[qubes-users] How to make AppVM date persist?

[Jon deps]

Hello, using Fedora-29 , I've used timedatectl set-timezone 
in the template and the AppVM but it keeps reverting to UTC.

dom0 is set to my localtime correct,  my updatevm is sys-net which is
using debian-9 template


hence, all my thunderbird emails are stamped to UTC , I'd rather they
were set to localtime


sorry if this is a basic question

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9556dda3-c816-03cd-a289-1b8177ebbffb%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

[billollib]

On Thursday, January 31, 2019 at 9:47:37 PM UTC-5, kitchm wrote:
> The basic concept here is clarify what is being discussed. 
> There appears to be two things; one is how a mail-list works
> and the other is how a mail-list is not as good as a forum.
> [snip]

Maybe I'm not getting something here.  What is absolutely necessary in a 
"forum" that is not present in Google Groups?  You can search it, it's 
archived, and threads are separated.  The only thing I can think of that more 
complex forum software might give you would be categories of posts. Since you 
can set this up to send and receive emails just like a mailinglist, it seems to 
me you can use it however you want.  I don't get what this is about.

A professional organization I belong to uses a mailinglist instead of a forum 
for two reasons:

1) A mailinglist is push, while a forum is pull.  Once you have the mailinglist 
set up, you don't have to "do" anything to get it -- it just appears in your 
mailbox and you read and respond as you feel.  In contrast, with a forum, you 
have to *go* to the forum, log in, and interact.  That's effort.  The 
organization found that about 25% of the mailinglist subscribers stopped 
participating when it tried out a forum.

2) This does not apply to this group, but the organization explicitly does not 
want to keep archives for legal reasons.  A forum almost necessarily means 
archives, but you can set up a mailinglist to act as a nothing more than a 
relay.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a5c3454-6866-4d75-891e-ef08ee95f789%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

[Eric]

What is all the fuss about? I am replying here from the
Qubes user forum that is integrated into the mailing list
since October last year. A link to this thread:
https://qubes-os.info/index.php?t=msg=650=0;
This forum is currently unofficial but seems to work fine.
Only has a few months worth of data so far but a Google
search pulls up the groups entries for older stuff.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a34.5c53cd8e%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

[kitchm]

The basic concept here is clarify what is being discussed. 
There appears to be two things; one is how a mail-list works
and the other is how a mail-list is not as good as a forum.

Being able to retrieve old e-mails assumes one has a mail
store.  Either one keeps them on their own computer by
downloading them from the server thru POP3, he accesses them
from the server by IMAP or she has to access a mail-list
server so see them thru the web interface.

In the case of the mail-list server, one may also use his or
her own e-mail client program, such as Thunderbird, Claws or
other program.  Both of these programs can handle newsgroups
and Usenet listings.

Google bought Dejanews archives of the postings on Usenet. 
They then started Google Groups while still maintaining a
gateway to Usenet.  It makes some sense that if one can
handle newsgroups then one should be able to handle
googlegroups.  Sadly, such is not the case.

Being Google, they opted for a proprietary setup and do not
allow access like the standard methodology of the Usenet. 
Another strike against Google.

Therefore, there is no reason to use Google Groups at all. 
If I have to go to another program to view the information
shared between people, then I will use a forum.  At least I
can see that in a properly graphical way.  Not only that,
but all postings after my initial one will come right to my
e-mail client.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a33.5c53b345%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Franz]

On Thu, Jan 31, 2019 at 2:11 PM Stuart Perkins 
wrote:

>
>
> On Thu, 31 Jan 2019 18:01:58 +0100 (CET)
> 19hundreds <19hundr...@tutanota.com> wrote:
>
> >
> >I agree at some level with what you are saying however, the current
> mailing list has a lot of valuable information so I believe it's gonna be
> hard to se it replaced with something else.
> >
> >Beside the unofficial resources listed by others, I add
> https://reddit.com/r/qubes  (it's SO
> comfortable!)
> >
>
> Some of us who keep e-mails off line have the additional benefit of having
> an archive of all e-mails since joining the list.  I can search them for
> something BEFORE asking a new question.  I have done so with this group a
> few times already and not had to bother asking something which was already
> asked and answered.
>
> I use claws-mail to retrieve all of my e-mails (about 27 different e-mail
> accounts...one paid for [legal expectation of privacy] and several
> gmail/hotmail/yahoo) and since claws-mail is configured to store e-mails as
> discrete files, I can search them with grep and other *nix utilities.  I
> have an archive going back almost 30 years with over 700,000 discrete
> e-mails from the many groups I used to belong to, as well as private
> stuff.  It is far easier to just store them than to sort through them for
> deletion...but they are organized by folders/directories to make it easy to
> ignore the ones not pertinent for the time.
>
>
Unbelievable!! I always thought that the only practical way to retrieve old
emails was using a google account, but you seem to suggest that you are
able to do the same  with claws-mail. How much space does 700K emails take?
Because you seem to keep them on your computer, correct? And does the
search of old emails work as convenient as google?

