Re: [qubes-users] No longer displays attached external hdd

[Franz]

On Tue, Jun 6, 2017 at 11:32 PM, Christopher Thacker 
wrote:

> I installed Qubes 3.2 (default Fedora) and it easily detected my external
> hdd and let me attach and mount it.  I used it as I normally would.
>
> I applied the updates for the whole system and discovered that Qubes now
> does not detect my external hdd.  This holds true even if I restart or
> shutdown then start.
>
> Now if I plugin my external hdd, the option to attach to a Qube is "greyed
> out".  Again this holds true even after restarts and shutdowns.
>
> This is very puzzling and frustrating but I couldn't find any literature
> to help me.  I would appreciate any help.
>
>
Have you seen this: https://www.qubes-os.org/doc/usb/
Best
Fran



> Any thoughts?
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/adb7b25d-c221-4534-a485-563a894f7b65%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAjMWor2TiPCsfod9MVEVcgjMfcc4rXvo0RgX52QDbM_g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unusually quick shutdown

[Christopher Thacker]

I recently moved from Qubes 2 to 3.2.

Qubes 2 took a long time to shutdown, presumably because of the LUKS 
encryption. 

I noticed Qubes 3.2 shuts down much faster.  The progress bar at the screen's 
bottom doesn't even finish (doesn't reach the end) before the machine shuts 
down.

Is this behaviour change ok?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68f77ed3-b671-4071-b9c9-afb65f18d1ac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] No longer displays attached external hdd

[Christopher Thacker]

I installed Qubes 3.2 (default Fedora) and it easily detected my external hdd 
and let me attach and mount it.  I used it as I normally would.

I applied the updates for the whole system and discovered that Qubes now does 
not detect my external hdd.  This holds true even if I restart or shutdown then 
start.

Now if I plugin my external hdd, the option to attach to a Qube is "greyed 
out".  Again this holds true even after restarts and shutdowns.

This is very puzzling and frustrating but I couldn't find any literature to 
help me.  I would appreciate any help.

Any thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adb7b25d-c221-4534-a485-563a894f7b65%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cannot get IPv6 working on Qubes

[Franz]

On Tue, Jun 6, 2017 at 7:52 PM, Unman  wrote:

> On Tue, Jun 06, 2017 at 07:27:08PM -0300, Franz wrote:
> > Hello,
> >
> > Since my ISP does not does not allow IPv6 connections, I set up a he.net
> > tunnel in my openWRT router.
> >
> >  It works connecting another linux computer to the router, but not
> > connecting Qubes.
> >
> > On Qubes, if I try to flag the box "require IPv6 addressing for this
> > connection to complete" on network manager it is unable to connect. I
> tried
> > both Fedora and Debian on sys-net, but none works.
> >
> > Any idea what may be the problem? It should not be sys-firewall because
> it
> > is behind sys-net.
> > best
> > Fran
>
> IPv6 isn't supported - some work has been done but it isn't complete as
> yet. I don't think it is targeted until r4.
>
>
Ahhh!, many thanks Unman

> unman
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qBxPy3y7zsu59oDgJ9BvrdUdM-mZMxzWaKbuarjLQvzXg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Cannot get IPv6 working on Qubes

[Unman]

On Tue, Jun 06, 2017 at 07:27:08PM -0300, Franz wrote:
> Hello,
> 
> Since my ISP does not does not allow IPv6 connections, I set up a he.net
> tunnel in my openWRT router.
> 
>  It works connecting another linux computer to the router, but not
> connecting Qubes.
> 
> On Qubes, if I try to flag the box "require IPv6 addressing for this
> connection to complete" on network manager it is unable to connect. I tried
> both Fedora and Debian on sys-net, but none works.
> 
> Any idea what may be the problem? It should not be sys-firewall because it
> is behind sys-net.
> best
> Fran

IPv6 isn't supported - some work has been done but it isn't complete as
yet. I don't think it is targeted until r4.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170606225236.GA29716%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Cannot get IPv6 working on Qubes

[Franz]

Hello,

Since my ISP does not does not allow IPv6 connections, I set up a he.net
tunnel in my openWRT router.

