RE: Re: [qubes-users] RE: Thinkpad p50: Qubes installs but won't boot

2016-12-20 Thread 5n5mmm+eads11axkyi28 via qubes-users
Thanks for your help, Andrew. I did indeed check and the signature says its 
good and signed on Sep 2016.






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/651e401ab8f24cbd332a982514312e0d3e56%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes Security Bulletin #28

2016-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Dec 20, 2016 at 12:37:21PM -0500, Chris Laprise wrote:
> Regarding the "Alternate Patching Method" using normal apt update: Its
> possible the template was attacked via updates even before the bug was
> announced, or sometime between the Debian announcement and now. The "check
> InRelease" only helps if the attack occurs only during the next update and
> not before. Otherwise, the user has no way of knowing if their template has
> been compromised before doing this special update procedure.
> 
> Replacing the template as described in "Patching" section provides much more
> certainty.

Yes, exactly, both are true. This is why for more trusted templates it
is recommended to replace them. And why this method is the primary one.

But for less trusted (like those you may assume being compromised
anyway) it's ok to ust "alternative" method. For example I have one
template which I use only for stuff distributed as not signed tarballs
only. I'm fairly sure there were far easier methods to compromise this
template in the past. And I use it only for some testing VMs.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYWW8gAAoJENuP0xzK19csR10H/jAKT5S3yS5b5hMZZ7DbFWYK
3OncMxl+Tcca336Xn96ekP2othIWgpLfqaRgrSr9wtAIlZST9/97Wf/4jI8OcIFy
2KHR4CfUb/hAhG8nfEGdBrSc103l8/YVDuOMQYY7ndUxX8SKCB45278VBiCAXtNH
xp7rVxwfIM8+g+HOIdqTdBXudjtGFcHP5RSVBwzmUU2KCXAuTtYLyWkmZLRLGg5A
zi9QaWbvvwD/Kpxo0vuljW26JS3FoB+9/pxgawcFRWk+A263enV9K2/6tL5cJaQP
SoxRzGhsYUQwJf8lqTrlUAEgVmB0rs6nrDBQPNQz85cCRWDg5D/tpxYcLH/sOkI=
=jh0W
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161220174919.GT1239%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Split GPG: thunderbird+enigmail stopped cache password

2016-12-20 Thread 5n7xyb+qphld0j5ytif4l via qubes-users
Hi,

I'm also facing the same problem. The split-gpg no longer caches the password 
through the set timeout on the QUBES_GPG_AUTOACCEPT variable.
I also don't want to remove the password from my private key since I used it in 
different devices and I don't want to use a different template as I have many 
things installed on my debian 8 template. 
This stopped worked recently after an upgrade. Is there any way that this could 
be restored in the same state as it was working before?
In addition, does anyone knows how can one use the latest version of enigmail 
with thunderbird? The only working version of enigmail is 1.8.2 (it seems that 
this is a limitation from the split-gpg).


Thank you






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/932f1f30b47e9833826eaeaddef43c925440%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Jean-Philippe Ouellet
If I understand correctly, it would be completely useless.

The point of AEM is ultimately to somehow authenticate the computer to
the user, rather than the more common direction of authenticating the
identify of a user to the computer (which IIUC is all that U2F can
provide, where in the U2F case "computer" is usually intended to be
some remote web service).

There is some discussion of how one-time-passwords could be used as a
defense against evil maid attacks on page 37 of the Qubes arch spec
[1], but this does not generalize to all 2-factor auth mechanisms.
Specifically, it relies on the ability to produce successive and
predictable secrets, whereas U2F relies on correctly replying to
signing challenges.

Unless you can come up with some cryptographically-sound way to
integrate the information provided by a 2nd factor as a hard
requirement to complete the secrets-unsealing-at-boot process, then
the evil-maided computer could simply say "Yup, everything is okay,
thanks" and you'd be none the wiser.

[1]: 
https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf

On Tue, Dec 20, 2016 at 10:22 AM,   wrote:
> I was wondering how much additional security this could give AEM if it 
> supported adding Fido U2F as 2FA. it wouldn't require external services like 
> TOTP and other variations. Additionally it would dramatically slow down an 
> offline attack and greatly increase the cost to do it.
>
> What do you think?
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/c3c106c8-d308-48a7-b1cc-240246a0f2d0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_BEm4BAiz5uUZuUe-q1Fa_LXSQyvzkqgZFaNioCqDVGyw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes Manager Q4.0 groups

2016-12-20 Thread Jean-Philippe Ouellet
On Mon, Dec 19, 2016 at 6:13 PM, Eva Star  wrote:
> Hello,
>
> Will be issue with a lot of virtual machines fixed at new Qubes Manager at
> Q4.0?

I also have lots of virtual machines, and this is a problem I intend
to address eventually unless someone else does it first ;)

> Now it's not possible to use QM if there are too much VM created at the list
> (hide by the monitor height, no scroll,

I wonder what version you're on, because it is definitely bounded by
monitor height and includes scroll now.

> and it's hard to search for VMs if 2-3 created for some one task.

Which is why I implemented search functionality. Update to
qubes-manager 3.2.5 (from -testing repo).

> I'm about groups and _sub-groups_ for virtual machines (like folders on the 
> disk. + setting for group to setup default state:collapse or expand after 
> boot or remember last choose)
> It will be comfortable to group them and hide not every day used VMs.

This has been on my mind too. There are various things which should be
implemented first though, like arbitrary metadata for VMs[1], and the
complete qubes-manager rewrite[2].

[1]: https://github.com/QubesOS/qubes-issues/issues/2388
[2]: https://github.com/QubesOS/qubes-issues/issues/2132

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DrdgSgvPC%3DR%3D0uKNBbh5bovytY%2B1bg_SPKJmjRbDttqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Split GPG: thunderbird+enigmail stopped cache password

2016-12-20 Thread Jean-Philippe Ouellet
On Tue, Dec 20, 2016 at 3:08 PM, 5n7xyb+qphld0j5ytif4l via qubes-users
 wrote:
> I also don't want to remove the password from my private key since I used it 
> in different devices and I don't want to use a different template as I have 
> many things installed on my debian 8 template.

Using a separate (minimal) template may be a good idea regardless
simply to reduce the number of things which must be trusted to not be
actively malicious in order to maintain the confidentiality of your
pgp key.

I have several templates ranging from "extremely minimal" to "kitchen
sink" for exactly this reason, and would recommend the practice for
its own merit regardless of split-gpg / enigmail / whatever.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_Du8jtkJuVExTxfMrk5nNibXSbQhez2V%3DS8u%2BaPtdbncg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] anybody elses chrome having trouble playing media files at times.

2016-12-20 Thread raahelps
I have to reset preferences.  even deleted the vm it comes back. for example 
bandcamp or soundcloud, you click and nothing happens, it constantly tries to 
load/play but nothing.  I'm ready to go back to firefox for a while again but 
unfortunately firefox don't work fullscreen,  so we kind of stuck with chrome 
on Qubes.

I've always switched back and forth over the years on baremetal o/s's.  
Sometimes I feel its necessary.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3234755e-8bda-478f-947f-2823efc45ab1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote:
> On Tue, Dec 20, 2016 at 10:22 AM,   wrote:
> > it wouldn't require external services like TOTP and other variations.
> 
> The reason TOTP isn't useful is not specifically because it requires
> an external service, but because the passphrase to be used on the next
> boot is not known the previous time the computer is running, so it can
> not re-encrypt the disk with the next passphrase. (Or really,
> re-encrypt the key that key that encrypts disk - re-encrypting the
> whole disk is simply too large of an operation.)
> 
> The reason things like HOTP or S/KEY are viable is because each next
> passphrase is predictable when knows the secrets they are derived
> from.

In addition to all the points you've raised, there is one more: it's
hard to make OTP really one-time in AEM threat model. If someone gets
physical access to your hardware, he/she can make an offline copy of the
(encrypted) hard drive. And then, when you enter your OTP and it gets
intercepted by evil-maid type attack, it doesn't matter that the
password can't be used again on your machine. It will work for the
offline disk copy made earlier. If you combine it with some TPM-based
sealing, you only raise the bar by requiring the decryption happen on
the same hardware.

The key point of *AEM* is authentication computer to its user (before
entering the password), not the other way around.

Adding some sort of 2FA may make sense, but it's orthogonal to AEM.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYWaeGAAoJENuP0xzK19csDVcH/RRxgHGZmTPZ6GTWWF0Pm7Ch
Keijenz6RYeTGEJx7Uvbfog7VKvd7u9TJQW4zsxGl6FjU6Vu7zSHtJgoLD1Vc65P
d3dFbnrTL76CPELe9gTnxngBKTZstWGxOFGB3m7Tiwrs2/fl9BRoIyEI9vE43DWK
bbRhnupK7kYJidCGDugmprVBqoIYvm24fLUDbO9rY1eJYp5nqrtO13U7HBto4w+V
Z2QzUFKZsXZzyl4d/3kil97rwMCIedFds7lgDSQ9dupEkTRiF2L7TZnBgOCL2iLA
sUKTD89O4cMDwNSC8DQneWNxJh+3lh+esJGU5gGIF9/DD0l73ZuSBO2sQhwGIDM=
=qhNk
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161220214957.GA15128%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Jean-Philippe Ouellet
On Tue, Dec 20, 2016 at 4:00 PM, Jean-Philippe Ouellet  wrote:
> Unless you can come up with some cryptographically-sound way to
> integrate the information provided by a 2nd factor as a hard
> requirement to complete the secrets-unsealing-at-boot process, then
> the evil-maided computer could simply say "Yup, everything is okay,
> thanks" and you'd be none the wiser.

And even then, the existence of a 2nd factor does not somehow make the
computer more trustworthy. The existence of some external token says
nothing about whether or not your computer has been modified.

What 2fa in the context of evil maid attacks is specifically just
eliminating the fact that there is a static password to be exfiltrated
via an evil-maided computer, optimistically seeking to somehow
diminish the usefulness of a captured and recovered passphrase (by
re-encrypting your actual disk encryption key under a different
passphrase for use on subsequent boots). It does now somehow detect
that your computer has been evil-maided, nor prevent it from being so.

(Also, sorry for top-posting last time.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_BuT5q%2BBCGDRL1qfJGFVkW-1RLs0gSmoK7_OtcO%3Dqqvsw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Redox OS

2016-12-20 Thread Jean-Philippe Ouellet
On Mon, Dec 19, 2016 at 11:56 AM, '103948'109438'0194328'0914328098
 wrote:
> the new rusty security OS, RedoxOS

Neat!

Thanks for pointing this out. I was not aware of it.

My favorite of your random links so far :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_A%3DQFZ7euccg%2BUgse-TLwRdpWX-NNufgqihMbtiADK73Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anti Evil Maid Idea

2016-12-20 Thread Jean-Philippe Ouellet
On Tue, Dec 20, 2016 at 4:09 PM, Jean-Philippe Ouellet  wrote:
> It does now somehow detect that your computer has been evil-maided, nor 
> prevent it from being so.

"does now" should be "does not"

It's been a rough day >_>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_DQF5G7xUzncYOUe1Wioq%3DaNGkc%3DbcF2mhhUus0fH0_JA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Unable to install qubes... (Intel GTX 970 problem)

2016-12-20 Thread Rob
Hi Andrew,

That is great, I am getting further.  I now know to investigate the Fedora text 
based installer (Anaconda).
I would be happy to try and report back on the Fedora bare metal install, as my 
laptop is new and has nothing on it yet (hopefully Qubes soon).
Do you happen to know what version of Fedora is used for Qubes 3.2?  - as I 
have successfully installed Fedora 25 Workstation (which is the latest), but I 
am guessing Qubes uses an older build.

Ideally, I would like to install Qubes-OS latest version (not sure when v4 will 
be released).
Pretty sure the reason why my laptop is having installation issues, is that it 
has an Nvidia GPU and until the installation is successful, I can then try to 
install the Nvidia drivers onto Dom0.

The guide does not say much at all about the installation (unless the GUI 
installation asks no questions and just works).  All I am saying is it looks 
like the installation can be hit or miss, so I am surprised that there is not a 
guide for those more complex installs, as opposed to the easiest install, where 
there are no issues anyway.
I will be happy to assist in getting a basic guide written, once I can get 
Qubes installed.  - This can then get fleshed out with further input from 
others.

Previously to this post, I was just Googling for clues to help me install 
Qubes, however, I am now subscribed to this "Qubes-Users" group and I can now 
see that there is a lot of activity.  Although, my initial comment regarding 
development was more regarding the installation side of the OS.  As it does (to 
me) appear to be lacking, compared to other Distro's slick installation.  I am 
guessing this is more to do with the incorporation of strict security and the 
inclusion of Xen.

I will now look into disabling the LUKS section of the Fedora install.

Thanks for your reply,

Rob.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0de4fc7-1e1d-45a4-a170-2f78a8108fda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread Chris Laprise

On 12/20/2016 06:57 PM, Mike Mez wrote:
This is/immensely/ helpful. To reiterate... to make sure I understand, 
with "windows problems" easy is easy and impossible is basically 
impossible (which I can say with experience is fairly on the money of 
my experience as well). With Linux, the difficultly curve of problems 
are kind of inverted when compared to windows. The easy problems are 
now stubborn, while the really hard programs are now possibly easier 
courtesy of established documentation. While such might not be true 
for all cases, of course, generally this is the jest of what to 
expect, yes?


I would say on Linux/FOSS the easy problems are less stubborn than they 
are "easy to find solutions but require steps that are more annoying or 
tedious". But there will be times when you will think "that was much 
smoother than Windows", no doubt.




Furthermore, unlike windows, the GUI in Linux is less of an operator 
then it is in windows. The way to go about things in Linux is the 
command line interface, which may make problem solving initially a bit 
more... problematic for those who only know how to move around in a 
GUI. So I being a windows user might what to look up on that.


Qubes seems to use GUI examples where possible. It has a stronger notion 
of a "default GUI" than most Linux "distros" do. Linux distros have a 
strong tendency toward showing solutions in the CLI because they assume 
GUIs will vary a lot depending on what the user has chosen.




You also mention "just because PC... doesn't mean it will work", which 
I am already aware of, but thank you all the same. I'll make sure to 
look up the Qubes HCL link.


Finally, I don't have the available cash to buy multiple variants of 
particular models or brands of GPUs nor am I able per say to 
experiment with other models in a process of trial and error, through 
I would certainly like to give it a shot if I could. Fortunately, what 
I do have is knowledge of places to purchase parts which have a 
stellar return policies. So, that may be an option. Honestly the only 
people I know of that have that kind of capital are the ones that do 
it for a living on YouTube like LinusTechTips, Bitwit, and Pauls 
Hardware. Oh so much to do... so little to do it all. :/




I see people now and then on the list who fight with incompatible 
hardware, and keep putting themselves through misery because they think 
its either Qubes' problem or due to something they just missed somehow. 
They assume wrongly that hardware is some kind of smooth, blank slate 
and don't realize that adding Xen to the equation in the particular way 
Qubes does takes the somewhat constrained compatibility of Linux and 
narrows it down much further. Systems that work best use middle- and 
high-end Intel and AMD chips for most functions, like Wifi and graphics 
and audio, and have fewer BIOS bugs; These tend to come from the 
business lines of Lenovo, Dell, and HP.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/72870dcd-db45-252a-72ae-1b97a05d3150%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread taii...@gmx.com
I would get the radeon definitely, AMD is more foss/linux friendly than 
NVIDIA as well.


