date:20180301

On Thursday, March 1, 2018 at 9:30:52 AM UTC+1, jer...@disroot.org wrote:
> where do i find support for security, privacy? (some place where i can post 
> with anonimity too, reddit privacy requires java script i think, doesn't it 
> compromise anonimity? also i would like to ask how things are recommended in 
> doing, like a guide, etc...
> 
> for example i need to know if enabling java script to watch youtube in tor 
> will compromise anonimity or anything like that, or enabling java script in 
> other websites, if it's a risk.. and how i should tell where i can enable 
> java script, etc.. also if it's recommended to buy stuff through tor, and 
> how, etc and what its benefits, etc...

I'll answer to your mentioned issue first, but in addition to that there are 
some extra, but related, information below it.

As for support, you found the best place. You can indeed avoid javascript, and 
this is where to hang-out for feedback/questions/help/support if you want to be 
as close to the developers as possible (they don't always post but they do drop 
by every now and then), and probably also the best place to find help too given 
the people who gather here. But remember, when you ask for support, you must 
remember that it is volunteer driven "support". I'm not doing it my self, but 
you should be able to use for example the open-source Thunderbird mail-client 
over the Tor network, to post on these e-mail threads, and then use the Tor 
plugin's to Thunderbird to ensure you're anonymous (remember the plugin). This 
way, you bypass the java-script for google mails, and you can even use mail 
encryption if both parties have & use the keys (as you might have seen, some 
people have their encryption keys below their posts here, so you can send 
encryption messages to them).

As for the extra information, it's a good timing of you to ask a question like 
this, as some of us are currently trying to get a discussion going today, 
exactly about issues like this. It could be helpful if you throw a comment over 
here (@ link below) to help putting focus on issues which are not covered in 
the Qubes docs, and come from the bottom-up (by Communuty for Community). This 
will over time help increase the availability of extra guides and solutions for 
all sorts of different things. It'd be helpful to have backing as to why we 
need more focus on less or unofficial guides/scripts/etc. 
https://groups.google.com/forum/#!topic/qubes-users/dZNWxBOqa08 

The better this can be done, the quicker we can get more helpful content 
coordinated, checked for errors/mistakes/security/easy-of-use/help-finish and 
make both the unfinished and finished work more visible for the rest of the 
community. Some of it, if good enough, could maybe end up in the Qubes docs at 
some point as well. To clarify, instead of top-down, this is a bottom-up 
approach.

Disclaimer, I don't plan to take any leadership in this, I'm only pushing to 
get it going, and then afterwards help where I can help as a regular user. It 
might even be that there won't be a leadership, but things like these are for 
the discussion to discuss as well.

Basically, if you could post your point of view, entirely what you think, what 
you would like to see, your own opinion, related to the subject of course.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8d45b24-7170-4b2f-95ff-de3037eac91f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

On Thursday, March 1, 2018 at 11:53:19 AM UTC+1, Laszlo Zrubecz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 02/28/2018 09:39 PM, Yuraeitha wrote:
> > 
> > It seems from time to time that various people have shared a good
> > unofficial script, guides and 'how to's', and even code, for Qubes
> > related content, on their github page or similar. The problem
> > however is that while shared, it isn't very visible, and even if
> > they are from time to time mentioned in a mail thread, it quickly
> > gets buried under many new mails. It often isn't feasible to use
> > the search engine to find these either.
> > 
> > Of course everything could be put into the Qubes doc page. But
> > first, it's getting pretty large and cluttered and will probably
> > only grow bigger. Second, the Qubes doc page does not show on-going
> > and un-finished work. The strength of seeing unfinished projects,
> > is that we can help each others finish and test them. Scrutinize
> > them for security issues and reliability issues, before they are
> > considered for the Qubes doc page.
> > 
> > To solve an issue like this, it'd be helpful to have a place where
> > we can keep track of everyone's projects which are shared for
> > others to use. It may also be worth discussing on quality and
> > security, and how we "censor"? bad scripts/guides/code. It could be
> > done in many various of different ways, which is also why I think
> > it'd make sense to open a discussion on the matter, so we can find
> > the most preferred method. First though, a location might be ideal
> > starting place, where to keep everything updated?
> > 
> > Initial thoughts - A https://www.qubes-os.org/doc/ page listing all
> > the unofficial projects. The most simple and easy way.
> 
> Have you seen this page:
> https://www.qubes-os.org/qubes-issues/
> 
> 
> 
> - -- 
> Zrubi
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqX244ACgkQGjNaC1SP
> N2SdmA//R9MMEoRIww3VVxSMhgLX8E/pAVnMLFjbJj11KyfVqIyGnB32x8ZXn4Fj
> Ep2HDuTV5Gz+UiJHl3dTcO/1k7CII2SCwo01JWcOyuR02HFxFyEnMSO8ZezfZbuS
> Uy6LozQ6gFQO5YNKH3D21UfOEw9Hg2XFVu2EreN8KmTJCbS3J3tX2OElZzGFb27k
> Lvz2BdSYl9emx2+GdmxJSzQsYFQcC5a7q3zxPqfApXUn6W1UHTWGNY8Roijz25EA
> luLfolwiae7iE7a17dLslqBcdB5bW/Jb4Sf7dx0cTKx5hvT5YO3EcikNeyAkiQ3m
> tMi9dPK1NgvgkCd7liHYLSfdRm3LkN+DrGkcN5yOIGldLgwDFUtJnhhjfpYvcINQ
> fqdXZYuTtuswP02VR5HnTJ9HX7+eCoUBT+Uk4N9GABYwVRODHLx6KqSOJ2YT0I3R
> ZvM2m0qcfdGSQEkp9cK2gKgvrVL3Odbw+Lhm25KvGcviR/sJr+LOxxE76lu6TOvg
> qgBsbPlt5L0ferDt67IHfkrspz3juxEiF7+O0ZTmcvIKmbvMCPe8K2NA00Uo+y0j
> kUErAdUomPWXoPPFdRo4i+GWLNPyo2EiBi6AXIwYFWZIbjcMmPNab/DGJrWFWFX+
> ZxFZBmf+8+rkAV2PYWi299LUQjjWLEizrEX6l+Dja3eD6wCBlZc=
> =+Zw+
> -END PGP SIGNATURE-

@Laszlo
I was indeed not aware of that page, it's pretty similar to the initial 
suggestion up above. (Thanks for linking it!). But there is a very crucial 
difference I think, it appears much more top-down focused than bottom-up, and 
also not focused on more every-day kind of issues. It's more focussed on 
directly Qubes related issues, and not so much issues which can make Qubes 
easier to use, more mundane things, and other things which might be very 
important to some people, but not everyone. It also has a single developer 
mindset, rather than inspiring people in the community to work together to 
archive a common goal. So it's both very similar, but also very different at 
the same time. 

I agree it should still be possible to block dangerous or out-dated 
guides/scripts/etc., that's my opinion/view as well. But what is sought here is 
also a method not to exclude people who try to start something (many people 
have creative ideas, but are unable to carry it out or finish it themselves, 
and it disappears). Something can be started up, and then later need/seek help 
from others in the community to help finish it. Have critical eyes on the work 
from others, which might also make people more daring to do something, which 
may not be bashful, but a friendly community to solve issues in development, in 
a similar way how we solve personal issues in these mail threads. It can be 
much more risky for an individual to try build something alone, and then stick 
ones head out, than it is if the process is transparent and everyone can see 
how it works. Not everyone is willing to face such a risk, even if they got the 
skills to finish it themselves.

There is at least a good handful, if not 10 or so people around in these 
forums, who try to do something like this, but everyone are working alone. 
There are skill sets on vastly different degrees and types, but everyone 
doesn't need to have the same skills to be useful. A good example are Artists 
who can make artwork for Qubes content, or editors/writers/guide-makers whom 
usually would not write to a Qubes doc page, due to already mentioned reasons, 
or other reasons, it could be lack of time, or because the Qubes docs seem too 
official. I would make a guess here, that

Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

On Thursday, March 1, 2018 at 1:31:50 AM UTC+1, [799] wrote:
> Hello Yuraeitha,
> 
> 
>  Original-Nachricht 
> An 28. Feb. 2018, 21:39, Yuraeitha schrieb:
> 
> > It seems from time to time that various
> > people have shared a good unofficial script,
> > guides and 'how to's', and even code, for
> > Qubes related content, on their github page or
> > similar. The problem however is that while
> > shared, it isn't very visible, and even if they are
> > from time to time mentioned in a mail thread,
> > it quickly gets buried under many new mails.
> 
> I have recognized the same and was wondering already what could be the reason 
> that people have written own small projects which I only knew of because 
> following this mailing list.
> Honestly I started the same, after coming up with the first draft of ma 
> qvm-screenshot-to-clipboard script.
> 
> The main reason why I didn't upload it (yet) to Qubes docs:
> 
> 1) it is on a very early stage and while it is working I would feel a bit 
> ashamed, as there is no error handling etc.
> 
> 2) I am unsure if the script is not only working but also "reasonable secure" 
> to use
> 
> 3) I like the quality of the existing Qubes documentation, but it takes some 
> time for a newbie user not only to write a good how-to but also include all  
> the valuable feedback or keep the discussion ongoing.
> 
> Maybe those are the reasons why others like to keep developing their stuff 
> outside of the Qubes doc repository. Summarized:
> 
> 1. Scripts are not yet ready/to basic
> 2. Unknown impact on security
> 3. Not enough time to craft a quality "product"
> 
> > To solve an issue like this, it'd be helpful to
> > have a place where we can keep track of
> > everyone's projects which are shared for
> > others to use. It may also be worth discussing
> > on quality and security, and how we "censor"?
> > bad scripts/guides/code. 
> 
> Yes, please! His could also be a good ressource to browse looking to 
> fine-tune Qubes.
> 
> > It could be done in many various of different
> > ways, which is also why I think it'd make
> > sense to open a discussion on the matter, so
> > we can find the most preferred method. First
> > though, a location might be ideal starting
> > place, where to keep everything updated? 
> > (...)
> > A https://www.qubes-os.org/doc/ page listing
> > all the unofficial projects. The most simple
> > and easy way. 
> 
> I like the idea having it available at GitHub as we can easily contribute to 
> the code and GitHub has all the features to keep discussion ongoing etc.
> It is also allows to keep a copy of the latest version of the scripts and 
> people don't have to learn another tool when their code is ready to be 
> released.
> 
> The bad thing:
> If you're not a developer and have never worked with GitHub the learning 
> curve might be high.
> At least I had to click some time  arround to understand what is located 
> where and how it is working.
> 
> > Generally the main concern is the visibility of
> > the effort that the community puts in Qubes,
> > from the bottom-up, often goes to waste and
> > few people see's it. 
> 
> The other benefit is, that I learn a lot from reading other person's scripts 
> and of course following the discussion.
> 
> Maybe some of the ideas there could also be mentioned in a maybe monthly blog 
> post, so that new users can see that Qubes is a living project. 
> 
> I would call this site/place where all the ideas are summarize "Qubes Garden" 
> or "Qubes Playground" :-)
> 
> [799]

@[799]
I'm glad you feel the same way :) 
If we imagine the github approach, any idea how we can keep an overview of all 
projects? Maybe a Qubes doc? something else? Also true with github, it was also 
a bit of a jungle for me the first time, and still is at times.

I like the off-site website approach too, I'm just worried that we're too few 
people to do something like that :/

Maybe we could make a shared chat room of a sorts, to discuss 
scripts/guides/etc. where everyone are welcome to join openly?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a26c729c-4c82-41ef-ab5d-8179a2495c8b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL Asrock AB350 Pro4 + Ryzen 5 1600 (Qubes R4)

2018-03-01 Thread zitterbewegung

Dear Foppe,
I tried this motherboard with an AMD 2600G. Since it has the vega graphics on 
the chip is the issue that the onboard graphics isn't supported? I also am 
using Bios version 4.6 should i try downgrading to 3.0?
Sincerely,
Joshua Herman
On Friday, October 27, 2017 at 1:26:06 AM UTC-5, Foppe de Haan wrote:
> On Friday, October 27, 2017 at 8:24:16 AM UTC+2, Foppe de Haan wrote:
> > On Friday, October 27, 2017 at 12:34:11 AM UTC+2, tjc.co...@gmail.com wrote:
> > > On Friday, October 27, 2017 at 12:24:45 AM UTC+2, tjc.co...@gmail.com 
> > > wrote:
> > > > On Thursday, October 26, 2017 at 11:53:16 PM UTC+2, Foppe de Haan wrote:
> > > > > mbt IR foutmelding: dat boeit niet, is een 'foutje', als het goed is 
> > > > > binnenkort opgelost. :)
> > > > > 
> > > > > wat aan moet staan is IOMMU, SVM en SRIOV, de rest mag je op de 
> > > > > standaardwaarden laten.
> > > > 
> > > > Oke,
> > > > 
> > > > Is nu bezig met config van Templates (meerdere)
> > > > 
> > > > Dank.
> > > 
> > > Is klaar en het werkt. Nu leren hoe het werkt.
> > > 
> > > Bedankt Foppe.
> > 
> > mooi, graag gedaan en succes. :)
> 
> Als je een kernel wilt compilen die de rx550 zou moeten ondersteunen is hier 
> een handleiding; kies voor 4.12.14 (4.13 is momenteel nog instabiel ivm 
> onbekend probleem): 
> https://github.com/0spinboson/qubes-doc/blob/patch-1/managing-os/compiling-your-own-kernel.md

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37628cc0-7fd9-4d0e-8943-c27ec2b12c2d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL Asrock AB350 Pro4 + Ryzen 5 1600 (Qubes R4)

On Thursday, March 1, 2018 at 12:57:54 PM UTC+1, zitterb...@gmail.com wrote:
> Dear Foppe,
> I tried this motherboard with an AMD 2600G. Since it has the vega graphics on 
> the chip is the issue that the onboard graphics isn't supported? I also am 
> using Bios version 4.6 should i try downgrading to 3.0?
> Sincerely,
> Joshua Herman
> On Friday, October 27, 2017 at 1:26:06 AM UTC-5, Foppe de Haan wrote:
> > On Friday, October 27, 2017 at 8:24:16 AM UTC+2, Foppe de Haan wrote:
> > > On Friday, October 27, 2017 at 12:34:11 AM UTC+2, tjc.co...@gmail.com 
> > > wrote:
> > > > On Friday, October 27, 2017 at 12:24:45 AM UTC+2, tjc.co...@gmail.com 
> > > > wrote:
> > > > > On Thursday, October 26, 2017 at 11:53:16 PM UTC+2, Foppe de Haan 
> > > > > wrote:
> > > > > > mbt IR foutmelding: dat boeit niet, is een 'foutje', als het goed 
> > > > > > is binnenkort opgelost. :)
> > > > > > 
> > > > > > wat aan moet staan is IOMMU, SVM en SRIOV, de rest mag je op de 
> > > > > > standaardwaarden laten.
> > > > > 
> > > > > Oke,
> > > > > 
> > > > > Is nu bezig met config van Templates (meerdere)
> > > > > 
> > > > > Dank.
> > > > 
> > > > Is klaar en het werkt. Nu leren hoe het werkt.
> > > > 
> > > > Bedankt Foppe.
> > > 
> > > mooi, graag gedaan en succes. :)
> > 
> > Als je een kernel wilt compilen die de rx550 zou moeten ondersteunen is 
> > hier een handleiding; kies voor 4.12.14 (4.13 is momenteel nog instabiel 
> > ivm onbekend probleem): 
> > https://github.com/0spinboson/qubes-doc/blob/patch-1/managing-os/compiling-your-own-kernel.md

I can confirm that I've seen issues with this particular motherboard too (AB350 
Pro4 / with Ryzen 3). 

There is in particular issues with the BIOS version 4.6 which changes the whole 
PCI architecture (by the looks of it), and it messes everything up in Qubes so 
it can't even boot up (other versions were very, very faulty, but it did allow 
Qubes to boot somewhat okay though). So I had to move it back to BIOS version 
4.40. as I didn't have enough time to try troubleshoot my friends machine at 
the time. 

One thing I need to still try, is to re-install Qubes after updating to BIOS 
4.60, it seems like it might work considering how it changes the hardware 
layout between 4.40 and 4.60, so a clean install might do good and be what is 
needed, but it may not fix it still (remains to be tested).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bcf5929-093e-4b0a-a3de-23ee3fb48c77%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install Android-x86 on HVM

On Thursday, March 1, 2018 at 11:11:44 AM UTC+1, msg...@gmail.com wrote:
> Hello,
> 
> I want to install Android-x86 on Qubes OS 4.0rc4 StandaloneVM (HVM), but the 
> Android installer can't recognize the VM drives.
> I can run the Android Live from the iso and it works.
> I've tried to install Android-x86 7.1-rc1/6.0-rc3/4.4-rc5 but they can't 
> recognize the VM drives.
> Based on some messages from mailing list/github issues, it was possible to 
> install Android-x86 on HVM in Qubes OS 3.2 (or pre 4.0rc4?) but I can't do it 
> in Qubes 4.0rc4.
> Maybe someone have some clues on how to make the Android-x86 installer 
> recognize VM drives?

Could it be because of the kernel is loaded in a similar way to how it for 
example prevents Windows to install? I'd guess any standalone shares this issue 
in Qubes 4 and not just Windows. Linux or not, if it tries to use its own 
kernel rather than the one provided by dom0, then it would probably not work. 

This should disable the VM's kernel, though I never used it my self, try adjust 
if the citation marks are different.
qvm-prefs android-vm-name kernel ''

I can confirm from personal experience that Android remix was possible to be 
installed during Qubes 3.2., though I didn't try on Qubes 4 yet. Generally it 
should work though, you probably just need to bypass some issues, like the 
kernel issue above, and perhaps you need to adjust the virt_mode too qvm-prefs 
android-vm-name virt_mode. Try change it to HVM if it isn't already. I'm not 
sure if the GUI VM Settings has been fixed for the Virt_mode, otherwise just 
use the dom0 terminal with above command to change it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c75c824b-df98-4ca1-8495-53be8129519c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread qubes-os


Steven:

Thank you. Very helpful to have another data point about SeaBIOS.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a999383b-655e-c8ea-0ed4-cda60c04386e%40go-bailey.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] RDP or something like this to connect to a Dedicated Server?

2018-03-01 Thread KlausDieter2

Hey guys,

i want to ask if there is a opportunity to connect to a Server (VPS /
Dedi) with a programm like RDP on Qubes OS 3.2?

I want to connect through a VPN Gateway to a Dedicated Server. On this
Server is Windows installed and I want to handle it like you can do it
with TeamViewer on Windows.

Any Ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d30adaa2a3c6cbf39411be794ce6af3.squirrel%40_.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Little pb to understand how to add a FW rule on my proxyVM

2018-03-01 Thread ThierryIT

Le jeudi 1 mars 2018 12:29:30 UTC+2, Chris Laprise a écrit :
> On 03/01/2018 03:08 AM, ThierryIT wrote:
> > Hi,
> > 
> > I have configure the proxyVM with rules for http, https, smtp and ntp.
> > I have understood that for the DNS (who is not working anymore) I have to 
> > use from dom0 : qvm-firewall  ...
> > 
> > I want to oblige all the VMs to use only "OpenVPN" as DNS.
> > 
> > I did :
> > 
> > qvm-firewall vmname add rule --dns=208.67.222.222 and many other 
> > combinations ... It do not accept any of my rules ... Mistakes from my side 
> > but from where ?
> > 
> > Second question, is there any possibility to find example of how to make a 
> > proper FW with rules example under Qubes ?
> > 
> > Thx
> > 
> 
> There are two main ways to add firewall rules to a proxyVM: Via VM 
> settings of a downstream VM (appVM), and via a script in the proxyVM 
> itself at /rw/config/qubes-firewall-user-script.
> 
> The former is limited but has a convenient GUI in VM Settings dialog 
> (also qvm-firewall). The rules for each appVM get transferred to the 
> connected proxyVM. (If you are trying to use qvm-firewall to add rules 
> to the proxyVM and not the appVM, that may be your mistake.)
> 
> The second method is very flexible but requires a little study of the 
> proxyVM's default internal firewall configuration before adding your own 
> rules in the script.
> 
> Another, third way is to have a program like openvpn run a script when 
> the link goes up.
> 
> There are good examples which actually handle DNS addresses in the Qubes 
> VPN doc[1], the Qubes-vpn-support project[2] and also in the script 
> found at /usr/lib/qubes/qubes-setup-dnat-to-ns. These scripts use dnat 
> rules to convert DNS requests to use a particular DNS address, although 
> in your case you might want to leave '-d' as 'any' instead of specifying 
> an address.
> 
> Note that the second link below is easy to setup and the 'qubes-vpn-ns' 
> script accepts DHCP-generated variables from openvpn and automatically 
> uses them to setup dnat.
> 
> 
> [1] https://www.qubes-os.org/doc/vpn/
> [2] https://github.com/tasket/Qubes-vpn-support/tree/qubes4
> 
> -- 
> 
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Thx ... I am going to do my homework now :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11d85bf2-2b0b-4f8b-aab3-f1da8ae039e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread Jo

Hello,

Qubes rc4 works just fine with pretty much every Payload, so far grub,
Seabios Heads worked without any issues.If you strip down ME, you should
blacklist me / ime,

to speed up boot.


cheers


On 03/01/18 14:11, qubes...@go-bailey.com wrote:
> Steven:
>
> Thank you. Very helpful to have another data point about SeaBIOS.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/554b2444-c2de-2d4c-21c9-d06e9bc41bf1%40seefelder-web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Anonymizing your MAC Address with macchanger and scripts

2018-03-01 Thread billollib

On Thursday, March 1, 2018 at 12:08:19 AM UTC-5, Chris Laprise wrote:
> On 02/28/2018 08:23 PM, 'awokd' via qubes-users wrote:
>
> BTW, as an example of Qubes-specifics in this issue, on sleep/wake 
> networkVMs don't process the normal array of events and system states 
> that bare-metal Linux distros do. At least this was the case for 3.x. 
> The result was that advocates of the macchanger script method (which 
> relied on such events and related hooks) recommended that users keep a 
> watch on the current MAC address and restart sys-net whenever it 
> reverted (waking from sleep was the most common/blatant example). They 
> didn't care to address the fact that the waking system was already 
> broadcasting the original address before the user had a chance to 
> restart sys-net (and not to mention the unmitigated headache of 
> restarting/reassigning all the dependant VMs).
> 
> 
>

Well, to be honest, I haven't kept up with it once I decided it wasn't going to 
work.  As I remember (and this is back before systemd, and you could still 
control everything from the /etc/rc.d files very easily), I put a little 
script in /etc/init.d and did the macchanger thing before I allowed the network 
to connect to anything.  If the network turned off, then it would randomize 
when it turned on.  

I don't remember it reverting, but I may have just not been paying attention 
(or have forgotten in the haze of time -- it's amazing to me how quickly one 
forgets little sysadmin tricks when one stops doing it all the time).  I never 
dealt with VMs except for running Windows in Virtualbox, so I am clueless 
there...... though I am getting interested again playing with qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c95b66e-b74a-4865-9805-5305fd0ff1ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

On Sat, February 24, 2018 12:26 pm, 'awokd' via qubes-users wrote:

> don't have a Squid proxy to test against.
>
> For anyone who does (or is familiar with how they work):
> A) Does it look right?
> B) In step 3, adding apt/dnf proxy settings to all AppVMs based on the
> same template as the UpdateVM's seems a bit broad. Is there a way to
> fine-tune it?
> C) Any special R4.0 considerations?

Submitted as https://github.com/QubesOS/qubes-doc/pull/603.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2300744b5da709c3d7ddbac97995b78a.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Qubes 4 and coreboot

Hello,

 Original-Nachricht 
An 1. März 2018, 14:46, Jo schrieb:

> If you strip down ME, you should
> blacklist me / ime, to speed up boot.

I've read this within this thread sometimes, what exactly needs to be done here?
I have run ME_cleaner and when booting up there is a delay, can this be 
resolved by blacklisting something? If so where? What?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/td9V9a8-WhKwOCtfFwPWBxKZZk2h8blJApWm6FksRzimcZWGNv_QO3XoNyCmjkyI9G7LPQChdMYdjPvvVnw_S30V_WkVFaeakHv9kX-4ZcU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install Android-x86 on HVM

2018-03-01 Thread msgheap

On Thursday, March 1, 2018 at 7:50:44 PM UTC+7, Yuraeitha wrote:
> On Thursday, March 1, 2018 at 11:11:44 AM UTC+1, msg...@gmail.com wrote:
> > Hello,
> > 
> > I want to install Android-x86 on Qubes OS 4.0rc4 StandaloneVM (HVM), but 
> > the Android installer can't recognize the VM drives.
> > I can run the Android Live from the iso and it works.
> > I've tried to install Android-x86 7.1-rc1/6.0-rc3/4.4-rc5 but they can't 
> > recognize the VM drives.
> > Based on some messages from mailing list/github issues, it was possible to 
> > install Android-x86 on HVM in Qubes OS 3.2 (or pre 4.0rc4?) but I can't do 
> > it in Qubes 4.0rc4.
> > Maybe someone have some clues on how to make the Android-x86 installer 
> > recognize VM drives?
> 
> Could it be because of the kernel is loaded in a similar way to how it for 
> example prevents Windows to install? I'd guess any standalone shares this 
> issue in Qubes 4 and not just Windows. Linux or not, if it tries to use its 
> own kernel rather than the one provided by dom0, then it would probably not 
> work. 
> 
> This should disable the VM's kernel, though I never used it my self, try 
> adjust if the citation marks are different.
> qvm-prefs android-vm-name kernel ''
> 
> I can confirm from personal experience that Android remix was possible to be 
> installed during Qubes 3.2., though I didn't try on Qubes 4 yet. Generally it 
> should work though, you probably just need to bypass some issues, like the 
> kernel issue above, and perhaps you need to adjust the virt_mode too 
> qvm-prefs android-vm-name virt_mode. Try change it to HVM if it isn't 
> already. I'm not sure if the GUI VM Settings has been fixed for the 
> Virt_mode, otherwise just use the dom0 terminal with above command to change 
> it.

I've already set the kernel to '', virt_mode to HVM, disabled memory balancing 
and set memory to 4GB, it didn't help.
I've installed Windows 7/10 without any problems on this same Qubes OS 4.0rc4 
but I can't install Android-x86 with the same config.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c5d3463-ee5c-448d-b696-e841cf930589%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Howto: Enable WWAN (LTE Sierra EM7345) in Qubes OS (Howto install ModemManager in Qubes)

2018-03-01 Thread akiraloopback via qubes-users

Thanks for this howto, Piit.

I am trying to get the build-in LTE card running on my ThinkPad T540p. Its a 
Sierra Wireless USB connected card. I can identify the USB bus, it's the first 
USB bus (Intel family xHCI rev 04), where the fingerprint reader and some other 
internal stuff also is located.

When I attach this USB device to sys-net VM, this VM does not start any more, 
however, but throws the error: "qubes sys-net modem VM: internal error: unable 
to reset PCI device : no FLR, PM reset or bus reset available"

Rebooting the whole Qubes (3.2) doesn't help either.

Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c6dcb667-815e-4efe-9a99-9e55f33ea833%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cron not working on AppVMS based on Debian 9

On Wed, Feb 28, 2018 at 09:42:32PM +, maur...@disroot.org wrote:
> Hi,
> 
> I'm not able to get the user crontab running, apparently this happens because 
> threre's no crond service nor unit files:
> 
> systemctl status crond
> Unit crond.service could not be found.
> 
> Being the only service available the cron mount:
> 
> systemctl | grep -i cron
> var-spool-cron.mount loaded active mounted /var/spool/cron 
> 
> Does anyone knows how to get cron running persistently (i.e. after every 
> reboot) so the user can run its cronta job?
> 
> Thank you.
> 
> John

Have you enabled the service with qvm-service?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180301165057.anhghs2oxr6gcaod%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] RDP or something like this to connect to a Dedicated Server?

2018-03-01 Thread donoban

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/01/2018 02:05 PM, klausdiet...@mail2tor.com wrote:
> Hey guys,
> 
> i want to ask if there is a opportunity to connect to a Server (VPS
> / Dedi) with a programm like RDP on Qubes OS 3.2?
> 
> I want to connect through a VPN Gateway to a Dedicated Server. On
> this Server is Windows installed and I want to handle it like you
> can do it with TeamViewer on Windows.
> 
> Any Ideas?

There is no problem using RDP or VNC clients, probably with a little
effort TeamViewer should work too (I read time ago there was some
issue). If you don't know it I like remmina.

-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqYMOQACgkQFBMQ2OPt
CKWZmhAAo663lVgq6adto18kj1Uf9/5uYomF5YJUGFHbXUpMJ9vsgRcj+7pBH+yh
lrTPwr3dzxUSSC21RNp346JVKNiQw7Sr06P2IMJ79lRaMFe5DMMLmUc6kls8qpCC
wr/XSLzct5pcggRfZeBCN13j2mPDVEg7WSkZGAGfNPUc8WCjPPEhHKFjAvO6edRl
ATIXqIVQ9mJKnREfbZoetDEB/oMrFSGN4u68c7FSDyW2PSGN6dCSZpX28Z5E03rX
DGnYzaOgRhiJgDHLJPk35SvBRiLoJMa8+7f34f+f5vAmFzgOPXPg7YtJ9XV/z/OA
jXNB9akhviMOhGVmf0tYr5HqEWUDqvRm/nWYVF+gSa50r6aU+Dt9L6BP1l8+OeR0
Lf88IkmcmawSyVZuTwj/H83eFzJQv/iNsPUNlpu6P6OjSmY1+fa3oTtv4yvZsZuk
waxXza21nBEeV7Q/Xp3SuxtLnLy7ZtFF7nV8fw1hKFlWqVR0UJTAC50kwvndHo2s
UbxwkeMCSeaMH6mlIC17SophVKkswKrXwkKVnxURXWdHyi0VcgGtY0QHxKATyO7b
ZHnNsoeaMhCZL+G/f03lpAUl6Yk07276C2Z3Adpe2/2OxGnVGTHn8jAhgRbwuuIk
PZT30D+Eiu4sF6Ndo6E2Km6I2DL9TO9Xh2+pk6Ik51p5njMa/9Y=
=BLxT
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ddfb595-33b7-acef-2306-c73c6113042c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: HCL Asrock AB350 Pro4 + Ryzen 5 1600 (Qubes R4)

2018-03-01 Thread Joshua Herman

I will try downgrading to BIOS version 4.4 if I can since I am installing
qubes from nothing.

On Thu, Mar 1, 2018 at 6:06 AM, Yuraeitha  wrote:

> On Thursday, March 1, 2018 at 12:57:54 PM UTC+1, zitterb...@gmail.com
> wrote:
> > Dear Foppe,
> > I tried this motherboard with an AMD 2600G. Since it has the vega
> graphics on the chip is the issue that the onboard graphics isn't
> supported? I also am using Bios version 4.6 should i try downgrading to 3.0?
> > Sincerely,
> > Joshua Herman
> > On Friday, October 27, 2017 at 1:26:06 AM UTC-5, Foppe de Haan wrote:
> > > On Friday, October 27, 2017 at 8:24:16 AM UTC+2, Foppe de Haan wrote:
> > > > On Friday, October 27, 2017 at 12:34:11 AM UTC+2,
> tjc.co...@gmail.com wrote:
> > > > > On Friday, October 27, 2017 at 12:24:45 AM UTC+2,
> tjc.co...@gmail.com wrote:
> > > > > > On Thursday, October 26, 2017 at 11:53:16 PM UTC+2, Foppe de
> Haan wrote:
> > > > > > > mbt IR foutmelding: dat boeit niet, is een 'foutje', als het
> goed is binnenkort opgelost. :)
> > > > > > >
> > > > > > > wat aan moet staan is IOMMU, SVM en SRIOV, de rest mag je op
> de standaardwaarden laten.
> > > > > >
> > > > > > Oke,
> > > > > >
> > > > > > Is nu bezig met config van Templates (meerdere)
> > > > > >
> > > > > > Dank.
> > > > >
> > > > > Is klaar en het werkt. Nu leren hoe het werkt.
> > > > >
> > > > > Bedankt Foppe.
> > > >
> > > > mooi, graag gedaan en succes. :)
> > >
> > > Als je een kernel wilt compilen die de rx550 zou moeten ondersteunen
> is hier een handleiding; kies voor 4.12.14 (4.13 is momenteel nog instabiel
> ivm onbekend probleem): https://github.com/0spinboson/
> qubes-doc/blob/patch-1/managing-os/compiling-your-own-kernel.md
>
> I can confirm that I've seen issues with this particular motherboard too
> (AB350 Pro4 / with Ryzen 3).
>
> There is in particular issues with the BIOS version 4.6 which changes the
> whole PCI architecture (by the looks of it), and it messes everything up in
> Qubes so it can't even boot up (other versions were very, very faulty, but
> it did allow Qubes to boot somewhat okay though). So I had to move it back
> to BIOS version 4.40. as I didn't have enough time to try troubleshoot my
> friends machine at the time.
>
> One thing I need to still try, is to re-install Qubes after updating to
> BIOS 4.60, it seems like it might work considering how it changes the
> hardware layout between 4.40 and 4.60, so a clean install might do good and
> be what is needed, but it may not fix it still (remains to be tested).
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/to
> pic/qubes-users/LVcCcrUGBTU/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/qubes-users/2bcf5929-093e-4b0a-a3de-23ee3fb48c77%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAB3V1z%3DGXP7R69bRwC9v%3DBoaWx4xjQ2A_71wrRMJPNEFYO9STw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: AW: Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread 'MirrorWay' via qubes-users

First, grep through dmesg to look for errors related to probing for me or mei.

If you find some, then try blacklisting Intel ME-related kernel modules:
In /etc/modprobe.d, create a new file called e.g. blacklist-me.conf, and put in 
there

blacklist mei
blacklist mei_me

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/TQvUgxsBX6M2X0HYpy14l-AYRZvHpVBBYbdQ1R8hLI2d4TDDQk2h4xEEOoIVVac2gsLHcEr7ykJq_ahJmKnEtxngk66C7KChqU8ADIEOTec%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: AW: Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread 'MirrorWay' via qubes-users

Another coreboot-specific tweak - if you are using a SeaBIOS-generated vbios, 
it lacks some vbios functionality expected by some bootloaders, so you may want 
to set GRUB_TERMINAL_OUTPUT="console" (instead of gfxterm) in 
/etc/default/grub. [1]

[1]https://www.coreboot.org/SeaBIOS

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/vdCQI9ac8gkiZ7bVkxWGsA3RkZChmJl-vM2FP904E3J4W_QR0ycZXVSQLRaNnkbhCRaohzrYGIafoptXWgIVc4aiIjbb8KLxB0oxk5MJA9Q%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

2018-03-01 Thread chuckcage

Hi, all. I apologize in advance that I'm totally new to Qubes and somewhat new 
to the Linux environment in general. 

After following the Qubes documentation instructions to clone the stock 
Debian-8 TVM to Debian-9 and perform the upgrade to 9, I find that I can't 
resolve DNS in either Debian template. 

I'm running R3.2. 

Any help would be greatly appreciated. I've done a lot of searching and am 
stumped. :/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19691d51-cf9d-4450-8ea4-22123d9d86e6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: AW: Re: [qubes-users] Qubes 4 and coreboot

Hello,

 Original-Nachricht 
An 1. März 2018, 18:15, 'MirrorWay' via qubes-users schrieb:

> First, grep through dmesg to look for errors
> related to probing for me or mei.
> If you find some, then try blacklisting
> Intel ME-related kernel modules:
> In /etc/modprobe.d, create a new file called
> e.g. blacklist-me.conf, and put in there
> blacklist mei
> blacklist mei_me

Ok, I understand that you guys were speaking about blacklisting within the 
Operating System.
I thought that you are using a blacklist to do something to the Coreboot config.

Strangely my X230 has something like a 10sec delay, when I got the start button 
and I am running coreboot Bios.
After this delay the boot up is fast, no delay even without blacklisting 
something within the main OS.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KVIfgSJA9VMAtNJDAFFaWCZMHroFZOV14-HO_UdGC1YEqP9JlgHwDiRClcCvJePToxntMIbM-Yav1hY--f-y6JaSIykuucc_N-Vk3a2uZ94%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: split gpg failing after moving appvm from debian 8 to debian 9

2018-03-01 Thread cubit

19. Jan 2018 09:26 by cu...@tutanota.com:


> Hello qubes-users
>
> I am migrating all my AppVM from Debian 8 template to Debian 9 template  but 
> I am running into little problem with split GPG.
>
> Split GPG has been working on my computer okay with Debian 8 and two appVM;   
> "work" which has thunderbird and enigmail and "vault" which has my gpg keys.
>
> The issue seems to be if I set the vault to Debian 9,  my work appVM 
> complains that it can not find my private key.  Even though if I run 
> "qubes-gpg-client -K" on the work appVM it shows my keys.  Looking at an 
> encrypted email when "vault" appVM is not running will force it to be 
> started.   The problem exists if even I set work appVM to d8 or d9. Work 
> VM with Debian9  and vault VM with debian 8 works okay.
>
> I have gone over > https://www.qubes-os.org/doc/split-gpg>  to make sure 
> everything is set up correctly after template change and at each step it is.
>
> Can anyone know how to fix this?
>
>







Hello Qubes users,




I am still stuck with this problem of not being able to move from Debian8 to 
Debian9 for my split GPG. Is there anyone who know a way to do this or is 
just split key GPG in Debian 9 broken?







Cubit






-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L6Xoi57--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

On Thu, March 1, 2018 6:22 pm, chuckc...@gmail.com wrote:
> Hi, all. I apologize in advance that I'm totally new to Qubes and
> somewhat new to the Linux environment in general.
>
> After following the Qubes documentation instructions to clone the stock
> Debian-8 TVM to Debian-9 and perform the upgrade to 9, I find that I
> can't resolve DNS in either Debian template.
>
> I'm running R3.2.
>
>
> Any help would be greatly appreciated. I've done a lot of searching and
> am stumped. :/

You might just want to start with a fresh template instead of trying to
upgrade. If so, do "sudo qubes-dom0-update qubes-template-debian-9".

Ordinarily you don't access the network directly from your templates. You
use those templates to create AppVMs which do. Is that what you are doing?
If so, make sure your NetVM (Networking) is set to something in your
AppVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/897d3f1f514c8f0ecc8edf8a2508f5dd.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Howto: Enable WWAN (LTE Sierra EM7345) in Qubes OS (Howto install ModemManager in Qubes)

Hello,

have you tried this:

qvm-prefs usbVM -s pci_strictreset false

See also:
https://www.qubes-os.org/doc/assigning-devices/

[799]

Original-Nachricht
An 1. März 2018, 17:22, akiraloopback via qubes-users schrieb:

Thanks for this howto, Piit.

I am trying to get the build-in LTE card running on my ThinkPad T540p. Its a
Sierra Wireless USB connected card. I can identify the USB bus, it's the first
USB bus (Intel family xHCI rev 04), where the fingerprint reader and some other
internal stuff also is located.

When I attach this USB device to sys-net VM, this VM does not start any more,
however, but throws the error: "qubes sys-net modem VM: internal error: unable
to reset PCI device : no FLR, PM reset or bus reset available"

Rebooting the whole Qubes (3.2) doesn't help either.

Any ideas?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c6dcb667-815e-4efe-9a99-9e55f33ea833%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/XdnbaEMo-OmqYRMXAff5I9EH6F7hip4D4ALWKrTIr7J4gfbTSKZ3b3AkxFXaNxkcP6tIUrR375uYWWRgwrMshXdsBnfzqhl6GdFCf5Znc7Y%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

2018-03-01 Thread Chuck Cage

Maybe I'm misunderstanding the system. (Again, apologies!) I can start an
AppVM based on the debian-9 template and resolve. I can't start the
debian-9 TemplateVM and resolve, which is preventing me from installing
software to the template. Am I thinking incorrectly, re: how to make
modifications to my base debian-9 TemplateVM?

On Thu, Mar 1, 2018 at 12:39 PM 'awokd' via qubes-users <
qubes-users@googlegroups.com> wrote:

> On Thu, March 1, 2018 6:22 pm, chuckc...@gmail.com wrote:
> > Hi, all. I apologize in advance that I'm totally new to Qubes and
> > somewhat new to the Linux environment in general.
> >
> > After following the Qubes documentation instructions to clone the stock
> > Debian-8 TVM to Debian-9 and perform the upgrade to 9, I find that I
> > can't resolve DNS in either Debian template.
> >
> > I'm running R3.2.
> >
> >
> > Any help would be greatly appreciated. I've done a lot of searching and
> > am stumped. :/
>
> You might just want to start with a fresh template instead of trying to
> upgrade. If so, do "sudo qubes-dom0-update qubes-template-debian-9".
>
> Ordinarily you don't access the network directly from your templates. You
> use those templates to create AppVMs which do. Is that what you are doing?
> If so, make sure your NetVM (Networking) is set to something in your
> AppVM.
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "qubes-users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/qubes-users/KhkZNwTJdGs/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/897d3f1f514c8f0ecc8edf8a2508f5dd.squirrel%40tt3j2x4k5ycaa5zt.onion
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGLrJobP6N3oMh2P%2B9sdQRZL%2BTBt-EPOrJDV-fUt4hY7rFaGWg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

2018-03-01 Thread Chuck Cage

Ok, I think I understand after a little more reading. apt-get works. I need
to move some other files, and I now realize that I need to use an AppVM to
do that. Thanks for your reply and for helping someone who's trying like
hell to RTFM. :)

On Thu, Mar 1, 2018 at 12:44 PM Chuck Cage  wrote:

> Maybe I'm misunderstanding the system. (Again, apologies!) I can start an
> AppVM based on the debian-9 template and resolve. I can't start the
> debian-9 TemplateVM and resolve, which is preventing me from installing
> software to the template. Am I thinking incorrectly, re: how to make
> modifications to my base debian-9 TemplateVM?
>
> On Thu, Mar 1, 2018 at 12:39 PM 'awokd' via qubes-users <
> qubes-users@googlegroups.com> wrote:
>
>> On Thu, March 1, 2018 6:22 pm, chuckc...@gmail.com wrote:
>> > Hi, all. I apologize in advance that I'm totally new to Qubes and
>> > somewhat new to the Linux environment in general.
>> >
>> > After following the Qubes documentation instructions to clone the stock
>> > Debian-8 TVM to Debian-9 and perform the upgrade to 9, I find that I
>> > can't resolve DNS in either Debian template.
>> >
>> > I'm running R3.2.
>> >
>> >
>> > Any help would be greatly appreciated. I've done a lot of searching and
>> > am stumped. :/
>>
>> You might just want to start with a fresh template instead of trying to
>> upgrade. If so, do "sudo qubes-dom0-update qubes-template-debian-9".
>>
>> Ordinarily you don't access the network directly from your templates. You
>> use those templates to create AppVMs which do. Is that what you are doing?
>> If so, make sure your NetVM (Networking) is set to something in your
>> AppVM.
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "qubes-users" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/qubes-users/KhkZNwTJdGs/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> qubes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to qubes-users@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/qubes-users/897d3f1f514c8f0ecc8edf8a2508f5dd.squirrel%40tt3j2x4k5ycaa5zt.onion
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGLrJoZFo5yAsfU4Mx1AYa_fdEJ0hhOhRYiBqSHgTxXziAOZng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

On Thu, Mar 01, 2018 at 10:22:19AM -0800, chuckc...@gmail.com wrote:
> Hi, all. I apologize in advance that I'm totally new to Qubes and somewhat 
> new to the Linux environment in general. 
> 
> After following the Qubes documentation instructions to clone the stock 
> Debian-8 TVM to Debian-9 and perform the upgrade to 9, I find that I can't 
> resolve DNS in either Debian template. 
> 
> I'm running R3.2. 
> 
> Any help would be greatly appreciated. I've done a lot of searching and am 
> stumped. :/
> 

Welcome to Qubes.

By default templates are limited in what they can do.
In particular, they are restricted to accessing the updates proxy that
is running in an upstream netvm.
This means that you  can use tools like apt/dpkg etc but not
wget/curl/firefox etc. DNS wont work either.
You can read about this here:
https://www.qubes-os.org/doc/software-update-vm/

You should only allow networking to a template if it's essential - it
rarely is. This is because of a template is compromised then all qubes
that use it will be compromised. Don't take that risk.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180301185014.ztgpnnplvpr6hvxg%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] RDP or something like this to connect to a Dedicated Server?

Hello,

klausdiet...@mail2tor.com wrote:
> [...]
> i want to ask if there is a opportunity to
> connect to a Server (VPS / Dedi) with a
> programm like RDP on Qubes OS 3.2?

Have you looked at rdesktop or vinagre and remmina?

https://wiki.gnome.org/Apps/Vinagre
https://www.remmina.org/wp/

I can try to connect to our RDP servers later and keep you informed what works.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/hFF9x0JODlmBHGwipztWCC21CB9ead-jqmXsOMx1LMvCa49sPx-qtN3F95fcVIboa-kTaTAfwAPH_OZe6MRHCqrsynIn77AoAq38RzaBe3U%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

On Thu, March 1, 2018 6:48 pm, Chuck Cage wrote:
> Ok, I think I understand after a little more reading. apt-get works. I
> need to move some other files, and I now realize that I need to use an
> AppVM to
> do that. Thanks for your reply and for helping someone who's trying like
> hell to RTFM. :)

No trouble! Once you get the concepts down (and it sounds like you are),
you should get the hang of it pretty quickly. Even if Qubes provided no
security benefits (but it provides a lot), I'd still use it as my primary
desktop simply for the flexibility it provides.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dbca659b3a07135e43bdf187bfc5e9e6.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: split gpg failing after moving appvm from debian 8 to debian 9

On Thu, Mar 01, 2018 at 07:28:47PM +0100, cubit wrote:
> 19. Jan 2018 09:26 by cu...@tutanota.com:
> 
> 
> > Hello qubes-users
> >
> > I am migrating all my AppVM from Debian 8 template to Debian 9 template  
> > but I am running into little problem with split GPG.
> >
> > Split GPG has been working on my computer okay with Debian 8 and two appVM; 
> >   "work" which has thunderbird and enigmail and "vault" which has my gpg 
> > keys.
> >
> > The issue seems to be if I set the vault to Debian 9,  my work appVM 
> > complains that it can not find my private key.  Even though if I run 
> > "qubes-gpg-client -K" on the work appVM it shows my keys.  Looking at an 
> > encrypted email when "vault" appVM is not running will force it to be 
> > started.   The problem exists if even I set work appVM to d8 or d9. 
> > Work VM with Debian9  and vault VM with debian 8 works okay.
> >
> > I have gone over > https://www.qubes-os.org/doc/split-gpg>  to make sure 
> > everything is set up correctly after template change and at each step it is.
> >
> > Can anyone know how to fix this?
> >
> >
> 
> 
> 
> 
> 
> 
> 
> Hello Qubes users,
> 
> 
> 
> 
> I am still stuck with this problem of not being able to move from Debian8 to 
> Debian9 for my split GPG. Is there anyone who know a way to do this or is 
> just split key GPG in Debian 9 broken?
> 
> 
> 
> 
> 
> 
> 
> Cubit

It's not broken on debian-9.
How are you calling split-gpg in the work qube?
What is the exact error message?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180301193614.jja6dbccotzafkem%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

2018-03-01 Thread Chuck Cage

Indeed. I'm stumbling through configuring and testing everything on an
older laptop before making the leap to my current setup. Very excited both
about security and general usability. This really looks like the way
forward.

On Thu, Mar 1, 2018 at 1:08 PM awokd  wrote:

> On Thu, March 1, 2018 6:48 pm, Chuck Cage wrote:
> > Ok, I think I understand after a little more reading. apt-get works. I
> > need to move some other files, and I now realize that I need to use an
> > AppVM to
> > do that. Thanks for your reply and for helping someone who's trying like
> > hell to RTFM. :)
>
> No trouble! Once you get the concepts down (and it sounds like you are),
> you should get the hang of it pretty quickly. Even if Qubes provided no
> security benefits (but it provides a lot), I'd still use it as my primary
> desktop simply for the flexibility it provides.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGLrJoa5c%2B9y8AwK2%2BKeQPJkyNpGcX1rqLQ86f42taGWiLrULg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-01 Thread Alex Dubois

On Thursday, 1 March 2018 11:47:13 UTC, Yuraeitha  wrote:
> On Thursday, March 1, 2018 at 1:31:50 AM UTC+1, [799] wrote:
> > Hello Yuraeitha,
> > 
> > 
> >  Original-Nachricht 
> > An 28. Feb. 2018, 21:39, Yuraeitha schrieb:
> > 
> > > It seems from time to time that various
> > > people have shared a good unofficial script,
> > > guides and 'how to's', and even code, for
> > > Qubes related content, on their github page or
> > > similar. The problem however is that while
> > > shared, it isn't very visible, and even if they are
> > > from time to time mentioned in a mail thread,
> > > it quickly gets buried under many new mails.
> > 
> > I have recognized the same and was wondering already what could be the 
> > reason that people have written own small projects which I only knew of 
> > because following this mailing list.
> > Honestly I started the same, after coming up with the first draft of ma 
> > qvm-screenshot-to-clipboard script.
> > 
> > The main reason why I didn't upload it (yet) to Qubes docs:
> > 
> > 1) it is on a very early stage and while it is working I would feel a bit 
> > ashamed, as there is no error handling etc.
> > 
> > 2) I am unsure if the script is not only working but also "reasonable 
> > secure" to use
> > 
> > 3) I like the quality of the existing Qubes documentation, but it takes 
> > some time for a newbie user not only to write a good how-to but also 
> > include all  the valuable feedback or keep the discussion ongoing.
> > 
> > Maybe those are the reasons why others like to keep developing their stuff 
> > outside of the Qubes doc repository. Summarized:
> > 
> > 1. Scripts are not yet ready/to basic
> > 2. Unknown impact on security
> > 3. Not enough time to craft a quality "product"
> > 
> > > To solve an issue like this, it'd be helpful to
> > > have a place where we can keep track of
> > > everyone's projects which are shared for
> > > others to use. It may also be worth discussing
> > > on quality and security, and how we "censor"?
> > > bad scripts/guides/code. 
> > 
> > Yes, please! His could also be a good ressource to browse looking to 
> > fine-tune Qubes.
> > 
> > > It could be done in many various of different
> > > ways, which is also why I think it'd make
> > > sense to open a discussion on the matter, so
> > > we can find the most preferred method. First
> > > though, a location might be ideal starting
> > > place, where to keep everything updated? 
> > > (...)
> > > A https://www.qubes-os.org/doc/ page listing
> > > all the unofficial projects. The most simple
> > > and easy way. 
> > 
> > I like the idea having it available at GitHub as we can easily contribute 
> > to the code and GitHub has all the features to keep discussion ongoing etc.
> > It is also allows to keep a copy of the latest version of the scripts and 
> > people don't have to learn another tool when their code is ready to be 
> > released.
> > 
> > The bad thing:
> > If you're not a developer and have never worked with GitHub the learning 
> > curve might be high.
> > At least I had to click some time  arround to understand what is located 
> > where and how it is working.
> > 
> > > Generally the main concern is the visibility of
> > > the effort that the community puts in Qubes,
> > > from the bottom-up, often goes to waste and
> > > few people see's it. 
> > 
> > The other benefit is, that I learn a lot from reading other person's 
> > scripts and of course following the discussion.
> > 
> > Maybe some of the ideas there could also be mentioned in a maybe monthly 
> > blog post, so that new users can see that Qubes is a living project. 
> > 
> > I would call this site/place where all the ideas are summarize "Qubes 
> > Garden" or "Qubes Playground" :-)
> > 
> > [799]
> 
> @[799]
> I'm glad you feel the same way :) 
> If we imagine the github approach, any idea how we can keep an overview of 
> all projects? Maybe a Qubes doc? something else? Also true with github, it 
> was also a bit of a jungle for me the first time, and still is at times.
> 
> I like the off-site website approach too, I'm just worried that we're too few 
> people to do something like that :/
> 
> Maybe we could make a shared chat room of a sorts, to discuss 
> scripts/guides/etc. where everyone are welcome to join openly?

I think a Qubes Doc page listing the other projects in GitHub could be good.
It should not be too much work for the Qubes team to accept the pull request 
for updates to this page, which could be not too frequent. If they accept.

Other projects have an incubator section.

However, I think we need to spend a bit more time to try to add to this a bit 
of  structure so that:
- It drives merger of projects from community member to help one another when 
they want to achieve the same goal
- It drives projects to have a well defined small scope

Maybe have some forced phases "requirements definition", security/arch, minimum 
value product1 (1st dev iteration)...

-- 
You received thi

[qubes-users] Re: Qubes 4 and coreboot

2018-03-01 Thread Alex Dubois

On Thursday, 1 March 2018 07:30:29 UTC, Steven Sheffey  wrote:
> On Tuesday, February 27, 2018 at 3:42:07 PM UTC-6, qube...@go-bailey.com 
> wrote:
> > Do the Qubes devs recommend a specific payload to use with coreboot and 
> > Qubes 4?
> > 
> > For those who are using coreboot with the Qubes 4 release candidates, 
> > what payload are you using?
> > 
> > Have you run into any oddities with said payload detecting the install 
> > DVD or USB stick as well as with the subsequent installation?
> > 
> > I haven't been able to get coreboot with a petitboot payload working 
> > well with Qubes 4 thus far so am thinking of trying a different payload.
> > 
> > Thanks in advance.
> 
> I use Coreboot + SeaBIOS with Qubes 4, and it works perfectly on a Thinkpad 
> x230.

Any good how-to/doc you would recommend. I'm on a Lenovo T430 and might give 
coreboot a try...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a0135a6-bf03-4fd1-88a0-91e9e2c57703%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: split gpg failing after moving appvm from debian 8 to debian 9

2018-03-01 Thread cubit

1. Mar 2018 19:36 by un...@thirdeyesecurity.org:

> It's not broken on debian-9.
> How are you calling split-gpg in the work qube?
> What is the exact error message?




I had:




work qube as debian 8, changed template used to debian 9 and works ok.





vault qube as debian 8 but when I try change the template to debian 9, work 
template can no longer find private keys.    The work quebe will start the 
vault qube when encrypted email is looked at so it appears they are talking ok.





- In work qube I am using Thunderbird + enigmail

- enigmail is configured to use "/usr/bin/qubes-gpg-client-wrapper"

- in work qube terminal  "qubes-gpg-client -k" returns all my keys




The only thing changing is the template for vault qube.




Cubit










-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L6Y7HBs--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: split gpg failing after moving appvm from debian 8 to debian 9

On Thu, Mar 01, 2018 at 08:54:16PM +0100, cubit wrote:
> 1. Mar 2018 19:36 by un...@thirdeyesecurity.org:
> 
> > It's not broken on debian-9.
> > How are you calling split-gpg in the work qube?
> > What is the exact error message?
> 
> 
> 
> 
> I had:
> 
> 
> work qube as debian 8, changed template used to debian 9 and works ok.
> 
> vault qube as debian 8 but when I try change the template to debian 9, work 
> template can no longer find private keys.    The work quebe will start the 
> vault qube when encrypted email is looked at so it appears they are talking 
> ok.
> 
> - In work qube I am using Thunderbird + enigmail
> 
> - enigmail is configured to use "/usr/bin/qubes-gpg-client-wrapper"
> 
> - in work qube terminal  "qubes-gpg-client -k" returns all my keys
> 
> The only thing changing is the template for vault qube.
> 
> Cubit
Which Qubes version are you using?
Do you get the Gpg dialog popup?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180301200110.ip2ka7ug3z7ehiep%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 and coreboot

2018-03-01 Thread stevensheffey4

On Thursday, March 1, 2018 at 1:51:04 PM UTC-6, Alex Dubois wrote:
> On Thursday, 1 March 2018 07:30:29 UTC, Steven Sheffey  wrote:
> > On Tuesday, February 27, 2018 at 3:42:07 PM UTC-6, qube...@go-bailey.com 
> > wrote:
> > > Do the Qubes devs recommend a specific payload to use with coreboot and 
> > > Qubes 4?
> > > 
> > > For those who are using coreboot with the Qubes 4 release candidates, 
> > > what payload are you using?
> > > 
> > > Have you run into any oddities with said payload detecting the install 
> > > DVD or USB stick as well as with the subsequent installation?
> > > 
> > > I haven't been able to get coreboot with a petitboot payload working 
> > > well with Qubes 4 thus far so am thinking of trying a different payload.
> > > 
> > > Thanks in advance.
> > 
> > I use Coreboot + SeaBIOS with Qubes 4, and it works perfectly on a Thinkpad 
> > x230.
> 
> Any good how-to/doc you would recommend. I'm on a Lenovo T430 and might give 
> coreboot a try...

Here are some of the guides I used. They're for the x230, but the x230 is 
similar enough to the t430 that a lot of stuff should be the same or similar. 
YMMV, though, as I'm currently struggling to get coreboot working on my T530


A video fully explaining coreboot for an x230:
https://vimeo.com/177951809

The coreboot wiki is the best resource, though it seems to be down as of this 
post.
https://www.coreboot.org/Board:lenovo/x230

This guide looks fairly informative for the T430:
https://github.com/sellerie98/Coreboot-ThinkPad-T430/wiki/Procedure


I strongly recommend buying a CH341A, some short jumper wires, and a pomona 
SOIC8 (5250) clip for this. A raspberry pi will work for flashing, but in my 
experience it is slow, and in some cases very unreliable, which could mean the 
difference between a laptop and a brick.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fd9879b-ba96-4937-97c1-1397a7074e2c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: split gpg failing after moving appvm from debian 8 to debian 9

2018-03-01 Thread cubit

1. Mar 2018 20:01 by un...@thirdeyesecurity.org:


> Which Qubes version are you using?
> Do you get the Gpg dialog popup?

 




Qubes 3.2 with all templates and dom0 updated as of today.   Yes I get pop up 
asking do I want to give access to keys for the time period defined by 
QUBES_GPG_AUTOACCEPT in .bash_profile in work qube (if vault qube is not 
running it will be started).  I say yes to this and it just errors with 





"Error - no matching private/secret key found to decrypt message; click on 
details button for more information"





Clicking on the details button in thunderbird, shows that the message is 
encrypted to my key




gpg key is a master / sub key set up with the master private key offline if 
that makes any difference.















-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L6YBmpy--B-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Noob issues with DNS Failure in Debian-8 and Debian-9 after creating upgrade TemplateVM

2018-03-01 Thread Qubed One

chuckc...@gmail.com:
> Hi, all. I apologize in advance that I'm totally new to Qubes and somewhat 
> new to the Linux environment in general. 


You do not need to apologize! No one is born knowing all these things.
You just simply need to have a willingness to learn, that's it. Don't
hesitate to continue asking questions as needed, and to echo Unman, welcome!


> After following the Qubes documentation instructions to clone the stock 
> Debian-8 TVM to Debian-9 and perform the upgrade to 9, I find that I can't 
> resolve DNS in either Debian template. 
> 
> I'm running R3.2. 
> 
> Any help would be greatly appreciated. I've done a lot of searching and am 
> stumped. :/
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0eefd45a-0481-7ae5-7bfc-8233ce20c80a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] bash autocomplete

2018-03-01 Thread haaber

Since Q4 much admin work is done on the command line. So it makes sense
to learn bash to autocomplete nicely. I tried this in dom0:

_qvm()
{   local cur VMS
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=`qvm-ls | cut -f1 -d" "| grep -v NAME`
COMPREPLY=( $(compgen -W "${APPVMS}"  ${cur}) )
return 0
}
complete -F _qvm   qvm-start


in order to type qvm-start [TAB] and get the list of available VMS. But
this does not work, even if, type in line by line a terminal the two
commands (qvm-ls and compgen)  do work ! Is there some bash-guru that
sees the error and helps me, please? I guess its the damn pipes!
Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7892a033-9483-40ec-5b75-01f52a82e609%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4 and coreboot

If your having iasues installing via petitboot here is a link to ibms specific 
instructions for petitboot and fedora redhat as well

https://www.ibm.com/support/knowledgecenter/en/linuxonibm/liabw/liabwinstallusb.htm

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64a1a8e6-3433-4c9b-b29a-78ed664562c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] bash autocomplete

2018-03-01 Thread haaber

> Since Q4 much admin work is done on the command line. So it makes sense
> to learn bash to autocomplete nicely. I tried this in dom0:
> 
> _qvm()
> {   local cur VMS
> COMPREPLY=()
> cur="${COMP_WORDS[COMP_CWORD]}"
> VMS=`qvm-ls | cut -f1 -d" "| grep -v NAME`
> COMPREPLY=( $(compgen -W "${VMS}"  ${cur}) )
> return 0
> }
> complete -F _qvm   qvm-start
> 

there was a small type (APPVMS <-> VMS) that is not the real problem
here. I corrected it above inside the quote.  Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/941eb210-6999-7ca5-199f-d71524fba360%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dom0 connectivity for maintenance

Day use for basic tasks sure mission critical no way.  IMO all one has to do is 
look at the hundreds of posts about issues not to mention if it was ready or 
close to it we would not be getting a 4.0 release canidate 5.  4.0 was such a 
change IMO its expected to have the need for this extra smoothing out of the 
code.

I guess its also perspective. Some people mission critcal can mean emails to 
there grandma others school work other where peoples lives and well being are 
on the line.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f4bfd32-9a8a-4e83-a382-14e57bf2ec54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Dom0 connectivity for maintenance

2018-03-01 Thread Alex Dubois

On Wednesday, 28 February 2018 17:59:09 UTC, awokd  wrote:
> On Wed, February 28, 2018 5:53 pm, Unman wrote:
> 
> >
> > By design dom0 has no networking.
> > If you MUST break Qubes , and you cant use the admin features in 4.0
> > (see my last post),then you'll have to use some service to pass data in
> > and out of dom0 WITHOUT networking.
> 
> Another option for remote access might be a TCP/IP based hardware KVM, or
> equivalent built in to your computer already like IPMI or DRAC. Obviously,
> Qubes can't provide any security beyond a screensaver password from an
> attack using those.

This could be useful: https://www.qubes-os.org/doc/safe-remote-ttys/

only tty...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e73d22a-cd6d-4d86-9ddd-bb1740e09aaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Little pb to understand how to add a FW rule on my proxyVM

2018-03-01 Thread Chris Laprise


On 03/01/2018 08:32 AM, ThierryIT wrote:

Le jeudi 1 mars 2018 12:29:30 UTC+2, Chris Laprise a écrit :



Note that the second link below is easy to setup and the 'qubes-vpn-ns'
script accepts DHCP-generated variables from openvpn and automatically
uses them to setup dnat.


[1] https://www.qubes-os.org/doc/vpn/
[2] https://github.com/tasket/Qubes-vpn-support/tree/qubes4

--


Thx ... I am going to do my homework now :)



Today's update of Qubes-vpn-support now handles DNS similar to what 
you're describing: All DNS requests are redirected to the VPN DNS, but 
still allowing for use of a secondary VPN DNS address if one is provided 
(e.g. the last pair of rules do not use -d).


If you decide to use it you may not have to research any further.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84f88933-a4f3-2517-09e9-2d15ba034e34%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qrexec demon fails to load any VM when I attach any device

2018-03-01 Thread Allen Larocque

Hi Yuraeitha,
Thanks for your continued help!

Ah, I think there is a misunderstanding: there is no USB soundcard as far as I 
understand it; only what is on the mainboard. So there should only be one 
soundcard.

I am currently running a sys-usb VM however!

Under DOM0 pauvaudio volume control, under the 'output devices' tab, there is 
no 'hardware' devices listed, only the 'simultaneous output' virtual device. 
The virtual device however is still showing fluctuating volume bar, so it's 
'hearing' things correctly.

Strangely too, now my headphones don't seem to work (they did previously).
Cheers,
- A 



On Wednesday, 28 February 2018 11:28:49 UTC-8, Yuraeitha  wrote:
> On Tuesday, February 27, 2018 at 7:55:09 PM UTC+1, Allen Larocque wrote:
> > Thanks for the help.
> > 
> > The intel audio pci device is indeed listed in the qvm-pci list, and the 
> > pulseaudio manager is 'connected', However, under 'devices' there's nothing 
> > about the intel device - just 'combined monitor' as the source
> > 
> > 
> > On Tuesday, 27 February 2018 10:09:37 UTC-8, Yuraeitha  wrote:
> > > On Tuesday, February 27, 2018 at 6:58:11 PM UTC+1, Allen Larocque wrote:
> > > > Thanks Yuraeitha for the thoughtful reply!
> > > > 
> > > > Hm. It doesn't seem to work in the other templates. I think it is a 
> > > > driver issue. I've tried volume etc.; and switching through the 
> > > > pulseaudio menus shows only 'simultaneous output' devices (which DO 
> > > > have actively fluctuating 'volume bars' when playback is happening!). 
> > > > Under 'config' there is 'no sound cards available for configuration'. 
> > > > I've been trying some things and let me try to clarify:
> > > > 
> > > > 'lspci' lists '00:1b:0 Audio device: Intel Corporation 7 Serices/c210 
> > > > Series Chipset Family High Definition Audio Controller (rev04)'
> > > > I interpret that as the audio card being on the chipset (hence 'plugged 
> > > > in' automatically).
> > > > 
> > > > 'aplay -l' however lists "no soundcards found". So alsa doesn't see it?
> > > > 
> > > > Alsa is a deeper level than pulseaudio generally, right? So if alsa 
> > > > doesn't see it then it makes sense that pulseaudio doesn't either.
> > > > 
> > > > So: how to get alsa/pulseaudio to see it?
> > > > 
> > > > Thanks again for the gracious help!
> > > > - Allen
> > > > 
> > > > On Tuesday, 27 February 2018 04:16:15 UTC-8, Yuraeitha  wrote:
> > > > > On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque 
> > > > > wrote:
> > > > > > Hi Qubes,
> > > > > > First time installer here, trying to get my sound to work. 
> > > > > > Strangely, speakers are broken, but headphones work fine.
> > > > > > 
> > > > > > Anytime I move my sound device from 'available' to 'selected' in a 
> > > > > > given VM, the VM won't load and I get the 'qeexec demon' error. 
> > > > > > Same thing when I move various other devices over (tested with USB 
> > > > > > ones). I should need the audio device moved over in order for it to 
> > > > > > work in a given VM, right?
> > > > > > 
> > > > > > Any thoughts? Running 3.2 on a Zenbook UX31A.
> > > > > > 
> > > > > > Thanks,
> > > > > > Allen
> > > > > 
> > > > > Also if you moved the soundcard to a direct pass-through, and the 
> > > > > soundcard hardware does not support the PCI pass-through feature. 
> > > > > Then you need to make a full restart of Qubes OS (fully power down 
> > > > > power in order to clean hardware memory). This is due to security 
> > > > > reasons. If this is hitting you, then you may want to first undo the 
> > > > > pass-through you made of your soundcard, and then make a full restart 
> > > > > before trying the above suggestions.
> > > 
> > > np's :)
> > > 
> > > Try compare "qvm-pci list" with lspci, it's the same list, but it'll show 
> > > you if the Qubes tools register the sound card. Also try look in the 
> > > Qubes menu --> Systems Tools --> Pulseaudio Manager. See if the sound 
> > > server is connected or disconnected here.
> > > 
> > > I can't write much more right now as I'm on the road and need to close 
> > > the lid and move now, but checking these might get us a little closer 
> > > with more information.
> > > 
> > > I can confirm I see my own soundcards with "aplay -l", so this command 
> > > should indeed be working in Qubes it seems?
> > > 
> > > It sounds like a problem that is out of my league though, but I'll try to 
> > > help where I can.
> 
> I apologies for the delay. I divided this post into two sections, one if you 
> got USB controller in dom0, and the other if you got the USB controller in an 
> AppVM. You'll need the link if you got your USB controller anywhere else but 
> your dom0. If you got a sys-usb, then your USB controller is likely tied to 
> that VM. If you don't have a sys-usb, and you didn't move the USB controller 
> yourself, then the USB controller is still likely tied to dom0. The Qubes 
> installer can automatically make a sys-usb at first system boot, but it won't 
> always

[qubes-users] fw for network printer setup

2018-03-01 Thread yrebstv

per the network printing docs it says to :



"Open an AppVM (make sure it’s based on the template where you just
installed the printer, normally all AppVMs are based on the default
template), and test if printing works. If it doesn’t then probably the
AppVM doesn’t have networking access to the printer – in that case
adjust the firewall settings for that AppVM in Qubes Manager."


How exactly do I do this ?  in 3.2  use the tab for firewall in the VM
manager , hit the + sign and choose  ? "any" and  what IP  ? neither the
GW nor the AppVM IP  seems to work 

I did install the driver in a cloned template VM  but it wouldn't print
from there , and I gave up ,  I also couldn't get anything to print 
from my  xubuntu  HVM 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08f016e064f69ca711d9f20b5a05a8fa%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread qubes-os


Thanks all for the additional feedback about working payloads.

Tim, thanks. I used some similar guides to try some different configs 
when I was attempting with petitboot. As best I could tell the issue 
wasn't so much with fedora per se but with getting it to boot with 
fedora and xen. I was able to get it to boot partially but never all the 
way through.


Based on the comments in this thread though, am going to try SeaBIOS.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89ef0944-e6d5-f049-f6c4-39d9eb49c5f8%40go-bailey.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Connect to MS Exchange under Qubes with Davmail (Was: For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up)

Hello,

As my company is using Microsoft Exchange without enabling remote access per
IMAP I had to work with the Outlook Web Access (OWA) Interface.
But this is only a workarround as I can't access offline emails etc.

I found a solution which provides an Gateway between exchange and your favorite
Linux apps for mail/calendar: Davmail.

I got email and also calendar running and wrote a "quick'n dirty" how-to which
I would like to see improved.

https://github.com/QubesOS/qubes-doc/pull/608

Currently it covers only mailpart (reading Exchange emails with Thunderbird
and/or neomutt).
Reading my exchange mails with neomutt is fun.
Of course it will also work with Evolution.

Regarding calendar entries which is also very important as all my colleagues
are using Exchange:

I was able to sync evolution with the exchange calendar. I can create new
entries in evolution which are synced back to the exchange calendar. Great!
But I can't delete calendar entries from evolution. If I delete an calendar
entry on my phone or my corporate Outlook it will also be removed in the
evolution.

In Thunderbirds Lightning I was able also able to sync my Exchange calendar,
but as soon as I open a calendar entry I get an error message.

Thereof I have to troubleshoot this, having email AND calendar (connected to
Microsoft Exchange) working natively in Qubes would be a major Improvement to
productivity.

@yuaeitha:
This quick'n dirty how-to is a good example why your idea sharing scripts and
howtos is great.
It is far away from being a qualified how-to, still it might be of use for
someone who is trying to connect to their exchange server from within Qubes.

Thereof I have created a new document on the qubes-docs, so that other can see
it.

Still, I think a newbie user will not find this, as they will look in the Qubes
docs pages on the Qubes website and not within GitHub.
At least I wasn't doing it since a few weeks ago...

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/SfD1rh5hPyXhJ4G2a40m5rPm7dxGLMVoY2PXbJAzUgxuhtZ893vTL7ymahlIMLJSOLMgGOhETiBMLWgauNy5fdNaVSWAzyYMoph6BvEYkQQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

On Fri, March 2, 2018 12:20 am, yreb...@riseup.net wrote:
> per the network printing docs it says to :
>
>
>
> "Open an AppVM (make sure it’s based on the template where you just
> installed the printer, normally all AppVMs are based on the default
> template), and test if printing works. If it doesn’t then probably the
> AppVM doesn’t have networking access to the printer – in that case
> adjust the firewall settings for that AppVM in Qubes Manager."

To break it down:
1. Install printer into cloned template, using its network IP
2. Shutdown template
3. Start AppVM based on the cloned template

If your AppVM is on sys-firewall with no custom firewall rules, you
shouldn't have to add the printer's IP anywhere (except possibly within
the AppVM) when you print for the first time.

> I also couldn't get anything to print from my
> xubuntu  HVM

Are you sure the printer is on the network and Linux compatible?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03e19f13b00b416647d636dea88a3238.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

2018-03-01 Thread Qubed One

yreb...@riseup.net:
> per the network printing docs it says to :
> 
> 
> 
> "Open an AppVM (make sure it’s based on the template where you just
> installed the printer, normally all AppVMs are based on the default
> template), and test if printing works. If it doesn’t then probably the
> AppVM doesn’t have networking access to the printer – in that case
> adjust the firewall settings for that AppVM in Qubes Manager."
> 
> 
> How exactly do I do this ?  in 3.2  use the tab for firewall in the VM
> manager , hit the + sign and choose  ? "any" and  what IP  ? neither the
> GW nor the AppVM IP  seems to work 
> 
> I did install the driver in a cloned template VM  but it wouldn't print
> from there , and I gave up ,  I also couldn't get anything to print 
> from my  xubuntu  HVM 


You're halfway there.

It wouldn't print from the template because the templates don't normally
have network access. See here:

https://www.qubes-os.org/doc/software-update-vm/

Network printing can be done multiple ways, so it depends on your setup.
For example, if you only want to print from a certain appvm, you would
choose "Deny all except...", then add a firewall rule in the firewall
tab to allow access to the IP of your printer. Assigning a static IP to
the printer will make things much easier (which would be done on the
printer itself if you're not sure).

Alternatively, if you're trying to both print from a certain appvm and
access the internet from that same appvm, you would choose "Allow all
except..." and then simply make sure that the appvm in question is not
behind a vpn or tor. No specific firewall rules for the printer would be
needed in this case.

Using a xubuntu HVM might be a little trickier, but if it already has
networking set up, the same concepts would apply.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c4cc164-5271-8f10-3725-e7c9d251a8d2%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qrexec demon fails to load any VM when I attach any device

2018-03-01 Thread Marek Marczykowski-Górecki

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

> > > > > > On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen Larocque 
> > > > > > wrote:
> > > > > > > Hi Qubes,
> > > > > > > First time installer here, trying to get my sound to work. 
> > > > > > > Strangely, speakers are broken, but headphones work fine.
> > > > > > > 
> > > > > > > Anytime I move my sound device from 'available' to 'selected' in 
> > > > > > > a given VM, the VM won't load and I get the 'qeexec demon' error. 
> > > > > > > Same thing when I move various other devices over (tested with 
> > > > > > > USB ones). I should need the audio device moved over in order for 
> > > > > > > it to work in a given VM, right?
> > > > > > > 
> > > > > > > Any thoughts? Running 3.2 on a Zenbook UX31A.

On Thu, Mar 01, 2018 at 03:31:22PM -0800, Allen Larocque wrote:
> Hi Yuraeitha,
> Thanks for your continued help!
> 
> Ah, I think there is a misunderstanding: there is no USB soundcard as far as 
> I understand it; only what is on the mainboard. So there should only be one 
> soundcard.
> 
> I am currently running a sys-usb VM however!
> 
> Under DOM0 pauvaudio volume control, under the 'output devices' tab, there is 
> no 'hardware' devices listed, only the 'simultaneous output' virtual device. 
> The virtual device however is still showing fluctuating volume bar, so it's 
> 'hearing' things correctly.
> 
> Strangely too, now my headphones don't seem to work (they did previously).

Generally you shouldn't need to attach sound card to specific VM -
that's what "devices" tab in VM settings is. If you do that, only that
VM will have access to it and none of others.

What should should do instead, is to leave sound card in dom0 (unassign
from any VM you've assigned to - see qvm-pci list output), then you need
to reboot to get dom0 driver attached to the device. After this,
headphones should work again.

Then, lets debug speakers issue - open pulseaudio volume control - now
you should have 'Output Devices' and 'Configuration' tabs. In both of
them you'll see settings related to what output should be used - try
changing it there.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqYvuoACgkQ24/THMrX
1ywAyAf/Q2s3oe/pmBIFBWDPphvErTY9hYjMGN8wXIcDIEqfPcB7mxk2rzrL67x3
ZgPoviJVT0QW0yr/ZtdBnGZtK/Z9J/0/3cdEqpJekvazZL0mYz5k8PmCQaaeP7yL
gGrHw7e30M+AZvA/AW5fQkGkEaJUizSdP1GgDe2FpMtkj7v3dbvCPpLTse6csd6r
JJNBXxEkoD3PdNaCJGrDm65iNW1GJy/pSrbVeUBKouFSZUPcpVhYfUpKgA/Y+xR0
xmub02qCMcT/qp2a5wRbIYZ8zTVPHq2eFCs0wcAZpsT83uG3lunrAtr2fCjPMiO3
VC3PIbai+zJ0bC6dYPmCHKANI5nY7A==
=v5Nw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302030241.GA8712%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

On Thursday, March 1, 2018 at 8:48:35 PM UTC+1, Alex Dubois wrote:
> On Thursday, 1 March 2018 11:47:13 UTC, Yuraeitha  wrote:
> > On Thursday, March 1, 2018 at 1:31:50 AM UTC+1, [799] wrote:
> > > Hello Yuraeitha,
> > > 
> > > 
> > >  Original-Nachricht 
> > > An 28. Feb. 2018, 21:39, Yuraeitha schrieb:
> > > 
> > > > It seems from time to time that various
> > > > people have shared a good unofficial script,
> > > > guides and 'how to's', and even code, for
> > > > Qubes related content, on their github page or
> > > > similar. The problem however is that while
> > > > shared, it isn't very visible, and even if they are
> > > > from time to time mentioned in a mail thread,
> > > > it quickly gets buried under many new mails.
> > > 
> > > I have recognized the same and was wondering already what could be the 
> > > reason that people have written own small projects which I only knew of 
> > > because following this mailing list.
> > > Honestly I started the same, after coming up with the first draft of ma 
> > > qvm-screenshot-to-clipboard script.
> > > 
> > > The main reason why I didn't upload it (yet) to Qubes docs:
> > > 
> > > 1) it is on a very early stage and while it is working I would feel a bit 
> > > ashamed, as there is no error handling etc.
> > > 
> > > 2) I am unsure if the script is not only working but also "reasonable 
> > > secure" to use
> > > 
> > > 3) I like the quality of the existing Qubes documentation, but it takes 
> > > some time for a newbie user not only to write a good how-to but also 
> > > include all  the valuable feedback or keep the discussion ongoing.
> > > 
> > > Maybe those are the reasons why others like to keep developing their 
> > > stuff outside of the Qubes doc repository. Summarized:
> > > 
> > > 1. Scripts are not yet ready/to basic
> > > 2. Unknown impact on security
> > > 3. Not enough time to craft a quality "product"
> > > 
> > > > To solve an issue like this, it'd be helpful to
> > > > have a place where we can keep track of
> > > > everyone's projects which are shared for
> > > > others to use. It may also be worth discussing
> > > > on quality and security, and how we "censor"?
> > > > bad scripts/guides/code. 
> > > 
> > > Yes, please! His could also be a good ressource to browse looking to 
> > > fine-tune Qubes.
> > > 
> > > > It could be done in many various of different
> > > > ways, which is also why I think it'd make
> > > > sense to open a discussion on the matter, so
> > > > we can find the most preferred method. First
> > > > though, a location might be ideal starting
> > > > place, where to keep everything updated? 
> > > > (...)
> > > > A https://www.qubes-os.org/doc/ page listing
> > > > all the unofficial projects. The most simple
> > > > and easy way. 
> > > 
> > > I like the idea having it available at GitHub as we can easily contribute 
> > > to the code and GitHub has all the features to keep discussion ongoing 
> > > etc.
> > > It is also allows to keep a copy of the latest version of the scripts and 
> > > people don't have to learn another tool when their code is ready to be 
> > > released.
> > > 
> > > The bad thing:
> > > If you're not a developer and have never worked with GitHub the learning 
> > > curve might be high.
> > > At least I had to click some time  arround to understand what is located 
> > > where and how it is working.
> > > 
> > > > Generally the main concern is the visibility of
> > > > the effort that the community puts in Qubes,
> > > > from the bottom-up, often goes to waste and
> > > > few people see's it. 
> > > 
> > > The other benefit is, that I learn a lot from reading other person's 
> > > scripts and of course following the discussion.
> > > 
> > > Maybe some of the ideas there could also be mentioned in a maybe monthly 
> > > blog post, so that new users can see that Qubes is a living project. 
> > > 
> > > I would call this site/place where all the ideas are summarize "Qubes 
> > > Garden" or "Qubes Playground" :-)
> > > 
> > > [799]
> > 
> > @[799]
> > I'm glad you feel the same way :) 
> > If we imagine the github approach, any idea how we can keep an overview of 
> > all projects? Maybe a Qubes doc? something else? Also true with github, it 
> > was also a bit of a jungle for me the first time, and still is at times.
> > 
> > I like the off-site website approach too, I'm just worried that we're too 
> > few people to do something like that :/
> > 
> > Maybe we could make a shared chat room of a sorts, to discuss 
> > scripts/guides/etc. where everyone are welcome to join openly?
> 
> I think a Qubes Doc page listing the other projects in GitHub could be good.
> It should not be too much work for the Qubes team to accept the pull request 
> for updates to this page, which could be not too frequent. If they accept.
> 
> Other projects have an incubator section.
> 
> However, I think we need to spend a bit more time to try to add to this a bit 
> of  structure so that:
> - It drives m

Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-01 Thread Andrew David Wong

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-03-01 05:39, Yuraeitha wrote:
> On Thursday, March 1, 2018 at 11:53:19 AM UTC+1, Laszlo Zrubecz wrote:
> On 02/28/2018 09:39 PM, Yuraeitha wrote:

 It seems from time to time that various people have shared a good
 unofficial script, guides and 'how to's', and even code, for Qubes
 related content, on their github page or similar. The problem
 however is that while shared, it isn't very visible, and even if
 they are from time to time mentioned in a mail thread, it quickly
 gets buried under many new mails. It often isn't feasible to use
 the search engine to find these either.

 Of course everything could be put into the Qubes doc page. But
 first, it's getting pretty large and cluttered and will probably
 only grow bigger. Second, the Qubes doc page does not show on-going
 and un-finished work. The strength of seeing unfinished projects,
 is that we can help each others finish and test them. Scrutinize
 them for security issues and reliability issues, before they are
 considered for the Qubes doc page.

 To solve an issue like this, it'd be helpful to have a place where
 we can keep track of everyone's projects which are shared for
 others to use. It may also be worth discussing on quality and
 security, and how we "censor"? bad scripts/guides/code. It could be
 done in many various of different ways, which is also why I think
 it'd make sense to open a discussion on the matter, so we can find
 the most preferred method. First though, a location might be ideal
 starting place, where to keep everything updated?

 Initial thoughts - A https://www.qubes-os.org/doc/ page listing all
 the unofficial projects. The most simple and easy way.
> 
> Have you seen this page:
> https://www.qubes-os.org/qubes-issues/
> 
> 
> 
> 
> @Laszlo
> I was indeed not aware of that page, it's pretty similar to the initial 
> suggestion up above. (Thanks for linking it!). But there is a very crucial 
> difference I think, it appears much more top-down focused than bottom-up, and 
> also not focused on more every-day kind of issues. It's more focussed on 
> directly Qubes related issues, and not so much issues which can make Qubes 
> easier to use, more mundane things, and other things which might be very 
> important to some people, but not everyone. It also has a single developer 
> mindset, rather than inspiring people in the community to work together to 
> archive a common goal. So it's both very similar, but also very different at 
> the same time. 
> 
> I agree it should still be possible to block dangerous or out-dated 
> guides/scripts/etc., that's my opinion/view as well. But what is sought here 
> is also a method not to exclude people who try to start something (many 
> people have creative ideas, but are unable to carry it out or finish it 
> themselves, and it disappears). Something can be started up, and then later 
> need/seek help from others in the community to help finish it. Have critical 
> eyes on the work from others, which might also make people more daring to do 
> something, which may not be bashful, but a friendly community to solve issues 
> in development, in a similar way how we solve personal issues in these mail 
> threads. It can be much more risky for an individual to try build something 
> alone, and then stick ones head out, than it is if the process is transparent 
> and everyone can see how it works. Not everyone is willing to face such a 
> risk, even if they got the skills to finish it themselves.
> 
> There is at least a good handful, if not 10 or so people around in these 
> forums, who try to do something like this, but everyone are working alone. 
> There are skill sets on vastly different degrees and types, but everyone 
> doesn't need to have the same skills to be useful. A good example are Artists 
> who can make artwork for Qubes content, or editors/writers/guide-makers whom 
> usually would not write to a Qubes doc page, due to already mentioned 
> reasons, or other reasons, it could be lack of time, or because the Qubes 
> docs seem too official. I would make a guess here, that few people would want 
> to post anything to a Qubes doc page if they didn't finish it up and make it 
> pretty decent quality, before posting it. But that won't happen if low 
> confidence/unfinished/lack-skillsets-and-need-to-work-with-others-to-finish-it/too-official/feels-like-it-must-be-finished-in-high-quality-when-uploaded.
> 
> I get there is a quality problem with something like this, but that's also 
> meant to be part of the discussion, as how to solve something like that. 
> Should there be someone to edit the content, so one one runs a dangerous or 
> unfinished script by mistake, etc.
> 

Yuraeitha, it's clear that you're motivated by a strong desire to help
other users and improve the community over all. I greatly appreciate
th

[qubes-users] Migrating to second hard drive

2018-03-01 Thread Glen H

Hi,

My primary SSD is out of space and I have a second hard drive.  I've formatted 
it but not sure how to migrate my cubes to it.  Does anyone have any 
instructions for doing this?  

Ideally, I'd boot from my new hard drive and use original one to store my 
backups of my qubes.

Thanks,

Glen

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0dc3ad33-bd6d-4852-a86c-3b9357191439%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Migrating to second hard drive

2018-03-01 Thread Glen H

On Thursday, March 1, 2018 at 10:37:26 PM UTC-5, Glen H wrote:
> Hi,
> 
> My primary SSD is out of space and I have a second hard drive.  I've 
> formatted it but not sure how to migrate my cubes to it.  Does anyone have 
> any instructions for doing this?  
> 
> Ideally, I'd boot from my new hard drive and use original one to store my 
> backups of my qubes.
> 
> Thanks,
> 
> Glen

I forgot to mention that I'm on Qubes 4 and I'm pretty knowledgeable about 
Linux.

Glen

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dd0b0c83-9628-464a-963f-ff66f3234681%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes R3.2 Failed to Load Kernel Modules

2018-03-01 Thread alternategems

I have the same issue, except Qubes fails to install on my Dell Latitude E6410. 
 This was the second machine I was unable to install Qubes on, and this one I 
purchased specifically because I saw it on the Hardware Compatibility List.  My 
system also presumably met the core requirements on site.  I get stuck at 
sys-net in the latter part of installation process post-GRUB.  
systemd-modules-load.service will not load in recovery mode.  Machine is a Dell 
Latitude E6410, Core i5 2.4ghz, 4 GB DDR3 ram.  If Qubes worked I would love to 
join the community, right now seems it's still in alpha stages.  Help would 
surely be appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c410b9d-f001-4a93-92b4-03dc63b9d034%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: qrexec demon fails to load any VM when I attach any device

2018-03-01 Thread Allen Larocque

On Thursday, 1 March 2018 19:04:01 UTC-8, Marek Marczykowski-Górecki  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> > > > > > > On Tuesday, February 27, 2018 at 10:42:30 AM UTC+1, Allen 
> > > > > > > Larocque wrote:
> > > > > > > > Hi Qubes,
> > > > > > > > First time installer here, trying to get my sound to work. 
> > > > > > > > Strangely, speakers are broken, but headphones work fine.
> > > > > > > > 
> > > > > > > > Anytime I move my sound device from 'available' to 'selected' 
> > > > > > > > in a given VM, the VM won't load and I get the 'qeexec demon' 
> > > > > > > > error. Same thing when I move various other devices over 
> > > > > > > > (tested with USB ones). I should need the audio device moved 
> > > > > > > > over in order for it to work in a given VM, right?
> > > > > > > > 
> > > > > > > > Any thoughts? Running 3.2 on a Zenbook UX31A.
> 
> On Thu, Mar 01, 2018 at 03:31:22PM -0800, Allen Larocque wrote:
> > Hi Yuraeitha,
> > Thanks for your continued help!
> > 
> > Ah, I think there is a misunderstanding: there is no USB soundcard as far 
> > as I understand it; only what is on the mainboard. So there should only be 
> > one soundcard.
> > 
> > I am currently running a sys-usb VM however!
> > 
> > Under DOM0 pauvaudio volume control, under the 'output devices' tab, there 
> > is no 'hardware' devices listed, only the 'simultaneous output' virtual 
> > device. The virtual device however is still showing fluctuating volume bar, 
> > so it's 'hearing' things correctly.
> > 
> > Strangely too, now my headphones don't seem to work (they did previously).
> 
> Generally you shouldn't need to attach sound card to specific VM -
> that's what "devices" tab in VM settings is. If you do that, only that
> VM will have access to it and none of others.
> 
> What should should do instead, is to leave sound card in dom0 (unassign
> from any VM you've assigned to - see qvm-pci list output), then you need
> to reboot to get dom0 driver attached to the device. After this,
> headphones should work again.
> 
> Then, lets debug speakers issue - open pulseaudio volume control - now
> you should have 'Output Devices' and 'Configuration' tabs. In both of
> them you'll see settings related to what output should be used - try
> changing it there.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> 
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqYvuoACgkQ24/THMrX
> 1ywAyAf/Q2s3oe/pmBIFBWDPphvErTY9hYjMGN8wXIcDIEqfPcB7mxk2rzrL67x3
> ZgPoviJVT0QW0yr/ZtdBnGZtK/Z9J/0/3cdEqpJekvazZL0mYz5k8PmCQaaeP7yL
> gGrHw7e30M+AZvA/AW5fQkGkEaJUizSdP1GgDe2FpMtkj7v3dbvCPpLTse6csd6r
> JJNBXxEkoD3PdNaCJGrDm65iNW1GJy/pSrbVeUBKouFSZUPcpVhYfUpKgA/Y+xR0
> xmub02qCMcT/qp2a5wRbIYZ8zTVPHq2eFCs0wcAZpsT83uG3lunrAtr2fCjPMiO3
> VC3PIbai+zJ0bC6dYPmCHKANI5nY7A==
> =v5Nw
> -END PGP SIGNATURE-




Thanks Marek.

I checked the qvm-pci lists and the audio driver isn't assigned to any VMs. 
This is a fresh install with the sys-USB VM on.

As far as I can summarize the problem now:
1. lspci shows the audio device.
2. aplay-l shows 'no audio device'
3. Pulseaudio output and config tabs show no audio devices (except the virtual 
one 'simultaneous output').

I've been interpreting this as a driver issue? But unsure how to fix/ get the 
appropriate drivers

- A 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dbd166cf-ad76-4f1a-b265-0f4b1f5f6be0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

2018-03-01 Thread yrebstv

On 2018-03-01 15:07, awokd wrote:
> On Fri, March 2, 2018 12:20 am, yreb...@riseup.net wrote:
>> per the network printing docs it says to :
>>
>>
>>
>> "Open an AppVM (make sure it’s based on the template where you just
>> installed the printer, normally all AppVMs are based on the default
>> template), and test if printing works. If it doesn’t then probably the
>> AppVM doesn’t have networking access to the printer – in that case
>> adjust the firewall settings for that AppVM in Qubes Manager."
> 
> To break it down:
> 1. Install printer into cloned template, using its network IP
> 2. Shutdown template
> 3. Start AppVM based on the cloned template
I did all this and more , installing the brother driver in the
Template ; however at the end it asks 

---
  When you see the message "Will you specify the DeviceURI ?",

 For USB Users: Choose N(No)
 For Network Users: Choose Y(Yes) and DeviceURI number.
---

So, I chose "yes" then it wanted something like the IPP:// address   ; I
may have put in the gateway address  and got nowhere
I guess your saying it doesn't matter if it didn't work in the Template
, but I'm not sure where and which IP address to put in the AppVM


> 
> If your AppVM is on sys-firewall with no custom firewall rules, you
> shouldn't have to add the printer's IP anywhere (except possibly within
> the AppVM) when you print for the first time.
> 
>> I also couldn't get anything to print from my
>> xubuntu  HVM
> 
> Are you sure the printer is on the network and Linux compatible?.yes , it 
> prints on my other  linux mint machine with the .deb package, though I used 
> the .rpm package in The template 


And for the IP address of the printer in the AppVM use the gateway of
the AppVM ?

in system-config-printer  there are various options  in settings->
device URI: usb://dev/usblp0  is  filled in ,  and in printer state it
say "waiting for printer to become available"

perhaps I DONT need to tweak the fw settings in the VM Manager,  but 
how or do I need to input the IP of the printer  (I have a DDWRT router
fwiw,  if I'm supposed to assign a static IP somehow, and if that is not
going to mess up the other computers using the network printer)

As a final option,  I don't use sys-usb qubes,  so maybe I could connect
the USB cable  and try it that way instead ... sigh

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ebfad100db47e10c9b98ef42ae5a0475%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Migrating to second hard drive

On Fri, March 2, 2018 3:38 am, Glen H wrote:
> On Thursday, March 1, 2018 at 10:37:26 PM UTC-5, Glen H wrote:
>
>> Hi,
>>
>>
>> My primary SSD is out of space and I have a second hard drive.  I've
>> formatted it but not sure how to migrate my cubes to it.  Does anyone
>> have any instructions for doing this?
>>
>> Ideally, I'd boot from my new hard drive and use original one to store
>> my backups of my qubes.
>>
>> Thanks,
>>
>>
>> Glen
>>
>
> I forgot to mention that I'm on Qubes 4 and I'm pretty knowledgeable
> about Linux.

Make sure you do a backup first. You might be able to "cheat" and DD the
small drive to the larger then expand, as long as you're comfortable with
LVM. On the other hand, pulling the small drive, installing Qubes on the
new, and restoring from backup wouldn't take that much longer.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d5b0bb1818209138128161320f89645d.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

2018-03-01 Thread yrebstv

sorry, yes, so if I do  system-config-printer -> settings-> device URI
then click "change" -> find network printer,  and I input the gateway
for the AppVM and it doesn't find the printer , perhaps the printer has
a different  IP  ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e984dad95c661c4ab92ebbb4036334b4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] fw for network printer setup

On Fri, March 2, 2018 4:10 am, yreb...@riseup.net wrote:

> When you see the message "Will you specify the DeviceURI ?",
>
>
> For USB Users: Choose N(No)
> For Network Users: Choose Y(Yes) and DeviceURI number.
> ---
>
>
> So, I chose "yes" then it wanted something like the IPP:// address   ;

You have to put your printer's IP address in here.

> I
> may have put in the gateway address  and got nowhere I guess your saying it
> doesn't matter if it didn't work in the Template ,

Right, doesn't matter it doesn't work, but put in the right IP address.


> And for the IP address of the printer in the AppVM use the gateway of
> the AppVM ?
>
> in system-config-printer  there are various options  in settings-> device
> URI: usb://dev/usblp0  is  filled in ,  and in printer state it
> say "waiting for printer to become available"

Change this to IPP:// and your printer's address.


> perhaps I DONT need to tweak the fw settings in the VM Manager,  but how
> or do I need to input the IP of the printer  (I have a DDWRT router fwiw,
> if I'm supposed to assign a static IP somehow, and if that is not going to
> mess up the other computers using the network printer)

Check what IP address they are printing to.

> As a final option,  I don't use sys-usb qubes,  so maybe I could connect
> the USB cable  and try it that way instead ... sigh
>
>


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40bb76e567d6ca52a73812e4e25f7c71.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Netvm reassignment blocks network traffic - 4.0rc4

2018-03-01 Thread Chris Laprise

Whenever I try to assign a running appVM to a different (running) netVM, 
networking always becomes blocked. I have to restart the appVM in order 
for networking to work with the new netVM and to do that I have to 
kill the appVM first because it won't shutdown after reassignment.


I think this may be a bug. Specifics don't seem to matter, the VMs can 
be plain firewall or vpn, debian or fedora on either side.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7de559e-e899-6069-0642-fe20808f8b8c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Netvm reassignment blocks network traffic - 4.0rc4

On Fri, March 2, 2018 5:04 am, Chris Laprise wrote:
> Whenever I try to assign a running appVM to a different (running) netVM,
> networking always becomes blocked. I have to restart the appVM in order for
> networking to work with the new netVM and to do that I have to kill
> the appVM first because it won't shutdown after reassignment.
>
> I think this may be a bug. Specifics don't seem to matter, the VMs can
> be plain firewall or vpn, debian or fedora on either side.

Sure it's not a feature? I could see opportunities for leaks to happen if
the firewall ruleset gets swapped out live, depending on ifdown/up etc.
sequence.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54e82b28d6c01fff1128cab750c73bac.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4 and coreboot

On Thursday, March 1, 2018 at 7:30:02 PM UTC-5, qube...@go-bailey.com wrote:
> Thanks all for the additional feedback about working payloads.
> 
> Tim, thanks. I used some similar guides to try some different configs 
> when I was attempting with petitboot. As best I could tell the issue 
> wasn't so much with fedora per se but with getting it to boot with 
> fedora and xen. I was able to get it to boot partially but never all the 
> way through.
> 
> Based on the comments in this thread though, am going to try SeaBIOS.

sounds good when in doubt go with whats proven to work.  Too bad as petitboot 
has nice features

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73af89be-87c0-4f4c-b3ec-bcde73eb2925%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: non qubes

On Thursday, March 1, 2018 at 3:30:52 AM UTC-5, jer...@disroot.org wrote:
> where do i find support for security, privacy? (some place where i can post 
> with anonimity too, reddit privacy requires java script i think, doesn't it 
> compromise anonimity? also i would like to ask how things are recommended in 
> doing, like a guide, etc...
> 
> for example i need to know if enabling java script to watch youtube in tor 
> will compromise anonimity or anything like that, or enabling java script in 
> other websites, if it's a risk.. and how i should tell where i can enable 
> java script, etc.. also if it's recommended to buy stuff through tor, and 
> how, etc and what its benefits, etc...

Javascript itself will not reveal your IP over Tor ie break tor.  But 
javascriptt has always had security issues that could be used to run code that 
could itself reveal ip etc.  This is more an issue with emails and small or 
spoofed sites etc not a large offical site like youtube.  

Honestly I do not understand people using gmail etc if privacy is critical.  
Even using pgp for all text etc so much can be learned from your habits email 
accounts contacted time of use etc...  Its sad they own so much of the Internet 
data and portal activity these days such as youtube.  I wish this list was not 
hosted but its so hard to avoid the carrot when its a opensource project. 

Use tor to setup a protonmail etc if you need a webmail account.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a89da4b-6393-4cbd-b1ea-e768d7c17b8c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

On Friday, March 2, 2018 at 4:16:39 AM UTC+1, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2018-03-01 05:39, Yuraeitha wrote:
> > On Thursday, March 1, 2018 at 11:53:19 AM UTC+1, Laszlo Zrubecz wrote:
> > On 02/28/2018 09:39 PM, Yuraeitha wrote:
> 
>  It seems from time to time that various people have shared a good
>  unofficial script, guides and 'how to's', and even code, for Qubes
>  related content, on their github page or similar. The problem
>  however is that while shared, it isn't very visible, and even if
>  they are from time to time mentioned in a mail thread, it quickly
>  gets buried under many new mails. It often isn't feasible to use
>  the search engine to find these either.
> 
>  Of course everything could be put into the Qubes doc page. But
>  first, it's getting pretty large and cluttered and will probably
>  only grow bigger. Second, the Qubes doc page does not show on-going
>  and un-finished work. The strength of seeing unfinished projects,
>  is that we can help each others finish and test them. Scrutinize
>  them for security issues and reliability issues, before they are
>  considered for the Qubes doc page.
> 
>  To solve an issue like this, it'd be helpful to have a place where
>  we can keep track of everyone's projects which are shared for
>  others to use. It may also be worth discussing on quality and
>  security, and how we "censor"? bad scripts/guides/code. It could be
>  done in many various of different ways, which is also why I think
>  it'd make sense to open a discussion on the matter, so we can find
>  the most preferred method. First though, a location might be ideal
>  starting place, where to keep everything updated?
> 
>  Initial thoughts - A https://www.qubes-os.org/doc/ page listing all
>  the unofficial projects. The most simple and easy way.
> > 
> > Have you seen this page:
> > https://www.qubes-os.org/qubes-issues/
> > 
> > 
> > 
> > 
> > @Laszlo
> > I was indeed not aware of that page, it's pretty similar to the initial 
> > suggestion up above. (Thanks for linking it!). But there is a very crucial 
> > difference I think, it appears much more top-down focused than bottom-up, 
> > and also not focused on more every-day kind of issues. It's more focussed 
> > on directly Qubes related issues, and not so much issues which can make 
> > Qubes easier to use, more mundane things, and other things which might be 
> > very important to some people, but not everyone. It also has a single 
> > developer mindset, rather than inspiring people in the community to work 
> > together to archive a common goal. So it's both very similar, but also very 
> > different at the same time. 
> > 
> > I agree it should still be possible to block dangerous or out-dated 
> > guides/scripts/etc., that's my opinion/view as well. But what is sought 
> > here is also a method not to exclude people who try to start something 
> > (many people have creative ideas, but are unable to carry it out or finish 
> > it themselves, and it disappears). Something can be started up, and then 
> > later need/seek help from others in the community to help finish it. Have 
> > critical eyes on the work from others, which might also make people more 
> > daring to do something, which may not be bashful, but a friendly community 
> > to solve issues in development, in a similar way how we solve personal 
> > issues in these mail threads. It can be much more risky for an individual 
> > to try build something alone, and then stick ones head out, than it is if 
> > the process is transparent and everyone can see how it works. Not everyone 
> > is willing to face such a risk, even if they got the skills to finish it 
> > themselves.
> > 
> > There is at least a good handful, if not 10 or so people around in these 
> > forums, who try to do something like this, but everyone are working alone. 
> > There are skill sets on vastly different degrees and types, but everyone 
> > doesn't need to have the same skills to be useful. A good example are 
> > Artists who can make artwork for Qubes content, or 
> > editors/writers/guide-makers whom usually would not write to a Qubes doc 
> > page, due to already mentioned reasons, or other reasons, it could be lack 
> > of time, or because the Qubes docs seem too official. I would make a guess 
> > here, that few people would want to post anything to a Qubes doc page if 
> > they didn't finish it up and make it pretty decent quality, before posting 
> > it. But that won't happen if low 
> > confidence/unfinished/lack-skillsets-and-need-to-work-with-others-to-finish-it/too-official/feels-like-it-must-be-finished-in-high-quality-when-uploaded.
> > 
> > I get there is a quality problem with something like this, but that's also 
> > meant to be part of the discussion, as how to solve something like that. 
> > Should there be

Re: [qubes-users] High spec laptop for Qubes OS

On Tuesday, February 27, 2018 at 8:36:02 PM UTC-5, Francesco wrote:
> On Sat, Feb 24, 2018 at 10:52 PM, tai...@gmx.com  wrote:
> I suggest a lenovo W520, as it supports coreboot with open source hw init and 
> me cleaner (which nerfs but does not disable ME - it is impossible to disable 
> ME, dell/purism are lying) you can also use an egpu for additional graphics 
> power and install an ivy bridge processor for better power figures.
> 
> 
> 
> I would also look in to the TALOS 2 (OpenPOWER9) which is a very high 
> performance owner controlled workstation with libre firmware for both the 
> board and BMC (even the microcode is owner controlled and has documentation 
> supplied, there is absolutely no hardware code signing enforcement).
> 
> POWER is now the worlds only owner controlled performance cpu arch due to 
> both intel and AMD adopting black box supervisor processors and hardware code 
> signing enforcement.
> 
> https://raptorcs.com
> 
> It also supports CAPI and PCI-e 4.0, which I imagine might interest you.
> 
> 
> 
> 
> 
> But does Talos 2 work with Xen? It seems it does not:
> https://www.google.com.br/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwig_reIlsLZAhXK2VMKHRlvC6cQFggrMAA&url=https%3A%2F%2Fgroups.google.com%2Fd%2Fmsg%2Fqubes-users%2FbqRSuU3T6MA%2Fn9tFozKsAQAJ&usg=AOvVaw2aUCCm88WSdcxkcCqWhZbe

No it does not yet it gets repeatedly mentioned to where it makes people think 
its viable option which it is not.  

The op wants a high end laptop which also eliminates all the old coreboot 
laptops.  as he wants a laptop it also removes the asusu amd server board 
desktop builds.  Best bet is lenovo thinkpad with the highest ram and processor 
combo and ssd drive/s.  It will likely give the best compatibility

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49bbd781-7f01-4661-a339-dceb9f434d76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Problems with qvm-run --pass-io

2018-03-01 Thread Robert Walz

Hi,

I tried to copy a raw image for a metasploitable vm to dom0, but it doesn't
work.

I followed the instructions on https://www.qubes-os.org/doc/
hvm/#converting-virtualbox-vm-to-hvm to create the raw image, then I tried
to copy it to dom0:

[robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' >
> /var/lib/qubes/appvms/metasploitable/root.img
>

I stopped the command with Ctrl+C, because the root.img became bigger than
the original file's size.
Then I got the following error messages.


CTraceback (most recent call last):
>   File "/usr/bin/qvm-run", line 222, in 
> main()
>   File "/usr/bin/qvm-run", line 217, in main
> r = vm_run_cmd(vm, cmdstr, options)
>   File "/usr/bin/qvm-run", line 66, in vm_run_cmd
> gui = options.gui, filter_esc = options.filter_esc)
>   File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py",
> line 1689, in run
> retcode = subprocess.call(args, **call_kwargs)
>   File "/usr/lib64/python2.7/subprocess.py", line 522, in call
> return Popen(*popenargs, **kwargs).wait()
>   File "/usr/lib64/python2.7/subprocess.py", line 1384, in wait
> pid, sts = _eintr_retry_call(os.waitpid, self.pid, 0)
>   File "/usr/lib64/python2.7/subprocess.py", line 476, in
> _eintr_retry_call
> return func(*args)
> KeyboardInterrupt
> [robert@dom0 ~]$
>

Does anybody know what this means, or what went wrong?

Thank you in advance.

Robert

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CA%2B%3DSG9T4QcKoQa8EDbxZVRoU-zkQr8fCsDxR7J7XmYqf7g-uww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up