[qubes-users] Re: Can't access windows shares?

[Gaiko]

On Sunday, April 30, 2017 at 8:32:39 PM UTC-4, Drew White wrote:
> On Saturday, 29 April 2017 08:25:19 UTC+10, Gaiko  wrote:
> > On a previous installation of qubes I was able to access my server with 
> > little problem by just going into nautlius and for "other locations" typing 
> > in the "connect to server" box: smb:\\servername\
> > 
> > I had to reinstall and most things have gone fine but an exception is 
> > connecting to my server, now when I try the above I get:
> > 
> > "Unable to access location" Failed ot retrieve share list from server: 
> > connection refused
> > 
> > I did get this problem with AppVMs using my VPN but now it seems that 
> > sometimes it works sometimes not (using the firewallVM).
> > 
> > So I am #1 Unsure what is causing the occasional non-connection to my 
> > server and #2 wondering if there is a way to set up my AppVMs to be able to 
> > access my local server even when they are using my VpnVM
> 
> Does it work by IP Address?
> 
> If so, then your resolv isn't working properly.

Yes, it seems to work for the most part but it doesn't work at all when using 
my vpnVM (ip address or otherwise)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42d886d3-cfa7-4877-b5e3-414aea8ecd47%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Vít Šesták]

Some notes:

* Applying the patch probably requires BIOS update (and MoBo vendor releasing 
the update), I guess.
* I wonder what is the technical distinction between home and SMB/Enterprise. 
Is it vPro?
* I am not sure how can I check the version. There are some ME/AMT-related 
Linux tools, but I have found rather tools for remote management than tools for 
accessing AMT on local machine.
* I wonder what does “exploitable locally” mean. If physical access is 
required, I am not sure what would attacker gain (AEM bypass at most, I guess). 
If it allows unprivileged user to elevate privileges, this might be interesting 
for Qubes, depending on the attack vector: If it requires attack over network 
interface, then sys-net can perform it. If it involves ME software for the OS 
(maybe for accessing the MEI PCI device), we should be adequately isolated on 
Qubes. I hope that Qubes adds some protection in any case and it is not 
exploitable from other VMs than sys-net.
* There seems to be some MEI PCI device (see lspci | grep -i mei) in dom0 and 
/dev/mei0. I am not sure how all the parts (network stack, MEI PCI device, MEI 
software for OS and management while offline) are connected together. I am also 
unsure if having it in dom0 is good (i.e., it prevents passing malicious inputs 
to it) or bad (i.e., it adds attack surface). The safest approach seems to be 
attaching it to /dev/null with IOMMU (VT-d) isolation. Just crerating an 
autostarted (and maybe also autoshutdown) network-disconnected dummy VM with 
all ME-related PCI devices should do the trick. The VM would be trusted not to 
pass any malicious input to MEI, but it would not be trusted for anything else 
(so that it could absorb attack from MEI). I am unsure if this adds some actual 
protection or if it is totally hopeless.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e805a35-c9b4-400f-8d64-a4656595a49a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Testers wanted

[drew . qubes]

On Sunday, 2 April 2017 13:17:20 UTC+10, Unman wrote:
>
> Hello all, 
>
> Now that r3.1 is end of life, we need to do some work to clear the 113 
> bugs that are still open. 
>
> A first step would be to triage the bugs to see what still affects 3.2 
> and what can be closed. 
> If you are interested in helping out, please reply to me rather than to 
> the list. Ideally you will have a fairly vanilla 3.2 you can use for 
> testing. If you can send me a note of your hardware that would help in 
> allocating bugs where the original report referred to specific hardware. 
>
> With a bit of effort we should be able to clear these pretty quickly, 
> and you will have helped make Qubes that little bit better. 
>
> cheers 
>
> unman 
>


Tell me what hardware you want me to use and I'll use it.

I have multiple PCs, I'll get the HCL for them.

One is a Dell Precision T5500, Dual GPU, 1 x X5650 @ 2.67GHz with 24 GB RAM.
One is a custom PC, single GPU, single Q8400 CPU with 6 GB RAM.
I also run Qubes on my Laptop, an HP 8460p with 8 GB RAM and it is a Quad 
Core i7.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9c49f5a-ec3e-4ae9-b7ce-5bc6fe99c1ff%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Not using firewall rules correctly?

[Gaiko Kyofusho]

On Mon, May 1, 2017 at 10:47 PM, Gaiko Kyofusho <
gaikokujinkyofu...@gmail.com> wrote:

>
>
> On Sat, Apr 29, 2017 at 6:45 PM, Unman wrote:
>
>> On Sat, Apr 29, 2017 at 06:13:46PM -0400, Gaiko Kyofusho wrote:
>> > Thanks, I looked up about host files, and found the
>> > github.com/StevenBlack/hosts file which is handy but what I am still a
>> bit
>> > confused about is where to put it. The reason I assumed dom0 before was
>> I
>> > thought anything put in /etc/ would be erased on reboot which seems to
>> be
>> > happening, is there someway around this or perhaps I should be putting
>> it
>> > in the template?
>> >
>>
>> You can put the file in /rw/config, and then in /rw/config/rc.local
>> include:
>> cat /rw/config/hosts >> /etc/hosts
>> Or you can use bind-dirs to make /etc/hosts survive a reboot.
>>
>>
> Thanks. I am not sure how to bind dirs but I understand putting the file
> in the config dir and cat'ing it into /etc/hosts... but since those are
> write protected dirs would the rc.local execute those commands as root (or
> su or sudo not sure about the terminology here)? I ask because when i try:
>
> source rc.local
>
> it gives me permission denied errors, I tried adding "sudo" in front but
> that didn't seem to help?
>


oops, sent prematurly. When I try to restart the vm, then go into the
terminal and:
less /etc/hosts

it still seems to be the origonal and not updated hosts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGpWZxO_RmLJKsiXsLzdUE0%2BcJxTmmQYPN2UZWo9E21H4gDRPw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Opening links in your preferred AppVM

[Ángel]

On 2017-05-01 at 18:32 -0700, Gaiko wrote:
> On Monday, May 1, 2017 at 6:40:40 PM UTC-4, Ángel wrote:
> > On 2017-05-01 at 12:34 -0700, Gaiko wrote:
> > > Thoughts?
> > 
> > Does your desktop file validate?
> > ie. run:  desktop-file-validate open_work_vm.desktop 
> > 
> > If the desktop file is malformed, it will be bypassed silently.
> 
> Thx for the reponse, I had no idea about desktop-file-validation. I tried it 
> and got:
> 
> open_work_vm.desktop: warning: key "Encoding" in group "Desktop Entry" is 
> deprecated
> 
> somehow that doesn't seem like a dealbreaker? but am not sure.

