date:20201220

On Mon, Dec 21, 2020 at 12:36:05AM +0100, Ulrich Windl wrote:
> On 12/15/20 5:40 PM, ser...@da.matta.nom.br wrote:
> > Thank you Unman. I do not use React-OS anymore. It worked fine on Qubes
> > 3. But I really think it was a bad decision to support only xvda. It is
> > not only Android, React-os, Chrome-Os and others. It is about Qubes
> > users.?? I will keep using Qubes-OS 4 even with his limitations, but I
> > hope Qubes-os chooses to be?? easier to his users, in the future.
> 
> Some stupid question: Isn't it the kernel that boots in the VM that assigns
> the name? If so, it's not Xen that assigns the name...
> 

Not a stupid question - Xen instruments the block device type, and the
kernel names accordingly.
In these cases, the kernel will not name the default block devices as
/dev/sdX, but the installer will only work if such a disk is present.
One might ask why the installers are so restrictive.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20201221030729.GF31074%40thirdeyesecurity.org.

Re: [qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?

On Sun, Dec 20, 2020 at 04:21:21PM +0100, Morten Eyrich wrote:
> How do I edit network connections in sys-net to remove "automatically
> connect" ?
> 
> Den s??n. 20. dec. 2020 kl. 14.38 skrev unman :
> 
> > On Sun, Dec 20, 2020 at 01:59:41AM -0800, ME wrote:
> > > Why isn't it possible to manually control if the pc should enable
> > > networking and wi-fy at login or not ?
> > >
> >
> > It is.
> > You can edit network connections in sys-net to remove "automatically
> > connect".
> > Or disable autostart for all qubes, disable the qubes time service,
> > disable automatic checking for updates. Then your machine will stay
> > offline until you choose to open a network connection.
> >

Right click on the Network Manager Icon - select "Edit Connections".
Select the connection - click on the "Gear" icon.
In the "Editing" window, go to the General Tab, and deselect "Connect
Automatically"

Generally, this is an option that you set (often by omission) when you
make a new connection.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20201221030047.GE31074%40thirdeyesecurity.org.

[qubes-users] Q: Kernel being used in VM


Hi!

I wonder: What sense is in updating the kernel in a VM (e.g. fedora-32) 
when that kernel isn't used when booting the VM?


For example:
user@sys-firewall ~]$ rpm -qa kernel\*
kernel-core-5.9.11-100.fc32.x86_64
kernel-5.9.12-100.fc32.x86_64
kernel-modules-5.9.14-100.fc32.x86_64
kernel-modules-5.9.11-100.fc32.x86_64
kernel-headers-5.9.13-100.fc32.x86_64
kernel-devel-5.9.11-100.fc32.x86_64
kernel-debug-devel-5.9.11-100.fc32.x86_64
kernel-modules-5.9.12-100.fc32.x86_64
kernel-devel-5.9.12-100.fc32.x86_64
kernel-devel-5.9.14-100.fc32.x86_64
kernel-core-5.9.12-100.fc32.x86_64
kernel-5.9.14-100.fc32.x86_64
kernel-core-5.9.14-100.fc32.x86_64
kernel-debug-devel-5.9.14-100.fc32.x86_64
kernel-5.9.11-100.fc32.x86_64
kernel-debug-devel-5.9.12-100.fc32.x86_64
[user@sys-firewall ~]$ uname -a
Linux sys-firewall 4.19.155-1.pvops.qubes.x86_64 #1 SMP Mon Nov 9 
06:37:34 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux


Regards,
Ulrich

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ce2c3b5-220c-8d0f-b49e-17bbf8ed6baa%40rz.uni-regensburg.de.

Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

On 12/21/20 1:08 AM, Ulrich Windl wrote:

On 12/20/20 4:17 PM, Morten Eyrich wrote:
Okay so if I have been using a https connection, then it's no 
problem... ?

