[qubes-users] Re: Is AIDE included in the installation iso?

2016-11-06 Thread raahelps
On Sunday, November 6, 2016 at 11:07:43 PM UTC-5, raah...@gmail.com wrote:
> On Sunday, November 6, 2016 at 9:27:04 PM UTC-5, David Renz wrote:
> > Hello everyone, 
> > 
> > currently I don't have QubesOS installed unfortunately, so I can't check 
> > this by myself, and it might take some time until I'll be able to install 
> > it, therefore I'm asking about this on the list:
> > 
> > I think that AIDE is the most sophisticated tool for checking file system 
> > integrity (and I believe that this approach might be one of the best in 
> > order to see whether a system got compromised or not), but obviously it 
> > could render this approach useless, if one would first habe to go online 
> > after having installed QubesOS and then AIDE from a Repo, which might be 
> > compromised. Therefore my question: Is AIDE included in the Fedora 
> > installation iso, so that those security issues couls be circumvented?
> > 
> > By the way, doing so should not only be done before going online for the 
> > first time, but already before the system restarts after its installation 
> > (because otherwise ACPI or other firmware code might compromise the system 
> > during the first boot process).
> > 
> > If it's not included in the installation iso, then I'd strongly suggest 
> > that it should be added. (The second best solution would be to download it 
> > and pray that this download is not compromised (probably I don't need to 
> > mention that there are various ways to compromise this download without 
> > someone being able to notice that), bur actually that doesn't even sound 
> > like a 'second best', but a rather careless approach.)
> > 
> > Maybe manually hashing files by writing a script could be another approach 
> > (I'd rather do that than trust a security relevant tool I downloaded from 
> > somewhere), though AIDE is really great in its functionality and it would 
> > be really nice if doing so would be possible.
> > 
> > 
> > Kind regards and all the best 
> > 
> > David
> 
> You just install the package like any other linux.
> 
> I still like tripwire the best,  even though the opensource version is so 
> outdated.   Some more modern solutions are OSSEC or Samhain,  but they are 
> more like windows type all in one solutions and might be considered bloated.

When using these type of programs on qubes though I found it too noisy and 
pointless.  Just for dom0 might not be a bad idea.  Just routinely wipe your 
other vms at the slightest anomaly haha.  its so easy in qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4311424-82d6-48a2-99a6-bde137b5d719%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is AIDE included in the installation iso?

2016-11-06 Thread raahelps
On Sunday, November 6, 2016 at 9:27:04 PM UTC-5, David Renz wrote:
> Hello everyone, 
> 
> currently I don't have QubesOS installed unfortunately, so I can't check this 
> by myself, and it might take some time until I'll be able to install it, 
> therefore I'm asking about this on the list:
> 
> I think that AIDE is the most sophisticated tool for checking file system 
> integrity (and I believe that this approach might be one of the best in order 
> to see whether a system got compromised or not), but obviously it could 
> render this approach useless, if one would first habe to go online after 
> having installed QubesOS and then AIDE from a Repo, which might be 
> compromised. Therefore my question: Is AIDE included in the Fedora 
> installation iso, so that those security issues couls be circumvented?
> 
> By the way, doing so should not only be done before going online for the 
> first time, but already before the system restarts after its installation 
> (because otherwise ACPI or other firmware code might compromise the system 
> during the first boot process).
> 
> If it's not included in the installation iso, then I'd strongly suggest that 
> it should be added. (The second best solution would be to download it and 
> pray that this download is not compromised (probably I don't need to mention 
> that there are various ways to compromise this download without someone being 
> able to notice that), bur actually that doesn't even sound like a 'second 
> best', but a rather careless approach.)
> 
> Maybe manually hashing files by writing a script could be another approach 
> (I'd rather do that than trust a security relevant tool I downloaded from 
> somewhere), though AIDE is really great in its functionality and it would be 
> really nice if doing so would be possible.
> 
> 
> Kind regards and all the best 
> 
> David

You just install the package like any other linux.

I still like tripwire the best,  even though the opensource version is so 
outdated.   Some more modern solutions are OSSEC or Samhain,  but they are more 
like windows type all in one solutions and might be considered bloated.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15c9ac4a-6fa7-424f-9d03-1373026a95f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] R3.2, xfce, resume and changing resolution issues

2016-11-06 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-11-06 14:34, yaqu wrote:
> Hello,
> 
> When I work on laptop with lid closed and external monitor connected,
> and when I suspend Qubes, reconnect it to another docking station with
> different monitor, and wake it up, then screen on external monitor has
> old resolution, not matching resolution of currently connected monitor.
> 
> Is it possible to force (or politely convince) xfce4 to autodetect
> resolution after wake up from suspend? Just like it used to work on KDE?
> 
> As a workaround I use custom script in /usr/lib/systemd/system-sleep/
> that executes on wake up:
> 
> xrandr --output HDMI1 --auto --output HDMI2 --auto
> 
> It works, but maybe there is a better solution?
> 

Thanks for the report. Tracking:

https://github.com/QubesOS/qubes-issues/issues/2420

> And there is a second issue with changing screen resolution. When I
> change resolution from lower to higher, some icons in tray at the
> bottom of the screen are not accessible - no tooltip on hoover, no
> response to click. It looks like only icons of appVM apps are affected
> (NetworkManager, Psi, Remmina, KeePass...), and icons of dom0 apps work
> correctly (volume control, power manager, qubes manager). Tray needs to
> be on bottom of screen, of course.
> 
> I have found out that to make these icons work again, I have to switch
> on or off any of connected displays.
> 
> This issue can be reproduced even without external monitors. Assuming
> laptop's LCD is on LVDS1, one needs to switch it to some low resolution
> and then back to default:
> 
> [user@dom0 ~]$ xrandr --output LVDS1 --mode "800x600"; sleep 3; xrandr
> --output LVDS1 --auto
> 
> Now icons are not accessible. To fix it one needs to turn LCD off and
> on:
> 
> [user@dom0 ~]$ xrandr --output LVDS1 --off; xrandr --output LVDS1 --auto
> 
> 
> BTW now as I tested it, it looks that not only tray icons are not
> accessible. The bottom half of the screen is not clickable for appVM
> applications.
> 
> Regards,
> 

