Re: [qubes-users] Re: Launching speed of disposable VMs 15-18sec

[799]

Hello,


On 11 March 2018 at 01:49, 'MirrorWay' via qubes-users <
qubes-users@googlegroups.com> wrote:

>
> This is strange, did you manually restart disp-untrusted?
> Check that `qvm-prefs disp-untrusted class` says DispVM.
>
> > Change your template - base it off a -dvm, and itwill work like a 3.2
> Named dispvms should work with any appvm with template_for_dispvms set,
> though.
>

sorry, but I still can't follow, I have already build a custom dvm, but it
had the -class=AppVM
It seems that there are different disposable VMs now?

I have to read: https://www.qubes-os.org/doc/dispvm/

>From my own Qubes Installation notes (Howto create an iwn disposable VM
template):

# Create a new Disposable App-VM which is based on a custom template
t-fedora-26
qvm-create --template t-fedora-26 --label red --property
template_for_dispvms=True --class=AppVM my-dvm

# TEST: Start an application in this dvm
qvm-run --dispvm=my-dvm xterm

# Fix menu entry from Domain: my-dvm to Disposable: my-dvm
# https://groups.google.com/forum/#!msg/qubes-users/gfBfqTNzUIg/sbPp-pyiCAAJ
# https://github.com/QubesOS/qubes-issues/issues/1339#issuecomment-338813581
qvm-features vmname appmenus-dispvm 1
qvm-sync-appmenus --regenerate-only my-dvm

# Change the Disp-VM from an AppVM (here: my-untrusted)
qvm-prefs --set my-untrusted default_dispvm my-dvm

# Try to start something from this AppVM in a disposable VM
qvm-run --auto my-untrusted 'qvm-open-in-dvm https:/google.de'
# This should start a new dispvm which is based on your dvm-App
# Check the template on which the dispvm is based on in dom0
qvm-ls | grep disp

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2t_yjXL-ufuPMyqvrro1oSNxS56cjPth9Tz%2BPsntz%3Dbxw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Launching speed of disposable VMs 15-18sec

['MirrorWay' via qubes-users]

> > I've tested your suggestion, unfortunately this will not work like a normal
> > 
> > disposable VM.
> > 
> > I have downloaded an HTML-page in the disp-untrusted VM and when it gets
> > 
> > closed and started the next time, the file is still there.
> > 
> > This means it doesn't behave like a real disposable VM.

This is strange, did you manually restart disp-untrusted?

Check that `qvm-prefs disp-untrusted klass` says DispVM.

> Change your template - base it off a -dvm, and itwill work like a 3.2

Named dispvms should work with any appvm with template_for_dispvms set, though.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Ikqn6RZcm4GQc5ZM13kvBqcVc4mcPQkImOWGuv1YLQy1rua60EKfzpEWFz2tsvFtzFble_IMp_mqpNup3zyplET5AnSFw22m6Ax8Ql6K6Lg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes Windows Tools (QWT) for Qubes 4,x

[799]

Hello,

I looked at the Qubes Doc and also did a quick google search in the
mailnglist, couldn't find a hint:
Where do I get Qubes Windows Tools from, when I am running Qubes 4rc5.
I tried to install it in dom0 / also via qubes-dom0-current-testing but
there are no QWT packages available.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sjC2mxebj_Mogx0AeHoyvj9MsoJhSgW1HY0ONYkBi9rw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Launching speed of disposable VMs 15-18sec

[Unman]

On Sat, Mar 10, 2018 at 11:59:29PM +0100, 799 wrote:
> Hello,
> 
> On 10 March 2018 at 22:52, 'MirrorWay' via qubes-users <
> qubes-users@googlegroups.com> wrote:
> 
> > You can probably simplify this by basing it on named dispvms.
> > That way you don't have to keep an xterm open somewhere, nor do you need
> > to extract the dispvm name from Xwindows.
> > Just restart the dispvm after you close the app.
> >
> > For example, assuming disp-untrusted is already running:
> > $ qvm-run -p disp-untrusted firefox ; qvm-shutdown disp-untrusted ;
> > qvm-start disp-untrusted
> > -p above causes the qvm-run to block until you close firefox. Then it
> > restarts the named dispvm, which stays running until the next launch
> > request.
> >
> >
> I've tested your suggestion, unfortunately this will not work like a normal
> disposable VM.
> I have downloaded an HTML-page in the disp-untrusted VM and when it gets
> closed and started the next time, the file is still there.
> This means it doesn't behave like a real disposable VM.
> 

