[qubes-users] HCL - HP Laptop 15-dw2373ng

2020-10-23 Thread Robin Christopher Ladiges 
No legacy boot in the BIOS, it only allows booting UEFI. I updated the 
BIOS from F.30 to F.31 and had to reinstall Qubes after that, because 
the BIOS didn't recognize it after the update.


Installation without laptop display, had to use a HDMI monitor. I tried 
all troubleshooting options before (including some open Github issues). 
It had a black screen after "Xen is relinquishing VGA console".


Manual installation of the RTL8821CE wifi driver ( 
https://github.com/tomaspinho/rtl8821ce ).


Laptop display works after upgrading to kernel-latest (though i915 
instead of iris).


Plymouth shows some graphical artifacts (minor).

USB, Ethernet, camera, microphone, sensors and suspend are working.
Hibernate only locks the session.
Closing the laptop triggers suspend, opening it wakes it up again.
Bluetooth seems to work (I see some devices, but own none to connect to).

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cdd9cf0-e2ef-70af-3460-78f77c01bc6c%40blackpinguin.de.


Qubes-HCL-HP-HP_Laptop_15_dw2xxx-20201024-043033.yml
Description: application/yaml

[qubes-users] Using 2 monitors in full screen mode with one application spanning both monitors

2020-03-22 Thread Robin Green 
I am running VMWare Horizon in a trusted VM in order to WFH. It is able to 
detect and use both monitor geometries for what you might call a 
"double-full screen mode" - however, even though I have enabled full-screen 
mode for this trusted AppVM in /etc/qubes/guid.conf on dom0, Qubes 
unfortunately does not recognise what it's doing as "full-screen" and 
retains the title bar over the virtual window (which spans both screens) 
and over the Windows Remote Desktop widget (which appears as a separate 
window fully obscured by the Qubes window title bar, rather than a widget). 

Yes, I am running Remote Desktop, on a remote computer, that I am 
connecting to with VMWare Horizon, to connect to yet *another* computer! So 
many levels of desktop virtualisation here, hehe

If I right-click on the Qubes window title bar and choose Full screen, it 
of course goes to full screen on only the first display, and no second 
virtual monitor on the remote computer is accessible to me. If I leave it 
like it is, I can't see what's at the bottom of any maximised windows on 
the remote machine - and since I like to maximise all of my windows, this 
is pretty much unusable for me.

Gonna have to reboot my local machine into Windows for now so that I can 
use both screens with VMWare Horizon and Remote Desktop, but I would like 
to figure out a way to get this to work... that doesn't involve manually 
resizing all the windows on the remote computer!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a661398e-df6a-4270-ad43-d0017f5904bf%40googlegroups.com.

[qubes-users] Setting up IPv6 tunnel in netvm

2019-06-22 Thread Robin Green 
This is my experience report after finally successfully setting up an IPv6
tunnel in sys-net in Qubes R4.0 and configuring things so that AppVMs could
use it. It was quite a struggle - some things did not work as I expected.

Steps I followed to make it work:

1. Put the commands from Hurricane Electric, my IPv6 over IPv4 tunnel
provider, into /rw/config/rc.local in sys-net.

2. As documented, in a dom0 terminal, enable the IPv6 feature:

qvm-features sys-net ipv6 1

The rest of the steps I did not find documented anywhere:

3. At this point, dnf stopped working. This turned out to be an MTU issue -
I had to add this line to my /rw/config/rc.local in sys-net:

ip link set he-ipv6 mtu 1472

I had discovered this 1472 value using:

tracepath6 mirrors.fedoraproject.org

Although I don't think this was a Qubes issue, the same MTU value that I
discovered also has to be used later as well.

Side note: at this point, qubes-dom0-update was able to download packages
but was not installing anything. However, I think that was because there
was nothing that needed to be installed, because the downloaded packages
were already up-to-date on dom0. So it wasn't a bug, or in any way related
to this change, just a bit confusing.

4. I still had no IPv6 access in my web browsers in my AppVMs, so I
investigated why. ipv6 NAT appeared to be set up in ip6tables as promised,
but it wasn't working. I then discovered that net-vm didn't have an IPv6
address, other than a locally-scoped IPv6 address, for its virtual network
interface. Is this a qubes bug?

I added an IPv6 address:

ip addr add fc00::10:8:8:71/7 dev vif9.0

and made it routable from sys-firewall:

sudo ip -6 route add fc00::10:8:8:71 dev eth0
sudo ip -6 route add default via fc00::10:8:8:71 dev eth0

At this point I could successfully execute

ping v6.ipv6-test.com

5. The web browsers still weren't able to use IPv6, and again it turned out
to be an MTU issue. I had to execute:

echo 1472 > /proc/sys/net/ipv6/conf/eth0/mtu

as root, in both sys-firewall and the AppVM. Again, this was based on the
MTU value I had discovered earlier.

This means that path MTU discovery within the Qubes internal network
doesn't work for IPv6 in Qubes. Though, based on something I have read
about that, I think that may be a good thing from a security point of view.

Can we simplify this process? It's quite complicated.

Perhaps the firewall could by default allow through IPv6 ICMP messages to
make MTU discovery work, only if they came from the internal network. Or
perhaps that's incompatible with NAT of IPv6. I'm new to IPv6 and I'm still
learning how it works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACVBcp51S2jHKkFbK9_jD5ThqMgg0Tp7A3bCMG35LY%2BVwwF1fQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Hardware support

2019-03-04 Thread 'Robin Murison' via qubes-users 
My hardware suppliers are sure my desktop supports IOMMU and yet when I
try to install Qubes 4 the installation says it does not. My basic
question is that error reported based on a white list or on the actual
presence or absence of the feature.

I have checked with the hardware company that  IOMMU is available and
does work and I have also checked with the company that built my machine
that I have all the appropriate settings turned on in the BIOS.

Both say I am doing the right thing and that IOMMU should be working and
I do not see my processor or mother board specifically on the supported
hardware list.

my machine is custom built:

Processor (CPU) AMD Athlon 5350 Quad Core APU (2.05GHz/AM1) & Radeon™
HD8400
Motherboard ASUS® AM1M-A: (M-ATX, DDR3, USB 3.0, 6Gb/s)

Thanks for any help


Robin

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1210f950-d6d5-8d02-635a-586f74aea893%40yahoo.co.uk.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Dual boot Qubes R4.0 and Windows 10 on EFI system

2018-05-19 Thread Robin Green 
I am trying to follow the instructions on 
https://www.qubes-os.org/doc/multiboot/ but grub is not even installed, so 
there is no such directory /etc/grub.d/

Does that page need to be updated?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e544ab0-ef8e-4e32-a18d-253cca7b2dd0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Fedora 28 just released

2018-05-02 Thread robin 
On Wednesday, May 2, 2018 at 5:05:14 AM UTC+2, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2018-05-01 16:00, Frédéric Pierret (fepitre) wrote:
> > Le mardi 1 mai 2018 21:28:03 UTC+2, steve.coleman a écrit :
> >> Needless to say that means an EOL for 25 is going to be announced
> >> fairly soon.
> >> 
> 
> Correct. In one month, to be precise.
> 
> For reference, here are our issues for Fedora 27 and 28 TemplateVMs:
> 
> 27 - https://github.com/QubesOS/qubes-issues/issues/3783
> 28 - https://github.com/QubesOS/qubes-issues/issues/3791
> 
> Ideally, we would announce today that our Fedora 26 TemplateVMs will
> reach EOL in one month in order to give users plenty of time to
> upgrade or migrate to a new template (just as we do when Qubes
> versions reach EOL). However, since we do not have a new template to
> offer yet, I'm going to postpone that announcement until the
> information is actionable for users. We will also make an announcement
> on 2018-06-01 stating that Fedora 26 has reached EOL, as a final
> reminder to anyone who hasn't migrated yet that they should do so
> immediately.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlrpKtcACgkQ203TvDlQ
> MDAmMhAAzZvlN6qOH6ph8QQmM6uFvdDIzB30jh/H1k/TJo9VadvqbSBiay5kRoCn
> GuX0gVE/9r2b7ck5vPjiy59MXdJs4cygdDG3+SsB4JrLMu+NI7EwB1p9HmLKuBJc
> zUP1bSiW05DHXgdUWbxoSg0G77UGyoAVs+6zUxajv04mPR1otJNWaJMyEhPak//g
> zzb8gqYx5EZLB5w5vcAvSmGQHJujcEEbvEndPleSr6+XOqYLVD8AfjCCISG9L0sy
> xjn2LHM5uO+1WKZStBnNbYBBSMDmW1DDQ/2M4zbVHPBDCx80cJx0lT78CqrzJ7d9
> dMk2MCH8NY7Dqr2Bl7ckS+O7JyLI5KFXIlH+90XxkeKo/dRVAQ0+JlfEzGxXPicv
> 56FsSGJ42MKrJ8uPAgZ5KiKqEGtJmolQONkNCTvwyplBWixwqpSmZEEYL1i8f91c
> f0akf67yLUjbxzVIbA7PYvMv4MYAJEwVciPMRyjjTxt/dT9X2pyMEoIHJu9LZFnv
> 7aXppwaR2POnqOIUznW311d3+kik4rlDHKURxxji7V0kF5DrGoVMeFrPDLCUmWxf
> WGKf7fLbvS/1Uc57i/MzaHsyZjBiKuiVInvIevG+LFO6nQDJsRGxaI/EHQpsxqlG
> /FcU0HiRlHiNzJRChGSSq6SS0AHm/lBA4U8mTJXYzjkpbjoUXVY=
> =iG/S
> -END PGP SIGNATURE-

Will the fedora 27 template also work on/be ported to Qubes 3.2, or will fedora 
26 be the last supported template for that Qubes version? If so, I guess that 
means you'll have to upgrade to Qubes 4/4.1 if you want to use fedora templates 
and get security updates?

Kind regards,
Robin

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9c836e3-0668-4d5a-8605-fbc6027a287b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Windows 8.1 HVM - Windows mouse pointer moves at wrong speed

2017-10-28 Thread Robin Green 
After my Windows 8.1 VM updated itself today, first the Windows mouse pointer 
disappeared entirely, and then when I rebooted it, it stopped moving as far as 
the Qubes mouse pointer, so the two mouse pointers became out of sync.

The solution was to go into the Control Panel in Windows and in Mouse Settings, 
disable "Enhance pointer precision" (which is a bit tricky to do while the 
mouse isn't working properly).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66a337c0-29b5-493d-8d6e-8ac82aacb733%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to change / swap behavior of Ctrl, Alt, Win, and fn keys?

2017-08-06 Thread Robin Schneider 
On 08/06/2017 03:43 PM, Connor Page wrote:
> AFAIK fn does not emit a code and bios will process it only in combinations 
> with predefined keys.

That is also how I observed it.

> other keys can probably be remapped. but from my exprience I failed to swap 
> fn and ctrl.

Depends on the laptop model. The keyboard is handled by the embedded controller
which typically runs proprietary firmware. But that does not prevent people from
modifying it anyway :)

https://github.com/hamishcoleman/thinkpad-ec/pull/32

-- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86f1843d-e6d6-8a91-7100-35645adc83a6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Best Desktop for Qubes

2017-07-02 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 07/02/2017 07:28 PM, Zbigniew Łukasiak wrote:
> A companion to the Best Laptop for Qubes thread :)
> 
> Most of the HCL is filled with laptops - very few desktops are there, 
> especially on the high end.
> 
> Currently I have a Dell Inspiron - works but 16GB RAM is max there (and it
> is a non-ECC so most probably more than that does not make much sense), and
> 16BG is not enough for me (browsers seem to eat unbelievable amounts of
> RAM).
> 
> Is there a recommended desktop system for Qubes with over 16GB RAM?
> 

Hi Zbigniew

The ASUS KGPE-D16 can not be left unnoticed and it has been mentioned a couple
of times in the "Best Laptop For Qubes" thread already.

You can even buy machines based on this MB built and flashed to your wishes:

* https://minifree.org/product/libreboot-d16/
* https://store.vikings.net/libre-friendly-hardware/vikings-d16-workstation

Pro:

* More than 16 GiB RAM with ease. 16 GiB is basically the entry option for
these machines ;-)
* Supported and on the HCL
* Runs Libreboot
* No management engine
* ECC RAM

Contra:

* Price
* Power consumption
* No Qubes OS 4.0 support I assume?


I guess this choice is easy :) ?

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJZWTOvAAoJEIb9mAu/GkD4NzkQAICDV6fWPONqUM7lksyLbZjq
RsfvYzAGBFmutPcEWHLQr/vjwRjhOQArGwC9ARp5HYoj3LGwi24xAD/Qp5fcv2ev
EBjq74jbpvuc4hzXS+92uJyW54DSR3lXiwyED05rU11sUY558nWOX17stig6RQ08
9GO7Ad7xaRyB5Eos0P1hCyd139WWxIROv4i8ZbpttXbF2aAqzJKa53xvrNCMX0r7
a1atera4ewPdZPQJD5N1SVjcqCuHRlAfx5Dp5n/rzBdILgyIL4t65I9LQ0YAJmnA
wwqaUQshk5oPX1Eb/uv7k/JPBTNMXp05Q4YTgLxbEUwjVmL60M8WdBFVbYU9500Y
xZj92S5BqdgXIdWbQu5Rshaj6DFYVvtHcCQobY8WXB4TkRrPrtR8nfoQzqBXufbt
hA6Cm6ZFcSXYhXiud4tgoJO+VhzyOnIzjrSYDW2/SQpteL7/vsYFAE7Biz8Q0U3v
+Rln6xu1LZ/3fhnCXFLQj51T4W8z6XgNw/JTrxjC3zsmJpf64YaUWeiLgV/Ikh8/
S5bpsrQq5KkZ11i2YVsho7K4L5pcAA93lI7Xlan0qDP4CkhGnm09hID+anevXuIR
2cGSdQFymecRlHYDM6kM9N1ActRFfW3ZFkvMk7plmXZ0T8GYsu7hj4/cBZBWu+//
q/cdKW+kzKgJvWLAQSNf
=OHo2
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/377c5741-320f-ccf6-f1d9-a1a7ddad3d1a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] looks like sha-1 is over

2017-02-23 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 02/23/2017 08:51 PM, Oleg Artemiev wrote:
> a little bit offtopic, everyone is using sha-256, I guess,
> 
> http://shattered.it/
> 
> but, btw - any comments to this in Qubes contex:
> 
> cut---
- --
>
>
> 
How is GIT affected?
> 
> GIT strongly relies on SHA-1 for the identification and integrity checking 
> of all file objects and commits. It is essentially possible to create two 
> GIT repositories with the same head commit hash and different contents,
> say a benign source code and a backdoored one. An attacker could
> potentially selectively serve either repository to targeted users. This
> will require attackers to compute their own collision. 
> cut---
- --
>
>
> 
?
> 

Hey

You might be interested in this issue:

https://github.com/QubesOS/qubes-issues/issues/2240

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYr0fYAAoJEIb9mAu/GkD4reoQAKPvuUxTl9qETXhZmuLJcSb+
4msToekwUrg5pGALC7XAV2DpXTd0UPD4muMNLE4W/F1Ynmm/i7ehe9A1UGyiy3QG
LYMDvJxg0cCPxADgBj0a43KtqaZJ9DvkcQcC6AwHOHw+9UIJjJXqPKj0gK1YFGHU
+FjI9iMEN4DHBMmi7UJ7ZX8Qe0vJ5Hq2lCYoToYmQCa+XYnDwqgjyv6J+RCJqtPr
P4/E5R/pYK36HRzFhXOm0KcnX6WynO7E1kBAdrkO2VpK+rk1QykKIxmnGfEfXaKO
zx8qEPkZqViGAZ4+Y3uuWXAbCjkJ0tOSIxZKXvuJfNSOO+R6+k6tDHzWZxX9+NY2
tf8VDckZOBHJM/Dk02HR1icXcQ+jpB4DfNrjjI8dKv0gJ0jCV/oVN2hsTeeoZri8
0bN0HAuWSrk+CreTrQv23lfjssPzAG1sYU8bofiE4QvuqToIH6FofKpr/RKas+wC
qgk2O86Y1MAZvzZsOgYHvCUFAtCFSjlqm+JuPCAoHowYNbAmpmc4SzgOFVxSKSgk
IzulqwctJXNdrLiJU8IehgZhTR4hAQbuljnctfX0qT/YvpozCII4nTkxBYR4DTCZ
mtQrBnVqv7rkqfNzb5Ri6NGgg3x9eVSBlhM+OQKpSKt+k9CipqrZwMaSJuVQU9vU
ZQdWuDabWIETqtqyOVcd
=YFtl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c6e1861-a319-e689-6d1a-88c3e74738a2%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Yubikey init failed PCSCD

2017-02-18 Thread Robin Lambertz 
On 02/16/2017 12:30 AM, bbrr3...@gmail.com 
wrote:


I've been able to use my Yubikey 4 on a debian 8 qube successfully. (Remember 
to patch the libccid_Info.plist). Might be worth giving it a try?



Hi,

What did you patch exactly ?

I found out after some fumbling around that the yubikey works perfectly 
well if I don't use qvm-usb, and instead assign the entire USB bus to 
the guest VM. My understanding is that this is less secure and opens me 
up to DMA attacks. It's also a lot less flexible. After digging around, 
I found out that qvm-usb uses qubes-usb-proxy[0], which seems to be the 
party at fault here.


I tried using usbmon and wireshark to find out more. The logs of the 
guest and host are attached (they log the same session). Clearly, the 
usb doesn't seem to answer in time to the Get Slot Status request. It 
looks like it times out after 100ms in both the guest and the host. Is 
it possible that the USB proxy would add latency, causing the timeout ? 
Should I try to increase the timeout in the PCSC software ?	


I also have made another wireshark log of what happens in sys-usb when 
accessing the yubikey directly from there (The scenario where the 
yubikey works) in case that's useful.


Thanks for the help,

Robin Lambertz

[0]: https://github.com/QubesOS/qubes-app-linux-usb-proxy

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o847r7%24u2m%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.


host.pcap
Description: application/vnd.tcpdump.pcap


host_direct_access.pcap
Description: application/vnd.tcpdump.pcap


guest.pcap
Description: application/vnd.tcpdump.pcap

[qubes-users] Yubikey init failed PCSCD

2017-02-13 Thread Robin Lambertz 

Hello,

I'm trying to make my Yubikey Neo (a PGP smartcard) accessible to my GPG 
Qube in a split-gpg + sys-usb setup. When attaching the Yubikey to the 
GPG VM, however, PCSCD doesn't seem to detect my Yubikey (which leads it 
to being unusable with gpg). I tried both an up-to-date archlinux and 
the default fedora-23 templates, and in both cases the yubikey neo 
doesn't show up in `pcsc_scan`.


I started pcscd with `sudo LIBCCID_ifdLogLevel=0x000F pcscd --foreground 
--debug --apdu --color | tee log.txt` to get more info. The logs are 
attached, but the interesting bits are here :


```
0206 ccid_usb.c:621:OpenUSBByName() Found Vendor/Product: 1050/0111 
(Yubico Yubikey NEO OTP+CCID)

0012 ccid_usb.c:623:OpenUSBByName() Using USB bus/device: 2/4
0010 ccid_usb.c:680:OpenUSBByName() bNumDataRatesSupported is 0
1997 ccid_usb.c:1244:InterruptRead() before (0)
00103904 ccid_usb.c:1290:InterruptRead() after (0) (2)
0072 -> 00 65 00 00 00 00 00 00 00 00 00
2614 <- 00 81 00 00 00 00 00 00 00 00 00
0050 -> 00 65 00 00 00 00 00 01 00 00 00
00103063 ccid_usb.c:836:ReadUSB() read failed (2/4): -7 LIBUSB_ERROR_TIMEOUT
0224 -> 00 65 00 00 00 00 00 02 00 00 00
05002241 ccid_usb.c:797:WriteUSB() write failed (2/4): -7 
LIBUSB_ERROR_TIMEOUT

0242 ifdhandler.c:188:CreateChannelByNameOrChannel() failed
0159 ccid_usb.c:879:CloseUSB() Closing USB device: 2/4
0151 ccid_usb.c:889:CloseUSB() Last slot closed. Release resources
0240 ccid_usb.c:189:close_libusb_if_needed() libusb_exit
0476 readerfactory.c:1110:RFInitializeReader() Open Port 0x20 
Failed (usb:1050/0111:libudev:1:/dev/bus/usb/002/004)
0161 readerfactory.c:375:RFAddReader() Yubico Yubikey NEO OTP+CCID 
init failed.

```

When attaching the yubikey to the VM, ReadUSB returns immediately with 
the TIMEOUT error (isn't that weird ?), while the WriteUSB times out 
after 5 seconds. I'm wondering if it was possible the Qubes USB proxy 
could cause those timeouts ? Anyone knows what else could cause those 
errors ?


Thank you for your time :)

Robin Lambertz

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o7tt6k%24v4i%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
 debuglog.c:289:DebugLogSetLevel() debug level=debug
0275 debuglog.c:310:DebugLogSetCategory() Debug options: APDU
0029 pcscdaemon.c:351:main() Force colored logs
0428 configfile.l:282:DBGetReaderListDir() Parsing conf directory: 
/etc/reader.conf.d
0063 configfile.l:319:DBGetReaderListDir() Skipping non regular 
file: ..
0014 configfile.l:319:DBGetReaderListDir() Skipping non regular 
file: .
0013 configfile.l:358:DBGetReaderList() Parsing conf file: 
/etc/reader.conf.d/libccidtwin
0201 pcscdaemon.c:655:main() pcsc-lite 1.8.20 daemon 
ready.
6163 hotplug_libudev.c:294:get_driver() Looking for a driver for 
VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/001/001
0661 hotplug_libudev.c:294:get_driver() Looking for a driver for 
VID: 0x1D6B, PID: 0x0002, path: /dev/bus/usb/002/001
13709193 hotplug_libudev.c:648:HPEstablishUSBNotifications() USB 
Device add
0196 hotplug_libudev.c:294:get_driver() Looking for a driver for 
VID: 0x1050, PID: 0x0111, path: /dev/bus/usb/002/004
0014 hotplug_libudev.c:433:HPAddDevice() Adding USB device: 
Yubico Yubikey NEO OTP+CCID
0060 readerfactory.c:1079:RFInitializeReader() Attempting 
startup of Yubico Yubikey NEO OTP+CCID 00 00 using 
/usr/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Linux/libccid.so
00049489 readerfactory.c:954:RFBindFunctions() Loading IFD 
Handler 3.0
0115 ifdhandler.c:1953:init_driver() Driver version: 
1.4.25
0818 ifdhandler.c:1970:init_driver() LogLevel: 0x0003
0033 ifdhandler.c:1981:init_driver() DriverOptions: 0x
0164 ifdhandler.c:1994:init_driver() LogLevel from 
LIBCCID_ifdLogLevel: 0x000F
0011 ifdhandler.c:110:CreateChannelByNameOrChannel() Lun: 0, 
device: usb:1050/0111:libudev:0:/dev/bus/usb/002/004
0009 ccid_usb.c:237:OpenUSBByName() Reader index: 0, Device: 
usb:1050/0111:libudev:0:/dev/bus/usb/002/004
0030 ccid_usb.c:269:OpenUSBByName() interface_number: 0
0042 ccid_usb.c:270:OpenUSBByName() usb bus/device: 2/4
0035 ccid_usb.c:287:OpenUSBByName() Using: 
/usr/lib/pcsc/drivers/ifd-ccid.bundle/C

Re: wlan with kernel 4.8 (Re: [qubes-users] HCL - Lenovo ThinkPad X1 Yoga 2016 (20FQ005UGE))

2017-02-02 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/02/2017 03:44 PM, Holger Levsen wrote:
> Hi,
> 
> On Sun, Jan 15, 2017 at 10:24:01PM +0100, Robin Schneider wrote:
>> Adding to the reports about the Thinkpad X1 Carbon 4th gen (20FB), here
>> are my experiences with the ThinkPad X1 Yoga 20FQ005UGE:
> 
> another skylake system here…
> 
>> WLAN works after installing firmware-iwlwifi in Debian 9. The only
>> problem is that almost all times after resuming from S3, the net VM needs
>> to be restarted to get wlan working again. The following is logged in
>> sys-net:
> 
> I have the same problem with WLAN :/ After suspend I need to restart
> sys-net, which requires shutting down all VMs using it, so that's pretty
> super annoying :/ My sys-net VM still runs fedora-23…

You don’t have to restart all the VMs, luckily, which I learned shortly after
posting this. There is a pretty simple trick going around. Just set your
sys-firewall to no net vm, restart your net vm and reattach your sys-firewall
back to the net vm :)

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYk3j3AAoJEIb9mAu/GkD49BEP/ivBq8NePQ+4rHTXPh30ZULp
PJvc7YkKc93/NfXJH8J7V23yfPadZJCGZndcF2XkuWETFuAuM75r2Xpl1Xb1zoyQ
mWgtAKueCEwKzZ8FM/CgKpBaFeA02BcLB1OpzB9iVuFARMvV0wXhh1N1nk0jkFMB
yoY7warhbefbskTy8MKXJ/GDb7GwqhOgQrnomExW+QThJOtoOPIu12jGV63ppmRq
xUiKg7m51j1ufY4+/7FyQojytNTNmvq+LxPju1qxQI1GjT3ULTLrXlAFZ4VZnI3G
TGgR4r9DOGHHIMAul1CTuV/8NUy3sug8oAJLJUuA1q+3VPv57WPYaFWUnREN4B1S
xwjSvCXPgeHcsNoenRfOStuCVzmrG++mwOZjnegXlFEuBBq550/p3cTlqQBSDoVy
AzsY7FzRNHjm2+B+HguE2h8LDllOfdpgTTrkN+rTSNyTlwF0M9W49YnXOo9G6Xoo
xyRV0RdweIVeEEfFtBDOQ4Pa367WmgL/1h0gBIzd6xYttwVcz0D9gJLnwvoKYjgT
GXPVw50HR3EZIjX7PjftuYOSYKmlAqBOdilWJCu5VmJoanHr3nWW4ekjRwWwopW+
jNqT/d4+0Loh/T/cJyfnjDM2cxQGDuTm6ni6ghFDgy81Pfe0M7ICUxomdXuIhXWd
DHdNJ6HhkX5eiXvMvqa1
=aEbR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58fb74e5-eef8-1a2b-d938-4affe1de8786%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - Lenovo ThinkPad X1 Yoga 2016 (20FQ005UGE)

2017-01-15 Thread Robin Schneider 
# sys-usb

Required the `qvm-prefs sys-usb -s pci_strictreset false` workaround [1]
unfortunately. I was not able to fix this by any UEFI setting.

[1]:
https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-contro
llers-to-it-now-the-usbvm-wont-boot

I tried USB mouse usage which works but this does not make the touch screen
work again. I did not yet check touch screen + sys-usb in more detail yet,
maybe later.

### Network

Ethernet works out of the box with Fedora 23 and Debian 8 and 9. Had no issue
after resuming from S3.

