Re: [qubes-users] Neither WiFi card nor USBs work
Sounds like incompatible hardware. But 4.02rtcl has been rugged I deleted. Downloaded 4.01 as my only USB is 4.0. I dearly hope I don't have to do that quirky debian template upgrade unless I can just type sude apt system upgrade or like that. Other than that, my only beefs are that the system seems to be slowing n my Dell Inspiron i5 8GBRAM and I don't want to have to go to the fusion repo on the fedora template to run html5 youtubes. But that is laziness I don't mind doing it. Others might not want to. Qubes OS is sacred work and I appreciate ADW and the others who field questions on this rockin listserv. But yes we need speed and more supportive gui. We need to evangelize QOS. Because the state agencies are stalking and spying and arresting people for their online activities, opinions, subversive thoughts and even memes. The best hope against an Orwellian future is Qubes dissemination. But as part of our mission we should Never Give Up. It is OK to run fedora or ubuntu or debian on another partition or another box for convenience, but we can all change the wolrd by being testers and canaries for the sake of those who connect to the internet in places like Turkey, Syria, China, Brazil, Russia, or a post-democracy USA or a post-democratic UK. This email is confidential to the recipient named in the original. If you receive and are not the named recipient *please delete and notify sender* thank you in advance for your adherence. On Thu, Oct 3, 2019 at 4:48 PM Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2019-10-02 9:22 AM, acharya.sagar.sag...@gmail.com wrote: > > Qubes was meant to be for end users who wanted to be more secure, > > it wasn't meant for security experts or expert coders who would > > want to edit files and configure things for themselves. Without a > > doubt, the 4.0 version of Qubes hasn't been managed well. Updating > > dom0 with meant to be stable OS broke my system. It wouldn't boot > > up. > > > > My hardware satisfies all the conditions that Qubes has mentioned > > yet it is far from stable here. Switched back to parrot os. This > > is the 3rd time I expected something stable and had to go back > > > > [...] > > > > I request all the developers of Qubes to have a meeting and > > completely redesign aspects of end user convenience. With > > questions like, "Will I be able to watch YouTube Videos on Qubes", > > you're trying to reach practically everyone and yet Qubes is too > > away from that point. > > > > Thank you for the feedback. I will discuss this with the rest of the > Qubes team. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl2WiMsACgkQ203TvDlQ > MDBJdg//YVa3Mc6rJEjeMMiJrXKpIHO3dsS/XWWE06RfsX6oFYMvPiF5bX7VmTbL > chUgTOWotHbJ7D/z4Lj5Cdh2FJcSHAkt2c1REYGUWcxmCDfkl+RK8xPgvpxbtEQp > TjBiXNYO+MMgaToL6QleqGZaiuvBNWtXvRyWyf9O/gz5vgb3ZIpgCixemgVdchcu > VGpmm4osOx8PiOV+aFSyWatKIxRe4mOJi+EFhgNjWTrmS5EYrk22obbjIu6ES6BW > R1GeakB02mEHpG7ovLRj4RwR2igYkXD67R3PTEYQx5D3XAwCAJCGpHfeA0AIcQ3r > wbF6LV0KGu34/igg7pgMgcbb/HPSuHS52FwjehrT0HUMAzKuupYULOl3fIUtYrZN > tywMRSFq4es7HiyHIKL31WjxdClRFHqC69oWzaB1NG1RbBahg22FLzxKOVYpb5vk > eLkxTxsduYKakDTCZp7UijsTD52tJ+8odb4giLo5GJErXqnFoCHikwZvFdYaHN3g > gf4HfyxHNaZdnWNzHsk1nehoCwAo9aLZQfOw6CSILfMp3/tJRbu8jns2+QfM/ARB > b9PbIJ5bfhu/OO0a5yLUkdrqMydRFPNlYDfGxw3MuIrVr0yjYNkb2qyMfGqHQ+OV > U89hXweoKuJ9bcE9GYzwhmukoYEuSIZ5Exv0WKPCw+0QcHwBvQs= > =RUIx > -END PGP SIGNATURE- > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/8AKNnb5Z8-Q/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/7a2e62c8-dbaf-dd83-589c-385c75e19d09%40qubes-os.org > . > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOy3qD8EvE9_qbr42ePbG-oPXBrO8iDHE5PPDp4aa-khoGdV6w%40mail.gmail.com.