If they use a wrong certificate for a MITM attack they might decode your 
connection... It means nobody between you and the "next endpoint" can 
read your password, but how to ensure what the "next endpoint" really is?

Well actually they could construct a terribly poor or well-known 
"secret" key so that the encryption is "pre-broken" (can easily be 
decrypted).

Den søn. 20. dec. 2020 kl. 14.35 skrev unman 
mailto:un...@thirdeyesecurity.org>>:

    On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
 > Lets say I have a compromised router/networkconnection.
 >
 > I use a Qubes OS pc to go on the internet through the compromised
 > router/networkconnection.
 >
 > Is it then possible for the intruder to see the passwords that I
    enter and
 > is being sent through the compromised router/networkconnection ?
 >

    Yes, but only if you send the password in the clear.
    Don't do this. In fact don't do *anything* in the clear.
    Only use encrypted connections - https for web sites, TLS or other
    encryption methods for
    SMTP/POP/IMAP to get mail, ssh, etc, etc.
    Encrypt any valuable data.
    Trust nothing.

    --     You received this message because you are subscribed to the 
Google

    Groups "qubes-users" group.
    To unsubscribe from this group and stop receiving emails from it,
    send an email to qubes-users+unsubscr...@googlegroups.com
    .
    To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org 

. 

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com 
. 

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86730e53-7ed7-8e9c-28f3-63d0fa549d0f%40rz.uni-regensburg.de.

Re: [EXT] Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

On 12/20/20 4:17 PM, Morten Eyrich wrote:

Okay so if I have been using a https connection, then it's no problem... ?

If they use a wrong certificate for a MITM attack they might decode your 
connection... It means nobody between you and the "next endpoint" can 
read your password, but how to ensure what the "next endpoint" really is?

Den søn. 20. dec. 2020 kl. 14.35 skrev unman >:

On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
 > Lets say I have a compromised router/networkconnection.
 >
 > I use a Qubes OS pc to go on the internet through the compromised
 > router/networkconnection.
 >
 > Is it then possible for the intruder to see the passwords that I
enter and
 > is being sent through the compromised router/networkconnection ?
 >

Yes, but only if you send the password in the clear.
Don't do this. In fact don't do *anything* in the clear.
Only use encrypted connections - https for web sites, TLS or other
encryption methods for
SMTP/POP/IMAP to get mail, ssh, etc, etc.
Encrypt any valuable data.
Trust nothing.

-- 
You received this message because you are subscribed to the Google

Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org

.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com 
.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94fd64c2-3695-aba2-92c7-c977c25930b8%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] How do you stream and whatch mp4-video's in your Firefox Browser ?


On 12/20/20 11:43 AM, ME wrote:

How do you stream and whatch mp4-video's in your Firefox Browser ?


"your" firefox browser? What's that?



--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5290bec5-d65e-41d4-953e-9493180d3abfn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4cdc976-4f4b-62c8-4992-773e6e87f104%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?


On 12/20/20 10:59 AM, ME wrote:
Why isn't it possible to manually control if the pc should enable 
networking and wi-fy at login or not ?


You CAN switch sys-net to manual start, and you can disconnect any VM 
from the network.




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d2f8d5e-c7af-4f4d-b643-051b5a404fbbn%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f2738863-de98-6d99-1292-3cf620942373%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?


On 12/20/20 10:27 AM, ME wrote:
Lets say I have a USB storage device which has a virus on it that will 
infect a Linux pc when it is inserted.


If I insert the USB storage device in my Qubes OS pc after login to 
Qubes OS, is it then possible for the virus to infect my pc immediately 
after I have plugged it in before or after attaching the device to a VM ?


I think it depends on how the virus works. For example if it could cause 
code execution by overflowing the SCSI vendor/model buffer (I'm not 
saying that this is possible, BTW), it could cause execution even before 
anything is mounted...




--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/365aebf3-1118-7ca0-e7c2-f70044537a74%40rz.uni-regensburg.de.

