[qubes-users] All audio on streaming video out of sync

2017-01-13 Thread Gaijin
All of the audio for videos played on my AppVMs, regardless of what 
template it's based on (Fedora 24/Debian 8), or what browser I try 
(Firefox/Chrome/Vivaldi), is completely out of sync. It's not just 
YouTube, but Vimeo, self-hosted, etc.


I tried uncommenting audio_low_latency in /etc/qubes/quid.conf in dom0
That didn't fix things.
I tried playing with the realtime-priority in /etc/pulse/daemon.conf
That didn't seem to make any difference.

Are there any other places where I could try to fix this latency issue? 
I assume it's dom0 as everything is affected.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9bbee48082174f3e6c8cb2d58a1218a3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] OnionShare

2017-01-13 Thread haxy
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 2017-01-08 17:44, Unman wrote:
>>> On Mon, Jan 09, 2017 at 01:16:01AM +, Unman wrote:
 On Mon, Jan 09, 2017 at 12:48:58AM -, haxy wrote:
>> On Sun, Jan 08, 2017 at 11:50:37PM -, haxy wrote:
> On Wed, Jan 04, 2017 at 03:02:48AM +, Unman wrote:
>> On Wed, Jan 04, 2017 at 12:39:39AM -, haxy wrote:
 On Mon, Jan 02, 2017 at 11:35:22PM -, haxy wrote:
> Does OnionShare work safely in Qubes?
>
> Gave it a try with an AppVm based on a qubes-debian template
>>> but
>> wasn't
> able to get it working.
>
> Haven't been able to find any posts in the qubes users or
> devel
>> forums
> about this. Did see some discussion on the whonix forum but
>>> that
>> looks
> to
> still be in the development stage.
>
> Would it be possible using a non-qubes debian or fedora hvm?
>
>

 You don't say why you weren't able to get it working, or what
>>> steps
>> you
 took to troubleshoot the problem.
 I can confirm that it works fine on a standard Debian appVM.

 From your reference to whonix, I suspect that that is your
>>> problem.
>> I
 don't use whonix so cant check this but I believe that
>>> onionshare
>> relies
 on access to a tor control port opened with Tor Browser. I
 think
>> that
 the whonix design would preclude this.

 You can try with a normal qube connected to sys-firewall. You
>>> can't
>> use
 the normal qubes torVM because that doesn't have the control
>>> port
>> open,
 but with some minor modifications you can fix this, and then
 try
>>> to
>> run
 onionshare there.

 I don't believe there are any "safety" issues.

 unman
>>>
>>> @ unman:  Thanks and you are right.  I should have included the
>>> steps
>>> taken to troubleshoot.
>>>
>>> Steps taken:
>>>
>>> 1. Using a cloned qubes-debian template created an AppVM.
>>> 2. Installed onionshare via debian apt-get.
>>> 3. Was able to open onionshare but not able to connect using
>> sys-firewall
>>> as the Net-VM.
>>> 4. Deleted the AppVM, created new AppVM and reinstalled via
>>> debian
>>> apt-get.  Although onionshare appeared to install properly,
>> onionshare
>> was
>>> not accessable via konsole nor visible in file manager.
>>> 5. Installed in the cloned template with the same results.
>>>
>>> unman quote: I can confirm that it works fine on a standard
>>> Debian
>> appVM.
>>>
>>> As I'm unsure, are you referring to an AppVM based on the
>>> included
>> qubes
>>> debian template?
>>>
>>> Maybe a problem with the debian repo?  Did you install via
>>> debian
>> repo
>> or
>>> do a build?
>>>
>>
>> I used a qube based on the standard Debian template.
>> Cloned with git and installed the dependencies, and the TBB.
>> Started the TorBrowser.
>> Ran the onionshare-gui script.
>> Tested the connection to TorBrowser from File-Settings.
>> Shared a file.
>>
>> I'll check using the Debian package.
>>
>
> OK, well apart from the huge dependencies pulled in, everything
>>> seemed
> to work.
> Created qube based on standard Debian template.
> Installed the onionshare package with apt-get.
> Started onionshare-gui from xterm.
> I had to start TBB - why? The install pulled in tor and started
> it.
> Once TBB running and checked, I could share files.
>
> In view of your later email I'd suggest testing with a standard
> TBB.
> You can follow progress from the term where you started
> onionshare,
>>> and
> you should see the connection established to the control port and
>>> then
> the HS being set up.
> Obviously you will need to test the TBB is working.
>
> unman
>
>
>
 @ unman:  Thanks for your help!  Onionshare working now.
 Found that "searching" for onionshare after install would only
 work
 as
 root.

 Also, you were right about testing with standared TBB version.
 Using the hardened version results in:

 "Can't connect to Tor 

[qubes-users] Disable Intel ME

2017-01-13 Thread Connor Page
thank you for the link. I have successfuly tried it on a Haswell notebook. it 
doesn't disable ME but (supposedly) limits it's functionality by removing all 
modules but 2.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/443c2293-5cb6-4a44-bcc5-56ccc56a90e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Updates, security

2017-01-13 Thread haxy
> Going back to the first post.
>
> "Qubes repository will allow changing the
> "http" to "https" in the qubes entry /etc/apt/sources.list.d/."
>
> How would one implement that on a qubes-fedora template?
>
> Looking at Installing and updating software in VMs
> "http://qubesosmamapaxpa.onion/doc/software-update-vm/;
>
> It looks like https mirrors are used for fedora and that other entries in
> yum.repos.d including qubes-*.repo could be changed from http to https.
>
> Would that work?
> Although onion service would be preferred, might be a bit better than
> clearnet after exit node.
>


Sorry, thought this would merge with the previous Updates, security post.

Link here:
https://groups.google.com/forum/?_escaped_fragment_=topic/qubes-users/MZ4Lnene4FM#!topic/qubes-users/MZ4Lnene4FM


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d91cb8b3a6a000b82e5cf18dc244e33.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Updates, security

2017-01-13 Thread haxy
Going back to the first post.

"Qubes repository will allow changing the
"http" to "https" in the qubes entry /etc/apt/sources.list.d/."

How would one implement that on a qubes-fedora template?

Looking at Installing and updating software in VMs
"http://qubesosmamapaxpa.onion/doc/software-update-vm/;

It looks like https mirrors are used for fedora and that other entries in
yum.repos.d including qubes-*.repo could be changed from http to https.

