date:20200213

Okay, I read your message again.

It shall just turn up in the file list of dom0.

I’ll look later.


fre. 14. feb. 2020 kl. 08.14 skrev A E :

> Okay, thanks.
>
> How can I see if the "install.sh" file has been created in dom0 ?
>
>
> fre. 14. feb. 2020 kl. 00.52 skrev unman :
>
>> On Thu, Feb 13, 2020 at 10:33:45PM +0100, A E wrote:
>> > tor. 13. feb. 2020 kl. 17.59 skrev M E :
>> >
>> > > tor. 13. feb. 2020 kl. 17.12 skrev unman > >:
>> > >
>> > >> On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
>> > >> > tor. 13. feb. 2020 kl. 13.54 skrev M E :
>> > >> >
>> > >> >
>> > >> > I have tried using the unsafe browser (as this domain also offer a
>> file
>> > >> > manager as a shortcut) and safe the file in the domains download
>> folder.
>> > >> > Here the file is suggested to be saved as ???install.sh???.
>> > >> >
>> > >> > And then I tried to execute the following script in dom0:
>> > >> >
>> > >> > qvm-run -p --filter-escape-chars --no-color-output
>> > >> >  "cat
>> '/home/user/Downloads/install.sh'" >
>> > >> > install.sh
>> > >> >
>> > >> > But as expected, this part of the script has to be replaced by
>> something
>> > >> > else:
>> > >> >
>> > >> > 
>> > >> >
>> > >> > I guess with something like a partition letter, but as I don???t
>> know
>> > >> more
>> > >> > than this path; ???'/home/user/Downloads/install.sh'??? I need to
>> be
>> > >> told what
>> > >> > I should write here instead.
>> > >> >
>> > >> > So what shall I replace it with ?
>> > >> >
>> > >>
>> > >> That's the *name* of the qube where the script is located.
>> > >>
>> > >> --
>> > >> You received this message because you are subscribed to a topic in
>> the
>> > >> Google Groups "qubes-users" group.
>> > >> To unsubscribe from this topic, visit
>> > >>
>> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
>> > >> To unsubscribe from this group and all its topics, send an email to
>> > >> qubes-users+unsubscr...@googlegroups.com.
>> > >> To view this discussion on the web visit
>> > >>
>> https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
>> > >> .
>> > >>
>> > >
>> > > Thank you.
>> > >
>> > > I have tried to execute it in the user dom0, both:
>> > >
>> > > qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
>> > > '/home/user/Downloads/install.sh'" > install.sh
>> > >
>> > > and
>> > >
>> > > qvm-run -p --filter-escape-chars --no-color-output ???untrusted???
>> "cat
>> > > '/home/user/Downloads/install.sh'" > install.sh
>> > >
>> > > It doesn???t seem to do anything...
>> > >
>> > > Shall I run it with root access instead, or what shall I do ?
>> > >
>> >
>> > When I try to use ???*??? around the domaine name, it says there
>> doesn???t exist
>> > any domain with that name. And I have checked it was spelled correctly.
>> And
>> > I get the same result if I use the root account.
>> >
>> > So I still need help to get further.
>> >
>>
>> You don't need anything around the name of the qube. Just use the name.
>> Nor do you need root (unless you are doing this somewhere without file
>> access in which case you will see an "access denied " error
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "qubes-users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> qubes-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/qubes-users/20200213235216.GB30643%40thirdeyesecurity.org
>> .
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUEuffPc5ZtDYU7KajHAdJRRCAZeUAXywry2GWiNvGUBFA%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?

Okay, thanks.

How can I see if the "install.sh" file has been created in dom0 ?


fre. 14. feb. 2020 kl. 00.52 skrev unman :

> On Thu, Feb 13, 2020 at 10:33:45PM +0100, A E wrote:
> > tor. 13. feb. 2020 kl. 17.59 skrev M E :
> >
> > > tor. 13. feb. 2020 kl. 17.12 skrev unman :
> > >
> > >> On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
> > >> > tor. 13. feb. 2020 kl. 13.54 skrev M E :
> > >> >
> > >> >
> > >> > I have tried using the unsafe browser (as this domain also offer a
> file
> > >> > manager as a shortcut) and safe the file in the domains download
> folder.
> > >> > Here the file is suggested to be saved as ???install.sh???.
> > >> >
> > >> > And then I tried to execute the following script in dom0:
> > >> >
> > >> > qvm-run -p --filter-escape-chars --no-color-output
> > >> >  "cat '/home/user/Downloads/install.sh'"
> >
> > >> > install.sh
> > >> >
> > >> > But as expected, this part of the script has to be replaced by
> something
> > >> > else:
> > >> >
> > >> > 
> > >> >
> > >> > I guess with something like a partition letter, but as I don???t
> know
> > >> more
> > >> > than this path; ???'/home/user/Downloads/install.sh'??? I need to be
> > >> told what
> > >> > I should write here instead.
> > >> >
> > >> > So what shall I replace it with ?
> > >> >
> > >>
> > >> That's the *name* of the qube where the script is located.
> > >>
> > >> --
> > >> You received this message because you are subscribed to a topic in the
> > >> Google Groups "qubes-users" group.
> > >> To unsubscribe from this topic, visit
> > >> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe
> .
> > >> To unsubscribe from this group and all its topics, send an email to
> > >> qubes-users+unsubscr...@googlegroups.com.
> > >> To view this discussion on the web visit
> > >>
> https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
> > >> .
> > >>
> > >
> > > Thank you.
> > >
> > > I have tried to execute it in the user dom0, both:
> > >
> > > qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
> > > '/home/user/Downloads/install.sh'" > install.sh
> > >
> > > and
> > >
> > > qvm-run -p --filter-escape-chars --no-color-output ???untrusted??? "cat
> > > '/home/user/Downloads/install.sh'" > install.sh
> > >
> > > It doesn???t seem to do anything...
> > >
> > > Shall I run it with root access instead, or what shall I do ?
> > >
> >
> > When I try to use ???*??? around the domaine name, it says there
> doesn???t exist
> > any domain with that name. And I have checked it was spelled correctly.
> And
> > I get the same result if I use the root account.
> >
> > So I still need help to get further.
> >
>
> You don't need anything around the name of the qube. Just use the name.
> Nor do you need root (unless you are doing this somewhere without file
> access in which case you will see an "access denied " error
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20200213235216.GB30643%40thirdeyesecurity.org
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUFp5q8VGWhP9eVyd70HhCUwLEkm696hHFj2gTkVoprjMA%40mail.gmail.com.

Re: [qubes-users] Scary Systemd Security Report

2020-02-13 Thread David Hobach


On 2/14/20 4:01 AM, Chris Laprise wrote:
That's odd. I use a regular debian-10 template for most things and 
exim4* removal only takes out 2 other exim packages.


Yes, they apparently put some effort into removing useless dependencies 
between debian 9 and 10.


E.g. gnome-keyring can also be removed now. :-)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cb6f6b18-3a6a-b71e-f8fb-e05fd520d3e6%40hackingthe.net.


smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qubes-users] Scary Systemd Security Report

2020-02-13 Thread Chris Laprise

On 2/13/20 7:04 PM, unman wrote:

On Thu, Feb 13, 2020 at 10:38:33AM +0100, Bernhard wrote:

Also, I see that you have many services that need not be there - some
of these will be disabled by Qubes- some you do not need in every qube
(cups-browsed, exim4, tinyproxy etc).

how do get rid of them? exim for example looks to me like a virus. I
found no way to uninstall it without destroying debian ... the trick is
maybe to keep them, but disabled? Cheers, Bernhard

I could be wrong but I don't think that tool takes any notice of the
*state* of the service, which is why I suggested that op should actually
dig in to the results.
Many of these services can be disabled - I prefer to mask or remove them
all together.
A reasonable alternative would be to start with a micro template and
only add the services/tools that you need.

As far as exim is concerned you should be able to remove it quite
easily.
exim is "recommended" by cron, but can be removed without breaking the
system. If you use a tool like aptitude it becomes easy to see and
overcome dependencies when removing packages.

That's odd. I use a regular debian-10 template for most things and
exim4* removal only takes out 2 other exim packages.

Bernhard should look into that; it would be great if this discussion
prompted the detection and removal of an actual malware.

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/b4abe0f8-0c39-7291-577a-54ce90cc30cd%40posteo.net.

Re: [qubes-users] Scary Systemd Security Report

2020-02-13 Thread Chris Laprise

On 2/12/20 7:27 AM, Claudia wrote:

I'm not sure if you'll agree, but my conclusion from this experiment is
that the Qubes Team have some work to do in hardening Qubes? Like you
say,"I see that you have many services that need not be there"; so my
question is, why are they present in a vanilla version of Qubes?

My impression of the official Qubes developers' stance on this is "security by
isolation," i.e. Xen is the only component they actually consider secure. This is
the rationale for passwordless sudo for example. In practice, I can agree, it's difficult
enough to develop and maintain an OS as sophisticated as Qubes in the first place, let
alone if they had to also harden guest OSes at various levels. In principle, I say fair
enough, I suppose it's not really Qubes' concern what goes on within VMs. Qubes just
polices the border.

It does present an interesting angle for hardening (there *always* is
another one, isn't there?).

You might be interested in Chris's Qubes hardening tools, however I don't know
it uses the systemd security features at all so it may not improve systemd's
report.

Qubes-VM-hardening probably wouldn't improve the report. The former is
mainly about restoring the guest's normal permissions-based security,
and helping ensure the startup state is uncompromised.

The analysis appears to be a measurement of a service's level of
sandboxing, according the the man page. It seems to look for
capabilities management of some kind(s). An example it gives is that a
service with the ability to mount/unmount volumes may be labeled UNSAFE.
This would imply that most of a system's services will never attain an
OK rating. So I think we're looking at another one of systemd's immature
pilots. It may even be a tool for scaring gratis CentOS/Fedora users
into purchasing RHEL (yes, my usual uncharitable assessment of Red Hat),
since systemd originates from Fedora/RHEL.

When I see stuff like this, I also ask whether the authors make any
distinctions about things like 'guardian' components... Does a
crypto-based verification tool or something doing little more than toss
data blocks from one port to another deserve the same steep (even
hyperbolic) grade scale that, say, CUPS or something even more complex
and less security-minded gets?

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

Re: [qubes-users] Re: Ubuntu templates

2020-02-13 Thread Sven Semmler

On Mon, Feb 05, 2018 at 01:01:28AM +, Unman wrote:
> When I post in these mailing lists I don't speak for Qubes: I'm posting
> as a Qubes user. I think there may be some people who aren't confident
> enough, or don't have time, to build Ubuntu templates for themselves, so
> I build example Templates and make them available. I also host repos to
> serve deb packages for Ubuntu.
> I use a dedicated machine for building, a caching proxy to save
> downloads, and run through Tor. Is that secure and reliable?
> 
> That said, I STRONGLY recommend that you build these templates for
> yourself.

Done. My only open question now is: how do I get qubes-specific
updates?

I know I could just hook up to unman's repos, but if I wanted to do it
myself? 

- I have the qubes-builder setup and have successfully created a 
  bionic template (using it right now). 

- How do I know there are changes to the qubes-* packages? Can I monitor
  that on Github somehow? Just run qubes-builder every weekend?

- Obviously I don't want to redo all my customizations to the template
  every time there are new packages. Where in the qubes-builder output
  can I find the respective packages? I suppose I simply qvm-copy them
  into my template and then run 'apt install'?

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200214021147.GB1083%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Scary Systemd Security Report

On Thu, Feb 13, 2020 at 10:38:33AM +0100, Bernhard wrote:
> 
> 
> > Also, I see that you have many services that need not be there - some
> > of these will be disabled by Qubes- some you do not need in every qube
> > (cups-browsed, exim4, tinyproxy etc).
> how do get rid of them? exim for example looks to me like a virus. I
> found no way to uninstall it without destroying debian ... the trick is
> maybe to keep them, but disabled? Cheers, Bernhard
> 

I could be wrong but I don't think that tool takes any notice of the
*state* of the service, which is why I suggested that op should actually
dig in to the results.
Many of these services can be disabled - I prefer to mask or remove them
all together.
A reasonable alternative would be to start with a micro template and
only add the services/tools that you need.

As far as exim is concerned you should be able to remove it quite
easily.
exim is "recommended" by cron, but can be removed without breaking the
system. If you use a tool like aptitude it becomes easy to see and
overcome dependencies when removing packages.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200214000446.GA30724%40thirdeyesecurity.org.

Re: [qubes-users] How to setup Win10 HVM ?

On Thu, Feb 13, 2020 at 10:33:45PM +0100, A E wrote:
> tor. 13. feb. 2020 kl. 17.59 skrev M E :
> 
> > tor. 13. feb. 2020 kl. 17.12 skrev unman :
> >
> >> On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
> >> > tor. 13. feb. 2020 kl. 13.54 skrev M E :
> >> >
> >> >
> >> > I have tried using the unsafe browser (as this domain also offer a file
> >> > manager as a shortcut) and safe the file in the domains download folder.
> >> > Here the file is suggested to be saved as ???install.sh???.
> >> >
> >> > And then I tried to execute the following script in dom0:
> >> >
> >> > qvm-run -p --filter-escape-chars --no-color-output
> >> >  "cat '/home/user/Downloads/install.sh'" >
> >> > install.sh
> >> >
> >> > But as expected, this part of the script has to be replaced by something
> >> > else:
> >> >
> >> > 
> >> >
> >> > I guess with something like a partition letter, but as I don???t know
> >> more
> >> > than this path; ???'/home/user/Downloads/install.sh'??? I need to be
> >> told what
> >> > I should write here instead.
> >> >
> >> > So what shall I replace it with ?
> >> >
> >>
> >> That's the *name* of the qube where the script is located.
> >>
> >> --
> >> You received this message because you are subscribed to a topic in the
> >> Google Groups "qubes-users" group.
> >> To unsubscribe from this topic, visit
> >> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
> >> To unsubscribe from this group and all its topics, send an email to
> >> qubes-users+unsubscr...@googlegroups.com.
> >> To view this discussion on the web visit
> >> https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
> >> .
> >>
> >
> > Thank you.
> >
> > I have tried to execute it in the user dom0, both:
> >
> > qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
> > '/home/user/Downloads/install.sh'" > install.sh
> >
> > and
> >
> > qvm-run -p --filter-escape-chars --no-color-output ???untrusted??? "cat
> > '/home/user/Downloads/install.sh'" > install.sh
> >
> > It doesn???t seem to do anything...
> >
> > Shall I run it with root access instead, or what shall I do ?
> >
> 
> When I try to use ???*??? around the domaine name, it says there doesn???t 
> exist
> any domain with that name. And I have checked it was spelled correctly. And
> I get the same result if I use the root account.
> 
> So I still need help to get further.
> 

You don't need anything around the name of the qube. Just use the name.
Nor do you need root (unless you are doing this somewhere without file
access in which case you will see an "access denied " error

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200213235216.GB30643%40thirdeyesecurity.org.

Re: [qubes-users] How to setup Win10 HVM ?

On Thu, Feb 13, 2020 at 05:59:55PM +0100, M E wrote:
> tor. 13. feb. 2020 kl. 17.12 skrev unman :
> 
> > On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
> > > tor. 13. feb. 2020 kl. 13.54 skrev M E :
> > >
> > >
> > > I have tried using the unsafe browser (as this domain also offer a file
> > > manager as a shortcut) and safe the file in the domains download folder.
> > > Here the file is suggested to be saved as ???install.sh???.
> > >
> > > And then I tried to execute the following script in dom0:
> > >
> > > qvm-run -p --filter-escape-chars --no-color-output
> > >  "cat '/home/user/Downloads/install.sh'" >
> > > install.sh
> > >
> > > But as expected, this part of the script has to be replaced by something
> > > else:
> > >
> > > 
> > >
> > > I guess with something like a partition letter, but as I don???t know
> > more
> > > than this path; ???'/home/user/Downloads/install.sh'??? I need to be
> > told what
> > > I should write here instead.
> > >
> > > So what shall I replace it with ?
> > >
> >
> > That's the *name* of the qube where the script is located.
> >
> > --
> > You received this message because you are subscribed to a topic in the
> > Google Groups "qubes-users" group.
> > To unsubscribe from this topic, visit
> > https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
> > To unsubscribe from this group and all its topics, send an email to
> > qubes-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit
> > https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
> > .
> >
> 
> Thank you.
> 
> I have tried to execute it in the user dom0, both:
> 
> qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
> '/home/user/Downloads/install.sh'" > install.sh
> 
> and
> 
> qvm-run -p --filter-escape-chars --no-color-output ???untrusted??? "cat
> '/home/user/Downloads/install.sh'" > install.sh
> 
> It doesn???t seem to do anything...
> 
> Shall I run it with root access instead, or what shall I do ?
> 

As you get used to Linux you will discover that when a command completes
succesfully, it will often not emit any output. Have you checked to see if
the "install.sh" file has been created in dom0? (Use 'ls' to list the
files)

You might also like to run:
qvm-run -p --filter-escape-chars --no-color-output untrusted 'ls 
/home/user/Downloads/'

which *should* show you a listing of the files on untrusted including
the install.sh file.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200213235011.GA30643%40thirdeyesecurity.org.

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

tor. 13. feb. 2020 kl. 23.49 skrev Mike Keehan :

> On 2/13/20 8:10 PM, A E wrote:
> > tor. 13. feb. 2020 kl. 18.48 skrev Mike Keehan  > >:
> >
> >
> >
> > On 2/13/20 5:27 PM, A E wrote:
> >  > tor. 13. feb. 2020 kl. 11.11 skrev A  > 
> >  > >>:
> >  >
> >  > How to set the screensaver to either show keyboard language
> > or not
> >  > to lock screen as default ?
> >  >
> >  > I have tried to set it to not lock the screen by uncheck it
> > in the
> >  > Screensaver settings. But it still continues to lock the
> screen.
> >  >
> >  > --
> >  > You received this message because you are subscribed to a
> > topic in
> >  > the Google Groups "qubes-users" group.
> >  > To unsubscribe from this topic, visit
> >  >
> >
> https://groups.google.com/d/topic/qubes-users/uMl6_djER5E/unsubscribe.
> >  > To unsubscribe from this group and all its topics, send an
> > email to
> >  > qubes-users+unsubscr...@googlegroups.com
> > 
> >  >  > >.
> >  > To view this discussion on the web visit
> >  >
> >
> https://groups.google.com/d/msgid/qubes-users/4ba32760-f4ea-4f1f-b92f-588306d2fa5d%40googlegroups.com
> .
> >  >
> >  >
> >  > Every time the screensaver lock the screen, I need to
> > reset/restart the
> >  > pc as I can’t know which keyboard layout is used and that is just
> a
> >  > little bit annoying ! 
> >  >
> >  > So I hope someone can explain to me how I can get it to show the
> >  > keyboard layout or not locking the screen.
> >  >
> >  > If that isn’t possible, can I then somehow disable or uninstall
> the
> >  > screensaver ?
> >  >
> >
> > In screensaver preferences, set "Lock screen after" to 0 minutes.
> >
> >
> > You’re right, I forgot once again that Linux/Qubes OS consist of small
> > programs that is made by different other creators.
> >
> > Setting “lock screen after” 0 minutes just makes the screensaver to lock
> > immediately when the screensaver gets activated.
> >
> > I have wrote to the creator of the screensaver, and he says X11 sucks
> > and makes it impossible to get the keyboard layout showed.
> >
> > So I have to disable the lock.
> >
> > One option is to set the lockTimeout to a large number so that it won’t
> > lock. lockTimeout control have long after a blank screen the lock will
> > be activated.
> >
> > Another solution is to disable or uninstall the program.
> >
>
> Ah, you are right about the "lock after" option.
>
> I've just checked my system, and in the screensaver preferences window,
> the Mode can be set to Disable Screen Saver.  I think that is what you
> need to do.
>
> Mike.
>

Yes, that’s right.

I forgot to write that I also have tried that, and that didn’t work either.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUFvq6%3D%3DoknA5s1PezDQv-fiepUWHW21rnFByXKO4yo%2Bdw%40mail.gmail.com.

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

2020-02-13 Thread Mike Keehan

On 2/13/20 8:10 PM, A E wrote:
tor. 13. feb. 2020 kl. 18.48 skrev Mike Keehan >:

On 2/13/20 5:27 PM, A E wrote:
 > tor. 13. feb. 2020 kl. 11.11 skrev A mailto:anneeyr...@gmail.com>
 > >>:
 >
 >     How to set the screensaver to either show keyboard language
or not
 >     to lock screen as default ?
 >
 >     I have tried to set it to not lock the screen by uncheck it
in the
 >     Screensaver settings. But it still continues to lock the screen.
 >
 >     --
 >     You received this message because you are subscribed to a
topic in
 >     the Google Groups "qubes-users" group.
 >     To unsubscribe from this topic, visit
 >
https://groups.google.com/d/topic/qubes-users/uMl6_djER5E/unsubscribe.
 >     To unsubscribe from this group and all its topics, send an
email to
 > qubes-users+unsubscr...@googlegroups.com

 >     >.
 >     To view this discussion on the web visit
 >

https://groups.google.com/d/msgid/qubes-users/4ba32760-f4ea-4f1f-b92f-588306d2fa5d%40googlegroups.com.
 >
 >
 > Every time the screensaver lock the screen, I need to
reset/restart the
 > pc as I can’t know which keyboard layout is used and that is just a
 > little bit annoying ! 
 >
 > So I hope someone can explain to me how I can get it to show the
 > keyboard layout or not locking the screen.
 >
 > If that isn’t possible, can I then somehow disable or uninstall the
 > screensaver ?
 >

In screensaver preferences, set "Lock screen after" to 0 minutes.

You’re right, I forgot once again that Linux/Qubes OS consist of small 
programs that is made by different other creators.

Setting “lock screen after” 0 minutes just makes the screensaver to lock 
immediately when the screensaver gets activated.

I have wrote to the creator of the screensaver, and he says X11 sucks 
and makes it impossible to get the keyboard layout showed.

So I have to disable the lock.

One option is to set the lockTimeout to a large number so that it won’t 
lock. lockTimeout control have long after a blank screen the lock will 
be activated.

Another solution is to disable or uninstall the program.

Ah, you are right about the "lock after" option.

I've just checked my system, and in the screensaver preferences window,
the Mode can be set to Disable Screen Saver.  I think that is what you
need to do.

Mike.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9a70b4f-1322-5202-919b-d05f799b0a6d%40keehan.net.

Re: [qubes-users] How to setup Win10 HVM ?

tor. 13. feb. 2020 kl. 22.38 skrev :

> On Thu, Feb 13, 2020 at 10:33:45PM +0100, A E wrote:
>
> > When I try to use “*” around the domaine name, it says there doesn’t
> exist
> > any domain with that name. And I have checked it was spelled correctly.
> And
> > I get the same result if I use the root account.
>
> try using quotes ... as in regular "" instead of “” ...
> i am pretty sure the shell doesnt understand weird graphical
> unicode stuff like that.
>
> I have I’m just writing these messages on an iPad which seems only to be
able to write these “”.

I have also tried to use a UK keyboard layout in the terminal to be certain
with the same result.

It just keeps saying either nothing or “qvm-run: error: no such domain:
‘*work*’ ” And when it says nothing, I can’t see any new domain in the
Domain manager.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUExmCC0w23uRB17Xa_mVTUj8rGGE-ghQw1NUg%3DWE27%3D%3Dg%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?

tor. 13. feb. 2020 kl. 22.33 skrev A E :

> tor. 13. feb. 2020 kl. 17.59 skrev M E :
>
>> tor. 13. feb. 2020 kl. 17.12 skrev unman :
>>
>>> On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
>>> > tor. 13. feb. 2020 kl. 13.54 skrev M E :
>>> >
>>> >
>>> > I have tried using the unsafe browser (as this domain also offer a file
>>> > manager as a shortcut) and safe the file in the domains download
>>> folder.
>>> > Here the file is suggested to be saved as ???install.sh???.
>>> >
>>> > And then I tried to execute the following script in dom0:
>>> >
>>> > qvm-run -p --filter-escape-chars --no-color-output
>>> >  "cat '/home/user/Downloads/install.sh'" >
>>> > install.sh
>>> >
>>> > But as expected, this part of the script has to be replaced by
>>> something
>>> > else:
>>> >
>>> > 
>>> >
>>> > I guess with something like a partition letter, but as I don???t know
>>> more
>>> > than this path; ???'/home/user/Downloads/install.sh'??? I need to be
>>> told what
>>> > I should write here instead.
>>> >
>>> > So what shall I replace it with ?
>>> >
>>>
>>> That's the *name* of the qube where the script is located.
>>>
>>> --
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "qubes-users" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
>>> To unsubscribe from this group and all its topics, send an email to
>>> qubes-users+unsubscr...@googlegroups.com.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
>>> .
>>>
>>
>> Thank you.
>>
>> I have tried to execute it in the user dom0, both:
>>
>> qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
>> '/home/user/Downloads/install.sh'" > install.sh
>>
>> and
>>
>> qvm-run -p --filter-escape-chars --no-color-output “untrusted” "cat
>> '/home/user/Downloads/install.sh'" > install.sh
>>
>> It doesn’t seem to do anything...
>>
>> Shall I run it with root access instead, or what shall I do ?
>>
>
> When I try to use “*” around the domaine name, it says there doesn’t exist
> any domain with that name. And I have checked it was spelled correctly. And
> I get the same result if I use the root account.
>
> So I still need help to get further.
>

I have also tried using the work domain instead. But with the same result.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUEpDjtPu2jDmQ0QPNOPLZtCpjTvTUpsA8q%3D%3DdoRA_4QSQ%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?

2020-02-13 Thread dhorf-hfref . 4a288f10

On Thu, Feb 13, 2020 at 10:33:45PM +0100, A E wrote:

> When I try to use “*” around the domaine name, it says there doesn’t exist
> any domain with that name. And I have checked it was spelled correctly. And
> I get the same result if I use the root account.

try using quotes ... as in regular "" instead of “” ... 
i am pretty sure the shell doesnt understand weird graphical 
unicode stuff like that.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200213213810.GV8973%40priv-mua.

Re: [qubes-users] How to setup Win10 HVM ?

tor. 13. feb. 2020 kl. 17.59 skrev M E :

> tor. 13. feb. 2020 kl. 17.12 skrev unman :
>
>> On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
>> > tor. 13. feb. 2020 kl. 13.54 skrev M E :
>> >
>> >
>> > I have tried using the unsafe browser (as this domain also offer a file
>> > manager as a shortcut) and safe the file in the domains download folder.
>> > Here the file is suggested to be saved as ???install.sh???.
>> >
>> > And then I tried to execute the following script in dom0:
>> >
>> > qvm-run -p --filter-escape-chars --no-color-output
>> >  "cat '/home/user/Downloads/install.sh'" >
>> > install.sh
>> >
>> > But as expected, this part of the script has to be replaced by something
>> > else:
>> >
>> > 
>> >
>> > I guess with something like a partition letter, but as I don???t know
>> more
>> > than this path; ???'/home/user/Downloads/install.sh'??? I need to be
>> told what
>> > I should write here instead.
>> >
>> > So what shall I replace it with ?
>> >
>>
>> That's the *name* of the qube where the script is located.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "qubes-users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> qubes-users+unsubscr...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
>> .
>>
>
> Thank you.
>
> I have tried to execute it in the user dom0, both:
>
> qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
> '/home/user/Downloads/install.sh'" > install.sh
>
> and
>
> qvm-run -p --filter-escape-chars --no-color-output “untrusted” "cat
> '/home/user/Downloads/install.sh'" > install.sh
>
> It doesn’t seem to do anything...
>
> Shall I run it with root access instead, or what shall I do ?
>

When I try to use “*” around the domaine name, it says there doesn’t exist
any domain with that name. And I have checked it was spelled correctly. And
I get the same result if I use the root account.

So I still need help to get further.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUFaVFaTjXYXBXV_h_JJ0x2TrwVOrVn%2BEUKp5anobcQ%3DJQ%40mail.gmail.com.

Re: [qubes-users] Is Qubes Split GPG safe?

2020-02-13 Thread Frédéric Pierret


On 2020-02-13 20:37, Claudio Chinicz wrote:
> Hi Frédéric,
> 
> Thanks, I've managed to install claws-mail on my Fedora template. The problem 
> is that Claws-mail does not support Oath2 (Google) authentication, just like 
> Kmail.

Your welcome.

> 
> Evolution does support Oatrh2 authentication but instead of Gnupg it supports 
> Open PGP, the same standard that TB 79 will support, replacing Enigmail.
> 
> Would Open PGP support/integrate with Qubes Split GPG?

I CC Marek to this question as I known there is some new version of it but I 
don't know what's inside.

Best regards,
Frédéric

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/107ce55b-e7e5-085f-7d50-b060aa95ea29%40qubes-os.org.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] How to add swap space

2020-02-13 Thread billollib

Thanks to all for the replies.  It worked!

billo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/821aecd6-8358-420e-8825-05330cce22c8%40googlegroups.com.

Re: [qubes-users] Is Qubes Split GPG safe?

2020-02-13 Thread Claudio Chinicz

Hi Frédéric,

Thanks, I've managed to install claws-mail on my Fedora template. The 
problem is that Claws-mail does not support Oath2 (Google) authentication, 
just like Kmail.

Evolution does support Oatrh2 authentication but instead of Gnupg it 
supports Open PGP, the same standard that TB 79 will support, replacing 
Enigmail.

Would Open PGP support/integrate with Qubes Split GPG?

Regards

On Thursday, 13 February 2020 19:50:21 UTC+2, Frédéric Pierret wrote:
>
>
> On 2020-02-13 18:36, Claudio Chinicz wrote: 
> > Hi Sven, 
> > 
> > Thanks again. I've tried them and found the following: 
> > 
> > - KMail is not allowed to authenticate with Oath2 from Google (my 
> accounts are Gmail) 
> > - Evolution now does not support Gnupg 
> > - Claws is not available for Fedora 
>
> 'claws-mail' package is available in Fedora. 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f43b72b8-532b-4703-8109-ad5a85027647%40googlegroups.com.

Re: [qubes-users] Re: AppVms being killed on resume due to clock skew too large

2020-02-13 Thread mmoris

Problem still occurs even after memory balancing has been disabled.
On random resumes:

[37968.267047] audit: type=1104 audit(1581552250.086:231): pid=13012 uid=0 
auid=4294967295 ses=4294967295 msg='op=PAM:setcred grantors=pam_rootok 
acct="root" exe="/usr/lib/qubes/qrexec-agent" hostname=? addr=? terminal=? 
res=success'
[37973.300468] page:ea00039be440 count:0 mapcount:-128 
mapping: index:0x1
[37973.300492] flags: 0xfffe0()
[37973.300502] raw: 000fffe0 ea00031be488 ea00021ebe88 

[37973.300518] raw: 0001  ff7f 

[37973.300534] page dumped because: VM_BUG_ON_PAGE(page_ref_count(page) == 0)
[37973.300552] [ cut here ]
[37973.300563] kernel BUG at 
/home/user/rpmbuild/BUILD/kernel-4.19.94/linux-4.19.94/include/linux/mm.h:519!
[37973.300585] invalid opcode:  [#1] SMP PTI
[37973.300597] CPU: 1 PID: 13048 Comm: DOM Worker Tainted: G O 
4.19.94-1.pvops.qubes.x86_64 #1
[37973.300619] RIP: 0010:release_pages+0x3c3/0x4b0
[37973.300630] Code: ff ff 48 8b 34 24 49 8d bc 24 80 a1 02 00 45 31 e4 e8 c1 
4a 71 00 e9 48 ff ff ff 48 c7 c6 48 70 08 82 4c 89 ef e8 9d 58 02 00 <0f> 0b 4d 
85 e4 74 11 48 8b 34 24 49 8d bc 24 80 a1 02 00 e8 95 4a
[37973.300666] RSP: 0018:c9a6fab0 EFLAGS: 00010046
[37973.300678] RAX: 003e RBX: 82369cc0 RCX: 0006
[37973.300693] RDX:  RSI:  RDI: 8880f5b168b0
[37973.300709] RBP: 8880873a5a28 R08: c900 R09: 00011dc1
[37973.300725] R10: 000fa000 R11: 829f1e4d R12: 8880f9fd5000
[37973.300740] R13: ea00039be440 R14: 0002 R15: 8880873a6000
[37973.300757] FS: () GS:8880f5b0() 
knlGS:
[37973.300772] CS: 0010 DS:  ES:  CR0: 80050033
[37973.300787] CR2: 7e31a34ff9d0 CR3: 4c3a8003 CR4: 003606e0
[37973.300810] DR0:  DR1:  DR2: 
[37973.300827] DR3:  DR6: fffe0ff0 DR7: 0400
[37973.300842] Call Trace:
[37973.300852] tlb_flush_mmu_free+0x36/0x50
[37973.300862] unmap_page_range+0x8f0/0xd00
[37973.300872] unmap_vmas+0x4c/0xa0
[37973.300881] exit_mmap+0xb5/0x1a0
[37973.300984] mmput+0x5f/0x140
[37973.300995] flush_old_exec+0x597/0x6c0
[37973.301004] ? load_elf_phdrs+0x97/0xb0
[37973.301014] load_elf_binary+0x3d9/0x1224
[37973.301023] ? get_acl+0x1a/0x100
[37973.301033] search_binary_handler+0xa6/0x1c0
[37973.301045] __do_execve_file.isra.34+0x587/0x7e0
[37973.301056] __x64_sys_execve+0x34/0x40
[37973.301066] do_syscall_64+0x5b/0x190
[37973.301076] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[37973.301088] RIP: 0033:0x7e31bc9ffacb
[37973.301099] Code: Bad RIP value.
[37973.301107] RSP: 002b:7e31a34fd4d8 EFLAGS: 0246 ORIG_RAX: 
003b
[37973.301123] RAX: ffda RBX: 7e31a34fd500 RCX: 7e31bc9ffacb
[37973.301139] RDX: 7e31bc786c00 RSI: 7e31a34fd4e0 RDI: 7e31bc722cd0
[37973.301155] RBP: 7e31a34fd560 R08: 7e31a34fd4f8 R09: 7e31a34fd520
[37973.301171] R10: 7e31a34fd4e0 R11: 0246 R12: 7e31a34fd598
[37973.301187] R13:  R14: 5e449201 R15: 7e31a34fd5b0
[37973.301203] Modules linked in: binfmt_misc ip6table_filter ip6_tables 
xt_conntrack ipt_MASQUERADE iptable_nat nf_nat_ipv4 nf_nat nf_conntrack 
nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c intel_rapl crct10dif_pclmul 
crc32_pclmul crc32c_intel ghash_clmulni_intel xen_netfront intel_rapl_perf 
pcspkr u2mfn(O) xen_gntdev xenfs xen_gntalloc xen_blkback xen_privcmd 
xen_evtchn overlay xen_blkfront
[37973.301280] ---[ end trace f2c87841b7f07a99 ]---
[37973.301292] RIP: 0010:release_pages+0x3c3/0x4b0
[37973.301303] Code: ff ff 48 8b 34 24 49 8d bc 24 80 a1 02 00 45 31 e4 e8 c1 
4a 71 00 e9 48 ff ff ff 48 c7 c6 48 70 08 82 4c 89 ef e8 9d 58 02 00 <0f> 0b 4d 
85 e4 74 11 48 8b 34 24 49 8d bc 24 80 a1 02 00 e8 95 4a
[37973.301340] RSP: 0018:c9a6fab0 EFLAGS: 00010046
[37973.301351] RAX: 003e RBX: 82369cc0 RCX: 0006
[37973.301367] RDX:  RSI:  RDI: 8880f5b168b0
[37973.301383] RBP: 8880873a5a28 R08: c900 R09: 00011dc1
[37973.301399] R10: 000fa000 R11: 829f1e4d R12: 8880f9fd5000
[37973.301415] R13: ea00039be440 R14: 0002 R15: 8880873a6000
[37973.301431] FS: () GS:8880f5b0() 
knlGS:
[37973.301447] CS: 0010 DS:  ES:  CR0: 80050033
[37973.301461] CR2: 7e31bc9ffaa1 CR3: 4c3a8003 CR4: 003606e0
[37973.301476] DR0:  DR1:  DR2: 
[37973.301492] DR3:  DR6: fffe0ff0 DR7: 0400
[37973.301508] Kernel panic - not syncing: Fatal exception
[37975.195379]

Re: [qubes-users] Encrypt disk after installation

2020-02-13 Thread Chris Laprise

On 2/13/20 1:30 AM, 'ukernel' via qubes-users wrote:
For some reason despite the fact that during installation I selected the
encryption checkbox and set a password but the partition where I
installed Qubes OS was not encrypted. I found a command to encrypt on
the same page of Qubes OS however it says that it overwrite all the
information. I need to know how to encrypt my disk without reinstalling
everything.

Could you help me please?

cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512
--use-random --iter-time 1 --verify-passphrase luksFormat /dev/sda2

https://www.qubes-os.org/doc/custom-install/

Those are not instructions for encrypting after installation, but before
before installation.

Overall, the best approach is probably to backup your data and
re-install Qubes. If you think the installer isn't encrypting your
custom configuration due to a bug, then you can follow the
custom-install example you linked to just before install (I'm pretty
sure that doc exists bc other users encountered the same problem you did).

In-place conversion to LUKS encryption is rare and not supported by LUKS
itself, however a tool called 'luksipc' exists to do this. However I
don't think it works with LVM which is what Qubes uses for storage.

Another method requires allocating an unused partition, setting it up
with cryptsetup and LVM, then copying from old volumes to new and
adjusting the boot parameters to use the new setup. The following is
*loosely* how it might be done, although it does not setup a thin pool
for LVM so you would need to combine it with instructions from step 5 of
the Qubes custom-install doc...

https://askubuntu.com/questions/366749/enable-disk-encryption-after-installation/1107295#1107295

Its rather complicated so I suggest re-installing instead.

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

Re: [qubes-users] Is Qubes Split GPG safe?

2020-02-13 Thread Frédéric Pierret


On 2020-02-13 18:36, Claudio Chinicz wrote:
> Hi Sven,
> 
> Thanks again. I've tried them and found the following:
> 
> - KMail is not allowed to authenticate with Oath2 from Google (my accounts 
> are Gmail)
> - Evolution now does not support Gnupg
> - Claws is not available for Fedora

'claws-mail' package is available in Fedora.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47b77bf4-4f6d-b90e-9d19-7f205187038a%40qubes-os.org.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

2020-02-13 Thread dhorf-hfref . 4a288f10

On Thu, Feb 13, 2020 at 06:27:13PM +0100, A E wrote:
> So I hope someone can explain to me how I can get it to show the keyboard
> layout or not locking the screen.

not very qubes-specific afaict.
google something like: how to configure xscreensaver


> If that isn’t possible, can I then somehow disable or uninstall the
> screensaver ?

basic fedora package management should work.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200213174045.GU8973%40priv-mua.

Re: [qubes-users] Is Qubes Split GPG safe?

2020-02-13 Thread Claudio Chinicz

Hi Sven,

Thanks again. I've tried them and found the following:

- KMail is not allowed to authenticate with Oath2 from Google (my accounts are 
Gmail)
- Evolution now does not support Gnupg
- Claws is not available for Fedora

Sorry for insisting.. any ideas?

Best

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed3007a8-783d-4f06-8f8f-4f2a01aad365%40googlegroups.com.

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

tor. 13. feb. 2020 kl. 11.11 skrev A :

> How to set the screensaver to either show keyboard language or not to lock
> screen as default ?
>
> I have tried to set it to not lock the screen by uncheck it in the
> Screensaver settings. But it still continues to lock the screen.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/uMl6_djER5E/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/4ba32760-f4ea-4f1f-b92f-588306d2fa5d%40googlegroups.com
> .
>

Every time the screensaver lock the screen, I need to reset/restart the pc
as I can’t know which keyboard layout is used and that is just a little bit
annoying ! 

So I hope someone can explain to me how I can get it to show the keyboard
layout or not locking the screen.

If that isn’t possible, can I then somehow disable or uninstall the
screensaver ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUGQSEHtrpfb1ouJiU8HHaqm3TVsQ6_4rdNsofrNv6A%3DFw%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?

tor. 13. feb. 2020 kl. 17.12 skrev unman :

> On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
> > tor. 13. feb. 2020 kl. 13.54 skrev M E :
> >
> >
> > I have tried using the unsafe browser (as this domain also offer a file
> > manager as a shortcut) and safe the file in the domains download folder.
> > Here the file is suggested to be saved as ???install.sh???.
> >
> > And then I tried to execute the following script in dom0:
> >
> > qvm-run -p --filter-escape-chars --no-color-output
> >  "cat '/home/user/Downloads/install.sh'" >
> > install.sh
> >
> > But as expected, this part of the script has to be replaced by something
> > else:
> >
> > 
> >
> > I guess with something like a partition letter, but as I don???t know
> more
> > than this path; ???'/home/user/Downloads/install.sh'??? I need to be
> told what
> > I should write here instead.
> >
> > So what shall I replace it with ?
> >
>
> That's the *name* of the qube where the script is located.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/78DgmWxZf80/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org
> .
>

Thank you.

I have tried to execute it in the user dom0, both:

qvm-run -p --filter-escape-chars --no-color-output untrusted "cat
'/home/user/Downloads/install.sh'" > install.sh

and

qvm-run -p --filter-escape-chars --no-color-output “untrusted” "cat
'/home/user/Downloads/install.sh'" > install.sh

It doesn’t seem to do anything...

Shall I run it with root access instead, or what shall I do ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUEUeBwv_KnOBXADLPpa_hgd0VHAd_joPTbO4vAGBwpH8A%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?

On Thu, Feb 13, 2020 at 04:48:42PM +0100, M E wrote:
> tor. 13. feb. 2020 kl. 13.54 skrev M E :
> 
> 
> I have tried using the unsafe browser (as this domain also offer a file
> manager as a shortcut) and safe the file in the domains download folder.
> Here the file is suggested to be saved as ???install.sh???.
> 
> And then I tried to execute the following script in dom0:
> 
> qvm-run -p --filter-escape-chars --no-color-output
>  "cat '/home/user/Downloads/install.sh'" >
> install.sh
> 
> But as expected, this part of the script has to be replaced by something
> else:
> 
> 
> 
> I guess with something like a partition letter, but as I don???t know more
> than this path; ???'/home/user/Downloads/install.sh'??? I need to be told what
> I should write here instead.
> 
> So what shall I replace it with ?
> 

That's the *name* of the qube where the script is located.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200213161211.GA29023%40thirdeyesecurity.org.

Re: [qubes-users] How to setup Win10 HVM ?

tor. 13. feb. 2020 kl. 13.54 skrev M E :

> tor. 13. feb. 2020 kl. 12.51 skrev M E :
>
>> tor. 13. feb. 2020 kl. 06.04 skrev awokd :
>>
>>> A:
>>> > I want to install Windows 10 from a DVD in a new HVM and have begin
>>> following this guide: https://www.qubes-os.org/doc/windows-vm/
>>> >
>>> > It says:
>>> >
>>> > “Create a new Qube:
>>> > Name: Win10, Color: red
>>> > Standalone Qube not based on a template
>>> > Networking: sys-firewall (default)
>>> > Launch settings after creation: check
>>> > Click “OK”.”
>>> >
>>> > As I’m going to install Win 10 from a DVD, shall I then just follow
>>> the guide and choose “Launch settings after creation” or shall I choose
>>> “Install from device” ?
>>> >
>>> https://github.com/elliotkillick/qvm-create-windows-qube
>>>
>>> --
>>> - don't top post
>>> Mailing list etiquette:
>>> - trim quoted reply to only relevant portions
>>> - when possible, copy and paste text instead of screenshots
>>>
>>
>> Sorry, but I need a more detailed guide as I’m just a little bit more
>> skilled than a average Windows user and is both new to Linux and Qubes OS...
>>
>> 1)  Can I download the files using any domain-browser or do I have to use
>> a specific one ?
>>
>> 2)  Shall I save the installation script file with a specific name, and
>> if so what ?
>>
>> 3)  Where shall I save the installation script file ?
>>
>> 4)  Shall I really just copy the following code and execute it in dom0 or
>> shall I download the file install.sh first or change something in the code
>> and if so what ?
>>
>> qvm-run -p --filter-escape-chars --no-color-output
>>  "cat '/home/user/Downloads/install.sh'" >
>> install.sh
>>
>> 5)  I don’t get this: “Safer with escape character filtering enabled
>> above; qvm-run disables it by default when output is a file”.
>>   Shall I do something to enable “character filtering”, and if so
>> what ?
>>
>> 6)  I guess I then just have to execute this in dom0: “chmod +x
>> install.sh && ./install.sh”.
>>   Is that correct ?
>>
>> 7)  If all goes well, is this the only thing I need to do afterwards to
>> get Windows 10 up and running in Qubes OS 4.0.3... ?
>>   Put ”qubes-start.desktop into /usr/share/qubes-appmenus in Dom0 if
>> none is present“
>>
>
>> 2)  The link on the page is to the file “install.sh”, so I guess it
> should be named that.
>
> 3)  To this path:  “/home/user/Downloads/” (according to the command)
>
>

I have tried using the unsafe browser (as this domain also offer a file
manager as a shortcut) and safe the file in the domains download folder.
Here the file is suggested to be saved as “install.sh”.

And then I tried to execute the following script in dom0:

qvm-run -p --filter-escape-chars --no-color-output
 "cat '/home/user/Downloads/install.sh'" >
install.sh

But as expected, this part of the script has to be replaced by something
else:



I guess with something like a partition letter, but as I don’t know more
than this path; “'/home/user/Downloads/install.sh'” I need to be told what
I should write here instead.

So what shall I replace it with ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUGs76UpKWbKaQd5wrZh%2B-KB56dbeqKD2rDRXTZDCyiZbA%40mail.gmail.com.

[qubes-users] Re: Will Thunderbird 78 kill Qubes Split gpg?

2020-02-13 Thread qtpie


Claudio Chinicz:

Hi All,

I've just read this post from TB 
(https://wiki.mozilla.org/Thunderbird:OpenPGP:2020) and do not know if it will 
support Qubes Split gpg without Enigmail?

Anyone knows?

Regards




Are there people using split GPG with other GUI e-mail clients? (GUIs 
similar to those of thunderbird, not mutt). Ie what are thunderbird 
alternatives that will work with split gpg?


And for those who will continue to use Thunderbird: of course split-gpg 
it is a really cool feature that makes really good use of the abilities 
of Qubes. But what is the actual risk in practice of your private key 
getting stolen if you run Thunderbird 78+ in its own VM and dont open 
weird attachments and do not open links in the same VM? I havent heard 
of private keys getting stolen via e-mail client security holes, but Im 
not a security researcher and I dont know about the trackrecord of 
Thunderbird.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/r23muc%24rur%241%40ciao.gmane.io.

Re: [qubes-users] How to setup Win10 HVM ?

tor. 13. feb. 2020 kl. 12.51 skrev M E :

> tor. 13. feb. 2020 kl. 06.04 skrev awokd :
>
>> A:
>> > I want to install Windows 10 from a DVD in a new HVM and have begin
>> following this guide: https://www.qubes-os.org/doc/windows-vm/
>> >
>> > It says:
>> >
>> > “Create a new Qube:
>> > Name: Win10, Color: red
>> > Standalone Qube not based on a template
>> > Networking: sys-firewall (default)
>> > Launch settings after creation: check
>> > Click “OK”.”
>> >
>> > As I’m going to install Win 10 from a DVD, shall I then just follow the
>> guide and choose “Launch settings after creation” or shall I choose
>> “Install from device” ?
>> >
>> https://github.com/elliotkillick/qvm-create-windows-qube
>>
>> --
>> - don't top post
>> Mailing list etiquette:
>> - trim quoted reply to only relevant portions
>> - when possible, copy and paste text instead of screenshots
>>
>
> Sorry, but I need a more detailed guide as I’m just a little bit more
> skilled than a average Windows user and is both new to Linux and Qubes OS...
>
> 1)  Can I download the files using any domain-browser or do I have to use
> a specific one ?
>
> 2)  Shall I save the installation script file with a specific name, and if
> so what ?
>
> 3)  Where shall I save the installation script file ?
>
> 4)  Shall I really just copy the following code and execute it in dom0 or
> shall I download the file install.sh first or change something in the code
> and if so what ?
>
> qvm-run -p --filter-escape-chars --no-color-output
>  "cat '/home/user/Downloads/install.sh'" >
> install.sh
>
> 5)  I don’t get this: “Safer with escape character filtering enabled
> above; qvm-run disables it by default when output is a file”.
>   Shall I do something to enable “character filtering”, and if so what
> ?
>
> 6)  I guess I then just have to execute this in dom0: “chmod +x
> install.sh && ./install.sh”.
>   Is that correct ?
>
> 7)  If all goes well, is this the only thing I need to do afterwards to
> get Windows 10 up and running in Qubes OS 4.0.3... ?
>   Put ”qubes-start.desktop into /usr/share/qubes-appmenus in Dom0 if
> none is present“
>
> 2)  The link on the page is to the file “install.sh”, so I guess it
should be named that.

3)  To this path:  “/home/user/Downloads/” (according to the command)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABRRaUHq8TGOmJikiZUg65tNZe-epD1qnKT2O%2BPjd6u-uaa03g%40mail.gmail.com.

Re: [qubes-users] How to setup Win10 HVM ?