[qubes-users] sys-usb and usb read-only
Hi, I would like to know if on the new 4.0 it is possible to lock down data in a VM like that nothing can go out of the VM (like no internet or copypaste through dom0). I would like to make that specially for usb sticks or other stocking device, that people can work on things on the usb in the VM but nothing must be able to go out. Additionally to that, I would like to know if it is possible to use the sys-usb vm but with an usb keyboard, cause for the moment, when I try to implement it, it finish in a dead lock cause I cannot use the keyboard when restarting. And even with the ask policy, it happens after the login so it is pretty problematic and allow it completely,will probably cause a security issue for my system on of the question above. Thank you in advance... Best regards Nicolas -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8849fc0a-70ac-42ac-8e25-176db7653d11%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] UEFI secureboot issue
On Tuesday, August 1, 2017 at 9:15:26 PM UTC-4, Jean-Philippe Ouellet wrote: > On Tue, Aug 1, 2017 at 7:50 PM, cooloutac wrote: > > Qubes doesn't support secure boot unfortunately. I think its batshit crazy > > to consider a pc even reasonably secure without it. > > Secure boot in reality is quite far from the boot chain panacea its > name may suggest. > > If you haven't already, I'd suggest reading Joanna's "Intel x86 > considered harmful" paper [1] and checking out Trammell Hudson's Heads > project [2]. > > FWIW, the systems I currently believe have the most secure boot chains > do not involve UEFI at all. > > Regards, > Jean-Philippe > > [1]: https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf > [2]: http://osresearch.net/ That sounds insane, what systems are those? Yes Joanna started saying things Richard Stallman had been saying for years. But its Still just alot of "what ifs"... In reality, and what we know as true facts, and what is, is that secure boot stops attacks like hacking teams insyde bios exploit. Nothing else would. And yes these things can happen remotely, physical access is not required. An OS probably isn't even required. Even Richard Stallman has changed his tune and says secure boot is ok to use in its current state as a security feature. He half halfheartedly admits he was wrong by saying Microsoft failed its intended purpose. So any FSF hippie nut still preaching against secure boot is just a hater. A hater of microsoft, a hater of redhat, and someone who doesn't want to admit they were wrong. I think its insane to call any system even reasonably secure,without secure boot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42a48f49-907d-4433-a300-84ac64d48c3c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
On Saturday, August 5, 2017 at 12:48:29 PM UTC-4, yura...@gmail.com wrote: > On Saturday, August 5, 2017 at 4:38:23 PM UTC, cooloutac wrote: > > On Saturday, August 5, 2017 at 12:28:32 PM UTC-4, yura...@gmail.com wrote: > > > On Saturday, August 5, 2017 at 4:15:43 PM UTC, cooloutac wrote: > > > > On Saturday, August 5, 2017 at 12:05:58 PM UTC-4, yura...@gmail.com > > > > wrote: > > > > > On Saturday, August 5, 2017 at 3:56:25 PM UTC, cooloutac wrote: > > > > > > On Saturday, August 5, 2017 at 11:34:32 AM UTC-4, yura...@gmail.com > > > > > > wrote: > > > > > > > On Saturday, August 5, 2017 at 3:26:05 PM UTC, cooloutac wrote: > > > > > > > > I'll be disappointed but I'm not going to be mad at them for > > > > > > > > trying to get paid, they deserve it. > > > > > > > > > > > > > > > > But I also wouldn't mind if they turned me into a money asset > > > > > > > > like windows so they can keep designing it for home users...lol > > > > > > > > > > > > > > > > I look at things differently. You are referring to linux > > > > > > > > architecture and developers, while I'm referring to the > > > > > > > > majority of its users and community members, as the Product. > > > > > > > > > > > > > > Alright, I respect that, we see some things differently. But the > > > > > > > discussion is good, it does not have to come down to agreeing in > > > > > > > the end. > > > > > > > > > > > > > > I don't like customers being turned into assets though. The way I > > > > > > > see it, it essentially make people "not people" anymore, customer > > > > > > > service is out of the window, it's all about cheating and > > > > > > > manipulating people into making the best use of them, rather than > > > > > > > making a fair trade between a company and a customer. So I kind > > > > > > > of black out when I see business models that turn people into > > > > > > > assets, I really, really don't like that approach. > > > > > > > > > > > > > > But I do really agree that I wouldn't mind Qubes taking a fee, > > > > > > > ask for more donations, or focus partly or entirely on business > > > > > > > users. They do a lot of hard work, and regardless of the target > > > > > > > group, the change will be for the better of humanity. Perhaps > > > > > > > it's asking too much for Qubes to focus on both companies and > > > > > > > end-users at the same time, nontheless, I do hope they can manage > > > > > > > to do that. > > > > > > > > > > > > > > It's obvious they had their hands full on Qubes 4 too, so it > > > > > > > might just be that and we're reading too much into the issue here > > > > > > > at hand. But lets see, with time comes answers. I just hope it > > > > > > > wiill be in good time rather the long wait. > > > > > > > > > > > > You are going to be someones asset or product as part of nature, > > > > > > whether you know it or not. > > > > > > > > > > > > The ends justify the means to me. Especially if it means being able > > > > > > to use Qubes or not. > > > > > > > > > > > > I also think its silly to not support secure boot, simply because > > > > > > the idea was created by Microsoft. FSF/Richard Stallman > > > > > > supporters who are against secure boot, is like Bernie supporters > > > > > > not voting for hillary. Seems more spiteful then practical. > > > > > > > > > > Well yeah, only if one allows oneself to become a victim. We can > > > > > oppose and create balance in the world. > > > > > Also secure boot is entirely pointless in a stateless computer. A > > > > > non-stateless computer has a lot of closed source firmware which can > > > > > be either buggy (which closed software have proven to almost always > > > > > be), and backdoored, which is either illegal, can be abused by other > > > > > than for the intended, and is at the fringe limit crossing into the > > > > > realm of human rights. > > > > > > > > > > We don't need closed source firmware, it only creates problems, and > > > > > no benifit or solutions, other than maintaining market shares through > > > > > force, rather than surviving on good customer service and customer > > > > > support. > > > > > We don't need companies that leech on society. > > > > > > > > > > I gather you think the world is ruled by bullies, and that you think > > > > > it's okay. If so, using that perspective, we just have to become the > > > > > bullies towards to big companies who wants to make use of us. By the > > > > > end of the day, we the people are what matter, humanity matter, not > > > > > some greedy individuals behind a large company. Having said that, I'm > > > > > not a fanatic against big companies, but they must behave, or I'll be > > > > > against them. > > > > > > > > You can promote change, but we have to work with what we got right now. > > > > > > > > And right now secure boot would of stopped hacking teams insyde bios > > > > attacks, which some experts said could be exploited remotely, and >
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
On Friday, August 11, 2017 at 2:07:44 PM UTC, cooloutac wrote: > On Saturday, August 5, 2017 at 12:48:29 PM UTC-4, yura...@gmail.com wrote: > > On Saturday, August 5, 2017 at 4:38:23 PM UTC, cooloutac wrote: > > > On Saturday, August 5, 2017 at 12:28:32 PM UTC-4, yura...@gmail.com wrote: > > > > On Saturday, August 5, 2017 at 4:15:43 PM UTC, cooloutac wrote: > > > > > On Saturday, August 5, 2017 at 12:05:58 PM UTC-4, yura...@gmail.com > > > > > wrote: > > > > > > On Saturday, August 5, 2017 at 3:56:25 PM UTC, cooloutac wrote: > > > > > > > On Saturday, August 5, 2017 at 11:34:32 AM UTC-4, > > > > > > > yura...@gmail.com wrote: > > > > > > > > On Saturday, August 5, 2017 at 3:26:05 PM UTC, cooloutac wrote: > > > > > > > > > I'll be disappointed but I'm not going to be mad at them for > > > > > > > > > trying to get paid, they deserve it. > > > > > > > > > > > > > > > > > > But I also wouldn't mind if they turned me into a money asset > > > > > > > > > like windows so they can keep designing it for home > > > > > > > > > users...lol > > > > > > > > > > > > > > > > > > I look at things differently. You are referring to linux > > > > > > > > > architecture and developers, while I'm referring to the > > > > > > > > > majority of its users and community members, as the Product. > > > > > > > > > > > > > > > > Alright, I respect that, we see some things differently. But > > > > > > > > the discussion is good, it does not have to come down to > > > > > > > > agreeing in the end. > > > > > > > > > > > > > > > > I don't like customers being turned into assets though. The way > > > > > > > > I see it, it essentially make people "not people" anymore, > > > > > > > > customer service is out of the window, it's all about cheating > > > > > > > > and manipulating people into making the best use of them, > > > > > > > > rather than making a fair trade between a company and a > > > > > > > > customer. So I kind of black out when I see business models > > > > > > > > that turn people into assets, I really, really don't like that > > > > > > > > approach. > > > > > > > > > > > > > > > > But I do really agree that I wouldn't mind Qubes taking a fee, > > > > > > > > ask for more donations, or focus partly or entirely on business > > > > > > > > users. They do a lot of hard work, and regardless of the target > > > > > > > > group, the change will be for the better of humanity. Perhaps > > > > > > > > it's asking too much for Qubes to focus on both companies and > > > > > > > > end-users at the same time, nontheless, I do hope they can > > > > > > > > manage to do that. > > > > > > > > > > > > > > > > It's obvious they had their hands full on Qubes 4 too, so it > > > > > > > > might just be that and we're reading too much into the issue > > > > > > > > here at hand. But lets see, with time comes answers. I just > > > > > > > > hope it wiill be in good time rather the long wait. > > > > > > > > > > > > > > You are going to be someones asset or product as part of nature, > > > > > > > whether you know it or not. > > > > > > > > > > > > > > The ends justify the means to me. Especially if it means being > > > > > > > able to use Qubes or not. > > > > > > > > > > > > > > I also think its silly to not support secure boot, simply because > > > > > > > the idea was created by Microsoft. FSF/Richard Stallman > > > > > > > supporters who are against secure boot, is like Bernie > > > > > > > supporters not voting for hillary. Seems more spiteful then > > > > > > > practical. > > > > > > > > > > > > Well yeah, only if one allows oneself to become a victim. We can > > > > > > oppose and create balance in the world. > > > > > > Also secure boot is entirely pointless in a stateless computer. A > > > > > > non-stateless computer has a lot of closed source firmware which > > > > > > can be either buggy (which closed software have proven to almost > > > > > > always be), and backdoored, which is either illegal, can be abused > > > > > > by other than for the intended, and is at the fringe limit crossing > > > > > > into the realm of human rights. > > > > > > > > > > > > We don't need closed source firmware, it only creates problems, and > > > > > > no benifit or solutions, other than maintaining market shares > > > > > > through force, rather than surviving on good customer service and > > > > > > customer support. > > > > > > We don't need companies that leech on society. > > > > > > > > > > > > I gather you think the world is ruled by bullies, and that you > > > > > > think it's okay. If so, using that perspective, we just have to > > > > > > become the bullies towards to big companies who wants to make use > > > > > > of us. By the end of the day, we the people are what matter, > > > > > > humanity matter, not some greedy individuals behind a large > > > > > > company. Having said that, I'm not a fanatic against big companies, > > > > > > but they must behave, or I'll be
Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles
On Friday, August 11, 2017 at 12:04:44 AM UTC, Daniel Nelson wrote: > Did you ever make additional progress on your problems with QWT? I > encountered all the same issues you did, and the one I've not been able to > solve is always having to run my Win7 apps in debug mode, thus losing the > possibility of lovely seamless integration. > > I tried what you suggested about backing out the latest QWT and installing > the previous version. I tried it first with simply uninstalling from my VM, > with quirky results, so I went ahead and created a fresh VM. This > particular behavior continues, though, also with the GUI agent outdated > protocol error on exit, and usually with two Win7 related QubesDB files that > need to be manually deleted prior to relaunching as well. Did you try the opposite approach and use the packages from the testing repositories? sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools I'm unaware if the fix is still in testing, however the MegaTraveller guy verified (28 December, 2016) that this worked for him, in this thread https://github.com/QubesOS/qubes-issues/issues/2488 Also, as annoying and time consuming it may be, you might want to make a fresh HVM install again. As far as I've understood, it's not recommended to re-install QWT. I would however suggest to make a fresh backup of your Win7 from the moment it's just freshly installed, so you don't have to do more work than needed in the future. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6ca9f91e-4416-4731-bd64-55fb4d4068fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Lenovo Thinkpad S1
Disable Secure Boot, change to "Legacy Only" and disable Virtualization. The lock button on the side isn't mapped by default. You may enable VT-d after the installation. -- Hugo Costa -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABzYznxw-oSZ7rZ-6fAgpF9XyU75FpLCFQHT_u-NTtqnht-Ocw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-20CD0038PG-20170811-172149.yml Description: application/yaml
[qubes-users] is it known what version of fedora will run in dom0 in the stable release of 4.0?
the title says it all, is it known yet? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72f1512e-cd05-4b3a-872d-2e8be80ccfff%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows 7 problems (R3.2)
Hello, I also had some trouble getting Windows 7 to run in seamless mode but learned a lot during installations :-) On 08/10/17 19:38, hugonco...@gmail.com wrote: If I start the VM in Seemless GUI, it goes on but doesn't open any application (with and without debug mode on). If I start the VM without Seemless GUI, it only goes on with debug mode on, otherwise it'll follow the above pattern. In total I ended up installing windows roughly 20 times, tweaking lots of settings - but if know how it can be done, you get rewarded with a working windows installation which is running fine in seamless mode. I can walk you through the process, you can send me a private email so that we can do instead of bothering people on the list ;-) As suggested the first thing you need to do is creating a new windows 7 HVM and install windows (all in debug mode), don't make any windows updates and don't install additional applications. If the you have the windows HVM restarted several times and it is running smoothly, shutdown and make a backup so that we can use this HVM in case we mess something up. Afterwards we try to get things up & running. Also, 2nd problem, I've installed MS Office, I've copied the shortcuts to the "All Programs" folder and I'm unable to find them in the "Applications" tab in the VM config. Is there anything I can do? Also, other installed programmes don't appear on the list, it's not just Office. Some application install their shortcuts under c:\users\... and other under c:\users\all users or something similar - I don't have my windows VM running to look. Qubes will only grab the programs from one location, I think c:\users\..Startmenu You need to copy the shortcuts there and then they will be available in Qubes :-) I can look up the exact folders, when I start my old Qubes Laptop, currently I am running 4rc1 without a windows HVM. - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/062276c4-27c0-6901-df37-efa761871851%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
On Friday, 11 August 2017 17:02:13 UTC+2, yura...@gmail.com wrote: > On Friday, August 11, 2017 at 2:07:44 PM UTC, cooloutac wrote: > > On Saturday, August 5, 2017 at 12:48:29 PM UTC-4, yura...@gmail.com wrote: > > > On Saturday, August 5, 2017 at 4:38:23 PM UTC, cooloutac wrote: > > > > On Saturday, August 5, 2017 at 12:28:32 PM UTC-4, yura...@gmail.com > > > > wrote: > > > > > On Saturday, August 5, 2017 at 4:15:43 PM UTC, cooloutac wrote: > > > > > > On Saturday, August 5, 2017 at 12:05:58 PM UTC-4, yura...@gmail.com > > > > > > wrote: > > > > > > > On Saturday, August 5, 2017 at 3:56:25 PM UTC, cooloutac wrote: > > > > > > > > On Saturday, August 5, 2017 at 11:34:32 AM UTC-4, > > > > > > > > yura...@gmail.com wrote: > > > > > > > > > On Saturday, August 5, 2017 at 3:26:05 PM UTC, cooloutac > > > > > > > > > wrote: > > > > > > > > > > I'll be disappointed but I'm not going to be mad at them > > > > > > > > > > for trying to get paid, they deserve it. > > > > > > > > > > > > > > > > > > > > But I also wouldn't mind if they turned me into a money > > > > > > > > > > asset like windows so they can keep designing it for home > > > > > > > > > > users...lol > > > > > > > > > > > > > > > > > > > > I look at things differently. You are referring to linux > > > > > > > > > > architecture and developers, while I'm referring to the > > > > > > > > > > majority of its users and community members, as the Product. > > > > > > > > > > > > > > > > > > Alright, I respect that, we see some things differently. But > > > > > > > > > the discussion is good, it does not have to come down to > > > > > > > > > agreeing in the end. > > > > > > > > > > > > > > > > > > I don't like customers being turned into assets though. The > > > > > > > > > way I see it, it essentially make people "not people" > > > > > > > > > anymore, customer service is out of the window, it's all > > > > > > > > > about cheating and manipulating people into making the best > > > > > > > > > use of them, rather than making a fair trade between a > > > > > > > > > company and a customer. So I kind of black out when I see > > > > > > > > > business models that turn people into assets, I really, > > > > > > > > > really don't like that approach. > > > > > > > > > > > > > > > > > > But I do really agree that I wouldn't mind Qubes taking a > > > > > > > > > fee, ask for more donations, or focus partly or entirely on > > > > > > > > > business users. They do a lot of hard work, and regardless of > > > > > > > > > the target group, the change will be for the better of > > > > > > > > > humanity. Perhaps it's asking too much for Qubes to focus on > > > > > > > > > both companies and end-users at the same time, nontheless, I > > > > > > > > > do hope they can manage to do that. > > > > > > > > > > > > > > > > > > It's obvious they had their hands full on Qubes 4 too, so it > > > > > > > > > might just be that and we're reading too much into the issue > > > > > > > > > here at hand. But lets see, with time comes answers. I just > > > > > > > > > hope it wiill be in good time rather the long wait. > > > > > > > > > > > > > > > > You are going to be someones asset or product as part of > > > > > > > > nature, whether you know it or not. > > > > > > > > > > > > > > > > The ends justify the means to me. Especially if it means being > > > > > > > > able to use Qubes or not. > > > > > > > > > > > > > > > > I also think its silly to not support secure boot, simply > > > > > > > > because the idea was created by Microsoft. FSF/Richard > > > > > > > > Stallman supporters who are against secure boot, is like > > > > > > > > Bernie supporters not voting for hillary. Seems more spiteful > > > > > > > > then practical. > > > > > > > > > > > > > > Well yeah, only if one allows oneself to become a victim. We can > > > > > > > oppose and create balance in the world. > > > > > > > Also secure boot is entirely pointless in a stateless computer. A > > > > > > > non-stateless computer has a lot of closed source firmware which > > > > > > > can be either buggy (which closed software have proven to almost > > > > > > > always be), and backdoored, which is either illegal, can be > > > > > > > abused by other than for the intended, and is at the fringe limit > > > > > > > crossing into the realm of human rights. > > > > > > > > > > > > > > We don't need closed source firmware, it only creates problems, > > > > > > > and no benifit or solutions, other than maintaining market shares > > > > > > > through force, rather than surviving on good customer service and > > > > > > > customer support. > > > > > > > We don't need companies that leech on society. > > > > > > > > > > > > > > I gather you think the world is ruled by bullies, and that you > > > > > > > think it's okay. If so, using that perspective, we just have to > > > > > > > become the bullies towards to big companies who wants to make use > > > > > > > of us.