No, if it only reports that it should be fine.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1493689095.4874.0.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Opening links in your preferred AppVM

[Gaiko]

On Monday, May 1, 2017 at 4:37:37 PM UTC-4, u+q...@bestemt.no wrote:
> Gaiko [2017-05-01 21:34 +0200]:
> > On Wednesday, June 22, 2016 at 2:38:22 PM UTC-4, Micah Lee wrote:
> > > I published a quick blog post explaining how I do this:
> > > 
> > > https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
> > 
> > This would be awesome, I gave it a try but for some reason can't seem to 
> > get it to work, that is getting a link from an email in tbird to open up in 
> > a browser in my work vm.
> > 
> > I created an ~/.local/share/applications/open_work_vm.desktop 
> > 
> > edited the exec line:
> > 
> > [Desktop Entry]
> > Encoding=UTF-8
> > Name=WorkBrowserVM
> > Exec=qvm-open-in-vm work %u
> > Terminal=false
> > X-MultipleArgs=false
> > Type=Application
> > Categories=Network;WebBrowser;
> > MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
> > 
> > ran xdg-settings:
> > 
> > xdg-settings set default-web-browser open_work_vm.desktop 
> > 
> > (it created a mimeapps.list file) then tried it, nada.
> > 
> > I tried restarting the browser, then the tbirdVM, then the workvm, each 
> > time clicking on the link in the email in tbird and hoping the default 
> > browser (firefox) would pop up in my workVM. Instead nothing happened, the 
> > workVM didn't start up, firefox didn't open up (when I pre-started the work 
> > vm), and a tab didn't pop up when the workvm and ff were both pre-started.
> > 
> > I would really like to get this working for a variety of reasons, actually 
> > the absolute best would be to click on a link in tbird (or right click in a 
> > browser) and have a menu that gave a few options of where I'd like to open 
> > a page up like in a dispvm, anonvm, or just another regular appvm.
> > 
> > Thoughts?
> 

I will reply to your comments and then go read your how-to (i fear it might be 
over my head as I am an absolute desktop/qvm-open-in-vm noob but I am sure it 
will be a good start!)

> What happens if you run `qvm-open-in-vm work https://qubes-os.org` in
> tbirdVM 

it seems to work just fine that way

> and when you run xdg-open https://qubes-os.org in the work VM
> (without the quotes)?

ok, xdg-open I hadn't tried. But regardless this seems to work fine as well.
> 
> I actually just finished a how-to on setting default applications and
> qvm-open-in-(d)vm:
> https://github.com/QubesOS/qubes-doc/pull/379/files?short_path=83ca4e2#diff-83ca4e28de9bcee331783522a52c2bd0
> (Any comments would be appreciated.)
> 
> -- 
> ubestemt

wil check it out!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a5da29d-61ad-4d27-96c2-8f7bffe13396%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Auto update download in Linux

[Drew White]

On Monday, 1 May 2017 22:55:20 UTC+10, Rusty Bird  wrote:
> Drew White:
> > On Wednesday, 26 April 2017 11:05:43 UTC+10, Rusty Bird  wrote:
> > Well, if I don't give the guest access to the internet by restricting 
> > firewall, and I tell it to "Allow connections to Updates Proxy", why 
> > doesn't that do what it says it will do?
> 
> But it does! Maybe you expect proxying to imply caching, which is not
> necessarily the case. The Updates Proxy is one of many non-caching
> proxies.

If it got access to the update proxy, then it would be able to update even if 
IPs were resticted because the update proxy would be allowed as it's on the 
same subnet.

UpdateVM: "update-vm (current)"

That's what I have set in options.

Update Proxy is somewhere unknown.

At this point, I'm looking at building a better update system that what is in 
place because of Fedora's crap that it makes you download every 5 minutes..

80 Mb every little while just to see if there are updates... I'd rather 
download once, then use that for each guest. Is that possible?

How would I create the update cache proxy? Is there already one out there that 
isn't resource hungry?

Sincerely,
Drew.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b504919a-4217-4a38-9542-a07f3ca634ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can't access windows shares?

[Gaiko]

On Sunday, April 30, 2017 at 8:32:39 PM UTC-4, Drew White wrote:
> On Saturday, 29 April 2017 08:25:19 UTC+10, Gaiko  wrote:
> > On a previous installation of qubes I was able to access my server with 
> > little problem by just going into nautlius and for "other locations" typing 
> > in the "connect to server" box: smb:\\servername\
> > 
> > I had to reinstall and most things have gone fine but an exception is 
> > connecting to my server, now when I try the above I get:
> > 
> > "Unable to access location" Failed ot retrieve share list from server: 
> > connection refused
> > 
> > I did get this problem with AppVMs using my VPN but now it seems that 
> > sometimes it works sometimes not (using the firewallVM).
> > 
> > So I am #1 Unsure what is causing the occasional non-connection to my 
> > server and #2 wondering if there is a way to set up my AppVMs to be able to 
> > access my local server even when they are using my VpnVM
> 
> Does it work by IP Address?
> 
> If so, then your resolv isn't working properly.

I am ashamed to say I am not sure how to find my ipaddress in qubes (I thought 
I'd just type ifconfig in either dom0 or the Appvm but that doesn't seem to be 
working?).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae159259-59c4-43bf-ab39-064e626b7498%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: sys-usb issues ; yubikey, etc

[ftb.myna]

I do see https://github.com/adubois/qubes-app-linux-yubikey

however, I think compiling it might be over my head.  Can I just 
shutdown sys-usb  and operate without it again ? I definitely need the 
yubikey to work, but my other security needs ..


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/483aa7f8-9816-132a-68de-bb6c8d61434e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to get trusted iso?

[cooloutac]

On Monday, May 1, 2017 at 5:35:56 PM UTC-4, Chris Laprise wrote:
> On 05/01/2017 03:43 PM, cooloutac wrote:
> > Does Qubes ever plan on selling iso sticks?
> 
> I would like to know. And I've suggested this in the past, but with 
> DVD-Rs which I think are preferable to USB sticks (even the ones with 
> hardware write-protect switches).
> 
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

ah yes very true but I don't even have a cdrom on my system but I would get one 
for it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/565f3eca-c8ce-4275-b2ad-1044fb26dc63%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-usb issues ; yubikey, etc

[Myna]

well I just about locked myself out of the system, by doing :


Enable sys-usb:

qubesctl top.enable qvm.sys-usb

Apply the configuration:

qubesctl state.highstate

It said like 3/5 successful, Having no idea how to undo this, and
fearing meltdown, just rebooted, not to my unsurpise, I could not logon
to the LVR decrypt screen, as keyboard disabled, went into UEFI, enabled
PS2 simulator, and luckily I had bought a PS2 -> USB adapter, and the
mini ITX has 1 PS2 slot, however still would not POST, so had to plug in
a 2nd USB keyboard, it then POSTed, and I used the PS2-USB keyboard to
login,  however,

1) am I going to have to do this everytime?



I answered 'yes'  not  'yes to all' for the USB mouse to use sys-usb,
but I also have a USB yubikey,


2) how do I get sys-USB  to allow the Yubi key ??


I noticed all my postings are going up the original Thread, see where
this one lands :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a25a32ef-5046-898a-b338-b85ec905a5c3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Opening links in your preferred AppVM

[Ángel]

On 2017-05-01 at 12:34 -0700, Gaiko wrote:
> Thoughts?

Does your desktop file validate?
ie. run:  desktop-file-validate open_work_vm.desktop 

If the desktop file is malformed, it will be bypassed silently.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1493678423.908.12.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME exploitable

[Ilpo Järvinen]

On Mon, 1 May 2017, 'Lolint' via qubes-users wrote:

> Confirmation by Shintel:
> https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Gu
> ide%20-%20Rev%201.1.pdf

So it requires either network connection to an ME aware NIC or, 
unsuprisingly, access to some local HW interface of ME (that is used by 
LMS that is a Windows thing). It's somewhat doubtful that such HW 
interface would be available for other than dom0 under Qubes. Thus it
doesn't sound too bad, except for laptops with any kind of wireless
wired to ME (wired NICs need not to be connected - ever, use USB
device for providing ethernet instead if you want to avoid this
kind of issues).