Change your template - base it off a -dvm, and it *will* work like a 3.2
disposableVM.
You can supplement this by cycling through a number of named
disposableVMs, so you can at least open a few at once.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180310232310.tm56qm623iu3s2ji%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] trouble with qubes-builder

[Tim W]

When I try to build anything with qubes-builder I keep getting an error when 
its verifying tags.  Specifically this error below:

-> Updating sources for builder...  
 │  
│ --> Fetching from https://github.com/QubesOS/qubes-builder.git 
master... │  
│ --> Verifying tags... 
   │  
│ No valid signed tag found!
   │  
│ ---> One of invalid tag:  
   │  
│ object 9674c1991deef45b1a1b1c71fddfab14ba50dccf   
   │  
│ type commit   
   │  
│ tag mm_9674c199   
   │  
│ tagger Marek Marczykowski-Górecki 
 1520035393 +0100  
   │  
│   
   │  
│ Tag for commit 9674c1991deef45b1a1b1c71fddfab14ba50dccf   
   │  
│ Makefile:194: recipe for target 'builder.get-sources' failed 


None of this happened until Marek posted: 
Announcement/warning: verification of git tag signatures in qubes-builder
https://groups.google.com/forum/#!topic/qubes-devel/UyjsvvPzApI 

I first followed the directions to verify the sigs but after the error.  I 
deleted qubes-builder and all the gpg sig keys.  Redownloaded the keys  and 
installed qubes-builder and copied the keys over to it.

Now everytime I run any build when it gets-sources I get this error.  If I 
continue to picking templates now the whonix template options are gone.

What is the reason for the missing tag? 

I am running this from a FC23 template.  It has worked fine for months building 
3.2 4.0 ISO as well as a number of templates.  This only happened recently.

Marek commented but I do not really understand his comment as I followed the 
directions in the thread and it all showed correctly.

Cheers,

Tim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca7e14bd-0e10-4396-bc36-315bb0d7ac22%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Launching speed of disposable VMs 15-18sec

[799]

Hello,

On 10 March 2018 at 22:52, 'MirrorWay' via qubes-users <
qubes-users@googlegroups.com> wrote:

> You can probably simplify this by basing it on named dispvms.
> That way you don't have to keep an xterm open somewhere, nor do you need
> to extract the dispvm name from Xwindows.
> Just restart the dispvm after you close the app.
>
> For example, assuming disp-untrusted is already running:
> $ qvm-run -p disp-untrusted firefox ; qvm-shutdown disp-untrusted ;
> qvm-start disp-untrusted
> -p above causes the qvm-run to block until you close firefox. Then it
> restarts the named dispvm, which stays running until the next launch
> request.
>
>
I've tested your suggestion, unfortunately this will not work like a normal
disposable VM.
I have downloaded an HTML-page in the disp-untrusted VM and when it gets
closed and started the next time, the file is still there.
This means it doesn't behave like a real disposable VM.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uXQwQi1VktsWrEC03H3ObLXcs7A46SBVHk03%2BT%2BCXQ5w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Launching speed of disposable VMs 15-18sec

['MirrorWay' via qubes-users]

You can probably simplify this by basing it on named dispvms.
That way you don't have to keep an xterm open somewhere, nor do you need to 
extract the dispvm name from Xwindows.
Just restart the dispvm after you close the app.

For example, assuming disp-untrusted is already running:
$ qvm-run -p disp-untrusted firefox ; qvm-shutdown disp-untrusted ; qvm-start 
disp-untrusted

-p above causes the qvm-run to block until you close firefox. Then it restarts 
the named dispvm, which stays running until the next launch request.

