Re: [qubes-users] Why is there no built-in nvidia driver support? aka GTX 980 issues

[almightylaxz]

> > Qubes was working flawlessly on my GTX 670,
> 
> So why did you change anything if things were working?
> 
> 
> Achim

Qubes isn't my main OS and I wanted an upgrade

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa021aae-69f9-4d5b-bede-16ac5eb1bb5a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-15 14:45, mara.kuens...@gmail.com wrote:
> Hi,
> 
> I just installed Qubes OS and I feel its freakin awesome!
> 
> I am trying to set it up the way I want and one thing on my list is having a 
> dropbox vm that provides simply just the cloud storage... I would like to run 
> the actual encryption on a different qube because I dont at all trust dropbox.
> 
> How would I setup a qube that runs dropbox and exposes its filesystem 
> securely to another qube that runs encfs which in turn can then be used to 
> safely store & view cloud files via qubes OS standard file sharing 
> capabilities?!
> 
> My idea was to run NFS on dropbox qube and connect to NFS with the encfs 
> qube, but that's in several unfortunate.
> 
> 1) I don't trust NFS
> 2) NFS is unreliable in combination with EncFS
> 
> 
> I want to get rid of the network connection...
> 
> How would you solve this?
> 
> Thanks a bunch!
> 

Please take a look at this previous discussion on the topic
(including some warnings I gave that also apply to your case):

https://groups.google.com/d/topic/qubes-users/DkaVGj5pL2I/discussion

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3FtGAAoJENtN07w5UDAwWE0P/3hsgaWqvXTdgnRLwtNSIkVk
0cEAzWrRkFs92QnpsI77jswwbi/7kxXKxef8j67WKnklAVL9zrOvJ9vL4sJ9KspT
qdXB5vdHu0tFtytlKmXOqhYxkB8h9YmPknWGTtYtBtUo4GoE1EuR+ycQJQAjBq6R
R8no1yP2pBCCBTnKNvvkMQgOezMXKGoTIlr8dnq0S1N+jzUqovtxgzmr6bfPCHpP
9Aq8bTBi7fzGPv9/adZuda10VQ+qCR2ovxetI3XqLUsw6w9Ltm5sCY666AmzosK4
89i41uy77Xvv6cTuvWofIvfjVes6sc0AIEPrhcrc8A/HTeCeQ2sjlTOU/RHx9dUH
Y6v0u7hv5RwVLzVVGuBYGtjWfmW95uJKhvphBMCh+NXKAVFTrqPc8QRNGQXBrnE8
IgITBCZhQZ2ZsRC+N1puE54Re/2YJoPpep5DTNGI/X6kt3T1CXRfa4muJ/CqA9Z9
uqC22+enpX32ijhCNW9O1CgrM/+gMxUjpmlYLFDIdYFUDu5Tkyt3cjSQIH9uSG/Z
0I8FPPnz7oBocMmsET2JzOgIe3ZyKs8Fd39/PEpkw4orKDk51MAS9HDoRlPWC2/2
9sP+MUMS+8HItT3VUsA0Qn4l56S7pE5ujpUIZiqdXw9aZ2gGcqp8zDiaJNlh6y2r
SHOYZi1/PEwgnykWyM4o
=l4tX
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c711d90-9423-4342-bacb-0b22c0285929%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-16 10:36, Otto Kratik wrote:
> With a Windows 7 HVM, initially upon creation it is a fixed small
> window size and shows two mouse pointers chasing each other within
> that HVM window. By installing Qubes Windows Tools, both of these
> limitations are removed. One single mouse pointer and full screen
> resolution are achieved - as well as seamless mode becoming
> available.
> 
> My question is, can the same full window size and single mouse
> pointer objectives be achieved when using a Linux-based HVM, such as
> one in which Ubuntu for example is installed? As far as I know, there
> is no equivalent "Qubes Ubuntu Tools" which facilitates this.
> 
> I know of course that regular Fedora/Debian/Whonix type PVM's based
> upon templates already do this perfectly, and I use them frequently
> for almost everything. I am asking specifically about an HVM for a
> special usage case. It doesn't have to be Ubuntu specifically, but it
> does have to be a Linux distro capable of running within an HVM under
> Qubes R3.1.
> 
> Does any such option exist?
> 

I think you (or someone else) would have to put in the coding work in
order to make this work in the desired way. However, a lot of work
has already been done on the Archlinux Template (which, I assume,
can be run as an HVM if desired, though I haven't tried it myself):

https://www.qubes-os.org/doc/templates/archlinux/

Some work has also been done on an Ubuntu template:

https://www.qubes-os.org/doc/templates/ubuntu/

There's also a more general workaround for the screen resolution issue
(as well as a pointer regarding Qubes agents):

