Re: [qubes-users] [3.2] qvm-block -A doesn't work reliably anymore?!

[David Hobach]

On 10/23/2016 04:15 PM, David Hobach wrote:

Dear all,

after upgrading to 3.2 (in-place) I noticed the following issue:

qvm-block -A fooVM dom0:/var/lib/qubes/appvms/blaVM/private.img
Traceback (most recent call last):

  File "/usr/bin/qvm-block", line 151, in 

main()

  File "/usr/bin/qvm-block", line 105, in main

block_attach(qvm_collection, vm, dev, **kwargs)

  File "/usr/lib64/python2.7/site-packages/qubes/qubesutils.py", line
429, in block_attach
vm.libvirt_domain.attachDevice(etree.tostring(disk, encoding='utf-8'))
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 530, in
attachDevice
if ret == -1: raise libvirtError ('virDomainAttachDevice() failed',
dom=self)
libvirt.libvirtError: internal error: libxenlight failed to attach disk
'xvdi'

Strangely enough, xvdi still appears in fooVM and can be mounted.
Attempting to attach another file to fooVM however fails with the same
error and xvdj does not appear.

More stranegely, it works perfectly on another Qubes machine (same
kernel, same Xen version, no in-place-upgrade though) I got.


Found a stupid workaround:

losetup -f /var/lib/qubes/appvms/blaVM/private.img
qvm-block -A fooVM dom0:loop[justCreated]

works - even for multiple calls.
Funnily enough, qvm-block -a does not work contrary to its description 
@qvm-block -h. Looks like dom0 is some special case which is not handled 
100% correctly (it's a loop _device_ and not a file anymore, isn't it?).



Possibly related: I also noticed that netvm and firewallVM don't always
start with the 4.4.14-11 kernel on boot anymore; thus I'm currently
testing 4.1.13-9.


4.1.13-9 shows the same issue, but the netvm & firewallvm start via 
qvm-start. By right-clicking on the VM in the Qubes manager and starting 
the VMs they don't start though. Not sure what's the difference...



xl info
host   : dom0
release: 4.4.14-11.pvops.qubes.x86_64
version: #1 SMP Tue Jul 19 01:14:58 UTC 2016
machine: x86_64
nr_cpus: 4
max_cpu_id : 3
nr_nodes   : 1
cores_per_socket   : 4
threads_per_core   : 1
cpu_mhz: 3399
hw_caps:
bfebfbff:2c100800::7f00:77fafbff::0021:2fbb
virt_caps  : hvm hvm_directio
total_memory   : 16048
free_memory: 71
sharing_freed_memory   : 0
sharing_used_memory: 0
outstanding_claims : 0
free_cpus  : 0
xen_major  : 4
xen_minor  : 6
xen_extra  : .1
xen_version: 4.6.1
xen_caps   : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32
hvm-3.0-x86_32p hvm-3.0-x86_64
xen_scheduler  : credit
xen_pagesize   : 4096
platform_params: virt_start=0x8000
xen_changeset  :
xen_commandline: placeholder console=none
cc_compiler: gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6)
cc_compile_by  : user
cc_compile_domain  :
cc_compile_date: Tue Jul 26 11:55:46 UTC 2016
xend_config_format : 4

Dom0 is 100% up-to-date as of today.

Anyone got an idea on how to fix that qvm-block -A issue?


Still interested...


Kind Regards
David



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15f20cba-02bc-77ec-d1b8-121a99e75285%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Re: AEM, no stick ... no boot

[James Bisno]

On Sunday, October 23, 2016 at 9:50:04 AM UTC-4, James Bisno wrote:
> Is there a way to forbid or obstruct grub from booting up a disk encrypted 
> Qubes when grub is loaded from the harddrive, so that a removable AEM device 
> is required to load Qubes?

I have a feeling the informed users/developers may easily overcome such an 
obstacle (way beyond me) but stopping a sophisticated attacker seems like an 
exercise in futility (camera on the keyboard and foobar router). Now if some 
clueless thug starts poking around, armed with a flashdrive from hackers.com, 
and he cant figure out how to turn the damn thing on, thats a total win in my 
book. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7e9d79f-58c2-4d32-8e31-fcab517d8857%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why it's so big secret?

[neznaika]

> lol typical linux stuff lol.  so you are saying your graphics card doesn't 
> work with the default open source driver?  dam that sucks.  what if you just 
> disable one of the gpu's in the bios?

There is a 3 things:
1. Nvidia created automatic(!) technology and name it - Optimus. There is no 
the opportunity to disable it.
2. Torvald showed finger to Nvidia. And Nvidia did not pay much attention to 
the drivers for Linux.
3. MSI created laptop (which i bought) with stupid bios, which have no function 
"disable integrated devices". I cant disable GPU or camera or something else.

Funny, right? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41c9ae9d-5588-48d1-a33a-4d91b4473264%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Future plans for KDE on Qubes?

[raahelps]

On Sunday, October 23, 2016 at 3:28:27 PM UTC-4, Grzesiek Chodzicki wrote:
> W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim 
> Patzner napisał:
> > Hi!
> > 
> > 
> > After a few months of severe suffering from xfce on a HiDPI display I
> > gave in and installed @kde-desktop-qubes on my system – and I'm pretty
> > sure I don't want to see xfce for the next few years. Title bars have a
> > usable size (something that cannot be configured in xfce without
> > building your own themes), icon aren't scaled randomly and fonts are
> > finally looking as they should. And third-party software like Softmaker
> > Office is finally working as expected. So: Will there be support for KDE
> > beyond Qubes 3.2 or will I have to plan for carrying a third machine for
> > my office work space?
> > 
> > 
> > 
> > Achim
> 
> On my previous machine Qubes with KDE was unusable. Damn thing kept 
> crashing/hanging. It was totally unusable. I switched over to XFCE and the 
> entire system became 3x faster.

what version of qubes?  on 3.1 was stable for me.  I haven't used kde on 3.2 
which might be the new version of kde which definitely is buggy on other bare 
metal distros. but I haven't tried it on qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cffdcbd-dfc0-4d1a-8cb2-bbb2dcd27758%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Security announcement mailing list? [and others]

[raahelps]

On Friday, October 21, 2016 at 11:50:33 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-10-21 15:47, Franz wrote:
> > On Fri, Oct 21, 2016 at 4:00 AM, jkitt wrote:
> > 
> >> Shouldn't a security focused distro make security announcement in a more
> >> direct and urgent way? I was surprised to find that Qubes only had a
> >> 'users' and 'development' mailing list.
> >>
> >>
> 
> Marek, what do you think about having a no-reply "qubes-announcements" 
> mailing list?
> 
> Messages sent from qubes-announcements would also be duplicated to 
> qubes-devel and possibly qubes-users so that people have a chance to discuss 
> and ask questions.
> 


oh good idea,  like a regular security mailing list which is just patch 
announcements. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ee25ac9-c1ae-400a-a0cf-877311a80134%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why it's so big secret?