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
Question: should windows-7 HVMs imported from R3.2 Just Work™ in R4? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16d4707c-6999-4ec7-974f-8ab1b1c571af%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles
On Friday, August 11, 2017 at 8:29:09 AM UTC-7, yura...@gmail.com wrote: > On Friday, August 11, 2017 at 12:04:44 AM UTC, Daniel Nelson wrote: > > Did you ever make additional progress on your problems with QWT? I > > encountered all the same issues you did, and the one I've not been able to > > solve is always having to run my Win7 apps in debug mode, thus losing the > > possibility of lovely seamless integration. > > > > I tried what you suggested about backing out the latest QWT and installing > > the previous version. I tried it first with simply uninstalling from my > > VM, with quirky results, so I went ahead and created a fresh VM. This > > particular behavior continues, though, also with the GUI agent outdated > > protocol error on exit, and usually with two Win7 related QubesDB files > > that need to be manually deleted prior to relaunching as well. > > Did you try the opposite approach and use the packages from the testing > repositories? > > sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing > qubes-windows-tools > > I'm unaware if the fix is still in testing, however the MegaTraveller guy > verified (28 December, 2016) that this worked for him, in this thread > https://github.com/QubesOS/qubes-issues/issues/2488 > > Also, as annoying and time consuming it may be, you might want to make a > fresh HVM install again. As far as I've understood, it's not recommended to > re-install QWT. > I would however suggest to make a fresh backup of your Win7 from the moment > it's just freshly installed, so you don't have to do more work than needed in > the future. Thanks very much for the additional link. I'll do more reading. As to your questions... I was unable to fetch QWT from the live repo. I've been using only what I can get from the test repo. I tried both ways of doing things already... meaning that I tried uninstalling the tools from the Win7 VM, removing them from Qubes, fetching the previous version, then installing them into the VM. Since that didn't work I then did it the other way (deleting the VM and starting from scratch, but still with the previous version of QWT). The first way gave a pretty unstable Win7 VM. The second way worked fine, but the exit errors and lack of seamless functionality was the same as with the latest version of QWT. I'll dig more into the link you provided and see if I can find some joy. Thanks again! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6c5cffc-bfc2-4169-a4a5-b7c3a9dcc856%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Win 7, Qubes 3.2, qubes-windows-tools 3.2.2-3 struggles
Hello Daniel, when working with Qubes, I write all information into my own Wiki. Here my notes regarding the installation of a Window 7 HVM: Windows HVM Skip to end of metadata See also: https://www.qubes-os.org/doc/windows-appvms/ * Update Windows Tools sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools * Mount External HDD containing the windows installer ISO to the VM untrusted qvm-usb -a untrusted sys-usb:4-3 * Create new windows VM qvm-create win7 --hvm --label green * Start new windows VM with attached installer-ISO qvm-start globits --cdrom=untrusted:/run/media/user/WDEXT2TB/win7pro-32-de.iso (will start the VM and run the installer ISO) * First restart after ~4 min restart manually qvm-start globits * Further installation, restart manually qvm-start globits * Further installation, restart manually qvm-start globits * Start into Desktop / Updates -> decide later * Allow unsigned drivers by opening a CMD as administrator bcedit /set testsigning on * Install Windows Tools qvm-start globits --install-windows-tools * Change qrexec timeout because User Folder will be moved qvm-prefs -s qrexec_timeout 300 * Enable Debug Mode via Qubes Manager GUI * Enable auto-Login by starting netplwiz within Windows vm * Enable Seamless Mode / Disable Debug Mode via Qubes Manager GUI Attention: i had big problems getting seamless mode to work, and found out the reason after lots of troubleshooting. It seems that seamless mode will not work with all display resolutions. I have 3 K-display with a native resolution of 2.880 x 1.620 Pixels. With this resolution seamless mode didn't work, I had to change the resolution to a standard resolution. You might also look here: https://groups.google.com/forum/#!msg/qubes-users/Ia73yb4lCGA/s8Qp9dl4CQAJ https://github.com/QubesOS/qubes-issues/issues/1896 Which resolution are you using in Qubes? - PhR On 08/11/17 22:02, Daniel Nelson wrote: On Friday, August 11, 2017 at 8:29:09 AM UTC-7, yura...