[qubes-users] Upgrading directly from Fedora 23 to 26 ?
I recently had to make a fresh Qubes install. Been trying all night to upgrade from 23 to 26 by different means but it doesn't seem possible. I don't seem to be able to download the 26 template either... It says all mirrors have been used and it fails. Help ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ccfd6b75-3ef3-4a83-8551-7a58a5960958%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-01-08 12:35, taii...@gmx.com wrote: > Is there any news on a fix or work-around coming for 3.2? > > Converting all the templates to HVM is doable and would greatly > improve security, in light of the severity of these exploits I see > no reason not to do it despite it not being in the original > requirements. > > I would appreciate advice on how to perform this. > We will be publishing a QSB that addresses this very soon. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpW48EACgkQ203TvDlQ MDDfDw//RAvqScSmgCtiDkZYA3gyDkkJ7W9VdHaqgFzD7aKo74JfKZ47QiEXGh56 rF2BLYFgWBpDcIIoIji0WLD4la1MsfdnBn1HKusY1W4zHxaHDTp+xnVK6Q3zCO5X P1iMb2DS9vTd4Q5G8oBrddg8/nYg4DYPh1Q7AueineXGCJ7o9mtRIaSyKdnZUSrx eTHoWCztYPHscXiKwhODtiAf5G+0Mtz+WoWywbO+eWjvEzwKV53ir2mt5hosbfwZ SMFd2jvKMTCy+6LORCZYtkPgIFVQp8jOW213JCIsSiuhLbt+vNKLSXrNy7Wm2T7H qBqtkJyi4IPpBLnrEfE0eZHCppsjILiAYuP1cI4NdXEBpf2CRRwToJGa7ZIy7Ra5 HYwbkSLytDTeYTEDNTzL7MqW2FVwHJ7KFNUg2YX70KxWA/DoAdzT/vXiPqUDWN53 zIQlLKXntc2cqThM4TwsUgrP1xOI5xLN7IXPSe24cWYHdKCmdw6UNS63d8gmubaZ Knao5FV9cK90tUWtjqnIqBBph7si+DdZVIjrijf4YYCNfg/RRTcloQcpqx5kJCGN RJjPSZ5CV1Gu6TwSxIHZNpAv4uBOg8OXUQEadQiQpDggDtf+NHw5vf05OQ4Fc83g dMkVaXiGLdQBExCs0KPEZjJRENTL2e8cDugOl4sNmHp6JZcK4Fc= =O9yq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/147d18af-9d15-a2da-b053-eea25d4d263e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Failed to start Qubes DB agent after upgrade fedora 24 to 25 (r3.2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-01-10 16:30, 'awokd' via qubes-users wrote: > On Wed, January 10, 2018 5:13 pm, Pawel G wrote: >> I upgraded dom0 from fedora-24 to fedora-25 on Qubes r3.2. > > Well there's the problem! :) Ordinarily, you should not upgrade > dom0. There's an article somewhere that explains why, but basically > it's not touched by the other VMs so there's no reason. > You might be thinking of this: https://www.qubes-os.org/doc/supported-versions/#note-on-dom0-and-eol > If you really want to do it, check out fpeitre's "3.3" fork on > Github. > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpW4pwACgkQ203TvDlQ MDB3ThAAlpdr/smo3uVZ+hEXnt7mzV3KSTEuUQSvqY4P1r0LvZEOzC4HNzgV1TpW eqea0jL4gPunpHLgufrYYsAwQsbcfXUvkNA/1aSGf6lcZgz+3rsUQmZ8NZTLauar QijhVJrlF2ywxIWLetQl7+rJSWBeQHwpjKLkWKfMU58mcQPM2zRmI+MCuj1YV/5H 1a4N0h2hY6XgNT3JKn07ez4MUxpXfj7ias+Ss0jGAGj9xQybBHpyNMdUcB+aUYeE E21Zmab+9473mnD9SiZ5jPPTioeh/2tzqG8reseBDis6+QRhJLwAc59OPNbmHRn/ Px3YKZEhjMGH0pNDlsBZybf7Xz2s7lHT3Pi/I7k9Zk1BnJ3NQtB40dBKki/9GeNF vpPbsPrQ0jtMkX3giATbsWfQH+VLAB0aCDabquJBki1lRADZeBQ9B9S572UX2GhW DdNHAFfLMKatrEP9NE3sYFVFENpoytZ9C/SIKGKktI8eI2jSr7bu8PSoOIoGwJlA 8X6+TOSNWSP1lppQLxBdi1jeyTKuN9VXpHCHZhn0PYYkLcn+obipTY62TVc/xJqg R6yqu238Oq7zWZp1NZJ6jFxFnpU26NMHBfeYV2OrXJ6ztye6OpQtKqpIJaNm2cJ+ NYzAz9ykTtba9ckOfDvQv4tqzNjwMRrPvjQ7iTyYxBC5YewiTFY= =WXZw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/04cddf48-1a25-cf75-4084-776420563ee8%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Kali Template?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-01-10 15:22, dangmad...