[raahelps]

On Sunday, October 23, 2016 at 10:34:04 PM UTC-4, nezn...@xy9ce.tk wrote:
> i reinstalled Qubes again. This time the network works! (When i disabled 
> "whonix" option in the process of instalation - the Qubes has wrong MAC - 
> like FE:FF:FF:FF:FF:FF - and thats why cloned MAC doesnt worked)
> So.. Now i installed NVIDIA.run driver as it recomended in "Manual 
> installation -> Userspace 
> components"(https://www.qubes-os.org/doc/install-nvidia-driver/)
> Next step (excerption):
> "Kernel module
> 
> You will need:
> 
> nvidia kernel module sources (left from previous step)
> kernel-devel package installed
> gcc, make, etc"
> 
> H... "nvidia kernel module sources (left from previous step)" - is it 
> means that i need fedora18 anyway? (I thought "Manual installation" is 
> alternative of something building.. i.e. i need build something anyway, ok). 
> But this step have no sense:
> "Build kernel package
> You will need at least kernel-devel (matching your Qubes dom0 kernel)". 
> Because Qubes dom0 kernel have another versions: 
> 4.1.24-10.pvops.qubes.x86_64. RPMfusion have some packages with words "pvops" 
> and "qubes"? I think no. 
> 
> "The only package you have to compile is the kernel module (but there is a 
> ready built src.rpm package)." Where
> 
> Fuck.. I so tired from this shit((( All instructions is "advice, advice, 
> advice" instead of full series of "command, command, command"

lol typical linux stuff lol.  so you are saying your graphics card doesn't work 
with the default open source driver?  dam that sucks.  what if you just disable 
one of the gpu's in the bios?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86e4ee67-a586-4ad0-b4a3-299cc02651d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why it's so big secret?

[neznaika]

i reinstalled Qubes again. This time the network works! (When i disabled 
"whonix" option in the process of instalation - the Qubes has wrong MAC - like 
FE:FF:FF:FF:FF:FF - and thats why cloned MAC doesnt worked)
So.. Now i installed NVIDIA.run driver as it recomended in "Manual installation 
-> Userspace components"(https://www.qubes-os.org/doc/install-nvidia-driver/)
Next step (excerption):
"Kernel module

You will need:

nvidia kernel module sources (left from previous step)
kernel-devel package installed
gcc, make, etc"

H... "nvidia kernel module sources (left from previous step)" - is it means 
that i need fedora18 anyway? (I thought "Manual installation" is alternative of 
something building.. i.e. i need build something anyway, ok). But this step 
have no sense:
"Build kernel package
You will need at least kernel-devel (matching your Qubes dom0 kernel)". 
Because Qubes dom0 kernel have another versions: 4.1.24-10.pvops.qubes.x86_64. 
RPMfusion have some packages with words "pvops" and "qubes"? I think no. 

"The only package you have to compile is the kernel module (but there is a 
ready built src.rpm package)." Where

Fuck.. I so tired from this shit((( All instructions is "advice, advice, 
advice" instead of full series of "command, command, command"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0973fe8-9e70-4858-b881-8351783ce4ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Security announcement mailing list? [and others]

[Joonas Lehtonen]

>> I'm not sure if it worth it. There is not much such announcements. On
>> the other hand, this may be exactly the reason for having a separate
>> mailing list for this. 

I would also love to see a QSB-announce mailing (especially because
qubes-users is quite active, and only subscribing to qubes-users to
filter for "[qubes-users] Announcing QSB #" is not the best way to
handle the current lack of QSB-announce).

I guess it is not a big effort for you to create one more list and send
the QSB's to one more recipient.

Looking forward to be able to subscribe to QSB-announce :)


> For now, we have already some non-email channels
>> for announcements:
>>  - @QubesOS on twitter - every security and release announcement is
>>duplicated there
>>  - https://www.qubes-os.org/news/, with its RSS/Atom feed; but we don't
>>link security announcements there - maybe we should start?
> 
>> If you think additional ML channel would be useful, then sure, we can
>> create one.

Thanks for considering it!
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66816335-e97f-c4f4-b289-03386692d149%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Import a .img file (Windows7) into Qubes?

[jidar]

On 10/23/2016 04:18 PM, Achim Patzner wrote:

If wasting money is not a problem you can use a physical-to-virtual tool
to convert it to a VMware image which will do all those things on the
way and convert the VMware disk to a Xen image; the better ones will
also disable drivers that won't work in virtual environments.


Achim



qemu-img has worked for an "enterprise" VM I use without any issue 
(going from VMDK to raw/qcow2). If the disk is encrypted you might be 
SOL though.


--jidar

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nuja61%24p3f%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Import a .img file (Windows7) into Qubes?

[Achim Patzner]

Am 23.10.2016 um 23:10 schrieb Marek Marczykowski-Górecki:
> On Sun, Oct 23, 2016 at 12:29:32PM -0700, Dima Puntus wrote:
> > Is it possible at all? I'm trying to virtualize my windows machine
> and move
> > entirely to Qubes. Some of the applications can't be reinstalled so
> fresh
> > install isn't an option.
>
> Should be possible, but probably you'll need to install some drivers (as
> the emulated hardware is most likely different than your real one).

And it depends on the installed software; some "enterprise-typical
software" for remote administration will make things hard to impossible
(I have  a few machines) that really work hard on not being compatible
with Qubes, even as pure HVM without any XEN drivers).

> You'll need a lot of disk space for this... You can make it smaller by
> first filling all free space of the (windows) disk with zeros (create
> big file with zeros, then remove it). And then add "conv=sparse" to dd
> command. It will not copy unused space.

If wasting money is not a problem you can use a physical-to-virtual tool
to convert it to a VMware image which will do all those things on the
way and convert the VMware disk to a Xen image; the better ones will
also disable drivers that won't work in virtual environments.


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa1af92a-9c39-e44c-af94-5727153d6636%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Future plans for KDE on Qubes?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Oct 23, 2016 at 08:17:24PM +, Jeremy Rand wrote:
> 7v5w7go9ub0o:
> > 
> > On 10/23/2016 09:38 AM, Achim Patzner wrote:
> >> Hi!
> >>
> >>
> >> After a few months of severe suffering from xfce on a HiDPI display I
> >> gave in and installed @kde-desktop-qubes on my system – and I'm pretty
> >> sure I don't want to see xfce for the next few years. Title bars have a
> >> usable size (something that cannot be configured in xfce without
> >> building your own themes), icon aren't scaled randomly and fonts are
> >> finally looking as they should. And third-party software like Softmaker
> >> Office is finally working as expected. So: Will there be support for KDE
> >> beyond Qubes 3.2 or will I have to plan for carrying a third machine for
> >> my office work space?
> > 
> > +1
> > 
> > Never thought I'd admit it, but KDE (despite its legendary (and today
> > overstated) bloat and complexity) - actually works rather well.
> 
> Good to see that I'm not the only Qubes user out there who finds KDE to
> be more usable than the alternatives.  Totally agree -- I really hope
> KDE continues to be supported on Qubes for those who prefer it.

I think we can keep its current state. Shouldn't be a problem for Qubes
4.0 and later. At least until next major incompatible changes in KDE...

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYDSg8AAoJENuP0xzK19csoxoH/jKwGDrcdzKQKs0CLKxMpEsw
E3S48UzsF3IxJ02zrTROeeZ3lIZqKkkM8qXkuMjssdugqoXbrOzq+S3GJIZPJUBv
yV4eiHmDrXDOtLDOplWUIc5wxowFwPIBDhb8PG+//SN5r9B12S+9Nh7OIna78xb3
6xmEoIq030BRZ3VZmrSUD18nNETd1ZibRjFBVYILjbCyrkW2lMfddBoxyQ3voNu4
oNoKQj3/Ng/M6CTAIY3JBSzFfTTK0Jhgc633GS//E2CPFdFDt6y5Cu+SO/VTA012
JgXz2ynYeJChIj/upXmwqebwtVqKbHOojOTdC0kUEET/XVP2ElVtcA5UfFD6vg8=
=9Yk1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161023211435.GX1136%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Future plans for KDE on Qubes?

[Achim Patzner]

Am 23.10.2016 um 21:28 schrieb Grzesiek Chodzicki:

> W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim 
> Patzner napisał:
>> Hi!
>>
>>
>> After a few months of severe suffering from xfce on a HiDPI display I
>> gave in and installed @kde-desktop-qubes on my system – and I'm pretty
>> sure I don't want to see xfce for the next few years.
> On my previous machine Qubes with KDE was unusable. Damn thing kept 
> crashing/hanging. It was totally unusable. I switched over to XFCE and the 
> entire system became 3x faster.

I've been using KDE as long as it was around, starting with FreeBSD and
I never had it crashing on me unless I was using broken hardware. I
can't say much about Qubes yet; I have it on a number of machines for 9
months now but KDE never crashed. And I don't care for the speed – I
need a certain result (i. e. a working environment suited to my needs);
geting nothing done three times as fast doesn't sole my problems (and I
don't believe these numbers anyway as I'm having both on the same machine).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9154ca-344d-dda6-25ec-1164757ba64e%40noses.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Import a .img file (Windows7) into Qubes?

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Oct 23, 2016 at 12:29:32PM -0700, Dima Puntus wrote:
> Is it possible at all? I'm trying to virtualize my windows machine and move
> entirely to Qubes. Some of the applications can't be reinstalled so fresh
> install isn't an option.

Should be possible, but probably you'll need to install some drivers (as
the emulated hardware is most likely different than your real one).
After that, you can simply copy your disk into .img file (using dd) and
point to that file when creating HVM, like:

qvm-create --hvm --label red --root-move-from=/path/to/file.img
some-vm-name

You'll need a lot of disk space for this... You can make it smaller by
first filling all free space of the (windows) disk with zeros (create
big file with zeros, then remove it). And then add "conv=sparse" to dd
command. It will not copy unused space.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYDScpAAoJENuP0xzK19csctoH/A+l9gz55qsArSJTtekdITew
/S2zv2mvEJykiz50utUV4IphMsuYxTg6K4siw757b3Y3/yYVOSD0+k/gaLiF7BTd
5yTGOoXvwrRO6uHeQwpjhe1SnRSBvp0rU80ELKaCsy7m3hPh+NWR5xnJYUC4VQuK
A9J9pJJKyoYgN13qJsurytrqebhb/7aYwEJtylBowKSafvAFYBSSpUIfr/JQ8ikL
A7oCuOYlsaZSio1rfMFwxR/azCOBINMghrj4zI0jAy3LPXdEEjXVMkZaAF43tWRq
kKiZXPhbtHY3idLQv1q4Wgp0Xu5VU4OUOWyGcpHyKVnpBHOuSR1M2/2j1aKcpjw=
=r5BK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161023211001.GV1136%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Dual Boot - Live CD Knoppix & USB-SSD Qubes?

[1'0934178'09384'1092438'091432]

Hello,

if nobody can control the BIOS, if it is maybe or maybe not clean and infected 
with a root-kit in some way...

Will it not be some advantage, if the stateless laptop has a firmware-module, 
which is mobile? $
So I can unplug the firmware, the PC-body is without interest, because it has 
no persistent Memory (like the lapdoc of Motorola).
The best, would be, if the mobile module exists of two components, the SSD disk 
and the firmware module. 
Both can be stored on a safe place and replaced by plug an play.
In advantage, with a second module some Dual Host system will run also. Safe 
Plug and Play for Qubes or Windows or Ubuntu or... 

Sure, there should be a disaster recovery plan for the firmware module, how you 
make sure, that you came back to a clean System with Firmware Security, so you 
can start a real clean re-installation of the OS, if necessary.

And in the last case a cheap replacement of the Firmware-Module (e.g. that for 
security reasons you will replace it all 30 days, because it might be some 
cheap electronic device, instead of the hole PC).

The firmware/hardware must be complete in some sense, so you need only to 
update the BIOS with security considerations, but not to expand the 
configuration-stuff in some way (This leads to a more complete systems, 
including touch screen, 3D).

Will this work in some way?

So you would have different ways to start with a proofen clean Firmware?

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/760dce93-7467-4a54-9ad3-55a069c65f59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Future plans for KDE on Qubes?

[Jeremy Rand]

7v5w7go9ub0o:
> 
> On 10/23/2016 09:38 AM, Achim Patzner wrote:
>> Hi!
>>
>>
>> After a few months of severe suffering from xfce on a HiDPI display I
>> gave in and installed @kde-desktop-qubes on my system – and I'm pretty
>> sure I don't want to see xfce for the next few years. Title bars have a
>> usable size (something that cannot be configured in xfce without
>> building your own themes), icon aren't scaled randomly and fonts are
>> finally looking as they should. And third-party software like Softmaker
>> Office is finally working as expected. So: Will there be support for KDE
>> beyond Qubes 3.2 or will I have to plan for carrying a third machine for
>> my office work space?
> 
> +1
> 
> Never thought I'd admit it, but KDE (despite its legendary (and today
> overstated) bloat and complexity) - actually works rather well.

Good to see that I'm not the only Qubes user out there who finds KDE to
be more usable than the alternatives.  Totally agree -- I really hope
KDE continues to be supported on Qubes for those who prefer it.

Cheers,
-Jeremy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e77bfd4b-4ca7-c3c4-e538-49551bfc77c8%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Import a .img file (Windows7) into Qubes?

[Dima Puntus]

Is it possible at all? I'm trying to virtualize my windows machine and move
entirely to Qubes. Some of the applications can't be reinstalled so fresh
install isn't an option.

Thanks,
Dima

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAFGffdo%3D7ysPPYngzabXUOfHYfyP2%2BRtNib3tJ%2BOC%3DvGfLqY5g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Future plans for KDE on Qubes?

[Grzesiek Chodzicki]

W dniu niedziela, 23 października 2016 11:38:34 UTC+2 użytkownik Achim Patzner 
napisał:
> Hi!
> 
> 
> After a few months of severe suffering from xfce on a HiDPI display I
> gave in and installed @kde-desktop-qubes on my system – and I'm pretty
> sure I don't want to see xfce for the next few years. Title bars have a
> usable size (something that cannot be configured in xfce without
> building your own themes), icon aren't scaled randomly and fonts are
> finally looking as they should. And third-party software like Softmaker
> Office is finally working as expected. So: Will there be support for KDE
> beyond Qubes 3.2 or will I have to plan for carrying a third machine for
> my office work space?
> 
> 
> 
> Achim

On my previous machine Qubes with KDE was unusable. Damn thing kept 
crashing/hanging. It was totally unusable. I switched over to XFCE and the 
entire system became 3x faster.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/76d951d7-5719-4bcb-aa12-aac905015aa8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't figure out how to install a couple of things in dom0

[cestarian]

> Does this page answer your questions?
> 
> https://www.qubes-os.org/doc/software-update-dom0/

Only in part, it answers how package management should be done in Qubes, not 
how to enable RPMFusion for dom0 nor which repo I should enable to find Krita 
or Xorg Wacom drivers and even if they are within these repos, no way was 
provided to search the repo for a package list to find out what the package 
names are since that varies from distro to distro.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f144b4e8-154d-4606-9f11-22c9b1502c51%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] install on a partition?

[Sven Hansen]

Hdd is for testing. Hdd has 3 nfts partitions, sda1, sda2 and sda3. How do
I get qubes installed on sda1?
Can qubes be installed side by side with trisquel 7 and subgraph? Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAO%3D71n5oQtiJL_190HcSkb6OiOgegsAJRkO2ATTzxC36jDxHfQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Future plans for KDE on Qubes?

[7v5w7go9ub0o]

On 10/23/2016 09:38 AM, Achim Patzner wrote:

Hi!


After a few months of severe suffering from xfce on a HiDPI display I
gave in and installed @kde-desktop-qubes on my system – and I'm pretty
sure I don't want to see xfce for the next few years. Title bars have a
usable size (something that cannot be configured in xfce without
building your own themes), icon aren't scaled randomly and fonts are
finally looking as they should. And third-party software like Softmaker
Office is finally working as expected. So: Will there be support for KDE
beyond Qubes 3.2 or will I have to plan for carrying a third machine for
my office work space?


+1

Never thought I'd admit it, but KDE (despite its legendary (and today 
overstated) bloat and complexity) - actually works rather well.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca85a02c-7443-c020-fb54-d3bb00e55e0f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Persistant routes on Qubes are not persistant?!

[4p6c0u+8ayokp4u2bj90 via qubes-users]

Thank you Marek.

I was not able to put this to work via the network manager,since if I opt to 
choose eth0 this the connection will not be activated. And create a dedicated 
virtual interface just for this purpose its a little overkill.

Therefore I followed your second suggestion and added the routes manually in 
the qubes-ip-change-hook . Although I don't think this is a very elegant 
solution, at least the routes were persistent added in each reboot, which 
solves my issue.

Thank you once again.






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77c4f1b1316438f3e03fea5bc5e1f41ead76%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Trouble with enabling networking between two Vms

[Daniel Wilcox]

Hi Max, so it looks like you started getting complicated quick.  I think
your first attempt should be fine actually, with one modification.

1) insert a rule at the top of the forwarding table (above 3) accepting
connections between the two, as you did
2) try an 'arping' command between the two and you'll probably see no
response -- in which case, turn on 'proxy_arp' for each of the interfaces
in question in the firewall:

sysctl -w net/ipv4/conf/vifX.0/proxy_arp=1  <= where vifX.0 are the
interfaces to the VMs you want to network

Then if you do 'arping' it should return the broadcast MAC
(fe:ff:ff:ff:ff:ff) and the firewall should route packets between your
VMs.  Hope that's helpful, cheers,

=D

On Sun, Oct 23, 2016 at 2:11 AM, Max  wrote:

> Hi,
>
> I am a new user of Qubes OS so apologies in advance if the question here
> has been answered already in a separate topic (there are similar issues)
> and I haven’t discovered this or it is not one suited to this mailing list.
> I am running Qubes 3.2 and attempting to ping from one VM to another VM,
> specifically from a Standalone Windows 7 VM to a Qubes VM based on the
> Debian 8 template.
>
> All my VM’s were initially connected in the default manner i.e. to a
> sys-firewall and through to the sys-net VM, both of which are Fedora 23.
> There are no firewall rules on these VMs restricting which IP addresses can
> be accessed.
>
> Current status:
> - I am able to ping from my Windows 7 VM (10.137.2.19) to the Firewall VM
> (10.137.1.8) using the IP address visible in the VM Manager
>
> - I am unable to ping the Debian 8 VM (10.137.2.18) from my Windows VM.
>
> Steps taken:
> 1) I followed the instructions here (https://www.qubes-os.org/doc/
> qubes-firewall/#enabling-networking-between-two-vms) and in the firewall
> VM’s terminal enter the following iptables rule...
>
> sudo iptables -I FORWARD 2 -s  -d  of Debian 8 VM> -j ACCEPT
>
> … In VM B’s terminal (Debian 8) I entered the following iptables rule...
>
> sudo iptables -I INPUT -s  -j ACCEPT
>
> ...but from here when using the ping function to my Debian 8 VM in the cmd
> prompt in Windows, all packets were lost.
>
> 2) As this was not successful I attempted to see if I could connect to VMs
> from an external machine and followed the instructions here
> https://www.qubes-os.org/doc/qubes-firewall/#port-
> forwarding-to-a-vm-from-the-outside-world.
>
> The Eth0 IP address (192.168.1.6) appeared to be what I should expose the
> service to.
>
> I put the below rule in the sys-net VM’s Terminal...
>
> iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 192.168.x.x -j
> DNAT --to-destination 10.137.1.x
>
> ...and this rule into the sys-firewall VM’s Terminal
>
> iptables -I FORWARD 2 -i eth0 -d 10.137.1.x -p tcp --dport 443 -m
> conntrack --ctstate NEW -j ACCEPT
>
> But using ping or Telnet resulted in lost packets and failed to increase
> the counters when using the iptables -t nat -L -v -n command in the
> sys-firewall VM's terminal.
>
> 3) With this not being successful either I attempted to add a “sys-proxy”
> VM as described here https://groups.google.com/
> forum/#!searchin/qubes-users/intervm%7Csort:relevance/
> qubes-users/lA2SgPcV9fU/U969uapYAAAJ and entered the following in the new
> sys-proxy VM's terminal:
>
> iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d
> $intervm_internalnet/24 -m state --state NEW -p tcp -m tcp -j ACCEPT
>
> iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d
> $intervm_internalnet/24 -p udp -m udp -j ACCEPT
>
> After this, I was still unable to ping the Debian 8 VM from my Windows VM.
>
> Questions:
>
> 1) Are there any obvious errors in the steps I took and does anyone have
> any suggestions how I can resolve this issue?
>
> 2)  There are a number of other incidences of what seemed to be a similar
> issue here: https://groups.google.com/forum/?nomobile=true#!msg/
> qubes-users/59kOjfQFBI4/bjS47-jJJgAJ, https://groups.google.com/
> forum/#!msg/qubes-users/vSyUaOSloYU/ONZNJlhrBAAJ. Are the enabling
> networking between VMs steps described here still correct and applicable
> for Qubes 3.2?
>
> 3) The IP address assignment suggests that the VMs are on the same network
> – the Subnet Mask is 255.255.255.0 so surely any devices with an IP address
> of 10.137.2.x would be able to communicate with each other? What is unique
> in Xen / Qubes that stops this?
>
> 4) Is there a way in which the current routing rules can be displayed and
> reset back to the default if required?
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> 

[qubes-users] Re: HCL Asrock X99E_ITX_ac

[Grzesiek Chodzicki]

W dniu niedziela, 23 października 2016 16:22:28 UTC+2 użytkownik Grzesiek 
Chodzicki napisał:
> VT-x VT-D and EPT work, require enabling in BIOS beforehand
> 
> USB controllers require strictreset set to false in order to attach them 
> to sys-usb.
> 
> Motherboard has one PS/2 connector, I don't know whether its a true PS/2 
> controller or a converter connected internally to a USB controller, I'm 
> waiting for AsRock cs team to reply to my query. Will update immediately.
> 
> If you have any questions regarding the motherboard, feel free to ask.

TPM header available, untested.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbdf8996-f9a7-4753-82bf-d207871fad5e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL Asrock X99E_ITX_ac

[Grzegorz Chodzicki]

VT-x VT-D and EPT work, require enabling in BIOS beforehand

USB controllers require strictreset set to false in order to attach them 
to sys-usb.


Motherboard has one PS/2 connector, I don't know whether its a true PS/2 
controller or a converter connected internally to a USB controller, I'm 
waiting for AsRock cs team to reply to my query. Will update immediately.


If you have any questions regarding the motherboard, feel free to ask.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa8a444a-dbcc-4ac9-d200-099bd09754be%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASRock-X99E_ITX_ac-20161023-161505.yml
Description: application/yaml

[qubes-users] [3.2] qvm-block -A doesn't work reliably anymore?!

[David Hobach]

Dear all,

after upgrading to 3.2 (in-place) I noticed the following issue:

qvm-block -A fooVM dom0:/var/lib/qubes/appvms/blaVM/private.img
Traceback (most recent call last): 



  File "/usr/bin/qvm-block", line 151, in  



main() 



  File "/usr/bin/qvm-block", line 105, in main 



block_attach(qvm_collection, vm, dev, **kwargs) 



  File "/usr/lib64/python2.7/site-packages/qubes/qubesutils.py", line 
429, in block_attach 

vm.libvirt_domain.attachDevice(etree.tostring(disk, 
encoding='utf-8')) 

  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 530, in 
attachDevice 

if ret == -1: raise libvirtError ('virDomainAttachDevice() failed', 
dom=self) 

libvirt.libvirtError: internal error: libxenlight failed to attach disk 
'xvdi'


Strangely enough, xvdi still appears in fooVM and can be mounted. 
Attempting to attach another file to fooVM however fails with the same 
error and xvdj does not appear.


More stranegely, it works perfectly on another Qubes machine (same 
kernel, same Xen version, no in-place-upgrade though) I got.


Possibly related: I also noticed that netvm and firewallVM don't always 
start with the 4.4.14-11 kernel on boot anymore; thus I'm currently 
testing 4.1.13-9.


xl info
host   : dom0
release: 4.4.14-11.pvops.qubes.x86_64
version: #1 SMP Tue Jul 19 01:14:58 UTC 2016
machine: x86_64
nr_cpus: 4
max_cpu_id : 3
nr_nodes   : 1
cores_per_socket   : 4
threads_per_core   : 1
cpu_mhz: 3399
hw_caps: 
bfebfbff:2c100800::7f00:77fafbff::0021:2fbb

virt_caps  : hvm hvm_directio
total_memory   : 16048
free_memory: 71
sharing_freed_memory   : 0
sharing_used_memory: 0
outstanding_claims : 0
free_cpus  : 0
xen_major  : 4
xen_minor  : 6
xen_extra  : .1
xen_version: 4.6.1
xen_caps   : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 
hvm-3.0-x86_32p hvm-3.0-x86_64

xen_scheduler  : credit
xen_pagesize   : 4096
platform_params: virt_start=0x8000
xen_changeset  :
xen_commandline: placeholder console=none
cc_compiler: gcc (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6)
cc_compile_by  : user
cc_compile_domain  :
cc_compile_date: Tue Jul 26 11:55:46 UTC 2016
xend_config_format : 4

Dom0 is 100% up-to-date as of today.

Anyone got an idea on how to fix that qvm-block -A issue?

Kind Regards
David

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1f88a6c6-8e85-2598-42d4-1349490b9bb7%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] AEM, no stick ... no boot

[James Bisno]

Is there a way to forbid or obstruct grub from booting up a disk encrypted 
Qubes when grub is loaded from the harddrive, so that a removable AEM device is 
required to load Qubes?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63be512f-7eea-438e-877e-4cbcf3c4e489%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Oct 23, 2016 at 12:56:56PM +, 4p3dkf+6lmws56jxixyk via qubes-users 
wrote:
> Yes, the symlink is in place:
> 
> ls /etc/NetworkManager/system-connections
> 131205 lrwxrwxrwx 1 root root 32 Oct 17 21:17 
> /etc/NetworkManager/system-connections -> /rw/config/NM-system-connections/
> 
> 
> The /dev/xvdb is properly mounted on /rw :
> 
> /dev/xvdb on /rw type ext4 (rw,relatime,discard,data=ordered)
>  
> I don't have a /etc/system directory on my system, are you referring to the 
> unit files?
> For the sys-firewall I'm using the default template - > fedora-23
> 
> When I set the routes by hand via NetworkManager they are reflected on the 
> qubes-uplink-eth0 file:
> (...)
> [ipv4]
> address1=10.137.1.8/32,10.137.1.1
> dns=10.137.1.1;10.137.1.254;
> dns-search=
> may-fail=false
> method=manual
> never-default=true
> route1=192.168.0.0/16,10.137.1.1
> route2=172.16.0.0/16,10.137.1.1
> #---EOF---
>  
> The file before the sys-firewall is rebooted has the following checksum and 
> md5sum:
> 
> 2551335477 425 qubes-uplink-eth0
> 83b37a6b68007838efb1e9e9fbc841f4  qubes-uplink-eth0
> 
> As soon as the sys-firewall  is booted the file with the NW configuration is 
> overwritten :
> 
> [ipv4]
> method=manual
> may-fail=false
> dns=10.137.1.1;10.137.1.254
> addresses1=10.137.1.8;32;10.137.1.1
> #---EOF---
> 
> As you can see the configuration was not preserved.
> Therefore something is clearly overwritten the NM configuration, the problem 
> is to know what and how to avoid it, preserving the NM config.

Yes, the file `qubes-uplink-eth0` is automatically generated at each VM
startup (or changing network options - like switching to different
netvm). I thing there was a comment about it, but indeed it isn't there
right now... Anyway, your options are:

1. Create new connection with different name and set routes there.

2. Modify routing table (or NetworkManager settings) from
/rw/config/rc.local, or /rw/config/qubes-ip-change-hook.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYDL+jAAoJENuP0xzK19csqqoIAIcN1VAv4btJWY9xPYSqLsBH
0RuD+4wew2c1cpLF8w7yp+4WKeSXTJIdztnSYen6Ic8Ce4Ugr+86br2z74O0z6+O
ic8cyDC+urVDWTzfxvX4CjHcSWV4e7OF9zNWHNKkJHHPsJKChmVR9Q9DuvXDOTG9
xkcy+pDCVc1fPrwrYc/6SvQ6q1kic44X3K6piZkJMas55eNOThRLDpqirSi/aGZQ
oSIkUpFrHDdWTWG7ULWWt+CwZOoNlt3Tr8NVuir7YHTOxSTjhqNDXsKHM7YRGdBO
w+Klxv5MuOXTmTRk3LwYkbGdHV1JxlSavY5s0I59C1NjvsFgsVpQCt1SQxGPc40=
=0wZ6
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161023134819.GU1136%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Windows Tools 3.2.2-3 released

[Grzesiek Chodzicki]

W dniu sobota, 22 października 2016 15:26:08 UTC+2 użytkownik omeg napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Hi all,
> 
> We uploaded a new version of Qubes Windows Tools (3.2.2-3) to the
> current-testing repository.
> 
> Changelog:
> - - Updated Xen PV drivers to be in line with upstream
> - - Private disk image is now initialized during setup making the
>   install process require one less reboot
> - - Added handler for qubes.OpenURL qrexec service
> - - Fixed a bug that could make moving user profiles to the private
>   image fail if there were files with ACLs explicitly disallowing SYSTEM
>   access
> - - Fixed handling qrexec service requests for non-existing services
> - - Minor log readability improvements
> 
> - -- 
> Rafał Wojdyła
> Qubes Windows Tools developer
> https://qubes-os.org/
> -BEGIN PGP SIGNATURE-
> 
> iQEcBAEBCAAGBQJYC2jwAAoJEIWi9rB2GrW7/7cH/jx9JY5UozOG0hQC12J+clcb
> RagLMypHGSg/0awxal1FpQar/TUS8uxPcoym6PEeWQliNTko5F3QYBVm49yl5R3c
> GY13+bp3lQB9Iaj3pXAU2il5WJ0ZQmxPj6tISMMNQLIJs0/mADUuvuw9hJaiOfNR
> Ho2WCv2eM4gnaJxKKhcZOlgX7abApHZreBaZkMxLpe4oZFHyYr/yH8bFOTIc8jGw
> rP/nLGUjoUrMIZMyRlC7SMjafLbRDRCbN4RoRRsrIgbh/6NvoGLBU7qbnnmPE6Y0
> ZfJWusvUrCLuO5c/+Ckbl+FnpItwqzmx2Q9Gj7Qxfprk2zLa+sb0UA+H/muZ5w4=
> =ow4Z
> -END PGP SIGNATURE-

Relocating C:\Users fails consistently on my machine. Following error message 
is printed in the relocate-dir file:
[*] Start time: 2016-10-23 13:18:43.644
[!] FileGetAttributes(C:\Program) failed: c034
[*] End time: 2016-10-23 13:18:43.832

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9518fa4-c483-46ad-8373-ea18999fc390%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Persistant routes on Qubes are not persistant?!

[4p3dkf+6lmws56jxixyk via qubes-users]

I'm sorry for my bad temper, but given the amount of days that I'm involved on 
this issue, waiting for a simple reply (since this is inherent of the Qubes 
design and therefore easy to answer by any of the devs) I got a little 
frustrated.

I didn't mean to be rude/aggressive/impolite/disrespectful in any way nor 
making inflammatory or baseless accusations. 

So my sincere apologies for that. 

Regarding the Qubes main page, I was not aware of this discussion. I was simply 
baffled by the lack of the 'help' section and erroneous concluded (based on 
this and the lack of reply from anyone from the official team) that the ML is 
no longer supported.

Again my apologies for that.


As for the issue it was outlined in details in this thread, (and I did respond 
to JJ with the detailed description of the issue, which I'm quoting below):



Yes, the symlink is in place:

ls /etc/NetworkManager/system-connections
131205 lrwxrwxrwx 1 root root 32 Oct 17 21:17 
/etc/NetworkManager/system-connections -> /rw/config/NM-system-connections/


The /dev/xvdb is properly mounted on /rw :

/dev/xvdb on /rw type ext4 (rw,relatime,discard,data=ordered)
 
I don't have a /etc/system directory on my system, are you referring to the 
unit files?
For the sys-firewall I'm using the default template - > fedora-23

When I set the routes by hand via NetworkManager they are reflected on the 
qubes-uplink-eth0 file:
(...)
[ipv4]
address1=10.137.1.8/32,10.137.1.1
dns=10.137.1.1;10.137.1.254;
dns-search=
may-fail=false
method=manual
never-default=true
route1=192.168.0.0/16,10.137.1.1
route2=172.16.0.0/16,10.137.1.1
#---EOF---
 
The file before the sys-firewall is rebooted has the following checksum and 
md5sum:

2551335477 425 qubes-uplink-eth0
83b37a6b68007838efb1e9e9fbc841f4  qubes-uplink-eth0

As soon as the sys-firewall  is booted the file with the NW configuration is 
overwritten :

[ipv4]
method=manual
may-fail=false
dns=10.137.1.1;10.137.1.254
addresses1=10.137.1.8;32;10.137.1.1
#---EOF---

As you can see the configuration was not preserved.
Therefore something is clearly overwritten the NM configuration, the problem is 
to know what and how to avoid it, preserving the NM config.






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5623f6ad25a81d84876b7f619828db8b3247%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Persistant routes on Qubes are not persistant?!

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-10-22 16:23, 4ok80g+4fl8s3n7pesd8 via qubes-users wrote:
> So far not a single soul from the qubes project has mentioned a single word 
> about this and this is simply unacceptable! This mailing list is been 
> abandoned! 

Please review the mailing list guidelines:

https://www.qubes-os.org/mailing-lists/

I'll make a few points explicit:

1. No one owes you a reply.

2. If people don't know the answer to your question, they're very unlikely to 
reply. That doesn't mean your message is being ignored. It just means that no 
one who has had time to reply knows the answer.

3. The devs who are likely to know the answer to your question are very busy 
working on Qubes. They can't just drop everything to answer every question that 
comes across the mailing list. If they were to try, no development work would 
ever get done. Sometimes, they don't have time to respond to certain messages 
on the mailing list for days or even weeks. You have to be patient. Even then, 
there's no guarantee that your question will be answered, because no one here 
has an obligation to solve your problems for you (see point 1).

4. If you want people to help you, should (a) be polite and (b) make it as easy 
as possible for people to help you. Repeatedly bumping your own thread in a 
short period of time, then making baseless and inflammatory accusations is not 
very polite.

> Point proven - all the contacts for the ML and the help section were removed 
> from the main site. The page https://www.qubes-os.org/help/ is now redirected 
> to https://www.qubes-os.org/doc/ .

That was part of a website reorganization that has been under discussion for 
months. See:

https://github.com/QubesOS/qubes-issues/issues/1833
https://github.com/QubesOS/qubes-issues/issues/1841

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYDJUXAAoJENtN07w5UDAwSj8P/2zv1SzRpYhhd7jhmgbwXMKz
wcOZNy5Vh4v5XteyHg7J8hRBSm50ty0gkZ9iLpXqDTBUZA/G87VFII/KyLkkPF9D
BhQbi04ZJNDyaScxtWxhhsgByCgG7gzQYbQ7eTKEEWq7f1veCjfFgjTJ+WWwqDm8
/T1OZfWHyRI8xvuaUbUlaeGGlRFCfNkbIQy7Pe28XChPWR++nbrVoEa/XiyfLAT/
pAvuVBQhgWCChf2vYKkTa7mH/RLXk9J26WvBT3UDX0q+DEuvEdRC2XioOu1FJb/X
tJ+y0NTE931pE51QhUEtTNOD6eEK9gtp7DN3hgbssKliTol+Q09PoDknv2Ecf7AE
Pxe4/OabReJ7wCAChpIIxLISZzX81S57zjS5KBbz66Itd8es21mwj8uTuGSGHGgt
Uus3CqxG+QEnQPjP5QZQJ8xTxjqNoxr+bTiOtWzXdcqwAoshiFH2+rUs017Qjq0C
zAdxsn/mHVVOspqRM6cNLAI1MWViIFrmgmgnvBFEZXr1CMZbjb2OgolFMQOXSDOt
xD+tAbH5QOJyQ1aK/uZUYjD4BlGcKpriVvwjFmUhPJPotmy6PR6qWHE8klUGpZsR
0436mSU8U2nGg9ZKesGXk6/HwPnIO5Lpe1vDYPxjkAkjgaXm4jGvMDBTYanc+KwP
8acYlSP/TshmG9yEUwqq
=Zznw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56c2f55a-8d19-75cb-d9f7-363608395179%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can't figure out how to install a couple of things in dom0

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-10-22 20:03, cestar...@gmail.com wrote:
> I need to install the following things:
> 
> Krita 3.0.1 (I tried to use the appimage that they provide but I get an error 
> about not finding something like libfuse.so)
> xorg wacom tablet drivers
> 
> And although this is not quite decided yet, I may or may not need to install
> Nvidia Proprietary Drivers and Optirun/Bumblebee (On a laptop)
> 
> I know the nvidia thing is in RPMFusion but I'm not sure if I should just add 
> the rpmfusion repository the same way I would on fedora 22 or if there's a 
> qubesos specific approach for it.
> 
> My only ideas for getting my hands on the other two packages was to enable 
> some fedora repositories (like rawhide which has the krita package I need) 
> and then install them from there, but I'm not sure if that would be a very 
> good idea. The reason I need krita on dom0 is mostly for the hardware 
> accelerated graphics capability, since it's just a digital painting 
> application I don't see any harm in having it on dom0 and if I run it from a 
> VM it'll of course run slower.
> 
> How should I go about achieving this?
> 
> 

Does this page answer your questions?

https://www.qubes-os.org/doc/software-update-dom0/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYDJJaAAoJENtN07w5UDAwArAP/jTp/wXWRCK2DSVCg+7xP/jR
WTJ9gZpnxrcA2VcGXXpwnKkkmfjZ112u1JRIIe/mteQOB/Ub4eDwV9kKs8zwsko1
rNXeb0fsqU7XcKfjdrKi3sMQ+nwK5hLZWZjNzS5/QNKcxrn0fYbmy/A1aGJhLk+8
YwgGhcSLIqYn812NH1JFn4Vs7oQj0eyND+cN04JJAwb4oxPZK1zpzx5NcCmNkPtr
xgv1+7Wb2U4k1ngRclqz8l900upBKw9Bq2STvpycqD6J8Ji0wJmgHLrcv0HAQd1+
XEGPUWLLgZt50rsUmHm9L3aIBE7/kAF73DrgVA6yC2+n1PwCYwhFUaxWiI69S4N7
neF4oUzuO3aH9k0Hc4spHeogD8EZty+w5n7HQ2dT1/N9qEl0+gBoeKZrq0hRLbd3
j25WZacDTCzfeoS0+ki7z04NGUEfk9hZBR51UtpxpDLuFGXGtYdu7GWtjd5U9JTW
9vpM4OWqrclCgH39kEFnhpBJlyDrZuP8eujOUzUbZBSjxZ95voAH+s7JUNr9bd4b
qURmqVD/guTkiWkVNaprWV1u4IEnRsN82GlFg8oEnTJD/gBs+R9m4MLQGwdzRX3P
4Z++7pNbjwsmqJVNQ35ELY+YDni7SOzzhOTh/B9qMCTAd9V6xkhXu5iHwaiF8JFd
ni38yU5io2tSQhcLAROU
=6Uk2
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a40bf29-b5df-75ca-59c9-8015cac322fe%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Future plans for KDE on Qubes?

[Achim Patzner]

Hi!


After a few months of severe suffering from xfce on a HiDPI display I
gave in and installed @kde-desktop-qubes on my system – and I'm pretty
sure I don't want to see xfce for the next few years. Title bars have a
usable size (something that cannot be configured in xfce without
building your own themes), icon aren't scaled randomly and fonts are
finally looking as they should. And third-party software like Softmaker
Office is finally working as expected. So: Will there be support for KDE
beyond Qubes 3.2 or will I have to plan for carrying a third machine for
my office work space?



Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/776d86b7-4e65-cfa8-e624-5e1e50c6f983%40noses.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Trouble with enabling networking between two Vms

[Max]

Hi,

I am a new user of Qubes OS so apologies in advance if the question here has 
been answered already in a separate topic (there are similar issues) and I 
haven’t discovered this or it is not one suited to this mailing list. I am 
running Qubes 3.2 and attempting to ping from one VM to another VM, 
specifically from a Standalone Windows 7 VM to a Qubes VM based on the Debian 8 
template.

All my VM’s were initially connected in the default manner i.e. to a 
sys-firewall and through to the sys-net VM, both of which are Fedora 23. There 
are no firewall rules on these VMs restricting which IP addresses can be 
accessed.

Current status:
- I am able to ping from my Windows 7 VM (10.137.2.19) to the Firewall VM 
(10.137.1.8) using the IP address visible in the VM Manager

- I am unable to ping the Debian 8 VM (10.137.2.18) from my Windows VM. 

Steps taken:
1) I followed the instructions here 
(https://www.qubes-os.org/doc/qubes-firewall/#enabling-networking-between-two-vms)
 and in the firewall VM’s terminal enter the following iptables rule...

sudo iptables -I FORWARD 2 -s  -d  -j ACCEPT

… In VM B’s terminal (Debian 8) I entered the following iptables rule...

sudo iptables -I INPUT -s  -j ACCEPT

...but from here when using the ping function to my Debian 8 VM in the cmd 
prompt in Windows, all packets were lost.

2) As this was not successful I attempted to see if I could connect to VMs from 
an external machine and followed the instructions here 
https://www.qubes-os.org/doc/qubes-firewall/#port-forwarding-to-a-vm-from-the-outside-world.

The Eth0 IP address (192.168.1.6) appeared to be what I should expose the 
service to.

I put the below rule in the sys-net VM’s Terminal...

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -d 192.168.x.x -j DNAT 
--to-destination 10.137.1.x

...and this rule into the sys-firewall VM’s Terminal

iptables -I FORWARD 2 -i eth0 -d 10.137.1.x -p tcp --dport 443 -m conntrack 
--ctstate NEW -j ACCEPT

But using ping or Telnet resulted in lost packets and failed to increase the 
counters when using the iptables -t nat -L -v -n command in the sys-firewall 
VM's terminal.

3) With this not being successful either I attempted to add a “sys-proxy” VM as 
described here 
https://groups.google.com/forum/#!searchin/qubes-users/intervm%7Csort:relevance/qubes-users/lA2SgPcV9fU/U969uapYAAAJ
 and entered the following in the new sys-proxy VM's terminal:

iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d 
$intervm_internalnet/24 -m state --state NEW -p tcp -m tcp -j ACCEPT

iptables -I FORWARD 1 -i vif+ -o vif+ -s $intervm_internalnet/24 -d 
$intervm_internalnet/24 -p udp -m udp -j ACCEPT

After this, I was still unable to ping the Debian 8 VM from my Windows VM.

