date:20200306


On 2020-03-03 03:43, Stumpy wrote:
Hi, I have an existing win10 installation which I want to copy and then 
use as a template in Qubes. I am sure I asked before somewhere about 
this and the only thing i remember about the response was Disk2vhd.


So i am thinking its possible to copy an existing installation, and 
hoping its possible to use that image as a template in Qubes but am 
really unsure about the details.


Is there a write or relevant howto for doing something like this?

Thanks!



Nada?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5da2420a-ad7b-17f1-c5df-e2b384cf941f%40posteo.net.

Re: [qubes-users] Obtaining genuine Qubos installer

On Thu, Mar 05, 2020 at 06:45:04PM +, Mark Fernandes wrote:
> On Thu, 5 Mar 2020 at 18:21, Chris Laprise  wrote:
> 
> > On 3/5/20 7:31 AM, Mark Fernandes wrote:
> > > I want to get a genuine copy of Qubos, from here in the UK (United
> > Kingdom).
> > >
> > > The only way described on the Quebos website at present, appears to be
> > > to download the ISO.
> > >
> > > I have the classic security problem described on the website
> > > , where not having a
> > > trust-worthy machine, means that I have a never-ending chain of trust
> > > issues for each machine that I use in the obtaining of the software.
> >
> > Many of us work with a threat model that assumes at least some computers
> > available by retail are not compromised "out of the box", or else if
> > compromised then not at the BIOS/UEFI firmware level. For this model,
> > verifying the Qubes ISO with gpg is acceptable.
> >
> >
> Hello Chris,
> 
> I've only heard of gpg as a binary running over an operating system. Is it
> available as something you can run directly off boot-able media?
> 
> In any case, you still need to ensure that gpg hasn't been compromised. If
> it has to run off an OS, that OS needs to have not been compromised. If you
> need to download gpg, the OS which you use for downloading gpg has to be
> not compromised. The website doesn't appear to address these issues. The
> security Qubes OS offers may be great. But getting from a position where
> you don't have Qubes OS at all, to having Qubes OS installed, appears to be
> a serious security concern.
> 

What is your threat model?
What do you trust?
Download multiple live distros on different machines, not traceable to you,
some via Tor. Cross validate the iso images. Boot on assorted machines, and
use assorted gpg to verify assorted Qubes images.
I would suggest you validate gpg code for yourself and compile a binary
to use, but why trust the compiler? (Ken Thompson)
At some stage you hit bottom - if you dont, your security concerns are
not serious.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306134158.GB14342%40thirdeyesecurity.org.

Re: [qubes-users] Appvm freezes whole system on startup?!


On 2020-03-06 08:16, Stumpy wrote:
I shutdown an appvm then tried to start it back up, but now, when i try 
to start it up, my monitor goes white (with a very thin outline of the 
appvm that i started, and then nothing. I cant kill it, change 
workspaces, access menus, nada.


I have tried to open a few things on that appvm but no matter what it 
seems to crash whether its FF or xterm etc, all freeze my sys at which 
point i have to restart.


How can i recover from this? or at least salvage the data in this appvm?

I am running a fully updated ver of qubes, the appvm is deb10.



UPDATE:
Now another appvm is freezing my system, also deb10.

I thought Appvms shouldnt be able do freeze a whole qubes installation?

I havent done anything with dom0 recently other than updating it but 
this is getting serious as the previous appvm was not a huge deal (major 
inconvenience though) but this more recent one is a big deal as its for 
work.


Suggestions really needed. I'd be happy to post whatever info/log file 
needed, i just dont know which one would be useful.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/625fdeba-53aa-8101-bef4-5888d035da50%40posteo.net.

Re: [qubes-users] cache for UpdateProxy?

On Fri, Mar 06, 2020 at 01:32:55AM -0600, Sven Semmler wrote:
> I have several template VMs that are based on the same distro but with
> different software installed.
> 
> tpl-ubu-18-apps  ... for offline / disposable qubes ... lots of apps 
> tpl-ubu-18-web   ... for online / disposable qubes ... just firefox
> tpl-ubu-18-email ... fetchmail / postfix / mutt
> tpl-ubu-18-base  ... just the basics for all kinds of qubes
> 
> Even though those templates have all their special purposes and contents
> there are lots and lots of packages that are installed in all of them.
> 
> If I now run my update scripts, each of those will download identical
> packages. All of them will do so through the Qubes UpdateProxy
> (tinyproxy?).
> 
> Is there a way for me to configure this proxy to hold a very short term
> cache? Something like 30 minutes? Meaning if an identical download was
> requested within the last 30 minutes a locally cached copy is served
> instead of downloading it again from a remote server. 
> 

No. There's a patch that *would* allow caching, but tinyproxy natively
is not caching proxy.
Drop in apt-cacher-ng in its place to get lightweight caching proxy.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306123844.GB14028%40thirdeyesecurity.org.

Re: [qubes-users] Appvm freezes whole system on startup?!

On Fri, Mar 06, 2020 at 08:16:20AM -0500, Stumpy wrote:
> I shutdown an appvm then tried to start it back up, but now, when i try to
> start it up, my monitor goes white (with a very thin outline of the appvm
> that i started, and then nothing. I cant kill it, change workspaces, access
> menus, nada.
> 
> I have tried to open a few things on that appvm but no matter what it seems
> to crash whether its FF or xterm etc, all freeze my sys at which point i
> have to restart.
> 
> How can i recover from this? or at least salvage the data in this appvm?
> 
> I am running a fully updated ver of qubes, the appvm is deb10.
> 

I'm assuming you havent allocated crucial device to that qube?
You can create new, and recover the data:
`ls -l /dev/mapper/qubes_dom0-vm--broken--private` to get name of block
device. (dm-XXX)
`qvm-start new --hddisk dom0:/dev/dm-XXX`

In new: mount,copy data across,umount, shutdown
(optional) delete broken qube.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306135947.GC14342%40thirdeyesecurity.org.

Re: [qubes-users] Appvm freezes whole system on startup?!

