Re: [qubes-users] Request for feedback: 4.9 Kernel

[Chris Laprise]

On 05/24/2017 03:51 PM, Chris Laprise wrote:

4.9 is working OK so far. I was using 4.8 prior to this.


Additional note: 4.9 seems to resolve a zombie process issue I was 
having with 4.8 (domU), and the 4.9.33-18 security update is working 
well so far.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6dfb6b89-4f24-b41f-b57b-fc63df2a77e0%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Switching from UEFI to BIOS after installation...

[cooloutac]

On Tuesday, June 20, 2017 at 10:30:40 PM UTC-4, motech man wrote:
> On Monday, September 26, 2016 at 2:40:51 AM UTC-5, Mara Kuenster wrote:
> > Yes, SOME VMs work sometimes ☺.
> > 
> > I will just reinstall, it’s better anyway to have no unsupervised downtime 
> > between installing qubes and AEM, especially since I used Windows already 
> > on the same PC before activating AEM.
> > Still this is a weird issue. Maybe one of the developers could try to 
> > reproduce by installing with UEFI then activating BIOS and confirm this 
> > messed up system? It is especially weird since the SAME system is just fine 
> > when booting in UEFI. 
> > 
> > Btw, maybe you could add a warning to the installer that UEFI will not 
> > allow AEM to be used, this would save a lot of time. I think I am not the 
> > only one who didn’t read the AEM documentation that carefully :D.
> > 
> > Cheers
> > Chris
> > 
> > 
> > On 26/09/16 01:34, "Marek Marczykowski-Górecki" wrote:
> > 
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256in
> > 
> > On Mon, Sep 26, 2016 at 12:02:01AM +0200, Mara Kuenster wrote:
> > > Hmm yeah with that I managed to boot through BIOS mode, unfortunately 
> > the VMs don’t start (randomly, different ones fail on each boot attempt). 
> > So basically something seems to go wrong. The disks get decrypted and I can 
> > login with the manager etc. but the system is more or less a complete 
> > failure ^^. When I go back and boot in UEFI mode, everything works just 
> > fine…
> > > 
> > > This seems kinda odd xD.
> > 
> > Just to clarify - does any VM start at all?
> > If not, check if Xen is started. The easiest way is to call `xl info` in
> > dom0. If not, make sure you select grub boot entry containing "Xen".
> > 
> > - -- 
> > Best Regards,
> > Marek Marczykowski-Górecki
> > Invisible Things Lab
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v2
> > 
> > iQEcBAEBCAAGBQJX6F72AAoJENuP0xzK19csLNcIAIJry9faT2BpdtxRqthd2QuK
> > ZE+jWf93MBDydoMX0vvGUptFBobYfRb4Qzyu0yihXT/a+uH2UbDKI7RskGISVU3I
> > BlhXbRcspfG1evnykOcOWAQ5wyPXDZrwB9+cztR4FuB48n6Ib3zLrPuJzqSFDiVZ
> > LrEg5OvUO+I1e1Bj//PyTCYTzApNWFmVcsC1+6DOchkeoNfnHNqtZlkhNGj+3580
> > 2Se3XYCgTaLQ26MEoi1HYXJe5Gf9P3XLFdmiCoc7Ehjs3Cv3jK0Xq/knILiLvuV/
> > o8xGFxMHHseTVfyQUUafE4xt1PoqOp28aziWMJf6MY7EHpVNhaZmFe0zAh6oIKw=
> > =dsD5
> > -END PGP SIGNATURE-
> 
> Indeed. I don't understand why AEM can't be used with UEFI. The docs should 
> also mention the reliance on TPM for AEM and the use of AEM prevents ability 
> to swap drives in mobo easily, such as hot swapable SATA. That is probably 
> not an important consideration in the majority of cases I suspect.
> 
> Also, the conversion process should probably discuss GPT vs MBR partitioning. 
> I was under the impression UEFI required GPT, but even if not, I do know 
> booting an OS that resides on a GPT drive via BIOS (i.e. legacy) mode has 
> problems. Most BIOS / legacy code doesn't even recognize a GPT drive. Often 
> BIOS booting on a GPT drive relies on the protected partition region which 
> isn't recognized across the board and is far from being well recognized my 
> all Op Systems.


oh, I don't use aem but I thought it was the other way around,  thought it was 
for uefi...lol  Should be already understood you need tpm, but I don't think 
nescessarily txt.   Man, I always learn things make me like the itl team so 
much they aren't influenced by anything.