Things to get:
a kgpe-d16, the best available g34 socket 16 core opteron 62xx CPU in 
your price range off ebay (such as 6284SE, 6282SE or 6276) and 32GB DDR3 
ECC RDIMM RAM (I would go with 4, 8gb sticks for future expansion) and 
you're good to go assuming you already know how to assembling a computer.


Whatever you do don't buy a motherboard of ebay or an open box 
motherboard as you won't get a warranty and this is a $400 mobo (but 
balanced out by the cpu which is only $20 if you don't want a max high 
performance special edition "SE" series)


I would get a 4U SSI-EEB supporting case and a tower cooler, you also 
need 4pin PWM fans if you don't want them to run at max all the time 
(use pwmconfig/fancontrol commands)


Any recent amd graphics card will support function level reset 
(important) and if you buy AMD then you're good to go no error 43, no 
need to have to return stuff or what not, it'll work.


Like I said any questions feel free to ask me or the list (ADW is a busy 
guy tho :P)



PS: So you know gmail mines your emails to build a marketing and social 
profile (what you like to buy who your friends are etc)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f0a6f81-31bf-8e4a-eb58-722003e925e3%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: anybody elses chrome having trouble playing media files at times.

2016-12-20 Thread Patrick Bouldin
On Tuesday, December 20, 2016 at 5:46:56 PM UTC-5, raah...@gmail.com wrote:
> I have to reset preferences.  even deleted the vm it comes back. for example 
> bandcamp or soundcloud, you click and nothing happens, it constantly tries to 
> load/play but nothing.  I'm ready to go back to firefox for a while again but 
> unfortunately firefox don't work fullscreen,  so we kind of stuck with chrome 
> on Qubes.
> 
> I've always switched back and forth over the years on baremetal o/s's.  
> Sometimes I feel its necessary.

Question, are you plugging in at the standard mini jack on the machine or are 
you by chance plugging into the audio jack of an hdmi monitor?  I was using the 
hdmi monitor and had serious intermittent issues. Once I replugged into the 
standard audio output it was 100%. Note: I downloaded Google Chrome into the 
Fedora VM template and run ALL the audio within Chrome. I had problems running 
some sound out of the other browsers so I just use Chrome now.

Patrick
Dallas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2c0db90-faa0-4fd9-8b1c-90e4af051bd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Can I speed up the loading of an APP?

2016-12-20 Thread Patrick Bouldin
Hi, compared to running a certain app in windows (Anki), installing it in the 
Fedora template in Qubes means the first time to run is very slow to launch. 
Maybe up to a minute. To install it to the template I just said "sudo yum 
install anki"

Otherwise, other things running are very fast. If I do launch it manually from 
the fedora CLI it's the same slow launch. Maybe it comes down to compiling it?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94d504fb-685b-4e8b-b67d-5c0369904246%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread Mike Mez
"I understand your position. At this point, I think you should read,
learn, and try (i.e., download, install, and use) as much as you can
about your viable options to figure out which solution is right for you.

While there is a fair amount of code and functionality that is unique
to Qubes, knowledge of Linux and Xen would still be very helpful.
Really, though, if you just want to try Qubes out, it shouldn't be
necessary to learn Linux or Xen at all. If you run into any problems,
some basic familiarity with the command-line will help, though."

So nothing too crazy advanced then? Alright, when the time comes I'll give
it a shot. As it is right now, it seems on all the Distro/VM combinations
I've found and looked into I have to figure out how to do the GPU pass
through so that I can use the CPU/GPU intensive programs I wish to use off
of the windows kernel. Having Xen as a core base just helps me skip a step
or two.

"Fair warning, though: If you do decide to go with Qubes and attempt to
do DIY GPU passthrough, that's likely to be *much* more challenging
from a technical perspective (though generous users have provided
detailed guides on this list already). You should also be aware that
it inherently comes with significant security trade-offs."

I would say that goes without saying, as such is one of the eternal
struggles of security. When one fights monsters..., yet with out the
ability to do my job, hobby, ... I want to say or  simply pass the time,
yet that would be different... so. If I can't do what I must, why have it?
Yet I like the added security, it's a nice feature to have on the side, as
security isn't my main deal. What I do isn't exactly a threat unless
suddenly I work under a government that is a fan of 1984 Grey on all the
things. Oh my. Such a task. I guess once you start doubting you never stop.

Well, I suppose if I do come across an error or an issue about GPU pass
trough, I'll email "qubes-users" and hopefully be able to come up with a
solution. It may be technically over my head, way over in fact currently.
Yet Microsoft's actions with 10, that they have also pushed into 8 & 7,
just. Ugh.

Thank you once again,

- Mike Mez

On Tue, Dec 20, 2016 at 4:04 AM, Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-12-19 16:29, Mike Mez wrote:
> > Wow! I wasn't actually expecting my "dream" scenario to be so
> > possibly ... probably ... maybe in fact viable. I understand that
> > since the main focus in Qubes early stages (or perhaps it's far
> > more proper to say at whole,) is security that this is what your
> > main marketing point would be. Yet with the "windows integration",
> > if I understand this properly, is a big deal. I mean shoot, the
> > only reason (the only reason?) people use windows now a days is
> > its entrenched ubiquitous nature. Shoot, as mentioned the only
> > reason I use(d) it is because that is what the programs I use...
> > use. So the ability to co-op that... am I over thinking this? It
> > just sounds cool to me.
> >
> > "It depends highly on the individual, but if you're coming from a
> > purely Windows background, the biggest thing might be adjusting to
> > a Linux environment. In general, the most important qualities will
> > be perseverance, a willingness to learn, and the ability to solve
> > your own problems. (Of course, the mailing lists are here to help,
> > but things generally don't work very well if someone makes no
> > effort and expects to be spoon-fed solutions.)"
> >
> > Alot of this IT stuff is admittedly over my head currently, and
> > I'm glad the Qubes Team are working towards a better user
> > experience (as mentioned in the interview). I'm just smart enough
> > to know how dumb I am, you see, as this sort of thing is not
> > particularly the world I come from (Design, Print, Games,
> > Artsy...whatever). Overall, the willingness to learn is a given,
> > that doesn't help me much - I'm HERE! I'm looking for a direction
> > for my amateur mind to move on. What I am curious about is what
> > would be required to problem solve. Since Qubes is based on linux,
> > does that mean I could experience problems just as in any other
> > form of linux, and there for I could get a book, and gather
> > information that way. OR. Qubes is so customized that it has its
> > own things about it, and therefor Qubes documentation is the go to
> > to figure out what is going on. I'm trying to figure out my next
> > move here, as Qubes isn't the only alternative OS I've been looking
> > in to, and some of the Distros I've looked at have very through and
> > beginner friendly documentation. The catch being I would have to
> > set up and figure out how to implement a VM, most likely KVM, and
> > do all the things I want to do with that. Furthermore I'm basically
> > dabbling in theory right now, trying to figure out if I should go
> > all in or if it would just be easier to bite the bullet, Baremetal
> > 

Re: [qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread Mike Mez
"Search for "VFIO NVIDIA Error 43" on your favorite search engine.

Pretty much it just shuts off 3D mode and gives you Error 43 in device
manager if it detects some hardware virt features, there is a way around it
but I wasted hours until I figured out what was going on.

It is a gpu only thing, for now."

Well. Would you look at that. I've been debating Pascal Titan X or Radeon™
Pro WX 7100, yet this does change the favor of things.

"The dangers being malicious corruption of the card firmware or option ROM
firmware, or an exploit in the IOMMU GFX related code which is much larger
than IOMMU operations that do not involve graphics devices.

The best way to do GPU passthrough is with a card that is only used for
that VM and use a blob free coreboot platform such as the KGPE-D16 so that
you can disallow option rom execution, have some level of DMA protection
pre-linux initialization and have no ME/PSP or suspicious binary blobs on
your motherboard.

If you want to do this I am happy to provide technical assistance, you can
play the latest games with no cpu bottleneck on a KGPE-D16 with one of the
higher end 16 core opteron 62xx CPU's which you can buy for $20-40 on ebay."

I love how KGPE-D16 simply... ROLLS off the tongue. So sure. If you are
willing to give some technical assistance to this mad task of mine, I'm
certainly willing to give it a look. What ch'a got? Make sure with what
ever you have to say, that it's search engine compatible. ;)

Thank you,

- Mike Mez

On Tue, Dec 20, 2016 at 4:37 AM, taii...@gmx.com  wrote:

> On 12/20/2016 04:04 AM, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 2016-12-19 16:29, Mike Mez wrote:
>>
>>> Wow! I wasn't actually expecting my "dream" scenario to be so
>>> possibly ... probably ... maybe in fact viable. I understand that
>>> since the main focus in Qubes early stages (or perhaps it's far
>>> more proper to say at whole,) is security that this is what your
>>> main marketing point would be. Yet with the "windows integration",
>>> if I understand this properly, is a big deal. I mean shoot, the
>>> only reason (the only reason?) people use windows now a days is
>>> its entrenched ubiquitous nature. Shoot, as mentioned the only
>>> reason I use(d) it is because that is what the programs I use...
>>> use. So the ability to co-op that... am I over thinking this? It
>>> just sounds cool to me.
>>>
>>> "It depends highly on the individual, but if you're coming from a
>>> purely Windows background, the biggest thing might be adjusting to
>>> a Linux environment. In general, the most important qualities will
>>> be perseverance, a willingness to learn, and the ability to solve
>>> your own problems. (Of course, the mailing lists are here to help,
>>> but things generally don't work very well if someone makes no
>>> effort and expects to be spoon-fed solutions.)"
>>>
>>> Alot of this IT stuff is admittedly over my head currently, and
>>> I'm glad the Qubes Team are working towards a better user
>>> experience (as mentioned in the interview). I'm just smart enough
>>> to know how dumb I am, you see, as this sort of thing is not
>>> particularly the world I come from (Design, Print, Games,
>>> Artsy...whatever). Overall, the willingness to learn is a given,
>>> that doesn't help me much - I'm HERE! I'm looking for a direction
>>> for my amateur mind to move on. What I am curious about is what
>>> would be required to problem solve. Since Qubes is based on linux,
>>> does that mean I could experience problems just as in any other
>>> form of linux, and there for I could get a book, and gather
>>> information that way. OR. Qubes is so customized that it has its
>>> own things about it, and therefor Qubes documentation is the go to
>>> to figure out what is going on. I'm trying to figure out my next
>>> move here, as Qubes isn't the only alternative OS I've been looking
>>> in to, and some of the Distros I've looked at have very through and
>>> beginner friendly documentation. The catch being I would have to
>>> set up and figure out how to implement a VM, most likely KVM, and
>>> do all the things I want to do with that. Furthermore I'm basically
>>> dabbling in theory right now, trying to figure out if I should go
>>> all in or if it would just be easier to bite the bullet, Baremetal
>>> Windows 10, and just air gap all the things.
>>>
>>> I know its not going to be easy, I knew that when I decided to
>>> look into feasibility. I know nothing and I'm trying to figure out
>>> what mountain to choose and the equipment I need for the climb as
>>> the way I see it I'm pretty much on my own once I start. The
>>> potential right now looks the best with Qubes. Amazing potential.
>>> I'm very hopeful I can figure this out and make it work, The
>>> OpenGL virtualization thing I'm really going to need to wrap my
>>> head around for example.
>>>
>>> Yet now I'm starting to ramble, so I'll leave it at that for now.
>>>
>>> 

Re: [qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread Mike Mez
This is* immensely* helpful. To reiterate... to make sure I understand,
with "windows problems" easy is easy and impossible is basically impossible
(which I can say with experience is fairly on the money of my experience as
well). With Linux, the difficultly curve of problems are kind of inverted
when compared to windows. The easy problems are now stubborn, while the
really hard programs are now possibly easier courtesy of established
documentation. While such might not be true for all cases, of course,
generally this is the jest of what to expect, yes?

Furthermore, unlike windows, the GUI in Linux is less of an operator then
it is in windows. The way to go about things in Linux is the command line
interface, which may make problem solving initially a bit more...
problematic for those who only know how to move around in a GUI. So I being
a windows user might what to look up on that.

You also mention "just because PC... doesn't mean it will work", which I am
already aware of, but thank you all the same. I'll make sure to look up the
Qubes HCL link.

Finally, I don't have the available cash to buy multiple variants of
particular models or brands of GPUs nor am I able per say to experiment
with other models in a process of trial and error, through I would
certainly like to give it a shot if I could. Fortunately, what I do have is
knowledge of places to purchase parts which have a stellar return policies.
So, that may be an option. Honestly the only people I know of that have
that kind of capital are the ones that do it for a living on YouTube like
LinusTechTips, Bitwit, and Pauls Hardware. Oh so much to do... so little to
do it all. :/

Thank you,

- Mike Mez

On Mon, Dec 19, 2016 at 11:58 PM, Chris Laprise 
wrote:

> On 12/18/2016 11:49 PM, Andrew David Wong wrote:
>
>>
>> *2.   *You mentioned  during the interview that you came to Qubes
>>> as a lifelong widows user. I am in the situation when it comes to
>>> this as a lifelong windows user. What would you say is the learning
>>> curve for using Qubes is? How easy would it be for someone who is
>>> slightly technical, yet not IT, to problem solve a problem in Qubes?
>>> In windows I Ctrl+Alt+Del and go through that rigmarole.
>>>
>>> It depends highly on the individual, but if you're coming from a purely
>> Windows background, the biggest thing might be adjusting to a Linux
>> environment. In general, the most important qualities will be
>> perseverance, a willingness to learn, and the ability to solve your own
>> problems. (Of course, the mailing lists are here to help, but things
>> generally don't work very well if someone makes no effort and expects to
>> be spoon-fed solutions.)
>>
>
> I find most problems on Windows are either moderately easy, or impossible.
> Digging for answers to difficult issues results in few results and they are
> usually dead-ends.
>
> Since Qubes uses Linux, it tends to follow that culture. Easy problems can
> be annoyingly fussy to resolve, but really difficult problems usually have
> a deep profile of related documentation and discussion spread around
> various websites. Its more probable you will make progress on difficult
> issues with continued perseverance and curiosity.
>
> The biggest obstacle over time is probably the over-reliance on the
> command-line interface. Relatively little of the configuration matrix is
> expressed in the GUI, so the GUI feels more superficial and less able to
> control the system at deeper levels than it does on Windows. This makes
> users who expect streamlining and integration weary.
>
> Also, do not expect the rule of "This is a PC, so it'll run this
> PC-compatible OS" to hold water. Most PCs are "Windows PCs" and many of the
> quirks that certain models have may be OK with Microsoft but untenable with
> Linux or Qubes. Business-class computers from top-tier brands are your best
> bet. Check out the Qubes HCL link on the download page.
>
>
>> *3.   *I understand your OS is security based, and that is super
>>> cool. Yet security is useless if there is nothing to protect. "Out of
>>> the box" what can Qubes run?
>>>
>>> It's better to turn this question around: What *can't* Qubes run? It
>> sounds like the main problem in your case may be the lack of 3-D support:
>>
>> https://www.qubes-os.org/doc/user-faq/#can-i-run-application
>> s-like-games-which-require-3d-support
>>
>> To get around this problem, you would have to attempt GPU passthrough,
>> which is not supported (but which some users have managed to achieve on
>> their own).
>>
>
> I will venture to make a suggestion on this gnarly subject: A desktop or
> tower PC will fit this scenario much better than a laptop will. You will
> need the freedom to buy particular models of GPU and/or experiment with
> other models in a process of trial and error.
>
> Chris
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop 

Re: [qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread Chris Laprise

On 12/20/2016 06:57 PM, Mike Mez wrote:

"Search for "VFIO NVIDIA Error 43" on your favorite search engine.

