[qubes-users] mount root.img files

2017-11-22 Thread Bernhard 
Hello,

I brought myself in trouble, when I (badly) followed the vm-sudo
instructions : as non-root, I modified (using each time sudo) the file
/etc/pam.d/common-auth in debian-8.
Now, at the follwoing steps I would need to sudo again - but the process
is blocked (saying 3 times bad password), since the new VMAuth is (only)
partially set up.

- Of course, qubes-revert command for template vm does not exist in Q4,
that would be too easy.
- Actually, reinstalling debian-8-template fails as well, since there
seems no package named qubes-template-debian-8 in contrast with the
qubes documentation
-  So I would like to "break in" the vm-template as dom0, and change
that one line in /etc/pam.d/common-auth back. But how to mount the
root.img file? I tried a losetup & mount approach, but the file is
non-mountable. I have not found any documentation either.

So I ask in despair for some help. Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c601bc55-8bfa-39eb-f396-a20b08bff24a%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote:
> On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 
> > > > > > > > wrote:
> > > > > > > > > Hello Beso,
> > > > > > > > > 
> > > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > > NetworkManager Applet. 
> > > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > > connection but it keeps connecting 
> > > > > > > > > > and nothing else
> > > > > > > > > 
> > > > > > > > >  I am using mobile broadband within Qubes and am happy to 
> > > > > > > > > help, but honestly your question/problem is to unqualified. 
> > > > > > > > > 
> > > > > > > > > - what version of Qubes are you running?
> > > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > > - how is the broadband card connected? Probably as an 
> > > > > > > > > internal USB device. 
> > > > > > > > > - are you using sys-usb to connect the card to your sys-net 
> > > > > > > > > VM? Or are you passing through the whole USB controller?
> > > > > > > > > - have you tried to boot up a Fedora live Linux and check if 
> > > > > > > > > your mobile broadband is working there?
> > > > > > > > > - what does "keeps connecting" means?
> > > > > > > > > 
> > > > > > > > > My suggestion:
> > > > > > > > > Try to get the mobile broadband card working without Qubes 
> > > > > > > > > (Linux Live Boot from USB-Stick).
> > > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > > 
> > > > > > > > > [799]
> > > > > > > > 
> > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > > > - do I have to attach it somewhere?
> > > > > > > > - As I mentioned I can create new broadband connection and even 
> > > > > > > > select it from applet menu but it keeps connecting(applet shows 
> > > > > > > > "circles" as trying connect).
> > > > > > > > I am trying to make screenshot if it helps
> > > > > > 
> > > > > > PS.
> > > > > > [user@sys-net ~]$ ifconfig
> > > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > device interrupt 26  memory 0xe120-e122  
> > > > > > 
> > > > > > lo: flags=73  mtu 65536
> > > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > 
> > > > > > vif2.0: flags=4163  mtu 1500
> > > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > > > > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 
> > > > > > 0x20
> > > > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > 
> > > > > > wlp0s2: flags=4163  mtu 1500
> > > > > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > > > > 192.168.43.255
> > > > > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 
> > > > > > 0x20
> > > > > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > > > > RX packets 238240  bytes 225553537 (215.1 MiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 108834  bytes 37072683 (35.3 MiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > 
> > > > > 
> > > > > sudo dmesg:
>

Re: [qubes-users] Re: Qubes support Secure Boot

2017-11-22 Thread taii...@gmx.com 

On 11/22/2017 07:25 PM, xeph...@gmail.com wrote:


This is quite late, but now that UEFI is supported...is secure boot?  Wasn't 
quite sure what key or signature to import.

Why are all the newbies here so obsessed with a microsoft technology?

Just shut it off, it provides no benefit to you. If their code is so 
great and beneficial to you why not simply install windows 10? they say 
it is safe and secure just like SB 2.0...


"Secure" boot isn't secure, it is an anti-feature designed to eventually 
remove the ability for average joes to install and boot linux - while SB 
1.0 included a owner control mandate this was conveniently left out of 
SB 2.0 after the SB 1.0 media circus died down with the goal being the 
eventual blocking of linux via attrition of board makers no longer 
wanting to take the extra effort to allow for owner control or even add 
the second SB key which allows people to boot the red hat signed version 
of grub2.


If you have to ask for permission to run code it isn't your computer and 
you do not own it you are simply purchasing a lease on it.
I for one would never buy such a thing and neither should you (I have 
re-programmed the firmware on all my workstations/servers - they are 
owner controlled and are truly mine with no hardware code signing 
enforcement anti-features - doesn't that sound better?)


Tell me, how does it prevent a rootkit? why couldn't that hypothetical 
rootkit simply modify another critical system file instead of the 
bootloader or kernel? or disable SB? (already root, hence rootkit - if 
you have a zero day for windows you certainly have one for SB as well)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27a795d9-b4a6-b05f-e8c4-a23f43bec551%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

2017-11-22 Thread jkitt 
On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> From a crypto list, seemed relevant here.
> .
> Oh joy...
> 
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> .

So I have my ME "turned off", and I understand off never means off, but can it 
still be remotely exploited? I'm using a wireless NIC.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb84ce1e-52bd-4da0-a4e4-a1f59b120f30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread Yuraeitha 
On Thursday, November 23, 2017 at 2:38:21 AM UTC, Yuraeitha wrote:
> Been thinking about ways to increase the accuracy, here are some extra 
> thoughts and limitations. Feel free to add any too if you see a different 
> perspective.
> 
> Generally, there are three macro perspective trends.
> Trend 1): Qubes is over-represented in a region or country.
> Trend 2): Qubes is at average represented in a region or country. 
> Trend 2): Qubes is under-represented in a region or a country. 
> 
> If any region or data, falls into the trend 1, or trend 3, then it messes up 
> the accuracy. 
> 
> Trend 1) speculated factors
> - Different culture (Can have huge influence).
> - Reasonable stable and functioning economy, towards a strong economy. 
> - Peace. 
> - Order and predictability in short term daily life.
> - Reasonable infrastructure towards great infrastructure. 
> - Anything else that you can imagine in this, etc.
> 
> 
> Trend 3) speculated factors
> - Different culture (Can have huge influence).
> - Poor economy, country is not functioning well, or barely at all.
> - War with another country. 
> - Civil war. 
> - Turmoil and unstable government. 
> - Poor infrastructure (roads, internet, food supply, reliability in 
> expectancy). 
> - Anything else that you can imagine in this, etc.
> 
> 
> Trend 2) is what we can calculate with pretty high accuracy given how physics 
> work. However the real world is far more complex, trend 2) is not taking the 
> many factors of life into consideration. The trend 1) and trend 3), as on the 
> list above, have big influence. 
> 
> Similar problems are found in GNP (Gross National Product), which is 
> something used by macro economists and politicians too, to measure how well a 
> country is performing in its production. The drawback, just like trend 1), 
> and trend 3) above, is the vast different cultures, history, current state, 
> different ways from country to country on how to calculate, or even different 
> ways in gathering the raw data used in the calculations, etc. 
> The solution, is to limit these comparisons to the countrys own GNP from the 
> year before, and to avoid comparing with other countries, unless, of course, 
> the country look a lot alike in the trend 1) and trend 3) factor lists. For 
> example USA states, may draw better similarities between similar looking 
> states, compared to if you compare a US States GNP with say, Germany, Russia, 
> China, Italy, and so on, whom have similar, but yet also very different 
> cultures and factors that make comparisons inaccurate. The solution 
> therefore, is to only compare where it makes sense to compare, either by 
> comparing to your own GNP the year before, or only compare with a country 
> that looks a lot alike. Keeping in mind that even within USA, a US state can 
> be very different from another US State, so one has to be very careful with 
> comparisons like these. Even if comparing a countrys own GNP from several 
> years back, ones own country culture will likely have changed, and even the 
> method of calculation, or method of data collection, can be different if 
> going too many years back in the same country. 
> However, if you do like inflation calculations, you can go year by year, one 
> at a time, make % comparison with the countries own GNP, only one year back 
> at a time. This way, you can see a chain reaction, only looking at small 
> changes at a time. But its dangerous to try jump too far in the timeline, 
> unless changes in trend 1) or trend 3) are taken into account. Given the 
> complexity, this is notoriously difficult to do, in any way that represent 
> accuracy. Even getting a close estimation can easily be notorious. 
> 
> So the takeaway? 
> Reducing complexity, and limit ourselves into how we use and take the data 
> for granted. For example, be mindful of all the various ways the data can be 
> shaped differently from what reality really looks like.  
> 
> So keeping these challenges in mind from economics, we can draw a bit from it 
> in our Qubes demographics.
> 
> For example, if you know how many Qubes users are in the USA, or in China, 
> EU, Africa, Russia, or any other similar region, which is very different to 
> the rest of the world, yet similar inwards towards itself and its own 
> culture, then we can increase the accuracy quite a bit. 
> 
> The problem is we don't have such data, and it probably isn't a good idea if 
> the Qubes team start to look into the unique IP's in an invasive way. It's 
> already troubling enough that they keep logs of everyone's IP to begin with. 
> 
> So what else can we do? We might be able to incorporate some secondary data, 
> i.e. find out how many people live in a country without infrastructure. Then 
> we can take the world population, and subtract the amount of people whom have 
> no or extremely poor infrastructure. 
> 
> Another method, which can be used in addition to the above, or any other 
> similar subtractions, is to

[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

2017-11-22 Thread Yuraeitha 
On Thursday, November 23, 2017 at 3:54:57 AM UTC, jkitt wrote:
> On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> > From a crypto list, seemed relevant here.
> > .
> > Oh joy...
> > 
> > Intel finds critical holes in secret Management Engine hidden in tons
> > of desktop, server chipsets
> > https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> > .
> 
> So I have my ME "turned off", and I understand off never means off, but can 
> it still be remotely exploited? I'm using a wireless NIC.

@jkitt a good question, we need some more answers. For starters, where is the 
proof that it works, and not just take "experts words for that it works". 
Taking a word for it, simply just isn't good enough. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a18e14e2-ec65-41c3-9c5b-7c4282b4490e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread beso 
On Thursday, November 23, 2017 at 1:07:28 AM UTC+2, Yuraeitha wrote:
> On Wednesday, November 22, 2017 at 10:49:46 PM UTC, beso wrote:
> > On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote:
> > > On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote:
> > > > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> > > > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > > > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha 
> > > > > > wrote:
> > > > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso 
> > > > > > > > > wrote:
> > > > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, 
> > > > > > > > > > > One7two99 wrote:
> > > > > > > > > > > > Hello Beso,
> > > > > > > > > > > > 
> > > > > > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > > > > > NetworkManager Applet. 
> > > > > > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > > > > > connection but it keeps connecting 
> > > > > > > > > > > > > and nothing else
> > > > > > > > > > > > 
> > > > > > > > > > > >  I am using mobile broadband within Qubes and am happy 
> > > > > > > > > > > > to help, but honestly your question/problem is to 
> > > > > > > > > > > > unqualified. 
> > > > > > > > > > > > 
> > > > > > > > > > > > - what version of Qubes are you running?
> > > > > > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > > > > > - how is the broadband card connected? Probably as an 
> > > > > > > > > > > > internal USB device. 
> > > > > > > > > > > > - are you using sys-usb to connect the card to your 
> > > > > > > > > > > > sys-net VM? Or are you passing through the whole USB 
> > > > > > > > > > > > controller?
> > > > > > > > > > > > - have you tried to boot up a Fedora live Linux and 
> > > > > > > > > > > > check if your mobile broadband is working there?
> > > > > > > > > > > > - what does "keeps connecting" means?
> > > > > > > > > > > > 
> > > > > > > > > > > > My suggestion:
> > > > > > > > > > > > Try to get the mobile broadband card working without 
> > > > > > > > > > > > Qubes (Linux Live Boot from USB-Stick).
> > > > > > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > > > > > 
> > > > > > > > > > > > [799]
> > > > > > > > > > > 
> > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > > > > > > - do I have to attach it somewhere?
> > > > > > > > > > > - As I mentioned I can create new broadband connection 
> > > > > > > > > > > and even select it from applet menu but it keeps 
> > > > > > > > > > > connecting(applet shows "circles" as trying connect).
> > > > > > > > > > > I am trying to make screenshot if it helps
> > > > > > > > > 
> > > > > > > > > PS.
> > > > > > > > > [user@sys-net ~]$ ifconfig
> > > > > > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  
> > > > > > > > > collisions 0
> > > > > > > > > device interrupt 26  memory 0xe120-e122  
> > > > > > > > > 
> > > > > > > > > lo: flags=73  mtu 65536
> > > > > > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  
> > > > > > > > > collisions 0
> > > > > > > > > 
> > > > > > > > > vif2.0: flags=4163  mtu 1500
> > > > > > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 
> > > > > > > > > 0.0.0.0
> > > > > > > > > inet6 fe80::fcff::feff:  prefixlen 64  
> > > > > > > > > scopeid 0x20
> > > > > > > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > > > > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > > >

Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 10:27:55 PM UTC, a.mc...@yandex.com wrote:
> Wow!
> 
> Just wow! I am really impressed!
> 
> Now I'm going to make such statistics for my country.
> 
> 
> On November 22, 2017 6:50:36 PM UTC, Yuraeitha  wrote:
> On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu wrote:
>  Hi,my name is Knut von Walter.In order to progress in my understanding of 
> Qubes OS, I am looking for members of the Qubes-community in 
> Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter
> 
> If you look here, you can see how many people who use Qubes, based on unique 
> IP addresses https://www.qubes-os.org/statistics/
> Only the Tor IP's may be more of the same people, so ignore those. In 
> addition, people may update Qubes while out in the wild, i.e. while on 
> company, school, or if using VPN on. Basically, it's a rough statistic 
> regarding how many people use Qubes. 
> 
> However, what the statistics does provide, is that no more than the maximum 
> can exist. And this information is relevant to your question. 
> 
> Currently there is probably some 25.000 Qubes users, probably less, given the 
> laptops that move abouts and update on different non-Tor IP's. 
> 
> It's probably not proper to take the German population, and devide by the 
> world population, to find out the ratio, and transfer this ratio to the 
> 25.000 Qubes users. This is because culture, and mouth to mouth 
> recommendations, infrastructure like technical security universities, 
> companies, etc. may spread Qubes in different and various populations across 
> the world. 
> However its given that Germany is more focused on security than some other 
> western countries out there, so the ratio may be a bit higher than the 
> average world ratio. 
> 
> Lets crack some numbers. Data is just roughly accurate, give or take some 
> millions or source update delays, wiki use controversy, etc.. But it should 
> be accurate enough to get a useful conclusion. We're not trying to split 
> hairs after all.
> 
> - Data -
> "The world population was estimated to have reached 7.6 billion as of October 
> 2017" https://en.wikipedia.org/wiki/World_population
> 
> Germany Population 2017: 82,155,210
> http://worldpopulationreview.com/countries/germany-population/
> 
> Munich1,330,440
> Same link source as German population, just scroll down.
> 
> Qubes users: ~ 25.000 
> https://www.qubes-os.org/statistics/
> 
> - Analysis -  
> Step 1,A)
> 82M German pop. divided by 7.600M world pop. = 0,0107 (or 1,07 %).
> 
> Step 1,B)
> 1,330M Munich pop. divided by 7.600M world pop. = 0,000175 (or 0,0175 %).
> 
>  
> 
> Step 2,A) 
> 25.000 Qubes users multiplied by German/world population ratio 0,0107 = 267,5 
> German Qubes users. 
> 
> Step 2,B) 
> 25.000 Qubes users multiplied by Munich/world population ratio 0,000175 = 4,3 
> Munich Qubes users. 
> 
> 
> - Conclusion - 
> This means, in a perfect square, evenly distributed scenario, there are at 
> average some 267,5 Qubes users in all of Germany, and some 4,3 Qubes users in 
> Munich specifically. However, keep in mind, this is evenly distributed. Other 
> factors, such as culture, universities, companies, mouth to mouth, and so on, 
> may change how even the distribution is. As such, you may for example be the 
> only one in Munich to use Qubes, or perhaps, there are 10 others besides you 
> in Munich. Similar, there may be 500 in German, or maybe only 10 QUbes users 
> in Germany. 
> 
> - Perspective, a small extra study - 
> However, we can make a logical deduction from our little inductive research 
> above. Deductively, we can assume that because Germans are subjectively known 
> t be more keen on security and privacy than some other western countries, or 
> most countries in the world. And because Germany is one of the leading 
> country in some technologies and science. It's not unlikely to think that 
> Germany might have a somewhat higher distribution of Qubes users, compared to 
> elsewhere. 
> 
> For example, it may be assumed that Germany then have 300? or maybe 700? 
> Qubes users (up from 267,5), it's a wild guess. At this point, it becomes 
> calculated guess-work. But you can still estimate the likelihood of how 
> likely your guess is.
> 
> However, keep in mind, a slightly bigger likelihood of more Qubes users in 
> Germany, does not translate into many more Qubes users in Munich. Germany is 
> about 88 times bigger in population than Munich is, so for every 88 extra 
> Qubes user in Germany, there is only 1 extra in Munich, if evenly 
> distributed. However, if you got universities, privacy advocated companies, 
> or just plain lucky to have people interested in Qubes to spread mouth to 
> mouth in Munich or near Munich, then Munich may have a bigger ratio as well. 
> 
> So, your take away, considering so few of the 25.000 Qubes users actually 
> post on these e-mail thread / forums, it can be "assumed" that some just

Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread Yuraeitha 
Been thinking about ways to increase the accuracy, here are some extra thoughts 
and limitations. Feel free to add any too if you see a different perspective.

