[qubes-users] Re: Can I hope to run Qubes OS on Macbook Air 2013

2018-03-02 Thread andrewashbacher
On Wednesday, January 13, 2016 at 5:15:06 AM UTC-8, mariusz...@gmail.com wrote:
> Same as topic name. I am currently running mac os with heavy virtual machines 
> usage to get more security/privacy. I will probably switch to linux soon but 
> since i plan on using a lot of one time use VMs or even whonix i would rather 
> get as secure host as possible. So i figured why not use Qubes OS since i 
> already do everything manually.
> 
> If not mba what high end ultrabook would you recommend ?

Have you seen the Purism Libre laptops?  https://puri.sm/products/librem-13/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c158cfdb-f45e-4419-aa6e-ff034986d999%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] bash autocomplete

2018-03-02 Thread Holger Levsen
On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote:
> to have the shell behave nicer. If I have some free time, I might
> customize this stub to suggest available options to all qvm-* and
> qubes-* commands. I am surprised that I might be  the first one to
> discuss this subject (?!)   Bernhard

i'm definitly interested in this, this is super useful.


-- 
cheers,
Holger

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302191022.ygh2qllrumvrczfx%40layer-acht.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] bash autocomplete

2018-03-02 Thread 'awokd' via qubes-users
On Fri, March 2, 2018 7:10 pm, Holger Levsen wrote:
> On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote:
>
>> to have the shell behave nicer. If I have some free time, I might
>> customize this stub to suggest available options to all qvm-* and
>> qubes-* commands. I am surprised that I might be  the first one to
>> discuss this subject (?!)   Bernhard

Don't think the first, but this is the first functioning example I've seen.

> i'm definitly interested in this, this is super useful.

Ditto!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c7051b46e3dab7996de06b73f1e8a233.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] bash autocomplete

2018-03-02 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Fri, Mar 02, 2018 at 07:13:56PM -, 'awokd' via qubes-users wrote:
> On Fri, March 2, 2018 7:10 pm, Holger Levsen wrote:
> > On Tue, Feb 27, 2018 at 03:23:50PM +0100, haaber wrote:
> >
> >> to have the shell behave nicer. If I have some free time, I might
> >> customize this stub to suggest available options to all qvm-* and
> >> qubes-* commands. I am surprised that I might be  the first one to
> >> discuss this subject (?!)   Bernhard
> 
> Don't think the first, but this is the first functioning example I've seen.

There were multiple attempts for zsh, for Qubes 3.2:
https://gist.github.com/kalkin/133feb85ad63712dc859
https://github.com/woju/qubes-core-admin/commit/501fb736282741e90bb323f818026d9c8bc0863c

> > i'm definitly interested in this, this is super useful.
> 
> Ditto!

!

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlqZploACgkQ24/THMrX
1yxIcgf/bGmsjrWg7jtfma61PIRzl7s7UxS1oz62rWrFoyhbHBepQmalq8KZSeFa
MDn23u4P0eCBzYrEIckF3cOIjV0qVT3+5c35FVhaa2F1kRLKt6jkpLeBExLqDREr
ppPTY9Oy4jXVoO7LWt8GUmfKwCViQBaZrEr4nKhJtPy6WISxIwYX/7KuOvC8V7j5
T5BK21U1DaepTGNF7V/atnJuOMdhc701puWRTaLRFViwIKqm7FlHAmr80xEOx+8W
8WVn5HhZ4wlN4LvR40Pbk6VkcW4LEwIE+DTPuef4wmuXrS0AyAkn0uL9dubzX5gq
VhNPhxhcg6dntNM+fZ9aPS6r/0to2Q==
=BQl5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302193009.GB8712%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems with qvm-run --pass-io

2018-03-02 Thread Chris Laprise

On 03/02/2018 05:56 AM, Unman wrote:

On Fri, Mar 02, 2018 at 05:38:11AM -0500, Chris Laprise wrote:

On 03/02/2018 04:04 AM, donoban wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/02/2018 08:38 AM, Robert Walz wrote:

[robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat
"/home/user/meta.raw"' >
/var/lib/qubes/appvms/metasploitable/root.img I stopped the command
with Ctrl+C, because the root.img became bigger than the original
file's size. Then I got the following error messages.


Could you post:

[robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh
   "/home/user/meta.raw"'

Maybe your raw file is an sparse file. I'm not sure if cat would
handle it fine.



If source is sparse, you can also save it as sparse by piping through dd:

qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' | dd conv=sparse
of=/var/lib/qubes/appvms/metasploitable/root.img




But that way you still cat the WHOLE file and then only resparse it after
the transfer. It will take significantly longer.


Yes, but there's no risk to dom0 with dd, as there is with parsing a 
guest-created tar file.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2a7c45a-92bc-4164-2510-c0134cfdda7f%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] fw for network printer setup

2018-03-02 Thread yrebstv
On 2018-03-01 18:47, awokd wrote:
> On Fri, March 2, 2018 4:20 am, yreb...@riseup.net wrote:
>> On 2018-03-01 18:16, awokd wrote:
>>
>>> On Fri, March 2, 2018 4:10 am, yreb...@riseup.net wrote:
>>>
>>>
 When you see the message "Will you specify the DeviceURI ?",



 For USB Users: Choose N(No)
 For Network Users: Choose Y(Yes) and DeviceURI number.
 ---



 So, I chose "yes" then it wanted something like the IPP:// address
 ;

>>>
>>> You have to put your printer's IP address in here.
>>>
>>>
 I
 may have put in the gateway address  and got nowhere I guess your
 saying it doesn't matter if it didn't work in the Template ,
>>>
>>> Right, doesn't matter it doesn't work, but put in the right IP address.
>>>
>>>
>>>
 And for the IP address of the printer in the AppVM use the gateway of
  the AppVM ?

 in system-config-printer  there are various options  in settings->
 device URI: usb://dev/usblp0  is  filled in ,  and in printer state it
  say "waiting for printer to become available"
>>>
>>> Change this to IPP:// and your printer's address.
>>>
>>>
>>>
 perhaps I DONT need to tweak the fw settings in the VM Manager,  but
 how or do I need to input the IP of the printer  (I have a DDWRT
 router fwiw, if I'm supposed to assign a static IP somehow, and if
 that is not going to mess up the other computers using the network
 printer)
>>>
>>> Check what IP address they are printing to.
>>>
>>>
 As a final option,  I don't use sys-usb qubes,  so maybe I could
 connect the USB cable  and try it that way instead ... sigh


>>
>>
>> thanks for responding , as you can see the common theme, is I've no clue,
>> how to find my printer IP , and apparently  it may change if it's not
>> static?
> 
> Look in system-config-printer on one of your working systems. Yes, it
> might change if it's not static. How did you set up the other system?
> 
>> I had been told that the gateway address Was the printer IP  , but I've
>> really no idea
> 
> That's usually incorrect, unless the printer is connected directly to your
> router by USB.

The working Linux Mint system says :
dnssd://Brother%20HL-L2360D%20series._ipp._tcp.local/ 

I pasted that into the AppVM as root with system-printer-config  ->
settings-> change -> IPP (ipp)  
and IPP (ipps)   with no luck 

I did notice when I launched system-printer-config in terminal I see:
Error creating proxy: The connection is closed (g-io-error-quark, 18)

doing a web search on it but not hopeful 


1) does it matter is system-printer-config runs as root or user in AppVM

2) will re running the driver setup /cups etc tarball package conflict
with what I already did in the fedora-26-cloneprinter Template VM ?

3) I'm afraid static IPs  are going to be a nonstarter  for  chronic 
newb as myself  https://dd-wrt.com/phpBB2/viewtopic.php?t=263998


4) so much for  qubes printing is so easy  posts I've seen .. even
without a sys-usb  :P



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9098b02a093c155c3d1a238ef9226de4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] bash autocomplete

2018-03-02 Thread haaber
On 03/02/2018 10:22 AM, Unman wrote:
> 
> Try this:
> 
> _qvm()
> {   local cur 
> COMPREPLY=()
> cur="${COMP_WORDS[COMP_CWORD]}"
> VMS=`qvm-ls --raw-list`
> COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) )
> }
works perfectly, thank you. Should be completed (haha) by
complete -F _qvm qvm-appmenus
complete -F _qvm qvm-clone
complete -F _qvm qvm-firewall
complete -F _qvm qvm-move-to-vm
complete -F _qvm qvm-remove
complete -F _qvm qvm-start-gui
complete -F _qvm qvm-unpause
complete -F _qvm qvm-backup
complete -F _qvm qvm-copy-to-vm
complete -F _qvm qvm-pause
complete -F _qvm qvm-run
complete -F _qvm qvm-usb
complete -F _qvm qvm-backup-restore
complete -F _qvm qvm-service
complete -F _qvm qvm-kill
complete -F _qvm qvm-shutdown
complete -F _qvm qvm-tags
complete -F _qvm qvm-check
complete -F _qvm qvm-features
complete -F _qvm qvm-prefs
complete -F _qvm qvm-start

to have the shell behave nicer. If I have some free time, I might
customize this stub to suggest available options to all qvm-* and
qubes-* commands. I am surprised that I might be  the first one to
discuss this subject (?!)   Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98d68951-4ac3-4a5c-9d96-073e39352c7a%40web.de.
For more options, visit https://groups.google.com/d/optout.


Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-02 Thread Yuraeitha
Those are interesting points [799] & Ivan, I agree with both of your views. I 
also like the concept of moving guides/scripts over to the official Qubes doc's 
for final review if it reaches a certain minimum of quality. Keeping it 
separate in some sense to differentiate quality, seems like a good call as well.

Some of the issues/questions addressed seems like they could be solved quite 
effectively and efficiently on a highly customize-able forum? For example we'd 
be able to segment things cleanly, like moving work/posts between forums as 
they develop and gain quality, until the final stage where it's polished and 
published to Qubes doc page for official review, once it meets Qubes minimum 
quality standards, but preferably higher than minimum of course, so we don't 
risk spam the Qubes doc page. Maybe some things, despite being good quality, 
might not belong on the Qubes doc page, what belongs there? Should everything 
with high quality be added? or should there be a category limitations in 
addition to quality limitation?

As you suggested, I indeed don't mind to help doing something like that either, 
if we're going with forum approach (or something else), can I help move the 
work topics (like a single topic for a project-work-place) between the forum 
quality segments as the various scripts and guides evolve. It's also 
interesting that project activity can be traced back inside that topic, even 
after it has been moved to higher quality, so that it retains its history. Also 
Ivan, even if you're less active due to busy real life schedule, it'd make 
sense if you have similar capabilities if find something that needs moderation 
and got spare-time to do it, which adds flexibility. I'm not sure who else 
might be interested in helping out with this either? For example we won't be 
around 24/7, even if you're more busy than me I can't be around 24/7 either, so 
it might be a good idea to have a team of moderators, though of course we can 
start small and scale up as needed with new moderators as we learn to trust new 
people over time. It shouldn't matter if some moderators are less active 
either. When getting new moderators, then we can also for example segment 
moderators and global moderators. While the global moderators can moderate all 
the content segments, and segment moderators is kind of self-explanatory at 
this point, which are those who have less responsibility, for example new 
moderators when the script community grows. 

I think it also becomes more clear if we have different stages of development. 
For example if different stages have different kind of nature of qualities (See 
below). The first stage being a convincing useful concept. The second state 
practical solutions being developed. Then in order to reach the late polishing 
quality stage, it must have a united concept and roughly finished development. 
Then in the late stage, if it can't reach the final touch of subjective 
judgment, it'll remain there until it can surpass quality judgements. Then we 
could for example post all finished guides/scripts to the front page, which 
allows everyone to quickly see something is finished, without having to dig 
through all the otther topics, as well as people who only visit the website, 
only to keep check on the blog. 

For example the blog front page allows people to quickly visit, to check if 
something new is out, and then maybe have a look at the details, perhaps find 
some weaknesses and give feedback in the comment section. This way it gives a 
last opportunity to bring it to focus and review otherwise finished work, even 
if people don't read all the topics in the forums. Once everything checks out, 
for example let it be 14 or 30 days on the blog page for additional review? 
before posting it to the Qubes docs.  

- Early conception stage forum (concepts to be discussed, can also act as a 
spam filter).
- Middle stage development forum (work has started and its starting to take 
shape. One can start out alone, maybe others will join to help).
- Late stage polishing forum (testing, finding errors, security and reliability 
issues).
- Pre-review on front-page's blog (for i.e. 14/30 days).
- Published to Qubes doc page if it passes (or Qubes sub-doc page if needed).

Where appropriate, we can ask the question if it's fitting for a Qubes doc 
page. For example those 5 quality checkers you put forward Ivan.

Then, by looking into these different forums, one will know every topic is in 
concept phase, or if looking into the development forum and all topics are in 
their development phase and anyone can drop in to help in different topics. Yet 
another forum for the late stages, and all topics here require reviews, hunts 
for errors and polishing.

So we have a 2D axis here, one dimension is the segmentation of forum boards, 
forums, and sub-forums, while the other dimension is a layer of 
segment-users/moderator/global-moderator/admin capability. It adds a flexible 
work-place 

Re: [qubes-users] Re: Can I hope to run Qubes OS on Macbook Air 2013

2018-03-02 Thread 'Max Andersen' via qubes-users
On 03/02/2018 06:12 PM, andrewashbac...@gmail.com wrote:
> On Wednesday, January 13, 2016 at 5:15:06 AM UTC-8, mariusz...@gmail.com 
> wrote:
>> Same as topic name. I am currently running mac os with heavy virtual 
>> machines usage to get more security/privacy. I will probably switch to linux 
>> soon but since i plan on using a lot of one time use VMs or even whonix i 
>> would rather get as secure host as possible. So i figured why not use Qubes 
>> OS since i already do everything manually.
>>
>> If not mba what high end ultrabook would you recommend ?
> Have you seen the Purism Libre laptops?  https://puri.sm/products/librem-13/

Having a Lenovo X1 Carbon 16GB and 256SSD, a macbook air 8GB 256SSD, a
purism 13v2 with 512nvme and 16gb memory and a Lenovo Yoga 2 pro 8GB adn
256GB SSD, I must say, that the purism is bought with kill switches in
mind. It's more expensive, heavier and thicker.

If Open Source BIOS and kill switches is secondary, then The Lenovo's
are both hard rocking Qubes machines(and the qubes developer team uses
the X1 Carbon). I've had a few issues with the Librem(bios, fan's ,etc),
so be clear about your needs before purchase. If the Purism concept
appeals to you, go for it. If not, don't.

I even bought the Librem5 phone and await its arrival in a year or so,
but I guess I'm just a fanboy.

Sincerely
Max

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ecd543b3-fb11-008a-1bce-fd94e88e4f6a%40militant.dk.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anonymizing your MAC Address with macchanger and scripts

2018-03-02 Thread Chris Laprise

On 03/02/2018 05:43 AM, Unman wrote:

On Thu, Mar 01, 2018 at 05:52:48AM -0800, billol...@gmail.com wrote:

On Thursday, March 1, 2018 at 12:08:19 AM UTC-5, Chris Laprise wrote:

On 02/28/2018 08:23 PM, 'awokd' via qubes-users wrote:

BTW, as an example of Qubes-specifics in this issue, on sleep/wake
networkVMs don't process the normal array of events and system states
that bare-metal Linux distros do. At least this was the case for 3.x.
The result was that advocates of the macchanger script method (which
relied on such events and related hooks) recommended that users keep a
watch on the current MAC address and restart sys-net whenever it
reverted (waking from sleep was the most common/blatant example). They
didn't care to address the fact that the waking system was already
broadcasting the original address before the user had a chance to
restart sys-net (and not to mention the unmitigated headache of
restarting/reassigning all the dependant VMs).