 It works connecting another linux computer to the router, but not
connecting Qubes.

On Qubes, if I try to flag the box "require IPv6 addressing for this
connection to complete" on network manager it is unable to connect. I tried
both Fedora and Debian on sys-net, but none works.

Any idea what may be the problem? It should not be sys-firewall because it
is behind sys-net.
best
Fran

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qABXJzTSo-mQ%2B1oFZ83kK2nV%2BOm_YxXWL13jphsLVK1pg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Rmove templates complitly

[mikihonchan8]

On Tuesday, June 6, 2017 at 11:55:55 AM UTC+2, Finsh wrote:
> sorry for the late answer, i was traveling to an country where you better 
> dont take an encrypted computer with you.
> 
> Yes, it says no such file ore directory.
> 
> greetings

Not sure if that is what you mean by application list:

alt+f3
click template
right click and revert on every item of template

regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/84733994-a940-4906-a067-0e5800d8ace6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Update RPC does not work in debian-8 / missing $DISPLAY when running RPC as root

[Chris Laprise]

On 06/06/2017 02:07 AM, Vít Šesták wrote:

I am not aware of any change that could have affected it. And I have no further 
ideas what to check. 

Regards,
Vít Šesták 'v6ak'



Only other variables I can think of: I'm using a 4.9.28 kernel and a VPN 
proxyVM. Also, Apparmor is enabled.


--

Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5a18009-5369-d88a-d327-1a61a8cc002f%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Split GnuPG for GpgMe

[Torsten Grote]

Hi all,

I would like to use some programs that use GnuPG only via the
recommended way of GpgMe library, so that the qubes-gpg-client-wrapper
can not be used like it can with Enigmail.

AFAIK using gnupg directly via a subshell is discouraged by the GnuPG
developers. Does anybody have more information on how to do that or
maybe already has a working setup?

Thanks,
Torsten

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8dcec06d-d913-67f0-1ad3-6f388800ec24%40grobox.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Initiate VM update from dom0 command line

[e3b]

On Mon, Jun 05, 2017 at 04:22:48PM -0400, Chris Laprise wrote:
> You can call the VM's update script with:
> $ qvm-run -a -u root vmname '/etc/qubes-rpc/qubes.InstallUpdatesGUI'
> 
> I also wrote a script that can handle multiple updates, use non-interactive
> mode, select by availability and trim templates:
> 
> https://github.com/tasket/Qubes-scripts
> 
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Great! Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170606110857.bepls7o2bvmbi3al%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: install Qubes 3.2 Stucked at "Starting Switch Root..."

[Paulo Marques]

I cooloutac

Thank you for your suggestions

"I would play around with bios settings man.  set turn off secure boot,  hdd 
mode ahci, use legacy boot. change csm settings, try auto,  set to boot other 
os.  check usb settings, any other hdd settings."   

I've done all that already (I've been doing that since last tuesday...) :( :P  
;)

"Does baremetal fedora install and run ok?" 
I haven't tried that, just tried to run Fedora on a Virtualbox VM and it runs ok

As the usb device for qubes installation loaded and checked the files.
I've tried also to follow this link instructions (below) as the message in the 
beginning of the installation says 

Error messages beneath the
efi: EFI_MEMMAP is not enabled.
esrt: ESRT header is not in the memory map.
are:
dracud-pre-trigger[402]: cat: /tmp/dd_disk: No such file or directory. 
dracut-initqueue[511]: mount: /dev/sdb is write protected while booting the 
installation device.

I've trie also to follow this instructions (see links below)

https://www.qubes-os.org/doc/uefi-troubleshooting/
https://www.reddit.com/r/Qubes/comments/6f2kuu/tutorial_for_those_having_installationboot/

"In GRUB menu1, select “Troubleshoot”, then “Boot from device”, then press e.
At the end of chainloader line add /mapbs /noexitboot.
Perform installation normally, but not reboot system at the end yet."

but Before I can perform installation normally it runs the text command line 
(in a speedy way) (I think that's the ANACONDA installer wright?) and in the 
middle stops the text and says

"starting show plymouth boot screen..." 
and doesn't get out of there...

So I've to reboot again after a wile and whatever options I choose from the 
menu (  1)install Qubes 3.2, 2) preform a test and install, 3) troubleshoot and 
verboose mode, and 4) rescue a qubes installation I always get stuked in the 
same frase/fase of the installation.

Any suggestions??

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df551563-1cf7-4b34-be5a-a29bf95c63d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Rmove templates complitly

[Finsh]

sorry for the late answer, i was traveling to an country where you better dont 
take an encrypted computer with you.

Yes, it says no such file ore directory.

greetings

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3bfb942-7bcc-400d-b8b7-d62ec29fc072%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qbes show 2 machine window

[phongxuan1511]

hi, i have just install win 7 on qubes, i change the file config to bypass the 
bug. When i finish, i open win 7 and show 2 vm, 1 is the win 7, i can use 
normally, but another is only show the logo win 7, how can i remove this error 
win 7

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f686deae-c39e-42cd-9049-4f6627763377%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Status of Archlinux template

['Olivier Médoc' via qubes-users]

On 06/01/2017 05:10 PM, Damon Gant wrote:
> I've been trying to get the Arch template running following the guide
> at https://www.qubes-os.org/doc/templates/archlinux/ on a brand new
> install.
>
> I can get it to a point where the VM boots and I can spawn xterm, but
> pretty much everything else is broken.
>
> - /etc/pacman.d/*.conf is not included from pacman.conf. This breaks
> the custom repo and updating over the proxy.
> - fixing that, the GPG key is not imported to the pacman keychain by
> default
> - updating over proxy is still broken, but custom repo works at this
> point
> - the qubes guest tools that come with the image are a higher version
> than those available from repos
> - upgrades are impossible due to pulseaudio and xorg version
> conflicts; yes that's a known issue, but suspect to me because pacman
> tries to downgrade
>
> Can anyone confirm this is broken or working for them, or even maybe
> got an idea what's wrong?
>

Hello,

The archlinux template does not point to the right custom repository.

Here is my current /etc/pacman.d/99-qubes-repository-3.2.conf :
[qubes-r3.2]
Server = http://olivier.medoc.free.fr/archlinux/current/

As you suggested, you first need to include /etc/pacman.d/*.conf in
pacman.conf (this is also broken is the currently binary template).

Adding the custom GPG key must be done to make the custom repository
working properly (as described in
https://www.qubes-os.org/doc/templates/archlinux/)

After that, a template update through pacman -Suy should work properly
for Qubes 3.2 (the built packages versions are qubes-vm-core 3.2.15-11
and qubes-vm-gui 3.2.13-7).

I think we should either update
https://www.qubes-os.org/doc/templates/archlinux/ to document how to
update the broken template or build and distribute a new template.

To summarize:
- /etc/pacman.d/*.conf must be included manually from the initial template
- /etc/pacman.d/99-qubes-repository-3.2.conf should be modified to point
the the right custom repo (it will be probably better if I link the old
repository to the new one)
- the custom GPG key must be enabled in order to install packages from
the qubes-r3.2 repository
- updating over the proxy should work as soon as the qubes packages are
updated (the firewall need to be disabled for the initial update)
- there are currently no xorg or pulseaudio conflicts (at least with the
custom repository packages)
- copying between appvms work with the last packages (at least for me)
- I never tested archlinux as an usbvm, but it worked in the past for
mass storage (I'm not sure if the input proxy is working properly). I
will test this as soon as I have some time.

Thanks for your feedback anyway,

Olivier Médoc

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/095120e8-cafa-a946-ea43-5caa4da7261f%40yahoo.fr.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes Canary #12

['Tomei Ningen' via qubes-users]

This is an interesting point to consider, thanks 7v5w[...]. Some thoughts this 
brings to mind:

-
I know that we all understand that the canary system is little more than a 
matter of reassurance - as I understand it, it's not a security feature so much 
as a security blanket. That said, I would imagine that avoiding the chilling 
effect which often accompanies undue paranoia is a practical priority and I 
also feel that the community would be better served if the frequency was 
increased rather than decreased. As has been said, should the worst occur we'd 
be better equipped to mitigate damages and/or minimize exposure.
-
I wonder if the debate over whether there's a 'better' time to update the 
system with respect to the canary schedule is a moot point. I would think that 
the risk of having unpatched vulnerabilities would greatly outweigh the 
ostensible benefit(s) that might be afforded to those intent on avoiding a 
TAO-type situation, no? Regardless of the threat model you subscribe to there 
are tons of players on the field and most will take the path of least 
resistance if it should be available to them.
To that end, if the worst were to occur would any of us actually trust a backup 
to be trustworthy? We know now that many of the methods of evading detection 
and achieving persistence are sophisticated and disturbingly effective. I'd 
consider it Game Over at that point.
- Why aren't the canaries date-specific? I'm sure this is done with good reason 
but I'm curious to know what that reasoning is.

- TN

 Original Message 
Subject: Re: [qubes-users] Qubes Canary #12
Local Time: June 5, 2017 5:35 PM
UTC Time: June 5, 2017 5:35 PM
From: 7v5w7go9u...@gmail.com
To: qubes-users@googlegroups.com

On 06/05/2017 04:06 PM, Unman wrote:
> On Mon, Jun 05, 2017 at 03:59:26PM +, 7v5w7go9ub0o wrote:
>> On 06/05/2017 01:42 PM, Andrew David Wong wrote:
>>
>> 
>>
>>> 1. The date of issue of this canary is June 2, 2017.
>> 
>>
>>> 5. We plan to publish the next of these canary statements in the first
>>> two weeks of September 2017. Special note should be taken if no new canary
>>> is published by that time or if the list of statements changes without
>>> plausible explanation.
>> 
>>
>>
>> Thanks for the note.
>>
>> IIUC, the canary system is now quarterly and three months until the next
>> canary. That also means that a back-door and gag order could be placed
>> into effect against Qubes today, and users would be clueless about it
>> 'til September - up to three months of user jeopardy if there are Summer
>> updates.
>>
>> The cautious user will reason that his system updates should be only
>> applied immediately before the Quarterly canary; thereby assuring -
>> after the canary is issued - that his quarterly update(s) was not
>> back-doored. This could be a disaster if an accidentally flawed update
>> happened to get out.
>>
>> Please consider *increasing* the frequency of canaries - not decreasing.
>> Alternatively, consider issuing additional canaries shortly after
>> important system updates, and scheduling "minor" system updates a week
>> before the quarterly canary.
>>
>> A weekly canary would be much more useful and reassuring, as I wouldn't
>> have to wait to do updates. Also, ISTM weekly would be easier for ITL to
>> manage.
>>
> I agree on the frequency point. But surely a cautious user will not
> install updates until immediately AFTER the Quarterly canary, not
> before. And since the canary dates are not fixed, how is one to know
> when "immediately before" might be?
>
>

1. The canary needs to be issued on a fixed date for the system to work;
otherwise a "late" canary is meaningless.

2. Certainly the back-door and gag order will be mandated immediately
after the canary. So any updates after the canary are no longer
trustworthy. Any updates after the date of the most recent canary can be
compromised.

IF you update immediately before the date-certain canary, and then
discover that the canary is not updated or otherwise untrustworthy, you
then restore to the last known-good backup (and seek an explanation).

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/012fa555-c3ca-f2e4-fc06-7b40791634fb%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit