Re: [qubes-users] important question about whonix gw/ws

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-15 21:04, joshuamennunipacass...@gmail.com wrote: > Someone could tell me why in the default qubes VM manager don't > tourn on whomix ws and whonix gw? I mean only sys whonix is tourned > on so could be a security tread? Should I tourn in

[qubes-users] important question about whonix gw/ws

2017-03-15 Thread joshuamennunipacassoni
Someone could tell me why in the default qubes VM manager don't tourn on whomix ws and whonix gw? I mean only sys whonix is tourned on so could be a security tread? Should I tourn in those 2 whonix gw and whonix ws? Or I have to let them off? So sorry about my question I'm not expert. From

Re: [qubes-users] Curious: https for yum repos

2017-03-15 Thread Unman
On Wed, Mar 15, 2017 at 03:39:04PM -0700, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2017-03-15 01:15, haaber wrote: > > Chris, > > > >> Fedora *unfortunately* is the blacksheep here. It doesn't sign a > >> repo file, therefore an attacker can hold back

Re: [qubes-users] changing private storage size don't work

2017-03-15 Thread Unman
On Tue, Mar 14, 2017 at 11:07:07PM +0100, evo wrote: > > > Am 14.03.2017 um 22:52 schrieb Holger Levsen: > > On Tue, Mar 14, 2017 at 10:50:05PM +0100, evo wrote: > >> there stands 500GB now (it was a mistake with a zero :D) and i don't > >> have more than 120GB. But the data on this VM is not

[qubes-users] Cannot load graphical installer

2017-03-15 Thread Truong, Khang
I am trying to install Qubes, but cannot seem to get the graphical installer to launch; it always wants to fall back to the text installer. Unfortunately, there seems to be a bug with the text installer that prevents it from prompting for an encryption key, thereby breaking the entire

Re: [qubes-users] How to set dns in sys-net

2017-03-15 Thread Unman
On Wed, Mar 15, 2017 at 01:05:02PM -0400, eldor...@riseup.net wrote: > I want to set dns in sys-net . > After installing dnscrypt-proxy in sys-net template i have access to > internet in sys-net > via new dns address with these commands. > "sudo dnscrypt-proxy --daemonize --syslog -R

Re: [qubes-users] feature idea: creat trusted office document

2017-03-15 Thread Unman
On Tue, Mar 14, 2017 at 10:39:34PM +0100, cubit wrote: > What would be possibility of getting a file manager context menu item to > create trusted office document  like we have for PDF and img currently. > > I think make the document its self safe is hard while keeping the file type > but maybe

Re: [qubes-users] Feature request: "HDD Airbag" analog

2017-03-15 Thread .
i see. well, at least helping info on how one can implement this. the idea is not only to have one device for multiple tasks. large SSDs are still not so affordable. regarding practical scenarios for things like 2x2 TB HDDs: local Wikipedia dump. or/and huge Squid cache. imo, it is better to

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-14 19:04, 7v5w7go9ub0o wrote: > On 03/14/2017 06:08 AM, Andrew David Wong wrote: >> On 2017-03-12 15:09, 7v5w7go9ub0o wrote: >>> On 03/12/2017 12:45 PM, Andrew David Wong wrote: On 2017-03-11 19:41, Unman wrote: > On Sat, Mar 11,

Re: [qubes-users] Feature request: "HDD Airbag" analog

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-15 13:11, thinkpad user wrote: > Feature request: "HDD Airbag" analog > > overview: https://support.lenovo.com/nl/en/solutions/ht003517 list > of supported devices: > http://support.lenovo.com/nl/en/downloads/ds015000 > > is it

Re: [qubes-users] feature idea: creat trusted office document

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-15 03:46, Jean-Philippe Ouellet wrote: > On Tue, Mar 14, 2017 at 7:44 PM, cubit wrote: >> - open dom0 terminal - get dom0 to open a disp terminal in the >> same dispVM as the disposable doc > > Ouch. I'd forgotten

Re: [qubes-users] other SSD for VM, not possible?

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-15 01:45, evo wrote: > Hello! > > rather simple question: as i understood, its not possible to > install VM on other SSD as the Qubes, isn't it? > Install? Not easily. Move? Easily: https://www.qubes-os.org/doc/secondary-storage/ -

Re: [qubes-users] Re: is it better to have just standaloneVMs?

