Re: [qubes-users] TemplateVM of a TemplateVM

['awokd' via qubes-users]

On Mon, August 27, 2018 2:02 am, averyfuentes9rs via qubes-users wrote:
> Hola Qubers,
>
>
> For stream-lined management and ease of updating I wanted to implement
> the following Qubes hierachy:
>
> 1) Official FC28-minimal TemplateVM from qubes-itl-templates repo
> 2) 'FC28-base' TemplateVM, a clone of 1)
> With same small adaptations
> 3) 'FC28-$ROLE': TemplateVM which uses 2) as a Template
> With the goal of creating a role specific template that automatically
> benefits from all changes made to 2) 4) 'AppVM-$ROLE': AppVM based on 3) +
> some user settings
>
>
> Trying to create a TemplateVM from a TemplateVM I get:
>
>
> $ qvm-create --class=TemplateVM --template=FC28-base --label=red
> FC28-Test
> app: Error creating VM: Got empty response from qubesd. See journalctl in
> dom0 for details.
>

> Is a TemplateVM of a TemplateVM an unsupported feature or should I create
> an issue on github for this?

Unsupported/not implemented, but it's an interesting idea- multiply
layered templates. Anyways, I think the expectation under Qubes would be
to clone your 'FC28-base' as many times as needed, then you can apply Salt
scripts to those to customize further. You can do some limited
customization (selecting services to start or not) from the AppVM, but
sounds like you'd like more.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d7704685620cac00cac952b201cbe0d.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Losing graphical luks passphrase entry screen after kernel-latest installation

[averyfuentes9rs via qubes-users]

On Sunday, August 26, 2018 at 10:26:43 PM UTC, awokd wrote:
> On Sun, August 26, 2018 7:53 pm, Bertrand Lec wrote:
> > Hello,
> >
> >
> > I wanted to install the latest available kernel to check if there is any
> > improvement on the suspend/resume topic and the network through USB3
> > docking station (no improvement on both topics). It's a Lenovo T580.
> >
> > I did install them by issuing the commands from dom0:
> >
> >
> > sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
> > kernel-latest
> >
> > and
> >
> > sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
> > kernel-latest-qubes-vm
> >
> > After the needed reboot, I don't have anymore the graphical screen to
> > enter the LUKS passphrase. Instead, I have a textual prompt. I can
> > successfully at this stage enter my passphrase (and the keymap is
> > correct, i.e. not an English one).
> >
> > What can i do ?
> 
> Is the only problem it's showing in text mode instead of graphical? If so,
> just ignore it and hope the next update fixes it!

Yes I also see this problem. Sadly I haven't found time to investigate further, 
but marmarek@ had a suggestion where to start in the original thread:

https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/qubes-users/pEFC2DvqmeE/zRsVx4H9BwAJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da88acb0-6217-4265-bb8d-5c25d82a43f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] TemplateVM of a TemplateVM

[averyfuentes9rs via qubes-users]

Hola Qubers,

For stream-lined management and ease of updating I wanted to implement the 
following Qubes hierachy:

1) Official FC28-minimal TemplateVM from qubes-itl-templates repo
2) 'FC28-base' TemplateVM, a clone of 1)
   With same small adaptations
3) 'FC28-$ROLE': TemplateVM which uses 2) as a Template
   With the goal of creating a role specific template that automatically 
benefits
   from all changes made to 2)
4) 'AppVM-$ROLE': AppVM based on 3) + some user settings


Trying to create a TemplateVM from a TemplateVM I get:

$ qvm-create --class=TemplateVM --template=FC28-base --label=red FC28-Test
app: Error creating VM: Got empty response from qubesd. See journalctl in 
dom0 for details.

Looking into the logfile I find:

Aug 26 18:56:01 dom0 qubesd[1795]: unhandled exception while calling 
src=b'dom0' meth=b'admin.vm.Create.TemplateVM' dest=b'dom0' arg=b'FC28-base' 
len(untrusted_p
ayload)=24
Aug 26 18:56:01 dom0 qubesd[1795]: Traceback (most recent call last):
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 262, in respond
Aug 26 18:56:01 dom0 qubesd[1795]: untrusted_payload=untrusted_payload)
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib64/python3.5/asyncio/futures.py", line 381, in __iter__
Aug 26 18:56:01 dom0 qubesd[1795]: yield self  # This tells Task to wait 
for completion.
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib64/python3.5/asyncio/tasks.py", line 310, in _wakeup
Aug 26 18:56:01 dom0 qubesd[1795]: future.result()
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib64/python3.5/asyncio/futures.py", line 294, in result
Aug 26 18:56:01 dom0 qubesd[1795]: raise self._exception
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib64/python3.5/asyncio/tasks.py", line 240, in _step
Aug 26 18:56:01 dom0 qubesd[1795]: result = coro.send(None)
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib64/python3.5/asyncio/coroutines.py", line 213, in coro
Aug 26 18:56:01 dom0 qubesd[1795]: res = yield from res
Aug 26 18:56:01 dom0 qubesd[1795]:   File 
"/usr/lib/python3.5/site-packages/qubes/api/admin.py", line 998, in _vm_create
Aug 26 18:56:01 dom0 qubesd[1795]: assert not self.arg
Aug 26 18:56:01 dom0 qubesd[1795]: AssertionError


Is a TemplateVM of a TemplateVM an unsupported feature or should I create an 
issue on github for this?

