date:20180825

On Sat, Aug 25, 2018 at 01:15:47PM -0700, Who Cares wrote:
> Am Samstag, 25. August 2018 17:17:45 UTC+2 schrieb Unman:
> > On Sat, Aug 25, 2018 at 06:33:25AM -0700, Who Cares wrote:
> > > Hi there,
> > > 
> > > I want to assign my HDD directly to a specific HVM Qube.
> > > Its connected per Sata.
> > > I already tried with "lspci" or "qvm-pci" but I never find my HDD.
> > > With "qvm-block" I find it at dom0:sdb but how can I assign the complete 
> > > HDD to a specific Qube even after restart like I can assign PCI devices 
> > > in the Qubes Device Manager?
> > > 
> > > The Qube is an HVM which needs to access the HDD because I want to 
> > > install a Linux based System(Kerio control) which cannot handle the 
> > > Qubes-System that offers the Space on the System Drive. So I need to pass 
> > > through a complete HDD that is supported by this System(Kerio-control) I 
> > > want to install in the HVM.
> > > 
> > > Hopefully someone got a Solution :)
> > > 
> > > Thanks so far!
> > > 
> > In 3.2 you could just edit the conf file under /var/lib/qubes...
> > 
> > In 4.0:
> > Have a look at
> > https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html
> > 
> > You want to add a new device: use normal Xen configuration.
> > https://libvirt.org/formatdomain.html#elementsDisks will help.
> > Use the phy driver, and specify the source as /dev/sdX, and target dev on 
> > your qube.
> > 
> > unman
> 
> I do not really know how to use this information there.
> What should I work myself into first to understand this?
> 

The libvirt page explains how to create a custom specification for a
qube, and where to put the files.
The basic specification is created from a template file - on my system
it's at /usr/share/qubes/templates/libvirt/xen.xml. (The documentation
is a little out of step here.)
If you look at that file you can see how the configuration for your
qubes is constructed.

What we want to do is to modify the settings for qube foo so that
/dev/sdb on dom0 will appear at /dev/xvde in foo.

Create a new file in dom0 at:
/etc/qubes/templates/libvirt/by-name/foo.xml

The contents are:
{% extends 'libvirt/xen/xml' %}
{% block devices %}
{{ super() }}

{% endblock %}

The "extends" statement tells the system that it will be modifying the
definition in libvirt/xen.xml
The "super()" imports the specification for block devices from that file.
Then we define a new disk device - the syntax here is quite obvious and
follows the reference in libvirt.org

Now when you boot foo, Qubes will pick up this file, and attach /dev/sdb
to the foo qube, where it will appear as /dev/xvde. 
You can put an entry in to /etc/fstab so that the /dev/xvde device will
be automatically mounted where you will. 

hth

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180826020432.5slvtvyojy2lt4n7%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as server

2018-08-25 Thread chrisrowlands01

On Saturday, August 25, 2018 at 7:51:01 AM UTC-7, Unman wrote:
> On Sat, Aug 25, 2018 at 06:40:01AM -0700, Who Cares wrote:
> > I did the same and you just should keep in mind that the sys-firewall would 
> > block any communication between VM's or between Clients and Qubes VM´s.
> > 
> > Someone posted this Link:
> > https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes
> > it helped a lot.
> > 
> > Just make sure that you either update iptable rules for each of your 
> > Service VM´s (for example Web-server-VM) or connect the Service VM's 
> > directly to sys-net without sys-firewall but this is, I think, not 
> > recommended.
> > 
> 
> Definitely not recommended and unnecessary.
> The Qubes networking structure is flexible enough to let you do pretty
> much whatever you like without unduly compromising security.
> 
> If you have 2 NICS, you could allocate one to a new sys-net and get even
> greater isolation between your standard qubes and those offering
> external services: DMZ on the cheap.
> 
> unman

Great, thank you both for your responses.  I'll check into inter-qube 
networking and see what makes sense for me.  Mostly I am concerned with just 
making a given qube accessible to outside, I don't think I care about 
inter-qube networking too much beyond that.

One other thing I am wondering about is how feasible it is to selectively allow 
a given qube/VM to access a given directory (and only that directory) of my 
server's media drives.  In particular, I am also wondering how well Qubes works 
with ZFS in practice (I have taken a quick look at the Qubes ZFS info page and 
see it does support it), as currently all my data is in a zpool.  Should I 
expect trouble with either of those aspects?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a6ddf11-3cca-47d1-8aac-ffd86b63ab61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] OpenSSD

2018-08-25 Thread jonbrownmasterit

Anyone using OpenSSD in their laptops?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a42321ad-f7ed-468a-bd78-4ab6e358b2e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rusty Bird

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

'awokd' via qubes-users:
> > Rob Fisher:
> >> what are the best options for a Qubes user right now?
^
> Get Qubes running on non-x86 architectures less prone to
> vulnerabilities!

Don't hold your breath ;)

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbgdhiXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfHXsP/Avjd7ZuwBIx1wDg90aoq6xE
lNHxEMhly2z8KXfNzLOg/H+3yF7gg+DeKo9wU0gAKm2O1grxt9TWgvju3Wje1Wdu
gvEIo6Ew/oK/UFl5oQLFR/5F+zCjMaB7SAqf1hKZsJhLm82PrF8kXtwm1+y/CZTE
IB7ci8x0lB+2p0571uMuu1HMgTTHn+e/UfKbANbHrgBClYgsBgasZD6wy99gOKOY
f4pcSfd3wQ3lmg5D8U44Pg5NMnGHFnhsu1prqbrsYFSwzLxkhWD6mODvYZ2G8BbM
+F/49iIafiGrhOrLGF+M/jnH/rIYT48IZEM90IFoS55WbeFZdvjID7inqFBDUbc2
EyyxuPUXku80NTuVlJP9t4/tinH7K+IfK5VV9F3jjU4tMO8kgdKJ+LMDkLGaKUoW
Qy22Lm2EWDNXBFMopxwcHeIp19RbIYKEcjMrknI6XT2LPt4Dfg/Ibd8F5k95/SC4
LFAxA4BJJXyJQdaIdit2t//38h0N7irmP6bDpihNjW0zVgAZwUNd/u1gwtLYS5z4
RHwfIdHnHv1ZG9mV3noMiVJLDgml0RTkuyCz+dEmYe6X5MhChdsmDqcLm2/xC5cW
lOwULl6dFbYVudOfi0yJnrXHSSDGINLYweSBJEuMC4nSfmab5vKr4Qvk3arJIw1i
ebXtbANVEiih6ZkBuW2a
=H494
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825222954.GA1510%40mutt.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

2018-08-25 Thread demiobenour

OP has the mouse on sys-usb, so connecting it to the network would be very bad.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fdf178da-a5b6-4ac3-818a-aa9a05019c18%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Changed permissions on /srv/ recursively, how can I recover?

2018-08-25 Thread demiobenour

Apparently reinstalling enough Salt packages fixed the problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67f8d0e4-0425-4187-b443-b76733b34842%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Changed permissions on /srv/ recursively, how can I recover?

2018-08-25 Thread demiobenour

Which ones have different permissions?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa60b97e-a11b-43ce-9397-63704b2631e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] XSA-273 - Impact on Qubes?

On Sat, August 25, 2018 9:50 pm, Rusty Bird wrote:
> Rob Fisher:

>> what are the best options for a Qubes user right now?
>
> - - Add smt=off as a Xen boot parameter (which disables hyperthreading)
> to make the attack harder? - - If you're worried that some VM might want to
> steal data from another, try not to run both at the same time - - Hole up,
> have a nice cup of offline and wait for all this to blow over

Get Qubes running on non-x86 architectures less prone to vulnerabilities!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ea6fd3870e89af5360fad70c59c8399.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rusty Bird

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Rob Fisher:
> I'm wondering when we can expect information on the impact of XSA-273 (1) on
> Qubes R4?

I'd guess early next month:
https://groups.google.com/d/msg/qubes-users/Isn_hko7tQs/PcqIuUleEQAJ

> what are the best options for a Qubes user right now?

- - Add smt=off as a Xen boot parameter (which disables hyperthreading)
  to make the attack harder?
- - If you're worried that some VM might want to steal data from another,
  try not to run both at the same time
- - Hole up, have a nice cup of offline and wait for all this to blow over

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbgc8qXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfr38P/1KtCRK5qEvTcCTVLVbwYZHj
k63iIhA6n7wzRaV8oaOq7YrRzFryNoikeU2eqYe+T6Rwuw3hBE842pN+rABTJ7BS
Lb9UdUaC14y481Ad0uMxR4MvE+zKx6Ok4XuHTEwpZXDPw5URqNLNwp0+3ll1MXj2
lkRFqb9/IuwdR491YpQQAfjkD/EfHkMvd+TJAGowkUOBFno9605x8fLYRCMw0ZTL
U0c0amlRSeM57bhqPR0fMtc3rfFT/w+wZS1QHoq881qXfx9E29HjjOnTI3E1EN0I
MRbh222HsjScvl2O7OPbDUzIQW6uC/rZPYKrekMNYfK0c+sfUCehLE/RUNp3qdUf
8dEpVL5uBFIL4wBSN4g9GIFa2wmHvnrJ90v7U7pJ61iWoA1vaKEARlECZU7u3+EH
rOXSdb0+o7RtOItY/Lb8e/qfZxfScvvCb2n7dz1fqFFB2dXd7pIixMT7cERPbvsR
AGiqs6hkmHKKuw38xeKhhl5yVQQhIa77WgAVVHQ0mXu0sqGOWPLA30kwp4Tioqvh
HgKl9OtEUlVfYDj9HOuRdKM7Ns8rxLyDuYd6ENDgkMIC8QCEmE6blmnkJybR2mBo
knEQ0vgRQ++R8eG0b+3u7a97Up94D6FhDGA5b042a0wOGgBEG7e9/sefwCOskXGL
pnSyzaTOZPeHlStNxxhf
=bImI
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825215034.GA1241%40mutt.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Sat, August 25, 2018 9:32 pm, awokd wrote:
> On Sat, August 25, 2018 8:20 pm, Daniil .Travnikov wrote:
>
>> On Saturday, August 25, 2018 at 12:06:49 PM UTC-4, awokd wrote:
>>
>>
>>> On Sat, August 25, 2018 3:27 pm, Daniil .Travnikov wrote:
>>>
>>>
 On Saturday, August 25, 2018 at 10:59:22 AM UTC-4, awokd wrote:



>>>
>
> OK, then I guess your only option is to do what you were doing
> and keep the USB controller in sys-net. This isn't necessarily a
> bad thing; there's an option on Qubes install to configure it like
> that, but it lessens separation of devices.

 Maybe do you know how can I install this Qubes option about you
 said? Or
 maybe in some point from docs?
>>>
>>> Manually assigning the USB controller to sys-net accomplishes the
>>> exact same thing as the setup option.
>>
>> It means that I have not any solution for this modem in Qubes. Because
>> I
>> can't assign this device to sys-net without all devices which I already
>> using (for example usb mouse and usb flash drives).
>
> That's correct, all USB devices would also be on sys-net, but like I
> wrote above that's not necessarily a bad thing.

Another option might be to configure your sys-usb with "qvm-prefs sys-usb
provides_network true". Not sure if there is more to it than that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c09bfd45aa09c9ac250e7f50af1630d8.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Sat, August 25, 2018 8:20 pm, Daniil .Travnikov wrote:
> On Saturday, August 25, 2018 at 12:06:49 PM UTC-4, awokd wrote:
>
>> On Sat, August 25, 2018 3:27 pm, Daniil .Travnikov wrote:
>>
>>> On Saturday, August 25, 2018 at 10:59:22 AM UTC-4, awokd wrote:
>>>
>>>
>>

 OK, then I guess your only option is to do what you were doing and
 keep the USB controller in sys-net. This isn't necessarily a bad
 thing; there's an option on Qubes install to configure it like that,
 but it lessens separation of devices.
>>>
>>> Maybe do you know how can I install this Qubes option about you said?
>>> Or
>>> maybe in some point from docs?
>>
>> Manually assigning the USB controller to sys-net accomplishes the exact
>>  same thing as the setup option.
>
> It means that I have not any solution for this modem in Qubes. Because I
> can't assign this device to sys-net without all devices which I already
> using (for example usb mouse and usb flash drives).

That's correct, all USB devices would also be on sys-net, but like I wrote
above that's not necessarily a bad thing.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ac816a503735de81c87e38534ce9b5f.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Changed permissions on /srv/ recursively, how can I recover?

On Sat, August 25, 2018 7:49 pm, Demi M. Obenour wrote:
> I changed permissions on /srv/ recursively (I think they are 750 now?
> Not sure).  This is preventing me from using salt:// in state files. 
> What are the correct permissions for the stuff in that directory?

Looks like most (but not all) directories are rwxr-x---, and files rw-r--r--.
Probably safest option is to backup VMs, reinstall, and restore; unless
there's some Salt utility that can repair the permissions.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee578770be9b8d252c3e215d58a69272.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rob Fisher

I'm wondering when we can expect information on the impact of XSA-273 
(1) on Qubes R4? I can't help but notice it's absence from the Qubes 
XSA-tracker page (2).


Some OS Vendors have implemented kernel patches in an attempt to 
mitigate these vulnerabilities, but as of yet I haven't seen any such 
patches to the qubes-kernel-vm or the Hypervisor.


In the common case that microcode updates aren't possible via a BIOS 
update (HW vendor not made them available), and disabling 
hyper-threadding is not possible in the BIOS - what are the best options 
for a Qubes user right now?


Thanks,
Rob.

Links:
(1) - https://xenbits.xen.org/xsa/advisory-273.html
(2) - https://www.qubes-os.org/security/xsa/



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9075ff94cda5166e16d7c3a189ab576a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread Chris Laprise

On 08/25/2018 03:59 PM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-08-25 14:24, 'awokd' via qubes-users wrote:

On Sat, August 25, 2018 7:01 pm, Chris Laprise wrote:

On 08/25/2018 02:25 PM, Rusty Bird wrote:

odindva0...@gmail.com:

I am using version R 4.O and recently decided to set up a new Vpn
connection . But when I try to select the type is only giving me AppVM
and Standalone option so obviously I can't move forward . I am
attaching picture of it so you can see it youself :
https://imgur.com/a/xTmpUDX .

Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
in older Qubes versions.

Rusty

I've come to the conclusion that attempting to change the terminology
for VM types was a mistake. People are getting confused and referring to
"network-providing appVM" in the generic is awkward at best --
especially if you are merely describing or referring to VMs instead of
giving instructions on creating them.

Think some additional text in the dialog box like "provides network
('ProxyVM')" would do it? Agree that "network-providing appVM" is a bit of
a mouthful.

If I understand correctly, it's not merely a terminological change.
Rather, there is simply no longer such a thing as a "ProxyVM" in Qubes
4.0, where a "ProxyVM" is understood to be a VM that has the inherent
property of proxying network access. Instead, "provides network" is a
switchable property can apply (or not) to *any* VM. You can flip the
switch on to make a VM play the role of a ProxyVM (and/or a NetVM?),
then switch it off again later, and it'll still be the same VM. At any
rate, that's what I gather from this comment from Marek:

https://github.com/QubesOS/qubes-issues/issues/1763#issuecomment-188786341

Except VMs internally still use the proxyVM term in /var/run/qubes for
example. Its how my VPN code makes decisions about where+what to run.

I'd vote for adding (ProxyVM) in parentheses to the "provides network"
label (not tooltip) in the create dialog.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f58e69f6-1724-571d-d2f0-c39562b3f32f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Saturday, August 25, 2018 at 12:06:49 PM UTC-4, awokd wrote:
> On Sat, August 25, 2018 3:27 pm, Daniil .Travnikov wrote:
> > On Saturday, August 25, 2018 at 10:59:22 AM UTC-4, awokd wrote:
> >
> 
> >>
> >> OK, then I guess your only option is to do what you were doing and keep
> >>  the USB controller in sys-net. This isn't necessarily a bad thing;
> >> there's an option on Qubes install to configure it like that, but it
> >> lessens separation of devices.
> >
> > Maybe do you know how can I install this Qubes option about you said? Or
> > maybe in some point from docs?
> 
> Manually assigning the USB controller to sys-net accomplishes the exact
> same thing as the setup option.

It means that I have not any solution for this modem in Qubes. Because I can't 
assign this device to sys-net without all devices which I already using (for 
example usb mouse and usb flash drives).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/985c607b-9d0c-4742-81bc-b9d35836b891%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Saturday, August 25, 2018 at 12:06:49 PM UTC-4, awokd wrote:
> On Sat, August 25, 2018 3:27 pm, Daniil .Travnikov wrote:
> > On Saturday, August 25, 2018 at 10:59:22 AM UTC-4, awokd wrote:
> >
> 
> >>
> >> OK, then I guess your only option is to do what you were doing and keep
> >>  the USB controller in sys-net. This isn't necessarily a bad thing;
> >> there's an option on Qubes install to configure it like that, but it
> >> lessens separation of devices.
> >
> > Maybe do you know how can I install this Qubes option about you said? Or
> > maybe in some point from docs?
> 
> Manually assigning the USB controller to sys-net accomplishes the exact
> same thing as the setup option.


It means that I have not any solution if I want to use this modem for example 
for another VM? Only in sys-net?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6cab9fb2-146a-45db-820b-699133b210c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Assign Sata Device to Qube

2018-08-25 Thread Who Cares

Am Samstag, 25. August 2018 17:17:45 UTC+2 schrieb Unman:
> On Sat, Aug 25, 2018 at 06:33:25AM -0700, Who Cares wrote:
> > Hi there,
> > 
> > I want to assign my HDD directly to a specific HVM Qube.
> > Its connected per Sata.
> > I already tried with "lspci" or "qvm-pci" but I never find my HDD.
> > With "qvm-block" I find it at dom0:sdb but how can I assign the complete 
> > HDD to a specific Qube even after restart like I can assign PCI devices in 
> > the Qubes Device Manager?
> > 
> > The Qube is an HVM which needs to access the HDD because I want to install 
> > a Linux based System(Kerio control) which cannot handle the Qubes-System 
> > that offers the Space on the System Drive. So I need to pass through a 
> > complete HDD that is supported by this System(Kerio-control) I want to 
> > install in the HVM.
> > 
> > Hopefully someone got a Solution :)
> > 
> > Thanks so far!
> > 
> In 3.2 you could just edit the conf file under /var/lib/qubes...
> 
> In 4.0:
> Have a look at
> https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html
> 
> You want to add a new device: use normal Xen configuration.
> https://libvirt.org/formatdomain.html#elementsDisks will help.
> Use the phy driver, and specify the source as /dev/sdX, and target dev on 
> your qube.
> 
> unman

I do not really know how to use this information there.
What should I work myself into first to understand this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bc036af-dc6c-4b68-be10-e00794b6a407%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 SSD Encryption

2018-08-25 Thread Jean-Philippe Ouellet

On Sat, Aug 25, 2018 at 3:41 PM, taii...@gmx.com  wrote:
> On 08/24/2018 11:44 AM, brendan.h...@gmail.com wrote:
>>
>> And if your OPAL drive is backdoored by the manufacturer for a government, 
>> your drive is backdoored whether you're using OPAL or not and depending on 
>> what you wanted > to keep private, you're already screwed.
>
> Wrong - if you have an IOMMU and the drive is software encrypted then
> you are absolutely fine and it can't do anything but randomly delete
> your data.

Sorry but no, that's not true. Do not conflate encryption with
authentication. I suggest you read more about ciphertext malleability
attacks.

Also, currently disks are owned by dom0, and e.g. a malicious nvme
device could do arbitrary DMA to compromise dom0 and therefore win.
Just because your device has an IOMMU does not mean it is actually in
use to protect you from all DMA-related attacks, and in this specific
case it is not currently in use as such by Qubes.

To really reduce disk-originating attacks to DoS as you suggest (and
as I'm sure many would wish to be the case!) you need something like a
read-only FS protected by dm-verity with the block backend outside
dom0. This is something I have worked on for Qubes, but that work is
not complete yet.

> In that case you can boot from coreboot-grub to a 100% encrypted ssd or
> directly load the kernel from coreboot which then decrypts the drive.
>
> You can also buy an OpenSSD from the OpenSSD project if you want a drive
> with libre firmware - what is cool about them too is that you can
> upgrade the flash modules without changing the controller.
>
> If one installed an OpenSSD on a TALOS 2 then you could have a system
> that is entirely open source and documented.
>
>> No security mechanism exists in a vacuum. Layer them as necessary. I want to 
>> prevent both remote firmware tampering and out-of-sight boot tampering. So I 
>> utilize the > SED hardware security. I also enable software volume 
>> encryption, when available, as well.
>
> If someone has the ability to modify your device firmware they already
> have root or physical access and it is game over, additionally anyone
> with the capability to re-write drive firmware[1] probably has a bypass
> exploit too.
>
> [1] Such a thing is VERY difficult as there is no available
> documentation for them and you need documentation+spec sheets to write
> device firmware - interesting fact most drives these days have a multi
> core ARM processor.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/88a11ba1-8181-16d2-9ddd-245a58805839%40gmx.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DahSiniswOXH_ASEvzBitMxMktQ9vhq7KzNjksN%3DzEdA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-08-25 14:24, 'awokd' via qubes-users wrote:
> On Sat, August 25, 2018 7:01 pm, Chris Laprise wrote:
>> On 08/25/2018 02:25 PM, Rusty Bird wrote:
>>> odindva0...@gmail.com:
>>>
 I am using version R 4.O and recently decided to set up a new Vpn
 connection . But when I try to select the type is only giving me AppVM
 and Standalone option so obviously I can't move forward . I am
 attaching picture of it so you can see it youself :
 https://imgur.com/a/xTmpUDX .

>>>
>>> Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
>>> in older Qubes versions.
>>>
>>> Rusty
>>>
>>
>> I've come to the conclusion that attempting to change the terminology
>> for VM types was a mistake. People are getting confused and referring to
>> "network-providing appVM" in the generic is awkward at best --
>> especially if you are merely describing or referring to VMs instead of
>> giving instructions on creating them.
> 
> Think some additional text in the dialog box like "provides network
> ('ProxyVM')" would do it? Agree that "network-providing appVM" is a bit of
> a mouthful.
> 

If I understand correctly, it's not merely a terminological change.
Rather, there is simply no longer such a thing as a "ProxyVM" in Qubes
4.0, where a "ProxyVM" is understood to be a VM that has the inherent
property of proxying network access. Instead, "provides network" is a
switchable property can apply (or not) to *any* VM. You can flip the
switch on to make a VM play the role of a ProxyVM (and/or a NetVM?),
then switch it off again later, and it'll still be the same VM. At any
rate, that's what I gather from this comment from Marek:

https://github.com/QubesOS/qubes-issues/issues/1763#issuecomment-188786341

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluBtNIACgkQ203TvDlQ
MDBV2A//WPKcKZTXs9gtuVRGYx7r48FxogcELo675e6mVDOzIKJV9u8X0QssoPdg
3MkuO0U2dCgz0JmW3/aBX5jztViBaT5IfHggqv3cTUe4OILy6n0gcTQ68p9VlsDS
+4uwzhyPX4S5Qj4Kamz4mN3TlfgA7Bkp6u9X5Io12RlCVMX7wgt1zPFXFjdY8cln
xXtug6lkATgTRn5vzaeP22Tz8/i6H3ccaDOrXWPzNmpaikxYhpd8PMSAJpB+E3k3
I5AzIlr2Trxh7XkfaGuJjo5JOAsLJqTOpSSGeSo4Mju1ApITmjYqnpi8yraNc3hz
FsJZVgv0awsX7uwFJHL4uMxVNbmaAcyz9OQ6qIzScZ4Z6cYGyMSRdxEoRmS3A0fq
5coGAA6qgYgoAWlZCzxfZZv8ZqQtEWiJrynz63PWd1Zr9ejWoIwEkGxMZ+MVUxD5
CBDqFhodZb98J3xJ0e/Elnf0+zAYYVvo2DS55JA9c8nrwzJtwS45ECDXP38rxYkk
ArfV1lpLLYoYYmBpBe7Sd+sKt/6Uai4+4Ll8YhIUE394dwIGVQXQ6w59MRk6f2Fs
DmfruPTGJ+JoZQfQjphgAG35pjalU6cR/KgyjCAJYgF1OWDZSGUhGdpn4wrA0Fpo
77cOCb5zoCl1QzdWSDAPzC1CVCdpwT3ywPZ5sQetYTWc8DXJbVo=
=XNqi
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94a96850-9da8-a9b3-fd88-9c0804f67dd4%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Changed permissions on /srv/ recursively, how can I recover?

2018-08-25 Thread Demi M. Obenour

I changed permissions on /srv/ recursively (I think they are 750 now?
Not sure).  This is preventing me from using salt:// in state files. 
What are the correct permissions for the stuff in that directory?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fedd0b9-7277-d92c-ae6c-7d77e5bba64f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 SSD Encryption

2018-08-25 Thread taii...@gmx.com

On 08/24/2018 11:44 AM, brendan.h...@gmail.com wrote:
> 
> And if your OPAL drive is backdoored by the manufacturer for a government, 
> your drive is backdoored whether you're using OPAL or not and depending on 
> what you wanted > to keep private, you're already screwed.

Wrong - if you have an IOMMU and the drive is software encrypted then
you are absolutely fine and it can't do anything but randomly delete
your data.

In that case you can boot from coreboot-grub to a 100% encrypted ssd or
directly load the kernel from coreboot which then decrypts the drive.

You can also buy an OpenSSD from the OpenSSD project if you want a drive
with libre firmware - what is cool about them too is that you can
upgrade the flash modules without changing the controller.

If one installed an OpenSSD on a TALOS 2 then you could have a system
that is entirely open source and documented.

> No security mechanism exists in a vacuum. Layer them as necessary. I want to 
> prevent both remote firmware tampering and out-of-sight boot tampering. So I 
> utilize the > SED hardware security. I also enable software volume 
> encryption, when available, as well.

If someone has the ability to modify your device firmware they already
have root or physical access and it is game over, additionally anyone
with the capability to re-write drive firmware[1] probably has a bypass
exploit too.

[1] Such a thing is VERY difficult as there is no available
documentation for them and you need documentation+spec sheets to write
device firmware - interesting fact most drives these days have a multi
core ARM processor.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/88a11ba1-8181-16d2-9ddd-245a58805839%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Unable to see videos higher then 360p !

On Sat, August 25, 2018 5:22 pm, odindva0...@gmail.com wrote:
> Hi all
>
>
> Some videos which are 720p or 1080p show up only as 360p in qubes.
> However some of them are showing in full quality.
> Thought this is quiet strange .
> If anyone knows where the issue is please comment.

If you're watching them over Tor or your internet connection isn't
reliable you might be getting low bandwidth and the stream drops
resolution to compensate. Otherwise, try a different browser.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed8e1a3df1152633ee4bb931b891f637.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

On Sat, August 25, 2018 7:01 pm, Chris Laprise wrote:
> On 08/25/2018 02:25 PM, Rusty Bird wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>>
>> odindva0...@gmail.com:
>>
>>> I am using version R 4.O and recently decided to set up a new Vpn
>>> connection . But when I try to select the type is only giving me AppVM
>>> and Standalone option so obviously I can't move forward . I am
>>> attaching picture of it so you can see it youself :
>>> https://imgur.com/a/xTmpUDX .
>>>
>>
>> Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
>> in older Qubes versions.
>>
>> Rusty
>>
>
> I've come to the conclusion that attempting to change the terminology
> for VM types was a mistake. People are getting confused and referring to
> "network-providing appVM" in the generic is awkward at best --
> especially if you are merely describing or referring to VMs instead of
> giving instructions on creating them.

Think some additional text in the dialog box like "provides network
('ProxyVM')" would do it? Agree that "network-providing appVM" is a bit of
a mouthful.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e76bf9a2cb9be3b927766c8a9ebdf43.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread Chris Laprise


On 08/25/2018 02:25 PM, Rusty Bird wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

odindva0...@gmail.com:

I am using version R 4.O and recently decided to set up a new Vpn connection .
But when I try to select the type is only giving me AppVM and
Standalone option so obviously I can't move forward . I am attaching
picture of it so you can see it youself :
https://imgur.com/a/xTmpUDX .


Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
in older Qubes versions.

Rusty


I've come to the conclusion that attempting to change the terminology 
for VM types was a mistake. People are getting confused and referring to 
"network-providing appVM" in the generic is awkward at best -- 
especially if you are merely describing or referring to VMs instead of 
giving instructions on creating them.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/985ef3e7-895f-cd11-c5ba-1b74d210dbb5%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread odindva0101

On Saturday, August 25, 2018 at 8:36:19 PM UTC+2, Rusty Bird wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> odindva0...@gmail.com:
> > I am using version R 4.O and recently decided to set up a new Vpn 
> > connection .
> > But when I try to select the type is only giving me AppVM and
> > Standalone option so obviously I can't move forward . I am attaching
> > picture of it so you can see it youself :
> > https://imgur.com/a/xTmpUDX .
> 
> Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
> in older Qubes versions.
> 
> Rusty
> -BEGIN PGP SIGNATURE-
> 
> iQJ8BAEBCgBmBQJbgZ8sXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
> NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfaqwP/RLtbBETqXUmN+euKfYuJq8+
> pSuEOJ5K3fu3IJKdXxpmNpPQwgX8gnmWJiTP2KZZQWLGZhvh9yVplEVRzrekXFwu
> jnqnhEaHMCdoeuzya3hz/Rc1Wn5dn/9lRqDyaJ86pQskHRoZwT3nV7rfCo71esAG
> dFH5YNsXycnl+sap+N3oloG100b8ZwD6qc7mjwbYs3xH/tJTjtCkOF8i86OYYt8H
> Tg1Z4UIyWP21cvbacY/7hcVnGSZ9HLXPCz33zv1pLL1UhOimKXuMzsbXlIEZPVcQ
> ZUW9z5zC4r5hmDMy0DU8HqHqsYBVzeYUWwMEOyQSMTrxpDOJfWfxiZz+BUDPhcfW
> PsfMMKknwR07e+d37dnbVu3qPDVRcjaQ4i5f1uoTu8HJzI+4XAuofgOvolKtR5p0
> EkrkkSl8fBDMANlVDTtEY/eTkquq5sy3q/ga0fbW35OvuMpO9kNC5cqzxetYxe1j
> smHJYNyvfcf2B23Sn1sswSSAajPIzRHjkxnRfAWLGZsY4q+3eWh87YIU0GT73tkq
> ubYtJ3vXznLbpBdjtH95/5sCUXN3D8S+/d3lxydP5hpRmVVi5TicWFI/iEPKRcsQ
> jvz1ZeI+ZCLGMPIQk8lwt2LLyG3EhQxq8/Pths0HJi9F2ul3DDU0fo4/ilGRI3Rj
> ETnUfqXw1xpxaT5RPB+G
> =Ki9u
> -END PGP SIGNATURE-

Many thanks )

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a36d8131-7879-439a-b1bb-dd41d3bfbdd7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread Rusty Bird

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

odindva0...@gmail.com:
> I am using version R 4.O and recently decided to set up a new Vpn connection .
> But when I try to select the type is only giving me AppVM and
> Standalone option so obviously I can't move forward . I am attaching
> picture of it so you can see it youself :
> https://imgur.com/a/xTmpUDX .

Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
in older Qubes versions.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbgZ8sXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfaqwP/RLtbBETqXUmN+euKfYuJq8+
pSuEOJ5K3fu3IJKdXxpmNpPQwgX8gnmWJiTP2KZZQWLGZhvh9yVplEVRzrekXFwu
jnqnhEaHMCdoeuzya3hz/Rc1Wn5dn/9lRqDyaJ86pQskHRoZwT3nV7rfCo71esAG
dFH5YNsXycnl+sap+N3oloG100b8ZwD6qc7mjwbYs3xH/tJTjtCkOF8i86OYYt8H
Tg1Z4UIyWP21cvbacY/7hcVnGSZ9HLXPCz33zv1pLL1UhOimKXuMzsbXlIEZPVcQ
ZUW9z5zC4r5hmDMy0DU8HqHqsYBVzeYUWwMEOyQSMTrxpDOJfWfxiZz+BUDPhcfW
PsfMMKknwR07e+d37dnbVu3qPDVRcjaQ4i5f1uoTu8HJzI+4XAuofgOvolKtR5p0
EkrkkSl8fBDMANlVDTtEY/eTkquq5sy3q/ga0fbW35OvuMpO9kNC5cqzxetYxe1j
smHJYNyvfcf2B23Sn1sswSSAajPIzRHjkxnRfAWLGZsY4q+3eWh87YIU0GT73tkq
ubYtJ3vXznLbpBdjtH95/5sCUXN3D8S+/d3lxydP5hpRmVVi5TicWFI/iEPKRcsQ
jvz1ZeI+ZCLGMPIQk8lwt2LLyG3EhQxq8/Pths0HJi9F2ul3DDU0fo4/ilGRI3Rj
ETnUfqXw1xpxaT5RPB+G
=Ki9u
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825182548.GA1101%40mutt.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to see videos higher then 360p !

2018-08-25 Thread odindva0101

Hi all 

Some videos which are 720p or 1080p show up only as 360p in qubes.
However some of them are showing in full quality.
Thought this is quiet strange .
If anyone knows where the issue is please comment.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6cc6e289-215a-429b-8a6f-14ca38f341b2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread odindva0101

Hey guys ,

I am using version R 4.O and recently decided to set up a new Vpn connection .
But when I try to select the type is only giving me AppVM and Standalone option 
so obviously I can't move forward . I am attaching picture of it so you can see 
it youself : https://imgur.com/a/xTmpUDX .
If annyone can point me to what's wrong will be great.

Much appreciated

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c70e6fb-8c78-4935-b22d-067196aa50db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Sat, August 25, 2018 3:27 pm, Daniil .Travnikov wrote:
> On Saturday, August 25, 2018 at 10:59:22 AM UTC-4, awokd wrote:
>

>>
>> OK, then I guess your only option is to do what you were doing and keep
>>  the USB controller in sys-net. This isn't necessarily a bad thing;
>> there's an option on Qubes install to configure it like that, but it
>> lessens separation of devices.
>
> Maybe do you know how can I install this Qubes option about you said? Or
> maybe in some point from docs?

Manually assigning the USB controller to sys-net accomplishes the exact
same thing as the setup option.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c5f320e3c2b011a4395ca60b297aaba.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Saturday, August 25, 2018 at 10:59:22 AM UTC-4, awokd wrote:
> On Sat, August 25, 2018 2:45 pm, Daniil .Travnikov wrote:
> > On Saturday, August 25, 2018 at 10:20:02 AM UTC-4, awokd wrote:
> >
> >> On Fri, August 24, 2018 2:23 pm, Daniil .Travnikov wrote:
> >>
> >>
> >>> When I am choosing this device:
> >>> '00:14.0 USB controller: Intel Corporation Device a36d (rev 10)'
> >>>
> >>>
> >>>
> >>> and start VM, I see that all usb controllers going to work from this
> >>> started new VM.
> >>>
> >>>
> >>> Like you already saw in the list of pci above I have only 1 USB
> >>> controller in the list (when I run the command 'lspci'). But in my
> >>> laptop I have 3× USB 3.1 Type-A and they all going to started with VM.
> >>>
> >>
> >> Missed seeing that, actually!
> >>
> >>
> >>> Maybe existing some way, when I can connect only those usb ports
> >>> which has include devices at the time?
> >>
> >> Can you leave the USB controller in sys-usb, then use qvm-usb to attach
> >>  just the modem to sys-net? Not sure that would actually work. Is that
> >> what you did in 3.2?
> >
> > Actually when I used Qubes 3.2 it was been the server which was have the
> > several usb controllers. And I assume that my laptop have only 1
> > controller which connected to 5 usb ports. Maybe that's why I see only
> > one usb controller in Devices tab.
> >
> >
> > When I put in my any usb flash card I can see it when I write command
> > 'qvm-block', but when i put in my usb modem this command do not show my
> > device.
> >
> > I checked modem, he is still working on another laptop.
> >
> >
> > When I write this commands now:
> > 'qvm-block'
> > 'qvm-usb'
> >
> >
> > I see empty results:
> > 'BACKEND:DEVID  DESCRIPTION  USED BY'
> 
> OK, then I guess your only option is to do what you were doing and keep
> the USB controller in sys-net. This isn't necessarily a bad thing; there's
> an option on Qubes install to configure it like that, but it lessens
> separation of devices.

Maybe do you know how can I install this Qubes option about you said? Or maybe 
in some point from docs?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f321979-89eb-491a-8687-bb7c2b55a341%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Assign Sata Device to Qube

On Sat, Aug 25, 2018 at 06:33:25AM -0700, Who Cares wrote:
> Hi there,
> 
> I want to assign my HDD directly to a specific HVM Qube.
> Its connected per Sata.
> I already tried with "lspci" or "qvm-pci" but I never find my HDD.
> With "qvm-block" I find it at dom0:sdb but how can I assign the complete HDD 
> to a specific Qube even after restart like I can assign PCI devices in the 
> Qubes Device Manager?
> 
> The Qube is an HVM which needs to access the HDD because I want to install a 
> Linux based System(Kerio control) which cannot handle the Qubes-System that 
> offers the Space on the System Drive. So I need to pass through a complete 
> HDD that is supported by this System(Kerio-control) I want to install in the 
> HVM.
> 
> Hopefully someone got a Solution :)
> 
> Thanks so far!
> 
In 3.2 you could just edit the conf file under /var/lib/qubes...

In 4.0:
Have a look at
https://dev.qubes-os.org/projects/core-admin/en/latest/libvirt.html

You want to add a new device: use normal Xen configuration.
https://libvirt.org/formatdomain.html#elementsDisks will help.
Use the phy driver, and specify the source as /dev/sdX, and target dev on your 
qube.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825151742.tkfxa3e4eehospdz%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Server HVM network problem

On Fri, August 24, 2018 5:34 pm, Who Cares wrote:

>> Windows Server VM --- sys-net2 (bridge on Lan2 interface)
>>
>>
>> Windows Client VM --- sys-firewall --- sys-net1 (on Lan1 interface to
>> same network)
>
> I just assigned the second LAN to the Win-serv Vm this worked just fine
> here :)

You assigned the second NIC device directly to Win-serv? Good idea, that
makes sense too if nothing else needs it!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d2ebde4b2f30e98e2718b4d1b392628.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Sat, August 25, 2018 2:45 pm, Daniil .Travnikov wrote:
> On Saturday, August 25, 2018 at 10:20:02 AM UTC-4, awokd wrote:
>
>> On Fri, August 24, 2018 2:23 pm, Daniil .Travnikov wrote:
>>
>>
>>> When I am choosing this device:
>>> '00:14.0 USB controller: Intel Corporation Device a36d (rev 10)'
>>>
>>>
>>>
>>> and start VM, I see that all usb controllers going to work from this
>>> started new VM.
>>>
>>>
>>> Like you already saw in the list of pci above I have only 1 USB
>>> controller in the list (when I run the command 'lspci'). But in my
>>> laptop I have 3× USB 3.1 Type-A and they all going to started with VM.
>>>
>>
>> Missed seeing that, actually!
>>
>>
>>> Maybe existing some way, when I can connect only those usb ports
>>> which has include devices at the time?
>>
>> Can you leave the USB controller in sys-usb, then use qvm-usb to attach
>>  just the modem to sys-net? Not sure that would actually work. Is that
>> what you did in 3.2?
>
> Actually when I used Qubes 3.2 it was been the server which was have the
> several usb controllers. And I assume that my laptop have only 1
> controller which connected to 5 usb ports. Maybe that's why I see only
> one usb controller in Devices tab.
>
>
> When I put in my any usb flash card I can see it when I write command
> 'qvm-block', but when i put in my usb modem this command do not show my
> device.
>
> I checked modem, he is still working on another laptop.
>
>
> When I write this commands now:
> 'qvm-block'
> 'qvm-usb'
>
>
> I see empty results:
> 'BACKEND:DEVID  DESCRIPTION  USED BY'

OK, then I guess your only option is to do what you were doing and keep
the USB controller in sys-net. This isn't necessarily a bad thing; there's
an option on Qubes install to configure it like that, but it lessens
separation of devices.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e44b33d468db5fda901a554713eb0dd.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Assign Sata Device to Qube

On Sat, August 25, 2018 1:33 pm, Who Cares wrote:
> Hi there,
>
>
> I want to assign my HDD directly to a specific HVM Qube.
> Its connected per Sata.
> I already tried with "lspci" or "qvm-pci" but I never find my HDD.
> With "qvm-block" I find it at dom0:sdb but how can I assign the complete
> HDD to a specific Qube even after restart like I can assign PCI devices
> in the Qubes Device Manager?

No native way to do it I know of, but you could maybe use dom0 scripts.
See https://github.com/QubesOS/qubes-issues/issues/3820 for some ideas.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90020576dca448aa8b098232edf0349c.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes as server

On Sat, Aug 25, 2018 at 06:40:01AM -0700, Who Cares wrote:
> I did the same and you just should keep in mind that the sys-firewall would 
> block any communication between VM's or between Clients and Qubes VM´s.
> 
> Someone posted this Link:
> https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes
> it helped a lot.
> 
> Just make sure that you either update iptable rules for each of your Service 
> VM´s (for example Web-server-VM) or connect the Service VM's directly to 
> sys-net without sys-firewall but this is, I think, not recommended.
> 

Definitely not recommended and unnecessary.
The Qubes networking structure is flexible enough to let you do pretty
much whatever you like without unduly compromising security.

If you have 2 NICS, you could allocate one to a new sys-net and get even
greater isolation between your standard qubes and those offering
external services: DMZ on the cheap.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825145059.qwzs3unbb6zlpaf3%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unable to start standalone vm based on debian-9

2018-08-25 Thread Fernando

On Friday, August 24, 2018 at 6:22:31 AM UTC-3, awokd wrote:
> On Wed, August 22, 2018 3:03 pm, Fernando wrote:
> > On Wednesday, August 22, 2018 at 10:39:19 AM UTC-3, Fernando wrote:
> >
> >> Hi,
> >>
> >>
> >> This morning I updated my standalone debian-9. From what I remember, it
> >> updated the linux image and a few other packages, and it didn't remove
> >> any of qubes dependencies.
> >>
> >> After a system reboot, I'm unable to start the domain. I think I
> >> didnt't shutdown the standalone vm manually before the reboot.
> >>
> >> $ qvm-start mind
> >> Cannot connect to qrexec agent for 60 seconds, see
> >> /var/log/xen/console/guest-mind.log for details
> >>
> >>
> >> $ tail /var/log/xen/console/guest-mind.log
> >> [.[0;32m  OK  .[0m] Reached target Network is Online.
> >> You are in emergency mode. After logging in, type "journalctl -xb" to
> >> view system logs, "systemctl reboot" to reboot, "systemctl default" or
> >> ^D to try again to boot into default mode.
> >> Press Enter for maintenance.
> >>
> >>
> >> I've read in the forums about using xen console to login and try to fix
> >> it, but I cannot access the vm:
> >>
> >> $ sudo xl console mind
> >> mind is an invalid domain identifier
> >>
> >> The domain is not listed in the output of "sudo xl list".
> >>
> >>
> >> Any ideas on how can I fix my standalone vm? Any help is greatly
> >> appreciated.
> >>
> >> Thanks,
> >>
> >>
> >> Fernando.
> >>
> >
> > I forgot to mention that I'm using Qubes 4.0 and non-standalone VMs are
> > working as usual.
> >
> > I'm trying to resume work using the standalone backup, but unfortunately
> > restoring it is also failing :(
> 
> Try to enable debug mode on the HVM. This should show a console which
> might give you an idea where it's failing, and generate an additional log
> file in /var/log/xen/console. Review both HVM related logs for errors.
> Also, double check the kernel setting- if it's showing a version try
> changing it to (none) or an older version.

Hi awokd,

Thanks for the response. Since this was my work vm I had to find a quick 
solution and I ended up recreating the standalone vm. 

I created a backup of the broken vm and then used the emergency recovery 
instructions to extract the data from it. This gave me some relief that even in 
worst case scenario, I'll be able to recover data.

If I find this issue again I'll keep in mind your tips and give them a try.

Thanks and best regards.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/988b1bbb-f046-4e14-b820-06644f52d428%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Saturday, August 25, 2018 at 10:20:02 AM UTC-4, awokd wrote:
> On Fri, August 24, 2018 2:23 pm, Daniil .Travnikov wrote:
> 
> > When I am choosing this device:
> > '00:14.0 USB controller: Intel Corporation Device a36d (rev 10)'
> >
> >
> > and start VM, I see that all usb controllers going to work from this
> > started new VM.
> >
> >
> > Like you already saw in the list of pci above I have only 1 USB
> > controller in the list (when I run the command 'lspci'). But in my laptop
> > I have 3× USB 3.1 Type-A and they all going to started with VM.
> 
> Missed seeing that, actually!
> 
> > Maybe existing some way, when I can connect only those usb ports which
> > has include devices at the time?
> 
> Can you leave the USB controller in sys-usb, then use qvm-usb to attach
> just the modem to sys-net? Not sure that would actually work. Is that what
> you did in 3.2?

Actually when I used Qubes 3.2 it was been the server which was have the 
several usb controllers. And I assume that my laptop have only 1 controller 
which connected to 5 usb ports. Maybe that's why I see only one usb controller 
in Devices tab.


When I put in my any usb flash card I can see it when I write command 
'qvm-block', but when i put in my usb modem this command do not show my device.

I checked modem, he is still working on another laptop.

When I write this commands now:
'qvm-block'
'qvm-usb'

I see empty results:
'BACKEND:DEVID  DESCRIPTION  USED BY'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e3e4497-2ce6-4a23-8194-a297c54c6bf4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't assign LTE USB Modem (Non-endpoint PCI devices cannot be assigned to guests)

On Fri, August 24, 2018 2:23 pm, Daniil .Travnikov wrote:

> When I am choosing this device:
> '00:14.0 USB controller: Intel Corporation Device a36d (rev 10)'
>
>
> and start VM, I see that all usb controllers going to work from this
> started new VM.
>
>
> Like you already saw in the list of pci above I have only 1 USB
> controller in the list (when I run the command 'lspci'). But in my laptop
> I have 3× USB 3.1 Type-A and they all going to started with VM.

Missed seeing that, actually!

> Maybe existing some way, when I can connect only those usb ports which
> has include devices at the time?

Can you leave the USB controller in sys-usb, then use qvm-usb to attach
just the modem to sys-net? Not sure that would actually work. Is that what
you did in 3.2?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b68a62d4c0fc5a0296af46e11aebae6a.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to ccache kernel compilations

2018-08-25 Thread Marcus Linsner

On Friday, August 24, 2018 at 1:14:09 PM UTC+2, Marcus Linsner wrote:
> For posterity, the modifications (applied on top of 'qubes-linux-kernel' 
> repo's tag 'v4.14.57-2') that I used to achieve the above, are here:
> https://github.com/constantoverride/qubes-linux-kernel/commit/ac9a975512bdc67dc12c948355b14dfdcc229b1a
> (also attached just in case github goes away, somehow)

The way I tried to compile kernel in this thread was wrong(because installing 
it in dom0 would fail due to compilation VM being Fedora 28 instead of 25 and 
thus missing some new libs; on a Fedora 25 VM compilation would fail). 

The right way to compile a VM (and dom0?) kernel is by using qubes-builder 
(which chroots to a fc25(aka Fedora 25, which is what dom0 is on) even though 
we're running inside a Fedora 28 VM): thanks to fepitre for telling me the 
steps here 
https://github.com/QubesOS/qubes-linux-kernel/pull/22#issuecomment-415453140

I'll keep track of my kernel compilation progress here: 
https://gist.github.com/constantoverride/825717e0136f804aa6ebf66293234b57
(like making ccache work for this version of compilation steps)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab3b33ab-5519-4c68-95bb-18aee89b8731%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes as server

2018-08-25 Thread Who Cares

I did the same and you just should keep in mind that the sys-firewall would 
block any communication between VM's or between Clients and Qubes VM´s.

Someone posted this Link:
https://www.qubes-os.org/doc/firewall/#enabling-networking-between-two-qubes
it helped a lot.

Just make sure that you either update iptable rules for each of your Service 
VM´s (for example Web-server-VM) or connect the Service VM's directly to 
sys-net without sys-firewall but this is, I think, not recommended.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e2df1ac-8416-4e9c-bc09-41455391a23c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Assign Sata Device to Qube

2018-08-25 Thread Who Cares

Hi there,

I want to assign my HDD directly to a specific HVM Qube.
Its connected per Sata.
I already tried with "lspci" or "qvm-pci" but I never find my HDD.
With "qvm-block" I find it at dom0:sdb but how can I assign the complete HDD to 
a specific Qube even after restart like I can assign PCI devices in the Qubes 
Device Manager?

The Qube is an HVM which needs to access the HDD because I want to install a 
Linux based System(Kerio control) which cannot handle the Qubes-System that 
offers the Space on the System Drive. So I need to pass through a complete HDD 
that is supported by this System(Kerio-control) I want to install in the HVM.

Hopefully someone got a Solution :)

Thanks so far!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/74735d81-08a2-4df5-9094-dfab61f011ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes as server



> Hello,
> 
> I am considering the feasibility of using Qubes as the OS for a home server.  
> 
> I am aware it is primarily a desktop OS at this time (although I hope with 
> Qubes Air on the horizon that may change to accommodate the server space 
> better), and can live with configuring the system locally via a GUI; but I 
> would like to run at least two or three VMs which each offer a service (a web 
> server, a media streaming service, etc) to external connections.
> 
> I previously did something like this with VirtualBox on Linux, and was able 
> to assign a couple of VMs with their own IPs and SSH instances, etc.
> 
> Is this something I can realistically achieve with Qubes?
> 
> Thanks in advance for any advice.
> 
Yes, it is.
Qubes isn't designed with this in mind, but it can easily be used in
this way.
You'll need an understanding of Qubes networking and be able to push
traffic from sys-net down to the target qubes. This is quite well
documented.

If you hit any problems just post here.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825123619.4cbv3dmvwcgl5enr%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Verification

On Sat, Aug 25, 2018 at 07:47:19AM +0200, q7zjm...@tutanota.com wrote:
> Hey, I'm a complete rookie who does not know what he's doing, which is why I 
> need help with how to verify the ISO. For instance, I have no idea how to 
> fetch the Qubes Master Signing Key using GPG, or what GPG is; can someone 
> explain this to me?
> 

I suggest you read the guide at
https://www.qubes-os.org/security/verifying-signatures

That will tell you how you can get the Master Signing Key.

GPG is encryption software.
To use it you generate a key pair and then use that to encrypt and
decrypt files. There is a public key and a private key. 
You can share the public key with other people.
The private key you keep private.

If you want to encrypt a file to send to some one else, you use
their public key.

You can also use GPG to SIGN files. This generates a digital signature.
The signature confirms that the file is unchanged and was signed by you.

I think the best guide to get started is the manual:
https://www.gnupg.org/gph/en/manual/book1.html
The "Getting started" section is pretty clear.

For more information about using gpg look at:
https://emailselfdefense.fsf.org/en/infographic.html
and that site generally.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180825123330.p37uqw2qqppbwxvt%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dracut and a detached LUKS header