Re: [qubes-users] How to Backup Qubes Using New USB Hard Drive

2016-12-27 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-27 19:48, mojosam wrote:
> Andrew:
> 
> Thank you for clarifying this.  What you said is all in the
> documentation that I had already read, but I got lost trying to put
> it into perspective.
> 
> The complicating factor is that I have a USB keyboard and mouse
> plugged into a KVM switch, which is plugged into the computer.  I
> need to use a USB keyboard, because it's ergonomic.  I know that I
> can theoretically get a USB-to-PS/2 converter, but then I couldn't
> plug the keyboard into my KVM switch.
> 
> So not only do I have the keyboard and mouse talking directly to
> dom0, but I also have the KVM switch talking to it, plus any USB
> devices I recklessly plug into that.  I knew it wasn't ideal, but
> it's what I have.
> 
> Making a USB qube does appear to be the right approach here.
> Fortunately, I have two USB controllers in this machine.  So here's
> what I'm thinking of doing.  Let me know if it is correct.
> 
> 1) First, I should make a USB qube that talks to USB controller #1.
> I allow this qube to talk to dom0.  I will plug my KVM switch into
> that.  This allows the keyboard and mouse to access dom0.
> Unfortunately, it also allows the KVM switch access to dom0.  If I
> make a habit of not plugging any other USB devices into that
> switch, I suppose that's a relatively low risk situation.  There
> really shouldn't be any other USB devices that need to be on the
> switch, so this shouldn't be a problem.  Am I correct in thinking
> that I can base this qube on the Fedora Minimal template?
> 
> 2) Second, I should make another USB qube, and this one talks to
> USB controller #2.  This one will never talk to dom0.  I'll plug
> all sorts of USB crap into this guy, including my backup drive.
> Can I get away with basing this qube on Fedora Minimal as well?
> 
> Please set me straight on anything I've misunderstood.  Thanks.
> 

The setup sounds reasonable (though, FWIW, I gave up on trying to get
a working KVM-switch setup with Qubes years ago, but YMMV).

As for whether to use Fedora-minimal for the USB qubes: You may find
that things don't work as expected (most likely due to missing
packages), so either be prepared to do a lot of troubleshooting on
your own, or just use the default, full template.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIbBAEBCgAGBQJYY23wAAoJENtN07w5UDAw4JkP9RzKsd5w+yKzq6DtQiJaccUj
aAUeN7TqOIWg1GneVNzu7ca7rfcn28+Ve6frBUL7dBr51tf2QYCEppu3BM2wvLXx
mwn1DbHnu3CREK0l7RujDG5RXlqJDb/2eEJJbRCDIloiv7CcvjimHz0m5ySU8/Zz
KR5rhZuqyKskG2Yerk6JIbeIW7U4WgApZPsAIM/5WPfvsUA3zBHmJiyalkdkwovo
KJ+GcuHEs3hZ1MNIoXtwgOppDWKFmwkQ9erm9e/3vpv3hLP/1JIdNGJVykLhglm/
Z4Oqf4Xt8K9dkB14ZCoPcn4awHEH2cFTiKWTJDN73/vCJtgiQciyGMpcZh0u7krE
S7y9MwuQ7vTn796v6JmGHw+FxDovaiIHl1WfoHbnN8sq07NmrwhzIhWJISNjHZOs
PBqlhZgGzZPc4kFWzBFaOWAXn4LELLBoatutm0WPO3HiAD8cejIedlsnmwuO3mV5
zloVpIWoiXDQT1hLPTCio/oXutaSBgUOjCY3YUE8r1UEb/+Ytye6jsL34neXwsYS
+bJtUFDHmebx+P4LD3lnoWb2duj6lmavRRV5ZONzL5+kIDc0nYHxMxAFT0wdDh9m
YD7hq2ka2zlIxRoAecVQIiVckFLvpPswwcWpf4cIu0H5gk75oSiLgGxe48HdokDt
UVGQgZ6YJWRY67At88w=
=MWTX
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ffc19302-9296-b7ab-bd73-27872a109908%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-27 12:39, Patrick Bouldin wrote:
> On Tuesday, December 27, 2016 at 2:13:48 PM UTC-5, Patrick Bouldin wrote:
>> On Tuesday, December 27, 2016 at 2:11:04 PM UTC-5, Patrick Bouldin wrote:
>>> On Tuesday, December 27, 2016 at 2:04:28 PM UTC-5, Patrick Bouldin wrote:
 On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
> Hi, I saw some threads on this but am not clear at a high level.
>
> I thought I would install dropbox client on one of my Fedora VMs so that 
> working with files is much smoother than from a browser. So, is 
> installing a Fedora Desktop the best plan to do that? Don't assume I know 
> enough of native Qubes ability please - maybe I'm missing a key point!
>
> Thanks,
> Patrick

 Thanks David. housekeeping question - before I started I copied my Fedora 
 template, just in case. Am I correct I can easily undo those changes 
 incorrectly made by deleting the template and renaming the backup template 
 to the production one (just deleted)?


Yes, that's correct.

>>>
>>> Sorry, I meant Andrew!
>>

No worries.

>> And I see it works so disregard, Andrew - thanks again.
> 
> Wow, this is a bear for me. 
> 
> Dropbox said:Add the following to /etc/yum.conf.
> 
> 
> name=Dropbox Repository
> baseurl=http://linux.dropbox.com/fedora/\$releasever/
> gpgkey=http://linux.dropbox.com/fedora/rpm-public-key.asc
> 
> So I performed a sudo gedit on that file and added the above three lines. 
> When I saved it I received this:
> 
> ** (gedit:1791): WARNING **: Set document metadata failed: Setting attribute 
> metadata::gedit-position not supported
> [user@fedora-24 ~]$ 
> 
> So I do see that you can't save metadata by extending the yum.conf file, and 
> tried a few other things that I think it was suggesting.
> 

No, I think that's just a warning message about the gedit program
itself. Should be safe to disregard. You can verify that the contents of
the file were saved with `cat /etc/yum.conf`.