I don't understand why people want to use uefi if not using secure boot.  I 
know eventually Qubes will have to fully support uefi and legacy boot gonna be 
old news cause they will have no choice from hardware manufactures.  But is 
there any other benefits?  To me I see it as making my machine more vulnerable 
without any benefits but headache.

You say GPT is that cause you running windows?  Well when you do decide to go 
to Qubes-os only machine  reformat the drive and hope for the best.  If you 
ever update your pc hardware though don't put anything else on it.  And your 
Hardware should be safe for at least a year lol. I'm starting to think real 
security is only for rich people.   but 1-2 years reasonable secure pc is 
pretty good compared to windows.  which I would give 1-2 months.  and linux 
which is shot in one day.  Ignore my fud.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1e3b896-f2d5-4727-8d32-85672a7c32b3%40googlegroups.com.
For more options, visit 

Re: [qubes-users] Switching from UEFI to BIOS after installation...

[motech man]

On Monday, September 26, 2016 at 2:40:51 AM UTC-5, Mara Kuenster wrote:
> Yes, SOME VMs work sometimes ☺.
> 
> I will just reinstall, it’s better anyway to have no unsupervised downtime 
> between installing qubes and AEM, especially since I used Windows already on 
> the same PC before activating AEM.
> Still this is a weird issue. Maybe one of the developers could try to 
> reproduce by installing with UEFI then activating BIOS and confirm this 
> messed up system? It is especially weird since the SAME system is just fine 
> when booting in UEFI. 
> 
> Btw, maybe you could add a warning to the installer that UEFI will not allow 
> AEM to be used, this would save a lot of time. I think I am not the only one 
> who didn’t read the AEM documentation that carefully :D.
> 
> Cheers
> Chris
> 
> 
> On 26/09/16 01:34, "Marek Marczykowski-Górecki" wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256in
> 
> On Mon, Sep 26, 2016 at 12:02:01AM +0200, Mara Kuenster wrote:
> > Hmm yeah with that I managed to boot through BIOS mode, unfortunately 
> the VMs don’t start (randomly, different ones fail on each boot attempt). So 
> basically something seems to go wrong. The disks get decrypted and I can 
> login with the manager etc. but the system is more or less a complete failure 
> ^^. When I go back and boot in UEFI mode, everything works just fine…
> > 
> > This seems kinda odd xD.
> 
> Just to clarify - does any VM start at all?
> If not, check if Xen is started. The easiest way is to call `xl info` in
> dom0. If not, make sure you select grub boot entry containing "Xen".
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJX6F72AAoJENuP0xzK19csLNcIAIJry9faT2BpdtxRqthd2QuK
> ZE+jWf93MBDydoMX0vvGUptFBobYfRb4Qzyu0yihXT/a+uH2UbDKI7RskGISVU3I
> BlhXbRcspfG1evnykOcOWAQ5wyPXDZrwB9+cztR4FuB48n6Ib3zLrPuJzqSFDiVZ
> LrEg5OvUO+I1e1Bj//PyTCYTzApNWFmVcsC1+6DOchkeoNfnHNqtZlkhNGj+3580
> 2Se3XYCgTaLQ26MEoi1HYXJe5Gf9P3XLFdmiCoc7Ehjs3Cv3jK0Xq/knILiLvuV/
> o8xGFxMHHseTVfyQUUafE4xt1PoqOp28aziWMJf6MY7EHpVNhaZmFe0zAh6oIKw=
> =dsD5
> -END PGP SIGNATURE-

Indeed. I don't understand why AEM can't be used with UEFI. The docs should 
also mention the reliance on TPM for AEM and the use of AEM prevents ability to 
swap drives in mobo easily, such as hot swapable SATA. That is probably not an 
important consideration in the majority of cases I suspect.

Also, the conversion process should probably discuss GPT vs MBR partitioning. I 
was under the impression UEFI required GPT, but even if not, I do know booting 
an OS that resides on a GPT drive via BIOS (i.e. legacy) mode has problems. 
Most BIOS / legacy code doesn't even recognize a GPT drive. Often BIOS booting 
on a GPT drive relies on the protected partition region which isn't recognized 
across the board and is far from being well recognized my all Op Systems.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/680c3a7c-8cac-44c1-864c-cc5da1496f4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Ubuntu Xenial Update Dependency Breakages

[Andrew Morgan]

Hey all,

Trying to update my Ubuntu Xenial template, but hitting following
dependency issue. You can see my attempts to resolve this to no avail:

...
Reading state information... Done
3 packages can be upgraded. Run 'apt list --upgradable' to see them.
user@xenial-desktop:~$ sudo apt list --upgradable
Listing... Done
qubes-gui-agent/unknown 3.2.17-1+deb8u1 amd64 [upgradable from:
3.2.13-1+xenialu1]
xserver-xorg-input-qubes/unknown 3.2.17-1+deb8u1 amd64 [upgradable from:
3.2.13-1+xenialu1]
xserver-xorg-video-dummyqbs/unknown 3.2.17-1+deb8u1 amd64 [upgradable
from: 3.2.13-1+xenialu1]
user@xenial-desktop:~$ sudo apt upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

user@xenial-desktop:~$ sudo apt install qubes-gui-agent
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 qubes-gui-agent : Depends: xserver-xorg-video-dummyqbs (=
3.2.17-1+deb8u1) but 3.2.13-1+xenialu1 is to be installed
   Depends: xserver-xorg-input-qubes (= 3.2.17-1+deb8u1)
but 3.2.13-1+xenialu1 is to be installed
E: Unable to correct problems, you have held broken packages.
user@xenial-desktop:~$ sudo apt install -f
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
user@xenial-desktop:~$ sudo apt install xserver-xorg-video-dummyqbs
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 xserver-xorg-video-dummyqbs : Depends: xorg-video-abi-18 but it is not
installable
E: Unable to correct problems, you have held broken packages.
user@xenial-desktop:~$ sudo apt install xorg-video-abi
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package xorg-video-abi
user@xenial-desktop:~$ sudo apt install xorg-video-abi-18
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package xorg-video-abi-18 is not available, but is referred to by
another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'xorg-video-abi-18' has no installation candidate
user@xenial-desktop:~$

Any idea how one would get out of this situation? Is anyone else facing
this with their Xenial VM?

Also I sometimes get the error that /var/lib/apt/lists/lock is present
when starting my xenial machine and thus it cannot update/upgrade. Is
there any way to ensure this file isn't present after a reboot/stop the
system from occasionally not cleaning this file up?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oiclam%24h57%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."

[cooloutac]

On Tuesday, June 20, 2017 at 10:42:25 AM UTC-4, Paulo Marques wrote:
> Hi Cooloutac, thanks for yours advice man
> 
> "it would require building your own iso or using some kickstart file.  I 
> believe this has been done before but I'm failing to find it searching the 
> mailing list.
> 
> "Building your own iso is out of my expertise" and out of mine also..., but 
> I'll try to find searching the mailing list about using some Kickstart file 
> (although I suspect it's out of my "league" also but I'll try.
> 
> "what if you burn qubes on a dvd? ... and install legacy mode..." I've done 
> it already... I've tried with a burned DVD on my first atempts ... :( But 
> thanks for the tip anyway... ;)
> 
> "Swapping drives really isn't a solution man..." Thanks, I know that but as I 
> only have one Pc (a tower/desktop one) and I couldn't stop working, meanwhile 
> I had to find a way to make the transition for Qubes, and as soon I install 
> it, I'll drop out the other one and keep the Qubes Os as my only one system 
> active... 
> I'm "glad" I did it this way otherwise i couldn't keep on working and could 
> not access this forum and ask for advice in case things didn't went well 
> (which they did unfortunately).
> 
> But anyhow thanks for your advices man ;) , I'll try to find the Kickstart 
> discussion and trie it... and then I'll try again with the DVD way, and after 
> that I'll download another image and I'll try all over again from that... 
> Let's see what happened... (let me keep my fingers crossed ;) )

try suggestions in this thread 
https://groups.google.com/forum/#!msg/qubes-users/Eq2zZU5yXEs/qs94AX1uAAAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e567707-7ec7-40d7-a33e-d0b0f2291ed7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SSD cache breaks Anti Evil Maid completely

[motech man]

On Tuesday, June 20, 2017 at 8:34:51 PM UTC-5, motech man wrote:
> I'm new to qubes but in my seaches to get up to speed (seems like I'll never 
> see the light of day again after starting down the Qubes rabbit hole!) I 
> noticed this post and when researching what AEM is found this on the Qubes 
> website:
> 
> o - If you are using LUKS with LVM, you must encrypt the whole volume group
> instead of each volume, or else AEM will fail to boot.
> 
> Could this be why your AEM no longer works? Just a thought, disregard if not 
> applicable. That same qubes web page also says AEM requires legacy boot, 
> which I will not use. Shame, AEM sounds useful, tho I suspect UEFI may be 
> better. NOt sure how TPM fits into this yet, one more thing to find out 
> about. My mobo supports it being bleeding edge new.

