[qubes-users] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts

2016-11-30 Thread JPL
>Commercial editions of Qubes OS will be customized to meet special corporate
>requirements. For example, two features that might be particularly attractive 
>to
>corporate customers are (1) "locking down" dom0 in order to separate the user
>and administrator roles and (2) integrating our local management stack with a
>corporation's remote management infrastructure. These are both examples of
>features that our developers are capable of implementing now, on Qubes 3.2.

>We plan to partner with one to three corporate clients in order to run a pilot
>program throughout the first half of 2017.  After it has been successfully
>completed, we'll then widen our offer to more corporate customers and,
>ultimately, to small business customers. Our main constraint is the scalability
>required to cover each additional client. Hence, we plan to focus on larger
>customers first. 

Does this mean that Qubes will somehow become networkable or will it still only 
be for a single device?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1093ca29-0748-4b31-a0d7-a914c0d7f09b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Problems connecting usb flash drive to any vm

2016-11-30 Thread raahelps
On Thursday, December 1, 2016 at 1:11:09 AM UTC-5, raah...@gmail.com wrote:
> On Saturday, November 26, 2016 at 12:56:12 AM UTC-5, zxe...@gmail.com wrote:
> > When I first installed Qubes (3.2), I could attach and detach block devices 
> > without errors and mount flash drives in VM's. I wanted to use my external 
> > keyboard with my laptop so followed the steps in the guide 
> > (https://www.qubes-os.org/doc/usb/) for "Creating and Using a USB qube" 
> > (using the management stack) and "How to use a USB keyboard".
> > 
> > However, the generated sys-usb Qube fails to boot and detaching a USB flash 
> > drive using the VM Manager always give me a blank window with the text 
> > "Houston, we have a problem..." and freezes the VM Manager. After a few 
> > seconds of trying to close the blank window I get "This window might be 
> > busy and is not responding. Do you want to terminate the application?". 
> > After I restart the VM Manager the USB device is still shows as attached. 
> > If I restart the VM with the attached USB device it gives me another error 
> > "AssertionError: This is most likely a bug in the Qubes Manager" and the VM 
> > is killed. (Note I did this with a DisposableVM). 
> > 
> > The above happens even if I attach and then immediately detach the USB 
> > block device.
> > 
> > After plugging in the USB flash drive to my laptop, but not attaching it to 
> > any VM the USB flash drive is visible to sys-net with "fdisk -l", but 
> > mounting fails with "wrong fs type" even though I mount it with "-t vfat" 
> > and fdisk shows the USB flash drive is FAT32. If I attache the USB flash 
> > drive to any other VM "fdisk -l" does not show any attached flash drive.
> > 
> > I am currently in China, so I cannot reach google with the laptop running 
> > Qubes until I get a socks proxy set up and tor is block in China (any 
> > bridges I have tried are quickly blocked).
> > 
> > Any help would be helpful. Let me know what logs would be useful to post (I 
> > am still very new to Qubes).
> 
> ya I concur, just try deleting all sys-usb vms and then rerun  qubesctl 
> top.enable qvm.sys-usb and just use that for your usb controller(s)
> 
> I had run into the same problem before trying to switch the controller to 
> another usbvm.   didn't bother to do the strictset.  Although that was back 
> in 3.1 I thought things were supposed to be easier now.  I think we can add 
> single usb devices to diff vms.  I haven't tried this. I hope soon will work 
> for hvms as well if not yet.

forgot there is another command after that one.  qubesctl state.highstate   
https://www.qubes-os.org/doc/usb/

If your two usb ports next to the ps2 kb port are on a separate controller, you 
might want to keep those in dom0 just for your mouse and kb instead.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b5f7474-5a60-4e6d-ab82-a0a8de97f4df%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Problems connecting usb flash drive to any vm

2016-11-30 Thread raahelps
On Saturday, November 26, 2016 at 12:56:12 AM UTC-5, zxe...@gmail.com wrote:
> When I first installed Qubes (3.2), I could attach and detach block devices 
> without errors and mount flash drives in VM's. I wanted to use my external 
> keyboard with my laptop so followed the steps in the guide 
> (https://www.qubes-os.org/doc/usb/) for "Creating and Using a USB qube" 
> (using the management stack) and "How to use a USB keyboard".
> 
> However, the generated sys-usb Qube fails to boot and detaching a USB flash 
> drive using the VM Manager always give me a blank window with the text 
> "Houston, we have a problem..." and freezes the VM Manager. After a few 
> seconds of trying to close the blank window I get "This window might be busy 
> and is not responding. Do you want to terminate the application?". After I 
> restart the VM Manager the USB device is still shows as attached. If I 
> restart the VM with the attached USB device it gives me another error 
> "AssertionError: This is most likely a bug in the Qubes Manager" and the VM 
> is killed. (Note I did this with a DisposableVM). 
> 
> The above happens even if I attach and then immediately detach the USB block 
> device.
> 
> After plugging in the USB flash drive to my laptop, but not attaching it to 
> any VM the USB flash drive is visible to sys-net with "fdisk -l", but 
> mounting fails with "wrong fs type" even though I mount it with "-t vfat" and 
> fdisk shows the USB flash drive is FAT32. If I attache the USB flash drive to 
> any other VM "fdisk -l" does not show any attached flash drive.
> 
> I am currently in China, so I cannot reach google with the laptop running 
> Qubes until I get a socks proxy set up and tor is block in China (any bridges 
> I have tried are quickly blocked).
> 
> Any help would be helpful. Let me know what logs would be useful to post (I 
> am still very new to Qubes).

ya I concur, just try deleting all sys-usb vms and then rerun  qubesctl 
top.enable qvm.sys-usb and just use that for your usb controller(s)

I had run into the same problem before trying to switch the controller to 
another usbvm.   didn't bother to do the strictset.  Although that was back in 
3.1 I thought things were supposed to be easier now.  I think we can add single 
usb devices to diff vms.  I haven't tried this. I hope soon will work for hvms 
as well if not yet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3a9a59d-d33e-44e2-bc4a-ff62ece063d1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How do I get past this critical error?

2016-11-30 Thread Joshua van den Hoven
Will do that. The size is 32gb and i will try a different ISO today

Op do 1 dec. 2016 om 05:10 schreef 

> On Wednesday, November 30, 2016 at 11:37:25 AM UTC-5, deadhun...@gmail.com
> wrote:
> > Hello,
> >
> > I am writing this from my secondary email adress.
> >
> > I have tried your sugestion and get through the check but now i get this
> >
> > Anaconda 23.19.10-4 exception report
> >
> > What can i try next?
>
> use another usb disk,  what size is yours?  Download another image.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAC1bhjy18FYq%2BO%3DXG_t0xtZGx7XEDuferVVOjZteE0vmbHu91Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Qubes 4.x and Librem 13

2016-11-30 Thread raahelps
On Saturday, November 26, 2016 at 3:44:49 AM UTC-5, Grzesiek Chodzicki wrote:
> W dniu sobota, 26 listopada 2016 03:06:06 UTC+1 użytkownik rspei...@gmail.com 
> napisał:
> > It seems that Purism has failed to follow through on its promise to provide 
> > open firmware (i.e coreboot) and overstated it's capability to provide a 
> > completely free firmware (i.e. libreboot). As a result, they have left many 
> > unhappy customers and/or prospective customers. I doubt that we will ever 
> > have libreboot on current/new Intel hardware.
> > 
> > Optimistically speaking, a truly open hardware ecosystem (i.e. Risc-V, 
> > OpenPower) will likely take ~3-10 years to become commercially viable. 
> > Considering the pragmatic approach that Qubes OS is taking, it would seem 
> > ideal to get the most secure and privacy-protecting hardware in the 
> > short-term until such time that we can have "truly" secure and 
> > privacy-protecting hardware in the long-term.
> > 
> > As Marek pointed out, the Librem 13 would work with Qubes OS 4.x and "may 
> > be somehow more secure with Coreboot (less places to hide some backdoor), 
> > but may be also less stable - depending how mature is Librem 13 support in 
> > Coreboot." As Grzesiek pointed out, waiting until 4.x to be released makes 
> > sense since "a better option might present itself". In addition, it would 
> > give Purism an opportunity to right a wrong.
> > 
> > That said, besides the Librem 13, I haven't seen nor heard of another 
> > laptop that provides hardware switches to disable camera/audio/wifi and 
> > components that do not require blobs (CPU excepted of course). Besides my 
> > Google Pixel LS Chromebook running linux, I'm unsure whether there is  a 
> > better option at this point.
> > 
> > Thanks,
> > Roberto
> 
> Don't get me wrong, I respect the idea the Purism guys had when they created 
> Librem. But the Librem 15 costs 1600$ for an 8GB of ram, dual core i7 and a 
> sata SSD. 32 GB of RAM are additional 530$. Total cost of the most pimped out 
> version is over 3400$. For half that money you can have the most pimped out 
> version of Thinkpad T560. High prices alienate the userbase and make it seem 
> like the privacy is a privilege of the rich.

so is healthy food unfortunately man...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9aa80b95-f071-4577-9ae7-35864547e2b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: custom kernel doesn't work installed in debian cloned template

2016-11-30 Thread raahelps
On Sunday, November 27, 2016 at 12:02:08 AM UTC-5, raah...@gmail.com wrote:
> I followed instructions to install pvgrub2-xen in dom0. Then in template vm 
> installed qubes-kernel-vm-support and grub2-common.  Then i installed the 
> distribution kernel from debian repos with apt-get (3.16).   then update-grub 
> and shutdown but It doesn't work right.  I eventually would like to be able 
> to compile my own kernel,  was hoping it would be easier with pvgrub support 
> but I think I must be missing something.
> 
> When I boot it after selecting pvgrub in kernel settings.   sudo xl console 
> sows it has booted fine but then is asking me for a login.  If I type root i 
> get root.   But I can't load any applications in the gui environment.  from 
> dom0 terminal or from the start menu on desktop. 
> 
> Thanks,
> Rich

module doens't seem to be installing.  I do  sudo dkms autoinstall -k 
3.16.0-4-amd64  but I don't get any output.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49b36418-dd4a-46d0-94de-dc14131e4c89%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] ANN: Split Browser (disposable Tor Browser, persistent bookmarks/logins)

2016-11-30 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-11-30 09:12, Rusty Bird wrote:
> "Everyone loves the Whonix approach of running Tor Browser and the tor
>  daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.
> 
>  Let's take it a step further and run Tor Browser (or other Firefox
>  versions) in a DisposableVM connecting through the tor VM (or through
>  any other NetVM/ProxyVM), while storing bookmarks and logins in a
>  persistent VM - with carefully restricted data flow.
> 
>  [...]

This looks extremely cool. Thanks, Rusty. Tracking potential
integration here:

https://github.com/QubesOS/qubes-issues/issues/2469

Also added to the community-developed feature tracker:

https://www.qubes-os.org/qubes-issues/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYP6vyAAoJENtN07w5UDAwmt0P+wQnb13rNf6aiFOmtCHJuB6N
cWRKh9hGGWHCzOUoxS90YAED+mM5S8NjbPJNe5s73B81pBBQY7Pt9/DN2cO3A6jB
wUtpE/01YhNaKYssnrqOamnbk8+w5hefeUeOfIW+CVzvAqAlkoUn+N9NSbSMjOT4
yDIgLnUDg7s38/EtSOiwPzr1rQmBSKAx3LzjqSzWAHRTQqQUXcgK6/XEuTevZcbF
CsXxOMzqCLB4CBg4ZosPuFyUDAhIZSKT93FDh2eq1LElmpAXbtFm+BhAY/+Xj27v
NxO0gINpWflTivi58hmL0lmh5oCx82xosW7A1Pe//0Dk8lHuNRk5OMGED3ZSY07B
kX1ffU/8pkzbQuBd+dOffU2C9XU1gBYPnMdEwUZ+AWFIpTPgjQb3ZhbCuPzuK1fG
aYa902S7oAW5M2E2WhU8u5s/SShXC2DjvELAFlWiEfPXnWOzkuwbLFmd9NGNTFj0
8q1iypp9f9JTCg7FbhUiD9Xxve1NxmOxBJPzjoC46s2K6ecSuDuztTcK5VaEtKcv
q9ayojyAEaZjqJwfki/+QBzwCS+QRY8olTF6gjJkcw7qEI2cAlM6F4M0VqGuhL1p
b/8UGIcSoxbirZvIqJwez6JWRF7oQ5iUuPZE4U4oQvS85+VVV3d3VMd7mil+uneT
j0xWYBuGr/87vNSAD8wZ
=WvEA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/550797f6-137a-ac1c-d7b7-c9b6ae96dbbb%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: can not upgrade from 3.1 to 3.2 missing dependancies

2016-11-30 Thread raahelps
On Monday, November 28, 2016 at 3:40:22 PM UTC-5, ludwig jaffe wrote:
> Hi, 
> I tried to tutorial at https://www.qubes-os.org/doc/upgrade-to-r3.2/  but it 
> did not work.
> The only thing, that works was to skip the problematic broken packages, but 
> this roughly just gave me new xen and kernel. 
> See the "logs".
> 
> So what to do, my system was not specially set-up. Just 3.1 on a dual core 
> core i5 laptop.
> 
> Cheers,
> 
> Ludwig

same thing happened to me twice.  I just make sure now to back up vms.  they 
restored no problem after a clean install last time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b29bf060-9493-448d-a5a8-ff1130009c96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How do I get past this critical error?

2016-11-30 Thread raahelps
On Wednesday, November 30, 2016 at 11:37:25 AM UTC-5, deadhun...@gmail.com 
wrote:
> Hello,
> 
> I am writing this from my secondary email adress.
> 
> I have tried your sugestion and get through the check but now i get this
> 
> Anaconda 23.19.10-4 exception report
> 
> What can i try next?

use another usb disk,  what size is yours?  Download another image.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f629d0f3-860c-4718-ab88-6ccf11b6654e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] whonix-gw keeps showing green update arrow.

2016-11-30 Thread raahelps
but it says nothing to do... for a while now.

plus I keep getting a dom0 update almost everday.  it usually doesn't install 
antyhing but about once a week it does, is this the usual now?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5dedad10-ddb7-408d-9556-ab33a080235b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: USB Scanner or Printer?

2016-11-30 Thread raahelps
On Wednesday, November 30, 2016 at 7:02:19 PM UTC-5, Loren Rogers wrote:
> What's the recommended way to handle scanners and printers? It
>   sounds like I'll need to go through a USB Qube, but I
> don't trust the closed-source drivers to run alongside my USB
> keyboard.
> 
> Will I need to assign a USB PCI device to a particular
>   printer-scanner Qube and have the others go through dom0?

most use network printer i believe cause easier to print to.  Printer is never 
considered secure or printing private.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cd15b8a-89ca-4480-a904-f1c8913b6505%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] anyone luck mounting an iphone 7?

2016-11-30 Thread raahelps
http://www.libimobiledevice.org/ according to here not listed.

is there any other ways to mount it? or transfer files to a qubes machine?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0bd9ef0d-e35e-4a28-ae57-b738234a3bd1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Massive performance improvement after disabling power management in the BIOS

2016-11-30 Thread Jeremy Rand
kotot...@gmail.com:
> Hello community,
> 
> I was wondering why one of my program was taking ~15 seconds to compile when 
> my colleague compiled it within ~3 seconds on his system. I know there are a 
> performance price to pay for the virtualisation but nonetheless. I was super 
> annoyed and I vaguely thinking about switching back to another distribution 
> but at the same time I was reading about DNS rebinding attacks and I really 
> wanted to stay on Qubes.
> 
> I gave a look at the BIOS settings, in the power management section. There 
> are options like "Maximize performance on AC" and also options for when the 
> laptop is on battery. I already had the "Maximize performance on AC" on. I 
> disabled the whole power management section. Performance are better! 
> 
> The program mentioned above now compiles in ~5 seconds. The whole systems 
> seems more responsive, Firefox and Youtube video (HTML5) seems also better. 
> The only drawback is that the laptop is definitively generating more heat 
> (and probably consuming more energy) but that's okay because I spend most of 
> the time connected to the AC.
> 
> Is there a bug somewhere in the kernel, in Xen or Qubes which prevent them to 
> properly use this BIOS power management system correctly?
> 
> Have other users experience something similar?
> 
> 
> When googling I found this article from VMWare with similar problems / 
> solutions
> 
> https://blogs.vmware.com/vsphere/2012/01/having-a-performance-problem-hard-to-resolve-have-you-checked-your-host-bios-lately.html

Hi, might I ask what manufacturer/model your laptop is?

-Jeremy


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c81cf4fb-869a-5baa-ba53-5cf5d7c10118%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


[qubes-users] Re: TemplateVM Best-Practices?

2016-11-30 Thread Loren Rogers

On 11/30/2016 09:14 AM, Daniel Moerner wrote:


On Wednesday, November 30, 2016 at 8:59:58 AM UTC-5, Loren Rogers wrote:

Hi all,

Are there any recommended strategies for creating and managing
TemplateVMs for regular users?

Speaking personally, I use four templates: (based on Debian 9)

base: For sys-*, vault, gpg, shopping, banking, etc.
office: Libreoffice, thunderbird extensions, latex. For work and personal VMs.
dev: Developer tools, compilers, etc. For dev VMs.
untrusted: Media software (vlc, etc.) as well as Chrome.

This lets me keep the individual templates to a more manageable size and 
prevents me from accidentally mixing up my workflow across VMs.

I would be open to using a more stripped-down base template but I'm not 
convinced it's worth it.
Thanks - it's really helpful to hear how others manage things. I'll give 
a similar setup a try.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22a3e0ee-ce10-85eb-627b-1bf82157a46a%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] USB Scanner or Printer?

2016-11-30 Thread Loren Rogers
What's the recommended way to handle scanners and printers? It sounds 
like I'll need to go through a USB Qube, but I don't trust the 
closed-source drivers to run alongside my USB keyboard 
.


Will I need to assign a USB PCI device to a particular printer-scanner 
Qube and have the others go through dom0?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/325260b5-ee4e-5b1c-f49e-d23c1a6ca0ed%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Announcement: Qubes OS Begins Commercialization and Community Funding Efforts

2016-11-30 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

Since the initial launch [01] of Qubes OS back in April 2010, work on Qubes
has been funded in several different ways.  Originally a pet project, it was
first supported by Invisible Things Lab [02] (ITL) out of the money we earned
on various R and consulting contracts. Later, we decided that we should try to
commercialize it. Our idea, back then, was to commercialize Windows AppVM
support.  Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought
we would offer Windows AppVM support under a proprietary license. Even though we
made a lot of progress on both the business and technical sides of this
endeavor, it ultimately failed.

Luckily, we got a helping hand from the Open Technology Fund [03] (OTF), which
has supported [04] the project for the past two years. While not a large
sum of money in itself, it did help us a lot, especially with all the work
necessary to improve Qubes' user interface, documentation, and outreach to new
communities.  Indeed, the (estimated) Qubes user base has grown [05]
significantly over that period. Thank you, OTF!

But Qubes is more than just a nice UI: it's an entirely new, complex system --
a system that aims to change the game of endpoint security. Consequently, it
requires expertise covering a wide spectrum of topics: from understanding
low-level aspects of hardware and firmware (and how they translate to the
security of a desktop system), to UI design, documentation writing, and
community outreach. Even if we consider only the "security research" aspect of
Qubes, this area alone easily scales beyond the capabilities of a single human
being.

In order to continue to deliver on its promise of strong desktop security, Qubes
must retain and expand its core team, and this requires substantial funding. At
this point, we believe the only realistic way to achieve this is through
commercialization, supplemented by community funding.


Commercialization
=

We're taking a different approach to commercialization this time.  Building on
the success of the recent Qubes 3.2 release, which has been praised by users for
its stability and overall usability, we will begin offering commercial editions
(licenses) of Qubes OS to corporate customers. We believe that the maturity of
Qubes, combined with its powerful new management stack [06], makes it ripe
for adoption by any corporation with significant security needs.

Commercial editions of Qubes OS will be customized to meet special corporate
requirements. For example, two features that might be particularly attractive to
corporate customers are (1) "locking down" dom0 in order to separate the user
and administrator roles and (2) integrating our local management stack with a
corporation's remote management infrastructure. These are both examples of
features that our developers are capable of implementing now, on Qubes 3.2.

We plan to partner with one to three corporate clients in order to run a pilot
program throughout the first half of 2017.  After it has been successfully
completed, we'll then widen our offer to more corporate customers and,
ultimately, to small business customers. Our main constraint is the scalability
required to cover each additional client. Hence, we plan to focus on larger
customers first.

Let there be no misunderstanding: Qubes OS will always remain open source. We
anticipate that the majority of our commercialization efforts will involve the
creation of custom Salt configurations, and perhaps writing a few additional
apps and integration code. In the event that any corporate features require
reworking the core Qubes code, that new code will remain open source.

We considered many other ways of attempting to commercialize Qubes before
arriving at this model. One possibility that some of our users have inquired
about is that we sell dedicated Qubes hardware (i.e. laptops). However, there
are a number of challenges here, both in terms of making the hardware
trustworthy enough to merit our "seal of approval", and from a business and
logistics perspective. For these reasons, we don't plan to pursue this option in
the immediate future.


Community funding
=

Unfortunately, the financial necessity of shifting our priorities to commercial
clients will mean that we have less time to work on features that benefit the
wider, security-minded open source community, which has been our focus for the
past seven years.  This deeply saddens us. (We all use Qubes on our personal
computers too!) However, the reality is that ITL can't afford to sustain the
open source development of Qubes for much longer. We're running out of time.

In an attempt to keep the open source development of Qubes going, we've teamed
up with Open Collective [07], which makes it easier to donate to the Qubes
project.  Now, in addition to our Bitcoin fund [08], we can also accept
donations via credit card. ITL will not benefit from of any of 

Re: Bluetooth locking (was Re: [qubes-users] safer typing in public places)

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 10:54:51PM +, Manuel Amador (Rudd-O) wrote:
> On 11/30/2016 04:18 AM, pixel fairy wrote:
> > has anyone here experimented with bluetooth locks? it seems like a lot of 
> > extra scary code to run in dom0, but i like the idea of auto shutdown if 
> > device loses range. or maybe after a timeout period of some trigger?thats 
> > another discussion. 
> 
> On your Bluetooth VM (usually a USBVM), run Blueproximity, and have
> Blueproximity invoke a custom /etc/qubes-rpc/pixelfairy.Lock service on
> dom0 which you will need to write yourself.  It's a one-liner service:
> 
> loginctl lock-sessions
> 
> To invoke it from the Bluetooth VM, you need to ask Blueproximity to run
> the command:
> 
> /usr/lib/qubes/qrexec-client-vm "$bluetoothvm" pixelfairy.Lock
> 
> Once you have given the Bluetooth VM permission ("yes to all") to invoke
> the locker, it should work automatically every time you walk away.
> 
> The reverse is also possible — you could have a similar service that
> unlocks the screen by running loginctl unlock-sessions.

But the later may be unwise - USB VM should be considered untrusted, so
giving it permission to unlock the computer doesn't look good. Unless
you take some measures to limit that ability. For example do some
challenge-response[1] with the device triggering the unlock operation,
so USB VM would not be able to do that without the device actually being
present (assuming that device is safe enough to not be cloned, and
resistant to proxy attacks etc.). But better don't do that.

[1] https://www.qubes-os.org/doc/yubi-key/

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYP2WYAAoJENuP0xzK19csbs4H/Aw4aVz/upAYoHv68WCxAnk/
NpUPPRyhiz51Kle695445LdwK7P4viqtzooL7YofVgDvbrrVYJyWBtyoWarRswsk
EKRGLUCM6KIboAd30rlFs3G/H+QTOb9EEbIhxO90dWnE88rBm/TGViXi4b9c9uVq
3q5OxKAs7l4iBfMONKVMexSjVP36hD4+/79xnYja6+QUCuCPXG26oYe/dBYNkgqD
+eXbDAvsy4vvw5do++S2HgI3n1cB08cp3tFuUgLOSCRdrD59O1f70WNgkMmBSHQc
gpqbuBTmfLYCxHQspku4gRdVFpE43VSB6YBAmoaY+m8z9DaeQE9hTFjAYN/4gmo=
=PkgG
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130234943.GB1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Bluetooth locking (was Re: [qubes-users] safer typing in public places)

2016-11-30 Thread Manuel Amador (Rudd-O)
On 11/30/2016 04:18 AM, pixel fairy wrote:
> has anyone here experimented with bluetooth locks? it seems like a lot of 
> extra scary code to run in dom0, but i like the idea of auto shutdown if 
> device loses range. or maybe after a timeout period of some trigger?thats 
> another discussion. 

On your Bluetooth VM (usually a USBVM), run Blueproximity, and have
Blueproximity invoke a custom /etc/qubes-rpc/pixelfairy.Lock service on
dom0 which you will need to write yourself.  It's a one-liner service:

loginctl lock-sessions

To invoke it from the Bluetooth VM, you need to ask Blueproximity to run
the command:

/usr/lib/qubes/qrexec-client-vm "$bluetoothvm" pixelfairy.Lock

Once you have given the Bluetooth VM permission ("yes to all") to invoke
the locker, it should work automatically every time you walk away.

The reverse is also possible — you could have a similar service that
unlocks the screen by running loginctl unlock-sessions.

-- 
Rudd-O
http://rudd-o.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd707267-d4c1-2a3c-a155-1d2cb89e850e%40rudd-o.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] sys-net will not start after windows installed as a templateHVM

2016-11-30 Thread stevemichaelphone
On Wednesday, November 30, 2016 at 3:47:01 PM UTC-6, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Wed, Nov 30, 2016 at 01:44:41PM -0800, steve wrote:
> > sys-net and sys-firewall were both running fine before I installed Win 7 
> > x64. qvm-start sys-net fails with the message:
> > ERROR: PCI device 01:00.0 does not exist (domain sys-net)
> > lspci confirms the device 01:00.0 does not in fact exist
> 
> Detach this device from sys-net using qvm-pci tool.
> Other question is how you've got non-existing device attached to sys-net
> in the first place...
Thanks that did the trick and I have no idea how 01:00.0 got attached to both 
sys-net and sys-firewall but both function now.
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/edba6c0d-4f1e-4f13-bdb6-89fa7049adc6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] sys-net will not start after windows installed as a templateHVM

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 01:44:41PM -0800, stevemichaelph...@gmail.com wrote:
> sys-net and sys-firewall were both running fine before I installed Win 7 x64. 
> qvm-start sys-net fails with the message:
> ERROR: PCI device 01:00.0 does not exist (domain sys-net)
> lspci confirms the device 01:00.0 does not in fact exist

Detach this device from sys-net using qvm-pci tool.
Other question is how you've got non-existing device attached to sys-net
in the first place...

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYP0jPAAoJENuP0xzK19csKJ4H/iriOPJuhKoVkdvLhdvreDF1
tAiAkav8a2Nzwjs55LT7vo001c3S3Y0IL+p/VNBPC4e73jwJDWDbMlglF2eUzIsX
sDO87Sv5jDKPyTEfuHzyXGbMGcQ33K2V01PfX0J9QLXDv0PV6g7lF/Ve9drdze6x
hEHwVhf2GxQFSSbQNopjZ3c5fL4N5k3wdgVDmy2r2QX4vCTx9DmOa+fALLPMr/zc
w2MN2Fm4DXEcbTLfJ1q3sG01zF1P4ZN06SRA+Z8RubANHsFTdHbEZVjgwxBBaB1J
e37Y/RiHo1yzQSB8Eq4JS1vdoRJ2ZGMaxT44GuwfS9ocbfiWv2wQR1XjaRdxSQI=
=rtTW
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130214654.GZ1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] sys-net will not start after windows installed as a templateHVM

2016-11-30 Thread stevemichaelphone
sys-net and sys-firewall were both running fine before I installed Win 7 x64. 
qvm-start sys-net fails with the message:
ERROR: PCI device 01:00.0 does not exist (domain sys-net)
lspci confirms the device 01:00.0 does not in fact exist

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26856b16-670f-469d-bb5b-8a7afd338d01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 11:54:42PM +0300, Eva Star wrote:
> On 11/30/2016 11:48 PM, Marek Marczykowski-Górecki wrote:
> 
> > Yes, most likely - if you have two partitions (possibly on different
> > disks) with the same UUID, the first detected will be used.
> 
> Why (GRUB?) first detect second drive, and not search on the drive where
> grub installed?

That's the question to grub gurus. Take a look at its config - there is
"search ... --set=root some-uuid" line. This line have --hint options
(at least in my case), so it should be ok - at least in theory.
If you changed the order of disks (according to BIOS, or maybe physical
connection), that --hint option may still refer to your old disk. Same
applies to BIOS.

Then, Linux kernel will detect disks again, and initramfs will search
for the right UUID. And at this point I think it's purely about order of
detection.

> Fixing UUID will not help( It will, but up to next full backup (clone).
> 
> p.s. Is it already own qubes buckups fixed? I'm about not strong crypto
> function of own qubes buckups.

https://github.com/QubesOS/qubes-issues/issues/971
This one? For Qubes 4.0 - yes, but the fix change backup format, so it
isn't feasible for backporting.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYP0EgAAoJENuP0xzK19csDfcH/ihyB9eGuOucX7OtOWdPiuAH
SMACNImy4Apv5dL/+vxnIzpV6KWD8+nHtI2dT1op+xEJnHQGXD1LAzFGkFTIB2Vh
tSTpRwcotlrGGYYbqtGxZoy8XgtISVm3WYEXsXHlWVFYSEX2KnhFSELdO4mY1E+U
jnOTnJLgMAxq0Njm8B7fQWGkgBjLdclzEhFHutDQdzUqxkiqoJlRnuSG9zNMC7UN
rLkYrkjIdTEaXuudXbB683fJedwRLwmOSiD89nuWhPwIDlU0H+MWbI/T883z1wJL
ZEO47QwMWA7BJWFbwj8JvtXWV3rsYxWZa0qjVOZKUuwHpNDnQlUoAqVxbeiWMTo=
=1/Kv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130211407.GX1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] PAM errors after disabling password-less root

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 02:44:17PM -0500, Chris Laprise wrote:
> On 11/28/2016 05:27 PM, Patrick Schleizer wrote:
> > Probably related issues:
> > - https://github.com/QubesOS/qubes-doc/pull/176
> > - https://github.com/QubesOS/qubes-doc/pull/228
> > 
> > Which lead to some changes to https://www.qubes-os.org/doc/vm-sudo/
> > [which was reported to work now] (and the qubes-whonix package).
> > 
> > I may not work much on this issue however due to Qubes project policy,
> > explained in detail here:
> > https://github.com/QubesOS/qubes-doc/pull/176#issuecomment-242894132
> > 
> > Btw I almost missed this mail. As of now, best way to get my attention
> > btw is adding my e-mail address adrela...@riseup.net or adding Whonix to
> > the subject. Otherwise I cannot monitor / read all on this kinda high
> > traffic mailing list.
> > 
> > Cheers,
> > Patrick
> > 
> 
> I'm having one remaining issue after restricting root in the templates...
> 
> dom0 is logging tons of PAM 'audit' messages which makes the log very noisy.
> I think the auth requests are originating from dom0. I'd like to find a way
> to squelch them.

It's a "feature" of systemd-journald:
https://github.com/systemd/systemd/issues/959

In short: add "audit=0" to VM kernel command options, or run "auditd -s
disable". Personally I have "auditd -s disable" in /rw/config/rc.local
in some (most?) VMs.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYPzypAAoJENuP0xzK19csgcQH/33ad5ho12qjUhzxI4j+1CJE
H6h+MdQXbKdgM+oYxyTsK8ET9x5ybrhkpPjnADyZP9SNcyb+IH2pI9FGZhtLpdph
5959inOLysYi1tiO/hYcUElKNQzjNFrGFBvlVNu4L25WSJT/hxueGNCDWrjF+fC6
bDO/tKt8ilCajCDnAijTp37Sk6kPIiFX+eMDafpgjli7SDhzALPo/ypc3KcCfow9
BQ19bW4WIYTOC4XTZWUDvffLvTtVZPBoHLXmW/g90GgOZXRTHeSCqLUJDi4qYbZ/
wzcFapVS02Jc5IvdfHzGwNqYj1ZAbEqAk+KnPqwJHFRjpaWpsXCm1wOrYcJvNJc=
=6dXl
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130205504.GW1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

On 11/30/2016 11:48 PM, Marek Marczykowski-Górecki wrote:


Yes, most likely - if you have two partitions (possibly on different
disks) with the same UUID, the first detected will be used.


Why (GRUB?) first detect second drive, and not search on the drive where 
grub installed?

Fixing UUID will not help( It will, but up to next full backup (clone).

p.s. Is it already own qubes buckups fixed? I'm about not strong crypto 
function of own qubes buckups.


--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b36f1768-eae2-f346-b1ba-7e0e3765a04e%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 11:31:17PM +0300, Eva Star wrote:
> 
> > Not long after I first installed Qubes my BIOS was reporting the drives 
> > incorrectly in the boot section. I solved it by re-ordering the way the 
> > drives were connected to the motherboard.
> 
> Seems it's report them correctly (other name of the drive and it also report
> port number), but if secondary old ssd connected and I trying to boot with
> new one, it use /boot from newSDD, but then the system work from oldSSD.
> Maybe crypsetup mount old partition. Maybe because old and new cloned
> cryptsetup partitions have the same id...

Yes, most likely - if you have two partitions (possibly on different
disks) with the same UUID, the first detected will be used.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYPzs8AAoJENuP0xzK19csHrYIAJLrTh+vQ43TB+Nfy9JOYs8v
Yc1YpIx0HiL2XV8JWfmTJ21un7Y4YoKfZ+WsznY5Nchl2GuGoB7jN5E7pqOddAbP
mz5Gdwf7rICud7AB8rk0niwZw8OxUhWrQkhLkXWxnRLII3kcWL4zYNmRSRhLmNyN
5rYoFneZCrRkDwfsN9PUutXc1Pedlq05+lm+LMNQ2W+/ZWC6OKu9Q7FDJA35LYbd
/BqEWmIhTLqQ+Z7X57OE+6deAcdDl0GjrCiDR2co6BpK5feS4A9bOGJf3MKA64ZV
JqEAeANeqg6uokLn1H0jZZa9nEn8FrD93gW/hHh+118wlXfCUrSxICcCzvFVGxo=
=PjIp
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130204859.GV1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread alfhind
On Wednesday, November 30, 2016 at 8:00:48 PM UTC, Eva Star wrote:
> On 11/30/2016 10:36 PM, Marek Marczykowski-Górecki wrote:
> 
> > On Wed, Nov 30, 2016 at 10:24:39PM +0300, Eva Star wrote:
> >> On 11/30/2016 10:11 PM, Marek Marczykowski-Górecki wrote:
> >>
> >>> Are you using AEM, or have /boot on some external device (not plugged in
> >>> during update)?
> >>>
> >>
> >> https://i.imgur.com/fhZ5mx3.png
> >> Check this, please.. It say installed on the system (Success). But nothing
> >> after reboot.
> >
> > What files do you have in /boot? What version(s) of xen-hypervisor
> > package (rpm -qa xen-hypervisor)?
> >
> 
> I reboot again and disconnect all my drives. And seems I found the 
> problem with your help. For some reason when I choose my new drive to 
> boot (from BIOS) then it forward boot process to old drive. It's look 
> like I'm still on old drive :-/ Does not know why it happens and why it 
> redirect boot process automatically to /boot from old connected drive, 
> when I choose to use NEW at BIOS...
> 
> Why it do this strange thing?
> 
> I will clone my drive again... is it only one way to disconnect my 
> buckup drive? Or how to say the system to boot from new drive and do not 
> touch old /boot on the second drive?
> 
> I think I found the problem. When I choose
> 
> -- 
> Regards

Not long after I first installed Qubes my BIOS was reporting the drives 
incorrectly in the boot section. I solved it by re-ordering the way the drives 
were connected to the motherboard.

Regards,
Alf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b2370f37-5485-41f7-bbe7-f9bd8abd9d66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

On 11/30/2016 10:36 PM, Marek Marczykowski-Górecki wrote:


On Wed, Nov 30, 2016 at 10:24:39PM +0300, Eva Star wrote:

On 11/30/2016 10:11 PM, Marek Marczykowski-Górecki wrote:


Are you using AEM, or have /boot on some external device (not plugged in
during update)?



https://i.imgur.com/fhZ5mx3.png
Check this, please.. It say installed on the system (Success). But nothing
after reboot.


What files do you have in /boot? What version(s) of xen-hypervisor
package (rpm -qa xen-hypervisor)?



I reboot again and disconnect all my drives. And seems I found the 
problem with your help. For some reason when I choose my new drive to 
boot (from BIOS) then it forward boot process to old drive. It's look 
like I'm still on old drive :-/ Does not know why it happens and why it 
redirect boot process automatically to /boot from old connected drive, 
when I choose to use NEW at BIOS...


Why it do this strange thing?

I will clone my drive again... is it only one way to disconnect my 
buckup drive? Or how to say the system to boot from new drive and do not 
touch old /boot on the second drive?


I think I found the problem. When I choose

--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20fe5533-0a37-fe4f-ea22-2563403da833%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] PAM errors after disabling password-less root

2016-11-30 Thread Chris Laprise

On 11/28/2016 05:27 PM, Patrick Schleizer wrote:

Probably related issues:
- https://github.com/QubesOS/qubes-doc/pull/176
- https://github.com/QubesOS/qubes-doc/pull/228

Which lead to some changes to https://www.qubes-os.org/doc/vm-sudo/
[which was reported to work now] (and the qubes-whonix package).

I may not work much on this issue however due to Qubes project policy,
explained in detail here:
https://github.com/QubesOS/qubes-doc/pull/176#issuecomment-242894132

Btw I almost missed this mail. As of now, best way to get my attention
btw is adding my e-mail address adrela...@riseup.net or adding Whonix to
the subject. Otherwise I cannot monitor / read all on this kinda high
traffic mailing list.

Cheers,
Patrick



I'm having one remaining issue after restricting root in the templates...

dom0 is logging tons of PAM 'audit' messages which makes the log very 
noisy. I think the auth requests are originating from dom0. I'd like to 
find a way to squelch them.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/302796f6-8a43-96c3-4663-77b7f0e409d4%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] safer typing in public places

2016-11-30 Thread pixel fairy
On Wednesday, November 30, 2016 at 2:26:30 PM UTC-5, Foppe de Haan wrote:
> why not just learn a new keyboard layout, like colemak/workman/norman? Seems 
> less of a hassle, besides being beneficial from a speed/ergonomics 
> perspective.

the same methods of video (and audio) analysis would still apply. 

this isnt much hassle unless you do sensitive work in public places. otherwise, 
you only need the lid down long enough to type your screen saver password. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97c9d5ee-3fa9-4b7d-81c9-f453ec9bc042%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

On 11/30/2016 10:36 PM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 10:24:39PM +0300, Eva Star wrote:

On 11/30/2016 10:11 PM, Marek Marczykowski-Górecki wrote:


Are you using AEM, or have /boot on some external device (not plugged in
during update)?



https://i.imgur.com/fhZ5mx3.png
Check this, please.. It say installed on the system (Success). But nothing
after reboot.


What files do you have in /boot? What version(s) of xen-hypervisor
package (rpm -qa xen-hypervisor)?



files:
https://i.imgur.com/qLQuVOF.png

xen-hepyrvisor-4.6.3.-24.fc23
https://i.imgur.com/QuEspcJ.png

--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42e892c6-d22d-d6a3-7a0f-6dfdd1450954%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 10:24:39PM +0300, Eva Star wrote:
> On 11/30/2016 10:11 PM, Marek Marczykowski-Górecki wrote:
> 
> > Are you using AEM, or have /boot on some external device (not plugged in
> > during update)?
> > 
> 
> https://i.imgur.com/fhZ5mx3.png
> Check this, please.. It say installed on the system (Success). But nothing
> after reboot.

What files do you have in /boot? What version(s) of xen-hypervisor
package (rpm -qa xen-hypervisor)?

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYPyo1AAoJENuP0xzK19csnk0IAJBxss8VYwhLMwfl5Q7ESAxD
+/1rKn/nHmKWhvP9LuTYIPlwc+H5LFeg/hhEPLyvHszF6CEa62lcjVBaeLZVjzs+
cytabY9JriA8lZk6jWBvNhkdm8bTbK1MJtk5Vm4HJqDQKn3pSsOYf/MXr1Z2sxQd
iq/5lr/4xknWB8/KB/mpyo7FyqszVxHLKphTfwEL1l2YgoinRKGtqLfhJvy0dT5l
eYaZXkkIqLWt3ys4ZbsoXoCrQJXDWmkr8FHdbzUyQPzOpmMHXfe4d370FX8vKFfx
AgZr5AV7WEFNtNVevzEQnN8q+NsUuuWefKTaKyaUl+bRlol2BJzq87eLwkfXrKo=
=+8hn
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130193620.GU1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] ANN: Split Browser (disposable Tor Browser, persistent bookmarks/logins)

2016-11-30 Thread Chris Laprise

On 11/30/2016 12:12 PM, Rusty Bird wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

"Everyone loves the Whonix approach of running Tor Browser and the tor
  daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.

  Let's take it a step further and run Tor Browser (or other Firefox
  versions) in a DisposableVM connecting through the tor VM (or through
  any other NetVM/ProxyVM), while storing bookmarks and logins in a
  persistent VM - with carefully restricted data flow.

  In this setup, the DisposableVM's browser can send various requests to
  the persistent VM:

- Bookmark the current page
- Let the user choose a bookmark to load
- Let the user authorize logging into the current page

  But if the browser gets exploited, it won't be able to read all your
  bookmarks or login credentials and send them to the attacker. And you
  can restart the browser DisposableVM frequently (which shouldn't take
  more than 10-15 seconds) to 'shake off' such an attack."

... continued at https://github.com/rustybird/qubes-split-browser

Rusty


This looks very interesting... will be trying it our soon. Thanks!

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6714e65-091a-5e4f-cd8c-95f10eabe92b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Q3.1 fedora-24-minimal template - dom0 update problem

2016-11-30 Thread 'Vincent Adultman' via qubes-users
Oh. Or install yum in fedora24 template. Nvm then.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/itNy01G7fEK-bIChUc1ucqh0H3niON9JFO_3o4BiuVGmGyrhF4aNRiUe5P_Y1EvATAix_6tujs8KZ8KNOHJzvm-0UMPTY4TudzAaCub8jsQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Q3.1 fedora-24-minimal template - dom0 update problem

2016-11-30 Thread 'Vincent Adultman' via qubes-users
Hi all

Having installed the necessary packages (at least per website doc) and assigned 
fedora-24-minimal to sys-firewall dom0 complains on update that yum / 
yumdownloader command cannot be found on the sys-firewall (which I guess is 
correct on fedora-24?).

I guess Yum= should be dnf in qubes-download-dom0-updates.sh? Not really looked 
at how this works before

Thanks in advance

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/z5f70DMyvO_7iiOGyRbeZsc2MnWwVN9pwGP4in7V78oPzEJDiTX4rKwW27od6SAIUQoMQDO_TPdgupjh7D8kJmHLaEBZ2xeI070f-i5lEGo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

On 11/30/2016 10:11 PM, Marek Marczykowski-Górecki wrote:


Are you using AEM, or have /boot on some external device (not plugged in
during update)?



https://i.imgur.com/fhZ5mx3.png
Check this, please.. It say installed on the system (Success). But 
nothing after reboot.


--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5c98ddb-cf41-669b-4ad2-ae715c5b3f72%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

On 11/30/2016 10:11 PM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 09:23:45PM +0300, Eva Star wrote:

On 11/30/2016 09:09 PM, Marek Marczykowski-Górecki wrote:



On Wed, Nov 30, 2016 at 09:07:39PM +0300, Eva Star wrote:

1)
I installed Xen 4.6.3 update ( I saw them on the update lisk of
qubes-dom0-update).
After reboot I'm still on Xen 4.6.1-20.fc23
Seems update failed.
Now, qubes-dom0-update say that "Nothing to do"


Are you booting using EFI, or legacy mode?


Legacy mode (99%)


Are you using AEM, or have /boot on some external device (not plugged in
during update)?
No (for two questions). Default installation. I re-check. I was at "UEFI 
or Legacy" mode on the BIOS, but it was working at legacy. Now, I switch 
it to Legacy Only. It does not change something.


I have SDD clone of my Qubes on the system. (I do not disconnect it 
after move to new SDD). But this second disk only connected. I do not 
use /boot on it. Now, I disconnected it and rebooted.







--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a7cf11e-e487-24c4-470a-9b094c4156f5%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 09:23:45PM +0300, Eva Star wrote:
> On 11/30/2016 09:09 PM, Marek Marczykowski-Górecki wrote:
> 
> 
> > On Wed, Nov 30, 2016 at 09:07:39PM +0300, Eva Star wrote:
> > > 1)
> > > I installed Xen 4.6.3 update ( I saw them on the update lisk of
> > > qubes-dom0-update).
> > > After reboot I'm still on Xen 4.6.1-20.fc23
> > > Seems update failed.
> > > Now, qubes-dom0-update say that "Nothing to do"
> > 
> > Are you booting using EFI, or legacy mode?
> 
> Legacy mode (99%)

Are you using AEM, or have /boot on some external device (not plugged in
during update)?

> > > 2) Time to time when "qubes-dom0-update" say "Checking for dom0 updates"
> > > it's not possible at other VMs use internet. Seems something with 
> > > priorities
> > > at sys-firewall...
> > 
> > What exactly do you mean?
> 
> I mean that I can not open any page at Firefox when "update" running.
> Firefox give me "Unresponsive" message.

I have no idea how those two could interact... update process change
exactly nothing in network configuration.

> Maybe issue related to 2/3 of VMs randomly lose network.
> My VMs also lose network time to time and I found that it's correlate to
> updates checking... Maybe I'm wrong.

That would be more likely. But still no idea what happens there.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYPyR/AAoJENuP0xzK19csMoUH/R1bIcPeJ0kpfuiez46XQ2Gt
3PovPvR2DQeiWhrQ1sgR3CLAsvMBQtddxruxM0Aw7zyuuz+vQA1SGj+wiia27d0f
tWALFxZ5/7MeDbmkX0Z+a5TshfdBdR3zqZuxxxNwSfdH/DPsFM4TBauIcBzVoOA7
4ItGu5cNqVTnHjoXb4lhTIVZtvhZfsZsU9OKAUcP/F8g37VMVjcodLuLISqV0LFF
fkxFtTph+JKgDqFj1YS9PAQgKEeK23ShVmpMXIW0JdrOVpRzH5D5MZKr5b6gR28Q
qmhCJsuud86CCM4JNNe+5p8iLKGUwv6y7m6UF31NSz/cS2Plg2gRsfiHkTa9BTQ=
=CDb5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130191158.GT1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread David Hobach

On 11/30/2016 08:09 AM, Swâmi Petaramesh wrote:

Hello,

I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP
ProBook 6470b.

Anti-evil-maid is installed to HD /boot per instructions, TPM is
protected by a password, and I use a "secret" image instead of text.

So far everything seemed to work.

However this morning I had a Xen upgrade in dom0, and, as documented, I
was expecting it to break my AEM secret image display at next reboot.

So after upgrading Xen in dom0 I rebooted the system and... nothing
special hapenned. AEM displayed my "secret" image as usual, without any
unusual behaviour or warning whatsoever.

So I wonder : Is AEM actually working on my system ?


Apparently not.

I made the same experience in the past and couldn't identify the root 
cause neither (I tested most of the stuff mentioned before).


My old thread:
https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-users/xNIiSyJQD0E#!topic/qubes-users/xNIiSyJQD0E
https://sourceforge.net/p/trousers/mailman/message/34257631/

I'm also not sure about whether or not to trust the Chinese no-name 
manufacturer... Maybe the TPM just reports everything as valid? At least 
sounds like a simple implementation that doesn't get noticed 99% of the 
time.


But if you find anything I'd be interested.

In total I'd though say that physical security is a _much better_ 
counter-measure than TPM usage for AEM scenarios (as long as you're 
using Qubes and not some monolithic OS). So what about a locked case for 
your laptop, maybe even with some noisy alarm if not opened correctly? ;-)

Or just always carry it with you...
Also helps against hardware attacks. Okay they can still knock you out, 
but if it has gone that far, you'll have some different problems anyway.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/355b31a0-c677-d3f6-a42c-34cd16855148%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

On 11/30/2016 09:09 PM, Marek Marczykowski-Górecki wrote:



On Wed, Nov 30, 2016 at 09:07:39PM +0300, Eva Star wrote:

1)
I installed Xen 4.6.3 update ( I saw them on the update lisk of
qubes-dom0-update).
After reboot I'm still on Xen 4.6.1-20.fc23
Seems update failed.
Now, qubes-dom0-update say that "Nothing to do"


Are you booting using EFI, or legacy mode?


Legacy mode (99%)





2) Time to time when "qubes-dom0-update" say "Checking for dom0 updates"
it's not possible at other VMs use internet. Seems something with priorities
at sys-firewall...


What exactly do you mean?


I mean that I can not open any page at Firefox when "update" running. 
Firefox give me "Unresponsive" message.

Maybe issue related to 2/3 of VMs randomly lose network.
My VMs also lose network time to time and I found that it's correlate to 
updates checking... Maybe I'm wrong.



--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a530dc86-ca63-947a-61ca-14e64a4b3a49%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal

2016-11-30 Thread Eva Star

On 11/27/2016 02:04 AM, Marek Marczykowski-Górecki wrote:


Do you see some correlation with:
 - starting/stopping another VM?
 - affected VMs have or not firewall rules?

Also, check if restarting qubes-firewall service in sys-firewall helps
(and check it status first).



Seems I have the same issue! (Maybe) I think it's correlate with 
CHECKING UPDATES on dom0 or templates. When Qubes do that check - other 
VM still not responsive. I wrote about this at the Xen 4.6.3 thread.



--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77e7608c-1f08-0e11-b4e1-cb6fc676aa15%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Wed, Nov 30, 2016 at 09:07:39PM +0300, Eva Star wrote:
> 1)
> I installed Xen 4.6.3 update ( I saw them on the update lisk of
> qubes-dom0-update).
> After reboot I'm still on Xen 4.6.1-20.fc23
> Seems update failed.
> Now, qubes-dom0-update say that "Nothing to do"

Are you booting using EFI, or legacy mode?

> 2) Time to time when "qubes-dom0-update" say "Checking for dom0 updates"
> it's not possible at other VMs use internet. Seems something with priorities
> at sys-firewall...

What exactly do you mean?

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYPxXPAAoJENuP0xzK19cs1b4H/3Jz66sembarJnM7GMj72pna
G+xvA/6XIAXksn4lo/3xoWdpfDxar4kKlCr0P97xHGjh2LcTCnIC1v4GMCRTBGbt
bVT+530ki5PBA8R+iFNVFs517t49WBRUHI0M3Mxrg4S1K8Ikhj17AtBc3PtjVj9h
BuybVohTvHSGKEP2GJI8EX7YyjOLO3li8xqJ2s1cYwlokLHgZvJVA2YETIW0x7g/
1Hg4iPHgiahj+7UqdjHofU///KTFxnlzvlPIprbQ0kZbRUEEe0nV/V9faDkaRk/9
0+N85RZVpI6ja9i8dayw/zfL0sTZtFdNI//SdWgg9RrcrnMfgptOjtjsEnDiPPk=
=rO41
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130180918.GS1145%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] [3.2, bugs] Xen 4.6.3 seems failed

2016-11-30 Thread Eva Star

1)
I installed Xen 4.6.3 update ( I saw them on the update lisk of 
qubes-dom0-update).

After reboot I'm still on Xen 4.6.1-20.fc23
Seems update failed.
Now, qubes-dom0-update say that "Nothing to do"


2) Time to time when "qubes-dom0-update" say "Checking for dom0 updates" 
it's not possible at other VMs use internet. Seems something with 
priorities at sys-firewall...


--
Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ec9f7b7-07a9-3702-4e41-b23d2260df24%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] safer typing in public places

2016-11-30 Thread Andrew
Jean-Philippe Ouellet:
> On Tue, Nov 29, 2016 at 11:18 PM, pixel fairy  wrote:
>> has anyone here experimented with bluetooth locks? it seems like a lot of 
>> extra scary code to run in dom0, but i like the idea of auto shutdown if 
>> device loses range. or maybe after a timeout period of some trigger?thats 
>> another discussion.
> 
> Does not need to be dom0! (nor do I believe should it be!)
> 
> You may pass your bluetooth device to another VM (via PCI) and use a
> trivial qrexec service in dom0 to trigger the shutdown.
> 

Hi,

I've already packaged a Bluetooth dead man's switch with just such an
architecture as you describe, keeping (nasty) BlueZ in a domU.  Please
note that I've made no progress on the improvements (I'll get there,
eventually... feel free to improve it yourself!).

See: https://groups.google.com/forum/#!topic/qubes-users/ZG9SK48pl0I

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/827c4fb1-f42d-e1b0-a0ed-6aa155a7af5e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How do I get Qubes 4.0 pre-release/dev build?

2016-11-30 Thread Jean-Philippe Ouellet
On Wed, Nov 30, 2016 at 11:49 AM,   wrote:
> Can someone tell me where I can get the files? Any tips or hints when it 
> comes to running the latest build?

I am not aware of any publicly-available full "development builds",
however qubes-builder[1] makes it very easy to build them yourself..

[1]: https://www.qubes-os.org/doc/qubes-builder/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_D0CnKRVkDtYVug1JUBDJCoeKZ8EbdxFH1Cx1QqXT%3DVSA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] ANN: Split Browser (disposable Tor Browser, persistent bookmarks/logins)

2016-11-30 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

"Everyone loves the Whonix approach of running Tor Browser and the tor
 daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix.

 Let's take it a step further and run Tor Browser (or other Firefox
 versions) in a DisposableVM connecting through the tor VM (or through
 any other NetVM/ProxyVM), while storing bookmarks and logins in a
 persistent VM - with carefully restricted data flow.

 In this setup, the DisposableVM's browser can send various requests to
 the persistent VM:

   - Bookmark the current page
   - Let the user choose a bookmark to load
   - Let the user authorize logging into the current page

 But if the browser gets exploited, it won't be able to read all your
 bookmarks or login credentials and send them to the attacker. And you
 can restart the browser DisposableVM frequently (which shouldn't take
 more than 10-15 seconds) to 'shake off' such an attack."

... continued at https://github.com/rustybird/qubes-split-browser

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYPwiVXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfz40P/iunQJo+8jsG1XrM+nlB66Bd
D7y/fZnx8MhZi28058XvQzlyEqEIZz9T/rzbXuB67ERHkWHoHuYaYufeMG7fCrRz
wTpAwX+5F4N50Cfbleq0EDYnGgdey83k7e4QqYV6mgBU/vBNLYIi8gSl0Jld9by2
/q6XP1ywGmD/qg7Quf94tgEGHPsg1CssiX6TjgcUynsC37ouChB5XLwsNJ6c72Xf
YktYd+KqXfX7kCt1B1EgMa1udjvybeS4oLCh4UEC+X3bcQaaN3c5PXc3lphdzkbv
Xa4qP/6sDt/Vb216zR8xuRa6TORs7YEM3Bz19ydSwcHpL2vQzwAhsajczmkW0F38
n0BSEerpyB9pOhAEL7lETqoYe8fEBJBF/h5oy7dFf5yTp5gAp4EIs4eOsxHOxwjG
nJAxlYZ8gBmXg00Ed8o5AlKhBY3X1vY8wE3e54p7jXcdDaaHKOfIpafCfhhaM8CF
aiCZWk6lzU3ptyzsXsCv8bESQvoDNRiKPQP4z5d5NiCTxb6kWxwhM/NTn7MfA8oq
aqQwC/uuHpnHzzdv9PMSFDdeuKIIodYSzFm9FutDsXg6VyCX/04KurMjDZJF4lTL
PnS3S/sP7meIMvs4xPOUXjN7HMhT7spxKAYOfOYgA+UYpvTz/gNFdNY0MZW1HCkv
d5Oaet39i+NGXvDLwCo3
=dZiz
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130171254.GA6811%40mutt.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] How do I get Qubes 4.0 pre-release/dev build?

2016-11-30 Thread bentvader
Hi, 

I've been using Qubes-OS since R2, and I would like to start using the 
development build so I can try and do some testing for some unikernel and 
mirage-based security stuff I want to implement.

Can someone tell me where I can get the files? Any tips or hints when it comes 
to running the latest build? 

Hope someon can help me get it.

P.S.
How long before the first rc will be released? This shouldnt be much longer 
right? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7049946d-083f-401b-ae48-9f0ccfe13f1e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How do I get past this critical error?

2016-11-30 Thread deadhunter1995
Hello,

I am writing this from my secondary email adress.

I have tried your sugestion and get through the check but now i get this

Anaconda 23.19.10-4 exception report

What can i try next?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e799f201-18b6-4a01-bfd5-8b8ba38dea21%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to install Win 7 x64 from a USB stick

2016-11-30 Thread stevemichaelphone
On Wednesday, November 30, 2016 at 7:45:48 AM UTC-6, Grzesiek Chodzicki wrote:
> W dniu środa, 30 listopada 2016 14:35:32 UTC+1 użytkownik 
> stevemic...@gmail.com napisał:
> > On Wednesday, November 30, 2016 at 7:19:41 AM UTC-6, stevemic...@gmail.com 
> > wrote:
> > > On Tuesday, November 29, 2016 at 11:07:05 PM UTC-6, Grzesiek Chodzicki 
> > > wrote:
> > > > W dniu środa, 30 listopada 2016 04:26:19 UTC+1 użytkownik 
> > > > stevemic...@gmail.com napisał:
> > > > > On Tuesday, November 29, 2016 at 9:07:08 PM UTC-6, Jean-Philippe 
> > > > > Ouellet wrote:
> > > > > > It may make more sense to use qvm-block than qvm-usb here. Should in
> > > > > > theory have a smaller attack surface and expose better-tested code
> > > > > > paths.
> > > > > 
> > > > > I must be missing something really basic that, as a noob, I don't 
> > > > > understand.
> > > > > The command qvm-block -a Win7 dom0:sdb returns
> > > > > ERROR: VM Win7 not running.
> > > > > 
> > > > > This seems like a catch 22 since I can't start the VM because there's 
> > > > > no bootable file system yet nor can I attach a device to a not 
> > > > > running VM.
> > > > 
> > > > Don't use qvm-block, use --drive argument for the qvm-start command 
> > > > instead.
> > > > qvm-start Win7 --drive=/path/to/usb/drive
> > > 
> > > qvm-start Win7 --drive=/dev/sdb1 
> > > Starting NetVM sys-firewall
> > > Starting NetVM sys-net
> > > Creating volatile image :/var/liv/qubes/servicevms/sys-net/volatile.img
> > > Loading the VM (type=NetVM)
> > > ERROR: PCI device 01:00.0 does not exist (domain sys-net)
> > > 
> > > We're making progress!
> > 
> > Other notes: 
> > qvm-start Win7 --drive=/dev/sdb produces the same result as does qvm-start 
> > Win7 --cdrom=/dev/cdrom
> > 
> > Fedora-23 is the template for sys-net
> 
> Can you check what type of the device is it? You can do that using the 
> following command (in dom0 terminal):
> lspci|grep 01:00.0
nothing found
> 
> Also, this part here is interesting:
> > > Loading the VM (type=NetVM)
> 
> It seems that your windows-7 vm is of NetVM type and not of the 
> HVM/TemplateHVM type. Remove it and then create a new VM of HVM Standalone or 
> HVM Template type. Then start it again using the --drive or --cdrom argument
>From VM Manager, General type is TemplateHVM, NetVM was sys-firewall. I 
>changed the NetVM to none and the CD now boots but hangs at the Starting 
>Windows screen. 
The fix for that problem is at:
https://groups.google.com/forum/#!topic/qubes-users/2q19jFeTFGk in case someone 
finds this thread in a search.
Thanks so much for your help!!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22ef1e8c-8942-4519-980e-e4f3004a10dd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Swâmi Petaramesh:
> So after upgrading Xen in dom0 I rebooted the system and... nothing
> special hapenned. AEM displayed my "secret" image as usual, without any
> unusual behaviour or warning whatsoever.

Some things you can check:

Is the SINIT module working? Run the "find" command from step 2b of
/usr/share/doc/anti-evil-maid/README, but look at the lines for PCRs
17, 18, and 19 instead: They should have very random-looking values.

Is AEM sealing to the right registers? If you run the command
"source /etc/anti-evil-maid.conf; echo $SEAL" in dom0, it should print
"--pcr 13 --pcr 17 --pcr 18 --pcr 19".

Did the unsealed image somehow end up in the wrong place? The file
/usr/share/plymouth/themes/qubes-dark/antievilmaid_secret.png should
*not* exist in dom0.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJYPt9+XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf0fUP/2gkPIN1SLnXan651FCAwffs
wrIGKBLB+gJbEinU4RdwHcKYO1bprMrPLCHsI7MjoAU0/MVQ4p2aV6Uay76NX9ZY
ggktq4paOwXW0xq8IbXJH5YFw5y/FTeS8SAFn8c7KqbBiNMMXPLNiKUwiGoQ6Tws
MhVwC62R70qnjNIQBVdlfu3H+CqIIOU5qpl0v/bc1Iyc6oYre54fcN6bBSDgbRFk
tMWrrC+ljQrXI+n8g3y5oQdUpX2Lmt9C/v3x3ld8mVLwIDrtR3mnz9l2CR6tZsRQ
8anTNaaQ1rdx+FPECCOOXL/yF7qLLRqkMEURb0APYpYHjsEbcXyc9BpNLNRs1aJm
Thf4AokTVC6rX2fPYf8q78SUmvs8G9mEYbnPm5XyKYmvoVbkTVdEStz2uy+PFJWa
gsI2O5UFUjQA0xbWg8aYgVmx30LzSbnS92WOadV/dT+jvbjeZOZ29wn+qyCQUUm0
9UXWW86EAEUQJj0zWhJrjyrZY+H7dGBqy/az7gCR6BTyI7ryIa4C6dzTmg8Vohyb
chlR5DTq0Pb83EZ9jEzYbgNbrN6f3mO5EwYLoYHDfJaIfpn5N5VpMDYInhEBBeRQ
7TZpMrPEOu8RM3yQLTiuS3gaEgx1ml9Pu8qQcd7aubP2OTB2RKLhm2BL1oYMrn6E
VH4tOReX0O97HjpJWvE5
=JmZ6
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20161130141734.GA5863%40mutt.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: TemplateVM Best-Practices?

2016-11-30 Thread Daniel Moerner
On Wednesday, November 30, 2016 at 8:59:58 AM UTC-5, Loren Rogers wrote:
> Hi all,
> 
> Are there any recommended strategies for creating and managing 
> TemplateVMs for regular users?

Speaking personally, I use four templates: (based on Debian 9)

base: For sys-*, vault, gpg, shopping, banking, etc.
office: Libreoffice, thunderbird extensions, latex. For work and personal VMs.
dev: Developer tools, compilers, etc. For dev VMs.
untrusted: Media software (vlc, etc.) as well as Chrome.

This lets me keep the individual templates to a more manageable size and 
prevents me from accidentally mixing up my workflow across VMs.

I would be open to using a more stripped-down base template but I'm not 
convinced it's worth it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e38e8cb-2595-4eee-9222-2990c8b8aecd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to install Win 7 x64 from a USB stick

2016-11-30 Thread Grzesiek Chodzicki
W dniu środa, 30 listopada 2016 14:35:32 UTC+1 użytkownik stevemic...@gmail.com 
napisał:
> On Wednesday, November 30, 2016 at 7:19:41 AM UTC-6, stevemic...@gmail.com 
> wrote:
> > On Tuesday, November 29, 2016 at 11:07:05 PM UTC-6, Grzesiek Chodzicki 
> > wrote:
> > > W dniu środa, 30 listopada 2016 04:26:19 UTC+1 użytkownik 
> > > stevemic...@gmail.com napisał:
> > > > On Tuesday, November 29, 2016 at 9:07:08 PM UTC-6, Jean-Philippe 
> > > > Ouellet wrote:
> > > > > It may make more sense to use qvm-block than qvm-usb here. Should in
> > > > > theory have a smaller attack surface and expose better-tested code
> > > > > paths.
> > > > 
> > > > I must be missing something really basic that, as a noob, I don't 
> > > > understand.
> > > > The command qvm-block -a Win7 dom0:sdb returns
> > > > ERROR: VM Win7 not running.
> > > > 
> > > > This seems like a catch 22 since I can't start the VM because there's 
> > > > no bootable file system yet nor can I attach a device to a not running 
> > > > VM.
> > > 
> > > Don't use qvm-block, use --drive argument for the qvm-start command 
> > > instead.
> > > qvm-start Win7 --drive=/path/to/usb/drive
> > 
> > qvm-start Win7 --drive=/dev/sdb1 
> > Starting NetVM sys-firewall
> > Starting NetVM sys-net
> > Creating volatile image :/var/liv/qubes/servicevms/sys-net/volatile.img
> > Loading the VM (type=NetVM)
> > ERROR: PCI device 01:00.0 does not exist (domain sys-net)
> > 
> > We're making progress!
> 
> Other notes: 
> qvm-start Win7 --drive=/dev/sdb produces the same result as does qvm-start 
> Win7 --cdrom=/dev/cdrom
> 
> Fedora-23 is the template for sys-net

Can you check what type of the device is it? You can do that using the 
following command (in dom0 terminal):
lspci|grep 01:00.0

Also, this part here is interesting:
> > Loading the VM (type=NetVM)

It seems that your windows-7 vm is of NetVM type and not of the HVM/TemplateHVM 
type. Remove it and then create a new VM of HVM Standalone or HVM Template 
type. Then start it again using the --drive or --cdrom argument

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac5f8a1e-c7ff-4766-8757-51f88f1e79fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to install Win 7 x64 from a USB stick

2016-11-30 Thread stevemichaelphone
On Wednesday, November 30, 2016 at 7:19:41 AM UTC-6, stevemic...@gmail.com 
wrote:
> On Tuesday, November 29, 2016 at 11:07:05 PM UTC-6, Grzesiek Chodzicki wrote:
> > W dniu środa, 30 listopada 2016 04:26:19 UTC+1 użytkownik 
> > stevemic...@gmail.com napisał:
> > > On Tuesday, November 29, 2016 at 9:07:08 PM UTC-6, Jean-Philippe Ouellet 
> > > wrote:
> > > > It may make more sense to use qvm-block than qvm-usb here. Should in
> > > > theory have a smaller attack surface and expose better-tested code
> > > > paths.
> > > 
> > > I must be missing something really basic that, as a noob, I don't 
> > > understand.
> > > The command qvm-block -a Win7 dom0:sdb returns
> > > ERROR: VM Win7 not running.
> > > 
> > > This seems like a catch 22 since I can't start the VM because there's no 
> > > bootable file system yet nor can I attach a device to a not running VM.
> > 
> > Don't use qvm-block, use --drive argument for the qvm-start command instead.
> > qvm-start Win7 --drive=/path/to/usb/drive
> 
> qvm-start Win7 --drive=/dev/sdb1 
> Starting NetVM sys-firewall
> Starting NetVM sys-net
> Creating volatile image :/var/liv/qubes/servicevms/sys-net/volatile.img
> Loading the VM (type=NetVM)
> ERROR: PCI device 01:00.0 does not exist (domain sys-net)
> 
> We're making progress!

Other notes: 
qvm-start Win7 --drive=/dev/sdb produces the same result as does qvm-start Win7 
--cdrom=/dev/cdrom

Fedora-23 is the template for sys-net

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bdd862e-4372-4dc7-bca9-8782f1eef77f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to install Win 7 x64 from a USB stick

2016-11-30 Thread stevemichaelphone
On Tuesday, November 29, 2016 at 11:07:05 PM UTC-6, Grzesiek Chodzicki wrote:
> W dniu środa, 30 listopada 2016 04:26:19 UTC+1 użytkownik 
> stevemic...@gmail.com napisał:
> > On Tuesday, November 29, 2016 at 9:07:08 PM UTC-6, Jean-Philippe Ouellet 
> > wrote:
> > > It may make more sense to use qvm-block than qvm-usb here. Should in
> > > theory have a smaller attack surface and expose better-tested code
> > > paths.
> > 
> > I must be missing something really basic that, as a noob, I don't 
> > understand.
> > The command qvm-block -a Win7 dom0:sdb returns
> > ERROR: VM Win7 not running.
> > 
> > This seems like a catch 22 since I can't start the VM because there's no 
> > bootable file system yet nor can I attach a device to a not running VM.
> 
> Don't use qvm-block, use --drive argument for the qvm-start command instead.
> qvm-start Win7 --drive=/path/to/usb/drive

qvm-start Win7 --drive=/dev/sdb1 
Starting NetVM sys-firewall
Starting NetVM sys-net
Creating volatile image :/var/liv/qubes/servicevms/sys-net/volatile.img
Loading the VM (type=NetVM)
ERROR: PCI device 01:00.0 does not exist (domain sys-net)

We're making progress!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/660bfb74-c286-40f6-bd54-4d34e6b3fd20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread Chris Laprise

On 11/30/2016 02:09 AM, Swâmi Petaramesh wrote:

Hello,

I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP
ProBook 6470b.

Anti-evil-maid is installed to HD /boot per instructions, TPM is
protected by a password, and I use a "secret" image instead of text.

So far everything seemed to work.

However this morning I had a Xen upgrade in dom0, and, as documented, I
was expecting it to break my AEM secret image display at next reboot.

So after upgrading Xen in dom0 I rebooted the system and... nothing
special hapenned. AEM displayed my "secret" image as usual, without any
unusual behaviour or warning whatsoever.

So I wonder : Is AEM actually working on my system ?

Any clue appreciated.

TIA.

Kind regards.



Hi,

Can you restore your system to the point it was just before the Xen 
update? This would allow you to reproduce the behavior.



Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57c1b1c9-694b-a34d-9003-030389978f0f%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] safer typing in public places

2016-11-30 Thread Jean-Philippe Ouellet
On Tue, Nov 29, 2016 at 11:18 PM, pixel fairy  wrote:
> has anyone here experimented with bluetooth locks? it seems like a lot of 
> extra scary code to run in dom0, but i like the idea of auto shutdown if 
> device loses range. or maybe after a timeout period of some trigger?thats 
> another discussion.

Does not need to be dom0! (nor do I believe should it be!)

You may pass your bluetooth device to another VM (via PCI) and use a
trivial qrexec service in dom0 to trigger the shutdown.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_C5OtPrTQKnCdf%3Dj%3DFBHNy_BvwLQK0OL3LHGizN5Diujg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread Swâmi Petaramesh

Hi,

On 11/30/2016 09:40 AM, Jean-Philippe Ouellet wrote:

Check if the latest xen version installed is actually the xen version running.

[root@dom0 ~]$ xl dmesg | head -1
Xen 4.6.3-24.fc23

[root@dom0 ~]$ rpm -q xen-hypervisor
xen-hypervisor-4.6.3-24.fc23.x86_64

[root@dom0 ~]$ rpm -qi xen-hypervisor
...
Install date: mer. 30 nov 2016 07:46:15 CET

...So it's the latest Xen, updated this morning, and AEM doesn't seem to 
care.



I had an issue where the update did not modify the appropriate EFI
variables and I was still running the old version after the update.
This issue has been addressed, but perhaps not completely.


I'm BIOS legacy boot mode, as AEM documentation advises that booting in 
EFI mode is not supported...



So I wonder : Is AEM actually working on my system ?

That is definitely something that should be tested while setting up
and not something that should only come into question at a time like
this. Make backups, flip some bits, and see what happens? ;)


Uh, Haven't had the time : I installed Qubes on this system one week 
ago, and AEM 2 days ago... ;-)


Thanks for your help !

Kind regards.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ee8335a8-98ea-4494-8d02-06077a91ee03%40petaramesh.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread Jean-Philippe Ouellet
Check if the latest xen version installed is actually the xen version running.

I had an issue where the update did not modify the appropriate EFI
variables and I was still running the old version after the update.
This issue has been addressed, but perhaps not completely.

You can check the versions with the following:

# for version running:
[user@dom0 ~]$ xl dmesg | head -1
 Xen 4.6.3-22.fc23

# for version installed:
[user@dom0 ~]$ rpm -q xen-hypervisor
xen-hypervisor-4.6.3-22.fc23.x86_64

On Wed, Nov 30, 2016 at 2:09 AM, Swâmi Petaramesh  wrote:
> So I wonder : Is AEM actually working on my system ?

That is definitely something that should be tested while setting up
and not something that should only come into question at a time like
this. Make backups, flip some bits, and see what happens? ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_ByuctUbRMxjXO-H8q0Bq7VkN%3D5CLGLd6BcM%3DX0JfkLGA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.