Re: [qubes-users] Re: [HCL] ThinkPad T430
On 6/9/21 3:54 PM, Ulrich Windl wrote: How many $$$ (€)? Laptop: $244.46 ThinkPad T430 $237.62 i7-3740QM 2.70 GHz $39.75 CPU Cooling Fan Heatsink (04W3269 0B41088 04X3788) $84.32 Crucial RAM 16GB Kit (2x8GB) DDR3 $219.99 870 QVO 2TB SSD $115.50 B140HAN01.3 FHD 1920x1080 High Gamut IPS LCD LED Display Panel $43.99 1080p IPS FHD Upgrade Kit $23.47 7260ac Wireless LAN PCIe - $1,009.10 Dock: $81.13 Mini Dock Series 3 Docking Sation - 433715 Tools: $8.43 Noctua NT-H1 Thermal Compound Paste $12.80 Test Clips + CH341A 24 25 Series EEPROM Programmer $69.99 IFIXIT PRO TECH TOOLKIT -- $91.22 If you shop a bit smarter than me, you can probably do the whole thing under $1,000. Seeing how the machine performs and how well it runs Qubes OS out of the box it is certainly worth every penny. /Sven -- public key: https://www.svensemmler.org/2A632C537D744BC7.asc fingerprint: DA59 75C9 ABC4 0C83 3B2F 620B 2A63 2C53 7D74 4BC7 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8972ad62-583c-652b-e5cc-4fc3d9506d73%40SvenSemmler.org. OpenPGP_signature Description: OpenPGP digital signature
[qubes-users] Re: Bitcoin Core RPC qvm-connect-tcp not working?
I tried in a fresh vm: user@my-new-qube:~$ qvm-connect-tcp 8332:bitcoind:8332 Binding TCP 'bitcoind:8332' to 'localhost:8332'... user@my-new-qube:~$ telnet localhost 8332 Trying ::1... Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Request refused 2021/06/09 17:50:53 socat[992] E waitpid(): child 993 exited with status 126 Connection closed by foreign host. How would bitcoin core even know that I'm connecting from a different VM, if it should also be as if from localhost? ‐‐‐ Original Message ‐‐‐ On Thursday, June 10th, 2021 at 12:09 AM, keyandthegate wrote: > Hi, I'm following the instructions here: > https://github.com/qubenix/qubes-whonix-bitcoin/blob/master/1_joinmarket.md > > After I run "qvm-connect-tcp 8332:bitcoind:8332" in the joinmarket vm > > "telnet localhost 8332" works from bitcoind vm, but does not work from the > joinmarket vm, where it says "Connection closed by foreign host." > > I tried adding this to my bitcoin config: > rpcbind=127.0.0.1 > rpcallowip=0.0.0.0/0 > rpcbind=bitcoind > and then running "sudo systemctl restart bitcoind" > after reading: > https://bitcoin.stackexchange.com/questions/87943/unable-to-bind-any-endpoint-for-rpc-server > but it didn't help > > Is there anywhere I can find a working example of using qvm-connect-tcp to > connect to bitcoin core RPC server from another vm? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/H3mNENsf2wIkW-JEjQC89I_lGkkKf1_4ItuiO0muHse0Qs7eOw-qwA2pTdSD8PAfUrEJwcLLUAqz7aRCuO2JTCZzI3N3qc6CE70qf4P3vo4%3D%40protonmail.com.
[qubes-users] Bitcoin Core RPC qvm-connect-tcp not working?
Hi, I'm following the instructions here: https://github.com/qubenix/qubes-whonix-bitcoin/blob/master/1_joinmarket.md After I run "qvm-connect-tcp 8332:bitcoind:8332" in the joinmarket vm "telnet localhost 8332" works from bitcoind vm, but does not work from the joinmarket vm, where it says "Connection closed by foreign host." I tried adding this to my bitcoin config: rpcbind=127.0.0.1 rpcallowip=0.0.0.0/0 rpcbind=bitcoind and then running "sudo systemctl restart bitcoind" after reading: https://bitcoin.stackexchange.com/questions/87943/unable-to-bind-any-endpoint-for-rpc-server but it didn't help Is there anywhere I can find a working example of using qvm-connect-tcp to connect to bitcoin core RPC server from another vm? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/u_WMmFSUyvkv2qKy11G82EJgtlDFki_fOpKbnQLLqv0PE6_XzPttms6nFSvgmiHLnwYVyCti2uYrDjTM-xYCFdBtzdWwxS97yWfbCLG86LU%3D%40protonmail.com.
Re: [qubes-users] Re: QSB-069: Multiple Xen and Intel issues
On 6/9/21 2:33 PM, Ludovic wrote: On 6/9/21 @ 23:07, Ulrich Windl wrote : On 6/9/21 3:06 AM, Andrew David Wong wrote: After updating today no kernel was offered; I still have: # rpm -qa kernel\* kernel-5.4.88-1.qubes.x86_64 kernel-5.4.98-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.98-1.fc25.qubes.x86_64 kernel-5.4.107-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.107-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.88-1.qubes.x86_64 Somehow I'm missing instructions to get that kernel... Hi Ulrich, please, re-read the QSB, you missed **security-testing repository** : > These packages will migrate from the security-testing repository to the > current (stable) repository over the next two weeks after being tested > by the community. [1] Once available, the packages are to be installed > via the Qubes Update Tool or its command-line equivalents. [2] The QSB provides the links to the documentation which explains how to update from security-testing, else wait ~2 weeks. The kernel update is only if you use `kernel latest` (i.e. 5.5 kernel), but you use a 5.4 kernel. The xen and intel-microcode update is for everyone. Same for your post about XScreenSaver : **security-testing repository**. I did all theses update on my Qubes-OS host, from now, no detected issue. Ludovic is correct. The kernel update is only for people who are using `kernel-latest`, as clearly stated in the QSB. You would know if you were using `kernel-latest`, as you would've had to take deliberate action to start using it. If you never did anything to change from the default kernel, then this kernel update doesn't apply to you, and it's expected that you would not see any kernel updates associated with this QSB. -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68ef299c-8bc9-9fb8-4b61-c23e2d63fc33%40qubes-os.org. OpenPGP_signature Description: OpenPGP digital signature
Re: [qubes-users] How to use qvm-open-in-vm?
On 6/9/21 1:41 PM, Ulrich Windl wrote: On 5/31/21 5:12 AM, Sven Semmler wrote: On 5/30/21 12:37 AM, Adam Mercer wrote: this opens a dialog asking me to select a target domain check your /etc/qubes-rpc/policy/qubes.OpenURL If you want your example to work add this line before all others: $anyvm browser allow Curious: Does the line $anyvm $dispvm allow mean it'll be allowed for any disposable VM? No, it means that any VM is allowed to cause a new DisposableVM to be created in which that type of thing (i.e., file or URL, depending on the policy file containing this line) will then be opened. The first is the source qube ... the one calling qvm-open-in-vm. The second is the target 'browser' in your example. The third is either 'deny', 'ask' or 'allow' -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d6d1884-de95-7f21-b046-cb529474d072%40qubes-os.org. OpenPGP_signature Description: OpenPGP digital signature
Re: [qubes-users] Re: QSB-068: Disconnecting a video output can cause XScreenSaver to crash
On 6/9/21 1:58 PM, Ulrich Windl wrote: On 6/5/21 2:42 AM, Andrew David Wong wrote: ... User action required = Users must install the following specific packages in order to address the issues discussed in this bulletin: For Qubes 4.0, in dom0: - xscreensaver 5.45-5 For Qubes 4.1, in dom0: - xscreensaver 5.45-5 ... What could be wrong? Regards, Ulrich You probably already installed the update without knowing it. What is the output of `sudo dnf info xscreensaver-base` in dom0? -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a539f50-f313-f17c-d7c3-8b56c2fcb87c%40qubes-os.org. OpenPGP_signature Description: OpenPGP digital signature
Re: [qubes-users] Re: QSB-069: Multiple Xen and Intel issues
On 6/9/21 @ 23:07, Ulrich Windl wrote : On 6/9/21 3:06 AM, Andrew David Wong wrote: After updating today no kernel was offered; I still have: # rpm -qa kernel\* kernel-5.4.88-1.qubes.x86_64 kernel-5.4.98-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.98-1.fc25.qubes.x86_64 kernel-5.4.107-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.107-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.88-1.qubes.x86_64 Somehow I'm missing instructions to get that kernel... Hi Ulrich, please, re-read the QSB, you missed **security-testing repository** : > These packages will migrate from the security-testing repository to the > current (stable) repository over the next two weeks after being tested > by the community. [1] Once available, the packages are to be installed > via the Qubes Update Tool or its command-line equivalents. [2] The QSB provides the links to the documentation which explains how to update from security-testing, else wait ~2 weeks. The kernel update is only if you use `kernel latest` (i.e. 5.5 kernel), but you use a 5.4 kernel. The xen and intel-microcode update is for everyone. Same for your post about XScreenSaver : **security-testing repository**. I did all theses update on my Qubes-OS host, from now, no detected issue. Regards, Ludovic -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c50ec468-c6dc-6fe6-9512-7953c6085903%40zyrianes.net.
[qubes-users] Re: QSB-069: Multiple Xen and Intel issues
On 6/9/21 3:06 AM, Andrew David Wong wrote: ... User action required = Users must install the following specific packages in order to address the issues discussed in this bulletin: For Qubes 4.0, in dom0: - Xen packages, version 4.8.5-34 - Linux kernel packages, versions 5.12.9-1 (for users of the "latest" kernel flavor) - microcode_ctl package, version 2.1-33.qubes1 (for Intel CPU users) After updating today no kernel was offered; I still have: # rpm -qa kernel\* kernel-5.4.88-1.qubes.x86_64 kernel-5.4.98-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.98-1.fc25.qubes.x86_64 kernel-5.4.107-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.107-1.fc25.qubes.x86_64 kernel-qubes-vm-5.4.88-1.qubes.x86_64 Somehow I'm missing instructions to get that kernel... My repositories are: Package Arch Version Repository Size Upgrading: python3-qubesimgconverter x86_64 4.0.33-1.fc25 qubes-dom0-current 26 k python3-xen x86_64 2001:4.8.5-32.fc25 qubes-dom0-current 59 k qubes-libvchan-xenx86_64 4.0.9-1.fc25 qubes-dom0-current 19 k qubes-mgmt-salt-base-topd noarch 4.0.2-1.fc25 qubes-dom0-current 29 k qubes-release noarch 4.0-10 qubes-dom0-current 50 k qubes-release-notes noarch 4.0-10 qubes-dom0-current 7.7 k qubes-utils x86_64 4.0.33-1.fc25 qubes-dom0-current 23 k qubes-utils-libs x86_64 4.0.33-1.fc25 qubes-dom0-current 27 k xen x86_64 2001:4.8.5-32.fc25 qubes-dom0-current 23 k xen-hvm x86_64 2001:4.8.5-32.fc25 qubes-dom0-current 7.3 M xen-hypervisorx86_64 2001:4.8.5-32.fc25 qubes-dom0-current 6.2 M xen-libs x86_64 2001:4.8.5-32.fc25 qubes-dom0-current 515 k xen-licenses x86_64 2001:4.8.5-32.fc25 qubes-dom0-current 42 k xen-runtime x86_64 2001:4.8.5-32.fc25 qubes-dom0-current 6.4 M Regards, Ulrich -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4703ea5f-bf9a-5f5f-3edf-1bb2982dfb30%40rz.uni-regensburg.de.
Re: [EXT] [qubes-users] The safest way to search in files on an external hard drive
On 6/9/21 10:46 PM, Ulrich Windl wrote: On 5/31/21 4:55 PM, Michael Singer wrote: Dear Qubes community, I am looking for a really secure way to use Qubes for searching not only a hard drive for file names, but for text that is in files. The goal is to avoid an exploit in the searched files leading to a takeover of the hard drive by malware. If your app is working on the disk device and the app only has read access to it, it'll be quite unlikely that the disk device will be changed. Likewise if you mount the filesystem read-only, and the user running the app is unable to re-mount, it's also quite unlikely that the disk will be changed. You could even try to combine both methods (read-only mount a read-only block device). However not all filesystems work on a write-protected block device. A variant: mount it RO in AppVM1, then attach it to AppVM2 (which by no means can "remount -rw" it unless interVM-barriers are breached (and game is over anyways). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5400f1ce-88dd-354f-2420-4bf6a4b28020%40web.de.
[qubes-users] Re: QSB-068: Disconnecting a video output can cause XScreenSaver to crash
On 6/5/21 2:42 AM, Andrew David Wong wrote: ... User action required = Users must install the following specific packages in order to address the issues discussed in this bulletin: For Qubes 4.0, in dom0: - xscreensaver 5.45-5 For Qubes 4.1, in dom0: - xscreensaver 5.45-5 ... When updating today, there was no update selected; only these: Upgrading : xen-licenses-2001:4.8.5-32.fc25.x86_64 1/28 Upgrading : xen-libs-2001:4.8.5-32.fc25.x86_64 2/28 Upgrading : qubes-libvchan-xen-4.0.9-1.fc25.x86_64 3/28 Upgrading : qubes-utils-libs-4.0.33-1.fc25.x86_64 4/28 Upgrading : xen-hypervisor-2001:4.8.5-32.fc25.x86_64 5/28 Upgrading : xen-runtime-2001:4.8.5-32.fc25.x86_64 6/28 Upgrading : python3-qubesimgconverter-4.0.33-1.fc25.x86_64 7/28 Upgrading : qubes-utils-4.0.33-1.fc25.x86_64 8/28 Upgrading : xen-hvm-2001:4.8.5-32.fc25.x86_64 9/28 Upgrading : xen-2001:4.8.5-32.fc25.x86_64 10/28 Upgrading : python3-xen-2001:4.8.5-32.fc25.x86_64 11/28 Upgrading : qubes-release-notes-4.0-10.noarch 12/28 Upgrading : qubes-release-4.0-10.noarch 13/28 Upgrading : qubes-mgmt-salt-base-topd-4.0.2-1.fc25.noarch 14/28 What could be wrong? Regards, Ulrich -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e4b95de-76de-22bd-6bed-bae62278602b%40rz.uni-regensburg.de.
[qubes-users] Re: [HCL] ThinkPad T430
On 6/4/21 1:28 AM, Sven Semmler wrote: A dream has come true! * ThinkPad T430 * Coreboot/Heads with TOTP & HOTP (Nitrokey) * ME cleaned & disabled * Qubes OS R4.0.4 all debian-minimal, memory optimized Upgrades: * i7-3740QM * 16 GB RAM * 2 TB SSD * Intel Wireless 7260 * 1080p display Hmm...: How many $$$ (€)? I'll be using this machine for a long long time. :-) /Sven -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9323948d-62a4-a913-b244-fc1f092b3151%40rz.uni-regensburg.de.
Re: [EXT] [qubes-users] The safest way to search in files on an external hard drive
On 5/31/21 4:55 PM, Michael Singer wrote: Dear Qubes community, I am looking for a really secure way to use Qubes for searching not only a hard drive for file names, but for text that is in files. The goal is to avoid an exploit in the searched files leading to a takeover of the hard drive by malware. If your app is working on the disk device and the app only has read access to it, it'll be quite unlikely that the disk device will be changed. Likewise if you mount the filesystem read-only, and the user running the app is unable to re-mount, it's also quite unlikely that the disk will be changed. You could even try to combine both methods (read-only mount a read-only block device). However not all filesystems work on a write-protected block device. You could also try to find a hardware solution setting the drive read-only. The total size of all my files is too large for me to put them all in one qube before searching for text in them. Would it perhaps be possible to mount only a single partition of the hard drive into a qube, but not with write permissions, only read permissions? I would do the search on command line, using "grep" for plain text files, "pdfgrep" for PDFs, and something for table files, databases, etc. Is my idea feasible? And how secure would it be? Best regards Michael Singer -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2f3b92e-6e55-1f8e-52ea-a6d7b23a300e%40rz.uni-regensburg.de.
Re: [qubes-users] How to use qvm-open-in-vm?
On 5/31/21 5:12 AM, Sven Semmler wrote: On 5/30/21 12:37 AM, Adam Mercer wrote: this opens a dialog asking me to select a target domain check your /etc/qubes-rpc/policy/qubes.OpenURL If you want your example to work add this line before all others: $anyvm browser allow Curious: Does the line $anyvm $dispvm allow mean it'll be allowed for any disposable VM? The first is the source qube ... the one calling qvm-open-in-vm. The second is the target 'browser' in your example. The third is either 'deny', 'ask' or 'allow' /Sven -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12e9c980-f627-a497-8c74-6665003aaf35%40rz.uni-regensburg.de.
Re: [EXT] [qubes-users] MS Office 365 in Qubes
On 5/26/21 11:20 PM, William Oliver wrote: On Wed, 2021-05-26 at 15:53 +0200, Ulrich Windl wrote: Office 365 _without_ MS-Windows? Are you kidding? Maybe Microsoft provides it for other platforms, but _why_ would one use the Microsoft product? (I'm using OpenOffice/LibreOffice for years, and it's OK for me) I use LibreOffice or Calligra for almost everything except... PowerPoint presentations that I have to give to someone else. I frequently speak at meetings where I have to provide a PPTX file of my presentation weeks in advance, and I *have* to use whatever audiovisual setup they have (often dictated by the venue). I have found that presentations made in LibreOffice format incorrectly in PowerPoint for at least one slide over 80% of the time. It gets worse when there are videos and animations. OK, just let me add some more thoughts: I think both Microsoft Office and OpenOffice/Libre Office have some advantages _and_ deficits over the other. I had been using Word for Windows (with Windows 3.11) shortly after it came out. At that time OpenOffice was still named StarOffice. Around that time Microsoft wanted more than 500€ for a license, completely unaffordable for one who writes maybe 15 letters a year. One day I had spend almost the whole day updating a larger document (still less than 100 pages). Before saving I thought I'll do hyphenation and spell-checking as final touch-up. Eventually, when I wanted to save, there was a message like "there's not enough memory to complete the task". At that moment I was tempted to throw the whole computer out of the window... With StarOffice/OpenOffice/LibreOffice I never had such a bad experience (also using it for at least 20 years now). Also Microsoft often claims they'll protect your investment. Well, I have WinWord documents from 1993 that a current Word cannot read! So I would need one (or more) older versions to load and re-save those files. (Oh well, I also have files created with Ventura Publisher; the PostScript output at that time was considered to be too large to archive. If I had known what will happen, I would have saved those...) Maybe for contrast: I also have a demo CD with Adobe Acrobat 1.0 (I think from 1994). Those PDF files can still be loaded and displayed correctly. Normally, I create the presentation in LibreOffice and then take it to a place that runs Windows at work and fix the presentation there. I retired from my normal job recently, so I can't do that any more, even though I still do presentations. At the moment, my church is letting me use their computers for this, but I don't know that it will go on forever. I agree that Impress could be much more user-friendly. billo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ea52fc1-1698-40e8-07a2-4ba6cc655a1b%40rz.uni-regensburg.de.
Re: [qubes-users] notify-send
you someone remind me which qubes package contains the "notify-send" command? Thank you Not Qubes package - libnotify alright, thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa48c710-aad9-dc94-e9f0-5ebc431663af%40web.de.
Re: [qubes-users] notify-send
On Wed, Jun 09, 2021 at 05:07:58PM +0200, haaber wrote: > Hello, > > you someone remind me which qubes package contains the "notify-send" > command? Thank you > Not Qubes package - libnotify -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210609154126.GB4661%40thirdeyesecurity.org.
[qubes-users] notify-send
Hello, you someone remind me which qubes package contains the "notify-send" command? Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/331ba714-f918-4e33-4a33-a12404740776%40web.de.