date:20190304


On 3/4/19 8:59 PM, Sphere wrote:

Thanks for this unman
I tried the commands you suggested and it still ended up with the very same "Error: 
Unable to find a match"
I'll track that issue you raised to know when it gets fixed (Y)



Have you tried "sudo dnf clean all" in dom0?

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05eec101-25fc-3b80-2417-9663448d4bb0%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

2019-03-04 Thread airelemental




Mar 4, 2019, 12:03 PM by brendan.h...@gmail.com:

> My recommendations, incorporating some other previous recommendations.
>
> 0) After install, clone the baseline templates, then re-point all the 
> non-standalone VMs to the clones. Update the clones regularly.
> ...
> 4) Keep a list of all modifications you have made to each template, any 
> standalone VMs or to dom0 in your vault or in online storage: e.g. all 
> rpms/debs added to baseline template, kernal version or option changes, 
> pulled/built packages, configuration changes, etc. This will reduce your 
> annoyance level when you decided to/are forced to rebuild the system from 
> installation media and new templates and keep finding gaps when you are 
> attempting to work.
>

For added packages in debian/whonix templates, if you are keeping the baseline 
template around, don't need to track them manually. Can just run `apt-mark 
showmanual` in the baseline and then the cloned template, then diff -u them to 
get a list of added packages.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_B4Gwe--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

I also don't do anything in dom0.  absolutely nothing. 

 and If I have to restore my system.  The only thing I'm restoring is the 
appvms.I will manually reinstall Qubes and re clone two or three extra 
templates I need,  and manually reinstall the software I need in them.

I have not used paranoid mode to restore appvms yet.  But when the time comes I 
will be looking into it.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3319ab0-c97f-4c4d-9eaa-c13cf14df415%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?


.   I only make clone template when I'm going to install extra software.  In 
case it borks something or is shady.  For example I have cloned template 
for disposable vm,  where I install printer drivers.   One for personal  vm's 
that I installed libre office.  One for sys-usb and sys-net. 

Most my trusted vms use standard templates.  I use both debian and fedora.  one 
for less trusted trusted,  one for more trusted trusted.

Having alot of templates is a real resource hog and a pain to update. I feel 
its more important to compartmentalize with appvms rather then get caught up in 
having multiple templates.   Unless you are going to be installing alot of 
software or testing with them.

When I backup.  I don't backup templates.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/158e62e1-a96d-4822-9cdf-35eaad0b5ca6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

found it 
https://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ce363ef8-1036-4386-9824-900fa6456bc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

I found it.  
http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6655bd6e-cf68-45b4-bb5b-9bb4150c0887%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

On Sunday, February 24, 2019 at 3:18:07 PM UTC-5, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 24/02/2019 1.53 PM, dexinthec...@gmail.com wrote:
> > Just recently installed Qubes being new to Linux altogether I
> > haven’t quiet developed my own best practices and the documentation
> > online has a pretty steep learning curve. Anyway I was wondering
> > what do you guys usually perform after a clean install. What do you
> > do on a weekly basis, monthly, annually etc? How do you optimize
> > Qube OS or is it already pretty optimized?
> > 
> 
> Take a look at this page, if you haven't already:
> 
> https://www.qubes-os.org/doc/security-guidelines/
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxy+/cACgkQ203TvDlQ
> MDBNChAAuqB56ZEUGJMS53K85SVJrs1QQrYC62eDDDorLW8IZ6U+6qh1YakL05+K
> dDv1taa/wL70ipnwO0fQaFJurAMryYZ0twHNfZg5gJsTVK9gSgGkQdoAeePc0Bhr
> 7kx7jpELajdHAiK+idTvXR0A8Gpqu1aA37D+nVjEFNGhouHD8yHT3nltnjLaxiC+
> FftreprJP/ot8OZ5klxDi6epVtCUy85Oi9t50wdPI9NUCGQYILqxbmENuzZBLCx/
> uSRo7U7PboEKNbCGEVSXtKnGMcs6U9UyAAifOiHiHN+QznA+gOuc9EfyOAxm3/L8
> zKYJMJ1dQwQ9SL1i2JuJc5pxjO/6CL8yH6l7mX1mXnVVmzxrDTDojJWeUwlF03nM
> ek9/ufAFiE+6ztkZmKRwJAGfwW6B4uyxG27c6c85MxeZ9BcIQb+M5PEB8XQV4+79
> OvXRtxiEQ4YVKCGbn4dyRRRyO40HcTRNqOwHzV4i2ubI46GS2jvMBLidxbXX4UKs
> MUBQ5CFVPQP8Y7CB+6+KKRwEDUorqA/zhYaC3RumMuSUHmMGaJGCUq8Dl1EF9sS9
> rFKwZmTkwTMm9P7NVYazHfYtNvTUVnJk0JAP5he9MotEMrP8pU4UC59m+cGBX8SY
> EpAiahASBFEqnL2g8KY6pCDVSWmZ0lywcDOqogyc9hE/i/phQL4=
> =fFLo
> -END PGP SIGNATURE-