@gmail.com wrote: > Does anyone have any experience converting a Debian Template to a > Kali Template, with TemplateBasedVMs? > Take a look at this, if you haven't already: https://www.qubes-os.org/doc/pentesting/kali/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpW4jMACgkQ203TvDlQ MDD/wA/8DgyhfTWqEBIsritFjkY5IEdiQm21t/4qAJVyWTppDmC/pC8MZmywIsaJ epuGx6FzrSE2qaSApotlOUxvvd4sq+4Q3ygxJXH8OyEtaMGDHDginO/kCdithw/b B6IUEKJtc/uelsr3VM/5IeYjyoshEPaIH86FLzUEvH/h5izpIDR5YpIuBWCdxeRE XJy8hvOm2CA/jGHuo/9p8K4et28RV09Bn3eFPPeduIQJd5M6kgHJuDocl2igca/a oS2QpanNLYDT9bZfgakJVurAhdWvEY1T1oxwuMg0iwDiCaJyqGjPj4MEsomWQ5w/ Vot2yyx/33NeArXHCulSeBAaRtgljWpFy8lrYeYqLixkDw2z3XiJNUc3QTesU/mx PARhV7gaE6ZWpSLsnaN3GaN2L3SUxl6e4nPOrDBiU6NE1B1PiRjBFtwqAenHPyPk rZXeaw4WgVaCJSEBnajBGVyXGyuCgRV/7NiLDN6cBy54XB4s2zgHHcdIm439iqte CQPN/tpfpUd9huXz4UzLeNOd50ZYrDLJ9b7B6H5PXiLNT16eL9lN6Ut4WqtJjY4N b8N6oA9Ydgchc5nHCGt1MM3VMu/hZgS+JSCow+Zjn76y8Ia/8hid5Qtx9UnRdnPp VGc/1uFCUItxFH/mKqG5okN+gz2Mc8xko/ZqPbWgU+lL3ZOEqcE= =Tei+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91d183b7-8d8f-2070-aa2e-9981e0e9a4ad%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2018-01-10 12:53, 'Tom Zander' via qubes-users wrote: > On Wednesday, 10 January 2018 18:32:39 GMT Chris Laprise wrote: >> I also have a download-able project that makes the scripted/antileak >> setup fairly simple in Qubes R4.0: > > Please consider updating the docs repo with this :-) > > I poked the Qubes guys about providing a separate dir on the website to make > it clear what is 3.x and what is 4.x specific, but they stated we should > instead put notices about exceptions in the document pages. > That's not exactly right. Please see: https://www.qubes-os.org/doc/doc-guidelines/#version-specific-documentation Specifically: "In cases where a documentation page covers functionality that differs considerably between Qubes OS versions, the page should be subdivided into clearly-labeled sections that cover the different functionality in different versions." In other words, do not just add notices in the text about exceptions. Instead, make clearly-labeled sections for 3.x and 4.x so that users can easily find the right information no matter which version of Qubes they're using. > So I guess things like ProxyVMs should be mentioned to be old and AppVM is > the new. > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpW3QcACgkQ203TvDlQ MDBFPxAAh14g5TA1GxOnWL+uBQIJLVgz63/j18j5hWD6lA9VaqGZkYm6yd1Ctd2E OoGVqbIdPtXnlB53E25tCSn0+iRiFeZ+XfmdMGxP8UQ96Cdl/dc/JZQeMMpcuGbH 17HdtXhNGPkg1g0/kG04Eggc43ZdjcBGn94Rv3InPGJiLUQutPXrS6g3kp+N6OL4 iH8Vn/P8PUUlGHfuhMjRAxQPlTzIPt6DA/eivjRDZ3IR6Zw/LCFxyZ6IZf5Cxdet gX+5TIrkmDBc/MqkW+xQWdYYfQao0hwqhWRXmrNMXaG4Q/yTC+/GmesY+3RU7T/7 tMPPcPjZ+I0MjDq81YSz/C7bcwgE5k6jLplUmZV43xHM2+JLPWGQf0d0Qf//VdJr Y9oASEPbOoSweOAGRd7n7oNaqPgarGRvPdRIecDckXAK25mVed/da7FZZ1EL+HKc ij/Zpw/X9ZKG3XbCvUlYOPkExlerIHvj6rZC4PuGYB45K4nxKELoGEIJakjHkSel VPOPiZBPwUqSCtwNox5APivbpM8Jm5oKEIAm768KwHhHZC+WZQq/ir2j9Fcxqb3O fg5NgNFaJ0WsIs9hAZAF1ALC7focKsB2wre8qy0vRKzYuhD3FRCPcuOeGkW6eCA7 BNOvbDYhMiLDyXnRnlO3/CVHqnioWWEAUP7pFrxtpp+xTdJBbRo= =cxLl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e0a355b-17b1-a766-492a-2727696c8399%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Running rkt containers directly on zen?
Yes, thanks, I have installed Mirage Firewall. Some more info that might interest people here. I got some answers from a developer of stage1-xen rkt: https://github.com/rkt/stage1-xen/issues/1#issuecomment-356764768 Also in December Xen launched a new initiative for unikernals, called unikraft. This is an initiative to make a standard for unikernels that makes development and deployment of them easier: https://www.xenproject.org/developers/teams/unikraft.html Im looking forward to a time where most things in Qubes will be running in unikernels rather than in full Linux. Imagine having a unikernel that does all sanitation and validation of data that gets sent cross domain, well documented, tested written in Rust for performance and safety, with a whitelist approach, rather than all of those python, bash and C scripts doing their own sanitation and validation. It would be much more sane in terms of security, much easier to audit, ... What about wayland in a unikernel, the graphics drivers, ...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a739e97-ef08-55aa-a70c-ff018d74ff58%40autistici.org. For more options, visit https://groups.google.com/d/optout.