WLAN works after installing firmware-iwlwifi in Debian 9. The only problem is
that almost all times after resuming from S3, the net VM needs to be restarted
to get wlan working again. The following is logged in sys-net:

[14543.999216] e1000e: eth0 NIC Link is Down
[14548.117695] e1000e: eth0 NIC Link is Down
[14548.314301] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[23785.273315] e1000e: eth0 NIC Link is Down
[23785.307940] wlan0: deauthenticating from xx:xx:xx:xx:xx:xx by local choice
(Reason: 3=DEAUTH_LEAVING)
[23786.152843] Freezing user space processes ... (elapsed 0.001 seconds) done.
[23786.154342] Freezing remaining freezable tasks ... (elapsed 0.000 seconds)
done.
[23786.155692] PM: freeze of devices complete after 0.347 msecs
[23786.155697] suspending xenstore...
[23786.155764] PM: late freeze of devices complete after 0.065 msecs
[23786.171420] PM: noirq freeze of devices complete after 15.649 msecs
[23786.172443] xen:grant_table: Grant tables using version 1 layout
[23786.172443] PM: noirq thaw of devices complete after 0.708 msecs
[23786.172443] PM: early thaw of devices complete after 0.086 msecs
[23786.172846] PM: thaw of devices complete after 0.407 msecs
[23786.172846] Restarting tasks ... done.
[23809.722077] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[23810.002035] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
[23810.006535] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[23810.008657] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23810.010616] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23815.012114] iwlwifi :00:01.0: Failed to load firmware chunk!
[23815.012150] iwlwifi :00:01.0: Could not load the [0] uCode section
[23815.012182] iwlwifi :00:01.0: Failed to start INIT ucode: -110
[23815.012208] iwlwifi :00:01.0: Failed to run INIT ucode: -110
[23815.042145] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23815.044004] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23820.043139] iwlwifi :00:01.0: Failed to load firmware chunk!
[23820.043194] iwlwifi :00:01.0: Could not load the [0] uCode section
[23820.043230] iwlwifi :00:01.0: Failed to start INIT ucode: -110
[23820.043249] iwlwifi :00:01.0: Failed to run INIT ucode: -110
[23820.049489] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23820.051445] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23825.054064] iwlwifi :00:01.0: Failed to load firmware chunk!
[23825.054078] iwlwifi :00:01.0: Could not load the [0] uCode section
[23825.054088] iwlwifi :00:01.0: Failed to start INIT ucode: -110
[23825.054093] iwlwifi :00:01.0: Failed to run INIT ucode: -110
[23835.017335] iwlwifi :00:01.0: L1 Enabled - LTR Enabled
[23835.019072] iwlwifi :00:01.0: L1 Enabled - LTR Enabled

### UEFI Firmware versions

Most of the testing was done using the N1FET44W (1.18) version which the laptop
shipped with. I am now using the latest N1FET47W (N1FUR14W, 1.21) version
without issues. SHA512 sums:

66482797a45526a3b3e44ea67731d586b505933413dd884fc42df4825890f29cf228aa0f18a0d28c
490de1854937a3ed6cb5a2a53929f7cb4245002ea8ba5e8c
 n1fur14w.img
06bc63be4a846e9336281877300c2e4d75c8a8bd7bb9487cff8bc7c7d2f08fb0559558cc29a660c2
e3c580da3e5844d1e2382cd39936448d0da81246f7ded9b8
 n1fur14w.iso

### Other issues

* At least in CSM, the machine seems to be unable to boot from microSD.
* Powering up after suspend/S3 does/did not always work. The problem is
sometimes that pressing the power button when the system is in suspend does
not have any effect. The system has to be turned of by long pressing the power
button and then normally booted. Not yet sure what causes it. Might be related
to AC power connected.
* Hibernate S4 does not work: hibernate.target: Job hibernate.target/start
failed with result 'dependency'.
* TrackPoint scrolling, the usual X11 workaround works just fine.

### Works out of the box

* Webcam after attaching it via qvm-usb to a VM
* Speakers, headset jack

### HCL

Pull request already opened: https://github.com/QubesOS/qubes-hcl/pull/4
I will update it with a link to this post on the ML.

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYe+hWAAoJEIb9mAu/GkD4f8EQAKRl1uoTXPXgeNDH2q8DeO0J
cCTmHB4LyTKa1qvE8qR/Ojwo9qXH7SkKSDWlHZuEnBqOzEeN8y+71SQSx92Ov2KD
3oh8fJm22hlE4iwDdVKu0r+Aj1fcPMMsCMWYQBfEsi+w37Mkqc8w

Re: [qubes-users] How to set file association in disposable VMs?

2017-01-04 Thread Robin Green 
On Wed, 4 Jan 2017 at 00:16 Unman  wrote:

> Did you actually read that bug report?


Yes.


> I'm amazed it's still open.
>
> I assume that you are using a Fedora template


Yes.


> since 'mimeopen'
> works for a vanilla Debian template.
>

I don't think the Fedora template uses mimeopen directly any more.


>
> For Fedora based dvms, the dvm does NOT pick up the association from the
> template. It's therefore necessary to customize the DispVM: there are
> instructions for doing this in the docs.
>
> In brief, for a fedora-24-dvm:
> qvm-run -a fedora-24-dvm xterm
>
> In the dvm:
> mimeopen -d test.pdf
> touch /home/user/.qubes-dispvm-customized
> sudo halt
>
> Regenerate DispVM template using qvm-create-default-dvm:
> qvm-create-default-dvm fedora-24
>
>
> I haven't tested this with Okular, but it works for setting other default
> applications. Can you confirm it with Okular?
>

No, it doesn't. I tried both ways of settings the file associations.
Neither works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACVBcp4mP%2BzuMmVajNTKSgnwsq81R-MN6Ecb_rDWU6KgFhU6ZQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to set file association in disposable VMs?

2017-01-03 Thread Robin Green 
On Tue, 3 Jan 2017 at 03:14 Unman  wrote:

> > >  Original Message 
> > > Subject: [qubes-users] How to set file association in disposable VMs?
> > > Local Time: December 29, 2016 7:48 PM
> > > UTC Time: December 29, 2016 11:48 AM
> > > From: gree...@gmail.com
> > > To: qubes-users 
> > >
> > > I have configured Nautilus in an AppVM to open PDF files with Okular,
> and
> > > I've then done the same configuration (as user "user") in the
> TemplateVM
> > > that the disposable VMs are also based on. However, when I choose
> "Open in
> > > disposable VM" from that reconfigured AppVM, even though the dispvm
> > > savefile is updated before launching the dispvm, it still uses the
> default
> > > PDF viewer instead of Okular.
> > >
> > >
> > > Sounds similar to this:
> > >
> > >
> https://groups.google.com/forum/#!searchin/qubes-users/open$20in$20dvm|sort:relevance/qubes-users/GZ2zWcoMuwc/vwAzmYS5DgAJ
> > >
> > > --WillyPillow
> > >
>
> You don't say *how* you have changed the association.
>

I changed it using Nautilus, by right-clicking on the file, Properties.


> Try changing the file association in the template:
> mimeopen -d file.pdf will allow you to set the default application.
> Close down the template.
> Then make sure the dvm file is regenerated before opening the dispVM,
> as you have done.
>

That didn't work either. Please note, as noted already in this thread, this
is a known bug.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CACVBcp4j5ufmszR-mJe-BDv%3DOnLMs_CJXZphS0GxtMMNRtnQBQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to set file association in disposable VMs?

2016-12-29 Thread Robin Green 
I have configured Nautilus in an AppVM to open PDF files with Okular, and I've 
then done the same configuration (as user "user") in the TemplateVM that the 
disposable VMs are also based on. However, when I choose "Open in disposable 
VM" from that reconfigured AppVM, even though the dispvm savefile is updated 
before launching the dispvm, it still uses the default PDF viewer instead of 
Okular.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2529376e-ef91-43c4-a12b-9204c71dbcde%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] recommendations on encrypted usb disk?

2016-11-06 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06.11.2016 13:43, pixel fairy wrote:
> crypt setup has a lot of options. what do you recommend for a usb disk for
> backups and file transfer between qubes and bare metal linux systems?
> 

Hi

I would go with AES-256 as cipher and sha512 has hash for LUKS.

Refer to
https://docs.debops.org/en/latest/ansible/roles/ansible-cryptsetup/docs/defaults
.html#cryptography-defaults
for details :)

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYHysSAAoJEIb9mAu/GkD4NhEP/1jZujyKK0RWUuqQKWNglE7n
adRvP2fZlfCMzAOQfDdB5jnwIKCX3Ir0mWHisIVWww3+FsWP1ysMgEu4zTCcMpJd
3/SnIHF0sonBL6C6VIpIBUuyiRXe0Z3sjWcc4HeJMI7KdNNhH42Y6gJwjHumuiZr
g4k5aDhp7wlZrHxEhRirMfoA3QiamdRrBb0+yHFjmBiHt9dbT0NuN4Z+3PxWggtj
lMR/xiSxU8BDzM0KLD3iMLDIARcz8lSvxHrkij9aWdcVaUuaVkOkg729pHw/tBzV
Y0/zDcVibnxDdcpsNZFiDdK76loJxGb/+WF9b2Pxjh3r7dAdoNmxAvlJGcB40sh0
X2huFy4CI+gU+lP0ZomD0fRMvCQhLrSTTA5ibjaLMY0rnvwfyZ8pXYDCtwkeh9EA
VFvWvtQtvhNuA+agUXQoP334zh2tnJDbfFWZN/S/OWJY1/k7jTTuYSywFd5XH14X
tYoBKu6fhDfy6ae01CNigrdAtx4YaOZzxpNogVhCrFEmb/1sGJqTSr3fwEC3LbTP
CHKv9IkyWLxRKPTUnsKRxFEhWTegDEfYZMNX8QtjG46vsBvFskLXHc2Go3j91m86
HHSTjcG4Rb09ef6ykWIClwhb1APrEALoigilrraAcDcMcx+kAF1N6xxiDl6K6zQI
mtyO0wcHDWOiP49oiusD
=J+4d
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32e3b70c-ce04-6f27-e52d-964e7ab8b703%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] new hardware for qubes.

2016-09-15 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 15.09.2016 09:14, pixel fairy wrote:
> https://www.crowdsupply.com/design-shift/orwl
> 
> personally wouldnt pay that kind of money for a box with only 8 gigs of 
> ram, but its got some good ideas.
> 

Hey

Have you seen
http://blog.invisiblethings.org/2016/09/03/thoughts-about-orwl.html yet :) ?

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJX2kzFAAoJEIb9mAu/GkD4+M0P/R6OjwTBOZ9N4pikguMZdf4/
lVzmmwFnoaLJgopjnb3Iou2TzjOQzIx6YxF1VYHFrAMO/47y+rrnf9m+fML7qlHM
K5BAGSZsRr2tpQqXOvvIZarONKLmQtsUPiOM0My5VMfgPCz8Jkmx1ngGJsoDRo3M
14ozX3PD5/2r19KPviBGJQow2nPxnCKGxjhApgqqJMIsReDxF82gO3SFv22qARF9
LOMjS69G9b0ogT/+0y0I8fjGukK+u1F4VYib8N6ZY31wdvZ3g8B5t7yvAWmAOmGE
CjMghJMT8cWOFgqpP73oAl+/l/0po0iVhVmD8ab8h2/t6/YM8YBv7W2v1fjFcFDi
s0X2ZxVYYtCTW57STbtWQY4EXF3XEHbJWQekyFOqO19nVTJHYCTv9dyUTUq1Lb5e
EHKkVhZXEJdNp/WNibIquUA8MQBNTC7/LMh+XiAh9MbMAvc61G/mYsLGdoKqWnqf
FJPQKiuj2Z9cckOwNTc02ZIqc3waRajjdGVM11esVjjuOl+Z3pm5w+zueixxYJvK
YWjWqOvTWkHAusNFV2JwOn1NVSDx7breCn8Pmv9XmcjHkmRLFfwFgDlONZKuLwb5
HlfFvCaB1GWHPdxq3nx8FTMDv9zXPSLc6ObroQEgT1oSbnwO7fxlfA+pV/s8YbZ3
0gzO6QcBkDgtRPsrbcXl
=LPlU
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/386284e9-7a20-a7ca-1ea2-ff47fd9d00b3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] OwnCloud-Client - wrong credentials

2016-08-18 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 18.08.2016 19:00, angelo "angico" costa wrote:
> Hi, all!
> 
> - Qubes-os 3.1 - debian 8 based vm - owncloud-client 1.77
> 
> I can quickly and easily login to my OwnCloud account using a webbrowser,
> whatever password I set on it, but I just can't connect using
> owncloud-client 1.77 -- it refuses the connection yelling "Error: Wrong
> credentials".
> 
> Does anybody have any hint?
> 
> TIA,
> 
> Angico.
> 

Hi

Have you tried 2.1.1 from Backports yet?

https://packages.debian.org/jessie-backports/owncloud-client

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXtgTTAAoJEIb9mAu/GkD4mfEQAKb+vChGL7sDZlS2RR8fRQaU
1O0FMrKgzoG5JI7LpyZ/AHPihqqdAF9sbt/JXw6/toLAsEneHQq1HnwABXdQa5OR
Ajnc9sV6lNTqUXuks054hUwH8H3pm8kquaEYvS/xbHd0D6+qg2QWBRqnGcqSwNCu
B7HE5PDrxqTDGGv5brJ3ZpbZ6Odtv96qUmCJidhUg8z/O21+Wtvoz4yOpymEzWCd
lPqIhQPNYRcwUhpJoWnyW2yxGj5qqUO6QLkP9y8OckvCDsFJQKCxAUFupw/UsEQs
Z4CtKDfbqHXw2fuNPYb6mNpzcJtMEDBV7anRokeuyKb467UO+MEchqjIvkfOC9+i
l35B2+g1R1WuT3AVzn3cr/7Lb9/h8zoZptJiDiTcGO9Fkuqi7M7omeSk48YmTEaF
EQXTVSATpyabzmUAwddiDSdDwrMCTB867bQRrFwCe9GjNjHYeD6NnNMTSUpM03pg
2O376mpzmDfySjVYLlXioC3VCE0TSkjgHpugUppIcHsAJ2GXTUalc/f7mN4IyCGv
a1PmPpyj9TawcrXdJfxkfetVxSXfnVNoeFV4R4Nsn9wWbrIGYPKMKvxiV72vBoqs
LakJTUuGkLsVsUKxz+K/XI3n/SWkmbVqa492qMjqmppPHOTwnuGxHLfiZ8gXKgfq
tiThehHb0CWUfnWIKDpK
=9YIT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7390a7d1-c93f-5ed6-c7a0-8bd717bb3fdb%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why does QUBES recommend SSD drives..?

2016-08-17 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 17.08.2016 09:47, Robin Schneider wrote:
> On 17.08.2016 04:45, neilhard...@gmail.com wrote:
>> The Qubes website recommends SSD drives.
> 
>> Is there any particular reason..?
> 
>> Does Qubes use read/write to the hard drive any more than Windows... to
>> the point where it's going to cause drive failure a lot earlier..?
> 
>> Or is it simply a speed thing..?
> 
>> Or what.?
> 
> 
> Hi
> 
> I am pretty sure the main reason is speed. Also depending on your setup 
> (snapshots/btrfs) there might be alot of random read operations.
> 
> But when you look at the recently published paper [DiskFiltration: Data 
> Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive 
> Noise][1] there might also be another good reason to use SSDs ;)
> 
> [1]: https://arxiv.org/pdf/1608.03431v1.pdf

To bring the paper into perspective in regards to Qubes OS: Qubes OS does
mitigate such an possibility already in that only the VM which controls a
(S)ATA controller with an HDD attached could do that. So the impact of such a
side-channel data leak should be pretty low for Qubes OS users when you keep
that in mind.

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXtBi8AAoJEIb9mAu/GkD4s5kP/3Qh3fgGEcsi/Jrt8+74lDQN
qQzJjWYusNfPy7jwR+P5R7zJjkPXkU79/P77d5kVGYN3UQULU0DpvsIgVw3V3fTI
vQzbj33hlOXCsAjG6V/FfE1TL5QWKpZV7I2Q2oQoUfe8HNNhvmu/QoSNlDFRIoj3
KMso2iqQPCMLzjUESWM95i9HBmNfzfH4fZyDKF1stqTIm9POr3k26excqV+WfOoi
RV7l7j87Ejn+yI/BhMGTI8VbdfV1e+8Yfl4tJmb06PfqKpDCn6gUi9Bp1+RcjGHC
JYzdEQ0y2tbZMvh1V4JJpvhu4OTT35BK7ML2hTLxdd3HKkAaFfK0+fD++pPeQI28
Cg/mQeUhitUhu12m7Qi1ilGRSekGUknt4pmBWJaISWzKjUwld9sN0or01swq/1qs
mQIQ0+BGMwMsuFb7356QMyNjSa60cu4i9ehxR905zH2ZDseiNVYBMpKZb7NvIOgM
eKy7HES0MdxNzEPn+LgMa3mliR9t2qdQ0JDeJUfd8xLtfBVe+rcZx/GTRoP817RZ
71Q4n3/Jkh0NVwEiNilFvz4N4j94kW0Lpymv6Je4gBjzaXEcbTOrmG4R3RVK1btB
N44SPjOVE8dhKIjQrv3nsEeCtjkVip79gecinjqeZ4wE8Xvo/Fi1ppYu0fQaSy3X
pu93R1Z/aS/Rm1e9JOIQ
=4iX2
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20851865-c3e6-8056-7d99-3900428bf667%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Why does QUBES recommend SSD drives..?

2016-08-17 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 17.08.2016 04:45, neilhard...@gmail.com wrote:
> The Qubes website recommends SSD drives.
> 
> Is there any particular reason..?
> 
> Does Qubes use read/write to the hard drive any more than Windows... to the
> point where it's going to cause drive failure a lot earlier..?
> 
> Or is it simply a speed thing..?
> 
> Or what.?
> 

Hi

I am pretty sure the main reason is speed. Also depending on your setup
(snapshots/btrfs) there might be alot of random read operations.

But when you look at the recently published paper [DiskFiltration: Data
Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive
Noise][1] there might also be another good reason to use SSDs ;)

[1]: https://arxiv.org/pdf/1608.03431v1.pdf

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXtBaXAAoJEIb9mAu/GkD4ZlcQANTjVBR2MbYidSzgOv4Di/GZ
EQZnqUwFhGtbvoZ623z7ZDxl8Vn4BpohAx4kUU/stmA0nm7nJcd3y8/j43quUUYy
L4jJQmVk6pd6p1i1I9N24Ra0TkteQHPn0bJ7r+U5p8xVPYdDz0iseQMCHHLKSPc5
L8/VoMIqYFFcmDccbu7oHKaCU3nqCTpYsO89bu0RjhLlAE2+EiXc3c8jK/R0+xuC
os7OV05ltMjhS1LH3SRgYWHPvvihDr9kcR+REhKVJ0NNmAFnsevZ0zgsPTGHqJrs
JZ7Rm4s4782Q80sTDOeMqQZfU2RbWn8Hm0+GEVio4XFbA882AW1cpJd7juOus3M6
m34LHl5s+2E8fWttbqNjlXCsI7gU0MfB1rwVNCK2MVObpjgAZyudJ+ArI9THGMXz
eAwQ6v7scHuBjI+ufrbNnGdtnRNkEhCjYKXCyr+NTWj+nCM3+xgBmQscAg+50eU8
Wl5IueIwkawzUoNCs+1oTOZyyW+SRPZhrfL8Jt9ftw7I5MqneobceH8k/YX9kYnp
HLmSQZ+170ZoW7LVvSnyiKUgYnhWI5JdKPlyX1CiOLVcP3gPCYtJ6kMKPOW+fhZl
RCh3uMzDr1nb7TCN2dOJ33gt9df7M1eraEjYQztuzOi9BfSq0rhx701hhjS9md7c
JKPUwVrj+YGlhJ/kvT5K
=3I7z
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87eef10e-4735-a02d-99b2-4b1388a29842%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Bad GPG Signature is Good on 2nd Try?

2016-08-06 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 06.08.2016 04:47, Andrew David Wong wrote:

> Well, it should only be unnerving if you know with certainty that GnuPG is 
> returning different results on the *exact same* sequence of bits. Since
> you didn't hash the ISO before the first (failed) verification attempt, we
> don't have any evidence that that's the case. It's much more likely that
> the bits changed (e.g., due to write caching, as you suggested).

Bad memory or bit flips in memory might be a second plausible cause to look
at. Maybe you can check that (bad memory) with memtest86+?

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXpZ+eAAoJEIb9mAu/GkD4X8oQANZ9cGCScw2W8JSsI2yvSmWD
H0SIrIz4QtamITtQhwpOVJT40hnMnoiilTfiR2OeOW9iKE7MbABYV3diyiYJh5Yg
XhkiEi3d4LoK0Kxn1Zn/9MI+DHTN+yKlWj5V0GH9V7x8mdSewksUD5P63Zsses+f
7s2Ant5cfUdnV12ysayXmzq5YlYG4C0vJptP8aMqbVW8wFytKZFczzM31sGPaRWw
7DJShhP4jILLbqtqL+v0Lmgkl4fjW8Z2wTUqeJJ9F0EmQdHm5ANDyVXb1m+od0vT
jK+wdoPDlgljHz4bkFiXHjMvrLggFXjboR54/2UcglhYgDcwggrAmmOKEzC1c7mK
wV0BtdIrv1+PWPOqxv5Xb3rOKZb3lbiNcHp3Upz/NaMTGmqn+vT50rg8f0kLxara
QUW1YlArN0Lp7csO22Gpnj7rQfIubjzwhNpdAh26gSUXkfKbGvkjOTr5MctR73sE
JG50NXGWCQpBj1Q0cAzuXhCGDW3YhGMl9OgPOos6ZG+BMVPw+Qxf85VgIxUcCfJb
2pBSWfShcPmBsZ1FzrFvVWE2O9StwpaKheezVYbLNxjcta2QL32AY0Wp3cXsYxGU
W7kisX0+HTH2xijdY4R60W2uXtNlXZCXPiqwu58Uleo7h5/qXaDWx06r0s5mf9QW
lnskN719dtd4jFwi3Rv3
=udik
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d513833b-e1e9-8746-021d-e20f867b85f3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes default cryptsetup. How strong is it?

2016-06-21 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 21.06.2016 23:54, Arqwer wrote:
> How "quick" any of available super PCs (10,649,60 cores, 125,435. TFLOP/S
>> )  can find the password (e.g 8-16 chars) encrypted with Qubes default 
>> settings cryptsetup?
>> 
> 
> Encryption is the hardest part of chain. If the passphrase is long 
> enough.If password is 16 random lowercase and uppercasr letters, then it
> is 52^16 combinations, it is about 10^27. If you can crack 100 Peta 
> passwords/S, then it will take 10^(27-17) = 10^(10) seconds to brute the 
> password, which is 316 years. (Really expectation is half of it, so 158 
> years on average). Of course, if those letters are not "Password12345678".
> 
> How can we improve security to prevent this?
> 
> 
> If 316 years is not enough, than you can add one more character, to make
> it 16 thousands of years!


Most of those projections about how many years brute forcing a passphrase with
that many bits of entropy may take completely ignore one key aspect, especially
when you are talking about hundreds of years and that is technical advance and
Moore's law. So to be realistic, you would need to take that into
consideration.

Refer to:

*
https://crypto.stackexchange.com/questions/1815/how-to-account-for-moores-law-in
- -estimating-time-to-crack

- --
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXabyzAAoJEIb9mAu/GkD4DhQP/iru7NGtTJ6gVdsdnYlZfLx1
6uTWhX0mwwOYw1TMV4wGC9uW2NDGsiVXHHEJSXpdeLvMwZYdZGfKxu8vv8SRpUQc
SZYI38gybmYn4+wg/fp4oU6cDaHqJ2eh+oOh1YUZhnewOM/jcUMD7kK+sVFcP0Sr
koagcIuEXFC0nRnwZsSMtcfr1DQ3x/rJHQuBwdfQLpKyK6gDOVJEqQ5K1kh0Q2w+
yUEcMVtJiMdFkYyTFu7/pcuVv4Xgssiw+8eUt7tsr8QO5Sqczhr0oxlN3d8EwEeX
2H8poeBIPJ1v++xqiFuglxA2NkS3pi/y5VMWqs4rI8phazSvgPhkcZJ7NOsNpo6k
NkOFZHccwdRAq9KVq8M6OGcFk6ulSU6Y1SayHxkNM9zQ8ofJ4IBoJ4b+zAwcKta6
nPidNlPjhATD1BY0G1wO61TtfCqYqHuEdENvxko+Q2OXuNqaNREs+9+xdQrcwTuJ
hCy+YMC5wS1W25Le4f8Q0oNQrhMiLM92/YNz+tW8JzmLLU1LdzbM4Dz9Kf3aGrqV
Fi0FSj4MdRLzD9lLiZ6zUXpCpfYGlACyP2j58mssa5jLyKqHvEiMt1cSiOAoE16O
Lqxr0D8/M/O4Zx7o9NuQWi86stKK39x1xzbzOTCo0zjK+zwd8L5LspbVZpmW8AQW
q5t6CA096mCC45lflC4F
=0UJ1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a69beae4-41e8-6f5b-9cce-b56916e1c6a3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Template VM Hierachy?

2016-06-05 Thread Robin Schneider 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 05.06.2016 18:26, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote:
> Hello,
> 
> Can I build a Template VM hierarchy?
> 
> i) If I install all apps in the same TVM, that it looks pretty the same
> mess like in a monolithic system ii) If I install any app in a new HVM,
> than I waste lots of space.
> 
> If I take the working hypothesis, that I can define more safe and mess safe
> apps, I could build N TVM's for different topics and additional some
> dependent Template Sub-VM's, which contains more risky apps.
> 
> E.g. TVM-Hierarchy for text processing
> 
> TVM1 contains only a secure and simple text editor TVM1-1 is based on TVM1
> and contains also a simple painting tool TVM1-1-1 is based on TVM1-1 and
> enables the more risky JAVA stack and OpenOffice
> 
> So only AppVM's based on TVM1-1-1 like
> 
> AVM1-1-1-1 AVM1-1-1-2 AVM1-1-1-3 AVM1-1-1-4... take the JAVA risk but you
> will save the space, because TVM1-1 don't get duplicated only to build up
> TVM1-1-1.
> 
> Even you can update the full T-Hierarchy in the best case with one click.
> 
> Will be this possible? And how can I reach it?
> 
> The benefit will be, that any app-code get stored and updated only once,
> but the risk can be limited (if a good app black- and white list exists).
> 
> Kind Regards
> 

I think this would be difficult to implement. One reason for this is that when
you update TVM1 for example, the filesystem of it diverges. You would have to
do something like a three-Way Merge as known from version control systems like
git. I am not aware how this could be done.

I think your best beat is to use a COW filesystem like btrfs. This was
discussed a few days ago on this list that you can use btrfs to reflink copy
VMs. The only limitation to your scenario would be that changes in TVM1 would
not get magically merged down the hierarchy.

- -- 
Live long and prosper
Robin `ypid` Schneider
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVFWhAAoJEIb9mAu/GkD4FkQP/AjH8golFQ3b5viaiWCsdeyQ
Q+e1CFwKtGZ2fDMUs7Kxo3gI1bwPGg88G0zwgl5TI+RsilcraNCeawKvGiC/JIeS
iHIMdCVKMF8JCx4ebMNaaWJUN7rOqwztsR46cf4/vmoEI1nB/NBz5NuRDeTL/9ss
HQKV8BBJppbQpmyE4OZe5ksWZbo2BO8f/+KI3JVX0qw6KgpEnkeY+V2JxW0izQUj
F2nViEj11U7EZZhkiOWA6sF3jntEavQrUD5k9l5y5z+qpFEGyoiECmQTRcAGYxIx
44WXPhD0to7PtI7ROxHEtL1eoz1aDwXVzUxGRDHDBBoDqwjt/5aI9PKpWn+fZ+Bq
K81VKCRff60xRr6yuaM4gsjY76VLKFN22RVAC1JVH6x4mxQ2bGXW3L6cHBhVtlwV
dZGN+EjMeWWpqYnSM8JIiLmDNM0JZcDQFOzoOEjZoI6n20x/uYlwVrdjeNHGetiO
ytPUJS1frJp2147mKz1SCIk169Rw9Aa1w6EK3OHDU6KvzVx05nZmjGs8BBnB3NQE
kUcYWCEvl/nDXExT5L4/8dkSiE3NJ2ENNaEhA8ZORyitzo4GqiDPM01FLssFgFzB
vkIkiBmDN+9dIzplHwLaYPIYIXyWFp16JT2g1pasmONJXo9FrxATgNzUnjsmfCap
muYORrnTiYMI2qbXDvkj
=VwNN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/575455A1.3090501%40riseup.net.
For more options, visit https://groups.google.com/d/optout.