to destroy the password I think you mean wipe the LUKS header. > or better password-expansion (a hash which is longer than the password)... > Are you referring to a key derivation function (KDF)? That's a different matter. > - full disk encryption - double full disk encryption with two independent > passwords and independent encryption schemes - customization of keyword > length - customization of the cipher - no storage of passwords only of the > password-expansion (which don't shorten the password like the standard > hash, which makes the original password longer, so if you steal the disk > you get some extra effort to crack the code) - customization of the wrong > tries, e.g. 10 times and than the "password-hashes" get wiped out (this > avoids a simple brute forward attack) - long key setup-time (of ca. 0.5 > seconds), will slow down sophisticated brute forward attacks > > In the end of the day the security of the password management, the > security of one or the other cipher and the effectiveness of the wiping > will safe your information. > Not sure how all this is relevant to the subject of this thread. > Pro: It will be very fast (approx. under 3 seconds) Wiping the LUKS header would be fast, yes. > Cons: Not water-proof against Quantum Computer Attacks (you will need more > modern ciphers) As far as we know, AES-256 will remain resistant to post-quantum attacks. Effective key length will be halved, so AES-256 should be roughly as strong as pre-quantum AES-128, but that's still pretty secure. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXleh9AAoJENtN07w5UDAwupsQALwNlLqs+CA8cL4rZWn6t3Oz Z9UkEomyvSXjeQfK583AMKPI0Jc76ZHjPBu6U84CxSe86Vw+6geTMjhhJC/Ddg1B Q3KyyuX1LRoJzLKXu8bOsN4olEZteLScIY+9c1bqcDBxckl6+fn+R5fKCOdfnT5Z PJPAeAUxnkvTdUETgIEhKqxY3WjpOjjcG9vKvKlN7uPuTqxB35WNDb3bGpd+jX5k xefdm4cLnPeWu1o2r6ZEkblzMAzSHVnMHGcb72yQsLj9q+RtcEnoTLw5z2cRq0YJ SAokOG8EcBcPx3QGhJoJPoV92GT1OMXUpj9w+fUeU3Ns5Dom6UmKW1PWYYnD7AVW tYIUaMZUKPShQ3cXwuyEuceZaeqvSFtW8uWdOnBYMvIsWPzPT1am5KOHONQUodLO YMBTHLs7d29cTHvZH3ZjifDb+2bqFy/3kCUSzYZZnhd0GZQhyyzP2Vbu/5wodmkc hbhqWIF886/jHOOmY2QjvHRRDnfees6Ja8hu35zICeBSKDHIKuEwh8xNSEJHsMhh JA23m1GtZeADbnApo8V5IIbcpQ8uXoyCGAlwsNsP86n7QEq4geryG54g3Acf97Ba vxUQ1gj8DlhsJZb/RadB+LjZ464yfKEedp+9UNnASMPz3K5fxyke+LxO8fGpyEQv /a+7hloOlCYrFWLrGr9e =3HYv -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3aa653c6-c9c4-9ea2-bd44-23665e658214%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QUBES 3.2 taskbar icons are useless - they only show padlock icon
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-24 21:09, neilhard...@gmail.com wrote: > OK, but this only groups the programs next to each other, which means I > have to go through each one one-by-one to find which program it is. > > Is there any way to group them in a stacked way, like there was in QUBES > 3.0..? > > Where there would only be one menu per VM, and then you click it and it > opens all the open windows in that VM.. > Sorry, I'm not sure what you mean. Are you still referring to grouping windows on the taskbar, or are you referring to the Application Launcher Menu (aka "Start Menu")? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXleWWAAoJENtN07w5UDAwoxgQALFdyyneSg9seI63S9qxqYWo 1U3UtFtFmeD7Gp03gqx+VChbW0zy8As/6PnIH/CpZLJBLX5ljKjgVt2rOy4isL3G scokqyUYVITuy2PCxswGlai3O35h8tni9zDQhN7fpNue1hdsRIoUUYcig7JbMQiC TmeQUsFlkse+lB9Y+7M3z/AorMUTnja+3sxbl9T4afAG5Y4Fg3hbSGM6WvRExyfr T/X4xv+9YCBA94LXyusdKy0XEvl/Tb+R/P2CO7CGtNveTsEQ/DnQrd7rc6CJB4gF hrWXhDK72JnkOIzEMb8fGAVXH8XQOfp7KW5fz8gBfoOG9CxuCvF/OoxraiVactJn RSk24y5hn2wHnqvZxJLEDRTdH4kM3jBI/sOjr93c8N8hhdo5KiVUityFd/jqSlxm YEHOQAmramxBp0XDn347rt1Mkl8x2RROpaYWz22jg3qOceSNUsVmDP8X81Z6UEI7 MfAHjfz9wnNhsZnT9R5ZCiGm5TCzLw6J74wN+axX90GzbnX9jCGJmknIpBhhtA+O b9z9xKwH3YMkipjCMFaCBDxOilJ0FxQ8661e0zlycr9MyeywBPJIoTgc1yyF29C3 xVsfeWIhjXvZDJIMGUQINHAX72QRZtJpmjD11l+FzsfIeiknVl88w96V3JVRPuo9 1+dCCJlLMlTE2wJ3Kq1q =TpP9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b837dc1-6808-dc16-3892-5779a2738c7c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [3.2rc1] Installer boot error '/dev/root' does not exist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jul 24, 2016 at 07:51:01PM -0700, raahe...@gmail.com wrote: > On Sunday, July 3, 2016 at 3:03:32 PM UTC-4, matteo@gmail.com wrote: > > i'm having this problem too, and i don't know how to disable alua > > > > [ 8.319 ] dracut-pre-trigger[547]: cat /tmp/dd_disk: No such file or > > directory > > [ OK ] Started Show Plymouth Boot Screen. > > [ OK ] Reached target Paths. > > [ OK ] Reached target Basic System. > > BLOCKS HERE > > [ 14.014 ] sd 7:0:0:0:0: alua: Attach failed (-22) > > [ 14.016 ] sd 7:0:0:0:0: [sdf] Asking for cache data failed > > [ 14.016 ] sd 7:0:0:0:0: [sdf] Assuming drive cache: write through > > If i boot in "basic graphic mode" additional 3 lines are displayed and > > again blocked. > > this happens on two computers > > if i press tab and at the and i add blacklist alua line nothing change (not > > sure is the right way to do it) > > i'd like to use new qubes os release but can't install it right now > > ^ I have this exact problem trying to install 3.2 rc1 iso. [ 8.319 ] > dracut-pre-trigger[547]: cat /tmp/dd_disk: No such file or directory R3.2-rc2 is planned for this week and it will contains patch for this problem. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXldu4AAoJENuP0xzK19csT9sH/2CNbJMTrZHiMr9dQX6B+kOK 0oHW3v7+XU3zmQFBBRV0nbOpBplfPCYstWy69bFzQAlqerVhWTLynlS+2ZLFLCML YiOd5lPUY+cXQ2fg0h8aKeE+2yGEkFieWxnGxgBbWyo+lc/vuoIoGIMV9QHdIALk fop95ZIPKx7FzjHcAqylAatlAV1rdrxmkbpfB3P1tkkEP0cxyKAJcL0ll2op73fp ICJsDIcxjwtuxWEl7IM6cNbPopQADbO8rZpp7h5gTCZiBRy84rcyrdCVVZGE60fn 2A8e0VJJyddsal3Ku5HKDf6+VtiWWn95LSrCZ8rtcwQp2aBuUMyrXrFDL25taBA= =L1mv -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160725092821.GN5036%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cryptsetup LUKS Nuke Option
Hallo, perhaps a fast option will be a strong encrypted disk and the nuke feature to destroy the password or better password-expansion (a hash which is longer than the password)... - full disk encryption - double full disk encryption with two independent passwords and independent encryption schemes - customization of keyword length - customization of the cipher - no storage of passwords only of the password-expansion (which don't shorten the password like the standard hash, which makes the original password longer, so if you steal the disk you get some extra effort to crack the code) - customization of the wrong tries, e.g. 10 times and than the "password-hashes" get wiped out (this avoids a simple brute forward attack) - long key setup-time (of ca. 0.5 seconds), will slow down sophisticated brute forward attacks In the end of the day the security of the password management, the security of one or the other cipher and the effectiveness of the wiping will safe your information. Pro: It will be very fast (approx. under 3 seconds) Cons: Not water-proof against Quantum Computer Attacks (you will need more modern ciphers) Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbcbf559-39c6-4bf0-a95e-078e2838f12e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.