Re: [EXT] Re: [qubes-users] crontab backups?

On 12/17/20 3:14 PM, Stumpy wrote:

On 12/17/20 8:47 AM, haaber wrote:

On 12/17/20 2:32 PM, Stumpy wrote:

I havent played with crontab in forever, and I cant code at all, but I
really wanted to try to automate my backups a wee bit.

I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix
centos-7-minimal email chat work personal

and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup
will run but when i try to do it via cron then nada?

The crond seems to be running and crontab -l shows the schedule I pasted
above, Is there a reason this shouldn't work?

I am no cron-expert, but in my exoerience cron and scripts often mess.
One reason seems " pipes " in scripts that usually fail when cron'ed.
Have a look at these "|" in the script and re-code them pipe-free -- to
my opinion that would be a good starting point. cheers

Thanks!
I didnt realize that cron and scripts didnt mix, I just put one long
line into cron and it has started up!

Much appreciated!

??? Your script was executable using "she-bang" (#!/bin/my_shell)?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/684f5b80-1adf-9747-f51f-2e5d5bc1205b%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] crontab backups?


On 12/17/20 2:32 PM, Stumpy wrote:
I havent played with crontab in forever, and I cant code at all, but I 
really wanted to try to automate my backups a wee bit.


I made a basic script (qubackup) in the ~/ dom0 directory:
/home/bob/qvm-backup --yes --verbose --compress --passphrase-file 
~/PASSPHRASE_FILE.txt /run/media/bob/drobo/backups/ anon-whonix 
centos-7-minimal email chat work personal


and set crontab to run it every:
0 1 * * * /home/bob/qbackup

but it did not seem to work. I am able to run the script and the backup 
will run but when i try to do it via cron then nada?


Checked the syslog? Did you use "crontab -e" to setup the crontab?



The crond seems to be running and crontab -l shows the schedule I pasted 
above, Is there a reason this shouldn't work?




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/100cd61e-42ba-1117-452a-f79a61b67fa0%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] new xen kernel 5.xx


On 12/16/20 9:32 AM, haaber wrote:

I have still instabilities with the xen kernels 5.x (sudden system
freeze). I also have a small /boot and hold only the last 3 kernels.


I can (outside of Qubes OS) trigger a kernel freeze when the kernel 
starts swapping on a thin-provisioned LV. I think I wrote that to this 
list some time ago. You could also find some details at kernel.org's 
bugzilla.



They are right now:

vmlinuz-4.19.155-1.pvops.qubes.x86_64
vmlinuz-5.4.78-1.qubes.x86_64
vmlinuz-5.4.83-1.qubes.x86_64

I would like to mark the (for me very stable) kernel 4.19.155 as "do not
erase while updating" and remove the (for me) useless kernel
vmlinuz-5.4.78-1.qubes.x86_64. How can I do that, please?  I fear to
make a mess when just "playing around". I also want to keep 5.x kernels
for appVM's (they work well).   Thank you!


I think you'll have to find out what actually makes your kernel freeze 
(if it freezes at all).






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f000fb31-a46a-18f2-3e2a-39e0c102e7e0%40rz.uni-regensburg.de.

Re: [EXT] Re: [qubes-users] qubes-os // stand-alone reactos fails


On 12/15/20 5:40 PM, ser...@da.matta.nom.br wrote:
Thank you Unman. I do not use React-OS anymore. It worked fine on Qubes 
3. But I really think it was a bad decision to support only xvda. It is 
not only Android, React-os, Chrome-Os and others. It is about Qubes 
users.  I will keep using Qubes-OS 4 even with his limitations, but I 
hope Qubes-os chooses to be  easier to his users, in the future.


Some stupid question: Isn't it the kernel that boots in the VM that 
assigns the name? If so, it's not Xen that assigns the name...




