Re: [qubes-users] Troubleshooting an AppVM that suddenly can't connect to the network

[Andrew Todd]

Thanks, you are right that I don't have any experience with packet 
sniffing, however, after making sure that nothing else was using the 
network and running iptables -L -nvZ on both sys-net and sys-firewall... 
there's no packets at all getting there from this AppVM. Which doesn't make 
any sense to me, the default route is definitely there:

$ ip r
default via 10.137.0.6 dev eth0 
10.137.0.6 dev eth0 scope link

and in qvm-firewall both DNS and ICMP are allowed, yet neither is working. 
Is there more debugging I can do on the AppVM itself?

Both sys-net and sys-firewall are based on the fedora-30 template. There is 
only one AppVM affected, all others based on the same template are working 
fine. In fact, I copied the complete contents of the bad AppVM's home 
directory to a new AppVM, and it's also having no problems connecting to 
the network. I would like to find the root cause, but that's my workaround 
for now. Thanks for any more advice you can offer.

On Tuesday, August 20, 2019 at 1:26:36 AM UTC+9, unman wrote:
>
> On Mon, Aug 19, 2019 at 06:18:00AM -0700, Andrew Todd wrote: 
> > I'm having a problem that I'm very confused about. 
> > 
> > I have several AppVMs based on the same fedora-30 TemplateVM. Some of 
> them 
> > are completely cut off from the Internet, some have firewall 
> restrictions, 
> > some connect through sys-firewall but are not restricted. 
> > 
> > Today, one specific AppVM has started refusing to connect to anything. 
> Even 
> > if I try to connect by IP address, it claims it can't route. Example: 
> > 
> > $ ssh us...@192.168.34.22  
> > ssh: connect to host 192.168.34.22 port 22: No route to host 
> > $ ip r 
> > default via 10.137.0.6 dev eth0 
> > 10.137.0.6 dev eth0 scope link 
> > 
> > I've gone through the few settings and error logs that I can think of, 
> but 
> > nothing seems to be unusual about this particular AppVM. I've checked 
> > qvm-firewall and the rules should be allowing appropriate traffic to 
> pass. 
> > I have not changed any settings. I have tried rebooting the system once 
> or 
> > twice as well, with no effect. 
> > 
> > It seems like I can get to sys-firewall across the link-local 
> connection, 
> > but that's all. After that, nothing seems to work. Every other AppVM 
> I've 
> > tried is working fine. Where should I be looking next? Thank you. 
>
> Look at what's happening at sys-net - First at the vif interface leading 
> to sys-firewall, then at eth0. 
> If you're not familiar with traffic sniffing, then you can use counters in 
> iptables  or nftables. 
> iptables -L -nvZ will zero counters, try to connect, then same command 
> will show counters of traffic. You shuld see increase on the FORWARD 
> chain. 
>
> You can insert specific rules targeting ssh traffic if you will. 
> What template are you using for sys-net and sys-firewall? 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32248e86-0b52-4757-a9a9-2b4575f7ee69%40googlegroups.com.

Re: [qubes-users] How do I launch NetworkManager??!!

[799]

Hello

O K  schrieb am Di., 20. Aug. 2019, 01:39:

> I wanted to create a desktop shortcut or some sort of easy way to access
> NM but I forgot how to open it.  I thought it was some command in the
> sys-net terminal but I don't recall.  (...)
>

You can run nmcli in the VM which has network manager installed to control
the status and actions from network manager.
https://developer.gnome.org/NetworkManager/stable/nmcli.html

To make this easier you can write a script in dom0 and put this on your
desktop:

In dom0:
qvm-run --auto sys-net 'nmcli ...'

Not sure it nmcli needs root permissions, if so:

in dom0:
qvm-run --auto --user root sys-net 'nmcli ...'

I am not sitting in front of my Qubes, therefore can't write the exact
commands.
If you need further help, I can look up the details later on.

[799]

>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2te3dSvOzReNesq1tVPzwM-TxjJ79XuJgBFBnpukez6_Q%40mail.gmail.com.

[qubes-users] How do I launch NetworkManager??!!

[O K]

I wanted to create a desktop shortcut or some sort of easy way to access NM 
but I forgot how to open it.  I thought it was some command in the sys-net 
terminal but I don't recall.  There is no icon anywhere for it.  I added 
the settings option to sys-net under Applications to see if I could access 
it that way but it won't open when I click on it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b05e14f-c263-4269-8843-9e5fdc8295ef%40googlegroups.com.

[qubes-users] Emergency shell on boot; qubes_dom0-pool00_tmeta: read failed: Input/output error

[Dave C]

Following this thread: 
https://groups.google.com/forum/m/#!searchin/qubes-users/Lvconvert/qubes-users/bPxKHOfZ3Mg

... I edited my locking mode (from 4 to 1) in /etc/lvm/lvm.conf, then retried 
the 'lvm lvconvert --repair ...'

That command has logged one error so far, "print_req_error: critical medium 
error, dev nvme1n1, sector [number]"
Since that one error, it hasn't shown anything. Its been running at least ½ 
hour. I'm not sure if its still at work or has failed but hasn't exited.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/308b2c20-ce2e-450e-8740-5a922a375419%40googlegroups.com.