On Fri, Mar 06, 2020 at 08:47:33AM -0500, Stumpy wrote:
> On 2020-03-06 08:16, Stumpy wrote:
> > I shutdown an appvm then tried to start it back up, but now, when i try
> > to start it up, my monitor goes white (with a very thin outline of the
> > appvm that i started, and then nothing. I cant kill it, change
> > workspaces, access menus, nada.
> > 
> > I have tried to open a few things on that appvm but no matter what it
> > seems to crash whether its FF or xterm etc, all freeze my sys at which
> > point i have to restart.
> > 
> > How can i recover from this? or at least salvage the data in this appvm?
> > 
> > I am running a fully updated ver of qubes, the appvm is deb10.
> > 
> 
> UPDATE:
> Now another appvm is freezing my system, also deb10.
> 
> I thought Appvms shouldnt be able do freeze a whole qubes installation?
> 
> I havent done anything with dom0 recently other than updating it but this is
> getting serious as the previous appvm was not a huge deal (major
> inconvenience though) but this more recent one is a big deal as its for
> work.
> 
> Suggestions really needed. I'd be happy to post whatever info/log file
> needed, i just dont know which one would be useful.
> 

Dont use deb10 until you've secured data.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306140100.GD14342%40thirdeyesecurity.org.

Re: [qubes-users] multiboot OS stick with other Linuxes together with Qubes on same stick

On Wed, Mar 04, 2020 at 05:01:02PM +0100, josefh.maier via qubes-users wrote:
> Hello list,
> 
> I would like to make a multiboot OS stick with Qubes (among other Linuxes).
> To my knowledge, all ISO's of the Linuxes need to be in the root folder.
> 
> 
> Is that technically possible? Whats the best approach?
> 
> 
> Thank you!
> 
> 
> Regards,
> 
> Joe
> 

You can put the iso wherever you like if you reference it in grub.cfg.
Don't need to be in root or in same place.
For an installed Qubes you'll need a sizable stick, unless you are going
to try a Live image.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306122956.GA14028%40thirdeyesecurity.org.

[qubes-users] Network connection in converted centos vm from virtualbox to qube

2020-03-06 Thread ARTIGNAN, Victor

Hello team

I just converted an appliance (based on CentOS) from a VirtualBox VM to a qube 
using this tuto: 
https://www.qubes-os.org/doc/standalone-and-hvm/#converting-virtualbox-vms-to-qubes-hvms

Now my qube can boot very well an I can work on it. But, I do not have any 
network connection. I ticked the "Provides network" option in my qube settings 
panel.

I'm root in my appliance. When I type "ifconfig" on it, I can see an "eth0" 
card with my network config (ip 10.137.0.17/32) but when I try to ping 
something, I get a "connect: Network is unreachable" message.

Do you have any idea of what am I doing wrong ?

Assumption: I had a network card in this appliance when it was a virtuabox VM. 
So the eth0 that I can see is the network card of virtualbox right ? How can I 
"install" the network card of xen ?

In advance, thanks for your help


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/AM6PR02MB5381AED3F0190329EA7900EA85E30%40AM6PR02MB5381.eurprd02.prod.outlook.com.

[qubes-users] Appvm freezes whole system on startup?!

I shutdown an appvm then tried to start it back up, but now, when i try 
to start it up, my monitor goes white (with a very thin outline of the 
appvm that i started, and then nothing. I cant kill it, change 
workspaces, access menus, nada.


I have tried to open a few things on that appvm but no matter what it 
seems to crash whether its FF or xterm etc, all freeze my sys at which 
point i have to restart.


How can i recover from this? or at least salvage the data in this appvm?

I am running a fully updated ver of qubes, the appvm is deb10.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08eaad5e-85a7-4805-6935-09b86ea0b006%40posteo.net.

Re: [qubes-users] Network connection in converted centos vm from virtualbox to qube

On Fri, Mar 06, 2020 at 12:51:47PM +, ARTIGNAN, Victor wrote:
> Hello team
> 
> I just converted an appliance (based on CentOS) from a VirtualBox VM to a 
> qube using this tuto: 
> https://www.qubes-os.org/doc/standalone-and-hvm/#converting-virtualbox-vms-to-qubes-hvms
> 
> Now my qube can boot very well an I can work on it. But, I do not have any 
> network connection. I ticked the "Provides network" option in my qube 
> settings panel.
> 
> I'm root in my appliance. When I type "ifconfig" on it, I can see an "eth0" 
> card with my network config (ip 10.137.0.17/32) but when I try to ping 
> something, I get a "connect: Network is unreachable" message.
> 
> Do you have any idea of what am I doing wrong ?
> 
> Assumption: I had a network card in this appliance when it was a virtuabox 
> VM. So the eth0 that I can see is the network card of virtualbox right ? How 
> can I "install" the network card of xen ?
> 
> In advance, thanks for your help
> 

That assumption may be wrong.
Check the IP of your new qube - `qvm-ls -n ` or look in
QubeManager
You either need to change netmask to /24 or set route defauult via eth0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306131549.GA14342%40thirdeyesecurity.org.

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-06 Thread Anil

> i trust a randomly-bought chromebook more than any overpriced device
> that has "we are so secure/paranoid we walk funny" as its main selling
> point.
>

The details of what you have been saying over the course of these
emails (most of them) make sense to me in certain (perhaps most)
contexts, but everything has context and you don't know everything and
their contexts. Since you reply anonymously to people who are not
anonymous, there is an asymmetry. For example, when I raise some issue
or ask some question on this forum, I give at least some part of the
context (because I have to), but you don't tell (can't tell, because
of the need for anonymity, which may be very valid), so I don't know
where you are coming from. You know only partially where I am coming
from and what is my context, but seem to be assuming a lot more. But
your impression seems to be that your suggestions are universally
valid. I could argue that they are not, but then I will have to give
more context than I can or should. Such a situation results in
vitriolic debates and comments without necessarily understanding the
other person's context and perspective. It doesn't become clear what
it is your main point or lesson for the user (in general or to a
specific user).

Side comments:
- What's with the phrases/acronyms that sound like homophobic slurs?
There are languages where 'breaking the knees' is a metaphoric and
literal threat that has historically been carried out quite frequently
(and literally, mostly against marginalized people). And people whose
knees have been broken (for some banal whistleblowing or breaking of
some funny rule), usually 'walk funny'
- 'Ed Snowden' is not the only kind of extreme case of the need for
security. Again, I could give more context and specific contexts ...
Very banal ones.