Thank you for your assistance! Re: [qubes-users] What gpg cat command works on Qubes 4.x?
I hate to clutter anybody's inbox, but unman deserves a thank you for this reply and for his many quite informed contributions to this group. People's lives depend on good internet security particularly in view of all the craziness going on in the world today so proprs to unman, Andred Davide, Joanna and everyone else who is collaborating on this project. On 8/19/19, unman wrote: > On Sun, Aug 18, 2019 at 12:30:10PM -0700, FenderBender wrote: >> I created a t-multimedia template and successfully installed spotify. >> However, I was unable to find a working gpg command to "cat" the >> spotify.pubkey. (The quebes webpage directs to a stackexchange discussion >> >> which advises a variety of commands, none of which seemed to work on my >> Qubes 4.x t-multimedia template.) >> > Debian-10: > gpg --show-keys spotify.pubkey > > Debian-9: > gpg --with-fingerprint spotify.pubkey > > In both cases, just 'gpg spotify.pubkey' will do > >> Nevertheless, the install proceded. My question is whether it is unsafe >> due >> to being unauthenticated, and also whether, by running "spotify" from the >> >> template terminal, rather than an AppVm, as root, I unecessarily and >> perhaps seriously compromised the integrity of the template. > > Yes it is unsafe. > If you use an unverified key in apt, then you trust the repository > without knowing who is putting files in there. > That's a recipe for disaster. > >> >> When I got to this command: Install Spotify apt-get install -y >> spotify-client >> >> >> it returned a warning to the effect that it >> >> 'failed to authenticate' >> >> So I ran it with "--overide authentication" which allowed me to complete >> the install. >> >> However, >> >> the terminal returned WARNING!THE FOLLOWING PACKAGES COULD NOT BE >> AUTHENTICATD: spotify-client >> >> This is probably caused becuase I was unable to successfully run any kind >> >> of gpg cat command on spotify.keyfile >> >> I plan to install chrome and opera in this or a similar template. >> >> Is this playing with fire or is this warning something that can be >> overlooked? > > Fire indeed. > Once you have checked the fingerprint of the key, (against a number of > different sources), use "apt-key add" to include it in the keys that apt > trusts. > Dont install packages that are not authenticated. > > unman > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/20190819160120.GB31837%40thirdeyesecurity.org. > -- This email is confidential to the recipient named in the original. If you receive and are not the named recipient *please delete and notify sender* thank you in advance for your adherence. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOy3qD_UTzxBvXUTueMPtCSo4W9favuMLd5Wgwqp8fj3CzAhWA%40mail.gmail.com.
[qubes-users] On new installs, is exotic procedure still needed to cure debian apt bug or can we simply update/apt-upgrade from deb template?
I need to re-install Qubes and last time I installed, maybe around Feb 2019, there was an advisory about an apt-bug which required a fix. Is that now taken care of automatically in the deb-9 template or is that procedure still required? This email is confidential to the recipient named in the original. If you receive and are not the named recipient *please delete and notify sender* thank you in advance for your adherence. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAOy3qD9T6LfWqRpmuGdAnWE%2Bjd44bsXBwqMm0tXtLqZqezq_KQ%40mail.gmail.com.
Re: [qubes-users] The VPN avalibel in Qubes
Phew! From the header ( "avalibel" ) I thought someone was being accused of defamation. BTW, a very easy way to have a VPN is to download the opera installer to your AppVMs, keep it there, and then just (re)install it on boot. A big advantage of this - I think - is that yo don't have to wipe your history and cookies as you have a freshly installed browser each boot-up. This is kind of cool because they keep coming up with persistent cookies and various junk they download onto our browsers. A "disposable" browser such as this creates should create another ring of security. Correct me if I'm wrong... This email is confidential to the recipient named in the original. If you receive and are not the named recipient *please delete and notify sender* thank you in advance for your adherence. -- Forwarded message - From: 799 Date: Sat, Aug 17, 2019 at 6:35 PM Subject: Re: [qubes-users] The VPN avalibel in Qubes To: Chris Laprise Cc: qubes-users Hello Chris, On Sat, 17 Aug 2019 at 04:35, 799 wrote: > Chris Laprise schrieb am Di., 13. Aug. 2019, 23:10: > >> (...) >> The easiest & most comprehensive/secure VPN config for Qubes is here: >> >> https://github.com/tasket/Qubes-vpn-support >> [...] >> > I thought about a way to simplify the installation of your VPN-Script & the deployment of a VPN-Proxy VPN even further. My Qubes-Installation & configuration is all done by scripts which I start from dom0, this allowas to rebuild my complete Qubes system without much work. I have written a scripted install, which is building a VPN-ProxyVM based on my own sys-template for sys-net / sys-usb / sys-firewall (which is itself based on a fedora-29-minimal template). All steps to build the vpn-proxy VPN including configuration for privateinternetaccess.com is done through the script. Only step has to be done manually: Adding vpn-handler-openvpn to the Qubes Setting / Services Tab. QUESTION: I know that this can also be done via dom0 CLI, but I am missing the right command. Can someone help? [799] PS: This is the script, which will build the VPN-ProxyVM. (Hint: I like to keep my templates small and therefor packages which I only need during setup will be installed in the AppVM (and be lost on reboot). In this case git/unzip/wget are only used to setup everything - they're not needed for running the ProxyVPN): start Template=t-fedora-29-sys AppVM=sys-vpn2 qvm-create --template=$Template --label=blue $AppVM qvm-prefs --set $AppVM provides_network True qvm-run --auto --pass-io --no-gui --user root $AppVM \ 'dnf install -y git wget unzip && \ mkdir -p /rw/config/vpn && \ cd /root && \ git clone https://github.com/tasket/Qubes-vpn-support.git && \ cd Qubes-vpn-support && \ bash ./install' qvm-run --auto --pass-io --no-gui --user root $AppVM \ 'cd /rw/config/vpn && \ wget https://www.privateinternetaccess.com/openvpn/openvpn-ip.zip && \ unzip openvpn-ip.zip && \ # Link to your favorite VPN-Entry Point here I'm using Switzerland && \ ln -s Switzerland.ovpn vpn-client.conf' qvm-shutdown --wait $AppVM # MANUAL step (at the moment): # Add "vpn-handler-openvpn" to the Settings > Services Tab qvm-start $AppVM end As mentioned above the AppVM is based on my own sys-template named t-fedora-29-minimal. If you want to rebuild, this is how you build this template from dom0. It can be used for sys-net / sys-firewall / sys-usb): start template=fedora-29-minimal systemplate=t-fedora-29-sys #remove old template qvm-kill $systemplate qvm-remove -f $systemplate #clone template qvm-clone $template $systemplate # update template qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf update -y' # install a missing package for fedora-29-minimal # without it, gui-apps will not start # not needed in the latest fedora-29-minimal template (after april 2019) qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf install -y e2fsprogs' # Install required packages for Sys-VMs # Hint: you might need to add your own wifi-firmware-drivers here instead of iwl6000g2a... qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd \ qubes-core-agent-networking polkit qubes-core-agent-network-manager \ notification-daemon qubes-core-agent-dom0-updates qubes-usb-proxy \ iwl6000g2a-firmware qubes-input-proxy-sender iproute iputils \ NetworkManager-openvpn NetworkManager-openvpn-gnome \ NetworkManager-wwan NetworkManager-wifi network-manager-applet' # Optional packages you might want to install in the sys-template: qvm-run --auto --user root --pass-io --no-gui $systemplate \ 'dnf -y install nano less pciutils xclip' # Set new template as template for sys-vms qvm-shutdown --all --wait --timeout 120 qvm-prefs --set sys-usb template $systemplate qvm-prefs --set sys-net template $systemplate qvm-prefs --set