@gmail.com wrote: On Friday, August 11, 2017 at 12:04:44 AM UTC, Daniel Nelson wrote: Did you ever make additional progress on your problems with QWT? I encountered all the same issues you did, and the one I've not been able to solve is always having to run my Win7 apps in debug mode, thus losing the possibility of lovely seamless integration. I tried what you suggested about backing out the latest QWT and installing the previous version. I tried it first with simply uninstalling from my VM, with quirky results, so I went ahead and created a fresh VM. This particular behavior continues, though, also with the GUI agent outdated protocol error on exit, and usually with two Win7 related QubesDB files that need to be manually deleted prior to relaunching as well. Did you try the opposite approach and use the packages from the testing repositories? sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing qubes-windows-tools I'm unaware if the fix is still in testing, however the MegaTraveller guy verified (28 December, 2016) that this worked for him, in this thread https://github.com/QubesOS/qubes-issues/issues/2488 Also, as annoying and time consuming it may be, you might want to make a fresh HVM install again. As far as I've understood, it's not recommended to re-install QWT. I would however suggest to make a fresh backup of your Win7 from the moment it's just freshly installed, so you don't have to do more work than needed in the future. Thanks very much for the additional link. I'll do more reading. As to your questions... I was unable to fetch QWT from the live repo. I've been using only what I can get from the test repo. I tried both ways of doing things already... meaning that I tried uninstalling the tools from the Win7 VM, removing them from Qubes, fetching the previous version, then installing them into the VM. Since that didn't work I then did it the other way (deleting the VM and starting from scratch, but still with the previous version of QWT). The first way gave a pretty unstable Win7 VM. The second way worked fine, but the exit errors and lack of seamless functionality was the same as with the latest version of QWT. I'll dig more into the link you provided and see if I can find some joy. Thanks again! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03a0d3cd-01dc-f4fc-7d39-9064966bba3f%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS 4.0 first release candidate (rc1) has been released!
Hello, On 08/11/17 21:54, Foppe de Haan wrote: Question: should windows-7 HVMs imported from R3.2 Just Work™ in R4? additional questions: 1) Can I install Windows at all, since it seems that there are no qubes-windows-tools available . 2) What is the strategy with Windows Support in Qubes 4? In order to have Qubes ready for the enterprise business, I'd like to see seamless windows working in Qubes 4. 3) Is someone actually working on the Qubes Windows Tools? If not, would it help if we raise a budget as motivation? - PhR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e61aabc3-e621-ca09-ce0e-5629181f6671%40googlemail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
On 08/08/2017 03:59 PM, taii...@gmx.com wrote: > FYI: Having different VM's using the same template doesn't really matter > as they all have the same browser fingerprint. If your primary concern is browser fingerprinting, you should just use Tor Browser. Other browsers don't attempt to hide your browser fingerprint, especially the most fingerprintable part, your IP address. But browser fingerprinting isn't many people's primary concern, I think. I use browsers in separate AppVMs for compartmentalization. So if one browser gets compromised (or if a website uses css tricks to guess my browser history, etc.), the attacker won't be able to obtain any information about what's going on in browsers in other AppVMs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0b802c4-a6d6-4781-f9f6-ec2328778f3b%40micahflee.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Trying to build a rchlinux-template, missing dependencies python-sh?
Hi, Im trying to install an archlinux template. I'm stuck on a dependencies issue with: python-sh make qubes-vm \Currently installed dependencies: git-2.9.4-1.fc25.x86_64 rpmdevtools-8.9-1.fc25.noarch rpm-build-4.13.0.1-1.fc25.x86_64 createrepo-0.10.3-10.fc25.noarch debootstrap-1.0.87-1.fc25.noarch dpkg-dev-1.17.27-1.fc25.noarch package python-sh is not installed dialog-1.3-5.20160828.fc25.x86_64 ERROR: call 'make install-deps' to install missing dependencies Makefile:199: recipe for target 'check-depend.rpm' failed make: *** [check-depend.rpm] Error 1 [user@Development qubes-builder]$ make install-deps Redirecting to '/usr/bin/dnf install -y git rpmdevtools rpm-build createrepo debootstrap dpkg-dev python-sh dialog' (see 'man yum2dnf') Last metadata expiration check: 4:03:27 ago on Wed