https://www.qubes-os.org/doc/linux-hvm-tips/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3FmBAAoJENtN07w5UDAwUzYP/iitko2uLYmpHkn5TQ+Li1b4
PuZTJvQPgx7WBwXMcBFD9W2/Zznx7AlA21WgDCw3Zr98e2qeg1zOZkjVgrk2yP1X
L3O28V2SIGqFos7ii/BcAb3mpmX6IohkQWb+EEoUZs4l9vVwFMisG54P8tPvDBEa
uICZVlPHPQnfVTUhUd4wQ6fZn6a0ENUO08prHhF9cMGy02/tx6vz+CC/ZmjwFnau
mHByFGczxAXkZlWZLuSUaNpu3kqj5gxufkno/Wo1GWVbVAj6V7oXIelkud6EjL44
RVUwb3jPXP0dFh5eoBZ7SZNckcjAadbHc9r0WhbfPnMH2AFFlZbT4zKQEhqs3RMA
11lK1anzIMTfXeiflTvy1meUyqVWCwVTDY2AU278N4LMkw+Mw7AJfrK2Qdbq7+PA
MyNzrjCoBo58wDhOwHwU0Y72qruT4sXkEMQsuI+fvT3sVgih3rBzNnQ+wzk0Iw0X
nXJek620iKvWn1CcQjE3j5EyMHzlZ46be+M+mutZVr0JNecaS73un5SblR+eGIf9
RHQXPIQZzEF70+K+1FPC2NQe5Ag8RTVBQKTy/iQ8pgIyeUnogHRHWk19npyJVWHV
jRs5hQmJUqkyKpFHBNrhzp+e2e9oP2exlsV6vIGjQ8cg9rYjs1+b5IbXQ8PyeIWw
X0qPTT7NTjcSsmXXmnI8
=exLY
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d32f3462-6dec-065f-f66e-6d7746bda319%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R3.2_rc3.iso Corrupt Download?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-16 04:41, amadaus wrote:
> I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
> signatures received the following output:
> [user@rubbish ~]$ gpg -v --verify
> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
> gpg: armor header: Version: GnuPG v2
> gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
> 03FA5082
> gpg: using PGP trust model
> gpg: Good signature from "Qubes OS Release 3 Signing Key"
> gpg: binary signature, digest algorithm SHA256
> [user@rubbish ~]$ gpg --list-sig 03FA5082
> pub   4096R/03FA5082 2014-11-19
> uid  Qubes OS Release 3 Signing Key
> sig  36879494 2014-11-19  Qubes Master Signing Key
> sig 3E2986940 2016-01-04  [User ID not found]
> sig 303FA5082 2014-11-19  Qubes OS Release 3 Signing Key
> 
> As you can see signature E2986940 is unknown. I imported this key, it
> belongs to "Kabine Diane "
> This seems very suspicious. Should I delete the iso and try a fresh
> download?
> 

Answered previously here:

https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3FgVAAoJENtN07w5UDAw+68P/jaZow1G0++1jsdUPmw6rk1P
kRXmRSP47Z+6vcM2dajmHUbtg2EIwxHzkNsogUjXoT3y7WZKa5xw7/8YNMge9wY8
DF2XaEkkQ/gAOTqdPgHlP70URia3UPZhiaF+Pr8cR9FY4VrI7aK9ee02hNgGB0MM
ywhSlO1pTliP9SrkdgVRy/rZA6x6f7Xrdte1s5aA0TdX7kIXpij+ZtYpuMFxbeKa
L1ISrsjH2xc0dtB/5sjZnOy98PbDKpo7Lvz6gWclmtaYTgH7C3sPtJDmfHxqmbBd
xegVvI03UNidTnDqfZpjRL060t1nA/VSgBguxrukRwW3/kJ2W5TD0arl2qFe+ZZd
JqYgI32SoEXjRrilE2nBIEzTsFICfLZDDzeTPdhmwIQ3SKdZWY0/0TBbfeHW5QW0
yyl4lagt2zJ9ZFXLGnN+pUoUA3weGRinfLo7fyzZIEtnHeqdKylnJSIkfbI5UEbS
zp3NsRuCfvvn9Dm2oqBySOEFUEOInfy4AtacYdxQIPmgXvx7GZXb4+xsQI4bHNyH
f75WOIMlR+ZOPfRd0mHjh/VF5PZPA8a2SfF28zGEFnOpwjzYYPGAU0J5FcozffHJ
3AabXA+k3vrHQxwUbASLzfdu3yCRODdU7s2odWZPi7KoHJScKRTjTSFxXO6Swy0s
qxhJLZYYs4X1390BN5yN
=y88c
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9aa18df-166e-1c18-a917-8356037ad4e3%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Bitcoin Qubes tutorial

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-15 17:50, Franz wrote:
> On Thu, Sep 15, 2016 at 5:26 AM, Andrew David Wong  wrote:
> 
> On 2016-09-14 19:11, Franz wrote:
 On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki <
 marma...@invisiblethingslab.com> wrote:
> On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote:
>> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong 
>> wrote:
>>> On 2016-06-29 09:37, Franz wrote:
 But how can I trust a printing dispVM for something as sensitive as
 a hot wallet? We would need two different dispVMs but we are not
 there yet.
>>>
>>> Indeed, not yet, but it will be implemented in R4.0:
>>>
>>> https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion
>>> https://github.com/QubesOS/qubes-issues/issues/866
>>> https://github.com/QubesOS/qubes-issues/issues/2075
>>>
>>
>> Andrew,
>> After various tests I am getting a bit more confidence about bitcoins.
> So I
>> prepared the promised tutorial. I tried to go to Qubes documentation to
> see
>> if there is any way to upload it, but found no reference. So I post it
>> here. Perhaps you know what to do.
>
> 
> Thank you for taking the time to write this, Franz. However, we
> already have a page on using Split Bitcoin wallets (using
> Electrum) here:
> 
> https://www.qubes-os.org/doc/split-bitcoin/
> 
> Nonetheless, it looks like your guide has some additional
> information that is missing from the current page. Please
> consider submitting a pull request against this page with your
> additions.
> 
> 
>> Andrew
>> Additions? Well I used a somehow different way, because i sign the
>> transactions on both the hot and the cold VM. So the hot VM is not for
>> "watching" it is for doing exactly all what does the non-connected one
>> (including signing) and obviously for doing the real job of generating
>> addresses for receiving and sending bitcoins to other addresses. It is what
>> is called multi-signature.
> 
>> Is it worth to sign the transaction two times, once for each VM? I do not
>> know, but it is not so much additional work because in both cases you
>> always have to copy a file forward and back between VMs.
> 
>> But the two ways are somehow alternative. I see no point to mix them in the
>> tutorial just to increase confusion to a matter that is already a bit
>> complicated.
> 
>> The final part of editing the firewall rules of hot VM to limit connection
>> to Electrum servers may be worth to protect the keys in hot VM, but may
>> have less sense if there are no keys to protect in hot VM.
> 
>> So did nothing, but am obviously open to suggestions.
>> Best
>> Fran
> 

Ok, I understand. Thanks for explaining, Fran.

> 
> You can see the documentation guidelines including
> a step-by-step how-to) here:
> 
> https://www.qubes-os.org/doc/doc-guidelines/
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3FdMAAoJENtN07w5UDAwBxoP/11xlq+k73ECJ1HYB4otxrfa
e8rlWTUrs1gbnzwJxMGKwhyRsF++oivCFmjCwFqNfL8moVQS72yIgy4rwSdmQ9gm
iJNWTf+bqrYIs/yxBg3U55gdzrdiJ8CW1djnoOPqwCnCivvogmobkN4POX3vGluY
LR9ni2QqzqALXU6lpfM65hllfWlxeSQQNYlE749RKxj/Yk23tE3VqWT+q7D4/K4X
djymr/5ksmdHwPVrIz/Xr80XT9yo2C94+qAsE8Q5vRwD/4ik9h/jSP9byvU2cv7n
OTmN0Eqsc03XHIAwbs/7Il5Lf0g7qXu0Ycb0nkwCegUhXtQFnD6kHQV9CRR8qznf
wwn4sp8qPw8aufhH4BeM7GI3V71hhT3PJCI7b4+MJwJEU70vo9U0+Saos75jOYF+
szeHloKfn/k7ZcSX/q61qcuJIE4Q0u0yhb/ellohYe8WAZ+ZPoUyHmnmJpmzL0jp
52knik1Ivq3yH1raHYV5jPzA0kqfwNlD7oO54yG/F/f9QGh7cdjerY/p7uJfFUwu
3Oy2wNiIVnNHMxgkTiGQbXn8vn4zAuBHjWr4OBpw5HvqZti+1ywJBQkpoLXj89Ri
GMzXQV3YhNhroe+ma77WqymJMLdw3SNE5aSoF3zvikN/Z3jJuHkd8P/QJ20DWtdG
xuu01Q0m2mvlOmwZQI0f
=viO+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ca4ade2-277b-688d-426f-4abddd802003%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Spoof MAC address

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-09-14 09:30, katerim...@sigaint.org wrote:
> Hello
> Little issue
> After running:
> cd /var/run/qubes-service/
> sudo touch macspoof-enp0s0
> sudo touch macspoof-wlp0s1
> 
> I see the files, but when I shutdown the VM and restart there aren't more.
> MAC address spoof anyway. Is it normal?
> 
> Than you
> 

Those files have to be created in the TemplateVM if you want
them to persist across reboots.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX3Fa+AAoJENtN07w5UDAws6EP/AhPMOJ+eYHz7/6nNSjuG9Og
dzlU+v+/HsWCk8mzTXrQlbS5KbFaSog6CBW45opKC5cyuJJgTfdEhhq5SmUhGPN8
Luo1IGmHy1XgMI8bmdCUy1OlYtRe3CNdBNrIESOFnIf5LxOsyAv38NGkDnfGwBax
BZaec7ptX2jXxwRMdULw24sow+c10TznjrcP6hKyRKr7/dvJbwOCpfxMkQbEX327
Ie1TSvBIzP+PESokux5Ocr3qt1gU2/4TUBdPdCeJLXPT5U9f+/C3PkHHXMB+WCI7
GSbXVHvOFm0QWrL8tkhLE8PrC6iNWsuxHicxJWH642Id+xk9XEhcTP4tNetVj/ZJ
VWS/SFR/EtT2rpK3Aluq+AQ6yyKpCS9V31vMTo4Jb9+MxwTYQXc1nli1o6Cny72g
CouFvmARUek+H0NRx+XVCLKJB8D9A0LcK6mL5IAxufx7Ycmuq9THp/DWCgXw2on9
8aD4cdzDFSOFEzaQukkpcc0IW/GO4TxUwp46V0nP9YBtmgFmOfv6uPimF2Cb/MYP
iivIWdPIu5JQYW9F4zMh3elAegVKUHGA2mUOCBlRKl2Ump348EH4bIx+Cj7V8olV
U7KTfR7w8DVygaSOeyH0dfipF3ZMN9TEWR6pU96POL+Ewdp3Hp87CeM9Eg/Tr9SB
k6vNw0YjKzSefKTeEh+j
=pGt/
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec12baa0-7150-3769-c49f-f4372f3a566e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why is there no built-in nvidia driver support? aka GTX 980 issues

[Achim Patzner]

> Am 16.09.2016 um 09:09 schrieb almightyl...@gmail.com:
> 
> Qubes was working flawlessly on my GTX 670,

So why did you change anything if things were working?


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5A1D98D1-7318-42F5-933E-31BFE3A2E6B5%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: [qubes-users] how to get appVM colour for customizing bash prompt's colours

[Robert]

> On 09/16/2016 01:18 PM, Robert wrote:
> > Hi!
> > 
> > I wonder if there is a command-line way to get the name (or any
> > other id) of appVM's colour, used for window borders and such, from
> > within the same appVM (not dom0)? It could be useful for
> > customizing bash prompt's colours.
> > 
> > I guess, I'd not be surprised if the answer was no due to security
> > reasons.
> > 
> > Best regards, Robert
> > 
> > 
> I'm not sure if there is an official way, but I have written an RPC do
> to this. https://github.com/kulinacs/qubes-rpc-GetLabel
> I have the command run in /rw/config/rc.local and have it set to auto
> allow.
> 
> - -- 
> kulinacs 

Thanks, I'll try it out!

--
Robert


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57dc441332b024.18352490%40wp.pl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] how to get appVM colour for customizing bash prompt's colours

[Nicklaus McClendon]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 09/16/2016 01:18 PM, Robert wrote:
> Hi!
> 
> I wonder if there is a command-line way to get the name (or any
> other id) of appVM's colour, used for window borders and such, from
> within the same appVM (not dom0)? It could be useful for
> customizing bash prompt's colours.
> 
> I guess, I'd not be surprised if the answer was no due to security
> reasons.
> 
> Best regards, Robert
> 
> 
I'm not sure if there is an official way, but I have written an RPC do
to this. https://github.com/kulinacs/qubes-rpc-GetLabel
I have the command run in /rw/config/rc.local and have it set to auto
allow.