> When I try and run $ sudo dnf install nautilus-dropbox
> I get this:
> Last metadata expiration check: 0:14:35 ago on Tue Dec 27 15:23:35 2016.
> No package nautilus-dropbox available.
> Error: Unable to find a match.
> 

Try this:

$ sudo dnf --refresh install nautilus-dropbox

If that still doesn't work, try creating a separate repo file,
`/etc/yum.repos.d/dropbox.repo`, with this content:

[Dropbox]
name=Dropbox Repository
baseurl=http://linux.dropbox.com/fedora/$releasever/
gpgkey=https://linux.dropbox.com/fedora/rpm-public-key.asc

Then try this again:

$ sudo dnf --refresh install nautilus-dropbox

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYY2yaAAoJENtN07w5UDAwPdQP/0PkbijP3sTDVl5wCbliYP3k
geBxtHDYfCwPtH4Puvwn5M7az7zSGYVsVp8mhFVpbwzasIhc8AEogAMWFWflq4Vh
T6SfrTqjQXkt0oGqUQbZDWsfUylyZl46y9aPO/CczE2iG6lIxjts/DpKuibwmWr3
GYMD/O9IhxFPm7rBHGCQkg02tAoQ4Y8/s/qPaouSrgRm4pkRDvr9mv0ztOsaQr9k
PIInequHgt9TeQkJBBcMlIH/wjXA7nnS9kRYJieGeBZ5UXL4pQPh/0CPnTJfvZZP
tAqdSMrCxvCXoyJRbJYuLA2IhInYlmcxK3k7iY7A7BBUkleK0WjT1JwwutS96hja
0DLK90HkTv8smo5lN0FOk2xXgLk5cWC98QiKluL8x7zH12dPpWUXQA/yF++mSlH8
7iteaYYD1oYfzI6jHBCvBtVjgtvrQSkkLcy4WNGhJZ6WT5hggArLgnGzKGauWfGq
p6iBUYEOqDpa1jNVHQ1sdmftvBw4j2FfdbrLNuGYL9qCg33PXQmyW8JGkassJ2ac
CKLvxQums/JcnF9yg7VEu0VmFGlCGYs/gPxQFe0UbUIcsekiAPCfFUPUvyFw5NEH
2xDThJ7rruRWakxKl+f7hU0M+Faf50N+OrCoJbyaZzmo83HbYEvhi13z3TUjoAiX
MXBCUJOmxHvRlLS+fpzN
=iMaH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9557ed42-3b92-b448-9f19-db0db29de430%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Split GPG: thunderbird+enigmail stopped cache password

2016-12-27 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-27 11:34, 5qfppt+dtaepv4a6ll7k via qubes-users wrote:
>> Is this with or without an empty/blank key passphrase?
> 
> Key is protected with a passphrase
> 

In that case, there's no need to change the documentation, since it
already works as described (i.e., without a key passphrase).

> 
>> Works fine for me with the default fedora-24 template.
> 
> Between fedora-24 or fedora-24-minimal, which one is more
> recommended in a security perspective? What I mean is, using the
> standard fedora template with all apps installed on it advisable or
> is it preferable to use a dedicated template or a minimal bare bone
> template to diminish the surface attack?
> 

The minimal template has a smaller attack surface in general, but it
doesn't come with Split GPG pre-installed. There is probably not a
significant difference, since the Split GPG protocol tightly controls
inter-VM data transfer. There is no general recommendation here, since
the degree to which the full vs. minimal template attack surface
matters depends on your threat model. For some people, it makes more
sense to save the disk space by not having an extra minimal template
for it.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYY2d4AAoJENtN07w5UDAwCW4P/0SmNpZmrS/p1zlxMOJNn81Y
BGxbcErD95vlKMkQnERSLFqCK2lTy9JykW0jR1cOJbpG2RWEn06zYe/a1jSm+HFL
9Nv0puMnCasyepoiMRXT/KtGlcbBpmSiRlOuavsJjB8m31X7ygedC4sP3aNix/Xb
ngeZWVUSXMjOG9xMRdjY7VUw2J4IqkAELEDs5LrFiavWzoN7QDjtm88LN43WbU/q
2eOidZC5zdUzptZaC2oNH1dWfWDo8WWSL8zRjGaf1i1628OAJA0INmC1S3Xa4t2W
yMxdN7OqBVMlMt1rXEgd316EgQ7PzQBQyhgMGsUMW0P/s1+BMqHZlwfV/hm+AnrZ
Dw8sg74L4sbzcX50om6RVgp3CL/5NWTQgcKZL1q/OezhYTyanwBhgcuhC6FUQz3Q
Gx0LLbOFE5QaB9S4k4+o47oHC2EZEclBfYMLHaXqJaFTdK+pFbxvtpHzRmJXEiBE
hSxNySxK5GpQhODlwz401oogDXudJsf8qRfs/ueS+7/a1uZttIRHVbIz8icEjbzP
y4nTItuRKC9K/Ku8A4QC/KFZmbgZpt9ueirlpnqwf/rXgk/Ytq57AxDzmZkvnl0J
o2o+o9beT6ScTYSzAxlsnUVsOIFjJmsDomX2wl7BrQB/VtlIkmH5hNiKE5unTbCj
g+8a+oL7knxlfsHa67zD
=OgX0
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b85e543d-6dfb-e32b-4b86-7543d4dfe55a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

2016-12-27 Thread Vít Šesták
While I agree Debian is a fair choice in terms of security, I disagree with 
your reasoning. The “encryption bypass” is rather a minor vulnerability (i.e. 
if attacker has all prerequisities to abuse it, she probably could also perform 
another attacks) and I don't believe that this is statistically significant. On 
the other hand, there are also some Debian-specific vulnerabilities. For 
example, recent APT vulnerability or not-so-recent vulnerable SSH keys due to 
some Debian-specific tuning. This does not suggest that Debian is less secure, 
this suggests it is not so clear.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63a67ab8-0e3d-445e-b22a-d79b7acf3a97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Install windows 7 in HVM template on HP Zbook 15

2016-12-27 Thread dumbcyber
On Tuesday, 27 December 2016 23:03:31 UTC+11, Ines WALLON  wrote:
> Hello everybody,
> 
> I try to install Windows 7  in HVM template and my VM displays
>   "Starting Windows" and freeze.
> 
> Windows 10 fully functional in HVM template but not qubes driver
> 
>  
> 
> 
> best regard
> 
> -- 
> Ines WALLON

Sorry can't find the link but for some people there is a tip to change a driver 
setting from xen to cirrus to get past the glowing logo.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6b6eb481-94fa-4bee-a72d-ef0870acbe3e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to Backup Qubes Using New USB Hard Drive

2016-12-27 Thread mojosam
Andrew:

Thank you for clarifying this.  What you said is all in the documentation that 
I had already read, but I got lost trying to put it into perspective.

The complicating factor is that I have a USB keyboard and mouse plugged into a 
KVM switch, which is plugged into the computer.  I need to use a USB keyboard, 
because it's ergonomic.  I know that I can theoretically get a USB-to-PS/2 
converter, but then I couldn't plug the keyboard into my KVM switch.

So not only do I have the keyboard and mouse talking directly to dom0, but I 
also have the KVM switch talking to it, plus any USB devices I recklessly plug 
into that.  I knew it wasn't ideal, but it's what I have.

Making a USB qube does appear to be the right approach here.  Fortunately, I 
have two USB controllers in this machine.  So here's what I'm thinking of 
doing.  Let me know if it is correct.

1) First, I should make a USB qube that talks to USB controller #1.  I allow 
this qube to talk to dom0.  I will plug my KVM switch into that.  This allows 
the keyboard and mouse to access dom0.  Unfortunately, it also allows the KVM 
switch access to dom0.  If I make a habit of not plugging any other USB devices 
into that switch, I suppose that's a relatively low risk situation.  There 
really shouldn't be any other USB devices that need to be on the switch, so 
this shouldn't be a problem.  Am I correct in thinking that I can base this 
qube on the Fedora Minimal template?

2) Second, I should make another USB qube, and this one talks to USB controller 
#2.  This one will never talk to dom0.  I'll plug all sorts of USB crap into 
this guy, including my backup drive.  Can I get away with basing this qube on 
Fedora Minimal as well?

Please set me straight on anything I've misunderstood.  Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d4687dd-c171-4249-a080-dbbd7b551ef0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Clone qubes machine - any options other than backup and build again?

2016-12-27 Thread dumbcyber
On Sunday, 18 December 2016 17:18:17 UTC+11, dumbcyber  wrote:
> On Thursday, 15 December 2016 01:07:12 UTC+11, Andrew David Wong  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA512
> > 
> > On 2016-12-14 03:19, dumbcyber wrote:
> > > Hello, I am running Qubes from a 64Gb USB stick.
> > > 
> > > I am running R3.2 on my Macbook 11,1, and have built several 
> > > template VMs, for example Windows.
> > > 
> > > What I want to do now is clone the entire USB stick to another USB 
> > > external SSD drive. In other words I want to be able to stop using 
> > > the USB stick and move to the SSD drive without building Qubes from
> > > again scratch and then performing backup/restore all my VMs.
> > > 
> > > Is this even possible? Am i dreaming?
> > > 
> > > Thanks in advance.
> > > 
> > 
> > I reckon there's nothing to lose by trying, as long as you keep the
> > original USB stick. You can try with dd or any program that makes a
> > bitwise identical image from the USB stick and faithfully writes it
> > onto the SDD drive.
> > 
> > - -- 
> > Andrew David Wong (Axon)
> > Community Manager, Qubes OS
> > https://www.qubes-os.org
> > -BEGIN PGP SIGNATURE-
> > 
> > iQIcBAEBCgAGBQJYUVIDAAoJENtN07w5UDAwzAwP/0w1+2cu9qFizHAVfApng01g
> > SPwqL9Gt+lNdYRoUUjSIsBHe2bpY1DDllpiZnTVc1EmK6daq9XjSMs1dVlceUNeV
> > 01uJ2mN68vY6PqZZ0DrREdmK3EteFRo/761qwr+gvQ1A7BqT3gJZjIACauizQ1EC
> > Jlk0Mr5BO34j9b3zj4bv43M+7fM2tL1kB0i1ISELCeiRF8IHcqd3IQMwF8GD7OfC
> > iCAXiVj+pBbp7FojUhqrzHYmBj6YK35MmX6BAzwc6L/Zh3XcQsGuBy2SzPPmodgM
> > kWJ6uRsKCY7k7hCM3nauDfrIeweOr0d4vhOUivx7CjdayCh/W1Z47A1hbId7E+i7
> > RqSqx/l3ZgEWkgnj5XOM/Pv3CrKIRnBr55fe5EDpgFeAasluGd4XFWHhx/Sx73mt
> > iqVsk7KzBvvWL7AjThBWLqbwfk2FU0ajE0DJw3/XsGyJxscap8BXiGCPkTi4NaRd
> > Z4Iy/VJ6RRVTSBbqZ87B28qZmZ/dYYJX7Rll//5OZcEI2XzSGopE882rdmaYG62v
> > M6fQgpjsBh1QMC36Fe0nlFAN1FPoe2Aneg73wziA1+XKoZRo7iK/rQSb+vL3h9vq
> > 2vZfBDbYkplWonJ6LhukGK4LozpuuaL2AK1Q4xhF8b/LZZII7/MWvkhHUDCMAY6t
> > nDiTseM0toT5Gp48rPJw
> > =GoBG
> > -END PGP SIGNATURE-
> 
> Quick update:  On a Kali Linux machine, I managed to format and partition the 
> destination disk as per the Qubes USB stick. I've used DD command to copy the 
> contents of the two partitions. I get a success message at the end.
> 
> When I boot I get the option to boot from this new disk but nothing else 
> happens. I've noticed using fdisk and gparted on linux that while the DD 
> command is successful the second partition is actually empty. The first 
> partition is fine - looks exactly like the source disk.
> 
> Any ideas appreciated.

Just in case this helps anyone else:  I managed to do this successfully with 
Clonezilla.  Used the advanced options where I unchecked "reinstall grub".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca649c7b-235d-4931-9a88-8584ef3fb762%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Install windows 7 in HVM template on HP Zbook 15

2016-12-27 Thread Антон Чехов
Here is the solution, it works fine:
https://github.com/QubesOS/qubes-issues/issues/2488

After installing with custom-config, the VM did not get stuck again. I was done 
at #9. 

Best regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddff70c7-344b-42c6-861e-879d39546aad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [Win7-HVM] Problems with disk space

2016-12-27 Thread Антон Чехов
I managed to free additional disk space by right-clicking on my drive, 
selecting "Properties" and "compress all files". That way I could install the 
latest Windows Tools. Qubes Private Image is now correctly displayed with 
29.9GB of space, but the local disk drive (C:) is still at 19.8GB. If someone 
could tell me what I might miss/do, it would be appreciated. 

Updates are working fine but not until I did the following (I have Win7 
Professional with SP1):
-deactivate updates
-install internet explorer 11
-install Windows6.1-KB3172605-x64




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9544b94-b8c1-4d2b-bfab-c897086cb72d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Odd failure when trying to use Asus WL-167G with Qubes (both Fedora and Debian 8 VMs). Help :(

2016-12-27 Thread alefond9999
On Wednesday, December 28, 2016 at 2:52:28 AM UTC+3, alefo...@gmail.com wrote:
> Steps to reproduce:
> 1) have WL-167G
> 2) have a separate USB controller (aside from the one mouse and keyboard are 
> set to)
> 3) create a VM (we'll use a Debian 8 one, fedora has exactly same bug, at 
> least 23rd one), make it a network VM (it'll be using a wifi usb dongle after 
> all)
> 4) forward the USB controller to the VM
> 5) connect WL-167G to the usb port
> 6) install drivers in the VM (sudo apt-get install firmware-realtek)
> 7) restart VM
> 8) enjoy internet for a brief time (connects okay)
> 9) start a long download  such as Qubes fedora 24 ( sudo qubes-dom0-update 
> qubes-template-fedora-24)
> 10) about 10 minutes in, connection permanently dies, and stays dead until VM 
> reboot. Dmesg does not have any new messages after connection death, and 
> neither does sudo journalctl -u NetworkManager
> 
> Please help. I don't have any other wifi dongles and won't have for a while, 
> plus now I'm really really worried they will fail like this too.

Oh, and the adapter is the v3 version, supposedly well-supported by Qubes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbbab0e5-10bd-49c7-bc32-72f46adadde0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Odd failure when trying to use Asus WL-167G with Qubes (both Fedora and Debian 8 VMs). Help :(

2016-12-27 Thread alefond9999
Steps to reproduce:
1) have WL-167G
2) have a separate USB controller (aside from the one mouse and keyboard are 
set to)
3) create a VM (we'll use a Debian 8 one, fedora has exactly same bug, at least 
23rd one), make it a network VM (it'll be using a wifi usb dongle after all)
4) forward the USB controller to the VM
5) connect WL-167G to the usb port
6) install drivers in the VM (sudo apt-get install firmware-realtek)
7) restart VM
8) enjoy internet for a brief time (connects okay)
9) start a long download  such as Qubes fedora 24 ( sudo qubes-dom0-update 
qubes-template-fedora-24)
10) about 10 minutes in, connection permanently dies, and stays dead until VM 
reboot. Dmesg does not have any new messages after connection death, and 
neither does sudo journalctl -u NetworkManager

Please help. I don't have any other wifi dongles and won't have for a while, 
plus now I'm really really worried they will fail like this too.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/61f4a57d-76a9-46e5-ab0f-928efe4172e0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [FAILED] Failed to start Load Kernel Modules

2016-12-27 Thread Patrick Bouldin
On Thursday, November 3, 2016 at 4:15:08 PM UTC-4, Douglas Harding wrote:
> I have reinstalled 4 times. Every time it was from a fresh install. 
> 
> A red "FAILED" pops up stating `[FAILED] Failed to start Load Kernel Modules`
> 
> Then I get failed messages at the bottom:
> 
> `nouveau :01:00.0: gr: failed to load fecs_inst`
> `nouveau :01:00.0: DRM: Pointer to flat panel table invalid`
> 
> then it freezes so I have to do a hard reset.
> 
> The only issue I could think of (because nouveau) is that it's my graphics 
> card, as nVidia has issues. However, when attempting to use the guide on the 
> official Qubes website -- I do not have the ability to click `“failsafe” boot 
> menu`as the only thing that shows up is:
> 
> `Qubes, with Xen hypervisor`
> `Advanced Options for Qubes (with Xen hypervisor)`
> 
> When I follow "Advanced" I don't have options... However, [FAILED] is no 
> longer red, it's just grey.
> 
> 
> --
> What I have tried:
> 
> * reinstall several times
> * make sure VT-D is enabled
> * I hit "e" to do a temp edit the grub, added "failsafe" after "quiet boot" 
> * I'm unable to access any logs, command sends me to the grub command prompt. 
> * unplugging all but 1 monitor
> 
> -
> Specs: 
> 
> CPU: i5-4570k
> GPU: GTX 970
> RAM: 24GB (well over the min. requirements)
> SSD: 240GB (plenty of space)
> 
> 
> Can anyone offer assistance on this? Qubes has been my favorite distro to use 
> out of the several I had been testing over the last few months. 
> 
> Thank you for your time,
> Douglas Harding

Hi,

I've been getting this message ever since loading 3.2 from scratch. It doesn't 
appear to have any effect though.

Does anyone know the implication of this? Should I fix?

Thanks,
Patrick
Dallas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3ef1a6f-86d1-42fe-adf9-d91519a7f8e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Patrick Bouldin
On Tuesday, December 27, 2016 at 2:13:48 PM UTC-5, Patrick Bouldin wrote:
> On Tuesday, December 27, 2016 at 2:11:04 PM UTC-5, Patrick Bouldin wrote:
> > On Tuesday, December 27, 2016 at 2:04:28 PM UTC-5, Patrick Bouldin wrote:
> > > On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin 
> > > wrote:
> > > > Hi, I saw some threads on this but am not clear at a high level.
> > > > 
> > > > I thought I would install dropbox client on one of my Fedora VMs so 
> > > > that working with files is much smoother than from a browser. So, is 
> > > > installing a Fedora Desktop the best plan to do that? Don't assume I 
> > > > know enough of native Qubes ability please - maybe I'm missing a key 
> > > > point!
> > > > 
> > > > Thanks,
> > > > Patrick
> > > 
> > > Thanks David. housekeeping question - before I started I copied my Fedora 
> > > template, just in case. Am I correct I can easily undo those changes 
> > > incorrectly made by deleting the template and renaming the backup 
> > > template to the production one (just deleted)?
> > > 
> > > Thanks,
> > > Patrick
> > 
> > Sorry, I meant Andrew!
> 
> And I see it works so disregard, Andrew - thanks again.

Wow, this is a bear for me. 

Dropbox said:Add the following to /etc/yum.conf.


name=Dropbox Repository
baseurl=http://linux.dropbox.com/fedora/\$releasever/
gpgkey=http://linux.dropbox.com/fedora/rpm-public-key.asc

So I performed a sudo gedit on that file and added the above three lines. When 
I saved it I received this:

** (gedit:1791): WARNING **: Set document metadata failed: Setting attribute 
metadata::gedit-position not supported
[user@fedora-24 ~]$ 

So I do see that you can't save metadata by extending the yum.conf file, and 
tried a few other things that I think it was suggesting.

When I try and run $ sudo dnf install nautilus-dropbox
I get this:
Last metadata expiration check: 0:14:35 ago on Tue Dec 27 15:23:35 2016.
No package nautilus-dropbox available.
Error: Unable to find a match.

I'm sorry if this is beyond the scope of qubesOS assistance, perhaps I should 
check in with a dropbox forum?

Thanks,
Patrick
Dallas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a55bc79d-e137-4722-a006-7335a5309bde%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] New Lenovo laptops: X1 (4th Gen), T460/p, and T560

2016-12-27 Thread 'Olivier Médoc' via qubes-users
On 12/27/2016 12:12 AM, Marek Marczykowski-Górecki wrote:
> On Mon, Dec 26, 2016 at 08:29:55PM +0100, 'Olivier Médoc' via
> qubes-users wrote:
> > Maybe, Qubes installer bootloader could support both stable and unstable
> > kernels, in order to support new hardware ?
>
> I'd wait for the next longterm support kernel, then maybe release
> updated installation disk with it.
>
Hello,

That would be perfect. For now I can at least install it on older hardware.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0c1586f-000d-abd9-0fa1-6067e5aca2cf%40yahoo.fr.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Split GPG: thunderbird+enigmail stopped cache password

2016-12-27 Thread 5qfppt+dtaepv4a6ll7k via qubes-users
Is this with or without an empty/blank key passphrase? 

Key is protected with a passphrase


Works fine for me with the default fedora-24 template. 

Between fedora-24 or fedora-24-minimal, which one is more recommended in a 
security perspective? What I mean is, using the standard fedora template with 
all apps installed on it advisable or is it preferable to use a dedicated 
template or a minimal bare bone template to diminish the surface attack?






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7305d7d3c46053346721ef2cb27cc9cec552%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Patrick Bouldin
On Tuesday, December 27, 2016 at 2:11:04 PM UTC-5, Patrick Bouldin wrote:
> On Tuesday, December 27, 2016 at 2:04:28 PM UTC-5, Patrick Bouldin wrote:
> > On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
> > > Hi, I saw some threads on this but am not clear at a high level.
> > > 
> > > I thought I would install dropbox client on one of my Fedora VMs so that 
> > > working with files is much smoother than from a browser. So, is 
> > > installing a Fedora Desktop the best plan to do that? Don't assume I know 
> > > enough of native Qubes ability please - maybe I'm missing a key point!
> > > 
> > > Thanks,
> > > Patrick
> > 
> > Thanks David. housekeeping question - before I started I copied my Fedora 
> > template, just in case. Am I correct I can easily undo those changes 
> > incorrectly made by deleting the template and renaming the backup template 
> > to the production one (just deleted)?
> > 
> > Thanks,
> > Patrick
> 
> Sorry, I meant Andrew!

And I see it works so disregard, Andrew - thanks again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6b47fcd4-9631-495a-9164-e151d879b8db%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Patrick Bouldin
On Tuesday, December 27, 2016 at 2:04:28 PM UTC-5, Patrick Bouldin wrote:
> On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
> > Hi, I saw some threads on this but am not clear at a high level.
> > 
> > I thought I would install dropbox client on one of my Fedora VMs so that 
> > working with files is much smoother than from a browser. So, is installing 
> > a Fedora Desktop the best plan to do that? Don't assume I know enough of 
> > native Qubes ability please - maybe I'm missing a key point!
> > 
> > Thanks,
> > Patrick
> 
> Thanks David. housekeeping question - before I started I copied my Fedora 
> template, just in case. Am I correct I can easily undo those changes 
> incorrectly made by deleting the template and renaming the backup template to 
> the production one (just deleted)?
> 
> Thanks,
> Patrick

Sorry, I meant Andrew!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/747e1922-65fc-4086-8fe9-daedb989edb4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Patrick Bouldin
On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
> Hi, I saw some threads on this but am not clear at a high level.
> 
> I thought I would install dropbox client on one of my Fedora VMs so that 
> working with files is much smoother than from a browser. So, is installing a 
> Fedora Desktop the best plan to do that? Don't assume I know enough of native 
> Qubes ability please - maybe I'm missing a key point!
> 
> Thanks,
> Patrick

Thanks David. housekeeping question - before I started I copied my Fedora 
template, just in case. Am I correct I can easily undo those changes 
incorrectly made by deleting the template and renaming the backup template to 
the production one (just deleted)?

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa8ae235-a136-4e66-a034-e3d127be1e59%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-27 09:35, Patrick Bouldin wrote:
> On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
>> Hi, I saw some threads on this but am not clear at a high level.
>>
>> I thought I would install dropbox client on one of my Fedora VMs so that 
>> working with files is much smoother than from a browser. So, is installing a 
>> Fedora Desktop the best plan to do that? Don't assume I know enough of 
>> native Qubes ability please - maybe I'm missing a key point!
>>
>> Thanks,
>> Patrick
> 
> Ran into some issues, can I confirm what you said?
> 
> So I first installed dropbox according to dropbox instructions:
> 
> $ cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64; | tar 
> xzf -
> 
> That completes ok...
> Then they say:
> 
> Next, run the Dropbox daemon from the newly created .dropbox-dist folder.
> 
> ~/.dropbox-dist/dropboxd
> 
> I attempted this in the same Fedore template, is that correct?

This is a different installation method than the one I recommended.
It sounds like you're downloading a binary directly from Dropbox's
website and running it. My recommendations was to install it from the
repo instead.

> It installs but doesn't complete - it actually starts dropbox file synching.

That's because you told it to. :)
You manually started the Dropbox daemon in your last step above.

> I know you said that after I install according to your instructions to do:
> 
> $ sudo dnf install nautilus-dropbox 
> 

No, that's not *after* you install it. That's *in order to* install it.

> I assume that is also on the Fedora template?

Yes, in the Fedora template.

> I tried that with and without the last instruction from dropbox on the 
> template.
> 

The instructions for adding the repo are here:

https://www.dropbox.com/en/help/246

After you add the repo, then this command will work:

$ sudo dnf install nautilus-dropbox

> Incidentally, I am able to successfully load dropbox and synch on any of my 
> VMs... (of course I lose it when restart). So just need clarification on the 
> template.
> 
> PS - I do not want Dropbox to start in a VM unless I tell it.
> 
> Thanks!
> Patrick
> Dallas
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYYrftAAoJENtN07w5UDAwtrUP/iFaqVfOrB33kMamWRZePcIj
l2UDifvaOaO+a4VCoUDHV+54FVRsJ72kNC6cX5LM/hoF9NAp35uw1AmYOcCCZu4R
Rre572+wEHkQjd6Rr0KidtpnehblJSFmKcJ18dfIuUdpHSPgbu1jVK3jnrdWGPKV
oTZBDLnQIUuGsItLECxTjDDXP1vouUXzKzjkgf7etAmZf1K9VHJEIBiPnylU99tr
krsi30l21oDDZ5r81Cz3/7KzROKJxwQwmKeXmm9UM9Qe7o1L0/ogrROKnXtJ4ERB
OagBDmbemt8PkVVUkn9UIrxOlctOvTlp5WR9DGFj7nnUqS3uUyHGH5zlVpLCY5fP
XHMKF4zAJWPKLE/8YhKDxa3klXdEnuq3Ng25aWgUbS9IwQWNgu4//Io3ibwSRY+h
eXNBWu4B4jrOuXfjQQEcu6W+7uqhpEBXZ2O/yiSgkGAocGUckV37SNI0REfg/TVq
0yToJicj9cdeYDqVZRZ8SLD7Er2SibuZXZaxyDMd8dfUvLbIi7HAK7xKPejiTTnc
R36fIWK/ThkeFlkF9Hc49tdwykXrqwDzcIUVnrWCrMIoA9dxNYgylAVzT5S3r+AU
3ybr8F4X6UIRnbg9PXFNp5IVBhO4mUXQUyfxnGmEKzsSwueREGHcJebGTCt3A2Lv
6a1+DxuKZiOTYv8i/VlI
=wIeF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/34539f4c-2d9d-b96d-9408-2d28d34fb137%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Split GPG: thunderbird+enigmail stopped cache password

2016-12-27 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-27 08:56, 5qdxzn+46dbca9vmtsno via qubes-users wrote:
> So, this still doesn't work under the debian-8 template. After the 
> update the QUBES_GPG_AUTOACCEPT stopped work and has no effect 
> whatsoever in the cache timeout. Therefore it would be advisable
> if this variable could be removed from the documentation as it does
> not work and could potentially lead to confusions among users.
> 

Is this with or without an empty/blank key passphrase?

> Since I'm running out of ideas or experiments in order to have the 
> gpg cache working again, I'll probably consider to change my
> template vm from debian-8 to fedora-24 (possible the minimal).

Works fine for me with the default fedora-24 template.

> Before I do that, I'd like to know from the qubes community which 
> kind of security setup is the most advisable for the vault and 
> icedove/thunderbird ?

What exactly do you mean?

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYYq+aAAoJENtN07w5UDAw8YEP/3YT+Eq4UFH6VPeAAGX72LFj
rak9nE7Nwje9f5ZaEzsNQHGTTKhICk7VedAdaMhOjAS1scagsCwGfMU8FO0mATGs
5Q9fLuzeEPaBogpJy2yABHJwZ+K9tUH8RJx/SCA9zLiJApTZ9d8OVmIWNYjY9ckB
J7zzMAvGfMh34YD4R+xQghj2aBG2HMzk81fO2e1RMhGJyAcRu8RYRb8RyRJAKqNQ
MvwwVwm25gsfW65QsMv4WS9az3AjyMDkSaVSVV1DTHvofPwE+Azu14DxGONsAls2
ruDOoI9TVLjffZIsCg3IYUMsfowg4b10Ty6aQfqVzDG2XmkHa5HD6ViFkugdo38Z
+8LS5uaX34scIm0/raC2clw3GSQBvlyqKJ6IKzVNqYeDConAQq7aOwB+u4KPcCUL
EcafiTobART9mQ5abc7K9wRk29pzunAENP5n94EI+JwqzUYgZg/3rZfCnjZ9aCz8
i9j8S0q2VwmIbz31NFgxTpHXYI8WutAEUU4KIQORsIJpEdaFbDDwzFcA/rozSCpL
R2UjO3s5usJvyp/wQDOf1vg2csQydKnIzjOG8ZgqHbDjO3XM0MYBswSLU6evaT8C
NOlSt0DPvKNJVIn4IJ4Khvs6XpssWTLJRUWrFp4EGJWPTendN7thp7Im1fLA2u4X
QKN6ZXDujQZv8Jc+lFHO
=0cqQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/87446ba2-1af0-53d0-44f4-43011b37cf44%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Patrick Bouldin
On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
> Hi, I saw some threads on this but am not clear at a high level.
> 
> I thought I would install dropbox client on one of my Fedora VMs so that 
> working with files is much smoother than from a browser. So, is installing a 
> Fedora Desktop the best plan to do that? Don't assume I know enough of native 
> Qubes ability please - maybe I'm missing a key point!
> 
> Thanks,
> Patrick

Ran into some issues, can I confirm what you said?

So I first installed dropbox according to dropbox instructions:

$ cd ~ && wget -O - "https://www.dropbox.com/download?plat=lnx.x86_64; | tar 
xzf -

That completes ok...
Then they say:

Next, run the Dropbox daemon from the newly created .dropbox-dist folder.

~/.dropbox-dist/dropboxd

I attempted this in the same Fedore template, is that correct? It installs but 
doesn't complete - it actually starts dropbox file synching.

I know you said that after I install according to your instructions to do:

$ sudo dnf install nautilus-dropbox 

I assume that is also on the Fedora template?

I tried that with and without the last instruction from dropbox on the template.

Incidentally, I am able to successfully load dropbox and synch on any of my 
VMs... (of course I lose it when restart). So just need clarification on the 
template.

PS - I do not want Dropbox to start in a VM unless I tell it.

Thanks!
Patrick
Dallas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5663e25d-7cf3-4276-8971-218c1314e36a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Split GPG: thunderbird+enigmail stopped cache password

2016-12-27 Thread 5qdxzn+46dbca9vmtsno via qubes-users
So, this still doesn't work under the debian-8 template. After the update the 
QUBES_GPG_AUTOACCEPT stopped work and has no effect whatsoever in the cache 
timeout. 
Therefore it would be advisable if this variable could be removed from the 
documentation as it does not work and could potentially lead to confusions 
among users.

Since I'm running out of ideas or experiments in order to have the gpg cache 
working again, I'll probably consider to change my template vm from debian-8 to 
fedora-24 (possible the minimal). Before I do that, I'd like to know from the 
qubes community which kind of security setup is the most advisable for the 
vault and icedove/thunderbird ?

Many thanks






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/960ca58adef3dbb0233523b2d80a97cbdf47%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS Live

2016-12-27 Thread raahelps
On Monday, December 26, 2016 at 7:32:08 AM UTC-5, niely@gmail.com wrote:
> Hi
> 
> This page [https://www.qubes-os.org/doc/live-usb/] says that Qubes OS Live is 
> still in Beta-version.
> 
> I'm wondering if this is than safe to use. Will I have the same 
> security-benefits if I use the Live-version than when I use the normal 
> version?
> 
> If no,
> would it be possible to install it on an USB and not on the default harddrive?
> 
> And when does it quit the beta?
> I think a Live-option would be a good thing this OS needs.
> 
> Thanks!

I believe the usb stick is good for just seeing what qubes looks like,  see if 
it boots on your system, and to check the hardware compatibility with the 
hcl-report command.   Not for everyday use.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b5c52a7-4323-4d73-854f-266a4591edc5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

2016-12-27 Thread raahelps
I agree,  redhat seems to always be finding the most crucial vulnerabilities in 
linux.  Also imo,  fedora is the most secure big linux distro by default. (a 
firewall on by default, selinux etc  
https://fedoraproject.org/wiki/Security_Features?rd=Security/Features) So we 
know they take security seriously, when most distros dont' give it a look.  In 
fact I can't think of any major distro that does besides debian stable.   
Something like gentoo or arch might not have as much hardware support.

 Qubes is aimed at home desktop users I believe, so they want something easy to 
manage,  and they also want broad hardware support.

That being said there are things like the latest drive by downloads affecting 
fedora and google chrome, but that would affect appvms not dom0.

But should be noted,  fedora and ubuntu were affected with the latest 
encryption bypass. (holding enter key down)  debian was not.  So if not fedora 
my vote is for debian.  But those are the only two i would nominate.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5826f94-762d-40b3-af63-70e1da3cdce9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora Desktop in Qubes

2016-12-27 Thread Patrick Bouldin
On Wednesday, December 21, 2016 at 6:13:24 AM UTC-5, Patrick Bouldin wrote:
> Hi, I saw some threads on this but am not clear at a high level.
> 
> I thought I would install dropbox client on one of my Fedora VMs so that 
> working with files is much smoother than from a browser. So, is installing a 
> Fedora Desktop the best plan to do that? Don't assume I know enough of native 
> Qubes ability please - maybe I'm missing a key point!
> 
> Thanks,
> Patrick

Thanks for all the info on this!
Patrick
Dallas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/353f3849-e0ff-454c-811c-3007ec0ee888%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Issues connecting behind hotel NAT

2016-12-27 Thread creative . rebirth
OK, so setting a disposable VM to the sys-net seems to do the trick. Thanks for 
your help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d986cda-e4ce-4b9c-8374-92182be3d9d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Issues connecting behind hotel NAT

2016-12-27 Thread creative . rebirth
Thanks, I'll try that next time ~

For now, it seems I found a workaround by connecting via LAN, pull up the 
landing page, disconnecting and connecting to Wifi, then accepting the form on 
the landing page.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f7daafc-2a87-4b42-810b-5280aaa678cf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Issues connecting behind hotel NAT

2016-12-27 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-12-27 07:14, creative.rebi...@gmail.com wrote:
> I'm behind a hotel NAT that hijacks the connection and tries to
> redirect to a landing page upon first connection.
> 
> The NAT is implemented pretty terribly, I think it is hijacking DNS
> to bring you to the landing page, so in another OS I have to load
> up a browser and navigate to a specific ISP website that shares
> certs with the page it's trying to redirect me to.
> 
> That allows my browser to trust the redirect and takes me to the
> appropriate landing page.
> 
> It doesn't seem to be this "simple" in Qubes. Navigating to the
> page doesn't work. I assume it's because of the firewall?
> 
> Any help is greatly appreciated. I'm still a Qubes newbie, only had
> it for a week, so be easy on me!
> 

Have you tried starting a DispVM and setting sys-net as its NetVM?

Alternatively, you could make a temporary sys-net, base it on a
template with a browser, start the browser directly in sys-net, and
try to connect from there.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYYoc/AAoJENtN07w5UDAwWO0P/1g3scIP2LzNTb/xs3yPnjHf
SoQx68AQPdUXeem8J43kNzKs3+AUV4xTQSYIQNbYNBkO3rj7QywNHVn2D2/xWkmo
a4sim/E73uZxN8XmU4ZP9/DxdaoC1WYrlBpLydaE9Rvx9wH5vNbBY/rQgFuddDwi
/YJxXqw27c+h281pWWaNFnUoMpfuvJ5zcn+r1LgtxsezF9ti5ybxYJIYCVKngFeZ
qnkC42wEeUPHhGPCMz9btHms1An6E4bFYM57BoORKgh6kzfd5kMQedJahsjbssyz
4u2HrzoxBkKd8zkYTXyydHU3YLwMfgChKz6486Ht700SdSV9bnZZQ9QNxwck6gGX
97HCsyyfMPWRoOzVk4y5YI4F72PPWT58KCGjjrOdrgRsCadLlMX6mKdDDXXcKHzc
7unumvtEIbK2Qqmdm+RZxpI3Auj0tgK4coCxRCLaNLu7NT+l9e3dsrlLnmaDB5Tl
BR0ChJ8iA0A457Ciw54HHmw1fEdtyGxa8kiXWNdPxebhGQTrwpzNtAVeUkEND2c+
uG8as2ruBVnV5uAnMAwgNmKTEn+FehAZmICFFhGpEAqqQBrRsJATGnO9laPooGQt
b8mjPqD9KsRbq9gmOtFHjL2ZHSwH2EbV+1NAjHpuH0oblcu8U5jmPp/6KmKbLEX9
C9nVHODvKxYhXBKTsvGy
=2KWK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23ed59e9-fdef-7161-296b-5d9580224de9%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Issues connecting behind hotel NAT

2016-12-27 Thread creative . rebirth
I should add that things seem to work as expected if I bridge the connection 
between my other computer and Qubes with a LAN cable and connect through that 
computer. Both PCs will take me to the landing page and I have to accept for 
each PC.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3907ba52-b14e-49d2-bce8-0f118aeb158b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Issues connecting behind hotel NAT

2016-12-27 Thread creative . rebirth
I'm behind a hotel NAT that hijacks the connection and tries to redirect to a 
landing page upon first connection.

The NAT is implemented pretty terribly, I think it is hijacking DNS to bring 
you to the landing page, so in another OS I have to load up a browser and 
navigate to a specific ISP website that shares certs with the page it's trying 
to redirect me to.

That allows my browser to trust the redirect and takes me to the appropriate 
landing page.

It doesn't seem to be this "simple" in Qubes. Navigating to the page doesn't 
work. I assume it's because of the firewall?

Any help is greatly appreciated. I'm still a Qubes newbie, only had it for a 
week, so be easy on me!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf38703f-bf1e-468f-abb1-ed0e25cbfdf0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

2016-12-27 Thread pixel fairy
On Tuesday, October 1, 2013 at 6:32:41 PM UTC-7, ears...@gmail.com wrote:
> We all know Fedora is a big name, but is it a good choice for a Security 
> Driven OS like QubeOS to be based around?
> What do others here think?

There are a lot of packages creating a bigger attack surface. but, bigger 
distros like fedora have companies behind them like red hat. red hat has been 
pretty good about actively looking for vulnerabilities in those packages. 
distros that automatically upgrade to the latest version (gentoo etc) can also 
burn you. they would make better template vms where your more likely to want 
newer software and new issues can be better contained. 

for dom0, newer distros are better at hardware compatibility with those fancy 
new processors, graphics cards and storage controllers in laptops.

just personal opinion, but wayland is a better fit than x11 for qubes in the 
long run. fedora is the only distro with a dedicated security staff actively 
supporting it.

anytime you abstract a layer, your diluting your resources. maintaining a dom0 
isnt much more work than a domu template, but if you want to add slackware, 
arch, and gentoo, youve now more than doubled the developers distro maintanance 
work when they could be working on stability and features. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e58b3b5b-96f8-429d-85ad-38a325721642%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] [Win7-HVM] Problems with disk space

2016-12-27 Thread Антон Чехов
Hello,

I installed a Win7 HVM template like described in the docs. It's working fine 
but there is one thing I can't work out yet. I have now assigned 40GB of max 
system storage and 30GB of max private storage. I started with the original 
settings. Opening the appvm, my disk shows only 19.8GB of disk space with 
almost all of the space being used. 
Starting WinUpdate I cannot install most of it because there is only 500Mb of 
free space.

I checked the space as to the docs regarding increasing disk size for VM. 
Everything seems to be okay.

Anything I can do, to have more space available?

PS: Windows Tools didn't seem to have installed, but I wanted to sort out the 
problems with disk space at first.

Thanks for taking the time to read.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7724f8a5-d8ba-4da7-86a7-6039d97181c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Is Fedora Really A Good Choice For QubeOS?

2016-12-27 Thread taii...@gmx.com

On 12/26/2016 08:30 PM, Drew White wrote:


On Thursday, 3 October 2013 08:52:22 UTC+10, Mailbe User  wrote:

I think the hardest problem here is people putting aside their distro war 
differences.

Here I see Joanna mention this; 'it should have the latest Desktop Environment 
and Xorg drivers to make the GUI look slick'.

No offense intended for you Joanna but I hope that was meant as a joke. Just 
because you have the latest DE and up to date system does not mean it works 
good at all.

People seem to be FORGET one simple thing > STABILITY!

Without Stability none of it matters if your always running into performance 
issues and things breaking all the time, and that is something I constantly see 
with most distros.

All distros have their Pros & Cons, but the truth is because Slackware is one 
of the simplest distros you hardly run into issues like most distros.

So let's put our personal differences aside and talk facts. The fact is Slackware 
is the most stable and least troublesome of all distros and it's the oldest too for 
one good reason, it's built on a simple principle of STABILITY over bells & 
whistles, and if you need some of the latest goodies then you can certainly go out 
there and grab it and compile it yourself. Making slackware packages and adding in 
dependencies for them is not that complicated once you've done it.

Let me make this clear I like all Linux distros, they all have something 
different they bring to the table, and any Linux in my book is better than 
Windows! But the FACT is, again, no one can touch Slackware for it's STABILITY!

So we want a SECURE OS, what good is it, if it's always having problems, things 
breaking, crashes, etc...? And if you're going to build this OS around Fedora, 
then be prepared for A LOT of breakage in the future.

Security does not always needed the LATEST UNLESS there is a SECURITY ISSUE 
that needs fixing, Security should be more CONCERNED with STABILITY! :)

NOW with all the distros out there does everyone run into issues all the time? 
NO, but then again, bugs are called bugs for a reason, not everyone gets them. 
But when you compare all the distro problems of other distros, compare to 
Slackware, Slackware has the least amount, and it's not just because of more 
experienced users, because Patrick Volkerding builds a distro that's stable and 
has always been the most stable of any distro out there.


Cheers :)
-
Mail.be, WebMail and Virtual Office
http://www.mail.be

If you can get a Slackware version working, for Dom0 as well as Guests, I know 
many people that would switch over to Qubes.

There are many people that hate SystemD.

Also, having a stable platform, one that isn't releasing a new version every 10 
seconds like Fedora, and only just updates to the system to ensure security 
would be of great advantage.

If you can get it done with Qubes 3.2, that would be perfect, since Qubes 4.0 
will not work on much hardware that people use these days (according to the 
requirements).

Yeah I really hate using systemd and being forced in to whatever 
redhat/poettering is doing at the moment.


Instead of dropping support for non IOMMU systems there should simply be 
a security rating slide with different levels and colors to indicate 
security status when you start the installer (test for HVM, IOMMU, 
IOMMU-Interrupt Remapping, SLAT, presence of ME/PSP or other DRM, 
firmware security such as prop bios > coreboot > blob free coreboot as 
the most secure, etc)


Qubes should be geared to power users, not the average idiot that 
doesn't want to put in the slightest bit of effort to understand security.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1cbd8147-6acb-bbd4-67ae-48bbb520f98d%40gmx.com.
For more options, visit https://groups.google.com/d/optout.