[qubes-users] Re: [qubes-announce] [Update] QSB #050: Reinstalling a TemplateVM does not reset the private volume

['Magnus Hedemark' via qubes-users]

unsubscribe


Magnus

Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Thursday, August 1, 2019 9:40 PM, Andrew David Wong  
wrote:

> Dear Qubes Community,
>
> Fixed packages are now available for Qubes Security Bulletin (QSB) #050:
> Reinstalling a TemplateVM does not reset the private volume.
>
> Instructions for installing the new packages are included in the latest
> version of QSB #050, which is reproduced below.
>
> View QSB #050 in the qubes-secpack:
>
> https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-050-2019.txt
>
> Learn about the qubes-secpack, including how to obtain, verify, and read it:
>
> https://www.qubes-os.org/security/pack/
>
> View all past QSBs:
>
> https://www.qubes-os.org/security/bulletins/
>
>
>
>  ---===[ Qubes Security Bulletin #50 ]===---
>
>  2019-08-01
>
>
>   Reinstalling a TemplateVM does not reset the private volume
>
> History
> 
>
> 2019-08-01: Added list of fixed packages and patching instructions
> 2019-07-24: Initial version
>
> Description
> 
>
> In Qubes OS, we have the ability to reinstall a TemplateVM by running
> `qubes-dom0-update --action=reinstall qubes-template-...` in dom0. [1]
> This is supposed to reset the corresponding TemplateVM to the state of
> the published package, i.e., no local changes should remain.
>
> One uncommon reason to perform such a reinstallation is that you suspect
> that a TemplateVM may be compromised. In such cases, it is very
> important that no local changes persist in order to ensure that the
> TemplateVM is no longer compromised.
>
> Due to a regression in R4.0 [2], however, reinstalling a TemplateVM
> using qubes-dom0-update does not completely reset all local changes to
> that TemplateVM. Although the tool itself and our documentation claim
> that the private volume of the TemplateVM is reset during
> reinstallation, the private volume does not actually get reset. This
> could allow a TemplateVM to remain compromised across a reinstallation
> of that TemplateVM using qubes-dom0-update.
>
> Patching
> =
>
> The specific packages that resolve the problems discussed in this
> bulletin are as follows:
>
>   For Qubes 4.0:
>   - qubes-core-admin-client, python3-qubesadmin version 4.0.26
>
> The packages are to be installed in dom0 via the Qubes VM Manager or via
> the qubes-dom0-update command as follows:
>
>   For updates from the stable repository (not immediately available):
>   $ sudo qubes-dom0-update
>
>   For updates from the security-testing repository:
>   $ sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
>
> These packages will migrate from the security-testing repository to the
> current (stable) repository over the next two weeks after being tested
> by the community.
>
> Workaround
> ===
>
> Independently of patching (see above), the following workaround is
> available:
>
> Rather than using the qubes-dom0-update method of reinstalling a
> TemplateVM, you can instead manually remove the TemplateVM, then install
> it again. Detailed instructions for this manual method are documented
> here:
>
> https://www.qubes-os.org/doc/reinstall-template/#manual-method
>
> Credits
> 
>
> Thank you to Andrey Bienkowski  for
>
> discovering and reporting this issue.
>
> References
> ===
>
> [1] https://www.qubes-os.org/doc/reinstall-template/
> [2] 
> https://github.com/QubesOS/qubes-core-admin-linux/commit/552fd062ea2bb6c2d05faa1e64e172503cacbdbf#diff-6b87ee5cdb9e63b703415a14e5a505cdL192
>
> --
> The Qubes Security Team
> https://www.qubes-os.org/security/
>
>
> This announcement has also been updated on the Qubes website:
> https://www.qubes-os.org/news/2019/07/24/qsb-050/
>
> --
>
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/uLJIdScVTO9-c66ErjZrhrGqsMNBDoeeRlZ4S8pkCKjebKrY5dqeXSQTOOoD1RTZicpr-gUfmgldUTSCg7HB-ixZITNP3FbaZY0dK22YRPE%3D%40protonmail.ch.

[qubes-users] Emergency shell on boot; qubes_dom0-pool00_tmeta: read failed: Input/output error

[Dave C]

Cant start qubes on my laptop. The problem started last successful boot. I 
closed the lid, normally the laptop sleeps with a "breathing" led. But instead 
the led stayed solid, opening the lid did not turn the screen back on. I 
couldn't interact with the laptop at that point, so i powered down (for fear of 
draining the battery to zero).

Now I've rebooted, I provide the disk password, then it fails to boot, I'm 
dropped into dracut emergency shell.

To make matters worse, I'm traveling and my only backups are thousands of miles 
away.

Based on advice in similar threads, I've run 'lvm_scan', which shows errors 
including...

/dev/mapper/qubes_dom0-pool00_tmeta: read failed: Input/output error

I've also tried 'lvm lvconvert --repair qubes_dom0/pool00', which fails with

Read-only locking type set. Write locks are prohibited.

I'm comfortable with command lines, but I'm not at all familiar with these lvm 
commands. Any help is greatly appreciated! What should I try next?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68f54bff-84d6-4d05-9cd5-ad745dbda6b4%40googlegroups.com.

Re: [qubes-users] My Qubes 4.02-rc1 install notes: (with fixes, customizations)

[799]

Hello drokmed,

 schrieb am Do., 11. Juli 2019, 19:02:

> My Qubes 4.02-rc1 install notes: (with fixes, customizations)
> (...)
>

Thanks for the write-up, I am always interested to see how others have
setup their Qubes OS to get some ideas how to improve my own setup.

I would love to see something like a knowledge exchange where users share
their setup and also scripts how to setup templates etc.

My idea is to use GitHub to share this info, because ...
1) it's easy to maintain
2) you can get comments and answer
3) it's easy to read on/offline
4) you can easily grab code and include into your own setup
5) versioning

It would be great if we setup something like a default directory structure
so that it is oeasy to navigate for other/interested users.
Example:
/my-setup/ - directory to describe the general setup, which templates and
AppVM are used
/my-templates/ - directory which to store info/scripts to setup the
template VMs
/scripts/ - directory to store scripts which are used to work better with
Qubes
...

Let me know what you think.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2urbrEAJkhjNeFM3intz6Msk21q%2BYE2Ke-YcH42J8xY3g%40mail.gmail.com.

[qubes-users] Asus Keyboard Backlight Not Working

[Church870]

Just hoping to bump this... I really enjoy Qubes so far, but the lack of 
keyboard backlight is kind of a deal breaker... :(

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8513b985-f266-40bb-8bba-2da9585399bf%40googlegroups.com.