Well, to be honest, I haven't kept up with it once I decided it wasn't going to work. 
 As I remember (and this is back before systemd, and you could still control 
everything from the /etc/rc.d files very easily), I put a little script in 
/etc/init.d and did the macchanger thing before I allowed the network to connect to 
anything.  If the network turned off, then it would randomize when it turned on.

I don't remember it reverting, but I may have just not been paying attention 
(or have forgotten in the haze of time -- it's amazing to me how quickly one 
forgets little sysadmin tricks when one stops doing it all the time).  I never 
dealt with VMs except for running Windows in Virtualbox, so I am clueless 
there...... though I am getting interested again playing with qubes.



The problem with NM method is that it gives you a fully random MAC
which makes you stand out like a sore thumb. Also, with some NICs, it's
easier to drop NM and use something like wicd, so the macchanger
instructions remain useful.


I could be wrong, but I thought the NM default behaved similar to the 
randomization range on Android and Windows.


But if its an issue, NM allows you to specify a bitmask to limit the range.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ff4b63ee-e2fc-d6b6-ac3b-aa7cd36496e0%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-02 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-03-02 23:16, Andrew David Wong wrote:
> On 2018-03-02 15:05, Yuraeitha wrote:
>> Some of the issues/questions addressed seems like they could be 
>> solved quite effectively and efficiently on a highly
>> customize-able forum?
> 
>> [...]
> 
>> Thoughts about using a forum?
> 
> FYI, in case you haven't seen this thread:
> 
> https://groups.google.com/d/topic/qubes-users/2rqas38ncFA/discussion
>
 
While at it, here are some other old threads where similar ideas have
been suggested:

https://groups.google.com/d/topic/qubes-users/D0YuoXMe_vE/discussion

https://groups.google.com/d/topic/qubes-users/es4q40dt1EE/discussion

Approximately every 6-12 months since the beginning of the project, a
new person (including me, at one point, IIRC) suggests that there
should be a Qubes wiki or forum, so you'll find many more threads like
these if you search through the archives. :)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqaMZcACgkQ203TvDlQ
MDDD4xAAwbajnwJ/PZxzrVnmzKECGkYVQQDs90LieN1s/ewuqilNx9Cdxk8Fy9La
jokevIemgSB/QjqRD1zl2L0ksn/XhsOgQyWyK+RCSNWdKsvDhJtsVvh0B5SA5t4N
FrMzig0uUHLodl9ZOT9ltvy/nOnMBj8YcfQ2i+3yEaOFSN6hc7DkyXnPRhLbEdrK
pwJJxbdAkvocSu6tEL1xE86cZ1CZrBIHvrVt1oCy1QPCr5EBNUukg4JMGOygZNi2
62TF+/vv1Fe9IeJ7tu+WaZLIJQ1guLesYMISMHAvsUaAwB+vbMFUFuRhHqhiB7Ir
qEyrf5S24aulX/F9w8043088Wd+RA/lWG2lyXZk3w9H+Gqn2UOKnKnJRCFxBmkbE
O+TS3/U4pB5t/4K9oezKc9dSODEt4RZO4LSN9U0i5Ksp4q1WDJyJC7eyRnQTpDc6
sQHHCi3d0kFTxDozcjCJPFTLhE3OYqBfCClMmCXlLhL1j2/N0XS9nOYWRL2foA1R
FLaE4lOBuoNcAQO/XTXMEd3F2XUlCKOiLCLdNCVIYyhZJSFwHqpwt8pRLRk6n2hs
EdiyVGQh4uyOt1rWEniPEyyb2Bx/MLSYT4iafU/3ltY7uKbzDpmaUSP+oVZd6+gj
6eEpVFlDzp4kfTCFRj3a/Gx8Ail4P9/KmHp+tBVfxrWQrFi+bWs=
=I6G3
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e7e33f5-ff89-fee2-b3f0-86403079adac%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-02 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-03-02 15:05, Yuraeitha wrote:
> Some of the issues/questions addressed seems like they could be 
> solved quite effectively and efficiently on a highly
> customize-able forum?
> 
> [...]
> 
> Thoughts about using a forum?
> 

FYI, in case you haven't seen this thread:

https://groups.google.com/d/topic/qubes-users/2rqas38ncFA/discussion

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlqaL5YACgkQ203TvDlQ
MDAB1xAAzWFSpxUdskyMekUg/K3oeH5umI7m2XMdlRw9AKYUtqKhxNgOOQv6DHTO
4uhFt5MMtmcae6XmfoRPMPGhLVMN7qUY7OeEz8EXzFUYa4DtSGdnf84ysRHYGD+k
U44j0Zb36sbH6ZuQfGoBf3Rydfb+rlHgZFH1iTQ+rMM8TUsn04KVD58E9UoMRKRm
ndKLlntPa+tUgD3LfKpTai2/pYvD4JDqBPpmL1OMVnQ7Fdi/H55EGV2B/aCW2O44
uyxHJX6BgnwvAeaMZtdE3NkpEIbbiMjSODLpma335j23wDn1r+FyI+xsdE8h9M9L
WJZjrKs5gfGHfvxef13xYScujjjEQGDBfZz5Os5IrLMJ12Riq+S79ARuJAxQeGop
SGXcQR+Qk4OnI3tPIX+zkVDKFXXmtJltQlDh7rfrP15d+/Il5ENoo2+RA+WlgQxS
/vcHmbXcytR6GwpS406umeGcYk4H95vFjvb+KJbJWHpltSQHJRCSGkxM3xVFFuLH
8oFIlfP/f9Huh0aI36jKzyScEESvdvUa0pHPJ279OqSjPZ8FsxpbaDUYKj+saXUU
gRLTXnDsOytJb/U/+gqcUF048R2KtK8YcLeH6bS1NFvkHEsG1TLs3ihdEndZXz6Y
TyzVe83QX1e+5g29CTUYd5B3yYMv8nOLmkWciqPExBZebLEYJ+c=
=oKGu
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b87eb37-a69c-2d26-6c28-8b8dc4fc5861%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Adding AppMenus in Qubes 4

2018-03-02 Thread Glen H
Hi,

I'm trying to follow the instructions here for adding app menus:

https://www.qubes-os.org/doc/managing-appvm-shortcuts/

But I can't get it to work. I noticed that only templateVMs have an 
"apps.templates" directory so I added a new vuescan.desktop file to my 
template's dir from Dom0 
(~/.local/share/qubes-appmenus/fedora-26/apps.templates/vuescan.desktop) with 
the contents:

```
[Desktop Entry]
Version=1.0
Type=Application
Terminal=false
X-Qubes-VmName=%VMNAME%
Icon=%VMDIR%/apps.icons/vuescan.png
Name=%VMNAME%: VueScan
GenericName=%VMNAME%: Scanner
Comment=Scan Documents
Categories=Office;Scanning;X-Qubes-VM;
Exec=qvm-run -q -a --service -- %VMNAME% qubes.StartApp+vuescan
X-Qubes-DispvmExec=qvm-run -q -a --service --dispvm=%VMNAME% -- 
qubes.StartApp+vuescan
```

Then I run `qvm-sync-appmenus --verbose fedora-26` from Dom0 and it removes my 
appmenu:

```
(snip)
2018-03-03 00:51:02,911 [MainProcess receive.process_appmenus_templates:303] 
fedora-26: Updating eog
2018-03-03 00:51:03,108 [MainProcess receive.process_appmenus_templates:342] 
fedora-26: Removing vuescan.desktop
2018-03-03 00:51:03,114 [MainProcess __init__.appmenus_create:177] fedora-26: 
Creating appmenus
(snip)
```

See the second line.  Does anyone know how to add AppMenus in Qubes 4 (with 
recent update)?

Thanks,

Glen

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d59149cb-77c5-4405-b861-253a3ce49519%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


AW: [qubes-users] Connect to MS Exchange under Qubes with Davmail (Was: For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up)

2018-03-02 Thread '[799]' via qubes-users
Hello,

I know that this might be slightly Offtopic, but I am sure that I am not the 
only one working with davmail.

QUESTION:
Who else is using Davmail to connect Exchange to their favorite Linux Outlook 
replacement?
And are you able to delete an appointment from Evolution or maybe khal?

I am trying to replace OWA (Outlook Web Access) with native Linux apps.

I got Email, Contacts and Calendar entries synced from our corporate Exchange 
server to my "mail qube" using offlineimap and vdirsyncer.

There is only one annoying last topic:
I can't delete calendar entries, I can create them, sync them and if calendar 
entries get deleted on my phone or my exchange server they will also disappear 
from Evolution/Thunderbird/khal.
But under all three apps I have problems deleting an calendar entry, as such I 
think it might be a Davmail issue, but I am unsure.

Just for the info about my setup:

Caldav connects to our corporate Exchange Server and provides local 
imap/SMTP/caldav/carddav interface to the AppVM.

Currently I am still using various apps to finds what works best for me

Evolution
Connects to Davmail
Email and Contacts are working
Calendar entries can be created, synced, viewed but not deleted

Thunderbird
Connects to Davmail
Email and Contacts are working
Calendar entries can be created and synced, but not viewed and not deleted

Neomutt
Connects to maildirs, which are downloaded via offlineimap, which connects to 
Davmail
Email is working

ikhal / khal
Connects via vdirsyncer to Davmail.
Calendar entries can be viewed and created but not deleted

khard
via vdirsyncer to Davmail
Contacts can be created, changed, synced and viewed

The only missing part in all calendar apps:
Deletion is not possible and results in an error message of Davmail.

[799]

 Original-Nachricht 
An 2. März 2018, 01:40, '[799]' via qubes-users schrieb:

Hello,

As my company is using Microsoft Exchange without enabling remote access per 
IMAP I had to work with the Outlook Web Access (OWA) Interface.
But this is only a workarround as I can't access offline emails etc.

I found a solution which provides an Gateway between exchange and your favorite 
Linux apps for mail/calendar: Davmail.

I got email and also calendar running and wrote a "quick'n dirty" how-to which 
I would like to see improved.

https://github.com/QubesOS/qubes-doc/pull/608

Currently it covers only mailpart (reading Exchange emails with Thunderbird 
and/or neomutt).
Reading my exchange mails with neomutt is fun.
Of course it will also work with Evolution.

Regarding calendar entries which is also very important as all my colleagues 
are using Exchange:

I was able to sync evolution with the exchange calendar. I can create new 
entries in evolution which are synced back to the exchange calendar. Great!
But I can't delete calendar entries from evolution. If I delete an calendar 
entry on my phone or my corporate Outlook it will also be removed in the 
evolution.

In Thunderbirds Lightning I was able also able to sync my Exchange calendar, 
but as soon as I open a calendar entry I get an error message.

Thereof I have to troubleshoot this, having email AND calendar (connected to 
Microsoft Exchange) working natively in Qubes would be a major Improvement to 
productivity.

@yuaeitha:
This quick'n dirty how-to is a good example why your idea sharing scripts and 
howtos is great.
It is far away from being a qualified how-to, still it might be of use for 
someone who is trying to connect to their exchange server from within Qubes.

Thereof I have created a new document on the qubes-docs, so that other can see 
it.

Still, I think a newbie user will not find this, as they will look in the Qubes 
docs pages on the Qubes website and not within GitHub.
At least I wasn't doing it since a few weeks ago...

[799]
.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9tK2AG4uMIWn4B9YmRKgF8YG_wic1vIFlgGzy7ThFyyo9AFIHl21P8yiBldb0NPXrdWise4lF6wUCVFNU67AlbngpEeT5VYe3A6uQnPhlf0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: AW: Re: [qubes-users] Qubes 4 and coreboot

2018-03-02 Thread taii...@gmx.com

On 03/01/2018 11:09 AM, '[799]' via qubes-users wrote:


Hello,

 Original-Nachricht 
An 1. März 2018, 14:46, Jo schrieb:


If you strip down ME, you should
blacklist me / ime, to speed up boot.

I've read this within this thread sometimes, what exactly needs to be done here?
I have run ME_cleaner and when booting up there is a delay, can this be 
resolved by blacklisting something? If so where? What?

You gotta blacklist the intel_ips module

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21411828-3a17-6a49-a9b4-e6ffec14bd26%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] High spec laptop for Qubes OS

2018-03-02 Thread taii...@gmx.com

On 03/02/2018 01:27 AM, Tim W wrote:


No it does not yet it gets repeatedly mentioned to where it makes people think 
its viable option which it is not.

The op wants a high end laptop which also eliminates all the old coreboot 
laptops.  as he wants a laptop it also removes the asusu amd server board 
desktop builds.  Best bet is lenovo thinkpad with the highest ram and processor 
combo and ssd drive/s.  It will likely give the best compatibility
I guarantee no one can tell the difference between a quad core ivy 
bridge W520 and whatever the latest crap lenovo is selling.


Secure laptop.
Slightly faster laptop.

Pick one.

I am tired of people like you who recommend choices that are literally 
dangerous - lenovo adds backdoors and virii to their modern hardware, 
and they have done so again and again even after getting caught multiple 
times.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61490af6-ddf7-9873-96c1-a3d5e9d1975c%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: High spec laptop for Qubes OS

2018-03-02 Thread Alchemist
On Saturday, February 24, 2018 at 8:11:21 PM UTC-5, ad...@adammccarthy.co.uk 
wrote:
> Hello,
> 
> I currently run Qubes OS on an XPS 13 from 2015 with an i5-6200U, 8GB 
> RAM, slow NVMe. It can't really handle Qubes OS - it's quite laggy and 
> struggles to play video on the 4K screen. The CPU and RAM are normally 
> maxed with a couple of VMs running, even without video.
> 
> I'm going to buy a new laptop with a higher spec which should hopefully 
> handle things well. The following laptops are my final five contenders. 
> They all have a discrete GPU, which I'm hoping to passthrough to a VM 
> for playing streaming video (h264/h265/vp9 codecs). Do I have this right 
> that it would be most efficient to use the Intel GPU in dom0 and the 
> discrete GPU in the VM? I also do a lot of scientific computing, so it's 
> useful to offload some computation to a GPU via CUDA.
> 
> I get the impression from the HCL that they should all work fine as long 
> as I replace any non-Intel wifi m.2 sticks with an Intel 8265. Do you 
> have any thoughts on whether one would be more appropriate than another?
> 
> Dell XPS 15 9560 (2017)
> Intel i7-7700HQ Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + NVIDIA GTX 1050
> 
> Dell XPS 15 2018
> Intel i7-8705G Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + Radeon RX Vega M GL
> 
> Dell Precision 5520
> Intel Xeon E3-1505M v6 Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + Nvidia Quadro M1200
> 
> Lenovo P51
> Intel Xeon E3-1505M v6 Quad Core
> 32GB RAM
> 512GB M.2 NVMe
> Intel + NVIDIA Quadro M2200
> 
> Razer Blade
> Intel i7-7700HQ Quad Core
> 16GB RAM
> 512GB M.2 NVMe
> Intel + NVIDIA GTX 1060
> 
> Thanks,
> Adam

The Razer Blade and the XPS/Precision both have hellish thermal throttling 
issues. I can't imagine putting a hotter CPU in the 15 with the same cooling 
will end well. 

I have the P51 and the issues around it are regarding the thermal paste, if you 
do a repaste with kryonaut or similar you'll keep a lower avg temp. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6697ecd-191d-42c4-9c40-2d9d1022cb1b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: High spec laptop for Qubes OS

2018-03-02 Thread Tim W
Everyone knows those issues on this board and its understood.  Point being he 
asked for present day high end laptop but at the same time I will agree with 
you that for most basic use models its not so much the processor as it is ram 
amount but one thing for sure is you can not recommend a PC that one is not a 
laptop and two has no xen or qubes support i.e talon/powerpc.

I think its rather moot talking about intel backdoors when its 100% plausible 
that countless firmwares are backdoored.  Its been mentioned numerous times by 
Joanna Marek and others that at some point at this current point in consumer 
computing ayou must accept trust.  Whatever that point is may be different for 
different people but unless you are going to make a computer from silicon up 
and every line of code to include a compiler etc you must trust at some level.  
Thus the whole idea of picking and choosing which of the possible violation is 
unacceptable is rather moot

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2baa7894-839f-4bed-89d8-fd427eb0152f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Building Centos template conflict error?

2018-03-02 Thread Tim W
On Friday, March 2, 2018 at 4:05:30 AM UTC-5, Unman wrote:
> On Fri, Mar 02, 2018 at 12:41:29AM -0800, Tim W wrote:
> > On Tuesday, February 27, 2018 at 2:37:46 AM UTC-5, Frédéric Pierret 
> > (fepitre) wrote:
> > > Le mardi 27 février 2018 00:30:10 UTC+1, Tim W a écrit :
> > > > Great that was failing basically on all non standard templates i.e. not 
> > > > fedora, debain, or whonix.   They would all fail but it seems each had 
> > > > issues ubuntu, centos, arch.  Seems they are each getting fixed for 3.2 
> > > > and getting updated for 4.0 now.  I was just testing to ensure things 
> > > > were still working for building as I know many prefer to build their 
> > > > own iso and templates vs binary.  I am one.  Figured if docs had to be 
> > > > updated I would do that but it seems at most just a tweak or two in 
> > > > docs is all thats needed.
> > > 
> > > Indeed, it was just an adjustment with respect to the rpm spec of the 
> > > conflicting package. CentOS is shipping a file in their own dconf but not 
> > > Fedora. Recently a file /etc/dconf/profile/user has been used and 
> > > provided by Qubes and that is why there was a recent conflict. The 
> > > template for R4.0 is on the road! I finished last week to do all the 
> > > necessary and Marek is currently implementing it.
> > >  
> > > > Thanks again for you and Marek getting it working
> > > 
> > > You're welcome.
> >  
> > Just tried to build the standard template only under 3.2 and got this 
> > conflict
> > 
> > Transaction check error:
> >   file /etc/dconf/profile/user from install of 
> > qubes-core-vm-3.2.25-1.el7.centos.x86_64 conflicts with file from package 
> > dconf-0.26.0-2.el7.x86_64
> > 
> > It fails on $make template
> > 
> 
> It's the same conflict - I guess you need to wait for the change to be
> merged to 3.2

Yes sorry about that it was very late and I was a bit punchy.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6906ac1c-4e53-4d0b-81ac-f33ef108bab3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Mac Spoofing preinstalled? - Qubes 4 rc4

2018-03-02 Thread Tristan Fleming
Has mac spoofing been preinstalled in Q4 rc4? I cant find any documentation on 
it, but the cmd: ip link show wls1 

changes every 10 minutes or so. I actually want to stop it and I cant seem to 
make it static. Lil help!!

Ive tried everything I can think of. Im not entirely understanding the network 
topology. 

I have figured out that Macchanger is installed on the Debian Template. Im 
otherwise at a loss. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/517b55f5-0457-454c-9e1a-ffb9f3e6c264%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] bash autocomplete

2018-03-02 Thread Unman
On Tue, Feb 27, 2018 at 11:48:41AM +0100, haaber wrote:
> > Since Q4 much admin work is done on the command line. So it makes sense
> > to learn bash to autocomplete nicely. I tried this in dom0:
> > 
> > _qvm()
> > {   local cur VMS
> > COMPREPLY=()
> > cur="${COMP_WORDS[COMP_CWORD]}"
> > VMS=`qvm-ls | cut -f1 -d" "| grep -v NAME`
> > COMPREPLY=( $(compgen -W "${VMS}"  ${cur}) )
> > return 0
> > }
> > complete -F _qvm   qvm-start
> > 
> 
> there was a small type (APPVMS <-> VMS) that is not the real problem
> here. I corrected it above inside the quote.  Bernhard
> 

Try this:

_qvm()
{   local cur 
COMPREPLY=()
cur="${COMP_WORDS[COMP_CWORD]}"
VMS=`qvm-ls --raw-list`
COMPREPLY=( $(compgen -W "${VMS}" -- ${cur}) )
}


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302092202.xnj6axgizlzautow%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Cannot assign USB controller to App VM anymore (Qubes 3.2)

2018-03-02 Thread sboresch
Dear Qubes community,

after using 3.1 and 3.2 in production on my primary laptop 
(Lenovo X220), and having used that machine to test Qubes since R2,
I now have the need to make my built in camera available in an App VM (I choose 
untrusted, but may a dedicated one later on).

However, I am failing to pass through the
USB controller to the App VM. This
may never have worked with Qubes 3.x (didn't need it so far), but I definitely 
tested this in the 2.x days. 
Since it was experimental(?) at the time, I chose not to install
a dedicated USB VM, so by default both USB controllers are
assigned to Dom0. This is what my system/hardware looks like
Please note that this is Qubes R3.2!!

lspci (in Dom0):
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family 
USB Enhanced Host Controller #2 (rev 04)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family 
USB Enhanced Host Controller #1 (rev 04)

lsusb (in Dom0):
Bus 002 Device 003: ID 0bdb:1911 Ericsson Business Mobile Networks BV 
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 04f2:b217 Chicony Electronics Co., Ltd Lenovo Integrated 
Camera (0.3MP)
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Output of 'readlink /sys/bus/usb/devices/usb1'
../../../devices/pci:00/:00:1a.0/usb1

I assumed that the path of least resistance would be to attach
the USB controller with pci ID 00:1a.0 to my AppVM (untrusted).
So, 

qvm-pci -a untrusted 00:1a.0
qvm-pci -l untrusted
['00:1a.0']

However, as apparently often seen (mailing list, FAQ), at that
point I fail to start the AppVM:

[user@dom0 ~]$ qvm-start untrusted
--> Creating volatile image: /var/lib/qubes/appvms/untrusted/volatile.img...
--> Loading the VM (type = AppVM)...
Traceback (most recent call last):
  File "/usr/bin/qvm-start", line 136, in 
main()
  File "/usr/bin/qvm-start", line 120, in main
xid = vm.start(verbose=options.verbose, 
preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
notify_function=tray_notify_generic if options.tray else None)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 
1979, in start
self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in 
createWithFlags
if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', 
dom=self)
libvirt.libvirtError: internal error: libxenlight failed to create new domain 
'untrusted'

And xl dmesg shows:

XEN) [VT-D] It's disallowed to assign :00:1a.0 with shared RMRR at da8d5000 
for Dom5.
(XEN) XEN_DOMCTL_assign_device: assign :00:1a.0 to dom5 failed (-1)

Further, pci ID 00:1a.0 still shows up in dom0.

In the context of dedicated USB VMs there is a FAQ pertaining to this,
and clearly there are several github issues related to this. However,
e.g., after

qvm-prefs untrusted -s pci_strictreset false

I get exactly the same error (AppVM untrusted fails to start). I tried
the trick resetting USB to 2.0 (though given the age of the machine
I am not even sure that this is a 3.0 hub/device); again no effect --
as far as I can tell identical error. 

Yesterday too late I found some discussions from 2015 in a Xen mailing list, 
where someone eventually succeeded using several options, but
I don't know how to set these in Qubes (via qvm-prefs??).

I should add that i tried again after rebooting as well, but no
change. So, I am puzzled as I know that this worked in Qubes 2.x.
Am I missing some small print in my attempts and/or in what order
should I try the tricks that might remedy this?

I guess I could try setting up a USB VM, but I assume I would run
into exactly the same issue. And aside from the need to assign the
camera, I don't exactly have a use scenario for a dedicated USB VM
on that machine.

Help appreciated, thanks in advance!

Stefan 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5bdaaeb8-4de3-4895-8a37-3027d1ba418b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Building Centos template conflict error?

2018-03-02 Thread Tim W
On Tuesday, February 27, 2018 at 2:37:46 AM UTC-5, Frédéric Pierret (fepitre) 
wrote:
> Le mardi 27 février 2018 00:30:10 UTC+1, Tim W a écrit :
> > Great that was failing basically on all non standard templates i.e. not 
> > fedora, debain, or whonix.   They would all fail but it seems each had 
> > issues ubuntu, centos, arch.  Seems they are each getting fixed for 3.2 and 
> > getting updated for 4.0 now.  I was just testing to ensure things were 
> > still working for building as I know many prefer to build their own iso and 
> > templates vs binary.  I am one.  Figured if docs had to be updated I would 
> > do that but it seems at most just a tweak or two in docs is all thats 
> > needed.
> 
> Indeed, it was just an adjustment with respect to the rpm spec of the 
> conflicting package. CentOS is shipping a file in their own dconf but not 
> Fedora. Recently a file /etc/dconf/profile/user has been used and provided by 
> Qubes and that is why there was a recent conflict. The template for R4.0 is 
> on the road! I finished last week to do all the necessary and Marek is 
> currently implementing it.
>  
> > Thanks again for you and Marek getting it working
> 
> You're welcome.
 
Just tried to build the standard template only under 3.2 and got this conflict

Transaction check error:
  file /etc/dconf/profile/user from install of 
qubes-core-vm-3.2.25-1.el7.centos.x86_64 conflicts with file from package 
dconf-0.26.0-2.el7.x86_64

It fails on $make template

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc0793b9-8b9d-4e36-84a5-919e002edfcd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: non qubes

2018-03-02 Thread Yuraeitha
On Friday, March 2, 2018 at 7:07:17 AM UTC+1, Tim W wrote:
> On Thursday, March 1, 2018 at 3:30:52 AM UTC-5, jer...@disroot.org wrote:
> > where do i find support for security, privacy? (some place where i can post 
> > with anonimity too, reddit privacy requires java script i think, doesn't it 
> > compromise anonimity? also i would like to ask how things are recommended 
> > in doing, like a guide, etc...
> > 
> > for example i need to know if enabling java script to watch youtube in tor 
> > will compromise anonimity or anything like that, or enabling java script in 
> > other websites, if it's a risk.. and how i should tell where i can enable 
> > java script, etc.. also if it's recommended to buy stuff through tor, and 
> > how, etc and what its benefits, etc...
> 
> Javascript itself will not reveal your IP over Tor ie break tor.  But 
> javascriptt has always had security issues that could be used to run code 
> that could itself reveal ip etc.  This is more an issue with emails and small 
> or spoofed sites etc not a large offical site like youtube.  
> 
> Honestly I do not understand people using gmail etc if privacy is critical.  
> Even using pgp for all text etc so much can be learned from your habits email 
> accounts contacted time of use etc...  Its sad they own so much of the 
> Internet data and portal activity these days such as youtube.  I wish this 
> list was not hosted but its so hard to avoid the carrot when its a opensource 
> project. 
> 
> Use tor to setup a protonmail etc if you need a webmail account.

While I in general agree, some e-mails are created specifically for a specific 
purpose. People who use gmail on these websites for example, may not 
specifically use that e-mail for anything else. Since we're already posting on 
gmail mailing lists, it shouldn't make any difference anyway, google will know 
irregardless of which mail is used here. Though perhaps there is a legal 
difference, maybe? But as long it isn't used outside google systems, then 
having a gmail here shouldn't make much difference. Unless I overlooked 
something? legal element maybe?

It won't be long before A.I. can just scan and analyze the way how people write 
to profile people and identify them. It's essentially the same tech as 
face-recognition software, which many laughed off just a few years back, but 
today is very real. So too is happening to A.I.'s that can identify people by 
how they write. Google is likely no exception here, and irregardless of which 
mail you use, they would probably be able to identify you one way or another if 
you only once slip up and publicize your writing style. It's like a 
fingerprint. The future is scary.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/de799c21-3725-4ea0-9325-3cc37013093d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Netvm reassignment blocks network traffic - 4.0rc4

2018-03-02 Thread Zrubi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/02/2018 06:19 AM, 'awokd' via qubes-users wrote:
> On Fri, March 2, 2018 5:04 am, Chris Laprise wrote:
>> Whenever I try to assign a running appVM to a different (running)
>> netVM, networking always becomes blocked. I have to restart the
>> appVM in order for networking to work with the new netVM and
>> to do that I have to kill the appVM first because it won't
>> shutdown after reassignment.
>> 
>> I think this may be a bug. Specifics don't seem to matter, the
>> VMs can be plain firewall or vpn, debian or fedora on either
>> side.
> 
> Sure it's not a feature? I could see opportunities for leaks to
> happen if the firewall ruleset gets swapped out live, depending on
> ifdown/up etc. sequence.


No it is a Xen related bug in the kernel version newer than 4.14.12
As I reported here:

https://groups.google.com/d/msgid/qubes-devel/05031ade-b019-986e-e378-32
cc8fff916e%40zrubi.hu



- -- 
Zrubi
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZG1UACgkQGjNaC1SP
N2RvbRAAsq5QPJe6U35nmxKvMkQGxEYVN9r3Kl9kncO5y8Btsa9kTFeiYNd7IxcQ
Nocas9RKMSkyqRQHlvz1UC5NbqJkDe1GZFwND8MW+oh85iCSm70jNvED6slgoRSR
H8f0vFf/OvGaS19/xPFfnKWVVZll1Iq3W5fFXz6/DR8FHQfOKKMLXd481YGdB4UO
LT5f67cttc+2biJxUZQMlJy2DLcZtVXhHi7+FjMPSuTkDH2ID5kMwe7E85fGyw2j
E5yeAc3UnLlPqu8UV2nHkkBLmXA6NDkHs1qz6IpS1MBztYPk4hacGKm45+mSmgN7
g86bLKVK4ntMMiofCV3EVHFNwYZzM91rAdqQqL4orA+CfxoEGqK+1XTKeVo+gjkD
EQFnpa5HbCQPzX6lzn5l98uxolRa3L6H1MriEmbXuoL2qrOoO3YbssIJPSCnZe/o
lpQ8gupEqr7XH24t7k81Mkgx4tUi8+M07iVljXVDWYy60a92W8l8wxp9ypH+Yogf
RlBAYIPOzVSndhMkfkINWNfAGj0Iujwb2ocF1KDUN6pwIm0DgwxVtoNNUYSxOZTS
j6fw2TNYMTW40AxoVn5+uS9+ZiLYrEY19XyZOZvnd+gR0iO6SCFR7Eo6qPQpRsic
V+vdwE0eUwrRPoas26J+je9xL1lLIeL2niPsuWXrN1YLgkoORs4=
=NDyY
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f787690a-67fc-2d6f-ac14-9a0f19866767%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Will there be a gentoo template in the plans?

2018-03-02 Thread Tim W
On Tuesday, February 27, 2018 at 2:47:37 AM UTC-5, Frédéric Pierret (fepitre) 
wrote:
> Le mardi 27 février 2018 00:23:32 UTC+1, Tim W a écrit :
> > If you get it working I am happy 5o write up a hpw to doc for qubes doc.
> 
> Thank you! Yesterday I was thinking about releasing a first pre-version of 
> the builder-gentoo I've made to eventually be helped. If I remember I was 
> ending on packaging linux-utils. So maybe I could ask to Andrew to open a 
> project on qubes-issues or something like it to track the progress.

That would be GREAT!!  Its one if not my favorite distro.  I also while I love 
the ease of management systemd has brought I do not like the virus like growth 
of it and bu buggy coding practices and nonunix mentaility.  OpenRC to me is 
better example of what systemd should be.

Anyways great to see this move forward and happy to help with testing and doc 
work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d2d24ea-c03e-4af6-82ff-f42717e3a461%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Building Centos template conflict error?

2018-03-02 Thread Unman
On Fri, Mar 02, 2018 at 12:41:29AM -0800, Tim W wrote:
> On Tuesday, February 27, 2018 at 2:37:46 AM UTC-5, Frédéric Pierret (fepitre) 
> wrote:
> > Le mardi 27 février 2018 00:30:10 UTC+1, Tim W a écrit :
> > > Great that was failing basically on all non standard templates i.e. not 
> > > fedora, debain, or whonix.   They would all fail but it seems each had 
> > > issues ubuntu, centos, arch.  Seems they are each getting fixed for 3.2 
> > > and getting updated for 4.0 now.  I was just testing to ensure things 
> > > were still working for building as I know many prefer to build their own 
> > > iso and templates vs binary.  I am one.  Figured if docs had to be 
> > > updated I would do that but it seems at most just a tweak or two in docs 
> > > is all thats needed.
> > 
> > Indeed, it was just an adjustment with respect to the rpm spec of the 
> > conflicting package. CentOS is shipping a file in their own dconf but not 
> > Fedora. Recently a file /etc/dconf/profile/user has been used and provided 
> > by Qubes and that is why there was a recent conflict. The template for R4.0 
> > is on the road! I finished last week to do all the necessary and Marek is 
> > currently implementing it.
> >  
> > > Thanks again for you and Marek getting it working
> > 
> > You're welcome.
>  
> Just tried to build the standard template only under 3.2 and got this conflict
> 
> Transaction check error:
>   file /etc/dconf/profile/user from install of 
> qubes-core-vm-3.2.25-1.el7.centos.x86_64 conflicts with file from package 
> dconf-0.26.0-2.el7.x86_64
> 
> It fails on $make template
> 

It's the same conflict - I guess you need to wait for the change to be
merged to 3.2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302090527.hzdlgrxi2cf3judo%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems with qvm-run --pass-io

2018-03-02 Thread donoban
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/02/2018 08:38 AM, Robert Walz wrote:
> [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat 
> "/home/user/meta.raw"' >
> /var/lib/qubes/appvms/metasploitable/root.img I stopped the command
> with Ctrl+C, because the root.img became bigger than the original
> file's size. Then I got the following error messages.

Could you post:

[robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh
 "/home/user/meta.raw"'

Maybe your raw file is an sparse file. I'm not sure if cat would
handle it fine.
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqZE7MACgkQFBMQ2OPt
CKV38g/8CLzOQ1j/mA5SclMy8u4XiOiB8WFTN+SID7dJl2P3PvX8hUQ7gv9vHjS6
SyuBsKRBIOgG6G102oizvc/5qYTU0u97iJ6j0b1uJKDJhadJbhbuDt2rx+d5X3CI
AfFarelpiGjZHPIUZqYAmZeezvwV7wAvm3lwIBJm08Am3NYjIUhDQ/Tm1G2siN0B
PgLjh3+FZEJjJ58cb0x9r08Y+xOFF1pOXYxiGmvRu1hC/kK+s3QRq/jlm7tbdiXE
2EDjVVxX7eNScMfmjs4w9QGa9Ez+Bfp/F0Yt7p6Gqvs3ELhgIL6g/udraZijUQlO
X7NuON20bodrzfKtARYY6EMoi+zKp2Hv5x5v9gtnUgLUOtJkZVm+nuhGgyXbWDDq
UJAb23GGfMh+vXmtgl7zFxrgeX5gV90+C0WzwL6hyKMRMPyoA1prmkJM4DVfgIWX
NjdPCupxgspq9QIIIs9yTwzVZLeswm1CPu2XA4aFCUh5/l5gppahjkmaWO5PECj5
MHmTLh+pVBveMd6VDEa88zAY0qiIvfEyGhOS4y9dps8foYucQC3ojDJ/iXH4KWVq
uzibhzMOtLtgvet9xCifciERtghArITkNvdlYLTC5tisqtrHA0byqgo1sKUkDqrK
YbeSLyp8GTQ3mN+lcYXJ5HsEdJZtzxdYqve1IfopQsU7Z1LNurk=
=oLBE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f34e13f-1a60-670a-8105-e8b930a446bd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: Re: [qubes-users] Howto: Enable WWAN (LTE Sierra EM7345) in Qubes OS (Howto install ModemManager in Qubes)

2018-03-02 Thread akiraloopback via qubes-users
Hi 799,

> have you tried this:
> qvm-prefs usbVM -s pci_strictreset false
> See also:
> https://www.qubes-os.org/doc/assigning-devices/ 

no, I didn't, and yes, that did the trick. Thanks!

Best,
Akira

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e08c95cc-9149-4a87-b8a3-d871d26f25e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Migrating to second hard drive

2018-03-02 Thread Unman
On Fri, Mar 02, 2018 at 04:10:24AM -, 'awokd' via qubes-users wrote:
> On Fri, March 2, 2018 3:38 am, Glen H wrote:
> > On Thursday, March 1, 2018 at 10:37:26 PM UTC-5, Glen H wrote:
> >
> >> Hi,
> >>
> >>
> >> My primary SSD is out of space and I have a second hard drive.  I've
> >> formatted it but not sure how to migrate my cubes to it.  Does anyone
> >> have any instructions for doing this?
> >>
> >> Ideally, I'd boot from my new hard drive and use original one to store
> >> my backups of my qubes.
> >>
> >> Thanks,
> >>
> >>
> >> Glen
> >>
> >
> > I forgot to mention that I'm on Qubes 4 and I'm pretty knowledgeable
> > about Linux.
> 
> Make sure you do a backup first. You might be able to "cheat" and DD the
> small drive to the larger then expand, as long as you're comfortable with
> LVM. On the other hand, pulling the small drive, installing Qubes on the
> new, and restoring from backup wouldn't take that much longer.

If you cheat you'll have to fix grub if you're using it. I suspect it'll
be cleaner to take the second option and install 4.0 on the new drive
when it comes out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302092600.4dywr6zfonh4idrt%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

2018-03-02 Thread Zrubi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/24/2018 01:26 PM, 'awokd' via qubes-users wrote:

> I'm attempting to convert the above into a Qubes doc 
> (https://github.com/awokd/qubes-doc/blob/transproxy/configuration/tran
sparent-proxy.md)
>
> 
but don't have a Squid proxy to test against.
> 
> For anyone who does (or is familiar with how they work): A) Does it
> look right? B) In step 3, adding apt/dnf proxy settings to all
> AppVMs based on the same template as the UpdateVM's seems a bit
> broad. Is there a way to fine-tune it? C) Any special R4.0
> considerations?


Well the biggest issue that if you have a transparent proxy that means
you do not need any configuration about the proxy. That why it is
TRANSPARENT.

So it seems your corporate have normal proxies, not transparent ones.
So the title (and the usage of the term: "transparent proxy") is
misleading.

Beside from that it is a good collection of all the possible proxy
settings locations.

- -- 
Zrubi
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEw39Thm3rBIO+xeXXGjNaC1SPN2QFAlqZGWQACgkQGjNaC1SP
N2QDHA/+KDsuGTavjimlA3nd6W0Wh7zmV7G8E7SFrF/NaY4ntftREKew8wPART6b
Jq+nIkTBLGadVsjs0vyZA/6e442wT8fQ++yr+1oBcwlPK7fwUJ06n0qpS7ZPsrKG
SXorr/oORb3O04Ru1fMAruxx3NvB+lOkJVnCFyG6KVaPx6sAfhvjVI6D43dm9xIl
zBL9N537cU0o6EMw6JSMxVXu9+MvjD+vS4P/NOQC8rJj9I/t7j9GkbNI29RF+rAf
UAtOFzvFD/4kYiym4pf68O/SSi2BNOw/Y7X7MYC2MPo6W+jsgMmcaZOUzVdvxvcW
EaBj+floNKOxce/dwwMNLxEfRV+D8sQKzw4L0l/m9YcK8FdD0+gd5bby4xMY9f5e
0dTcDZ9dvbQ/64zv5KWyGLQ+/n48S19T/X2oOGMIKR8jTmnBhrd3Ft48Olhwe3Pn
8wDjxtbIK6B8Wdxl5rDYhjBGpsRlINzZr/e+hH+8H0bjWOJev6dgIwRzCKBaXLwM
8PVLxEQgweQWULX/be5LI3LILC10gqm6jXXpscvc6ZykjXiOHAsU5FfZ/bs120HP
N2sHPE7K/mbgElbqZ8WhT+UrmIcaTacKmD35P6fRrLSggrgOrZKG7XsrbUQdRwH4
tauugFJmi99/QiuodJSfrn0Nrqb7uZHWEvng6iHlGEjP7FgEyBc=
=4Qhq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89477a12-a979-a273-a369-83ba2c8336d4%40zrubi.hu.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] kernel panic after upgrade

2018-03-02 Thread maiski

Hello,

Unfortunately after the last update of Qubes 4.0 I have a kernel  
panic: "unable to mount root fa on unknown block" and would appreciate  
if somebody here could give me a tip.


I installed Qubes 4.0-RC1 and since then been only updating.

After the next-to-last update I was not able to boot xen 4.8.3 and  
linux 4.14.13-3.
With the following configuration: xen 4.8 and linux 4.9.56-21 there is  
no problem.

My machine is Lenovo T470S.

Does anyone have an idea?

m


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302092214.Horde.FjwmsmuxwtpyuRAHnW4jwA1%40webmail.df.eu.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

2018-03-02 Thread 'awokd' via qubes-users
On Fri, March 2, 2018 9:29 am, Zrubi wrote:
>
> So it seems your corporate have normal proxies, not transparent ones.
> So the title (and the usage of the term: "transparent proxy") is
> misleading.

I caught that too after the email, the PR I submitted doesn't talk about
"transparent" any more.

> Beside from that it is a good collection of all the possible proxy
> settings locations.

Thanks for looking it over!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/511af2b5ee832180559f43874df5c545.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems with qvm-run --pass-io

2018-03-02 Thread Unman
On Fri, Mar 02, 2018 at 10:04:53AM +0100, donoban wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 03/02/2018 08:38 AM, Robert Walz wrote:
> > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat 
> > "/home/user/meta.raw"' >
> > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command
> > with Ctrl+C, because the root.img became bigger than the original
> > file's size. Then I got the following error messages.
> 
> Could you post:
> 
> [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh
>  "/home/user/meta.raw"'
> 
> Maybe your raw file is an sparse file. I'm not sure if cat would
> handle it fine.

I think you're right.
cat will churn the whole file, you need some alternative that is sparse
aware.
The best approach would be:
qvm-run --pass-io tempDebian 'tar -Scf - /home/user/meta.raw' > meta.tar
and then untar the resulting file
Almost anything else (dd, rsync etc) will have some overhead in my
experience.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302101438.6iin6nqv6oq46gmw%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems with qvm-run --pass-io

2018-03-02 Thread Chris Laprise

On 03/02/2018 04:04 AM, donoban wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 03/02/2018 08:38 AM, Robert Walz wrote:

[robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat
"/home/user/meta.raw"' >
/var/lib/qubes/appvms/metasploitable/root.img I stopped the command
with Ctrl+C, because the root.img became bigger than the original
file's size. Then I got the following error messages.


Could you post:

[robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh
  "/home/user/meta.raw"'

Maybe your raw file is an sparse file. I'm not sure if cat would
handle it fine.



If source is sparse, you can also save it as sparse by piping through dd:

qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' | dd 
conv=sparse of=/var/lib/qubes/appvms/metasploitable/root.img



--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a92dc2f-a37c-6544-75e7-97f8e35795a4%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems with qvm-run --pass-io

2018-03-02 Thread Unman
On Fri, Mar 02, 2018 at 05:38:11AM -0500, Chris Laprise wrote:
> On 03/02/2018 04:04 AM, donoban wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On 03/02/2018 08:38 AM, Robert Walz wrote:
> > > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'cat
> > > "/home/user/meta.raw"' >
> > > /var/lib/qubes/appvms/metasploitable/root.img I stopped the command
> > > with Ctrl+C, because the root.img became bigger than the original
> > > file's size. Then I got the following error messages.
> > 
> > Could you post:
> > 
> > [robert@dom0 ~]$ qvm-run --pass-io tempDebian 'ls -lsh
> >   "/home/user/meta.raw"'
> > 
> > Maybe your raw file is an sparse file. I'm not sure if cat would
> > handle it fine.
> 
> 
> If source is sparse, you can also save it as sparse by piping through dd:
> 
> qvm-run --pass-io tempDebian 'cat "/home/user/meta.raw"' | dd conv=sparse
> of=/var/lib/qubes/appvms/metasploitable/root.img
> 
> 

But that way you still cat the WHOLE file and then only resparse it after
the transfer. It will take significantly longer.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180302105643.eqhk2rbgyoqqizbq%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Solved/Progress [Re: Cannot assign USB controller to App VM anymore (Qubes 3.2)]

2018-03-02 Thread sboresch
I seem to have it working; I'll outline the steps in case others
run into this. Nevertheless, I'd appreciate an 'authoritative answer'
since I was 'fishing blindly'. [More see inline]

Am Freitag, 2. März 2018 09:34:18 UTC+1 schrieb sbor...@gmail.com:
> Dear Qubes community,
> 
> after using 3.1 and 3.2 in production on my primary laptop 
> (Lenovo X220), and having used that machine to test Qubes since R2,
> I now have the need to make my built in camera available in an App VM (I 
> choose untrusted, but may a dedicated one later on).
> 
> However, I am failing to pass through the
> USB controller to the App VM.

[snip]

I reread

https://www.qubes-os.org/doc/assigning-devices/

and tried enabling 'permissive' mode as described for R3.2 in the above
documentation. However, this per se doesn't work, as the target file
(/sys/bus/pci/drivers/pciback/permissive)
is not writeable, even for root and even when triggered through systemd.

However, I then compared the 'kernelopts' of 'sys-net' to those of 'untrusted',
and noted that 'iommu=soft swiotlb=8192' where missing in the latter. So
I added those, together with forcing 'pci_strictreset False'.

After rebooting the whole machine, untrusted has grabbed the usb hub and sees
the camera. The expected loss of a USB port due to the strange 'wiring' of the 
Lenovo X220 is acceptable to me; furthermore, I do plan to attach the pci 
device only when I know that I'll need the camera. 

[snip]

> 
> And xl dmesg shows:
> 
> XEN) [VT-D] It's disallowed to assign :00:1a.0 with shared RMRR at 
> da8d5000 for Dom5.
> (XEN) XEN_DOMCTL_assign_device: assign :00:1a.0 to dom5 failed (-1)
> 

For the record, xl dmesg is now telling me that 
[VT-D] It's risky to assign .. with shared RMRR at .. for Dom4

what ever that means.

I don't know which of the options / changes did the trick, but one or more
of the above seems to enable the camera in 'untrusted'.

Best regards,

Stefan

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d5f0ff0-e25a-4cdd-81f3-d8e98db7525a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] how to use email securely in qubes? thunderbird doesn't send messages

2018-03-02 Thread jerry57
1 email or multiple emails.
says sending message when clicking send (stuck) in thunderbird.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e97aa357730b798de37e6c9882c7cae%40disroot.org.
For more options, visit https://groups.google.com/d/optout.