---
Salud, Avery

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4d624fb-5153-49ee-8c17-d63b4ff22ec2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Losing graphical luks passphrase entry screen after kernel-latest installation

['awokd' via qubes-users]

On Sun, August 26, 2018 7:53 pm, Bertrand Lec wrote:
> Hello,
>
>
> I wanted to install the latest available kernel to check if there is any
> improvement on the suspend/resume topic and the network through USB3
> docking station (no improvement on both topics). It's a Lenovo T580.
>
> I did install them by issuing the commands from dom0:
>
>
> sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
> kernel-latest
>
> and
>
> sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing
> kernel-latest-qubes-vm
>
> After the needed reboot, I don't have anymore the graphical screen to
> enter the LUKS passphrase. Instead, I have a textual prompt. I can
> successfully at this stage enter my passphrase (and the keymap is
> correct, i.e. not an English one).
>
> What can i do ?

Is the only problem it's showing in text mode instead of graphical? If so,
just ignore it and hope the next update fixes it!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c039aa30ca929a96dd324b22310d6231.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB drive attaches but doesn't display in Nautilus

['awokd' via qubes-users]

On Sun, August 26, 2018 7:36 pm, Ward Family wrote:
> Hi all,
>
>
> Any ideas about how to resolve the issue of a USB drive that doesn't
> appear in Nautilus's Devices panel in the domain to which it is attached?
>
> Best, Pat
> PS: if this is better suited to the GitHub issues page, just let me know.
> -
> DETAILS
>
>
> Based on the documentation (https://www.qubes-os.org/doc/usb/), I was
> able to attach the USB drive to a domain ("usb1") in a dom0 terminal
> using:
> qvm-block attach usb1 sys-usb:sda. Running qvm-block a second time seems
> to confirm the attachment: sys-usb:sda  Ultra( )  usb1
> (read-only=no,
> frontend-dev=xvdi)
>
> Assuming that the issue was mounting related, I opened a terminal in usb1
>  and ran mkdir mnt sudo mount /dev/xvdi mnt
>
> But that produced the error:
> special device /dev/xvdi does not exist Running sudo blkid from the usb1
> terminal fails to find /dev/xvdi
>
> Any thoughts on what I'm missing here?

Are you sure the USB drive is partitioned and formatted? Check with "fdisk
-l" in sys-usb before qvm-block attaching it somewhere else.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0639ead5a1d19122577097add4d330cc.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Manage/Create Custom templateVM

['awokd' via qubes-users]

On Sun, August 26, 2018 11:15 am, zevenbl...@gmail.com wrote:
> Hello folks,
>
>
> I want to create a custom template vm based on the fedora-28-minimal
> template vm mainly adding a list of packages. Maybe i would like to do
> even more customisation but managing the template software is my first
> goal. I want to orient at this guide
>
> https://github.com/Qubes-Community/Contents/tree/master/docs/user-setups/
> taradiddles
>
> Sure i can do all of this manually as described here:
> https://www.qubes-os.org/doc/templates/fedora-minimal/
>
>
> I don't want to build an iso. I just want to launch one command and end
> up with my ready configured template vm on a live system. So i could do a
> fresh installation pull a github repo and end up with my configuration
> after launching a script/command.
>
> I discovered that Qubes has some nice integrated tools that could be used
> to do this in an automated fashion.
>
> 1. SaltStack
> As far as i understand i can make a personal salt config like this one
> https://github.com/SkypLabs/my-qubes-os-formula
> My problem is that SkypLabs approach uses the formulas in /srv
> but i would like to have a standalone approach. Also i don't understand the
> inner workings of /srv for example where to select fedora version. There
> is a template-fedora-21.sls which is deprecated (?!) but also as far as i
> understand salt with /srv is used for the initial installation where i
> ended up with fedora-26 templateVM being installed. My question is where
> in salt the fedora version is set.
>
> 2. Qubes builder
> I think this builds a completely custom  qubes iso and could also
> be used but is even more complicated since it uses Makefile only.
>
> I hop to hear from you.

I think what you want to do is start with the Fedora 28 (for example)
minimal template, then apply Salt commands to it to configure it to your
liking. You're right, builder would also work to build a custom template
but that might be more time consuming.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e193be5704b61b2d5f89304a69882b80.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Sometimes all the programs disappear from the screen, and all I see is the cursor on the black deskt

['awokd' via qubes-users]

On Sun, August 26, 2018 7:09 am, getoutandh...@gmail.com wrote:
> Hello.
> Sometimes all the programs disappear from the screen, and all I see is the
> cursor on the black desktop (and I also see the color frame of one of the
> VMs around the black screen), then the running programs can still be seen
> by pressing Alt + Tab, but none of them they can not be brought to the
> fore. I still continue to see only a black screen with a cursor on the
> desktop. I can not do anything, only rebooting helps. I do not really know
> if this problem is related to the error of my installation of Qubes OS or
> really intruders trying to hack it, and this somehow disrupts its work.

Qubes with XFCE defaults to a multiple (4) desktop configuration. See the
bar to the left of the clock on top of your screen? Try clicking on the
panels until you get your apps back. There's a shortcut key you might be
hitting by mistake that puts you on a different, empty desktop.

> Sorry for my bad english.

It's perfectly acceptable.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8119d80486af914d0f5e75c879d9fbf.squirrel%40tt3j2x4k5ycaa5zt.onion.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Manage/Create Custom templateVM

[zevenblade]

Also digging deeper into GitHub i found a repo that is possibly very close
to what i want to achieve. Unfortunately it was last changed 2 years ago
and i think is not compatible anymore. Here is the link.

https://github.com/Nekroze/qubes-salt

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a758c257-0afd-41ea-a32d-ebdb471b8a4f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: paranoid vault domain

[22rip]

My thoughts would be:

1) You might want to create a specific AppVM for your passwords/keepass only. 
Don't store any other documents in this AppVM.

2) Use a minimal template for the above AppVM, Fedora has a minimal template 
available for download and the stock Debian template is already pretty minimal.

3) Try to use 2 step where possible, taking this point even further maybe get 
an iPod which is air gapped. I don't trust 2step via SMS but an authenticator 
app on an air gapped device is pretty good.

4) Make sure to have a password on your KeePass app

5) I am not sure what version of Qubes you are using but a PVH is recommended 
vs a HVM 

6) I am not sure I can verify this, others might differ in their opinion but 
based on my research Debian is more secure then Fedora due primarily to how 
updates are done. Fedora is managed by Redhat. I use both in my Qubes setup as 
an FYI as Fedora seems to work better in some scenarios.

7) I can't speak to the Thinkpad fingerprint-gui but I think you are referring 
to the finger print reader on some thinkpads. Again I can't verify this 
functionality but I never trusted this feature/function. I have read some have 
taken efforts to set up Yubikey with some effort and success.

8) General security practices are still recommended (long passwords, 2 step, 
etc...). I too have trust issues...maybe consider writing down the passwords to 
recovery emails on paper and storing them is not a bad idea(if you can remember 
a 17+ password even better!)

9) I think there are some things you can do to harden your 
template/configuration (e.g. Apparmor, turning services off)

In my opinion using Qubes as it stands is better then most/all OSes, I am sure 
you can harden things more but how much effort? How much complexity? How much 
benefit? At some point this adds more risk.

While a healthy dose of paranoia is good, if you aren't sleeping that is no 
good! Stay safe my friend you are not alone!! Good luck...


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49040c8f-5ae7-4951-bc5d-4fba70d2f6ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Losing graphical luks passphrase entry screen after kernel-latest installation

[Bertrand Lec]

Hello,

I wanted to install the latest available kernel to check if there is any 
improvement on the suspend/resume topic and the network through USB3 docking 
station (no improvement on both topics). It's a Lenovo T580.

I did install them by issuing the commands from dom0:

sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing kernel-latest

and 

sudo qubes-dom0-update --enablerepo=qubes-dom0-security-testing 
kernel-latest-qubes-vm

After the needed reboot, I don't have anymore the graphical screen to enter the 
LUKS passphrase. Instead, I have a textual prompt. I can successfully at this 
stage enter my passphrase (and the keymap is correct, i.e. not an English one).

What can i do ?

Thanks
Bertrand

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71ebc5e7-5558-45a8-b9e8-7ecf4dff97a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] USB drive attaches but doesn't display in Nautilus

[Ward Family]

Hi all,

Any ideas about how to resolve the issue of a USB drive that doesn't appear
in Nautilus's Devices panel in the domain to which it is attached?

Best, Pat
PS: if this is better suited to the GitHub issues page, just let me know.
-
DETAILS

Based on the documentation (https://www.qubes-os.org/doc/usb/), I was able
to attach the USB drive to a domain ("usb1") in a dom0 terminal using:
qvm-block attach usb1 sys-usb:sda. Running qvm-block a second time seems to
confirm the attachment:
 sys-usb:sda  Ultra( )  usb1 (read-only=no,
frontend-dev=xvdi)

Assuming that the issue was mounting related, I opened a terminal in usb1
and ran
 mkdir mnt
 sudo mount /dev/xvdi mnt

But that produced the error:
 special device /dev/xvdi does not exist
Running sudo blkid from the usb1 terminal fails to find /dev/xvdi

Any thoughts on what I'm missing here?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJx9ZAFbfB_uwbb0SvUcXi3D9bvZO%2BaqZHC0bS8KMTSrZkWKLw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] paranoid vault domain

['one-eye-pirate' via qubes-users]

I do not sleep well because I store many important passwords in an network 
isolated domain vault vm and it seems to me that the attacker can steal them 
from them in some way. Is it possible to use additional security methods, for 
example template encryption? Is the vault domain safe? I know only that it's 
based on keepass and hvm.
Is it a good idea to use thinkpad fingerprint-gui as access to the vault-vm?
Is it possible  to make it so that the template self destroy after unauthorized 
access like as disposable vm?
How secure is the clipboard when you copy passwords from vault vm?
Thanks.

Sent with [ProtonMail](https://protonmail.com) Secure Email.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cKRm8JTFOD3rYZXJQqqRvWHcOeqw9dgKCU_xGC9C-GWocUwHA3rr7w15-1psVhstcq9vMW3ruJwvyggd15A4wHxrAfNkreaUigwo4Y238e4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Verification

[22rip]

I too was a rookie with minimal experience...still consider myself a rookie in 
this group! PGP is incredibly complex and I have to admit I still struggle. 

The gist of what your are trying to do is compare "numbers and letters" from 2 
files, which verifies "authenticity and integrity" of your downloaded ISO. I 
use the "How to Verify Qubes ISO Digests" file to compare my downloaded Qubes 
ISO(half way down this page: 
https://www.qubes-os.org/security/verifying-signatures/), e.g.


1) Download Qubes ISO image from https://www.qubes-os.org/downloads/

2) Using a Mac terminal, verify sha256 by typing the following in the Mac 
terminal:
shasum -a 256 "then drag and drop ISO file into terminal"

- Then hit enter
- Remember space after 256
- A long list of numbers/letters is spit out in the terminal


Are they the same as the SHA256 charactors from the "Digests" (line 6), found 
right next to the ISO download? e.g. since I use in this example SHA256, the 
charactors are on line 6

eb93b60b4be097fd618dbdd625f70ee64a6a77d502e50b39d2c259df9ccb8f53 
*Qubes-R4.0-x86_64.iso


If they are then you are "reasonably" good to go in making your bootable 
thumbdrive!

As the Qubes team advise I check these digest numbers from different computers, 
networks, etc...

I also try to do this on as clean of a Mac as I can get...generally I'll 
reformat my Mac at the Apple store so I know I have a "reasonably" clean machine

Open to being corrected if I am wrong or doing this incorrectly...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9df7ed4e-c909-41b2-ae0b-d038575026f8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QSB #42: Linux netback driver OOB access in hash handling (XSA-270)

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-08-26 07:12, David Hobach wrote:
> On 08/14/2018 09:12 PM, Andrew David Wong wrote:
>> Patching
>> =
>>
>> The Xen Project has provided patches to fix this issue.
>>
>> The specific packages that resolve the problems discussed in this
>> bulletin are as follows:
> 
> [..]
> 
>>For Qubes 4.0:
>>- kernel packages, version 4.14.57-2
>>- kernel-latest packages, version 4.17.9-2
> 
> [..]
> 
>>For updates from the stable repository (not immediately available):
>>$ sudo qubes-dom0-update
> 
> Were these pushed to stable yet? Because I don't see them, but maybe my
> update is broken...
> 
> If not, when is that likely to happen?
> 
> Thanks for the good description though!
> 
> Best Regards
> David
> 

The answers to your questions are in a portion of the announcement that
you omitted:

>> These packages will migrate from the security-testing repository to
>> the current (stable) repository over the next two weeks after being
>> tested by the community.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluC8HMACgkQ203TvDlQ
MDDXuRAAxf9aHUXR3j9Fv3mSa09+DGnSOctn3KO2tWVTGeZFxgiGgGNb1+KU738/
AD8/t/0x0j3D/gW35ZOlgt9bw+WNkYALrtKbOr4ZNB/oe6jhxXDIWNpfcDs6luXb
VxURNi6mkCMbEHcqbPCLsAwHYVa9iEwJSoTYLn311sfI2rDyk84UC/JD1ZOnjkRs
/wJM7J8RrvCIG4o4XgwCfRwOOiOpjCVdWbkGpAJW4aUe9jJyjxbjYS+jfWf9Cc90
pClRqHrjerb2tkswZiJYg3RKbe5bi6jS7AZQ0u9dZyqKvfA8d5baswD+l6ZDQbRS
/DggQalnSAhfie6xRI/NJGdHM9SOypuxMBdloeGHD3HosQ9JhPbpdSYGsXz7s6AV
ZFc5c4DMe/SKFQQaKZVlOAAmxO0bQ+LGgIzDAxwmYPNqYvq7/LH4IDaYn7gKp91W
aUz1XyvPCuNLDcER4DaZJvcshCRRpWRPfJ0TzLd91ewfVWiNhYx+075af3ZyCcZI
EQpn0FxhTQOLN05lxjjYOVlP9FUBQZ0OIrD0XNE/y1wbGNpEFKuxL8rgeUNovamv
4/KU9JXANCR5XmhlqAM8nF6E2PD30hScWdK6GXQZ7Gy23YNO3GevvbB4PYvQPILo
pXrWKrnr/nMStRZl+qXGecAEvtqKCEFeBLP6s2DeLKsDLMa9fXU=
=rEbq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d6b0d62-842a-c77c-708c-ba9a3cc05936%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Rusty Bird:
> To me as a layman, it looks like Qubes is indeed vulnerable to the
> XSA-273 data leak, and that fixing it involves
> 
> 1. disabling hyperthreading (by adding smt=off to the Xen command line)
> 2. AND upgrading Intel microcode to 20180807
> 3. AND upgrading Xen

https://groups.google.com/d/msg/qubes-users/v5UPnWmnzJY/WG9lmyxYAgAJ

=> There's no point in manually adding the smt=off parameter - Qubes'
latest Xen 4.8.4-1 package doesn't support it yet, and I imagine the
next package version is going to add it automatically.

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbgqGUXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrf0bwP/iGQCNSorNefwhFSldoqvjJa
fSz1oZoqU81ESpqxMvylTGT+Q0odjG01PQpQ+y14+EZZgkgbM3NIbIUcTLYX4HIf
3cjcsqmyp17YbM0pqCeG3DuTQFo1IJZh22pqUt+6q7Y3G4hSYNlW1jvy76n9c9Ae
h0tW9gQb3EpTxzQGaryKswq+NyXKR1D0mUIErKTdLSk8KzROIhCLE8pQWbKFX5/t
8M5xZ8+VTw1aGF4v+LS8Oxjhl2R1PkMc0Qi7IKgZhTFE+RqQOkMJK75Emv7U5eFK
oEEx7sWVy7nh3beKaaZUBThCZU0iLZRuvODp64eUkSqJYCHvtABzvHyhMBT++4l/
n3bBJ+/dMRpe846FZuzdqxb0AbbBwGCeCRCk7SXZRnNIEDavJhW/x1Tr13oGIkan
mNLiA2uaeQY1mOOVXyiK4zfYblDl0xtCEa2zPFvFya/iWC0nDSntuzT6zMxZuq8i
ywFDxax22XezSA0m2RwE/5M1I/8dx92yUcscCvpW5HU/WsEccRubo95kcMg5l9U6
cH7G6nZLAxSCek4SobvW9yp1CjbuVNmSFR2GPGRKpoe67sEvTRbxP4Mmhxd+D1c6
AKMKiK1vg5/pV3pioeICI97FYvYu/sTynX5uMq4PKv6LgUae+EPKWaut0Qdkz3xK
YdGbUkoqLk/l92E+M43l
=zaWC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180826124820.GA1008%40mutt.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] sys-whonix uninstal error

[qubes-fan]

Solved! I had to change the ClockVM in the Qubes Global Settings from 
sys-whonix to sys-whonix-copy. Now the sys-whonix is deleted sucessfully.  


Aug 26, 2018, 1:51 PM by qubes-...@tutanota.com:

> hi, I am trying to follow the fresh install of whonix 14 guide as posted by 
> Patrick here, which requires me to uninstall the sys-whonix together with the 
> whonix-ws, whonix-gw and anon-whonix. 
>
> When I try to uninstall the sys-whonix, it comes with the following error:
>
> ERROR: Domain is in use: 'sys-whonix'; details in system log
>
> I already removed whonix-ws, whonix-gw, anon-whonix. Before I clonned them to 
> -clone including sys-whonix-clone; I removed sys-whonix from all whonix based 
> VMs, including DVMs. I cant see its use anywhere.
> I added qubes-prefs updatevm sys-whonix-clone in dom0 to force the updates of 
> whonix through Tor.
> I even changed the /etc/qubes-rpc/policy/qubes.UpdatesProxy from sys-whonix 
> to sys-whonix-clone
>
> Whatever I try, the error persists when trying to delete sys-whonix, to 
> follow the whonix 14 guide.
>
> Any ideas?
> Thank you
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LKq3jNH--3-1%40tutanota.com 
> > .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKqG12Y--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] XSA-273 - Impact on Qubes?

[Rusty Bird]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Ivan Mitev:
> On 08/26/2018 12:50 AM, Rusty Bird wrote:
> > Rob Fisher:
> >> what are the best options for a Qubes user right now?
> > 
> > - - Add smt=off as a Xen boot parameter (which disables hyperthreading)
> 
> smt=off doesn't seem to work though:
> 
> $ xl dmesg | grep smt
> (XEN) Command line: [...] smt=off
> 
> $ xl info | grep thread
> threads_per_core : 2

Shit, you're right! Xen commit f049cd67a99bcf773aa4fceeedd5d1de17b2a8eb
("x86: command line option to avoid use of secondary hyper-threads")
was added to the 4.8 branches a few days _after_ the 4.8.4 release.
I should have checked better...