POWER9 (was: Re: [qubes-users] Re: porting to ARM)
Am I the only one to notice you brought up POWER/TALOS something like five times in the last week, even when the thread originally had nothing to do with it (like this one)? I get it you're enthusiastic about an open processor getting actually used (unlike RISCV) (and must say I am too), but it's not really an option for Qubes (which is the topic of the mailing list), so long as no-one has ported Qubes to it (and unless you have a lot of money I don't see anyone deciding to port Qubes to POWER only based on your assertions). However, even with open hardware design, all problems are not solved. For once, there is no real checking of whether the product you buy actually matches the specification you received. (And the main issue with Intel ME or Meltdown/Spectre is actually that the implementation doesn't match the spec, as the spec is safe.) For instance, I recently heard of a paper at a cryptographers' conference (don't have the reference, sorry), where researchers designed a hardware implementation of AES that worked perfectly, then changed three wires, and had a hardware implementation that still worked perfectly -- until you change a bit the frequency, and then the encryption is utterly broken. Three wires at 14nm on modern systems with the 8G transistors of POWER9, good luck to spot them. Oh, and also contrarily to what you say POWER9 is not more owner-controlled than amd64, at least according to the specification (and as stated before the implementation does not necessarily match the information you are given). That said, the two big advantages of POWER9 (or RISCV) to me are that it democratizes the idea of open hardware, and that bugs in it could maybe be found more easily than if it was closed-source (even though it's doubtful Meltdown/Spectre would have been found more easily were the implementation open -- the fact that POWER9 is also vulnerable to them is an element of proof towards that). As the chip is actually not really possible to check, it doesn't help with voluntarily inserted backdoors. Just my 2¢ :) Leo On 01/11/2018 01:25 AM, taii...@gmx.com wrote: > On 01/10/2018 05:34 PM, Vít Šesták wrote: > >> Maybe absence of suitable hardware is the reason why we don't have it. > The target I imagine would be ARM servers with performance ARM CPU's > such as the ones from Gigabyte running AppliedMicro CPU's. > > Unlike the high performance POWER these ARM CPU's suck at single > threaded tasks and are not owner controlled like POWER AFAIK so I don't > think it is worth it. > The only reason to do so would be the already available xen vs no xen > ATM for POWER - but you could definitely do it and it would run qubes > satisfactory. > > And yes ARM has a kind of IOMMU, I believe it is called GIC-v3 but not > available on the average ARM stuff like a laptop or phone. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5bb92339-c4a1-3229-f086-29e089b1d578%40gaspard.io. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fedora 25 issue with python3 and google protobuf
Fedora 25 is unsupported and no longer receiving security updates, I would update to Fedora 26 and check back. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6bbc942f-f11e-702f-af4b-1c12f257bca2%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: porting to ARM
On 01/10/2018 05:34 PM, Vít Šesták wrote: Maybe absence of suitable hardware is the reason why we don't have it. The target I imagine would be ARM servers with performance ARM CPU's such as the ones from Gigabyte running AppliedMicro CPU's. Unlike the high performance POWER these ARM CPU's suck at single threaded tasks and are not owner controlled like POWER AFAIK so I don't think it is worth it. The only reason to do so would be the already available xen vs no xen ATM for POWER - but you could definitely do it and it would run qubes satisfactory. And yes ARM has a kind of IOMMU, I believe it is called GIC-v3 but not available on the average ARM stuff like a laptop or phone. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df16efe4-d325-b34c-a95d-0459ac4a9b07%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora 25 issue with python3 and google protobuf