Forgot to post the link to the qubes article: 
https://github.com/QubesOS/qubes-antievilmaid/tree/master/anti-evil-maid

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b8096a3-ed9e-47e8-98d8-db5cfe6b8d15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SSD cache breaks Anti Evil Maid completely

[motech man]

I'm new to qubes but in my seaches to get up to speed (seems like I'll never 
see the light of day again after starting down the Qubes rabbit hole!) I 
noticed this post and when researching what AEM is found this on the Qubes 
website:

o - If you are using LUKS with LVM, you must encrypt the whole volume group
instead of each volume, or else AEM will fail to boot.

Could this be why your AEM no longer works? Just a thought, disregard if not 
applicable. That same qubes web page also says AEM requires legacy boot, which 
I will not use. Shame, AEM sounds useful, tho I suspect UEFI may be better. NOt 
sure how TPM fits into this yet, one more thing to find out about. My mobo 
supports it being bleeding edge new.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bc4727f-8206-40e0-bd92-189609f5c528%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible rootkit found on my Fedora 24 template?

[Chris Laprise]

If you're worried about rootkits, the threat looks somewhat different 
for Qubes templates and template-based VMs because the templates 
themselves are so well protected (essentially read-only most of the time).


The potential threat lay with configuration files stored in /rw 
(private.img) which includes /rw/config and /home/user. I am working on 
a tool to help detect and prevent such rootkits:


https://github.com/tasket/Qubes-VM-hardening
https://github.com/tasket/Qubes-VM-hardening/tree/systemd

The first version merely sets all the bash/sh/GUI init scripts in /home 
as 'immutable'. This has the benefit of preventing non-priv-escalation 
malware from persisting at startup, and prevents alias shims from 
stealing passwords, etc.


The next version can also compare file hashes and deactivate root-level 
malware at startup before /rw is brought online.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c072147-d728-61f3-ddf0-26042ca769c4%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible rootkit found on my Fedora 24 template?

[Chris Laprise]

On 06/20/2017 01:06 PM, slemmigtor...@gmail.com wrote:

Or is this a false positive?



If you 'man xl' you'll see its a Xen command (Qubes runs under Xen). Its 
included in my Fedora template so I don't think there is a problem.


Also don't know how a root would have gotten into your /template/... 
that seems extremely hard unless you've been installing 
unsigned/untrusted software in there manually.


If you're really paranoid, you could attach the root.img of the template 
to an appVM based on a different template, then do a SHA sum on 'xl' and 
related xenlight libs. You should be able to find sums for (same 
versions of) those files at fedora's site.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c429f91-1537-ece3-8d3d-67552fc45ea5%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible rootkit found on my Fedora 24 template?

[Unman]

On Tue, Jun 20, 2017 at 10:06:36AM -0700, slemmigtor...@gmail.com wrote:
> Or is this a false positive?
> 

It's almost certainly a false positive, triggered by the presence of xl,
and nothing more.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170620220916.GB12322%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Does "open in disposable VM" from modifying the original file?

[Unman]

On Mon, Jun 19, 2017 at 10:02:04PM -0400, taii...@gmx.com wrote:
> Assuming you don't make any changes yourself, it would also be nice to have
> a "yes/no" popup so you can choose as to if you wish to have a truly
> disposable version.

I'm not quite sure what your point is, because there's a word missing
from the subject line. (Could it be "prevent"?)

There's an interesting discussion on this at qubes issues:
https://github.com/QubesOS/qubes-issues/issues/1118

If you don't make a change yourself the file wont be changed in the
sender qube. Saving a file in the disposableVM provides the yes/no
prompt you are asking about.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170620220323.GA12322%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] FYI: AMD Epyc (server CPUs) comes with low-level per-VM DRAM Encryption / isolation support

[Foppe de Haan]

Too bad it's (probably) not coming to the desktop, but interesting nonetheless:

https://www.servethehome.com/amd-epyc-7000-series-key-security-virtualization-performance-features/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e35572f2-9200-40bf-ad58-18416c14d85d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

[Swâmi Petaramesh]

Le 20/06/2017 à 19:49, Reg Tiangha a écrit :
> Curious: Did you install the qubes-usb-proxy package in both sys-usb and
> sys-net templates before attempting to transfer the device?

THanks for the hint, but yes, it is currently installed in the template
used for both sys-usb and sys-net VMs.

ॐ

-- 
Swâmi Petaramesh  PGP 9076E32E

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/061455ea-98d8-f02d-cffa-ded922556fac%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

[Swâmi Petaramesh]

Le 20/06/2017 à 19:34, Foppe de Haan a écrit :
> Do you know if driver support is included in newer kernels?