Would that work?
Although onion service would be preferred, might be a bit better than
clearnet after exit node.







-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fcd1f8e782a906fb5d9b1430ee885e7.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Web video suddenly plays at 1/6 speed

2017-01-13 Thread justin . h . holguin
I have a recent desktop machine running Qubes 3.2 on a 4GHz i7 with 16GB of RAM
and integrated Intel graphics. Until yesterday, I'd been happily watching
Netflix and Youtube videos without any trouble.

Then I boot up my PC one day and suddenly playback on those sites is at about
1/6 speed--totally unwatchable. It's the same whether the Qube is based on
fedora-23, fedora-24, debian-8, or debian-9. It also doesn't matter whether I
use Firefox or Chrome. It still happens on a fresh Qube made from an untouched
template.

Performance otherwise is great--my connection is testing at about 50Mb,
applications (including browsers) are fast and responsive as ever. I can even
watch videos in VLC without any problems. It's only browser-based playback that
doesn't work, and it never works no matter what.

I didn't do anything unusual before this started happening except trim all the
templates (which I'd never done) and update all the templates (which I do
regularly).

I'm completely baffled by this, so I'm turning to the list for help. Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97bd3161-ee71-4169-a194-4bf452729fff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] kali failing to start as a HVM (bootable iso)

2017-01-13 Thread cubit
I'm trying to run the kali iso as a HVM but when running qvm-start in dom0  it 
just fails with the errors below.  The template being used is a standalone HVM. 
Can anyone have pointers on how to work this?

$ qvm-start kali --cdrom work:/home/user/kali-linux-xfce-2016.2-amd64.iso
--> Loading the VM (type = HVM)...
Traceback (most recent call last):
  File "/usr/bin/qvm-start", line 136, in 
    main()
  File "/usr/bin/qvm-start", line 120, in main
    xid = vm.start(verbose=options.verbose, 
preparing_dvm=options.preparing_dvm, start_guid=not options.noguid, 
notify_function=tray_notify_generic if options.tray else None)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/01QubesHVm.py", line 
335, in start
    return super(QubesHVm, self).start(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line 
1966, in start
    self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
  File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in 
createWithFlags
    if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed', 
dom=self)
libvirt.libvirtError: internal error: libxenlight failed to create new domain 
'kali'





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KaOx8iE--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: New Lenovo laptops: X1 (4th Gen), T460/p, and T560

2017-01-13 Thread justin . h . holguin
On Saturday, April 30, 2016 at 12:13:18 AM UTC-7, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Has anyone had a chance to test (or is in a position to test) Qubes
> compatibility with any of the new higher-end Lenovo laptops, such as
> the X1 Carbon (4th Gen), the T460/p, or the T560?

I've been using 3.2 on a (hidpi) T460p for a couple of months now and it works 
great. Here are some quick bullet points:

* Intel graphics only. There's an NVidia card in there as well, but it's unused 
in Qubes.
* Wifi works flawlessly.
* Integrated webcam works great with USB passthrough.
* No installer issues at all--everything just worked.
* Sleep/resume functionality isn't perfect, but it works about 80+% of the 
time. Better than Ubuntu 16.10, FWIW.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5939ddde-e8db-4ded-ac31-12d14f042f9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Have Windows VM open and play video in Linux VM?

2017-01-13 Thread raahelps
On Monday, January 2, 2017 at 10:49:01 AM UTC-5, john.david.r.smith wrote:
> On 02/01/17 15:34, Jarle Thorsen wrote:
> > As there is currently no audio support for Windows in Qubes OS:
> >
> > Can I use any of the Qubes windows tools to copy a video file to a Linux vm 
> > and have it start playing there?
> >
> > The file should only be copied to a temp directory, and not put in 
> > QubesIncomming.
> >
> > Which tool/syntax will let me do this?
> >
> there are two ways:
> 1) (the better way if you can get a working setup)
> for sound/video you can use streaming software (i did this some time ago).
> you have a windows vm W and some linux vm N.
> you set N as netvm for W.
> then you use some virtual soundcard (i think i used hifi cable) and some 
> streaming software to stream the sound to the linux vm (i can't remember 
> what i used.)
> on N you receive the stream.
> since you can hear all audio output of a linux vm, you will hear sound 
> from W.
> 
> my setup was fiddly and had about 2 sec audio delay. (but i did not 
> really bother to fix it, so you probably can do better)
> 
> 2)
> again have some linux vm N as netvm of a windows vm W.
> then you can use public folders on W and mount the public folder on N.
> now you can play the video from N.
> 
> i used both methods for a while (until i  completely switched to linux 
> for all my work-flows).
> in both cases i did not use the windows tools.
> 
> if you have working windows tools, you should have a qvm-open-in-dispvm 
> command .
> you could also try this command.
> (i am not really sure whether the windows tools contain this command)

sounds like this would be great for a big music playlist.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e876e69a-0e37-479f-99dc-7c67aba8a52e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Have Windows VM open and play video in Linux VM?

2017-01-13 Thread raahelps
On Monday, January 2, 2017 at 9:34:41 AM UTC-5, Jarle Thorsen wrote:
> As there is currently no audio support for Windows in Qubes OS:
> 
> Can I use any of the Qubes windows tools to copy a video file to a Linux vm 
> and have it start playing there?
> 
> The file should only be copied to a temp directory, and not put in 
> QubesIncomming.
> 
> Which tool/syntax will let me do this?

just copy it to a dispvm.  open vlc in a dispvm.  copy the file there.  very 
easy.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/39d5a108-6d36-42b9-8889-98cbef56a287%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Domains Have Internet But Templates No

2017-01-13 Thread raahelps
if its because you want to install something you can use a dispvm to download 
it and transfer it over to the template, if worried webpage malicious.  But 
then you'd have to worry about the file you transferred over, depends if you 
trust it or not.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5aa5777a-9eee-40ae-8706-8b785722e46a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to get bluetooth keyboard working in dom0?

2017-01-13 Thread raahelps
On Thursday, January 12, 2017 at 2:32:09 AM UTC-5, John Smith wrote:
> Anyone know how to get a bluetooth keyboard working in dom0 (so I can use it 
> with all AppVMs). I'm aware of the security risks but I have an ergonomic 
> split keyboard which I would really like to use with Qubes. The keyboard I'm 
> trying to connect is called the Kinesis Freestyle2 Blue. It uses a 
> non-proprietary bluetooth dongle. Regular logitech proprietary bluetooth 
> keyboards seem to work out of the box with their own dongles but I couldn't 
> get Qubes to detect my non-proprietary usb bluetooth dongle. Can someone 
> please provide me the step by step info to get this working? I'm running a 
> fresh default install of the latest version of Qubes 3.2. Thanks in advance.


maybe this will help  http://forums.fedoraforum.org/showthread.php?t=303654

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/175938fe-0f70-4ce3-9b84-df0c6cf255ec%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: VM chaining visualisation tool

2017-01-13 Thread raahelps
On Friday, January 13, 2017 at 5:02:02 PM UTC-5, raah...@gmail.com wrote:
> On Thursday, January 12, 2017 at 1:11:48 AM UTC-5, Steve wrote:
> > Is there a way I can get a real time visualisation of the VM chaining , for 
> > example a Domain chaining through a firewall through a VPN and sys Network ?
> 
> for seeing network connections i use etherape. But i don't run it in 
> sys-firewall, which would show which vm making the connection,  cause I feel 
> it unsafe.   but nice thing about qubes safe to use in sys-net, not as 
> detrimental.

I mean anything listening is not safe.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ab7ee4f-3e72-4e37-a0cc-a6ef6b4b4d64%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Prob installing VLC in Fedora24 Template

2017-01-13 Thread raahelps
On Thursday, January 12, 2017 at 1:11:02 PM UTC-5, Arnulf Maria Bultmann wrote:
> When I try to install vlc als described in the faq and elsewhere I get this 
> error:
> 
> Downloading Packages:
> (1/60): aalib-libs-1.4.0-0.29.rc5.fc24.x86_64.r 126 kB/s |  70 kB 00:00   
>  
> [MIRROR] vlc-3.0.0-19.20170104gitf8f5395.fc24.x86_64.rpm: Interrupted by 
> header callback: Server reports Content-Length: 15400 but expected size is: 
> 1605926
> [FAILED] vlc-3.0.0-19.20170104gitf8f5395.fc24.x86_64.rpm: No more mirrors to 
> try - All mirrors were already tried without success
> (3-4/60): libcaca-0.  5% [=   ] 708 kB/s | 1.6 MB 00:37 
> ETA
> The downloaded packages were saved in cache until the next successful 
> transaction.
> You can remove cached packages by executing 'dnf clean packages'.
> Error: Error downloading packages:
>   Cannot download vlc-3.0.0-19.20170104gitf8f5395.fc24.x86_64.rpm: All 
> mirrors were tried
> 
> I tried it several times and got always the same error.
> 
> Procedure:
> sudo dnf upgrade --refresh
> sudo dnf install vlc
> 
> Any advice?

did you try this?  You can remove cached packages by executing 'dnf clean 
packages'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6b51104d-f1b5-4426-ad97-0bbe8793f2ee%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: DispVM does not work anymore

2017-01-13 Thread raahelps
On Thursday, January 12, 2017 at 9:01:03 AM UTC-5, mitte...@digitrace.de wrote:
> Hey there,
> 
> today I noticed that my dispVM is no longer working (not in Dom0 and not
> in AppVMs). There is the notification that the DispVM starts, but
> nothing shows up.
> If I start the internal fedora-23-dvm I boots up without any problems
> and also allows me to start tools (e.g. Firefox)
> 
> any idea what is wrong?
> 
> Thanks

open qubes-manager window.  click view and show internal vms.  Then remove the 
dvm qube.

then in a dom0 terminal make a new one.  qvm-create-default-dvm fedora-24.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46875d53-e37f-4097-84c3-72ffcd5b204a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Problem: Convert to Trusted PDF Hangs

2017-01-13 Thread raahelps
On Friday, January 13, 2017 at 8:19:38 AM UTC-5, Pushpins4u wrote:
> Greetings,
> 
> 
> 
> I recently began downloading PDFs in an anon-whonix VM and wanted to sanitize 
> them to move over to an offline VM attached to a storage USB.  Weeks ago I 
> was able to navigate to my downloaded PDFs in the anon-whonix Tor Browser 
> folder, right-click, and convert the PDFs successfully.  Copying them to my 
> offline VM and attached USB drive worked fine.
> 
> 
> 
> When I try this process now, the PDF conversion progress window gets to like 
> 95% full and then hangs.  I'm notified that a script appears to have hung and 
> asked if it should be terminated.  This is happening consistently with the 
> same PDF.
> 
> 
> 
> I'm up-to-date on my dom0.  Running on an HP EliteBook with i5 processor.
> 
> 
> 
> Ideas?
> 
> 
> 
> Thanks,
> 
> PP
> 
> 
> 
> 
> 
> 
> Sent with ProtonMail Secure Email.

copy the file to some other untrusted or disposablevm and see if it works 
there.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4437306-c2da-46e5-95d4-703ff6f3e71c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: FYI: Experimental Qubes coldkernel support now available

2017-01-13 Thread raahelps
On Friday, January 13, 2017 at 12:21:50 PM UTC-5, Marek Marczykowski-Górecki 
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Thu, Dec 15, 2016 at 03:11:29PM -0600, Colin Childs wrote:
> > Hi everyone,
> > 
> > Sorry for not getting on this list sooner, however it looks like testing
> > of coldkernel on Debian is largely going well! I see the most recent
> > issue from foppe, and will be attempting to reproduce later this evening.
> > 
> > If you run into issues that require coldhak attention, please do not
> > hesitate to open tickets at
> > https://github.com/coldhakca/coldkernel/issues, or email us directly at
> > cont...@coldhak.ca.
> > 
> > Thanks, and happy testing!
> 
> What are the plans for next stages here? I guess fixing Fedora support,
> right?
> 
> What about binary packages in general: I've heard there are some
> benefits from compiling the grsec-enabled kernel yourself, as some parts
> are randomized compile-time. Is that true? How much benefit it gives?
> 
> Anyway, I think in the end we need some packages in the repository for
> this. 
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJYeQymAAoJENuP0xzK19csj0cH/jh4eCtY4XoZgTd06EE+n3j6
> jBi6SmvafBAewpJkTjpRM4l8OrybuBJ/7l32LkyEtquZCaZWWxZo+sRCMm5N2stc
> bjYUrROaOYmXbh7T0cwH4L9uRjgZda0IUGlGcA0324TYtLR9VUds4fncH8c/h7lE
> kmNB3xX8x8KyTWH1v19dtoPyay20626eJP32qzeoDptcc0cyfpOKDZR5YNmf3b/K
> SZXNz2O10rbpBK+odtfY/VAHQqD3P6TKGeTKAF7WBeXHLqOjB6CBXjN/Aj9p9X94
> l/xeXIW+/EWwZtCBmgcRjVcUVYXVbHdGYTrS1OArRa9KSchBY/ENBedYRCs8GBs=
> =Rk3u
> -END PGP SIGNATURE-

you have to update it alot thats the thing. I think that is too much time for 
most repos so most people prolly always end up compiling it themselves to have 
the latest version.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/979d888d-9a26-48f5-977f-357a259945e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: install-run