Maybe you can replace qvm-shutdown with qvm-kill to make it faster.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/sXKQkLnpwPStQzGCyvYZr3U5u6r6BlKdr1s8ZAKJ2pMRduVPjOJm8Xpha1ZzuK68Uc3tVA7xtY2r_sRGku_u007YmAkFfnBjKkBK9wx_tiY%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

[Alex Dubois]

On Saturday, 10 March 2018 13:16:37 UTC, Micah Lee  wrote:
> ‐‐‐ Original Message ‐‐‐
> 
> On March 8, 2018 11:26 AM, Chris Laprise  wrote:
> 
> > ​​
> > 
> > >>>\> \[1\] https://dnsprivacy.org/wiki/
> > 
> > > > > > \[2\] https://www.qubes-os.org/doc/networking/
> > 
> > Micah,
> > 
> > If you have any specific instructions on how to setup the forwarder
> > 
> > you're using, I'd be happy to try it myself and post a solution for use
> > 
> > with qubes-firewall.
> > 
> > I found the dnsprivacy wiki to be a bit scattered and not very specific.
> > 
> > Their video "tutorial" is really a lecture on the concept.
> 
> Thanks, yes I'd love to share instructions. I haven't gotten it working yet 
> -- I'm traveling right now and haven't spent a lot of time on it, and might 
> not for the next week or two. But once I figure it out I'd like to write a 
> blog post or something with instructions. But maybe I should sent it to this 
> list first for people to test and give feedback.

For your info, I have a wiki on how to use dns-crypt here: 
https://github.com/adubois/adubois.github.io/blob/master/_posts/2013-11-19-setup-dnscrypt-unbound.md
It is supposed to be exposed via blog.bowabos.com but github changed something 
and the static site does not get automatically generated at the moment...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11825052-26fe-48a8-bd08-7da3f15b7787%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes OS 4.0-rc5 has been released!

[contact . diesel]

Hey Guys, 

thx for your Summary. Nice Work!

Am Samstag, 10. März 2018 15:02:20 UTC+1 schrieb Yuraeitha:
> On Friday, March 9, 2018 at 10:36:49 PM UTC+1, contact...@gmail.com wrote:
> > Thx for the great description and tips. I think I updated everything. Is 
> > there a way to check if  rc5 is active? 
> > 
> > One other thing:
> > When my system booted. TOR is connected but I get an gui error message from 
> > sys-whonix:
> > 
> > System clock check result
> > Unexpected result by timedatectl
> > Timedatectl_output_pretty:
> > 
> > Local time and universal time are the same 
> > RTC time: n/a
> > Time zone: etc/utc ( utc, +)
> > NTP enabled: yes
> > NTP sychronized: no
> > Rtc in local TZ: no
> > DST active: N/A
> > 
> > Does someone has the same Issue?
> 
> I improved the update commands a bit after looking a bit around.
> 
> dom0
> sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --clean
> (or --check-only instead for dom0).
> 
> fedora
> sudo dnf update --enablerepo=qubes-vm-*-current-testing --refresh
> 
> debian/whonix
> sudo apt-get update -t *-testing && sudo apt-get dist-upgrade -t *-testing
> 
> This way, you don't need to edit any files for debian/whonix to get the 
> testing.
> If you also want to increase reliability further, you can make a 
> dependency/cache check with "sudo apt-get check", which is normally very 
> quick. For that do;
> 
> debian/whonix
> sudo apt-get check && sudo apt-get update -t *-testing && sudo apt-get 
> dist-upgrade -t *-testing
> 
> 
> It may be possible to further optimize the update commands, if anyone got 
> suggestions, please feel free to opt-in so that we can recommend better 
> update approaches in the future.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc05379d-40ca-47d3-84a4-8e58a4f30327%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: not yet working -> fedora-26-based (minimal) sys-usb with Qubes 4rc5

[799]

Hello,

On 10 March 2018 at 04:08, Yuraeitha  wrote:

> >
> > Any chance it could be because of the missing qubes-input-proxy-sender?
> It's hiding in the horizontal slider in the doc link you linked, it's very
> east to miss it so its understandable.
> > There is no package 'qubes-input-proxy-sender' for fedora-26 based VMs
> in Qubes 4rc5.
> > There is package 'qubes-usb-proxy' which I installed already before.
>
> how odd. I'm not sure why, but I can find it in my fedora-26 template, but
> I don't have any current minimal template to test it on on this particular
> machine. Here is my output;
>

I've checked again, the package is available in the default fedora-26
template but not in a fedora-26-minimal template:
t-sys is a template  which is a clone of the fedora-26-minimal Template

