from:"cooloutac"

On Tuesday, March 28, 2017 at 2:40:11 AM UTC-4, Vít Šesták wrote:
> AFAIU, TPM is useful mostly for AEM. But AEM requires Intel TXT (which is 
> missing even on some high-end CPUs). But TXT has various vulnerabilities. How 
> much real protection can it offer? Is it worth the hassle (finding a laptop 
> with both TPM and TXT and installing and using AEM)?
> 
> To be honest, I don't know much about TPM/AEM/TXT.
> 
> Regards,
> Vít Šesták 'v6ak'

if you worried about physical compromise more likely.  like if you travel with 
a laptop probably a good idea.  for a home desktop that would depend, but less 
likely in most cases, because then you got other more important security 
problems then your computer.  

Also i'm not sure but does using a usb boot key affect sys-usb? possibly a 
tradeoff maybe someone else can chime in.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/52c79991-3dbb-4bb0-b843-4cfad3d0cd64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HP EliteBook 820 G4

On Monday, March 27, 2017 at 4:00:29 PM UTC-4, xet7 wrote:
> Hi,
> I'm trying to install Qubes 3.2 iso from USB 2.0 stick to HP EliteBook G4 
> that has NVME harddisk. It's in usb boot menu loop.
> 
> I tried this:
> chainloader /EFI/BOOT/xen.efi placeholder qubes-verbose /mapbs /noexitboot
> 
> And somehow got to this this error:
> /EndEntire
> file path: 
> /ACPI(a0341d0)/PCI(0,14)/USB(1,0)/File(\EFI\BOOT)/File(xen.efi)/EndEntire
> 
> How can I continue install from USB stick ?
> 
> BR,
> x
I assume you already checked https://www.qubes-os.org/doc/uefi-troubleshooting/ 
  otherwise is there legacy boot mode option in bios?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/346ccdf1-5093-4a66-86fa-52fc3a7de0b9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

sounds cool.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c5b06eb-7362-4dbb-9697-9ce3ceff6aeb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Time Sync Failed and one other problem

2017-03-28 Thread cooloutac

On Tuesday, March 28, 2017 at 8:49:34 AM UTC-4, qubes-user-000 wrote:
> I have two problems right now in Qubes.
> When I do qubes-dom0-update, the first thing it says is 'Time Sync Failed! - 
> Exiting'.
> When I do qvm-sync-clock, it says the same thing.
> I did timedatectl set-ntp 1 to see if that would fix it, same error.
> 
> The other problem also comes up when I run qubes-dom0-update.
> Qubes is still downloading updated for Fedora 23 when I've had Fedora 24 for 
> months.
> I don't have the Fedora 23 template anywhere on the machine (that I know of).
> To clarify what I mean, it is NOT installing updates for Fedora 24 (which I 
> am using), it is looking for updates for Fedora 23.
> 
> I've had many problems since installing the Fedora 24 template but I just 
> noticed this one.

I have had timesync fail when port 123 (fedora also use another one I forget) 
being blocked in router or somewhere.

How do you know it is looking for Fedora 23 update?  How are you updating, what 
messages are you seeing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d6bfe7a-dc05-49b6-9b99-d53ae7b683e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Time Sync Failed and one other problem

2017-03-28 Thread cooloutac

On Tuesday, March 28, 2017 at 6:11:47 PM UTC-4, cooloutac wrote:
> On Tuesday, March 28, 2017 at 8:49:34 AM UTC-4, qubes-user-000 wrote:
> > I have two problems right now in Qubes.
> > When I do qubes-dom0-update, the first thing it says is 'Time Sync Failed! 
> > - Exiting'.
> > When I do qvm-sync-clock, it says the same thing.
> > I did timedatectl set-ntp 1 to see if that would fix it, same error.
> > 
> > The other problem also comes up when I run qubes-dom0-update.
> > Qubes is still downloading updated for Fedora 23 when I've had Fedora 24 
> > for months.
> > I don't have the Fedora 23 template anywhere on the machine (that I know 
> > of).
> > To clarify what I mean, it is NOT installing updates for Fedora 24 (which I 
> > am using), it is looking for updates for Fedora 23.
> > 
> > I've had many problems since installing the Fedora 24 template but I just 
> > noticed this one.
> 
> I have had timesync fail when port 123 (fedora also use another one I forget) 
> being blocked in router or somewhere.
> 
> How do you know it is looking for Fedora 23 update?  How are you updating, 
> what messages are you seeing?

actually that other port that fedora opens is probably a bug like their bugged 
dhclient.  only allow 123 in your router.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a256f7e-8fed-4cde-8e47-b1b5bc043243%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Simple Dom0 password manager for an imperfect-but-strong security upgrade?

Didn't bother reading the anarchical walls of text haha.  but Ya I agree with 
Jean that sounds like you would be exposing dom0 to stuff for really no 
reason...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eb595d36-d1eb-4b18-83cc-52c9317f0d28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Safely use USB keyboard and untrusted USB devices with only 1 USB controller?

2017-03-27 Thread cooloutac

On Sunday, March 26, 2017 at 8:22:46 PM UTC-4, Andres MRM wrote:
> [2017-03-26 21:14] cooloutac:
> > what about using the internal kb, no good?
> 
> No... I'm using an ergonomic one. It wasn't cheap, it's very different from a
> common one and it took me months to get used to it. =P

so I guess just take your chances with it on the usb qube. I do it with mouse 
never seen anything weird happen.  a wireless mouse too. although I probably 
should put lock screen on I just realized I don't even have it on.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a097d330-9914-4fd2-b139-3adf08df3903%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Maybe a silly question

I gave up on Virus scans a couple years ago. I turned into one of the grey
bears that use to tell me in the late 90s they were useless...

Actually revelations nowadays are that they are not just useless since they
can't keep up with literally millions of viruses released every month,
according to head of IAD for the NSA like 5 years ago... probably way more now.

But the fact is they are more of a security risk then they are worth. There is
a security researcher Tavis Ormandy? who has exposed kapersky and exploits
Norton quite frequently. Norton once took one of my suggestion when they
started their 2009 I think was the year, a symantec employee contacted me and I
was psyched to see they included my suggestion. With a brand new revamped
norton that was destroying everyone else with the lightest foot print. Then I
caught them hiding processses in the kernel and their own program, which ahd a
feature who listed which cpu use was from norton or other on system, was lying
haha. And after like 2 or 3 years they were back to raping hdd's and using
resources again.

Rumours from the 90s about them making their own viruses to promote their own
software has also been proven not too long ago. Especially related to Kapersky
being caught as well. Some of them are so blatantly corrupt nowadays you know
its them when they pop up on your windows machine out of nowhere lol...cough
personal antivirus...cough..

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/62c555ef-bf67-4f4d-bc8d-d3694a021790%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Debian 8] Audio problem after upgrading

On Thursday, March 30, 2017 at 5:32:08 PM UTC-4, J. Eppler wrote:
> Hello,
> 
> I upgraded my Debian 8 "Jessie" template from Debian Qubes r3.1 to Qubes 
> r3.2. Now, I have problems with the audio output. When I try to play audio 
> files I do not hear anything and music player - web or deskotp - skip through 
> songs very fast without playing them.
> 
> I tried to play something with clementine, this is the error message I got:
> 
> ~~~
> user@personal-music:~$ clementine
> Cannot connect to server socket err = No such file or directory
> Cannot connect to server request channel
> jack server is not running or cannot be started
> AL lib: (WW) alc_initconfig: Failed to initialize backend "pulse"
> AL lib: (EE) alsa_open_playback: Could not open playback device 'default': No 
> such file or directory
> 16:17:22.874 WARN  unknown  QTimeLine::start: already 
> running 
> ~~~
> 
> Anybody, any ideas what the issue could be?

tried alsamixer, and alsamixer in dom0?  sometimes thigns get muted on mine, 
not sure why,  i have to unmute everything for it to work again then mute back 
what I don't need.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6db4747-8425-4f31-a509-f36929830254%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can we have debian-minimal?

2017-03-19 Thread cooloutac

On Sunday, March 19, 2017 at 2:25:17 PM UTC-4, Reg Tiangha wrote:
> On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote:
> > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote:
> >> hi there,
> >>
> >> fedora minimal is great idea to have inside Qubes, i wonder why we dont 
> >> have debian minimal as well inside Qubes ?
> >>
> >> (debian-qubes has many packages which r not necessary to be installed e.g 
> >> printing packages. tho, it will be nice to install the needed packages 
> >> from the user pleasures not by default.)
> >>
> >> Thanks
> > 
> > This would be wonderful. I tried to create one by removing some package but 
> > not a big impact on space or memory usage.
> > 
> > I will follow this thread with interest!
> > 
> > Dominique
> > 
> 
> You can create one yourself using qubes-builder (
> https://github.com/QubesOS/qubes-builder ); I just did it myself a
> couple of days ago, and it's great! I tried to do do a stretch-minimal
> but it failed somewhere in the middle, but jessie-minimal worked fine
> and I've switched all of my service vms to use that with coldkernel.
> I'll probably get to creating a Thunderbird-only VM using that template
> soon.
> 
> I've noticed that there have been a lot of requests for debian-minimal
> templates come through; it'd be nice if one could be made and put up in
> the Qubes repository (even if it was templates-community) for
> convenience sake.

welp my brain just melted trying to figure this out.  Searching in qubes-users 
I just see unman telling people its easy, but can you link me to the actual 
instructions for building the template? apparently I;m too dumb to find them.  
I'm at that github page wanting to shoot myself right now. maybe i need git 
instructions too lol.

I've always compiled gresc on baremetal debian maybe I should just skip to 
coldkernel attempt?  But I;ve already failed trying to compile a basic kernel 
in Qubes so I think I'm probably just gonna pass man. :( 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8996d3b8-0182-449c-b16b-9c2d05836b27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can we have debian-minimal?

2017-03-19 Thread cooloutac

On Sunday, March 19, 2017 at 2:25:17 PM UTC-4, Reg Tiangha wrote:
> On 2017-03-19 11:38 AM, Dominique St-Pierre Boucher wrote:
> > On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote:
> >> hi there,
> >>
> >> fedora minimal is great idea to have inside Qubes, i wonder why we dont 
> >> have debian minimal as well inside Qubes ?
> >>
> >> (debian-qubes has many packages which r not necessary to be installed e.g 
> >> printing packages. tho, it will be nice to install the needed packages 
> >> from the user pleasures not by default.)
> >>
> >> Thanks
> > 
> > This would be wonderful. I tried to create one by removing some package but 
> > not a big impact on space or memory usage.
> > 
> > I will follow this thread with interest!
> > 
> > Dominique
> > 
> 
> You can create one yourself using qubes-builder (
> https://github.com/QubesOS/qubes-builder ); I just did it myself a
> couple of days ago, and it's great! I tried to do do a stretch-minimal
> but it failed somewhere in the middle, but jessie-minimal worked fine
> and I've switched all of my service vms to use that with coldkernel.
> I'll probably get to creating a Thunderbird-only VM using that template
> soon.
> 
> I've noticed that there have been a lot of requests for debian-minimal
> templates come through; it'd be nice if one could be made and put up in
> the Qubes repository (even if it was templates-community) for
> convenience sake.

I still have to try this out ty.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f440bb7e-d6cc-4e19-99ec-cc281aaea1ed%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: S3 sleep on Thinkpad T460 issues

On Thursday, March 16, 2017 at 7:55:27 AM UTC-4, Martin L. Fällman wrote:
> Hi list! So, I have an issue with my Thinkpad T460. What seems like randomly, 
> it will not wake up from S3 sleep. Opening and closing the lid, hitting the 
> power button and doing a little jig on the keyboard does nothing.
>  The indicator light is however pulsating, and I can get the FnLock light to 
> light up by pressing Fn+Esc.
> 
>  
> 
> I’m fairly certain it happens when it’s slept for a long time, e.g. 
> overnight, and it may be related to putting it to sleep with an Ethernet 
> cable and/or power connected. I’ve set the TPM to the discrete chip and done
>  some other BIOS fixes that have gotten sleep and shutdown to work properly 
> most of the time, but this issue still eludes me, and it doesn’t seem like I 
> can find anything about it in the logs either.
> 
>  
> 
> Can’t find anything on the issue in the list archives, so I figured I should 
> bring it to the list to see if anyone has an idea of what could be going 
> wrong. I have logs from my attempt to suspend yesterday, which ended
>  with the computer not waking up this morning: http://pastebin.com/yny6QL4j
> 
>  
> 
> As you can see, first there’s some sort of i915 warning, then xfdesktop dumps 
> core, and then systemd merrily goes on its way suspending the system. I 
> suspect the issue is in there somewhere—could be i915, right?
> 
>  
> 
> I’m also running the stock BIOS revision but I’ve prepared an update USB that 
> hopefully will allow me to update to the latest version. Could maybe resolve 
> the issue, no?
> 
>  
> 
> Any input or ideas appreciated…
> 
>  
> 
> Cheers,
> 
>  
> 
> MARTIN L. FÄLLMAN
> 
> PROTECTION OFFICER
> 
> 
> 
> CIVIL RIGHTS DEFENDERS
> 
> Address: Sergels torg 12, floor 12, SE-111 57 Stockholm, Sweden
> 
> Tel: +46 8 120 744 03, Mobile: +46 70 484 96 75
> 
> martin.fall...@civilrightsdefenders.org
> 
> PGP: 0ECD 731D D578 6145 AB22 D213 5104 FC60 779A FD28
> 
> SIGNAL available on cell number 
> 
> 
> 
> We defend people’s civil and political rights and empower human rights 
> defenders worldwide.
> 
> Learn how to support us on www.crd.org
> 
>  

same thing happens to me on my desktop with qubes specifically man. after slept 
for a long time.  happens on another desktop with windows you can try bug 
reporting the kernel with xen.  might be a baremetal linux thing too since its 
so common.

My issue is system freezes when woke after hours of sleep. I think depending 
which vms open.  I assumed disposable but now not sure.

After it killed my qubes one time.  Qubes couldn;t boot.  I had to mount it i 
don't remember  from where and thank goodness fsck worked and bought it back to 
life.  a problem of using ssd.  but at least it don;t physically die.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f532c1e-7b04-42b2-8e5b-37ff22f7ef54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Network Link Speed in VM?

On Friday, March 17, 2017 at 5:35:12 AM UTC-4, Jarle Thorsen wrote:
> My netVM has a 10Gb network card, and hence a 10Gb link speed on it's network 
> interface.
> 
> However I notice that my Windows HVM only has a 1 Gb link speed? (I'm unable 
> to list the link speed for my linux VMs for some reason?)
> 
> Is it possible to get the VMs to use 10Gb network? (or is the link speed just 
> a number, and not a speed limit for the VMs?)

is this Drew? hehe.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c766199c-0894-40bd-be69-7454e6d0cfd5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: very frequent crashes (about every other hour)

On Thursday, March 16, 2017 at 11:34:12 PM UTC-4, Drew White wrote:
> On Monday, 13 March 2017 07:47:34 UTC+11, Steffen Hartmann  wrote:
> > Hello,
> > 
> > after installation and some weeks of using cubes 3.2 I'm still facing 
> > troubles with the system hanging comletly.
> > It starts with very delayed mouse and keyboard input - finally everything 
> > stops.
> > When looking with top in dom0 no obvious memory hungry tasks.
> > 
> > However I have to reboot or even stop the computer the hard way pulling the 
> > mains.
> > 
> > With my other OS's on the same computer no such troubles.
> > 
> > Where can I look into to trace down this problem?
> > 
> > I have a dell precision 5500 with 16 GB Ram an 3 VM running (sys-firewall, 
> > sys-net, fed23) and dom0 of course.
> > 
> > Everything is pretty much standard installation.
> > 
> > thank you
> 
> Hi Steffen,
> 
> You are using the almost EXACT SAME machine that I am. I have 24 GB RAM.
> I used to have the exact same problem before I reconfigured things to work 
> properly so that this did not happen.
> 
> FIRSTLY, upgrade to A16, there are bugs in A13 that should not be there.
> This fixes the frequent overloads and thus the lockups.
> 
> SECOND, disable screensaver, put it to blank screen.
> THIRD, whenever you are going away overnight, pause every guest that runs web 
> browsers, OR shut them down.
> 
> FOURTH, make sure you update the Qubes Manager to get rid of the Memory Leak 
> it has.
> 
> Currently I have been using most of my own things to replace the Qubes 
> Manager, thus utilising less RAM in Dom0, which also resolved numerous 
> locking issues.
> 
> I run Fedora 23 Templates, along with Debian 8, and numerous versions of 
> Windows along with other operating systems including Android.
> At times I have anywhere up to 20 Guests running at a time.
> 
> RARELY less than 8.

Drew when you gonna join Qubes team?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29b61544-8d2f-402d-8c21-3949ee92745f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't start my StandaloneVM anymore

On Saturday, March 18, 2017 at 2:50:51 PM UTC-4, Holger Levsen wrote:
> On Sat, Mar 18, 2017 at 11:14:07AM -0700, cooloutac wrote:
> > On Saturday, March 18, 2017 at 2:11:50 PM UTC-4, cooloutac wrote:
> > >  I'm starting to think you're the joke.
> > Instead of arrogantly telling someone to do a simple search if you are too 
> > lazy to give a solution.  Do  everyone a favor and keep your fucking mouth 
> > shut!
> 
> instead of attacking people on the list, please read 
> https://www.qubes-os.org/code-of-conduct/
> 
> thanks.
> 
> 
> -- 
> cheers,
>   Holger

Well if this is gonna turn into the typical linux help channel with arrogant 
assholes insulting people askikng questions.  Good Luck  to Qubes...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63996b5f-b7fa-4d5f-b26c-a34e6bac98df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't start my StandaloneVM anymore

On Friday, March 17, 2017 at 5:10:41 PM UTC-4, Unman wrote:
> On Fri, Mar 17, 2017 at 10:49:04AM -0700, cooloutac wrote:
> > On Friday, March 17, 2017 at 1:48:27 PM UTC-4, cooloutac wrote:
> > > On Friday, March 17, 2017 at 1:17:10 PM UTC-4, Unman wrote:
> > > > On Fri, Mar 17, 2017 at 04:38:17PM +, faber wrote:
> > > > > I have a Debian-9 StandaloneVM that I recently am unable to start it.
> > > > > The only thing I've done, before getting stuck there, was removing
> > > > > libreoffice (all packages), jack, mutt and icedove, nothing special.
> > > > > 
> > > > > logs from /var/log/xen/console/guest-dev.log:
> > > > > 
> > > > > https://share.riseup.net/#jt9PHXk7pbpDkz0ZKmwy7g
> > > > > 
> > > > > 
> > > > > If you need anything else, please let me know!
> > > > 
> > > > If you start it using qvm-start what error do you see?
> > > > Once you have started it can you attah to the console from dom0 using
> > > > (as root) xl console  ?
> > > 
> > > ya and if you can do that check apt log.  I kill my debian system all the 
> > > time removing or installing packages.  I blindly click yes and don't 
> > > realize its asking me if it can kill my system by removing desktop haha.
> > > 
> > > after reading about how when updating a template you could accidentally 
> > > click yes to a not verified key I had to tell my family to make sure they 
> > > read for that specific thing especially before hitting y. (this has 
> > > nothing to do with your issue sorry)
> > 
> > and when that happens you just keep trying till it gets a valid key.
> > 
> 
> I hope this was a joke.
> I have no sense of humour - do NOT do this.
> It's a common situation and you will find many answers with a simple
> search.

 I'm starting to think you're the joke.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a600e4a1-1c90-4803-9401-000c3e53a627%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't start my StandaloneVM anymore

On Saturday, March 18, 2017 at 2:11:50 PM UTC-4, cooloutac wrote:
> On Friday, March 17, 2017 at 5:10:41 PM UTC-4, Unman wrote:
> > On Fri, Mar 17, 2017 at 10:49:04AM -0700, cooloutac wrote:
> > > On Friday, March 17, 2017 at 1:48:27 PM UTC-4, cooloutac wrote:
> > > > On Friday, March 17, 2017 at 1:17:10 PM UTC-4, Unman wrote:
> > > > > On Fri, Mar 17, 2017 at 04:38:17PM +, faber wrote:
> > > > > > I have a Debian-9 StandaloneVM that I recently am unable to start 
> > > > > > it.
> > > > > > The only thing I've done, before getting stuck there, was removing
> > > > > > libreoffice (all packages), jack, mutt and icedove, nothing special.
> > > > > > 
> > > > > > logs from /var/log/xen/console/guest-dev.log:
> > > > > > 
> > > > > > https://share.riseup.net/#jt9PHXk7pbpDkz0ZKmwy7g
> > > > > > 
> > > > > > 
> > > > > > If you need anything else, please let me know!
> > > > > 
> > > > > If you start it using qvm-start what error do you see?
> > > > > Once you have started it can you attah to the console from dom0 using
> > > > > (as root) xl console  ?
> > > > 
> > > > ya and if you can do that check apt log.  I kill my debian system all 
> > > > the time removing or installing packages.  I blindly click yes and 
> > > > don't realize its asking me if it can kill my system by removing 
> > > > desktop haha.
> > > > 
> > > > after reading about how when updating a template you could accidentally 
> > > > click yes to a not verified key I had to tell my family to make sure 
> > > > they read for that specific thing especially before hitting y. (this 
> > > > has nothing to do with your issue sorry)
> > > 
> > > and when that happens you just keep trying till it gets a valid key.
> > > 
> > 
> > I hope this was a joke.
> > I have no sense of humour - do NOT do this.
> > It's a common situation and you will find many answers with a simple
> > search.
> 
>  I'm starting to think you're the joke.

Instead of arrogantly telling someone to do a simple search if you are too lazy 
to give a solution.  Do  everyone a favor and keep your fucking mouth shut!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/160c9760-2a12-4730-89ab-b28af7461622%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't start my StandaloneVM anymore

On Saturday, March 18, 2017 at 7:35:54 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-03-17 14:10, Unman wrote:
> > On Fri, Mar 17, 2017 at 10:49:04AM -0700, cooloutac wrote:
> >> On Friday, March 17, 2017 at 1:48:27 PM UTC-4, cooloutac wrote:
> >>> On Friday, March 17, 2017 at 1:17:10 PM UTC-4, Unman wrote:
> >>>> On Fri, Mar 17, 2017 at 04:38:17PM +, faber wrote:
> >>>>> I have a Debian-9 StandaloneVM that I recently am unable to start it.
> >>>>> The only thing I've done, before getting stuck there, was removing
> >>>>> libreoffice (all packages), jack, mutt and icedove, nothing special.
> >>>>>
> >>>>> logs from /var/log/xen/console/guest-dev.log:
> >>>>>
> >>>>> https://share.riseup.net/#jt9PHXk7pbpDkz0ZKmwy7g
> >>>>>
> >>>>>
> >>>>> If you need anything else, please let me know!
> >>>>
> >>>> If you start it using qvm-start what error do you see?
> >>>> Once you have started it can you attah to the console from dom0 using
> >>>> (as root) xl console  ?
> >>>
> >>> ya and if you can do that check apt log.  I kill my debian system all the 
> >>> time removing or installing packages.  I blindly click yes and don't 
> >>> realize its asking me if it can kill my system by removing desktop haha.
> >>>
> >>> after reading about how when updating a template you could accidentally 
> >>> click yes to a not verified key I had to tell my family to make sure they 
> >>> read for that specific thing especially before hitting y. (this has 
> >>> nothing to do with your issue sorry)
> >>
> >> and when that happens you just keep trying till it gets a valid key.
> >>
> > 
> > I hope this was a joke.
> > I have no sense of humour - do NOT do this.
> > It's a common situation and you will find many answers with a simple
> > search.
> > 
> 
> I'm unclear about the disagreement here. I understood cooloutac as saying:
> 
> Sometimes, apt-get may download a package with an invalid signature.
> In that case, you should not install the invalidly signed package.
> Instead, you should re-download the package (and let apt-get re-check
> the signature), e.g., after a period of time, from a different server,
> or via a different connection, until you get a validly signed package,
> and only then proceed with installing that package.
> 
> If that's what cooloutac meant, then I'm not sure I see the problem
> with that approach. Isn't that what we *should* do in that situation?
> 
> P.S. - Let's keep the discussion civil and productive, please.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJYzcRHAAoJENtN07w5UDAwv38P/idMKPQlh+1hqJmlPwQJJHVq
> TjXSUJnS3AL2kX9WGmAbID1cPl3SxHG8ElDWbU5CxnJ7CdgffIV4CRqBcxo/z75H
> 6ggMHBKQuZXTUzKTU8IObHwy2A2wTo6RYNYsVO93GFiPsRGQnrXOYxcQ2jFhvZsM
> Hsih4Eg60Rbv/pbagWcooVfKDhMrqMHR+tnBBJzcXEwwgqVl2vhCcvzeL/ZeYfAN
> Z1nCenv42AQ601hKIDkD8+CgbXzCxAPtQQ7vXHAYq9W8UL/nWRzSbT3L5ih2Z7JW
> NUoNJ3NmMXPj11uf7EnZb+NY1mA70njdCQ0HdxiXB6iAZVQ8fJ0Fz6juyFie6RyP
> murVctv1Btgz6FR5clKfS9tIFxZJ2bTtPtFNTeiOZInDqIyJLr662Ji/i8Qql6b2
> aTfk0PxSWiDhXeyyBy6NuCckDRvUWyb0FNXJBLNUTzNR8zAuAuR+/jnwTdT+Q/YY
> v9Ja6LoqH3s7nfluxi4Zm4TInd/I7XkehYdikm+O4D9re4haoPJkYGfiMzc+g6qH
> vDMbGWttj7Tc0wQbmItbb31Nr1/R13wAfST9XMXQS0pav9zOS6J3yOy0Lu8aiQyU
> vcB2lP2cQon5capDrP8fatb4mEpRORdBwJ5tv+N2Tqq3tshzxaxJ6AhgzPDHUJmu
> punfqhmLEuvp2TodREZT
> =xrUX
> -END PGP SIGNATURE-

I'm sorry Andrew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bd19088-0566-41ac-bbb7-b2fb1afa0c6b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

2017-03-14 Thread cooloutac

On Sunday, March 12, 2017 at 9:16:16 PM UTC-4, Drew White wrote:
> On Saturday, 11 March 2017 05:09:26 UTC+11, cooloutac  wrote:
> > On Friday, March 10, 2017 at 1:14:47 AM UTC-5, Drew White wrote:
> > > On Friday, 10 March 2017 15:36:49 UTC+11, cooloutac  wrote:
> > > > My problem with Qubes is that i'm still noob.  I don't even know what 
> > > > alot of system processes are or what they do. Qubes is more complicated 
> > > > then a normal os even just to monitor network traffic. I'm mostly in 
> > > > the dark compared to on bare metal os.
> > > > 
> > > 
> > > I know more about qubes than the developers do by now.
> > > monitoring is easy, just have a proxy that does it after the netvm.
> > > NetVM -> Firewall/Proxy running WireShark or similar -> AppVM/HVM
> > > 
> > > 
> > > > I'm basically at mercy of a default setup lol.  But I think thats part 
> > > > of qubes goal.  It has the misnomer of being called for nerds or 
> > > > enthusiasts.  But its really for noobs.  The hard part is just taking a 
> > > > step in these waters of a new world, even for most security experts. 
> > > > 
> > > 
> > > I wrote my own applications for qubes because the developers wouldn't fix 
> > > things and didn't change things to use less RAM.
> > > I wrote my own manager that uses only 200 MB VRAM, instead of the current 
> > > one that uses over 1 GB VRAM. (Approximations)
> > > 
> > > Qubes is built for end users, not nerds or developers or anything (or so 
> > > they claimed, will post reference later).
> > > 
> > > > The hard part is just accepting the fact you will be compartmentalizing 
> > > > diff aspects of your daily activity on your pc.  Its a different way of 
> > > > thinking.  
> > > > 
> > > 
> > > it is a different way for many people. Those of us that are like me, and 
> > > are developers and such, we use virtualisation every day just to do our 
> > > jobs.
> > > 
> > > 
> > > > Its about accepting the fact you are never 100% secure and its just a 
> > > > matter of how persistent your assailant is.  No matter what OS you are 
> > > > using. Everyone gets compromised imo, even most security experts.  The 
> > > > only people that don't are people that use their computers like monks.  
> > > > All we can do most of the time is mitigate it.
> > > 
> > > Accept you aren't secure. Accept that you are compromised. Then try your 
> > > best to prevent things from going wrong.
> > > 
> > > It's always good to prevent what you can.
> > > 
> > > I have a way of doing things that permits me to protect myself up the 
> > > wahzoo.
> > > 
> > > More advanced than the way qubes initially did it.
> > > It involves me doing different things with the iptables rules, but it's 
> > > workable.
> > > 
> > > I've done things and tested things, even the vulnerabilities that they 
> > > say there are that makes qubes super duper easy to break, and mine hasn't 
> > > broken or had that vulnerability.
> > > 
> > > Default setups, they can cause issues.
> > > SystemD, issues.
> > > 
> > > Hopefully one day, things will be back to being better, but until then, 
> > > we just have to try to protect ourselves as best as we can. What else can 
> > > we do when people like Google and Microsoft and all those others are 
> > > trying to steal your data and take over your life and your pc and 
> > > everything about you, then sell your data to the everyone
> > 
> > true.   Why not just use wireshark in sys-net, since its considered unsafe 
> > anyways?
>  
> because I keep the data and logs separate. I have a proxyMV with it. That 
> way, I can restrict the VM, and pass everything to something else, thus 
> providing another layer of security by having the data come into the monitor, 
> but go no further. So I can see what's going on, and then release or halt 
> things myself.
> 
> > The problem for me is identifying what vm and what process is causing the 
> > traffic.  To use baremetal methods on every vm is impractical.
>  
> true, but that's where certain things come in handy.
> That's one thing I will look at adding, thanks for the thought.
> 
> > I still never figured out how to make the firewall scripts to control 
> > everything outgoing. I still don't even believe its possible for some 
>

[qubes-users] Re: Keyboard layouts with multiple keyboards

2017-03-14 Thread cooloutac

On Tuesday, March 14, 2017 at 10:07:59 AM UTC-4, Vít Šesták wrote:
> I have a laptop that I connect an external USB keyboard (ErgoDox) to. When I 
> connect the external keyboard, the keyboard gets a different layout (us) than 
> the internal one in dom0. VMs started before the keyboard is plugged in have 
> some mixed behavior (probably related to modifier keys) between my layout and 
> US layout. When I start a VM after plugging the keyboard in, it also gets the 
> us layout (for both keyboards).
> 
> I have a shell oneliner that quickly fixes the layout in all the VMs, but I 
> would prefer not having to use it.
> 
> I have encountered this issue even with 3.0, but it was obsolete version that 
> time, so I decided to wait for now that time. But I periodically encounter 
> this issue even on Qubes 3.2.
> 
> Does anybody else encounter this issue?
> 
> Desktop environment: Xfce with Kwin.
> 
> Regards,
> Vít Šesták

I have a similar problem on raspberry pi using raspbian. It always defaults to 
UK but I rarely plug a kb in it. And have seen it happen on Ubuntu but never 
fedora. 

Try matching language settings to kb layout and see if it still happens.

interesting I went to xfcesettings editor, selected keyboards, don;t see a 
layout option. There is also an xfce plugin for keyboard layout you can try.  
Although you probably don;t want to install that into dom0.

have you already tried sudo dpkg-reconfigure keyboard-configuration ?

I'd be curious if you find a solution.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba43a2d6-54db-4b44-86a3-0aae038b456b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't start my StandaloneVM anymore

On Friday, March 17, 2017 at 1:17:10 PM UTC-4, Unman wrote:
> On Fri, Mar 17, 2017 at 04:38:17PM +, faber wrote:
> > I have a Debian-9 StandaloneVM that I recently am unable to start it.
> > The only thing I've done, before getting stuck there, was removing
> > libreoffice (all packages), jack, mutt and icedove, nothing special.
> > 
> > logs from /var/log/xen/console/guest-dev.log:
> > 
> > https://share.riseup.net/#jt9PHXk7pbpDkz0ZKmwy7g
> > 
> > 
> > If you need anything else, please let me know!
> 
> If you start it using qvm-start what error do you see?
> Once you have started it can you attah to the console from dom0 using
> (as root) xl console  ?

ya and if you can do that check apt log.  I kill my debian system all the time 
removing or installing packages.  I blindly click yes and don't realize its 
asking me if it can kill my system by removing desktop haha.

after reading about how when updating a template you could accidentally click 
yes to a not verified key I had to tell my family to make sure they read for 
that specific thing especially before hitting y. (this has nothing to do with 
your issue sorry)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d62f870-238a-42d4-93a1-ba0eb7ea640e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't start my StandaloneVM anymore

On Friday, March 17, 2017 at 1:48:27 PM UTC-4, cooloutac wrote:
> On Friday, March 17, 2017 at 1:17:10 PM UTC-4, Unman wrote:
> > On Fri, Mar 17, 2017 at 04:38:17PM +, faber wrote:
> > > I have a Debian-9 StandaloneVM that I recently am unable to start it.
> > > The only thing I've done, before getting stuck there, was removing
> > > libreoffice (all packages), jack, mutt and icedove, nothing special.
> > > 
> > > logs from /var/log/xen/console/guest-dev.log:
> > > 
> > > https://share.riseup.net/#jt9PHXk7pbpDkz0ZKmwy7g
> > > 
> > > 
> > > If you need anything else, please let me know!
> > 
> > If you start it using qvm-start what error do you see?
> > Once you have started it can you attah to the console from dom0 using
> > (as root) xl console  ?
> 
> ya and if you can do that check apt log.  I kill my debian system all the 
> time removing or installing packages.  I blindly click yes and don't realize 
> its asking me if it can kill my system by removing desktop haha.
> 
> after reading about how when updating a template you could accidentally click 
> yes to a not verified key I had to tell my family to make sure they read for 
> that specific thing especially before hitting y. (this has nothing to do with 
> your issue sorry)

and when that happens you just keep trying till it gets a valid key.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/989ca76a-7ffa-4315-9aa5-16989833050c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread cooloutac

On Tuesday, March 14, 2017 at 7:22:04 PM UTC-4, Chris Laprise wrote:
> On 03/14/2017 12:57 PM, cooloutac wrote:
> 
> > yes I agree having to click yes in a dom0 popup will not be cumbersome for 
> > most. But is it that easy for the devs to implement?
> 
> Its already there, for a long time now. The vm-sudo doc describes how to 
> enable it.
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett

thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/058a93d3-cbab-47d1-9b82-5c9e00297c6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread cooloutac

On Wednesday, March 15, 2017 at 3:15:15 PM UTC-4, cooloutac wrote:
> On Tuesday, March 14, 2017 at 7:22:04 PM UTC-4, Chris Laprise wrote:
> > On 03/14/2017 12:57 PM, cooloutac wrote:
> > 
> > > yes I agree having to click yes in a dom0 popup will not be cumbersome 
> > > for most. But is it that easy for the devs to implement?
> > 
> > Its already there, for a long time now. The vm-sudo doc describes how to 
> > enable it.
> > 
> > -- 
> > 
> > Chris Laprise, tas...@openmailbox.org
> > https://twitter.com/ttaskett
> 
> thanks!