I know that recent Mints and Debian do manage this hardware well...

ॐ

-- 
Swâmi Petaramesh  PGP 9076E32E

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d278c8d-50a9-ae3a-e832-feba56e1dfed%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] VPN Disconnects when Qubes goes to sleep (and does not reconnect when coming out of sleep)?

[Gaiko Kyofusho]

I completely hadn't thought of it that way. Well in that case I will indeed
consider it a feature :) and refocus on more easily restarting it (an older
post this group has already begun to help me with).
Thx!

On Wed, Jun 14, 2017 at 5:38 AM, Unman  wrote:

> On Mon, Jun 12, 2017 at 10:31:12PM -0400, Gaiko Kyofusho wrote:
> > I have sucessfully setup a VpnVM that is working nicely, if the computer
> > doesn't go to sleep, but if it goes to sleep or I close the lid
> (notebook)
> > etc then when I open it back up it does not automatically reconnect? The
> > wifi reconnects and I can use VMs that aren't connecting to the net via
> the
> > VPN (ie just through the firewall) but I have to restart the VpnVM to use
> > the VMs that are using the VpnVM.
> > Thoughts?
>
> These sorts of questions come up quite often.
> For me, I don't want my Qubes to be automatically trying to  connecting
> to anything, wifi or vpn. So NOT working when it comes out of sleep is
> a positive feature for me.
> I travel a lot - the last thing I want is for Qubes to start spewing
> information about the nodes and VPNs that I connect to.
> Think of this (minor) inconvenience as another brick in the wall of
> privacy.
>
> unman
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGpWZxMceMzUe0HbAvY%2BZtb9mc7itd0kYzAiv7hmV-DA0t_G2w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] manual update dom0 to newest 4.5 kernel

[motech man]

Is it reasonable to assume that the "unstable" repo doesn't mean "insecure"?

I'm not sure how new I will need to go to to get more support for the Intel 630 
integrated graphics. It only provides a single resolution of 1024x768. 

Also if I'm going to go thru the trouble of updating prior to the next release 
I'm concerned about having the essential config options required for xen / 
qubes. Might as well taylor the option to my hardware, but don't want to overdo 
that and render the new kernel unbootable.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2b47cf60-d592-47f1-aa9b-a1c627fb8d4e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

[aphidfarmer]

Revised list of example systems, with corrections, price estimates, citations.

Coreboot with all components open source; fully removed management engine:
* Lenovo X200/T400/T500 w/ Coreboot, CPU: T9600 (dual core, each core about 50% 
of a modern i7-7920HQ [2]). Max 8 GB RAM. Cost: 75 USD used.[4] These systems 
run Intel Core 2 Duo CPUs, which lack EPT [5], so don't meet Qubes 4.x minimum 
requirements.

Coreboot with open source RAM init but some minor blobs; partially removed 
management engine:
* Lenovo T530 w/ Coreboot. CPU: i7-3840QM (quad-core, each core about 80% of a 
modern i7-7920HQ core [2]). Max 16GB RAM. Cost: 300 USD, used. [4]
* Lenovo W530 w/ Coreboot. Not officially supported, but someone made it work. 
Max 32 GB RAM.

Coreboot with proprietary RAM init; partially removed management engine
* Purism Librem 15. CPU: i7-6500U (dual core, each-core about 80% of i7-7920HQ 
[2]). Max 16GB RAM. Cost: 2000 USD new.[3]
* Purism Librem 13. CPU: i5-6200U (dual core, each core about 70% of i7-7920HQ 
[2]). Max 16GB RAM. Cost: 1700 USD new. [3]

For a list of blobs included in Coreboot, see [1].

All the Lenovo systems above require manual Coreboot compiling and an external 
flasher. The Purism systems can be flashed with coreboot from software (maybe 
only certain laptop revisions?) and can be preinstalled with Qubes.


References:
[1]List of coreboot blobs - https://www.coreboot.org/Binary_situation
[2]CPU performance comparison - 
https://www.notebookcheck.net/Mobile-Processors-Benchmark-List.2436.0.html  
Uncheck "Still available" find the older CPUs. Performance estimates based on 
Cinebench R10 32 scores.
[3]Purism 15 - https://puri.sm/shop/librem-15/ and 
https://puri.sm/shop/librem-13/
[4]e.g. eBay
[5]List of CPUs without EPT - 
http://ark.intel.com/Search/FeatureFilter?productType=processors=false

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb481725-51f7-425d-a60b-254e67ec2b6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

[Foppe de Haan]