2017-01-13 Thread raahelps
On Friday, January 13, 2017 at 3:03:59 PM UTC-5, tito...@gmail.com wrote:
> I am probably the most software ignorant person attempting to use this 
> os---nowhere near getting it to work. I am used to: "download", "install", 
> "run". 
> 
> I am using a 5 or 6 year old Dell xps 15 running windows 10 operating system. 
>  
> The qubes install instructions for version 3.2 end after usb install advice. 
> I followed it but, if something was supposed to happen automatically---it 
> didn't. After double clicking on some of the downloaded files, I have no idea 
> how to get this thing to work. Any files that offer to open are requesting 
> that I describe what method to use. I have no idea. And, after reading the 
> first 50 "install" posts I don't think I will find answers that I can 
> understand.  
> 
> If my message doesn't find a generous and patient helper then I am bound for 
> the computer shop---let the technician figure it out. Maybe my very a limited 
> digital vocabulary precludes any chance of getting qubes to work without 
> hours and hours of remedial education.

play with the bios options.  like boot mode, , hdd mode, usb options, is there 
options for vt-d or iommu?  Qubes can be picky with the bios settings.  make 
sure you using a new usb stick at least 8gb.  check the key sigs.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf49bc3f-debe-4e9f-86f8-32d7953f20d9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to autorun startup script on login/reboot in dom0 with i3wm?

2017-01-13 Thread raahelps
On Friday, January 13, 2017 at 1:41:20 AM UTC-5, John Smith wrote:
> I just installed i3wm and it switches my 2 displays from extended to 
> mirrored. In effort to fix this, I wrote a simple script called rc.local 
> containing the following commands:
> 
> xrandr --output DP-1 --auto
> xrandr --output VGA-1 --right-of DP-1
> xrandr --output VGA-1 --mode 1920x1080
> 
> The script works fine when I execute it manually from the terminal (I've 
> already done chmod+x). However, at the end of my /etc/i3/config file i added 
> the line:
> 
> exec /etc/rc.local
> 
> I added this line to automatically run the script when i reboot my computer 
> but for some reason it doesn't work. I've tried it with single and double 
> quotes as well as exec_always and --no-startup-id but nothing seems to work. 
> Any ideas how I can get this working? I've also tried putting the commands 
> directly into the config without calling the script but that didn't work 
> either. Even echo test >> /tmp/testfile didn't output anything. Any ideas 
> would be much appreciated, thanks.

wouldn't it just work like a normal baremetal linux system? I been using 
windows so much lately right now I'm drawing a blank lol.  I think you got a 
choice of whole whost of diff directories to try, google fedora.

last time I had to do this I made a .desktop file.  Does that work in xfce? I'm 
not sure.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ccba0ee-3471-44f9-80a8-09238e266f9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to autorun startup script on login/reboot in dom0 with i3wm?

2017-01-13 Thread John Smith
On Friday, January 13, 2017 at 6:52:39 AM UTC-7, 01v3g4n10 wrote:
> On Friday, January 13, 2017 at 12:41:20 AM UTC-6, John Smith wrote:
> > I just installed i3wm and it switches my 2 displays from extended to 
> > mirrored. In effort to fix this, I wrote a simple script called rc.local 
> > containing the following commands:
> > 
> > xrandr --output DP-1 --auto
> > xrandr --output VGA-1 --right-of DP-1
> > xrandr --output VGA-1 --mode 1920x1080
> > 
> > The script works fine when I execute it manually from the terminal (I've 
> > already done chmod+x). However, at the end of my /etc/i3/config file i 
> > added the line:
> > 
> > exec /etc/rc.local
> > 
> > I added this line to automatically run the script when i reboot my computer 
> > but for some reason it doesn't work. I've tried it with single and double 
> > quotes as well as exec_always and --no-startup-id but nothing seems to 
> > work. Any ideas how I can get this working? I've also tried putting the 
> > commands directly into the config without calling the script but that 
> > didn't work either. Even echo test >> /tmp/testfile didn't output anything. 
> > Any ideas would be much appreciated, thanks.
> 
> Have you tried placing it in /rw/config/rc.local?
> https://www.qubes-os.org/doc/config-files/

No, that directory doesn't exist in dom0, its only for VMs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/193dd722-f180-45b7-999d-07a994994a06%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] install-run

2017-01-13 Thread Franz
Hello titotobob

On Fri, Jan 13, 2017 at 5:03 PM,  wrote:

> I am probably the most software ignorant person attempting to use this
> os---nowhere near getting it to work. I am used to: "download", "install",
> "run".
>
> I am using a 5 or 6 year old Dell xps 15 running windows 10 operating
> system.
> The qubes install instructions for version 3.2 end after usb install
> advice. I followed it but, if something was supposed to happen
> automatically---it didn't. After double clicking on some of the downloaded
> files, I have no idea how to get this thing to work. Any files that offer
> to open are requesting that I describe what method to use. I have no idea.
> And, after reading the first 50 "install" posts I don't think I will find
> answers that I can understand.
>
> If my message doesn't find a generous and patient helper then I am bound
> for the computer shop---let the technician figure it out. Maybe my very a
> limited digital vocabulary precludes any chance of getting qubes to work
> without hours and hours of remedial education.
>
>
>
You are right, it is not easy enough, even if countless hours have been put
in this project just to simplify your life. It is the nature of the project
that is very complex to satisfy the ambitious aim of getting a reasonable
safe computer even using hardware that is not made with security in mind.