[qubes-users] Re: Maybe a silly question

[hongkongwillbefree]

On Tuesday, March 21, 2017 at 10:36:23 AM UTC-7, Manuel Cornejo wrote:
>
> Hi everyone.
>
> As Qubes works by means of the principle of security by isolation and 
> every part of the hardware is running in a virtual machine. Does it make 
> any sense to use Kaspersky Security for virtualization over the xen 
> hypervisor  to improve security and antihacker security?
>
>
Reply: Kaspersky is incorporated in and obeys th elaws of the Russian 
Federation, which is controlled by the FSB, formerly knowen as the KGB. Man 
security flaws of record, most recently August 2019 breaking news.   
https://www.techradar.com/news/kaspersky-antivirus-left-millions-customers-open-to-online-tracking

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ab2a218-31e9-4cfe-83b2-78b31eacba7b%40googlegroups.com.

[qubes-users] Command/s to check whether deb template has been properly updated?

[hongkongwillbefree]

I fried my primary Qubes install and now use my back up. I think I cured 
the apt-bug vulnerability. Does anyone know the quick-and-dirty way to 
check the status of the deb templates. 

This pertains to the Qubes Security Bulletin issued in late 
January. https://groups.google.com/forum/#!topic/qubes-announce/7IgYWi-zMxY

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3082fc53-4b39-4a3c-b57c-3f40cbf7a3cc%40googlegroups.com.

[qubes-users] How to avoid top-posting.

[American Qubist 001]

"Dont top-post on this list.

*If your mailer puts the cursor at the top of the message, scroll to the 
bottom before you start typing.*
It takes you seconds, but makes it easier for everyone else who reads
your messages."
=
SOURCE: Unman's signature. 
=
MY "TIP"
If you go to https://groups.google.com you might find it easier to reply 
either
to the group or to an individual, and avoid top-posting.
===
MY COMMENTS: 

A. IMHO this is more helpful than the bare admonition "don't top-post" as

(one) we want to make Qubes as user-friendly and accessible as possible,
(two) that would include this forum,  and 
(three) the default of gmail and other web-mail applications is to top-post.

B. ( I would guess that there may be is a clear and convincing reason to 
create
an exception and deliberate top post, for instance if one has created a 
thread
and wishes to top-post "SOLVED" to implicitly close the discussion. But this
is speculation on my part the ultimate decision revolves on what the 
community
and/or list owner desires.)

C. Admin or user comments welcome but not necessary, this thread can serve 
as a reference to 
new users, people who have been away from the list for a while and forgot 
this, 
or people who are understandbly a bit confused about how to not  top-post. 

D. It might be helpful if there was a way that regular users (non-admins) 
could delete their own posts
and repost if accidentally top posting but I don't know that there is any 
way to do that. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b685f3a6-27f5-44bb-85b4-984ffb6f739a%40googlegroups.com.

[qubes-users] qvm-run - - service qubes.StartApp+ question

[Qwyet]

Hello all,

I'm running qubes 4.0.1 with KDE. I've installed Libre office to a fedora 30 
template using dnf. Reboot the template(fedora-30-fuzer), reboot the app vm and 
add Libre office to it via qubes manager.

My app menu now shows Libre office under the appropriate app vm menu, but the 
option doesn't work. Further investigation shows that the menu is attempting to 
issue the following command:

qvm-run -q -a --service -- Dsktop-Writing qubes.StartApp+libreoffice

I attempted to run this command from dom0 and got the same nothing that I got 
from selecting the menu option. From the template I am able to launch 
libreoffice with the command: libreoffice --writer so the app it self works. 

The command 

qvm-run -q -a --service -- Dsktop-Writing qubes.StartApp+libreoffice --writer 

Returns the error "--writer is not an arg of qvm-run" 

I've attempted the following variations of the above qvm command. 

qubes.StartApp+libreoffice+--writer 
qubes.StartApp+libreoffice-writer
qubes.StartApp+libreoffice--writer
qubes.StartApp+libreoffice'-writer'
Qubes.StartApp+libreoffice'--writer'

Any ideas? 
Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9231708-7484-4246-9e14-58311160fa0f%40googlegroups.com.

Thank you for your assistance! Re: [qubes-users] What gpg cat command works on Qubes 4.x?

[Jeffersonian American]

I hate to clutter anybody's inbox, but unman deserves a thank you for
this reply and for his many quite informed contributions to this
group. People's lives depend on good internet security particularly in
view of all the craziness going on in the world today so proprs to
unman, Andred Davide, Joanna and everyone else who is collaborating on
this project.

On 8/19/19, unman  wrote:
> On Sun, Aug 18, 2019 at 12:30:10PM -0700, FenderBender wrote:
>> I created a t-multimedia template and  successfully installed spotify.
>> However, I was unable to find a working gpg command to "cat" the
>> spotify.pubkey. (The quebes webpage directs to a stackexchange discussion
>>
>> which advises a variety of commands, none of which seemed to work on my
>> Qubes 4.x t-multimedia template.)
>>
> Debian-10:
> gpg --show-keys spotify.pubkey
>
> Debian-9:
> gpg --with-fingerprint spotify.pubkey
>
> In both cases, just 'gpg spotify.pubkey' will do
>
>> Nevertheless, the install proceded. My question is whether it is unsafe
>> due
>> to being unauthenticated, and also whether, by running "spotify" from the
>>
>> template terminal, rather than an AppVm, as root, I unecessarily and
>> perhaps seriously compromised the integrity of the template.
>
> Yes it is unsafe.
> If you use an unverified key in apt, then you trust the repository
> without knowing who is putting files in there.
> That's a recipe for disaster.
>
>>
>> When I got to this command: Install Spotify apt-get install -y
>> spotify-client
>>
>>
>> it returned a warning to the effect that it
>>
>>  'failed to authenticate'
>>
>> So I ran it with "--overide authentication" which allowed me to complete
>> the install.
>>
>> However,
>>
>> the terminal returned WARNING!THE FOLLOWING PACKAGES COULD NOT BE
>> AUTHENTICATD: spotify-client
>>
>> This is probably caused becuase I was unable to successfully run any kind
>>
>> of gpg  cat command on spotify.keyfile
>>
>> I plan to install chrome and opera in this or a similar template.
>>
>> Is this playing with fire or is this warning something that can be
>> overlooked?
>
> Fire indeed.
> Once you have checked the fingerprint of the key, (against a number of
> different sources), use "apt-key add" to include it in the keys that apt
> trusts.
> Dont install packages that are not authenticated.
>
> unman
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20190819160120.GB31837%40thirdeyesecurity.org.
>


-- 

This email is confidential to the recipient named in the original. If you
receive and are not the named recipient *please delete and notify sender*
thank you in advance for your adherence.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOy3qD_UTzxBvXUTueMPtCSo4W9favuMLd5Wgwqp8fj3CzAhWA%40mail.gmail.com.

Re: [qubes-users] Re: What is the SHA-256 checksum of the Qubes-R4.0.1-x86_64 ISO?

[O K]

Ok sorry didn't know about the top posting thing, will be sure not to do
it.  My Qubes installer has been verified!  Yay!  thanks to everyone for
your help!

On Mon, Aug 19, 2019 at 12:16 PM unman  wrote:

> On Sun, Aug 18, 2019 at 01:32:51PM -0700, O K wrote:
> > But what I don't understand is how to get the fingerprint of the master
> key
> > that I downloaded, so I can compare it to the ones online.  The number
> in
> > the text is much longer than the fingerprint.
> >
> > On Sunday, August 18, 2019 at 1:43:41 PM UTC-4, Andrew David Wong wrote:
> > >
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA512
> > >
> > > On 18/08/2019 11.56 AM, O K wrote:
> > > > Well the issue is the computer doesn't have access to internet at
> > > > the moment.  I have the sig file, master key file, and the iso, I
> > > > just want to know if there is some way to go through the whole
> > > > process of verification without the internet, by just checking
> > > > numbers manually.
> > > >
> > >
> > > Yes:
> > >
> > > 1. Hash the ISO on the computer without internet access.
> > >
> > > 2. On a computer with internet access, verify the signature on the
> > >.DIGESTS file (or otherwise obtain a verified hash value).
> > >
> > > 3. Manually compare the value generated in step 1 with the
> corresponding
> > >verified value obtained in step 2 in order to ensure they match.
> > >
> > > P.S. -- Please avoid top-posting.
> > >
> > > > On Saturday, August 17, 2019 at 2:41:49 PM UTC-4,
> > > > sourcexorapprentice wrote:
> > > >>
> > > >> The process is to verify the Qubes ISO signature is correct, and
> > > >> not to trust a SHA256 checksum posted on the same website hosting
> > > >> the file. The hash only confirms the integrity and not the
> > > >> validity of the file (which may be infected). It's a security
> > > >> theater exercise we're used to doing elsewhere in order to
> > > >> provide us with the warm fuzzy feeling of a false sense of
> > > >> security.
> > > >>
> > > >> Instructions here on how to verify the latest Qubes ISO is
> > > >> legitimate:
> > > >> https://www.qubes-os.org/security/verifying-signatures/
> > > >>
> > >
> > > - --
> > > Andrew David Wong (Axon)
> > > Community Manager, Qubes OS
> > > https://www.qubes-os.org
> > >
> > > -BEGIN PGP SIGNATURE-
> > >
> > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl1ZjkAACgkQ203TvDlQ
> > > MDD38A//Q4v/Kpvzxb/ur9X2BU1PwkHh7S3309FgwzJu5dM4Om9XzkTsHtyUsdAd
> > > vnTtWCq/3jNaJQMS9NUOVHYoEkygnVUIzuGNgNlVwB42CwYWw8j5IieSY5UmtHrb
> > > JQBfRqxmLYio4Q9D7r+Krk3esOb8QrG8KvFedweCmxDlmbdcsDxPyKhzkGEIq32H
> > > nj9nDyS8yDtU2ktZHb/773zkJM7ByKhitFMhBmis1thzKGweKvlWOligkYs5HPDv
> > > uQaLeg+dpbXMFaPfA9CCYbuF0PYyT0IWIp4jqAvPm2OzNP23PwqpekVUW1hMjjS9
> > > zHfFJHwf6tx6iuy/akDGaTPlYqlwqZHJpz3bSXrgqcNK1BK/7GrXL2VxjMg58h9Q
> > > rw5xEfe8mNK7ozGCPWp0dFnaMw9KRwfpZAek1Bs/NFsyWKo8SABauRwX/Oin+HRl
> > > /JhQ33VuE3BvyjTUML+0Oup2QCTCmJNSIZCkh5+6yFuetHhT+Zsux5aR3cpVH02B
> > > oPRwCyLXjrEA/kmq9OVjNfFzY8fX9SIGueKvkj+mtOEAbkQf0q16kOviYbs4huOB
> > > wObYYVPuhpQYK1zHIoHBMOrBQeV0kmixtK44StiP0vYoDvbHJvhzT4iqnyO9tR2V
> > > YqIIP5HjGZeVHI60+QskdFR1s2dkFIQfX4M/LhnP7aOct6iH9BM=
> > > =ny2S
> > > -END PGP SIGNATURE-
> > >
>
> Dont top-post on this list.
> If your mailer puts the cursor at the top of the message, scroll to the
> bottom before you start typing.
> It takes you seconds, but makes it easier for everyone else who reads
> your messages
>
> Did you read the guide here -
> https://www.qubes-os.org/doc/installation-guide/
>
> The signature on the web site uses short form (Qubes Master Signing Key
> (0xDDFA1A3E36879494) )
> gpg qubes-master-signing-key.asc
> gpg: WARNING: no command supplied.  Trying to guess what you mean ...
> pub   rsa4096 2010-04-01 [SC]
>   427F11FD0FAA4B080123F01CDDFA1A3E36879494
> uid   Qubes Master Signing Key
>
> That is long form of fingerprint - if you look at the end you will see
> *the same* characters.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/_nvI2ypREpY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20190819161614.GA32650%40thirdeyesecurity.org
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAF5PH%3DWeDC0DST2pDXb_dyqjiYga5hTxS0r3C7vXt7ja2k3LWw%40mail.gmail.com.

Re: [qubes-users] Language support

[hiyori13]

Hi, sorry for posting on this ancient thread, but I had 2 problems;

1. Ibus doesn't automatically start.
 item 10 in your instruction tells me to manually activete/start Ibus, 
which is a hassle. So I put a command in .bashrc to specifically start it; 
so I added the following 4 lines to .bashrc;

export GTK _IM_MODULE=ibus 


export XMODIFIERS=@im=ibus 

export QT_IM_MODULE=ibus 

ibus -daemon 
 -rdx 


This works for me; But is there any problems with this approach?

2. I can't get the input method (I'm using Japanese input, mozc) to 
remember the configuration that I made.
   I have to reconfigure it everytime I start the AppVM. I guess this is 
because Ibus-mozc in the AppVM cannot
  write to whatever config file; but is there any way I can make it 
remember how I want it to behave?

Thanks in advance.

Best,
Hiroo Yamagata



On Monday, November 3, 2014 at 6:53:53 PM UTC+9, Luke Saul wrote:
>
>
>
> On Sunday, November 2, 2014 2:12:34 PM UTC, Francesco wrote:
>>
>>
>>
>> On Sat, Nov 1, 2014 at 1:40 PM, Luke Saul  wrote:
>>
>>>
>>>
>>> On Thursday, October 30, 2014 10:47:15 PM UTC-4, Marek 
>>> Marczykowski-Górecki wrote:

 On 31.10.2014 02:48, Luke Saul wrote: 
 > 
 > 
 > On Thursday, October 30, 2014 7:10:27 AM UTC-4, Francesco wrote: 
 >> 
 >> 
 >> 
 >> On Thu, Oct 30, 2014 at 6:00 AM, Luke Saul >>> >> > wrote: 
 >> 
 >>> Thanks for your reply Marek!  And your work with Qubes.  I really 
 love 
 >>> this OS.   
 >>> 
 >>> i installed ibus pinyin support with qubes-dom0-update ibus-pinyin 
 >>> 
 >>> 容易 (easy） 
 >>> 
 >>> This works fine in dom0 but the problem is that no input support is 
 >>> passed on into AppVMs.  Once inside an AppVM I press my control 
 sequence 
 >>> (usually ctrl-space) to switch between inputs, and the icon changes 
 in the 
 >>> task bar as it usually does.  However the input does not change and 
 I am 
 >>> stuck typing only latin characters. 
 >>> 
 >>> I saw some other comments about it earlier in forums, many people 
 will 
 >>> see they cannot use their bank, social networks, etc. and not use 
 the 
 >>> system.  I assume that there are security concerns in relation to 
 xen in 
 >>> some way, certainly I respect your design considerations in this 
 regard.   
 >>> Sorry I cannot be more helpful, my only experience with anything 
 like 
 >>> similar VMs has been with virtualbox on linux, in which ibus 
 unicode input 
 >>> was passed in without trouble. 
 >>> 
 >>> 
 >> Please do not "top post" 
 >> 
 >> You should install it in the template, not in dom0. 
 >> https://qubes-os.org/wiki/SoftwareUpdateVM 
 >> after that shut down the template and restart the appVM 
 >> Best 
 >>   
 >> 
 >> 
 > 
 > Thanks for your suggestion.  I tried to install the packages in the 
 > template, restart the appVM, but the response is the same.  I also 
 tried to 
 > reomve the packages from dom0 and do a full reboot.  I can test the 
 > packages are installed in the appVM (via the template), but they do 
 no good 
 > because dom0 captures keyboard input and sanitizes it before passing 
 it on 
 > to the appVM.  It is my suspicion that this is a xen issue, but this 
 is the 
 > only time I have ever used any thing xen.  In any case, I think this 
 is the 
 > same issue as others have reported with alternative keyboard layouts 
 which 
 > don't get passed into AppVMs such as Colerak. 

 I don't think so... 

 I've just performed simple experiment: called "ibus-setup" in the VM. 
 It asked 
 me if I want to start ibus daemon because it wasn't running - of course 
 I've 
 agreed. Then I've got a message with environment variables to paste 
 into .bashrc: 
 export GTK_IM_MODULE=ibus 
 export XMODIFIERS=@im=ibus 
 export QT_IM_MODULE=ibus 
 So I've pasted it there. Then I've added "Chinese - Intelligent Pinyin" 
 into 
 input methods. 
 New applications started in this VM seems to have ibus support enabled 
 now. At 
 least I guess so by looking at those Chinese characters in gedit 
 window... 

 The only problem is that the change isn't persistent. The next time 
 I've 
 started the VM, I needed to manually call "imsettings-switch ibus". I 
 guess 
 we've disable something in AppVM in process of speeding up the startup 
 (imsettings-daemon seems to be disabled). 
 Or perhaps something else: looking at 
 /etc/X11/xinit/xinitrc.d/50-xinput.sh, 

 there is 

Re: [qubes-users] Troubleshooting an AppVM that suddenly can't connect to the network

[unman]

On Mon, Aug 19, 2019 at 06:18:00AM -0700, Andrew Todd wrote:
> I'm having a problem that I'm very confused about.
> 
> I have several AppVMs based on the same fedora-30 TemplateVM. Some of them 
> are completely cut off from the Internet, some have firewall restrictions, 
> some connect through sys-firewall but are not restricted.
> 
> Today, one specific AppVM has started refusing to connect to anything. Even 
> if I try to connect by IP address, it claims it can't route. Example:
> 
> $ ssh user@192.168.34.22
> ssh: connect to host 192.168.34.22 port 22: No route to host
> $ ip r
> default via 10.137.0.6 dev eth0 
> 10.137.0.6 dev eth0 scope link
> 
> I've gone through the few settings and error logs that I can think of, but 
> nothing seems to be unusual about this particular AppVM. I've checked 
> qvm-firewall and the rules should be allowing appropriate traffic to pass. 
> I have not changed any settings. I have tried rebooting the system once or 
> twice as well, with no effect.
> 
> It seems like I can get to sys-firewall across the link-local connection, 
> but that's all. After that, nothing seems to work. Every other AppVM I've 
> tried is working fine. Where should I be looking next? Thank you.

Look at what's happening at sys-net - First at the vif interface leading
to sys-firewall, then at eth0.
If you're not familiar with traffic sniffing, then you can use counters in
iptables  or nftables.
iptables -L -nvZ will zero counters, try to connect, then same command
will show counters of traffic. You shuld see increase on the FORWARD
chain.

You can insert specific rules targeting ssh traffic if you will.
What template are you using for sys-net and sys-firewall?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190819162633.GB32650%40thirdeyesecurity.org.

Re: [qubes-users] Re: What is the SHA-256 checksum of the Qubes-R4.0.1-x86_64 ISO?

[unman]

On Sun, Aug 18, 2019 at 01:32:51PM -0700, O K wrote:
> But what I don't understand is how to get the fingerprint of the master key 
> that I downloaded, so I can compare it to the ones online.  The number in 
> the text is much longer than the fingerprint.
> 
> On Sunday, August 18, 2019 at 1:43:41 PM UTC-4, Andrew David Wong wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE- 
> > Hash: SHA512 
> >
> > On 18/08/2019 11.56 AM, O K wrote: 
> > > Well the issue is the computer doesn't have access to internet at 
> > > the moment.  I have the sig file, master key file, and the iso, I 
> > > just want to know if there is some way to go through the whole 
> > > process of verification without the internet, by just checking 
> > > numbers manually. 
> > > 
> >
> > Yes: 
> >
> > 1. Hash the ISO on the computer without internet access. 
> >
> > 2. On a computer with internet access, verify the signature on the 
> >.DIGESTS file (or otherwise obtain a verified hash value). 
> >
> > 3. Manually compare the value generated in step 1 with the corresponding 
> >verified value obtained in step 2 in order to ensure they match. 
> >
> > P.S. -- Please avoid top-posting. 
> >
> > > On Saturday, August 17, 2019 at 2:41:49 PM UTC-4, 
> > > sourcexorapprentice wrote: 
> > >> 
> > >> The process is to verify the Qubes ISO signature is correct, and 
> > >> not to trust a SHA256 checksum posted on the same website hosting 
> > >> the file. The hash only confirms the integrity and not the 
> > >> validity of the file (which may be infected). It's a security 
> > >> theater exercise we're used to doing elsewhere in order to 
> > >> provide us with the warm fuzzy feeling of a false sense of 
> > >> security. 
> > >> 
> > >> Instructions here on how to verify the latest Qubes ISO is 
> > >> legitimate: 
> > >> https://www.qubes-os.org/security/verifying-signatures/ 
> > >> 
> >
> > - -- 
> > Andrew David Wong (Axon) 
> > Community Manager, Qubes OS 
> > https://www.qubes-os.org 
> >
> > -BEGIN PGP SIGNATURE- 
> >
> > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl1ZjkAACgkQ203TvDlQ 
> > MDD38A//Q4v/Kpvzxb/ur9X2BU1PwkHh7S3309FgwzJu5dM4Om9XzkTsHtyUsdAd 
> > vnTtWCq/3jNaJQMS9NUOVHYoEkygnVUIzuGNgNlVwB42CwYWw8j5IieSY5UmtHrb 
> > JQBfRqxmLYio4Q9D7r+Krk3esOb8QrG8KvFedweCmxDlmbdcsDxPyKhzkGEIq32H 
> > nj9nDyS8yDtU2ktZHb/773zkJM7ByKhitFMhBmis1thzKGweKvlWOligkYs5HPDv 
> > uQaLeg+dpbXMFaPfA9CCYbuF0PYyT0IWIp4jqAvPm2OzNP23PwqpekVUW1hMjjS9 
> > zHfFJHwf6tx6iuy/akDGaTPlYqlwqZHJpz3bSXrgqcNK1BK/7GrXL2VxjMg58h9Q 
> > rw5xEfe8mNK7ozGCPWp0dFnaMw9KRwfpZAek1Bs/NFsyWKo8SABauRwX/Oin+HRl 
> > /JhQ33VuE3BvyjTUML+0Oup2QCTCmJNSIZCkh5+6yFuetHhT+Zsux5aR3cpVH02B 
> > oPRwCyLXjrEA/kmq9OVjNfFzY8fX9SIGueKvkj+mtOEAbkQf0q16kOviYbs4huOB 
> > wObYYVPuhpQYK1zHIoHBMOrBQeV0kmixtK44StiP0vYoDvbHJvhzT4iqnyO9tR2V 
> > YqIIP5HjGZeVHI60+QskdFR1s2dkFIQfX4M/LhnP7aOct6iH9BM= 
> > =ny2S 
> > -END PGP SIGNATURE- 
> >

Dont top-post on this list.
If your mailer puts the cursor at the top of the message, scroll to the
bottom before you start typing.
It takes you seconds, but makes it easier for everyone else who reads
your messages

Did you read the guide here - https://www.qubes-os.org/doc/installation-guide/

The signature on the web site uses short form (Qubes Master Signing Key
(0xDDFA1A3E36879494) )
gpg qubes-master-signing-key.asc 
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa4096 2010-04-01 [SC]
  427F11FD0FAA4B080123F01CDDFA1A3E36879494
uid   Qubes Master Signing Key

That is long form of fingerprint - if you look at the end you will see
*the same* characters.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190819161614.GA32650%40thirdeyesecurity.org.

[qubes-users] Inspecting modifications on the COW root filesystem

[liked2]

Hi!

According to the architecture spec, the root filesystem is backed up by a COW 
device to "allow" write-access to the read-only root filesystem:
https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf 
(4.1)

Is there a possibility to investigate which files were modified or added (maybe 
also deleted?) und this writable root filesystem overlay? I'd like to look only 
at the write-only overlay without seeing the read-only files.

It can be usefull to
- investigate changes of programs which modify the system to work properly
- find misbehaving programs

Thanks, Pete.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de1f0aac-c2d6-b9dd-d2ba-a48eb2edbf78%40gmx.de.

Re: [qubes-users] What gpg cat command works on Qubes 4.x?

[unman]

On Sun, Aug 18, 2019 at 12:30:10PM -0700, FenderBender wrote:
> I created a t-multimedia template and  successfully installed spotify. 
> However, I was unable to find a working gpg command to "cat" the 
> spotify.pubkey. (The quebes webpage directs to a stackexchange discussion 
> which advises a variety of commands, none of which seemed to work on my 
> Qubes 4.x t-multimedia template.)
> 
Debian-10:
gpg --show-keys spotify.pubkey

Debian-9:
gpg --with-fingerprint spotify.pubkey

In both cases, just 'gpg spotify.pubkey' will do

> Nevertheless, the install proceded. My question is whether it is unsafe due 
> to being unauthenticated, and also whether, by running "spotify" from the 
> template terminal, rather than an AppVm, as root, I unecessarily and 
> perhaps seriously compromised the integrity of the template. 

Yes it is unsafe.
If you use an unverified key in apt, then you trust the repository
without knowing who is putting files in there.
That's a recipe for disaster.

>  
> When I got to this command: Install Spotify apt-get install -y 
> spotify-client
> 
> 
> it returned a warning to the effect that it
> 
>  'failed to authenticate' 
> 
> So I ran it with "--overide authentication" which allowed me to complete 
> the install. 
> 
> However, 
> 
> the terminal returned WARNING!THE FOLLOWING PACKAGES COULD NOT BE 
> AUTHENTICATD: spotify-client
> 
> This is probably caused becuase I was unable to successfully run any kind 
> of gpg  cat command on spotify.keyfile
> 
> I plan to install chrome and opera in this or a similar template. 
> 
> Is this playing with fire or is this warning something that can be 
> overlooked? 

Fire indeed.
Once you have checked the fingerprint of the key, (against a number of
different sources), use "apt-key add" to include it in the keys that apt
trusts.
Dont install packages that are not authenticated.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190819160120.GB31837%40thirdeyesecurity.org.

Re: [qubes-users] Can't find Debian 10/minimal template

[unman]

On Sun, Aug 18, 2019 at 08:14:07PM +0200, 799 wrote:
> Hello,
> 
> 'username908' via qubes-users  schrieb am
> So., 18. Aug. 2019, 19:50:
> 
> > sudo qubes-dom0-update qubes-template-debian-10
> > Using sys-whonix-15 as UpdateVM to download updates for Dom0; this may
> > take some time...
> > qubes-templates-community   | 3.0 kB
> > 00:00
> > qubes-templates-itl | 3.0 kB
> > 00:00
> > No Match for argument qubes-template-debian-10
> > Nothing to download
> >
> > Likewise, searching for it only gives Debian 9 and minimal.
> >
> 
> I think you need to enable testing repositories.
> As always the answer is somewhere in the excellent Qubes Docs ;-)
> 
> https://www.qubes-os.org/doc/software-update-vm/#testing-repositories
> 
> [799]
> 

Also:
https://www.qubes-os.org/doc/templates/debian/
"A Debian-10 template is currently available from the testing repository."

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190819151230.GA31837%40thirdeyesecurity.org.

Re: [qubes-users] Getting bluetooth to run in appVM

[799]

Hello Max,

Maximilian Ehlers  schrieb am Mo., 19. Aug. 2019, 14:35:

> (...)
> Unfortunately my bluetooth device seems to be integrated in the wifi
> card (Intel Wireless 8260 rev 3a) and does not appear in `qvm-usb
> list`, so I can not use it outside of `sys-usb`.
>
> Is there a way to send the audio to `sys-usb` and use it as a proxy to
> the bluetooth speaker? Or another way to pass the bluetooth device to
> the appVM?
>

Not a solution for your question, but have you tried to use one of those
very small Bluetooth USB dongles? This should work via sys-usb.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2s%3Di8aQquB5vE5ax0z3-iytNjhPPtPocmsHF4z_23dROg%40mail.gmail.com.

[qubes-users] Re: Got new hardware coming

[Stuart Perkins]

Well, a snag.  Evidently the newer kernel is not respecting the power 
management instructions on the boot params, and keeps wanting to lockup.  The 
guy building it for me is working on a work around.  If we can't get coreboot 
to work I may be stuck with an earlier model such as a T420 as my next box.  I 
was really wanting the 32gb ram capacity of the W520...

I consider the qubes model most secure without any blobs or (ak) the hardware 
vendor bios.  I may have to be keep a blob for the video in order to get the 
W520 working...  

We really need a target built system for coreboot/qubes for the best security.  
It needs to require ZERO blobs for most security.

I'll keep you posted with the results.

Stuart

On Tue, 13 Aug 2019 18:42:41 -0500
Stuart Perkins  wrote:

>I have commissioned the creation of a coreboot Lenovo W520.
>
>It is already running Qubes 4.x, but I will likely do a reinstall just for the 
>experience and to put it together with my GUI of choice etc...
>
>I will have a 240+GB SSD for the main OS and certain VM's.
>
>I will move my 2TB hdd over and set it up for the data areas which are just 
>plain too big for the SSD, much like I have my current setup.
>
>It has the Nvidia graphics which loses the ability to run the VGA port without 
>a blob I don't want to include in it, so external monitors will have to be USB 
>driven.
>
>It will be equipped with 16GB of RAM as well initially, then I will up it to 
>24 in order to save 8 for this machine, which I will commission as a backup 
>server for my home network (not running qubes, but it is is still core 
>booted...and I will be running Debian with VirtualBox VM's for various 
>things...like I did before Qubes and like I do now of my current home "server".
>
>I will finally get off of Qubes 3.2...  ;)
>
>I have not been actually reading the 4.0 messages here, but I have been 
>downloading them and will read through them for any issues I have before 
>bugging folks here...other than an up front question:
>
>Is there any known issues with a corebooted W520 and Qubes 4.x?
>
>Stuart
>
>


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190819083434.21e36ed9%40gmail.com.

[qubes-users] Troubleshooting an AppVM that suddenly can't connect to the network

[Andrew Todd]

I'm having a problem that I'm very confused about.

I have several AppVMs based on the same fedora-30 TemplateVM. Some of them 
are completely cut off from the Internet, some have firewall restrictions, 
some connect through sys-firewall but are not restricted.

Today, one specific AppVM has started refusing to connect to anything. Even 
if I try to connect by IP address, it claims it can't route. Example:

$ ssh user@192.168.34.22
ssh: connect to host 192.168.34.22 port 22: No route to host
$ ip r
default via 10.137.0.6 dev eth0 
10.137.0.6 dev eth0 scope link

I've gone through the few settings and error logs that I can think of, but 
nothing seems to be unusual about this particular AppVM. I've checked 
qvm-firewall and the rules should be allowing appropriate traffic to pass. 
I have not changed any settings. I have tried rebooting the system once or 
twice as well, with no effect.

It seems like I can get to sys-firewall across the link-local connection, 
but that's all. After that, nothing seems to work. Every other AppVM I've 
tried is working fine. Where should I be looking next? Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a79c63f-72e6-4286-8f1a-186289c29cac%40googlegroups.com.

[qubes-users] Getting bluetooth to run in appVM

[Maximilian Ehlers]

Hello,

I am trying to get bluetooth to run in an appVM to use it for online
radio and podcasts.

I was able to get bluetooth running in `sys-usb` by installing blueman.

Unfortunately my bluetooth device seems to be integrated in the wifi
card (Intel Wireless 8260 rev 3a) and does not appear in `qvm-usb
list`, so I can not use it outside of `sys-usb`.

Is there a way to send the audio to `sys-usb` and use it as a proxy to
the bluetooth speaker? Or another way to pass the bluetooth device to
the appVM?

Thanks for any help.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/51936d9239f5c4513de9e531ba7fe179ed16c82e.camel%40ehlers.berlin.

[qubes-users] qvm-create-windows-qube Automatically creates

['crazyqube' via qubes-users]

I just made my solution for fully automatically creating and installing new 
Windows qubes from scratch public! It pre-installs Qubes Windows Tools and 
Firefox so now you don't even have to open Internet Explorer to download a good 
browser! (lol)

It's currently ready for use at:
https://github.com/crazyqube/qvm-create-windows-qube

If you have any issues or suggestions then by all means create an issue and 
I'll look into it.

-crazyqube

P.S. If you use it and find it good then please give it a well-deserved star!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bpwyxERHZ4SBLZrCqVsTsdGRUA1RpDZInKemp-8J5BpMkHj3JxzYSveq5RaLKppkOjTgbpy1zoe73EuOo5xl63ROS4yJF7L-42KwjzX2Q0s%3D%40protonmail.com.

Re: [qubes-users] Re: whonix tor browser customization

[panina]

On 7/31/19 5:35 PM, 'awokd' via qubes-users wrote:
> panina:
>> Hello.
>>
>>
>> I've been looking for how to fix some bad default settings in the whonix
>> tor browser. Namely, they removed NoScript from the toolbar, so that the
>> NoScript cannot be used as intended.
>>
>> Since it's not adviced (and not easily possible) to start the browser in
>> the template, I have to do this manually each time I start a whonix dvm.
>> Since this is cumbersome, I'm not using the NoScript plugin as intended.
>>
>> Does anyone know how to get this plugin into the toolbar for each dvm? I
>> realize that this is a Whonix issue, but all of the affected users are
>> on this list...
> 
> You might be able to hack it like in 14-
> https://forums.whonix.org/t/how-do-i-customise-tor-browser-in-a-whonix-templatebased-dvm-in-whonix-14/5580/27.
> Note it may compromise anonymity by making your browser unique or at
> least less generic.
> 

Can't seem to get this working. I get confused by how the dvm's work,
and am not succeeding in starting any applications in the dvm template.



On 8/9/19 9:05 AM, Patrick Schleizer wrote:
>> panina:
>> Namely, they removed NoScript from the toolbar, so that the
>> NoScript cannot be used as intended.
>
>
> We did not. Decision by upstream, The Tor Project.
>
>
https://forums.whonix.org/t/workstation-15-dropped-both-noscript-and-https/7733

Thanks, duly noted. Is there any chance to get them to add a setting for
this? Or re-think their decision?

<3
/panina

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e5ed1da-15bc-4431-9f6d-d4edfaa83106%40nonbinary.me.


signature.asc
Description: OpenPGP digital signature

[qubes-users] HCL - Dell Inc XPS 15 7590

[thigo via qubes-users]

Killer AX1650 card drivers not present. Replaced with Intel 8290 AC as
a fix.
Goodix Fingerprint device found via USB, can we shared with supported
VMs

TPM2 is present but not found correctly by dom0 HCL scripts.
[beaster@dom0 ~]$ sudo dmesg | grep -i tpm
[0.00] ACPI: TPM2 0x6D8205C8 34 (v04 DELLx CBX3   
 0001 AMI  )
[   24.570136] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0xFC, rev-id 1)
[beaster@dom0 ~]$ sudo ls -la /dev/tpm*
crw--- 1 root root  10,   224 Aug 19 19:25 /dev/tpm0
crw--- 1 root root 242, 65536 Aug 19 19:25 /dev/tpmrm0

Thankyou Beaster

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190819084046.AC669E0776%40smtp.hushmail.com.


Qubes-HCL-Dell_Inc_-XPS_15_7590-20190819-192822.yml
Description: Binary data