Hello, Maybe somebody can help me with python3 on fedora 25 template? There is not google.protobuf package at fedora 25 It's possible to install it with sudo pip3 install protobuf But it does not load when script call it "import google.protobuf" Also it can not be loaded with included dependences from packages dir at the program. Related ticket for this issue: https://github.com/fyookball/electrum/issues/453 Here is description about what I'm already try... But it does not want to load this google Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180110233319.8E25156739A%40mta-1.openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks
On Wed, January 10, 2018 10:21 pm, Vít Šesták wrote: > Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they > also have prepared PV-in-PVH mode that mitigates it also for PVs. (This I pointed this one out too last week, sounds interesting. > probably won't work for CPUs without VT-x/AMD-v, but those are rare > today. It also probably won't work for VMs with PCI devices if system > does not support IOMMU (AKA VT-d), but in this case, you are already > doomed due to DMA attacks.) So, Meltdown seems to be easily mitigated, it > is just matter of time. > > It seems that PV-in-PVH is going to fix some other issues. IIUC, it > should mitigate all PV-specific vulnerabilities and even bring PVH for > stubdoms, which sounds as a nice side effect of Meltdown fix. Agreed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c3f5d490882d44d305d6fa4853ac70f.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: porting to ARM
Quick googling suggests that ARM has kind of IOMMU and there is Xen for ARMv8 and even ARMv7. Everything looks doable at first sight. I am not sure how large class of ARM CPUs is ready for that nowadays, though. Maybe it would not be so hard. In theory, I see no component where just changing some switches in compilation should not do it. But some unexpected issues might arise and I might have something overlooked. Just nobody has invested the time so far, I guess. What would be typical ARM devices for QubesOS? * Phones? It would be cool and there are many ARM phones, but they have few RAM and require completely different UI. * Tablets? The same applies there. * Laptops? It would be easier, but market with ARM laptops is quite small today. And I am not sure about their RAM, but this might be also an issue. Maybe absence of suitable hardware is the reason why we don't have it. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/53e3ddf7-58f9-41d0-a9b3-1f09230dc69e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Failed to start Qubes DB agent after upgrade fedora 24 to 25 (r3.2)
On Wed, January 10, 2018 5:13 pm, Pawel G wrote: > I upgraded dom0 from fedora-24 to fedora-25 on Qubes r3.2. Well there's the problem! :) Ordinarily, you should not upgrade dom0. There's an article somewhere that explains why, but basically it's not touched by the other VMs so there's no reason. If you really want to do it, check out fpeitre's "3.3" fork on Github. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1083185f1ab09f5caa52d88cc67b3265.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement regarding the Meltdown and Spectre attacks