It may be easier to make some practice with another linux distribution that
is used in Qubes, like Fedora or Debian to understand how to install the
operative system.

Qubes can be downloaded here https://www.qubes-os.org/downloads/
The instructions to prepare a USB key to install Qubes are here
https://www.qubes-os.org/doc/installation-guide/
Best
Fran


>
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/fccac9c6-ecb1-455d-8cda-49026f6845e2%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAggJ-csceEmwSKYGZpCL%3DoduR40_NNfCktp8BAeFvnVw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] install-run

2017-01-13 Thread titotobob
I am probably the most software ignorant person attempting to use this 
os---nowhere near getting it to work. I am used to: "download", "install", 
"run". 

I am using a 5 or 6 year old Dell xps 15 running windows 10 operating system.  
The qubes install instructions for version 3.2 end after usb install advice. I 
followed it but, if something was supposed to happen automatically---it didn't. 
After double clicking on some of the downloaded files, I have no idea how to 
get this thing to work. Any files that offer to open are requesting that I 
describe what method to use. I have no idea. And, after reading the first 50 
"install" posts I don't think I will find answers that I can understand.  

If my message doesn't find a generous and patient helper then I am bound for 
the computer shop---let the technician figure it out. Maybe my very a limited 
digital vocabulary precludes any chance of getting qubes to work without hours 
and hours of remedial education. 



 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fccac9c6-ecb1-455d-8cda-49026f6845e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: FYI: Experimental Qubes coldkernel support now available

2017-01-13 Thread Colin Childs
On 13/01/17 11:52 AM, Colin Childs wrote:
> On 13/01/17 11:21 AM, Marek Marczykowski-Górecki wrote:
>> On Thu, Dec 15, 2016 at 03:11:29PM -0600, Colin Childs wrote:
>>> Hi everyone,
>>
>>> Sorry for not getting on this list sooner, however it looks like testing
>>> of coldkernel on Debian is largely going well! I see the most recent
>>> issue from foppe, and will be attempting to reproduce later this evening.
>>
>>> If you run into issues that require coldhak attention, please do not
>>> hesitate to open tickets at
>>> https://github.com/coldhakca/coldkernel/issues, or email us directly at
>>> cont...@coldhak.ca.
>>
>>> Thanks, and happy testing!
>>
>> What are the plans for next stages here? I guess fixing Fedora support,
>> right?
>>
>> What about binary packages in general: I've heard there are some
>> benefits from compiling the grsec-enabled kernel yourself, as some parts
>> are randomized compile-time. Is that true? How much benefit it gives?
>>
>> Anyway, I think in the end we need some packages in the repository for
>> this. 
>>
>>
> Hi,
> 
> Please see
> https://github.com/coldhakca/coldkernel/issues?q=is%3Aissue+is%3Aopen+label%3Aqubes
> for the next steps along, with their planned release versions. We are
> currently planning to shit 0.9b within the next week.
> 
> 0.9a (the current release) was not released with Fedora support, and
> this was pulled from the README before the release was cut. The 0.9b
> release will be focused on Whonix as well as Fedora, however Whonix is
> currently taking priority. The goal is to push out both Whonix and
> Fedora support with 0.9b, however if Fedora support looks like it will
> take considerably longer, it will be bumped to 0.9c.
> 
> For providing binary packages, our goal is to offer grsec enabled
> binaries for Debian. Offering pre-built Fedora binaries is not currently
> in the roadmap, however it could potentially be added down the line.
> 
> There are some protections that come with compiling the kernel by hand,
> such as an actually random/functional GRKERNSEC_RANDSTRUCT[1].
> 
> [1]:
> https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options
> 
Hi everyone,

Sorry about the really unfortunate typo/correction in the first
paragraph of my previous email.

I hope you all have a nice weekend!

-- 
Colin Childs
Coldhak
https://coldhak.ca
Twitter: @coldhakca

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf843318-186a-3ab8-55c8-3cada1f12ae8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: FYI: Experimental Qubes coldkernel support now available

2017-01-13 Thread Colin Childs
On 13/01/17 11:21 AM, Marek Marczykowski-Górecki wrote:
> On Thu, Dec 15, 2016 at 03:11:29PM -0600, Colin Childs wrote:
>> Hi everyone,
> 
>> Sorry for not getting on this list sooner, however it looks like testing
>> of coldkernel on Debian is largely going well! I see the most recent
>> issue from foppe, and will be attempting to reproduce later this evening.
> 
>> If you run into issues that require coldhak attention, please do not
>> hesitate to open tickets at
>> https://github.com/coldhakca/coldkernel/issues, or email us directly at
>> cont...@coldhak.ca.
> 
>> Thanks, and happy testing!
> 
> What are the plans for next stages here? I guess fixing Fedora support,
> right?
> 
> What about binary packages in general: I've heard there are some
> benefits from compiling the grsec-enabled kernel yourself, as some parts
> are randomized compile-time. Is that true? How much benefit it gives?
> 
> Anyway, I think in the end we need some packages in the repository for
> this. 
> 
> 
Hi,

Please see
https://github.com/coldhakca/coldkernel/issues?q=is%3Aissue+is%3Aopen+label%3Aqubes
for the next steps along, with their planned release versions. We are
currently planning to shit 0.9b within the next week.

0.9a (the current release) was not released with Fedora support, and
this was pulled from the README before the release was cut. The 0.9b
release will be focused on Whonix as well as Fedora, however Whonix is
currently taking priority. The goal is to push out both Whonix and
Fedora support with 0.9b, however if Fedora support looks like it will
take considerably longer, it will be bumped to 0.9c.

For providing binary packages, our goal is to offer grsec enabled
binaries for Debian. Offering pre-built Fedora binaries is not currently
in the roadmap, however it could potentially be added down the line.

There are some protections that come with compiling the kernel by hand,
such as an actually random/functional GRKERNSEC_RANDSTRUCT[1].

[1]:
https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options

-- 
Colin Childs
Coldhak
https://coldhak.ca
Twitter: @coldhakca

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e80fd1c8-fa4b-8219-e666-2a86d6a8ff5d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] clear tmp resources

2017-01-13 Thread 5zqygp+aly96990cmgjc via qubes-users
Qubes is very nice and looking good.

Listen I am new but wanted to know something. If I get /tmp /trash is full 
messages
even when my can is empty besides rebooting? How can I clear all that out on 
Qubes?

