[qubes-users] Re: Qubes not working on Thinkpad T480
I'm running Qubes 4.02-rc2 on a T480 right now. Works like a charm. Would love to help, but will need more detail about your install steps and failure mode. On Monday, September 23, 2019 at 10:17:08 AM UTC-7, evan.la...@gmail.com wrote: > > Hi all, > > I recently installed Qubes Release 4.0.2-rc1 on my Thinkpad 480 and the > system won't boot at all. I have had this issue with previous versions of > Qubes on this laptop as well. Does anybody know of a possible fix? > > Thanks > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/febe8c8f-236e-4a03-b893-dc43d7d30806%40googlegroups.com.
[qubes-users] History and future of secure virtualized environments
https://www.platformsecuritysummit.com/2018/speaker/pratt/ A bit off topic but one of the most informative 30 minutes I’ve spent in a while and thought I would share. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8927e6c-a38a-434a-a833-eb3e32f04d0b%40googlegroups.com.
[qubes-users] Argo vs current inter-domain secure communications methods
I’m curious what the Qubes dev community thinks of the Argo inter-domain comms introduced in 4.12. Is it worth considering as a replacement for the current methods used by Qubes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc701af3-5374-4540-a998-d35f432018ea%40googlegroups.com.
[qubes-users] Re: Aorus Devices
You may want to provide some details such as model name or at least chipset and what matters most to you in terms of what you want from Qubes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f36c3c2-72a3-4046-8dfb-9582cefd5222%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Aorus Devices
I’ve used Quebes with an Aorus Gaming 3, which is an X299 board. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cb6337b0-e653-43aa-b66c-44c4ea46b02b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
So if you have 4 or more USB controllers isolating one for its exclusive use for kb and mouse is safer than PS/2? If so that eliminates one of the two main reasons I had for buying a new mobo for Qubes. The other is that the new one has a hardware TPM and the one w/o PS/2 only has a firmware TPM, which isn’t recognized by Qubes or Ubuntu 18.10 On Wed, Apr 10, 2019 at 3:28 AM unman wrote: > On Wed, Apr 10, 2019 at 10:09:54AM +1000, haaber wrote: > > > On 4/10/19 9:50 AM, jrsmi...@gmail.com wrote: > > > > The PS/2 keyboard leaking to ground risk seems like it would only > > > > apply if an attacker had physical access. Is that right or is there a > > > > way it could be exploited remotely? > > > > > > > In principle that can be measured far away, with little hw cost Read > you > > > here > > > > > > > https://www.blackhat.com/presentations/bh-usa-09/BARISANI/BHUSA09-Barisani-Keystrokes-SLIDES.pdf > > > > > > > > > you also see that they use a 150 ohm resistance between refence ground > > > and the ground wire that the computer connects to. That may help as a > > > setup to measure at home. Distance? Scheier writes (in July 2009): > "The > > > attack has been demonstrated to work at a distance of up to 15m, but > > > refinement may mean it could work over much longer distances." > > > > > Sorry, I forgot to add: countermeasures could be: (1) a low-pass filter > > to remove frequencies > 200Hz and (2) white noise injection in the > > "cleaned" (by step 1) ground wire PS/2 frequency range 10-20 kHz. If you > > like to solder a bit ... maybe look at "Avalanche Breakdown Diodes" ? > > > > Or use a ground lifter or work off disconnected UPS as needed. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "qubes-users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/qubes-users/uNmSPbt-9L0/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/20190410102757.dbkavoizsjjt4mm5%40thirdeyesecurity.org > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAMCsksHJbOP88CWb9F3%3DjSsOG19rZ_CTDjtak9VGGCwSMZ%3DwNA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix Yes or No
Thanks for all you responses and thoughts. You have presented multiple thoughtfull easy ways to think about this in plain English while politely pointing out the flaws on the originally posed scenario. Although there were several no’s and I understand their choice, my answer is Yes. On Sun, Feb 17, 2019 at 4:24 PM Xaver wrote: > > > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Sunday, February 17, 2019 9:49 PM, wrote: > > > Reading through the post questioning the trustworthiness of Whonix, I > can't tell whether we can continue trusting/using Whonix or not. Can > someone (preferably in a position to speak for QubesOS), please state, in a > straightforward and unambiguous manner, spell this out for us? > > (Fedora, Xen, Qubes) According the OP of that thread, if any developer > from the aforementioned projects lived in Australia, or any other country > that could force a person to backdoor software would effectively destroy > the credibility/trustworthiness of Qubes. > > (Debian, Tor, Mozilla) According the OP of that thread, if any developer > from the aforementioned projects lived in Australia, or any other country > that could force a person to backdoor software would effectively destroy > the credibility/trustworthiness of Whonix / Tails. > > ... > > Should I keep going or do you get the point? To be straight, Nothing has > changed except for the realization that you maybe never trusted the project > in the first place. What if it was a Qubes that was singled out from > countless other projects? Or TAILS or Tor or Debian or Fedora or even Linus > Torvalds? Is your "trust" so easily swayed? > > > > > > -- > > > > You received this message because you are subscribed to the Google > Groups "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to qubes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to qubes-users@googlegroups.com. > > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/2f35c1b7-bcdf-40f7-963d-3d29e2692b2a%40googlegroups.com > . > > For more options, visit https://groups.google.com/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAMCsksGivZ208G6LBtnTzjNevYJoqYjjFoprE-fb41i57yfxAQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Split gpg is just too cool.
BTW, there is an excellent split config in Qubes for OTP that leverages the standard Linux oathtool, which does exactly the same thing as Google Authenticator, Lastpass Authenticator, etc. They all implement TOTP and generate the same keys given the same starting key and an accurate clock. https://www.qubes-os.org/doc/multifactor-authentication/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/abc174e9-69da-439d-9de9-fe4cfa05655e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Split gpg is just too cool.
On Wednesday, January 2, 2019 at 11:54:57 AM UTC-8, John S.Recdep wrote: > On 12/26/18 4:49 AM, > brendan.hoar-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > > On Tuesday, December 25, 2018 at 9:56:40 PM UTC-5, John Smiley wrote: > >> U2F Proxy is not so cool. So far no joy getting it to work. Someone on > >> reddit > >> had similar issues and questions and resolved by installing USB keyboard > >> support. That’s not mentioned in the Qubes docs and I hope we don’t have to > >> resort to that. > > > > I haven't yet tried the U2F proxy, it is on my todo list. > > > > I'm also not quite so happy about the complexity of getting a security > > focused device (yubikey) working with a security focused OS (QubesOS). > > > > I believe I understand the nature of the yubikey problem, though: Qubes is > > engineered to protect you from untrusted peripherals...and this somewhat > > conflicts with the design of yubikeys on multiple fronts: we want to use > > yubikeys across multiple VMs (using devices across VMs increases risk); > > yubikeys are composite USB devices, which means they often have multiple > > endpoints for different functions (HID keyboard plus, CCID > > smartcard/javacard, U2F) which makes securely proxying them more complex; > > and for those who have serious safety risks, a fake yubikey could destroy > > one's opsec in multiple ways...even a real one could if you are not careful > > with your usage. > > > > In my case, I have decided to somewhat compromise QubesOS security a bit > > and disable the USB/HID keyboard protections in Qubes dom0 for now so that > > I could log into LastPass with my yubikey OTP in a couple of my VMs without > > too much fiddling. I have kept notes on the changes and how to reverse them. > > > > So, as I said above, I haven't addressed the U2F compatibility on my > > current R4 build (but neither do I have a multipmedia VM set up with Chrome > > yet :) ). So, I use my backup method of yubico authenticator on another > > device and type in six-digit TOTP codes instead of using the U2F > > functionality. > > > > Anyway, I suggest keeping a running log of modifications/configurations > > (both TODO and done) somewhere easily accessible across devices (I use a > > google doc) to speed future configurations/rebuilds. I don't keep anything > > that needs to be secure there, just notes, simple scripts, etc. > > > >> If that were a requirement, surely the docs would have > >> mentioned it. > > > > Haha. Er, I mean, that *should* be the case... :) > > > > Brendan > > > > I'd like to see your "notes" on the yubikey and lastpass, as I long ago > gave up on using my Yubikey in OTP mode, despite many trials > > I have the U2F proxy working it seems but just use it for 2FA for gmail > and such , lastpass I'm stuck using the Authenticator on a Mobile phone > . because I can't use the OTP > > my qubes system has a USB -> PS/2 converter, I might run qubes on > another computer but it has no PS/2 port and I fear botching the > sys-usb and getting locked out of the install again . so I don't try If I need to use the YubiKey for OTP, I attach it directly to the qube that needs it and then disconnect it once I no longer need it. For LastPass, I have a Qube just for that which uses a browser that I have marked as trusted, so I only need the YubiKey every 30 days. Not the best solution, but that's where all of my personal keys are. For anon stuff, I have different accounts and use KeepassX on a clone of Vault which is much more secure. I also use different sets of YubiKeys for anon than I do for personal. Those sites that allow for U2F I configure to use the proxy. Those that don't I use the vault. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe8c891b-90bd-4695-995a-6604260ca188%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
On Sunday, December 30, 2018 at 1:07:32 AM UTC-8, John Mitchell wrote: > On Sunday, December 30, 2018 at 9:34:58 AM UTC+1, John Smiley wrote: > > No. I knew exactly what you were talking about. That’s okay. You just keep > > on with your mind in neutral. I won’t waste time n a closed mind. > > John, > > You never commented on the videos that show gaming working in a VM so I am > not sure who has the closed mind? > > Anyway, no problems, we can agree we disagree and part friends. > > Blessings, > > John I don't need a core sample of the moon to know that it isn't made of green cheese. Doesn't matter what the videos showed. There are lots of videos that "prove" and impossible claim. If you want to believe that, it's completely up to you. VMs have longer code paths than native. That alone would cause a perf hit. Then there is the noisy neighbor problem and the fact that dom0 has to cycle steal. Anyone with a lick of common sense would see the impossibility of such a claim. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/14329dde-b037-4b13-981b-11a5c6bdfe9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
No. I knew exactly what you were talking about. That’s okay. You just keep on with your mind in neutral. I won’t waste time n a closed mind. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8541bcef-1c72-40b1-9796-d0e74770ab61%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] is dom0 based on Fedora 25?