Meltdown can be mitigated by using HVM/PVH. If you look at the XSA, they also have prepared PV-in-PVH mode that mitigates it also for PVs. (This probably won't work for CPUs without VT-x/AMD-v, but those are rare today. It also probably won't work for VMs with PCI devices if system does not support IOMMU (AKA VT-d), but in this case, you are already doomed due to DMA attacks.) So, Meltdown seems to be easily mitigated, it is just matter of time. It seems that PV-in-PVH is going to fix some other issues. IIUC, it should mitigate all PV-specific vulnerabilities and even bring PVH for stubdoms, which sounds as a nice side effect of Meltdown fix. Spectre is harder to mitigate and you might need microcode update. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cedfb1cc-f143-4e68-952f-92ecdbf7f20b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On Wed, January 10, 2018 8:35 pm, dangmad...@gmail.com wrote: > On Sunday, January 7, 2018 at 10:14:26 AM UTC-8, haaber wrote: > That Red Pill is a bitter one, isn't it? I don't trust ME either and run me_cleaner but that link is just some unsubstantiated text. If he'd really been working at Intel 15 years he should have been able to get copies of internal documentation at least. A blacked out W-2 form doesn't cut it either. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17ebf5d641fe86e2d5c9f125d59bbd05.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Kali Template?
Does anyone have any experience converting a Debian Template to a Kali Template, with TemplateBasedVMs? I would also be interested in playing with a debian template converted to Linux Mint Debian Edition or BunsenLabs (CrunchBang). Or possibly an Ubuntu converted to Linux Mint. (But ubuntu is kinda gross, so low priority) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da2d7c80-a264-4f0e-9199-c2ccd23eeedb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
The official templates use nftables so shouldn’t be mixed with iptables. I didn’t have time to learn about nftables, so just removed nftables package from debian 9 template. YMMV. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c4f1c36-44f1-4363-931f-07462dadf83c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On Sunday, January 7, 2018 at 10:14:26 AM UTC-8, haaber wrote: > > https://i.redditmedia.com/5mA7LrMiwgmmhrwfYF8Jks0WEng66fxWoCcGw33dhCA.jpg?w=597=339d919645f1de31a42913c748d1d7fb > I personally consider > this troll post. That Red Pill is a bitter one, isn't it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2120b2aa-34b3-4576-95c7-8d33be43c7d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0-rc3
On 01/10/2018 01:53 PM, 'Tom Zander' via qubes-users wrote: On Wednesday, 10 January 2018 18:32:39 GMT Chris Laprise wrote: I also have a download-able project that makes the scripted/antileak setup fairly simple in Qubes R4.0: Please consider updating the docs repo with this :-) I poked the Qubes guys about providing a separate dir on the website to make it clear what is 3.x and what is 4.x specific, but they stated we should instead put notices about exceptions in the document pages. So I guess things like ProxyVMs should be mentioned to be old and AppVM is the new. Of course, there is very little R4.0 documentation at this point. There is also a blocking issue that leaves the behavior of firewall scripts undetermined for now; The update for the VPN doc will be done when that issue is closed. Yes, "AppVM supplying networking" would be a replacement term for ProxyVM. I prefer a separate area for R4 docs as well. The command line tools and GUI have changed enough to warrant it, IMHO, and its off-putting to be faced with documenting a lot of "do-this-or-that". -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9768ff0b-6502-da9a-0e65-eed595110113%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Failed to start Qubes DB agent after upgrade fedora 24 to 25 (r3.2)
I upgraded dom0 from fedora-24 to fedora-25 on Qubes r3.2. After reboot, I can login, GUI starts, I'm able to open dom0 Terminal window etc. but Qubes Manager is not running, I can't start VMs: "Failed to execute child process "qvm-run" (No such file or directory)." "journaltcl | grep Fail" shows: "Failed to start Qubes DB agent", and "Failed to start Virtualzation daemon". I tried to restart qubesd (not sure if it's related), but it says that: "Failed to restart qubesd.service: Unit qubesd.service failed to load: No such file or directory". I can't find any related thread to my problem (here and issues on github). Any help would be highly appreciated as I'm smart but unfortunately not too bright. I have no idea how to diagnose this problem and how to make my Qubes works again. Thanks! Pawel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a0c8967-7bef-49e7-971a-ef767dc294b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland
Hi Qubes Community, I have not received even one notice of interest. Can it really be that here in "Crypto Valley", there are no security and privacy concerned enthusiasts who has some spare time and need some cash for spare expenses whilst doing some interesting and independent work ..? I obviously don't want to force anyone's hand, but any input towards someone who could fill this role will be highly appreciated. Best regards Mogens -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15b34efa-3617-4471-bee0-78f9799150ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Change Inter-VM Copy/Paste Shortcut?
Den onsdag den 10. januar 2018 kl. 10.05.32 UTC+1 skrev Rune Philosof: > On Saturday, June 25, 2016 at 7:49:39 PM UTC+2, cubit wrote: > > To use the Windows Key, it is `Mod4` > > > > > > "Mod4-c" > > "Mod4-v" > > How did you figure that out? > I haven't been able to find documentation with a list available modifier > names. > I tried using the names from `xev`'s output with no luck. I have no idea what xev gives, but mod4 is pretty much the 'super' key (or Windows key). 'Mod' is usually the Alt (left Alt) key. I know this because I used tiling window managers a lot, and from there I knew that Mod4 = Windows key. I don't know what the deeper meaning is, where it's bound, or why it has that name :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97f69a2b-c05c-459d-891a-3101d69d50b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Change default usb qube
On Wed, January 10, 2018 11:07 am, 'Blacklight447' via qubes-users wrote: > Well i seen to be kinda stuck there. > Do i simply assign all usb to the new usb qube? > > > Original Message > On Jan 10, 2018, 11:18 AM, awokd wrote: > > >> On Wed, January 10, 2018 10:10 am, 'Blacklight447' via qubes-users >> wrote: > I recently installed qubes on my new laptop, but i think i >> accidently > ticked the box which configure qubes to use sysnet as usb >> qube, does > someone know i can revert this and usb a normal usb qube >> instead? Look through this link on how to set up a USB Qube manually. >> Since yours is a recent install, it might be quickest and easiest to >> just rerun the installer. https://www.qubes-os.org/doc/usb/ Yes, and remove them from your sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1e511a99e787a06f6b0b27749e5c81c1.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Change default usb qube
Well i seen to be kinda stuck there. Do i simply assign all usb to the new usb qube? Original Message On Jan 10, 2018, 11:18 AM, awokd wrote: > On Wed, January 10, 2018 10:10 am, 'Blacklight447' via qubes-users wrote: > I > recently installed qubes on my new laptop, but i think i accidently > ticked > the box which configure qubes to use sysnet as usb qube, does > someone know > i can revert this and usb a normal usb qube instead? Look through this link > on how to set up a USB Qube manually. Since yours is a recent install, it > might be quickest and easiest to just rerun the installer. > https://www.qubes-os.org/doc/usb/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/wzL_k9GfCjqDBILhMBeIHVmpgdGfhPuhS66LsyiGAnhGG7XzIctiJdjA3hSrhv6JF3_soo6UuGhyB53gqvus1r6ZD1NQixy8srixzK85iAc%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Change default usb qube