-- 
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/2019013054.64e034c6%40gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAyMATTi_qXm6ptBu0P0Hr%2B4f%3DeRiw5NzuM%3DJFq2pEmRg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME and AEM/HEADS

[Illidan Pornrage]

On 1/30/19 4:45 PM, Alexandre Belgrand wrote:

Le mercredi 30 janvier 2019 à 12:38 +0100, Maillist a écrit :

Only if you configure it that way.Also, even if you do, you wanna
make
sure it only accepts updates signed by your personal key.


Interesting. Could you point out the documentation explaining how.
Thanks.



I recently answered much of the spcifics in this mailing list, search 
for my name.


Write to me directly for specific inquiries, you are explicitly allowed 
to post my answer to the mailinglist.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58d3e428-b063-9abb-dc9a-f651e0bb614e%40pornrage.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Re: why mail-list?

[kitchm]

Oh, sorry if I was not clear.  I was speaking of industry
standards and Microsoft is certainly not one of them.  I
guess I assumed that everyone understood that.  Again, a
problem with education.

Further, when speaking of standards, not only was I not
referencing proprietary ones, but I was speaking of
generally accepted usability ones.  The standard way the
forums are laid out is exemplified by this one here.  This
is generally accepted as an intuitive format.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a30.5c5369b0%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: why mail-list?

[Stuart Perkins]

On Thu, 31 Jan 2019 14:52:31 -0500
kitchm  wrote:

>The problem is more fundamental.
>
>In all things, we need to seek more commonality and
>simplicity in our lives.  In computer related issues, I have
>found over the years that people who do not understand how
>things work (thanks to the poor educational systems) simply
>like to add more complexity because they do not know to
>follow industry standards.  The other possibility is that
>some do not want to change to better methodologies because
>of a sad conservative mind-set.
>
>In the case of digital communications, everything is based
>upon voice (telephone), written words (document files and
>e-mail) and the visual (videos and web pages).  When it
>comes to forums, either for discussion and/or for help, the
>interface has traditionally been thru the browser window
>into industry standard forum software, with the e-mail part
>used only for notifications and private messages.
>
>With that said, mailing lists were the old method before
>there was a graphical user interface available.  There is
>little reason for its  use any longer, and quite frankly, I
>cannot think of a good one.
>
>For this day and age, using anything other than standard
>forum software is detrimental to usability and productivity.
> That's just how it is, and there is no reason to go
>backwards in these things.
>
>We do not download forum databases; rather we expect the
>hosts to maintain that for our use.
>

Using software because everyone else is using it sounds very Microsoft to me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190131145552.30e8a1be%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: why mail-list?

[kitchm]

The problem is more fundamental.

In all things, we need to seek more commonality and
simplicity in our lives.  In computer related issues, I have
found over the years that people who do not understand how
things work (thanks to the poor educational systems) simply
like to add more complexity because they do not know to
follow industry standards.  The other possibility is that
some do not want to change to better methodologies because
of a sad conservative mind-set.

In the case of digital communications, everything is based
upon voice (telephone), written words (document files and
e-mail) and the visual (videos and web pages).  When it
comes to forums, either for discussion and/or for help, the
interface has traditionally been thru the browser window
into industry standard forum software, with the e-mail part
used only for notifications and private messages.

With that said, mailing lists were the old method before
there was a graphical user interface available.  There is
little reason for its  use any longer, and quite frankly, I
cannot think of a good one.

For this day and age, using anything other than standard
forum software is detrimental to usability and productivity.
 That's just how it is, and there is no reason to go
backwards in these things.

We do not download forum databases; rather we expect the
hosts to maintain that for our use.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2e.5c5351ff%40qubes-os.info.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[19hundreds]

Jan 31, 2019, 5:15 PM by no...@noses.com:

> Before we begin:
>
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
> Am Donnerstag, den 31.01.2019, 18:01 +0100 schrieb 19hundreds:
>
>>
>> I agree at some level with what you are saying however, the current
>> mailing list has a lot of valuable information so I believe it's
>> gonna be hard to see it replaced with something else.
>>
>
> The problem is rather getting the people who are providing the answers
> to use something else. It's a case of the prohpet having to walk to the
> mountain... (People like to use mailing lists because dealing with them
> fits their normal working environment and information archival tools.)
>
> Besides: Mail teaches you patience. There is nothing worse than the
> entitled Interweb Power User who is not getting an answer within 60
> seconds.
>
>> Beside the unofficial resources listed by others, I add 
>> https://reddit.com/r/qubes >>  (it's SO 
>> comfortable!)
>>
>
> Reddit is definitely less comfortable if you use it in a desktop
> environment/web browser than any well configured mail client. It is
> usable without network connection. And let's not get into the
> indignities of searching something in that trash heap.
>

I agree all the way with you and Stuart Perkin. The problem for me is that I 
don't have an anonymous-enough IMAP or POP enabled account so I'm stuck with 
Tutanota webinterface. If you know the interface you can imagine the pain in 
following a thread. There is no tree-groupping for a start.

I know that Protonmail recently adopted some kind of IMAP solution but I didn't 
have the time to look into it. I don't know anyone who can send me a riseup 
invitation code ... it's kind of a blocking situation for me.

I suppose (but I'm not sure) that the OP is referring to these kind of 
situation. 

I can mention also another situation: I've just read the post about 
debian-9-minimal template. I need to say that the 
`qubes-core-agent-passwordless-root` is missing (I'm not sure if it's 
intentional) but I don't have the email downloaded in my email client so I 
can't reply there.

So, yes, the ML is a good thing. Perfect? not for all.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX_KuC_--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[Stuart Perkins]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256



On Thu, 31 Jan 2019 19:12:09 +0100
Zrubi  wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>On 1/31/19 3:32 PM, unman wrote:
>> I know many people using Qubes 4 with 12GB and HDD, without
>> issues. SSD is better, but not a must.  
>
>Technically you are right.
>
>In practice, the user experience (HDD vs SSD) is not even comparable.
>The price difference is is also not an issue, totally worth it.
>
>I would say: today, a newly built desktop PC without SSD is a bad
>decision. Even if running a conventional OS.
>

Obviously, we are dealing with competing needs here.  The overall need for 
security AND the need for "speed".  Obviously, Qubes is a fairly resource 
intensive approach to security, which is acceptable as far as I'm concerned.

I am still using Qubes 3.2 for now.  I have a mixed machine...Lenovo T520 
(coreboot...ME disabled...one of the last ones where this is easy), 160G SSD 
2TB HDD, 16GB Ram.  It works quite well.  

I'm about to move to Qubes 4...

The SSD is encrypted and boot/main OS/dom0 drive, with the templates on the 
encrypted SSD but with some VM images kept on the HDD due to size.  I have 
almost filled up the HDD, so I'm a bit of a disk hog.

Even though the HDD is not itself encrypted, critical data is kept in encrypted 
containers on the appVM's with the key on a memory card.  Scripts in Dom0 mount 
the block device of the memory card to an appVM, then call a script on the 
appVM to mount the block device and decrypt the container using the key, then 
mount the container locally and unmount the key device.  All I do is remove the 
key card and stop the appVM's (or just unmount the encrypted containers) for 
the first level of "security"...when I'm away from my desk for a while, and 
don't trust the screen lock to be adequate (haha...does anyone trust it, even 
though they finally updated it for XFCE4?).  

A full shutdown then requires a valid decryption phrase just to boot up AND the 
key card to get to the important stuff...plus my machine is rarely out of my 
sight.  

It may seem a bit overkill to some, but since I work with HR data a lot and 
sometimes have local copies of sensitive information (I try not to, but 
sometimes tools on my machine make my work MUCH more efficient than just using 
what my client has available),  

The stories of a stolen laptop compromising PI data (Personal 
Identification...SSN's etc...) abound. I consider this a minimal security 
scheme primarily due to the information I have access to and the 
possibility...no matter how remote...of me being lax at the wrong time and 
someone walking off with my laptop.

I also VPN to my home system where I run an openVPN server whenever I gather 
e-mails via pop access with my local client (especially the gmail ones, since 
gmail likes to block access from unknown ip's...which is a royal pain for a 
road warrior) or do certain other stuff.  I have the VPN setup on my mail appVM 
and on sys-firewall, and can run it for just the e-mails or for everything 
(except tor) as desired.  

I plan to continue with this scheme when I go to Qubes 4, except I may also 
encrypt the HDD...I just need to find enough space to put everything in the 
meantime.  :)

Stuart
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEg3cTCwPFs8wewas+M1E7j4SmKVQFAlxTRyAACgkQM1E7j4Sm
KVTOcQf/fodRbzgDBvCBx3Jde8RzyoZI8Eq9eBO+X5nsm+VQT1/dR4M5PRL/VO+t
dECwen3uNJ6KWGFrZdGsSiV7+BrXhHUl9fb1Xpw+7IWSVsnVav+rPlWiw1pfju60
QlQVlx1lYyJPoTgxGm8yTSPCuEVz2wGG3/K2LANhVWVsHBzyXzT5474EPhQlVI0G
zBZymmxqFWVMhWr8N1lyK6E6hbWjlrDV7IKCFGxV874lFhuZeJKJ2AkZTIoWaCuP
PamOIhWEkGCHCv8so6XLLMPW7UwpbPRakJ41yGfUd/H0aZFdOks4P+wZoOrARz1j
cK7UBH1T0v2r3uhv8+A8qxze8AoQCg==
=F4qb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190131130532.2fc14262%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 1/31/19 3:32 PM, unman wrote:
> I know many people using Qubes 4 with 12GB and HDD, without
> issues. SSD is better, but not a must.

Technically you are right.

In practice, the user experience (HDD vs SSD) is not even comparable.
The price difference is is also not an issue, totally worth it.

I would say: today, a newly built desktop PC without SSD is a bad
decision. Even if running a conventional OS.

- -- 
Zrubi
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxTOnAACgkQVjGlenYH
FQ1yRw//QTFl0okHoR54aqSj88RZKEIbJ1Jn5UCYF3so48uabCgNJaWvtbyRreWj
1dGUV+OsmtVjAC9XP+WA8LPTmraIdjvicrDdY7ulWKxvqRvvxOj7aFxLCOmF4vHU
3Wf/xDY5pu83lHorAafx30qLuWeyXVF2P1bhYNGmrzmcNCkRojicPJwcp5fTs5BX
FDTt8cdq5TrOLU7mAPo4gffSIZBr3Q32Nx/csGhvI/C9Rk7yZYvl+pm7jVxEh+cJ
E1O5TK5jfzXzP3EfgU0FXLFowJRo0Dew/McooFWEJWRpmMr+vHGxBc0reXkRXvQC
nLnj71sfMFNbHbvDTENMOp4zCkVSpvJjXooO6wrGztFWavK9EOt/OiX0NhoUcu2r
CDqLjVHT/YU2IGEbBeHmWhfUFD6eD1cieXOj9XORosjL2Lqss+ffKRzeFuiYBe9q
6pJon2yBaEVw7XE7oLPIR2WoFZnZD9TS00FnqT/qpvB7e+M2sl6dz6fywYN5qDof
eYYes110Hl1jPmElThD14iGqxWY66V9s+6ByD5xF3oyN5UdFZnjKVsxWc4zcioh1
zshRYCeGaasMRoKilWr5eFSrj+LtJpVdo3tkJT+1wz85O5ywO8vOwn9lFOts+0a6
2YFM4aXzU5iRJDB8X4TY8w7wtjGDRLYHd+DBhBd9Gmv9v3bFDcM=
=3i2s
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9288ba99-8774-5a04-bbaf-3a9ca3f0da61%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Achim Patzner]

Before we begin:

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

Am Donnerstag, den 31.01.2019, 18:01 +0100 schrieb 19hundreds:
> 
> I agree at some level with what you are saying however, the current
> mailing list has a lot of valuable information so I believe it's
> gonna be hard to see it replaced with something else.

The problem is rather getting the people who are providing the answers
to use something else. It's a case of the prohpet having to walk to the
mountain... (People like to use mailing lists because dealing with them
fits their normal working environment and information archival tools.)

Besides: Mail teaches you patience. There is nothing worse than the
entitled Interweb Power User who is not getting an answer within 60
seconds.

> Beside the unofficial resources listed by others, I add 
> https://reddit.com/r/qubes (it's SO comfortable!)

Reddit is definitely less comfortable if you use it in a desktop
environment/web browser than any well configured mail client. It is
usable without network connection. And let's not get into the
indignities of searching something in that trash heap.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a17b18aa441098bb0cf347142d91376634501270.camel%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[Stuart Perkins]

On Thu, 31 Jan 2019 18:01:58 +0100 (CET)
19hundreds <19hundr...@tutanota.com> wrote:

>
>I agree at some level with what you are saying however, the current mailing 
>list has a lot of valuable information so I believe it's gonna be hard to se 
>it replaced with something else.
>
>Beside the unofficial resources listed by others, I add 
>https://reddit.com/r/qubes  (it's SO comfortable!)
>

Some of us who keep e-mails off line have the additional benefit of having an 
archive of all e-mails since joining the list.  I can search them for something 
BEFORE asking a new question.  I have done so with this group a few times 
already and not had to bother asking something which was already asked and 
answered.

I use claws-mail to retrieve all of my e-mails (about 27 different e-mail 
accounts...one paid for [legal expectation of privacy] and several 
gmail/hotmail/yahoo) and since claws-mail is configured to store e-mails as 
discrete files, I can search them with grep and other *nix utilities.  I have 
an archive going back almost 30 years with over 700,000 discrete e-mails from 
the many groups I used to belong to, as well as private stuff.  It is far 
easier to just store them than to sort through them for deletion...but they are 
organized by folders/directories to make it easy to ignore the ones not 
pertinent for the time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2019013054.64e034c6%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] why mail-list?

[19hundreds]

I agree at some level with what you are saying however, the current mailing 
list has a lot of valuable information so I believe it's gonna be hard to se it 
replaced with something else.

Beside the unofficial resources listed by others, I add 
https://reddit.com/r/qubes  (it's SO comfortable!)

-- 
1900
https://www.reddit.com/user/19hundreds 



Jan 30, 2019, 11:32 PM by marmot...@riseup.net:

> hi here,
>
> I understand that list mail is pretty useful,
>
> but ... come on, this is not really common user-friendly
> example 1 : I cannot know what it be said before I subscribe to it
> example 2 : I know some users of Qubes than who don't give a chance to
> that mail list, cause it is a new level of complexity (use of a good
> mailing software) for people who already have already some troubles with
> the very! useful man pages.
>
> I understand that is pretty more useful than an obscure forum in many
> cases BUT another example, there is common questions like
> WhatStuffICanUseWithQubes who a new user want to know at the instant
> s.he test it and s.he maybe never will ask the question nor know the
> good answer.
>
> I am (maybe?) not saying than Qubes need a forum, but, come on, there is
> another solutions, which can complete this one, and will (maybe!) not
> rely in google.
>
> So, the real question is :
> There is someone who takes care about it and optionally, Qubes_dev?
>
> Thanks for reading my broken gramar
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/cbdc13f7-6fcd-ebbf-d74d-977d9b821...@riseup.net
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXZr1KR--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Reversing dom0 testing repo installation

[unman]

On Wed, Jan 30, 2019 at 03:28:17PM +0100, qubes-...@tutanota.com wrote:
> 
> Just a humble reminder for my question. I tried to research the topic, but 
> didn't move anywhere. Can anyone advice me please?
> 
> Jan 28, 2019, 3:59 PM by qubes-...@tutanota.com:
> 
> > hi, I accidentaly downloaded and installed the dom0 update from the testing 
> > repo. Is there any way to reverse the action and keep only the stable 
> > version?
> >
> > I already disabled the testing repo in the /etc/yum.repos.d/qubes-dom0.repo
> >
> > Thank you
> >

Check /var/log/dnf** to see exactly what changes have been made to your
system

If you are using a Fedora based qube as UpdateVM, then you can use the
downgrade option:
qubes-dom0-upgrade action=downgrade 

I'm not familiar with this and don't use it. It isn't an option if you are
using Whonix or another Debian based UpgradeVM

In that case, you can get a list of all the available versions:
qubes-dom-update --action=list --showduplicates 

And then should be able to install a specific version:
qubes-dom-update package-version

It's a little more long winded, but you are exercising full control.
Hope that helps somewhat.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190131150632.tjsrviwzynazcnp3%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME and AEM/HEADS

[Alexandre Belgrand]

Le jeudi 31 janvier 2019 à 14:21 +0100, Maillist a écrit :
> INTEL_CHIPSET_LOCKDOWN

Nice feature. This makes impossible to update BIOS without physical
access to the chip. I was unaware of this feature, thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/81b171b7d9667d677e79112573d7f04efaa6a072.camel%40mailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[unman]

On Thu, Jan 31, 2019 at 11:50:13AM +0100, Zrubi wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 1/31/19 11:45 AM, Panini Panini wrote:
> > 16GB RAM doesnt work fine? and a ssd with 500gb instead of hdd will
> > be more good?
> 
> 16GB is fine, but the more is the better ;)
> SSD is a must.
> 
> - -- 
> Zrubi
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxS0t8ACgkQVjGlenYH
> FQ3upBAApx/izY/jRjiIDxTlPlQLyJlZ8ixQ3bhE2alRPTsNsjoqRGDYUs9LIPtN
> 6zUxocd+OKWQha5YD83L4X5bVx32UPYveihg32eDXXfCQLSl5vqPt/76kMcODi2a
> vPZOan28TqGHPBybKbo41sGEKvOdsfZASJryRkfsp1j7DMEVprsTuQHMKrtLjyvb
> +OCkBdvtUv3DUap6Y2vxEhCAklSE8XsO+GHFBpim1mJliHRw9sv0NcXDb1SrkVhi
> vAROGSv5qVfucelQfUSpZhBMyl0ivuWaVjqEDwWloGMFXtzA0WZgVKfMUpVGQ83Y
> hEaByR9DTe4WtrWBUx7Zpcme2oBGOmFmEiDG3NBWtrt7V7vf8V222hNl/d6M0aX4
> RauWy6+2BoNj5Cig7O4tfyZ8be3+xKpSRh97vhoW041jvVQyhuYkOM3S93VTgDDd
> WfvlWZZZfGa8YzONNCSE7k/kFEVPQnyB9TkY343xLhQT8af7zeYyesKCm+3aVhtR
> x/e58QeKmx1yBxIWM5Ww50jqXqiQDuZHB96Grzr3Hz4Y7FmEbpgCd+g5B4wIuKX+
> iDfYTIEtEdIUjXwFcYRC5q4v8mamiU26X7VoQ6WGw0WK+jN2BAy6xnEHh14Ads/+
> ncZOzv7p//SxfkdZ0e36X6GsVgDFV8Tslzx7p31tuKmbL+JX7AM=
> =J6+L
> -END PGP SIGNATURE-

I know many people using Qubes 4 with 12GB and HDD, without issues.
SSD is better, but not a must.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190131143250.4ljtch4vo2swkcpw%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME and AEM/HEADS

[Maillist]

Hello,

i woulnd be aware of any documentation regarding this, except this:

https://coreboot.org/status/kconfig-options.html

The option you want to set while configuring coreboot is, depending on
your goal:

INTEL_CHIPSET_LOCKDOWN

and:

LOCK_SPI_FLASH_NO_ACCESS

Quote from the Documentation:

Select this if you want to protect the firmware flash against all
further accesses (with the exception of the memory mapped BIOS re-
gion which is always readable). The locking will take place during
the chipset lockdown, which is either triggered by coreboot (when
INTEL_CHIPSET_LOCKDOWN is set) or has to be triggered later (e.g.
by the payload or the OS).

NOTE: If you trigger the chipset lockdown unconditionally,
you won't be able to write to the flash chip using the
internal programmer any more.

As you can see, depending on how you configure it, imo coreboot is a lot
more secure then stock BIOS, not to mention the fact that it is
opensource , and you can do a lot of fun stuff with payloads, like 2fa
und full disk encryption, which also prevents Evil-Maid attacks at /boot.

Personally, i just like the idea of controlling my own devices, the
security is a nice added benefit tough.;)

I only really go down the security rabbithole with older architectures
like Sandy/Ivy bridge, im not convinced its worth the effort with new,
fully blobbed architectures personally.

Also, keep in mind that if it comes to Evil Maid attacks, the best one
can do is take care of the low hanging fruits.There are just so many
options, and while you also could prevent reflashing the BIOS-chip
externally , i wouldnt be aware of any practical ways of preventing
stuff like hardware-keyloggers in your keyboard etc. Of course, one can
always glue in all screws, or fill the holes with glitter-glue, so any
modifications would be visible.

cheers

On 1/30/19 4:45 PM, Alexandre Belgrand wrote:
> Le mercredi 30 janvier 2019 à 12:38 +0100, Maillist a écrit :
>> Only if you configure it that way.Also, even if you do, you wanna
>> make
>> sure it only accepts updates signed by your personal key.
> Interesting. Could you point out the documentation explaining how.
> Thanks.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13e1145b-7c9e-5413-1615-0e0bd9e2902e%40cryptogs.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME and AEM/HEADS

[Maillist]

Yes, that is correct.

On 1/30/19 4:33 AM, Frank Beuth wrote:
> On Tue, Jan 29, 2019 at 10:09:23PM -0500, Chris Laprise wrote:
>> On 1/29/19 8:59 PM, Frank Beuth wrote:
>>> Can someone explain the interaction between Anti Evil Maid/HEADS and
>>> the Intel Management Engine to me?
>>>
>>> I read an article which stated that disabling Intel ME also prevents
>>> installing AEM (and related technologies), but I am not sure why (or
>>> if this is really true). Is ME needed to access the TPM?
>>
>> Someone correct me if I'm wrong... IIRC the ME processor is needed to
>> operate the TXT feature which verifies code present at boot. TXT
>> utilizes a TPM but is separate.
>>
>> https://en.wikipedia.org/wiki/Trusted_Execution_Technology
>>
>> Newer systems also have the TPM built into the CPU and I believe these 
>
> That makes sense, thank you.
>
> Apologies if this is getting offtopic, but: one author suggested that
> modern versions of Coreboot could (in absence of Intel ME or AEM)
> reduce Evil Maid attacks to physical attacks requiring the attacker to
> open the laptop and physically reflash the SPI flash.
>
> Does this sound correct?
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f9b96b5-3c93-7a5d-dbfb-1098fc10b6f4%40cryptogs.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[Foppe de Haan]

On Thursday, January 31, 2019 at 11:45:29 AM UTC+1, Panini Panini wrote:
> joi, 31 ianuarie 2019, 02:32:03 UTC-8, Panini Panini a scris:
> > nJoy Titan 600, 600W Real Power, PFC Activ, 80 Plus Bronze
> >  Seagate Barracuda, 2TB, 3,5'', 256MB
> >  ASUS PRIME H270-PLUS, LGA1151, H270, TPM, M.2
> >  Intel Core™ i5-7400, 3.00Ghz, Kaby Lake, 6MB, Socket 1151, BOX
> > Corsair Vengeance LPX 8GB DIMM, DDR4, 2400 MHz, CL 16, 1.2V, X2
> 
> 16GB RAM doesnt work fine? and a ssd with 500gb instead of hdd will be more 
> good?

ah, I didn't understand the "x2" as such.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd29d109-020e-4374-a1cf-3ed19b63d13f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Upgrades for dom0-Qubes 4; on system reboot skips plymouth, usb kb dies, can't enter decrypt pw

[Lorenzo Lamas]

On Monday, January 28, 2019 at 7:55:06 PM UTC+1, qubert wrote:
> First visible error on screen:
> [FAILED] Failed to start Setup Virtual Console
> Second vis error:
> [FAILED] Failed to start Show Plymouth Boot Screen.
> 
> No problem, eh? Because a few lines later, it prompts me for the passphrase 
> for the encrypted disk. Awesome.
> 
> But every time, as soon as it gets there, my keyboard light goes dead, and I 
> of course can't type anything in.
> 
> I have tried four different keyboards. All keyboards are USB, three are 
> wired, one wireless. Have also tried multiple different usb ports, some usb 
> 2.0 and some usb 3.
> Have been using the system just like this for many months with two different 
> usb keyboards. Nothing changed except running the dom0 upgrade (from qubes 
> manager right-click), and I rebooted immediately after.
> 
> When I edit the boot options by eliminating "quiet" I get exactly the same 
> prompt for the luks decrypt password, except it adds this as the final 
> logging line (this line also overwrites the area in which I should be 
> entering the decrypt pw):
> [ 3.407261] clocksource: Switched to clocksource tsc
> 
> Removing 'rhgb' in addition to quiet eliminates the plymouth boot error, but 
> I still get dumped out onto the terminal password entry line and as soon as 
> that line comes up the keyboard light goes off every time!
> 
> Obviously without a keyboard, I can't even get tty, much less enter the 
> unlock passphrase.
> 
> I'm effectively locked out, and before I start messing with it and changing 
> things, thought I would ask to see if anyone out there knows what might be 
> wrong
> 
> Thanks!

You can try removing rd.qubes.hide_all_usb from boot options, if it is present.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a73f8163-935e-41d8-8859-4d42da8c9956%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[Zrubi]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 1/31/19 11:45 AM, Panini Panini wrote:
> 16GB RAM doesnt work fine? and a ssd with 500gb instead of hdd will
> be more good?

16GB is fine, but the more is the better ;)
SSD is a must.

- -- 
Zrubi
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxS0t8ACgkQVjGlenYH
FQ3upBAApx/izY/jRjiIDxTlPlQLyJlZ8ixQ3bhE2alRPTsNsjoqRGDYUs9LIPtN
6zUxocd+OKWQha5YD83L4X5bVx32UPYveihg32eDXXfCQLSl5vqPt/76kMcODi2a
vPZOan28TqGHPBybKbo41sGEKvOdsfZASJryRkfsp1j7DMEVprsTuQHMKrtLjyvb
+OCkBdvtUv3DUap6Y2vxEhCAklSE8XsO+GHFBpim1mJliHRw9sv0NcXDb1SrkVhi
vAROGSv5qVfucelQfUSpZhBMyl0ivuWaVjqEDwWloGMFXtzA0WZgVKfMUpVGQ83Y
hEaByR9DTe4WtrWBUx7Zpcme2oBGOmFmEiDG3NBWtrt7V7vf8V222hNl/d6M0aX4
RauWy6+2BoNj5Cig7O4tfyZ8be3+xKpSRh97vhoW041jvVQyhuYkOM3S93VTgDDd
WfvlWZZZfGa8YzONNCSE7k/kFEVPQnyB9TkY343xLhQT8af7zeYyesKCm+3aVhtR
x/e58QeKmx1yBxIWM5Ww50jqXqiQDuZHB96Grzr3Hz4Y7FmEbpgCd+g5B4wIuKX+
iDfYTIEtEdIUjXwFcYRC5q4v8mamiU26X7VoQ6WGw0WK+jN2BAy6xnEHh14Ads/+
ncZOzv7p//SxfkdZ0e36X6GsVgDFV8Tslzx7p31tuKmbL+JX7AM=
=J6+L
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1231bb5a-276c-ef87-5b25-6f521fd16aea%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[Foppe de Haan]

On Thursday, January 31, 2019 at 11:32:03 AM UTC+1, gabia...@gmail.com wrote:
> nJoy Titan 600, 600W Real Power, PFC Activ, 80 Plus Bronze
>  Seagate Barracuda, 2TB, 3,5'', 256MB
>  ASUS PRIME H270-PLUS, LGA1151, H270, TPM, M.2
>  Intel Core™ i5-7400, 3.00Ghz, Kaby Lake, 6MB, Socket 1151, BOX
> Corsair Vengeance LPX 8GB DIMM, DDR4, 2400 MHz, CL 16, 1.2V, X2

should work fine, though once you decide whether you want to move to qubes 
permanently, you'll probably want more RAM, and an SSD.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e127fe15-ed61-456b-8406-5f629ec3ec9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: hcl for qubes 4.0 or 4.0.1 is it good?

[Panini Panini]

joi, 31 ianuarie 2019, 02:32:03 UTC-8, Panini Panini a scris:
> nJoy Titan 600, 600W Real Power, PFC Activ, 80 Plus Bronze
>  Seagate Barracuda, 2TB, 3,5'', 256MB
>  ASUS PRIME H270-PLUS, LGA1151, H270, TPM, M.2
>  Intel Core™ i5-7400, 3.00Ghz, Kaby Lake, 6MB, Socket 1151, BOX
> Corsair Vengeance LPX 8GB DIMM, DDR4, 2400 MHz, CL 16, 1.2V, X2

16GB RAM doesnt work fine? and a ssd with 500gb instead of hdd will be more 
good?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddd98417-59aa-4ffb-a6f5-93af27afa059%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] hcl for qubes 4.0 or 4.0.1 is it good?

[gabiadini13]

 nJoy Titan 600, 600W Real Power, PFC Activ, 80 Plus Bronze
 Seagate Barracuda, 2TB, 3,5'', 256MB
 ASUS PRIME H270-PLUS, LGA1151, H270, TPM, M.2
 Intel Core™ i5-7400, 3.00Ghz, Kaby Lake, 6MB, Socket 1151, BOX
Corsair Vengeance LPX 8GB DIMM, DDR4, 2400 MHz, CL 16, 1.2V, X2 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77c09f1a-c83b-43fc-b0b3-754f0fcbf865%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.