[qubes-users] Re: Building an X-230 into a Qubes machine.
I have just identified Amazon recommends: https://www.amazon.com/Organizer-Socket-Adpter-Programmer-CH341A/dp/B07R5LPTYM/ref=sr_1_fkmr0_2?keywords=programmer%2C+ch431a=1583326902=hi=1-2-fkmr0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d70fd7ce-4d2e-486e-9b1b-b97015e7b954%40googlegroups.com.
[qubes-users] Announcement: NitroPad X230 passes hardware certification for Qubes 4.0!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, It is our pleasure to announce that the NitroPad X230 [01] has become the second Qubes-certified Laptop [02] for Qubes 4.0! This makes Nitrokey [03] the first vendor in Europe to have a product pass Qubes hardware certification. ## What is Qubes Certified Hardware? Qubes Certified Hardware [04] is hardware that has been certified by the Qubes developers as compatible with Qubes OS. Beginning with Qubes 4.0, in order to achieve certification, the hardware must satisfy a rigorous set of requirements [05], and the vendor must commit to offering customers the very same configuration (same motherboard, same screen, same BIOS version, same Wi-Fi module, etc.) for at least one year. Qubes-certified Laptops [02], in particular, are regularly tested by the Qubes developers to ensure compatibility with all of Qubes' features. The developers test all new major versions and updates to ensure that no regressions are introduced. It is important to note, however, that Qubes Hardware Certification certifies only that a particular hardware *configuration* is *supported* by Qubes. The Qubes OS Project takes no responsibility for any manufacturing or shipping processes, nor can we control whether physical hardware is modified (whether maliciously or otherwise) *en route* to the user. (However, see below for information about how the Insurgo team mitigates this risk.) ## About the NitroPad X230 The NitroPad X230 [01] offers users unprecedented control over the security of their hardware. Key features include: - Tamper detection through measured boot with Coreboot [06], Heads [07], and Nitrokey USB hardware, including support for Anti Evil Maid (AEM) [08] - Deactivated Intel Management Engine [09] - User-replaceable cryptogrpahic keys - Included Nitrokey USB key - Professional ThinkPad hardware based on the ThinkPad X230 [10] - Security-conscious shipping to mitigate against third-party interdiction [11] For further details, please see the original NitroPad announcement. [12] ## How to get one Please see the NitroPad X230 [01] on the Nitrokey website [03] for more information. [01] https://shop.nitrokey.com/shop/product/nitropad-x230-67 [02] https://www.qubes-os.org/doc/certified-hardware/#qubes-certified-laptops [03] https://www.nitrokey.com/ [04] https://www.qubes-os.org/doc/certified-hardware/ [05] https://www.qubes-os.org/doc/certified-hardware/#hardware-certification-requirements [06] https://www.coreboot.org/ [07] https://github.com/osresearch/heads/ [08] https://www.qubes-os.org/doc/anti-evil-maid/ [09] https://libreboot.org/faq.html#intelme [10] https://www.thinkwiki.org/wiki/Category:X230 [11] https://en.wikipedia.org/wiki/Interdiction [12] https://www.nitrokey.com/news/2020/nitropad-secure-laptop-unique-tamper-detection This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2020/03/04/nitropad-x230-qubes-certification/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl5fqc0ACgkQ203TvDlQ MDCnpxAAzgjT1Vi3sICEtkPPC7v6FxsNUClYhj2V6308T+obEyu+GTTXYBgEooPX Hrq/TzCXDvVUBGaYuT7kcymfCYpzFmKZAfBfV+2EMTymkIewztj++ovNG7/MiEqj c8zDAh0P8Q8sf0x1pMKkUivdT0sVi8URYAnIHW20YeYhLqALeoUQ22FVg1gMQkws IHWjpD/9kvJsJt/Ld0TBjEqPzBHc2e2c5ryjdZ1IWfSU5czB4sP2NRysROh/4AUr 91gJpPeCkm1UQx9nWoxTPjCTbi7FvSginNRLy7QD9RBdTL9qfpzgc1cQpSGnvJia QBEf0VKbxYIchFf8sx14v0XfDPZSBEHfCJwiq90AURVV3SsAuzZloRIafGfizmRf W7kzEnDqjhCVNjxbIcQCFljGvXuMmwYg1PhiOyRzdlg5bcErY6+eRODW7UupTu+t JHooxxHAzqX/9CCNs88uBCAY2hUTxt2lvl+jbmKP67E5fFesiT2n9l5ZozfGrSuc TnLmxWMUbDReRXaeligLe/rEJCrNE7f7ItXtuoXVgarOmmZUgjMWH7CoRmlergco xSVs6bzX+bZ0gswooeIBR8orhBuJBHO2ncavIfCElYRfOOzzmuBQrSlNmnuTZzog 7WmLsJfEh3pR0pvACqljgzuMK+KqwOJ3mQTDfdJbGCNJJedbKNs= =/e+K -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd99b287-c39c-f669-8dfb-0e1863874f44%40qubes-os.org.
[qubes-users] Building an X-230 into a Qubes machine.
As I could not afford a Privacy Beast, I bought a refurbished X-230 Core I5, 4 GB RAM to convert on my own. Soon I will get the 16 GB of RAM to put into it. I am looking to buy a ch-431a to program it from Amazon. I know the guys at Insurgo list on they use from China, but right now, I am not much interested in ordering one delivered from China. Not sure when it would be delivered, and whether I want it into my house. Once again, is there anything special about PROM an I5 versus an I7? Any one out there have any recommendations on exactly which one of these Amazon products to choose? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1588a0e0-40b9-413a-abb6-7c76ca3aaa92%40googlegroups.com.
[qubes-users] multiboot OS stick with other Linuxes together with Qubes on same stick
Hello list, I would like to make a multiboot OS stick with Qubes (among other Linuxes). To my knowledge, all ISO's of the Linuxes need to be in the root folder. Is that technically possible? Whats the best approach? Thank you! Regards, Joe -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200304160102.65937C070C%40smtp.hushmail.com.
Re: [qubes-users] How Qubes / and /home/user mounting as different disks works?
On 3/4/20 10:19 PM, Guerlan wrote: I'm curious about how Qubes does this: mounts /home/user and other user-related directories from disk B mounts the / from disk A, but when VM shutdowns, disk is discarded I'm curious on how it mounts disk A. I don't think it makes a copy of disk A to a temporary disk A', because that'd move lots of gigabytes on every VM startup. However, it also can't mount disk A as read-only, because I can write to it, it just gets discarded. How does this work? And is it exclusive of Xen? Couldn't I do the same in KVM? It's very useful Qubes uses copy-on-write snapshots to achieve this. With a default install, that means an LVM "thin pool" holds all of the VM volumes, and when a VM starts a snapshot is taken of both "disk A" and "disk B" (the *-root and *-private volumes). With a normal AppVM (base on a template) the root and private volumes are treated differently on shutdown: Root snapshot is discarded, and private is rotated to replace the persistent copy (what appears in the VM as /rw and /home). A similar snapshot routine is used if you installed Qubes with Btrfs format instead of LVM (Btrfs is a copy-on-write filesystem). Copy-on-write provides the ability to create new representations or snapshots of an existing file or volume, instantly. Snapshotting is like copying, but using a collection of pointers instead of the data itself. Thus, when a new snapshot is changed, the system only needs to write some new blocks in a different location and replace some pointers in the snapshot's metadata to point to the new location. This all can save a lot of time and disk space. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/809ee2c9-e860-92cc-4f68-8d965c9eda26%40posteo.net.
[qubes-users] Re: broadcom bcm43142 not working
I am about the last person who should reply to this, as I also have a Mid 2009 MBP and have not gotten the Broadcom working with some versions of Linux, like Debian, Pure OS. However, I can point you in the right direction. First of all, I am not sure what the Host OS is for your Qubes? Broadcom Wireless is not supported out of the box for Debian or Free Software Linux OS's, because it uses a module that is what some call a Blob, proprietary code. There has been an ongoing discussion about getting a Broadcom to work with the Pure OS, (Pure OS based on the latest Debian) on the Forum board for Librem. https://forums.puri.sm/t/pureos-on-macbook/8405/88 Please be aware that there are a number of different Broadcom Wireless devices to add to the confusion. Tails Linux (that is, for some the Security version of Linux some choose, offers the advice that the Broadcom Wireless Processors can not be spoofed (giving them a MAC address different than their own MAC address) so they allow others to identify you. I was posting on the Puppy Linux Forum, and mostly Puppy can be booted on my MBP, with the Wireless just working.Puppy Forum people are nice. The developer of Fat Dog, a version of Puppy linux said some interesting things about how to solve this problem: http://murga-linux.com/puppy/viewtopic.php?t=118015 Also his distro of Fat Dog, if one downloads it and puts it on a USB Flash Drive to run the Live version, has a note about how to install Broadcom wireless in the distro, guessing the Broadcom is already working in his Distro.I have not read it. Much of my problem with Wireless Drivers is that one must be online (Ethernet Connection to Internet) to get the Wireless commands to function correctly, and I do not have at home Internet. I am trapped by public WiFi. I would guess if the Host OS of Linux is based upon RPM, then you need some different commands, Repositories to get it to work. I have no experience with RPM based Linux BTW: If you go to the Puppy Linux Forum- well actually the Puppy Linux of the original developer of Puppy, Barry Kauler's website, you could download his latest version of Easy OS which is meant to be a privacy-security distro of Puppy Linux, using Boxes for Security. Might tweak your curiosity. Some on the Puppy Linux Forum believe that the safest way to run Puppy is to run it on a Multi-Boot DVD. Meaning one can prevent anyone from modifying your OS, as it is stored on a DVD, which you can update when you choose. Re-Booting to a freshly loaded version of the OS each time you boot up. I would not have not said anything at all, except, well, I have been frustrated by this same problem before, and I know where the Links are to work on some part of this. After find a way to install the right Module (what I called a driver) may not be the only problem with getting it to work with Qubes. But it is a start. Best wishes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9a14901-55fe-4ef3-a70f-848e5ec1a227%40googlegroups.com.
Re: [qubes-users] How Qubes / and /home/user mounting as different disks works?
On 3/4/20 10:19 PM, Guerlan wrote: I'm curious about how Qubes does this: mounts /home/user and other user-related directories from disk B mounts the / from disk A, but when VM shutdowns, disk is discarded I'm curious on how it mounts disk A. I don't think it makes a copy of disk A to a temporary disk A', because that'd move lots of gigabytes on every VM startup. However, it also can't mount disk A as read-only, because I can write to it, it just gets discarded. How does this work? And is it exclusive of Xen? Couldn't I do the same in KVM? It's very useful As to whether this can be done with KVM, yes you can. But Linux vendors are very confused about which copy-on-write technologies to promote so they tend to push the least common denominator, which is partitions or VMDK files. OTOH, Qubes decided copy-on-write storage was too useful to ignore and integrated it into VM management functions. You could use LVM thin pools with KVM, but IIRC you would have to automate snapshot handling yourself or find an additional package to do it (if such exists). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c207011a-9ad5-935c-f677-866c7aa0c831%40posteo.net.
[qubes-users] How Qubes / and /home/user mounting as different disks works?
I'm curious about how Qubes does this: mounts /home/user and other user-related directories from disk B mounts the / from disk A, but when VM shutdowns, disk is discarded I'm curious on how it mounts disk A. I don't think it makes a copy of disk A to a temporary disk A', because that'd move lots of gigabytes on every VM startup. However, it also can't mount disk A as read-only, because I can write to it, it just gets discarded. How does this work? And is it exclusive of Xen? Couldn't I do the same in KVM? It's very useful -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f07befc1-78bf-4892-ae7a-acf3dc10dc13%40googlegroups.com.
Re: [EXT] Re: [qubes-users] Q: Monitoring Updates
On 3/1/20 2:02 AM, unman wrote: On Sat, Feb 29, 2020 at 07:40:02PM +0100, Ulrich Windl wrote: Hi! I noticed that update of templates is rather silent when using the Updater App. Opposed to that when I use "Update Qube" in the Qubes Manager, a text window opens showing actual progress of the update. Unfortunately the mechanism is different (i.e. no Managment DVM is being used). Is there a way to follow update progress when using the Updater App? Regards, Ulrich No. The Updates does show you results from the update process. I do not know what the Qube manager shows you that is different. Well, you could have tried, but see attachment (debian-10, no updates found). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87fa9f9d-729b-d841-d007-b72918bb5fab%40rz.uni-regensburg.de.
[qubes-users] Segfault Error From Fail To Open Swarast
I am receiving an error on each time I try to run the program. The error is below: `MESA-LOADER: failed to open swrast (search paths /usr/lib64/dri) libGL error: failed to load driver: swrast Segmentation fault (core dumped)` I searched in the path of /usr/lib64/dri and discovered the file named swrast_dr.so in dri directory. Tried updating every thing but they all were already up to date. Also tried copying driver to lib folder of program but it was the same result. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/MWHPR0501MB38198ED84E42DB98A2324369A4E50%40MWHPR0501MB3819.namprd05.prod.outlook.com.
[qubes-users] Fedora30 doesn't update KeePassXC database
When I add a new entry to my KeePassXC database, the .kdbx-file is updated on the system (last modified timestamp is updated), but upon re-opening it the new entry is nonexistent. This happens on Fedora30 qubes, but Debian10 qubes work perfectly fine. The workaround for me is to simply not use Fedora30, but that's not ideal. I haven't tried to see if the same problem exist with other programs/files. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CXU2bL_RTyO_MX6pqBkwMLKgWTHxb9PUJlaNZ5nBRqQLpeEIsez6EOuZU6uXTXdvP_NStbt_JeQLQj3LQu0cvlsg8FELvzkYFz_uY0lK5ZI%3D%40protonmail.com.
Re: [EXT] Re: [qubes-users] the qubes clipboard
On 3/1/20 1:37 AM, unman wrote: On Sat, Feb 29, 2020 at 07:02:58PM +, 'Jackie' via qubes-users wrote: Ulrich Windl: Hi! I'm very much confused with the Qubes OS clipboard: When trying to copy some text from a Temrinal, I mark the text with the mouse then press "Ctrl+Shift+C", and I get a confirmation that the text is copied. However when I try to paste the clipboard in another machine, the contents is not what I had marked. When I use the "Edit->Copy" menu in the Terminal after having marked the text, and then press "Ctrl+Shift+C" again, the correct text is put in the Qubes OS clipboard. Confusingly the Terminal displays the shortcut "Ctrl+Shift+C" for "Edit->Copy". Isn't that a highly confusing feature (slowing down productive work a lot IMHO)? Regards, Ulrich Hi, In general, copying text from one VM to another is a four step process. Highlight text in VM1 document and ctrl+C to copy to VM1 clipboard. Then ctrl+shift+C to copy to dom0 clipboard. Then in VM2 window ctrl+shift+V to copy to VM2 clipboard, then ctrl+V to paste into document. It's pretty fast once you get used to it, just highlight, ctrl+C, ctrl+shift+C, alt+tab, ctrl+shift+V, ctrl+V. Terminal is a special case because ctrl+C, ctrl+V doesn't work to copy/paste, and default terminal shortcuts are the same as qubes inter-vm copy/paste shortcuts that take precedence. To paste text into terminal i ctrl+shift+V like normal to copy into VM clipboard, then edit->paste to paste into terminal. Or to copy from terminal, highlight, edit->copy, then ctrl+shift+C to copy to dom0 clipboard. Actually i think it's possible to change the dom0 shortcut so they no longer conflict, but the occasional edit->copy or edit->paste in terminal isn't too inconvenient for me. Also, it depends (naturally) on *which* terminal you use. I have little experience with gnome-terminal, which is, I think, what op is using. Yes, I'm using the "default" terminal which seems to be GNOME's. Using xterm or uxterm, mouse selection *does* work to copy, and Ctrl+Shift+C copies that text to clipboard for transmission to another qube. Does gnome-terminal need some extra configuration to enable "selection by mouse"? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6184144d-7d13-03ec-f4a1-2704f0e27023%40rz.uni-regensburg.de.