Andrew do you have the link to the blog post JOanna made showing how she 
compartmentalize her daily life in Qubes.  I was looking other day couldn't 
find it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fa706d0-7ca6-4b72-ae49-7108819b2ed7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Deleting debian-9 template and getting a new one returns an error: "Error: Unable to find a match"

2019-03-04 Thread Sphere

Thanks for this unman
I tried the commands you suggested and it still ended up with the very same 
"Error: Unable to find a match"
I'll track that issue you raised to know when it gets fixed (Y)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c5ae297-2706-41f1-8051-edd467d8847c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Best practices?

2019-03-04 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 04/03/2019 1.40 PM, Chris Laprise wrote:
> [...] You can also take this a step further and make a snapshot of
> the dom0 root volume before updating. With the default Qubes config
> this is a quick process and means using 'lvcreate --snapshot' on
> the qubes_dom0/root volume. For completeness, a copy of /boot and
> boot sector should also be made just before the snapshot.
> 

How would one use this snapshot to recover? Would you mind contributing
documentation about this so that those of us who aren't well-versed in
LVM can benefit?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlx9z54ACgkQ203TvDlQ
MDD0OxAAojuRtAdTDPAWIFxlH9dXLhx2L0ql22DZzybNlwOyW8LHhuhtaNuGi1aU
GKDh627WtIwxylb+rroIpkSjT5iP1yPdipuYC06dbVGG8UxAIEEjYa2G/HZ8t0Us
GVVXcZoRmmDtVdM10bHFogF/JOrZx8zJbb0vgL3avwHlH/rbWMmmxVw8yaMws+f3
7RUh1T53R2tGgGpL1PnspCE8Is6B1go4ah68kzZtvYbU9cL2mgq1R2U5rOxZf17h
ofM6jfaJpbT9rM0rwrDJXd6cx+Sa6bh/cH4UPFYVmMC4rQo5x/zyvsLDoyad3Jrk
L50pkK5fjCpmSV+TpNNK1BF8Glxlv22QmYg7HVMnY12viQNEGhnqw1ssOt9jCBCO
3XBq3b+EvIudEwVR6FkWq+tfZJfYiGnWRzXXt/fU25qFwsRwSPcJcSfNMgoXKh5S
x1OeAdZ03YWvecgJ8auLwTwJJKtT6M4ft6JfwpF3TRuZLszgyjFIKY3ZAUnGbyS1
X35goYzTQfCCULHFPGWydw7l6CUgdRCvgYhReopcHus5gTGNYTFz7VHQZpiDNadA
QPUFH/s2ZiRdCsmVHR0NkG9r/ntOMfg4gPAjPLWa+DR8CoTpye+7A959CSLeVYa3
uiPzgGrLuRs8ivQ6e5JlfXvBtvgGQogiVYUcZkiSdtJ3hNFxD3g=
=I7b9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f631c83-0b36-3a8b-3c6e-c1629fe826ce%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Best practices?

2019-03-04 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 04/03/2019 6.03 AM, brendan.h...@gmail.com wrote:
> My recommendations, incorporating some other previous 
> recommendations.
> 
> [...]
> 
> 1) Backup your templates and Qubes.

Strongly agree. The need for backups is not Qubes-specific, but it is
at least as important with Qubes as it is with computers in general.

> 2) Test restore your backups onto a new Qubes installation once 
> after the first backup and at least twice a year. Certainly before 
> repaving your primary machine with a new install.

Remember that there's also `qvm-backup-restore --verify-only`. I
recommend using this immediately after every backup you create.

> 3) Backup extremely important files (your source code, legal 
> documents, etc.) to appropriate storage elsewhere. E.g.
> github/etc. for public source code, (secure) removable media or
> trusted secure online services (e.g. spideroak) for legal docs.

I suggest pairing this with qvm-backup. In other words, for confidential
data, use qvm-backup to create an encrypted (and optionally compressed)
authentication- and intengrity-protected backup before uploading it to
the cloud.

> 4) Keep a list of all modifications you have made to each
> template, any standalone VMs or to dom0 in your vault or in online
> storage: e.g. all rpms/debs added to baseline template, kernal
> version or option changes, pulled/built packages, configuration
> changes, etc. This will reduce your annoyance level when you
> decided to/are forced to rebuild the system from installation media
> and new templates and keep finding gaps when you are attempting to
> work.

Yes, keeping a list is highly recommended.

> 5) Keep dom0 customizations to a minimum. There are no templates
> to save you.

I'm not too worried about this, because my customizations are all
backuped up when I qvm-backup dom0.