-- 
 i.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1705020031160.18054%40melkinpaasi.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to get trusted iso?

[Chris Laprise]

On 05/01/2017 03:43 PM, cooloutac wrote:

Does Qubes ever plan on selling iso sticks?


I would like to know. And I've suggested this in the past, but with 
DVD-Rs which I think are preferable to USB sticks (even the ones with 
hardware write-protect switches).



--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c510a8b1-324f-6f60-030a-67b17dfbeea0%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Reg Tiangha]

On 05/01/2017 02:48 PM, 'Lolint' via qubes-users wrote:
> Confirmation by Shintel:
> https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
> qubes-users+unsubscr...@googlegroups.com
> .
> To post to this group, send email to
> qubes-users@googlegroups.com
> .
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/tSXLoJvyyEDdBtL6zdZ4leYPp6Ar5jEpbkx4pO2jFfQlzozE5zfWdPjQ6-aCESh9zDb0pq_C9lBV5LIf_gwds80eRVcRcs2Jvu_AfNjXnG0%3D%40protonmail.com
> .
> For more options, visit https://groups.google.com/d/optout.


Well, they say that "this vulnerability does not exist on Intel-based
consumer PCs" and just in their small business versions, but who knows
if that's really the case?

That said, the firmware on most consumer platforms is about 1.5MB while
the small business stuff is 5MB so maybe this particular exploit only
exists somewhere in that extra 3.5MB worth of crap. But again, who knows?

The actual advisory lists which firmware versions are affected. For
those who want to attempt to flash their ME chip to patch against this,
any official "fixed" firmware's last four digits will start with a '3.'

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075=en-fr


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oe88vl%24htk%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME exploitable

['Lolint' via qubes-users]

Confirmation by Shintel: 
https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdfhttps://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/tSXLoJvyyEDdBtL6zdZ4leYPp6Ar5jEpbkx4pO2jFfQlzozE5zfWdPjQ6-aCESh9zDb0pq_C9lBV5LIf_gwds80eRVcRcs2Jvu_AfNjXnG0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Opening links in your preferred AppVM

[u+qbsu]

Gaiko  [2017-05-01 21:34 +0200]:
> On Wednesday, June 22, 2016 at 2:38:22 PM UTC-4, Micah Lee wrote:
> > I published a quick blog post explaining how I do this:
> > 
> > https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
> 
> This would be awesome, I gave it a try but for some reason can't seem to get 
> it to work, that is getting a link from an email in tbird to open up in a 
> browser in my work vm.
> 
> I created an ~/.local/share/applications/open_work_vm.desktop 
> 
> edited the exec line:
> 
> [Desktop Entry]
> Encoding=UTF-8
> Name=WorkBrowserVM
> Exec=qvm-open-in-vm work %u
> Terminal=false
> X-MultipleArgs=false
> Type=Application
> Categories=Network;WebBrowser;
> MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;
> 
> ran xdg-settings:
> 
> xdg-settings set default-web-browser open_work_vm.desktop 
> 
> (it created a mimeapps.list file) then tried it, nada.
> 
> I tried restarting the browser, then the tbirdVM, then the workvm, each time 
> clicking on the link in the email in tbird and hoping the default browser 
> (firefox) would pop up in my workVM. Instead nothing happened, the workVM 
> didn't start up, firefox didn't open up (when I pre-started the work vm), and 
> a tab didn't pop up when the workvm and ff were both pre-started.
> 
> I would really like to get this working for a variety of reasons, actually 
> the absolute best would be to click on a link in tbird (or right click in a 
> browser) and have a menu that gave a few options of where I'd like to open a 
> page up like in a dispvm, anonvm, or just another regular appvm.
> 
> Thoughts?

What happens if you run `qvm-open-in-vm work https://qubes-os.org` in
tbirdVM and when you run xdg-open https://qubes-os.org in the work VM
(without the quotes)?

I actually just finished a how-to on setting default applications and
qvm-open-in-(d)vm:
https://github.com/QubesOS/qubes-doc/pull/379/files?short_path=83ca4e2#diff-83ca4e28de9bcee331783522a52c2bd0
(Any comments would be appreciated.)

-- 
ubestemt

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170501203516.7g4j6dugiioq7afz%40bestemt.no.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How does qvm-open-in-(d)vm determine which application to open a file in?

[u+qbsu]

Unman  [2017-04-25 20:48 +0200]:
> I'm not convinced becase my stretch works as expected without gvfs-bin,
> but it is built not upgraded. gvfs-bin brings in gvfs-common, so it may
> be that that's what iss required and isnt in a Jesie-upgarded system.

It also works in debian-wheezy updated to sid. I've written a how-to:
https://github.com/QubesOS/qubes-doc/pull/379/files?short_path=83ca4e2#diff-83ca4e28de9bcee331783522a52c2bd0

-- 
ubestemt

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170501202149.owy4pmantberrjw7%40bestemt.no.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] say it out (loud) - Qubes OS Stickers

[cooloutac]

On Monday, May 1, 2017 at 2:44:08 PM UTC-4, Darren Fix wrote:
> On Monday, May 1, 2017 at 12:37:56 PM UTC-6, cooloutac wrote:
> > On Friday, April 28, 2017 at 9:59:03 PM UTC-4, Darren Fix wrote:
> > > On Tuesday, April 25, 2017 at 9:09:06 AM UTC-6, cooloutac wrote:
> > > > On Monday, April 24, 2017 at 3:32:57 AM UTC-4, lok...@gmail.com wrote:
> > > > > On Saturday, 22 April 2017 07:46:28 UTC+8, Dominique St-Pierre 
> > > > > Boucher  wrote:
> > > > > 
> > > > > > I would love a big logo like the one on the Twitter post in 2015. I 
> > > > > > would also 
> > > > > > like to have a small on to cover that windows logo on the 
> > > > > > keyboard... I would also 
> > > > > > like one with "Qubes inside"...
> > > > > 
> > > > > If you want a sticker, wouldn't it make more sense to have something 
> > > > > without text. I'd argue that the best symbol for a secure laptop is 
> > > > > one without any symbols or stickers at all. Just a single colour 
> > > > > no-label laptop.
> > > > > 
> > > > > If there was a way to remove the vendor label (Dell, HP, etc...) from 
> > > > > a latpop, I'd do it. :-)
> > > > 
> > > > I mean I guess you have a point though from a security point of view. 
> > > > But I use a desktop.
> > > > 
> > > > I wonder does xfce have a windows desktop theme? lol
> > > 
> > > All right! I had some high quality stickers made by stickermule and they 
> > > arrived today. I paid $66 for 100 of them. My plan is to send 34 to the 
> > > Qubes team and charge $1 + shipping apiece for the remaining 66. I 
> > > haven't figured out the details yet, but if you're interested hit me up 
> > > with a private response with the following four pieces of information: 
> > > Qubes sticker in the subject, Min number of stickers, Max number of 
> > > stickers, cost of 1st class shipping from USA to where you live. 
> > > 
> > > Once I've figured out what the demand is and a fair way to distribute 
> > > them as widely as possible, I'll try to get back to you to get shipping 
> > > information, etc. 
> > > 
> > > Just so we're clear, the $1 price per sticker is paying for the stickers 
> > > that I'm going to send to the developers/team, so any stickers that you 
> > > buy will indirectly help them... kinda.
> > > 
> > > https://goo.gl/photos/rnqetfXjeekJS6yv9
> > > 
> > > Cheers!
> > > 
> > > Darren
> > 
> > I'll take one but I don't know how to do private response.
> > 
> > Also, I think Qubes should sell usb sticks with ISO on them.  I would pay 
> > extra for that.
> 
> If you're using the groups.google.com interface, you can just click on the 
> down arrow at the right of the post and select "Reply privately to author".

hahahah D0H!  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b95d5c7-e910-4ceb-bcba-a3055a7f1898%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to get trusted iso?

[cooloutac]

On Monday, May 1, 2017 at 3:03:05 PM UTC-4, Chris Laprise wrote:
> On 05/01/2017 02:33 PM, cooloutac wrote:
> > I know I can't buy one, so how do I get an a fresh iso if my machine
> > is compromised?  Obviously,  someone more prudent would of kept their
> > original iso on dedicated usb stick. But I was too cheap.
> 
> I'll go out on a limb and say that Qubes is more about defending against 
> oncoming threats.
> 
> Pre-existing compromise creates a dilemma for the user, who can 
> pragmatically try to minimize further compromise by degrees. For 
> instance, burn a DVD and then verify it on multiple machines (incl. 
> different architectures). This is not unlike trying to validate the 
> authenticity of a PGP key using different network channels (not quite 
> "out of band" but possibly effective).
> 
> >
> > So what happens if that was not done,  or how can someone get a
> > trusted iso for the first time in the first place?  Is just checking
> > key signatures and using dd on a compromised machine enough? I
> > imagine that would be dangerous.
> >
> > Thanks for any suggestions.
> 
> Since you will probably want to start with Qubes on a non-compromised 
> machine, I suggest to download and verify using that.
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

yes good idea,  someone else had suggested to me to verify multiple iso's which 
is also a good idea.  Does Qubes ever plan on selling iso sticks?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f250acb-33b3-4ad1-8f59-974efb499883%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to get trusted iso?

[Chris Laprise]

On 05/01/2017 02:33 PM, cooloutac wrote:

I know I can't buy one, so how do I get an a fresh iso if my machine
is compromised?  Obviously,  someone more prudent would of kept their
original iso on dedicated usb stick. But I was too cheap.


I'll go out on a limb and say that Qubes is more about defending against 
oncoming threats.


Pre-existing compromise creates a dilemma for the user, who can 
pragmatically try to minimize further compromise by degrees. For 
instance, burn a DVD and then verify it on multiple machines (incl. 
different architectures). This is not unlike trying to validate the 
authenticity of a PGP key using different network channels (not quite 
"out of band" but possibly effective).




So what happens if that was not done,  or how can someone get a
trusted iso for the first time in the first place?  Is just checking
key signatures and using dd on a compromised machine enough? I
imagine that would be dangerous.

Thanks for any suggestions.


Since you will probably want to start with Qubes on a non-compromised 
machine, I suggest to download and verify using that.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04021104-354b-ea68-8bf4-a91b2774d073%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Intel ME exploitable

[Chris Laprise]

On 05/01/2017 12:38 PM, Jean-Philippe Ouellet wrote:


I want my RISC-V laptop already!


I would agree, but these things are still quite slow... correct? I think 
they are lacking in out-of-order execution and SIMD, for example.


A good benchmark for performance might be something like the last of the 
PowerPC CPUs (G5) which is a different RISC-type architecture.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22ec6e8c-eba6-943d-2531-2ea6f7cc27ec%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] say it out (loud) - Qubes OS Stickers

[Darren Fix]

On Monday, May 1, 2017 at 12:37:56 PM UTC-6, cooloutac wrote:
> On Friday, April 28, 2017 at 9:59:03 PM UTC-4, Darren Fix wrote:
> > On Tuesday, April 25, 2017 at 9:09:06 AM UTC-6, cooloutac wrote:
> > > On Monday, April 24, 2017 at 3:32:57 AM UTC-4, lok...@gmail.com wrote:
> > > > On Saturday, 22 April 2017 07:46:28 UTC+8, Dominique St-Pierre Boucher  
> > > > wrote:
> > > > 
> > > > > I would love a big logo like the one on the Twitter post in 2015. I 
> > > > > would also 
> > > > > like to have a small on to cover that windows logo on the keyboard... 
> > > > > I would also 
> > > > > like one with "Qubes inside"...
> > > > 
> > > > If you want a sticker, wouldn't it make more sense to have something 
> > > > without text. I'd argue that the best symbol for a secure laptop is one 
> > > > without any symbols or stickers at all. Just a single colour no-label 
> > > > laptop.
> > > > 
> > > > If there was a way to remove the vendor label (Dell, HP, etc...) from a 
> > > > latpop, I'd do it. :-)
> > > 
> > > I mean I guess you have a point though from a security point of view. But 
> > > I use a desktop.
> > > 
> > > I wonder does xfce have a windows desktop theme? lol
> > 
> > All right! I had some high quality stickers made by stickermule and they 
> > arrived today. I paid $66 for 100 of them. My plan is to send 34 to the 
> > Qubes team and charge $1 + shipping apiece for the remaining 66. I haven't 
> > figured out the details yet, but if you're interested hit me up with a 
> > private response with the following four pieces of information: Qubes 
> > sticker in the subject, Min number of stickers, Max number of stickers, 
> > cost of 1st class shipping from USA to where you live. 
> > 
> > Once I've figured out what the demand is and a fair way to distribute them 
> > as widely as possible, I'll try to get back to you to get shipping 
> > information, etc. 
> > 
> > Just so we're clear, the $1 price per sticker is paying for the stickers 
> > that I'm going to send to the developers/team, so any stickers that you buy 
> > will indirectly help them... kinda.
> > 
> > https://goo.gl/photos/rnqetfXjeekJS6yv9
> > 
> > Cheers!
> > 
> > Darren
> 
> I'll take one but I don't know how to do private response.
> 
> Also, I think Qubes should sell usb sticks with ISO on them.  I would pay 
> extra for that.

If you're using the groups.google.com interface, you can just click on the down 
arrow at the right of the post and select "Reply privately to author".

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8e34025-c9da-413e-8f4d-61c1e704854a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] say it out (loud) - Qubes OS Stickers

[cooloutac]

On Friday, April 28, 2017 at 9:59:03 PM UTC-4, Darren Fix wrote:
> On Tuesday, April 25, 2017 at 9:09:06 AM UTC-6, cooloutac wrote:
> > On Monday, April 24, 2017 at 3:32:57 AM UTC-4, lok...@gmail.com wrote:
> > > On Saturday, 22 April 2017 07:46:28 UTC+8, Dominique St-Pierre Boucher  
> > > wrote:
> > > 
> > > > I would love a big logo like the one on the Twitter post in 2015. I 
> > > > would also 
> > > > like to have a small on to cover that windows logo on the keyboard... I 
> > > > would also 
> > > > like one with "Qubes inside"...
> > > 
> > > If you want a sticker, wouldn't it make more sense to have something 
> > > without text. I'd argue that the best symbol for a secure laptop is one 
> > > without any symbols or stickers at all. Just a single colour no-label 
> > > laptop.
> > > 
> > > If there was a way to remove the vendor label (Dell, HP, etc...) from a 
> > > latpop, I'd do it. :-)
> > 
> > I mean I guess you have a point though from a security point of view. But I 
> > use a desktop.
> > 
> > I wonder does xfce have a windows desktop theme? lol
> 
> All right! I had some high quality stickers made by stickermule and they 
> arrived today. I paid $66 for 100 of them. My plan is to send 34 to the Qubes 
> team and charge $1 + shipping apiece for the remaining 66. I haven't figured 
> out the details yet, but if you're interested hit me up with a private 
> response with the following four pieces of information: Qubes sticker in the 
> subject, Min number of stickers, Max number of stickers, cost of 1st class 
> shipping from USA to where you live. 
> 
> Once I've figured out what the demand is and a fair way to distribute them as 
> widely as possible, I'll try to get back to you to get shipping information, 
> etc. 
> 
> Just so we're clear, the $1 price per sticker is paying for the stickers that 
> I'm going to send to the developers/team, so any stickers that you buy will 
> indirectly help them... kinda.
> 
> https://goo.gl/photos/rnqetfXjeekJS6yv9
> 
> Cheers!
> 
> Darren

I'll take one but I don't know how to do private response.

Also, I think Qubes should sell usb sticks with ISO on them.  I would pay extra 
for that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/782c5fd6-5f3a-406a-ba11-3dd61b7c06cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to get trusted iso?

[cooloutac]

I know I can't buy one, so how do I get an a fresh iso if my machine is 
compromised?  Obviously,  someone more prudent would of kept their original iso 
on dedicated usb stick. But I was too cheap.

So what happens if that was not done,  or how can someone get a trusted iso for 
the first time in the first place?  Is just checking key signatures and using 
dd on a compromised machine enough? I imagine that would be dangerous.

Thanks for any suggestions.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc6f21b0-4a46-49a7-ab4f-752e34f6db74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Changed resolution, now screen doesn't work?

[cooloutac]

On Monday, May 1, 2017 at 2:19:29 PM UTC-4, almir.a...@gmail.com wrote:
> On Monday, May 1, 2017 at 6:51:51 PM UTC+2, almir.a...@gmail.com wrote:
> > I changed the resolution of my Qubes from 1920x1080 to 1600x1200 (by 
> > accident) and now my screen doesn't show anything when I choose HDMI2 (my 
> > desktop PC is attached to the screen with an HDMI cable). Setting the 
> > resolution to 1280x1024 worked fine, but as soon as I set it to 1600x1200 
> > and clicked "apply" my screen turned black and now all it does is say "no 
> > signal" and I can't see anything on the screen to set it back to 1920x1080. 
> > How do I go about solving this?
> > 
> > Thanks.
> 
> Literally just had to reboot it.

lol

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/828cd207-a235-4705-b51b-cc5c855d432b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Changed resolution, now screen doesn't work?

[cooloutac]

On Monday, May 1, 2017 at 1:42:34 PM UTC-4, almir.a...@gmail.com wrote:
> On Monday, May 1, 2017 at 6:51:51 PM UTC+2, almir.a...@gmail.com wrote:
> > I changed the resolution of my Qubes from 1920x1080 to 1600x1200 (by 
> > accident) and now my screen doesn't show anything when I choose HDMI2 (my 
> > desktop PC is attached to the screen with an HDMI cable). Setting the 
> > resolution to 1280x1024 worked fine, but as soon as I set it to 1600x1200 
> > and clicked "apply" my screen turned black and now all it does is say "no 
> > signal" and I can't see anything on the screen to set it back to 1920x1080. 
> > How do I go about solving this?
> > 
> > Thanks.
> 
> I know of a potential solution but then I need help from someone on here.
> 
> What you can do is shut down all your windows and left-click the Qubes icon 
> (at the bottom left/top left) then solely use your keyboard to navigate to 
> the Display settings and change resolution. Then send me the exact keyboard 
> strokes you pushed (for example down arrow 2x, right arrow 1x, down arrow 8x, 
> tab 4x etc.) so that I can mimic them and ultimately change my resolution 
> back to 1920x1080.
> 
> Thanks in advance!
Are you using xfce?  I have a problem on mine after I do:

click Qubes icon,  down arrow 3 times,  right arrow once, down arrow 8 times, 
and press enter for display settings.   I can't tab in the dom0 display window. 
Can't figure out what do from there man sorry.  maybe someone else can help.

If i hit spacebar it highlights my monitors name but I don't know how to get to 
the resolution box.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6878fb0-87a5-4631-afdb-1fe76c69e1aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Reg Tiangha]

On 05/01/2017 12:19 PM, Reg Tiangha wrote:
> On 05/01/2017 12:04 PM, cooloutac wrote:
>> On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote:
>>> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then 
>>> the particular CPU is safe. But I am not 100% confident in vPro and related 
>>> technologies, so I might be wrong. Can someone confirm/deny this claim?
>>>
>>> Regards,
>>> Vít Šesták 'v6ak'
>> I think its more about the management engine on the intel chipsets.  They 
>> say every board after 2008 is affected, even if you don't have amt it can be 
>> exploited locally? does that mean from the host os or with physical access 
>> to the board?Sounds scary regardless.
>>
>> And so we have to hope we get a bios patch or something?  Is someone going 
>> to keep tabs on what boards are getting patched so we can go buy them? lol.
>>
>> Its funny but after the recent dom0 update I told my family we have to buy 
>> new pc hardware and they think I'm completely nuts.  And ironically, or 
>> maybe not, my bank card was just hacked over the weekend.  I'm praying it 
>> was got from the only online vendor I ever used it once at a month or two 
>> ago, or the processing company and not my system.  But it sure is a crazy 
>> coincidence...
>>
>> I wonder are boards that check for bios updates themselves even safe, Can 
>> someone intercept with malicious update? 
>>
> It's up to you whether or not you trust this archive or not, but there
> is an archive of various ME firmware being kept here:
>
> http://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
>
> and a more comprehensive archive here:
>
> http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html
>
> You might be able to update your Intel ME firmware using one of the
> files found there. But you'd probably want to wait until a firmware with
> at least an April 2017 release date or newer is available; not all of
> them have one yet (certainly not for any of the machines that I run).
>
>

Also, rather than doing a dump of your ME firmware and then running
Intel ME Cleaner on it, I think you can download one of the full
firmware images from the second link that's applicable for your machine,
run Intel ME Cleaner on it, and then flash that using an external
programmer. That said, I don't have the external hardware to do it, so I
haven't done it myself, nor do I know if that would actually work.  All
Intel ME Cleaner tutorials that I've seen do it by dumping the ME
firmware from the chip first.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oe7uej%24b4a%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Reg Tiangha]

On 05/01/2017 12:04 PM, cooloutac wrote:
> On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote:
>> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then 
>> the particular CPU is safe. But I am not 100% confident in vPro and related 
>> technologies, so I might be wrong. Can someone confirm/deny this claim?
>>
>> Regards,
>> Vít Šesták 'v6ak'
> I think its more about the management engine on the intel chipsets.  They say 
> every board after 2008 is affected, even if you don't have amt it can be 
> exploited locally? does that mean from the host os or with physical access to 
> the board?Sounds scary regardless.
>
> And so we have to hope we get a bios patch or something?  Is someone going to 
> keep tabs on what boards are getting patched so we can go buy them? lol.
>
> Its funny but after the recent dom0 update I told my family we have to buy 
> new pc hardware and they think I'm completely nuts.  And ironically, or maybe 
> not, my bank card was just hacked over the weekend.  I'm praying it was got 
> from the only online vendor I ever used it once at a month or two ago, or the 
> processing company and not my system.  But it sure is a crazy coincidence...
>
> I wonder are boards that check for bios updates themselves even safe, Can 
> someone intercept with malicious update? 
>

It's up to you whether or not you trust this archive or not, but there
is an archive of various ME firmware being kept here:

http://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

and a more comprehensive archive here:

http://www.win-raid.com/t832f39-Intel-Engine-Firmware-Repositories.html

You might be able to update your Intel ME firmware using one of the
files found there. But you'd probably want to wait until a firmware with
at least an April 2017 release date or newer is available; not all of
them have one yet (certainly not for any of the machines that I run).


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oe7u8b%24s5m%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Changed resolution, now screen doesn't work?

[almir . aljic1998]

On Monday, May 1, 2017 at 6:51:51 PM UTC+2, almir.a...@gmail.com wrote:
> I changed the resolution of my Qubes from 1920x1080 to 1600x1200 (by 
> accident) and now my screen doesn't show anything when I choose HDMI2 (my 
> desktop PC is attached to the screen with an HDMI cable). Setting the 
> resolution to 1280x1024 worked fine, but as soon as I set it to 1600x1200 and 
> clicked "apply" my screen turned black and now all it does is say "no signal" 
> and I can't see anything on the screen to set it back to 1920x1080. How do I 
> go about solving this?
> 
> Thanks.

Literally just had to reboot it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cbaaf6f5-f56a-4239-97d6-017269a63f48%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Overheat warning

[cooloutac]

On Sunday, April 30, 2017 at 2:16:56 PM UTC-4, - wrote:
> I have a very serious overheating problem with my Thinkpad X201t, and I'm 
> wondering if there's a better way of handling it in Qubes. At the moment, the 
> computer just suddenly starts to shut down without warning. (I can reliably 
> get the computer to overheat by converting three ebooks from epub to mobi at 
> the same time.)
> 
> 
> 
> Since the system obviously knows that it's overheating, is it possible to 
> handle this in a more polite way? It would be great if a warning would show 
> up saying that the computer is nearing a force-shutdown, and that I should 
> reduce whatever it is I'm doing. (In my case, converting ebooks.)
> 
> 
> 
> Has this been considered?

That would be nice to have,  the default temp sensor in xfce is just shows you 
the temp on the taskbar in green numbers. I don't think it even changes to 
yellow or red depending on temp like an lxde one does for me on another 
machine, so its pretty lame.  But I just look and see if they thing goes to 50c 
I think something is wrong.   It idles at 25c.  I have a desktop pc laptops run 
much hotter.

If you looking for something to give a popup or play a sound I'm not sure if 
lm-sensors can handle that you might need some 3rd party program.  But I'm 
always afraid to install anything to dom0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d83a3ad0-791d-43a4-89f9-1b9152d7278f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[cooloutac]

On Monday, May 1, 2017 at 1:26:52 PM UTC-4, Vít Šesták wrote:
> AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then 
> the particular CPU is safe. But I am not 100% confident in vPro and related 
> technologies, so I might be wrong. Can someone confirm/deny this claim?
> 
> Regards,
> Vít Šesták 'v6ak'

I think its more about the management engine on the intel chipsets.  They say 
every board after 2008 is affected, even if you don't have amt it can be 
exploited locally? does that mean from the host os or with physical access to 
the board?Sounds scary regardless.

And so we have to hope we get a bios patch or something?  Is someone going to 
keep tabs on what boards are getting patched so we can go buy them? lol.

Its funny but after the recent dom0 update I told my family we have to buy new 
pc hardware and they think I'm completely nuts.  And ironically, or maybe not, 
my bank card was just hacked over the weekend.  I'm praying it was got from the 
only online vendor I ever used it once at a month or two ago, or the processing 
company and not my system.  But it sure is a crazy coincidence...

I wonder are boards that check for bios updates themselves even safe, Can 
someone intercept with malicious update? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97a2c1d6-9797-4739-aa90-e24db3e3918c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Changed resolution, now screen doesn't work?

[almir . aljic1998]

On Monday, May 1, 2017 at 6:51:51 PM UTC+2, almir.a...@gmail.com wrote:
> I changed the resolution of my Qubes from 1920x1080 to 1600x1200 (by 
> accident) and now my screen doesn't show anything when I choose HDMI2 (my 
> desktop PC is attached to the screen with an HDMI cable). Setting the 
> resolution to 1280x1024 worked fine, but as soon as I set it to 1600x1200 and 
> clicked "apply" my screen turned black and now all it does is say "no signal" 
> and I can't see anything on the screen to set it back to 1920x1080. How do I 
> go about solving this?
> 
> Thanks.

I know of a potential solution but then I need help from someone on here.

What you can do is shut down all your windows and left-click the Qubes icon (at 
the bottom left/top left) then solely use your keyboard to navigate to the 
Display settings and change resolution. Then send me the exact keyboard strokes 
you pushed (for example down arrow 2x, right arrow 1x, down arrow 8x, tab 4x 
etc.) so that I can mimic them and ultimately change my resolution back to 
1920x1080.

Thanks in advance!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/952d3f62-7806-442b-8aeb-b3b6187dd1b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Problem installing qubes

[cube1701 via qubes-users]

I'm having the same problem. 
My machine is hanging onto the network setup.
I disabled the card in bios but no success. 

Can anyone help?

Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbbf73db-0b34-414c-8615-8564f897d208%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Vít Šesták]

AFAIU, if https://ark.intel.com/ shows “Intel® vPro™ Technology: no”, then the 
particular CPU is safe. But I am not 100% confident in vPro and related 
technologies, so I might be wrong. Can someone confirm/deny this claim?

Regards,
Vít Šesták 'v6ak' 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab7f1436-705a-4485-9b88-afe6068392c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Reg Tiangha]

On 05/01/2017 11:14 AM, Reg Tiangha wrote:
> On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote:
>> *Sigh*... Yep. We were right to be concerned (of course). And now we
>> have something other than our tin foil hats to point at too:
>>
>> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>>
>> I want my RISC-V laptop already!
>>
> I don't know if it helps things, but I recently disabled the
> CONFIG_INTEL_MEI, CONFIG_INTEL_MEI_ME, and CONFIG_INTEL_MEI_TXE kernel
> options in my kernel branches as soon as I was made aware of their
> existence. My hope is that the ME hardware can't be exploited using
> those methods if they don't exist in the kernel in the first place; that
> someone would have to find another way. But again, I have no idea if
> that's useful or not. For what it's worth, my systems still boot and run
> properly, but the newest machine I have access to is of the Sandy Bridge
> era; I have no idea if newer machines actually need those options baked
> into the kernel in order to run. Can anyone advise?
>
> https://github.com/rtiangha/qubes-linux-kernel
>
> Also, if anyone has any other ideas on kernel options to disable for
> various security concerns (ME related or not), let me know. For the
> moment, I've implemented almost all of the KSPP's recommended settings
> that are applicable to a certain kernel branch, except for the ones
> about loadable modules since I don't know how it affect u2mfn or any
> other user-compiled kernel modules a Qubes user may want to install. I
> haven't encountered any issues on my machines (or at least, any that
> I've noticed), but those could use more testing as well:
>
> https://github.com/rtiangha/qubes-linux-kernel
>
>
>
Ugh, forgot to hit CTRL-SHIFT-V, ha!

https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oe7qfr%24dro%242%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Intel ME exploitable

[Reg Tiangha]

On 05/01/2017 10:38 AM, Jean-Philippe Ouellet wrote:
> *Sigh*... Yep. We were right to be concerned (of course). And now we
> have something other than our tin foil hats to point at too:
>
> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>
> I want my RISC-V laptop already!
>

I don't know if it helps things, but I recently disabled the
CONFIG_INTEL_MEI, CONFIG_INTEL_MEI_ME, and CONFIG_INTEL_MEI_TXE kernel
options in my kernel branches as soon as I was made aware of their
existence. My hope is that the ME hardware can't be exploited using
those methods if they don't exist in the kernel in the first place; that
someone would have to find another way. But again, I have no idea if
that's useful or not. For what it's worth, my systems still boot and run
properly, but the newest machine I have access to is of the Sandy Bridge
era; I have no idea if newer machines actually need those options baked
into the kernel in order to run. Can anyone advise?

https://github.com/rtiangha/qubes-linux-kernel

Also, if anyone has any other ideas on kernel options to disable for
various security concerns (ME related or not), let me know. For the
moment, I've implemented almost all of the KSPP's recommended settings
that are applicable to a certain kernel branch, except for the ones
about loadable modules since I don't know how it affect u2mfn or any
other user-compiled kernel modules a Qubes user may want to install. I
haven't encountered any issues on my machines (or at least, any that
I've noticed), but those could use more testing as well:

https://github.com/rtiangha/qubes-linux-kernel



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oe7qck%24dro%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Checking laptop compatibility using boot from USB drive

[Vít Šesták]

I'll probably have an opportunity to verify some laptop's compatibility. My 
idea is to boot Qubes OS or its installer from USB and then to do some checks 
(most notably VT-d compatibility and USB controller topology). It should be 
something done in reasonable time and without installing QubesOS on the 
machine. How should I do that?

a. Boot the installer. It however does not seem to contain qubes-hcl-report 
(just unpacked it), so it does not seem to be easy to check VT-d this way. (I 
know the CPU supports it, but I can just guess if MoBo/BIOS do too.)
b. Boot LiveUSB. It is outdated and unsupported and AFAIR with some known bugs 
that could prevent booting if I am unlucky. So, this might work, but it might 
easily fail.
c. Install QubesOS on USB stick (and disable usbvm) and boot it. I am not sure 
if this will work when QubesOS is booted on a different hardware than it was 
installed with. I see some potential incompatibilities, e.g., wrong PCI device 
ids assigned to sys-net or too high vCPU count assigned to a VM (target laptop 
has fewer CPU cores) or addresses in fstab/crypttab. While the mentioned issues 
seem to be manageable (remove all PCI devices and fix vCPU count if it is too 
high and check fstab/crypttab), I am not sure if they are exhaustive. Maybe 
this will work well. (After all, I just need dom0 to boot, not other VMs.)

No option seems to be perfect. What would you suggest to try?

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/96a8a5c9-8395-431a-81fd-1351463f81fe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Changed resolution, now screen doesn't work?

[almir . aljic1998]

I changed the resolution of my Qubes from 1920x1080 to 1600x1200 (by accident) 
and now my screen doesn't show anything when I choose HDMI2 (my desktop PC is 
attached to the screen with an HDMI cable). Setting the resolution to 1280x1024 
worked fine, but as soon as I set it to 1600x1200 and clicked "apply" my screen 
turned black and now all it does is say "no signal" and I can't see anything on 
the screen to set it back to 1920x1080. How do I go about solving this?

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6d45b43-755b-4360-94e9-6d94e210087c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Auto update download in Linux

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Drew White:
> On Wednesday, 26 April 2017 11:05:43 UTC+10, Rusty Bird  wrote:
> > Rusty Bird:
> > > Drew White:
> > > > On Tuesday, 25 April 2017 07:51:46 UTC+10, Unman  wrote:
> > > > > I think the only way to get a caching proxy is to install your own - I
> > > > > use apt-cacher-ng, but I'm mainly Debian.
> > > > But the UpdateVM is supposed to do that.
> > > 
> > > No, that's a non-caching proxy.
> > 
> > Sorry, I shouldn't mix these up: The "UpdateVM" proxies _dom0_
> > updates. It doesn't necessarily run an instance of the (completely
> > different) "Updates Proxy" for VM updates. But anyway, the latter is
> > non-caching.
> 
> Well, if I don't give the guest access to the internet by restricting 
> firewall, and I tell it to "Allow connections to Updates Proxy", why doesn't 
> that do what it says it will do?

But it does! Maybe you expect proxying to imply caching, which is not
necessarily the case. The Updates Proxy is one of many non-caching
proxies.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJZBzAjXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfbMkP/1sfPT9Kh7hi7YJTsy3rOmY0
Mk2x6+FXK9sv3CqqgUv+O0C3V0+nnBuCZYMM2vHYhOETp4j7mkrVaFMrJpScFkAd
C1PVyRmgSZEvas5bhAaWAYbXyiBtcDu/EgCzNQOriRfoiXVlmAMXyQ5UfsmoDrY1
owE7YjR92XLIyVackw8E1zxD2OZ9ptQjJe6rRdFr6iWgLw3o7A1GP5ccefHkmD3U
GogvBGdXTrP9NVZKM/+DvwIDAUEfrfs1E42YeFFNXMnmljTQtKieWs1LUnriv76g
pPnL9EMTyoEK1xhCU8URUl/wllW8hDruo1YoIYj6zX8cTwiYkN3+NTmllFgEzdNO
RLlHi3YVsd7nllTRPWN+gk8xaIRTzj5IurawKop3b0k01Szi+TuLRa0+gEv2iA8f
bM5HpTG2KGcIVeG1lqDDgG/746dcaDiLaEg8nL4EreZ1/6DEOzXR9Bnd8eIOnW2a
vChPJK+8JdVf7HfTVO8OuyMcUnTMIk95jD8yGKpZYOyjVZEN9jLOzgR7oNTaFZH7
S1l5CAgfQFsgQ2o7TbXb2kNSbVg1ZB707i5e8yOznOX6TneERWICJ0qhMuYS4zl5
QrgXc6AjWDa0EcDKksG1AHB7o9cFhhQrALAisy3T9jr241ALHFZjLtNc0xU2js5F
Q5HgNOMZ4XnnM10JRnl2
=tf56
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170501125459.GA14080%40mutt.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Overheat warning

[-]

-- Original Message 
Subject: Re: Overheat warning
Local Time: May 1, 2017 5:47 AM
UTC Time: May 1, 2017 9:47 AM
From: grzegorz.chodzi...@gmail.com
To: qubes-users 
lo...@lorentrogers.com

W dniu niedziela, 30 kwietnia 2017 20:16:56 UTC+2 użytkownik - napisał:
> I have a very serious overheating problem with my Thinkpad X201t, and I'm 
> wondering if there's a better way of handling it in Qubes. At the moment, the 
> computer just suddenly starts to shut down without warning. (I can reliably 
> get the computer to overheat by converting three ebooks from epub to mobi at 
> the same time.)
>
>
>
> Since the system obviously knows that it's overheating, is it possible to 
> handle this in a more polite way? It would be great if a warning would show 
> up saying that the computer is nearing a force-shutdown, and that I should 
> reduce whatever it is I'm doing. (In my case, converting ebooks.)
>
>
>
> Has this been considered?

run pwm config and then fancontrol in dom0

Are you just suggesting I re-test my fans to make sure they're working? Is 
Qubes supposed to be giving a warning by default? What specifically do you 
think I should do with pwmconfig and fancontrol?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/sIzgXlQJaQRqLywBUp5GPdKA2Q3WkC7sZkk0a-TdWrt1Q2gmpwaHpWGL5jkq_ndGZ_KLA8mea3XQAe3eNEgbAC9hiMMCFDIe8uk-rJkqGE4%3D%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] awesome wm: Focus steal hardened rc.lua

[David Hobach]

Dear users,

I was annoyed by some unwanted focus changes whilst using awesome and 
thus created the attached config that should prevent most of them. Maybe 
it'll be useful to some of you (I noticed some threads on this mailing 
list about focus steal stuff after all).


The code should be rather self-explanatory for anyone interested.

@Devs: Not sure whether you'd be interested to push parts of that upstream.

Kind Regards
David

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/582a6bf5-0d93-b63c-2e3f-a1ba65400deb%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.
-- focus changes only on the following events:
-- 	- mouse move & click afterwards
-- 		works, last tested 2017-05-01
-- 	- workspace/tag change
-- 		works, last tested 2017-05-01
-- 	- pre-defined key combinations for focus changes (Mod-j & Mod-k)
-- 		works, last tested 2017-05-01
-- 	- tag assignments and unassignments
--		works, last tested 2017-05-01
-- Everything else is considered an unwanted "focus steal". In particular the following events must never cause a focus change:
--	- new window created
--		works, last tested 2017-05-01 (start e.g. gnome-calculator from console)
--	- window closed
--		focus changes to another window, i.e. currently does *NOT* work (pending on https://github.com/awesomeWM/awesome/issues/164 ?), last tested 2017-05-01
--	- application request
--		seems to work (hard to test; done: thunderbird password prompt does not receive focus), last tested 2017-05-01
--	- mouse move without click/sloppy focus
--		works, last tested 2017-05-01
--
-- use Meta + Ctrl + r to reload the config

-- Standard awesome library
local gears = require("gears")
local awful = require("awful")
awful.rules = require("awful.rules")
--make sure focus changes on tag changes, assignments and unassignments work
require("autofocus_custom")

-- Widget and layout library
local wibox = require("wibox")
-- Theme handling library
local beautiful = require("beautiful")
-- Notification library
local naughty = require("naughty")
local menubar = require("menubar")

local qubes = require("qubes")

-- {{{ Error handling
-- Check if awesome encountered an error during startup and fell back to
-- another config (This code will only ever execute for the fallback config)
if awesome.startup_errors then
naughty.notify({ preset = naughty.config.presets.critical,
 title = "Oops, there were errors during startup!",
 text = awesome.startup_errors })
end

-- Handle runtime errors after startup
do
local in_error = false
awesome.connect_signal("debug::error", function (err)
-- Make sure we don't go into an endless error loop
if in_error then return end
in_error = true

naughty.notify({ preset = naughty.config.presets.critical,
 title = "Oops, an error happened!",
 text = err })
in_error = false
end)
end
-- }}}

-- {{{ Variable definitions
-- Themes define colours, icons, font and wallpapers.
beautiful.init("/usr/share/awesome/themes/default/theme.lua")

-- This is used later as the default terminal and editor to run.
terminal = "xterm"
editor = os.getenv("EDITOR") or "vi"
editor_cmd = terminal .. " -e " .. editor

-- Default modkey.
-- Usually, Mod4 is the key with a logo between Control and Alt.
-- If you do not like this or do not have such a key,
-- I suggest you to remap Mod4 to another key using xmodmap or other tools.
-- However, you can use another modifier like Mod1, but it may interact with others.
modkey = "Mod4"

-- Table of layouts to cover with awful.layout.inc, order matters.
local layouts =
{
awful.layout.suit.floating,
awful.layout.suit.tile,
awful.layout.suit.tile.left,
awful.layout.suit.tile.bottom,
awful.layout.suit.tile.top,
awful.layout.suit.fair,
awful.layout.suit.fair.horizontal,
awful.layout.suit.spiral,
awful.layout.suit.spiral.dwindle,
awful.layout.suit.max,
awful.layout.suit.max.fullscreen,
awful.layout.suit.magnifier
}
-- }}}

-- {{{ Wallpaper
if beautiful.wallpaper then
for s = 1, screen.count() do
gears.wallpaper.maximized(beautiful.wallpaper, s, true)
end
end
-- }}}

-- {{{ Tags
-- Define a tag table which hold all screen tags.
tags = {}
for s = 1, screen.count() do
-- Each screen has its own tag table.
tags[s] = awful.tag({ 1, 2, 3, 4, 5, 6, 7, 8, 9 }, s, layouts[2])
end
-- }}}

-- {{{ Menu
-- Create a laucher widget and a main menu
mymainmenu = awful.menu({ items = qubes.make_menu(), theme = { width = 300, height = 24 } })

mylauncher = awful.widget.launcher({
image = 

[qubes-users] Re: Overheat warning

[Grzesiek Chodzicki]

W dniu niedziela, 30 kwietnia 2017 20:16:56 UTC+2 użytkownik - napisał:
> I have a very serious overheating problem with my Thinkpad X201t, and I'm 
> wondering if there's a better way of handling it in Qubes. At the moment, the 
> computer just suddenly starts to shut down without warning. (I can reliably 
> get the computer to overheat by converting three ebooks from epub to mobi at 
> the same time.)
> 
> 
> 
> Since the system obviously knows that it's overheating, is it possible to 
> handle this in a more polite way? It would be great if a warning would show 
> up saying that the computer is nearing a force-shutdown, and that I should 
> reduce whatever it is I'm doing. (In my case, converting ebooks.)
> 
> 
> 
> Has this been considered?

run pwm config and then fancontrol in dom0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a516f9d9-d56b-4d7e-89a9-ecaa7c80f65b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] dom0 "refused to give back memory" with the yellow triangle error, Must I reboot it ?

[Myna]

I have like 10 AppVMs open I'd rather not close them all and reopen,
since qvm-close -all always hangs so,  does it really matter ? because
it's dom0 vs. other VMs ?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7684261f-e667-3474-f49f-52be59031560%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: One of many questions: 2 displays ? how

[Alex]

On 04/30/2017 12:20 AM, foo4 wrote:
> Alex, I have two computers, On both what happens is it mirrors the
> primary display, but I'm wanting to expand/extend the display not
> clone it :)
> 
> They are both onboard Intel CPU graphics, I'd have to look up what
> comes with skylake and kabylake.
> 
> Fwiw, I have a dual/multi boot systems and in Linux Mint and Fedora,
> the monitors are automagically being extended fine.
> 
> How would I assign hardware to a specific AppVM,  I'm a new user ...
> 
Roger that! You may find the display settings applet inside the settings
editor; depending on your desktop environment / window manager, the
procedures to open it may vary.

AFAIK, if any of the most famous display settings applet do not display
some option (i.e. extend desktop instead of mirror, some resolution
settings, or other) it *may* be that the driver does not support them on
the current hardware.

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3cdc550-ba42-c3c5-165b-ed41e044a87e%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature