Re: [qubes-users] Upgrade from 3.2 to 4.0 ?

2018-01-23 Thread ThierryIT
Will have to wait the stable version in this case :)
Thx

Le mercredi 24 janvier 2018 08:01:18 UTC+2, Chris Laprise a écrit :
> On 01/24/2018 12:52 AM, ThierryIT wrote:
> > Hi,
> > 
> > Is there any procedure available ?
> > Or can I follow this one: https://www.qubes-os.org/doc/upgrade-to-r3.2/
> > 
> > Thx
> > 
> 
> There is no procedure for in-place upgrading that I'm aware of. You'll 
> need to backup your VMs, install 4.0, then restore the VMs.
> 
> -- 
> 
> Chris Laprise, tas...@posteo.net
> https://github.com/tasket
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d9b9d638-9e92-446a-af8f-35a5ac1ef763%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Networking unavailable on Dell XPS 9350, QubesOS 4

2018-01-23 Thread jayarjo
I decided to try Qubes OS 4 on my XPS 9350 laptop, from USB drive. Mostly it 
went ok (had to manually specify EFI file in BIOS to make it load), but 
networking is completely unavailable. I think the reason might be that laptop 
itself doesn't have ethernet adapter - it connect via a dock station (which 
has). I believe something has to be fixed somewhere to enable it? The dock 
station itself seems to be recognized somehow, since I have double external 
monitors connected to it and QubesOS properly spread over all three (one  of 
the laptop and two external).

I see networking icon in the system tray. But it is red with a cross in the 
lower right corner and when I click on it it says Ethernet Network "device not 
managed". What does it mean?

Laptop also has wireless Broadcom Limited BCM4350 [14e4:43a3] network 
controller, however from dmesg I see that:

brcmfmac: brcmf_chip_recognition: SB chip is not supported
brcmfmac: brcmf_pcie_probe: failed 14e4:43a3

...so it probably is not supported.

Is there anything I can do in either direction to obtain networking in my Qubes 
OS 4 on this platform?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c869701-b357-4293-85fa-e4f3b40f2387%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Please help with custom template build

2018-01-23 Thread Krišjānis Gross
On Tuesday, 23 January 2018 17:36:00 UTC, Krišjānis Gross  wrote:
> Hi, 
> 
> I am trying to build a custom installation .iso. I have an issue that I have 
> purchased a new set of hardware that does not work with the current builds of 
> qubes. I am trying to build the most updated version with hope that it could 
> work. 
> 
> I am running a Fedora linux and trying to build with these instructions: 
> https://www.qubes-os.org/doc/building-archlinux-template/
> 
> I use the ./setup to create the installation configuration. 
> 
> make install-deps goes fine.
> make get-sources goes smooth as well
> 
> but I get an error when running the mage qubes command.
> Here is what I get:
> 
> [krish@localhost qubes-builder]$ make qubes
> Currently installed dependencies:
> git-2.14.3-2.fc27.x86_64
> rpmdevtools-8.10-3.fc27.noarch
> rpm-build-4.14.0-2.fc27.x86_64
> createrepo-0.10.3-12.fc27.noarch
> debootstrap-1.0.92-1.fc27.noarch
> dpkg-dev-1.18.24-3.fc27.noarch
> python2-sh-1.12.14-2.fc27.noarch
> dialog-1.3-10.20170509.fc27.x86_64
> dpkg-dev-1.18.24-3.fc27.noarch
> debootstrap-1.0.92-1.fc27.noarch
> PyYAML-3.12-5.fc27.x86_64
> make[1]: Entering directory '/home/krish/qubes-builder'
> -> Preparing fc25 build environment
> -> Initializing RPM database...
> -> Retreiving core RPM packages...
> -> Verifying signatures...
> Filename: 
> /home/krish/qubes-builder/cache/fc25/base_rpms/acl-2.2.52-13.fc25.x86_64.rpm 
> is not signed.  Exiting!
> make[1]: *** 
> [/home/krish/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:86: 
> /home/krish/qubes-builder/chroot-fc25/home/user/.prepared_base] Error 1
> make[1]: Leaving directory '/home/krish/qubes-builder'
> make: *** [Makefile:224: vmm-xen-dom0] Error 1
> 
> 
> Does anyone has an idea of what I do wrong or how to resolve this? 
> I have attached the builder.conf file that I have.



> Maybe the downloaded rpm is wrong? Did you try to remove it from cache 
and force it to download again? 

Yes, I tried the whole process multiple times. 
 - Tried cleaning the qubes-builder/cache folder. 
 - Tried other versions of fedora and got similar error. e.g. starting with 
/cache/fc23


> Also, did you download the keys and mark as trusted, or did .setup do it 
> for you? See the first few steps here: 
> https://www.qubes-os.org/doc/building-archlinux-template/ 
>
> There's a rumor rc4 may be out soon. 

Yes, I did that and I think that I did it correctly. Could post more details if 
you think this could be the root cause.

looking forward for the RC4 :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32c89429-350b-4bb3-ac77-a66fe0328f2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Networking not available on XPS 9350, QubesOS 4

2018-01-23 Thread jayarjo
I decided to try Qubes OS 4 on my XPS 9350 laptop, from USB drive. Mostly it 
went ok (had to manually specify EFI file in BIOS to make it load), but 
networking is completely unavailable. I think the reason might be that laptop 
itself doesn't have ethernet adapter - it connect via a dock station (which 
has). I believe something has to be fixed somewhere to enable it?

I see networking icon in the system tray. But it is red with a cross in the 
lower right corner and when I click on it it says Ethernet Network "device not 
managed". What does it mean?

Laptop has Broadcom Limited BCM4350 network controller [14e4:43a3] network 
controller, however from dmesg I see:

brcmfmac: brcmf_chip_recognition: SB chip is not supported
brcmfmac: brcmf_pcie_probe: failed 14e4:43a3

so it probably is not supported.

Is there anything I can do in either direction to obtain networking in my Qubes 
OS 4 on this platform?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c13595b7-052b-408c-82e4-346a0c4a02f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS screensharing

2018-01-23 Thread Dave C
I hope no one minds reviving an old thread...

I recently needed to screenshare in Qubes (4.x, but 3.2 should work the same).  
I wrote up my notes:

https://www.dave-cohen.com/blog/qubes-vnc-screenshare/

Feedback welcome, especially if the method can be improved.  Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c9de595-73db-4251-a5c8-e317cab6cc30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Upgrade from 3.2 to 4.0 ?

2018-01-23 Thread Chris Laprise

On 01/24/2018 12:52 AM, ThierryIT wrote:

Hi,

Is there any procedure available ?
Or can I follow this one: https://www.qubes-os.org/doc/upgrade-to-r3.2/

Thx



There is no procedure for in-place upgrading that I'm aware of. You'll 
need to backup your VMs, install 4.0, then restore the VMs.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f218750f-bd91-bc04-ba75-743041e455be%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Upgrade from 3.2 to 4.0 ?

2018-01-23 Thread ThierryIT
Hi,

Is there any procedure available ?
Or can I follow this one: https://www.qubes-os.org/doc/upgrade-to-r3.2/

Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e1be96c-19f9-4820-92dc-fea940aa3984%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: "Qubes Air: Generalizing the Qubes Architecture" by Joanna Rutkowska

2018-01-23 Thread Syd Brisby
some considerations:

* Raspberry Pi, beagleboard, USB armory, etc are very low-powered devices (in 
both CPU & RAM). So running Qubes software on them at a productive speed will 
be a challenge.

* You're saying that laptop hardware specs are a problem for users. But 
remember we had the problem of wireless modules still broadcasting after being 
turned "off". So we needed laptops with wireless hardware switches to be more 
certain that we couldn't be hacked. But now you are asking us to again trust 
ordinary laptops and tablets that may not have hardware switches. 

* In reality, you are also changing from "deployment and virtualization" as a 
single point of failure to "wireless" as the single point of failure. For 
example, WPA2 has been declared insecure (hackable), with WPA3 being necessary 
as a replacement. But, amazingly, WPA2 is still being "patched" by 
manufacturers who think it's still acceptable - so how long will it take for 
WPA3 to become ubiquitous?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/14b5f8d3-8807-442c-8a88-9a2685ec4fde%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to get to command line for dom0?

2018-01-23 Thread Kyle Breneman
>Note that those directions are about upgrading *templates*, not dom0.
>Dom0 should generally stay at the fedora release it started at,
>otherwise you are asking for compatibility trouble.

Thanks for that clarification, Jean-Philippe.  I successfully upgraded to
the Fedora 26 template, but now I want to get rid of my Fedora 23
template.  How do I do that?  (Or shouldn't I do that?)

Kyle

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOtZr%3DHvXsaWa%3Dx%2B_yB3dA_TX3XO1DsHdxEnOKPdk2rRAz1S4w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Please help with custom template build

2018-01-23 Thread 'awokd' via qubes-users
On Tue, January 23, 2018 8:32 pm, donoban wrote:
> On 01/23/2018 06:35 PM, Krišjānis Gross wrote:
>
>> Here is what I get:
>> -> Retreiving core RPM packages...
>> -> Verifying signatures...
>> Filename:
>> /home/krish/qubes-builder/cache/fc25/base_rpms/acl-2.2.52-13.fc25.x86_6
>> 4.rpm is not signed.  Exiting!
>>
>
> Maybe the downloaded rpm is wrong? Did you try to remove it from cache
> and force it to download again?

Also, did you download the keys and mark as trusted, or did .setup do it
for you? See the first few steps here:
https://www.qubes-os.org/doc/building-archlinux-template/

There's a rumor rc4 may be out soon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4e1b4ca2c876cfca30cdf32245a0c71.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Please help with custom template build

2018-01-23 Thread 'awokd' via qubes-users
On Tue, January 23, 2018 8:32 pm, donoban wrote:
> On 01/23/2018 06:35 PM, Krišjānis Gross wrote:
>
>> Here is what I get:
>> -> Retreiving core RPM packages...
>> -> Verifying signatures...
>> Filename:
>> /home/krish/qubes-builder/cache/fc25/base_rpms/acl-2.2.52-13.fc25.x86_6
>> 4.rpm is not signed.  Exiting!
>>
>
> Maybe the downloaded rpm is wrong? Did you try to remove it from cache
> and force it to download again?

Also, did you download the keys and mark as trusted, or did .setup do it
for you? See the first few steps here:
https://www.qubes-os.org/doc/building-archlinux-template/

There's a rumor rc4 may be out soon.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6e6757a63c59237bad23863aa632d4e.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] my mouse is dead

2018-01-23 Thread Ivan Mitev



On 01/23/18 21:52, evo wrote:

Hey!

my mouse doesn't react, nothing happens.
Can somebody help please?


external mouse ? laptop's track{pad,point} ? never worked at all or 
stopped working ?


if external mouse: restart sys-usb and/or make sure that sys-usb has the 
qubes-input-proxy-sender rpm package installed (dom0 should have 
qubes-input-proxy installed by default).


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/173a70c0-8174-41b0-bce8-57fba93b276a%40maa.bz.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Please help with custom template build

2018-01-23 Thread donoban
On 01/23/2018 06:35 PM, Krišjānis Gross wrote:
> Here is what I get:
> -> Retreiving core RPM packages...
> -> Verifying signatures...
> Filename: 
> /home/krish/qubes-builder/cache/fc25/base_rpms/acl-2.2.52-13.fc25.x86_64.rpm 
> is not signed.  Exiting!

Maybe the downloaded rpm is wrong? Did you try to remove it from cache
and force it to download again?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ffc9ab1-6c14-ad05-becc-5c8fcf656029%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Re: Please help with 8th Generation Intel i5

2018-01-23 Thread donoban
On 01/23/2018 06:11 PM, Krišjānis Gross wrote:
> 
> Managed to install Fedora on this hardware and here is the boot.log that I 
> can find in /var/log
> 
> Does that help to understand the issue?
> 

It does not seem a very useful log. Send something like kern.log or
dmesg. Also Xorg.X.log since your problem is starting Xorg during the
installation.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd0f683a-e7a8-5db8-b8aa-4b600a18d304%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


[qubes-users] my mouse is dead

2018-01-23 Thread evo
Hey!

my mouse doesn't react, nothing happens.
Can somebody help please?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/134898d8-2e94-3912-e1a8-374630da7a49%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] help, trying to make custom launchers

2018-01-23 Thread cooloutac
was so easy with kde.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc427c2b-bcff-4955-baf3-f68302c3484a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Migrating to 4.0 (backup / restore)

2018-01-23 Thread Ivan Mitev



On 01/23/18 18:55, Nuno Branco wrote:

Basically, if I backup my current 3.2 VMs am I going to be able to
restore them on 4.0 ? Not clear on what the implications are of the HVM
vs PVVM change on 4.0 are for backups / restores.


I replaced my 3.2 setup with 4.0rc3 a few days ago and I'm quite happy 
with it; there were a few hiccups though so if I were you I'd test first 
on a separate HD or be ready to install 3.2 back. The HVM vs PVVM change 
was transparent although some of the things listed below might be a 
result of the change.


- I had an issue when restoring dom0's home [1] ; the solution was to 
recover the files manually from the backup. You may want to have a 
separate dom0 backup - I'm not sure how easy it is to perform the backup 
recovery with multiple VMs in a backup "bundle".


- I couldn't launch apps from the menu for a restored fedora VM that was 
standalone in 3.2. qvm-start'ing apps from dom0 worked though. I tried 
to update the qubes-* rpms in that VM to 4.0 (hacking qubes' yum repo to 
4.0) but it ended up in a total mess, I eventually restored it again 
from 3.2 and will debug that later.


- Windows VM (win7) works - sort of: I can launch the windows template 
and it works fine, but the "standalone based on template" VMs restored 
from 3.2 won't start. I didn't have the time to debug that yet as those 
are non critical.


- 4.0rc3's fedora VMs are based on fedora 25 so you'll have to download 
the newer fedora-26 template rpm and update your VM configurations. You 
may wait for 4.0rc4 which I understand should be released soon - it 
should include fedora 26 by default


- if for some reason you often have to look at all your VMs' cpu usage 
at once, I haven't seen a way to do it yet. Qubes-manager is missing 
from 4.0rc3 but should be back (in a new form) in 4.0rc4, I don't know 
if they'll restore the cpu usage feature though. There was also a hint 
that this could be shown from the new applet menu [2] but like with 
everything above debugging time is scarce and I have yet to see if the 
applet's menu visible info is user configurable.



Everything else in my workflow works as before - sys-usb, sys-net with 
PCI devices, ...

I haven't tested "native" backup+restore on 4.0 yet though.

Hope this helps.

Ivan

[1] https://github.com/QubesOS/qubes-issues/issues/3467
[2] https://github.com/QubesOS/qubes-issues/issues/2132

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ed7ad05-cad4-08c0-3c2e-3efa07ec7bbf%40maa.bz.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Please help with custom template build

2018-01-23 Thread Krišjānis Gross
Hi, 

I am trying to build a custom installation .iso. I have an issue that I have 
purchased a new set of hardware that does not work with the current builds of 
qubes. I am trying to build the most updated version with hope that it could 
work. 

I am running a Fedora linux and trying to build with these instructions: 
https://www.qubes-os.org/doc/building-archlinux-template/

I use the ./setup to create the installation configuration. 

make install-deps goes fine.
make get-sources goes smooth as well

but I get an error when running the mage qubes command.
Here is what I get:

[krish@localhost qubes-builder]$ make qubes
Currently installed dependencies:
git-2.14.3-2.fc27.x86_64
rpmdevtools-8.10-3.fc27.noarch
rpm-build-4.14.0-2.fc27.x86_64
createrepo-0.10.3-12.fc27.noarch
debootstrap-1.0.92-1.fc27.noarch
dpkg-dev-1.18.24-3.fc27.noarch
python2-sh-1.12.14-2.fc27.noarch
dialog-1.3-10.20170509.fc27.x86_64
dpkg-dev-1.18.24-3.fc27.noarch
debootstrap-1.0.92-1.fc27.noarch
PyYAML-3.12-5.fc27.x86_64
make[1]: Entering directory '/home/krish/qubes-builder'
-> Preparing fc25 build environment
-> Initializing RPM database...
-> Retreiving core RPM packages...
-> Verifying signatures...
Filename: 
/home/krish/qubes-builder/cache/fc25/base_rpms/acl-2.2.52-13.fc25.x86_64.rpm is 
not signed.  Exiting!
make[1]: *** 
[/home/krish/qubes-builder/qubes-src/builder-fedora/Makefile.fedora:86: 
/home/krish/qubes-builder/chroot-fc25/home/user/.prepared_base] Error 1
make[1]: Leaving directory '/home/krish/qubes-builder'
make: *** [Makefile:224: vmm-xen-dom0] Error 1


Does anyone has an idea of what I do wrong or how to resolve this? 
I have attached the builder.conf file that I have.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4eff29f6-8f72-48d5-9454-81ed235231c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
# =
#  CONFIGURATION FILE FOR QUBES-BUILDER
# =
#
# THIS CONFIGURATION FILE IS INDENDED TO ONLY BE USED WITH THE `setup` SCRIPT.
# -
#
# This configuration file (`templates.conf`) will be linked to by `setup` as
# `builder.conf`.  (ln -s example-configs/templates.conf builder.conf)
#
# To use the `setup` script, just run `setup` in the qubes-builder root
# directory.  A series of dialogs will be presented prompting various
# configuration available and then all build configuration files will
# automatically be generated based on the options selected.
#
# `setup` can be re-run again at any time to change configuration options.
# Previous options selected will be retained to allow quick switching of
# branches, templates to build, etc.
#
# Setup uses the following as markers to indicate where to place configuration
# values:
# [=setup section start=] - Start inserting on the next line
# [=setup section end=] - Stop insert mode
#
# Anything between these markers will be replaced, therefore:
# - do not place any user configurations within these markers, or those
#   configurations will be replaced next time setup is run
# - do not remove or modify the markers or setup will be unable to function
#
# -
#CONFIGURATION FILES INCLUDED WITH THIS CONFIGURATION
# -
# Other configuration files are also included to offer maximum flexibility.  To
# determine which configuration files are actually being included when using
# this configuration file as a base, use the `about` target:
#   `make about`
#
# The other configuration files included (if they exist which some of them are
# automatically generated by `setup`) are as follows:
# - example-configs/qubes-os-r2.conf: If RELEASE == 2; Default Release 2
#   configuration file
# - example-configs/qubes-os-master.conf: If RELEASE == 3; Default Release 3
#   configuration file
# - override.conf: `setup` will also offer to include `override.conf` if one
#   exists.  More information on `overrides` below.
# - example-configs/extended-rules.conf: Contains extra targets mostly for
#   building templates
#
# -
#ADDITIONAL OVERRIDES
# -
# Instead of directly modifying this or any other `default` configuration
# file, an override.conf 

[qubes-users] Re: Please help with 8th Generation Intel i5

2018-01-23 Thread Krišjānis Gross
On Wednesday, 17 January 2018 21:24:05 UTC+2, Krišjānis Gross  wrote:
> Hi, 
> 
> Was using Qubes 3.2 on 4th generation i5 processor when decided to upgrade my 
> hardware. 
> 
> Purchased 8th gen i5 processor and MB. Now when I start my Qubes only dom0 is 
> started. no other VM is started unfortunately. 
> 
> Here is the hardware details:
>MB: ASRock Z370 Pro4 https://www.asrock.com/MB/Intel/Z370%20Pro4/index.asp
>CPU: Intel® Core™ i5-8600K 
> https://ark.intel.com/products/126685/Intel-Core-i5-8600K-Processor-9M-Cache-up-to-4_30-GHz
>RAM: 16 GB DDR4
> 
> 
> Qubes 3.2. boots but feels very slow. e.g. when I type the characters appear 
> with considerable delay. Mouse is not working. I can only do something with 
> PS2 keyboard. 
> 
> I tried to run Qubes installation but failed to do that. 3.2 did not start 
> the installation at all. 
> Qubes 4.0rc3 installation did get to some point and resulted in error. 
> I have attached some screen shots of 4.0 installation.
> 
> Not sure what to do next. Read in some other topics that others had an issue 
> with new hardware. 
> 
> Please help to resolve this. I really really want to continue using Qubes. it 
> is such an awesome system!


Managed to install Fedora on this hardware and here is the boot.log that I can 
find in /var/log

Does that help to understand the issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06dbbd2d-cb50-4dbe-a6a6-23f77643d0e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


boot.log.tar.gz
Description: Binary data


[qubes-users] Migrating to 4.0 (backup / restore)

2018-01-23 Thread Nuno Branco
Basically, if I backup my current 3.2 VMs am I going to be able to
restore them on 4.0 ? Not clear on what the implications are of the HVM
vs PVVM change on 4.0 are for backups / restores.

-- 

Best regards,
Nuno Branco


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/841c4455-4221-d839-e55f-214514f3ce81%40mulligans.pw.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Looking for an approach to change the borderline between /dev/xvda and /dev/xvdb

2018-01-23 Thread Alex Dubois
On Monday, 22 January 2018 21:36:46 UTC, Yuraeitha  wrote:
> The purpose is to narrow down access to an AppVM based on /dev/xvdb, keeping 
> more of the AppVM in the read-only /dev/xvda template partition. 
> 
> For example, to make an AppVM which only preserves bookmarks in /dev/xvdb 
> that normally keeps /rw /home and /usr files, where everything else is swept 
> away upon restarting the AppVM. There are other use-cases than for bookmarks, 
> whatever project one may have in mind.
> 
> For those who may need the reference, the Qubes partition read-only and 
> write-access scheme is explained here 
> https://www.qubes-os.org/doc/template-implementation/ Essentially the 
> /dev/xvda is like the template, and /dev/xvdb is like the AppVM.
> 
> It may possibly be a bit difficult to split up the path to the firefox files, 
> away from the remaining /home files, and further splitting up the firefox 
> files to only preserve the bookmarks and not the remaining firefox files. 
> This presumably complicates everything, however similar approaches can be 
> seen with /dev/xvdc which holds any modified read-only /dev/xvda files, which 
> are then discarded upon shutting down the AppVM. The other example is how the 
> Whonix AppVM is handled, which only preserves a few things, like bookmarks, 
> and erases everything else. However the Whonix approach while similar, is 
> fundamentally different too, since this process is being handled inside the 
> VM, and not outside the VM.
> 
> So the question is, can the borderline between which Linux paths are saved in 
> the read-only partition /dev/xvda and the write-access to /dev/xvdb, be 
> changed in any specific pre-installed template? And further, can everything 
> be moved back to /dev/xvda, without removing firefox folder from the 
> /dev/xvdb, or better yet, only allowing edits to the bookmarks directory only 
> while keeping the remaining firefox folder in /dev/xvda?
> 
> Whould splitting of files here require using a similar approach like the one 
> used with /dev/xvda and /dev/xvdc for system-files? Can this be done with 
> current means in Qubes?
> 
> Ideas or suggestions on if this is feasible or maybe even undesirable for any 
> unseen reason?

Could you have a process to backup your bookmarks in /home/user (i.e. every 10 
min)
And have a process on start-up to load them up?

If you are OK to create the bookmarks elsewhere you could create them in a 
"bookmark vault" and get them pushed on start-up (from Dom0, start bookmark 
vault, start browsing VM, initiate transfer of bookmarks from vault to browsign)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d2f9f89-3bdd-4ae7-a966-7859c5d2a6ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes and Whonix now have next-generation Tor onion services!

2018-01-23 Thread Alex Dubois
On Tuesday, 23 January 2018 07:26:09 UTC, Andrew David Wong  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Dear Qubes Community,
> 
> The Qubes and Whonix projects now have next-generation Tor onion
> services [1] (a.k.a. "v3 onion services"), which provide several
> security improvements [2] over v2 onion services:
> 
> Qubes:
> http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion

Is it https://www.qubes-os.org/ over tor? or is it to get Qubes updates?

> 
> Whonix:
> http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion
> 
> These services run alongside our existing ("v2") onion services:
> 
> Qubes:
> http://qubesos4z6n4.onion
> 
> Whonix:
> http://kk63ava6.onion
> 
> For instructions on accessing the new addresses and further details,
> please see the Whonix announcement [3]. Our sincere thanks go to the
> Whonix team, and especially fortasse, the Whonix server
> administrator, for doing this.
> 
> 
> [1] 
> https://blog.torproject.org/tors-fall-harvest-next-generation-onion-services
> [2] https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions
> [3] https://www.whonix.org/blog/whonix-new-v3-onion-address
> 
> This announcement is also available on the Qubes website:
> https://www.qubes-os.org/news/2018/01/23/qubes-whonix-next-gen-tor-onion-services/
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> 
> -BEGIN PGP SIGNATURE-
> 
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlpm44UACgkQ203TvDlQ
> MDBlMg//T7lj6NCoy8YNNKDSjtkoe6WIcfdvoLFxQrIy+fmEJMQKTgKBb18kFxH4
> Q67+iyL+hvhFOCb3ss98Xj2ogrRvv4VkPypPRmmMRx7dJChpCdBylRNtx0rPslw9
> OUNHw3mj3frXjAbw4cOb2Tlsd8ANKDrQoFMaADKfenLCQnMzPpqMx4rt0Rw912Jn
> +wShCF6RM0gyUFTiqxYrPgJn0RHvSUVKlWwFCUXWVnGmvdwRy7G5bqb6/a6RrV8p
> CO3zXHM+/pclfK4ls61FyseYY2iIOLCqVid7Oez/BWqVS4ckmQWknK1juo2/Qzwm
> exNCSF2+nzGfg9v15LiOKDP/35hiqvh04y1JPUf2WbivWGUfkOpNt1rvdSHa/wjH
> f6y42Dqq5GYfcz9XGmehazKCI4/usXOpa+eH3Uar3hJD5AIe0f/3URe9LrdUgp68
> bN0WLcu9ctpAXtufhbgf2KcPwhrsB9uBqG4fBgHl9YLRgppv8tiuteKosFuhDOGE
> CpskV3izqmyLYIQ1P9u3wvM4/MZ652fBZKUD/4PNrEQuW8g6Nmv0dFD/KE2V/72G
> TME+YKVSB8Rs8Q3dfgVLw5gnF5Z3p/0i0EfM0m5LuBF4ScFGAMAVnZ+Ax61ESNkD
> 1Bv0+xS3lpTHs05Qw/MY8ecSbcZTHPqF9a8jTUmc1CMJNm5EceI=
> =cwtv
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b078ded5-569d-4873-829f-de46e798bb90%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes 4.4 custom install

2018-01-23 Thread 'Tom Zander' via qubes-users
On Tuesday, 23 January 2018 03:32:12 CET 'Xaver' via qubes-users wrote:
> I'm going to be switching over to Qubes 4.4 from 3.2 once its released and
> I have 2 questions about custom installation using thin pools.
> 
> 1) First question is about creating a Swap partition. Would I create Swap
> as a thin pool?

I tested thin pools and they are immensely slow.
Like 20 minutes to copy 4GB between two thin-pools slow.

This is fine for more simple usages, this is deadly for swap. (or in my case 
holding the bitcoin cash blockchain sized 150GB).
I ended up using native partitions instead. But then, I only store data 
there that is already public and don't encrypt it.

I'm personally a strong believer of not using swap at all.

> Or a standard logical volume without thin provisioning
> 
> sudo lvcreate -L 4G -n swap qubes_dom0

I didn't try this. I suggest creating a simple filesystem on it and copying 
maybe 10GB of data onto it to see how fast it is.

> 2) Second question is about registering the thin pools. Do I do this
> during installation right after I create the thin pool? Or is registering
> the thin pool done after first boot?
> 
> qvm-pool --add pool_name lvm_thin -o
> volume_group=vg_name,thin_pool=thin_pool_name

qvm-pool is simply creating some data in a database and it doesn't really 
touch disk much. Don't expect many error messages from it.
So the proper answer is; you need to create the qvm-pool before you do a 
'qvm-create'.

Related;
https://github.com/QubesOS/qubes-issues/issues/3438
and 
https://groups.google.com/d/msgid/qubes-users/2932962.V7N4gufabA%40cherry

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1617673.kuhsKDcQjG%40mail.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to deal with Yubikey ?

2018-01-23 Thread ThierryIT
Interesting ...
The software has to be installed in the sys-usb template, for me fedora 26 ?

Le mardi 23 janvier 2018 14:42:18 UTC+2, Matty South a écrit :
> On Tuesday, January 23, 2018 at 2:11:33 AM UTC-6, ThierryIT wrote:
> > I am on R3.2 and I would like to avoid upgrading to 4.0 :)
> > 
> > Le mardi 23 janvier 2018 09:51:17 UTC+2, Kushal Das a écrit :
> > > On Tue, Jan 23, 2018 at 12:17 PM, ThierryIT wrote:
> > > > Hello,
> > > >
> > > > I have today to deal with two problems:
> > > >
> > > > 1) I am using Yubikey to be authentified on some web site like Github 
> > > > ...
> > > > 2) I am using Yubikey to stock my PGP keys and to use them with mainly 
> > > > my emails (Thinderbird+Enigmail)
> > > >
> > > > What to do under Qubes to make this possible ?
> > > > I have already sys-usb running.
> > > 
> > > On Qubes 4.0rc3, I just attach it to the vm as required, and use it.
> > > No configuratino is required.
> > > 
> > > Kushal
> > > -- 
> > > Staff, Freedom of the Press Foundation
> > > CPython Core Developer
> > > Director, Python Software Foundation
> > > https://kushaldas.in
> 
> I can confirm Kushal's experience. Two things I wanted to point out:
> 1) install yubikey software in the target vm template: 
> sudo dnf install yubioath-desktop [for Fedora template]
> 
> 2) I attach it to the desired VM in dom0 terminal using
> qvm-usb -a ...
> 
> Then you can double-checke that everything is working here: 
> https://demo.yubico.com/
> 
> Hope that helps some folks out!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/96ce28fa-4013-4db4-8a9a-fdacefdbf438%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] No space left

2018-01-23 Thread Steve Coleman

On 01/23/2018 04:55 AM, beso wrote:

Something is eating free space in my system. It step by step decreasing. I 
haven't found any good solution for that.



This command should give you a clue as to where the space is going:

$ sudo du -h / | sort  -g | tail -100

Once you know where the space is going, its just a matter of what is 
putting it all there.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ad4c278-460e-6778-14c6-78a2641c0800%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] help, trying to make custom launchers

2018-01-23 Thread Steve Coleman

On 01/22/2018 02:28 AM, pixel fairy wrote:

qubes 4.0rc3

Id like to make custom launchers for two purposes

1. easily run apps from custom dispvms. using shell scripts for now.

2. make alternate launchers with different icons. for example, the twitter bird 
icon in a twitter app-vm.

tried making desktop files in ~/.local/share/applications, but they dont show 
up in menus. what else does one need to do?



I'm still on Q3.2, but I think my method would still apply to 4.rcX;

The dom0 ~/.local file structure gets rewritten often during software 
updates, and your *.desktop files would also need to be embedded in the 
associated *.menu files or they will not get referenced and displayed in 
the Qubes menu.


What I do is to put the custom *.desktop in the software template of the 
associated user vm, and then when any software updates or installs 
happen, they automatically show up in dom0 and are rendered and ready to 
use with the "Add more shortcuts" app menu add or remove function. Qubes 
also has a sync menu function which should also work for this.


For instance, just yesterday I decided it would be useful to have some 
VM's to have a "Shutdown" menu entry, because I often need to start one 
VM temporarily, for quick data access, and then shut it down a few 
seconds later as not to consume cpu or memory. I just copied 
fedora-26:/usr/share/applications/xterm.desktop to */shutdown.desktop, 
edited the contents then did a dnf update, which pushed those desktop 
files over to dom0. Now the shutdown entry can be added to any menu very 
quickly if/when needed.  The one catch is selecting an appropriate icon 
for that function since the previous one (xterm) had a specific meaning 
that you would not want to confuse. Anything currently unused is fair game.


The one downside is when you upgrade qubes software templates (e.g. 
fedora-26 -> fedora-27 template), if you are starting with the clean rpm 
version you need to remember to copy all those extra *.desktop files to 
the next version of the templates. I generally just upgrade my template 
in place as that retains any other custom tweaks I may have done.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9dec39b-4d8d-f393-b51d-b26b7a2ba9be%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] New HCL Entry: Lenovo ThinkPad T470 (20HDCTO1WW)

2018-01-23 Thread leonardo . porpora2000
I have got problems on installing qubes r4.0 on the Lenovo pc. I get a kernel 
panic. Where can I publish the photo of the screen? Please help me :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1119dd5d-c136-4420-ad90-b7dc7978f81a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] bluetooth support in dom0

2018-01-23 Thread Rune Philosof
On Monday, January 8, 2018 at 10:06:29 AM UTC+1, Rune Philosof wrote:
> On Wednesday, March 12, 2014 at 4:40:16 PM UTC-6, danf...@gmail.com wrote:
> > Any update regarding this?
> 
> I have chosen to do this, it is a terrible downgrade of security from a 
> normal Qubes system, but I think it is better than the alternative of using 
> Ubuntu.
> In my case I am also not using the usb cube. Also, this is on a Qubes 4.0rc3 
> system.

I just started using sys-usb. Follow 
https://www.qubes-os.org/doc/usb/#how-to-use-a-usb-keyboard and the mouse part 
if you need that. Do `sudo dnf install blueman` in the sys-usb templateVM 
(probably fedora-26), shut it and sys-usb down. Then start sys-usb again.
You should now see a bluetooth applet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e348f691-a002-4b5e-adda-deefa39f8c83%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to deal with Yubikey ?

2018-01-23 Thread Matty South
On Tuesday, January 23, 2018 at 2:11:33 AM UTC-6, ThierryIT wrote:
> I am on R3.2 and I would like to avoid upgrading to 4.0 :)
> 
> Le mardi 23 janvier 2018 09:51:17 UTC+2, Kushal Das a écrit :
> > On Tue, Jan 23, 2018 at 12:17 PM, ThierryIT wrote:
> > > Hello,
> > >
> > > I have today to deal with two problems:
> > >
> > > 1) I am using Yubikey to be authentified on some web site like Github ...
> > > 2) I am using Yubikey to stock my PGP keys and to use them with mainly my 
> > > emails (Thinderbird+Enigmail)
> > >
> > > What to do under Qubes to make this possible ?
> > > I have already sys-usb running.
> > 
> > On Qubes 4.0rc3, I just attach it to the vm as required, and use it.
> > No configuratino is required.
> > 
> > Kushal
> > -- 
> > Staff, Freedom of the Press Foundation
> > CPython Core Developer
> > Director, Python Software Foundation
> > https://kushaldas.in

I can confirm Kushal's experience. Two things I wanted to point out:
1) install yubikey software in the target vm template: 
sudo dnf install yubioath-desktop [for Fedora template]

2) I attach it to the desired VM in dom0 terminal using
qvm-usb -a ...

Then you can double-checke that everything is working here: 
https://demo.yubico.com/

Hope that helps some folks out!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2431a4fb-497d-4dea-b05e-2ea4d19afca3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] "Qubes Air: Generalizing the Qubes Architecture" by Joanna Rutkowska

2018-01-23 Thread Alex Dubois
On Tuesday, 23 January 2018 11:57:44 UTC, Andrew Clausen  wrote:
> Hi all,
> 
> 
> 
> 
> Joanna Rutkowska has just published a new article titled "Qubes Air:
> 
> Generalizing the Qubes Architecture." The article is available both on
> 
> Joanna's blog:
> 
> 
> 
> https://blog.invisiblethings.org/2018/01/22/qubes-air.html
> 
> 
> 
> And on the Qubes website:
> 
> 
> 
> https://www.qubes-os.org/news/2018/01/22/qubes-air/
> 
> 
> I confess I found the writing a bit difficult to understand this time.  I 
> suggest adding some more example use cases.
> 
> 
> Consider the following use case -- is this what Joanna had in mind?
> 
> 
> Suppose you are a journalist, and you have received a PDF document on a USB 
> stick from an anonymous source.  Given all the recent 
> meltdown/rowhammer/spectre/xen debacles, you aren't thrilled about plugging 
> in the USB stick into your Qubes laptop.  And even if you did plug it in, you 
> wouldn't be thrilled about running the Qubes PDF converter on it either.
> 
> 
> So what do you do?
> 
> 
> On the USB front, you might buy a Raspberry Pi, and plug the USB stick into 
> that instead.  You could then scp the PDF document from the Rasbperry Pi onto 
> the Qubes laptop.  Qubes Air would make this easier by making using the 
> Raspberry Pi appear just like another USB VM (like sys-usb).
> 
> 
> You could also do the PDF conversion on the same Raspberry Pi (specifically 
> the half of the conversion that would normally run inside a disposable VM).  
> Qubes Air would also make this work smoothly, as if the disposable VM were 
> running on the Qubes laptop.
> 
> So, what are the security trade-offs?
> 
> 
> First, this Raspberry Pi arrangement means that both steps are better 
> isolated from the Qubes laptop.  Previously, a successful attack on the 
> sys-usb VM or the disposable VM could be escalated via Meltdown et al to take 
> over the whole laptop.  Now they can't.
> 
> 
> Second, the Raspberry Pi has inferior isolation within itself (e.g. no 
> IOMMU).  This means that if the journalist re-uses the same Raspberry Pi for 
> several different sources, those sources could interfere with each other.  
> For instance, if source A is malicious, it could reprogram the Raspberry Pi 
> to destroy all data from source B.
> 
> Are you hoping that Qubes Air could overcome this obstacle?  For example, are 
> you hoping that a dedicated Raspberry Pi just for disposable VMs would be 
> able to isolate all disposable VMs from each other?
> 
> Kind regards,
> Andrew

My understanding is that this paper did not explore this type of exposure. It 
is mainly focused on GUI "remoting" and compute "remoting".

The risk you exposed with the USB front-end and the lack of 
compartmentalization are a problem you are right. So the right way is still to 
put the USB stick in the laptop, however the USB VM would run in the 
RaspberryPi (a FileSystem "remoting" would be required). And for example the 
decryption of the docs in the USBVM would be protected from shared CPU cache 
types of attacks. This is my understanding... 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e288fe06-4474-4a37-9ded-c564dabf3d13%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: [qubes-devel] "Qubes Air: Generalizing the Qubes Architecture" by Joanna Rutkowska

2018-01-23 Thread Andrew Clausen
Hi all,

Joanna Rutkowska has just published a new article titled "Qubes Air:
> Generalizing the Qubes Architecture." The article is available both on
> Joanna's blog:
>
> https://blog.invisiblethings.org/2018/01/22/qubes-air.html
>
> And on the Qubes website:
>
> https://www.qubes-os.org/news/2018/01/22/qubes-air/


I confess I found the writing a bit difficult to understand this time.  I
suggest adding some more example use cases.

Consider the following use case -- is this what Joanna had in mind?

Suppose you are a journalist, and you have received a PDF document on a USB
stick from an anonymous source.  Given all the recent
meltdown/rowhammer/spectre/xen debacles, you aren't thrilled about plugging
in the USB stick into your Qubes laptop.  And even if you did plug it in,
you wouldn't be thrilled about running the Qubes PDF converter on it either.

So what do you do?

On the USB front, you might buy a Raspberry Pi, and plug the USB stick into
that instead.  You could then scp the PDF document from the Rasbperry Pi
onto the Qubes laptop.  Qubes Air would make this easier by making using
the Raspberry Pi appear just like another USB VM (like sys-usb).

You could also do the PDF conversion on the same Raspberry Pi (specifically
the half of the conversion that would normally run inside a disposable
VM).  Qubes Air would also make this work smoothly, as if the disposable VM
were running on the Qubes laptop.

So, what are the security trade-offs?

First, this Raspberry Pi arrangement means that both steps are better
isolated from the Qubes laptop.  Previously, a successful attack on the
sys-usb VM or the disposable VM could be escalated via Meltdown et al to
take over the whole laptop.  Now they can't.

Second, the Raspberry Pi has inferior isolation within itself (e.g. no
IOMMU).  This means that if the journalist re-uses the same Raspberry Pi
for several different sources, those sources could interfere with each
other.  For instance, if source A is malicious, it could reprogram the
Raspberry Pi to destroy all data from source B.

Are you hoping that Qubes Air could overcome this obstacle?  For example,
are you hoping that a dedicated Raspberry Pi just for disposable VMs would
be able to isolate all disposable VMs from each other?

Kind regards,
Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAXZBWKJe80mvEFfrsMLJV-YeyFV%2BwrUP%3DJHig2Lnw%3DQ1zEtiA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] No space left

2018-01-23 Thread beso
Something is eating free space in my system. It step by step decreasing. I 
haven't found any good solution for that. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f0a9529-a25c-4644-9a77-e77c539c4f54%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to deal with Yubikey ?

2018-01-23 Thread ThierryIT
I am on R3.2 and I would like to avoid upgrading to 4.0 :)

Le mardi 23 janvier 2018 09:51:17 UTC+2, Kushal Das a écrit :
> On Tue, Jan 23, 2018 at 12:17 PM, ThierryIT wrote:
> > Hello,
> >
> > I have today to deal with two problems:
> >
> > 1) I am using Yubikey to be authentified on some web site like Github ...
> > 2) I am using Yubikey to stock my PGP keys and to use them with mainly my 
> > emails (Thinderbird+Enigmail)
> >
> > What to do under Qubes to make this possible ?
> > I have already sys-usb running.
> 
> On Qubes 4.0rc3, I just attach it to the vm as required, and use it.
> No configuratino is required.
> 
> Kushal
> -- 
> Staff, Freedom of the Press Foundation
> CPython Core Developer
> Director, Python Software Foundation
> https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0dd411e2-34ba-4fec-9ce4-65a5b92103d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.