Re: [qubes-users] Re: disable seamless mode Windows 7

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-30 22:38, Andrew David Wong wrote:
> On 2016-06-30 18:12, raahe...@gmail.com wrote:
>> you run a windows template?  I've only run win 7 in hvm.
> 
> 
> There's actually a newish category of VMs in Qubes called HVM 
> Templates, and that's what Windows templates are. So, they're
> still HVMs. But instead of being standalone, they're templates. :)
> 

Take a look at the documentation here, if you're interested:

https://www.qubes-os.org/doc/windows-appvms/#tocAnchor-1-1-5

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdgJOAAoJENtN07w5UDAwau8P/1JM0hTyiuZ35wEH+bAnbDMZ
zwGgIi4oDY6T1zCyijKkLbH5emfmL7uis2ZTGfyLUt6LeVCEezD3wmujQtZ/lUDM
EdFmoKK8HW8sRgD/zg6XLrpwryeqOxrHg6reCbkmF5HGpwsi1PskhrDcsYpIoPsP
P7Stv/800ASpV+DUSslHV8JrIuuLpstezamgYBegaJKH39LFvGVJWyBNOcur7YEd
WuFzo1ThjVwKNMfxNVf0osre/xFk/4klQoqFSGorgr19sJ+F8k2hMAAVYJ037n1V
EcyjuMsybspMboollMW5cW5D/F+whz6C8QHJvxb65DzGr7UlpZi5sfLF+7Ba+H9+
IszlBq4XReMts8+RV3VKmHCPYyXJrpMeTdkio+28Qo4OTg/v38qhzZjNrOK1isme
HQyzszORUSpuJyI1dXSm4BoXs3dodDTxubBv6/KGctt+9k4T1NKjsIW+tan8ATOe
yTAygdy2BfjDp0RRU1QMvItqQlOh/TXL+SuPnqXHLIgmm+Zt8jVp9HCws7hCCEhX
AuM1hHHEd4sQQpogtHAvZPqV9pTo6yLRNT4KEbDKR6jXjFVCfB0EuB0/4dzef2FO
awBJ9EyjOGukQn8ADeoR+eY1tVfVl4S0eKOeEgm9JvSPTYWG96id568pPnPQV/dq
2TDm9LR9W7iXFkJ9Qu+d
=iJeB
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83e87ca9-b2a1-18c2-e024-50686ef81e27%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Split GPG and ssh keys

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-06-30 01:10, Eva Star wrote:
> I do not know what is under the hood at split gpg, but seems it's 
> simple gpg-agent. If it so, that seems it's very easy to add 
> support for ssh keys. All what is need is already developed: 
> http://superuser.com/questions/360507/are-gpg-and-ssh-keys- 
> interchangable
> 
> Need only do add this to SplitGPG :)
> 

But the answers to that question indicate that GPG and SSH keys are
*not* easily interchangeable. Am I missing something?


P.S. - Please avoid top posting.

> 
>> No, Split GPG does not support SSH keys. However, we have a 
>> ticket to track a "Split SSH" feature:
>> 
>> https://github.com/QubesOS/qubes-issues/issues/1962
>> 
>> We're hoping a developer from the community will pursue this.
>> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXdfXvAAoJENtN07w5UDAw2RkQAJUo/N6cpB/DQ2inLo39zI1b
ahxR4+Nt9Vo/KFzw+bdnGfDB0Fj4Rjn5pelBlSH08giH9twYnj6ptPi3WfF8vXut
5t+X4mdml5Z43ymNAUmfmCGn8JfZyKnBpk3iKHGK4SdVl5LBO4ft0Ct2YcoD9hPT
ZHHUi2lGg2UP7qe1rwR+c5ZixYs7YS15JooCB6cGHlq19w67Ibc/5tQGLE6x9vIY
xrFgZrRbi5x5Gwy+h7CnmQw++OwknjOE3ofSnNuWyC1PyIWcWeV2y05Qr757O1cm
H8VnAo29lKKhLc9qmI6BsVSDyX1fXvirQiqHYy5Az4/L0HQVR4NJYiZUfIbIRI0i
XiTwE2ORnjO8icWzhBF1ZRiIsckApO9Ula771AZlxqcd0cFOnqFiFBON86kDbBq1
K4cekzfRK2fqT3amEX+IqeYqG6w8Vgxj35q5U19RmyHU75o6tgqSucOf8lg/fKG2
/OcjCYYtWnHz16tkRn9HKE90rVOPik3IWx3UmmRGkFRp+oaBPpCvgQUzz1YyFOFY
6Pu8QYmT9Ni7vguK7kFpKhOh71R+3NAQ8RMDZTS6CJ626cRclJuwIFptStpCPOPf
6Fz50WLB3ljOFN083KI4iPx8JB/9SvKV+WpHjiclEFy6BPje6GPGVCz40sllwpS0
jd2nqxaaS0TlRYvDd8sI
=77J9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ec7fb9f-10a7-2fc1-2c39-790e196b2106%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: disable seamless mode Windows 7

[Drew White]

On Friday, 1 July 2016 11:55:47 UTC+10, raah...@gmail.com wrote:
>
> didn't even know you could do that with win 7.


Once you install the tools, it's got the user directory on the private.img 
drive.
So you have the base system, and then the portable apps on each private.img.

If you don't move the profiles, then that's fine too, but it will be a 
little more difficult with a few issues arising. 

This is why I recommended a sandboxing thing added into the tools, for 
installing of new applications to be sandboxed installations into the 
private.img.
Thus no drive C files are changed, everything remains on private.img so it 
isn't lost on shutdown/reboot.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b160facc-dc0a-43cc-acfa-c3ad91231361%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [3.2rc1] Bug: Windows disappear, VMs go from green to yellow

[Chris Laprise]

On 06/30/2016 09:56 PM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 30, 2016 at 09:35:59PM -0400, Chris Laprise wrote:

The gui daemon connection for debian 8 VMs is disappearing in two different
scenarios:

1. When starting the VM, the status goes from yellow to green then back to
yellow within about 3 seconds.

2. When exiting the vlc player, all windows for that vm will disappear.

I can recover from this state by using qvm-run or QM to run something in the
vm. Then the gui connection is restored and the vm's windows reappear.

This guid.log error is found after the state changes to yellow:

invalid PMaxSize for 0x54001ce (0/0)
invalid PResizeInc for 0x54001ce (0/0)
invalid PBaseSize for 0x54001ce (0/0)
ErrorHandler: BadWindow (invalid Window parameter)
  Major opcode: 4 (X_DestroyWindow)
  ResourceID:   0x54001cf
  Failed serial number:  105463
  Current serial number: 105465


I can always reproduce the error with vlc. When starting vms, the error
occurs about 40% of the time.

Already fixed in testing repo.
https://github.com/QubesOS/qubes-issues/issues/2085



Thank you :))

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f4ac4744-c86f-78ed-c6e1-01c27662bbb0%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking

[Drew White]

On Friday, 1 July 2016 12:03:24 UTC+10, Chris Laprise wrote:
>
> HVM drivers do have throughput issues... 
> https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/ 
>

Do you have anything that is remotely current? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7946652b-5f07-44a9-97ac-498ebee8283f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking

[Chris Laprise]

On 06/30/2016 09:50 PM, Drew White wrote:

On Friday, 1 July 2016 11:42:05 UTC+10, Chris Laprise wrote:

That's just a description of the emulated adapter.


No, it's the physical speed of throughput of data actually.
I'm not talking about a descriptor, I'm talking about the actual speed.


HVM drivers do have throughput issues... 
https://discussions.citrix.com/topic/266073-virtual-nic-type-in-hvm-vms/


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dcdc6701-26c1-2393-1e25-138eaa4fe502%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: disable seamless mode Windows 7

[raahelps]

On Thursday, June 30, 2016 at 9:27:15 PM UTC-4, Drew White wrote:
> On Friday, 1 July 2016 11:12:23 UTC+10, raah...@gmail.com  wrote:you run a 
> windows template?  I've only run win 7 in hvm.
> 
> if you read what I said...
> 
>  "I have 4 virtuals that run off the 1 Windows template, and all work fine."
> 
> That means I have 4 virtuals, and they alll run using the one parent 
> template, just like using Fedora or Debian AppVM that is NOT standalone.

didn't even know you could do that with win 7.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a595bd09-2d2e-4838-a1db-461c92a64e99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking

[Chris Laprise]

On 06/30/2016 09:37 PM, Drew White wrote:

Hi folks,

Just wondering why my Win7 has only 100 Mbit networking instead of 
Gigabit?


Is there any way to make it gigabit in the vm?
When I only have 1 or 2 VMs running, to use only 100 Mbit out of a 
1000 Mbit NIC is just wasteful.


Please help.

Thanks in advance.
--


That's just a description of the emulated adapter.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed53eee5-8b01-da95-33b5-b71165b7eaa0%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [3.2rc1] Bug: Windows disappear, VMs go from green to yellow

[Chris Laprise]

The gui daemon connection for debian 8 VMs is disappearing in two 
different scenarios:


1. When starting the VM, the status goes from yellow to green then back 
to yellow within about 3 seconds.


2. When exiting the vlc player, all windows for that vm will disappear.

I can recover from this state by using qvm-run or QM to run something in 
the vm. Then the gui connection is restored and the vm's windows reappear.


This guid.log error is found after the state changes to yellow:

invalid PMaxSize for 0x54001ce (0/0)
invalid PResizeInc for 0x54001ce (0/0)
invalid PBaseSize for 0x54001ce (0/0)
ErrorHandler: BadWindow (invalid Window parameter)
 Major opcode: 4 (X_DestroyWindow)
 ResourceID:   0x54001cf
 Failed serial number:  105463
 Current serial number: 105465


I can always reproduce the error with vlc. When starting vms, the error 
occurs about 40% of the time.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d82c223b-bcd7-b1a7-adcb-8448377f089f%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] p70 rebrand $2k+ cheeper

[bobby . the . jellyfish123]

for those holding out for a p70 the ws72 is well worth a long look 

https://www.msi.com/Workstation/WS72-6QJ.html

i think its the same laptop ecept max 32gb ram, has tpm vt-x, vt-d (hard to 
find but aparently yes), im not sure what to google for further to find out for 
qubes comatability


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9217d13-8be3-48f3-9cc8-289557b10cb5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question about Xen sandbox escape from Oct 2015

[raahelps]

On Thursday, June 30, 2016 at 5:48:17 PM UTC-4, danmich...@gmail.com wrote:
> Wow... so the ISO doesn't get patched...? Wow...
> 
> Surely there should be a BIG warning on the Qubes downloads page... saying, 
> WARNING! Xen in QUBES 3.0 allows full sandbox escape..! Update your software 
> IMMEDIATELY after downloading, before doing anything else...!!
> 
> It really surprises me that there isn't such a big warning, given the 
> severity of this Xen bug... Wow...

I think people concerned about their security know to update before doing 
anything else.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78f0edee-4d90-4f43-a897-c0ca1a1d37ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Linux-libre in dom0

[raahelps]

On Thursday, June 30, 2016 at 8:49:16 PM UTC-4, Duncan Guthrie wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 01/07/16 00:03, Marek Marczykowski-Górecki wrote:
> > On Thu, Jun 30, 2016 at 10:57:42PM +0100, Duncan Guthrie wrote:
> >> Dear Qubes Users, I have been using Qubes OS for a couple of days
> >> now. I own a Lenovo Thinkpad X200 and everything works fine,
> >> including WiFi. However, I am concerned about this, because my
> >> X200 has an Intel WiFi chipset, which I know uses proprietary
> >> firmware. I am concerned about this because the firmware could be
> >> malicious, so I think this is quite bad from a security
> >> perspective. The more proprietary software, the worse security
> >> you have, as has been shown many times. Since the hardware is
> >> secret, it is possible that the WiFi chipset could be used to do
> >> malicious actions without any way to tell. I am especially 
> >> concerned about the firmware being in dom0, which has access to
> >> the hardware.
> > 
> > WiFi card is assigned to NetVM and have no access to dom0. So even
> > if its firmware is malicious, it shouldn't be a big problem. It may
> > at most mess with your network traffic - which should be encrypted
> > anyway for anything sensitive.
> > 
> > In practice the only firmware still needed in dom0, is the one for
> > GPU (if applicable).
> > 
> I think this is a good idea in general, whether the firmware is free
> software or proprietary software. However, there are certain wireless
> chipsets (made by Atheros corporation) which work without a
> proprietary firmware blob for WiFi, but don't for Bluetooth, so even
> if they largely work without the proprietary program, the operating
> system still loads some proprietary program not needed (most people
> don't use Bluetooth at any rate). I own such a chipset on my desktop
> computer; Debian works without any proprietary software at all, while
> Tails loads firmware for the Bluetooth. What is the answer to this, do
> you make exceptions for firmware only for wireless cards and GPUs? Or
> do you just allow them all through.
> 
> Another thing I have read is that Linux-libre's deblob scripts don't
> just get rid of firmware that is proprietary, it removes all binary
> files disguised as source files (e.g. some binary file named
> "something.h") and "obfuscated" driver sources (I believe that the 2D
> nv driver has been accused of this). Would you consider at least
> adapting the deblob scripts from Linux-libre to work for your kernel
> to only allow select firmware through, for the most common computers?
> Another option, like Debian (and, if I recall, Ubuntu to some extent,
> although I have never installed Ubuntu), which I think would be even
> better is to have a completely free kernel by default, then a separate
> repository for firmware, which can be enabled in the installation
> process. It would probably be considerably simpler than adapting the
> deblob scripts to be quite selective, too. It wouldn't make Qubes
> compliant with the Free Software Foundation's "Free Software
> Distribution Guidelines", but I think that from a security perspective
> it is better than including the proprietary 'blobs' by default, and is
> a balance between usability of obscure hardware and security of dom0
> (it never hurts). What do you think of this proposal?
> 
> - 
> Thanks for your reply, it was really helpful for allowing me to
> understand more about your security policies.
> 
> D.
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJXdb3qAAoJEPs8tiiQ8FTAf4wQALdWB123VGv9OdisLfI2OQda
> 6r6IyVWPny+shAuoxfiui+0HmkHZB8CMaAleLGmyOo+iWT8jBiTbqV8qMTfWO9kL
> My1TUuvEB12s7RGecqKxRlz5ij1cmnpbCg2yXM1qfEpFLYtw9d9agw4fEiSOCokY
> aF7nuPeLXZjp91mSaTRRV/U4JXd09XFU1/dULNUv+0Pmr7uT+8ZhlLdGHaRoN2SV
> +AmgVQdtnRoIsJWRrEeT9CG6KS5Z7+JmGNcOfVIW9CSa2WFG+JFbiJEyfo26IciP
> ofAMzqapBWZwzlxJ6pNriGgacYeyHKMJwBK34RCebuyrpreLU5QutxZ3avO9yoHh
> JUqNdffcwlL43noZ89i9SIV+wYcB9Nj9PvUjPzCuxXMfFHkaNJ4cI17N/mLZzKXc
> 0SCKn5DAFjOz2wBQ/M4KTYoBfPbj0HWkBlbNdHNYzIutfMWG5NbMkIbph46tjWkF
> yThTSZZoCLChhZ0OAnEc7vNLCcwCVArXo6P0L+FDdAMDTVLxk8CaFOuhIWFQXnG1
> Q20K3sTlTh2pPjf2bvEXNlFOBQ2H7tHV4YVyyoqsEsFyr3aq4KiEUcffhWma6Y8H
> 5XT405xg80/17L2sHYJciE+k6U9C1tpJe2BYYnOWrId3E72gL+AGpnB3h9J/6s/g
> tvxD9xDk5VSpnb13dnJb
> =WZ6b
> -END PGP SIGNATURE-

I think what Marek is saying is that from a security standpoint it doesn't 
really matter because the netcard is isolated even at the hardware level with 
iommu supported system.   And if it messes with your network traffic you should 
be using encryption,  https or tor etc..

I think the reason they are not adopting such kernel is cause qubes is trying 
to get more users and hardware compatibility is the biggest hurdle and turn off 
to people.  Its still new type of os and people are hesitant.   Also most 
people use laptops and wouldn't be as willing to buy an external usb network 
card for qubes.Which might also be troublesome in 

Re: [qubes-users] Linux-libre in dom0

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 30, 2016 at 10:57:42PM +0100, Duncan Guthrie wrote:
> Dear Qubes Users,
> I have been using Qubes OS for a couple of days now. I own a Lenovo
> Thinkpad X200 and everything works fine, including WiFi.
> However, I am concerned about this, because my X200 has an Intel WiFi
> chipset, which I know uses proprietary firmware. I am concerned about
> this because the firmware could be malicious, so I think this is quite
> bad from a security perspective. The more proprietary software, the
> worse security you have, as has been shown many times. Since the
> hardware is secret, it is possible that the WiFi chipset could be used
> to do malicious actions without any way to tell. I am especially
> concerned about the firmware being in dom0, which has access to the
> hardware.

WiFi card is assigned to NetVM and have no access to dom0. So even if
its firmware is malicious, it shouldn't be a big problem. It may at most
mess with your network traffic - which should be encrypted anyway for
anything sensitive.

In practice the only firmware still needed in dom0, is the one for GPU
(if applicable).

> For many months I used Trisquel GNU/Linux, which 'deblobs' the kernel
> with the scripts from the Linux-libre project, endorsed by the Free
> Software Foundation. WiFi does not work but I have an external dongle
> and at any rate ethernet is often faster. Other than that, everything
> else works flawlessly.
> Therefore my question is, for a security-orientated OS, what is the
> position on the proprietary firmware software?
> At the very least, I would like to install Linux-libre in Qubes dom0.
> The Free Software Foundation of Latin America (FSFLA) offer the
> freed-ora repositories for Fedora, which removes proprietary firmware
> packages and installs the upstream kernel (as far as I can tell; I used
> it in normal Fedora and it works fine) and free firmware programs.
> As a more permanent workaround, will Qubes offer Linux-libre by default?
> I think it is best not to include the firmwares at all but maybe that
> will be for further in the future.

Generally your are right. But in practice it would mean even more
constrained hardware requirements for running Qubes OS. So, until we
implement GUI domain (which will remove the last firmware-needing
devices from dom0), moving to proprietary firmware-free linux distro in
dom0 isn't an option.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdaVZAAoJENuP0xzK19cs8sYH/i0iSLXPCVWWu9pVOmh/CMwe
YT60yKKQ6mBEl1ENT+5iP52XTgHlSYJd4ocAnMpYnT4+n1bNS+lhM0upg6chgc8M
QWsVHC3E/V41banBIwn0JBUriKLT6LgnYqCXaAT8LNF+bPWlk7lsRkOxpH3UzQWH
ofY8HoWv6MDoNfvEjrge9j0d5nKxRwkF7g0EpHu46czAg72M1jTDMU1jdrtztJGo
cxplHCn9ZunO6I5jgArsdWvsQA0/1ilzZRkIyjXODvSmRhTv1GjcQVnXmZLt11a9
knCI6PXU5WVYcIRtVruHchrr7Z0/DovgcpHZK4FG7yzX8jAThw/8U6wo8vxqo6o=
=3jtI
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160630230351.GN1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Linux-libre in dom0

[Duncan Guthrie]

Dear Qubes Users,
I have been using Qubes OS for a couple of days now. I own a Lenovo
Thinkpad X200 and everything works fine, including WiFi.
However, I am concerned about this, because my X200 has an Intel WiFi
chipset, which I know uses proprietary firmware. I am concerned about
this because the firmware could be malicious, so I think this is quite
bad from a security perspective. The more proprietary software, the
worse security you have, as has been shown many times. Since the
hardware is secret, it is possible that the WiFi chipset could be used
to do malicious actions without any way to tell. I am especially
concerned about the firmware being in dom0, which has access to the
hardware.
For many months I used Trisquel GNU/Linux, which 'deblobs' the kernel
with the scripts from the Linux-libre project, endorsed by the Free
Software Foundation. WiFi does not work but I have an external dongle
and at any rate ethernet is often faster. Other than that, everything
else works flawlessly.
Therefore my question is, for a security-orientated OS, what is the
position on the proprietary firmware software?
At the very least, I would like to install Linux-libre in Qubes dom0.
The Free Software Foundation of Latin America (FSFLA) offer the
freed-ora repositories for Fedora, which removes proprietary firmware
packages and installs the upstream kernel (as far as I can tell; I used
it in normal Fedora and it works fine) and free firmware programs.
As a more permanent workaround, will Qubes offer Linux-libre by default?
I think it is best not to include the firmwares at all but maybe that
will be for further in the future.

Thanks,
D.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8496515-e58f-4219-b42e-b4ef9ea4e43a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Suggestion: Allow modification of Firewall Rules of several Vms at once

[grzegorz . chodzicki]

Preamble
Qubes OS offers an option to restrict network traffic within a VM to a specific 
address/domain/website which is a very useful feature as it allows the user to 
control networking within VMs.


Issue
However if the user wants to be 100% sure only the dedicated VM can access a 
specific web resource, they need not only to allow the dedicated VM access to a 
said resource, they also need to deny access to said resource for every other 
VM they use. As the number of VMs grow larger this task will get more and more 
mundane.

Suggestion
Allow users to apply firewall rules to several VMs at once. This mechanism 
could be implemented either in Qubes Manager GUI or as a separate GUI 
application.

Sample options

Make exclusive - allowing access to a specific resource automatically denies 
access to said resource for all other VMs except for the system VMs

Apply to all - allowing access to a specific resource grants all other VMs 
access to said resource

Apply to selected - additional checkbox would appear in QM allowing the user to 
select VMs to which the rule would apply

Apply to all from the same TemplateVM - self-explanatory

I believe such a feature would greatly improve the efficiency as well as 
minimize the risk of user error.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82e6a0cd-598a-40b2-9120-134dc680564d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Q wipe files

[109384'109438'0194328'0914328'098]

Hello,

Q security policy don't protect against app-exploits, but give the tools to 
protect your data.

Protect data, but not apps!

It's very clever!

If, I move a file from VM1_green to VM2_green, the the filemanger and the 
move-to-VM command.

https://www.qubes-os.org/doc/copying-files/

Than later VM1 gets compromised in some way.
So I must be sure that the old file(copy) was wiped.

How Qubes wipes files, so that the secure copy and paste security mechanism 
will work, if the security-sensitive user will take this manual action, to 
protect his/her data?

I assume, if I delete a file, it will work in the same safe way...

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34fe1ac8-17a6-41c8-bcca-d8719d0c808b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Manager issues

[Drew White]

>
> I have the problem that the Manager "vanishes" when I switch sessions 
> (i.e. from KDE to i3) and I cannot start it or recently I tried to close 
> and reopen it and it wouldn't reopen.
>
> A ps aux in dom0 showed that the process was still running, so killing it 
> let me restart the Manager.
>
>
>
Yes, I know you said that the "ps aux" said it was running, I'm just asking 
in the way I asked to find out if it was doable in your position when it is 
actually running but changing WM to see if it can be brought to the current 
screen or not, and thus used because it's running.

Because mine, when I kill it, I then can't start it unless I run it from 
command line.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/266caef9-e9ab-4db8-aade-f17b80869497%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Manager issues

[Drew White]

On Thursday, 30 June 2016 20:57:22 UTC+10, Chris Laprise wrote:
>
> About how long had it been running when you saw it at 597 MB? 
>

Hi chris,

Well, not very long at all.
Maybe 48 hours.

Normally I don't turn my machine off ever, and I never normally have to 
reboot
it unless I'm making a huge change, that's the power of linux.

I know I'll have my manager finished shortly, since I saw what was happening
and was told about the memory leak, I figured I'd make a replacement 
tonight,
just a temporary one until the current manager is fixed.
At the moment, my temporary one does only 70% of the things. But sits at
 7 MB RAM and 21 MB shared RAM. and I've had it running on the laptop here,
normally after running a backup OR restore of a guest, the qubes-manager
is at 59 MB RAM and 29+ Shared RAM. So there is definitely a leak somewhere
in the coding, and I believe it's in the scripting.

There are still all the image errors too. every time a form loads or 
displays
or the image is loaded or displayed, it has the error.

In Fedora I'm getting Gs-WARNING **: ... errors, so I need to go investigate
that now. Guess I won't have the temporary replacement finished tonight 
after
all.. What a shame...

Anywho... Niels,

You switch sessions, do you stop the manager and exit it before you switch?
Or do you log out and then back in to a different WM?

When you are in i3 WM can you do CTRL+ESC / System Activity, and see if 
it's running?
If it is, right click and "Show Application Window". See if it appears.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2bd54a34-8df2-49f2-9277-dfa83ce185a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Swiching Japanese input

[yoo inn]

Thank you very much.

Now I can type Japanese^^
i appreciate.


2016年6月30日木曜日 17時36分06秒 UTC+9 yoo inn:
>
> hello. 
>
> I have question about using Japanese input.
> I'm beginner and my English is poor. I'm sorry about this.
> Could somebody help me out please.
>
> I'm Japanese I would like to use Japanese input such as
> personal , work, and when I'm connecting tor network. I mean everywhere.
>
> I installed "ibus" which is Japanese input at fedora 23 template and 
> devian8 template.
> I read YouTube tutorial so I understand. to install "personal" or "work" 
> that next time it gone.
> so I installed fedora 23 template and devian8 template.
> after that I start "personal" and "work". but I couldn't switch Japanese 
> input.
>
> I can Japanese input and switch English to Japanese in fedora23 terminal 
> window.
>
> Will you please teach me how to manage this.
> Thank you.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab0e474d-bda2-4bff-8148-75eac118f5c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Manager issues

[niels]

> 
> On June 30, 2016 at 6:50 AM Andrew David Wong  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-06-29 19:12, Drew White wrote:
> 
> > > 
> > Hi folks,
> > 
> > I've just had Qubes Manager go haywire on me. Freezes up because
> > it's using 597 MB RAM with 38 MB shared. That's just rhediculous.
> > 
> > I had to kill the process to get out of it. And as usual, it won't
> > start again and I have to reboot the system.
> > 
> > I don't see how it could be nearly 600 MB RAM just for one
> > application like that.
> > 
> > Just thought I should let you know the issue. If it used less RAM,
> > then Dom0 would not require more than 1 GB RAM. But one would give
> > it 2GB just to be on the safe side.
> > 
> > If anyone else is having this issue, or knows how to resolve this
> > bug, please let me know. I've complained about Qubes Manager not
> > starting before, but got no resolution then, so now I'm putting it
> > here where it's the issue, not something else that caused it,
> > because it's not something else that caused it to be almost 600 MB
> > in RAM.
> > 
> > > 
> Qubes Manager leaks memory, which is a known issue:
> 
> https://github.com/QubesOS/qubes-issues/issues/860
> 
> The current workaround is to restart it occasionally.
> 
> Now, if you cannot restart Qubes Manager, then that workaround
> obviously will not work for you. However, in order to create an issue
> for Qubes Manager not restarting, we need more information.
> 

I have the problem that the Manager "vanishes" when I switch sessions (i.e. 
from KDE to i3) and I cannot start it or recently I tried to close and reopen 
it and it wouldn't reopen.

A ps aux in dom0 showed that the process was still running, so killing it let 
me restart the Manager.


Niels

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/891482407.6680.1467285327416%40office.mailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: BUG. Qubes Windows Tool Win7 under XFCE and Seamless mode window freeze

[Eva Star]

It's Windows7 that installeted as TemplateHVM -> HWM that share template.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85a62895-2fb0-4226-b0c4-088904bdf4c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Manager issues

[Chris Laprise]

On 06/29/2016 10:12 PM, Drew White wrote:

Hi folks,

I've just had Qubes Manager go haywire on me.
Freezes  up because it's using 597 MB RAM with 38 MB shared.
That's just rhediculous.

I had to kill the process to get out of it.
And as usual, it won't start again and I have to reboot the system.

I don't see how it could be nearly 600 MB RAM just for one application 
like that.


Just thought I should let you know the issue.
If it used less RAM, then Dom0 would not require more than 1 GB RAM.
But one would give it 2GB just to be on the safe side.

If anyone else is having this issue, or knows how to resolve this bug, 
please let me know.
I've complained about Qubes Manager not starting before, but got no 
resolution then, so
now I'm putting it here where it's the issue, not something else that 
caused it, because it's

not something else that caused it to be almost 600 MB in RAM.
--


Drew,

About how long had it been running when you saw it at 597 MB?

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5f19b28-7218-00a5-da08-6b262fe9d1d4%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: BUG. Qubes Windows Tool Win7 under XFCE and Seamless mode window freeze

[Drew White]

On Thursday, 30 June 2016 18:48:12 UTC+10, Eva Star wrote:
>
> Mouse "back" button 100% freeze open window of Window Explorer (file 
> explorer). Does not tested on other apps.
>

Does it work in Qubes 2 and NOT freeze?
What about 3.0 and 3.1?

Just asking, because I noticed issues in certain versions with certain 
things.
things that I know are bugs with the mouse and actions.
there are so many, it's easier if you just let me know those details and I 
can reply with resolution if there is one that I already found.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee23b719-cb7c-4fc9-a9c0-622bbcee5d31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Swiching Japanese input

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Jun 30, 2016 at 01:36:06AM -0700, yoo inn wrote:
> hello. 
> 
> I have question about using Japanese input.
> I'm beginner and my English is poor. I'm sorry about this.
> Could somebody help me out please.
> 
> I'm Japanese I would like to use Japanese input such as
> personal , work, and when I'm connecting tor network. I mean everywhere.
> 
> I installed "ibus" which is Japanese input at fedora 23 template and 
> devian8 template.
> I read YouTube tutorial so I understand. to install "personal" or "work" 
> that next time it gone.
> so I installed fedora 23 template and devian8 template.
> after that I start "personal" and "work". but I couldn't switch Japanese 
> input.
> 
> I can Japanese input and switch English to Japanese in fedora23 terminal 
> window.

Take a look here:
https://www.qubes-os.org/doc/language-localization/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdOT9AAoJENuP0xzK19cspeQH/3JyiaiV53bClsIwWn5J57e9
9NaOx22IDniqRGpkspXjiqljrm+AsXfCeu2JtdtCu+y/ONTFRweLlsiaVvBW02sO
2/tSlMHBnyTylXPezEe5zm6HZJ9wO5auY4v8TYoLBKlyBki+t76TVbs0QODIYkVf
QIeqzBSjdlNKv9PV1SG7tTNOihY9VScxyqjgfyXNGSwIcwojEQqMDRy4741QVArg
UIrO/3McJx1Dgf42Eicax6FScIy5D60oAwucU4aVHapFdYM6GHYD9LylaQ4CYrwM
ep4kypQ0XRk+VqMAbt3vl7wEh7KIDruhJo/FwUAD4tPESPHYgOf4z77zwJxKf6I=
=YH44
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160630092309.GH1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Question about Xen sandbox escape from Oct 2015

[Marek Marczykowski-Górecki]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Jun 29, 2016 at 10:29:31PM -0700, danmichaels8...@gmail.com wrote:
> OK 
> 
> Version: 4.4.3
> Release: 11.fc20
> 
> So I am OK.
> 
> Does QUBES 3.0 come with the patched version though... Have the devs updated 
> the ISO so that it comes patched..? 

No, the ISO stays as is from the time of the release. It is always a
good idea to install updates just after installation.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJXdOKqAAoJENuP0xzK19csKxsH/1m9I5wfs3AcpynrzY7Mlez0
XtOw833+wqeYnXIDOq0B/7cwlyq6CpLYTGmfSq5xF1H+p5PctwuKL7tlBY/Bskga
Zt98EuWF58+TnWJg6POJZQBQ/SlnWf98xB4PPz9XQ9tGvom7SFxlO5jKJkDQwzgT
Cn/ipnl0yv9u39/CCZKmzCAq4wlNnebbX3tDMoL4ZorKmkUUKIWFtFBuTqwjhGl/
FXE6U+jOxj7QpFXIePlMo6TuRaWaadbSTJt1r2MXZsRkm0GcqARWUygRay0YIJWf
nMIFBhXRh2T4InPUZr9dg4q74xlzeHVQ2U/3BRJPz+APW++5PuNkg2WOEHWlsQw=
=heue
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20160630091314.GF1323%40mail-itl.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: BUG. Qubes Windows Tool Win7 under XFCE and Seamless mode window freeze

[Eva Star]

Mouse "back" button 100% freeze open window of Window Explorer (file 
explorer). Does not tested on other apps.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07e03d1e-373a-4a42-bc54-4c3408913603%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Swiching Japanese input

[yoo inn]

hello. 

I have question about using Japanese input.
I'm beginner and my English is poor. I'm sorry about this.
Could somebody help me out please.

I'm Japanese I would like to use Japanese input such as
personal , work, and when I'm connecting tor network. I mean everywhere.

I installed "ibus" which is Japanese input at fedora 23 template and 
devian8 template.
I read YouTube tutorial so I understand. to install "personal" or "work" 
that next time it gone.
so I installed fedora 23 template and devian8 template.
after that I start "personal" and "work". but I couldn't switch Japanese 
input.

I can Japanese input and switch English to Japanese in fedora23 terminal 
window.

Will you please teach me how to manage this.
Thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0030a6b-9153-4e3b-af06-014bd27ba01f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2 DVD fails.

[Alex]

On 06/30/2016 02:29 AM, Drew White wrote:
> Recently I downloaded the 3.2 DVD again as I thought it was a bad 
> download in the first place, but it seems that it isn't.
> 
> On boot, it fails to Switch Root. there is no
> /run/initramfs/rdsosreport.txt to show/upload
> 
> It says "Exit the shell to continue."
> 
> So I "exit", it says "logout", and nothing more happens.
Since I used the 3.2-rc1 iso to successfully install the RC, could you
please provide more details? I remember you used to actually burn a DVD
out of the ISO; are you having problems with that? Could you try with an
USB drive (I had success with that)?

When in the boot process does it fail? Does the install/test media
(grub) menu appear? Is is the EFI one (white text on black screen) or
the BIOS one (blue background)? Which installation option did you choose?

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b393cd13-c0bd-09e2-97e1-38f7c6cd9c3d%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Qubes Manager issues

[Drew White]

Another issue I can see...

When I started the backup, it replicated itself to use ANOTHER X amount of 
RAM, and then add on the backup processing...

This is really confusing from a programming perspective.

I can understand the fork, but to fork like that is just... not good...
If I had it running at 200 MB RAM, and tried backing up, and it consumed
another 200 MB RAM

It puts the parent process to sleep even, and just replicates..
I can understand it in regards to the backup, to consume more RAM and then 
when it's done it destroys itself and frees up that RAM, but when it's only 
using an extra 1 MB of RAM, and an extra 20 MB shared RAM from the parent 
process, it isn't really needed.

The backup just finished, the Backup VM window is still open, the child 
process has become the parent. And is now using more RAM that it was before 
it started, and the Shared RAM is also higher, because the child became the 
only remaining entity, since it has killed off the old parent.

Thus, I think the way it is is back to front.

The child should die after notifying the parent of completion, not the 
other way around.

So currently BEFORE the backup, it was using (approximately) 79 Mb, but 
AFTER the backup, it's using (approximately) 84 Mb. Because the child 
process became the parent.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dad38071-3f82-4234-81f4-24ff8069a61d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.