   [user@t-sys ~]$ sudo dnf -y install qubes-input-proxy-sender
   Last metadata expiration check: 0:00:41 ago on Sat Mar 10 21:16:27 2018.
   No match for argument: qubes-input-proxy-sender
   Error: Unable to find a match

I then tried to use the testing-repositories ... and SUCCESS, it worked:

   [user@t-sys ~]$ sudo dnf -y install
--enablerepo=qubes-vm-*-current-testing qubes-input-proxy-sender
   Qubes OS Repository for VM (updates-testing)258 kB/s | 197 kB
00:00
   Last metadata expiration check: 0:00:00 ago on Sat Mar 10 21:19:39 2018.
   Dependencies resolved.


Package   Arch   Version
Repository Size


   Installing:
qubes-input-proxy-sender
  x86_64 1.0.10-1.fc26
qubes-vm-r4.0-current-testing  15 k

   Transaction Summary


   Install  1 Package
   [...]
   Installed:
qubes-input-proxy-sender.x86_64
1.0.10-1.fc26

   Complete!


After installing the package via the testing-repositories, my new
sys-usb-Qube is also working correctly.
Thanks for the feedback - I guess this information is also somewhere in the
Qubes docs - haven't checked it yet, honestly.

maybe it makes sense to provide a script to build the sys-net /
sys-firewall / sys-usb based on a fedora-26-minimal template.
Try to add it to "our" qubes community docs ;-)

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tW3V5G3aRWhT645FVRa%3DbsRY-OzGzWwk7pW6KSD3XWrA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Custom resolutions-xrandr

[randallrbaker]

If im trying to create a custom resolution that I can auctually see on my 
3200x1800 how do I get rid of the black area and make the resolution full 
screen? I tried adding xrandr --output eDP-1 set "scaling mode" "full aspect" 
and nothing is happening.I allready made a resolution of 1800x1400, but instead 
of going full it just shrinks the display to fit into a box.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca710c96-5e51-4c7a-a399-155712e860d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Launching speed of disposable VMs 15-18sec

[799]

Hello,

On 10 March 2018 at 17:14, Yuraeitha  wrote:

> On Saturday, March 10, 2018 at 8:21:02 AM UTC+1, hopkins...@gmail.com
> wrote:
> > >32 GB RAM.  launch times (~15-19 sec)
> >
> > This was the reason why i left Qubes OS. I cant coupe with hours
> starting vm-s. 3.2 version were faster.


I came up with an idea to accelerate the start of an application in a
Disposable VM to ~2 seconds.
The idea came to my mind when I thought about how we accelerate stateless
virtual desktops for our customers who are running VMware virtual desktop
(Horizon View),
We can build desktops that only exist as long as the user is logged in,
after logout the desktop is destroyed and he gets a complete new desktop
(build from an image) on the next login.
To make it possible that users have a good user experience and don't have
to wait during logon, when their desktop is provisioned we are prebuilding
desktops, so that a certain amount of desktops is always available.
If a new users takes a desktop, the system is automatically reprovisioning
a new one, for the next user.

I took the same idea to accelerate the launch of applications within
disposable VMs.
I have one or more disposable AppVMs available that can be used to launch
an application within it.
If the application ends the DispVM will be killed and for the next
application another disposable AppVM will be provisioned in advance.

The downside is that those started Disposable VMs may use some ressources
but as long as they are not running any calculation, the overhead shouldn't
be to big.
This approach is a workarround not a very smart solution, but it works.

Please don't be to hard judging the current state of the work, as I am
missing some scripting skills to make it do a first alpha version.
But someone with some more skills might be able to fill in the gaps.

This is how it works:

1) Launch a new disposable VM with nothing more than an empty xterm window.
This is only to have something like a container, to start the application in

2) move the xterm window to the last desktop (default Qubes installation
has 4 desktops (=desktop overview pager left of the clock in the menubar)

3) If you need to open a disposable Application, start this application in
the already running disposable VM
add a qvm-kill/qvm-shutdown after the command launch

4) provision a new disposable AppVM in the background which will be used
when the next disposable Application must be started.

This is far away from being perfect but it would be good enough for me,
I've run the commands manually and proved that something like this can
work, but I am missing some more scripting skills.
I hope someone can support me, filling the missing gaps.