 I think this thread is now sudo vs doing everything in dispvms? lol well 
regarding sudo you guys heard about the malware fsybis last year?  installs on 
linux system without root by clicking bad link.  persists, keylogs, phones 
home, spreads. root not required.  and I mean what data you got in root 
directories thats more private then user data?  

I guess the argument is that you are protecting dom0 by using sudo in an appvm? 
Sorry if I;m stating the obvious.

But doing everything in a dispvm?  Sure, if someone else sets it up and 
maintains it for me lol. I'm not gonna bother with the scripts, I use Qubes so 
I don;t have to read emails in text only mode and implement crazy security 
measures like selinux or apparmor with grsec, which also have never helped me 
much before. I gave all that stuff up.

All it takes is one bad click and something I say yes to.  It happens to 
everyone eventually.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df29a1f1-8f8e-497a-8389-95e8d6ab3e9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] Re: QSB #29: Critical Xen bug in PV memory virtualization code (XSA-212)

sorry if I read further I would of confirmed yes that is the correct version.  
ty.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b868ac9-3331-488f-a6bf-97efce260e4f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How much important is TPM?

On Tuesday, April 4, 2017 at 10:29:55 AM UTC-4, tai...@gmx.com wrote:
> Opal is proprietary garbage, and proprietary crypto schemes are almost 
> always terrible. (there is also no real way to check that it is actually 
> working and still working).
> 
> TXT is intel marketing, it isn't anything special just DRTM vs regular 
> TPM SRTM that makes it so something can change slightly without having 
> to re-do the measurement. Of course there are also no libre devices that 
> have TXT (purism isn't libre[1])
> 
> [1] On the "libreM" no open source hardware init is performed their 
> "coreboot" is simply a wrapper layer, if you buy from them you get an 
> overpriced quanta laptop that will never be FSF RYF unless they bribe 
> someone to modify the certification standards.

Yes Joanna talks about failure of txt in a paper.

Ya nothing is gonna be 100% libre when it comes to hardware unfortunately.  In 
the 90s computer users were more educated and it was harder for intel and 
microsoft to get away with even minor changes. Like their processes collecting 
ids. It beca,e big news, like pentium 3s collecting id numbers hit big 
commerical news on tv.But nowadays everyone is using a pc and most users 
don't care or don't believe.  Its all politics.

nothing will also be 100% secure,  we gotta use what we got though.  As long as 
it does not affect usability or have adverse affect on security, why not?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1576c31-c2a4-422a-a4a6-f1cfcb3b0ce1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [bug, 3.2, qubes manager] sys-whonix restart

On Sunday, April 2, 2017 at 4:45:08 PM UTC-4, Eva Star wrote:
> Trying to restart running sys-whonix constantly give us this assert:
> https://i.imgur.com/YU8sv3H.png
> 
> -- 
> Regards

happens to me all the time too,  believe it is some race condition or conflict 
if another vm is running some task.

For example happens alot when I restart sys-usb, or sys-net,  right after 
shutting down another vm.  If I give it some time first then it doesn't happen. 
 But its annoying and definitely needs to be optimized.  Happens even on my 
much faster pc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e967d88d-d679-43e5-beca-532bd49a7ccb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [qubes-devel] Re: QSB #29: Critical Xen bug in PV memory virtualization code (XSA-212)

On Tuesday, April 4, 2017 at 12:06:26 PM UTC-4, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Tue, Apr 04, 2017 at 09:53:02AM -0600, Reg Tiangha wrote:
> > On 04/04/2017 08:14 AM, Marek Marczykowski-Górecki wrote:
> > > -BEGIN PGP SIGNED MESSAGE-
> > > Hash: SHA256
> > >
> > > Packages by default are uploaded to current-testing repository. Moving
> > > to security-testing require maintainer decision. Done now, you can see
> > > it here:
> > > https://github.com/QubesOS/updates-status/issues/26
> > >
> > > - -- 
> > > Best Regards,
> > > Marek Marczykowski-Górecki
> > > Invisible Things Lab
> > > A: Because it messes up the order in which people normally read text.
> > > Q: Why is top-posting such a bad thing?
> > > -BEGIN PGP SIGNATURE-
> > > Version: GnuPG v2
> > 
> > So I've noticed that qubesos-bot on GitHub says that these Xen packages
> > were uploaded to jessie-securitytesting, but there's still nothing there.
> > 
> > The 'Packages' file for jessie-securitytesting is currently blank:
> > 
> > https://ftp.qubes-os.org/repo/deb/r3.2/vm/dists/jessie-securitytesting/main/binary-amd64/Packages
> > 
> > Contrast with what the Packages file for jessie-testing has, which is a
> > lot of stuff:
> > 
> > https://ftp.qubes-os.org/repo/deb/r3.2/vm/dists/jessie-testing/main/binary-amd64/Packages
> > 
> > Is there something wrong at the moment with jessie-securitytesting? By
> > the way, it's also the same behaviour with the Wheezy and Stretch repos too.
> 
> The important package to fix this is issue is for dom0, so Debian
> packages are irrelevant here.
> 
> Packages are not uploaded to Debian repository because of this:
> https://github.com/QubesOS/qubes-issues/issues/2721
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJY48R8AAoJENuP0xzK19csn2AH/1gZRxteELkWV9x09FOX/fQi
> H81TgQs0gpObBPevhlfeR8N+jF5R7+vGslCklxciDCyzBe4TkTOUyyGvy3H6+2w2
> 75NYpS9lVSD3E02MrZdvrT92A/t7XeXD3dkoskyxTJeqkxfbpeYmkcs8l5LNXmPZ
> YrFMzE9lhfx/xh6p1+EHMOUn10BsYUkjKfHd0L0rMf9L63iPEykYD3oSTQpij8WT
> Fq7Ljrf/eBLKls7AlqXSDmFowMQ/31OPPOamhxn5fbisLrMqedOkvQ3T4WtuM4u/
> EBTm+s5LAYq/w7yShFSoOepZ5vbtUQ1yT7DK+r0BtJuKJ2C+/HuGapuvV9rwOtE=
> =rvcr
> -END PGP SIGNATURE-

so is xen packages version 2001:4.6.4-26 the updated versions?   also dom0 is 
still fc23 yes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e98e4bbe-09b5-4ffe-aedc-98a9e04beadf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Micro in a VM?

On Tuesday, April 4, 2017 at 3:12:16 PM UTC-4, evo wrote:
> i mean microphone, sorry.
> :-)
> 
> 
> Am 04.04.2017 um 21:09 schrieb cooloutac:
> > On Tuesday, April 4, 2017 at 2:02:14 PM UTC-4, evo wrote:
> >> Hello!
> >>
> >> I want to start an adobe connect session.
> >> So i need a micro in my standalone AppVM.
> >>
> >> But the micro is dead.
> >>
> >> does somebody have an idea?
> > 
> > I have no idea what you are talking about.  but hope someone responds cause 
> > I'm curious to learn.   What is a micro?
> >

OHH!  lol   what mic are you using?  you attached a usb mic to the vm?  or is 
this one attached to your usb camera?  you mean the camera is working but not 
the mic?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9435f129-5b92-46d5-948e-0d5e7cbcf780%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [4.398471] - Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block (0.0)



What I did was boot the qubes installation iso and chose troubleshooting.  Then 
booted into recovery mode prompt.

Then did chroot /mnt/sysimage   then did fsck -y /dev/mapper/dom0_root

It went through pages of errors it said it fixed.  then I rebooted and qubes 
started with no issues.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c640ce7-189b-4df2-94c2-38ab5e813327%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [4.398471] - Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block (0.0)

On Saturday, April 1, 2017 at 7:11:01 AM UTC-4, krasz...@gmail.com wrote:
> Had qubes-os installed on 64gb USB stick. Was everything working fine for 1 
> day. Yesterday I was in the VM manager and saw updates available for dom0, 
> whonix and fedora. Through the terminal I started the updates. Took a while 
> but all three was updated. Today I started to launch Qubes again and got this 
> error.
> 
> [4.398471] - Kernel panic - not syncing: VFS: Unable to mount root fs on 
> unknown-block (0.0)
> 
> [4.398508] CPU: 0 PID: 1 Comm: swapper/0Not tainted 
> 4.4.38-11.pvops.qubes.x86_61 #1
> [4.398571]  73d2c1cb 8801583fbda8 813b1a93
> [4.398667] 81a3ec60 8801583fbe40 8801583fbe30 8119ea2e
> [4.398762] 623000200010 8801583fbe40 8801583fbdd8 73d2c1cb
> [4.398858] Call Trace:
> [4.398884] [] dump_stack+0x63/0x90
> [4.398912] [] panic+0xd3/0x215
> [4.398940] [] mount_block_root+0x201/0x294
> [4.398969] [] mount_root+0x65/0x68
> [4.398996] [] prepare_namespace+0x13a/0x172
> [4.399025] [] kernel_init_freeable+0x205/0x229
> [4.399056] [] ? rest_init+0x80/0x80
> [4.399085] [] kernel_init+0xe/xe0
> [4.399112] [] ret_from_fork+0x3f/0x70
> [4.399140] [] ? rest_init+0x80/0x80
> [4.399172] Kernel Offset: disabled.

you sure the updates finished successfully.  I had a similar problem once 
because of sleep issues.  When pc wake from a long suspend it sometimes freeze, 
 or only work partially.  One time I was able to start an update,  but got 
errors.  I hard powered off and rebooted and then got and unable to mount root 
fs and only a grub prompt.

are you getting a grub prompt?  I'm not sure if I used a grub prompt or the 
qubes live usb. and then mounted the root partition and then did fsck to fix it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac25c3bb-0479-41a5-ae0e-59bce7038357%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Micro in a VM?

On Tuesday, April 4, 2017 at 3:34:15 PM UTC-4, evo wrote:
> Am 04.04.2017 um 21:31 schrieb cooloutac:
> > On Tuesday, April 4, 2017 at 3:12:16 PM UTC-4, evo wrote:
> >> i mean microphone, sorry.
> >> :-)
> >>
> >>
> >> Am 04.04.2017 um 21:09 schrieb cooloutac:
> >>> On Tuesday, April 4, 2017 at 2:02:14 PM UTC-4, evo wrote:
> >>>> Hello!
> >>>>
> >>>> I want to start an adobe connect session.
> >>>> So i need a micro in my standalone AppVM.
> >>>>
> >>>> But the micro is dead.
> >>>>
> >>>> does somebody have an idea?
> >>>
> >>> I have no idea what you are talking about.  but hope someone responds 
> >>> cause I'm curious to learn.   What is a micro?
> >>>
> > 
> > OHH!  lol   what mic are you using?  you attached a usb mic to the vm?  or 
> > is this one attached to your usb camera?  you mean the camera is working 
> > but not the mic?
> > 
> 
> 
> i use now just the mic from my laptop.
> 
> Later i want to use a usb-headset with cam which will be attached to
> sys-usb.
> 
> But now i used just an integrated mic without a cam.

so I assume you already tried to attach audio input from the qubes-manager 
menu.  What about in adobe connect is there any options to change mic settings? 
 What about pavucontrol,  or in dom0, to change default mic setting?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75936a11-8fd5-4b1c-a789-0662d03a969a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Micro in a VM?

On Tuesday, April 4, 2017 at 2:02:14 PM UTC-4, evo wrote:
> Hello!
> 
> I want to start an adobe connect session.
> So i need a micro in my standalone AppVM.
> 
> But the micro is dead.
> 
> does somebody have an idea?

I have no idea what you are talking about.  but hope someone responds cause I'm 
curious to learn.   What is a micro?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e80951e-ed93-4839-9fb6-9a50d26c822d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Micro in a VM?

On Tuesday, April 4, 2017 at 3:59:20 PM UTC-4, cooloutac wrote:
> On Tuesday, April 4, 2017 at 3:34:15 PM UTC-4, evo wrote:
> > Am 04.04.2017 um 21:31 schrieb cooloutac:
> > > On Tuesday, April 4, 2017 at 3:12:16 PM UTC-4, evo wrote:
> > >> i mean microphone, sorry.
> > >> :-)
> > >>
> > >>
> > >> Am 04.04.2017 um 21:09 schrieb cooloutac:
> > >>> On Tuesday, April 4, 2017 at 2:02:14 PM UTC-4, evo wrote:
> > >>>> Hello!
> > >>>>
> > >>>> I want to start an adobe connect session.
> > >>>> So i need a micro in my standalone AppVM.
> > >>>>
> > >>>> But the micro is dead.
> > >>>>
> > >>>> does somebody have an idea?
> > >>>
> > >>> I have no idea what you are talking about.  but hope someone responds 
> > >>> cause I'm curious to learn.   What is a micro?
> > >>>
> > > 
> > > OHH!  lol   what mic are you using?  you attached a usb mic to the vm?  
> > > or is this one attached to your usb camera?  you mean the camera is 
> > > working but not the mic?
> > > 
> > 
> > 
> > i use now just the mic from my laptop.
> > 
> > Later i want to use a usb-headset with cam which will be attached to
> > sys-usb.
> > 
> > But now i used just an integrated mic without a cam.
> 
> so I assume you already tried to attach audio input from the qubes-manager 
> menu.  What about in adobe connect is there any options to change mic 
> settings?  What about pavucontrol,  or in dom0, to change default mic setting?

also alsamixer in dom0 to check the levels is not muted.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba91e9dc-8c16-4371-b128-fe7d2af8ed7b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Persistent /usr/local: Are there risks?

2017-04-10 Thread cooloutac

On Monday, April 10, 2017 at 2:55:42 PM UTC-4, Reg Tiangha wrote:
> On 04/10/2017 12:41 PM, Chris Laprise wrote:
> >
> > Changing something in /usr/local/bin (or I assume /rw/usrlocal/bin)
> > requires privilege escalation. If sudo has no auth process, then there
> > is no challenge for the attacker... they can change /rw/usrlocal in
> > any case.
> >
> > But also, they can change /rw/config including rc.local and firewall
> > scripts which run as root!
> >
> > BTW, my "better question" above really referred to the non-home areas
> > of /rw.
> >
> 
> Ah, got it. Well, that's something, I suppose.
> 
> >>
> >> While my versions do exactly what you would expect them to do, the
> >> difference is that each time you launch one of my versions, it starts up
> >> a key logging service (no root required!) in the background that
> >> persists even after you close the app that launched it. So for that
> >> entire session (assuming that AppVM is connected to the Internet), I can
> >> capture all of your keystrokes. And because /usr/local is persistent and
> >> you probably don't constantly check /usr/local for changes (because
> >> again, you're not paranoid), those programs will stick around and launch
> >> the next time you access the VM.
> >
> > But this is a problem for things like ~/.bashrc as well. Using PATH=
> > or alias, attacker could divert you to a phony `git` command that logs
> > your github password before executing the intended operation.
> >
> > That's why I suggest people consider enabling sudo auth and securing
> > shell init scripts in /home (see my post "Protect AppVM init startup
> > scripts"). You could even have an in-template startup script that
> > resets most of /rw (root-owner bits) to defaults really shouldn't
> > be hard.
> >
> > In that case, your attack scenario hinges on having a Linux escalation
> > exploit, and even then it might not last long enough for you to
> > collect valuable info (e.g. resets or updates occur that patch the
> > vulnerability).
> >
> >
> 
> Still, though, let's say such Linux escalation exploit exists and a
> malicious person can access the AppVM's (let's set aside TemplateVMs for
> a moment) file system. They can't stick anything in most places in /
> because they'll disappear when the VM shuts down. Changes in /home/user
> could work, but because users interact with /home on a daily basis
> through shells or file browsers, the likelihood of them noticing changes
> there might be a bit higher so that might not be the smartest move. But
> how many here on this list regularly check their app/sys VMs for
> modifications to /usr/local? I'm doubting it's very many, and that I
> guess is my main concern.
> 
> Some people may not even be aware that it *is* persistent, so people who
> use something like Whonix who've been targeted might even have stuff
> living in /usr/local right now and may not even know it (since privilege
> escalation exploits in tor-browser seem to be found every so often).
> 
> I'm definitely going to apply your scripts to my TemplateVMs soon now
> that I've been made aware, but I wish there were a way to turn off
> persistent /usr/local and to make AppVMs use the TemplateVM's version
> instead. I don't use the feature, so I would prefer that /usr/local gets
> wiped every time like everything else in the root file system since
> that's the behaviour I expected to happen when I first started using
> Qubes (I only discovered for myself that it wasn't the case when I was
> trying to figure out why a custom-compiled version of Wine that I had
> made and installed in my TemplateVM wasn't showing up in my AppVM; its
> default prefix is /usr/local, which is why). Is there a way to turn off
> persistent /usr/local? Or is it something that's baked-in?

absolutely! great discussion!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cfb5ea6-a88a-44f4-a364-a7d19b34e22e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote:
> qubenix:
> > Andrew David Wong:
> >> On 2017-04-09 15:25, Joonas Lehtonen wrote:
> >>> Hi,
> >>
> >>> if you setup MAC randomization via network manager in a debian 9
> >>> template as described here:
> >>> https://www.qubes-os.org/doc/anonymizing-your-mac-address/
> >>> you still leak your hostname.
> >>
> >>> Once your MAC address is randomized you might also want to prevent the
> >>> disclosure of your netvm's hostname to the network, since "sys-net"
> >>> might be a unique hostname (that links all your random MAC addresses and
> >>> the fact that you likely use qubes).
> >>
> >>> To prevent the hostname leak via DHCP option (12):
> >>> - start the debian 9 template
> >>> - open the file /etc/dhcpd/dhclient.conf
> >>> - in line number 15 you should see "send host-name = gethostname();"
> >>> - comment (add "#" at the beginning) or remove that line and store the 
> >>> file
> >>> - reboot your netvm
> >>
> >>> I tested the change via inspecting dhcp requests and can confirm that
> >>> the hostname is no longer included in dhcp requests.
> >>
> >>
> >> Thanks. Added as a comment:
> >>
> >> https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-292843628
> >>
> >>
> > 
> > Nice. I was just thinking about this after spending some time on my
> > routers interface. Thanks for the post!
> > 
> 
> After testing this, 'sys-net' still shows up on my router interface.
> 
> -- 
> qubenix
> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

if you are talking about always connecting to your own router I would do a 
static connection, my router won't know hostname unless I use DHCP.  Not sure 
if this is the case for most routers or not.  But its good not to use dhcp for 
other reasons too. 

If you hop around public lans then this would be more of a hassle.

When I first started using qubes I too didn't like how it showed sys-net as 
hostname cause it would be obvious you are using Qubes.  Changing name is 
ideal,  a script to randomize it would be nice too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b18d551-538c-4cf8-9e71-e24784562191%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Skype Package Installation Issue

On Monday, April 10, 2017 at 11:45:01 PM UTC-4, Nick Geary wrote:
> I've installed the Skype .dpm package and installed it using dnf install 
> ./..dpm. The installation completed without errors. 
> 
> However, I don't see skype listed in the AppVm's list of available shortcuts 
> or within the installed software app. 
> 
> I've also tried installing Skype on a Debian template with the same result. 
> 
> How do I go about launching the Skype application post install?
> 
> The Skype web application has no option available for Web calls. The section 
> is greyed out, despite the webcam being loaded on the AppVm and accessable by 
> Cheese.
> 
> Any help is appreciated. It's been an interesting process. This being the 
> last step for a functional OS.
> 
> Thanks!!

have you tried qvm-sync-appmenus command from terminal?

Also to make sure its installed try launching program from the appvm terminal.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/974e90c6-6afb-4e46-9a38-7985e80d3ad1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Persistent /usr/local: Are there risks?

On Monday, April 10, 2017 at 5:54:27 PM UTC-4, Unman wrote:
> On Mon, Apr 10, 2017 at 03:39:26PM -0400, Chris Laprise wrote:
> > On 04/10/2017 03:17 PM, Chris Laprise wrote:
> > >On 04/10/2017 02:55 PM, Reg Tiangha wrote:
> > >
> > >I think I'll try an /etc/rc.local script that deletes /rw/usrlocal and
> > >re-creates just the top dir. Also /rw/config and /rw/bind-dirs. Pretty
> > >much the only persistent thing left would be contents of /rw/home, which
> > >is sort of a middle of the road between fully persistent /rw and using
> > >dispVMs for everything.
> > >
> > >
> > >>
> > >>I'm definitely going to apply your scripts to my TemplateVMs soon now
> > >>that I've been made aware, but I wish there were a way to turn off
> > >>persistent /usr/local and to make AppVMs use the TemplateVM's version
> > >>instead. I don't use the feature, so I would prefer that /usr/local gets
> > >>wiped every time like everything else in the root file system since
> > >>that's the behaviour I expected to happen when I first started using
> > >>Qubes (I only discovered for myself that it wasn't the case when I was
> > >>trying to figure out why a custom-compiled version of Wine that I had
> > >>made and installed in my TemplateVM wasn't showing up in my AppVM; its
> > >>default prefix is /usr/local, which is why). Is there a way to turn off
> > >>persistent /usr/local? Or is it something that's baked-in?
> > 
> > BTW, /usr/local == /rw/usrlocal. Its a symlink.
> > 
> 
> And it's set in the template - so if you don't want it open the template,
> remove the symlink and move /usr/local.orig to /usr/local.
> Then qubes based on that template wont have persistent /usr/local.
> 
> NB this will break torVMs and maybe other features of your Qubes.
> An alternative approach would be to run tripwire against persistent
> directories and monitor changes.
> 
> unman

Or just compartmentalize more and don't care so much if some of your vms get 
compromised. Assume some of them will and wipe them when in doubt. But being 
conscious of the potential issue is a good thing.  Tiangha brings up a good 
point and why to me its silly for some people to care about vms being sudoless.

I stopped using dispvms for important tasks.  I only use them for random or 
dangerous tasks now. And its because of that and other things I don't trust 
them for important tasks anymore.

I guess only monitoring a couple directories with tripwire on a few important 
vms would be ok.  But on baremetal linux it used to drive me crazy and can be 
noisy and I would always miss something.   Some extra Automatic hardening is 
always welcome and would be nice.  But I'm sure Qubes devs are busy on other 
things.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d07b6daf-b7bf-4c3d-80b1-d7d8bd2acf32%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HDMI-related threats in Qubes OS

On Monday, April 10, 2017 at 3:28:05 PM UTC-4, Vít Šesták wrote:
> > what about vga or dvi wires?
> 
> Frankly, my main interest is HDMI. But I have briefly looked at VGA and DVI 
> pinouts. It seems that the only input channels are hotplug (if you count 
> this) and DDC (for resolutions etc.). Plus older VGA seems to have some 
> pre-DDC mechanism called “Monitor ID”. For VGA, you can see scheme 
> http://pinouts.ru/Video/VGA15_pinout.shtml . The “Dir” column is helpful, 
> though it seems to be incorrect at line “I2C bidirectional data line”.
> 
> > Qubes already ignores hdmi sound driver in my case lol.
> 
> Well, I am not sure if this is intentional, but I don't think so.
> 
> > Because really how can we even trust its hardware, its another separate pc 
> > outside of qubes.
> 
> Well, you do trust you hardware at some degree. Without trusted HW, you 
> cannot trust it runs the SW properly and it does not spy you in other means, 
> e.g., by sending screen content somewhere. Malware in a compromised digital 
> TV could do so and neither Qubes nor cut wires can prevent it. But maybe you 
> decide to trust the TV just partially (e.g., public presentation), so you 
> don't read top-secret messages etc. here.
> 
> >  Same goes for printers if you using it,  you already giving up some 
> > privacy regardless of Qubes.
> 
> Mostly true, but a bit vague. But the situation is the same as with monitors 
> – choose your level of trust and then behave accordingly.
> 
> Regards,
> Vít Šesták 'v6ak'

yes exactly.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dbf2f0d5-7198-41eb-babb-425ad4be0d48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Scanner use in VM

On Monday, April 10, 2017 at 9:22:47 PM UTC-4, Daniel Acevedo wrote:
> I only see my scanner in dom0, using this command:
> 
>   # lsusb | grep Canon
> 
>   Bus 001 Device 005: ID 04a9:1909 Canon, Inc. CanoScan LiDE 110
> 
> Of course it doesn't appear in the VMs.
> 
> I know I should assign the USB device where the scanner is plugged to
> the VM where I'm going to use it. The problem is that I don't know
> which USB Hub I should select (I have 3 different ones) and I'm afraid
> of making the wrong move and losing mouse and keyboard control in
> Qubes, forcing me to reinstall everything from scratch.
> 
> Any tips would be appreciated.
> 
> Thaks in advance,
> Daniel
https://www.qubes-os.org/doc/assigning-devices/   scroll down to "finding the 
right usb controller"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b535d15f-9e2e-497b-ac5a-c7e004976a5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How much important is TPM?

On Saturday, April 1, 2017 at 5:45:49 AM UTC-4, tai...@gmx.com wrote:
> On 03/31/2017 10:45 PM, cooloutac wrote:
> > On Friday, March 31, 2017 at 4:20:09 PM UTC-4, Vít Šesták wrote:
> >> Thanks for your responses. p
> >>
> >> In this thread, I'd like to discuss how much can it help (i.e., how hard 
> >> is it to bypass).
> >>
> >> On self-encrypting devices: I generally don't trust those implementations 
> >> to be well-reviewed and well-designed, so SED is not a use case for me.
> >>
> >> Regards,
> >> Vít Šesták 'v6ak'
> > I think secure boot would make it better, but maybe a controversial thing 
> > to say.  I don't know much about this subject myself, but I don't think it 
> > actually stops anything.  Just lets you know if something has changed.  
> > Like a file integrity program kind of.
> >
> > And if something does change there is no fix so you will have to replace 
> > all the hardware.  (If thats something you're willing to do).
> >
> > You can also do other things like nail polish on screws or crevices. photo 
> > them before you leave it unattended... strongbox? lol
> >   
> Microsoft's "Secure" boot is made for security, as in - the security of 
> their income stream.
> So what you can't easily mess with the boot loader, well that doesn't 
> matter as you can still replace critical system files (verifying all 
> these would take too long and could cause problems)
> You aren't allowed to install a new boot loader with a SB system unless 
> it comes with the disablement option - that's it.
> 
> It is a signing key based loader for EFI, but you can do the same thing 
> with a variety of FOSS boot-loaders just without supporting their bullshit.
> 
> One day you won't be allowed to install linux on "your" (theirs) 
> computer, already 99% of computers are not owner controlled as they were 
> a decade ago - and secure boot 2.0's spec removes the disablement option 
> mandate and 3.0 will probably be enforced with some kind of ME/PSP scheme.

Yes my board and most let you use custom keys. Its still called secure boot. 
Yes Gentoo and Fedora has instructions how.

Richard Stallman even concedes now that secure boot is ok to use.  Because in 
its current state and due to the failure of its intended purpose, it actually 
has a security benefit.

And yes its not perfect.  but wouldn't it compliment aem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ef209ff-1469-4027-a7d2-9dcd35aa190f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How much important is TPM?



The hacking teams insyde bios exploit could only have been stopped with secure 
boot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e115faa1-996c-4bb6-8cac-c9ddd46bef7f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How much important is TPM?

On Friday, March 31, 2017 at 4:20:09 PM UTC-4, Vít Šesták wrote:
> Thanks for your responses. p
> 
> In this thread, I'd like to discuss how much can it help (i.e., how hard is 
> it to bypass).
> 
> On self-encrypting devices: I generally don't trust those implementations to 
> be well-reviewed and well-designed, so SED is not a use case for me.
> 
> Regards,
> Vít Šesták 'v6ak'

I think secure boot would make it better, but maybe a controversial thing to 
say.  I don't know much about this subject myself, but I don't think it 
actually stops anything.  Just lets you know if something has changed.  Like a 
file integrity program kind of.

And if something does change there is no fix so you will have to replace all 
the hardware.  (If thats something you're willing to do).

You can also do other things like nail polish on screws or crevices. photo them 
before you leave it unattended... strongbox? lol

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7bd4d43c-1aa2-4633-912a-627e99d2e3b6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How much important is TPM?

On Friday, March 31, 2017 at 10:45:28 PM UTC-4, cooloutac wrote:
> On Friday, March 31, 2017 at 4:20:09 PM UTC-4, Vít Šesták wrote:
> > Thanks for your responses. p
> > 
> > In this thread, I'd like to discuss how much can it help (i.e., how hard is 
> > it to bypass).
> > 
> > On self-encrypting devices: I generally don't trust those implementations 
> > to be well-reviewed and well-designed, so SED is not a use case for me.
> > 
> > Regards,
> > Vít Šesták 'v6ak'
> 
> I think secure boot would make it better, but maybe a controversial thing to 
> say.  I don't know much about this subject myself, but I don't think it 
> actually stops anything.  Just lets you know if something has changed.  Like 
> a file integrity program kind of.
> 
> And if something does change there is no fix so you will have to replace all 
> the hardware.  (If thats something you're willing to do).
> 
> You can also do other things like nail polish on screws or crevices. photo 
> them before you leave it unattended... strongbox? lol

Actually I say all that but supposedly hacking teams insyde bios hack worked 
remotely also. So maybe physical attack is not only vector, especially now we 
know that its possible for intel me to turn on wifi when we don't know it.  Or 
some have some cellular connections.  Even vpro/ME first came out was always 
for adminstering pcs remotely if off or crashed os.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03b9f968-9624-42ca-8d80-2eb9828f9035%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Breaking the Security Model of Subgraph OS

Nice will def read this!  

As far as I know only diff between doing it yourself is they have their own 
sandbox or something and everything is sandboxed that needs network?  And write 
a couple programs from scratch like a mail client? I can't remember,  I tried 
it out very briefly and  didn't like it...  I think I remember installing htop 
and seeing root processes and that took me by surprise thinking it was supposed 
to have hardcore kernel restrictions.

Then I think I was asking some questions of the developers on irc and didn't 
take it seriously or trust it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc91ad7d-7146-454b-9ef9-3225310e1a07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

On Wednesday, April 12, 2017 at 10:55:08 AM UTC-4, qubenix wrote:
> Unman:
> > On Tue, Apr 11, 2017 at 06:20:38AM -0700, Dominique St-Pierre Boucher wrote:
> >> On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote:
> >>> qubenix:
>  Andrew David Wong:
> > On 2017-04-09 15:25, Joonas Lehtonen wrote:
> >> Hi,
> >
> >> if you setup MAC randomization via network manager in a debian 9
> >> template as described here:
> >> https://www.qubes-os.org/doc/anonymizing-your-mac-address/
> >> you still leak your hostname.
> >
> >> Once your MAC address is randomized you might also want to prevent the
> >> disclosure of your netvm's hostname to the network, since "sys-net"
> >> might be a unique hostname (that links all your random MAC addresses 
> >> and
> >> the fact that you likely use qubes).
> >
> >> To prevent the hostname leak via DHCP option (12):
> >> - start the debian 9 template
> >> - open the file /etc/dhcpd/dhclient.conf
> >> - in line number 15 you should see "send host-name = gethostname();"
> >> - comment (add "#" at the beginning) or remove that line and store the 
> >> file
> >> - reboot your netvm
> >
> >> I tested the change via inspecting dhcp requests and can confirm that
> >> the hostname is no longer included in dhcp requests.
> >
> >
> > Thanks. Added as a comment:
> >
> > https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-292843628
> >
> >
> 
>  Nice. I was just thinking about this after spending some time on my
>  routers interface. Thanks for the post!
> 
> >>>
> >>> After testing this, 'sys-net' still shows up on my router interface.
> >>>
> >>> -- 
> >>> qubenix
> >>> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500
> >>
> >> Did the same test and got the same result.
> >>
> >> Anyone has a solution? I can always change my hostname for something else, 
> >> but I would prefer not sending the hostname or finding a way to randomize 
> >> it!!!
> >>
> >> Dominique
> >>
> > 
> > Strange, because those instructions are standard for removing the
> > hostname - I set it as blank, rather than commenting out. If you sniff
> > the traffic you will see that the hostname is indeed no longer sent.
> > 
> > Why is it on your router interface?
> > My guess is that your router is returning the hostname that it has
> > associated with the MAC address. I've seen this happen when changing
> > hostname, and the DHCP server returns the *old* hostname as part of
> > the DHCP exchange. If you reboot the router and test again, you may find
> > that the issue goes away.
> 
> Confirmed. Router was "guessing" that I was 'sys-net', but not from MAC
> (which is randomized). I believe it was using process of elimination
> based on stored device hostnames (this is not public, devices are pretty
> static). Since restarting the router, it give my pc the hostname of a
> device which connected automatically to it (the only one it had to
> "guess" from).
> 
> > 
> > You could, of course, set a random hostname from rc.local on each boot of
> > sys-net.
> > 
> > unman
> > 
> > 
> 
> 
> -- 
> qubenix
> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

But why use dhcp if its a static home connection?  I feel that is a security 
risk for other reasons and always disable it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/43eca04b-7f97-4c27-873a-1a85d2920361%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Breaking the Security Model of Subgraph OS

On Wednesday, April 12, 2017 at 4:34:48 AM UTC-4, Bernhard wrote:
> > What exactly makes subgraph special and not just another
> > apparmor/selinux MAC type clone?
> >
> > The firewall is a neat bit of progress however, but again that can
> > also be accomplished with an apparmor MAC default profile however
> > allow app to access site etc is only on an IP basis not a DNS basis
> > (dns basis is sketchy anyways).
> I perfectly agree that this 'phone home' business is inaccaptable. If
> you consider that this type of firewall is easy to set up within qubes I
> invite you to write a small tutorial on the subject for 'normal users' 
>  thank you! Bernhard

with Qubes its so easy to stop,  for example for the "phoning home from media 
players"  I just use a media-vm and disable internet access on it.  Of course 
the firewall deny except is an easy option too if you want to limit internet 
access on a specific vm.

For my case, only reason I would need custom firewall scripts, is to log 
network activity,  but problem is some Qubes system processes I would not be 
able to log. 

And Can't believe Subraph is still in alpha. I feel like I tried it out over a 
year or two ago?   If you compile your own grsec kernel and use the automatic 
desktop security over performance settings You will have more kernel 
protections then they have.  I don't understand that.  It doesn't actually hurt 
performance that I have ever noticed.  And their whole arrogant and nonchalant 
attitude about everything is hard to take serious.  David Mirza is an extremely 
nice guy, but I think hes just the marketing guy he doesn't really know how 
anything works,  Bruce Leidl is really the brains behind it and he seemed a 
little vindictive to me.  They are very typical imo,  ITL is anything but.  To 
me its like theory vs real world.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1b8ba47-96de-4d0d-b70d-6a592600c360%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

On Sunday, April 9, 2017 at 2:24:50 PM UTC-4, Daniel Acevedo wrote:
> On Sat, 8 Apr 2017 09:31:18 -0700 (PDT)
> cooloutac <raahe...@gmail.com> wrote:
> 
> > On Friday, April 7, 2017 at 2:51:11 AM UTC-4, sl98077 wrote:
> > > On Thursday, March 9, 2017 at 11:56:52 PM UTC-5, cooloutac wrote:  
> > > > Just to add you won't get any benefit from the Nvidia card.
> > > > Qubes only uses it for desktop effects.  the vms don;t have 3d
> > > > rendering.  
> > > 
> > > 
> > > It's not only about 3D rendering it has to do with users that want
> > > to also dual boot with a spare ssd, be a little mindful others have
> > > different obligations.. if Qubes wants to grow it needs to be
> > > readily available for all users.  
> > 
> > 
> > dual booting another os? That would defeat the purpose.  Qubes is for
> > people who want some exra security.  not a cool tech experiment.   
> > 
> 
> Using a Sata Switch that plugs in a PCI slot, one can turn on/off
> different drives, allowing dual booting without diminishing the
> security.
> 
> I ordered this one (still waiting for it):
> http://thumbs.ebaystatic.com/images/g/ZBgAAOSwvg9XbqSI/s-l225.jpg

You can also unplug the drives,  Its not only the drive that you need to worry 
about though. https://www.qubes-os.org/doc/multiboot/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fca90a7f-4027-4eab-adbd-be9428469651%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Stripping down dom0 kernels: Any tips?

On Tuesday, April 11, 2017 at 6:29:40 PM UTC-4, Reg Tiangha wrote:
> So I've been playing around with kernels in Qubes and successfully run
> kernel 4.10 in dom0 and any domUs where grsecurity-based kernels create
> too many issues. My next goal is to try and see if I can get coldkernel
> running in dom0 alongside the Qubes-specific kernel patches. I had tried
> a couple of months ago, but my machine kernel panicked and I ran out of
> time before I had to get back to work on other things so I stopped my
> trials.
> 
> I realized that the grsecurity patches can be configured for either a VM
> host or a guest, and I had previously only been compiling guest kernels
> and used that kernel.config to build my dom0 test kernel. I've been
> trying to avoid having to compile things twice, but if it not being a
> host kernel was why I was having issues, then maybe there is no choice
> but to have two separate kernel configs.
> 
> So if that's the case and I have to compile a separate dom0 kernel with
> its own configuration anyway, I might as well go all the way. I already
> customize my kernels for my specific hardware (for example, I strip away
> all of the AMD CPU specific stuff because I only run Intel hardware, and
> take out some drivers for hardware that I don't have or will never use,
> etc), but I'm thinking I can go much further for a dom0 kernel.
> 
> I'm talking about stripping away things like the TCP/IP stack,
> netfilter, every single hardware driver outside of disk, graphics, and
> keyboard/mouse, and maybe a few other things too.
> 
> The question I had was about Xen since I'm not as familiar with it as I
> am with building kernels in general:  How much does Xen need in dom0 in
> order to work with the hardware?  For example, since sys-net has my wifi
> drivers, can I remove wifi driver support in the dom0 kernel? Or does
> Xen need a driver for it in order to pass it along to sys-net? Same kind
> of question for keyboard/mouse; if I have a sys-usb VM, could I
> theoretically strip away all USB drivers from the dom0 kernel? I'm
> thinking I'd at least need USB keyboard in order to input the disk
> passphrase on boot and could probably ditch everything else, but maybe not?
> 
> I'll probably start playing around with seeing how far I can cut down
> the dom0 kernel this weekend, but figured in the meantime I'd ask the
> list if they have any advice or tips if they've tried something like
> this in the past.

I don't have the foggiest clue,  but sounds like a great idea!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/749f9783-db9e-4f7e-96f2-d521d77811d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] realized why I always lose sound in the vms

2017-04-05 Thread cooloutac

The sound mixer app I installed xfe in mutes things when I lower the volume all 
the way by accident.  Never realized till now lol.  I always have to go into 
dom0 alsamixer.

Is there a better plugin to use?  Does a new iso come with one by default now?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf1a8a5d-ee4a-4c0a-8057-f23b7bf92806%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Simple Dom0 password manager for an imperfect-but-strong security upgrade?

2017-04-09 Thread cooloutac

I gotta say the dvm template always gets messed up too.  So i also only 
consider it untrusted tasks now.  but the vault vm is great imo.

Maybe you should post in user devel the people there are not as noob as me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80fb44b6-c024-4a74-a1ec-a94eb7243329%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Simple Dom0 password manager for an imperfect-but-strong security upgrade?

2017-04-08 Thread cooloutac

On Saturday, April 8, 2017 at 4:32:05 PM UTC-4, Shane Optima wrote:
> >I wouldn't want a vm inserting anything in dom0.
> 
> You're *still* spreading this nonsense?  After what I just said?
> 
> I don't know how much more clearly I lay this out, but let's give it a shot: 
> Nothing is being 'inserted' into Dom0 and this does not in any way "open up" 
> Dom0.  This is a one-way street from Dom0 to the AppVMs, utilizing channels 
> that already exist, and it could not function at all unless the tool was 
> running *and* the user had manually set up a list of passwords in Dom0.
> 
> Even if VMs are *completely compromised*, they remain unable to insert any 
> information whatsoever into Dom0, they remain unable to generate the key 
> combination that activates the tool, and in case of a spoofing attack (in the 
>  context of a total VM compromise, which goes far beyond the spoofing 
> scenario suggested by M. Ouellet) they remain unable to request any passwords 
> that the user had not previously earmarked as being associated with *that 
> specific VM*. The Qubes isolation-based security model is thus being entirely 
> preserved here.
> 
> The aforementioned 'minor convenience' of the flow of information going the 
> other way isn't being discussed at this time. It's not worth the bother and 
> security implications, which is why I said that such functionality should 
> wait until a more mature version of the tool comes along--a tool that 
> probably doesn't utilize window titles at all and probably doesn't run in 
> Dom0. And that feature might not even need to be implemented; there might be 
> no real benefit vs. simply entering everything directly into the offline VM. 
> I haven't thought about it yet!  Because it isn't being discussed!  As a 
> *minor* convenience, it simply isn't on my radar right now.  The concept was 
> mentioned only to emphasize that it is what I am NOT suggesting. Capisce?
> 
> Once again, the simple-to-create prototype version of the tool being talked 
> about consists of Dom0 looking at window titles and then information flow 
> occurs in a one-way street from Dom0 to the AppVMs, uses existing channels. 
> Other than an optional anti-spoofing browser extension, the VMs would remain 
> *entirely* ignorant of the existence of this tool, meaning that an attacker 
> who entirely compromised a VM would not and could not know whether or not the 
> tool were installed or running in Dom0.
> 
> >I personally find you suspect.
> 
> I'd tell you what I personally find you to be, but I don't wish to be locked 
> up in solitary confinement.

Don't be scared.

" Absolutely nothing would happens if the user presses the "insert password" 
key combination if they haven't manually set up a password file on Dom0.  

An additional key combination to insert information into the Dom0 database from 
a VM would be a minor convenience that could be put off until the tool is 
overhauled (and probably moved out of Dom0 entirely.)"

How many times do you see "insert" and the word dom0?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b009d07-f8fc-403a-9a98-d26238c75a3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Does Qubes Use GrSecurity?

2017-04-08 Thread cooloutac

On Saturday, April 8, 2017 at 9:57:26 PM UTC-4, superlative wrote:
> On Saturday, August 29, 2015 at 7:11:41 AM UTC-7, Marek Marczykowski-Górecki 
> wrote:
> > Actually VM template doesn't have anything to say about kernel there. It is
> > provided independently from dom0. If you want some custom kernel (for
> > example grsec patched), you'll need place it in dom0 in
> > /var/lib/qubes/vm-kernels/SOME_NAME/
> > 
> > Some docs, links:
> > 1. Expected files in /var/lib/qubes/vm-kernels/SOME_NAME/: 
> > https://www.qubes-os.org/doc/TemplateImplementation/#modulesimg-xvdd
> > 2. Kernel packaging repo:
> > https://github.com/qubesos/qubes-linux-kernel
> > 3. qubes-prepare-vm-kernel - tool for preparing VM kernel based on one
> > already installed in dom0. Part of `qubes-kernel-vm-support` package
> > (not installed by default).
> > https://github.com/QubesOS/qubes-linux-utils/blob/master/kernel-modules/qubes-prepare-vm-kernel
> > 
> > - -- 
> > Best Regards,
> > Marek Marczykowski-Górecki
> > Invisible Things Lab
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> 
> Can I please feature request dom0 getting grsecurity patches upstream from 
> Qubes? Coming from someone who tried patching it myself once or twice, I 
> still don't know how to configure the kernel with the new patch. I tried 
> once, and I spent all day picking configurations to match my hardware, and I 
> know I didn't get it all right because there were a lot of acronyms that I 
> didn't understand even after googling them for tens of minutes. However, I 
> just noticed this in the grsecurity instructions that might not have been 
> there last time I tried it myself (I had to contact the developer of 
> grsecurity to update their instructions before on gpg verification which were 
> outdated, I spent enough time googling how to properly use gpg to tell the 
> developer exactly what they needed to change in the instructions which he 
> did), "It is recommended that you start by setting the Configuration Method 
> option to Automatic." Will setting it to automatic mean I won't have to 
> manually configure the hardware, so I can just focus on configuring 
> grsecurity? If so, the grsecurity instructions don't say how to configure 
> grsecurity. So even if I tried doing grsecurity on my own again, I would at 
> least know how to configure (automatically) the hardware, but I still 
> wouldn't know how to configure grsecurity. Or is that automatic too???

there is coldkernel thread on here that uses grsecurity for a vm I think not 
dom0.  That would probably just be an unnecessary nightmare for the developers 
too not just you lol.

Automatic settings,  or for example if you choose security over performance, 
desktop over server.   you have to pick xen obviously.   THere is like 3 or 4 
diff "automatic" settings to choose from.

Grsecurity has default system wide protections which is "automatic" system wide 
protections in the kernel.   then there is something called RBAC, which is like 
a MAC system like Apparmor (which also works in qubes) which also has an 
"automatic" learning mode.  

The part I always had trouble with is that you eventually will have know how to 
edit the rules file manually or add new programs or as system changes or things 
that your automatic profile won't catch.  Most Grsec devs don't even use RBAC I 
guess its something mostly for servers.

For me it was too much trouble for what its worth.  Obviously privilege 
escalation protections are not going to matter.  BUT people forget you can also 
use GRSEC to restrict R00t!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ff0d53c-ca51-4c66-8375-497cdfcd921a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Simple Dom0 password manager for an imperfect-but-strong security upgrade?

2017-04-08 Thread cooloutac

On Saturday, April 8, 2017 at 6:19:07 PM UTC-4, Shane Optima wrote:
> > Don't be scared.
> 
> It's a Shawshank Redemption reference.  
> 
> >>An additional key combination to insert information into the Dom0 database 
> >>from a VM would be a minor convenience that could be put off until the tool 
> >>is overhauled (and probably moved out of Dom0 entirely.)
> > How many times do you see "insert" and the word dom0?
> 
> I'm assuming you're merely being lazy here, in which case I would appreciate 
> it if you would refrain from spreading lies about things you can't be 
> bothered to read.  This is a difficult enough discussion without nonsense 
> being injected.
> 
> If this isn't a matter of sloth and your reading comprehension abilities are 
> actually limited to simple pattern matching, then there's no point in 
> continuing this tangent. 
> 
> Even assuming you ignored my clarifications entirely, you should pause for a 
> moment and consider how reasonable it is that you are using a sentence 
> containing the phrase "probably moved out of Dom0 entirely" to claim that I 
> am proposing that $foo should be done in Dom0.

its already out of dom0,  just use the vault vm.  If my Mother can handle ctrl 
shift c, I'm sure you can too.  This is like the most important part of Qubes 
you are talking about it.  I think it works fine, usability is not a good 
reason to add or change anything.  You lost me way earlier when you mentioned 
browser extensions.  Yes i'm a noob,  but you still sound like a security 
nightmare to me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49609146-e5d0-4d01-8729-a31e24f082ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Status of dvm support

2017-04-14 Thread cooloutac

On Friday, April 14, 2017 at 5:51:47 PM UTC-4, Unman wrote:
> On Thu, Apr 13, 2017 at 10:06:11AM -0700, justusranv...@gmail.com wrote:
> > I've experienced problems with DVMs on every Qubes install I've ever done. 
> > I currently have no devices running Qubes on which dvms work.
> > 
> > Based on several threads from last year I found on this issue, and this 
> > issue:
> > 
> > https://github.com/QubesOS/qubes-issues/issues/2182
> > 
> > Is it correct that once this bug with the dvm savefile is triggered, then 
> > dvms will never work on your system again unless you manually patch xen and 
> > recompile?
> > 
> > Are there instructions anywhere for doing this?
> > 
> 
> 
> There are instructions at www.qubes-os.org/doc/ under the Build
> heading.
> 
> Basically you set up the Build environment and Qubes Builder as detailed on
> those links, and then you will need to patch the Xen source tree before
> running 'make vmm-xen'.
> 
> What interests me most about this is that I have never had problems with
> disposableVMs on any install I've done, and that's coming up to 60
> installs now, on a wide variety of machines.
> I would be completely lost without disposableVMs - I use them a lot.
> 
> So what is it that triggers this bug for some users, and not others? I
> don't recall any systematic effort to track down what's happening at root
> cause.
> 
> unman

to me it happens where I get the bug that a dispvm won't start.  You click it 
from start menu and nothing happens.  I just delete the internal dvm template 
file and create a new one.  I think some people might have the issue of trying 
to create them without deleting old one first.

But one time I even noticed I must of went to some bad webpage or that the 
firefox couldn't handle it and it crashed out.  I mean closed and disappeared.  
after that dispvms wouldn't start.  could of been a porn page,  or a news site 
I can't remember.   Not sure how to trace anything with that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ce1c4aed-944d-4d65-aea1-8fe53b652718%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Status of dvm support

2017-04-14 Thread cooloutac

On Saturday, April 15, 2017 at 12:25:43 AM UTC-4, cooloutac wrote:
> On Friday, April 14, 2017 at 5:51:47 PM UTC-4, Unman wrote:
> > On Thu, Apr 13, 2017 at 10:06:11AM -0700, justusranv...@gmail.com wrote:
> > > I've experienced problems with DVMs on every Qubes install I've ever 
> > > done. I currently have no devices running Qubes on which dvms work.
> > > 
> > > Based on several threads from last year I found on this issue, and this 
> > > issue:
> > > 
> > > https://github.com/QubesOS/qubes-issues/issues/2182
> > > 
> > > Is it correct that once this bug with the dvm savefile is triggered, then 
> > > dvms will never work on your system again unless you manually patch xen 
> > > and recompile?
> > > 
> > > Are there instructions anywhere for doing this?
> > > 
> > 
> > 
> > There are instructions at www.qubes-os.org/doc/ under the Build
> > heading.
> > 
> > Basically you set up the Build environment and Qubes Builder as detailed on
> > those links, and then you will need to patch the Xen source tree before
> > running 'make vmm-xen'.
> > 
> > What interests me most about this is that I have never had problems with
> > disposableVMs on any install I've done, and that's coming up to 60
> > installs now, on a wide variety of machines.
> > I would be completely lost without disposableVMs - I use them a lot.
> > 
> > So what is it that triggers this bug for some users, and not others? I
> > don't recall any systematic effort to track down what's happening at root
> > cause.
> > 
> > unman
> 
> to me it happens where I get the bug that a dispvm won't start.  You click it 
> from start menu and nothing happens.  I just delete the internal dvm template 
> file and create a new one.  I think some people might have the issue of 
> trying to create them without deleting old one first.
> 
> But one time I even noticed I must of went to some bad webpage or that the 
> firefox couldn't handle it and it crashed out.  I mean closed and 
> disappeared.  after that dispvms wouldn't start.  could of been a porn page,  
> or a news site I can't remember.   Not sure how to trace anything with that.

has only happened no more then a handful of times the few years I've used Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/729b1506-6c7a-4929-a159-8ce773081500%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Status of dvm support

2017-04-16 Thread cooloutac

On Sunday, April 16, 2017 at 7:25:51 PM UTC-4, cooloutac wrote:
> On Saturday, April 15, 2017 at 12:27:18 AM UTC-4, cooloutac wrote:
> > On Saturday, April 15, 2017 at 12:25:43 AM UTC-4, cooloutac wrote:
> > > On Friday, April 14, 2017 at 5:51:47 PM UTC-4, Unman wrote:
> > > > On Thu, Apr 13, 2017 at 10:06:11AM -0700, justusranv...@gmail.com wrote:
> > > > > I've experienced problems with DVMs on every Qubes install I've ever 
> > > > > done. I currently have no devices running Qubes on which dvms work.
> > > > > 
> > > > > Based on several threads from last year I found on this issue, and 
> > > > > this issue:
> > > > > 
> > > > > https://github.com/QubesOS/qubes-issues/issues/2182
> > > > > 
> > > > > Is it correct that once this bug with the dvm savefile is triggered, 
> > > > > then dvms will never work on your system again unless you manually 
> > > > > patch xen and recompile?
> > > > > 
> > > > > Are there instructions anywhere for doing this?
> > > > > 
> > > > 
> > > > 
> > > > There are instructions at www.qubes-os.org/doc/ under the Build
> > > > heading.
> > > > 
> > > > Basically you set up the Build environment and Qubes Builder as 
> > > > detailed on
> > > > those links, and then you will need to patch the Xen source tree before
> > > > running 'make vmm-xen'.
> > > > 
> > > > What interests me most about this is that I have never had problems with
> > > > disposableVMs on any install I've done, and that's coming up to 60
> > > > installs now, on a wide variety of machines.
> > > > I would be completely lost without disposableVMs - I use them a lot.
> > > > 
> > > > So what is it that triggers this bug for some users, and not others? I
> > > > don't recall any systematic effort to track down what's happening at 
> > > > root
> > > > cause.
> > > > 
> > > > unman
> > > 
> > > to me it happens where I get the bug that a dispvm won't start.  You 
> > > click it from start menu and nothing happens.  I just delete the internal 
> > > dvm template file and create a new one.  I think some people might have 
> > > the issue of trying to create them without deleting old one first.
> > > 
> > > But one time I even noticed I must of went to some bad webpage or that 
> > > the firefox couldn't handle it and it crashed out.  I mean closed and 
> > > disappeared.  after that dispvms wouldn't start.  could of been a porn 
> > > page,  or a news site I can't remember.   Not sure how to trace anything 
> > > with that.
> > 
> > has only happened no more then a handful of times the few years I've used 
> > Qubes.
> 
> I forgot on one of my machines for over a week now,  every time I start a 
> dispvm it has a yellow triangle for not allrequested memory being returned.  
> I shut down the vm and triangle goes away, start it and it comes back.  
> Deleting the dvm and recreating it is not fixing this, nor is rebooting. Even 
> if its the only vm I load.  Only recent anomaly.  no idea what log to look 
> at,  makes me uncomfortable using it on that machine.

also the vm on this machine is running terribly slow even with more cpu cores 
enabled.  I thought it was slow internet just now and realized its osmething 
wrong with this dvm.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/abe5e1c2-503d-443f-b8b8-942b10f8bef4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Status of dvm support

2017-04-16 Thread cooloutac

On Saturday, April 15, 2017 at 12:27:18 AM UTC-4, cooloutac wrote:
> On Saturday, April 15, 2017 at 12:25:43 AM UTC-4, cooloutac wrote:
> > On Friday, April 14, 2017 at 5:51:47 PM UTC-4, Unman wrote:
> > > On Thu, Apr 13, 2017 at 10:06:11AM -0700, justusranv...@gmail.com wrote:
> > > > I've experienced problems with DVMs on every Qubes install I've ever 
> > > > done. I currently have no devices running Qubes on which dvms work.
> > > > 
> > > > Based on several threads from last year I found on this issue, and this 
> > > > issue:
> > > > 
> > > > https://github.com/QubesOS/qubes-issues/issues/2182
> > > > 
> > > > Is it correct that once this bug with the dvm savefile is triggered, 
> > > > then dvms will never work on your system again unless you manually 
> > > > patch xen and recompile?
> > > > 
> > > > Are there instructions anywhere for doing this?
> > > > 
> > > 
> > > 
> > > There are instructions at www.qubes-os.org/doc/ under the Build
> > > heading.
> > > 
> > > Basically you set up the Build environment and Qubes Builder as detailed 
> > > on
> > > those links, and then you will need to patch the Xen source tree before
> > > running 'make vmm-xen'.
> > > 
> > > What interests me most about this is that I have never had problems with
> > > disposableVMs on any install I've done, and that's coming up to 60
> > > installs now, on a wide variety of machines.
> > > I would be completely lost without disposableVMs - I use them a lot.
> > > 
> > > So what is it that triggers this bug for some users, and not others? I
> > > don't recall any systematic effort to track down what's happening at root
> > > cause.
> > > 
> > > unman
> > 
> > to me it happens where I get the bug that a dispvm won't start.  You click 
> > it from start menu and nothing happens.  I just delete the internal dvm 
> > template file and create a new one.  I think some people might have the 
> > issue of trying to create them without deleting old one first.
> > 
> > But one time I even noticed I must of went to some bad webpage or that the 
> > firefox couldn't handle it and it crashed out.  I mean closed and 
> > disappeared.  after that dispvms wouldn't start.  could of been a porn 
> > page,  or a news site I can't remember.   Not sure how to trace anything 
> > with that.
> 
> has only happened no more then a handful of times the few years I've used 
> Qubes.

I forgot on one of my machines for over a week now,  every time I start a 
dispvm it has a yellow triangle for not allrequested memory being returned.  I 
shut down the vm and triangle goes away, start it and it comes back.  Deleting 
the dvm and recreating it is not fixing this, nor is rebooting. Even if its the 
only vm I load.  Only recent anomaly.  no idea what log to look at,  makes me 
uncomfortable using it on that machine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3100df3a-6f84-4731-a49f-c35600bd82df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] say it out (loud) - Qubes OS Stickers

2017-04-20 Thread cooloutac

On Thursday, April 20, 2017 at 6:07:45 PM UTC-4, Francesco wrote:
> On Thu, Apr 20, 2017 at 4:16 PM, J. Eppler  wrote:
> Hello,
> 
> 
> 
> I really like the simple design from Brennan Novak.
> 
> 
> 
> 
> 
> Writing on a sticker "a reasonable secure operating system" is very rational 
> and balanced, but is too long to find its place close to the keyboard. 
> Perhaps just a single word coupled with the logo, like "secure" or "secured" 
> or "security" or something similar.
> 
> Best
> 
> Fran 
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/a6998e1b-e220-40a4-a3e4-e80cae5a21ad%40googlegroups.com.
> 
> 
> 
> For more options, visit https://groups.google.com/d/optout.

"somewhat secure"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9730969c-46a6-44fc-ab81-e02c4bf608bc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations

On Thursday, April 13, 2017 at 8:18:20 PM UTC-4, Joonas Lehtonen wrote:
> https://nvd.nist.gov/vuln/detail/CVE-2016-10229
> > udp.c in the Linux kernel before 4.5 allows remote attackers to
> > execute arbitrary code via UDP traffic [...]
> 
> fixed in [1] (2015-12-30)
> 
> It never affected Fedora according to:
> https://bugzilla.redhat.com/show_bug.cgi?id=1439740#c2
> > This fix was committed upstream in the 4.5 kernel merge window (Dec
> > 2015). It has never impacted any of the currently supported versions of
> > Fedora.
> 
> In Debian it got fixed on 2016-01-5
> https://www.debian.org/security/2016/dsa-3434
> 3.16.7-ckt20-1+deb8u2
> https://security-tracker.debian.org/tracker/CVE-2016-10229
> 
> Since Qubes VMs depend on dom0 for kernel updates, Qubes user do not get
> kernel updates from upstream distros.
> 
> - Qubes currently ships kernel 4.4.38 for VMs
> Kernel 4.4.38 has been released on 2016-12-10 so I assume it contains
> the fix?
> 
> - Have Qubes VM kernels (provided by dom0) ever been affected (in the
> past of R3.2)?
> 
> Since Qubes does not frequently release VM kernel updates*:
> Do you recommend to switch to pvgrub and in-VM kernels to be able to
> take advantage of regular distro kernel updates?
> 
> The upcoming/planed binary packages of coldkernel probably address this
> topic as well.
> 
> thanks!
> Joonas
> 
> 
> *) I know, that in-VM security is/should not be relevant for the
> isolation between VMs but if someone can compromise all networked VMs
> via vulnerabilities in the UDP/TCP/IP stack it is probably as bad as
> having no isolation.
> 
> 
> [1]
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191

read this discussion, kernel verison might not mean much here.  
https://news.ycombinator.com/item?id=14105718

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dba8d6a-3eea-4eda-b583-9c1c953f2901%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations

On Thursday, April 13, 2017 at 11:26:07 PM UTC-4, cooloutac wrote:
> So probably the kernels are not actually vulnerable, They fixed it a year ago 
> with patches,  and with Qubes you assume this sort of priv escl thing 
> regardless which is why they don't even bother with sudo.

Actually when it comes to redhat they claim the code was never there to 
exploit.  But redhat might not apply to fedora kernel so I'm kind of curious 
myself now.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30177442-2381-4c2e-8db5-bb16171a939f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Big problem?

I've done that before man, it can happen to anybody.  Just reinstall qubes from 
the usb stick again and do the password over, 
 this time one that will work for both keyboard if possible.  Or one you can 
remember how to type on both.

I also have a similar issue on raspberry pi where no matter what I do when I 
reboot ro plug in my kb it goes to uk layout and some keys are diff so in the 
passwords so I have to use one that works for both.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e445d6f-52a8-496e-8c91-3037f3ba2ec7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Status of dvm support

On Thursday, April 13, 2017 at 1:06:11 PM UTC-4, justus...@gmail.com wrote:
> I've experienced problems with DVMs on every Qubes install I've ever done. I 
> currently have no devices running Qubes on which dvms work.
> 
> Based on several threads from last year I found on this issue, and this issue:
> 
> https://github.com/QubesOS/qubes-issues/issues/2182
> 
> Is it correct that once this bug with the dvm savefile is triggered, then 
> dvms will never work on your system again unless you manually patch xen and 
> recompile?
> 
> Are there instructions anywhere for doing this?

I never heard of that.  Have you tried to just delete the dvm from qubes 
manager, then from dom0 terminal type qvm-create-default-dvm fedora-24?  That 
always works for me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4ad3b21-0812-4429-aaa7-25df592861ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations

So probably the kernels are not actually vulnerable, They fixed it a year ago 
with patches,  and with Qubes you assume this sort of priv escl thing 
regardless which is why they don't even bother with sudo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a7b2a30e-a7e9-4059-8e25-585d7139e2e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: gparted suggestions?

2017-04-20 Thread cooloutac

On Thursday, April 20, 2017 at 10:59:35 AM UTC-4, Patrick Bouldin wrote:
> Hi, I am re-partitioning a corrupted drive on a Lenovo laptop with an i5. Do 
> not need to save data, I'm starting over.
> 
> So, I have booted to a USB with gparted tool. I would like to have two 
> partitions, one for qubes and one for windows 10. I would also like to have 
> it boot to something that asks me where to boot, either qubes or windows 10, 
> so maybe that's another partition.
> 
> Being brand new to gparted I don't know how best to set it up.
> 
> If you have experience with this I'd appreciate any suggestions before I dive 
> in.
> 
> Thank you,
> Patrick

I would just use the installer to partition and wouldn't bother using gparted 
first.  You can use a linux installer and then just leave unallocated space for 
windows installer.  Actually windows 10 ruined my baremetal debian partition 
when installing it, so you might want to install windows 10 first.  You can 
also just shrink the partition from within windows 10 after you install it.  
then use linux installer on the unallocated space.  You gonna have to modify 
grub to be able to dual boot windows and qubes either way.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de31a08b-4659-4375-940b-27a1d43cae54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: M.2 SSD Not recognized as a bootable device

2017-04-15 Thread cooloutac

On Wednesday, April 12, 2017 at 6:30:51 PM UTC-4, mystre...@gmail.com wrote:
> Hello, i hope you can help me.
> After I install Qubes to the SSD and reboot, it does not recognize the SSD as 
> a bootable device. Using the same install procedures on another SSD (SATA), 
> everything works fine. When using Qubes from the SSD (SATA) to access the M.2 
> SSD, the BOOT file is empty, so there are no files to rename as you've 
> directed in the UEFI troubleshooting. Also, I cannot access the /BOOT/EFI/ 
> file on my SSD (SATA), it says I don't have the required permissions.
> I have also compared the Partitions from my M.2 SSD and the other SSD and 
> they are the same. 
> M.2 SSD PARTITIONS: http://imgur.com/a/GPCYh
> SSD PARTITIONS: http://imgur.com/a/QIzph

check bios options.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b905325d-5a16-43ee-9d0f-f3ca338ad198%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Big problem?

2017-04-15 Thread cooloutac

On Saturday, April 15, 2017 at 12:10:12 PM UTC-4, rubb...@gmail.com wrote:
> Okey, I will try to do it how you explain to me. So I need to get first a USB 
> with windows on it, that i can download online? But when I insert the USB 
> there wont popup a window or something how can I go back to windows from that 
> USB? If you can give me a detailed guide on how to do it I might be able to 
> do it.
> 
> Sorry for my lack of knowledge, I really appreciate your help!

how did you boot the Qubes USB?   Just do the same thing and this time make a 
diff password.  But maybe yes if you have no computer experience windows might 
be easier for you.  Maybe call up Microsoft help line.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e69676a2-0864-40c8-8b54-1eda9b79a92e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Big problem?

2017-04-18 Thread cooloutac

On Tuesday, April 18, 2017 at 10:33:15 AM UTC-4, rubb...@gmail.com wrote:
> Yes it has SSD. I was able to get into the bios by smashinf very fast my f10 
> key. What do I have to do once i'm in there? I am not able anymore to get 
> windows back right? I had to delete it by the installation of Qubes.

you can call microsoft to get windows back.

Why is it not possible to boot the usb stick again.  What did you do the first 
time that you can't do now?  USB sticks just don't boot themselves by default 
usually,  but if it did the first time it should still now.

In your bios options look for the boot order section, you also might have to 
enable booting from external disk option.

What is the model of your pc?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf0b650b-b14a-42ff-b640-7021401d279c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to handle untrusted applications?

2017-04-18 Thread cooloutac

On Tuesday, April 18, 2017 at 5:30:47 AM UTC-4, nons...@graumannschaft.org 
wrote:
> What is a sane way to manage applications one doesn't trust (e.g. Skype )? As 
> far as I understand the qubes concept so far, I would either have to install 
> the app in my general template (which I do not want ) or create a dedicated 
> template just for the app vm that is supposed to run that app ... is that 
> correct? 
> 
> Joh

yes correct.  Another option is disposable vm instead of appvm based on the 
dedicated template, but that might be trickier with skype.  I have no 
experience with it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f990180e-7703-437a-8fce-900c00e8ae9c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Big problem?

2017-04-18 Thread cooloutac

On Tuesday, April 18, 2017 at 12:32:56 PM UTC-4, rubb...@gmail.com wrote:
> My laptop is a HP Notebook. But what else do I have to do boot again from 
> that USB and reinstall qubes? I guess i don't get the option by just plugging 
> in the USB?

hp notebook isn't enough info.  what is the exact model number?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/452b6bb4-6f33-4491-bf12-fafd96f2e667%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes not loading latest installed kernel...? + How to remove old kernel versions?



Maybe this is totally unrelated,  but I had to update dom0 twice.  First time 
it didn't really update.  Noticed the green download arrow again in 
qubes-manager hours later and that time it seemed to a big update.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e92c05fd-91e2-4299-a76b-ee3bf3bac2e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Backdoor Distros?

On Wednesday, April 19, 2017 at 2:48:47 PM UTC-4, 
1'0318'4810'4014'12'40'4801'4248 wrote:
> Hello,
> 
> is it possible, that some Distros get delivered with Backdoors?
> 
> https://shop.heise.de/katalog/zertifizierter-pinguin
> 
> (sorry this is in German)
> 
> Kind Regards,

as A Qubes user I've learned the even bigger problem is the hardware.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e521aa8c-d2a6-41b0-8cb2-e0e5f08fdf76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: google chrome and chromium freezing

On Wednesday, April 19, 2017 at 7:00:07 PM UTC-4, cooloutac wrote:
> Well this time it happened again and on the debian-8-clone-1 template that 
> didn't have a missing kernel issue.   wow.
> 
> And yes I can confirm what Reg Tiangha said... I opened a gnome-terminal  
> when the update froze. And as soon as I did that you could see the y's pop on 
> the screen I was hitting for yes to update.  But then both terminals froze.  
> So I simply just once again opened a second gnome-terminal and they 
> everything unfroze immediately and updates kicked into action.
> 
> No idea what that means but hopefully thats a clue for a dev.

Ya I don't think this is related to the missing kernel issue, or at least that 
wasn't the direct cause it seems.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0354ef2-4227-4a63-bfd1-af35f202abea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: google chrome and chromium freezing

Well this time it happened again and on the debian-8-clone-1 template that 
didn't have a missing kernel issue.   wow.

And yes I can confirm what Reg Tiangha said... I opened a gnome-terminal  when 
the update froze. And as soon as I did that you could see the y's pop on the 
screen I was hitting for yes to update.  But then both terminals froze.  So I 
simply just once again opened a second gnome-terminal and they everything 
unfroze immediately and updates kicked into action.

No idea what that means but hopefully thats a clue for a dev.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e7fd86e-3f8d-4e14-8ea8-1fb0b6225919%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: google chrome and chromium freezing

On Wednesday, April 19, 2017 at 12:52:26 PM UTC-4, Reg Tiangha wrote:
> On 04/19/2017 10:44 AM, Andrew David Wong wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> >
> > On 2017-04-19 09:40, Andrew David Wong wrote:
> >> On 2017-04-18 21:11, Reg Tiangha wrote:
> >>> On 04/18/2017 10:05 PM, cooloutac wrote:
> >>>> Just started today dunno what the heck is up with that.  In a 
> >>>> bunch of my appvms. It wasn't the dom0 update that error ed my
> >>>>  vms this issue was happening right before that.  My Mother had
> >>>>  told me she had tried to update dom0, or thought she did 
> >>>> already, but apparently it didn't update. I bet it errored or 
> >>>> something. She said she had no freezing at all in a few vms
> >>>> and updated right before she got off.  So I'm thinking it
> >>>> started after that failed dom0 update.
> >>>>
> >>>> But I also had noticed a week prior that chrome was not 
> >>>> showing, for example, the live chat popup button on
> >>>> amazon.com. with no extensions nothing. ah no they probably
> >>>> changed their chat to allow some non https connection or
> >>>> something I bet. and in the default disposable I use with
> >>>> firefox that is not the case. sorry fro the stream of
> >>>> consciousness.
> >>>>
> >>>> Regardless, I'm still using firefox for right now cause the 
> >>>> freezing in the suspect vms has not happened with firefox for 
> >>>> some reason.  Over the years I always go back and forth to 
> >>>> whichever one is less abused for the current time being.
> >>>>
> >>>> But I'm so paranoid right now I'm gonna wipe the entire system.
> >>>> Actually even keepassx vault froze on me...   I hope its just a
> >>>> hardware failure, fedora is good about monitoring hdd
> >>>> though...but yikes.
> >>>>
> >>>> anybody have any encouraging words for me? lol.
> >>>>
> >>> No encouraging words, but I've noticed freezing today too. Not
> >>> in Chrome, but in things like nautilus and gnome-terminal. It's 
> >>> sporadic, though and I haven't nailed anything down yet except it
> >>> was something in the latest batch of stable updates.
> >>> My coldkernel VMs won't boot either, and it's very similar to 
> >>> these threads (ErrorHandler: BadAccess (attempt to access private
> >>> resource denied), but they'll boot properly with a dom0 vm
> >>> kernel):
> >>> grsecurity kernel 4.9.20 not working - Qubes ErrorHandler: 
> >>> BadAccess MIT-SHM
> >>> https://groups.google.com/forum/#!topic/qubes-users/2X8wi5XebJc
> >>
> >>> [bug] qubes-guid crashes when putting debian-9 VM in true XFCE 
> >>> fullscreen
> >>> https://groups.google.com/forum/#!topic/qubes-users/d0lsqBbDYc0
> >>
> >>> Unsolicited feedback on qubes-issue #2455
> >>> https://groups.google.com/forum/#!topic/qubes-users/NSZEZD_k7KE
> > I believe this bug is different from the ones described in these other
> > three threads.
> >
> > - -- 
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> > -BEGIN PGP SIGNATURE-
> >
> > iQIcBAEBCgAGBQJY95PeAAoJENtN07w5UDAwY/EP/RxqBGLMxT1vFjLx+bF3ES1E
> > Pz+0odzJbVwj3A2Ww9AXPIERhGj74tGmZE2DS7iyxgcYlSvrWAww+M6SdgAZmDR2
> > DSptZeVKtcbRlmNb6WMkBil8MFwL2PlVzNLlAOj0emOKMTIenR+56/H69XUA0FNF
> > R3gRdGgD/rJVI0/0jwrupuI1ZGjt3yRmurMxXMSvlFPcfJJypemk7cTm1HHDi+Or
> > Kl1OGE9b71ang3Ege4SQrn0lH5d8mX3b+SkjlkebuUXXhJE/Q6RieftFqpv9fgwI
> > LkzVadTf/xBxTH9DezOwuGP4AKci+Qdz6TLaHC+Am4c4yG/kaNnqXYVnWCSZ2FEc
> > +ZXchiSFxr0M+yCK6rnwEa4n/D5K2/ZznjsQNcm35W5+aHDKNDHye8sLFG65G0Jt
> > /rMvQ+d3vlW3gghVTc+NeWRu1/yGHi4Jm5Btv6Wb26W8e1EURzVGUcsKXPKyToAD
> > B42j1sXv9TktfwOGzLynnKC9QEbzUsmX5eVid4bJH/U/e8aC48k5gUmNnwxHdMyH
> > L/avwmybgXzDozdj2qPj4PaIWRjY8qGugsgb35nQD213YPbySNSwTfeGpTH43W+/
> > 4yy6LFTn1+WBVQhsbq0u3zIBAenyseJzTrwRHygMg8iPQPR3L3ijl99vEx0K23zr
> > oFhqe9T3z+a2CwCdRQJI
> > =Zbw4
> > -END PGP SIGNATURE-
> >
> Yeah, it's probably a different bug.
> 
> Andrew, what's your hardware configuration? Specifically, RAM and
> whether or not you're running on an SSD or a hard drive?
> 
> I'm still trying to resolve some of my other issues that I'm
> experiencing because of the update, but I'm noticing a lot

[qubes-users] Re: Qubes not loading latest installed kernel...? + How to remove old kernel versions?

On Wednesday, April 19, 2017 at 5:25:44 PM UTC-4, cooloutac wrote:
> Maybe this is totally unrelated, but I had to update dom0 twice. First time
> it didn't really update. Noticed the green download arrow again in
> qubes-manager hours later and that time it seemed to a big update.

Actually it wasn't even me, it was a family member, and I should of told them
to only notifiy me when they see a dom0 update, sigh... I've told them to
make sure they read what it says but this is kind of crazy.

They told me they already updated dom0 they thought, and I thought ok you
normally see that in tempaltes where it updates but doesn't refresh cache or
something and still shows a green arrow, but then you go to update and it says
nothing to do (cause you know it was already updated maeks sense).

But this was probably a failed update or it did something else.

Only other time this happened to me with Qubes I blame on a bad resume from
suspend that I didn't realize till too late, and the fact I am using an SSD.
Which I am learning very fast are prone to fk up your data. Qubes got borked
after I did a failed Dom0 update and I had to install.

This time its different. We should make the Tor updates by default. But then
again this is type of thing that would happen on the whonix template and I
always delete it immediately. Always get failed key checks on that all the
time, weird update errors and it always has to do with the servers. So I'm
just at a loss I rely on the experts some form of encrypted updates I think
would def be better then just a key check. I would prefer it not be tor, but I
guess thats better the nothing. Especially if people don't pay attention.
Anybody could miss it, especially when using the little xterm window when
updating with gui. lol.

I'm sorry for rambling about an unrelated topic.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/51fdc9ba-2f35-43f6-b9a5-4a1d5eadfad2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] feedback for todays kernel-qubes-vm update (4.4.55-11)

On Wednesday, April 19, 2017 at 11:23:26 AM UTC-4, Joonas Lehtonen wrote:
> Marek Marczykowski-Górecki:
> > On Tue, Apr 18, 2017 at 10:54:00AM +, Joonas Lehtonen wrote:
> > 
> > 
> >> Joonas Lehtonen:
> >>> Hi,
> >>>
> >>> just a quick notice about todays kernel update.
> >>>
> >>> After upgrading, the new kernel 4.4.55 became the new default for all
> >>> VMs that previously used the default kernel, but
> >>> VMs would no longer boot because they claim that an old kernel the one
> >>> that got removed during the upgrade (4.4.11?) is no longer present even
> >>> though the VM was configured to boot the default (4.4.55).
> > 
> >> This was mainly an UI thing. qvm-ls -k displayed it correctly. These
> >> affected VMs used to have the now-removed kernel version 4.4.14-11.
> >> Qubes Manager just can not display not installed kernels.
> > 
> > So, Qubes Manager shows still old kernel? Have you tried restarting it
> > (Qubes Manager)?
> 
> Qubes Manager showed the new kernel (4.4.55-11) while qvm-ls -k showed
> the old (removed) kernel.
> 
> Qubes Manager got restarted automatically during updating dom0.

I'm thinking more its what Reg said I have a felling all my affected vms were 
created at the same time.  My debian clone is newer then my fedora clone.  
Obviously I don't back up the sys vms or untrusteds. and those were only ones 
not affected.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e5edb46-27a2-4ca7-9901-ecbec07c2779%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: grsecurity kernel 4.9.20 not working - Qubes ErrorHandler: BadAccess MIT-SHM

On Wednesday, April 19, 2017 at 6:22:29 PM UTC-4, Reg Tiangha wrote:
> On 04/18/2017 11:56 PM, Reg Tiangha wrote:
> > It's a Kernel 4.9 issue with the latest Qubes updates. jessie-backports
> > has a stock 4.9 kernel so I installed that, and I'm getting the *exact*
> > same behaviour as with the coldkernel 4.9 version.
> >
> > I know it's *not* necessarily a 4.9 issue alone because I've been
> > running a 4.9 coldkernel in my VMs since at least December. So something
> > in the latest Qubes updates breaks compatibility with kernel 4.9. Not
> > sure how to fix that, but I'll report it.
> >
> >
> For anyone following the thread, this is just a follow up, but it turned
> out *not* to be a 4.9 on PVGRUB problem, but the typical dkms not
> compiling the u2mfn module on upgrade issue that sometimes happens. I
> wrote a post mortem here:
> 
> https://github.com/QubesOS/qubes-issues/issues/2762
> 
> But I wonder if that ErrorHandler: BadAccess message that appears in
> guid.conf is indicative of this issue. I haven't kept an eye on it long
> enough to be able to say either way, but it's definitely something to
> keep in mind if that kind of error pops up in the future.
> 
> 
> For me, the fix was to manually make dkms recompile the u2mfn module. In
> Debian, run:
> 
> ls /var/lib/initramfs-tools | sudo xargs -n1
> /usr/lib/dkms/dkms_autoinstaller start
> 
> and what that will do is force dkms to recompile all modules for any and
> all locally installed kernels in the VM template. Then shutdown the
> TemplateVM and then reboot your AppVMs and they should hopefully come
> back up normally.
Is this related to starting a vm with custom kernel would start but then go 
yellow and no gui?  I could remote in and boot screen would show  all loaded ok 
but I couldn't load nothing.  I have to try those commands tks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17bd499b-863a-4663-be32-1020ec407e54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

Well I'm just a layman but from my little experience i prefer systemd cause its
easier to handle running system processes. but from bootup time standpoint it
seems to make no diff.

I dunno what it is. I started linux with fedora but itseems it started to get
super buggy after fedora19 to the point I switched to debian and ignored the
false extra security I thought it gave me. I felt like a bigger target using
it for some reason.

I thought problems were due to switch to dnf which just made updates unbearable
as if some sick joke on fedora users. but all sorts of baremetal problems with
it. maybe it was the change to systemd? or Kernels keep getting worse? More
people using linux but they don't really use it? lol I dunno I started on
Fedora 14 ir 15 not sure when it got systemd actually. Debian is stable and
quiet. I made the switch debian. arch can be real lighweight and less buggy
but has same kernel probs as fedora. They similar in ways. fedora 22 was nail
in coffin for me. Its like let me put a target on my forehead with the word
dumb and a bullseye. One good thing it gets updates super fast. Alot of qubes
user complaints areabout poor support for cutting edge hardware. Think thats
reason qubes uses fedora. I'd rather fedora then ubuntu lmao...

I use to use slackopuppy it was great, talk about lightweight. and fully
functional. security conscious too.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/fe62f407-f6f1-4ef0-afaf-c30c1d3648ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> Hello!
> 
> i have problems with the most streams on the net.
> Youtube is ok, but i suppose rather slow.
> 
> I think, this is the thing with flash, HTML5 and openH264.
> H264 is deactivated and if i want to activate it, it seems to be not
> possible.
> 
> Is it so, that HTML5 needs H264?
> Or is it so, that i need flash for every other stream.
> I tried also some links, that should be HTML5, but they were not
> possible... maby they were not really in HTML5 or HTML5 does't work good.
> 
> Do somebody has an idea?

whats the templatevm its based on fedora or debian?  If fedora you have to 
enable rpmfusion and install gstreamer package to get that format.  I forget 
exactly which one though man.  I think i posted about it here once i;ll t ry 
tolook.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/62551b43-780b-4828-8c87-ef753eadd1fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can not start terminal on debian

On Thursday, March 9, 2017 at 5:01:17 PM UTC-5, evo wrote:
> Hello again!
> 
> I have a strange problem, i dont understand.
> 
> After i tried to install another language on debian (with no success) by
> dpkg-reconfigure,
> 
> now i can not start terminal ... not on template-VM and not on
> debian-VM.. Xterm can be started, but not terminal, which is more
> comfortable.
> 
> Is it about language??

yes I think so happened to me once.  switch back to that default english one 
and see, I forget exactly which off top my head.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/18baf221-4578-4e37-b2bd-33e84389a50e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

 Just to add you won't get any benefit from the Nvidia card.  Qubes only uses 
it for desktop effects.  the vms don;t have 3d rendering.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f56e69b-efc5-4256-9659-91dd42ee2e27%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Anon-whoix

https://www.whonix.org/wiki/Comparison_with_Others

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2361122a-4bb3-49d7-9156-a7f5b4f18400%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: SystemD sucks - qubes shouldn't use it

My problem with Qubes is that i'm still noob. I don't even know what alot of
system processes are or what they do. Qubes is more complicated then a normal
os even just to monitor network traffic. I'm mostly in the dark compared to on
bare metal os.

I'm basically at mercy of a default setup lol. But I think thats part of qubes
goal. It has the misnomer of being called for nerds or enthusiasts. But its
really for noobs. The hard part is just taking a step in these waters of a new
world, even for most security experts.

The hard part is just accepting the fact you will be compartmentalizing diff
aspects of your daily activity on your pc. Its a different way of thinking.

Its about accepting the fact you are never 100% secure and its just a matter of
how persistent your assailant is. No matter what OS you are using. Everyone
gets compromised imo, even most security experts. The only people that don't
are people that use their computers like monks. All we can do most of the time
is mitigate it.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/e0382a19-52bf-418e-a4cb-645e2319a138%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> > Hello!
> > 
> > i have problems with the most streams on the net.
> > Youtube is ok, but i suppose rather slow.
> > 
> > I think, this is the thing with flash, HTML5 and openH264.
> > H264 is deactivated and if i want to activate it, it seems to be not
> > possible.
> > 
> > Is it so, that HTML5 needs H264?
> > Or is it so, that i need flash for every other stream.
> > I tried also some links, that should be HTML5, but they were not
> > possible... maby they were not really in HTML5 or HTML5 does't work good.
> > 
> > Do somebody has an idea?
> 
> whats the templatevm its based on fedora or debian?  If fedora you have to 
> enable rpmfusion and install gstreamer package to get that format.  I forget 
> exactly which one though man.  I think i posted about it here once i;ll t ry 
> tolook.

gstreamer1-libav

https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/198b717d-a424-48ce-87a7-723ee203bd78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Non UEFI

On Thursday, March 9, 2017 at 10:38:36 PM UTC-5, Drew White wrote:
> Is there any version of all the templates that are NON UEFI?
> i.e. without EFI?

what?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac2b65a3-fad3-48da-a5a4-6c747ecc3b41%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: problem with qubes xfce menu

On Thursday, March 9, 2017 at 3:04:34 PM UTC-5, haaber wrote:
> Hello,
> I realise with surprise that some items in the "Q"-symbol that gives the
> xfce menu have disappeared: the settings menu (!), the link to a dom0
> termnal  & the link to debian-8 template.
> 
> Is there a way to recreate these items? Bernhard

oh my... I;m not really sure hope someone replies.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/005491b5-3b84-43e7-9d9a-cc0a4286bfda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues

On Thursday, September 15, 2016 at 3:32:35 PM UTC-4, Tom wrote:
> Hi,
> 
> I've been toying with Qubes for the past week and it really struck me when I 
> realized that it's the future of what an OS should be. Since then I've been 
> obsessed trying to make it run anywhere but the only computer running it 
> perfectly is my Lenovo X220 otherwise my other (Macbook Pro Retina, and a 
> gaming PC with a GTX 980 nvidia GPU) are simply not even starting the install 
> nor a completed install on a USB3 SSD drive I did to test. I tried every idea 
> I could find with grub flags (nodemodeset, etc) the closest I got to doing 
> something on my GTX 980 based PC has been starting the anaconda installer in 
> CLI mode.
> 
> It just won't show anything on that GPU. FYI it is hooked via an HDMI cable 
> to a LG television. If I let it go without messing the grub flags my tv shows 
> an "invalid format" error I guess because the resolution is wrong but if I 
> start it and remove the quiet flags to see what goes on I can see some 
> sys-net VM error or something but it just stops and never do anything. I 
> can't switch to console nor try to see more logs.
> 
> So my big question is: why does Qubes OS not have built-in GPU support? why 
> is it working better on integrated graphics?
> 
> It would be KICKASS to have this run on a monster machine. I swear I would 
> install this everywhere. Put it on my toast when I wake up in the morning and 
> even wash myself with it! Qubes OS blows my mind and I really really want to 
> use it.
> 
> Keep up the amazing work, sorry I wish I could provide more details/debug 
> info but don't hesitate to ask for any kind of testing on my end.
> 
> Thanks and have a nice day!

you might have to wait till a kernel come out to support the gpu.  If you get 
Qubes intalled with integrated you can maybe check testing repo for a newer 
kernel. I guess noveau is lagging more then 2 years behind.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c413b13b-586c-45d4-84b1-c0987ddc4544%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

On Saturday, March 11, 2017 at 10:17:52 AM UTC-5, evo wrote:
> Am 03/11/2017 um 04:16 PM schrieb cooloutac:
> > On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> >> Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> >>> On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> >>>> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> >>>>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> >>>>>> On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> >>>>>>> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> >>>>>>>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> >>>>>>>>> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> >>>>>>>>>> Hello!
> >>>>>>>>>>
> >>>>>>>>>> i have problems with the most streams on the net.
> >>>>>>>>>> Youtube is ok, but i suppose rather slow.
> >>>>>>>>>>
> >>>>>>>>>> I think, this is the thing with flash, HTML5 and openH264.
> >>>>>>>>>> H264 is deactivated and if i want to activate it, it seems to be 
> >>>>>>>>>> not
> >>>>>>>>>> possible.
> >>>>>>>>>>
> >>>>>>>>>> Is it so, that HTML5 needs H264?
> >>>>>>>>>> Or is it so, that i need flash for every other stream.
> >>>>>>>>>> I tried also some links, that should be HTML5, but they were not
> >>>>>>>>>> possible... maby they were not really in HTML5 or HTML5 does't 
> >>>>>>>>>> work good.
> >>>>>>>>>>
> >>>>>>>>>> Do somebody has an idea?
> >>>>>>>>>
> >>>>>>>>> whats the templatevm its based on fedora or debian?  If fedora you 
> >>>>>>>>> have to enable rpmfusion and install gstreamer package to get that 
> >>>>>>>>> format.  I forget exactly which one though man.  I think i posted 
> >>>>>>>>> about it here once i;ll t ry tolook.
> >>>>>>>>
> >>>>>>>> gstreamer1-libav
> >>>>>>>>
> >>>>>>>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> >>>>>>>>
> >>>>>>>
> >>>>>>> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> >>>>>>> gstreamer1-libav on the server... strange
> >>>>>>
> >>>>>> hmm... did you install both rpm fusion free and nonfree?  Im not sure 
> >>>>>> which one its in. 
> >>>>>>
> >>>>>> Also make sure you looking gstreamer1 and not gstreamer.
> >>>>>>
> >>>>>> Its in there somewhere and it will play the mp4 streams on firefox 
> >>>>>> without flash.  Maybe just search gstreamer1 and scroll through the 
> >>>>>> list maybe I spelled it wrong. look for the libav one.
> >>>>>>
> >>>>>> https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> >>>>>>
> >>>>>
> >>>>> hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
> >>>>> installed... but firefox still do not want to play, hmmm
> >>>>
> >>>> weird.  you installed the gstreamer1-libav package? It doesn't have that 
> >>>> version number, the libav package is something seperate.  You need to 
> >>>> install that specific package it is def in rpmfusion repos.  I don't 
> >>>> believe you need any other gstreamer package to stream mp4 but you 
> >>>> might. maybe ffmpeg, but idoubt it.
> >>>
> >>> you can also try using a debian template instead and see if firefox 
> >>> stream the mp4 by default but if not you will need the same package but 
> >>> maybe its easier to find and install from debian repo.
> >>>
> >>
> >> fedora is weird... maby because i always worked with debian.
> >> if i look in the software center, then i see gstreamer-extra
&g

[qubes-users] Re: Videostream with Qubes??

On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> > On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> >> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> >>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> >>>> On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> >>>>> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> >>>>>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> >>>>>>> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> >>>>>>>> Hello!
> >>>>>>>>
> >>>>>>>> i have problems with the most streams on the net.
> >>>>>>>> Youtube is ok, but i suppose rather slow.
> >>>>>>>>
> >>>>>>>> I think, this is the thing with flash, HTML5 and openH264.
> >>>>>>>> H264 is deactivated and if i want to activate it, it seems to be not
> >>>>>>>> possible.
> >>>>>>>>
> >>>>>>>> Is it so, that HTML5 needs H264?
> >>>>>>>> Or is it so, that i need flash for every other stream.
> >>>>>>>> I tried also some links, that should be HTML5, but they were not
> >>>>>>>> possible... maby they were not really in HTML5 or HTML5 does't work 
> >>>>>>>> good.
> >>>>>>>>
> >>>>>>>> Do somebody has an idea?
> >>>>>>>
> >>>>>>> whats the templatevm its based on fedora or debian?  If fedora you 
> >>>>>>> have to enable rpmfusion and install gstreamer package to get that 
> >>>>>>> format.  I forget exactly which one though man.  I think i posted 
> >>>>>>> about it here once i;ll t ry tolook.
> >>>>>>
> >>>>>> gstreamer1-libav
> >>>>>>
> >>>>>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> >>>>>>
> >>>>>
> >>>>> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> >>>>> gstreamer1-libav on the server... strange
> >>>>
> >>>> hmm... did you install both rpm fusion free and nonfree?  Im not sure 
> >>>> which one its in. 
> >>>>
> >>>> Also make sure you looking gstreamer1 and not gstreamer.
> >>>>
> >>>> Its in there somewhere and it will play the mp4 streams on firefox 
> >>>> without flash.  Maybe just search gstreamer1 and scroll through the list 
> >>>> maybe I spelled it wrong. look for the libav one.
> >>>>
> >>>> https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> >>>>
> >>>
> >>> hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
> >>> installed... but firefox still do not want to play, hmmm
> >>
> >> weird.  you installed the gstreamer1-libav package? It doesn't have that 
> >> version number, the libav package is something seperate.  You need to 
> >> install that specific package it is def in rpmfusion repos.  I don't 
> >> believe you need any other gstreamer package to stream mp4 but you might. 
> >> maybe ffmpeg, but idoubt it.
> > 
> > you can also try using a debian template instead and see if firefox stream 
> > the mp4 by default but if not you will need the same package but maybe its 
> > easier to find and install from debian repo.
> > 
> 
> fedora is weird... maby because i always worked with debian.
> if i look in the software center, then i see gstreamer-extra
> installed... gstreamer-libav is listed but i can not install it there...
> is there somewhere a block for other sources?
> 
> if i go to see the software-sources of the software center, so i see RPM
> Fusion free updates and nonfree updates
> 
> i also deinstalled the other gstreamer
> 
> i made a new standalone VM with debian and there i have
> gstreamer1.0-libav (this is the whole name), so the stream works with
> firefox now. How can i check, if any flash is installed?

I would use the terminal in the template instead to install packages, for 
example:
 sudo dnf install gstreamer1-libav

to remove a package for example:
sudo dnf remove gstreamer1-libav

to search for one

sudo dnf search gstreamer


strange, not sure why the template is not starting now if you uninstalled a 
gstreamer package.   Did any other packages get removed along with it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/520d2e28-aeed-430f-878c-210681300f37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: change template of App-VM in terminal

On Saturday, March 11, 2017 at 10:37:18 AM UTC-5, evo wrote:
> Hey,
> 
> how can i change the template VM (from fedora to debian) in terminal of
> dom0?

in the qubes-manager you can right lick a vm and select vm settings.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/faec128c-f26f-4e22-92a2-c317129177de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

On Saturday, March 11, 2017 at 10:16:29 AM UTC-5, cooloutac wrote:
> On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> > Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> > > On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> > >> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> > >>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> > >>>> On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> > >>>>> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> > >>>>>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> > >>>>>>> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> > >>>>>>>> Hello!
> > >>>>>>>>
> > >>>>>>>> i have problems with the most streams on the net.
> > >>>>>>>> Youtube is ok, but i suppose rather slow.
> > >>>>>>>>
> > >>>>>>>> I think, this is the thing with flash, HTML5 and openH264.
> > >>>>>>>> H264 is deactivated and if i want to activate it, it seems to be 
> > >>>>>>>> not
> > >>>>>>>> possible.
> > >>>>>>>>
> > >>>>>>>> Is it so, that HTML5 needs H264?
> > >>>>>>>> Or is it so, that i need flash for every other stream.
> > >>>>>>>> I tried also some links, that should be HTML5, but they were not
> > >>>>>>>> possible... maby they were not really in HTML5 or HTML5 does't 
> > >>>>>>>> work good.
> > >>>>>>>>
> > >>>>>>>> Do somebody has an idea?
> > >>>>>>>
> > >>>>>>> whats the templatevm its based on fedora or debian?  If fedora you 
> > >>>>>>> have to enable rpmfusion and install gstreamer package to get that 
> > >>>>>>> format.  I forget exactly which one though man.  I think i posted 
> > >>>>>>> about it here once i;ll t ry tolook.
> > >>>>>>
> > >>>>>> gstreamer1-libav
> > >>>>>>
> > >>>>>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> > >>>>>>
> > >>>>>
> > >>>>> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> > >>>>> gstreamer1-libav on the server... strange
> > >>>>
> > >>>> hmm... did you install both rpm fusion free and nonfree?  Im not sure 
> > >>>> which one its in. 
> > >>>>
> > >>>> Also make sure you looking gstreamer1 and not gstreamer.
> > >>>>
> > >>>> Its in there somewhere and it will play the mp4 streams on firefox 
> > >>>> without flash.  Maybe just search gstreamer1 and scroll through the 
> > >>>> list maybe I spelled it wrong. look for the libav one.
> > >>>>
> > >>>> https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> > >>>>
> > >>>
> > >>> hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
> > >>> installed... but firefox still do not want to play, hmmm
> > >>
> > >> weird.  you installed the gstreamer1-libav package? It doesn't have that 
> > >> version number, the libav package is something seperate.  You need to 
> > >> install that specific package it is def in rpmfusion repos.  I don't 
> > >> believe you need any other gstreamer package to stream mp4 but you 
> > >> might. maybe ffmpeg, but idoubt it.
> > > 
> > > you can also try using a debian template instead and see if firefox 
> > > stream the mp4 by default but if not you will need the same package but 
> > > maybe its easier to find and install from debian repo.
> > > 
> > 
> > fedora is weird... maby because i always worked with debian.
> > if i look in the software center, then i see gstreamer-extra
> > installed... gstreamer-libav is listed but i can not install it there...
> > is there somewhere a block for other sources?
> > 
> > if i go to see the software-sources of the software center, so i see RPM
> > Fusion free updates and nonfree updates
> > 
> > i also deinstalled the other gstreamer
> > 
> > i made a new standalone VM with debian and there i have
> > gstreamer1.0-libav (this is the whole name), so the stream works with
> > firefox now. How can i check, if any flash is installed?
> 
> I would use the terminal in the template instead to install packages, for 
> example:
>  sudo dnf install gstreamer1-libav
> 
> to remove a package for example:
> sudo dnf remove gstreamer1-libav
> 
> to search for one
> 
> sudo dnf search gstreamer
> 
> 
> strange, not sure why the template is not starting now if you uninstalled a 
> gstreamer package.   Did any other packages get removed along with it?

you can check for flash in firefox by typing about:plugins and see if shockwave 
flash islisted.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/521df545-c567-40b7-a9e8-df5f8ccdc461%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

On Saturday, March 11, 2017 at 8:51:05 AM UTC-5, Chris Laprise wrote:
> On 03/11/2017 08:10 AM, Unman wrote:
> 
> If it means a less attractive environment for script kiddies to raise 
> hell--- chewing up resources, attacking other computers, creating 
> footholds for more advanced threats--- then I can invest 3 min. to 
> enable it.
> 
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett

why not just use a dispvm or compartmentalize more? I feel that is the purpose 
of Qubes,  To address problem of many trivial security protections.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c90e5d9-6f92-438a-93a3-a8fbb421c9a7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Videostream with Qubes??

On Saturday, March 11, 2017 at 10:22:47 AM UTC-5, evo wrote:
> Am 03/11/2017 um 04:20 PM schrieb cooloutac:
> > On Saturday, March 11, 2017 at 10:17:52 AM UTC-5, evo wrote:
> >> Am 03/11/2017 um 04:16 PM schrieb cooloutac:
> >>> On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> >>>> Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> >>>>> On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> >>>>>> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> >>>>>>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> >>>>>>>> On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> >>>>>>>>> Am 03/10/2017 um 05:45 AM schrieb cooloutac:
> >>>>>>>>>> On Thursday, March 9, 2017 at 11:43:37 PM UTC-5, cooloutac wrote:
> >>>>>>>>>>> On Thursday, March 9, 2017 at 1:44:38 PM UTC-5, evo wrote:
> >>>>>>>>>>>> Hello!
> >>>>>>>>>>>>
> >>>>>>>>>>>> i have problems with the most streams on the net.
> >>>>>>>>>>>> Youtube is ok, but i suppose rather slow.
> >>>>>>>>>>>>
> >>>>>>>>>>>> I think, this is the thing with flash, HTML5 and openH264.
> >>>>>>>>>>>> H264 is deactivated and if i want to activate it, it seems to be 
> >>>>>>>>>>>> not
> >>>>>>>>>>>> possible.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Is it so, that HTML5 needs H264?
> >>>>>>>>>>>> Or is it so, that i need flash for every other stream.
> >>>>>>>>>>>> I tried also some links, that should be HTML5, but they were not
> >>>>>>>>>>>> possible... maby they were not really in HTML5 or HTML5 does't 
> >>>>>>>>>>>> work good.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Do somebody has an idea?
> >>>>>>>>>>>
> >>>>>>>>>>> whats the templatevm its based on fedora or debian?  If fedora 
> >>>>>>>>>>> you have to enable rpmfusion and install gstreamer package to get 
> >>>>>>>>>>> that format.  I forget exactly which one though man.  I think i 
> >>>>>>>>>>> posted about it here once i;ll t ry tolook.
> >>>>>>>>>>
> >>>>>>>>>> gstreamer1-libav
> >>>>>>>>>>
> >>>>>>>>>> https://groups.google.com/forum/#!searchin/qubes-users/gstreamer1$20libav%7Csort:relevance/qubes-users/HzzQWXU7nzE/ZXSbhStPJwAJ
> >>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> i run fedora 23 on it, rpm fusion is almost on... but i can not find
> >>>>>>>>> gstreamer1-libav on the server... strange
> >>>>>>>>
> >>>>>>>> hmm... did you install both rpm fusion free and nonfree?  Im not 
> >>>>>>>> sure which one its in. 
> >>>>>>>>
> >>>>>>>> Also make sure you looking gstreamer1 and not gstreamer.
> >>>>>>>>
> >>>>>>>> Its in there somewhere and it will play the mp4 streams on firefox 
> >>>>>>>> without flash.  Maybe just search gstreamer1 and scroll through the 
> >>>>>>>> list maybe I spelled it wrong. look for the libav one.
> >>>>>>>>
> >>>>>>>> https://www.rpmfind.net/linux/rpm2html/search.php?query=gstreamer1-libav
> >>>>>>>>
> >>>>>>>
> >>>>>>> hmm... now i checked it again... i have gstreamer1-1.6.4-1 already
> >>>>>>> installed... but firefox still do not want to play, hmmm
> >>>>>>
> >>>>>> weird.  you installed the gstreamer1-libav package? It doesn't have 
> >>>>>> that version number, the libav package is something seperate.  You 
> >>>>>> need to install that specific package it is def in rpmfusion repos.  I 
> >&

Re: [qubes-users] Kicking the sudoers dead horse