- -- 
kulinacs 
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iF4EARYIAAYFAlfcPmYACgkQW1Q2Vuxs8jNwvQEA8omVIHS0V1D6YGSzlJLSJ4IJ
Qm82iOXMt1V86mc8sG0BAMlW2529AVT5Ia1n4Sm0dYg8J/4TkK3fF+P6TpnCYi4E
=5WrB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e56cc595-049a-7dc6-b4c4-31f74d025683%40kulinacs.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[mara . kuenster]

Am Freitag, 16. September 2016 20:11:48 UTC+2 schrieb Chris Laprise:
> On 09/16/2016 09:58 AM, mara.kuens...@gmail.com wrote:
> > Am Freitag, 16. September 2016 09:52:40 UTC+2 schrieb Drew White:
> >> If they can get access, whether encrypted or not, it means it's insecure.
> >>
> >> Encryption just takes time to break.
> >>
> >> If you have encrypted files, encrypted with a STRONG password THEN a 2048 
> >> bit cypher, THEN it will probably take about 6 months to decypher it and 
> >> get the data out.
> > I think you need to educate yourself a bit on the topic of encryption. 
> > Encryption is secure if you use it correctly. Too secure actually, it's 
> > much more straightforward to simply torture the information out of 
> > someone...
> >
> > And unless there is a backdoor in AES-256 (which why ideally you would 
> > always use a combination of several ciphers), it is technically and 
> > theoretically unbreakable if you used a 256-bit random key. It's much more 
> > likely that someone will social engineer his way to the data. Matters are 
> > entirely different with current public key algorithms, which may very well 
> > be broken via quantum computers, so I wouldn't bet my money on that 
> > horse... On the other hand those are not the algorithms you use for backup 
> > anyway.
> 
> Ssh may add some security against things like MITM attacks, but you have 
> to trust who you're connecting to as well. From a Qubes standpoint it 
> matters because the non-crypto parts add a bit more complexity, and 
> adding rsync adds substantially more. SSHFS is probably more complex and 
> attackable than both of those together. That, along with TCP/IP itself, 
> is attack surface.
> 
> The way you're describing it makes it seem like any successful attack on 
> one of those components in the dropbox vm could be repeated against the 
> encfs vm. I think most Qubes users would consider that too risky for 
> handling sensitive info, or interfacing with highly trusted vms. It also 
> means you need to keep extra copies on your drive.
> 
> What I described involves no extra copies, and if the dropbox vm becomes 
> compromised then there is very little it can do to attack your other vms 
> that are using the data. Ssh between the dropbox vm and dropbox is still 
> a good idea in this case, and you might even want to use SSHFS or 
> whatever else would allow you to map disk images in that vm. The dropbox 
> vm could be considered 'red' and your client vms (which encrypt and use 
> the data as mounted disk image) could be 'blue' or whatever. I think 
> this is worth a try because its more secure and probably less complex 
> than what you're suggesting.
> 
> Of course, with Qubes its up to the user to weigh the risks and make the 
> decicions. Good luck...
> 
> Chris

I don't disagree with you...

But your approach has several usability downsides. Although I am reconsidering 
this, since in the end I might be able to live with a "once per hour" dropbox 
sync which would open many doors for options like the ones you described.

Thanks :) I will think about it and try it out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7d495ec-116c-4079-bc54-2266d7c4f286%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] how to get appVM colour for customizing bash prompt's colours

[Robert]

Hi!

I wonder if there is a command-line way to get the name (or any other id) of 
appVM's colour, used for window borders and such, from within the same appVM 
(not dom0)?
It could be useful for customizing bash prompt's colours.

I guess, I'd not be surprised if the answer was no due to security reasons.

Best regards,
Robert


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57dc377e1f4c29.24506655%40wp.pl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[Chris Laprise]

On 09/16/2016 09:58 AM, mara.kuens...@gmail.com wrote:

Am Freitag, 16. September 2016 09:52:40 UTC+2 schrieb Drew White:

If they can get access, whether encrypted or not, it means it's insecure.

Encryption just takes time to break.

If you have encrypted files, encrypted with a STRONG password THEN a 2048 bit 
cypher, THEN it will probably take about 6 months to decypher it and get the 
data out.

I think you need to educate yourself a bit on the topic of encryption. 
Encryption is secure if you use it correctly. Too secure actually, it's much 
more straightforward to simply torture the information out of someone...

And unless there is a backdoor in AES-256 (which why ideally you would always 
use a combination of several ciphers), it is technically and theoretically 
unbreakable if you used a 256-bit random key. It's much more likely that 
someone will social engineer his way to the data. Matters are entirely 
different with current public key algorithms, which may very well be broken via 
quantum computers, so I wouldn't bet my money on that horse... On the other 
hand those are not the algorithms you use for backup anyway.


Ssh may add some security against things like MITM attacks, but you have 
to trust who you're connecting to as well. From a Qubes standpoint it 
matters because the non-crypto parts add a bit more complexity, and 
adding rsync adds substantially more. SSHFS is probably more complex and 
attackable than both of those together. That, along with TCP/IP itself, 
is attack surface.


The way you're describing it makes it seem like any successful attack on 
one of those components in the dropbox vm could be repeated against the 
encfs vm. I think most Qubes users would consider that too risky for 
handling sensitive info, or interfacing with highly trusted vms. It also 
means you need to keep extra copies on your drive.