Solution: Only partial one is possible. Don't assume you know all
possible contexts (without involving aliens or picometric perversions
and the like) about what the Qubes OS users may be using it (or those
devices you refer to) for. You can't plan for all that (borrowing your
words) and you can't have definitive and totally confident answers for
all (even banally) possible problems. I feel strange making this
suggestion to someone who seems to be a Qubes OS developer, because
Qubes OS is based on a philosophy that is very similar to what I am
saying here.

Regards,

अनिल एकलव्य
(Anil Eklavya)

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAAPfsu-O784qz4iTeoM7avy5UBEjG11ZXBh0MyQ1ZbO5m5YU%2Bw%40mail.gmail.com.

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-06 Thread Anil

> devices you refer to) for. You can't plan for all that (borrowing your
> words) and you can't have definitive and totally confident answers for
> all (even banally) possible problems. I feel strange making this
> suggestion to someone who seems to be a Qubes OS developer, because
> Qubes OS is based on a philosophy that is very similar to what I am
> saying here.
>

Even the biggest Linux (or OS) loophole that Qubes OS addresses, and
the main attraction of Qubes OS is so very banal: GUI isolation. And
when people (yes, like me) raised questions about the security of
Linux, they received answers in tones very similar to yours and with
similar reasoning.

That's one of the biggest (banal) mysteries to me: How could so many
people for such a long time overlook such a huge loophole in an OS
that was Open Source and based on the Linus's Law? The partial answer
is, and I know this personally, that many people (too many) actually
knew of this loophole, but didn't disclose or acknowledge it. There
were students writing keyloggers based on this loophole, but there was
an informal code (Omertà like: not the Hindi film, but the original
one).

Regards,

अनिल एकलव्य
(Anil Eklavya)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAPfsu95MJFPU_ycAUey91CswctcQDPeBt4GS3RsumeDoaom8A%40mail.gmail.com.

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-06 Thread Anil

> What is your threat model?

My threat model (to the extent it may be practical to address) is that
I can't assume any kind of physical security (of devices in
particular) and I can't rely on passwords or passphrases or software
based 2FA. More than that I can't reveal.

> What do you trust?

Practically speaking, I have to trust a solution that address the
above threat model, although theoretically I can't be sure it can
solve the problems completely (even without involving aliens etc.),
but I am willing to be content with that.

-- 
अनिल एकलव्य
(Anil Eklavya)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAPfsu_bni0vqnp_2eXXH6qwSCYkavtUB6%3D%3D66ogpVbjKGXTiQ%40mail.gmail.com.

Re: [qubes-users] Using Disk2vhd or VMware vCenter Converter to copy existing win10 installation to use in Qubes?

2020-03-06 Thread Frédéric Pierret

On 2020-03-03 09:43, Stumpy wrote:
> Hi, I have an existing win10 installation which I want to copy and then use 
> as a template in Qubes. I am sure I asked before somewhere about this and the 
> only thing i remember about the response was Disk2vhd.

1) From where you have win10 installation? It comes from a physical machine or 
VM? Yes this question from physical is necessary, especially if enabling proper 
drivers in Windows is needed.

2) In which format? OVA, VMDK?

I would go to use qemu-img for converting VMDK (certainly in sparse format if 
it comes from vCenter) into raw image. Then, creating a standalone HVM in Qubes 
with sufficient space then dd from your image to your root lvm partition of the 
newly created VM.

> So i am thinking its possible to copy an existing installation, and hoping 
> its possible to use that image as a template in Qubes but am really unsure 
> about the details.
> 
> Is there a write or relevant howto for doing something like this?
> 
> Thanks!
> 

Best,

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/014a351d-f742-049f-c424-7a5bbf8ae6fd%40qubes-os.org.

signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Using Disk2vhd or VMware vCenter Converter to copy existing win10 installation to use in Qubes?

2020-03-06 Thread Frédéric Pierret


On 2020-03-06 15:24, Stumpy wrote:
> On 2020-03-06 09:20, Frédéric Pierret wrote:
>>
>> On 2020-03-03 09:43, Stumpy wrote:
>>> Hi, I have an existing win10 installation which I want to copy and then use 
>>> as a template in Qubes. I am sure I asked before somewhere about this and 
>>> the only thing i remember about the response was Disk2vhd.
>>
>> 1) From where you have win10 installation? It comes from a physical machine 
>> or VM? 
> 
> From a physical machine.
> 
> Yes this question from physical is necessary, especially if enabling proper 
> drivers in Windows is needed.
> 
> It would be from a physical machine, and its my hope to then install qubes on 
> this machine, and then run this win10 vm (along with other VMs) on this 
> machine.
>>
>> 2) In which format? OVA, VMDK?
> 
> Well i guess it depends, I am fine with whatever that is using vmware to copy 
> the physical machine to ova or vmdk - my pref i guess would be whichever is 
> easier.

I don't know how you want to go from your physical windows 10 (unrelated to 
vCenter) to a Qubes VM. I almost did something like this. The target was not 
Qubes but KVM(+libvirt) but this is almost the same for Qubes. Here is what 
I've done:

0) In the windows, enabled the related drivers at boot. First with IDE backend: 
atapi.sys, intelide.sys, pciide.sys and msahci.sys. I only identified those 
four for booting the VM and preventing the famous BSOD with 7B error.
1) Used 'dd' for creating a raw image of the physical drive,
2) Created a VM as I told you by using 'dd' from this raw image to an LVM
3) Booted the VM and installed missing drivers

Good luck :)
 
>>
>> I would go to use qemu-img for converting VMDK (certainly in sparse format 
>> if it comes from vCenter) into raw image. Then, creating a standalone HVM in 
>> Qubes with sufficient space then dd from your image to your root lvm 
>> partition of the newly created VM.
> 
> Thanks for the concise suggestion, i think i got it.
> 
> Will get it a try. Cheers
> 
>>
>>  
>>> So i am thinking its possible to copy an existing installation, and hoping 
>>> its possible to use that image as a template in Qubes but am really unsure 
>>> about the details.
>>>
>>> Is there a write or relevant howto for doing something like this?
>>>
>>> Thanks!
>>>
>>
>> Best,
>>
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08912aaa-473e-cd11-9601-342f2a445ab5%40qubes-os.org.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-06 Thread Mark Fernandes

On Fri, 6 Mar 2020 at 14:19, Anil  wrote:

> ...



