Re: [qubes-users] Coreboot: Security for external monitor

2022-08-17 Thread airelemental via qubes-users 


Aug 14, 2022, 7:46 PM by 169...@gmail.com:

> Hello friends,
>
> Laptop w520 thinkpad corebooted.
>
> I would like to be able to use an external monitor connected by the 
> displayport.
>
> This coreboot tutorial > https://www.coreboot.org/Board:lenovo/w520
> suggest to run the following command:
>
> sudo ./util/nvramtool/nvramtool -w hybrid_graphics_mode="Dual Graphics"
>
> I tried it in dom0, but nvramtool is not installed, so this starts alarming. 
> Looking for a way to install it found the following for Fedora:
>

You can get it from your coreboot build:
$ cd coreboot/util/nvramtool
$ make
then copy the resulting binary to dom0 in the usual way.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/N9iEJNt--3-2%40tutanota.com.

Re: [qubes-users] Where to configure target dir of `qvm-move`/`qvm-copy` (`/home/user/QubesIncomming`)?

2022-04-10 Thread airelemental via qubes-users 



> See subject line - I'd like to remap the `/home/user` bit to `/tmp` to
> enforce cleanup ...
>
> Thanks for any pointers.
>
> Joh
>
In /rw/config/rc.local, you can create /tmp/QubesIncoming. Then replace 
~/QubesIncoming with a symlink to /tmp/QubesIncoming

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/N-62xhy--7-2%40tutanota.com.

Re: [qubes-users] Opening applications using qvm-run

2021-02-28 Thread airelemental via qubes-users 
Feb 27, 2021, 14:16 by qubes-users@googlegroups.com:

> I'm trying to figure out how to open applications in VMs from dom0 using 
> qvm-run, and how to do so without blocking the terminal in dom0.
>
> For example:
> ```
> $ qvm-run anon "torbrowser qubes-os.org"
> Running 'torbrowser qubes-os.org' on anon
>
> ```
>
> The above command sucessfully launches Tor Browser in the `anon` VM, but I 
> can't run another command in the same dom0 terminal window until Tor Browser 
> (in the VM) finishes (exits).
>
> Alternately I can do something like
> ```
> $ qvm-run anon "gnome-terminal -- torbrowser qubes-os.org"
> ```
> but that leaves a terminal window running in the `anon` VM.
>
>
Try:

$ qvm-run --service anon qubes.StartApp+janondisttorbrowser
$ qvm-run --service untrusted qubes.StartApp+firefox
$ qvm-run --service personal qubes.StartApp+thunderbird

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/MUe0b60--3-2%40tutanota.com.

Re: [qubes-users] Special template to isolate less trusted software?

2020-09-02 Thread airelemental via qubes-users 



> I just don't like the idea of putting untrusted code in a templateVM used by 
> sensitive VMs.
>
Me neither! But I avoid multiplying templates by installing apps directly into 
appvms.
This minimizes the number of templates I have to keep up-to-date.

> fedora-32-zoom (the proprietary videoconferencing software)
>
You can save the zoom package into the appvm. Can also install its (open 
source) dependencies in the template. Then every time you start the appvm, just 
install the (already-downloaded) zoom package.

> fedora-32-slack (the group chat app, installed from their own rpm)
>
> fedora-32-print (had to run a Brother install tool to get printer working, 
> use it from my dvm-print wich is firewalled only to my local printer ips)
>
> fedora-32-media (has some proprietary media hnadling software)
>
The general strategy with installing packages inside appvms (at least those 
based on debian) is to make the package cache into a bind-dir and then 
reinstall package from cache every appvm startup.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/MGH1zz7--3-2%40tutanota.com.

Re: [qubes-users] Making AppVMs Open in Specific Workspaces

2020-05-08 Thread airelemental via qubes-users 
You can install devilspie2 in dom0 (available from fedora repos).

> AppVMs of Domain 1 (Personal) always open in Workspace 2

vm = get_window_property("_QUBES_VMNAME")
if (vm == 'personal') then
   set_window_workspace(2)
   change_workspace(2)
   focus_window()
end

May 8, 2020, 15:19 by lo...@threatmodel.io:

> Is it possible to specify a particular workspace for each domain/qube ?
>
> Example:
>
> AppVMs of Domain 1 (Personal) always open in Workspace 2
> AppVMs of Domain 2 (Anon-Whonix) open in Workspace 3
>
> I have tried setting XFCE profiles without any success. The apps reopen as 
> expected, but all get glommed together in Workspace 1 when I login again.
>
> Thanks,
> Logan
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/0fe8f40c-2c79-5534-0b76-8c5537eca77e%40threatmodel.io.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/M6ru0rN--7-2%40tutanota.com.

Re: [qubes-users] Looking at replacing WiFi on a Lenovo X230

2020-02-20 Thread airelemental via qubes-users 


Feb 20, 2020, 03:29 by ggg...@gmail.com:

> I notice that on Ifixit:
>
>
> The X230 has a WiFi whitelist, so a Lenovo card on the whitelist must be 
> used. If you do not do this, the laptop will fail with an 1802 POST error.
>
>
> If you are not happy with the current wireless card, you will need to find a 
> Lenovo variant of these cards:
>
> Intel Centrino Advanced-N + WiMAX 6250 - FRU 60Y3195
> Intel Centrino Ultimate-N 6300 - FRU 60Y3233
> Intel Centrino Advanced-N 6205 - FRU 04W3769 and 60Y3253
> ThinkPad b/g/n Wireless (1x1 BGN) - FRU 60Y3247 and 60Y3249
> I notice that the Insurgo Privacy Beast changes the WiFi to:
>
> WiFi controller: Atheros AR5BHB116 a/b/g/n 300Mbps > MINI PCI-E
>
> Is this because the ROM in the Insurgo has been reprogrammed?
>
>
Yes, flashing coreboot has the side-effect of removing the Lenovo wifi 
whitelist.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/M0YqNJg--3-2%40tutanota.com.

Re: [qubes-users] eye strain qubes

2019-05-29 Thread airelemental 




May 29, 2019, 7:53 PM by evadogs...@gmail.com:

> Hello, 
>
> Anybody use something to prevent eye stain? 
>
> I found "f lux" utility described as "must have" at the forum. But I never 
> try it and the question will it work at qubes? It must be installeted to 
> dom0? 
>
> Maybe somebody interested and can check it? 
>
> github repo "fluxgui". Check there site and write your opinion, please.
>
I recommend redshift instead, available from qubes-dom0-update.

You may have to put this in ~/.config/redshift.conf:

[redshift]
 location-provider=manual

[manual]
lat=100
lon=100  ; for example

See archwiki for more redshift options.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Lg5-d35--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes - Critique (long)

2019-03-16 Thread airelemental 



Mar 16, 2019, 2:31 AM by jrg.desk...@gmail.com:

> Issues...
>
> * When launching a program from the Qubes menu, particularly if the
>  target   appVM has to be started, the program often fails to be
>  launched. This happens very frequently with the Text Editor.
>
Interesting, my experience is limited to mostly debian-based templates and for 
those, the only program that fails to start from the menu is gnome-terminal. 

>  Since I had been using Linux distributions based, directly or
>  indirectly, on Debian, when I first set up Qubes, I created my appVMs
>  based on Debian. That  was painful as I then had to install a lot of
>  basic software.
>
>  When I re-read the documentation, I realized the security reasons,
>  so I switched all my appVMs (except one!) back to Fedora. It was not
>  painful, but I would have rather have spent the time doing something
>  else.
>
>
I've never come across guidance favoring Fedora over Debian in the docs. Can 
you provide a link? 

>  Since Firefox and Flash were working fine on my Linux Mint laptop
>  (which I use "to play with"), I re-based my untrusted appVM on Debian
>  and, lo and behold, Firefox and Flash worked just fine. This, by the
>  way, was when I attempted to use Chromium.
>
This is how I used to get flash working too - chromium + some flash plugin on a 
debian-based appvm. Thankfully flash is dying and I don't need it anymore.

>  At least for some people, it seems Debian is a necessity, but it is
>  not given the attention it deserves. At a minimum, a GUI software
>  installer should be included in the Qubes distribution which would
>  make it much easier for people to install other software they feel
>  inclined to use.
>
I think the policy is that Qubes defers to the distro. So if the distro doesn't 
have a GUI installer, than the template won't, and it sounds like it would be 
out of scope for Qubes to provide a GUI installer.

On the flip side, if the distro has an optional GUI package manager, it should 
work. For example, for debian, have you tried installing synaptic in the 
template?

> * Screenshot only appears to work from Qubes Tools. I can "add"
>  "Screenshot" to appVMVs based on Fedora (but not on Debian). But it
>  does not work -- The dialog comes up but, having chosen to select an
> area, I cannot do so.
>  Subsequent attempts to use Screenshot do not even present a dialog.
>
>  Although I have not seen this documented anywhere (which does not
>  mean it is not), it seems logical -- dom0 owns the screen (monitor),
>  so it makes sense that it handles screenshots. However, that means
>  screenshots are saved in dom0 and have to be moved (or, I suppose,
>  copied) to the desired appVM. It seems a bit awkward. If one is in a
>  program in an appVM and decides a screenshot would be nice, it is
>  probably focussed on that window or a portion of it. Since the OS
>  displaying the window "knows" what it is displaying, it seems logical
>  that some kind of screenshot could be made by that OS, but restricted
>  to its window.
>
It *would* be nice if you could right-click a file in dom0 and send to VM using 
the VM picker. Useful for screenshots and log files, for GUI-inclined users.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/La6VTzm--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best practices?

2019-03-04 Thread airelemental 



Mar 4, 2019, 12:03 PM by brendan.h...@gmail.com:

> My recommendations, incorporating some other previous recommendations.
>
> 0) After install, clone the baseline templates, then re-point all the 
> non-standalone VMs to the clones. Update the clones regularly.
> ...
> 4) Keep a list of all modifications you have made to each template, any 
> standalone VMs or to dom0 in your vault or in online storage: e.g. all 
> rpms/debs added to baseline template, kernal version or option changes, 
> pulled/built packages, configuration changes, etc. This will reduce your 
> annoyance level when you decided to/are forced to rebuild the system from 
> installation media and new templates and keep finding gaps when you are 
> attempting to work.
>

For added packages in debian/whonix templates, if you are keeping the baseline 
template around, don't need to track them manually. Can just run `apt-mark 
showmanual` in the baseline and then the cloned template, then diff -u them to 
get a list of added packages.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_B4Gwe--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] ANN: Fast incremental backups project

2018-12-21 Thread airelemental 



Dec 21, 2018, 1:39 PM by tas...@posteo.net:

> On 12/20/2018 09:40 PM, Marek Marczykowski-Górecki wrote:
>
> As for borg, I'm not sure a heavy emphasis on deduplication is appropriate 
> for many PC applications. Its a resource drain that leads to complex archive 
> formats on the back end. And my initial testing suggests the dedup efficacy 
> is oversold: Sparsebak can sometimes produce smaller multi-generation 
> archives even without dedup.
>
The borg default chunk size does not dedup Qubes volumes well. You get much 
better dedup with a smaller chunk size, for example `borg create 
--chunker-params=11,24,16,4095 ...`

Borg's dedup makes it simpler to think about. The repository is a pool of 
chunks and each backup is like a set of pointers to chunks. When a chunk is no 
longer referenced by any backup, it is deleted from the repo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LUInzpb--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] Request: Deferred autostart

2018-12-15 Thread airelemental 

Dec 14, 2018, 7:51 PM by no...@noses.com:

> Hi!
>
> After reorganizing my working environment (e. g. putting certain 
> security-related services in separate machines) I would like to start them at 
> system startup but the current autostart feature  is waiting or all machines 
> to come up. Would it be possible to add another class of deferred auto-start 
> (i. e. go on and get the GUI running instead of waiting fo these machines to 
> be ready). I know, sounds a bit like having systemd handle that but I'm 
> reluctant to do it that way.
>
>
> Achim
>
>
>
> --
>  You received this message because you are subscribed to the Google Groups 
> "qubes-devel" group.
>  To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-devel+unsubscr...@googlegroups.com 
> > .
>  To post to this group, send email to > qubes-de...@googlegroups.com 
> > .
>  To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-devel/0ae02bd587c9523a08158a4bd4a40f937926fddf.camel%40noses.com
>  
> >
>  .
>  For more options, visit > https://groups.google.com/d/optout 
> > .
>
My simple-minded solution is to disable auto-start for all VMs, and instead set 
up my working environment using a bash function/script I manually run (using 
`qvm-start`, `qvm-run`, & to start things in parallel).

This has the added benefit where if I need restart qubes quickly in succession 
for troubleshooting, it doesn't waste time setting up my working environment 
each session.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LTnIcPD--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?

2018-10-04 Thread airelemental 


>
> An implementation of a similar idea across several VMs is:
>
>
>
> VM1: any TemplateVM with clamav installed.
>
>
>
>
>
> VM2: AppVM based on above, which is network-connected so it can download new 
> virus definitions. /var/lib/clamav contains the virus definitions so make it 
> a bind-dir.
>
>
>
>
>
> VM3: DisposableVM based on the above, which is offline, that does the actual 
> scanning. To scan a VM, use qvm-block to attach a VM's private volume to the 
> disposable VM.[1]
>
>
>
> The actual updating and scanning can be streamlined using shell scripts run 
> from dom0.
>
>
> I think the nice properties of this setup are:
> * distro-packaged, open source antivirus> * antivirus lives outside the VM 
> you are scanning
> * since the antivirus processes a lot of untrusted input, scans are done from 
> a disposable VM3, so if it is compromised in the course of a scan, only that 
> session is compromised> * since the antivirus may process a lot of sensitive 
> information, VM3 is also offline, making it harder for compromised antivirus 
> to exfiltrate anything.
> [1]To make a DisposableVM have different NetVM than its template, you can use 
> for VM3 the static DisposableVM created by `qvm-create --class DisposableVM 
> --template VM2 ...`, it can have the specific NetVM setting of None, 
> different from their template.
>   




Other nice properties:
* by mounting a snapshot of the private volume, you have the option to scan 
while the target VM is running

* by mounting a snapshot, you can ensure no modification of the target volume, 
which some people might like from a forensics point of view.


>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LO-L6ng--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] I still want anti virus with Qubes OS. but which one is compatible?

2018-10-04 Thread airelemental 


> Going beyond that, antivirus is an option. One way to run it is from a dispVM 
> to which you attach various private volumes (one at a time) for scanning.
>




An implementation of a similar idea across several VMs is:



VM1: any TemplateVM with clamav installed.





VM2: AppVM based on above, which is network-connected so it can download new 
virus definitions. /var/lib/clamav contains the virus definitions so make it a 
bind-dir.





VM3: DisposableVM based on the above, which is offline, that does the actual 
scanning. To scan a VM, use qvm-block to attach a VM's private volume to the 
disposable VM.[1]



The actual updating and scanning can be streamlined using shell scripts run 
from dom0.


I think the nice properties of this setup are:
* distro-packaged, open source antivirus* antivirus lives outside the VM you 
are scanning
* since the antivirus processes a lot of untrusted input, scans are done from a 
disposable VM3, so if it is compromised in the course of a scan, only that 
session is compromised* since the antivirus may process a lot of sensitive 
information, VM3 is also offline, making it harder for compromised antivirus to 
exfiltrate anything.
[1]To make a DisposableVM have different NetVM than its template, you can use 
for VM3 the static DisposableVM created by `qvm-create --class DisposableVM 
--template VM2 ...`, it can have the specific NetVM setting of None, different 
from their template.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LO-HhSr--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] [proposing new feature] Edit in VM: an idea that can improve security when managing documents

2018-09-14 Thread airelemental 

15. Sep 2018 00:14 by un...@thirdeyesecurity.org 
:


> On Fri, Sep 14, 2018 at 04:13:53PM -0500, Sven Semmler wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> On 9/14/18 2:16 PM, Matteo wrote:
>> > there is a docx in the "documents vm" but you open it in a special 
>> > vm that allows you to edit it safely (kind of dispvm), all this
>> > with just double click.
>>
>> You can already do this. All you have to do is set the default handler
>> in your "documents vm" to use qvm-open-in-dispvm.
>>
>> You can even go a step further and hook up qvm-open-in-vm via a
>> desktop shortcut (to provide an ignored vm parameter) and then change
>> the policy in dom0 to always show you the dialog of all VMs to choose
>> which one to open it in.
>>
>> Ivan Mitev explained the details to me back in May:
>> https://groups.google.com/d/msg/qubes-devel/0CpN7ol1ZdM/0cBPvwc6CgAJ 
>> 
>>
>> So in my setup:
>>
>> - -> whenever I click a web link I get a dialog and can choose to either
>> open a new online dispvm or tor dispvm or open in an already running
>> (disp) vm
>>
>> - -> whenever I open a document I get a dialog and I can choose to open
>> in an offline disp vm or an already running offline disp vm
>>
>> ... in other words: everything I ever open (links and documents) is
>> always in a disp vm and I can choose on the fly whether offline,
>> online or with TOR. Since changes to a document in a dispvm propagate
>> back to the calling VM this also works great for document I work on.
>>
>> If it wouldn't require customization of the guest vm (the default
>> handler and the desktop shortcut), I would promote this to be the
>> default behavior. But I should probably write it all up nicely and
>> submit to the Qubes documentation. It's really powerful.
>>
>> Cheers,
>> Sven
>>
>> -BEGIN PGP SIGNATURE-
>>
>> iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlucJJIACgkQ2m4We49U
>> H7b7nQ/9HGyOn2Z1XWhvquuWAzBQPuJgE85cZ9IKCLK1OwjXpcUnej0/Dwa3jjL8
>> J6g2UVtsRx9/5jt0+tifRzFAlfOuFjvh/R80P335hnc4R+UceLq95dfnFaPFtLZk
>> +TelcKnJ5haSIsO/XErKPs+OqA4L5Ukdf7Wym36zIOm5TGU5QnrXHlIYr/Dpyjdt
>> sEG3gzk2itnTyEL4GOwK652tqMWHrzkc8ZnYLSmOOOdRCRJy/SCM+DV/DOSHrsvH
>> SZr5HpnCVLFWHn8WZ2af7h28g+foautDpsHGDfoU6hC/GU21nmCYKchKWUeuE7jM
>> sQCiVTv36MLgFD6WJg3hRZxr0x/T75V0iOAbS5rWZ+IRJaIoOF26ZrskYRfi5I62
>> MaeXgBFCMgvQr01pL6GUMMCrCIu01LViuJT8DsXW0vbxAI34gq1XexaUPaBWZJo5
>> rns+5oIixBUfuvROZPy3vwSKHxKdwFecHWkmVldFHcetnC9Q3rPveSRdAvhkNdQv
>> JpiFeCy/3n20cU7yOAJhEhs1xnRA1XH7VhyW6Dn4T1MgHWh74eVaEqQOUyl9Q+J1
>> p8HGONz8zSsPO+o9e+OCa2fMaPA8nfrTo1VjazMP1OmW5xLWedJb915aG+nxEfCy
>> ray1zbl2O8nCoOvtOOeJG1NeD7tv46m50Sv3SqbIXUOxS2KfLNs=
>> =zISj
>> -END PGP SIGNATURE-
>
> You dont say this, but if you use a minimal template for the document
> vm, then you minimise the risk of inadvertently opening a file there by
> mistake.
> You can, in fact, strip out almost any application other than a
> qubesopen tool, or pdf and img-convert.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-devel+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-de...@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-devel/20180915001411.7sl6jgcz3azv35g5%40thirdeyesecurity.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .




Something similar is the sd-svs in SecureDrop-on-Qubes, see 
https://github.com/freedomofpress/securedrop-workstation 





Anyway, it seems like there could be some issues:

a) Documents that "link" other documents. For example: html pages that 
reference locally-downloaded images/css, Inkscape docs with linked images, bash 
scripts that source other scripts. Unfortunately qvm-open-in-vm currently only 
copies just one file, so all links are broken in the dispvm.


b) Can't save progress. qvm-copy-to-vm only copies back the edits after the VM 
shuts down, right? So what if the system crashes in the meantime?



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMQJKiD--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Custom Configuration files for AppVMs

2018-08-31 Thread airelemental 

In Qubes 4.0,  I think the default config for all VMs is:
   /usr/share/qubes/templates/libvirt/xen.xml
and you can override it for  by placing a config file in 
  /etc/qubes/templates/libvirt/xen/by-name/.xml
Simply copying the former to the latter is probably a good place to start.

31. Aug 2018 15:51 by 3mp...@gmail.com :


> On Tuesday, July 9, 2013 at 4:29:18 AM UTC+2, Marek Marczykowski-Górecki 
> wrote:
>> On 29.06.2013 08:23, Olivier Médoc wrote:
>> > On 06/29/13 06:58, AndrewX192 wrote:
>> >> Is it possible to permanently set or override options in the autogenerated
>> >> configuration files, and if so - what is the best way to implement these
>> >> changes?
>> >>
>> > If you change your vm config filename and you edit qubes manager xml file 
>> > to
>> > match the new filename, this file will be considered as custom and won't be
>> > generated anymore during the vm startup. Check in 
>> > /var/lib/qubes/appvms/yourvm
>> > and /var/lib/qubes/qubes.xml.
>> > 
>> > You will probably have to restart the qubes manager once you changed the 
>> > file.
>> > I'm not sure about that.
>>
>> Qubes manager should automatically detect qubes.xml modification (inotify
>> based watch).
>>
>> -- 
>> Best Regards,
>> Marek Marczykowski-Górecki
>> Invisible Things Lab
>
> I have the same problem in Qubes 4.0 but I can't find the VM configuration 
> file... I tried modifying the qubes.xml file, tried virsh edit the VM with no 
> luck, the config file of the VM I can't find is always regenerated when the 
> VM starts.
>
> There is a workaround when the VM is started with xl block-attach which is 
> working and probably can be automated with qubes-rpc but I'm looking for a 
> more elegant way like Olivier's solution for Qubes 4.0
>
> Any directions ?
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/edced9d8-73ca-48e4-9b50-f0cd4fa5fc5c%40googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LLFsNcy--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Where is Redshift Config file?

2018-08-05 Thread airelemental 
~/.config/redshift.conf

A minimal config is:

[redshift]
location-provider=manual

[manual]
lat=-50.0
long=100.0

5. Aug 2018 22:03 by loadc...@gmail.com :


> Could anyone tell me where is exactly must be locating config file 
> (redshift.conf) of Redshift sofware?
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/b1bdb4b9-cc5c-41f3-8532-b57d86c27daa%40googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LJB9NMo--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.