Pretty much it just shuts off 3D mode and gives you Error 43 in device 
manager if it detects some hardware virt features, there is a way 
around it but I wasted hours until I figured out what was going on.


It is a gpu only thing, for now."

Well. Would you look at that. I've been debating Pascal Titan X or 
Radeon™ Pro WX 7100, yet this does change the favor of things.



Let me share something with you about Linux and nVidia

https://www.youtube.com/watch?v=iYWzMvlj2RQ

:-D


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0f394a8-c925-8960-3af7-2d5891cb46c9%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes Security Bulletin #28

2016-12-20 Thread Chris Laprise
Regarding the "Alternate Patching Method" using normal apt update: Its 
possible the template was attacked via updates even before the bug was 
announced, or sometime between the Debian announcement and now. The 
"check InRelease" only helps if the attack occurs only during the next 
update and not before. Otherwise, the user has no way of knowing if 
their template has been compromised before doing this special update 
procedure.


Replacing the template as described in "Patching" section provides much 
more certainty.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3df6d0a-e193-1c59-a553-e0367e936567%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Screensavers : Qubes Questions!

2016-12-20 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-19 16:29, Mike Mez wrote:
> Wow! I wasn't actually expecting my "dream" scenario to be so 
> possibly ... probably ... maybe in fact viable. I understand that 
> since the main focus in Qubes early stages (or perhaps it's far 
> more proper to say at whole,) is security that this is what your 
> main marketing point would be. Yet with the "windows integration", 
> if I understand this properly, is a big deal. I mean shoot, the 
> only reason (the only reason?) people use windows now a days is
> its entrenched ubiquitous nature. Shoot, as mentioned the only
> reason I use(d) it is because that is what the programs I use...
> use. So the ability to co-op that... am I over thinking this? It
> just sounds cool to me.
> 
> "It depends highly on the individual, but if you're coming from a 
> purely Windows background, the biggest thing might be adjusting to 
> a Linux environment. In general, the most important qualities will 
> be perseverance, a willingness to learn, and the ability to solve 
> your own problems. (Of course, the mailing lists are here to help, 
> but things generally don't work very well if someone makes no 
> effort and expects to be spoon-fed solutions.)"
> 
> Alot of this IT stuff is admittedly over my head currently, and
> I'm glad the Qubes Team are working towards a better user
> experience (as mentioned in the interview). I'm just smart enough
> to know how dumb I am, you see, as this sort of thing is not
> particularly the world I come from (Design, Print, Games,
> Artsy...whatever). Overall, the willingness to learn is a given,
> that doesn't help me much - I'm HERE! I'm looking for a direction
> for my amateur mind to move on. What I am curious about is what
> would be required to problem solve. Since Qubes is based on linux,
> does that mean I could experience problems just as in any other
> form of linux, and there for I could get a book, and gather
> information that way. OR. Qubes is so customized that it has its
> own things about it, and therefor Qubes documentation is the go to
> to figure out what is going on. I'm trying to figure out my next
> move here, as Qubes isn't the only alternative OS I've been looking
> in to, and some of the Distros I've looked at have very through and
> beginner friendly documentation. The catch being I would have to
> set up and figure out how to implement a VM, most likely KVM, and
> do all the things I want to do with that. Furthermore I'm basically
> dabbling in theory right now, trying to figure out if I should go
> all in or if it would just be easier to bite the bullet, Baremetal
> Windows 10, and just air gap all the things.
> 
> I know its not going to be easy, I knew that when I decided to
> look into feasibility. I know nothing and I'm trying to figure out
> what mountain to choose and the equipment I need for the climb as
> the way I see it I'm pretty much on my own once I start. The
> potential right now looks the best with Qubes. Amazing potential.
> I'm very hopeful I can figure this out and make it work, The
> OpenGL virtualization thing I'm really going to need to wrap my
> head around for example.
> 
> Yet now I'm starting to ramble, so I'll leave it at that for now.
> 
> Thank you for your time and efforts,
> 
> - Mike Mez
> 

Hi again Mike,

(I've CCed the qubes-users mailing list again. Please keep it CCed if
you reply further.)

I understand your position. At this point, I think you should read,
learn, and try (i.e., download, install, and use) as much as you can
about your viable options to figure out which solution is right for you.

While there is a fair amount of code and functionality that is unique
to Qubes, knowledge of Linux and Xen would still be very helpful.
Really, though, if you just want to try Qubes out, it shouldn't be
necessary to learn Linux or Xen at all. If you run into any problems,
some basic familiarity with the command-line will help, though.

Fair warning, though: If you do decide to go with Qubes and attempt to
do DIY GPU passthrough, that's likely to be *much* more challenging
from a technical perspective (though generous users have provided
detailed guides on this list already). You should also be aware that
it inherently comes with significant security trade-offs.

Best,
Andrew

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYWPQrAAoJENtN07w5UDAw1AwQAMYqiXJtDulpxp9Sp+acP13v
eJmQ+67UWSdYX1V9Oybj/KSRKRTn4Qpqb/Rf2hg71Yc5TUfSOY6EJlferq9Xf4Y4
l6wVdKyJImwFsuvhjpPLJ4GHn/G5o1NGExhucqtUpRMt9QpE/5pFGK/vpWkAefg0
h+Ko7i4gKaYqPXohx6k5Gf4+ryYUMceA2wNQAYPcHf6D7zpF7OLaCS8gQO9ItkXb
Tth0H3RfmrdtgpT5FhvVk5Y8kf1XL7cg/7fcHfnSww9SXzUX2E8fXwkh2irPwcC7
W+ih9ewrfnMe4hOrwB849/pkDZF4LxSnLXnsweQiZNJZY1XmUfuwCAmN216TU4zu
4UkQBLiQZ47xWwMpNFYF1hVBdVh/blU3B/skxGqs0s9OGbQmR1R9gOlgnEQPxRdp
wuqBF1ettrfnwonBKn9oTAaK4mrwnJXRgsfaRRm4MjA4fOCKoj9QU92TEBUOwZIk

[qubes-users] GRUB fix GUI: Qubes community invitation to the other Linuxes for a collaboration?

2016-12-20 Thread Leeteqxv
I have long wondered when the various Linux communities will finally be 
able to co-operate and make a common solution for having the system fix 
Grub by itself through a GUI that newcomers have a chance of using 
without technical knowledge.


Something like a simple menu with "fix Grub" options like "Update the 
menu with entries for all the found operating systems."


See the examples below, they all seem to be of the kind that a system 
function should be able to provide now in 2016.


Is this a good moment in history for Qubes to reach out to the other 
Linuxes and ask for a collaboration to fix this once and for all? It 
would remove a huge barrier for loads of people wanting to explore the 
options of getting away from Windows.


I know this defeats the purpose of the SECURITY aspect of Qubes, but 
bear with me a moment:


This is for EVALUATION purposes, for the time where a normal user that 
runs Windows or the like already without much protection. It is only to 
provide a testing ground. After a while, the users will familiarize 
themselves with Qubes and for sure get to understand the Security 
implications communiacated by the Qubes community and docs. Then, when 
each user gets ready, it becomes possible to let Qubes take over the 
whole system and have some serious security.


But that is not the point at all during evaluation.

I think we would benefit from lowering the barrier here, to reach 
critical mass, which could help finance further developments, etc. etc...


LeeteqXV

**

Related thread: "[qubes-users] I recently installed Qubes and I now have 
several problems"


"Last night I was able to install Linux Mint beside the other operating 
systems.  It is not that I wanted to use Mint, it is just that by 
installing it it redid the GRUB file so now I can boot to Windows 7 or 
Qubes (or Mint).  So that solves the first problem."


"Also, I just realized that I may have the same problem again when I 
reinstall Qubes; I don't want it to change the GRUB file so that again I 
can only go into Qubes and not Windows 7.  I guess I will have to study 
this page [https://www.qubes-os.org/doc/multiboot/] to try to not have 
that problem repeat."


"To triple boot mint, qubes and win 7 with the mint grub.   edit the 
/etc/grub.d/40_custom file in mint.   append in there everything between 
the xen sections of the grub.config file located on the qubes boot 
partition.
Then update grub on mint and reboot and qubes should boot from menu.  
You will have to do this everytime qubes updates kernel or it errors again."


(To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAEgwnuSSNfbsP2nYfPp24LKwrGpAaho_ddreqL84_q9mPinYBQ%40mail.gmail.com 
.)


***


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c372c227-c00d-ecdc-6abb-db65c40b2690%40leeteq.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes Security Bulletin #28

2016-12-20 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Qubes community,

We have just published Qubes Security Bulletin (QSB) #28: Debian update
mechanism vulnerability.
The current text of this QSB is reproduced below. The latest version,
including any future corrections, will always be available in the Qubes
Security Pack (qubes-secpack).

View QSB #28 in the qubes-secpack:

https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-028-2016.txt

Learn about the qubes-secpack, including how to obtain, verify, and read
it:

https://www.qubes-os.org/doc/security-pack/

View all past QSBs:

https://www.qubes-os.org/doc/security-bulletins/

- 



 ---===[ Qubes Security Bulletin #28 ]===---

  December 19, 2016


Debian update mechanism vulnerability


Quick Summary
==

The Debian Security Team has announced a security bug (DSA-3733-1) in
the signature verification of repository metadata, which could lead to
privilege escalation [1] within a Debian-based VM. This bug does _not_
allow escape from any VM or enable any attacks on other parts of the
Qubes system. In particular, this bug does _not_ affect dom0, the Xen
hypervisor, and non-Debian-based VMs. Nevertheless, we have decided to
release this bulletin, because if a TemplateVM is affected, then every
VM based on that template is affected.

Description of the bug
===

As described in [1]:

| Jann Horn of Google Project Zero discovered that APT, the high level
| package manager, does not properly handle errors when validating
| signatures on InRelease files. An attacker able to man-in-the-middle
| HTTP requests to an apt repository that uses InRelease files
| (clearsigned Release files), can take advantage of this flaw to
| circumvent the signature of the InRelease file, leading to arbitrary
| code execution.

The Debian APT repository format includes the InRelease file, which is
a clearsigned Release file. APT, while verifying the file, splits it
into two files, `Release` and `Release.gpg`, in order to verify the
signature. However, it then splits the initial `InRelease` file again
in order to strip the signature (along with any potential leading or
trailing garbage) to get the actual `Release` file. Jann Horn
discovered that even though APT uses exactly the same code to split the
file in both cases, it can be tricked into outputting different results
in those two calls. The loop processing input looks like this:

bool SplitClearSignedFile(std::string const , FileFd * const 
ContentFile,
  std::vector * const ContentHeader, FileFd * const 
SignatureFile)
{
   FILE *in = fopen(InFile.c_str(), "r");
   if (in == NULL)
  return _error->Errno("fopen", "can not open %s", InFile.c_str());
(...)
   char *buf = NULL;
   size_t buf_size = 0;
   while (getline(, _size, in) != -1)
   {

(...)

According to the getline documentation, it may return -1 only in the
case of:

 - invalid arguments
 - end of file

Authors believe that arguments are correct, so the only other case
considered is end of file. It turns out, however, that '-1' can also be
triggered by an out-of-memory error. This will result in the output
file being truncated. If this happens during the second InRelease
split, before APT finds the beginning of the signed data (the part
which would normally be discarded), then APT will use the found
(unverified) data as the Release file directly.

An attacker controlling a repository (by performing a man-in-the-middle
attack, breaking into the server, or simply being the server
administrator) could try to exploit this vulnerability in order to
substitute a normal package with a malicious one. Since a package can
contain post-installation scripts that APT will run automatically,
a malicious package can compromise the operating system into which it
is installed. In the case of Qubes OS, an attacker could try to use
this method to compromise a Debian-based TemplateVM (and, consequently,
all VMs based on it).

To trigger an out-of-memory condition during one call but not the
other, the discoverer used [2] very long lines, which may not fit into
the limited address space on a 32-bit system, additionally constrained
by ASLR. This attack vector allows successful exploitation in about one
out of four attempts.

The same attack vector isn't feasible for 64-bit systems (such as
Qubes VMs), because the address space is much larger. In particular,
it's larger than the available memory. But an attacker may try to hit a
real out-of-memory condition. This is a much less reliable approach and
should be easy to spot by the user, since the operation will likely
take a very long time and disk use will be very high (due to writing
data to swap).

Impact
===

In theory, this bug allows an attacker to take over any Debian 8 or
Debian 9 

[qubes-users] Subscribe

2016-12-20 Thread gaea via qubes-users
Subscribe

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/866b0dc00aa3311887f2f1879199178a.squirrel%40mnv7o6y62jquxiwn.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to manually remove a VM?

2016-12-20 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-19 16:51, Marek Marczykowski-Górecki wrote:
> On Sun, Dec 18, 2016 at 10:02:54PM -0800, Andrew David Wong wrote:
>> There's also:
> 
>> qvm-remove --just-db 
> 
>> which only removes the entry from the Qubes Xen DB without 
>> removing any files. What exactly does "Xen DB" refer to in this 
>> context, Marek?
> 
> I think this is bug in help message. It's about qubes.xml. Do we 
> have some other term for it?
> 

Ok, just an inconsistency in the help message, then. No, I'm not aware
of any other term for it. PR submitted:

https://github.com/QubesOS/qubes-core-admin/pull/84

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYWOwxAAoJENtN07w5UDAwq+EQAJsa2xfkOuUVIfzn/7n5TwXU
gLiXxwury2w7zBHqtV47IaIyECrfGFbf7jVhjbJEpD5UFHd/4xSVmqOo8x/ZCtYK
zWMvGKhBDttBUgHK/5nVZl1Q5uymuyyniYB6Mbj6BkJWm+3e8pXWFYNuqoyJH4fa
+shZmMmla2IyR+QvAQWzdvOLtnmsSgqH/uXAJpLivWivej+YfqyBfhlMe/NiJg+V
FEbNxv/aGy56dYB0YjGvG6Zu/62PA9zNAbxaID8+j8cw5gX8927aycO7lduF6USO
cvqkTfapLniaVqs+vyHQWcZzUsNopE/OVTAGQeNEG14uNAgCoxNp7Fr3O2s1mP/q
ldL1yo1wpuUkPjzon8lf8QiPII197gkDkUBKMCeVTb0aZaZdHEugrbBg4F/39a/y
LLBoBucXTpn8u87wfTIJpDkOYjVDHQzewOH7n730OtRGFvyHxtb0qQXG2o4NW9SF
7Xny32eDOzWvkhwRx/pFPGCkYgg7GRCDHk81DWFpCYWfjK5j9BWt4tnMe9GH/vDp
egnROC6GBmrU377q/JfPUK3zVBw/ucjk9zl4Q82wK/o0zTOBPDkPStxhIJcm17YT
L+Wkqmlb4iv0bWvozTCBamzA33HYkmFaqFfoeB1JMRhncGCDpZCcMhcQBYOgQsX2
4hlDaFsa8ozuq2lGvi4k
=TnTO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/818cb752-afb0-9c0b-94e9-1ba2d270232b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] I recently installed Qubes and I now have several problems

2016-12-20 Thread Leeteqxv

THIS message has NO further comments below, just FYI:

I have spun off a new discussion for the Grub issue:

"[qubes-users] GRUB fix GUI: Qubes community invitation to the other 
Linuxes for a collaboration?"