Any command assistance is appreciated. Thanks :)






Sent using Guerrillamail.com
Block or report abuse: 
https://www.guerrillamail.com//abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58e6d275daabb48174a6294c2fa85acf9911%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: FYI: Experimental Qubes coldkernel support now available

2017-01-13 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Thu, Dec 15, 2016 at 03:11:29PM -0600, Colin Childs wrote:
> Hi everyone,
> 
> Sorry for not getting on this list sooner, however it looks like testing
> of coldkernel on Debian is largely going well! I see the most recent
> issue from foppe, and will be attempting to reproduce later this evening.
> 
> If you run into issues that require coldhak attention, please do not
> hesitate to open tickets at
> https://github.com/coldhakca/coldkernel/issues, or email us directly at
> cont...@coldhak.ca.
> 
> Thanks, and happy testing!

What are the plans for next stages here? I guess fixing Fedora support,
right?

What about binary packages in general: I've heard there are some
benefits from compiling the grsec-enabled kernel yourself, as some parts
are randomized compile-time. Is that true? How much benefit it gives?

Anyway, I think in the end we need some packages in the repository for
this. 

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQEcBAEBCAAGBQJYeQymAAoJENuP0xzK19csj0cH/jh4eCtY4XoZgTd06EE+n3j6
jBi6SmvafBAewpJkTjpRM4l8OrybuBJ/7l32LkyEtquZCaZWWxZo+sRCMm5N2stc
bjYUrROaOYmXbh7T0cwH4L9uRjgZda0IUGlGcA0324TYtLR9VUds4fncH8c/h7lE
kmNB3xX8x8KyTWH1v19dtoPyay20626eJP32qzeoDptcc0cyfpOKDZR5YNmf3b/K
SZXNz2O10rbpBK+odtfY/VAHQqD3P6TKGeTKAF7WBeXHLqOjB6CBXjN/Aj9p9X94
l/xeXIW+/EWwZtCBmgcRjVcUVYXVbHdGYTrS1OArRa9KSchBY/ENBedYRCs8GBs=
=Rk3u
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170113172141.GK1341%40mail-itl.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Query - Why unable to clone net-sys VM ?

2017-01-13 Thread tezeb
On 01/13/17 05:26, Steve wrote:
> On Friday, January 13, 2017 at 3:29:45 AM UTC+4, Ángel wrote:
>> Steve wrote:
>>> my default net-sys includes both Ethernet and Wifi. I wanted to split them 
>>> out into 
>>> net-sys-eth and 
>>> net-sys-wifi
>>>
>>> each with the appropriate PCI device. I tried to clone the net-sys but it 
>>> is greyed out and I was wondering why 
>>>
>>
>> Probably because it is running. Stop the VM before attempting to clone it.
>> Also, you will need to remove one of the pci devices while it is
>> stopped, as those cannot be edited while it is running (nor can you
>> attach the same pci to two VMs).
> 
> I had everything shutdown apart from Dom0 but still greyed out. Doesn't look 
> like its possible to clone sys-net
> 

Have you tried using command line:

qvm-clone sys-net new_vm_name

Works for me :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6bc1467-9ff4-1bf8-2343-abc37bacc558%40outoftheblue.pl.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Problem: Convert to Trusted PDF Hangs

2017-01-13 Thread Ángel
Pushpins4u wrote:
> When I try this process now, the PDF conversion progress window gets
> to like 95% full and then hangs.  I'm notified that a script appears
> to have hung and asked if it should be terminated.  This is happening
> consistently with the same PDF.
> 
Does it only fail with *this* PDF (ie. you are still able to convert
other pdfs)?

It seems a problem with this specific pdf. pdf is a complex
specification so it's not that strange that there could be some special
case where the processor could apparently hang (I'm sure it's possible
to create a pdf requiring much more memory than could be available, for
instance).
If it's not confidential, the way to figure out why it fails would
involve sharing it with some dev...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484324259.1390.6.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Fedora 24 minimal template can not be setup with salt

2017-01-13 Thread qubes

Hi,

On 28.11.2016 03:09, Marek Marczykowski-Górecki wrote:

On Fri, Nov 18, 2016 at 01:46:26PM +0100, qu...@posteo.de wrote:
I am planning to setup my templates with salt. I have done some 
preparation
some time ago but not with the Fedora 24 templates I thought it was 
time to

do it properly.

One of the issues is that the minimal template can not use salt by 
default
afaik but needs the package "qubes-mgmt-salt" which needs to be 
installed

manually.


If you want to manage it from dom0, using qubesctl wrapper tool, you
don't need salt installed in target template at all. See here:

https://www.qubes-os.org/doc/salt/

When I try to do this on the Fedora 24 minimal template I get a 
conflict
between the packages qubes-mgmt-salt-config and salt-minion. The 
conflicting
files are /etc/salt and /etc/salt/minion.d. Is this known or is there 
a

workaround for it besides forcing the installation?


As noted above - you don't need qubes-mgmt-salt-config installed.
Neither salt-minion.

The only think you need, is qubes-mgmt-salt-vm-connector in your
_default_ template.


so I have installed the fedora-24-minimal-template package in Dom0, in 
the template I have installed the package 
"qubes-mgmt-salt-vm-connector".
But everytime I run `qubesctl --template state.highstate` to install the 
packages the template is started but the packages are not installed. I 
did not find a conclusive error in the logs.


The template is cloned though, so the configuration is activated. Do I 
miss any package or configuration?


I am using the following configuration:

Top file:
##

base:
  dom0:
- vms.fedora-basic.qvm
  fedora-24-basic:
- vms.fedora-basic.internal


SLS files:
###

qvm.sls:
###

fedora-24-basic:
  qvm.clone:
- source: fedora-24-minimal

internal.sls:
#

qubes-template-fedora-24-basic:
  pkg.installed:
- pkgs:
  - NetworkManager
  - gnome-keyring
  



Thx in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08fd416cabc7a5227217955a1902a7a7%40posteo.de.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: DOS VM - Spinrite - Direct Access to Drives

2017-01-13 Thread Ángel
Steve wrote:
> On Thursday, January 12, 2017 at 4:51:44 PM UTC+4, Steve wrote:
> > I would like to be able to run Spinrite which runs in DR-DOS in a VM. The 
> > software needs to have direct access to the SATA hard drives. Is this 
> > likely to be possible
> 
> I have been researching and to make this work I need to be able to setup the 
> equivalent of a RAW DISK (Virtual Box). Initial research shows that this 
> might be possible in Xen, does that mean I will be able to do it in Qubes ? 
> thx

Create a HVM with Spinrite image as root.img and the disk image to scan
as private.img ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1484320110.1390.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Query - Why unable to clone net-sys VM ?