> 6) Update dom0 sparingly, only after making backups, only as 
> needed.

I have to caution against this. Delaying dom0 security updates "voids
the warranty" with respect to a lot of the security that Qubes offers. I
recommend installing security updates ASAP. (This is not the same as
recommending that everyone use the security-testing repo. I mean that
regardless of whether you choose to use security-testing, you install
available security updates as soon as they're available to you, but
always make a backup first.)

> There are no templates to save you.

That's what backups are for. :)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlx9z40ACgkQ203TvDlQ
MDD12g//bWjBXS4/AxX10hVU3lBbp3Lb1Dux0GhmHWG13G/qkb20DHVID+oTAX3c
Hr4d1Yb/ZwbttLMOmGtkel3QPF2VgOZbSK6hks0qt4Ia4yj0EsyrS87mBgyeAxiW
eUtcuYhr572QTZfUUvYlzp9XeX/pZrO/DqqL/7HTvaB5UEafvRsG6A/ZYMCsCg/s
Ktj90zi3x8jVcTvjqbvNDSjnRUA1AY3YCXDO4opfqH4+DNGFnHKndrEhqvua1Ss7
Hsg+0IfoHWitZF0ajiEJ+XDFZDscSmb9/aONqQ6YZi9+kbt/udNNw7vEI/4YtU0E
Gvhmp9cr2hMkP+Wa9FBm05F4a76RJuj8+DUUvG8LRExxS7OETitUa0XJ97pN9qlT
IZcYDezjXHnlKk/Q8K/4leJtDQDfqYQlGYAO9HVlmAM/t7MQOda80bmJ346BmUnu
76gIHoTOptN9by88jBGLfhlZAhlnyETfpfau9YndkROUkKCMvQeAFSEwXPrFPijf
J0kjpXRf7cUTlMM/4q03+uTrgCbkZpyBvlDLZM0iwoyB4yQgSKGjZsT/uxnp5q86
1L9QCKBWtVo6SrTlU4R8BYVP880LpKeoliM/PQasxzxD3g3xuOdHpWllc4OHtdVn
dLoC3bEz8MH237Aj5Saj6QohUKpRYb4Zzx9h7XuWYPgpYNDDvY4=
=ZVe+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b247804-fa44-ebc4-8cb6-8534e4e4b13c%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] suggestion for Qubes-Updater

2019-03-04 Thread haaber


I realized that the little icon-launcher qubes-updater does not seem to
run "apt-get autoclean" type commands. Once your apt cahce is too large,
updates fail, and the user does not see why (!). This should maybe
reviewed.  best,   Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d24f729-8e5e-b306-bed1-bedab20c557d%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QUBES_GPG_AUTOACCEPT not being honored in 4.0

On Mon, Mar 04, 2019 at 09:07:02PM +0100, cubit wrote:
> 
> 
> 
> Mar 4, 2019, 3:10 PM by un...@thirdeyesecurity.org:
> 
> > What shell are you using in gpg?
> > Try putting the export line in .profile and restart gpg. Any different?
> >
> 
> That did the job.   I had it originally listed as I mentioned in 
> .bash_profile which was sourced by .bashrc which was sourced by .profile  but 
> I guess something went wrong along the chain.
> 

No, it was an (undocumented) change as a result of a change in the
shell used in init. I've updated the docs to make this clear.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190305002147.gobqoncd3qhk2jdc%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] #ReactOS 0.4.11 is out!! Supported new AHCI SATA controllers, but still not installing in Qubes 4.0


On 3/4/19 1:44 PM, Sergio Matta wrote:

ReactOS 0.4.11 is out!! Supported new AHCI SATA controllers, more #Software 
working thanks to correct manifest loading, #RTL support, new Update feature... 
More info: https://reactos.org/project-news/reactos-0411-released … Download it 
from: https://reactos.org/download
It boots but does not recognize any drive to install.


So they got better at running on bare metal, but still clueless about 
running as a VM guest.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55233ba3-3239-8559-25d8-535aa988d88e%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QUBES_GPG_AUTOACCEPT not being honored in 4.0

2019-03-04 Thread cubit




Mar 4, 2019, 3:10 PM by un...@thirdeyesecurity.org:

> What shell are you using in gpg?
> Try putting the export line in .profile and restart gpg. Any different?
>

That did the job.   I had it originally listed as I mentioned in .bash_profile 
which was sourced by .bashrc which was sourced by .profile  but I guess 
something went wrong along the chain.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_9JGEO--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Could Qubes Installation Configuration Be More User Friendly?

On 3/3/19 11:12 PM, Sphere wrote:

I believe this is because of a vast difference of manpower and popularity
between Ubuntu and Qubes. Also taking into consideration the use-case of Qubes
when it comes to popularity.

Even what Ubuntu can do is fairly limited. Have a look at their support
forums... what you'll see is a whole lot of Nvidia troubleshooting
threads. So I believe the difference between Ubuntu and Qubes in this
respect is a matter of degree that may not be so great.

The larger problem is that the relationship between Microsoft and large
hardware vendors gives a false impression that PCs are made of things
that are just made to be "compatible". No - They are made to be
compatible with Windows and a lot of the stuff that's inside is based on
proprietary secrecy. A subset of models promise to be Linux compatible,
but most users don't think to look for these because they labor under
the aforementioned false impression.

But I will say - A system labeled as Linux-compatible is a pretty good
starting point for Qubes. There is no guarantee, but if it means taking
a chance on an unreported make/model then Linux-compatible status
improves your chances that Qubes will work.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/29663b78-40c2-d39d-ddbe-0e9a3e90a2de%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

2019-03-04 Thread 'awokd' via qubes-users


Chris Laprise wrote on 3/4/19 7:40 PM:

You can also take this a step further and make a snapshot of the dom0 
root volume before updating. With the default Qubes config this is a 
quick process and means using 'lvcreate --snapshot' on the 
qubes_dom0/root volume. For completeness, a copy of /boot and boot 
sector should also be made just before the snapshot.


Good idea, thank you. This will help for kernel updates in particular.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0ba5f2b-a9aa-b1cf-d38b-ab080e8a502b%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

On 3/4/19 7:03 AM, brendan.h...@gmail.com wrote:

My recommendations, incorporating some other previous recommendations.

I have not seen many (if any) cases of people ruining all their working
templates. So I would only follow this advice if I intended to use only
one template on my systems.

Otherwise, it may be better to simply use the Qubes-installed templates
normally, and make a temporary clone when experimenting.

The reasons are that most users have more than one template anyway,
Qubes can often revert template changes (i.e. remove the bad update),
keeping non-updated templates can be a security liability, updating the
extra templates is a burden, and they eventually eat disk space. Also,
if worse comes to worse somehow, then a template rpm can be taken from
the Qubes install media, etc. and that can be used to download a
_current_ version of your preferred template(s).

Its also worth noting that if you really want to keep template clones
around, there are a couple ways to do it that don't populate VM menus
and lists: One way is to snapshot the template -root volume, and another
is to simply backup the template VM.

4) Keep a list of all modifications you have made to each template, any
standalone VMs or to dom0 in your vault or in online storage: e.g. all
rpms/debs added to baseline template, kernal version or option changes,
pulled/built packages, configuration changes, etc. This will reduce your
annoyance level when you decided to/are forced to rebuild the system from
installation media and new templates and keep finding gaps when you are
attempting to work.

IMO this should be #1, because consistency matters a great deal esp.
when modifications have some impact on security. Re-doing customizations
based on memory is for the birds, and its not hard to remember to write
something down when changing a template or dom0.

6) Update dom0 sparingly, only after making backups, only as needed. There are
no templates to save you.

You can also take this a step further and make a snapshot of the dom0
root volume before updating. With the default Qubes config this is a
quick process and means using 'lvcreate --snapshot' on the
qubes_dom0/root volume. For completeness, a copy of /boot and boot
sector should also be made just before the snapshot.

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/31b9043b-248d-59f6-b5ad-63acf5dc9ccd%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] #ReactOS 0.4.11 is out!! Supported new AHCI SATA controllers, but still not installing in Qubes 4.0

2019-03-04 Thread Sergio Matta

ReactOS 0.4.11 is out!! Supported new AHCI SATA controllers, more #Software 
working thanks to correct manifest loading, #RTL support, new Update feature... 
More info: https://reactos.org/project-news/reactos-0411-released … Download it 
from: https://reactos.org/download 
It boots but does not recognize any drive to install.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56306726-e8e9-4fb4-84af-9186f80fa556%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Hardware support

2019-03-04 Thread 'awokd' via qubes-users

Mike Keehan wrote on 3/4/19 2:07 PM:

On Mon, 4 Mar 2019 12:41:23 +
"'Robin Murison' via qubes-users" wrote:

Both say I am doing the right thing and that IOMMU should be working
and I do not see my processor or mother board specifically on the
supported hardware list.

my machine is custom built:

Processor (CPU) AMD Athlon 5350 Quad Core APU (2.05GHz/AM1) &
Radeon™ HD8400
Motherboard ASUS® AM1M-A: (M-ATX, DDR3, USB 3.0, 6Gb/s)

Hi Robin,

Qubes does a hardware test to determine if the IOMMU works.

According to Wikipedia's "List of IOMMU-supporting hardware" page,
https://en.wikipedia.org/wiki/List_of_IOMMU-supporting_hardware
there are some ASUS motherboards that do not work correctly with
IOMMU support. You may be unlucky.

There was a bug in earlier versions of Qubes that didn't report AMD
IOMMU correctly. Thought it was fixed in 4.0.1, but try ignoring the
warning and proceeding with the install. If it has trouble creating
sys-net later on, the warning may be accurate. If you can get it
installed enough to get to dom0, run qubes-hcl-report and note the last
5 yes/no lines.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1967c49a-6ab8-675a-659a-d4fb1ee5caf6%40danwin1210.me.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 29 HiDPI Resolution

2019-03-04 Thread Daniil Travnikov

On Sunday, February 3, 2019 at 11:54:23 PM UTC+3, Achim Patzner wrote:
> How are you trying to do it?
>
> Achim

For example in Debian 9, Whonix WS and Whonix GW I am doing this:
"
echo Xft.dpi: 240 | xrdb -merge

set in /etc/X11/Xresources/x11-common (for Whonix in:
/etc/X11/Xresources/x11-common)
Xft.dpi: 240
"

and it is affect not only Template, it works for all new AppVM's too.

But when I am trying to do the same for Fedora 29, it is works only for
template, not for AppVM's.
Instructions from here:
https://github.com/Qubes-Community/Contents/blob/master/docs/customization/dpi-scaling.md

Also for Fedora 29 I tried this:

1. sudo nano /etc/dconf/db/local.d/dpi

[org/gnome/desktop/interface]
scaling-factor=uint32 2
text-scaling-factor=0.75

2. gsettings set org.gnome.settings-daemon.plugins.xsettings overrides
"[{'Gdk/WindowScalingFactor', <2>}]"

3. gsettings set org.gnome.desktop.interface scaling-factor 2
gsettings set org.gnome.desktop.interface text-scaling-factor 0.75

Maybe someone solved this problem or I missing something?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f327e25c-e76f-435d-994f-b199f9c4428e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 29 HiDPI Resolution

2019-03-04 Thread levonsar8

On Sunday, February 3, 2019 at 11:54:23 PM UTC+3, Achim Patzner wrote:
> How are you trying to do it?
>
> Achim

For example in Debian 9, Whonix WS and Whonix GW I am doing this:
"
echo Xft.dpi: 240 | xrdb -merge

set in /etc/X11/Xresources/x11-common (for Whonix in:
/etc/X11/Xresources/x11-common)
Xft.dpi: 240
"

and it is affect not only Template, it works for all new AppVM's too.

Also for Fedora 29 I tried this:

1. sudo nano /etc/dconf/db/local.d/dpi

[org/gnome/desktop/interface]
scaling-factor=uint32 2
text-scaling-factor=0.75

2. gsettings set org.gnome.settings-daemon.plugins.xsettings overrides
"[{'Gdk/WindowScalingFactor', <2>}]"

3. gsettings set org.gnome.desktop.interface scaling-factor 2
gsettings set org.gnome.desktop.interface text-scaling-factor 0.75

Maybe someone solved this problem or I missing something?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/886f2817-a8da-4697-9d0b-86ee5b6c60a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Oryx Pro laptop (BOOTX64.cfg for Qubes 4.0.1)

2019-03-04 Thread Daniil Travnikov

Finally I did it! Thanks to those who responded and did not remain indifferent 
to my situation.

Especially,

'Shahin Azad' who gave me this url-instruction: 
https://www.engetsu-consulting.com/blog/installing-qubes-4-0-on-laptops-with-nvidia-gpus-that-do-not-support-the-nouveau-driver

and

'0brand' who told me how to use this instruction in right way.



This is my steps:

1. I copied .iso-file to linux system.
2. Opened terminal and start command 'sudo su -'
3. 'chmod u+w /path/to/file.iso'
4. 'nano vim /path/to/file.iso'
5. Edit those lines which described in url: 
https://www.engetsu-consulting.com/blog/installing-qubes-4-0-on-laptops-with-nvidia-gpus-that-do-not-support-the-nouveau-driver
6. Saved file and write on flash drive in DD-mode.


I know, maybe this is not that easiest way, but this worked for me in my case.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db587bd3-37c1-4392-bee8-b9fa6538b36b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Structure of qubes

2019-03-04 Thread acharya . sagar . sagar5

> lsmod confirms that is LKM : you can also check by looking in
> /proc/modules

Thank you. I'm on it! :D
I'm not switching back to Ubuntu, I'm getting things done here.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2be89c68-1b41-492e-b088-24ce264d63ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

The internet was amazing in the 90s and early 2000s.  Then chatroom and forum 
trolls and russian spammers infested everything.  And it all crashed and died.

IMO the internet is now called facebook, instagram, twitter and youtube.   
because its the corner Americans have been backed into.   But now that is also 
under attack, and the negatives are starting to outweight the positives, so it 
will be interesting what the future holds.

Just like Tsutomu Shimomura,  I believe the same morals and principles we apply 
in the physical realm need to be applied to the digital realm before anything 
changes for the better.  People feel way too entitled and untouchable.

But before that happens its probably only going to get worse.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9053b81-1b59-4f02-a1ee-2d66d36e2c2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

On Monday, March 4, 2019 at 10:04:38 AM UTC-5, qube...@tutanota.com wrote:
> Feb 23, 2019, 12:23 AM by raahe...@gmail.com:
> 
> > and it would still require alot more discipline and restraint not to post 
> > exposing information about yourself online,  that would defeat the purpose 
> > of using something like facebook or twitter imno.Again not something I 
> > could see practical for daily life.   Are there propagandists  and 
> > government agents on these sites.  Of course,  but even they have a 
> > separate personal digital life somewhere.The world is getting faker by 
> > the minute,  we don't need more fakes.
> >
> 
> This: "The world is getting faker by the minute,  we don't need more fakes."
> 
> I cant agree more cooloutac. Lets than not engage in the services which are 
> faking everything with their censorship, manipulations, social engineering, 
> surveillance, human rights violations for their profit and other uncountable 
> malicious reasons, which are today very well documented. Lets use .onion 
> sites for expressing your opinions instead. Where you can just finally come, 
> and say what you fucking really think about the matter openly in your real 
> words, without any fake poses forced on you. And get a real, uncensored 
> feedback too. Does this makes sense?
> 
> 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to > qubes-users+unsubscr...@googlegroups.com 
> > > .
> > To post to this group, send email to > qubes-users@googlegroups.com 
> > > .
> > To view this discussion on the web visit > 
> > https://groups.google.com/d/msgid/qubes-users/8db1a24d-a13a-457c-980e-9ec3043e0...@googlegroups.com
> >  
> > >
> >  .
> > For more options, visit > https://groups.google.com/d/optout 
> > > .
> >

If you notice I'm not afraid to express myself without Tor. Anonymity in this 
way is cowardly and usually a bad thing.  Leads to people acting and behaving 
and ways they normally wouldn't because they know they are not respectful.   
some examples are why e-sports is not a billion dollar industry like athletic 
sports.   Its why social media has had overly negative impacts in recent years.

If people aren't accountable for their actions we wouldn't be living in a very 
nice world.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b712f00f-32a5-4536-8b8f-cf9724c78110%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

On Monday, March 4, 2019 at 10:04:38 AM UTC-5, qube...@tutanota.com wrote:
> Feb 23, 2019, 12:23 AM by raahe...@gmail.com:
> 
> > and it would still require alot more discipline and restraint not to post 
> > exposing information about yourself online,  that would defeat the purpose 
> > of using something like facebook or twitter imno.Again not something I 
> > could see practical for daily life.   Are there propagandists  and 
> > government agents on these sites.  Of course,  but even they have a 
> > separate personal digital life somewhere.The world is getting faker by 
> > the minute,  we don't need more fakes.
> >
> 
> This: "The world is getting faker by the minute,  we don't need more fakes."
> 
> I cant agree more cooloutac. Lets than not engage in the services which are 
> faking everything with their censorship, manipulations, social engineering, 
> surveillance, human rights violations for their profit and other uncountable 
> malicious reasons, which are today very well documented. Lets use .onion 
> sites for expressing your opinions instead. Where you can just finally come, 
> and say what you fucking really think about the matter openly in your real 
> words, without any fake poses forced on you. And get a real, uncensored 
> feedback too. Does this makes sense?
> 
> 
> > -- 
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to > qubes-users+unsubscr...@googlegroups.com 
> > > .
> > To post to this group, send email to > qubes-users@googlegroups.com 
> > > .
> > To view this discussion on the web visit > 
> > https://groups.google.com/d/msgid/qubes-users/8db1a24d-a13a-457c-980e-9ec3043e0...@googlegroups.com
> >  
> > >
> >  .
> > For more options, visit > https://groups.google.com/d/optout 
> > > .
> >

Issues like having to manually update all the time to new versions by 
reinstalling is a real pain.   Not very user friendly. Fact I was getting 
clock errors, etc.   But most of the issues have to do with tor.  Dns not 
matching,  updates taking long time or timing out,  invalid signatures.   Its 
because tor users are targeted.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/48ed8a63-9392-494a-9d12-33bf899bae1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Structure of qubes

On Sun, Mar 03, 2019 at 09:51:05PM -0800, acharya.sagar.sag...@gmail.com wrote:
> > Not sure of the answer, but all you should have to do to use that option 
> > is add it to your kernel= line.
> 
> I think this is an important decision. I need to be sure. There are 2 
> different ways to proceed as shown here...
> 
> https://wiki.xen.org/wiki/Xen_PCI_Passthrough
> 
> It maybe a point of no return if I choose the wrong path. In fact, that can 
> be the reason people haven't been able to implement. I want to be correct at 
> each step.
> 

lsmod confirms that is LKM : you can also check by looking in
/proc/modules

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190304151338.3piqipymx5tel5ew%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QUBES_GPG_AUTOACCEPT not being honored in 4.0