Btw, my next hardware purchase was specifically to run Linux with minimal fuss (Linux will run on just about anything if you invest the time to learn and iterate on fussing with it). I didn’t want to do that (been there, done that, too damned old to waste time) I wanted something that was as powerful as I could find that also would run Ubuntu or some othe popular distro straight out of the box. I started with a System76 Orynx Pro with almost maxed out hardware, taking a slight perf hit by avoiding the top of the line CPU which had vPro, 1070, 15” 4K, 32GB, etc. I loved it at first. It was perfect except for one crucial thing. It would only run on the battery for an hour. I sent it back. Next I bought a Dell XPS 15 9575, their latest version, with maxed out hardware. Dell doesn’t offer that line with Ubuntu preinstalled, but the XPS 13 does and I figured the big brother would be just as easy. No. It’s very different. After futzing with it for a week I returned it as well. I researched far and wide and decided to drop down a level and not aim for the very latest hardware. I ended up with a Thinkpad T480 with i7 quad core, Intel graphics, 2k display, 32GB memory, etc. And it was in sale for 70% off. Done. I love that little guy. It runs everything with nary a compant. I tried Ubuntu, Fedora, Pop!, Debian, and Manjaro. They all installed and ran without me having to do anything special. I was about to settle on Ubuntu even though they made some choices I didn’t like, but for a no fuss system, it’s hard to beat Ubuntu. Then i discovered Qubes. The rest is history. Futzing became my new way of life but I felt I was spending that time fruitfully. So far am happy with the choice. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c56c816e-a2e3-4675-b776-6e35effcf3c0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] is dom0 based on Fedora 25?
I can’t think of anything that one would want to run in dom0 that needs Nvidia. In general, the only software that should be run from dom0 is to manage the system. If you find yourself typing something on a dom0 window that isn’t straight out of the Qubes docs. Stop and think and be sure that what you are about to do could not open an attack vector. Not probably won’t not I doubt it. Could not. This assumes you are using Qubes to provide the most secure environment you reasonably can. If you don’t care about that and just want to play with stuff, go for it. One might question the choice of Qubes to play with if that were the case... You can learn about how Linux handles drivers in general and Nvidia proprietary drivers for you Nvidia GPU in particular, by installing your favorite Linux distro and start Googling. There is a lot of material out there. I know because I read a lot of it due to dumbass problems I encountered running Linux with an Nvidia driver on a dual monitor setup. I found that Pop! OS 18.10 comes with the best GeForce support out of the box if you install their Nvidia native version. Unless you need CUDA and have a Quadro, not a gaming GPU like the GeForce or RTX line, there are few good reasons to run Linux on Nvidia. Best support is Intel embedded GPU for typical Linux use cases. My Intel Core i7 7820X doesn’t have a built in GPU and that box was built for gaming before I thought to run Linux on it, so I payed the price of wasting time getting it to work reasonably well. If I were choosing hardware for Linux, Ndidia would be the first thing to be removed from consideration (unless I was mining cryptocurrency and then I would have Quadro on the list) On Fri, Dec 28, 2018 at 8:47 AM seshu wrote: > On Thursday, December 27, 2018 at 7:15:36 PM UTC-7, John Smiley wrote: > > I have a 1080 Ti in one of my Qubes boxes and haven't had any trouble > with the out-of-the-box install with 4.0.1-rc2. This box is dual boot to > Win10 when I want to play games (it was a gaming rig before it was a Qubes > box). May I ask what you need to do that requires the Nividia driver? > > It's not that I have a specific need. As you mention, the default nouveau > driver is working fine. I'm not a gamer etc. I have noticed that when i'm > watching a streaming movie and i'm scrolling in another window it does > affect the movie that is being streamed. > > So, I'm simply trying to learn more about how drivers work, how they are > installed or handled on linux systems, etc. In the future, I may want to > have a desktop or laptop system that uses the workstation graphics cards, > as some of the work I do could benefit from that. And those cards are more > effective with proper drivers, etc. So, I'm just using this time of testing > and getting to know the release candidate qubes. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/acc21710-c847-4154-aff3-583ccc5b774e%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAMCsksGm5UZCdxoCwaN%2Bkf5vAO_2TE_YiL6iDrvPgK0UP9Ku9w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
Sorry, you are woefully misinformed. I have been on the design teams for two well known clouds. You can disprove your assertion with a simple test. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d15ce8ed-e5ec-49e3-81d6-b6b4a2847e00%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Split gpg is just too cool.
"Starting testing with the Qubes 4 advanced features next." Created a "twitter" qube that has exclusive access to the Yubikey key registered with my Twitter account. That key cannot be accessed from any other qube, just as described in the u2f proxy doc. Nice! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4707a1fe-3154-4a89-b842-016080fa61be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How risky is GPU pass-through?
On Tuesday, December 25, 2018 at 1:02:05 PM UTC-8, qubenix wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Zrubi: > > On 12/23/18 9:34 PM, Demi M. Obenour wrote: > >> Someone I know is interested in using QubesOS. However, they > >> are also a gamer: if they could not have a Windows VM with access > >> to a dedicated graphics card for use by games, then QubesOS is > >> not an option for them. > > > > Short answer: Qubes OS is not an option for them. > > > > Why do you say that? If you search this list there are people that > successfully game on Win vm with gpu passthrough. While it is certainly possible to play games with modest hardware requirements under a virt and still have acceptable performance, games with high hardware requirements running at high frame rates, at high resolutions, and maxed out display settings are going to run much more slowly under a virt than they will on Win10 running natively on the same hardware. Most people who spend the kind of money needed to buy such a system will not be satisfied with the performance provided by a virtual machine. If the reasons for this are not obvious to you, take it as an opportunity to learn about how virtualization works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d8667a5b-b27e-411f-beef-e82de555a572%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
If your friend is just poking around with Qubes and doesn't have anything on the gaming box that needs protecting, I say go with dual boot. That's what I did. Running games from within a Xen VM is going to suck performance-wise compared to running naively from Win10. If he *does* have things that need real protection, he should move them off of the Win10 box immediately. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/804cd3f2-e85f-4fa8-ac4a-fbfeb3f24d33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: VLAN / Firewll config on router or just use sys-firewall
On Wednesday, December 26, 2018 at 2:20:15 AM UTC-8, unman wrote: > On Wed, Dec 26, 2018 at 12:55:23AM -0800, John Smiley wrote: > > On Wednesday, December 26, 2018 at 12:52:28 AM UTC-8, John Smiley wrote: > > > Does it make sense to configure a VLAN and associated firewall rules in > > > an external firewall like pfsense or can the same thing be accomplished > > > with Qubes firewall rules? > > > > For the purposes of isolating Qubes traffic on your home network... > > > > You dont say *how* you want to isolate Qubes traffic, and I can envisage > a number of different scenarios that wood fit that description. > You can certainly use Qubes firewall rules to restrict some qubes to > certain IP addresses, or ranges. The simplest way would be to put another > fw in place and have localnet deny rules for that fw: then allocate > qubes per fw. > If that doesnt fit your scenario, some more detail? Got on IRC chat with some Whonix folks and got the answers I needed for this. To clarify, I wanted to know if there is any benefit to configuring pfsense (or any firewall/router) so that each Qubes box is on its own VLAN. The answer I got was yes. One such benefit would be to make it more difficult for an attacker to jump from my son's Win10 box, which has god knows what installed on it, to my Qubes systems. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf7bc058-7519-4bf5-b8ba-6c591a56fa0f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Split gpg is just too cool.
On Thursday, December 27, 2018 at 6:28:48 PM UTC-8, John Smiley wrote: > WRT the U2F Proxy: I've got a desktop and a laptop running 4.0.1-rc2 that > I've been trying out the U2F proxy with. I have a lengthy issue open on this > documenting the problems I encountered, how I resolved them, and some changes > I think needed to make the docs clearer. I will probably end up making the > changes myself. Going through the docs on how to maintain the docs tonight. > > There are still some rough edges and unanswered questions about the proxy, > but the basics are usable in both Firefox and Google Chrome Browser. > > Starting testing with the Qubes 4 advanced features next. I hope to end up > with a system with a separate Qube for each use case (banking, email, GitHub, > online shopping, Google, social media, etc.) where each of them has access > only to the keys they need for the services they use. Still not sure if a > single Qube is limited to a single key or if it can be configured to have > access to multiple keys so that related accounts can be grouped in the same > Qube. Will know soon enough. Here's the link to the issue https://github.com/QubesOS/qubes-issues/issues/4661 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f140097b-f413-42d8-96c5-137891b7b590%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Split gpg is just too cool.
WRT the U2F Proxy: I've got a desktop and a laptop running 4.0.1-rc2 that I've been trying out the U2F proxy with. I have a lengthy issue open on this documenting the problems I encountered, how I resolved them, and some changes I think needed to make the docs clearer. I will probably end up making the changes myself. Going through the docs on how to maintain the docs tonight. There are still some rough edges and unanswered questions about the proxy, but the basics are usable in both Firefox and Google Chrome Browser. Starting testing with the Qubes 4 advanced features next. I hope to end up with a system with a separate Qube for each use case (banking, email, GitHub, online shopping, Google, social media, etc.) where each of them has access only to the keys they need for the services they use. Still not sure if a single Qube is limited to a single key or if it can be configured to have access to multiple keys so that related accounts can be grouped in the same Qube. Will know soon enough. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/354fec37-61e1-40ae-a10f-dfb23d556677%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] is dom0 based on Fedora 25?
I have a 1080 Ti in one of my Qubes boxes and haven't had any trouble with the out-of-the-box install with 4.0.1-rc2. This box is dual boot to Win10 when I want to play games (it was a gaming rig before it was a Qubes box). May I ask what you need to do that requires the Nividia driver? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b693225d-1cc2-4b64-acbb-4bf8b0c73c43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] is dom0 based on Fedora 25?
On Thursday, December 27, 2018 at 4:23:08 PM UTC-8, seshu wrote: > On Thursday, December 27, 2018 at 3:40:06 PM UTC-7, Chris Laprise wrote: > > On 12/27/2018 05:12 PM, seshu wrote: > > > When I do updates of dom0 I notice it is downloading Fedora 25? > > > > > > I ask because I'm trying to figure out how to compile a NVIDIA driver for > > > my system and wondering what source files I would need. > > > > > > Also, I notice that RPMFusion is no longer keeping the source files to > > > compile the nvidia driver. Anyone know where I can get these files? > > > > > > Thanks! > > > > > > > Yes, its fedora 25. > > > > A simpler route is to use integrated Intel/AMD graphics which are better > > supported. It won't make a difference as far as speed goes. > > > > -- > > > > Chris Laprise, tas...@posteo.net > > https://github.com/tasket > > https://twitter.com/ttaskett > > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > Thanks. > > I do understand the integrated graphics might be preferable. It's just that I > already have the geforce 1070 card on my desktop system. It turns out the > nouveau drivers work fine out of the box. my 4.0.1rc2 is running fine. As > I've been learning alot over the last month about qubes, linux, security, > hardware, etc. I wanted to see if I could make the nvidia driver work. If it > doesn't that's ok, because the nouveau driver is fine. Since I've already > paid for the 1070 card, I thought I would see what it takes to make it work > with the proprietary driver. I have a 1080 Ti in one of my Qubes boxes and haven't had any trouble with the out-of-the-box install. This box is dual boot to Win10 when I want to play games (it was a gaming rig before it was a Qubes box). May I ask what you need to do that requires the Nividia driver? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8302d05b-ba2e-41e5-bc40-16379e2d27fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Still a little fuzzy on how a qube uses the default dispvm setting
I re-read all of the docs on this topic and I think this setting determines which dvm is used when the qube asks to open a document or run a program in a dvm unless it specifies a specific dvm. So the dvm given by this pref would by used by the Qube's File application when you select a file and choose edit or view in DisposableVM from the menu. It would also be used when opening a file via the qube's command line with qvm-open-in-dvm or running a program with qvm-run. Is this correct? Did I leave anything out? Are there any restrictions on which dvms can be used from a given domain? For example, is it valid to have a fedora-28-dvm as the default dispvm for a fedora-29 domain? Not that you would typically need to do that, but is there any reason it would not work assuming the fedora-28-dvm had the necessary software installed? What led me to this question was cloning the provided fedora-29 templateVM to fedora-29-test-1, installing google-chrome-stable in the clone, and creating a new qube vm from the new template. The new qube still uses the original fedora-29-dvm domain for its default dispvm. It seems to work fine for viewing and editing documents in a dvm. both from the command line with qvm-open-in dvm and from Nautilus, but abends with "Service call error: Request refused" (ex: qvm-run --dispvm fedora-29-dvm terminal) or does nothing when I attempt to use qvm-run. Do I need to create a new dvm from a domain based on the new fedora-29-test-1 template and assign that to qubes as their default dispvm for qubes based on the same template? What is SOP wrt dvms when you create a new template and qubes based on that template? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/deea16d7-b42b-470b-84a0-161de1a01f0d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Split gpg is just too cool.
On Wednesday, December 26, 2018 at 6:49:47 AM UTC-8, Brendan Hoar wrote: > On Tuesday, December 25, 2018 at 9:56:40 PM UTC-5, John Smiley wrote: > > U2F Proxy is not so cool. So far no joy getting it to work. Someone on > > reddit > > had similar issues and questions and resolved by installing USB keyboard > > support. That’s not mentioned in the Qubes docs and I hope we don’t have to > > resort to that. > > I haven't yet tried the U2F proxy, it is on my todo list. > > I'm also not quite so happy about the complexity of getting a security > focused device (yubikey) working with a security focused OS (QubesOS). > > I believe I understand the nature of the yubikey problem, though: Qubes is > engineered to protect you from untrusted peripherals...and this somewhat > conflicts with the design of yubikeys on multiple fronts: we want to use > yubikeys across multiple VMs (using devices across VMs increases risk); > yubikeys are composite USB devices, which means they often have multiple > endpoints for different functions (HID keyboard plus, CCID > smartcard/javacard, U2F) which makes securely proxying them more complex; and > for those who have serious safety risks, a fake yubikey could destroy one's > opsec in multiple ways...even a real one could if you are not careful with > your usage. > > In my case, I have decided to somewhat compromise QubesOS security a bit and > disable the USB/HID keyboard protections in Qubes dom0 for now so that I > could log into LastPass with my yubikey OTP in a couple of my VMs without too > much fiddling. I have kept notes on the changes and how to reverse them. > > So, as I said above, I haven't addressed the U2F compatibility on my current > R4 build (but neither do I have a multipmedia VM set up with Chrome yet :) ). > So, I use my backup method of yubico authenticator on another device and type > in six-digit TOTP codes instead of using the U2F functionality. > > Anyway, I suggest keeping a running log of modifications/configurations (both > TODO and done) somewhere easily accessible across devices (I use a google > doc) to speed future configurations/rebuilds. I don't keep anything that > needs to be secure there, just notes, simple scripts, etc. > > > If that were a requirement, surely the docs would have > > mentioned it. > > Haha. Er, I mean, that *should* be the case... :) > > Brendan Complex? Yes. Separating the USB stack from the browsers and being able to lock down which browsers can access which keys (ex: banking Qube, shopping Qube, Gmail Qube, etc.) Brilliant and worth the complexity. Just need to get it working now... Docs are leaving something out. I will either update the doc for file an issue once I figure it out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38eed1e8-1a55-4fda-af52-659bf9ed17fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Hit a bug in 4.0.1-rc2 I haven't been able to reproduce (yet)
On Wednesday, December 26, 2018 at 6:56:41 AM UTC-8, Brendan Hoar wrote: > On Monday, December 24, 2018 at 5:19:57 PM UTC-5, John Smiley wrote: > > Posting here in case anyone else has seen this: > > > > I started a fedora-29-dvm instance to test keepass > ... > > When I was finished, I terminated the parent dvm expecting that the child > > and grandchild would be removed along with it. Instead I was left with two > > windows (the keepass window and the Firefox window) that would not close. > > The dvm instance was gone, but two dead windows were left behind. > > > > I was writing up the qubes-issues bug report when I found that repeating > > the steps I just described worked as you would expect (all children of the > > parent dvm were removed when the parent was terminated). > > > > I ended up having to reboot the host to get rid of the dead windows. > > > > Anyone else run into anything like this? > > I ran into the same bug Monday, but...I think it was a fedora-26 DVM? > > I have a screenshot with the dead window and xltop showing that the > particular VM in the window title was not running. I'm running R4 (installed > from 4.0 release image), fully updated through -testing repository on dom0 > and all templates. > > Did you open an issue in qubes-issues? If so, let me know the ID and I'll > contribute to the thread there with a screen shot, at least. > > Thanks, > Brendan I have not created an issue in qubes-issues since I don't have a repro case. Without that, there's nothing much the devs can do to fix it. If I do find a repro case, I'll open an issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/157b3d33-bd71-4151-8f57-9caf9aadd892%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installing Chrome
On Thursday, September 29, 2016 at 6:09:43 PM UTC-7, Ted Brenner wrote: > There are two programs I'd like to install to make Qubes more usable. First, > I'd like to install Chrome. Second, I'd like to install Flash (though maybe I > won't need that if I'm using Chrome?). I've searched and searched and I know > that I just need to authorize the repository in my firewall. But I'm not sure > how to do that. Is there instructions for how to install Chrome? Specifics > with how to allow the repository in your firewall? I assume something similar > would need to be done for Flash? > > > Thanks in advance! > > Ted > > > > > -- > > Sent from my Desktop Update: Don't know if this has always been true, but in 4.0.1-rc2 fedora-29, following these instructions to the letter will install the unstable version of Google Chrome browser. To get the stable version, simply append "-stable" to the command: sudo dnf install google-chrome-stable I didn't do this the first time and had to remove the unstable version and then install stable. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c6f31c3-55ad-4836-bad9-319a619ae099%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: VLAN / Firewll config on router or just use sys-firewall
On Wednesday, December 26, 2018 at 12:52:28 AM UTC-8, John Smiley wrote: > Does it make sense to configure a VLAN and associated firewall rules in an > external firewall like pfsense or can the same thing be accomplished with > Qubes firewall rules? For the purposes of isolating Qubes traffic on your home network... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24c87e3d-3b12-40cb-8cbd-a1687131317a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VLAN / Firewll config on router or just use sys-firewall
Does it make sense to configure a VLAN and associated firewall rules in an external firewall like pfsense or can the same thing be accomplished with Qubes firewall rules? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8227d3f1-33de-460c-82b0-e266f914f898%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 4.0rc2 is not the same as 4.0.1-rc2.
I see several posts citing 4.0rc2 when it is clear from context that they are talking about 4.0.1-rc2. They are completely different releases. Take care to cite the correct release in your posts. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e5aa214-d164-4ebe-aee6-ab7c80331898%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Split gpg is just too cool.
U2F Proxy is not so cool. So far no joy getting it to work. Someone on reddit had similar issues and questions and resolved by installing USB keyboard support. That’s not mentioned in the Qubes docs and I hope we don’t have to resort to that. If that were a requirement, surely the docs would have mentioned it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae2f8918-4485-4a94-b812-17d3ecdae544%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Newb Help with Installation
I install from USB3 stick all the time and it’s fast. Even if it is dropping back to 2.0, it should not be as slow as you describe. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8357b8f1-4d4b-405c-9074-e5d2cb24892a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Newb Help with Installation
I would be more concerned about security than drivers. I connected a Caldigit Plus TB3 hub to my Qubes laptop and it worked fine, but now I had a new threat vector since TB has direct access to the PCI bus. As someone else here noted, there may be a time when they vector is secure, but not yet. I promptly removed the TB3 dock after that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/026a0361-b0e9-461e-9aa0-f644cd858067%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hit a bug in 4.0.1-rc2 I haven't been able to reproduce (yet)
Posting here in case anyone else has seen this: I started a fedora-29-dvm instance to test keepass (as opposed to the outdated keepassx that comes installed with the fedora-29 template), installed it, launched it from xterm, and poked at it for a bit. Part of the poking included clicking the link to their site in the Help menu and then I opened some new tabs from there, so I had the parent dvm running xterm, a GUI keepass (v2) child, and a Firefox grandchild. When I was finished, I terminated the parent dvm expecting that the child and grandchild would be removed along with it. Instead I was left with two windows (the keepass window and the Firefox window) that would not close. The dvm instance was gone, but two dead windows were left behind. I was writing up the qubes-issues bug report when I found that repeating the steps I just described worked as you would expect (all children of the parent dvm were removed when the parent was terminated). I ended up having to reboot the host to get rid of the dead windows. Anyone else run into anything like this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11bf0c14-07b7-4e6e-a63a-b315c2ecdd66%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo T480
On Sunday, December 23, 2018 at 3:47:57 PM UTC-8, Laszlo Zrubecz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi, > > Just installed the 4.0.1-rc > > hit by the UEFI issues described here: > https://www.qubes-os.org/doc/uefi-troubleshooting/ > > Use the workarounds, or Disable Secure Boot. > Moreover: probably more better to go with the Legacy mode only - to > skip the troubles. > > > Affected by the suspend bugs: > #3689 > #3705 > > Sou you need to enable Thunderbolt BIOS Assist and/or disable the > whole Thunderbolt support in general. > > - - TPM 2.0 not recognized, > - - Fingerprint reader is a Windows only junk -> Disable it. > > > And now I can feel the hi-DPI pain, as it has a FHD panel in 14" size. > So everything is tiny now. > > > DPI scaling helps in dom0, but every AppVM should need to use that > settings... > > > - -- > Zrubi > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlwgHqAACgkQVjGlenYH > FQ2Szg//X+M49jix1zg9G8MB7Jud/12g7e84UA2VqLP002dzGDaMw2O8mJg/7XhW > vRkt4weVtn31zPgV8Z//3xyFFNmPjo7mk+NJ82xl/t+mHXNRjdBRHJmFtCnVnVot > eL5Jx+3ZHoHr6LXYNYP74y2n7Z9vv9d1F6P9ZdUiOAHOJGDqrY2u17oa/DRil+fP > GHaRbRYCMMOGQMSs52GyF8n7ogmTgZcGoWql80s/t7HjkJ3nHOsGmEEL8HAb03J1 > OvIi6pzipqfEAIWKCISkQrLVMHWpnyypdp600SRuuhlw0pxSh1a+JYTQxpLaR3ds > Pkd6P6XyydkXP0c4b8hS3KenZeX0ODnMI+N1HyODnBdQJ9CdLXrEy7PYv3/zdXNT > s9TepZEdfplTX0zCRD8u7WDZj+tEhsTTjNquWRCM4/o1owS3xcuwyU2QIubYiZOd > HPKchjqJBeBvqIDtC2jh8ukdpgKwaqWngPCL8XeKWg0YbEQiNHXaKkER1RE9Iuwq > WbmvdCRoZs9Au0JCYZcWeMEVgRp9qYguNeyw3jpXvW4OZzaAAdTvQiCmsU6SFJ3k > 4cnIel0gIJ3mbMQ6quDYDcthJy2wge7YYYyg4v1mGBRzajwoL49FLunDNVwF/Doa > XYii6A9rDmzbZ9LR13AGPaYI3lh5mAoR5sOWaKtjxTnkCV4B3Oo= > =hTrQ > -END PGP SIGNATURE- I've got the T480 as well and have had a generally pain-free experience with 4.0.1-rc2 so far. I mentioned it in a previous post (Color Me Impressed) and even went so far as to connect a TB3 Hub and move all of the wires (Ethernet, external monitor, and power) to it. I really only did it to see what would happen. Given the security issues presented by TB3, I stopped using it and just connect everything directly to the laptop. Small print on the screen is easily solved by an external monitor. Good to see someone else is using the same hardware I am. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82412390-8618-4d3d-8e64-b4746be8c328%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Newb Help with Installation
On Sunday, December 23, 2018 at 10:06:26 PM UTC-8, will.w77 wrote: > Hello, > > > > So I'm attempting to install qubes to a usb stick. I've copied the iso onto > the usb by using the dd command specified in the user documentation in ubuntu > virtualbox (host os windows 10). I'm wondering if the fact I used a virtual > machine to copy the iso versus a native linux os makes any difference? I > attempted to boot into the bios on my lenova t430 and nothing happens when I > go to boot. The boot menu comes up I select the usb and hit enter and the > screen simply refreshes with the boot menu again. Again I've used linux > before and can run basic command line but am a novice compared to most in > this group I'm sure. Any ideas? Thanks Copying ISO images to USB sticks with dd in a virt can certainly be done, but there are things that could have gone awry. If the reason you're using a virt is to get an isolated environment, there are any number of live Linux distros that you can boot into and then create your Qubes Boot USB. Of course, you'll still have to create a USB from an ISO to make the live Linux USB. :) Are you sure you ran sync after dd and let it finish? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77c851a3-d35e-450a-bb5b-49bb9880f126%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Well color me impressed (4.0.1-rc2 install on laptop and desktop)
On Friday, December 21, 2018 at 3:39:25 PM UTC-8, unman wrote: > On Thu, Dec 20, 2018 at 09:20:11PM -0800, John Smiley wrote: > > On Thursday, December 20, 2018 at 9:11:34 PM UTC-8, John Smiley wrote: > > > I've been having head-banging issues with 4.0 and 4.0.1-rc1 ever since I > > > became a fledgling Qubes user a few weeks ago. I never did get Qubes > > > working well with Whonix 14 on the desktop. > > > > > > When 4.0.1-rc2 came out the other day, I made a new bootable USB stick > > > with it and replaced Ubuntu on my Thinkpad T480 with it. It booted and > > > installed without a hitch. Perfect first use impression (minus a point > > > for nagging about template updates that aren't there). > > > > > > Then I decided to do a reinstall (for the N thousanth time) on my > > > X299-based desktop. 4.0.1-rc2 fired right up. No problems whatsoever. > > > It works like I expected 4.0 and 4.0.1-rc1 to work. > > > > > > Then for the really impressive part. I have a Caldigit TS3 Plus that I > > > like to use to move all of the wire mess to it and have a single > > > Thunderbolt3 wire running from it to the T480. It provides lots of > > > things but I use it for power to my laptop (replacing the brick), > > > Ethernet, Displayport for a second monitor, and USB 3.1. After the > > > 4.0.1-rc2 install went so well, I decided to plug that bad boy in and > > > watch Qubes fall to the ground writhing in agony. > > > > > > My expectations were not met. 4.0.1-rc2 handled it like a champ. I had > > > to do some minor fiddling with the display settings to get the second > > > monitor working via DP and after a bit of hunting around, I discovered > > > that all I had to do to get Ethernet working was to add the new Ethernet > > > controller it saw to sys-net. Shutdown the Whonix GW and sys-firewall, > > > reboot sys-net, restart sys-firewall and the Whonix GW, plug in my > > > Ethernet cable and voila. It works! > > > > > > Now the first question that comes to mind is, how much security did I > > > throw out the window when I plugged that Thunderbolt 3 hub in? > > > > Oh and one more thing. Everything installed with default settings. No > > fiddling with kernelopts to get the Debian-9 template to boot on the X299 > > desktop by setting noxsave. > > > > Very pleased all the testing you did on rc1 paid off. ;-) > Now you need to do the same on rc2. Somewhat disappointed that you > haven't yet found a bug or two. "Somewhat disappointed that you haven't yet found a bug or two." Well, I did mention that the template update system was nagging about updates that don't exist. That's one! You could consider the manual fiddling required to get the devices on the Thunderbolt 3 hub working a bug (or two if you count per device), so that's two and maybe three. I'll have plenty of time to poke at it over the holiday week. I'm sure I'll find some more. I've got a lot of reading and setup to do to make this into a usable replacement for a regular use environment. Once I get through the hardening tips, password management and use of Yubikey for various things like LUKS, user authentication and setting up we-based 2FA are top of my list. Thank you again for your help and patience. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/529ed42b-995c-4826-ba47-845f94ffead6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Well color me impressed (4.0.1-rc2 install on laptop and desktop)
On Friday, December 21, 2018 at 3:39:25 PM UTC-8, unman wrote: > On Thu, Dec 20, 2018 at 09:20:11PM -0800, John Smiley wrote: > > On Thursday, December 20, 2018 at 9:11:34 PM UTC-8, John Smiley wrote: > > > I've been having head-banging issues with 4.0 and 4.0.1-rc1 ever since I > > > became a fledgling Qubes user a few weeks ago. I never did get Qubes > > > working well with Whonix 14 on the desktop. > > > > > > When 4.0.1-rc2 came out the other day, I made a new bootable USB stick > > > with it and replaced Ubuntu on my Thinkpad T480 with it. It booted and > > > installed without a hitch. Perfect first use impression (minus a point > > > for nagging about template updates that aren't there). > > > > > > Then I decided to do a reinstall (for the N thousanth time) on my > > > X299-based desktop. 4.0.1-rc2 fired right up. No problems whatsoever. > > > It works like I expected 4.0 and 4.0.1-rc1 to work. > > > > > > Then for the really impressive part. I have a Caldigit TS3 Plus that I > > > like to use to move all of the wire mess to it and have a single > > > Thunderbolt3 wire running from it to the T480. It provides lots of > > > things but I use it for power to my laptop (replacing the brick), > > > Ethernet, Displayport for a second monitor, and USB 3.1. After the > > > 4.0.1-rc2 install went so well, I decided to plug that bad boy in and > > > watch Qubes fall to the ground writhing in agony. > > > > > > My expectations were not met. 4.0.1-rc2 handled it like a champ. I had > > > to do some minor fiddling with the display settings to get the second > > > monitor working via DP and after a bit of hunting around, I discovered > > > that all I had to do to get Ethernet working was to add the new Ethernet > > > controller it saw to sys-net. Shutdown the Whonix GW and sys-firewall, > > > reboot sys-net, restart sys-firewall and the Whonix GW, plug in my > > > Ethernet cable and voila. It works! > > > > > > Now the first question that comes to mind is, how much security did I > > > throw out the window when I plugged that Thunderbolt 3 hub in? > > > > Oh and one more thing. Everything installed with default settings. No > > fiddling with kernelopts to get the Debian-9 template to boot on the X299 > > desktop by setting noxsave. > > > > Very pleased all the testing you did on rc1 paid off. ;-) > Now you need to do the same on rc2. Somewhat disappointed that you > haven't yet found a bug or two. Haven't had time to do much more than install it yet. At least it's up. The bugs I was hitting before were all related to installing / upgrading. A partial answer to my question about how much security is diminished when using Thunderbolt comes from the Whonix doc on hardware hardening. https://www.whonix.org/wiki/System_Hardening_Checklist#Anonymous_Blogging.2C_Posting.2C_Chat.2C_Email_and_File_Sharing "Disable or remove problematic devices like ExpressCard, PCMCIA, FireWire or Thunderbolt which may allow attackers with physical access to read RAM." -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df56dbe7-6b7b-483f-9d4d-d1653227d610%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Well color me impressed (4.0.1-rc2 install on laptop and desktop)
On Thursday, December 20, 2018 at 9:11:34 PM UTC-8, John Smiley wrote: > I've been having head-banging issues with 4.0 and 4.0.1-rc1 ever since I > became a fledgling Qubes user a few weeks ago. I never did get Qubes working > well with Whonix 14 on the desktop. > > When 4.0.1-rc2 came out the other day, I made a new bootable USB stick with > it and replaced Ubuntu on my Thinkpad T480 with it. It booted and installed > without a hitch. Perfect first use impression (minus a point for nagging > about template updates that aren't there). > > Then I decided to do a reinstall (for the N thousanth time) on my X299-based > desktop. 4.0.1-rc2 fired right up. No problems whatsoever. It works like I > expected 4.0 and 4.0.1-rc1 to work. > > Then for the really impressive part. I have a Caldigit TS3 Plus that I like > to use to move all of the wire mess to it and have a single Thunderbolt3 wire > running from it to the T480. It provides lots of things but I use it for > power to my laptop (replacing the brick), Ethernet, Displayport for a second > monitor, and USB 3.1. After the 4.0.1-rc2 install went so well, I decided to > plug that bad boy in and watch Qubes fall to the ground writhing in agony. > > My expectations were not met. 4.0.1-rc2 handled it like a champ. I had to > do some minor fiddling with the display settings to get the second monitor > working via DP and after a bit of hunting around, I discovered that all I had > to do to get Ethernet working was to add the new Ethernet controller it saw > to sys-net. Shutdown the Whonix GW and sys-firewall, reboot sys-net, restart > sys-firewall and the Whonix GW, plug in my Ethernet cable and voila. It > works! > > Now the first question that comes to mind is, how much security did I throw > out the window when I plugged that Thunderbolt 3 hub in? Oh and one more thing. Everything installed with default settings. No fiddling with kernelopts to get the Debian-9 template to boot on the X299 desktop by setting noxsave. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bb11bb26-4f07-4772-a1cf-6699a08a48ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Well color me impressed (4.0.1-rc2 install on laptop and desktop)
I've been having head-banging issues with 4.0 and 4.0.1-rc1 ever since I became a fledgling Qubes user a few weeks ago. I never did get Qubes working well with Whonix 14 on the desktop. When 4.0.1-rc2 came out the other day, I made a new bootable USB stick with it and replaced Ubuntu on my Thinkpad T480 with it. It booted and installed without a hitch. Perfect first use impression (minus a point for nagging about template updates that aren't there). Then I decided to do a reinstall (for the N thousanth time) on my X299-based desktop. 4.0.1-rc2 fired right up. No problems whatsoever. It works like I expected 4.0 and 4.0.1-rc1 to work. Then for the really impressive part. I have a Caldigit TS3 Plus that I like to use to move all of the wire mess to it and have a single Thunderbolt3 wire running from it to the T480. It provides lots of things but I use it for power to my laptop (replacing the brick), Ethernet, Displayport for a second monitor, and USB 3.1. After the 4.0.1-rc2 install went so well, I decided to plug that bad boy in and watch Qubes fall to the ground writhing in agony. My expectations were not met. 4.0.1-rc2 handled it like a champ. I had to do some minor fiddling with the display settings to get the second monitor working via DP and after a bit of hunting around, I discovered that all I had to do to get Ethernet working was to add the new Ethernet controller it saw to sys-net. Shutdown the Whonix GW and sys-firewall, reboot sys-net, restart sys-firewall and the Whonix GW, plug in my Ethernet cable and voila. It works! Now the first question that comes to mind is, how much security did I throw out the window when I plugged that Thunderbolt 3 hub in? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41c3b812-0e84-43d2-956c-208a263f7e0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Questions
If one were to invest in a new laptop today for Qubes use exclusively and price wasn't a major factor, which one(s) make the top of the list? Assume you want the best security possible and are willing to invest the time to learn and configure Qubes/Whonix to get it. Also assume you want something that will take advantage of features that are planned for near-term Qubes/Whonix release. Are there laptops that haven't hit the market yet that would be worth waiting for (i.e. better than any in the list from above)? Assume you want Anti-Evil-Maid and therefore need a TPM chip. Does that change which laptops are at the top of the list and why? Is it worth giving up the TPM chip if you aren't all that concerned about Evil Maid? Pretty much every laptop has them these days, so a follow up question to this one would be how the TPM is implemented (discrete, integrated, firmware, software)? Should the BIOS be set to use 1.2 or 2.0 for Qubes? More on the BIOS - should UEFI be turned off? Thunderbolt? Secure boot should be disabled, I know. What about power management? Anything else (ex: if the laptop is Intel, ME should be disabled, correct)? Do the keyboard and mouse/trackpad on a laptop use the USB interface? If so, what is the best way to address that (buy an external PS/2 keyboard and mouse)? If not, are the "safe" in the sense that only dom0 has control of them and no other qubes can snoop as would be the case for USB? Are there things that can be done with a home router/firewall (such as a dedicated pfSense box) that improve security when using Qubes/Whonix and if so, what would they be? Lot's of other questions, but this is is probably more than enough for one thread. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a48d730-00d1-4ae4-970c-46010c6361c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: VPN for Linux Dummies
On Monday, December 17, 2018 at 12:09:48 PM UTC-8, stefanne...@gmail.com wrote: > With Qubes 4.0 i got stuck with VPN (NordVPN) installation because i have > only basic knowledge of linux. > > I found a lot of info, but most relevant are these from the Qubes Github: > > https://github.com/tasket/Qubes-vpn-support > https://github.com/tasket/qubes-tunnel > https://github.com/tasket/qubes-doc/blob/tunnel/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-the-qubes-tunnel-service > > I was successful in setting up an appvm with vpn-handler-openvpn > I installed qubes-tunnel.git in fedora template > I copied the region relevant but general nordvpn config files from > https://nordvpn.com/de/ovpn/ to /rw/config/vpn ... > > But i got stuck, with a lot of questions on these different instructions. > What is the qubes-vpn-support folder? How to enter the login and passwort for > testing the connection to nordvpn? Is the vpn tunnel necessary? > > Do you have some hints? (I can`t answer tomorrow, but on wednesday.) > > Thx. Stefan I thought I'd replied to this already, but I don't see it here (maybe it was on Reddit). Anyway, the use of a VPN with Tor Browser is a source of debate whether or not you're better off security-wise. Whonix devotes an entire doc to the subject. The gist is you're probably better off without VPN when using Whonix unless you have a very specific need and know what you're doing. https://www.whonix.org/wiki/Tunnels/Introduction -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8775e838-cdb8-4ce8-8026-2b9a2fc10d12%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Going old school
Just ordered a (native - no USB conversion) Logitech PS/2 keyboard and mouse and a PS/2 splitter since I only have one PS/2 port. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/76acc2ca-7c60-4f88-a431-3832b8d51215%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Sunday, December 16, 2018 at 4:12:56 AM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 06:31:35PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > > > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley > > > > > > wrote: > > > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > > > 22...@tutamail.com wrote: > > > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > > > > > > > John, > > > > > > > > I'll take a shot at helping but would defer to Unman who has > > > > > > > > helped me out a lot, both directly and indirectly on this forum. > > > > > > > > > > > > > > > > Some notes: > > > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > > > Not an expert but have having been using Qubes as my primary > > > > > > > > for over a year. > > > > > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the > > > > > > > > default whonix template(v13 I think) to my system as the > > > > > > > > default whonix needs to be removed in order to upgrade to > > > > > > > > whonix-14. This option is chosen when loading Qubes for the > > > > > > > > first time. > > > > > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > > > > > template following these instructions: > > > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > > > > > All updates going forward are done thru > > > > > > > > sys-whonix-14-GW. > > > > > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox or > > > > > > > > the whole template...I don't just upgrade Firefox, I update the > > > > > > > > whole template i.e. I update the Debian template and the Fedora > > > > > > > > template and this updates Firefox in the template and the > > > > > > > > appvm's associated with the templates. Make sure you are aware > > > > > > > > of the template/appvm relationship...you don't update the > > > > > > > > appvm(e.g. sys-whonix), you update the template(whonix-gw) > > > > > > > > which is the source for the appvm(sys-whonix). > > > > > > > > > > > > > > > > Other best practices I follow: > > > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > > > *Whonix-gw template is a key template to update as all my > > > > > > > > updates are done thru this template/appvms > > > > > > > > * Get a VPN appvm setup as a priority > > > > > > > > * Clone your templates and experiment on the clones, this way > > > > > > > > you can resort back to your clean template WHEN you F%$# it up > > > > > > > > (Not IF...you will at some point mess one up) > > > > > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. > > > > > > > I've tried most of what you recommend, but not everything. I'll > > > > > > > re-install 4.0 and give your suggestions a try. > > > > > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. > > > > > > > I only tried 4.0.1-rc1 out of desperation. What I want is the > > > > > > > latest production 4.0 pla
Re: [qubes-users] PS/2 Combo keyboard / mouse port
On Sunday, December 16, 2018 at 4:11:14 AM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 10:13:49PM -0800, John Smiley wrote: > > Read some interesting things about USB on your site and now I want to > > change over from USB keyboard and mouse to PS/2. My mobo has a single port > > that combines both in what they (Gigabyte) describe as a PS/2 port. Can I > > just slap an adapter onto my existing keyboard and mouse (say a PS/2 port > > splitter and a couple of USB to PS/2 adapters) or do I need a keyboard and > > mouse that are natively PS/2? > > > I cant speak to this but I have used usb-Ps/2 adapters separately. Worth > trying with a splitter and see what happens. If USB is this bad, I shudder to think what horrors lurk within Thunderbolt. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f27f4201-028c-4e43-8956-011ba72600ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How many gigabytes of memory is required for G505s?
On Wednesday, December 5, 2018 at 3:19:42 PM UTC-8, 我 wrote: > Hello. > > When reading this list I thought G505s A10 is the best laptop for Qubes. > So I'd like to purchase it, but I am wondering how many memory to put in. > > Could you give me some advice? Memory is pretty cheap and it has a very high rate of return if you need/use it. If it were me I would max it out - either from the vendor or upgrade yourself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4ff74a6-7789-4b15-9bae-131a27be2fb6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] PS/2 Combo keyboard / mouse port
Read some interesting things about USB on your site and now I want to change over from USB keyboard and mouse to PS/2. My mobo has a single port that combines both in what they (Gigabyte) describe as a PS/2 port. Can I just slap an adapter onto my existing keyboard and mouse (say a PS/2 port splitter and a couple of USB to PS/2 adapters) or do I need a keyboard and mouse that are natively PS/2? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aaf42672-73f1-4328-b559-be6ca7eb218d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 6:24:49 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 06:18:43PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > > > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, > > > > > 22...@tutamail.com wrote: > > > > > > Some typos corrected and clarification added: > > > > > > > > > > > > > > > > > > John, > > > > > > I'll take a shot at helping but would defer to Unman who has helped > > > > > > me out a lot, both directly and indirectly on this forum. > > > > > > > > > > > > Some notes: > > > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > > > Not an expert but have having been using Qubes as my primary for > > > > > > over a year. > > > > > > > > > > > > I loaded 4.0, however during the setup I did not add the default > > > > > > whonix template(v13 I think) to my system as the default whonix > > > > > > needs to be removed in order to upgrade to whonix-14. This option > > > > > > is chosen when loading Qubes for the first time. > > > > > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > > > template following these instructions: > > > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > > > > > When you say upgrading Firefox are you just updating Firefox or the > > > > > > whole template...I don't just upgrade Firefox, I update the whole > > > > > > template i.e. I update the Debian template and the Fedora template > > > > > > and this updates Firefox in the template and the appvm's associated > > > > > > with the templates. Make sure you are aware of the template/appvm > > > > > > relationship...you don't update the appvm(e.g. sys-whonix), you > > > > > > update the template(whonix-gw) which is the source for the > > > > > > appvm(sys-whonix). > > > > > > > > > > > > Other best practices I follow: > > > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > > > *Whonix-gw template is a key template to update as all my updates > > > > > > are done thru this template/appvms > > > > > > * Get a VPN appvm setup as a priority > > > > > > * Clone your templates and experiment on the clones, this way you > > > > > > can resort back to your clean template WHEN you F%$# it up (Not > > > > > > IF...you will at some point mess one up) > > > > > > > > > > > > Good luck, hope this helps... > > > > > > > > > > Thank you @tutamail. This is more like what I was looking for. I've > > > > > tried most of what you recommend, but not everything. I'll > > > > > re-install 4.0 and give your suggestions a try. > > > > > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I > > > > > only tried 4.0.1-rc1 out of desperation. What I want is the latest > > > > > production 4.0 platform. Most operating systems have a simple > > > > > process by which you are informed of packages that are out of date > > > > > and are offered an opportunity to upgrade them to the most recent > > > > > version supported by the distributor. It would be great if Qubes had > > > > > something like that. Perhaps someday it will. In the meantime, there > > > > > ought to be a document that clearly explains how to go from a fresh > > > > > install to the most recent Qubes-supported version of every package > > > > > installed in each template and dom0. It would be even nicer if there > > > > > were a nightly/weekly build of the same packages used in a fresh > > > > > install, but all updated to the latest supported
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 4:59:59 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 03:42:29PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > > wrote: > > > > Some typos corrected and clarification added: > > > > > > > > > > > > John, > > > > I'll take a shot at helping but would defer to Unman who has helped me > > > > out a lot, both directly and indirectly on this forum. > > > > > > > > Some notes: > > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > > Not an expert but have having been using Qubes as my primary for over a > > > > year. > > > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > > template(v13 I think) to my system as the default whonix needs to be > > > > removed in order to upgrade to whonix-14. This option is chosen when > > > > loading Qubes for the first time. > > > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 > > > > template following these instructions: > > > > https://www.whonix.org/wiki/Qubes/Install > > > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > > > When you say upgrading Firefox are you just updating Firefox or the > > > > whole template...I don't just upgrade Firefox, I update the whole > > > > template i.e. I update the Debian template and the Fedora template and > > > > this updates Firefox in the template and the appvm's associated with > > > > the templates. Make sure you are aware of the template/appvm > > > > relationship...you don't update the appvm(e.g. sys-whonix), you update > > > > the template(whonix-gw) which is the source for the appvm(sys-whonix). > > > > > > > > Other best practices I follow: > > > > *Fresh templates seems to be the advice(vs upgrading) > > > > *Whonix-gw template is a key template to update as all my updates are > > > > done thru this template/appvms > > > > * Get a VPN appvm setup as a priority > > > > * Clone your templates and experiment on the clones, this way you can > > > > resort back to your clean template WHEN you F%$# it up (Not IF...you > > > > will at some point mess one up) > > > > > > > > Good luck, hope this helps... > > > > > > Thank you @tutamail. This is more like what I was looking for. I've > > > tried most of what you recommend, but not everything. I'll re-install > > > 4.0 and give your suggestions a try. > > > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > > 4.0 platform. Most operating systems have a simple process by which you > > > are informed of packages that are out of date and are offered an > > > opportunity to upgrade them to the most recent version supported by the > > > distributor. It would be great if Qubes had something like that. > > > Perhaps someday it will. In the meantime, there ought to be a document > > > that clearly explains how to go from a fresh install to the most recent > > > Qubes-supported version of every package installed in each template and > > > dom0. It would be even nicer if there were a nightly/weekly build of the > > > same packages used in a fresh install, but all updated to the latest > > > supported version so that we could simply download and install that and > > > know that we have all of the most recent patches and upgrades. > > > > I can hear some of you now saying that if I want these things then get up > > off my lazy ass and build them. If I weren't fully (some would say > > overyly) employed with nothing but free time on my hands, I still wouldn't > > do that because I have other interests. I'm the consumer here. Some of > > you seem to forget that. This is feeback coming from a customer. Treat it > > as such. > > > > I'm also not a Linux newbie. I'm not stumbling around trying to figure out > > where the power button is. I've used, installed, and upgraded various > > forms of Linux for years. My
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 4:47:19 PM UTC-8, unman wrote: > On Sat, Dec 15, 2018 at 03:19:15PM -0800, John Smiley wrote: > > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com > > wrote: > > > Some typos corrected and clarification added: > > > > > > > > > John, > > > I'll take a shot at helping but would defer to Unman who has helped me > > > out a lot, both directly and indirectly on this forum. > > > > > > Some notes: > > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > > Not an expert but have having been using Qubes as my primary for over a > > > year. > > > > > > I loaded 4.0, however during the setup I did not add the default whonix > > > template(v13 I think) to my system as the default whonix needs to be > > > removed in order to upgrade to whonix-14. This option is chosen when > > > loading Qubes for the first time. > > > > > > I immediately update Dom0 using a VPN connection thru my network > > > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > > template...I don't just upgrade Firefox, I update the whole template i.e. > > > I update the Debian template and the Fedora template and this updates > > > Firefox in the template and the appvm's associated with the templates. > > > Make sure you are aware of the template/appvm relationship...you don't > > > update the appvm(e.g. sys-whonix), you update the template(whonix-gw) > > > which is the source for the appvm(sys-whonix). > > > > > > Other best practices I follow: > > > *Fresh templates seems to be the advice(vs upgrading) > > > *Whonix-gw template is a key template to update as all my updates are > > > done thru this template/appvms > > > * Get a VPN appvm setup as a priority > > > * Clone your templates and experiment on the clones, this way you can > > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > > at some point mess one up) > > > > > > Good luck, hope this helps... > > > > Thank you @tutamail. This is more like what I was looking for. I've tried > > most of what you recommend, but not everything. I'll re-install 4.0 and > > give your suggestions a try. > > > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > > tried 4.0.1-rc1 out of desperation. What I want is the latest production > > 4.0 platform. Most operating systems have a simple process by which you > > are informed of packages that are out of date and are offered an > > opportunity to upgrade them to the most recent version supported by the > > distributor. It would be great if Qubes had something like that. Perhaps > > someday it will. In the meantime, there ought to be a document that clearly > > explains how to go from a fresh install to the most recent Qubes-supported > > version of every package installed in each template and dom0. It would be > > even nicer if there were a nightly/weekly build of the same packages used > > in a fresh install, but all updated to the latest supported version so that > > we could simply download and install that and know that we have all of the > > most recent patches and upgrades. > > > > Qubes already has a simple process to show you when updates are > available , and enables you to update them. If you open the Qube manager > you will see an indicator of when updates are available, and can R-click > to select "update qube". I've noticed and tried the update notices in QM. I wasn't sure if that was the same as using the shortcuts and/or os package manager. I've tried both and had issues with both. > If you don't use the Qube manager, then you can just run "sudo > qubes-dom0-update" periodically to check for and install updates in > dom0, and 'apt update' as you will. I generally do include qubes-dom0-update as either the first step after a fresh install or right after installing fedora-28. Oddly, the first section of the doc on installing and updating software in dom0 https://www.qubes-os.org/doc/software-update-dom0/ reads like a warning not to do it unless you have a specific reason (and then goes on to list some of those reasons), so at first didn't run qubes-dom0-update.
[qubes-users] Upgrade existing templates or install fresh ones?
Let's say we're talking specifically about the Fedora template. Are there necessary/required/desirable configuration items that only persist when upgrading (say from 26 to 28) or does a fresh install of 28 behave the same as an upgraded 26? Are there additional steps that need to be taken with a fresh install to configure it for it's various roles in Qubes or is that all taken care of for you by Qubes itself? Take the specific example of sys-firewall. Assuming no changes to the default firewall settings in sys-firewall from a fresh install of 4.0, which is based on the fedora-26 template. Are the firewall settings the same after upgrading as described here https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/ vs. a fresh install with template switching as described here https://www.qubes-os.org/doc/templates/fedora/ What about other fedora template-based Qubes such as vault, work, personal, untrusted, sys-net, fedora-xx-dvm? Does it matter which path (upgrade vs install and switch) is taken in terms of how the qubes based on the template behave? If it does, what steps need to be taken to preserve desirable defaults? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c3762cd-019e-4114-a3f1-eb73cd1ded89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 3:19:16 PM UTC-8, John Smiley wrote: > On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com wrote: > > Some typos corrected and clarification added: > > > > > > John, > > I'll take a shot at helping but would defer to Unman who has helped me out > > a lot, both directly and indirectly on this forum. > > > > Some notes: > > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > > Not an expert but have having been using Qubes as my primary for over a > > year. > > > > I loaded 4.0, however during the setup I did not add the default whonix > > template(v13 I think) to my system as the default whonix needs to be > > removed in order to upgrade to whonix-14. This option is chosen when > > loading Qubes for the first time. > > > > I immediately update Dom0 using a VPN connection thru my network > > > > After installing Qubes 4.0, I immediately install the whonix-14 template > > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > > > All updates going forward are done thru sys-whonix-14-GW. > > > > When you say upgrading Firefox are you just updating Firefox or the whole > > template...I don't just upgrade Firefox, I update the whole template i.e. I > > update the Debian template and the Fedora template and this updates Firefox > > in the template and the appvm's associated with the templates. Make sure > > you are aware of the template/appvm relationship...you don't update the > > appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the > > source for the appvm(sys-whonix). > > > > Other best practices I follow: > > *Fresh templates seems to be the advice(vs upgrading) > > *Whonix-gw template is a key template to update as all my updates are done > > thru this template/appvms > > * Get a VPN appvm setup as a priority > > * Clone your templates and experiment on the clones, this way you can > > resort back to your clean template WHEN you F%$# it up (Not IF...you will > > at some point mess one up) > > > > Good luck, hope this helps... > > Thank you @tutamail. This is more like what I was looking for. I've tried > most of what you recommend, but not everything. I'll re-install 4.0 and give > your suggestions a try. > > I appreciate the other replies as well. Sorry if I wasn't clear. I only > tried 4.0.1-rc1 out of desperation. What I want is the latest production 4.0 > platform. Most operating systems have a simple process by which you are > informed of packages that are out of date and are offered an opportunity to > upgrade them to the most recent version supported by the distributor. It > would be great if Qubes had something like that. Perhaps someday it will. In > the meantime, there ought to be a document that clearly explains how to go > from a fresh install to the most recent Qubes-supported version of every > package installed in each template and dom0. It would be even nicer if there > were a nightly/weekly build of the same packages used in a fresh install, but > all updated to the latest supported version so that we could simply download > and install that and know that we have all of the most recent patches and > upgrades. I can hear some of you now saying that if I want these things then get up off my lazy ass and build them. If I weren't fully (some would say overyly) employed with nothing but free time on my hands, I still wouldn't do that because I have other interests. I'm the consumer here. Some of you seem to forget that. This is feeback coming from a customer. Treat it as such. I'm also not a Linux newbie. I'm not stumbling around trying to figure out where the power button is. I've used, installed, and upgraded various forms of Linux for years. My point is I know a lot more than most about Linux and virtualization and I'm having lots of issues with Qubes. I fully expect to spend many hours learning how Qubes works and how I can make the best use of it. I should not have to spend many hours simply getting it installed and updated. I don't think it's too big of an ask to have this spelled out well enough that someone experienced with Linux, but fresh to Qubes, can follow it and have be confident that the many security and other fixes described so well in your announcements are fixed/patched. Perhaps the problems I'm experiencing are unusual. I've been told that my hardware isn't all that peculiar for Qubes, so this should be a cake walk. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 3:02:13 PM UTC-8, 22...@tutamail.com wrote: > Some typos corrected and clarification added: > > > John, > I'll take a shot at helping but would defer to Unman who has helped me out a > lot, both directly and indirectly on this forum. > > Some notes: > Been using 3.2 and 4.0 only...haven't tried 4.0.1 > Not an expert but have having been using Qubes as my primary for over a year. > > I loaded 4.0, however during the setup I did not add the default whonix > template(v13 I think) to my system as the default whonix needs to be removed > in order to upgrade to whonix-14. This option is chosen when loading Qubes > for the first time. > > I immediately update Dom0 using a VPN connection thru my network > > After installing Qubes 4.0, I immediately install the whonix-14 template > following these instructions: https://www.whonix.org/wiki/Qubes/Install > > All updates going forward are done thru sys-whonix-14-GW. > > When you say upgrading Firefox are you just updating Firefox or the whole > template...I don't just upgrade Firefox, I update the whole template i.e. I > update the Debian template and the Fedora template and this updates Firefox > in the template and the appvm's associated with the templates. Make sure you > are aware of the template/appvm relationship...you don't update the > appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the > source for the appvm(sys-whonix). > > Other best practices I follow: > *Fresh templates seems to be the advice(vs upgrading) > *Whonix-gw template is a key template to update as all my updates are done > thru this template/appvms > * Get a VPN appvm setup as a priority > * Clone your templates and experiment on the clones, this way you can resort > back to your clean template WHEN you F%$# it up (Not IF...you will at some > point mess one up) > > Good luck, hope this helps... Thank you @tutamail. This is more like what I was looking for. I've tried most of what you recommend, but not everything. I'll re-install 4.0 and give your suggestions a try. I appreciate the other replies as well. Sorry if I wasn't clear. I only tried 4.0.1-rc1 out of desperation. What I want is the latest production 4.0 platform. Most operating systems have a simple process by which you are informed of packages that are out of date and are offered an opportunity to upgrade them to the most recent version supported by the distributor. It would be great if Qubes had something like that. Perhaps someday it will. In the meantime, there ought to be a document that clearly explains how to go from a fresh install to the most recent Qubes-supported version of every package installed in each template and dom0. It would be even nicer if there were a nightly/weekly build of the same packages used in a fresh install, but all updated to the latest supported version so that we could simply download and install that and know that we have all of the most recent patches and upgrades. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e8badc9-16c2-441e-861f-f7aa44f2d343%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
On Saturday, December 15, 2018 at 1:09:59 AM UTC-8, John Smiley wrote: > I'm interested in what and in what order, upgrades should be applied starting > from a base 4.0 install. I've tried several times and gotten jammed up each > time. I've also tried starting with 4.0.1-rc1, but had problems with that out > of the box where sys-whonix would die right away. 4.0 at least didn't die > until I tried upgrading. > > There are a lot of upgrades to be applied: firefox and whonix being the top > two. I've tried both upgrade orders (firefox then whonix as well as whonix > then firefox). I also usually include a qubues-dom0-update. I also > typically like to go with fresh template installs rather than upgrades, > although I've tried both and still ran into issues. > > Is there a tried and true path? Would some hardware details help? Gigabyte X299 Aorus Gaming 3 mobo All firmware and BIOS at latest releases Intel Core i7-7820X CPU 32GB RAM 2 x NVMe 512GB drives (another Linux, usually Ubuntu 18.x installed on one of these, leaving one free for Qubes) 1 x SSD 512GB drive (Windows 10 installed here) TPM 2.0 hardware-based module 1 x 4K display 1 x 3K display 1 x Nvidia 1080 Ti (I built this rig for gaming and then they stopped making good PC games - at least for my generation - I think I've aged out of all gaming demographics) I have to believe that my problems with 4.0.1-rc are somehow related to my hardware being a bit unusual for a Qubes box. It can't be as broken for everyone as it is for me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dce55e31-1c31-4f6c-b89e-08954ed4da7e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Upgrade guide from 4.0 to latest recommended build
I'm interested in what and in what order, upgrades should be applied starting from a base 4.0 install. I've tried several times and gotten jammed up each time. I've also tried starting with 4.0.1-rc1, but had problems with that out of the box where sys-whonix would die right away. 4.0 at least didn't die until I tried upgrading. There are a lot of upgrades to be applied: firefox and whonix being the top two. I've tried both upgrade orders (firefox then whonix as well as whonix then firefox). I also usually include a qubues-dom0-update. I also typically like to go with fresh template installs rather than upgrades, although I've tried both and still ran into issues. Is there a tried and true path? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0bfcd1a5-a16b-47b2-9864-bacbdacf5d31%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] FIDO2 / Webauthn?
Just finished looking at the new U2F support being added: https://www.qubes-os.org/news/2018/09/11/qubes-u2f-proxy/ Any thoughts/plans to include Webauthn FIDO2 support at some point? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9816616b-3b65-40fe-97b5-ae6fff2d4527%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] TPM usage
I thought that the TPM provided hardware accelerated block encryption ciphers in addition to key storage. The Wikipedia page for TPM certainly makes it sound that way but I can find nothing indicating that LUKS uses those capabilities when present. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4df874d4-e4d6-4c1a-9349-38c9a102abde%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] TPM usage
So Xen just sets up LUKS without the TPM even if it’s there? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/94640775-fb92-4485-991c-81fda40eb3f3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Does anyone trust this for meaningful anonymity?
On Thursday, December 13, 2018 at 8:21:43 PM UTC-8, John Smiley wrote: > I only ask because my, admittedly limited, exposure left me with no > confidence at all that it would protect me. I was hitting software and doc > bugs left and right. They haven’t gotten basics down yet, so no way I can > trust. Fun toy though. "> Fun toy though. Or instead, you could try to magically improve the project through sarcasm on the qubes-users mailing list. -m0ssy " You are quite right. That was churlish . Kindly accept my apology. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a31ce464-6e0c-4667-bf4c-756aa9a909f5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] TPM usage
>From the docs: TPM with proper BIOS support (required for Anti Evil Maid) Is that it? Qubes does not use the TPM for disk encryption? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ce305de-c9c9-4252-bc39-bcd0bae79791%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Does anyone trust this for meaningful anonymity?
I only ask because my, admittedly limited, exposure left me with no confidence at all that it would protect me. I was hitting software and doc bugs left and right. They haven’t gotten basics down yet, so no way I can trust. Fun toy though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/320e3d50-59e0-422d-973e-102305d32223%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] password style
Diceware dude -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa3b3017-8ffa-45b8-8002-09f9fe0dc6b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