What I described involves no extra copies, and if the dropbox vm becomes 
compromised then there is very little it can do to attack your other vms 
that are using the data. Ssh between the dropbox vm and dropbox is still 
a good idea in this case, and you might even want to use SSHFS or 
whatever else would allow you to map disk images in that vm. The dropbox 
vm could be considered 'red' and your client vms (which encrypt and use 
the data as mounted disk image) could be 'blue' or whatever. I think 
this is worth a try because its more secure and probably less complex 
than what you're suggesting.


Of course, with Qubes its up to the user to weigh the risks and make the 
decicions. Good luck...


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f14d6dd0-3067-ebd9-0a30-877d3fea2ed6%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problems attampting to test/install on a Lenovo 11e Yoga - 3.2 rc3

[Mike Schowalter]

> 
> Looks like either the iso or the boot media is bad.
> 
> Did you verify the iso with gpg? And is the DVD or USB stick big enough 
> (should be at least 7GB)?
> 
> Chris

Thanks for responding, Chris.

I verified the ISO with gpg, cross-referencing the signatures from various 
reliable sources. 

Also, I'm using a 32GB USB. I've actually tried this on multiple USBs, on both 
2.0 and 3.0 jacks. No luck with any of it. Other operating systems install just 
fine off the same USBs.

One thing I forgot to ask is whether I might need to connect my computer to an 
external CD/DVD drive. Seems unusuall since many laptops don't have those these 
days, but the error message makes me think it might be an option. If anyone has 
heard of this, please let me know. Likewise, if this doesn't make sense, let me 
know too. 

Please ask any other questions that might help.

Thanks again,

Mike

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a63af043-6b58-4606-abf3-d07914a11e71%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Problems attampting to test/install on a Lenovo 11e Yoga - 3.2 rc3

[Chris Laprise]

On 09/16/2016 01:33 PM, Mike Schowalter wrote:

I've had a heck of a time trying to get an installtion going on a little Lenovo 
11e Yoga. I know it doesn't have vt-d, but I want to install it to at least get 
comfortable with Qubes. Release candidate 3 of 3.2 has actually been more 
promising than my attempts on 3.1 (which just gave me kernel errors).

With 3.2 rc3, I receive a four penguins page (image attached) and what looks like two errrors. One 
states, "FATAL: CD check failed!" The other states, "Failed to start Media check on 
/dev/sdb." There is more info on the attached picture I took.

If anyone has any ideas, please let me know. I've tried many of the various 
tricks on the troubleshooting page at 
https://www.qubes-os.org/doc/#troubleshooting, but to no avail.

Many thanks!

Mike


Looks like either the iso or the boot media is bad.

Did you verify the iso with gpg? And is the DVD or USB stick big enough 
(should be at least 7GB)?


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cfc16fd2-88a0-55f8-2742-b25e5b3343f1%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?

[Otto Kratik]

With a Windows 7 HVM, initially upon creation it is a fixed small window size 
and shows two mouse pointers chasing each other within that HVM window. By 
installing Qubes Windows Tools, both of these limitations are removed. One 
single mouse pointer and full screen resolution are achieved - as well as 
seamless mode becoming available.

My question is, can the same full window size and single mouse pointer 
objectives be achieved when using a Linux-based HVM, such as one in which 
Ubuntu for example is installed? As far as I know, there is no equivalent 
"Qubes Ubuntu Tools" which facilitates this.

I know of course that regular Fedora/Debian/Whonix type PVM's based upon 
templates already do this perfectly, and I use them frequently for almost 
everything. I am asking specifically about an HVM for a special usage case. It 
doesn't have to be Ubuntu specifically, but it does have to be a Linux distro 
capable of running within an HVM under Qubes R3.1.

Does any such option exist?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9555d756-45c6-4d07-8ea8-6d952e4a930b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] /dev/root does not exist trying to run installation on MacBookPro8,2 with both Qubes R3.1 and R3.2

[Tobias Abenius]

Dear all,

When I'm trying to boot Qubes on my MacBookPro8,2 from ca 2011 using the 
steps


1. put qubes on USB-stick using dd 
if=Downloads/Qubes-R3.1-x86_64/Qubes-R3.1-x86_64.iso of=/dev/disk2 bs=100m

2. reboot
3. in the previously installed refind choose either xen.efi or the penguin

if I boot using xen.efi the graphics will be distorted beyond 
comprehension, possibly incorrect screen width / offset, maybe I see an 
extremely flat skewed penguin


if I boot using the vmlinuz option I get the errors
dracut: Scanning for all btrfs devices
dracut Warning: /dev/root does not exist
I re-ran with the rd.debug option, dropped into a shell and saved the 
rdsosreport.txt for R3.1 (found at 
https://github.com/QubesOS/qubes-issues/files/465676/rdsosreport-2.txt )


I also tried with the current R3.2 and get the same error, see attached 
rdsosreport.txt.

[  198.509872] localhost dracut-initqueue[527]: Warning: Could not boot.
[  198.510379] localhost dracut-initqueue[527]: Warning: /dev/root does 
not exist


Is there anything I can do, is it possible to install Qubes in another 
way, by hand even?


Thankful for your time, Tobias

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab892d17-2267-c368-87fa-7440627612ee%400x63.nu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - MSI-MS-7917

['TigerZA' via qubes-users]

Hello,

Been playing around with Qubes and lovin it so far. Windows 10 VM didn't play 
nice with my gpu settings but I'm still working on that. Keep up the good work!


Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/awKE859ZionvG-EWWpKGSuCZf1-MdE1oakt9vNUc_jJ_Wlw-Cux0n-ULmBPua5lq10k44m6oJm0HYizTRmrvgwMQrsTe_-q3C5wFdyws-Vw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-MSI-MS_7917-20160916-093919.yml
Description: application/yaml


Qubes-HCL-MSI-MS_7917-20160916-093919.cpio.gz
Description: application/gzip

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[mara . kuenster]

Am Freitag, 16. September 2016 09:27:26 UTC+2 schrieb Raphael Susewind:
> IMHO the safest option is indeed to use a split-dm kind of approach, as
> suggested before: create a loopback file in the dropbox VM, expose this
> via qvm-block to your working VM where you then do all the encryption
> (using standard LUKS) and can either mount the thing right there or -
> for extra security - expose to yet another VM, again using qvm-block:
> 
> dropbox VM: loopback file -> /dev/loop0 -> exposed with qvm-block to
> crypto VM: /dev/xvdX -> dm-crypt -> /dev/mapper/plain -> exposed to
> work VM: /dev/xvdX -> mounted somewhere and used as usual...
> 
> The only caveat is how Dropbox behaves if you have a file in it that
> serves as backdrop for a loopback device - any thoughts on this?
> 
> Raphael

I dont have any references at hand, but back then when I decided to go with 
EncFS, I also looked at the block-device method. IIRC, Dropbox theoretically 
does handle giant files very well (actually it's pretty irrelevant what you 
store), but there were problems with syncing obviously (try accessing this 
device on multiple machines) and also with write-through and general integrity. 
It just had a lot of quirky corner cases and while EncFS + Dropbox isn't 
perfect for syncing either, it has worked flawlessly for over two years now 
(with daily use)...

So for me, EncFS seems the way to go, unless you unmount the file system and 
flush it before activating dropbox but that is kinda unstable from a human 
error perspective...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5be67da3-dc2f-49ae-be29-14263c81a1cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[mara . kuenster]

Am Freitag, 16. September 2016 09:52:40 UTC+2 schrieb Drew White:
> If they can get access, whether encrypted or not, it means it's insecure.
> 
> Encryption just takes time to break.
> 
> If you have encrypted files, encrypted with a STRONG password THEN a 2048 bit 
> cypher, THEN it will probably take about 6 months to decypher it and get the 
> data out.

I think you need to educate yourself a bit on the topic of encryption. 
Encryption is secure if you use it correctly. Too secure actually, it's much 
more straightforward to simply torture the information out of someone...

And unless there is a backdoor in AES-256 (which why ideally you would always 
use a combination of several ciphers), it is technically and theoretically 
unbreakable if you used a 256-bit random key. It's much more likely that 
someone will social engineer his way to the data. Matters are entirely 
different with current public key algorithms, which may very well be broken via 
quantum computers, so I wouldn't bet my money on that horse... On the other 
hand those are not the algorithms you use for backup anyway.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43d896a3-aee4-40ef-ae98-fff3e522c798%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Usb device

[Franz]

On Fri, Sep 16, 2016 at 6:38 AM,  wrote:

> > On Friday, 16 September 2016 06:53:25 UTC+10, kater...@sigaint.org
> wrote:
> >> > On Tuesday, September 13, 2016 at 12:48:50 PM UTC+2,
> >> kater...@sigaint.org
> >> > wrote:
> >> >> Hello
> >> >> I haven't understood yet how open an usb device in Qubes (or in VM
> >> that
> >> >> I
> >> >> choose).
> >> >> Can someone explain me how do I do?
> >> >>
> >> >> Thank you
> >> >
> >> > See here for the how-to, at the bottom for 3.2: ->
> >> > https://www.qubes-os.org/doc/usb/
> >>
> >> I have the 3.1, is it the same?
> >
> > What do you mean by "open up a usb device"?
> > Are you trying to connect via RAW data connection?
> > Are you trying to connect via Telnet or SSH or something?
> > Are you attempting to open a USB Data Device?
> > Are you attempting to connect to a USB NIC/Modem?
> >
> > Please provide details.
> >
> > I have no issues connecting to anything like this on Qubes 2, 3, 3.0,
> 3.1,
> > 3.2RC1.
> >
> > I may be able to help once I know details.
>
> Hello
> Ok, I have attached my usb pen to a VM,


that means that on Qubes manager you followed the "attach/detach block
device" item?


> now if I want to copy some file on
> this pen, where I find the device? (Usually other OS open automatically
> it)
>

If you reply yes to the previous question, then you should open Nautilus in
the VM to which  your device is attached. Nautilus will show a triangle
next to the name of your device. Clicking on than name you open it.
Best
Fran


> Thank you
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/b421e84271092b44ebc53dbbc7ee0f5c.webmail%40localhost.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAXFFdpP%3DEki0ivvrgrfqFzh5bwVsNhk4v809Of7Cy%2BgA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R3.2_rc3.iso Corrupt Download?

[Konstantin Ryabitsev]

On Fri, Sep 16, 2016 at 11:41:30AM +, amadaus wrote:
> I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
> signatures received the following output:
> [user@rubbish ~]$ gpg -v --verify
> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
> '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
> gpg: armor header: Version: GnuPG v2
> gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
> 03FA5082
> gpg: using PGP trust model
> gpg: Good signature from "Qubes OS Release 3 Signing Key"
> gpg: binary signature, digest algorithm SHA256
> [user@rubbish ~]$ gpg --list-sig 03FA5082
> pub   4096R/03FA5082 2014-11-19
> uid  Qubes OS Release 3 Signing Key
> sig  36879494 2014-11-19  Qubes Master Signing Key
> sig 3E2986940 2016-01-04  [User ID not found]
> sig 303FA5082 2014-11-19  Qubes OS Release 3 Signing Key
> 
> As you can see signature E2986940 is unknown. I imported this key, it
> belongs to "Kabine Diane "
> This seems very suspicious. Should I delete the iso and try a fresh
> download?

Anyone can sign anyone's key and upload it to the keyservers. A presence
of an unknown signature on a key doesn't invalidate it in any way. As
long as there is a signature you do trust (DDFA1A3E36879494), the key is
valid.

Regards,
-- 
Konstantin Ryabitsev
Linux Foundation Collab Projects
Montréal, Québec

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160916121846.GA2126%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature

[qubes-users] R3.2_rc3.iso Corrupt Download?

[amadaus]

I have downloaded Qubes R3.2-rc3 iso and in the course of verifying
signatures received the following output:
[user@rubbish ~]$ gpg -v --verify
'/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc'
'/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso'
gpg: armor header: Version: GnuPG v2
gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID
03FA5082
gpg: using PGP trust model
gpg: Good signature from "Qubes OS Release 3 Signing Key"
gpg: binary signature, digest algorithm SHA256
[user@rubbish ~]$ gpg --list-sig 03FA5082
pub   4096R/03FA5082 2014-11-19
uid  Qubes OS Release 3 Signing Key
sig  36879494 2014-11-19  Qubes Master Signing Key
sig 3E2986940 2016-01-04  [User ID not found]
sig 303FA5082 2014-11-19  Qubes OS Release 3 Signing Key

As you can see signature E2986940 is unknown. I imported this key, it
belongs to "Kabine Diane "
This seems very suspicious. Should I delete the iso and try a fresh
download?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nrglpa%24btn%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Usb device

[katerimmel]

> On Friday, 16 September 2016 06:53:25 UTC+10, kater...@sigaint.org  wrote:
>> > On Tuesday, September 13, 2016 at 12:48:50 PM UTC+2,
>> kater...@sigaint.org
>> > wrote:
>> >> Hello
>> >> I haven't understood yet how open an usb device in Qubes (or in VM
>> that
>> >> I
>> >> choose).
>> >> Can someone explain me how do I do?
>> >>
>> >> Thank you
>> >
>> > See here for the how-to, at the bottom for 3.2: ->
>> > https://www.qubes-os.org/doc/usb/
>>
>> I have the 3.1, is it the same?
>
> What do you mean by "open up a usb device"?
> Are you trying to connect via RAW data connection?
> Are you trying to connect via Telnet or SSH or something?
> Are you attempting to open a USB Data Device?
> Are you attempting to connect to a USB NIC/Modem?
>
> Please provide details.
>
> I have no issues connecting to anything like this on Qubes 2, 3, 3.0, 3.1,
> 3.2RC1.
>
> I may be able to help once I know details.

Hello
Ok, I have attached my usb pen to a VM, now if I want to copy some file on
this pen, where I find the device? (Usually other OS open automatically
it)

Thank you


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b421e84271092b44ebc53dbbc7ee0f5c.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.

Re: Negative test result for fedora 24... Was: Re: Request for test: Re: [qubes-users] Fedora 24?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Sep 15, 2016 at 09:41:37PM -0700, J. Eppler wrote:
> Is it a good idea to spend time on fedora 24? Fedora 25 should be released in 
> November/December and will use Wayland per default. Would it not be better to 
> skip Fedora 24 and focus on resources and efforts on Fedora 25?

Most likely problems found on F24 will also affect F25, so those will
need to be fixed anyway. On the other hand, since it mostly works, it
isn't much effort.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJX2684AAoJENuP0xzK19csEGYH/1mZK2nJH7bU9WwVP8pHFNJL
yT3VApyDAC/h4p9WVCS/3Jaj0ZTkNsPUzXLh85Ico5L++rz7Cg0HxhjnNSkh7gSK
cQOWbVq4Eeo4iRybCgkR7d1oKG+ar4mkvyXzE4psWFDb95WV3m/zZsNFgw4YhM9/
IN5ZbsOSE6DVF32lOh9Qbv2MkhSeyi7eI8KB1DIWoqEJUt+5CA3pXDVRsPvbIxIe
w3uTZWnPn3tA4aZCEh2/dnkULiVpZTM+iHNgUKQHpr0WRMtXPj1oAxx9O1SaZr7m
9pB6RfGGFZDZ0uEHeJfrei3hd0LHU4OXx5+CAsGmhIBIDxKw6D4FS2r59AORnh0=
=meEW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160916083712.GT31510%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VGPU output access

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Sep 15, 2016 at 08:27:05PM -0700, Drew White wrote:
> Hi folks,
> 
> I'm trying to access the VGPU output for a guest, and wondering where I would 
> go to find out how to access it, or what file I had to read, or what data 
> stream I had to access?
> 
> Any information that would allow me to gain access to it would be grateful.

PV domains on Qubes OS do not have VGPU at all. For HVM, it is
what you see in a window of that domain. 

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJX266TAAoJENuP0xzK19cseuwH/1MYXHQaFoA4B9fbYd6Tgeuu
yo7+ySWPEQ9n/tcv2adBm7dBJkPh4s+Z6NP3eHDVX6Chy9byCbni9Falb97LZuDX
/wvLSqeQnz9x3EDP241OeoyM98Z/41ogD2zgCn4Iq6cybaiYIFyz6DCNBfpggCgo
f8euwNtriFPjmGA1cfiyX93oV3drPkWIS0jchmhzx/2k2pGF5gkjELBeTVvrV8Tx
laZccsBfJLLiK/oRNPdxUa6e5NkUZVXgZYe6GOxmWrMfa6SrkQjo7HEeATOfflzk
Uu60GGIBDJ5GthboYUCDS+Y7gjcaJ8gd93AMXR5YahirkLdZVytDWDnjxN7O0Cw=
=gFUH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160916083427.GS31510%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[Drew White]

If they can get access, whether encrypted or not, it means it's insecure.

Encryption just takes time to break.

If you have encrypted files, encrypted with a STRONG password THEN a 2048 bit 
cypher, THEN it will probably take about 6 months to decypher it and get the 
data out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15c15e19-9fe8-4614-b4da-f6c68b7512a2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[Drew White]

On Friday, 16 September 2016 16:37:47 UTC+10, mara.k...@gmail.com  wrote:
> @Chris
> 
> Thanks I will think about this block-level approach.
> 
> @Drew
> 
> I don't agree... Storing encrypted files on dropbox IS secure in the sense 
> that nobody in the world will be able to decrypt them (as long as the 
> encryption step is not exposed to the dropbox process, which might be 
> compromised). Of course dropbox can delete all your files instantly, but that 
> is another matter. I use dropbox as cloud backup and if they delete 
> everything it doesn't really matter, unless I lose all my own backups at the 
> same time.