On Wed, January 10, 2018 10:10 am, 'Blacklight447' via qubes-users wrote: > I recently installed qubes on my new laptop, but i think i accidently > ticked the box which configure qubes to use sysnet as usb qube, does > someone know i can revert this and usb a normal usb qube instead? Look through this link on how to set up a USB Qube manually. Since yours is a recent install, it might be quickest and easiest to just rerun the installer. https://www.qubes-os.org/doc/usb/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d90d8b76c926913130d389e374126634.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
On Wednesday, January 10, 2018 at 9:35:41 AM UTC+1, Tim W wrote: > On Tuesday, January 9, 2018 at 2:35:28 PM UTC-5, Chris Laprise wrote: > > On 01/09/2018 05:17 AM, Roy Bernat wrote: > > > On Tuesday, 9 January 2018 11:12:17 UTC+2, msg...@gmail.com wrote: > > >> On Tuesday, January 9, 2018 at 2:11:06 PM UTC+7, Tim W wrote: > > >>> On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On 01/09/2018 12:07 AM, Roy Bernat wrote: > > > > > What about release rc04? it should be release at 8/1 that was > > > yesterday . > > > > Delayed until the devs have a good workaround for SP1/SP2/Spectre. > > > > /Sven > > -BEGIN PGP SIGNATURE- > > > > iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U > > H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 > > hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 > > lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau > > aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA > > VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv > > X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs > > u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F > > h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv > > 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU > > 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS > > k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= > > =59oT > > -END PGP SIGNATURE- > > >>> > > >>> Great time to be using a AMD chipset as they are not effected. > > >>> Wonder if something like this would have been caught years ago if the > > >>> microcode was open? > > >>> > > >>> This is a big one in terms of the effects it has when mitigated at the > > >>> software level. I wonder what the performance hit will be from > > >>> application of whatever patch route Qubes takes? Projections of 5-30% > > >>> hit. > > >>> > > >>> As I said Great day for AMD stock LOL > > >> > > >> AMD is affected by the SP1/SP2/Spectre as well as Intel and ARM. > > > > > > So he can not dance :) > > > > > > > From my recollection of AMD statements: > > > > SP1: Very hard to exploit on any CPU > > > > SP2: Much harder to exploit on AMD than Intel > > > > SP3/Meltdown: AMD not affected > > > > -- > > > > Chris Laprise, tas...@posteo.net > > https://github.com/tasket > > https://twitter.com/ttaskett > > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > that sounds correct based on what I have read. At first AMD claimed it was > not effected but it seems as time went on and it was looked at more carefully > that has changed. Still I will take more difficult. As AMD has such a small > share of processor space it makes it a lower target sort of how Apple use to > be to windows and linux still is although not like it use to be. So really > with a qubes WS the main issue would be SP2 mitigation. > > Amazing this has been an issue for 10yrs. Even funnier: Intel (as the primary actor) was warned against this back in 1995: https://pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/277f3501-fbc9-479e-bed2-65d155fbecf1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Change default usb qube
I recently installed qubes on my new laptop, but i think i accidently ticked the box which configure qubes to use sysnet as usb qube, does someone know i can revert this and usb a normal usb qube instead? Cheers, Blacklight447 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/wgX9XARqycNamXTswBsnCja_gK92WgWyldgkA-A-9vuEtGQ95qq20IZQVaCK1IAnEpsCHORFcjrLGpFl7MrgUuf7pHAVkBZLezR4a0SWHho%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Change Inter-VM Copy/Paste Shortcut?
On Saturday, June 25, 2016 at 7:49:39 PM UTC+2, cubit wrote: > To use the Windows Key, it is `Mod4` > > > "Mod4-c" > "Mod4-v" How did you figure that out? I haven't been able to find documentation with a list available modifier names. I tried using the names from `xev`'s output with no luck. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54db6fd8-b2bd-461e-8df0-ab9f3c29bbc0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Q4RC3: fedora 26 dvm not displayed as disposable
After following the instructions for using the fedora 26 template, it does not show in the app menu as disposable, only as "Domain: fedora-26-dvm". I executed: sudo qubes-dom0-update qubes-template-fedora-26 qvm-create -l red -t fedora-26 fedora-26-dvm qvm-prefs fedora-26-dvm template_for_dispvms True qvm-features fedora-26-dvm appmenus-dispm 1 qubes-prefs default-dispvm fedora-26-dvm How can I fix it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88891b2c-5c51-4593-ba8e-128fe5603f86%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] rc04
On Tuesday, January 9, 2018 at 2:35:28 PM UTC-5, Chris Laprise wrote: > On 01/09/2018 05:17 AM, Roy Bernat wrote: > > On Tuesday, 9 January 2018 11:12:17 UTC+2, msg...@gmail.com wrote: > >> On Tuesday, January 9, 2018 at 2:11:06 PM UTC+7, Tim W wrote: > >>> On Tuesday, January 9, 2018 at 1:16:10 AM UTC-5, Sven Semmler wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On 01/09/2018 12:07 AM, Roy Bernat wrote: > > > What about release rc04? it should be release at 8/1 that was > > yesterday . > > Delayed until the devs have a good workaround for SP1/SP2/Spectre. > > /Sven > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlpUXggACgkQ2m4We49U > H7b7cQ/9EC8aSC9vSuTNl0rVHQtK040eZIrg5sKbsXXLjQbOLkwcpXjvWCiukzj1 > hXvUgWvJs2JHTPd9s8Yu/8KlE9Maf+UcbKGvwTPVG6c4tNOHGFLt7C0bRjYVeCp5 > lW7pnb1e4rYX99aoeX5/SdWaScv6XLbx9CnRSazgBIYJ0WqfseUR8tcAE9HqKCau > aVrBlbSKLMGgWDx3rRGxJaBv6wf70zGi4SPMeCPQOg2vOJIRyDVGDTEz7LDp/NlA > VfU+xy6q7FlKeKfecftygpgqYmpgI4OOtsRE4OA8KQRAe9RTq+M+2/nebB8/I8tv > X6kXe23s/BtD8Me958har4Wd0quioRbS/dIyhmgDpCkrrg7Afzwk+AokqBTqyFhs > u2WZwoZiqRvRhlBqYp8dR076hx9zDNKSijkCcX5hPdLyX5+B39FGRuEJwz0a7G2F > h3dgxdRDIM/hxf5Sp2Y9E+O0GZaeERWo1fBdjxdbSZV/5CJTTdHBJfMhQ4RUt4sv > 2v7/hlgFAhgSvzfXRxemH8elPERHISQ9j3nlKMsa73pnYWpUqeALVfOINbZE8DrU > 54j5NPZOdhSrDaTtoS8hm2bF4+KFFjAw19B8s/HvHlwZ9B5PgFwV3et7fYYDjGrS > k0o3nVqKmsooD+yeR+oU/32qz4E0sOq0AxAS1PplU5Y3aMNiZBY= > =59oT > -END PGP SIGNATURE- > >>> > >>> Great time to be using a AMD chipset as they are not effected.Wonder > >>> if something like this would have been caught years ago if the microcode > >>> was open? > >>> > >>> This is a big one in terms of the effects it has when mitigated at the > >>> software level. I wonder what the performance hit will be from > >>> application of whatever patch route Qubes takes? Projections of 5-30% > >>> hit. > >>> > >>> As I said Great day for AMD stock LOL > >> > >> AMD is affected by the SP1/SP2/Spectre as well as Intel and ARM. > > > > So he can not dance :) > > > > From my recollection of AMD statements: > > SP1: Very hard to exploit on any CPU > > SP2: Much harder to exploit on AMD than Intel > > SP3/Meltdown: AMD not affected > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 that sounds correct based on what I have read. At first AMD claimed it was not effected but it seems as time went on and it was looked at more carefully that has changed. Still I will take more difficult. As AMD has such a small share of processor space it makes it a lower target sort of how Apple use to be to windows and linux still is although not like it use to be. So really with a qubes WS the main issue would be SP2 mitigation. Amazing this has been an issue for 10yrs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d30b510-7df0-44cc-8930-adb1883cc208%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.