Rusty
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJbgpwfXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfgqsP/1xUuJNoRlbB1w9TAOL08Ei4
3Md4lfJ+uxbgPorrEw1Z9dyq1VX9o/u/zapZjziEYBCSSSp7PSr8iECJ66TJlZXV
+tS30QAI4u/t6sf6wX7KPXVEaWE2FmlU7o/ID/mCaXPTUtTxDZewe3Q35kcKrNcp
+pnGxOEM/DV3EQ6noYvK30sOWUxLwBG9XH/DzUCLVTUn0gjPAiEMgna39US4e9Cu
YB5EK+cvSwnCBc3xawcLRHfMV3XnjVw2R3zN8VjHrm0xmbqUT9kXBjxBUX9xnd1v
zrnlHsO8frZ1mx4F8GomdoYSK2qrnJjkYuvuwJGZexqBGu/N3G5FkWqSbRj0a1mj
DN/i5PeQNQ+qnh42tpKjAbZBr2Zyb0kZGhZl30XTZJNfdlxdoShFUoIRExE6EwiT
7JCAcfxoF32YylsTLeklRNK/OODB6ihPkVeds/DNencM/ALINdJOYnSnHv1EsSl1
JcLAZ2vHHAhAn39kimHIQchPTMU+sBB/g3LSlHHZovXmduRhQw8TsW2BD0rF38G8
84iLAeJ8AIHQUFl5cWxDYFJGbizczfSzymPF9bVaWFVreJXqdFAYkP4sIku05OYE
qP6P+u05dxN2eH/xaKAXgHV8LiRWtcEP+Vrj7kXphJG6MtmpqTPWcNMgtjP9sxsa
miFJi6nxt0dqqX9SFvqa
=39ak
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180826122503.GA966%40mutt.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] QSB #42: Linux netback driver OOB access in hash handling (XSA-270)

[David Hobach]

On 08/14/2018 09:12 PM, Andrew David Wong wrote:

Patching
=

The Xen Project has provided patches to fix this issue.

The specific packages that resolve the problems discussed in this
bulletin are as follows:


[..]


   For Qubes 4.0:
   - kernel packages, version 4.14.57-2
   - kernel-latest packages, version 4.17.9-2


[..]


   For updates from the stable repository (not immediately available):
   $ sudo qubes-dom0-update


Were these pushed to stable yet? Because I don't see them, but maybe my 
update is broken...


If not, when is that likely to happen?

Thanks for the good description though!

Best Regards
David

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/129c3ea8-261a-84ce-169d-980005c67d81%40hackingthe.net.
For more options, visit https://groups.google.com/d/optout.


smime.p7s
Description: S/MIME Cryptographic Signature

[qubes-users] Re: How to delete whonix-ws-dvm?

[Daniil .Travnikov]

So I founded how to do that:

[user@dom0 qubes]$ qvm-prefs whonix-ws-dvm default_dispvm ''
[user@dom0 qubes]$ qvm-remove whonix-ws-dvm

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8b97bb84-a617-44b4-827b-f07cd5cdbd12%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to delete whonix-ws-dvm?

[Daniil .Travnikov]

When I am trying to delete, I got this error:

'ERROR: Domain is in use: 'whonix-ws-dvm'; details in system log'

Of course in Qubes Manager I don't see any VM which could use this dvm.




I tried this commands to find out what could be the reason of my problem:


1. [user@dom0 qubes]$ journalctl -f

-- Logs begin at Fri 2018-08-03 14:09:10 EDT. --
Aug 26 07:21:19 dom0 qmemman.daemon.algo[2171]: left_memory=1525830203 
acceptors_count=1
Aug 26 07:21:24 dom0 qmemman.daemon.algo[2171]: 
balance_when_enough_memory(xen_free_memory=35346869, 
total_mem_pref=4570018931.21, total_available_memory=28311571415.8)
Aug 26 07:21:24 dom0 qmemman.daemon.algo[2171]: left_memory=6067982920 
acceptors_count=3
Aug 26 07:21:24 dom0 qmemman.daemon.algo[2171]: left_memory=1610242955 
acceptors_count=1
Aug 26 07:22:17 dom0 qmemman.daemon.algo[2171]: 
balance_when_enough_memory(xen_free_memory=35346869, 
total_mem_pref=4614571532.8, total_available_memory=28267018814.2)
Aug 26 07:22:17 dom0 qmemman.daemon.algo[2171]: left_memory=6286049504 
acceptors_count=3
Aug 26 07:22:17 dom0 qmemman.daemon.algo[2171]: left_memory=1697956321 
acceptors_count=1
Aug 26 07:22:22 dom0 qmemman.daemon.algo[2171]: 
balance_when_enough_memory(xen_free_memory=35346869, 
total_mem_pref=4656301990.4, total_available_memory=28225288356.6)
Aug 26 07:22:22 dom0 qmemman.daemon.algo[2171]: left_memory=6486517967 
acceptors_count=3
Aug 26 07:22:22 dom0 qmemman.daemon.algo[2171]: left_memory=1778591163 
acceptors_count=1
Aug 26 07:27:57 dom0 qubesd[2167]: Cannot remove whonix-ws-dvm, used by 
whonix-ws-dvm.default_dispvm



2. [user@dom0 qubes]$ tail qubes.log

2018-08-26 06:56:16,924 Removing volume volatile: 
qubes_dom0/vm-anon-whonix-volatile
2018-08-26 06:56:27,857 Cannot remove whonix-ws-dvm, used by 
whonix-ws-dvm.default_dispvm
2018-08-26 06:57:14,117 Removing volume private: qubes_dom0/vm-whonix-gw-private
2018-08-26 06:57:14,286 Removing volume kernel: 4.14.57-1
2018-08-26 06:57:14,287 Removing volume root: qubes_dom0/vm-whonix-gw-root
2018-08-26 06:57:14,608 Removing volume volatile: 
qubes_dom0/vm-whonix-gw-volatile
2018-08-26 06:58:36,959 Cannot remove whonix-ws-dvm, used by 
whonix-ws-dvm.default_dispvm
2018-08-26 07:01:00,875 Cannot remove whonix-ws-dvm, used by 
whonix-ws-dvm.default_dispvm
2018-08-26 07:16:33,354 Cannot remove whonix-ws-dvm, used by 
whonix-ws-dvm.default_dispvm
2018-08-26 07:27:57,036 Cannot remove whonix-ws-dvm, used by 
whonix-ws-dvm.default_dispvm



3. [user@dom0 qubes]$ qvm-prefs whonix-ws-dvm

autostart D  False
backup_timestamp  -  1535212886
debug D  False
default_dispvm-  whonix-ws-dvm
default_user  D  user
gateway   D  
gateway6  D  
include_in_backupsD  True
installed_by_rpm  D  False
ipD  
ip6   D  
kernelD  4.14.57-1
kerneloptsD  nopat
klass D  AppVM
label -  gray
mac   D  00:16:3E:5E:6C:00
maxmemD  4000
memoryD  400
name  -  whonix-ws-dvm
netvm -  None
provides_network  D  False
qid   -  9
qrexec_timeoutD  60
start_timeD  
stubdom_mem   U
stubdom_xid   D  -1
template  -  whonix-ws
template_for_dispvms  -  True
updateableD  False
uuid  -  75c6f325-d88e-41ac-ad18-42772fb17a4f
vcpus D  2
virt_mode D  pvh
visible_gateway   D  
visible_gateway6  D  
visible_ipD  
visible_ip6   D  
visible_netmask   D  
xid   D  -1



Could anyone knows where I must delete some VM which using this dvm? Or maybe I 
must change some options is some files?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7309835d-5fa3-4c49-8a40-05a2710168ea%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-whonix uninstal error

[qubes-fan]

hi, I am trying to follow the fresh install of whonix 14 guide as posted by 
Patrick here, which requires me to uninstall the sys-whonix together with the 
whonix-ws, whonix-gw and anon-whonix. 

When I try to uninstall the sys-whonix, it comes with the following error:

ERROR: Domain is in use: 'sys-whonix'; details in system log

I already removed whonix-ws, whonix-gw, anon-whonix. Before I clonned them to 
-clone including sys-whonix-clone; I removed sys-whonix from all whonix based 
VMs, including DVMs. I cant see its use anywhere.
I added qubes-prefs updatevm sys-whonix-clone in dom0 to force the updates of 
whonix through Tor.
I even changed the /etc/qubes-rpc/policy/qubes.UpdatesProxy from sys-whonix to 
sys-whonix-clone

Whatever I try, the error persists when trying to delete sys-whonix, to follow 
the whonix 14 guide.

Any ideas?
Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKq3jNH--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Manage/Create Custom templateVM

[zevenblade]

Hello folks,

I want to create a custom template vm based on the fedora-28-minimal template vm
mainly adding a list of packages. Maybe i would like to do even more 
customisation 
but managing the template software is my first goal. I want to orient at this 
guide 

https://github.com/Qubes-Community/Contents/tree/master/docs/user-setups/taradiddles

Sure i can do all of this manually as described here:
https://www.qubes-os.org/doc/templates/fedora-minimal/

I don't want to build an iso. I just want to launch one command and end up with 
my
ready configured template vm on a live system. So i could do a fresh 
installation
pull a github repo and end up with my configuration after launching a 
script/command.

I discovered that Qubes has some nice integrated tools that could be used to do 
this
in an automated fashion. 

1. SaltStack
As far as i understand i can make a personal salt config like this one 
https://github.com/SkypLabs/my-qubes-os-formula
My problem is that SkypLabs approach uses the formulas in /srv
but i would like to have a standalone approach. Also i don't understand
the inner workings of /srv for example where to select fedora version.
There is a template-fedora-21.sls which is deprecated (?!) but also
as far as i understand salt with /srv is used for the initial installation 
where 
i ended up with fedora-26 templateVM being installed. My question
is where in salt the fedora version is set.