To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c372c227-c00d-ecdc-6abb-db65c40b2690%40leeteq.com 
.


LeeteqXV

On 18/12/16 00:18, explodingbee . wrote:



On Sat, Dec 17, 2016 at 4:26 PM, > wrote:


On Wednesday, December 14, 2016 at 12:42:28 PM UTC-5, explodingbee
. wrote:
> -- Forwarded message --
> From: explodingbee . >
> Date: Wed, Dec 14, 2016 at 12:23 PM
> Subject: Fwd: [qubes-users] I recently installed Qubes and I now
have several problems
> To: Andrew David Wong >, 
Foppe de Haan
<0spin...@gmail.com >, dumbcyber
>
>
>
>
>
>
> -- Forwarded message --
> From: explodingbee . >
>
>
> Date: Wed, Dec 14, 2016 at 11:17 AM
> Subject: Re: [qubes-users] I recently installed Qubes and I now
have several problems
> To: Andrew David Wong >
>
>
>
>
> Hi Andrew Wong,
>
> See my comments below.
>
>
>
>
>
> On Wed, Dec 14, 2016 at 9:20 AM, Andrew David Wong
> wrote:
> -BEGIN PGP SIGNED MESSAGE-
>
> Hash: SHA512
>
>
>
> On 2016-12-13 18:29, explodingbee . wrote:
>
> > [...]
>
> >
>
> > 2) *In Qubes the computer often gets slow as molasses.*  I get
>
> > error messages saying "Warning: unresponsive script" sometimes.
>
> > When I try to open a VM it says that there is not enough
memory and
>
> > that I should close a VM first.  When the computer gets like this
>
> > sometimes I click on things and nothing happens or it takes
forever
>
> > for something to happen; sometimes I can't even close windows
>
> > because they don't respond.  (I am using an HP Elitebook 8540w
>
> > laptop.  It has 4 GB of RAM and an i7 CPU.) Also, when I shut down
>
> > the computer sometimes it gets stuck and does not shut down
all the
>
> > way.  It freezes with the Qubes splash screen there and the
>
> > progress bar indicating partial or complete progress.
>
> >
>
>
>
> I think this is just due to a lack of RAM. 4 GB is the bare minimum.
>
> Any chance you can add some more?
>
>
>
> I have not had any problems with lack of RAM in Windows 7. 
Maybe Qubes needs more RAM than Windows 7?  If you are correct I

can certainly get more RAM. After I reinstall Qubes if the problem
persists I may get more RAM.
>
>
>
> > 3) *Problem relating to program installation:*  When I install
>
> > programs in the Fedora or Debian templates they don't appear
in the
>
> > list of available programs in the templates or in the VMs based on
>
> > those templates so I don't see how I can create shortcuts for
>
> > programs in my VMs.
>
> >
>
>
>
> Are you installing these programs from the Fedora and Debian
repos? If
>
> so, are you fully shutting down the template after installing the
>
> program? This should trigger qvm-sync-appmenus, but you can try
to run
>
> it manually from dom0:
>
>
>
> qvm-sync-appmenus 
>
>
>
> Yes, I was installing from within the Fedora VM (which is what I
think you mean).  Yes, I fully shut everything down, including the
whole computer, after installing the programs and then at no time
did the installed programs appear on the list of available
programs in the Fedora VM or in the AppVMs.  If the problem
persists after I reinstall Qubes I may try to manually enter the
phrase you provided above.
>
>
>
> > 4) *Problem in getting a video player to work:*  I have installed
>
> > four different video players (Snappy, Budgie, Banshee and Parole)
>
> > and none of them seem to be able to play videos I have downloaded
>
> > (with Video Download Helper and Firefox in an App VM).  (I can get
>
> > the video players to launch not with the proper shortcuts but in
>
> > another, awkward way, by going to Domain: personal -> personal:
>
> > Software and then clicking around until I get to the right app
>
> > 

Re: [qubes-users] RE: Thinkpad p50: Qubes installs but won't boot

2016-12-20 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-20 06:59, 5n3sjd+a8dtbz87x13a0 via qubes-users wrote:
> My idea of resolving this by browsing to the Qubes partitions in
> the drive with a Lubuntu live CD doesn't seem like it's going to
> work: When I unencrypt the LUKS partition (virtual drive?), it
> seems to be unreadable.
> 
> Also, another point that I didn't bring up before, but has me
> scratching my head is the warning GParted gives me every time I
> open it:
>> The driver descriptor says the physical block size is 2048 bytes,
>> but Linux says it is 512 bytes.
> 
> It sounds like a bad warning, but it may be fine and I'm just
> grasping at straws. Note that his has been so since the moment I
> first got the computer.
> 

Are you sure your Qubes installation medium isn't corrupted? Did you
verify the ISO beforehand?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYWUiRAAoJENtN07w5UDAwZzgQAIRCPaYHZYHXPoaeduI/51TB
cunHrovaI5YkX4UM6PTXjAHHVC7l2fMLgWUGVL6+B2oWAWofXqTYEiTO+exM75C+
yRyFKhmxpHfuAYwKe67xuMhyivPclH3Xzn1t6wzbNraNrefHNu4AW4jDPErLRXAF
2iUmPOqCzlJm5BdZ4gc5Zs1rQafdZtFbmg2Vi8ZznsHyyQllYpGuiQR/1iVwqVnw
1jc5wHlmllRA9fsjikXNyWCDg05cdYKwmkGyKeK84CJW5cjEjlgb0fjVRKQEhp9q
EdmMO7eDekjkSJb+JiSuN3siFWbYw2ICPXU/CUCPTpk2XQSPY6nyB3bLuPQGXDPf
8IkcKAR/jGMIvJcGyLZCX/6X1aDuVcEomGjL6b9dsFgiRoP7+cvH8EGeelkSnzZR
166vLS43zX2cV/wlmkb+gBosrkEP/8By+0mv/Non+f90F2j6umjH6PIn9uqxeUQg
3H3ZXb/pwj6oBARXV8n+iEADQ7ggbSH2kC01o61WFYQQ7xy+6DlTSLasiXMdRv7X
qfVb0ZXTN7hijEfi3NbMB3+ayYyT0xsy3PjRr73q7JyC+2D4evESPvrfrb77N0Ti
rHrcwqx2VLwMoc9CmNgiX8Vw4N04d/HZ8FWjaswfXFAv1nHUTBTbdW56tcHxJ5KY
TVYtdlC3H0C7bZFDKueu
=JnxH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9de1b70b-333d-df72-542c-d71bc2adbbbc%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Network manager applet is invisible

2016-12-20 Thread pl11ty
Hello
The network applet of my sys-net based on debian 9 is invisible although I
can connect to ethe/wifi/vpn. With that based on fedora the applet
appears.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8151856b564cf71ac1a296c76b18ed20.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to manually remove a VM?