=
Quick'n dirty notes, playing arround with the above idea / needs to be
polished.

# Create list of all open windows = Window-List-1
wmctrl -l | gawk '{ print $1 }'

# Show all Running DispVMs = List-DVMs-1
qvm-ls | grep DispVM


# Create a new AppVM and open an xterm window in it
# This will open up a new xterm window in the current window
qvm-run -q -a --service --dispvm=fedora-26-dvm -- qubes.StartApp+xterm &


# Show all Running DispVMs = List-DVMs-2
qvm-ls | grep DispVM


# TODO: commands to get the name of the newly created DispVM
# This DispVM will be called "Newest-DispVM"


# Create a new list of all open windows = Window-List-2
wmctrl -l | gawk '{ print $1 }'


# TODO:
# Commands to find out which is the new window ID from the xterm-window
# The DispVM-window-ID = Window-List-2 - Windows-List-1
# we call this window here DispVM-xterm-Window-ID


# List of all available desktops
# First desktop = 0
wmctrl -d |  gawk '{ print $1 }'
# TODO: Get the greatest number from this list = LastDesktop


# move the new xterm window to the last desktop, so that is it out of the
way
wmctrl -i -r $DispVM-xterm-Window-ID -t $LastDesktop


# If a new DisposableVM is needed, the following steps need to be done:

1) $Current-DispVM = Newest-DispVM

2) Prepare another DispVM in the background (!)
   Create a new DispVM  by opening an xterm session and
   move it to the last desktop (see above)
   This DVM will be the "Newest-DispVM

3) Run the application in Current-DispVM
   and kill the DispVM when the command has been ended
   qvm-run $Current-DispVM  && qvm-kill $Current-DispVM
   this will also kill the xterm window on the last desktop


What do you think?
Can someone can tell me the neccessary command to find out what is the
Windows-ID of the xterm window and the DisposableVM-Name after launching a
new App-VM?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] Qubes repos on Debian-based custom template VMs

[Unman]

On Sat, Mar 10, 2018 at 08:17:09AM -0800, SP wrote:
> I'm afraid to try it since Ubuntu's package versioning, library paths etc. 
> would be different from Debian, and that might potentially break my 
> installation ...
> 
> I guess one solution would be to add the "source" Debian repos and compile 
> them on Ubuntu.
> 
> On Saturday, March 10, 2018 at 2:49:05 AM UTC-8, awokd wrote:
> > On Fri, March 9, 2018 7:59 am, Saswat Padhi wrote:
> > > Hi everyone,
> > >
> > >
> > > I was able to build a Xenial TemplateVM using the Qubes Builder,
> > > but I don't see any repository on the VM for updating qubes packages.
> > >
> > > Does anyone know if this is supported?
> > 
> > Can you use the Debian repos for Ubuntu?
> > https://deb.qubes-os.org/r3.2/vm/dists/
> 

I provide some templates and a repo with updated Ubuntu packages.
Completely unofficial.
My time is somewhat limited but I try to update at least once a month.
Have a look at http://qubes.3isec.org
You'll want to check my key, of course.

You're quite right not to mix Ubuntu and Debian packages. This almost
always creates more problems than it solves.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180310193128.ef2tlkzlbi3kwkaf%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes repos on Debian-based custom template VMs

[SP]

I'm afraid to try it since Ubuntu's package versioning, library paths etc. 
would be different from Debian, and that might potentially break my 
installation ...

I guess one solution would be to add the "source" Debian repos and compile them 
on Ubuntu.

On Saturday, March 10, 2018 at 2:49:05 AM UTC-8, awokd wrote:
> On Fri, March 9, 2018 7:59 am, Saswat Padhi wrote:
> > Hi everyone,
> >
> >
> > I was able to build a Xenial TemplateVM using the Qubes Builder,
> > but I don't see any repository on the VM for updating qubes packages.
> >
> > Does anyone know if this is supported?
> 
> Can you use the Debian repos for Ubuntu?
> https://deb.qubes-os.org/r3.2/vm/dists/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3af8924-f6ad-4525-b1d3-5a7ccf557da0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Launching speed of disposable VMs 15-18sec

[Yuraeitha]

On Saturday, March 10, 2018 at 8:21:02 AM UTC+1, hopkins...@gmail.com wrote:
> >32 GB RAM.  launch times (~15-19 sec)
> 
> This was the reason why i left Qubes OS. I cant coupe with hours starting 
> vm-s. 3.2 version were faster.

well not really slow, you might just have had a bad setup and slow hardware. I 
don't think it's fair to blame Qubes for that though, you make it sound like 
it's their fault that you're on slow hardware with a bad version/settings 
layout. But maybe that's not your intention though. 

I also hope you realize that "lots, and lots of RAM" doesn't just automatically 
equal fast start-ups, your specific cherry picking of quote in relation to your 
words, seem to imply just that.

Also why were you on Qubes if you didn't care about security? Leaving Qubes for 
something minor like this, seems to point that you don't care about security. 
So what made you come to Qubes in the first place?

Not to be a butthead or anything, I just think your rash comment is uncalled 
for.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9d6e650-7541-47a6-93e7-340238117b9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

[little help]

On Wednesday, March 7, 2018 at 8:11:25 PM UTC+1, Tim W wrote:
> I am sorry what is reason so many people want to get and use a riseup.net 
> account outside political or some other social reason
> 
> They had their canary down for over a year because of gag order from the feds.
> 
> They have totally rewritten there canary statement since which was prior very 
> clear and concise.  Now it looks to be heavily lawyered careful play on 
> words...thus its vague using words that can having wide varying meaning.  
> what is omitted is any speech with the words warrant, gag order, NSL.  If 
> they get any of those it will NOT of itself require them activating the 
> canary protocol.
> 
> Here is their old Canary statement followed by the new one:
> 
> OLD:
> riseup has not received any National Security Letters or FISA court orders, 
> and we have not been subject to any gag order by a FISA court, or any other 
> similar court of any government. Riseup has never placed any backdoors in our 
> hardware or software and has not received any requests to do so. Riseup has 
> never disclosed any user communications to any third party.
> 
> 
> NEW:
> Riseup positively confirms that the integrity of our system is sound. all our 
> infrastructure is in our control, we have not been compromised or suffered a 
> data breach, we have not disclosed any private encryption keys, and we have 
> not been forced to modify our system to allow access or information leakage 
> to a third party.
> 
> 
> Unfortunately we cannot use common sense to read these but they must be read 
> thru the eye of a laywer  I think you really see the effects of the rewritten 
> statement. 
> 
> From what I can tell the system is closed source.  They no longer offer any 
> form of encryption.  I must all be done on your email client.  There is no 
> two factor authentication.  The user name and password to get your into your 
> mailbox from what I can see maybe moot as there is no info on any use of 
> encryption outside users manually or thru a client using gpg.  If that is 
> correct then any mail not gpg encrypted is sitting in the mailbox in 
> cleartext.  Unless there is something like AES 256 protecting the mailbox via 
> your password but then that means thru the recovery passcode system they very 
> well can get back into your mailbox even with lost credentials and no reset 
> alternate email address.
> 
> For a person that plans to gpg encrypt all their emails what does this offer 
> anyone over the other free email accounts.  Sure your contacts are not mined 
> to hell and back but in terms of email content I see no difference and 
> actually lower login security.
> 
> I was looking at the thread and it looks like around 40 people requested 
> referral codes on this thread while the canary was expired.  One person even 
> mentioned it and it went uncommented on.
> 
> Compare this to say protonmail its not even remotely close.  As both can be 
> had for free and without all the need for referrals as its targeted toward 
> liberal/social/anticapital political change groups not sure the point?  
> Elitism?
> 
> I honestly was surprised so many people on this list asking for it and where 
> unphase by the fact the canary was expired and it was known they were under a 
> gag order.  We make a big deal about a close source binary blob for a driver 
> or firmware to a nic or gpu yet a closed source email provider system with a 
> triggered canary and no one misses a beat?  I know the thread was off topic 
> and has been running for years and why I never even read it till now for no 
> other reason than I was wasting time but wow I am surprised.



Yeah your concerns are legitimate.
I guess they changed canary to make it more usable. Old one was a bit awkward 
since due to warrant they were not able to update it or comment anything about 
it.
New one doesn't cover subpoenas and gag orders, but only covers infrastructure 
they control and are always free to comment on.
So new canary is not as reassuring as old one, but new one will not cause this 
6 months old radio silence when users didn't know what is going on.

Btw old gag order and investigation was because of some cryto blackmailing. I 
think I found this somewhere on riseup canary pages.

You are right there is nothing else than username and password protecting your 
account. But this is the same for every other non two factor authentication 
account. And two factor isn't perfect either.
And they are as far I know closed source so you just have to trust them. Which 
is again same as majority of other email providers.

You mentioned that "They no longer offer any form of encryption."
This is not true. After that gag order debacle they introduced new encrypted 
mailboxes.
https://riseup.net/en/about-us/press/canary-statement
Under this new system (if what they claim is true), feds will not be able to 
read any emails if they don't have password of account. Under old system riseup 
admins were 

[qubes-users] Re: off topic - invite codes to 'riseup'

[little help]

On Wednesday, March 7, 2018 at 8:11:25 PM UTC+1, Tim W wrote:
> I am sorry what is reason so many people want to get and use a riseup.net 
> account outside political or some other social reason

Yeah your concerns are legitimate. 
I guess they changed canary to make it more usable. Old one was a bit awkward 
since due to warrant they were not able to update it or comment anything about 
it. 

New one doesnt cover subpoenas and gag orders, but only covers infrastructure 
they control and are always free to comment on. 
So new canary is not as reassuring as old one, but new one will not cause this 
6 months old radio silence when users didnt know what is going on.

Btw old gag order and investigation was because of some cryto blackmailing. I 
think I found this somewhere on riseup canary pages. 

You are right there is nothing than username and password protecting your 
account. But this is the same for every other non two factor authentication 
account.
And they are as far I know closed source so you just have to trust them. Which 
is again same as majority of other email providers.

You mentioned that "They no longer offer any form of encryption."
This is not true. After that gag order debacle they introduced new encrypted 
mailboxes. 
https://riseup.net/en/about-us/press/canary-statement
Under this new system (if what they claim is true). Fed will not be able to 
read any emails if they dont have password of account. Under old system riseup 
admins were able to provide content of emails to feds without your password, 
under new system they cant. (New system also doesnt allow admins to reset your 
password if you forgot it)

So to answer your question, I guess people are recently rushing to riseup 
because it is "known as secure" and they trust the sources where they heard 
that. 
I reality nobody can be rally sure if whole thing is not just honeypot. 

And most importantly. You said that if you encrypt your emails with PGP, riseup 
doesnt offer much more than any other free email provider. 

ANYONE USING RISEUP FOR SECURITY CONCERNS, SHOULD STILL USE MANUAL PGP 
ENCRYPTION OF EMAIL CONTENT AND BE CAUTIOUS WITH SUBJECT OF EMAIL

 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9aa3fdbe-a335-4778-bd42-da0700678da2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes OS 4.0-rc5 has been released!

[Yuraeitha]

On Friday, March 9, 2018 at 10:36:49 PM UTC+1, contact...@gmail.com wrote:
> Thx for the great description and tips. I think I updated everything. Is 
> there a way to check if  rc5 is active? 
> 
> One other thing:
> When my system booted. TOR is connected but I get an gui error message from 
> sys-whonix:
> 
> System clock check result
> Unexpected result by timedatectl
> Timedatectl_output_pretty:
> 
> Local time and universal time are the same 
> RTC time: n/a
> Time zone: etc/utc ( utc, +)
> NTP enabled: yes
> NTP sychronized: no
> Rtc in local TZ: no
> DST active: N/A
> 
> Does someone has the same Issue?

I improved the update commands a bit after looking a bit around.

dom0
sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing --clean
(or --check-only instead for dom0).

fedora
sudo dnf update --enablerepo=qubes-vm-*-current-testing --refresh

debian/whonix
sudo apt-get update -t *-testing && sudo apt-get dist-upgrade -t *-testing

This way, you don't need to edit any files for debian/whonix to get the testing.
If you also want to increase reliability further, you can make a 
dependency/cache check with "sudo apt-get check", which is normally very quick. 
For that do;

debian/whonix
sudo apt-get check && sudo apt-get update -t *-testing && sudo apt-get 
dist-upgrade -t *-testing


It may be possible to further optimize the update commands, if anyone got 
suggestions, please feel free to opt-in so that we can recommend better update 
approaches in the future.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5e9cd36-dc6a-499e-8f3f-46533a1b3aa1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