Thanks. Tracking:

https://github.com/QubesOS/qubes-issues/issues/2421

For now, please try using the qubes-monitor-layout-notify tool as described in 
the comments on this issue:

https://github.com/QubesOS/qubes-issues/issues/1599

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYH/ZFAAoJENtN07w5UDAw9oUP/i6rX0tN/H5jAuMghg3EpEXY
zlZ47iFegNydCZvPm1sbdyfK8Ln3RWit+g6jmExwv0MoQUJBZH1hUScFpFx3UmZQ
EEFxesnlZ3teQ7vfKy7GLyJ2wSlkNd2RnNd3tyYizAhTXMBkDhC5CRTRlgInk96T
LAScY9IBgZ3JhDuLAHHQiJyg3fG1SjEGWCTiaDtuw3F5BPR8LbIPSGm5v9oMCXbr
DUIRurhJXx+Zx5X+fAciZOqw0jWIvByGxie0TV1+2zkS4tnjL2kjvU4U81jFcdwp
Ecw+SJWka0MbgwnIX7UYFcQnakkelj+/T8ytQna+kTeimF3AoO6bahvWMJZ2fHeK
VTbjncvKC7m6bzR6/yBZnwrg5zwcERHSO5knP2WxfVlMus65S3JGy8N7O9diCuQy
OL9OH4Z1XAYr20st3q7GyvQi3xbodSAx+kJ2VFp7xNYSL1SE3gCWBQZoTRZzdBOn
AmmIpnpJcq8C8kKGBMr0KAKIIr5JSb2n/fC3zhSV3hFfILObHSqFFOtuEb45PDsJ
cdCMIEWiY86PCD6Vi8hwAZPwqiwxI76uAfks8Cfph1iS+aIyruIXtg2F5vh7ehOB
64V6nW/Ckom3n23c7OQ8WNMDptr6N8H/zllEbWA1xBuyATfrUQirNtMCx04X5IGL
2lsL/k0r6PKBDYKlKW3E
=7jtJ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d510a82-7044-a53a-b980-ca3718cab0cf%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] recommendations on encrypted usb disk?

2016-11-06 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-11-06 04:43, pixel fairy wrote:
> crypt setup has a lot of options. what do you recommend for a usb disk for 
> backups and file transfer between qubes and bare metal linux systems? 
> 

My personal favorite is:

# cryptsetup -v --hash sha512 --cipher aes-xts-plain64 --key-size 512 
--use-random --iter-time 5000 --verify-passphrase luksFormat 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYH/G1AAoJENtN07w5UDAw1WIP/ibxZofnfVbLfTBNNnOy+3ro
E6GizuJqWEOoZ4Oq1z9tZGVrykCzjVSgWserDXMyVxm6FayIb/tza7DS6CaaTQi+
PHUXY7U7SLkaJiWqir5tfOUdj7bdmqQBWgqWaEy3/1GvLun2hx8KIwiON+WoDbsv
YN/w5obBeZRBEOr3LLifs/3zlKD5ZcWX+jivROEskkWIceoqjJ4huh0g/MxfdFeF
BqLQkdMxjxCSjmwtWToUtm5JfAqC1cEUAqUbfZ1LJxq+JXo+tGXSED681YFXrYUK
SGKZWmrQh3wJp7jeXcOrYj+iC8TFk9Pa7fFalntuNKUbqBiUbdjM/l5Tj4SGQViu
+Mdl2E5x6AVxGpt4TgPIGx4f7e8Vgeb5al+N2fnWbR4kVzg4C5D/hWoUvxe3bE5e
Oc4LHjDdvEcQjM/zzkqgJ+5OSOeDWtgHQb7JeCabI4Yp/As6n83L/lN/TTq66is6
0rhHivZpVj1jnn5w6wn9ZawdgYJKsc1Hau6oEr3Q/zcSLw2xOZ7HQkIhR+XStLKn
r1NaxgjsPIwfpp7ZNXioq7nkBcSxVwdlVDdxyRKjeqvNVjCcDrytQ3bJ+wgHaEpN
xc8I/kuQC5F6jGpn6J7CYvKzJ8LJGITjbvFpaPbOmTqsHsECRGjxlwOb4WeRc6g9
72YIcLTQN1a/ePgNc6Au
=sGgX
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a322340-307e-c013-092d-428c3f282cba%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Is AIDE included in the installation iso?

2016-11-06 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-11-05 01:32, David Renz wrote:
> Hello everyone,
> 
> currently I don't have QubesOS installed unfortunately, so I can't check this 
> by myself, and it might take some time until I'll be able to install it, 
> therefore I'm asking about this on the list:
> I think that AIDE is the most sophisticated tool for checking file system 
> integrity (and I believe that this approach might be one of the best in order 
> to see whether a system got compromised or not), but obviously it could 
> render this approach useless, if one would first habe to go online after 
> having installed QubesOS and then AIDE from a Repo, which might be 
> compromised. Therefore my question: Is AIDE included in the Fedora 
> installation iso, so that those security issues couls be circumvented?
> 

Do you want it in dom0 or in domUs (or both)? Which package would you like us 
to check for?

> By the way, doing so should not only be done before going online for the 
> first time, but already before the system restarts after its installation 
> (because otherwise ACPI or other firmware code might compromise the system 
> during the first boot process).
> 
> If it's not included in the installation iso, then I'd strongly suggest that 
> it should be added. (The second best solution would be to download it and 
> pray that this download is not compromised (probably I don't need to mention 
> that there are various ways to compromise this download without someone being 
> able to notice that), bur actually that doesn't even sound like a 'second 
> best', but a rather careless approach.)
> 

This shouldn't be an issue, since the packages you download should be 
PGP-signed.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYH+y2AAoJENtN07w5UDAwxQsP/321HHZlTpEs9BI8mSNnhRqV
o4+Lj2zl/AZtQvwyNjGgzOCmwPTozf/+JkkjlWp2RNkttsxAqrbca8w9Z3SQ6NnL
iiH73RSfWSU1audnAAVMg0tfzpVfc1ari8oFobTS3omiCnxMdtU9fiMvIjQ7bs/4
tedCin5jbLp/arI047JMXI07grLByeOMH0sG3K/ogcSImyOTjylW95p4uCurnw7p
iczvvF2VX8OdjxYdUcc0RTCmKiu8BFvIXVZJm+yrzjEA0OkXL3oLfstlBNXyW6r1
o4DyOar4qWwC8smZV2qKFBBKm/o7YTdVactKdBiaJVGh4cMCsbX5F7yQxh2Ncj5r
abKuk1sK9hkOnPJk96r/p5wnlTquScxCP2d8PM6PjoB5XJs9lQY1A3MRq/CCcoiJ
a1KwL55mokRLucnEb1kwUAOgfPj1/BDY1pmkIMYWV8qSWA1LSIuTFA/IXuGdufFu
9wTBjJenNJkF57VrEgvmDtJlmxefSwH550HLTi4S5UxEN04a5zWonCghk0TLgSdB
lr0tuBCQymZ+Odqa4HJMGVSrkmuk2oq9rOQvctI36YMY45uDu6IokBwrFIbrjK3h
hsWRAJwHxaaDHh2reFlwuEaqioeRf9Qx66M3Rjb316IgsCJJSmejudRD8IXutGO+
RXglnoxKwS6NdHiimor7
=TQCU
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/415002f9-b113-bd7f-23af-444ab864167d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: questions about Qubes-os

2016-11-06 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-11-06 11:36, trash wrote:
> Good Evening
> 
> The last week I've read something very interesting about Qubes-os in a French 
> magazine. I've tested it for several days and it remains some important 
> questions.
> I sent a mail to benbaill...@idpresse.com who told me contact you for further 
> explanations.
> That's what I'm doing.
> 

Hello Dom,

Thank you for your interest in Qubes! Just so you know, we like to have 
(non-private) Qubes discussions on our mailing lists. This allows other 
knowledgeable people from the community to chime in and allows information to 
be shared with everyone. It also makes the discussion searchable for other 
people in the future. So, I'm CCing our qubes-users mailing list in my reply 
(please keep this address CCed if you reply).

You can read more about our mailing lists here: 
https://www.qubes-os.org/mailing-lists/

> 
> 1/ How could I use ssh to manage qubes-os ( not secure but may be useful 
> sometimes).
> 

If you mean from dom0, then this currently breaks the Qubes security model, 
which entails that dom0 has no network access. (Remote management is planned 
for the future.) It might currently be possible, but it's not supported. This 
has come up on the MLs a number of times in the past, so you might consider 
doing some searches and reading through the results of others' attempts.

> 2/ When I create a "black default vm, ican see in parameters that networking 
> is not allowed, but between a "green" one and a "blue " one I cant find any 
> differences. So Is it me who decide I will surf only on save sites with a 
> "blue vm" or are there some parameters modified by the system (iptables for 
> example). It's not very clear to me.
> 

Yes, you ultimately get to decide what the colors means. When you create a new 
VM of any color (including black), there are no pre-configured differences 
based on that color. The color is merely a label. (I suspect that you examined 
the properties of an existing black VM, perhaps the "vault" created during 
installation.)

By default, the assumption is that black is the most trusted color, while red 
is the least trusted. But you're free to overturn this assumption if you wish.

> 3/ I can connect my synology and manage my shares directories via my web 
> browser but not via
> nautilus (or others ) with the command smb://192.168.X.Y:
> (I'm asking for login/password but after, I can't access my shared 
> directories/files ).
> 

I'm not sure about this one, as I don't use a Synology product. This sounds 
like it's probably not Qubes-specific, but perhaps rather a Samba/Fedora issue. 
Maybe someone else can shed light here.

> 4/ And the most important, about the firewall:
> 
> One vm +"deny network access exept " no Internet link -->normal
> 
> One vm +"deny..exept 192.168.X.Y: --> connection on the nas Synology 
> -->normal
> 
> One vm +"deny.exept * -->openbar-->normal
> 
> One vm + "denyexept phoenixjp.com --> I can connect the site but can't 
> reach the further links. It seems to be normal but not suitable for me.
> 
> how coulld I solve this problem if I want to access http, https, ftp
> 
> Be sure I've surfed on many sites trying to find clues, but without many 
> success.
> 

It sounds like you want to allow connections on all protocols to the entire IP 
range or CIDR block associated with that domain.

Take a look at the documentation here:

https://www.qubes-os.org/doc/qubes-firewall/

The comments in this issue might also be relevant or helpful to you:

https://github.com/QubesOS/qubes-issues/issues/879

> You're certainly the people able to help, It seems to me that a Qubes-os well 
> mastered could be very secured for my network. Actually I can see the amount 
> of possibilities but cant master the essential security parameters to use it 
> in "production" (my home network).
> 
> At any rate, very good job
> 
> Best regards
> 
> Dom Courtiol
> 

Thanks! Welcome to Qubes!

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYH+uPAAoJENtN07w5UDAw6KAQAMNG60VYyopHWlmZOxBVvzqg
/v15OWnwzvM5Mr0QDlOYYwJLE2qUOWL2n91sQWt/5BQ2FeHhBwf8KlSZOpKjNJi0
oRmuXsxrhJczvEDrygdLY/cuqYPwCSHUJQhYgZQK1792D+lMcnea+xAmH8D4nrFZ
Wr9xjCo7sGalijfrOY0tJpXCBsDc4uOzxJaE94yWtakK/vnK/Um5SfEx66wcT5xl
HHcKNAwHWzWraIXItdP++VOH5997dmp8Z0KjefuLFm03CnTy51Jks3AcxvUpGf2A
fLjzQEW1Yg19Rda7DJuP+u4RI9MKjZzPzrXzBRazzQaSc5nXoKj7TUgxJRfAwPsu
G2KH2EhToK0djNpuQEFOXkBRxQ8InqvfQbaQuTN1NdUT3FoSJIYyCzwDMTjF7Q5Q
+YuIpCVj9vCpYifkBWb4fTboia/2xkFRH+CQ31NguNC7hZYOq+RaWXtwyVWS3tq2
lKyq/JU04GrcRJ2l7XjyAMM91zerq14PUz4APO7fyZeI4UOTm++O98ySgfMwxMPj
QXWdJzlbzOoyDfOIYoqx8du58AQ10hVVEvVhU+jEClEwI5Obi6CEW4b2shM7sZXp
aCS047exJm9lhObnu2cbUOdwNkbO6j7lWx+Gqb4RFcGsCEbEL15Zh8a6tusyDWEB
fqTi7K1kMSxo4DZZbLcI
=ypJD
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.

[qubes-users] Is AIDE included in the installation iso?

2016-11-06 Thread David Renz
Hello everyone,

currently I don't have QubesOS installed unfortunately, so I can't check this 
by myself, and it might take some time until I'll be able to install it, 
therefore I'm asking about this on the list:
I think that AIDE is the most sophisticated tool for checking file system 
integrity (and I believe that this approach might be one of the best in order 
to see whether a system got compromised or not), but obviously it could render 
this approach useless, if one would first habe to go online after having 
installed QubesOS and then AIDE from a Repo, which might be compromised. 
Therefore my question: Is AIDE included in the Fedora installation iso, so that 
those security issues couls be circumvented?

By the way, doing so should not only be done before going online for the first 
time, but already before the system restarts after its installation (because 
otherwise ACPI or other firmware code might compromise the system during the 
first boot process).

If it's not included in the installation iso, then I'd strongly suggest that it 
should be added. (The second best solution would be to download it and pray 
that this download is not compromised (probably I don't need to mention that 
there are various ways to compromise this download without someone being able 
to notice that), bur actually that doesn't even sound like a 'second best', but 
a rather careless approach.)

Maybe manually hashing files by writing a script could be another approach (I'd 
rather do that than trust a security relevant tool I downloaded from 
somewhere), though AIDE is really great in its functionality and it would be 
really nice if doing so would be possible.

Kind regards and all the best

David

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/n4aswxfhkcyqvwfnft22564e.1478334195110%40email.android.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 3.1 Installer Hangs on Creating default DisposableVM

2016-11-06 Thread admin
Thanks for the suggestion and sorry for the delay in getting back to you.

I just did a fresh install with no whonix or debian templates and chose the "do 
not configure anything" option.

This left me with a sterile but working dom0. I figured the best way to proceed 
might be to run firstboot-qubes-text since I've had some luck with that in the 
past.

I chose to create default service VMs only. This gave me a working sys-net and 
sys-firewall. Working in spirit, at least. I wasn't able to launch the 
sys-firewall terminal from the Q menu, I had to log into sys-firewall via the 
xen console to test connectivity.

I tried to launch the disposable VM with firefox from the Q menu to no avail.

I tried to make a new VM via the VM Manager; a new entry flickered then 
disappeared instantly. There was no indication of failure, but no new VMs 
either.

I tried to run firstboot-qubes-text again, this time opting to create the 
default service vms and default app vms. I'm looking at the exact same, 
apparently successful output I received when I tried to build the service VMs 
only. It didn't seem to phase or duplicate the existing sys-net and 
sys-firewall VMs.

If anyone has any suggestions on where I should go from here I'd really 
appreciate it!

Thanks

On Wednesday, October 19, 2016 at 8:42:38 PM UTC-4, raah...@gmail.com wrote:
> On Tuesday, October 18, 2016 at 11:27:00 PM UTC-4, ad...@roughshod.net wrote:
> > Oops, subject should read 3.2 not 3.1
> 
> Have you tried to install without creating any default vms?  I believe that 
> is an option,  then you can try to set up your vms manually afterwards.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8757b52c-838e-4e1d-88b5-475e6339bf8d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: ANN: Qubes network server

2016-11-06 Thread Manuel Amador (Rudd-O)
On 11/05/2016 03:54 PM, Max wrote:
>
> Thanks for the response!
>
> I ran this and also ran 'sudo dnf install go' when I came across the 
> following error: 'go is needed by qubes-network-server-0.0.4-1.fc23.noarch'.

A commit is now out which eliminates this dependency.

> I then did the cd into the cloned folder and the 'make rpm' function has 
> appeared to have worked.
>
> I followed the steps to get this to Dom0 and then installed the RPM. It may 
> be better to add to the documentation 'sudo rpm -ivh qns.rpm' as I wasn't 
> initially sure that I actually had to name the file. It helps the noobs! 
>
> The purpose for me for installing the network server was to be able to ping 
> my Debian VM from my Windows VM.
>
> These are the configuration steps I took subsequent to install:
>
> 1) Created a ProxyVM named server-proxy.
> 2) Changed the NetVM on both work-apps (my Debian 8 VM) and windows-7 (HVM) 
> to the new ProxyVM

Sorry, I should have clarified that HVMs are not supported at all.  I am
very, very sorry.  I need to do more work to get HVMs to work properly
("more" is an euphemism for I have totally forgotten so far to support
that use case).  It is totally my fault that I did not explain this in
the documentation.  My bad.  I have updated the documentation to reflect
that.

If you could help me, do report what happens when you ping between a
Fedora and a Debian AppVM, or two Debian AppVMs.

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d0b8050-8aa1-6b4b-c952-2c054f147930%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix Gateway and normal AppVM behind?

2016-11-06 Thread Drew White
On Friday, 4 November 2016 14:04:53 UTC+11, entr0py  wrote:
> Drew White:
> > Hi folks,
> > 
> > If I'm using the Whonix Gateway guest, and I have it as a ProxyVM, is it 
> > safe to assume that if I use a normal AppVM, (non-whonix) behind it, then 
> > that means that everything is still going through the Tor network?
> > 
> > (Just wanting to make 100% sure)
> > 
> > Sincerely,
> > Drew.
> > 
> 
> Drew, I know you only concern yourself with the most complex, technical 
> details; but every once in a while, you should come see how us small-minded, 
> non-dev "little people" live:

I'm sorry, I don't easily understand lamens terms. It's a downfall of mine that 
I know about and I do work on, every day.

> 
> Google "Whonix"
> |
> https://www.whonix.org/
> |
> https://www.whonix.org/wiki/
> |
> https://www.whonix.org/wiki/Documentation
> |
> https://www.whonix.org/wiki/Other_Operating_Systems
 
Yes I searched it on the whonix website.

Yes I searched elsewhere.

As I said I wanted to be "100%" sure.
So I wanted someone that knew and had every test done already to know if 
everything really did go through Tor OR whether there were things that didn't.
And I mean ANYTHING.

> BTW, all 20 of the questions in your qubes-devel thread (which incidentally 
> has nothing to do with qubes-devel) are also answered in the docs.

Well, IF they are ALL answered in the docs, then why isn't the information that 
I require there?
I did search the documents first. read EVERY page that had the word "Whonix" or 
"Qubes-TorVM"(and similar) in it.
And the answers to my questions are not there.
If the answers were there, then I would not have asked them in Qubes-Devel. 
It's that simple.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5146e003-01b4-4e8e-8cce-add8fef4af39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Kernel Panic on sys-net

2016-11-06 Thread cmagistrado
Hey all,

Hope I'm posting this correctly.
I seem to be getting an error when my sys-net comes up, which makes it more 
difficult to update qubes, (assuming that would fix it).

I attempted to troubleshooting the issue by searching this group and found:
https://groups.google.com/forum/#!searchin/qubes-users/sys-net$20kernel$20panic|sort:relevance/qubes-users/YrB6xJH1DJM/L2v7hvSyDQAJ

However, I wasn't able to determine a solution from it.


It appears I'm unable to upload a file here.
Used pastebin for my log.

http://pastebin.com/0n7Ad6tp


Thanks for your time.

Kind Regards,
Chris

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9189d75-ea3f-4176-8b37-096d00c65873%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] R3.2, xfce, resume and changing resolution issues

2016-11-06 Thread yaqu
Hello,

When I work on laptop with lid closed and external monitor connected,
and when I suspend Qubes, reconnect it to another docking station with
different monitor, and wake it up, then screen on external monitor has
old resolution, not matching resolution of currently connected monitor.

Is it possible to force (or politely convince) xfce4 to autodetect
resolution after wake up from suspend? Just like it used to work on KDE?

As a workaround I use custom script in /usr/lib/systemd/system-sleep/
that executes on wake up:

xrandr --output HDMI1 --auto --output HDMI2 --auto

It works, but maybe there is a better solution?

And there is a second issue with changing screen resolution. When I
change resolution from lower to higher, some icons in tray at the
bottom of the screen are not accessible - no tooltip on hoover, no
response to click. It looks like only icons of appVM apps are affected
(NetworkManager, Psi, Remmina, KeePass...), and icons of dom0 apps work
correctly (volume control, power manager, qubes manager). Tray needs to
be on bottom of screen, of course.

I have found out that to make these icons work again, I have to switch
on or off any of connected displays.

This issue can be reproduced even without external monitors. Assuming
laptop's LCD is on LVDS1, one needs to switch it to some low resolution
and then back to default:

[user@dom0 ~]$ xrandr --output LVDS1 --mode "800x600"; sleep 3; xrandr
--output LVDS1 --auto

Now icons are not accessible. To fix it one needs to turn LCD off and
on:

[user@dom0 ~]$ xrandr --output LVDS1 --off; xrandr --output LVDS1 --auto


BTW now as I tested it, it looks that not only tray icons are not
accessible. The bottom half of the screen is not clickable for appVM
applications.

Regards,

-- 
yaqu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161106223414.10544103B33%40mail2.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Problems upgrading from Fedora-23 to 24

2016-11-06 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Nov 06, 2016 at 09:51:06PM +, Paul Stansell wrote:
> Hello,
> 
> I'm trying to upgrade from a standard Fedora 23 template to Fedora 24,
> but when following the instructions here
> https://www.qubes-os.org/doc/fedora-template-upgrade-23/, at step 3 I
> get
> 
>   sudo dnf --releasever=24 distro-sync
>  Last metadata expiration check: 0:02:17 ago on Sun Nov  6 14:06:43
> 2016.
>  Error: package python3-dnf-plugins-qubes-hooks-3.1.18-1.fc23.x86_64
> requires python(abi) = 3.4, but none of the providers can be installed.
>  package qubes-gui-vm-3.1.7-1.fc23.x86_64 requires pulseaudio = 7.1,
> but none of the providers can be installed.

It looks you have Qubes 3.1, Fedora 24 template is supported only on
Qubes 3.2. Please upgrade first.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYH6u5AAoJENuP0xzK19csAF8H/0A0KHbJL/qRCdDuKGSuFN0z
OTJ2o6vz4GOTXSKe/qwokgSkBYFBaHrsA6LmxoxSsifagfvFK/2JZR3HNf/eIWMo
yU4Kahjz64MeG0dO/auNRZh4g2NsLh4DU5XnHmtjbXD574rMPBZpbiMKfL6VPlN6
yPGqWn7T44ELJ4+vLc2GlI0FM+C4cBR9e9umQXUBR3K38A1NBURmCbTsDxtouNby
Gl04Hg9yswe184nbofJaWIXWLlB5+tYS+MvAHx4wVZ+AFHZLkkcd6S5dJNx9B4+B
RvlGoAbamsZ2gp6T6sdgM7QKbxWjP6Gq6oHTGA/3hDhgfAtKpdHJ7C9UBXTAqPI=
=GcG5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161106221622.GO7073%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Problems upgrading from Fedora-23 to 24

2016-11-06 Thread Paul Stansell
Hello,

I'm trying to upgrade from a standard Fedora 23 template to Fedora 24,
but when following the instructions here
https://www.qubes-os.org/doc/fedora-template-upgrade-23/, at step 3 I
get

  sudo dnf --releasever=24 distro-sync
 Last metadata expiration check: 0:02:17 ago on Sun Nov  6 14:06:43
2016.
 Error: package python3-dnf-plugins-qubes-hooks-3.1.18-1.fc23.x86_64
requires python(abi) = 3.4, but none of the providers can be installed.
 package qubes-gui-vm-3.1.7-1.fc23.x86_64 requires pulseaudio = 7.1,
but none of the providers can be installed.
 package xen-qubes-vm-2001:4.6.1-20.fc23.x86_64 requires xen-libs =
2001:4.6.1-20.fc23, but none of the providers can be installed.
 package qubes-core-vm-3.1.18-1.fc23.x86_64 requires
python3-dnf-plugins-qubes-hooks, but none of the providers can be installed.
 package qubes-core-vm-systemd-3.1.18-1.fc23.x86_64 requires
qubes-core-vm, but none of the providers can be installed
 (try to add '--allowerasing' to command line to replace conflicting
packages)

As suggested, I tried adding --allowerasing, but that didn't help as
then I got

 Downgraded:
   xen-libs.x86_64 4.6.3-6.fc24  xen-licenses.x86_64 4.6.3-6.fc24
 Traceback (most recent call last):
   File "/bin/dnf", line 58, in 
 main.user_main(sys.argv[1:], exit_code=True)
   File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 174,
in user_main
   File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 60, in
main
   File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 120,
in _main
   File "/usr/lib/python3.4/site-packages/dnf/cli/main.py", line 159,
in resolving
   File "/usr/lib/python3.4/site-packages/dnf/plugin.py", line 82, in fn
   File "/usr/lib/python3.4/site-packages/dnf/util.py", line 183, in
mapall
   File "/usr/lib/python3.4/site-packages/dnf-plugins/qubes-hooks.py",
line 40, in transaction
   File "/usr/lib/python3.4/site-packages/iniparse/compat.py", line
146, in getboolean
   File "/usr/lib/python3.4/site-packages/iniparse/compat.py", line
219, in get

I have python 3.4 installed, so I also tried

 alternatives --install /usr/bin/python python /usr/bin/python3 2
 alternatives --install /usr/bin/python python /usr/bin/python2 1

and then repeating the upgrade process above, but that didn't help either.

Can anyone offer any more suggestions as to what I could try.

Thanks,

Paul

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAMJKaZxdbVAuhTNuNm%3DyNYGa_pwaLcHDSDZhyV-7Gn1kdgzPTw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Issues after in-place 3.1.17 -> 3.2 upgrade

2016-11-06 Thread Richard
On Sunday, November 6, 2016 at 2:07:38 PM UTC-6, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Sun, Nov 06, 2016 at 11:44:25AM -0800, Richard wrote:
> > However, I noticed that the Qubes VM Manager is not reflecting the changes 
> > (i.e. it is still showing VMs running), even after I close and reopen it.
> 
> This is expected (until system restart). Also, just closing the manager
> window isn't enough to really restart it - if you want to, right click
> on its icon and choose "exit". Then start it again from the menu.
> 
> > I was going to use the 'shutdown now' command, but wanted to check if there 
> > is anything I should be doing, before I shutdown, to fix the above errors.
> 
> Just restarting the system should be enough.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJYH42JAAoJENuP0xzK19csLdIIAIAIwf1z3m8Jj1eim8obJCUj
> QHC2UrgNTqvl0rFwx0JzsfGvh33ft/SPZoVPwhO8Y9Tp0rhgvjRZVpsN1zF8NQZi
> 6J2zQg8nnT7AQLrF0WntDO/N8zb8C8lVLkpbr5NHSVveSyDmB1BqrGyLVW7K46py
> TMBuhdfT0aEjNuUNBC1uCVknU7uOgIGce9KnWqDp59UmyKecIUhEyPvIZC3QoXmE
> BrXuceoRUTj1REoa1FG1GTTlnZms9OL0zOl90wT3fbWcmyKBlCuQLolKKoUuTQIE
> UgmnZCYSPMAM7l5fFJMcYpXW30y0O5KMIFGG1/ScRlFaCXAKJIjXF8/lar6QCwU=
> =joII
> -END PGP SIGNATURE-

Thank you Marek

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38d46f47-3329-404d-a213-24fc19f07c6f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Issues after in-place 3.1.17 -> 3.2 upgrade

2016-11-06 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sun, Nov 06, 2016 at 11:44:25AM -0800, Richard wrote:
> However, I noticed that the Qubes VM Manager is not reflecting the changes 
> (i.e. it is still showing VMs running), even after I close and reopen it.

This is expected (until system restart). Also, just closing the manager
window isn't enough to really restart it - if you want to, right click
on its icon and choose "exit". Then start it again from the menu.

> I was going to use the 'shutdown now' command, but wanted to check if there 
> is anything I should be doing, before I shutdown, to fix the above errors.

Just restarting the system should be enough.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYH42JAAoJENuP0xzK19csLdIIAIAIwf1z3m8Jj1eim8obJCUj
QHC2UrgNTqvl0rFwx0JzsfGvh33ft/SPZoVPwhO8Y9Tp0rhgvjRZVpsN1zF8NQZi
6J2zQg8nnT7AQLrF0WntDO/N8zb8C8lVLkpbr5NHSVveSyDmB1BqrGyLVW7K46py
TMBuhdfT0aEjNuUNBC1uCVknU7uOgIGce9KnWqDp59UmyKecIUhEyPvIZC3QoXmE
BrXuceoRUTj1REoa1FG1GTTlnZms9OL0zOl90wT3fbWcmyKBlCuQLolKKoUuTQIE
UgmnZCYSPMAM7l5fFJMcYpXW30y0O5KMIFGG1/ScRlFaCXAKJIjXF8/lar6QCwU=
=joII
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161106200734.GN7073%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Issues after in-place 3.1.17 -> 3.2 upgrade

2016-11-06 Thread Richard
On Sunday, November 6, 2016 at 11:24:55 AM UTC-6, Richard wrote:
> I just finished doing an in-place upgrade to 3.2 following 
> https://www.qubes-os.org/doc/upgrade-to-r3.2/
> 
> However, I ran into a problem when I reached step "6. Update configuration 
> files."
> 
> The system will not allow me to open Konsole (I can open run command, choose 
> Konsole and nothing happens).
> 
> Also, now whenever I open Qubes VM Manager I receive the following message:
> 
> libvirtError: internal error: client socket is closed
> 
> line: if ret == -1: raise libvirtError ('virDomainlsActive() failed', 
> dom=self)
> func: isActive
> line no.: 1338
> file: /usr/lib64/python2.7/site-packages/libvirt.py
> ---
> line: if libvirt_domain.isActive()
> func: get_power_state
> line no.: 876
> file: /usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py
> 
> and soforth.
> 
> The only VMs that are running are sys-firewall and sys-net.  I've tried to 
> shut down the firewall from the Qubes VM Manager and receive the following 
> message:
> 
> AssertionError:
> line: assert vm.is_running()
> func: action_shutdownvm_triggered
> line no: 1261
> file: /usr/lib64/python2.7/site-packages/qubesmanager/main.py
> 
> I've tried to restart and shutdown my system and that is also not 
> possible...nothing happens when I click on shutdown or restart.
> 
> I should be grateful if anyone can provide me the steps I need to do to 
> continue upgrading my system.
> 
> Thanks,
> Richard

Update:
I was able to open Konsole and complete step 6

I also used 'qvm-shutdown -all' to shutdown all VMs.

However, I noticed that the Qubes VM Manager is not reflecting the changes 
(i.e. it is still showing VMs running), even after I close and reopen it.

I was going to use the 'shutdown now' command, but wanted to check if there is 
anything I should be doing, before I shutdown, to fix the above errors.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7436df3b-5662-43cd-baf1-dc901a8b0916%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Issues after in-place 3.1.17 -> 3.2 upgrade

2016-11-06 Thread Richard
I just finished doing an in-place upgrade to 3.2 following 
https://www.qubes-os.org/doc/upgrade-to-r3.2/

However, I ran into a problem when I reached step "6. Update configuration 
files."

The system will not allow me to open Konsole (I can open run command, choose 
Konsole and nothing happens).

Also, now whenever I open Qubes VM Manager I receive the following message:

libvirtError: internal error: client socket is closed

line: if ret == -1: raise libvirtError ('virDomainlsActive() failed', dom=self)
func: isActive
line no.: 1338
file: /usr/lib64/python2.7/site-packages/libvirt.py
---
line: if libvirt_domain.isActive()
func: get_power_state
line no.: 876
file: /usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py

and soforth.

The only VMs that are running are sys-firewall and sys-net.  I've tried to shut 
down the firewall from the Qubes VM Manager and receive the following message:

AssertionError:
line: assert vm.is_running()
func: action_shutdownvm_triggered
line no: 1261
file: /usr/lib64/python2.7/site-packages/qubesmanager/main.py

I've tried to restart and shutdown my system and that is also not 
possible...nothing happens when I click on shutdown or restart.

I should be grateful if anyone can provide me the steps I need to do to 
continue upgrading my system.

Thanks,
Richard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67b95906-a85d-4df9-ba39-20e9ef1e2efa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Lenovo Thinkpad T520 (4243WM2)

2016-11-06 Thread yaqu
Hello,

I have been using this Thinkpad T520 for 1.5 years with Qubes R2, R3.0
and now R3.2 without major hardware issues (not tested with R3.1).
Well, I had a problem with Intel gfx and R3.2, but it's fixed now
(details somewhere below).

Long story short: it works.

CPU: i5-2520M 2.50GHz
VT-x: works
VT-d: works
SLAT/EPT: supported
TPM: present, not tested

RAM: it had only 4 GB in factory configuration, documentation says it
supports max 8 GB, but in fact it supports up to 16 GB of RAM (2*8).

GPU: integrated Intel HD Graphics 3000, works, but:
Under R3.2, i915.enable_rc6=0 needs to be added to kernel parameters to
prevent random reboots when external monitor is connected, as described
there:
https://groups.google.com/d/msg/qubes-users/DSFcUer3C7M/Rbno0VdfBQAJ

Suspend/resume: works. 

Sound: works
Microphone: works
Ethernet: Intel 82579LM Gigabit, works
Wi-Fi: Intel Centrino Ultimate-N 6300, works
Card reader: Ricoh PCIe SDXC/MMC Controller, works
Firewire: Ricoh R5C832 PCIe IEEE 1394 Controller, works
Display: TFT 15.6" 1600x900, anti-glare
Docking station: tested with Lenovo 4338, works
Bluetooth: BCM2045B, detected as USB device, but not tested
Camera: not present
Fingerprint reader: not present

Keyboard, trackpoint and touchpad: work
There are additional function keys, most of them work, at least
these used by me: volume control, mute, LCD dim and keyboard light.

ExpressCard/34 port: works, but without hotplugging, as it is not
supported by Qubes anymore:
https://groups.google.com/d/msg/qubes-users/JVOpOrOPvZk/5Xar5LS8BwAJ

USB: two USB 2.0 controllers. One with 2 ports and all internal devices
(bluetooth, docking station and its USB ports), and second with just 2
ports. Controllers have shared RMRRs, but they can be assigned to
different appVMs if these VMs have pci_strictreset=false.

Note: since upgrade to R3.2 I'm no longer able to assign USB controller
to Win7 HVM.

For USB 3.0 I use ExpressCard adapter (on Renesas uPD720202 chipset) and
it works well. AFAIR I had to disable power management for pccard in
BIOS.

All communication ports or devices can be disabled in BIOS: network
cards, bluetooth, modem, USB ports, firewire, ExpressCard slot, eSATA
port, ultrabay (CD/HDD), card reader, camera, microphone and
fingerprint reader. Some of these ports/devices are not present in this
model of T520.

There is also the physical switch for disabling bluetooth and Wi-Fi, it
also works.

-- 
yaqu

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161106165033.B27892022D9%40mail.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-4243WM2-20161002-222153.yml
Description: application/yaml


Re: [qubes-users] Qubes 3 MacOSX

2016-11-06 Thread Dominik Dorn
The current VMWare Fusion v8 allows to run multiple instances of OSX.
They even advertise it on their website:
http://www.vmware.com/products/fusion.html
"macOS Sierra-Ready
Launch virtual machines on Macs with macOS 10.12 Sierra, or safely test the
new macOS in a sandbox on your current Mac without disruption."

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABHM76WhY%2BmXnrXHQbOhZOFOHf%3DFKQ80D%2BgXkwrK0fcJ5obzrA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] recommendations on encrypted usb disk?

2016-11-06 Thread Robin Schneider
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 06.11.2016 13:43, pixel fairy wrote:
> crypt setup has a lot of options. what do you recommend for a usb disk for
> backups and file transfer between qubes and bare metal linux systems?
> 

Hi

I would go with AES-256 as cipher and sha512 has hash for LUKS.

Refer to
https://docs.debops.org/en/latest/ansible/roles/ansible-cryptsetup/docs/defaults
.html#cryptography-defaults
for details :)

- -- 
Live long and prosper
Robin `ypid` Schneider -- https://me.ypid.de/
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCAAGBQJYHysSAAoJEIb9mAu/GkD4NhEP/1jZujyKK0RWUuqQKWNglE7n
adRvP2fZlfCMzAOQfDdB5jnwIKCX3Ir0mWHisIVWww3+FsWP1ysMgEu4zTCcMpJd
3/SnIHF0sonBL6C6VIpIBUuyiRXe0Z3sjWcc4HeJMI7KdNNhH42Y6gJwjHumuiZr
g4k5aDhp7wlZrHxEhRirMfoA3QiamdRrBb0+yHFjmBiHt9dbT0NuN4Z+3PxWggtj
lMR/xiSxU8BDzM0KLD3iMLDIARcz8lSvxHrkij9aWdcVaUuaVkOkg729pHw/tBzV
Y0/zDcVibnxDdcpsNZFiDdK76loJxGb/+WF9b2Pxjh3r7dAdoNmxAvlJGcB40sh0
X2huFy4CI+gU+lP0ZomD0fRMvCQhLrSTTA5ibjaLMY0rnvwfyZ8pXYDCtwkeh9EA
VFvWvtQtvhNuA+agUXQoP334zh2tnJDbfFWZN/S/OWJY1/k7jTTuYSywFd5XH14X
tYoBKu6fhDfy6ae01CNigrdAtx4YaOZzxpNogVhCrFEmb/1sGJqTSr3fwEC3LbTP
CHKv9IkyWLxRKPTUnsKRxFEhWTegDEfYZMNX8QtjG46vsBvFskLXHc2Go3j91m86
HHSTjcG4Rb09ef6ykWIClwhb1APrEALoigilrraAcDcMcx+kAF1N6xxiDl6K6zQI
mtyO0wcHDWOiP49oiusD
=J+4d
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32e3b70c-ce04-6f27-e52d-964e7ab8b703%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] recommendations on encrypted usb disk?

2016-11-06 Thread pixel fairy
crypt setup has a lot of options. what do you recommend for a usb disk for 
backups and file transfer between qubes and bare metal linux systems? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2c7ad4b3-fefd-4ed1-9ff7-46ca0b1d3b1d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes 3 MacOSX

2016-11-06 Thread Achim Patzner
Am 06.11.2016 um 10:42 schrieb Alex:

> On 11/06/2016 10:31 AM, Jeremy Rand wrote:
> Actually reading the license of OSX available at
> https://store.apple.com/Catalog/US/Images/MacOSX.htm is very easy
> because they are awfully short and simple, compared to a lot of other
> software.
>
> And in 2.A. there is the actual permitted use:
>> This License allows you to install and use one copy of the Apple 
>> Software on a single Apple-labeled computer at a time.
> which means that you can own an Apple Mac computer, install
> Qubes/Linux/what you want on it, install VirtualBox/VMWare/Xen on it,
> and have an OSX virtual machine while still behaving according to the
> license.

There were other people who thought it would be that simple (mind you,
I'm not talking about Mac OS X Server, a product that became a 30$
add-on later); does anyone remember a product called VMware Fusion
version 4.10 which suddenly removed the artificial barrier against
running non-Server Mac OS X on VMware and which had ot be replaced by
version 4.11 only two weeks later with the only bug fixed being able to
run Mac OS X on a VM? That must have ben one hell f a letter Apple sent,
I guess I would pay for reading it.

> The third point, "ensure your physical system is an Apple-labeled
> computer", explicits the then-actual license conditions to run a
> virtualized OSX within the license terms.

And if you do, you can run VMware ESXi on a Mac Pro cluster and use it
to virtualize multiple Mac OS-based machines, as long as they are
installing Server.app on them. One of our customers is doing it to get
the applications from his old Mac Servers running in a world where the
most important customer is obviously the iPad Pro user...

> AFAIK, by the link from the apple store reported above, these terms are
> still valid - you can run a virtualized OSX and be within the license
> terms if it is the only instance you run, and it runs on an
> Apple-labeled computer.

Point is: You can't buy a valid license without buying a machine with
it. I guess you could buy *heaps* of Mac mini just to obtain licenses...
Just like having to buy defective power supplies to get MagSafe
connectors. And Apple does not attack the people breaking the licenses;
they are usually aiming at those who enable others to break them (which
I regard as a good thing).


Achim

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b63a0115-312d-a809-8cad-62154112c7b0%40noses.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Secure Browsing - browserless?

2016-11-06 Thread 098'109348'109438'0194328'0918
Hallo,

It looks like I was wrong, this kind of browserless security setup is might not 
be a part of the far future, it is up and running (in the testmode)...

The Boing Black Phone...

http://www.defenseone.com/technology/2016/11/nsa-chief-has-phone-top-secret-messaging-heres-how-it-works/132845/?oref=d-river

http://www.boeing.com/defense/boeing-black/index.page

- Can switch between a open and a secure network (2 SIMs)
- Is highly encrypted
- Is working like a DispVM and stores data at a faraway secure place (physical 
security)
- Physical tamper proof and self-destructive (physical security)

Nice would be a Qubes DispVM optimized for screen sharing (browser less 
security) with and App running on a second bank-sided DispVM behind the first 
banking-firewall, so all banking transactions become secure and secret. But 
sure this needs also a clever encryption embedded.

Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0da44ab-9c0b-4fcd-a64b-0afc005b2172%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Your Battery is syping on you...

2016-11-06 Thread 021'049528'0943582'094358'0924358098
Hello Rudd-O,

many times technology can be used in both sides good and e*

My first concern with this internet and lack of IT-security is, that in some 
main-stream browsers you have enough backdoors to book in the second you type 
in your credit-card information in parallel for you on another place with a 
another delivering-address of course...

In my eyes a hard browser focused to the financial goals of the owner will be 
quite helpful in this crazy internet game.

Tor, I'm afraid will be also a perfect tool to deliver a hidden command and 
control structure (e.g. my QR31 was not updating anything any more...).

"Of the top twenty most popular Tor addresses, eleven are command and control 
centres for botnets, including all of the top five."

https://www.technologyreview.com/s/519186/security-flaw-shows-tor-anonymity-network-dominated-by-botnet-command-and-control/

So Tor will be useful on a live-QubesOS DVD in a dual mode, if you need Whonix 
browser + Tor Features, e.g. for security-research without the tracing features 
of the network.

It's so hard to get an coherent picture about the good and robust internet 
infrastructure. Perhaps a new kind of network will get this straight out of the 
box one day in the far far future...

A how to do banking, shopping ans surfing-guide will be quite helpful to get a 
solid baseline towards a better safe internet-experience.

Thanks and Kind Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f8700ad-f2c2-49f5-9fe2-8f8fba1e2c61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.