Aug 9 21:08:11 2017. Package git-2.9.4-1.fc25.x86_64 is already installed, skipping. Package rpmdevtools-8.9-1.fc25.noarch is already installed, skipping. Package rpm-build-4.13.0.1-1.fc25.x86_64 is already installed, skipping. Package createrepo-0.10.3-10.fc25.noarch is already installed, skipping. Package debootstrap-1.0.87-1.fc25.noarch is already installed, skipping. Package dpkg-dev-1.17.27-1.fc25.noarch is already installed, skipping. Package python2-sh-1.12.14-1.fc25.noarch is already installed, skipping. Package dialog-1.3-5.20160828.fc25.x86_64 is already installed, skipping. Dependencies resolved. Nothing to do. Sending application list and icons to dom0 Complete! [user@Development qubes-builder]$ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7c9f13d5-7eea-4d7c-96c9-203dca1bc28f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sys-usb and usb read-only
On 08/11/2017 08:41 PM, Nicolas Mojon wrote: > Hi, > > I would like to know if on the new 4.0 it is possible to lock down data in a > VM like that nothing can go out of the VM (like no internet or copypaste > through dom0). I would like to make that specially for usb sticks or other > stocking device, that people can work on things on the usb in the VM but > nothing must be able to go out. > > Additionally to that, I would like to know if it is possible to use the > sys-usb vm but with an usb keyboard, cause for the moment, when I try to > implement it, it finish in a dead lock cause I cannot use the keyboard when > restarting. And even with the ask policy, it happens after the login so it is > pretty problematic and allow it completely,will probably cause a security > issue for my system on of the question above. > > Thank you in advance... > > Best regards > > Nicolas > Hi Nicolas, I am not aware of any changes between r3.2 and r4.0 that would affect your use case. You can disable the vm's networking of course. If you want a read-only USB flash drive you should look at the USG hardware firewall. I have recently released configurable firmware with a read-only mass storage option: https://github.com/robertfisk/usg/wiki Regarding USB keyboards with sys-usb, as you have discovered this does not work. Enabling sys-usb sets a kernel option to hide all USB controllers from dom0, and you then cannot type the disk password. You have two choices: 1 - Leave sys-usb enabled. Boot with a PS/2 keyboard attached (laptop keyboards are PS/2) 2 - Disable sys-usb. Leave your keyboard's PCI USB controller attached to dom0. Assign other PCI USB controllers to your own usb VM. If your system only has one USB controller you could purchase a USB expansion card. Read the Qubes USB docs for more info: https://www.qubes-os.org/doc/usb/ Regards, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f539d88f-6575-6786-6139-d2705b0781a5%40fastmail.fm. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Request for feedback: 4.9 Kernel
On Saturday, August 12, 2017 at 3:22:07 AM UTC+2, Kristian Elof Sørensen wrote: > > On Sat, 2017-05-20 at 13:42 -0600, Reg Tiangha wrote: > > People may not have noticed, but there is now a 4.9 kernel in > > current-testing (4.9.28 to be specific). > > Running kernel 4.9.35-19 now > > > 1) Hardware that used to work with 4.4 or 4.8 no longer works with > > 4.9. > > None observed > > > 2) Hardware that didn't work with 4.4 or 4.8 still doesn't work. > > Same as with the 4.8.12-12 > > That means quite a lot of hardware does not work or are not recognised > by the kernel. > > This is on a very recent i5-7200U based ASUS B9440U laptop with its > accompaining USB-C dock. > > Powermanagemet in general is sorely missing on laptop with Qubes. > (batterylife is 3-4 hours instead of approx. 10, the monitor backlight > never turns off despite the screensaver turning the screen black, the > keyboard backlight does not work and the fan runs nearly all the time. > > > 4) General feedback on the 4.9 kernel. > > > > Well I look forward to kernel 4.10 and 4.11 and hope to see them soon > on Qubes. > > Othervise I will have to end my Qubes experiment on this laptop and > install something else, in order to get actual work done. > > Kristian > Since I doubt Marek or others will have time, I'd suggest building your own 4.11-based kernel per the instructions found in this thread. :) https://groups.google.com/forum/#!topic/qubes-users/yBeUJPwKwHM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/225ac85c-90e0-4100-9786-4ec046f580f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HOWTO: Compiling Kernels for dom0
Wrt (4.11) build dependencies: you'll also need elfutils-libelf-devel, gcc-plugin-devel. as before, it's easiest to build these in a fc23-based VM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42a86704-59e4-409a-922c-206da8871110%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