If they can get access, whether encrypted or not, it means it's insecure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f70c8ce-0b8c-48ed-9375-6f64e80c414c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[Raphael Susewind]

IMHO the safest option is indeed to use a split-dm kind of approach, as
suggested before: create a loopback file in the dropbox VM, expose this
via qvm-block to your working VM where you then do all the encryption
(using standard LUKS) and can either mount the thing right there or -
for extra security - expose to yet another VM, again using qvm-block:

dropbox VM: loopback file -> /dev/loop0 -> exposed with qvm-block to
crypto VM: /dev/xvdX -> dm-crypt -> /dev/mapper/plain -> exposed to
work VM: /dev/xvdX -> mounted somewhere and used as usual...

The only caveat is how Dropbox behaves if you have a file in it that
serves as backdrop for a loopback device - any thoughts on this?

Raphael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9994a6d-2c0f-0a7f-eb8a-3a2da837f49a%40raphael-susewind.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[mara . kuenster]

PS: SSH alone is of course not very ideal, because this could mean I am running 
rsync of the dropbox qube. Instead I could use SSHFS to mount the dropbox 
qube's folder in encfs and then use the rsync of the encfs qube to sync the 
files via SSHFS. This is like super indirect, but probably safer?!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6cd48d49-5ce5-49ee-9fae-66ed81290cc8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[mara . kuenster]

> > Hi,
> >
> > I just installed Qubes OS and I feel its freakin awesome!
> >
> > I am trying to set it up the way I want and one thing on my list is having 
> > a dropbox vm that provides simply just the cloud storage... I would like to 
> > run the actual encryption on a different qube because I dont at all trust 
> > dropbox.
> >
> > How would I setup a qube that runs dropbox and exposes its filesystem 
> > securely to another qube that runs encfs which in turn can then be used to 
> > safely store & view cloud files via qubes OS standard file sharing 
> > capabilities?!
> >
> > My idea was to run NFS on dropbox qube and connect to NFS with the encfs 
> > qube, but that's in several unfortunate.
> >
> > 1) I don't trust NFS
> > 2) NFS is unreliable in combination with EncFS
> >
> >
> > I want to get rid of the network connection...
> >
> > How would you solve this?
> >
> > Thanks a bunch!
> >
> 
> The operative word here is 'expose'... There is probably no secure way 
> to share something as complex as a filesystem, which is why Qubes has no 
> built-in file sharing capabilities.
> 
> You could use qvm-copy-to-vm or the equivalent in the context menu of 
> the file browser... but that copies whole files between vms.
> 
> You could also create one disk image per vm on dropbox, and somehow set 
> them up as loopback devices in the dropbox vm. This allows you to 
> 'share' data to client vms as disk blocks using qvm-block, which is far 
> less risky than sharing filesystems. You would also have to encrypt the 
> disk images in each client vm to make this truly secure.
> 
> Chris

What do you think about this:

Encfs-Qube contains plaintext & encrypted files and has a cron job that runs 
like every hour. This job will SSH into dropbox-qube and run Rsync to project 
all the changes onto the dropbox-qube (but ignores all the changes inside 
dropbox, which would also be nice in case dropbox deletes everything or 
modifies encrypted files etc.)

Dropbox-Qube just contains the public SSH key and see only encrypted files...

Is SSH + Rsync reasonably safe? Or do I have to assume an attacker could easily 
break into the encfs domain once he compromises dropbox? Remember that Rsync 
will not promote any changes in the dropbox domain back to the encfs domain... 
It will discard all the changes inside dropbox instead.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6b1267b3-9295-4104-9d73-89e3b072667c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

[almightylaxz]

Qubes was working flawlessly on my GTX 670, recently upgraded to a GTX 1070 and 
now I can't even load the installer

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ece01772-290a-4b3f-8d96-0f6323f9069c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!

[mara . kuenster]

@Chris

Thanks I will think about this block-level approach.

@Drew

I don't agree... Storing encrypted files on dropbox IS secure in the sense that 
nobody in the world will be able to decrypt them (as long as the encryption 
step is not exposed to the dropbox process, which might be compromised). Of 
course dropbox can delete all your files instantly, but that is another matter. 
I use dropbox as cloud backup and if they delete everything it doesn't really 
matter, unless I lose all my own backups at the same time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a05a5f4-beba-40ed-be49-ad484ed8deaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Compiling Archlinux Template failed on make qubes-vm/vmm-xen-vm

[necrokulto]

Start recompiling it again by deleted all the folders. Now i get different 
error like Jovan 
(https://groups.google.com/forum/?nomobile=true#!msg/qubes-users/43cDUEWz8M4/wFO8F_rPAQAJ;context-place=forum/qubes-users)

==> Starting build()...
+ patch -s -F0 -E -p1 --no-backup-if-mismatch -i ./patches.misc/qemu-tls-1.patch
patch:  Can't open patch file ./patches.misc/qemu-tls-1.patch : No such 
file or directory
++ echo '*** patch ./patches.misc/qemu-tls-1.patch failed ***'
*** patch ./patches.misc/qemu-tls-1.patch failed ***

==> ERROR: A failure occurred in build().
Aborting...
/home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: 
recipe for target 'dist-package' failed
make[2]: *** [dist-package] Error 2
Makefile.generic:139: recipe for target 'packages' failed
make[1]: *** [packages] Error 1
Makefile:208: recipe for target 'vmm-xen-vm' failed
make: *** [vmm-xen-vm] Error 1

Not sure of what does he meant by "tweaks in the series.conf file of vmm-xen". 
I already add the 'patches.misc/qemu-tls-1.patch' there but I still got the 
same error again and again.

Any clue anyone?   

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fa31c1a-7ce3-4deb-8a43-43279b93f2ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.