Em terça-feira, 15 de dezembro de 2020 às 00:21:31 UTC-3, unman escreveu:

On Mon, Dec 14, 2020 at 01:05:59PM -0800, ser...@da.matta.nom.br wrote:
 > Dear Unman,
 > Please, why Qubes chooses to use /dev/xvda differently then the
other
 > softwares are expecting?
 > Since there is already a patch, it should be permanent to
minimize problems.
 > Thank you
 > Em domingo, 13 de dezembro de 2020 ??s 21:54:58 UTC-3, unman
escreveu:
 >
 > > On Sun, Dec 13, 2020 at 03:07:06PM -0800, ludwig...@gmail.com
wrote:
 > > > Hi I am trying to install reactos 0.4.13 as stand alone with
16G system
 > > and
 > > > 16g private.
 > > > I know, way too much.
 > > > Reactos fails with blue screen and red print: "Setup could
not find a
 > > > harddisk"
 > > > Enter = Reboot computer.
 > > >
 > > > So why there is no harddisk in the vm?
 > > > Is there an editor to configure more options to the vm? So I
would like
 > > > to see if the devices are there.
 > > >
 > > > BTW: If someone could contribute a reactos template with common
 > > > tools like peazip and sumatrapdf it would be nice for all to
play with
 > > some
 > > > old windows stuff.
 > > >
 > > > Regards
 > > >
 > > > Ludwig
 > > >
 > >
 > > This has come up a number of times on the list, both for
ReactOS and
 > > Android installs.
 > > The issue is that ReactOS *has* to see a disk at /dev/sda or
/dev/hda,
 > > whereas Qubes presents disks at /dev/xvda etc.
 > > Take a look at
https://github.com/unman/notes/blob/master/disks_in_Qubes

 > > If you look at https://github.com/unman/change_disk
 you'll see a
 > > possible solution: how to use those files is explained at
 > > https://github.com/unman/notes/blob/master/InstallingAndroid.md

 > >
 > > Basically, you redefine the disks so that they are presented as
disks
 > > that ReactOS will accept. Then you can just install to /dev/sda
 > >
 > > If you need help, just ask.
 > >
 >

Qubes is based on Xen, and Xen decided many moons ago to using xvdX for
block devices, instead of sdX. You might ask why ReactOS and Android
are
so hidebound in their expectations for block devices.
This is more of a hack than a patch, so I think it unlikely it will be
incorporated in to Qubes.

On the issue of a template, you can install reactos as a template HVM,
and spawn other qubes off it. I could point you to an example if that
would be helpful.

--
You received this message because you are subscribed to the Google 
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to qubes-users+unsubscr...@googlegroups.com 
.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23460d00-e1ed-4cb6-b007-119841e2ad16n%40googlegroups.com 
.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f147f24d-8a6b-b33e-b2ba-ac04533d6b47%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] How to edit Qubes R4.0.3 ISO image file in Windows 10 system

On 12/14/20 7:42 PM, Data Eight wrote:
I am trying to install "Qubes-R4.0.3-x86-64 OS" on Windows 10 UEFI
system. Using Rufus created bootable media (DD image option selected).
The installation is done (till the message that qubes successfully
installed and ready to go) but after first reboot, the black screen not
proceed further.

If you ever messed with grub2's boot menu, I could suggest to remove the
"quiet" option. So there should be some messages when booting, and maybe
sone message is the last one, so you may get a clue...

I found to add two lines (bootnoexit=1; mapbs=1) in each kernel section
within bootx64.cfg file within EFI folder.

But it is not working in Windows 10. Since I am a New user to Qubes OS,
I request help in this issue (Can't logging to Qubes).

What Do you mean with "in Windows 10"?: Run as VM in Windows 10?

Thanks in advance for your help.

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CALdk6vJ1-4ZNAYZ-viJfKyiHdBwpXiM4uF-hLKXsb3Ygwh%2BBtw%40mail.gmail.com
.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/32c6c692-58f4-a1d2-1207-4902166e378d%40rz.uni-regensburg.de.

Re: [EXT] [qubes-users] Re: Upgrading primary HD size

On 12/12/20 1:16 AM, 'keyandthegate' via qubes-users wrote:

Oops, I forgot I'm using btrfs.

Well, it's not specific to Qubes OS, but maybe you'd like to read this:
Setting up a HA cluster using Xen PVMs recently, I found a bug that
activated one VM on two nodes at the same time... The VM was using BtrFS
as root / boot filesystem with many subvolumes and automatic snapshots
before each software update.
As a result the BtrFS was corrupted, and there was NO way to recover any
of the snapshots or subvolumes. Maybe keep this in mind. In the past I'd
traditionally use separate ext2/3 filesystems for things like /, /boot,
/var, etc. And the changes to recover something are probably higher than
with BtrFS... Anyway: I just wanted to tell.

Regards,
Ulrich

‐‐‐ Original Message ‐‐‐
On Friday, December 11, 2020 11:14 AM, keyandthegate
wrote:

Hi I recently upgraded to a new primary HD and these are the steps
I've taken:

1. plug the new HD in via USB
2. boot from debian live
3. use dd to copy my entire old HD to new HD
4. use gdisk to convert from MBR to GPT
5. use gparted to move the swap partition to the end of the drive, and
resize the primary partition to use the remaining space

6. swap in the new HD

I read I need to resize the LVM thin pool but, I'm not seeing the
right output from lvs.

Existing threads:
https://groups.google.com/g/qubes-users/c/D-on-hSX1Dc/m/Q3rbYGyvAAAJ

https://groups.google.com/g/qubes-users/c/w9CIDaZ3Cc4/m/0xvtMUrIAgAJ

I also have a second 2TB drive with a second pool.

lsblk output:
nvme0n1
259:0 0 7.3T 0 disk
├─nvme0n1p3
259:3 0 15.4G 0 part
│ └─luks-[...]
253:1 0 15.4G 0 crypt [SWAP]
├─nvme0n1p1
259:1 0 1G 0 part /boot
└─nvme0n1p2
259:2 0 7.3T 0 part
└─luks-[..]
253:0 0 7.3T 0 crypt /

[...]
sda
8:0 0 1.8T 0 disk
└─luks-[...]
253:2 0 1.8T 0 crypt
├─qubes-poolhd0_tdata
253:4 0 1.8T 0 lvm
│ └─qubes-poolhd0-tpool
253:5 0 1.8T 0 lvm

[... my qubes on second HD]
└─qubes-poolhd0_tmeta
253:3 0 120M 0 lvm
└─qubes-poolhd0-tpool
253:5 0 1.8T 0 lvm

[... my qubes on second HD]
[...]

$ qvm-pool -l
NAME DRIVER
varlibqubes file-reflink
linux-kernel linux-kernel
poolhd0_qubes lvm_thin

$ sudo lvs -a
LV VG Attr LSize
Pool Origin Data% Meta% Move
Log Cpy%Sync Convert

[lvol0_pmspare] qubes ewi--- 120.00m
poolhd0 qubes twi-aotz--
1.82t 69.41 43.01

[poolhd0_tdata] qubes Twi-ao 1.82t
[poolhd0_tmeta] qubes ewi-ao 120.00m
[... my qubes on second HD]

Where have my Qubes on the first HD gone? They still work, but I don't
see them in the output of these commands.

--
You received this message because you are subscribed to the Google
Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to qubes-users+unsubscr...@googlegroups.com
.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/HA2V2H7xCHTxhIlQ7HvG9BdLmlOdOsZRfYJeFCkDQANMLsLwg5qBofGGTY388Wg709VswBrbt4f01UylsHfpXSqF2AkqFGYACWxrsnGf8lA%3D%40protonmail.com
.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/536a5877-91d1-b719-35e5-20e836a5765f%40rz.uni-regensburg.de.

Re: [qubes-users] Re: Can no longer copy text from xterm by default

On 12/11/20 3:48 AM, Andrew David Wong wrote:

On 12/10/20 12:23 PM, Ulrich Windl wrote:

On 12/10/20 3:49 AM, Andrew David Wong wrote:
I used to be able to be able to do the following to copy text from
xterm in Fedora and Debian VMs:

1. Select/highlight the desired text, thereby inserting it into the
PRIMARY buffer.

2. Press in order to bring up a menu (I
think it was the "VT Options" menu).

3. In this menu, select the option to copy text from the PRIMARY
buffer to that VM's local clipboard.

4. Press to copy text to the Qubes inter-VM
clipboard and proceed as usual.

However, some time ago, step 2 suddenly stopped working, and I have
no idea why. Pressing in xterm now does
nothing, as far as I can tell. I've checked my trackpad/mouse
settings, and everything seems fine and unchanged. I've tried
pressing the left and right mouse buttons simultaneously instead, but
nothing.

I know that I can probably create custom xterm settings that will
allow me to copy text, but I'd still like to know whether there's a
way to do it by default for cases in which the VM is uncustomized.
Does anyone know if there is such a way?

I never used that, but here for the fedora-32 template it works.
I think you can override bindings inside the app via X resources, but
my suspect is that the window manager "captures" the mouse or key
event, so it does not arrive at the terminal any more.

I'm confused. You say it's working in the Fedora 32 template for you,
yet you also say the key event is captured, so it's not arriving at the
terminal anymore. How can it be working for you if the key event is
being captured by the window manager?

You missed something: I' not the one who had the problem; I'm one who
tried to help / explain.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c535869d-6b13-fbb7-fd27-53c2ee03d47e%40rz.uni-regensburg.de.

Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-20 Thread viq

On Sun, 2020-12-20 at 16:17 +0100, Morten Eyrich wrote:
> Okay so if I have been using a https connection, then it's no
> problem... ?

For a simple passive man-in-the-middle attacker, yes, encrypting connections is 
sufficient to protect them.
For attackers willing to perform active attacks, or having access to a lot of 
resources (at least tens of thousands USD), it depends.
-- 
viq

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4be6524312653841afc7692d224cda35b4b4397f.camel%40gmail.com.

Re: [qubes-users] Help for Qubes updater problem with Fedora-32?

2020-12-20 Thread viq

On Sat, 2020-12-19 at 07:15 -0800, Viktor Ransmayr wrote:
> vic...@gmail.com schrieb am Samstag, 19. Dezember 2020 um 14:26:10
> UTC+1:
> > On Sat, 2020-12-19 at 02:01 -0800, Viktor Ransmayr wrote: 
> > > Since this morning Qubes Updater does not succeed updating the 
> > > 'fedora-32' template multiple times, while it did work for
> > 'whonix- 
> > > gw-15' w/o any issues ... 
> > > 
> > > The log, that is returned, does not provide me enough information
> > to 
> > > decide what to do next - or - how to resolve this issue: 
> > 
> > Try running an upgrade from Qubes Manager, or start a terminal in
> > that template and run dnf upgrade, see what that tells you. 
> 
> Performing the upgrade via Qubes Manager did resolve the issue
> immediately. - Thanks a lot for your help!
> 
> Out of curiosity: Why are the actions 'triggered / used' by Qubes
> Manager (QM) and Qubes Updater (QU) different?

Qubes Manager, as far as I know, launches a terminal, in which it
launches system tools, be it apt or dnf or something else. How is it
determined which one to use, I wasn't yet able to find.
Qubes Updater uses qubesctl, which under the hood uses salt, with it's
tools and libraries.

> With kind regards,
> 
> Viktor
> 
> -- 
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/4dd4b91c-2732-4b53-8ab1-c4f4e4fffea5n%40googlegroups.com
> .

-- 
viq

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f89c222a4c0a9dc35fd33f0a30ad3e0214c32579.camel%40gmail.com.

Re: [qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?

2020-12-20 Thread Morten Eyrich

How do I edit network connections in sys-net to remove "automatically
connect" ?

Den søn. 20. dec. 2020 kl. 14.38 skrev unman :

> On Sun, Dec 20, 2020 at 01:59:41AM -0800, ME wrote:
> > Why isn't it possible to manually control if the pc should enable
> > networking and wi-fy at login or not ?
> >
>
> It is.
> You can edit network connections in sys-net to remove "automatically
> connect".
> Or disable autostart for all qubes, disable the qubes time service,
> disable automatic checking for updates. Then your machine will stay
> offline until you choose to open a network connection.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20201220133814.GE28281%40thirdeyesecurity.org
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANV8zv0wBz5yo-SKAFpNPW_0rAFzMcHxxz%2Bm4A3%3DNV8JoAdk4g%40mail.gmail.com.

Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

2020-12-20 Thread Morten Eyrich

Okay so if I have been using a https connection, then it's no problem... ?

Den søn. 20. dec. 2020 kl. 14.35 skrev unman :

> On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
> > Lets say I have a compromised router/networkconnection.
> >
> > I use a Qubes OS pc to go on the internet through the compromised
> > router/networkconnection.
> >
> > Is it then possible for the intruder to see the passwords that I enter
> and
> > is being sent through the compromised router/networkconnection ?
> >
>
> Yes, but only if you send the password in the clear.
> Don't do this. In fact don't do *anything* in the clear.
> Only use encrypted connections - https for web sites, TLS or other
> encryption methods for
> SMTP/POP/IMAP to get mail, ssh, etc, etc.
> Encrypt any valuable data.
> Trust nothing.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANV8zv3%3DqzYZdT0rXxy2Z5rD3LPiU-Q%2BZusDTHYR2G_%2B0LNWmw%40mail.gmail.com.

Re: [qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?

On Sun, Dec 20, 2020 at 01:59:41AM -0800, ME wrote:
> Why isn't it possible to manually control if the pc should enable 
> networking and wi-fy at login or not ?
> 

It is.
You can edit network connections in sys-net to remove "automatically
connect".
Or disable autostart for all qubes, disable the qubes time service,
disable automatic checking for updates. Then your machine will stay
offline until you choose to open a network connection.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20201220133814.GE28281%40thirdeyesecurity.org.

Re: [qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

On Sun, Dec 20, 2020 at 01:39:19AM -0800, ME wrote:
> Lets say I have a compromised router/networkconnection.
> 
> I use a Qubes OS pc to go on the internet through the compromised 
> router/networkconnection.
> 
> Is it then possible for the intruder to see the passwords that I enter and 
> is being sent through the compromised router/networkconnection ?
> 

Yes, but only if you send the password in the clear. 
Don't do this. In fact don't do *anything* in the clear.
Only use encrypted connections - https for web sites, TLS or other encryption 
methods for
SMTP/POP/IMAP to get mail, ssh, etc, etc. 
Encrypt any valuable data.
Trust nothing.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20201220133542.GD28281%40thirdeyesecurity.org.

Re: [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?

On Sun, Dec 20, 2020 at 01:27:59AM -0800, ME wrote:
> Lets say I have a USB storage device which has a virus on it that will 
> infect a Linux pc when it is inserted.
> 
> If I insert the USB storage device in my Qubes OS pc after login to Qubes 
> OS, is it then possible for the virus to infect my pc immediately after I 
> have plugged it in before or after attaching the device to a VM ?
> 

There are different sorts of malware.
A traditional form of virus or worm can sit on the USB, but will not be
activated until triggered - usually by opening the file or attempting to
run the application containing the virus. The answer here, obviously, is
"No."

Some attacks:
1. Specific USB attacks may emulate a keyboard and issue commands - this
may allow files to be exfiltrated or malware to be installed. This will
affect the sys-usb device *and perhaps dom0*. If you have sys-usb
automatically attach keyboard without prompt you wont notice this. 
2. A bad USB may also spoof a NIC - unlikely to be relevant in Qubes unless
you have combined sys-net/usb.
3. A bad USB may attack the controller, and then infect controller chips
of other USB devices connected to the computer. If possible, separate
controllers, and use them for specific purposes - e.g have one
controller attached to an "open" sys-usb and **only** use that for
untrusted devices. 
4. A modified USB may detect that the computer is starting up, and boot a
small virus which will infect the operating system prior to boot. Don't
boot your machine with USB devices attached.
5. Other stuff.

So the broad answer to your question is "Yes".
Depending on the type of attack, you can mitigate risk by using
disposable sys-usb qubes, limiting USB device types within sys-usb
using udev rules, separating controllers and so on.
If you think you are a real target, don't use USB - it takes seconds to
physically disable USB ports. Port lockers are also available, if you
*must* have a USB port.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20201220131715.GC28281%40thirdeyesecurity.org.

[qubes-users] Re: Please help test kernel 5.4 in anticipation of Qubes 4.0.4-rc2

2020-12-20 Thread lama...@gmail.com

I installed the updates from security-testing to fix QSB-063. I was still 
running kernel 4.19.x, but instead of the fixed 4.19 version, the fixed 5.4 
version was installed. It has been running a few days now and I have not 
noticed any issues.(Sandy Bridge i5 notebook.)

On Friday, November 27, 2020 at 3:59:11 PM UTC+1 a...@qubes-os.org wrote:

> Hi all,
>
> Based on the feedback we've received for Qubes 4.0.4-rc1, we've decided 
> to make one additional change for 4.0.4, namely updating the kernel to 
> at least 5.4. This means that we'll need a second release candidate 
> before the stable release of 4.0.4. [1]
>
> The official announcement for 4.0.4-rc2 will come soon. This is just an 
> informal request for anyone willing to help test kernel 5.4 on Qubes 4.0 
> to do so and report any problems. [2] The package is already available 
> in current-testing. [3] Thank you!
>
> [1] https://github.com/QubesOS/qubes-issues/issues/6170
> [2] https://www.qubes-os.org/doc/reporting-bugs/
> [3] https://www.qubes-os.org/doc/testing/
>
> -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5a039e86-954a-4055-a794-cbdd0c1c53f4n%40googlegroups.com.

[qubes-users] How do you stream and whatch mp4-video's in your Firefox Browser ?

How do you stream and whatch mp4-video's in your Firefox Browser ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5290bec5-d65e-41d4-953e-9493180d3abfn%40googlegroups.com.

Re: [qubes-users] qubes-os // stand-alone reactos fails

2020-12-20 Thread Alex Smirnoff

I think there is a way to pass /dev/sdX disk device directly to a qube.. 


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6dcdcb3c-ea60-4f68-9d23-cb271c96f945n%40googlegroups.com.

[qubes-users] HCL - Dell Inc Optiplex 790

2020-12-20 Thread 'Glascock, Ryan T' via qubes-users



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/DM6PR10MB3836B8966E0BD1898EC013929CC10%40DM6PR10MB3836.namprd10.prod.outlook.com.


Qubes-HCL-Dell_Inc_-OptiPlex_790-20201220-035756.yml
Description: Qubes-HCL-Dell_Inc_-OptiPlex_790-20201220-035756.yml

[qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?

Why isn't it possible to manually control if the pc should enable 
networking and wi-fy at login or not ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d2f8d5e-c7af-4f4d-b643-051b5a404fbbn%40googlegroups.com.

[qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?

Lets say I have a compromised router/networkconnection.

I use a Qubes OS pc to go on the internet through the compromised 
router/networkconnection.

Is it then possible for the intruder to see the passwords that I enter and 
is being sent through the compromised router/networkconnection ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b2f7b3b-f84d-4f82-9fa7-eabd22952f15n%40googlegroups.com.

[qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?