[Micah Lee]

‐‐‐ Original Message ‐‐‐

On March 8, 2018 11:26 AM, Chris Laprise  wrote:

> ​​
> 
> >>>\> \[1\] https://dnsprivacy.org/wiki/
> 
> > > > > \[2\] https://www.qubes-os.org/doc/networking/
> 
> Micah,
> 
> If you have any specific instructions on how to setup the forwarder
> 
> you're using, I'd be happy to try it myself and post a solution for use
> 
> with qubes-firewall.
> 
> I found the dnsprivacy wiki to be a bit scattered and not very specific.
> 
> Their video "tutorial" is really a lecture on the concept.

Thanks, yes I'd love to share instructions. I haven't gotten it working yet -- 
I'm traveling right now and haven't spent a lot of time on it, and might not 
for the next week or two. But once I figure it out I'd like to write a blog 
post or something with instructions. But maybe I should sent it to this list 
first for people to test and give feedback.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/pPIWHaxl0Lwz4sF1qRHn34jz0i4_oDljtkWk8CQMPNnOtFFKBsOS7gaUGQqLXC9ZFprlaPHpcPW_4IX_LKKwm9no1c-DO7byugnObo8aXzY%3D%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I create an HVM?

[799]

Hello,


Am 10.03.2018 8:19 vorm. schrieb "sevas" :

Been following the docs and I cant get it.

qvm-create --hvm
#No such argument
qvm-create --HVM
#No such argument
qvm-create --class hvm
qvm-create --class=hvm
qvp create --class hardwareVM

you get the picture. I must be missing something. I just want to start an
iso from a VM.


I think it's all in the docs:

https://www.qubes-os.org/doc/hvm/

For example:

qvm-create win7 --class StandaloneVM --property virt_mode=hvm --property
kernel="" --property memory=4096 --property maxmem=4096 --property
debug=True --label green

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2t7BQMo-8kMyTeOCpi3o%2BVaKrATaExD%3DBZASFymj8fxow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Trying to install Qubes Release 3.2 on Dell Laptop install stops at network settings

['awokd' via qubes-users]

On Fri, March 9, 2018 8:02 pm, Jaqen Hghar wrote:
> On Friday, March 9, 2018 at 2:44:37 PM UTC-5, Jaqen Hghar wrote:
>
>> I've tried to get this setup/installed a few times now but once it
>> starts going through "create network settings" things seem to stop and
>> nothing else happens? Any suggestions? First time trying to download
>> qubes for me... not really sure about this. Thanks!
>
> The error i see is 'Failure to "install Kernel" or something like that.
> Move to quick got me to catch the whole message.

One thing you could try is to temporarily pull the wifi card for the
install, then add it back in after. Also, search this mailing list and the
https://www.qubes-os.org/hcl/ for your laptop model and see if others have
run into the same problem (and hopefully came up with a fix.)


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db547f403f6bfc7b50e1a6100062765d.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes repos on Debian-based custom template VMs

['awokd' via qubes-users]

On Fri, March 9, 2018 7:59 am, Saswat Padhi wrote:
> Hi everyone,
>
>
> I was able to build a Xenial TemplateVM using the Qubes Builder,
> but I don't see any repository on the VM for updating qubes packages.
>
> Does anyone know if this is supported?

Can you use the Debian repos for Ubuntu?
https://deb.qubes-os.org/r3.2/vm/dists/


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a26c404cde9b17823cc95df4143f9d40.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I create an HVM?

['awokd' via qubes-users]

On Sat, March 10, 2018 7:19 am, sevas wrote:
> Been following the docs and I cant get it.
>
>
> qvm-create --hvm #No such argument
> qvm-create --HVM #No such argument
> qvm-create --class hvm qvm-create --class=hvm qvp create --class
> hardwareVM
>
> you get the picture. I must be missing something. I just want to start an
> iso from a VM.
>
> Im forever in your debt.

Which doc are you following? Those commands are missing many arguments.
Look for the one about creating HVMs.

In general, if you are having trouble figuring out the options for a
command, the Qubes commands follow the GNU/Linux convention of displaying
additional help with the --help option.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9d04afc7016840f98507bf0c436e681.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.