Generally, there are three macro perspective trends.
Trend 1): Qubes is over-represented in a region or country.
Trend 2): Qubes is at average represented in a region or country. 
Trend 2): Qubes is under-represented in a region or a country. 

If any region or data, falls into the trend 1, or trend 3, then it messes up 
the accuracy. 

Trend 1) speculated factors
- Different culture (Can have huge influence).
- Reasonable stable and functioning economy, towards a strong economy. 
- Peace. 
- Order and predictability in short term daily life.
- Reasonable infrastructure towards great infrastructure. 
- Anything else that you can imagine in this, etc.


Trend 3) speculated factors
- Different culture (Can have huge influence).
- Poor economy, country is not functioning well, or barely at all.
- War with another country. 
- Civil war. 
- Turmoil and unstable government. 
- Poor infrastructure (roads, internet, food supply, reliability in 
expectancy). 
- Anything else that you can imagine in this, etc.


Trend 2) is what we can calculate with pretty high accuracy given how physics 
work. However the real world is far more complex, trend 2) is not taking the 
many factors of life into consideration. The trend 1) and trend 3), as on the 
list above, have big influence. 

Similar problems are found in GNP (Gross National Product), which is something 
used by macro economists and politicians too, to measure how well a country is 
performing in its production. The drawback, just like trend 1), and trend 3) 
above, is the vast different cultures, history, current state, different ways 
from country to country on how to calculate, or even different ways in 
gathering the raw data used in the calculations, etc. 
The solution, is to limit these comparisons to the countrys own GNP from the 
year before, and to avoid comparing with other countries, unless, of course, 
the country look a lot alike in the trend 1) and trend 3) factor lists. For 
example USA states, may draw better similarities between similar looking 
states, compared to if you compare a US States GNP with say, Germany, Russia, 
China, Italy, and so on, whom have similar, but yet also very different 
cultures and factors that make comparisons inaccurate. The solution therefore, 
is to only compare where it makes sense to compare, either by comparing to your 
own GNP the year before, or only compare with a country that looks a lot alike. 
Keeping in mind that even within USA, a US state can be very different from 
another US State, so one has to be very careful with comparisons like these. 
Even if comparing a countrys own GNP from several years back, ones own country 
culture will likely have changed, and even the method of calculation, or method 
of data collection, can be different if going too many years back in the same 
country. 
However, if you do like inflation calculations, you can go year by year, one at 
a time, make % comparison with the countries own GNP, only one year back at a 
time. This way, you can see a chain reaction, only looking at small changes at 
a time. But its dangerous to try jump too far in the timeline, unless changes 
in trend 1) or trend 3) are taken into account. Given the complexity, this is 
notoriously difficult to do, in any way that represent accuracy. Even getting a 
close estimation can easily be notorious. 

So the takeaway? 
Reducing complexity, and limit ourselves into how we use and take the data for 
granted. For example, be mindful of all the various ways the data can be shaped 
differently from what reality really looks like.  

So keeping these challenges in mind from economics, we can draw a bit from it 
in our Qubes demographics.

For example, if you know how many Qubes users are in the USA, or in China, EU, 
Africa, Russia, or any other similar region, which is very different to the 
rest of the world, yet similar inwards towards itself and its own culture, then 
we can increase the accuracy quite a bit. 

The problem is we don't have such data, and it probably isn't a good idea if 
the Qubes team start to look into the unique IP's in an invasive way. It's 
already troubling enough that they keep logs of everyone's IP to begin with. 

So what else can we do? We might be able to incorporate some secondary data, 
i.e. find out how many people live in a country without infrastructure. Then we 
can take the world population, and subtract the amount of people whom have no 
or extremely poor infrastructure. 

Another method, which can be used in addition to the above, or any other 
similar subtractions, is to figure out how many children and teenagers, as well 
as old people, there are in the world. While some old people, and likely some 
teenagers too, use Qubes, the bigger population of Qubes users are probably in 
the years of maybe, say, 20-50 years

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote:
> On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 
> > > > > > > > wrote:
> > > > > > > > > Hello Beso,
> > > > > > > > > 
> > > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > > NetworkManager Applet. 
> > > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > > connection but it keeps connecting 
> > > > > > > > > > and nothing else
> > > > > > > > > 
> > > > > > > > >  I am using mobile broadband within Qubes and am happy to 
> > > > > > > > > help, but honestly your question/problem is to unqualified. 
> > > > > > > > > 
> > > > > > > > > - what version of Qubes are you running?
> > > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > > - how is the broadband card connected? Probably as an 
> > > > > > > > > internal USB device. 
> > > > > > > > > - are you using sys-usb to connect the card to your sys-net 
> > > > > > > > > VM? Or are you passing through the whole USB controller?
> > > > > > > > > - have you tried to boot up a Fedora live Linux and check if 
> > > > > > > > > your mobile broadband is working there?
> > > > > > > > > - what does "keeps connecting" means?
> > > > > > > > > 
> > > > > > > > > My suggestion:
> > > > > > > > > Try to get the mobile broadband card working without Qubes 
> > > > > > > > > (Linux Live Boot from USB-Stick).
> > > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > > 
> > > > > > > > > [799]
> > > > > > > > 
> > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > > > - do I have to attach it somewhere?
> > > > > > > > - As I mentioned I can create new broadband connection and even 
> > > > > > > > select it from applet menu but it keeps connecting(applet shows 
> > > > > > > > "circles" as trying connect).
> > > > > > > > I am trying to make screenshot if it helps
> > > > > > 
> > > > > > PS.
> > > > > > [user@sys-net ~]$ ifconfig
> > > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > device interrupt 26  memory 0xe120-e122  
> > > > > > 
> > > > > > lo: flags=73  mtu 65536
> > > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > 
> > > > > > vif2.0: flags=4163  mtu 1500
> > > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > > > > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 
> > > > > > 0x20
> > > > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > 
> > > > > > wlp0s2: flags=4163  mtu 1500
> > > > > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > > > > 192.168.43.255
> > > > > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 
> > > > > > 0x20
> > > > > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > > > > RX packets 238240  bytes 225553537 (215.1 MiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 108834  bytes 37072683 (35.3 MiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > 
> > > > > 
> > > > > sudo dmesg:
>

[qubes-users] Re: Qubes support Secure Boot

2017-11-22 Thread xephael 
This is quite late, but now that UEFI is supported...is secure boot?  Wasn't 
quite sure what key or signature to import.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6e5b9162-a74f-421d-a379-cb92e31f7033%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread Yuraeitha 
On Thursday, November 23, 2017 at 2:46:16 AM UTC, tai...@gmx.com wrote:
> On 11/22/2017 05:07 PM, Yuraeitha wrote:
> 
> > Now seems like a really good time to twist Intel's arm to the back and 
> > force them to get rid of these invasive blobs, once and for all. Going open 
> > source, should be the very minimum solution, after all, how can we trust a 
> > company like this otherwise, if they don't at least try to be as 
> > transparent as possible. They lack trust enough already as it is, them now 
> > admitting it should mean no more roadblocks to get rid of it once and for 
> > all.
> >
> > If they got to the point and they admitted it (and its no longer a case of 
> > proving its existence), and still don't want to do the right thing, then 
> > imho, all hell should break loose.
> >
> > Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get 
> > this right. Because right now, Intel needs to look good again, while AMD 
> > does not after its come-back. Boycutting Intel now, may force its hand to 
> > do the right thing. Push em where it hurts.
> >
> > And if Intel finally does the right thing, then who knows, AMD may follow 
> > suit. AMD is halfway there already anyway.
> >
> AMD has PSP, which is their version of ME. It is no better.
> 
> owner controlled POWER is the future, if enough people buy TALOS 
> products eventually they'll be a lower end option (FYI the TALOS 2 price 
> is appropriate for high end server hardware, it is actually less than 
> Intel's stuff)
> 
> If google can't convince intel to offer a way to remove ME then no one 
> can, certainly not a small company with no real connections and no 
> hardware engineers (purism)

Nice! I did not know about TALOS, seems really interesting. I had kinda lost 
any hope for POWER CPU's since IBM are such big slackers when it comes to 
getting POWER marketed or supporting motherboard developers in the mass 
markets. The way I understand it, it's significantly easier to make 
motherboards, compared to making CPU's, and existing RAM technology can be 
used. So it was a bit mind-boggling for me that no one went ahead and made 
POWER motherboards. Not enough interest by the people at least capable of 
making motherboards, I guess? or my understanding of it falls short perhaps.

But either way, TALOS is really good news. Though its a bit sad that its so 
pricy and only for desktops. Especially as mobile devices are becoming so 
powerful, that desktops are less relevant for most normal people these days. It 
makes the desktop market smaller, and TALOS even harder to sell to normal 
people, and thereby probably also less likely to drop in price then too. And as 
a result, much less likely to come to laptops as well then. Unless something 
changes? Seems like an evil unbreakable circle, unless a shortcut is being cut 
out somewhere. 

For one, the price is waay to high for most regular people.
What hopes do we have for cheaper hardware, made available for the more popular 
devices (like laptops and phones), I wonder.

It's so frustrating, getting hopes, but at the same time, just enough out of 
reach, dangling there like a carrot on a stick, laughing at you. Frustrating... 

also, lmao, indeed, the claims and lack of results to show for, are gonna make 
purism a laughing stock for years to come. Maybe if they involved the open 
source community and got a huge backing with a single voice, but instead, many 
open source people got offended by their overestimated claims. The irony... 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0abc87b-acae-4dad-8665-b96919c43f7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread taii...@gmx.com 

On 11/22/2017 10:54 PM, jkitt wrote:


On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:

 From a crypto list, seemed relevant here.
.
Oh joy...

Intel finds critical holes in secret Management Engine hidden in tons
of desktop, server chipsets
https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
.

So I have my ME "turned off", and I understand off never means off, but can it 
still be remotely exploited? I'm using a wireless NIC.
If you use me_cleaner as of now there are no *public* exploits that 
allow for that, although I wouldn't be using an intel wireless NIC as I 
am sure they have some unpublished extra ME features besides the vPro 
ones that are documented.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b60b2c00-47f1-4c19-1678-9229c0e197f6%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote:
> On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 
> > > > > > > > wrote:
> > > > > > > > > Hello Beso,
> > > > > > > > > 
> > > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > > NetworkManager Applet. 
> > > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > > connection but it keeps connecting 
> > > > > > > > > > and nothing else
> > > > > > > > > 
> > > > > > > > >  I am using mobile broadband within Qubes and am happy to 
> > > > > > > > > help, but honestly your question/problem is to unqualified. 
> > > > > > > > > 
> > > > > > > > > - what version of Qubes are you running?
> > > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > > - how is the broadband card connected? Probably as an 
> > > > > > > > > internal USB device. 
> > > > > > > > > - are you using sys-usb to connect the card to your sys-net 
> > > > > > > > > VM? Or are you passing through the whole USB controller?
> > > > > > > > > - have you tried to boot up a Fedora live Linux and check if 
> > > > > > > > > your mobile broadband is working there?
> > > > > > > > > - what does "keeps connecting" means?
> > > > > > > > > 
> > > > > > > > > My suggestion:
> > > > > > > > > Try to get the mobile broadband card working without Qubes 
> > > > > > > > > (Linux Live Boot from USB-Stick).
> > > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > > 
> > > > > > > > > [799]
> > > > > > > > 
> > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > > > - do I have to attach it somewhere?
> > > > > > > > - As I mentioned I can create new broadband connection and even 
> > > > > > > > select it from applet menu but it keeps connecting(applet shows 
> > > > > > > > "circles" as trying connect).
> > > > > > > > I am trying to make screenshot if it helps
> > > > > > 
> > > > > > PS.
> > > > > > [user@sys-net ~]$ ifconfig
> > > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > device interrupt 26  memory 0xe120-e122  
> > > > > > 
> > > > > > lo: flags=73  mtu 65536
> > > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > 
> > > > > > vif2.0: flags=4163  mtu 1500
> > > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > > > > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 
> > > > > > 0x20
> > > > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > 
> > > > > > wlp0s2: flags=4163  mtu 1500
> > > > > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > > > > 192.168.43.255
> > > > > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 
> > > > > > 0x20
> > > > > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > > > > RX packets 238240  bytes 225553537 (215.1 MiB)
> > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > TX packets 108834  bytes 37072683 (35.3 MiB)
> > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > 
> > > > > 
> > > > > sudo dmesg:
>

Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread Yuraeitha 
On Thursday, November 23, 2017 at 2:40:57 AM UTC, Yuraeitha wrote:
> On Thursday, November 23, 2017 at 2:38:21 AM UTC, Yuraeitha wrote:
> > Been thinking about ways to increase the accuracy, here are some extra 
> > thoughts and limitations. Feel free to add any too if you see a different 
> > perspective.
> > 
> > Generally, there are three macro perspective trends.
> > Trend 1): Qubes is over-represented in a region or country.
> > Trend 2): Qubes is at average represented in a region or country. 
> > Trend 2): Qubes is under-represented in a region or a country. 
> > 
> > If any region or data, falls into the trend 1, or trend 3, then it messes 
> > up the accuracy. 
> > 
> > Trend 1) speculated factors
> > - Different culture (Can have huge influence).
> > - Reasonable stable and functioning economy, towards a strong economy. 
> > - Peace. 
> > - Order and predictability in short term daily life.
> > - Reasonable infrastructure towards great infrastructure. 
> > - Anything else that you can imagine in this, etc.
> > 
> > 
> > Trend 3) speculated factors
> > - Different culture (Can have huge influence).
> > - Poor economy, country is not functioning well, or barely at all.
> > - War with another country. 
> > - Civil war. 
> > - Turmoil and unstable government. 
> > - Poor infrastructure (roads, internet, food supply, reliability in 
> > expectancy). 
> > - Anything else that you can imagine in this, etc.
> > 
> > 
> > Trend 2) is what we can calculate with pretty high accuracy given how 
> > physics work. However the real world is far more complex, trend 2) is not 
> > taking the many factors of life into consideration. The trend 1) and trend 
> > 3), as on the list above, have big influence. 
> > 
> > Similar problems are found in GNP (Gross National Product), which is 
> > something used by macro economists and politicians too, to measure how well 
> > a country is performing in its production. The drawback, just like trend 
> > 1), and trend 3) above, is the vast different cultures, history, current 
> > state, different ways from country to country on how to calculate, or even 
> > different ways in gathering the raw data used in the calculations, etc. 
> > The solution, is to limit these comparisons to the countrys own GNP from 
> > the year before, and to avoid comparing with other countries, unless, of 
> > course, the country look a lot alike in the trend 1) and trend 3) factor 
> > lists. For example USA states, may draw better similarities between similar 
> > looking states, compared to if you compare a US States GNP with say, 
> > Germany, Russia, China, Italy, and so on, whom have similar, but yet also 
> > very different cultures and factors that make comparisons inaccurate. The 
> > solution therefore, is to only compare where it makes sense to compare, 
> > either by comparing to your own GNP the year before, or only compare with a 
> > country that looks a lot alike. Keeping in mind that even within USA, a US 
> > state can be very different from another US State, so one has to be very 
> > careful with comparisons like these. Even if comparing a countrys own GNP 
> > from several years back, ones own country culture will likely have changed, 
> > and even the method of calculation, or method of data collection, can be 
> > different if going too many years back in the same country. 
> > However, if you do like inflation calculations, you can go year by year, 
> > one at a time, make % comparison with the countries own GNP, only one year 
> > back at a time. This way, you can see a chain reaction, only looking at 
> > small changes at a time. But its dangerous to try jump too far in the 
> > timeline, unless changes in trend 1) or trend 3) are taken into account. 
> > Given the complexity, this is notoriously difficult to do, in any way that 
> > represent accuracy. Even getting a close estimation can easily be 
> > notorious. 
> > 
> > So the takeaway? 
> > Reducing complexity, and limit ourselves into how we use and take the data 
> > for granted. For example, be mindful of all the various ways the data can 
> > be shaped differently from what reality really looks like.  
> > 
> > So keeping these challenges in mind from economics, we can draw a bit from 
> > it in our Qubes demographics.
> > 
> > For example, if you know how many Qubes users are in the USA, or in China, 
> > EU, Africa, Russia, or any other similar region, which is very different to 
> > the rest of the world, yet similar inwards towards itself and its own 
> > culture, then we can increase the accuracy quite a bit. 
> > 
> > The problem is we don't have such data, and it probably isn't a good idea 
> > if the Qubes team start to look into the unique IP's in an invasive way. 
> > It's already troubling enough that they keep logs of everyone's IP to begin 
> > with. 
> > 
> > So what else can we do? We might be able to incorporate some secondary 
> > data, i.e. find out how many people live in a country without 
>

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread taii...@gmx.com 

On 11/22/2017 05:07 PM, Yuraeitha wrote:


Now seems like a really good time to twist Intel's arm to the back and force 
them to get rid of these invasive blobs, once and for all. Going open source, 
should be the very minimum solution, after all, how can we trust a company like 
this otherwise, if they don't at least try to be as transparent as possible. 
They lack trust enough already as it is, them now admitting it should mean no 
more roadblocks to get rid of it once and for all.

If they got to the point and they admitted it (and its no longer a case of 
proving its existence), and still don't want to do the right thing, then imho, 
all hell should break loose.

Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get this 
right. Because right now, Intel needs to look good again, while AMD does not 
after its come-back. Boycutting Intel now, may force its hand to do the right 
thing. Push em where it hurts.

And if Intel finally does the right thing, then who knows, AMD may follow suit. 
AMD is halfway there already anyway.


AMD has PSP, which is their version of ME. It is no better.

owner controlled POWER is the future, if enough people buy TALOS 
products eventually they'll be a lower end option (FYI the TALOS 2 price 
is appropriate for high end server hardware, it is actually less than 
Intel's stuff)


If google can't convince intel to offer a way to remove ME then no one 
can, certainly not a small company with no real connections and no 
hardware engineers (purism)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/56e6b6ee-04fb-888c-4e56-785cb7306385%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: download new fedora-26

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 11:56:33 PM UTC, Unman wrote:
> On Wed, Nov 22, 2017 at 12:50:08PM -0800, Yuraeitha wrote:
> > On Wednesday, November 22, 2017 at 4:11:17 PM UTC, Roy Bernat wrote:
> > > Hi 
> > > 
> > > i am trying to download fedora-26 but with no success . 
> > > 
> > > i succeeded a month ago but now i am getting nothing . 
> > > 
> > > any suggestions ? 
> > > 
> > > R
> > 
> > 
> > Are you running Qubes 4 or Qubes 3.2.?
> > 
> > I can only speak for Qubes as I never installed the template when on Qubes 
> > 3.2., however it failed for me as well. I do not recall what the issue was. 
> > The only other template issue I remember by head, is the fedora-26-minimal, 
> > which require a password when you try to use "sudo" or "su" etc. which 
> > means, you cannot install or update anything. The password has be fixed.
> > 
> > Please specify your Qubes version, and also what is happening when the 
> > template fails. 
> > 
> > Also, it's my gut feeling, without knowing for sure, that the developers 
> > are not overly focused on the different templates right now. Their focus is 
> > primarily Fedora-25 right now it seems. This is understandable, as they are 
> > working hard, and maybe even overtime, to get Qubes 4 out of beta and into 
> > stable final release. Before that, having just one good working template, 
> > compared to other nasty Qubes 4 bugs, is good enough, at least for me, and 
> > I assume most people too.
> > 
> > If it's trouble in Qubes 3.2. you encounter, then you probably won't see 
> > much else than security update in Qubes 3.2., as Qubes 3.2. is to be 
> > out-phased when the extended support ends. Which will likely happen, my 
> > guess, within half a year after Qubes 4 is stable. So unless someone 
> > provides an easy quick fix, the developers probably won't spend much time 
> > on fixing Qubes 3.2. templates.
> > 
> > Keep in mind the Qubes tools was changed and updated in Qubes 4, so 
> > whatever fix work in one Qubes version, may not necessarily work in the 
> > other.
> > 
> > Another solution could be to try compile the template yourself, there 
> > should be enough material around if you're good to follow guides on how to 
> > do so.
> > 
> 
> There is a Fedora-26 template available for both 3.2 and 4 - you
> can see them at yum.qubes-os.org.
> When you say that you are unable to download, do you mean that  you are
> trying using qubes-dom0-update, or are you manually downloading a
> template? There's nothing stopping you from downloading manually,
> transferring in to dom0 and then installing.
> 
> On the support issue, 3.2 will be supported for a full 12 months after
> the release of a final 4.0, and this will include bug fixes as well as
> security issues. Of course, support will inevitably tail off toward the
> end of that time.

The method I used at least, was the one downloading a fresh new Fedora-26 via 
the Qubes-dom0-update command. But I'm not trying to solve this as I'm happy 
enough with Fedora-25 for now. This is only in case it's useful info to help 
the original poster to find a solution.

I do not remember what was wrong with my Feodra-26, I had some other issues 
alongside it that I tried to solve. But I may give it a shot again within the 
day or tomorrow and rapport here what I find. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/09302ab8-eed7-46fd-9bee-b94114b9850a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 11:13:35 PM UTC, beso wrote:
> On Thursday, November 23, 2017 at 1:07:28 AM UTC+2, Yuraeitha wrote:
> > On Wednesday, November 22, 2017 at 10:49:46 PM UTC, beso wrote:
> > > On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote:
> > > > On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote:
> > > > > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> > > > > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > > > > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha 
> > > > > > > wrote:
> > > > > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso 
> > > > > > > > > wrote:
> > > > > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso 
> > > > > > > > > > wrote:
> > > > > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso 
> > > > > > > > > > > wrote:
> > > > > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, 
> > > > > > > > > > > > One7two99 wrote:
> > > > > > > > > > > > > Hello Beso,
> > > > > > > > > > > > > 
> > > > > > > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > > > > > > NetworkManager Applet. 
> > > > > > > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > > > > > > connection but it keeps connecting 
> > > > > > > > > > > > > > and nothing else
> > > > > > > > > > > > > 
> > > > > > > > > > > > >  I am using mobile broadband within Qubes and am 
> > > > > > > > > > > > > happy to help, but honestly your question/problem is 
> > > > > > > > > > > > > to unqualified. 
> > > > > > > > > > > > > 
> > > > > > > > > > > > > - what version of Qubes are you running?
> > > > > > > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > > > > > > - how is the broadband card connected? Probably as an 
> > > > > > > > > > > > > internal USB device. 
> > > > > > > > > > > > > - are you using sys-usb to connect the card to your 
> > > > > > > > > > > > > sys-net VM? Or are you passing through the whole USB 
> > > > > > > > > > > > > controller?
> > > > > > > > > > > > > - have you tried to boot up a Fedora live Linux and 
> > > > > > > > > > > > > check if your mobile broadband is working there?
> > > > > > > > > > > > > - what does "keeps connecting" means?
> > > > > > > > > > > > > 
> > > > > > > > > > > > > My suggestion:
> > > > > > > > > > > > > Try to get the mobile broadband card working without 
> > > > > > > > > > > > > Qubes (Linux Live Boot from USB-Stick).
> > > > > > > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > > > > > > 
> > > > > > > > > > > > > [799]
> > > > > > > > > > > > 
> > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon 
> > > > > > > > > > > > X7
> > > > > > > > > > > > - do I have to attach it somewhere?
> > > > > > > > > > > > - As I mentioned I can create new broadband connection 
> > > > > > > > > > > > and even select it from applet menu but it keeps 
> > > > > > > > > > > > connecting(applet shows "circles" as trying connect).
> > > > > > > > > > > > I am trying to make screenshot if it helps
> > > > > > > > > > 
> > > > > > > > > > PS.
> > > > > > > > > > [user@sys-net ~]$ ifconfig
> > > > > > > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > > > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > > > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  
> > > > > > > > > > collisions 0
> > > > > > > > > > device interrupt 26  memory 0xe120-e122  
> > > > > > > > > > 
> > > > > > > > > > lo: flags=73  mtu 65536
> > > > > > > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > > > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > > > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > > > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  
> > > > > > > > > > collisions 0
> > > > > > > > > > 
> > > > > > > > > > vif2.0: flags=4163  mtu 1500
> > > > > > > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 
> > > > > > > > > > 0.0.0.0
> > > > > > > > > > inet6

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread Yuraeitha 
On Thursday, November 23, 2017 at 2:46:16 AM UTC, tai...@gmx.com wrote:
> On 11/22/2017 05:07 PM, Yuraeitha wrote:
> 
> > Now seems like a really good time to twist Intel's arm to the back and 
> > force them to get rid of these invasive blobs, once and for all. Going open 
> > source, should be the very minimum solution, after all, how can we trust a 
> > company like this otherwise, if they don't at least try to be as 
> > transparent as possible. They lack trust enough already as it is, them now 
> > admitting it should mean no more roadblocks to get rid of it once and for 
> > all.
> >
> > If they got to the point and they admitted it (and its no longer a case of 
> > proving its existence), and still don't want to do the right thing, then 
> > imho, all hell should break loose.
> >
> > Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get 
> > this right. Because right now, Intel needs to look good again, while AMD 
> > does not after its come-back. Boycutting Intel now, may force its hand to 
> > do the right thing. Push em where it hurts.
> >
> > And if Intel finally does the right thing, then who knows, AMD may follow 
> > suit. AMD is halfway there already anyway.
> >
> AMD has PSP, which is their version of ME. It is no better.
> 
> owner controlled POWER is the future, if enough people buy TALOS 
> products eventually they'll be a lower end option (FYI the TALOS 2 price 
> is appropriate for high end server hardware, it is actually less than 
> Intel's stuff)
> 
> If google can't convince intel to offer a way to remove ME then no one 
> can, certainly not a small company with no real connections and no 
> hardware engineers (purism)

oh btw Tai, I realized I missed your AMD line comment. 
I'm well aware that AMD sucks too, but this is not my point I tried to make. 
The point is that AMD looks good (for other reasons), compared to Intel right 
now. If Intel wants to fight back, they could for starters try stop appearing 
so... well.. "evil" or needlessly and overly "greedy" beyond reason.

So I'm not saying AMD is any better, it's just that AMD can be used, like a 
tool, to fuck Intel up enough, to force Intel's hand to do something good 
(hopefully). Question is, will enough people do it, in orcer to force Intel's 
hand. And if enough do it, then its probably not for this reason. But 
nontheless, whatever little helps to send Intel a clear signal that they need 
to behave to regain any love.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a43c179c-0091-4c12-8bbb-e97e5c1a892e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fwd: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

2017-11-22 Thread Sandy Harris 
>From a crypto list, seemed relevant here.

-- Forwarded message --
From: =JeffH 
Date: Tue, Nov 21, 2017 at 7:04 PM
Subject: [Cryptography] Intel Management Engine pwnd (was: How to find
hidden/undocumented instructions
To: "Crypto (moderated) list" 


Oh joy...

Intel finds critical holes in secret Management Engine hidden in tons
of desktop, server chipsets
https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/

 By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53

Intel today admitted its Management Engine (ME), Server Platform
Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to
multiple worrying security flaws, based on the findings of external
security experts.

The firmware-level bugs allow logged-in administrators, and malicious
or hijacked high-privilege processes, to run code beneath the
operating system to spy on or meddle with the computer completely out
of sight of other users and admins. The holes can also be exploited by
network administrators, or people masquerading as admins, to remotely
infect machines with spyware and invisible rootkits, potentially.

Meanwhile, logged-in users, or malicious or commandeered applications,
can leverage the security weaknesses to extract confidential and
protected information from the computer's memory, potentially giving
miscreants sensitive data – such as passwords or cryptographic keys –
to kick off other attacks. This is especially bad news on servers and
other shared machines.

In short, a huge amount of Intel silicon is secretly running code that
is buggy and exploitable by attackers and malware to fully and
silently compromise computers. The processor chipsets affected by the
flaws are as follows:

6th, 7th and 8th Generation Intel Core processors
Intel Xeon E3-1200 v5 and v6 processors
Intel Xeon Scalable processors
Intel Xeon W processors
Intel Atom C3000 processors
Apollo Lake Intel Atom E3900 series
Apollo Lake Intel Pentiums
Celeron N and J series processors

Intel's Management Engine, at the heart of today's disclosures, is a
computer within your computer. It is Chipzilla's much maligned
coprocessor at the center of its vPro suite of features, and it is
present in various chip families. It has been assailed as a "backdoor"
– a term Intel emphatically rejects – and it is a mechanism targeted
by researchers at UK-based Positive Technologies, who are set to
reveal in detail new ways to exploit the ME next month.

The Management Engine is a barely documented black box. it has its own
CPU and its own operating system – recently, an x86 Quark core and
MINIX – that has complete control over the machine, and it functions
below and out of sight of the installed operating system and any
hypervisors or antivirus tools present.

It is designed to allow network administrators to remotely or locally
log into a server or workstation, and fix up any errors, reinstall the
OS, take over the desktop, and so on, which is handy if the box is so
messed up it can't even boot properly.

The ME runs closed-source remote-administration software to do this,
and this code contains bugs – like all programs – except these bugs
allow hackers to wield incredible power over a machine. The ME can be
potentially abused to install rootkits and other forms of spyware that
silently snoop on users, steal information, or tamper with files.

SPS is based on ME, and allows you to remotely configure Intel-powered
servers over the network. TXE is Intel's hardware authenticity
technology. Previously, the AMT suite of tools, again running on ME,
could be bypassed with an empty credential string.

Today, Intel has gone public with more issues in its firmware. It
revealed it "has identified several security vulnerabilities that
could potentially place impacted platforms at risk" following an audit
of its internal source code:

In response to issues identified by external researchers, Intel has
performed an in-depth comprehensive security review of our Intel
Management Engine (ME), Intel Server Platform Services (SPS), and
Intel Trusted Execution Engine (TXE) with the objective of enhancing
firmware resilience.

The flaws, according to Intel, could allow an attacker to impersonate
the ME, SPS or TXE mechanisms, thereby invalidating local security
features; "load and execute arbitrary code outside the visibility of
the user and operating system"; and crash affected systems. The
severity of the vulnerabilities is mitigated by the fact that most of
them require local access, either as an administrator or less
privileged user; the rest require you to access the management
features as an authenticated sysadmin.


___
The cryptography mailing list
cryptogra...@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

-- 
You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread awokd 
On Wed, November 22, 2017 11:58, max via qubes-users wrote:
> Den lørdag den 11. februar 2017 kl. 21.49.02 UTC+1 skrev James Young:
>> I am attempting to install Qubes from USB on a Lenvo Yoga Pro 2.  GUI is
>> not starting and only getting text message.  When selecting the install
>> option the screen only flashes and then returns to the menu
>>
>> Has anyone faced this issue before or have any suggestions?
>
> I just faced this issue, and tried every possible setting in BIOS to no
> avail. Did you find a solution?

Try legacy boot or burning to a DVD instead.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccbea05b1d6931c1ce25f549e3bd19b4%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]

2017-11-22 Thread awokd 
On Wed, November 22, 2017 07:24, Laurent wrote:
>
> Yes, I use an USB Ethernet adapter (USB type C):
> https://www.amazon.com/Dell-Dbqbcbc064-Adapter-Usb-C-Ethernet/dp/B01BQ8RU2U

USB devices are handled differently. See
https://www.qubes-os.org/doc/usb/. If you are only using the Ethernet
adapter occasionally, try doing a passthrough of it to your NetVM as
described towards the bottom of that link. If you need to use it all the
time, you could assign one of your USB controllers to the NetVM but note
each USB controller handles specific physical USB ports.

> I've the same issue with my hub USB (type C also) :
> (https://shop.hardware.fr/fiche/AR201511130055.html?gclid=EAIaIQobChMI_4bM8tHR1wIVdSjTCh2HWQSyEAQYASABEgLnqfD_BwE)
>
>
> My USB flash drive works fine when directly plugged on my laptop. When
> using my Hub, the same USB flash drive is not detected.
> Same for an external USB Disk Drive.

In dom0, try lsusb and qvm-usb to see if they are showing up anywhere.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c60cfd55e42c09479cbece25041d834%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] mount root.img files [solved]

2017-11-22 Thread Bernhard 

>  So I would like to "break in" the vm-template as dom0, and change
> that one line in /etc/pam.d/common-auth back. But how to mount the
> root.img file?
I answer my own question, since this is more easy & efficient than I
thought, and should help others in many cases!

(0) make sure template-vm is halted.
(1) as dom0 root:
  (a)   fdisk -l path-to-root.img
 Then read off the start sector of ...root.img3,  (say,
1000). Multiply that value with 512 (512000 in my example).
  (b) mount -o loop,offset=512000 path-to-root.img /mnt  
(change 512000 by your value)
  (c) modify bad config files
  (d) umount /mnt
(2) restart  template-vm

and we're back!  Bernhard


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb6ea5f3-73aa-b6e0-4d32-e3f2a11d8d4c%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread max via qubes-users 
Den lørdag den 11. februar 2017 kl. 21.49.02 UTC+1 skrev James Young:
> I am attempting to install Qubes from USB on a Lenvo Yoga Pro 2.  GUI is not 
> starting and only getting text message.  When selecting the install option 
> the screen only flashes and then returns to the menu
> 
> Has anyone faced this issue before or have any suggestions?

I just faced this issue, and tried every possible setting in BIOS to no avail. 
Did you find a solution?

Sincerely
Max

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a42024c9-c1f1-46ae-a1ae-f6a1d8db71c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread a . mcwheel 
Wow!
Just wow! I am really impressed!
Now I'm going to make such statistics for my country.

On November 22, 2017 6:50:36 PM UTC, Yuraeitha  wrote:
>On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu
>wrote:
>> Hi,my name is Knut von Walter.In order to progress in my
>understanding of Qubes OS, I am looking for members of the
>Qubes-community in Munich-Bavaria-Germany. Thank you. Best of best Knut
>von Walter
>
>If you look here, you can see how many people who use Qubes, based on
>unique IP addresses https://www.qubes-os.org/statistics/
>Only the Tor IP's may be more of the same people, so ignore those. In
>addition, people may update Qubes while out in the wild, i.e. while on
>company, school, or if using VPN on. Basically, it's a rough statistic
>regarding how many people use Qubes. 
>
>However, what the statistics does provide, is that no more than the
>maximum can exist. And this information is relevant to your question. 
>
>Currently there is probably some 25.000 Qubes users, probably less,
>given the laptops that move abouts and update on different non-Tor
>IP's. 
>
>It's probably not proper to take the German population, and devide by
>the world population, to find out the ratio, and transfer this ratio to
>the 25.000 Qubes users. This is because culture, and mouth to mouth
>recommendations, infrastructure like technical security universities,
>companies, etc. may spread Qubes in different and various populations
>across the world. 
>However its given that Germany is more focused on security than some
>other western countries out there, so the ratio may be a bit higher
>than the average world ratio. 
>
>Lets crack some numbers. Data is just roughly accurate, give or take
>some millions or source update delays, wiki use controversy, etc.. But
>it should be accurate enough to get a useful conclusion. We're not
>trying to split hairs after all.
>
>- Data -
>"The world population was estimated to have reached 7.6 billion as of
>October 2017" https://en.wikipedia.org/wiki/World_population
>
>Germany Population 2017: 82,155,210
>http://worldpopulationreview.com/countries/germany-population/
>
>Munich 1,330,440
>Same link source as German population, just scroll down.
>
>Qubes users: ~ 25.000 
>https://www.qubes-os.org/statistics/
>
>- Analysis -  
>Step 1,A)
>82M German pop. divided by 7.600M world pop. = 0,0107 (or 1,07 %).
>
>Step 1,B)
>1,330M Munich pop. divided by 7.600M world pop. = 0,000175 (or 0,0175
>%).
>
> 
>
>Step 2,A) 
>25.000 Qubes users multiplied by German/world population ratio 0,0107 =
>267,5 German Qubes users. 
>
>Step 2,B) 
>25.000 Qubes users multiplied by Munich/world population ratio 0,000175
>= 4,3 Munich Qubes users. 
>
>
>- Conclusion - 
>This means, in a perfect square, evenly distributed scenario, there are
>at average some 267,5 Qubes users in all of Germany, and some 4,3 Qubes
>users in Munich specifically. However, keep in mind, this is evenly
>distributed. Other factors, such as culture, universities, companies,
>mouth to mouth, and so on, may change how even the distribution is. As
>such, you may for example be the only one in Munich to use Qubes, or
>perhaps, there are 10 others besides you in Munich. Similar, there may
>be 500 in German, or maybe only 10 QUbes users in Germany. 
>
>- Perspective, a small extra study - 
>However, we can make a logical deduction from our little inductive
>research above. Deductively, we can assume that because Germans are
>subjectively known t be more keen on security and privacy than some
>other western countries, or most countries in the world. And because
>Germany is one of the leading country in some technologies and science.
>It's not unlikely to think that Germany might have a somewhat higher
>distribution of Qubes users, compared to elsewhere. 
>
>For example, it may be assumed that Germany then have 300? or maybe
>700? Qubes users (up from 267,5), it's a wild guess. At this point, it
>becomes calculated guess-work. But you can still estimate the
>likelihood of how likely your guess is.
>
>However, keep in mind, a slightly bigger likelihood of more Qubes users
>in Germany, does not translate into many more Qubes users in Munich.
>Germany is about 88 times bigger in population than Munich is, so for
>every 88 extra Qubes user in Germany, there is only 1 extra in Munich,
>if evenly distributed. However, if you got universities, privacy
>advocated companies, or just plain lucky to have people interested in
>Qubes to spread mouth to mouth in Munich or near Munich, then Munich
>may have a bigger ratio as well. 
>
>So, your take away, considering so few of the 25.000 Qubes users
>actually post on these e-mail thread / forums, it can be "assumed" that
>some just read without posting or rarely posting. However, many more
>likely don't read these e-mail thread / forums much or at all. This is
>without considering there are other Qubes platforms too, like the
>Reddit one.
>
>In other words,

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread beso 
On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote:
> On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote:
> > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 
> > > > > > > > > wrote:
> > > > > > > > > > Hello Beso,
> > > > > > > > > > 
> > > > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > > > NetworkManager Applet. 
> > > > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > > > connection but it keeps connecting 
> > > > > > > > > > > and nothing else
> > > > > > > > > > 
> > > > > > > > > >  I am using mobile broadband within Qubes and am happy to 
> > > > > > > > > > help, but honestly your question/problem is to unqualified. 
> > > > > > > > > > 
> > > > > > > > > > - what version of Qubes are you running?
> > > > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > > > - how is the broadband card connected? Probably as an 
> > > > > > > > > > internal USB device. 
> > > > > > > > > > - are you using sys-usb to connect the card to your sys-net 
> > > > > > > > > > VM? Or are you passing through the whole USB controller?
> > > > > > > > > > - have you tried to boot up a Fedora live Linux and check 
> > > > > > > > > > if your mobile broadband is working there?
> > > > > > > > > > - what does "keeps connecting" means?
> > > > > > > > > > 
> > > > > > > > > > My suggestion:
> > > > > > > > > > Try to get the mobile broadband card working without Qubes 
> > > > > > > > > > (Linux Live Boot from USB-Stick).
> > > > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > > > 
> > > > > > > > > > [799]
> > > > > > > > > 
> > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > > > > - do I have to attach it somewhere?
> > > > > > > > > - As I mentioned I can create new broadband connection and 
> > > > > > > > > even select it from applet menu but it keeps 
> > > > > > > > > connecting(applet shows "circles" as trying connect).
> > > > > > > > > I am trying to make screenshot if it helps
> > > > > > > 
> > > > > > > PS.
> > > > > > > [user@sys-net ~]$ ifconfig
> > > > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > > device interrupt 26  memory 0xe120-e122  
> > > > > > > 
> > > > > > > lo: flags=73  mtu 65536
> > > > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > > 
> > > > > > > vif2.0: flags=4163  mtu 1500
> > > > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 
> > > > > > > 0.0.0.0
> > > > > > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 
> > > > > > > 0x20
> > > > > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > > > 
> > > > > > > wlp0s2: flags=4163  mtu 1500
> > > > > > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > > > > > 192.168.43.255
> > > > > > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 
> > > > > > > 0x20
> > > > > > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > > > > > RX packets 238240  bytes 225553537 (215.1 MiB)

[qubes-users] How To Replace Libvirt Drivers

2017-11-22 Thread Person 
I have Qubes 3.2, and whenever I try to create HVM domains, libvirt fails to 
create them.

Is there any way to replace libvirt drivers? If so, what drivers would you 
recommend using?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb32b98c-fa0c-4a90-bc4f-6a387a7df532%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread taii...@gmx.com 

On 11/22/2017 11:26 PM, Yuraeitha wrote:


oh btw Tai, I realized I missed your AMD line comment.
I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD 
looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they 
could for starters try stop appearing so... well.. "evil" or needlessly and overly 
"greedy" beyond reason.
If you really need a *brand new* x86-64 CPU then yes AMD is a better 
company, a few thousand people on reddit was enough to get executive 
level attention about PSP and they somewhat entertained the idea of 
providing a way to truly disable it or offer CPU's without it - not that 
they did but even google can't get intels attention like that.
For now however a Socket G34 6328/6386SE is more than good enough for 
just about anything.


AMD is a much smaller company with a much smaller market share.

So I'm not saying AMD is any better, it's just that AMD can be used, like a 
tool, to fuck Intel up enough, to force Intel's hand to do something good 
(hopefully). Question is, will enough people do it, in orcer to force Intel's 
hand. And if enough do it, then its probably not for this reason. But 
nontheless, whatever little helps to send Intel a clear signal that they need 
to behave to regain any love.
Intel is too big of a company for anyone to make an impact short of a 
nation state deciding to no longer buy their products for its 
governmental computers which would actually be a really smart idea 
(however none have done so)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d814f3e5-6080-6b4d-5801-ae73a9dc2059%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread taii...@gmx.com 

On 11/22/2017 10:11 PM, Yuraeitha wrote:


Nice! I did not know about TALOS, seems really interesting. I had kinda lost 
any hope for POWER CPU's since IBM are such big slackers when it comes to 
getting POWER marketed or supporting motherboard developers in the mass 
markets. The way I understand it, it's significantly easier to make 
motherboards, compared to making CPU's, and existing RAM technology can be 
used. So it was a bit mind-boggling for me that no one went ahead and made 
POWER motherboards. Not enough interest by the people at least capable of 
making motherboards, I guess? or my understanding of it falls short perhaps.
Actually a lot of companies made POWER 8 motherboards you just didn't 
hear about it (as they aren't mass market)
POWER 9 is a lot more accessible so there will be many more partners, as 
more components are now on the CPU die it is cheaper to make 
motherboards (which is also why TALOS 2 is a reality) and thus more will 
be made.


Look up the OpenPOWER foundation, despite all the really bad things they 
have done in the past IBM is making many strides for computing freedom. 
What other company releases this level of information on their CPU's? 
their hardware? lets you fix your own microcode and gives you the 
documentation to teach yourself how to do so?

But either way, TALOS is really good news. Though its a bit sad that its so 
pricy and only for desktops.
The price is average for hardware in its performance class, like I said 
there are many lower priced (and lower performance) options but now we 
are lucky enough to have one in the very high performance sphere.

Especially as mobile devices are becoming so powerful, that desktops are less 
relevant for most normal people these days. It makes the desktop market 
smaller, and TALOS even harder to sell to normal people and thereby probably 
also less likely to drop in price then too. And as a result, much less likely 
to come to laptops as well then. Unless something changes? Seems like an evil 
unbreakable circle, unless a shortcut is being cut out somewhere.
TALOS 2 isn't meant for "normal people" - even I would be hard pressed 
to use the full capabilities of even the lower end POWER9 CPU's to the 
point where I would really be getting my moneys worth.


The market segment is the small corporation concerned about IP theft 
that wants high performance secure computing and may already be using 
POWER systems, not grandma and not even you or me but I will however be 
purchasing one once I find full time employment again as I believe in 
the cause and I want to support them.
It is the first time one can get a free firmware system off the shelf 
with the latest and greatest technology, no matter the cost they have 
truly done something special here.

For one, the price is waay to high for most regular people.
What hopes do we have for cheaper hardware, made available for the more popular 
devices (like laptops and phones), I wonder.
You already have cheaper/slower hardware, such as the KCMA-D8 and 
KGPE-D16 (libre firmware ports and OpenBMC ports made by the same 
company) or the open source init G505S laptop.
You can make a libre firmware workstation that can play the latest games 
in a VM for $500 total.


In the case of TALOS 2 it fills the gap in the ultra high performance 
category, where as the D8 and D16 are the low-medium performance category.

It's so frustrating, getting hopes, but at the same time, just enough out of 
reach, dangling there like a carrot on a stick, laughing at you. Frustrating...

also, lmao, indeed, the claims and lack of results to show for, are gonna make 
purism a laughing stock for years to come. Maybe if they involved the open 
source community and got a huge backing with a single voice, but instead, many 
open source people got offended by their overestimated claims. The irony...
They still refuse to take the input of the community in to account, but 
constantly attack people like me who give them the constructive 
criticism they deserve - they say "oh we are doing our best to free ME" 
aka waiting and hoping someone else will do so. They have no hardware 
engineers on staff so no one to tell them how impossible and pointless 
that is.


The only thing they are good at is marketing, it is truly incredible the 
amount of spin and slick lingo they have on their website - hell there 
are even paid shills on various mailinglists who attack me and others on 
a regular basis.


They have easily made a libre laptop via either the AMD FT3 mobile 
platform (high end when they released their second laptop) or hell even 
a KCMA-D8 in a custom fab case with a custom battery, keyboard, etc and 
a 35W 8 core CPU - heavy? sure free? definitely.


On the coreboot website it says that you can't have free firmware for 
the latest and greatest x86-64 stuff due to the level of churn, but they 
still don't listen and refuse to change course and admit they made bad 
choices.


Even leah rowe made right

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread taii...@gmx.com 

On 11/22/2017 11:46 PM, Yuraeitha wrote:


So for example, there is no issue buying a motherboard (and cleaning it up), 
with an intel NIC, just as long you do not use the nic, right? I mean, it 
cannot execute commands inwards to the motherboard, but only whatever passes 
through the NIC when its in use?

Why would you buy one when there are so many alternatives?

So if for example inserting a more trusted PCI nic card, and just ignoring the 
intel nic, it should be no problem?
Not how it works, intel nic or not you have the same level of security 
once you use me_cleaner - additionally the non LOM series intel nic 
ASIC's lack the ME ability irregardless and one can also modify the LOM 
series firmware to remove that ability.


The whole "oh you are fine from hypothetical nation state backdoors if 
you use a non-intel nic" rumor was started by purism - it is absolutely 
false. If such a backdoor existed they surely would have thought of that 
already - there are a variety of methods to communicate and control with 
a PCI-e networking device without having drivers for each and every NIC 
on the market.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e7aed35-51e8-36fd-f075-f765ee20e3f4%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 4.x Recommendations for Processor/Laptop

2017-11-22 Thread taii...@gmx.com 

On 11/23/2017 12:01 AM, LE wrote:


I am looking to make my next laptop purchase, and I would like to avoid the 
vulnerability associated with ME and PSP. Some have recommended an old 
early-2013 Lenovo (G505S) running coreboot, but if possible I would prefer a 
newer laptop and processor.
That is the last and best owner controlled open source init firmware no 
PSP/ME x86-64 laptop made, there are no other newer choices (purism is a 
scam[1])

It has a 4 core CPU, 16GB max RAM - this should be more than enough.

Any recommendations (processor most importantly, but the more details of what 
you have tried/recommend with 4.x the better) particularly for those who are 
working with rc2 who have a good sense of what will work best.

My first priority is security and anonymity, followed by performance (since I 
will be using this for work as well). Cost is third (but subject to reasonable 
limits—preferably below $1700 but if it’s worth it I could do more).
What exactly are you doing? if you provide that info we can more 
adequately help you.
There are ways to enhance performance of slightly older laptops such as 
using an eGPU.


Btw I offer free personal tech support for owners of libre hardware.

[1]https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/28ee0ab6-3f95-3cce-939d-c89f8294b5db%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd

2017-11-22 Thread Yuraeitha 
On Thursday, November 23, 2017 at 4:34:07 AM UTC, tai...@gmx.com wrote:
> On 11/22/2017 10:54 PM, jkitt wrote:
> 
> > On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> >>  From a crypto list, seemed relevant here.
> >> .
> >> Oh joy...
> >>
> >> Intel finds critical holes in secret Management Engine hidden in tons
> >> of desktop, server chipsets
> >> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> >> .
> > So I have my ME "turned off", and I understand off never means off, but can 
> > it still be remotely exploited? I'm using a wireless NIC.
> If you use me_cleaner as of now there are no *public* exploits that 
> allow for that, although I wouldn't be using an intel wireless NIC as I 
> am sure they have some unpublished extra ME features besides the vPro 
> ones that are documented.

So for example, there is no issue buying a motherboard (and cleaning it up), 
with an intel NIC, just as long you do not use the nic, right? I mean, it 
cannot execute commands inwards to the motherboard, but only whatever passes 
through the NIC when its in use? 

So if for example inserting a more trusted PCI nic card, and just ignoring the 
intel nic, it should be no problem?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66789f67-31bd-4482-b938-4dc38fe15996%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: download new fedora-26

2017-11-22 Thread Roy Bernat 
On Wednesday, 22 November 2017 11:11:17 UTC-5, Roy Bernat  wrote:
> Hi 
> 
> i am trying to download fedora-26 but with no success . 
> 
> i succeeded a month ago but now i am getting nothing . 
> 
> any suggestions ? 
> 
> R

Thank for all answers . 

i am using qubes4.0 and i used to download the template using 

 Qubes-dom0-update command . 

manually download i tried to use wget but there is no wget availble in dom 0 . 

R

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c29e85b-7551-44f5-820f-fae637372f43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 4.x Recommendations for Processor/Laptop

2017-11-22 Thread LE 
I am looking to make my next laptop purchase, and I would like to avoid the 
vulnerability associated with ME and PSP. Some have recommended an old 
early-2013 Lenovo (G505S) running coreboot, but if possible I would prefer a 
newer laptop and processor.

Any recommendations (processor most importantly, but the more details of what 
you have tried/recommend with 4.x the better) particularly for those who are 
working with rc2 who have a good sense of what will work best. 

My first priority is security and anonymity, followed by performance (since I 
will be using this for work as well). Cost is third (but subject to reasonable 
limits—preferably below $1700 but if it’s worth it I could do more).

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e9040ff-86e7-4402-bab8-01ea51215249%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes 4.0rc2 - debian appvm fails with qrexec-daemon message

2017-11-22 Thread Yuraeitha 
On Monday, November 20, 2017 at 12:14:16 PM UTC, Bernhard wrote:
> Hello,
> with your nice help I happily installed Q4.0rc2.  Then I created a bunch
> of debian-8 based appvm's, to copy my data back from the backup. But
> they don't start, finishing with "Cannot execute qrexec-daemon" error. I
> hate that error : no clue where it comes from.   Any hints? Thank you!
> Bernhard
> 
> 
> P.S: First, I thought that this is the annoying but harmless
> "after-tempate-change-xfce-menu-messy"  bug (which forces to go to VM
> settings, remove all Applications, save, go there again, put them back &
> save again to get all symlinks right). But the problem is somewhere else.

I did not read through the link due to short of time atm, but here are some 
suggestions nontheless, as I've encountered similar issues once in Qubes 4.

- Make sure all your VM's are running in HVM mode, in particular if your system 
cannot run in PV mode. Paradoxially, some systems run PV mode just fine in 
Qubes 3.2., but PV stops working in Qubes 4. It doesnt matter anyhow, since HVM 
is the desired mode for now. So just make sure the VM is in HVM. Verify if 
"qvm-prefs VM-name virt_mode" is giving back PV or HVM. Try change it to HVM if 
it rapport back PV.

- Don't use any Qubes 3.2 templates, as they should not have the same Qubes 
tools code in them. 

- Some AppVM's restored from Qubes 3.2. has in my experience been sluggish, 
laggy, and slow. I moved my data, bookmarks, thunderbird profile folder, etc. 
in traditional Linux backup sense, over to a new fresh Qubes 4  AppVM. It 
solved any lag I had, except, sometimes firefox was a bit laggy with 10 or so 
tabs, whereas before I could easily have 40 tabs open. The firefox browser 
update happened around same time, so not sure wihch was the cause. But cleaning 
old firefox data did not fix it, however a clean AppVM did fix it. The issue 
also extened outside firefox to other applications. 

- If you cannot start an AppVM that you restored from the backup, assuming you 
still have the backup available in case anything goes wrong, then try change 
the Debian AppVM to a Fedora AppVM. Then see if you can trasfer your files out 
of the broken AppVM, either via Qubes tools, or passtrough an USB pen/drive and 
transfer it this way. Just be careful, I've been having issues where I was 
unable to disconnect my USB drive from within the old Qubes 3.2. AppVM, when I 
tried to salvage my data from it. Luckily it only caused damage to the last 
file from multiple of different transactions. In case you want to avoid this 
issue, it may be possible to do an extra transfer, with something pointless you 
dont mind loosing, just in case the last transfer made is destroyed when trying 
to disconnect the USB drive. USB works just fine in Qubes 4 AppVM's though, at 
least, that's my experience with it for now. 

Hopefully you don't encounter the worst issues. At least I feel stable on Qubes 
4 now, but its been a bit turbulent. Hopefully you'll be fine too.



Also, is it just me, or does Qubes 4 seem bloody fast in some areas after 
recent updates? Like shutting down VM's for example, it happens almost 
instantly, and various of other places that it seems much faster than Qubes 
3.2. Perhaps its just my mind playing with me. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d023980-f2d9-47d1-bb18-b51d8f1aeff8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread awokd 
On Wed, November 22, 2017 13:57, 'Max' via qubes-users wrote:
> Hi awokd,
>
> Thank you for your response. I have tried to reset BIOS, deselect UEFI /
> select legacy, but other errors come up. Missing hardware support VT-d,
> etc, and Interrupt Remapping, so it would be perfect if setup succeeded
> with another user, using this specific laptop.

Legacy/UEFI boot mode should not affect processor features. Check to see
if there's a newer BIOS available for your laptop? If there is, it might
help with the installer too.

Unfortunately, Xen issues with UEFI are pretty common. Search this mailing
list for "EFI 4.0" (or maybe "Lenovo EFI 4.0" in your case). You could
also look at https://www.qubes-os.org/doc/uefi-troubleshooting/ but it
might be more 3.2 specific. I've managed to work around UEFI issues on a
Lenovo before by booting Refind from a USB key, then the installer from
that. Sorry I don't have a silver bullet!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9f7811ce4fd30efd9ff650bed25dd82%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread 'Max' via qubes-users 

Hi awokd,

Thank you for your response. I have tried to reset BIOS, deselect UEFI / 
select legacy, but other errors come up. Missing hardware support VT-d, 
etc, and Interrupt Remapping, so it would be perfect if setup succeeded 
with another user, using this specific laptop.


The Lenovo Yoga 2 Pro has no DVD, so I hoped the USB would suffice. I 
might test this further with 3.2.


Thank you again for your reply. I've pasted screenshots here, if 
something stares you in the face :):


https://pasteboard.co/GUPAgPV.png
https://pasteboard.co/GUPAx1x.png
https://pasteboard.co/GUPAKm1.png

Sincerely

Max


On 11/22/2017 01:21 PM, awokd wrote:

On Wed, November 22, 2017 11:58, max via qubes-users wrote:

Den lørdag den 11. februar 2017 kl. 21.49.02 UTC+1 skrev James Young:

I am attempting to install Qubes from USB on a Lenvo Yoga Pro 2.  GUI is
not starting and only getting text message.  When selecting the install
option the screen only flashes and then returns to the menu

Has anyone faced this issue before or have any suggestions?

I just faced this issue, and tried every possible setting in BIOS to no
avail. Did you find a solution?

Try legacy boot or burning to a DVD instead.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87cbea83-ac80-45b7-4191-5375ad27ef2a%40militant.dk.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?

2017-11-22 Thread velcro 
Ahhh...space bar! I think I tried every key except the biggest oneit worked!

All working...thank you both and thank you to all who have made this OSS 
package possible!

Probably going to try a fresh install again and start from scratch just to make 
sure. My only concern is I have Firefox ESR however I suspect it might be do to 
the order I originally updated the software.

Thanks again...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d328f38c-a621-4861-ab5a-faac1945e1a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread info 
Hi,my name is Knut von Walter.In order to progress in my understanding of Qubes 
OS, I am looking for members of the Qubes-community in Munich-Bavaria-Germany. 
Thank you. Best of best Knut von Walter

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea17e1b6-c897-4036-a030-646868f03c47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Failed to load Kernel Modules

2017-11-22 Thread haaber 
This is the first line while booting. So I checked  systemctl status
systemd-modules-load.service that says the below. I see no errors .. all
OK then??

Thank you, Bernhard

[me @dom0 ]

  systemd-modules-load.service - Load Kernel Modules
   Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service;
static; vendor preset: disabled)
   Active: active (exited) since Wed 2017-11-22 10:30:29 EST; 2min 35s ago
 Docs: man:systemd-modules-load.service(8)
   man:modules-load.d(5)
  Process: 1299 ExecStart=/usr/lib/systemd/systemd-modules-load
(code=exited, status=0/SUCCESS)
 Main PID: 1299 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4915)
   CGroup: /system.slice/systemd-modules-load.service

Nov 22 10:30:29 dom0 systemd-modules-load[1299]: Inserted module 'uinput'
Nov 22 10:30:29 dom0 systemd-modules-load[1299]: Module 'xen_evtchn' is
builtin
Nov 22 10:30:29 dom0 systemd[1]: Started Load Kernel Modules.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/780717b0-d11a-7373-b249-9bdda5f12650%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread beso 
On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > > Hello Beso,
> > > 
> > > > Mobile Broadband is enabled in 
> > > > NetworkManager Applet. 
> > > > I can create new Mobile Broadband 
> > > > connection but it keeps connecting 
> > > > and nothing else
> > > 
> > >  I am using mobile broadband within Qubes and am happy to help, but 
> > > honestly your question/problem is to unqualified. 
> > > 
> > > - what version of Qubes are you running?
> > > - what modell of mobile broadband card are you using? 
> > > - how is the broadband card connected? Probably as an internal USB 
> > > device. 
> > > - are you using sys-usb to connect the card to your sys-net VM? Or are 
> > > you passing through the whole USB controller?
> > > - have you tried to boot up a Fedora live Linux and check if your mobile 
> > > broadband is working there?
> > > - what does "keeps connecting" means?
> > > 
> > > My suggestion:
> > > Try to get the mobile broadband card working without Qubes (Linux Live 
> > > Boot from USB-Stick).
> > > If you got it working try to make it work in Qubes.
> > > 
> > > [799]
> > 
> > - Laptop is ThinkPad X1 Carbon 4th gen.
> > - Qubes release 3.2(R3.2)
> > - Previous linux distros worked (ubuntu 16.04)
> > - from qvm-usb I can see that card is: Sierra Wireless Incorporated Sierra 
> > Wireless EM7455 Qualcomm Snapdragon X7
> > - do I have to attach it somewhere?
> > - As I mentioned I can create new broadband connection and even select it 
> > from applet menu but it keeps connecting(applet shows "circles" as trying 
> > connect).
> > I am trying to make screenshot if it helps

PS.
[user@sys-net ~]$ ifconfig
enp0s1f6: flags=4099  mtu 1500
ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
RX packets 0  bytes 0 (0.0 B)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 0  bytes 0 (0.0 B)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
device interrupt 26  memory 0xe120-e122  

lo: flags=73  mtu 65536
inet 127.0.0.1  netmask 255.0.0.0
inet6 ::1  prefixlen 128  scopeid 0x10
loop  txqueuelen 1  (Local Loopback)
RX packets 636  bytes 74412 (72.6 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 636  bytes 74412 (72.6 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vif2.0: flags=4163  mtu 1500
inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
inet6 fe80::fcff::feff:  prefixlen 64  scopeid 0x20
ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
RX packets 102007  bytes 32168371 (30.6 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 228493  bytes 219299357 (209.1 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp0s2: flags=4163  mtu 1500
inet 192.168.43.181  netmask 255.255.255.0  broadcast 192.168.43.255
inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 0x20
ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
RX packets 238240  bytes 225553537 (215.1 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 108834  bytes 37072683 (35.3 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8bb90d02-af3c-4b14-aef9-f2ca7440089d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] mount root.img files

2017-11-22 Thread Chris Laprise 

On 11/22/2017 05:02 AM, Bernhard wrote:

Hello,

I brought myself in trouble, when I (badly) followed the vm-sudo
instructions : as non-root, I modified (using each time sudo) the file
/etc/pam.d/common-auth in debian-8.
Now, at the follwoing steps I would need to sudo again - but the process
is blocked (saying 3 times bad password), since the new VMAuth is (only)
partially set up.

- Of course, qubes-revert command for template vm does not exist in Q4,
that would be too easy.
- Actually, reinstalling debian-8-template fails as well, since there
seems no package named qubes-template-debian-8 in contrast with the
qubes documentation
-  So I would like to "break in" the vm-template as dom0, and change
that one line in /etc/pam.d/common-auth back. But how to mount the
root.img file? I tried a losetup & mount approach, but the file is
non-mountable. I have not found any documentation either.

So I ask in despair for some help. Bernhard



Glad you recovered OK. The best way to execute the vm-sudo instructions 
is to switch to root user first with 'sudo su'. Notice that all the 
shell prompts in the document are '[root@vmname]#'.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba7dc737-ae49-f864-2605-e0734ee1580e%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] download new fedora-26

2017-11-22 Thread Roy Bernat 
Hi 

i am trying to download fedora-26 but with no success . 

i succeeded a month ago but now i am getting nothing . 

any suggestions ? 

R 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e9cc977-f5d7-4bbb-9ad6-ab7cde0eb6ce%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] mount root.img files

2017-11-22 Thread Chris Laprise 

On 11/22/2017 10:01 AM, Chris Laprise wrote:


Glad you recovered OK. The best way to execute the vm-sudo 
instructions is to switch to root user first with 'sudo su'. Notice 
that all the shell prompts in the document are '[root@vmname]#'.




BTW I have a project Qubes-VM-hardening that uses vm-sudo configuration 
to leverage template-based security. Its an added layer of protection 
against malware persistence.


The master branch currently only deals with user init scripts, but the 
systemd branch has some more interesting things in development, like 
white-listing.


https://github.com/tasket/Qubes-VM-hardening

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/881ca94d-5ad9-23f2-5516-40dfa2a5de65%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

2017-11-22 Thread fepitre 
Le mercredi 22 novembre 2017 18:31:29 UTC+1, Foppe de Haan a écrit :
> Now that 4.14's reached stable, does anyone plan to test it soon (or have an 
> idea when they'll have time to do so)? Since 4.13 wasn't stable 'by default' 
> in qubes, I would assume 4.14 won't be either, but although I'll certainly 
> give it a go, I'm fairly sure I am not the best person to try to figure out 
> what's wrong when I run into trouble. :)

I started to update patches etc and I should test it this tomorrow or this 
week-end (depending on the time I have :) ). By the way, the latest kernel4.13 
is "more stable" with my Ryzen but I still experiment random crashes...So I 
will give you a feedback soon for 4.14.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6807d188-7fa8-4d2a-bb3d-f7f582a84b99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HOWTO: Compiling Kernels for dom0

2017-11-22 Thread Foppe de Haan 
Now that 4.14's reached stable, does anyone plan to test it soon (or have an 
idea when they'll have time to do so)? Since 4.13 wasn't stable 'by default' in 
qubes, I would assume 4.14 won't be either, but although I'll certainly give it 
a go, I'm fairly sure I am not the best person to try to figure out what's 
wrong when I run into trouble. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5322447a-5335-472c-8298-a0d2828a5acf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 7:09:27 PM UTC, m...@militant.dk wrote:
> Hello again,
> 
> I tried to ignore the "Missing hardware support" error and found this to 
> be a possible similar issue with wrongful detection (Since my BIOS shows 
> vanderpool support):
> https://github.com/QubesOS/qubes-issues/issues/3208
> 
> It seems the installer accepted my configuration and the system gets 
> installed(?).
> 
> My issue is now that the menu looks nothing like version 3, and I have 
> no qubes related that works. I have "Qubes Global Settings", that fails. 
> I cannot update dom0, and gets an error.
> 
> I've uploaded screenshot at imgur, and any help will be appreciated: 
> https://i.imgur.com/Te3bH9I.png
> 
> Sincerely
> Max
> 
> On 11/22/2017 03:46 PM, awokd wrote:
> 
> > On Wed, November 22, 2017 13:57, 'Max' via qubes-users wrote:
> > 
> >> Hi awokd,
> >> 
> >> Thank you for your response. I have tried to reset BIOS, deselect UEFI 
> >> /
> >> select legacy, but other errors come up. Missing hardware support 
> >> VT-d,
> >> etc, and Interrupt Remapping, so it would be perfect if setup 
> >> succeeded
> >> with another user, using this specific laptop.
> > 
> > Legacy/UEFI boot mode should not affect processor features. Check to 
> > see
> > if there's a newer BIOS available for your laptop? If there is, it 
> > might
> > help with the installer too.
> > 
> > Unfortunately, Xen issues with UEFI are pretty common. Search this 
> > mailing
> > list for "EFI 4.0" (or maybe "Lenovo EFI 4.0" in your case). You could
> > also look at https://www.qubes-os.org/doc/uefi-troubleshooting/ but it
> > might be more 3.2 specific. I've managed to work around UEFI issues on 
> > a
> > Lenovo before by booting Refind from a USB key, then the installer from
> > that. Sorry I don't have a silver bullet!

I can see from your screenshot that you're trying to install Qubes 4, and you 
commented that you have no VT-D. You mayde sure its not just disabled?

Write "lscpu" in your dom0 terminal, and find the CPU processor name. Then you 
can yourself, or put the name here and we can do it for you, quickly check if 
your CPU supports VT-D or not. 

Qubes 4 is much more strict towards missing hardware support than Qubes 3.2. 
Specifically the security/privacy hardware support features. Qubes is meant to 
be about security, by making it only install on security enabling hardware, 
falls within reasonable so that no one install Qubes on unsafe hardware, and 
thereby falsely believe to be "safe". 

The most dangerous kind of lack of security around, is ironically not technical 
of nature. The most dangerous one, is the attitude, or belief, that you're 
safe, when you in fact are not. Think of it like ancient humans sleeping on the 
havana, and lions sneak around in the grass. Because you're not on watch, i.e. 
build a house or barricaded a cave entrance, then you'll likely die pretty darn 
fast. The same applies to Qubes, this move, in my view, is the developers 
kindly pushing us all to buy VT-D (and similar) security enabling hardware. 

However, you can probably still install Qubes 3.3 and sleep on the hanava just 
fine. The type of attacks that affect you, are rare enough, to justify Qubes 
3.2. on a no VT-D (or similar tech) machine. And it's more likely to work on a 
non VT-D machine, than Qubes 4 which require VT-D instead of just recommending 
it.

Also Qubes 3.2. should be updated for a while yet, 
https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ca72ac9-12df-4ef9-8a08-6f39d5b2d429%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu wrote:
> Hi,my name is Knut von Walter.In order to progress in my understanding of 
> Qubes OS, I am looking for members of the Qubes-community in 
> Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter

Based on all that, I'd rather recommend you extend your invitation to the 
entirety of Germany. There are evenly distributed, without other factors, 
expected to be 276,5 Qubes users in all of Germany. You're far more likely to 
find fellow Germans here, than fellow people from Munich. 

You could even extend it to nearby countries to Germany, if you make an event, 
some are likely to travel further. 

Also keeping in mind that many Qubes users are privacy minded, or may not enjoy 
the idea of meeting strangers. The more people you invite, the more are likely 
to come. 

Organize an event, it can even be small and without investment in the 
beginning, like ask people to donate a little for a meeting room for a few 
days, and then wait for the event and everyone to arrive.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25c5710f-c81b-4695-8ebe-3ba24d569632%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread max via qubes-users 

Hello again,

I tried to ignore the "Missing hardware support" error and found this to 
be a possible similar issue with wrongful detection (Since my BIOS shows 
vanderpool support):

https://github.com/QubesOS/qubes-issues/issues/3208

It seems the installer accepted my configuration and the system gets 
installed(?).


My issue is now that the menu looks nothing like version 3, and I have 
no qubes related that works. I have "Qubes Global Settings", that fails. 
I cannot update dom0, and gets an error.


I've uploaded screenshot at imgur, and any help will be appreciated: 
https://i.imgur.com/Te3bH9I.png


Sincerely
Max

On 11/22/2017 03:46 PM, awokd wrote:


On Wed, November 22, 2017 13:57, 'Max' via qubes-users wrote:


Hi awokd,

Thank you for your response. I have tried to reset BIOS, deselect UEFI 
/
select legacy, but other errors come up. Missing hardware support 
VT-d,
etc, and Interrupt Remapping, so it would be perfect if setup 
succeeded

with another user, using this specific laptop.


Legacy/UEFI boot mode should not affect processor features. Check to 
see
if there's a newer BIOS available for your laptop? If there is, it 
might

help with the installer too.

Unfortunately, Xen issues with UEFI are pretty common. Search this 
mailing

list for "EFI 4.0" (or maybe "Lenovo EFI 4.0" in your case). You could
also look at https://www.qubes-os.org/doc/uefi-troubleshooting/ but it
might be more 3.2 specific. I've managed to work around UEFI issues on 
a

Lenovo before by booting Refind from a USB key, then the installer from
that. Sorry I don't have a silver bullet!


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a37fa62-7ff0-5166-cde9-ab9f6c5953c2%40militant.dk.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] https://www.intel.com/.../nuc6i3syk.html says NO TPM yesterday and earlier but today TPM = 1.00

2017-11-22 Thread squeaklist 
https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc6i3syk.html

Today i am accessing qubes-users mailing lists 
( that is the only difference between today and yesterday )
and now this
webpage now says it has TPM = 1.00

so this sounds like webpage defacing might be going on
so what could this mean?
somebody doesn't want me to use Qubes OS?
am i infected with something?
how does defacing work?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b47b2258-5609-4fa6-8f28-ffbdfb22a06e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu wrote:
> Hi,my name is Knut von Walter.In order to progress in my understanding of 
> Qubes OS, I am looking for members of the Qubes-community in 
> Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter

If you look here, you can see how many people who use Qubes, based on unique IP 
addresses https://www.qubes-os.org/statistics/
Only the Tor IP's may be more of the same people, so ignore those. In addition, 
people may update Qubes while out in the wild, i.e. while on company, school, 
or if using VPN on. Basically, it's a rough statistic regarding how many people 
use Qubes. 

However, what the statistics does provide, is that no more than the maximum can 
exist. And this information is relevant to your question. 

Currently there is probably some 25.000 Qubes users, probably less, given the 
laptops that move abouts and update on different non-Tor IP's. 

It's probably not proper to take the German population, and devide by the world 
population, to find out the ratio, and transfer this ratio to the 25.000 Qubes 
users. This is because culture, and mouth to mouth recommendations, 
infrastructure like technical security universities, companies, etc. may spread 
Qubes in different and various populations across the world. 
However its given that Germany is more focused on security than some other 
western countries out there, so the ratio may be a bit higher than the average 
world ratio. 

Lets crack some numbers. Data is just roughly accurate, give or take some 
millions or source update delays, wiki use controversy, etc.. But it should be 
accurate enough to get a useful conclusion. We're not trying to split hairs 
after all.

- Data -
"The world population was estimated to have reached 7.6 billion as of October 
2017" https://en.wikipedia.org/wiki/World_population

Germany Population 2017: 82,155,210
http://worldpopulationreview.com/countries/germany-population/

Munich  1,330,440
Same link source as German population, just scroll down.

Qubes users: ~ 25.000 
https://www.qubes-os.org/statistics/

- Analysis -  
Step 1,A)
82M German pop. divided by 7.600M world pop. = 0,0107 (or 1,07 %).

Step 1,B)
1,330M Munich pop. divided by 7.600M world pop. = 0,000175 (or 0,0175 %).

 

Step 2,A) 
25.000 Qubes users multiplied by German/world population ratio 0,0107 = 267,5 
German Qubes users. 

Step 2,B) 
25.000 Qubes users multiplied by Munich/world population ratio 0,000175 = 4,3 
Munich Qubes users. 


- Conclusion - 
This means, in a perfect square, evenly distributed scenario, there are at 
average some 267,5 Qubes users in all of Germany, and some 4,3 Qubes users in 
Munich specifically. However, keep in mind, this is evenly distributed. Other 
factors, such as culture, universities, companies, mouth to mouth, and so on, 
may change how even the distribution is. As such, you may for example be the 
only one in Munich to use Qubes, or perhaps, there are 10 others besides you in 
Munich. Similar, there may be 500 in German, or maybe only 10 QUbes users in 
Germany. 

- Perspective, a small extra study - 
However, we can make a logical deduction from our little inductive research 
above. Deductively, we can assume that because Germans are subjectively known t 
be more keen on security and privacy than some other western countries, or most 
countries in the world. And because Germany is one of the leading country in 
some technologies and science. It's not unlikely to think that Germany might 
have a somewhat higher distribution of Qubes users, compared to elsewhere. 

For example, it may be assumed that Germany then have 300? or maybe 700? Qubes 
users (up from 267,5), it's a wild guess. At this point, it becomes calculated 
guess-work. But you can still estimate the likelihood of how likely your guess 
is.

However, keep in mind, a slightly bigger likelihood of more Qubes users in 
Germany, does not translate into many more Qubes users in Munich. Germany is 
about 88 times bigger in population than Munich is, so for every 88 extra Qubes 
user in Germany, there is only 1 extra in Munich, if evenly distributed. 
However, if you got universities, privacy advocated companies, or just plain 
lucky to have people interested in Qubes to spread mouth to mouth in Munich or 
near Munich, then Munich may have a bigger ratio as well. 

So, your take away, considering so few of the 25.000 Qubes users actually post 
on these e-mail thread / forums, it can be "assumed" that some just read 
without posting or rarely posting. However, many more likely don't read these 
e-mail thread / forums much or at all. This is without considering there are 
other Qubes platforms too, like the Reddit one.

In other words, even if its evenly distributed, and there are 4,3 Qubes users 
in Munich alone, or even if your lucky, and the distribution is affected by 
factors that spread Qubes in Munich, then maybe there are some more, but its 
probably hardly

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread beso 
On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > > > Hello Beso,
> > > > 
> > > > > Mobile Broadband is enabled in 
> > > > > NetworkManager Applet. 
> > > > > I can create new Mobile Broadband 
> > > > > connection but it keeps connecting 
> > > > > and nothing else
> > > > 
> > > >  I am using mobile broadband within Qubes and am happy to help, but 
> > > > honestly your question/problem is to unqualified. 
> > > > 
> > > > - what version of Qubes are you running?
> > > > - what modell of mobile broadband card are you using? 
> > > > - how is the broadband card connected? Probably as an internal USB 
> > > > device. 
> > > > - are you using sys-usb to connect the card to your sys-net VM? Or are 
> > > > you passing through the whole USB controller?
> > > > - have you tried to boot up a Fedora live Linux and check if your 
> > > > mobile broadband is working there?
> > > > - what does "keeps connecting" means?
> > > > 
> > > > My suggestion:
> > > > Try to get the mobile broadband card working without Qubes (Linux Live 
> > > > Boot from USB-Stick).
> > > > If you got it working try to make it work in Qubes.
> > > > 
> > > > [799]
> > > 
> > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > - Qubes release 3.2(R3.2)
> > > - Previous linux distros worked (ubuntu 16.04)
> > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated 
> > > Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > - do I have to attach it somewhere?
> > > - As I mentioned I can create new broadband connection and even select it 
> > > from applet menu but it keeps connecting(applet shows "circles" as trying 
> > > connect).
> > > I am trying to make screenshot if it helps
> 
> PS.
> [user@sys-net ~]$ ifconfig
> enp0s1f6: flags=4099  mtu 1500
> ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> RX packets 0  bytes 0 (0.0 B)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 0  bytes 0 (0.0 B)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> device interrupt 26  memory 0xe120-e122  
> 
> lo: flags=73  mtu 65536
> inet 127.0.0.1  netmask 255.0.0.0
> inet6 ::1  prefixlen 128  scopeid 0x10
> loop  txqueuelen 1  (Local Loopback)
> RX packets 636  bytes 74412 (72.6 KiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 636  bytes 74412 (72.6 KiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> 
> vif2.0: flags=4163  mtu 1500
> inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> inet6 fe80::fcff::feff:  prefixlen 64  scopeid 0x20
> ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> RX packets 102007  bytes 32168371 (30.6 MiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 228493  bytes 219299357 (209.1 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> 
> wlp0s2: flags=4163  mtu 1500
> inet 192.168.43.181  netmask 255.255.255.0  broadcast 192.168.43.255
> inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 0x20
> ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> RX packets 238240  bytes 225553537 (215.1 MiB)
> RX errors 0  dropped 0  overruns 0  frame 0
> TX packets 108834  bytes 37072683 (35.3 MiB)
> TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


sudo dmesg:
[ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 sp 
7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2344c54-07ad-454c-ae2f-93cde7e8756f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Monday, October 2, 2017 at 11:06:38 AM UTC, beso wrote:
> On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > Hello Beso,
> > 
> > > Mobile Broadband is enabled in 
> > > NetworkManager Applet. 
> > > I can create new Mobile Broadband 
> > > connection but it keeps connecting 
> > > and nothing else
> > 
> >  I am using mobile broadband within Qubes and am happy to help, but 
> > honestly your question/problem is to unqualified. 
> > 
> > - what version of Qubes are you running?
> > - what modell of mobile broadband card are you using? 
> > - how is the broadband card connected? Probably as an internal USB device. 
> > - are you using sys-usb to connect the card to your sys-net VM? Or are you 
> > passing through the whole USB controller?
> > - have you tried to boot up a Fedora live Linux and check if your mobile 
> > broadband is working there?
> > - what does "keeps connecting" means?
> > 
> > My suggestion:
> > Try to get the mobile broadband card working without Qubes (Linux Live Boot 
> > from USB-Stick).
> > If you got it working try to make it work in Qubes.
> > 
> > [799]
> 
> - Laptop is ThinkPad X1 Carbon 4th gen.
> - Qubes release 3.2(R3.2)
> - Previous linux distros worked (ubuntu 16.04)
> - from qvm-usb I can see that card is: Sierra Wireless Incorporated Sierra 
> Wireless EM7455 Qualcomm Snapdragon X7
> - do I have to attach it somewhere?
> - As I mentioned I can create new broadband connection and even select it 
> from applet menu but it keeps connecting(applet shows "circles" as trying 
> connect).
> I am trying to make screenshot if it helps

Yes, because you passed the USB controller to your sys-USB, correct? In that 
case, that means if you attach an USB modem, it'll be passed to your sys-USB, 
and not your sys-net that should have the internet device instead. 