My threat model (to the extent it may be practical to address) is that
> I can't assume any kind of physical security (of devices in
> particular) and I can't rely on passwords or passphrases or software
> based 2FA. More than that I can't reveal.
>
> > What do you trust?
>
> Practically speaking, I have to trust a solution that address the
> above threat model, ...
> --
> अनिल एकलव्य
> (Anil Eklavya)
>
>
>
Hello Anil,

After my security overhaul *(being done because I was recently hacked)*, I
plan on publishing an article on how I've changed my security practices and
what thoughts I have on maintaining security in general. Probably will
publish it on LinkedIn. The article should address your threat model *(at
least to some extent)*.


Kind regards,


Mark Fernandes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANJMFk-c1B2pjhptZ4gg_%3DbUuhSjRRTG9RZyYkg3uvgHs-2r6g%40mail.gmail.com.

Re: [qubes-users] Appvm freezes whole system on startup?!

On 2020-03-06 08:59, unman wrote:

On Fri, Mar 06, 2020 at 08:16:20AM -0500, Stumpy wrote:

I shutdown an appvm then tried to start it back up, but now, when i try to
start it up, my monitor goes white (with a very thin outline of the appvm
that i started, and then nothing. I cant kill it, change workspaces, access
menus, nada.

I have tried to open a few things on that appvm but no matter what it seems
to crash whether its FF or xterm etc, all freeze my sys at which point i
have to restart.

How can i recover from this? or at least salvage the data in this appvm?

I am running a fully updated ver of qubes, the appvm is deb10.

I'm assuming you havent allocated crucial device to that qube?

There was a device attached when i shut it down (before the issues
started) but now its not showing as attached to anything.

The other appvm didnt have anything attached to it but its started
acting the same, that is freezing the system when i start it up.

You can create new, and recover the data:
`ls -l /dev/mapper/qubes_dom0-vm--broken--private` to get name of block
device. (dm-XXX)
`qvm-start new --hddisk dom0:/dev/dm-XXX`

In new: mount,copy data across,umount, shutdown
(optional) delete broken qube.

Thanks, I can try that, but since it seems to be starting in other
appvms i am now not sure if this is an appvm thing or a dom0 thing?

Re: [qubes-users] Using Disk2vhd or VMware vCenter Converter to copy existing win10 installation to use in Qubes?

On 2020-03-06 09:20, Frédéric Pierret wrote:

On 2020-03-03 09:43, Stumpy wrote:

Hi, I have an existing win10 installation which I want to copy and then use as
a template in Qubes. I am sure I asked before somewhere about this and the only
thing i remember about the response was Disk2vhd.

1) From where you have win10 installation? It comes from a physical machine or VM?

From a physical machine.

Yes this question from physical is necessary, especially if enabling
proper drivers in Windows is needed.

It would be from a physical machine, and its my hope to then install
qubes on this machine, and then run this win10 vm (along with other VMs)
on this machine.

2) In which format? OVA, VMDK?

Well i guess it depends, I am fine with whatever that is using vmware to
copy the physical machine to ova or vmdk - my pref i guess would be
whichever is easier.

I would go to use qemu-img for converting VMDK (certainly in sparse format if
it comes from vCenter) into raw image. Then, creating a standalone HVM in Qubes
with sufficient space then dd from your image to your root lvm partition of the
newly created VM.

Thanks for the concise suggestion, i think i got it.

Will get it a try. Cheers

So i am thinking its possible to copy an existing installation, and hoping its
possible to use that image as a template in Qubes but am really unsure about
the details.

Is there a write or relevant howto for doing something like this?

Thanks!

Best,

Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-03-06 Thread Chris Laprise


On 2/25/20 3:02 PM, Chris Laprise wrote:

Hello Qubers,

'Wyng' is a backup program I've been working on for a while that can 
quickly backup "thin LVM" storage, the kind Qubes uses by default:



Version v0.2beta5 has been released! It includes minor bug fixes and an 
option to use bzip2 compression.


https://github.com/tasket/wyng-backup

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7fdcc232-c6c4-721a-014e-68a5534ecd9d%40posteo.net.

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-06 Thread Chris Laprise

On 3/5/20 1:45 PM, Mark Fernandes wrote:

On Thu, 5 Mar 2020 at 18:21, Chris Laprise > wrote:

On 3/5/20 7:31 AM, Mark Fernandes wrote:
 > I want to get a genuine copy of Qubos, from here in the UK
(United Kingdom).
 >
 > The only way described on the Quebos website at present, appears
to be
 > to download the ISO.
 >
 > I have the classic security problem described on the website
 > , where not having a
 > trust-worthy machine, means that I have a never-ending chain of
trust
 > issues for each machine that I use in the obtaining of the software.

Many of us work with a threat model that assumes at least some
computers
available by retail are not compromised "out of the box", or else if
compromised then not at the BIOS/UEFI firmware level. For this model,
verifying the Qubes ISO with gpg is acceptable.

Hello Chris,

I've only heard of gpg as a binary running over an operating system. Is 
it available as something you can run directly off boot-able media?

Gpg is usually available in live DVD or live USB distros. Its also 
incorporated into 'Heads', a firmware boot verification system that's 
compatible with Qubes.

In any case, you still need to ensure that gpg hasn't been compromised. 
If it has to run off an OS, that OS needs to have not been compromised. 
If you need to download gpg, the OS which you use for downloading gpg 
has to be not compromised. The website doesn't appear to address these 
issues. The security Qubes OS offers may be great. But getting from a 
position where you don't have Qubes OS at all, to having Qubes OS 
installed, appears to be a serious security concern.

There is a definite chicken-and-egg aspect to this issue. That's bc what 
we're dealing with at some level is a failure of Computer Science and 
industry to advance computer security in an objective and democratic 
manner. It is mostly a VC culture, even in university settings, and 
selling bling to the masses now sets the tone for everything else. 
That's why things that would have been shocking (like shutting Linux out 
of recent TCG updates & making devices that can't really be 
switched-off) in the 90s-mid 2000s are now commonplace, and the 
"victims" like Linux Foundation don't care anymore bc they are comprised 
of megacorps with staff who go home to their iDevices and surveillance 
tchotskies.

So computing culture became a worst-case scenario and projects like 
Qubes are back-eddies in its wake. Your/our problem can't be solved in a 
fundamental way without PC-type hardware that is open source. I think 
Qubes has expressed a willingness to help make that happen, since they 
are open to the idea of porting Qubes to OpenPOWER architecture.

In the meantime, we have to use hedges and stop-gaps. One is to verify 
ROM (e.g. DVD) media on multiple systems, just as one would try to 
verify a single gpg key from multiple pathways. Another is to use Qubes, 
which reduces the number of components you have to trust down to a 
minimum. Also consider what makes a good hardware distributor. Yet 
another is to realize the biggest adversaries are not omnipotent and 
can't control everything simultaneously; i.e. do random spot checks, 
maintain your sanity.

Finally, we need to be able to question things in philosophical terms 
because that is the basis of relatable information in modernity. If we 
only think about the mechanics, then we remain locked onto the same path 
of transistorized irrationality that has begun to weigh on you. For 
example, a philosophical approach to your question should recognize 
early that its a quandary (or "turtles all the way down") if we keep 
accepting the old parameters (i.e. what industry wants to keep selling 
us); there are even situations when its illogical to use computers (even 
though the above mentioned failed culture still insists its necessary to 
do so).

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac6a1867-14e1-eec3-c65c-20c82b500925%40posteo.net.

Re: [qubes-users] AMD processors and Cubes 4.03

zentara:
> Hi,
> 
> I installed Cubes 4.03 and everything worked fine except
> I get the "does not support the virtualization" error message.
> 
> So I check my cpu, which is an AMD RX 427  and it lists
> AMD-V under virtualization, and the flags include npt, which
> means the RVI should work.
> 
> So why won't my processor work with Cubes 4.0.3?

Did you "check to make sure the virtualization options are enabled in
your BIOS/UEFI configuration" per
https://www.qubes-os.org/faq/#can-i-install-qubes-4x-on-a-system-without-vt-x-or-vt-d
?


-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3091eff3-4250-86ff-61d9-5d6b2b83ec15%40danwin1210.me.

Re: [qubes-users] Device () available / removed

Sven Semmler:
> Hi,
> 
> I just downloaded the latest updates (incl. dom0 updates)... shortly
> after installing them I saw a notification "Device () available" twice
> and then maybe 2-3 minutes later "Device () removed" twice.
> 
> Any idea what this was? ... is this connected to the update? How would I
> investigate?
> 
> /Sven
> 
Response might be too late, but was it updating dom0 or a template at
the time? Cross-reference dom0 or the template's journalctl device
messages with /var/log/dnf.log (or apt if it was a Debian template) to
find out what package was being updated when the device change happened,
then dig into details of that package to see what it would impact.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9b3352f-a2af-c6a5-a67b-cc7809d80e46%40danwin1210.me.

Re: [qubes-users] Safety of using external USB mouse?

ggg...@gmail.com:
> I have noticed it is not recommended that we use an external USB Keyboard 
> because it might have been - well not safe.   
> 
> I am not sure about using an USB Mouse, and whether that answer is for 
> Qubes OS only, or just that the USB mouse never has firmware?
> 
I think some of the same concerns apply to USB mice, but they are a
little less sensitive because you don't type in passwords with them.
Many (all?) USB mice have firmware which could be compromised.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63362e79-ee3a-203e-ef88-794f78c8d133%40danwin1210.me.

Re: [qubes-users] Obtaining genuine Qubos installer

Chris Laprise:

[Snip most of Chris's well-written response; where is the thumbs up
button on my email client?]

> That's why things that would have been shocking (like shutting Linux out
> of recent TCG updates 

Hadn't heard this one, but my first thought was wondering what they were
trying to hide. Do you have a link handy? Searches coming up empty.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/45b6f2f7-7eff-0b23-d5c2-3659154bc92f%40danwin1210.me.

[qubes-users] Win7 Qubes windows-tools v3.2. attaching any device failsf

2020-03-06 Thread xyzo

Qubes R4.0
Windows-tools v3.2.2-3

I recently installed a Win7 hvm with Window-tools v4.x. I initially had 
problems getting qrexec service to work on Win7. So I tried version 3.2.2-3 and 
It successefully installed all of the qubes-tools, qubes_core-agents, 
qubes-gui.etc. and now Win7 has a green dot state when it's powered on. I can 
copy files from other appvms to the windows Qubesincoming. The pv drivers 
installed are the same version bundled with windows-tools v3.2.2-3.  I've been 
scratching my head with attaching USB devices like the internal webcam, audio, 
thumb drive on win7. I get an error msg "Qubes exception.failed. attach device 
failed".. with audio I know I have to have pulseaudio running on Windows? 
qvm-usb a Win7 sys-usb:xx: gives the same error. I am not sure what to do next 
at this point.  thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66f9d3aa-4e37-4a1b-823a-f126d0af5be7%40googlegroups.com.

Re: [qubes-users] Wifi won't connect

Stuart Perkins:
> I finally got my replacement laptop.
> 
> This is a Lenovo T420, with coreboot BIOS.
> 
> It came from my supplier with Qubes 4.0 installed.
> 
> It all works well on wired internet or unsecured wifi, but my main router is 
> WPA secured and it won't get a DHCP response.  The main router is the one 
> running dhcp, so it is the same dhcp server I get when connected to my 
> unsecured extension. (I live miles from anyone and the unsecured router is 
> inside a metal skinned RV I use for office, so don't gripe at me about having 
> it wide open.  It won't work outside the RV).
> 
> Anyway, I bring the machine into the house and try and connect to the secured 
> wifi router and it never gets an address.
> 
> What am I missing?
> 
> Stuart
> 
Often this is due to a mismatch of WPA passwords, but doublecheck
journatlctl in sys-net and see if it logged anything related.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/945f9ff4-a89b-e407-0591-f4643bb0c5ac%40danwin1210.me.

Re: [qubes-users] Device () available / removed

Sven Semmler:

> -> apparently at the same time I also had a VM with qubes-builder
> running

That would do it. It frequently sets up loop devices while doing a
build, so you'd see those messages.


-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7139de52-6a46-42ea-c38b-7cd69e3fd4d3%40danwin1210.me.

Re: [qubes-users] cache for UpdateProxy?

On Fri, Mar 06, 2020 at 12:38:45PM +, unman wrote:
> Drop in apt-cacher-ng in its place to get lightweight caching proxy.

Thank you! A keyword is all I needed ...

- https://github.com/QubesOS/qubes-issues/issues/1957
- https://github.com/unman/notes/tree/master/config/cacher

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306214300.GA1106%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Black screen before displaying installer

lukasju2:
> On Acer Aspire 717-72G
> 
> I plugged in an USB-Stick with Qubes 4.0.3 formatted by Rufus in DD-Mode.
> It shows the Boot Sequence and displays Text like normal.
> Right before displaying the installer it stays on Black Screen.
> 
> Last Text Message was: Xen is relinquishing VGA console 
> 
> Need Help here
> 
Check out https://www.qubes-os.org/doc/uefi-troubleshooting/.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e2e79ad0-3d90-59b6-0ce9-06be9b11cd36%40danwin1210.me.

Re: [qubes-users] Kernel panic when booting with Kernel 4.19.100 - reinstall kernel?

r.wiesb...@web.de:
> Obviously something went wrong with the kernel update, because with
> Kernel 4.19.100 I get a kernel panic error (failed to mount / ), but
> Kernel 4.19.94 works fine. In qubes, how can I reinstall the new kernel?
> 
> thanks
> 
Usually it's "sudo qubes-dom0-update --action=reinstall [packagename]".
Sometimes the kernel package installs, but the dracut update fails
afterwards. In that case, you can rerun dracut with appropriate
parameters. However, it's possible that kernel version installed
correctly and is not compatible with your hardware. In that case, it
would be good to search to see if others have had that issue, and if
not, open one.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db9aeb5b-6cbf-4725-5d58-bbfc5c13d1f8%40danwin1210.me.

Re: [qubes-users] debian-10 dvm and Terminal

Ulrich Windl:
> Hi!
> 
> I have an odd issue with a debian-10 DVM and the Terminal: If I try to launch 
> a DVM opening the Terminal, the VM starts, the terminal appears for a short 
> moment, then disappears and the DVM is stopped.
> However when I try the other commands (each starting a new DVM): Files, 
> Firefox, Thunderbird, Help, the all work.
> I'm writing this message with a debian-10 DVM using Firefox...
> 
> I'm rather clueless. When using "Terminal" on the fedora-30 based DVMs, it 
> works as expected.
> 
> Any ideas?

Try using xterm instead of terminal. Gnome terminal spawns a separate
process, so Qubes thinks the VM is ready to shutdown. I'm not sure how
it would work under Fedora.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5b02003-c761-acf1-36fa-e03780e8ff87%40danwin1210.me.

Re: [qubes-users] Serial ports in Qubes appvms

donov...@unseen.is:
> I'd like to use serial console (via a serial port on the mobo and appropriate 
> cable) into a piece of equipment using an appVM. I tried using dmesg, but 
> dom0 term says "operation not permitted". 
> 
> DM 
> 
Don't believe Xen/Qubes supports serial (or parallel) port redirection.
Options would be to use some basic package in dom0 directly on the
serial port, get a PCI card with serial ports on it and redirect the
card to the AppVM, or a USB to serial adapter and redirect that.

Not sure how you're trying to use dmesg, but you probably have to sudo
to use a /dev/tty serial device directly in dom0.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db51e2d4-2cf8-44e1-af2b-0bb8ada6df7e%40danwin1210.me.

Re: [qubes-users] Device () available / removed

On Fri, Mar 06, 2020 at 08:38:39PM +, 'awokd' via qubes-users wrote:
> > I just downloaded the latest updates (incl. dom0 updates)... shortly
> > after installing them I saw a notification "Device () available" twice
> > and then maybe 2-3 minutes later "Device () removed" twice.

> Response might be too late, but was it updating dom0 or a template at
> the time? Cross-reference dom0 or the template's journalctl device
> messages with /var/log/dnf.log (or apt if it was a Debian template) to
> find out what package was being updated when the device change happened,
> then dig into details of that package to see what it would impact.

Hi awokd,

I'm afraid my linux skills are not sufficient to explain this with
confidence. What I can see in the logs you pointed my to is:

-> major updates in dom0 including kernel, linux-firmware, salt
management stack

-> right around the time I've seen the notifications I see lots and lots
of dracut output aparently building a initramfs (seems to be a file
system image)

-> apparently at the same time I also had a VM with qubes-builder
running

-> Qubes memory management was busy reshuffleing RAM

-> the Qubes OS daemon was restarted

-> qubesd also reports: permission denied for call
b'admin.vm.device.block.Available'+b'' (b'dom0' -> b'disp213') with
payload of 0 bytes

I don't expect you or anyone else on this list to solve this for me, but
if the above gives you any ideas I'd be thankful to hear them.

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306225309.GB1106%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Fedora30 doesn't update KeePassXC database

'Merlin's Beard' via qubes-users:
> When I add a new entry to my KeePassXC database, the .kdbx-file is updated on 
> the system (last modified timestamp is updated), but upon re-opening it the 
> new entry is nonexistent. This happens on Fedora30 qubes, but Debian10 qubes 
> work perfectly fine. The workaround for me is to simply not use Fedora30, but 
> that's not ideal. I haven't tried to see if the same problem exist with other 
> programs/files.
> 
Is the .kdbx file saved in the same location, i.e. somewhere under
/home/user? If you create other files in the same location on the Fedora
based qube, do they disappear too? Try creating a new AppVM based on the
Fedora template, and make sure it's not disposable.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2822b95-9318-da4c-4a7b-2b2253513069%40danwin1210.me.

[qubes-users] Serial ports in Qubes appvms

2020-03-06 Thread donovang

I'd like to use serial console (via a serial port on the mobo and appropriate 
cable) into a piece of equipment using an appVM. I tried using dmesg, but dom0 
term says "operation not permitted". 

DM 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/174968702.79097.1583532726998.JavaMail.zimbra%40unseen.is.

Re: [qubes-users] Re: Will Thunderbird 78 kill Qubes Split gpg?

qtpie:
> Claudio Chinicz:
>> Hi All,
>>
>> I've just read this post from TB
>> (https://wiki.mozilla.org/Thunderbird:OpenPGP:2020) and do not know if
>> it will support Qubes Split gpg without Enigmail?
>>
>> Anyone knows?
>>
>> Regards
>>
> 
> 
> Are there people using split GPG with other GUI e-mail clients? (GUIs
> similar to those of thunderbird, not mutt). Ie what are thunderbird
> alternatives that will work with split gpg?
> 
> And for those who will continue to use Thunderbird: of course split-gpg
> it is a really cool feature that makes really good use of the abilities
> of Qubes. But what is the actual risk in practice of your private key
> getting stolen if you run Thunderbird 78+ in its own VM and dont open
> weird attachments and do not open links in the same VM? I havent heard
> of private keys getting stolen via e-mail client security holes, but Im
> not a security researcher and I dont know about the trackrecord of
> Thunderbird.
> 
https://efail.de/ was relatively recent. Too bad Thunderbird is forcing
all eggs in one basket.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc72fd71-cb63-9db1-4ef5-1a13d3f9c2c6%40danwin1210.me.

Re: [qubes-users] Improving Qubes firewall (GUI or pfSense)

799:

> Is there any way to use pfSense as HVM firewall which will then work as
> central routing/firewall instance?

If it helps, this question might be simplified to can you use OpenBSD in
Qubes with 2 NICs. Looks like it should be possible, per
https://www.mail-archive.com/qubes-users@googlegroups.com/msg28726.html
and https://github.com/unman/notes/blob/master/openBSD_as_netvm
(although it would be a sys-firewall instead of netvm). From that point,
I think you can add pfSense on top?

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31a4b72d-47b9-cf9d-d537-8d9f2d6d7822%40danwin1210.me.

Re: [qubes-users] Problems creating a new virtual machine - Parrot Security OS

redpoll...@gmail.com:

> I can't the new vm to full screen.  It opens in a smaller screen.  I don't 
> know if this is a problem with the host vm settings as early on the setup 
> of Parrot I saw a brief window saying something along the lines of the the 
> host hadn't set up display...that's all I can remember of it.  I have been 
> into the global vm settings but I can't find anything to do with display?

This is typical with HVMs. Since they don't have a Qubes/Xen specific
video driver installed, they can only offer a basic set of resolutions.

> The second thing is that I can't Parrot to connect to the internet.  It 
> goes through the task of trying but then it gives me "Parrot has 
> disconnected from"  I don't think this is a problem in Parrot as I've 
> had it running in both VM Ware and Virtual Box without this problem.  I 
> currently have Parrot to link to the internet via the default sys- but to 
> no avail,

Make sure the IP settings within your Parrot qube match those displayed
in Qube Settings/Basic tab.

You might also want to check out Unman's Parrot template, described
recently in this mailing list.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6b25d6ea-2e93-b047-b841-281d7364cb1b%40danwin1210.me.

Re: [qubes-users] Re: How to execute some command at sys-net after wakeup?

Eva Star:
> Please, any place to bing to action "after wakeup" at AppVM!
> 
Per https://www.qubes-os.org/doc/config-files/,
/rw/config/qubes-ip-change-hook seems like it should work for sys-net.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dd7aa777-1c51-48eb-8960-194731315cb9%40danwin1210.me.

Re: [qubes-users] Secure Boot on Dell 5590 UEFI - failed signature verification

Claudio Chinicz:
> Hi,
> 
> I have Qubes running on this machine. It boots UEFI from disk.
> 
> On the boot menu I've checked the Secure Boot and it was unchecked (never 
> changed before). I've checked the box and reboot. So it failed signature 
> verification and I had to uncheck it and continue without secure boot.
> 
> Is there a way to change it and use secure boot? I mean, considering "I 
> trust" what I have now on disk and I want to define the current state as 
> trusted.
> 
> Thanks to all
> 
The OS also needs to support Secure Boot, but Qubes is not one of those.
See https://github.com/QubesOS/qubes-issues/issues/4371 for a longer
discussion.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e24540ad-d7ed-44e1-7d49-01bb012e6de1%40danwin1210.me.

Re: [qubes-users] Installation freezes on macOS with Qubes-R4.0.3-x86_64

Ari:
> I successfully burned the .iso image to a USB using `dd` . when I booted up 
> I was able to get to the choose your installation language screen, then 
> everything froze, I couldn't get it to respond to mouse or keyboard.
> 
> I'm trying to 
> follow 
> https://groups.google.com/forum/#!msg/qubes-users/RiVntUzgJmY/rXMtXD3WKQAJ 
> but don't have any clue how to do that and it is an older version of Qubes 
> there. also here :
> https://www.qubes-os.org/doc/uefi-troubleshooting/
> https://www.qubes-os.org/doc/uefi-troubleshooting/#change-installer-kernel-parameters-in-uefi
> I've also enabled VT-x.
> Is there a simple solution to this?
> 
Do you have an nvidia card, and can you disable it? Freezing at the
install language screen is unusual.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bcbb46a4-c9d7-39d8-b65a-71795540%40danwin1210.me.

Re: [qubes-users] Is using TLP worth it ?

dasdfsdf...@gmail.com:
> Are there any security vulnerabilities that come with TLP ? Does it improve 
> battery life on Qubes ? Should it be only installed in dom0
> 
This was about Qubes 3.x, but it seemed to help this poster:
https://www.mail-archive.com/qubes-users@googlegroups.com/msg14883.html.
Security vulnerabilities would be similar to installing other packages
in dom0.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94e65aa1-ca4f-a4df-dce9-8cb52f8b5451%40danwin1210.me.

Re: [qubes-users] cache for UpdateProxy?

On Fri, Mar 06, 2020 at 03:43:00PM -0600, Sven Semmler wrote:
> On Fri, Mar 06, 2020 at 12:38:45PM +, unman wrote:
> > Drop in apt-cacher-ng in its place to get lightweight caching proxy.
> - https://github.com/unman/notes/tree/master/config/cacher

For others reading this now or later... making the salt in the above
link work is more then I could handle* (there were some dependencies on
other salt scripts I didn't have). However, unman also has a super
helpful step-by-step instruction:

https://github.com/unman/notes/blob/master/apt-cacher-ng

This worked as described with the following restrictions:

-> debian templates did not work unchanged due to the https:// URIs but
once I changed those to http://HTTPS/// it worked just fine

-> ubuntu did work out of the box as the URIs are http://

-> some 3rd party repos needed the http://HTTPS/// change (e.g.
   Signal)

-> I couldn't get it to work with the one Fedora qube I have
(qubes-builder) and wasn't in the mood to tinker. Since it's the only
Fedora instance (besides dom0 which is an entirely different version)
having a cache would bring me no benefit.

I don't quite understand why repos would be hosted on https:// URI in
the first place. The contents is hardly confidential, the authenticity
is checked via signatures ... why the overhead? Might be off-topic for
this list though. 

/Sven

*salt along with Python is something I know I have to learn, but right
now just don't have the mental bandwidth for

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200307033447.GB1101%40app-email-private.


signature.asc
Description: PGP signature

Re: [qubes-users] Serial ports in Qubes appvms

2020-03-06 Thread donovang




- On Mar 6, 2020, at 4:24 PM, qubes-users qubes-users@googlegroups.com 
wrote:

> donov...@unseen.is:
>> I'd like to use serial console (via a serial port on the mobo and appropriate
>> cable) into a piece of equipment using an appVM. I tried using dmesg, but 
>> dom0
>> term says "operation not permitted".
>> 
>> DM
>> 
> Don't believe Xen/Qubes supports serial (or parallel) port redirection.
> Options would be to use some basic package in dom0 directly on the
> serial port, get a PCI card with serial ports on it and redirect the
> card to the AppVM, or a USB to serial adapter and redirect that.
> 
> Not sure how you're trying to use dmesg, but you probably have to sudo
> to use a /dev/tty serial device directly in dom0.
> 
> --
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
> 
> --
It might not support redirection and for now I can live with that. However, I 
keep forgetting about having to use sudo, and using "sudo dmesg | grep ttyS" 
got me a listing of some serial ports. And agetty is in dom0, and that will 
suffice for now I think. I'm not talking to the device yet, but I'm further 
along in terms of knowledge.

Thank you.

DM

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/507181742.81195.1583536522151.JavaMail.zimbra%40unseen.is.

Re: [qubes-users] Serial ports in Qubes appvms

On Fri, Mar 06, 2020 at 10:12:07PM +, donov...@unseen.is wrote:
> I'd like to use serial console (via a serial port on the mobo and appropriate 
> cable) into a piece of equipment using an appVM. I tried using dmesg, but 
> dom0 term says "operation not permitted". 

I'm doing this all the time using USB-to-serial-cables and minicom
instances in a Standalone HVM.

It would probably work just by assigning that USB device to a regular AppVM,
but since I also have other devices connected (ICE, I2C/SPI logger,
logic analyzer) I just assign the entire USB controller to the HVM.

If your serial port controller shows up with qvm-pci you could also try
to assign that one the the VM. 

/Sven

-- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200306231548.GC1106%40app-email-private.

signature.asc
Description: PGP signature

[qubes-users] the master and the user

2020-03-06 Thread Ulrich Windl


Hi!

I have a general question: I named my installation user "master" and I 
have two issues:


1) I tried to change the password in Dom0 using passwd; it failed. How 
Can I change the password?


2) In an anonymous cube I saved some file with Firefox, and it said it's 
below /home/master/... When trying to open the file in another 
application of the same cube, I could not find /home/master, but only a 
/home/user, and the file wasn't here. What's the magic behind?



Regards,

Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40028640-b401-b0ab-d002-6891ff601850%40rz.uni-regensburg.de.

[qubes-users] sys-net: Odd messages in syslog

2020-03-06 Thread Ulrich Windl

Hi,

I'm wondering about many "odd" messages seen in syslog; maybe someone can 
explain what they really mean and whether they are intended to appear.

First in sys-net when booting:

Mar 06 22:58:10 localhost kernel: Run /init as init process
Mar 06 22:58:10 localhost kernel: Invalid max_queues (4), will use default max: 
2.   <<
Mar 06 22:58:10 localhost kernel: blkfront: xvda: flush diskcache: enabled; 
persistent grants: enabled; indirect descriptors: enabled;

Mar 06 22:58:19 sys-net mount-dirs.sh[300]: /var/spool/cron is not a symlink
Mar  06 22:58:19 sys-net mount-dirs.sh[300]: /var/spool/cron is neither a  
directory nor a file and the path does not exist below /rw, sk>

Mar 06 22:58:20 sys-net xl[424]: libxl: error: 
libxl_utils.c:818:libxl_cpu_bitmap_alloc: failed to retrieve the maximum number 
of cpus

Repeating message:
Mar 07 01:34:18 sys-net xdg-desktop-por[1098]: Failed to get application 
states: GDBus.Error:org.freedesktop.portal.Error.Failed: Could not get window 
list: Cannot invoke method; proxy is for the well-known name org.gnome.Shell 
without an owner, and proxy was constructed with the 
G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START flag


And trying to find out what module u2mfn does I realized that the module has no 
description:

user@sys-net ~]$ modinfo u2mfn
filename:   /lib/modules/4.19.100-1.pvops.qubes.x86_64/extra/u2mfn.ko
version:5.0.0
license:GPL
srcversion: A8326EAC5EF0629101E6EC7
depends:
retpoline:  Y
name:   u2mfn
vermagic:   4.19.100-1.pvops.qubes.x86_64 SMP mod_unload 


Regards,
Ulrich




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5E62F1CF02A100037AAA%40gwsmtp.uni-regensburg.de.

Re: [qubes-users] Device () available / removed