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-15 01:14, evo wrote: > Am 15.03.2017 um 01:17 schrieb Unman: >> On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote: >>> On 03/14/2017 01:55 PM, evo wrote: hmm.. this is also a good point, thanks! so if i do not use

Re: [qubes-users] USG - AFirewall For USB's

2017-03-15 Thread Robert Fisk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 03/15/2017 05:22 PM, Syd Brisby wrote: > If you remove the wireless module from a laptop, then connect a USB > wifi adapter (or bluetooth adapter) to a USG and plug the two into > the laptop, could a (future?) USG act as a hardware firewall for >

Re: [qubes-users] Curious: https for yum repos

2017-03-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-03-15 01:15, haaber wrote: > Chris, > >> Fedora *unfortunately* is the blacksheep here. It doesn't sign a >> repo file, therefore an attacker can hold back individual >> packages withing what appears to the user as a stream of normal >>

[qubes-users] Re: epoxy on ram to prevent cold boot attacks?

2017-03-15 Thread thinkpad user
On Wednesday, August 31, 2016 at 8:25:33 PM UTC+4, pixel fairy wrote: > poured some epoxy over where the ram connects to the motherboard modern RAM keeps data after hours after disconnecting in from MB. (wont search that paper now, plz search on your own). there are also physical traces of RAM

[qubes-users] Re: Updating Fedora-23 template to Fedora-25

2017-03-15 Thread kasimir . wachlow
I managed to update to Fedora 25 by upgrading from Fedora 23 to Fedora 24 and then from Fedora 24 to Fedora 25 like described in the Documentation. I changed the AppVM templates. Is it wise to change the sysVM templated to Fedora 25 as well? -- You received this message because you are

[qubes-users] Re: USG - AFirewall For USB's

2017-03-15 Thread thinkpad user
as far as i understand general method(control everything in data stream), adding support for new type of device is difficult, IF such HW firewall is connected to HW USB. i recall some device which transfers USB data over LAN, so user can connect any USB HW over LAN. by this way it is possible

Re: [qubes-users] Keyboard layouts with multiple keyboards

2017-03-15 Thread Vít Šesták
Well, maybe my problem is a bit different: It seems to switch to default variant of the selected layout, while I am using non-default one. Subsequent problems are probably caused by the keyboard “split-brain”. The problem with layout variant suggests the reason why I was not able to find any

[qubes-users] Feature request: "HDD Airbag" analog

2017-03-15 Thread thinkpad user
Feature request: "HDD Airbag" analog overview: https://support.lenovo.com/nl/en/solutions/ht003517 list of supported devices: http://support.lenovo.com/nl/en/downloads/ds015000 is it possible to add this feature to Qubes? or atleast provide some interface to poweroff/park HDD? yes, Qubes

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread Nick Darren
On 03/15/2017 02:24 AM, Chris Laprise wrote: > On 03/14/2017 07:18 PM, Chris Laprise wrote: >> >> # Protect sh and bash init files >> chfiles="/home/user/.bashrc /home/user/.bash_profile /home/user \ >> /.bash_login /home/user/.bash_logout /home/user/.profile" >> touch $chfiles >> chown -f

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread cooloutac
On Wednesday, March 15, 2017 at 3:15:15 PM UTC-4, cooloutac wrote: > On Tuesday, March 14, 2017 at 7:22:04 PM UTC-4, Chris Laprise wrote: > > On 03/14/2017 12:57 PM, cooloutac wrote: > > > > > yes I agree having to click yes in a dom0 popup will not be cumbersome > > > for most. But is it that

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread cooloutac
On Tuesday, March 14, 2017 at 7:22:04 PM UTC-4, Chris Laprise wrote: > On 03/14/2017 12:57 PM, cooloutac wrote: > > > yes I agree having to click yes in a dom0 popup will not be cumbersome for > > most. But is it that easy for the devs to implement? > > Its already there, for a long time now.

Re: [qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

2017-03-15 Thread taii...@gmx.com
On 03/15/2017 01:14 PM, Grzesiek Chodzicki wrote: W dniu środa, 15 marca 2017 17:44:41 UTC+1 użytkownik tai...@gmx.com napisał: On 03/15/2017 12:23 PM, Grzesiek Chodzicki wrote: W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com napisał: This is your chance to tell

[qubes-users] Updating Fedora-23 template to Fedora-25

2017-03-15 Thread kasimir . wachlow
Dear people and machines, I just setup a clean Qubes 3.2 installation and tried updateing the Fedora-23 template to Fedora 25. I followed the instructions from the Qubes Docs site: https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ and substituted 24 for 25. After doing that the

Re: [qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

2017-03-15 Thread Grzesiek Chodzicki
W dniu środa, 15 marca 2017 17:44:41 UTC+1 użytkownik tai...@gmx.com napisał: > On 03/15/2017 12:23 PM, Grzesiek Chodzicki wrote: > > > W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com > > napisał: > >> This is your chance to tell Razor that we don't want binary blobs

[qubes-users] How to set dns in sys-net

2017-03-15 Thread eldorado
I want to set dns in sys-net . After installing dnscrypt-proxy in sys-net template i have access to internet in sys-net via new dns address with these commands. "sudo dnscrypt-proxy --daemonize --syslog -R dnscrypt.eu-nl -a 127.0.0.2:53" "dig txt opendns.com" and dig command shows me i have

Re: [qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

2017-03-15 Thread taii...@gmx.com
On 03/15/2017 12:23 PM, Grzesiek Chodzicki wrote: W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com napisał: This is your chance to tell Razor that we don't want binary blobs or "Intel ME" and that they can sell a lot more if they become "Qubes-certified".

[qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

2017-03-15 Thread Grzesiek Chodzicki
W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com napisał: > This is your chance to tell Razor that we don't want binary blobs or "Intel > ME" and that they can sell a lot more if they become "Qubes-certified". > >

[qubes-users] HCL - ASUSTek Computer INC. Q550LF

2017-03-15 Thread Dave
groups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/94411768.77363907.1489594451408.JavaMail.zimbra%40comcast.net. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASUSTeK_COMPUTER_INC_-Q550LF-20170315-121145.cpio.gz Description: applic

Re: [qubes-users] Kicking the sudoers dead horse

2017-03-15 Thread sm8ax1
Chris Laprise: > On 03/14/2017 11:30 PM, sm8ax1 wrote: > >> Second, you mention that ~/.bin/sudo could be overwritten with the >> attacker's binary or a script. I'm not sure I understand what you mean >> exactly... the real sudo works by virtue of being owned by root with >> suid. An attacker

Re: [qubes-users] feature idea: creat trusted office document

2017-03-15 Thread Jean-Philippe Ouellet
On Tue, Mar 14, 2017 at 7:44 PM, cubit wrote: > - open dom0 terminal > - get dom0 to open a disp terminal in the same dispVM as the disposable doc Ouch. I'd forgotten how annoying that could be. I have a script [1] bound to a keyboard shortcut to open a terminal in the same

[qubes-users] other SSD for VM, not possible?

2017-03-15 Thread evo
Hello! rather simple question: as i understood, its not possible to install VM on other SSD as the Qubes, isn't it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email

Re: [qubes-users] Curious: https for yum repos

2017-03-15 Thread haaber
Chris, > Fedora *unfortunately* is the blacksheep here. It doesn't sign a repo > file, therefore an attacker can hold back individual packages withing > what appears to the user as a stream of normal update cycles. I read this as "fedora is less safe" since exposed to described attacks. Actually

Re: [qubes-users] Re: is it better to have just standaloneVMs?

2017-03-15 Thread evo
Am 15.03.2017 um 01:17 schrieb Unman: > On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote: >> On 03/14/2017 01:55 PM, evo wrote: >>> hmm.. this is also a good point, thanks! >>> so if i do not use openoffice in my bankingVM, there is no practical >>> vulnerability in it. >>> >> >>

Re: [qubes-users] space-eating after attaching device

2017-03-15 Thread evo
Am 15.03.2017 um 00:29 schrieb Chris Laprise: > On 03/14/2017 06:13 PM, evo wrote: >> Hello again! >> >> more strange and mystery stuff :D >> >> if i attach external HDD and look at my left free space on dom0, i can >> see it slowly become smaller 56,60 ... 56,58... >> >> even if a detach the