2017-01-13 Thread Connor Page
you would have to create a new VM, configure it properly and then copy the 
private image from the source VM.
same limitation apply to proxyvms :(

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9272b630-7042-4de0-9906-71912fe07cd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to autorun startup script on login/reboot in dom0 with i3wm?

2017-01-13 Thread '01v3g4n10' via qubes-users
On Friday, January 13, 2017 at 12:41:20 AM UTC-6, John Smith wrote:
> I just installed i3wm and it switches my 2 displays from extended to 
> mirrored. In effort to fix this, I wrote a simple script called rc.local 
> containing the following commands:
> 
> xrandr --output DP-1 --auto
> xrandr --output VGA-1 --right-of DP-1
> xrandr --output VGA-1 --mode 1920x1080
> 
> The script works fine when I execute it manually from the terminal (I've 
> already done chmod+x). However, at the end of my /etc/i3/config file i added 
> the line:
> 
> exec /etc/rc.local
> 
> I added this line to automatically run the script when i reboot my computer 
> but for some reason it doesn't work. I've tried it with single and double 
> quotes as well as exec_always and --no-startup-id but nothing seems to work. 
> Any ideas how I can get this working? I've also tried putting the commands 
> directly into the config without calling the script but that didn't work 
> either. Even echo test >> /tmp/testfile didn't output anything. Any ideas 
> would be much appreciated, thanks.

Have you tried placing it in /rw/config/rc.local?
https://www.qubes-os.org/doc/config-files/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86466876-decd-4d98-af10-a4a3b2ac783f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Problem: Convert to Trusted PDF Hangs

2017-01-13 Thread 'Pushpins4u' via qubes-users
Greetings,

I recently began downloading PDFs in an anon-whonix VM and wanted to sanitize 
them to move over to an offline VM attached to a storage USB. Weeks ago I was 
able to navigate to my downloaded PDFs in the anon-whonix Tor Browser folder, 
right-click, and convert the PDFs successfully. Copying them to my offline VM 
and attached USB drive worked fine.

When I try this process now, the PDF conversion progress window gets to like 
95% full and then hangs. I'm notified that a script appears to have hung and 
asked if it should be terminated. This is happening consistently with the same 
PDF.

I'm up-to-date on my dom0. Running on an HP EliteBook with i5 processor.

Ideas?

Thanks,
PP



Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/yS87P2FQZeHJZjXoOl8bFPKAAT1H_-2irlEYSLBDSoiEANDeIcBdRiZ1rOm-S_Eyve3_ftu6_f0jsN--V0itQnZ-POU7nez4eyQuf9Pz9wA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Anti Evil Maid not working in subsequent setup attempts

2017-01-13 Thread michael
Dear All,

In my Qubes 3.2 system, I did set up Anti Evil Maid successfully once following:

https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README#L51.

I used a picture as a secret which was shown but it was too large, so I tried 
to delete the setup (first tpm_clear -z, reboot, activate TPM again in BIOS; in 
subsequent tries also with sudo yum remove anti-evil-maid for a more complete 
repeated setup). I did copy the picture from another domain and used chmod to 
set 777 permissions with root ownership.

On subsequent setup attempts, the system would indicate that it was sealing the 
secret ("Sealed /var/lib/anti-evil-maid/aem/secret.png using
 --pcr 13 --pcr 17 --pcr 18 --pcr 19") on the first reboot. However, on the 
second reboot, the system would no longer be able to show the picture.

At this point, my only temporary fix is to uninstall Anti Evil Maid again. What 
I would much prefer, however, is to be certain that I am able to repeat the 
setup whenever required to a point where Anti Evil Maid does work again.

The output of journalctl -u anti-evil-maid-unseal -u anti-evil-maid-seal is 
enclosed below - two reboots, one during the initial sealing and one where 
showing the picture fails. I suspect that there might be some issue with the 
TPM configuration in the subsequent attempts, but that is beyond my 
understanding, unfortunately.

Can someone please point me to the right direction, please?

Regards,

Michael

-- Reboot --
Jan 13 11:17:47 dom0 systemd[1]: Starting Anti Evil Maid unsealing...
Jan 13 11:17:48 dom0 anti-evil-maid-unseal[505]: anti-evil-maid-unseal: 
Mounting the aem device...
Jan 13 11:17:48 dom0 anti-evil-maid-unseal[505]: anti-evil-maid-unseal: 
Initializing TPM...
Jan 13 11:17:48 dom0 anti-evil-maid-unseal[505]: tcsd_changer_identify: 
identifying TPM
Jan 13 11:17:48 dom0 TCSD[564]: TrouSerS Config file /etc/tcsd.conf not found, 
using defaults.
Jan 13 11:17:48 dom0 tcsd[564]: TCSD TDDL[564]: TrouSerS ioctl: (25) 
Inappropriate ioctl for device
Jan 13 11:17:48 dom0 tcsd[564]: TCSD TDDL[564]: TrouSerS Falling back to 
Read/Write device support.
Jan 13 11:17:48 dom0 TCSD[565]: TrouSerS trousers 0.3.13: TCSD up and running.
Jan 13 11:17:48 dom0 anti-evil-maid-unseal[505]: tpm_id: ignore the first 
"Tspi_TPM_GetPubEndorsementKey failed"
Jan 13 11:17:48 dom0 anti-evil-maid-unseal[505]: Tspi_TPM_GetPubEndorsementKey 
failed: 0x0008 - layer=tpm, code=0008 (8), The TPM target command has been 
disabled
Jan 13 11:17:48 dom0 anti-evil-maid-unseal[505]: tcsd_changer_identify: TPM 
identity: 32d24461505c80a82bdc4e31d12d9ae11b91f47cf45aff8cbdcf0634d9015a22
Jan 13 11:17:50 dom0 TCSD[611]: TrouSerS Config file /etc/tcsd.conf not found, 
using defaults.
Jan 13 11:17:50 dom0 tcsd[611]: TCSD TDDL[611]: TrouSerS ioctl: (25) 
Inappropriate ioctl for device
Jan 13 11:17:50 dom0 tcsd[611]: TCSD TDDL[611]: TrouSerS Falling back to 
Read/Write device support.
Jan 13 11:17:51 dom0 TCSD[618]: TrouSerS trousers 0.3.13: TCSD up and running.
Jan 13 11:17:51 dom0 anti-evil-maid-unseal[505]: anti-evil-maid-unseal: 
Extending PCR 13, value 805c6d64887389fd6e60228bcfea3df8838b4159, device 
618a7545-c636-4c96-bc2e-c935468a4c1b...
Jan 13 11:17:51 dom0 anti-evil-maid-unseal[505]: tpm_z_srk: detecting whether 
SRK is password protected
Jan 13 11:17:51 dom0 anti-evil-maid-unseal[505]: Tspi_Key_CreateKey failed: 
0x0001 - layer=tpm, code=0001 (1), Authentication failed
Jan 13 11:17:51 dom0 anti-evil-maid-unseal[505]: tpm_z_srk: yes, SRK is 
password protected; resetting dictionary attack lock...
Jan 13 11:17:51 dom0 anti-evil-maid-unseal[505]: anti-evil-maid-unseal: 
Prompting for SRK password...
Jan 13 11:17:58 dom0 anti-evil-maid-unseal[505]: Enter SRK password: 
anti-evil-maid-unseal: Correct SRK password
Jan 13 11:17:58 dom0 anti-evil-maid-unseal[505]: anti-evil-maid-unseal: 
Unsealing the secret...
Jan 13 11:17:59 dom0 anti-evil-maid-unseal[505]: Enter SRK password: Unable to 
write output file
Jan 13 11:17:59 dom0 anti-evil-maid-unseal[505]: anti-evil-maid-unseal: 
Unmounting the aem device...
Jan 13 11:17:59 dom0 systemd[1]: Started Anti Evil Maid unsealing.
Jan 13 11:18:01 dom0 systemd[1]: Starting Anti Evil Maid sealing...
Jan 13 11:18:04 dom0 anti-evil-maid-seal[1638]: tpm_z_srk: detecting whether 
SRK is password protected
Jan 13 11:18:05 dom0 anti-evil-maid-seal[1638]: Tspi_Key_CreateKey failed: 
0x0001 - layer=tpm, code=0001 (1), Authentication failed
Jan 13 11:18:05 dom0 anti-evil-maid-seal[1638]: tpm_z_srk: yes, SRK is password 
protected; resetting dictionary attack lock...
Jan 13 11:18:07 dom0 anti-evil-maid-seal[1638]: Enter SRK password:
Jan 13 11:18:07 dom0 systemd[1]: Started Anti Evil Maid sealing.
-- Reboot --
Jan 13 11:21:25 dom0 systemd[1]: Starting Anti Evil Maid unsealing...
Jan 13 11:21:26 dom0 anti-evil-maid-unseal[503]: anti-evil-maid-unseal: 
Mounting the aem device...
Jan 13 11:21:26 dom0 anti-evil-maid-unseal[503]: anti-evil-maid-unseal: 

Re: [qubes-users] Use an remote PULSE Audio server

2017-01-13 Thread mittendorf
Am 01/12/2017 um 11:50 PM schrieb Marek Marczykowski-Górecki:
> > 3) Is it a bug that a restart of pulseaudio does remove/not reconnect to
> > Qubes VSINK?
>
> Depends on what you want to accomplish ;)
>
Well, I just want to restart pulseaudio. Bu I guess then i have to use
the script that you mentioned instead of
pulseaudio --start

It seems like the sink was the missing link. Now I set the sink in
qubes-default.qa and I can use the tunnel - well its quite buggy even
though its a wired network, but I guess that is the best I can get.
For example I have to restart pulseaudio when I restart the audio server.

thanks for your help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d333e18c-af24-b839-f920-eb143a209f8c%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: VM chaining visualisation tool

2017-01-13 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-12 02:46, Jean-Philippe Ouellet wrote:
> See this thread:
> https://groups.google.com/forum/#!topic/qubes-devel/64-WJIMY18A
> 
> Implementation linked in last post: 
> https://gist.github.com/Zrubi/6229d5400bde987b1aa8da516553b909
> 
> Render result w/ graphviz.
> 

Thanks for the reminder about that, Jean-Philippe!

And thank you to Zrubi and Andrew for developing these useful tools.
I've added a tracking issue to see about integrating one of these into
Qubes:

https://github.com/QubesOS/qubes-issues/issues/2575

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYeJZCAAoJENtN07w5UDAw9aMQAIPb7fFMsLSOJyKE7YiL3Kun
0y3/j/Wvb3JMLHeTOQY2l3pf7Kl5fnsITO+eP3X6Wdv4EJFxPrzL5iXLUN01Vwb4
LFV4rehknrE9CWp2kFzVAzyPTwikThn1kITzUx3DTQHOU5N321vE4GgG123jPCjK
s46oLZTJ8ftOiKlI89hYchWg9rYgIRnmV2SpAgrusSqUx1I0YLGKRATHxjJ1rkFi
E3uXjI5X3GYdEHj1G+vJ9Z7PZuYJapzCBVBB0OvtwbktC3ENqbXbGZgSUIjwdY+x
kPpsRQNQnWYJCwGQW6jbY+M1grv/6al2YVm1Z81YAJwcjOrupwwTV25bJk0QFKRK
dqVlzdlzpuM6HE2Ew+EofaUtln2oyo61m/3YKBedDzpuz36QyqQapAUYhG9mZejf
UW5jKZGjG1lJSpoH9KodD2WF9uYduTbkFN27k/XuABI1SeRNEWbKErBZVWA3kFzW
QGN3UKjuEcZh9leCqtSr9eqTqsulFwnFPVeIKv2anW7fAMRUgV2wEa/wdZ5wvqbz
A7jq5g6ldl+UCCY41t9eWnFDjMBsr7QGrx0ZyRV8zADwd/19LnMRY+gTlmXgkYM3
qVgcrYA8B1+fmMbv4uNeh7w/lBj7/W/qMEoV1/OQ7F4ePWjdFpsOlQhrwYS0irfe
sLCr+bIFynKIvfSZplMX
=V6hH
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1312febf-41d5-ef7f-844f-94925cf3aae4%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.