On Mon, Mar 04, 2019 at 02:30:44PM +0100, cubit wrote:
> Following a move from Qubes 3.2  to 4.0.1 I am struggling to get the split 
> key gpg to honor QUBES_GPG_AUTOACCEPT any more 
> 
> The rest of the split key functionality works as expected but it's very 
> frustrating the have QUBES_GPG_AUTOACCEPT default to 300 despite having been 
> manually changed to 86400
> 
> 
> Relevant config riles.   I hope I did not forget to include any important.
> 
> .bash_profile in vault
> 
> user@vault:~$ more .bash_profile
> export QUBES_GPG_AUTOACCEPT=86400
> 
> 
> gpg-split-domain in work
> 
> user@work:~$ more /rw/config/gpg-split-domain
> vault
> 
> 
> qubes.Gpg in dom0
> 
> [user@dom0 ~]$ more /etc/qubes-rpc/policy/qubes.Gpg
> work  vault  allow
> $anyvm  $anyvm  ask
> 
> 
> 
> Cubit

What shell are you using in gpg?
Try putting the export line in .profile and restart gpg. Any different?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190304151019.wvptqnowe7rhj4cd%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

2019-03-04 Thread qubes-fan





Feb 23, 2019, 3:50 AM by patrick-mailingli...@whonix.org:

> Reminds me, would be good to have OpenPGP signed websites all over the
> internet. Unfortunately there is no project working towards it.
>
> https://www.whonix.org/wiki/Dev/OpenPGP_Signed_Website 
> 
>

Absolutely yes. What is the biggest hindrance to make it more widespread IYHO?


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/3d931f65-c1ba-3d8b-f510-9d38dfb82...@whonix.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_8EX1q--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-03-04 Thread qubes-fan





Feb 23, 2019, 12:23 AM by raahe...@gmail.com:

> and it would still require alot more discipline and restraint not to post 
> exposing information about yourself online,  that would defeat the purpose of 
> using something like facebook or twitter imno.Again not something I could 
> see practical for daily life.   Are there propagandists  and government 
> agents on these sites.  Of course,  but even they have a separate personal 
> digital life somewhere.The world is getting faker by the minute,  we 
> don't need more fakes.
>

This: "The world is getting faker by the minute,  we don't need more fakes."

I cant agree more cooloutac. Lets than not engage in the services which are 
faking everything with their censorship, manipulations, social engineering, 
surveillance, human rights violations for their profit and other uncountable 
malicious reasons, which are today very well documented. Lets use .onion sites 
for expressing your opinions instead. Where you can just finally come, and say 
what you fucking really think about the matter openly in your real words, 
without any fake poses forced on you. And get a real, uncensored feedback too. 
Does this makes sense?


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/8db1a24d-a13a-457c-980e-9ec3043e0...@googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_8E1d5--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Deleting debian-9 template and getting a new one returns an error: "Error: Unable to find a match"

On Sun, Mar 03, 2019 at 07:46:52PM -0800, Sphere wrote:
> On Friday, March 1, 2019 at 8:38:07 PM UTC+8, unman wrote:
> > On Thu, Feb 28, 2019 at 10:09:38PM -0500, Chris Laprise wrote:
> > > On 2/28/19 8:30 PM, Sphere wrote:
> > > > I was sure I double checked the line of code I used in dom0 terminal to 
> > > > get a new template which was
> > > > "sudo qubes-dom0-update qubes-template-debian-9"
> > > > 
> > > > Not sure why running this returns with the "Error: Unable to find a 
> > > > match" while just changing 9 to 8 actually works
> > > > 
> > > > The same case happens when I try qubes-template-fedora-29, where my 
> > > > fedora-29 template still exists
> > > > 
> > > > If this is because of some sort of name conflict issue, how could I 
> > > > download the template/s and have them be named something else?
> > > > 
> @unman - Nope I don't have debian-8 installed and that I snagged a fresh copy 
> of debian-9 last year.
> What's noteworthy is that I can definitely trigger installation of debian-8 
> and other templates that I have never installed.
> I can trigger qubes-dom0-update just fine tho and have the repositories 
> update.
> I'll try snagging the templates from the itl repo and see if that still 
> triggers the problem, many thanks for lending me a hand
> hope it solves this problem
> 

I thought this was a Whonix issue, since I encountered it on one box,and
fixed it to updating over Tor not using Whonix.
But with some testing I'm lost - I can duplicate it on some machines, but
with others with *exactly the same configuration* I get the same error
you report. This suggest to me a problem with the template mirrors -
I've just quickly run though them and 3 of them are down/not available.

Fixing the repo to a specific repo seems to work for me.

I've raised an issue at github - #4858

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190304145649.uqns5m6wpdd3465u%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-03-04 Thread qubes-fan





Feb 23, 2019, 12:17 AM by raahe...@gmail.com:

> On Wednesday, February 20, 2019 at 4:17:45 AM UTC-5, qube...@tutanota.com 
> wrote:
>
>> I trust Whonix  the same as I trust Qubes and TAILS, or Debian, Fedora, Xen. 
>> I don't have enough intelligence, that would convince me otherwise. And I do 
>> research quite often when periodically adjusting my FMECA. Which is just a 
>> professional deformation. 
>> Every project, however secret, secure, top notch it seems to be, is 
>> vulnerable this or that way, and will always remain so. Some of the attacks 
>> are common, some are specific. Once old attacks are covered, new emerge. 
>> That is life. Disregard a project, only because one of the emerging attacks, 
>> is pathetic (I know not your case, you have different reasons mentioned), as 
>> this attack (ausie law like, or malicious dev) is possible for every other 
>> project too, including your refrigerator, assembled on the production line 
>> with malicious guy, willing to do evil. Living somewhere in cave is not a 
>> solution.
>>
>> Interestingly I don't have much problem with Whonix in Qubes, and I like it 
>> very much. Working very well. I use it on daily basis as my primary template 
>> in Qubes, for my company management, email, chat, browsing, research, and 
>> privately as well, because I believe that anonymity is a very strong 
>> security attitude to thread mitigation, even I understand well the 
>> limitations of Tor and Whonix as well. They are clear about what they can do 
>> and what not. Are they a magical wand, solving all problems of the world? 
>> No, and they don't claim that.
>> Most of the time I try to prefer connections to .onion websites rather than 
>> clearnet, because I don't see any benefit from exposing myself to 
>> surveillance capitalism. I like v3 onions, and prefer to use it wherever 
>> possible. I love to see myself as a person, not as a product. When chatting 
>> on XMPP with OTR I use .onion server for my identity and ask the other site 
>> to do the same, as I don't see any benefit using clernet server. Tor allows 
>> me to mitigate some risks, and of course opening me to another ones. This 
>> comparison is still putting the weight *for-tor-whonix-in-qubes*. Others may 
>> have it different, depending on ones OPSEC and ones willingness to give 
>> his/her life away for free to any random observer. 
>>
>> I hope Whonix will go on further with their excellent job, same as Qubes or 
>> TAILS or Torproject. 
>>
>> I would just stress out the importance to include the high-risk, high-impact 
>> emerging threads into their thread model and try to mitigate these risks 
>> same way, as other risks included there already - recognized. If you set up 
>> your bullet-proof environment and than by crossing a nation border just 
>> breaks it down by one simple question of the officer, than resistance of 
>> your security setup is extremely weak and breakable any time. More and more 
>> states will go on with this attacks in the near future. Australia is only 
>> the first one to make it so clear. There are tools and ways available for 
>> mitigation, for Plausible Deniability for example, like Hidden Operating 
>> System, Hidden Volumes, but are not included in the standard package of the 
>> projects yet. If I was a programmer, I would sure contribute, but I am not. 
>> And so the only point is to mention it, and try to stress it enough, to 
>> motivate people with skill-set to contribute for all of us.
>>
>>
>>
>>
>> Feb 20, 2019, 6:15 AM by >> raahe...@gmail.com >> 
>> :
>>
>> > I read that whonix thread.  Still not sure why whonix doesn't have a 
>> > canary.  What could it hurt?  Any aspect of the project could be 
>> > compromised for any reason.   Thats the same as people saying I have 
>> > nothing to hide so why worry.  In the other thread Patrick says US laws 
>> > affect all countries.
>> >
>> > And don't feel bad.  Patrick banned me from the forums too once a long 
>> > while ago.  I told him I'd never post there again and never did. lol.
>> >
>> > I was constantly having issues with whonix.   You are a target just for 
>> > using it.  You really have to pay attention when you are updating it.
>> >
>> > Sill never understood why the user qubes-whonix left the project in 
>> > flamboyant fashion claiming it was just a "cool experiment" and its 
>> > "security was not taken seriously" ...
>> >
>> > I stopped using whonix after the annoying clock issue.  And then couldn't 
>> > be troubled to install the latest version and just removed it instead. 
>> >
>> > I'm sure it has its purposes and some people need it.  But I don't.  The 
>> > websites I use qubes for ban tor or it just has no benefit.  Anonymity is 
>> > different then privacy.
>> >
>> > -- 
>> > You received this message because you are subscribed to the Google Groups 
>> > "qubes-users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> >

Re: Q menu cleanup ideas (was Re: [qubes-users] Best practices?)