The solution could be to merge your sys-net with sys-usb, though, I never felt 
truly safe having my USB exposed like that. Though logically speaking, its not 
anymore exposed in sys-net, than compared with any other non Qubes-OS system 
out there. Either way, I believe this is pretty likely your problem.

Try test it first, you can worry about the security after wards.
See if it works if you passthrough your USB controller to your sys-net instead, 
and then try apply your USB modem there. 

If it still doesn't work, then it's probably either (in order of likelihood, 
the first is most likely imho).

- No driver/module for your USB modem. It may be visible in i.e. "lspci", but 
it'll have no functionality, no less any signal.
- PCI strictness is too strict, and qvm-prefs strictreset option set to false 
is not enough.
- Pass-through is not supported in your USB modem.

But these potential issues, you only need to worry about, after you get USB 
into sys-net, instead of sys-usb.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a71d2572-00a7-4ed8-a616-d1973f4e3087%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > > > > Hello Beso,
> > > > > 
> > > > > > Mobile Broadband is enabled in 
> > > > > > NetworkManager Applet. 
> > > > > > I can create new Mobile Broadband 
> > > > > > connection but it keeps connecting 
> > > > > > and nothing else
> > > > > 
> > > > >  I am using mobile broadband within Qubes and am happy to help, but 
> > > > > honestly your question/problem is to unqualified. 
> > > > > 
> > > > > - what version of Qubes are you running?
> > > > > - what modell of mobile broadband card are you using? 
> > > > > - how is the broadband card connected? Probably as an internal USB 
> > > > > device. 
> > > > > - are you using sys-usb to connect the card to your sys-net VM? Or 
> > > > > are you passing through the whole USB controller?
> > > > > - have you tried to boot up a Fedora live Linux and check if your 
> > > > > mobile broadband is working there?
> > > > > - what does "keeps connecting" means?
> > > > > 
> > > > > My suggestion:
> > > > > Try to get the mobile broadband card working without Qubes (Linux 
> > > > > Live Boot from USB-Stick).
> > > > > If you got it working try to make it work in Qubes.
> > > > > 
> > > > > [799]
> > > > 
> > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > - Qubes release 3.2(R3.2)
> > > > - Previous linux distros worked (ubuntu 16.04)
> > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated 
> > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > - do I have to attach it somewhere?
> > > > - As I mentioned I can create new broadband connection and even select 
> > > > it from applet menu but it keeps connecting(applet shows "circles" as 
> > > > trying connect).
> > > > I am trying to make screenshot if it helps
> > 
> > PS.
> > [user@sys-net ~]$ ifconfig
> > enp0s1f6: flags=4099  mtu 1500
> > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > RX packets 0  bytes 0 (0.0 B)
> > RX errors 0  dropped 0  overruns 0  frame 0
> > TX packets 0  bytes 0 (0.0 B)
> > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > device interrupt 26  memory 0xe120-e122  
> > 
> > lo: flags=73  mtu 65536
> > inet 127.0.0.1  netmask 255.0.0.0
> > inet6 ::1  prefixlen 128  scopeid 0x10
> > loop  txqueuelen 1  (Local Loopback)
> > RX packets 636  bytes 74412 (72.6 KiB)
> > RX errors 0  dropped 0  overruns 0  frame 0
> > TX packets 636  bytes 74412 (72.6 KiB)
> > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > 
> > vif2.0: flags=4163  mtu 1500
> > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 0x20
> > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > RX packets 102007  bytes 32168371 (30.6 MiB)
> > RX errors 0  dropped 0  overruns 0  frame 0
> > TX packets 228493  bytes 219299357 (209.1 MiB)
> > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > 
> > wlp0s2: flags=4163  mtu 1500
> > inet 192.168.43.181  netmask 255.255.255.0  broadcast 192.168.43.255
> > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 0x20
> > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > RX packets 238240  bytes 225553537 (215.1 MiB)
> > RX errors 0  dropped 0  overruns 0  frame 0
> > TX packets 108834  bytes 37072683 (35.3 MiB)
> > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> 
> 
> sudo dmesg:
> [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 sp 
> 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000]

Also, if you have multiple of USB controllers, try sacrifice one controller to 
sys-net, while keeping the remaining in sys-usb. 

I believe you have a laptop since you want to use an USB modem, but even 
laptops tend to have at least two USB controllers now a days and some years 
back. 

So verify how many USB controllers you got (NOT! ports, but controllers, that 
is to be blond, how many USB controlling chips are there in your hardware). 
Many developers like to put multiple of ports on a single controller. Be sure 
you got more than one controller, and then only pass one of them to your 
sys-net, and keeping the other in sys-usb. 

Then in practice, avoid any USB ports used for the exposed USB controller, and 
then keep remaining USB controllers in the safer sys-usb.

-- 
You received this message because you are subscribed to the Google Groups

Re: [qubes-users] https://www.intel.com/.../nuc6i3syk.html says NO TPM yesterday and earlier but today TPM = 1.00

2017-11-22 Thread Unman 
On Wed, Nov 22, 2017 at 11:13:09AM -0800, squeakl...@gmail.com wrote:
> https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc6i3syk.html
> 
> Today i am accessing qubes-users mailing lists 
> ( that is the only difference between today and yesterday )
> and now this
> webpage now says it has TPM = 1.00
> 
> so this sounds like webpage defacing might be going on
> so what could this mean?
> somebody doesn't want me to use Qubes OS?
> am i infected with something?
> how does defacing work?
> 

Wayback machine confirms that TPM was NO on Ma 5 2017 - I cant see
any other difference form today's TPM=1.

So either the spec has change, or there's some glitch in back end db at
Intel.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171122194348.4yfs22kx56jqawvo%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to Setup Wireless

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 7:43:59 PM UTC, Ray Joseph wrote:
> donoban,
> 
> Thank  you.  It is now running in dom0.  I changed to v4.0RC1.  My vms start 
> intermittently so it is a challenge to test further.  
> 
> I guess I could practice in v3.2 until v4 matures.

Actually, if you managed to get that far, you can probably manage to get Qubes 
4 to run more or less smoothly. Albeit still may be unlucky to encounter a 
nasty bug of course, but in my own experience it runs pretty smoothly with 
newest updates and fixed user mistakes.

Qubes 4 user (or semi-user) mistakes that I encountered, that have a big impact 
on a working Qubes 4:
 
- Not making sure ALL VM's, i.e. from restored backup, are set to HVM instead 
of PV. This can mess up your VM's, as some systems can no longer run PV VM's 
properly in Qubes 4, despite having done so just fine in Qubes 3.2.

- Using any older Qubes 3.2. templates. A lot of changes was made to the Qubes 
tools, so the Qubes tools code probably changed in the VM templates too. Be 
sure you are mindful of this, if you insist on using an older Qubes 3.2. VM 
template. 

- A bug in the AppVM templates, seem to mess up icon update in the XFCE4 menu, 
or somehow even preventing apps to start in VM's. If you encounter a bad AppVM, 
check if it was restored from Qubes 3.2. If so, then manually transfter your 
files, bookmarks, etc. out of it and over into a new Qubes 4 freshly made AppVM.

- VT-D and similar, is now required for a fully working system, instead of just 
recommended as it was in Qubes 3.2. and back. You may be able to install, but 
it won't run smooth without VT-D or similar supported tech.

- Newest Qubes (Testing update) has a drawback of Hibernate/Suspend breaking 
Wi-Fi, and various of other VM functionality. For example all your VM apps may 
be gone and cannot start. Only solution is either restart ALL your VM's, or in 
the worst cases, having to restart all of Qubes. Still, this is a testing 
update, and a user mistake for using a testing update. The developers will 
probably get it fixed eventually. Staying with regular updates should be safe, 
I assume of course. If you get the bug, then just be sure you save important 
work if you use suspend/hibernate. This is likely a pass-through issue (I 
think), but its definitely not a driver/module issue, like those we otherwise 
often saw in the past after hibernate/suspend. Either way, my guess is its 
probably soon fixed before it becomes a normal update.


I'm not saying to go Qubes 4 for stability or critical data production, though, 
in my experience the user (or semi user) mistakes above can have a huge impact 
on if Qubes 4 works properly or not.

There are still other issues, but they are getting more rare, and mostly 
everything seems to work now. Personally I'd rate Qubes RC-2, fully updated to 
this date, as late stage beta testing. But that's just my look at it.

If you got important work, then it's probably better to stay on Qubes 3.2. for 
a while yet. If not, and you want to play with Qubes, then you can probably get 
it work reasonably on supported hardware.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/658c1271-b949-413e-a768-6840e17f665c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: download new fedora-26

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 4:11:17 PM UTC, Roy Bernat wrote:
> Hi 
> 
> i am trying to download fedora-26 but with no success . 
> 
> i succeeded a month ago but now i am getting nothing . 
> 
> any suggestions ? 
> 
> R


Are you running Qubes 4 or Qubes 3.2.?

I can only speak for Qubes as I never installed the template when on Qubes 
3.2., however it failed for me as well. I do not recall what the issue was. The 
only other template issue I remember by head, is the fedora-26-minimal, which 
require a password when you try to use "sudo" or "su" etc. which means, you 
cannot install or update anything. The password has be fixed.

Please specify your Qubes version, and also what is happening when the template 
fails. 

Also, it's my gut feeling, without knowing for sure, that the developers are 
not overly focused on the different templates right now. Their focus is 
primarily Fedora-25 right now it seems. This is understandable, as they are 
working hard, and maybe even overtime, to get Qubes 4 out of beta and into 
stable final release. Before that, having just one good working template, 
compared to other nasty Qubes 4 bugs, is good enough, at least for me, and I 
assume most people too.

If it's trouble in Qubes 3.2. you encounter, then you probably won't see much 
else than security update in Qubes 3.2., as Qubes 3.2. is to be out-phased when 
the extended support ends. Which will likely happen, my guess, within half a 
year after Qubes 4 is stable. So unless someone provides an easy quick fix, the 
developers probably won't spend much time on fixing Qubes 3.2. templates.

Keep in mind the Qubes tools was changed and updated in Qubes 4, so whatever 
fix work in one Qubes version, may not necessarily work in the other.

Another solution could be to try compile the template yourself, there should be 
enough material around if you're good to follow guides on how to do so.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e28e23c8-18eb-4d98-8a67-54ba8b24cb3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to Setup Wireless

2017-11-22 Thread Ray Joseph 
donoban,

Thank  you.  It is now running in dom0.  I changed to v4.0RC1.  My vms start 
intermittently so it is a challenge to test further.  

I guess I could practice in v3.2 until v4 matures.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8cd83d2c-a615-431f-90f7-6dfa8fba7724%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: ***SPAM*** Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread max via qubes-users 



Yuraeitha skrev den 22.11.2017 20:27:
snip---


I can see from your screenshot that you're trying to install Qubes 4,
and you commented that you have no VT-D. You mayde sure its not just
disabled?


I have VT-x ,but not VT-d :
https://ark.intel.com/products/75460/Intel-Core-i7-4500U-Processor-4M-Cache-up-to-3_00-GHz


Write "lscpu" in your dom0 terminal, and find the CPU processor name.
Then you can yourself, or put the name here and we can do it for you,
quickly check if your CPU supports VT-D or not.


Thank you. Output is the above CPU.


Qubes 4 is much more strict towards missing hardware support than
Qubes 3.2. Specifically the security/privacy hardware support
features. Qubes is meant to be about security, by making it only
install on security enabling hardware, falls within reasonable so that
no one install Qubes on unsafe hardware, and thereby falsely believe
to be "safe".


A very solid point. A mere mention of the implications should suffice in 
my book, then the choice could be mine and my choice to compromise, 
evaluating the risk involved. Then I would not think to be 100% safe, 
but actually be safer than running a non qubes-OS.



The most dangerous kind of lack of security around, is ironically not
technical of nature. The most dangerous one, is the attitude, or
belief, that you're safe, when you in fact are not. Think of it like
ancient humans sleeping on the havana, and lions sneak around in the
grass. Because you're not on watch, i.e. build a house or barricaded a
cave entrance, then you'll likely die pretty darn fast. The same
applies to Qubes, this move, in my view, is the developers kindly
pushing us all to buy VT-D (and similar) security enabling hardware.


And that is a really good idea. Nudging works, but pushing works better 
;) I believe that I'm never truly safe, but only "safer" using Qubes, 
than if running another setup. Being a 100% safe is utopia in my book. 
Just want to go as far as my brain and hardware takes me. Apparently 
that is not far enough in version 4's case.



However, you can probably still install Qubes 3.3 and sleep on the
hanava just fine. The type of attacks that affect you, are rare
enough, to justify Qubes 3.2. on a no VT-D (or similar tech) machine.
And it's more likely to work on a non VT-D machine, than Qubes 4 which
require VT-D instead of just recommending it.


I'm waiting for my new notebook that has actual VT-d 
support(https://ark.intel.com/products/88194), so it seems that my 
pre-training on version 4 collapsed with the above setup :)



Also Qubes 3.2. should be updated for a while yet,
https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/`


thank you very much for your time and feedback.

Sincerely
Max

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0a2ff4a1312b0dbd98b2c0a42d93a82%40militant.dk.
For more options, visit https://groups.google.com/d/optout.

Re: ***SPAM*** Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 8:10:43 PM UTC, m...@militant.dk wrote:
> Yuraeitha skrev den 22.11.2017 20:27:
> snip---
> 
> > I can see from your screenshot that you're trying to install Qubes 4,
> > and you commented that you have no VT-D. You mayde sure its not just
> > disabled?
> 
> I have VT-x ,but not VT-d :
> https://ark.intel.com/products/75460/Intel-Core-i7-4500U-Processor-4M-Cache-up-to-3_00-GHz
> 
> > Write "lscpu" in your dom0 terminal, and find the CPU processor name.
> > Then you can yourself, or put the name here and we can do it for you,
> > quickly check if your CPU supports VT-D or not.
> 
> Thank you. Output is the above CPU.
> 
> > Qubes 4 is much more strict towards missing hardware support than
> > Qubes 3.2. Specifically the security/privacy hardware support
> > features. Qubes is meant to be about security, by making it only
> > install on security enabling hardware, falls within reasonable so that
> > no one install Qubes on unsafe hardware, and thereby falsely believe
> > to be "safe".
> 
> A very solid point. A mere mention of the implications should suffice in 
> my book, then the choice could be mine and my choice to compromise, 
> evaluating the risk involved. Then I would not think to be 100% safe, 
> but actually be safer than running a non qubes-OS.
> 
> > The most dangerous kind of lack of security around, is ironically not
> > technical of nature. The most dangerous one, is the attitude, or
> > belief, that you're safe, when you in fact are not. Think of it like
> > ancient humans sleeping on the havana, and lions sneak around in the
> > grass. Because you're not on watch, i.e. build a house or barricaded a
> > cave entrance, then you'll likely die pretty darn fast. The same
> > applies to Qubes, this move, in my view, is the developers kindly
> > pushing us all to buy VT-D (and similar) security enabling hardware.
> 
> And that is a really good idea. Nudging works, but pushing works better 
> ;) I believe that I'm never truly safe, but only "safer" using Qubes, 
> than if running another setup. Being a 100% safe is utopia in my book. 
> Just want to go as far as my brain and hardware takes me. Apparently 
> that is not far enough in version 4's case.
> 
> > However, you can probably still install Qubes 3.3 and sleep on the
> > hanava just fine. The type of attacks that affect you, are rare
> > enough, to justify Qubes 3.2. on a no VT-D (or similar tech) machine.
> > And it's more likely to work on a non VT-D machine, than Qubes 4 which
> > require VT-D instead of just recommending it.
> 
> I'm waiting for my new notebook that has actual VT-d 
> support(https://ark.intel.com/products/88194), so it seems that my 
> pre-training on version 4 collapsed with the above setup :)
> 
> > Also Qubes 3.2. should be updated for a while yet,
> > https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/`
> 
> thank you very much for your time and feedback.
> 
> Sincerely
> Max

Your welcome :)
I hope your new laptop will run Qubes 4 smoothly, it can be a hit and miss 
sometimes, but generally you can reduce the risk by i.e. checking if it 
supports VT-D, like you already did :)

I definitely agree too that more could be done to communicate, sadly, despite 
how pretty awesome Qubes is, communication with its communicate, seems to be 
its weak point. Most people around here seem to care about each others, it's 
just, there is so little organizing and corporation, both within the community, 
and between the community and developers. 

But having said that, the developers are awesome to step in and help fix user 
issues, despite being so busy. It's just, I think at least, that Qubes could 
use more staff members to help fostering the community a bit more. I.e. like 
you said, help communicate so people don't fall into security traps, instead of 
relying purely on OS system designs to make sure people don't get into trouble. 
A mix of both, seems like a good balance.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27384fba-ee30-48b2-bccf-63ea385a0df9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread beso 
On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > > > > > Hello Beso,
> > > > > > 
> > > > > > > Mobile Broadband is enabled in 
> > > > > > > NetworkManager Applet. 
> > > > > > > I can create new Mobile Broadband 
> > > > > > > connection but it keeps connecting 
> > > > > > > and nothing else
> > > > > > 
> > > > > >  I am using mobile broadband within Qubes and am happy to help, but 
> > > > > > honestly your question/problem is to unqualified. 
> > > > > > 
> > > > > > - what version of Qubes are you running?
> > > > > > - what modell of mobile broadband card are you using? 
> > > > > > - how is the broadband card connected? Probably as an internal USB 
> > > > > > device. 
> > > > > > - are you using sys-usb to connect the card to your sys-net VM? Or 
> > > > > > are you passing through the whole USB controller?
> > > > > > - have you tried to boot up a Fedora live Linux and check if your 
> > > > > > mobile broadband is working there?
> > > > > > - what does "keeps connecting" means?
> > > > > > 
> > > > > > My suggestion:
> > > > > > Try to get the mobile broadband card working without Qubes (Linux 
> > > > > > Live Boot from USB-Stick).
> > > > > > If you got it working try to make it work in Qubes.
> > > > > > 
> > > > > > [799]
> > > > > 
> > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > - Qubes release 3.2(R3.2)
> > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated 
> > > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > - do I have to attach it somewhere?
> > > > > - As I mentioned I can create new broadband connection and even 
> > > > > select it from applet menu but it keeps connecting(applet shows 
> > > > > "circles" as trying connect).
> > > > > I am trying to make screenshot if it helps
> > > 
> > > PS.
> > > [user@sys-net ~]$ ifconfig
> > > enp0s1f6: flags=4099  mtu 1500
> > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > RX packets 0  bytes 0 (0.0 B)
> > > RX errors 0  dropped 0  overruns 0  frame 0
> > > TX packets 0  bytes 0 (0.0 B)
> > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > device interrupt 26  memory 0xe120-e122  
> > > 
> > > lo: flags=73  mtu 65536
> > > inet 127.0.0.1  netmask 255.0.0.0
> > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > loop  txqueuelen 1  (Local Loopback)
> > > RX packets 636  bytes 74412 (72.6 KiB)
> > > RX errors 0  dropped 0  overruns 0  frame 0
> > > TX packets 636  bytes 74412 (72.6 KiB)
> > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > 
> > > vif2.0: flags=4163  mtu 1500
> > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 0x20
> > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > RX errors 0  dropped 0  overruns 0  frame 0
> > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > 
> > > wlp0s2: flags=4163  mtu 1500
> > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > 192.168.43.255
> > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 0x20
> > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > RX packets 238240  bytes 225553537 (215.1 MiB)
> > > RX errors 0  dropped 0  overruns 0  frame 0
> > > TX packets 108834  bytes 37072683 (35.3 MiB)
> > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > 
> > 
> > sudo dmesg:
> > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 sp 
> > 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000]
> 
> Also, if you have multiple of USB controllers, try sacrifice one controller 
> to sys-net, while keeping the remaining in sys-usb. 
> 
> I believe you have a laptop since you want to use an USB modem, but even 
> laptops tend to have at least two USB controllers now a days and some years 
> back. 
> 
> So verify how many USB controllers you got (NOT! ports, but controllers, that 
> is to be blond, how many USB controlling chips are there in your hardware). 
> Many developers like to put multiple of ports on a single controller. Be sure 
> you got more than one controller, and then only pass one of

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > > > > > > Hello Beso,
> > > > > > > 
> > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > NetworkManager Applet. 
> > > > > > > > I can create new Mobile Broadband 
> > > > > > > > connection but it keeps connecting 
> > > > > > > > and nothing else
> > > > > > > 
> > > > > > >  I am using mobile broadband within Qubes and am happy to help, 
> > > > > > > but honestly your question/problem is to unqualified. 
> > > > > > > 
> > > > > > > - what version of Qubes are you running?
> > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > - how is the broadband card connected? Probably as an internal 
> > > > > > > USB device. 
> > > > > > > - are you using sys-usb to connect the card to your sys-net VM? 
> > > > > > > Or are you passing through the whole USB controller?
> > > > > > > - have you tried to boot up a Fedora live Linux and check if your 
> > > > > > > mobile broadband is working there?
> > > > > > > - what does "keeps connecting" means?
> > > > > > > 
> > > > > > > My suggestion:
> > > > > > > Try to get the mobile broadband card working without Qubes (Linux 
> > > > > > > Live Boot from USB-Stick).
> > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > 
> > > > > > > [799]
> > > > > > 
> > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > - Qubes release 3.2(R3.2)
> > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated 
> > > > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > - do I have to attach it somewhere?
> > > > > > - As I mentioned I can create new broadband connection and even 
> > > > > > select it from applet menu but it keeps connecting(applet shows 
> > > > > > "circles" as trying connect).
> > > > > > I am trying to make screenshot if it helps
> > > > 
> > > > PS.
> > > > [user@sys-net ~]$ ifconfig
> > > > enp0s1f6: flags=4099  mtu 1500
> > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > RX packets 0  bytes 0 (0.0 B)
> > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > TX packets 0  bytes 0 (0.0 B)
> > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > device interrupt 26  memory 0xe120-e122  
> > > > 
> > > > lo: flags=73  mtu 65536
> > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > loop  txqueuelen 1  (Local Loopback)
> > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > 
> > > > vif2.0: flags=4163  mtu 1500
> > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 
> > > > 0x20
> > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > 
> > > > wlp0s2: flags=4163  mtu 1500
> > > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > > 192.168.43.255
> > > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 
> > > > 0x20
> > > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > > RX packets 238240  bytes 225553537 (215.1 MiB)
> > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > TX packets 108834  bytes 37072683 (35.3 MiB)
> > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > 
> > > 
> > > sudo dmesg:
> > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 
> > > sp 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000]
> > 
> > Also, if you have multiple of USB controllers, try sacrifice one controller 
> > to sys-net, while keeping the remaining in sys-usb. 
> > 
> > I believe you have a laptop since you want to use an USB modem, but even 
> > laptops tend to have at least two USB controllers now a days and some years 
> > back. 
> > 
> > So verify how many USB

Re: [qubes-users] Mobile broadband-not enabled

2017-11-22 Thread beso 
On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote:
> On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote:
> > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote:
> > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote:
> > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote:
> > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote:
> > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote:
> > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote:
> > > > > > > > Hello Beso,
> > > > > > > > 
> > > > > > > > > Mobile Broadband is enabled in 
> > > > > > > > > NetworkManager Applet. 
> > > > > > > > > I can create new Mobile Broadband 
> > > > > > > > > connection but it keeps connecting 
> > > > > > > > > and nothing else
> > > > > > > > 
> > > > > > > >  I am using mobile broadband within Qubes and am happy to help, 
> > > > > > > > but honestly your question/problem is to unqualified. 
> > > > > > > > 
> > > > > > > > - what version of Qubes are you running?
> > > > > > > > - what modell of mobile broadband card are you using? 
> > > > > > > > - how is the broadband card connected? Probably as an internal 
> > > > > > > > USB device. 
> > > > > > > > - are you using sys-usb to connect the card to your sys-net VM? 
> > > > > > > > Or are you passing through the whole USB controller?
> > > > > > > > - have you tried to boot up a Fedora live Linux and check if 
> > > > > > > > your mobile broadband is working there?
> > > > > > > > - what does "keeps connecting" means?
> > > > > > > > 
> > > > > > > > My suggestion:
> > > > > > > > Try to get the mobile broadband card working without Qubes 
> > > > > > > > (Linux Live Boot from USB-Stick).
> > > > > > > > If you got it working try to make it work in Qubes.
> > > > > > > > 
> > > > > > > > [799]
> > > > > > > 
> > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen.
> > > > > > > - Qubes release 3.2(R3.2)
> > > > > > > - Previous linux distros worked (ubuntu 16.04)
> > > > > > > - from qvm-usb I can see that card is: Sierra Wireless 
> > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7
> > > > > > > - do I have to attach it somewhere?
> > > > > > > - As I mentioned I can create new broadband connection and even 
> > > > > > > select it from applet menu but it keeps connecting(applet shows 
> > > > > > > "circles" as trying connect).
> > > > > > > I am trying to make screenshot if it helps
> > > > > 
> > > > > PS.
> > > > > [user@sys-net ~]$ ifconfig
> > > > > enp0s1f6: flags=4099  mtu 1500
> > > > > ether 54:ee:75:aa:4d:e3  txqueuelen 1000  (Ethernet)
> > > > > RX packets 0  bytes 0 (0.0 B)
> > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > TX packets 0  bytes 0 (0.0 B)
> > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > device interrupt 26  memory 0xe120-e122  
> > > > > 
> > > > > lo: flags=73  mtu 65536
> > > > > inet 127.0.0.1  netmask 255.0.0.0
> > > > > inet6 ::1  prefixlen 128  scopeid 0x10
> > > > > loop  txqueuelen 1  (Local Loopback)
> > > > > RX packets 636  bytes 74412 (72.6 KiB)
> > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > TX packets 636  bytes 74412 (72.6 KiB)
> > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > 
> > > > > vif2.0: flags=4163  mtu 1500
> > > > > inet 10.137.1.1  netmask 255.255.255.255  broadcast 0.0.0.0
> > > > > inet6 fe80::fcff::feff:  prefixlen 64  scopeid 
> > > > > 0x20
> > > > > ether fe:ff:ff:ff:ff:ff  txqueuelen 32  (Ethernet)
> > > > > RX packets 102007  bytes 32168371 (30.6 MiB)
> > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > TX packets 228493  bytes 219299357 (209.1 MiB)
> > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > > 
> > > > > wlp0s2: flags=4163  mtu 1500
> > > > > inet 192.168.43.181  netmask 255.255.255.0  broadcast 
> > > > > 192.168.43.255
> > > > > inet6 fe80::e6a4:71ff:fe8a:d310  prefixlen 64  scopeid 
> > > > > 0x20
> > > > > ether e4:a4:71:8a:d3:10  txqueuelen 1000  (Ethernet)
> > > > > RX packets 238240  bytes 225553537 (215.1 MiB)
> > > > > RX errors 0  dropped 0  overruns 0  frame 0
> > > > > TX packets 108834  bytes 37072683 (35.3 MiB)
> > > > > TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
> > > > 
> > > > 
> > > > sudo dmesg:
> > > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 
> > > > sp 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000]
> > > 
> > > Also, if you have multiple of USB controllers, try sacrifice one 
> > > controller to sys-net,

[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

2017-11-22 Thread Yuraeitha 
On Wednesday, November 22, 2017 at 1:34:26 PM UTC, Sandy Harris wrote:
> From a crypto list, seemed relevant here.
> 
> -- Forwarded message --
> From: =JeffH 
> Date: Tue, Nov 21, 2017 at 7:04 PM
> Subject: [Cryptography] Intel Management Engine pwnd (was: How to find
> hidden/undocumented instructions
> To: "Crypto (moderated) list" 
> 
> 
> Oh joy...
> 
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> 
>  By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53
> 
> Intel today admitted its Management Engine (ME), Server Platform
> Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to
> multiple worrying security flaws, based on the findings of external
> security experts.
> 
> The firmware-level bugs allow logged-in administrators, and malicious
> or hijacked high-privilege processes, to run code beneath the
> operating system to spy on or meddle with the computer completely out
> of sight of other users and admins. The holes can also be exploited by
> network administrators, or people masquerading as admins, to remotely
> infect machines with spyware and invisible rootkits, potentially.
> 
> Meanwhile, logged-in users, or malicious or commandeered applications,
> can leverage the security weaknesses to extract confidential and
> protected information from the computer's memory, potentially giving
> miscreants sensitive data – such as passwords or cryptographic keys –
> to kick off other attacks. This is especially bad news on servers and
> other shared machines.
> 
> In short, a huge amount of Intel silicon is secretly running code that
> is buggy and exploitable by attackers and malware to fully and
> silently compromise computers. The processor chipsets affected by the
> flaws are as follows:
> 
> 6th, 7th and 8th Generation Intel Core processors
> Intel Xeon E3-1200 v5 and v6 processors
> Intel Xeon Scalable processors
> Intel Xeon W processors
> Intel Atom C3000 processors
> Apollo Lake Intel Atom E3900 series
> Apollo Lake Intel Pentiums
> Celeron N and J series processors
> 
> Intel's Management Engine, at the heart of today's disclosures, is a
> computer within your computer. It is Chipzilla's much maligned
> coprocessor at the center of its vPro suite of features, and it is
> present in various chip families. It has been assailed as a "backdoor"
> – a term Intel emphatically rejects – and it is a mechanism targeted
> by researchers at UK-based Positive Technologies, who are set to
> reveal in detail new ways to exploit the ME next month.
> 
> The Management Engine is a barely documented black box. it has its own
> CPU and its own operating system – recently, an x86 Quark core and
> MINIX – that has complete control over the machine, and it functions
> below and out of sight of the installed operating system and any
> hypervisors or antivirus tools present.
> 
> It is designed to allow network administrators to remotely or locally
> log into a server or workstation, and fix up any errors, reinstall the
> OS, take over the desktop, and so on, which is handy if the box is so
> messed up it can't even boot properly.
> 
> The ME runs closed-source remote-administration software to do this,
> and this code contains bugs – like all programs – except these bugs
> allow hackers to wield incredible power over a machine. The ME can be
> potentially abused to install rootkits and other forms of spyware that
> silently snoop on users, steal information, or tamper with files.
> 
> SPS is based on ME, and allows you to remotely configure Intel-powered
> servers over the network. TXE is Intel's hardware authenticity
> technology. Previously, the AMT suite of tools, again running on ME,
> could be bypassed with an empty credential string.
> 
> Today, Intel has gone public with more issues in its firmware. It
> revealed it "has identified several security vulnerabilities that
> could potentially place impacted platforms at risk" following an audit
> of its internal source code:
> 
> In response to issues identified by external researchers, Intel has
> performed an in-depth comprehensive security review of our Intel
> Management Engine (ME), Intel Server Platform Services (SPS), and
> Intel Trusted Execution Engine (TXE) with the objective of enhancing
> firmware resilience.
> 
> The flaws, according to Intel, could allow an attacker to impersonate
> the ME, SPS or TXE mechanisms, thereby invalidating local security
> features; "load and execute arbitrary code outside the visibility of
> the user and operating system"; and crash affected systems. The
> severity of the vulnerabilities is mitigated by the fact that most of
> them require local access, either as an administrator or less
> privileged user; the rest require you to access the management
> features as an