Questions:

1) Are there any obvious errors in the steps I took and does anyone have any 
suggestions how I can resolve this issue?

2)  There are a number of other incidences of what seemed to be a similar issue 
here: 
https://groups.google.com/forum/?nomobile=true#!msg/qubes-users/59kOjfQFBI4/bjS47-jJJgAJ,
 https://groups.google.com/forum/#!msg/qubes-users/vSyUaOSloYU/ONZNJlhrBAAJ. 
Are the enabling networking between VMs steps described here still correct and 
applicable for Qubes 3.2?

3) The IP address assignment suggests that the VMs are on the same network – 
the Subnet Mask is 255.255.255.0 so surely any devices with an IP address of 
10.137.2.x would be able to communicate with each other? What is unique in Xen 
/ Qubes that stops this?

4) Is there a way in which the current routing rules can be displayed and reset 
back to the default if required?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0514e15b-950e-4636-95f7-849fc5671fc1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Most Secure way to encrypt your usb stick ?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-10-22 05:09, lakschmi wrote:
> have sensitive data on your usb stick?
> 
> whats the best way to encrypt/decrypt it?
> 
> 
> 
> normally I use whonix-ws pgp and encrypt every file but Id rather have a 
> different method
> 
> 
> 
> is there a way to install the tails os ecryption system in qubes os?
> I prefere it over the whonix workstation system.
> 

My personal favorite is to use LUKS via the `cryptsetup` command. Documentation 
is available with `man cryptsetup`.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYDHCCAAoJENtN07w5UDAwdDIP/ixz7F+2NRc+/y9SJX+GNBUk
M1hhNCUGzpqp3WsHayUh14dDr6NsYjLydvaeUnsDn1iV31t+0HTCzzKYRRANQIpk
XeiHNALG/IIhKbYB5aTuY4C1hckBSC1etyqdSjxjT4Co/roqMyMGj6FUyMo0bw3K
ZusOXG9zQT+e9l2BGKOOlLFONIRyt7e6RoEqBPm+Gg205g+JLo+PRXu7VzvBo+Di
zW7kA/O78M7kcYYVt3GhkmFXqRZJjepRmW84dTTnl6Pjc3l1lkuNtEYti/+zh6MP
NwNDTXDp6BEg8cZZp1tXeFuCPzKSAlr14xBZSjpEn8ODJswgzEfuj5xOoq1jfJc5
3zoYUeKchWAsb9zA8luQbyp9a844th3rxpXyhB9Oe6qTj5JPV/nlW9XiJmus/kPw
fYBQCg5+bQDRUUf6JZSoXGIJIR8xnv6P+oAzlK0t/j9z6eCr9d+H3BM039uzmZSY
NXTx4EvxsK6+f0KEB3wGzt5RRz3QvwdpqSLLxIyw4X7SQHGuy+4pme6tLVfjlu7c
GwYLwWdw/4Zyj6Kd2hPkwIp3nOheIOE33yOegkeaOYqqvv8gPm6/WI2N5KQYriKL
thfbIeu4hcrKf1KKC2DVLoXHqkufRupwm5FSIe+/scaMq7HZkil6eHaDCyCiSAsx
VhocQhQOpp/D261Xs0Kx
=Idh/
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9eca6c8c-2936-b107-ae72-f0a6c7296e43%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Security announcement mailing list? [and others]

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-10-22 12:56, Marek Marczykowski-Górecki wrote:
> On Sat, Oct 22, 2016 at 09:56:07PM +0200, Marek Marczykowski-Górecki wrote:
>> On Fri, Oct 21, 2016 at 08:50:20PM -0700, Andrew David Wong wrote:
>>> On 2016-10-21 15:47, Franz wrote:
 On Fri, Oct 21, 2016 at 4:00 AM, jkitt  wrote:

> Shouldn't a security focused distro make security announcement in a more
> direct and urgent way? I was surprised to find that Qubes only had a
> 'users' and 'development' mailing list.
>
>
>>>
>>> Marek, what do you think about having a no-reply "qubes-announcements" 
>>> mailing list?
>>>
>>> Messages sent from qubes-announcements would also be duplicated to 
>>> qubes-devel and possibly qubes-users so that people have a chance to 
>>> discuss and ask questions.
> 
>> I'm not sure if it worth it. There is not much such announcements. On
>> the other hand, this may be exactly the reason for having a separate
>> mailing list for this. For now, we have already some non-email channels
>> for announcements:
>>  - @QubesOS on twitter - every security and release announcement is
>>duplicated there
>>  - https://www.qubes-os.org/news/, with its RSS/Atom feed; but we don't
>>link security announcements there - maybe we should start?
> 
>> If you think additional ML channel would be useful, then sure, we can
>> create one.
> 
> "would be useful" -> "those existing are not enough".
> 

The main reason to have such a mailing list would be so that people who
don't want to use Twitter or RSS, and/or who want to receive *only*
critical updates via email can have a way to do so.

Some people might be opposed to Twitter as a platform. Probably fewer
would object to RSS, but it might be inconvenient for them for one
reason or another. Both Twitter and RSS include many non-critical
updates.

I don't know how much demand there is for the ability to receive only
critical updates via email. If there's high demand, we should do it.
If there's little or no demand, then it might not be worthwhile to saddle
ourselves with the additional overhead. The problem is that we don't have
any data on which to base the decision. Shall I create a poll?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYDGAGAAoJENtN07w5UDAwl4wQAJorbpnBb9QtNxLJ4foD6MTp
h2l/RaH2P75w58aTHP2/VA2LM3mVvkqzQI+cstKdmEoEkMSiuZxKG0+/zUYBvkfl
BauTumkpexJQ1OPjn0uu2Foee4v7l2a46XLzHdGTXmfKUL6953JSH/Dm+zY8waJj
F1S9cPkw0/HDvoGiVUso5qDxnv2UO/uCK/1ivR06SCvnfWR3AeE5iS+BZaNFZ1wC
Vf76fFdCqfuqfhG9bxjcz7zJnK5epaLVnoiaCR4t9XpKFgAwfPcpDIfyGPaoECKb
6FlltXKxjgb1WyV+XqnMLgTzwELTlkAGeDtkTEfnDrw1S74xdZNpDznPzIpqlJEr
9BQmcDucsnPX6ehNRU/ygHeV6zaDLjHyqCTBc9Bwt1ug6CRal4vR2iK2OPRp91pS
AZRIyBeW2Z4ysSe8FxgQoo25QI6cWtmM6PrXxp7XvexZJADpPBPPAB1fwE4A1bcD
ShjeuIXEyqZD59xNU+IN3D7qnG0cNRSB7kKfoXHKkVCogQfH2tXvDjzxLpE4nn1a
mO9blcJYc97hhBxhIhtUJEMdLSDL/bv8Evg8EUve9U1D5jOk9mr2Mq8pGcq80tGy
rJETaiqCzNQKvToJm9fc//YQrp1CWfeaX14FZY9Wrl/o1sy7gZArWEW3gVHJwWun
p7yGN78z6AP1oyS2XuPh
=vQ+J
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fb5a616-8f69-f1fa-4fe4-465df3912277%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.