2016-12-20 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-18 18:29, almightyl...@gmail.com wrote:
> So I made a HVM Template and renamed it through VM Manager, something went 
> wrong and the VM Manager did not reflect the name change. (Can't seem to 
> reproduce this bug)
> 
> I was just wondering if I've successfully removed the HVM Template manually. 
> The process I went through was:
> 
> 1. Remove template folder from /var/lib/qubes/vm-templates
> 2. Remove old template reference from VM Manager (or manually from qubes.xml)
> 3. Remove template's *.desktop files from ~/.local/share/applications
> 
> Is there any files I have missed? Also, perhaps a short doc with this would 
> be useful for when things go wrong and a VM needs to be manually removed.
> 
> Thanks
> 

Instructions added to documentation:

https://www.qubes-os.org/doc/remove-vm-manually/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYWTdlAAoJENtN07w5UDAwcFoP/j9BSrDgy8zNCb1FoSCEn1/9
CkKBQC5bpz5ZUKQXzJC7Twlr5uAlfsgTbZWtYIDkPYFILIrLvyVDo/4FcmuVVDPq
/hBiYSx6z7Vr9exZM6wbMkTLP/cK51McV35uoyl9Va+/2dTbbiJONJXeB3fMeeHf
y7v4K+leN34zpxvDqpBiPsqm7DUovQmSIJXZSd4ad/NAbKtKWIqZJ3oEkHrseQCa
F129LX0O5tA6qhVB8VcVn3j3ClA37h/QEmbCl03SPHuMzGbvP/YtY/yEH0PwLyPF
IZaPk6KwkbSm4qznzdiOVnfEOqsNtC6Y3aeemc2ABPEp83zBr6m1RCxJYxMCJY/m
6Ol7m60KjJVEcpgaUoOiRJVmN+L4SiQOQQ87Frd0m78i6/XrRz8P0LqZR6ATy5/k
l+jdkgxM+BA9pBTIfDnlvXtA/bgE5EftawZxtf5GPDnlScHy0PnkiFcNK+7Y6szk
Pa8uEYFZfyFwq3bPPxT3h+Ugzr2RH4/U3ySVFPlyc7WJSU52gYWL6kzcBmZVNtot
r2uqv4fuCqTmoo8Urz1OXT2dOfr7dqNpJVvQaQg5iLG3ObO4bnYzYkPa6njSKhg7
KcDzV6fQtXLza8cCmSwBOZ55IBngyH/5f5TGQgXOS5rgq6OvP7pQtUTv2jntuC41
e83jNtnuWUAV2TAphVsY
=MnXl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d37f7b4-76b8-cf57-3649-38ff3ef3275b%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Network manager applet is invisible

2016-12-20 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-20 04:53, pl1...@sigaint.org wrote:
> Hello The network applet of my sys-net based on debian 9 is
> invisible although I can connect to ethe/wifi/vpn. With that based
> on fedora the applet appears.
> 

That appears to be this issue:

https://github.com/QubesOS/qubes-issues/issues/2283

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYWTbcAAoJENtN07w5UDAw3KMP/2zUNNsLapxkA6fU4Ns474Id
c33eKk7MxEVbE9XQ5T2qpwOajyb7NCVqjoseP6BgZTs5slszd2uUSHOju2ZXDfqL
ME469SPZg9RBlokjd5040DpUbRPM/Y3sro0ckf9ijI1sw7dHFf6s8oeX5wueyNrR
rQbMgjHpi0h4xwPU86opvuHXYsleTQK0u4U8VMZ354SSFzrB+ibayRBLijWXMgAt
LlV7Vyx0WTBmaxjcfkwXt92H2wrZq6PBisLXoa8/1jUg0Hg8etCVUg9/91YWmqiU
6tM+P5d3CGODCFgaOcogonNIHi4zat+DRykgmJsV6sF3oNC69vEZmW3ZTFDmooVl
POra+c4sUlvUmln0PW5+EvvUzXGPQBuDH2jmgaHfqlSgO09LkmGWA4yZ1xQyyiO/
3j9RwE+FR79EsnU2Yc/qLRV96i4J4jBR99q0eU8Ed57X+lIg8RrFecurqyGmblir
0ApPsiUXLlMinsNiB3z8vJG71EcBYonTUhurHTiwj5vPGtEpXD4/ZJOIkd7atcuq
2HcT2pqg4UvS0Gmj1+juapvKYPTLmR0Fd0anYfjkYEm0oX5bLWxRXmOvMgSpBhvD
48wKK/s9MnE7QMWuEViHiXi0jhBTCxXe4jaSaCP4nucVoJINwmwUG20QDXZ0ijLU
ZdnQ/kl2G/C3gbq8znw2
=w0FS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10e0a442-4522-b2de-202d-012a60140428%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Thinkpad p50: Qubes installs but won't boot

2016-12-20 Thread 5n3sjd+a8dtbz87x13a0 via qubes-users
I've installed Qubes before, but never had this amount of trouble. I've been 
battling with it for the past two days and cannot get it to work, so I'm 
unfortunately having to bother some of you for help.

## What I've tried so far:
- vanilla Qubes 3.1 install
- vanilla Qubes 3.2 install
- Followed all instructions in Qubes UEFI troubleshooting => installs, no boot
- Installing Lubuntu 16.10 => doesn't work either: installer crashes with 
grub-efi-amd64-signed package failed to install
- fresh installs with various combinations of the following BIOS settings (UEFI 
only, UEFI + CMS, legacy first, legacy only, secure boot, hyperthreading
- creating own EFI partition, then install => still same issue
- updating the BIOS => no change


## Computer characteristics
- Thinkpad p50
- nvme drive
- 64gb RAM
- originally win10. Now gone, and trying to install Qubes as only OS.
- BIOS version 1.35


I don't know what's wrong, but the Lubuntu installation error and the fact that 
I never get to see Grub either when installing Qubes, points me in that 
direction. What I'm trying to achieve now involves using a LiveCD to check 
whether/where GRUB was installed and what the config looks like, but I'm in 
uncharted territory for me. Any thoughts? other ideas? 

Please, note that while I've been tinkering with computers for a while, I have 
no formal education and my knowledge is merely user level. I will definitely 
help and provide logs and other details if possible, but I may need 
instructions on how to obtain them. Thanks for the help!






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/227df0f652dfed01718ff76ff0fd7e22ac30%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How do I get Qubes 4.0 pre-release/dev build?

2016-12-20 Thread bentvader
Next error is for core3-admin.get-sources, repo not found, this is from your 
repo, can you fix this? Any chance you can meet me on some chat so we can work 
out all errors at once? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13dc87c3-f152-429c-86c8-97947182ebce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] help updating dom0 - no network - stuck with lots of pending updates

2016-12-20 Thread jasonwalshismyname
There is a typo in my last message but it was written as "journald-dev-log" 
rather than "journal-dev-log".

Is there something to do with my problems with dom0 ?  At the bare minimum I 
would like at least to recover my files from my VMs.

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/351c6e8a-4a26-4abd-8d35-f6c806fe62c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Anti Evil Maid Idea

2016-12-20 Thread jonbrownmasterit
I was wondering how much additional security this could give AEM if it 
supported adding Fido U2F as 2FA. it wouldn't require external services like 
TOTP and other variations. Additionally it would dramatically slow down an 
offline attack and greatly increase the cost to do it.

What do you think?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c3c106c8-d308-48a7-b1cc-240246a0f2d0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.