On Tuesday, June 20, 2017 at 7:14:04 PM UTC+2, Swâmi Petaramesh wrote:
> Le 20/06/2017 à 17:27, Reg Tiangha a écrit :
> >
> 
> > Personally, I'd rather have them leave it in the oven until it's fully
> > baked, rather than to rush it out and then patch heavily later. If it
> > isn't ready yet, then it isn't ready.
> 
> Well, I was not criticizing, I was just asking :-}
> 
> I'm a bit annoyed because my company gave me a brand new laptop which I
> expected to use with Qubes - personal choice, not a company policy so
> they're not going to pay for this... And they're not going to be happy
> if it's my choice and it fails to deliver - and the laptop appears to be
> a bit to new for Qubes 3.2.
> 
> The touchpad was not working until I figured out one hour ago that I
> could get it to work using a 4.9 kernel from qubes-dom0-current-testing,
> but still my USB to Ethernet adapter won't work and I'm in trouble not
> being able to connect to any wired network...
> 
> Trying to use a sys-usb VM lead me to this bug :
> https://github.com/QubesOS/qubes-issues/issues/2860
> 
> That's why I was wondering when Qubes 4.0 was expected, thinking it
> might help with these hardware support issues.
> 
> But I'm fully aware of the preeminence of security considerations with
> qubes, and I strongly support it of course.
> 
> Only, I hope to be able to use my laptop :-\
> 
> ॐ
> 
> -- 
> Swâmi Petaramesh  PGP 9076E32E

Do you know if driver support is included in newer kernels?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/910f2eac-bbb8-413d-835a-ed66d9197b20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Any release schedule for Qubes 4.0

[Swâmi Petaramesh]

Le 20/06/2017 à 17:27, Reg Tiangha a écrit :
>

> Personally, I'd rather have them leave it in the oven until it's fully
> baked, rather than to rush it out and then patch heavily later. If it
> isn't ready yet, then it isn't ready.

Well, I was not criticizing, I was just asking :-}

I'm a bit annoyed because my company gave me a brand new laptop which I
expected to use with Qubes - personal choice, not a company policy so
they're not going to pay for this... And they're not going to be happy
if it's my choice and it fails to deliver - and the laptop appears to be
a bit to new for Qubes 3.2.

The touchpad was not working until I figured out one hour ago that I
could get it to work using a 4.9 kernel from qubes-dom0-current-testing,
but still my USB to Ethernet adapter won't work and I'm in trouble not
being able to connect to any wired network...

Trying to use a sys-usb VM lead me to this bug :
https://github.com/QubesOS/qubes-issues/issues/2860

That's why I was wondering when Qubes 4.0 was expected, thinking it
might help with these hardware support issues.

But I'm fully aware of the preeminence of security considerations with
qubes, and I strongly support it of course.

Only, I hope to be able to use my laptop :-\

ॐ

-- 
Swâmi Petaramesh  PGP 9076E32E

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddf9916a-4e7c-674a-b158-c0e06feb32e0%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Possible rootkit found on my Fedora 24 template?

[slemmigtorsk1]

Or is this a false positive?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9570b88d-6e57-406d-917f-50535c6b1b9a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Possible rootkit found on my Fedora 24 template?

[slemmigtorsk1]

Hello and thanks for reading.

I installed rkhunter, updated it and ran it. It gave me this:

[17:28:20]   Checking running processes for suspicious files [ Warning ]
[17:28:20] Warning: The following processes are using suspicious files:
[17:28:20]  Command: xl
[17:28:20]UID: 0PID: 514
[17:28:20]Pathname: /usr/sbin/xl
[17:28:20]Possible Rootkit: Dica-Kit Rootkit
[17:28:20]  Command: xl
[17:28:20]UID: 515PID: 514
[17:28:21]Pathname: 432688
[17:28:21]Possible Rootkit: Dica-Kit Rootkit
[17:28:21]

Can't find anything about this -rootkit- and qubes on the net, no false 
positives and such. I uploaded the file, xl, to virustotal and all results 
where green, so no antivirus program found anything wrong with this file. 

"The following processes are using suspicious files", is there a way to find 
these suspicious files?

The only file that I found that xl uses is xldevd.pid and there is a logfile 
/var/log/xen/xldevd.log but the log file is empty. 

The rkhunter log gives me this:

[17:23:27]   Scanning for string /var/run/...dica/clean  [ OK ]
[17:23:27]   Scanning for string /var/run/...dica/dxr[ OK ]
[17:23:27]   Scanning for string /var/run/...dica/read   [ OK ]
[17:23:27]   Scanning for string /var/run/...dica/write  [ OK ]
[17:23:27]   Scanning for string /var/run/...dica/lf [ OK ]
[17:23:27]   Scanning for string /var/run/...dica/xl [ OK ]
[17:23:27]   Scanning for string /var/run/...dica/xdr[ OK ]
[17:23:28]   Scanning for string /var/run/...dica/psg[ OK ]
[17:23:28]   Scanning for string /var/run/...dica/secure [ OK ]
[17:23:28]   Scanning for string /var/run/...dica/rdx[ OK ]
[17:23:28]   Scanning for string /var/run/...dica/va [ OK ]
[17:23:28]   Scanning for string /var/run/...dica/cl.sh  [ OK ]
[17:23:28]   Scanning for string /var/run/...dica/last.log   [ OK ]

So, if anyone could install rkhunter on their fedora 24 template and see if you 
get the same results, that would be very helpful. :)

Has my qubes been compromised? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d890712-3780-4c34-adc1-f4cdccdc7844%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Any release schedule for Qubes 4.0

[Ryan Tate]

> On Jun 20, 2017, at 11:27 AM, Reg Tiangha  wrote:
> 
> On 2017-06-20 9:06 AM, Swâmi Petaramesh wrote:
>> Hi there,
>> 
>> I've been googling here and there, and couldn't find any release
>> schedule for the upcoming qubes 4.0...
> 
> They haven't released one yet and it will be done when it's done.
> 
> Personally, I'd rather have them leave it in the oven until it's fully
> baked, rather than to rush it out and then patch heavily later.

Without disagreeing with any of this, I’ll just note that on April 30 the 
(excellent) community manager Andrew David Wong indicated "we expect to publish 
the first Qubes 4.0 release
candidate (4.0-rc1) in the next ~1-2 months.” 
https://groups.google.com/d/msg/qubes-users/kO2JqLqIQec/k1SKPO11CQAJ

Take that for what it’s worth.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/622D4B1E-7B37-4CE9-A1CD-98A24E059DA6%40ryantate.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Message signed with OpenPGP using GPGMail

[qubes-users] Re: Any release schedule for Qubes 4.0

[Reg Tiangha]

On 2017-06-20 9:06 AM, Swâmi Petaramesh wrote:
> Hi there,
> 
> I've been googling here and there, and couldn't find any release
> schedule for the upcoming qubes 4.0...
> 
> Any clue anybody ?
> 
> ॐ
> 

They haven't released one yet and it will be done when it's done.

Personally, I'd rather have them leave it in the oven until it's fully
baked, rather than to rush it out and then patch heavily later. If it
isn't ready yet, then it isn't ready. People can help speed things up
however, by volunteering to help find/fix bugs or helping with software
development by taking on one of the many "Help Wanted" tasks here:

https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22=%E2%9C%93

Or contributing in other ways as specified here:

https://www.qubes-os.org/doc/contributing/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oibes4%2418l%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Any release schedule for Qubes 4.0

[Swâmi Petaramesh]

Hi there,

I've been googling here and there, and couldn't find any release 
schedule for the upcoming qubes 4.0...


Any clue anybody ?

ॐ

--
Swâmi Petaramesh  PGP 9076E32E

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cab5f279-dece-b1fe-9bc0-c0db887c3d8e%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL Elitebook 2540p / Complete inability to use any Qubes 3.2 4.x series kernel

['Vincent Adultman' via qubes-users]

The only kernel that still functions is the leftover 3.8.17-8 from 3.1. Which 
is working fine for now, are there any downsides to continuing to use this?

Going by today's security bulletin[1], which releases a new kernel - it seems 
that there may well be downsides.

I wonder how best to proceed, I take it no one else is in this situation?

[1] https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-031-2017.txt

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/k7uot33w6f6GO4e0hQuvWsz0ntO7Cd-U-gN-2JoQfLCpCpJcaP5ZTe03G63DWs9W9XbqzbBF8lBEQBM8Xwhp5IZWzTzXgueqcaJ5Itg-44E%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] QSB #31: Xen hypervisor vulnerabilities with unresearched impact (XSA 216-224)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes community,

We have just published Qubes Security Bulletin (QSB) #31:
Xen hypervisor vulnerabilities with unresearched impact (XSA 216-224).
The text of this QSB is reproduced below. This QSB and its accompanying
signatures will always be available in the Qubes Security Pack (qubes-secpack).

View QSB #31 in the qubes-secpack:



Learn about the qubes-secpack, including how to obtain, verify, and read it:



View all past QSBs:



View XSA-216 through XSA-224 in the XSA Tracker:



```
 ---===[ Qubes Security Bulletin #31 ]===---

June 20, 2017


Xen hypervisor vulnerabilities with unresearched impact (XSA 216-224)

Summary


Today the Xen Security Team has disclosed several Xen Security
Advisories (XSA 216-224). Impact ranges from leaks to system crashes
and potential privilege escalations. See also our commentary below.

Technical details
==

Xen Security Advisories 216 [1]:

|  blkif responses leak backend stack data
|
| The block interface response structure has some discontiguous fields.
| Certain backends populate the structure fields of an otherwise
| uninitialized instance of this structure on their stacks, leaking
| data through the (internal or trailing) padding field.
|
| A malicious unprivileged guest may be able to obtain sensitive
| information from the host or other guests.

Xen Security Advisories 217 [2]:

|  page transfer may allow PV guest to elevate privilege
| 
| Domains controlling other domains are permitted to map pages owned by
| the domain being controlled.  If the controlling domain unmaps such a
| page without flushing the TLB, and if soon after the domain being
| controlled transfers this page to another PV domain (via
| GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
| domain uses the page as a page table, the controlling domain will have
| write access to a live page table until the applicable TLB entry is
| flushed or evicted.  Note that the domain being controlled is
| necessarily HVM, while the controlling domain is PV.
| 
| A malicious pair of guests may be able to access all of system memory,
| allowing for all of privilege escalation, host crashes, and
| information leaks.

Xen Security Advisories 218 [3]:

|  Races in the grant table unmap code
|
| * When a grant had been mapped twice by a backend domain, and then
| unmapped by two concurrent unmap calls, the frontend may be informed
| that the page had no further mappings when the first call completed rather
| than when the second call completed.
| 
| * A race triggerable by an unprivileged guest could cause a grant
| maptrack entry for grants to be "freed" twice.  The ultimate effect of
| this would be for maptrack entries for a single domain to be re-used.
|
| For the first issue, for a short window of time, a malicious backend
| could still read and write memory that the frontend thought was its
| own again.  Depending on the usage, this could be either an
| information leak, or a backend-to-frontend privilege escalation.
| 
| The second issue is more difficult to analyze. It can probably cause
| reference counts to leak, preventing memory from being freed on domain
| destruction (denial-of-service), but information leakage or host
| privilege escalation cannot be ruled out.

Xen Security Advisories 219 [4]:

|  x86: insufficient reference counts during shadow emulation
| 
| When using shadow paging, writes to guest pagetables must be trapped and
| emulated, so the shadows can be suitably adjusted as well.
| 
| When emulating the write, Xen maps the guests pagetable(s) to make the final
| adjustment and leave the guest's view of its state consistent.
| 
| However, when mapping the frame, Xen drops the page reference before
| performing the write.  This is a race window where the underlying frame can
| change ownership.
| 
| One possible attack scenario is for the frame to change ownership and to be
| inserted into a PV guest's pagetables.  At that point, the emulated write will
| be an unaudited modification to the PV pagetables whose value is under guest
| control.
| 
| A malicious pair of guests may be able to elevate their privilege to that of
| Xen.

Xen Security Advisories 220 [5]:

| x86: PKRU and BND* leakage between vCPU-s
|
| There is an information leak, of control information mentioning
| pointers into guest address space; this may weaken address space
| randomisation and make other attacks easier.
| 
| When an innocent guest acquires leaked state, it will run with
| incorrect protection state.  This could weaken the protection intended
| by the MPX or PKU features, making other attacks easier which would
| otherwise be excluded; and the incorrect state could also 

[qubes-users] The issue of non-proprietary BIOS and Qubes OS

[matblanc123]

Hi,

Since a week I'm trying to find a secure laptop, without any backdoors or 
anything that can jeopardize the security and anonymity of the user.
My last hope was to get a laptop that can handle Libreboot and install QubesOS 
on it.

I checked the mailing list and I realized that installing QubesOS on a 
Libreboot laptop might be difficult. I wonder if anyone managed to run Qubes OS 
?

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92acbc9b-5c5f-450f-9cfb-07ea4eff72c7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Configuring i3 window titlebar in Qubes

[Jarle Thorsen]

jkitt:

> Strange.. because I've never had to do that, yet my title bar is 
> automagically colored. I think I'm using the package from the testing repo, 
> and also the qubes i3 config found on the wiki.

I also have automagically coloring working, I just wanted to be able to edit 
the settings to make focused windows stand out more from the non-focused 
windows.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c20d1fc-bfd2-4274-a94d-c0f8ef26284c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.