2. Qubes builder
I think this builds a completely custom  qubes iso and could also
be used but is even more complicated since it uses Makefile only.

I hop to hear from you.

Best regards,
Frank

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f582778a-4918-4d2d-901a-674d86169012%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Unable to reset PCI device 0000:00:1f.6 (Qubes-R4.0 / fresh install) : no network

[Michael MENG]

I got same error, same motherboard b360, same no network, i tried but still not 
working. Please help. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3183ebeb-05b8-4d34-b48d-2fa1c024face%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] XSA-273 - Impact on Qubes?

[Ivan Mitev]

On 08/26/2018 12:50 AM, Rusty Bird wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> Rob Fisher:
>> I'm wondering when we can expect information on the impact of XSA-273 (1) on
>> Qubes R4?
> 
> I'd guess early next month:
> https://groups.google.com/d/msg/qubes-users/Isn_hko7tQs/PcqIuUleEQAJ
> 
>> what are the best options for a Qubes user right now?
> 
> - - Add smt=off as a Xen boot parameter (which disables hyperthreading)

FWIW I was wondering how to turn off HT last week on a thinkpad 450s
(i7, 2 cores) which doesn't have a "disable HT" bios option. I had
overlooked the smt= boot option and tried maxcpus=2 but this left me
with 1 core/2 threads instead of 2 cores / no HT.

smt=off doesn't seem to work though:

$ xl dmesg | grep smt
(XEN) Command line: [...] smt=off

$ xl info | grep thread
threads_per_core : 2

$ xenpm get-cpu-topology
shows CPU0, CPU1, CPU2, CPU3

$ xl vcpu-list
shows that CPUs # 0-3 are randomly assigned to VCPUs # 0-3


Does smt=off work for you ?


One possible workaround would be to pin CPUs to VMs. Another one would
be to remove CPU1 and CPU3 from the cpu pool, like so:

$ xl cpupool-cpu-remove Pool-0 1
$ xl cpupool-cpu-remove Pool-0 3

but:
- I have no idea if this is identical to disabling HT
- 'xl vcpu-list' shows that only CPU0 and CPU2 are used, but VMs still
use 4 VCPUs - even VMs started after removing the CPUs - which doesn't
seem optimal wrt context switching overhead.




> - - If you're worried that some VM might want to steal data from another,
>   try not to run both at the same time
> - - Hole up, have a nice cup of offline and wait for all this to blow over
> 
> Rusty
> -BEGIN PGP SIGNATURE-
> 
> iQJ8BAEBCgBmBQJbgc8qXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEI1OUJDRkM2MkIxMjlGRTFCMDZEMDQ0
> NjlENzhGNDdBQUYyQURGAAoJEEadePR6ryrfr38P/1KtCRK5qEvTcCTVLVbwYZHj
> k63iIhA6n7wzRaV8oaOq7YrRzFryNoikeU2eqYe+T6Rwuw3hBE842pN+rABTJ7BS
> Lb9UdUaC14y481Ad0uMxR4MvE+zKx6Ok4XuHTEwpZXDPw5URqNLNwp0+3ll1MXj2
> lkRFqb9/IuwdR491YpQQAfjkD/EfHkMvd+TJAGowkUOBFno9605x8fLYRCMw0ZTL
> U0c0amlRSeM57bhqPR0fMtc3rfFT/w+wZS1QHoq881qXfx9E29HjjOnTI3E1EN0I
> MRbh222HsjScvl2O7OPbDUzIQW6uC/rZPYKrekMNYfK0c+sfUCehLE/RUNp3qdUf
> 8dEpVL5uBFIL4wBSN4g9GIFa2wmHvnrJ90v7U7pJ61iWoA1vaKEARlECZU7u3+EH
> rOXSdb0+o7RtOItY/Lb8e/qfZxfScvvCb2n7dz1fqFFB2dXd7pIixMT7cERPbvsR
> AGiqs6hkmHKKuw38xeKhhl5yVQQhIa77WgAVVHQ0mXu0sqGOWPLA30kwp4Tioqvh
> HgKl9OtEUlVfYDj9HOuRdKM7Ns8rxLyDuYd6ENDgkMIC8QCEmE6blmnkJybR2mBo
> knEQ0vgRQ++R8eG0b+3u7a97Up94D6FhDGA5b042a0wOGgBEG7e9/sefwCOskXGL
> pnSyzaTOZPeHlStNxxhf
> =bImI
> -END PGP SIGNATURE-
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6a13160c-e502-63e5-c80b-5fb0980daa36%40maa.bz.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2018-08-25 15:33, Chris Laprise wrote:
> On 08/25/2018 03:59 PM, Andrew David Wong wrote:
>> On 2018-08-25 14:24, 'awokd' via qubes-users wrote:
>>> On Sat, August 25, 2018 7:01 pm, Chris Laprise wrote:
 On 08/25/2018 02:25 PM, Rusty Bird wrote:
> odindva0...@gmail.com:
>
>> I am using version R 4.O and recently decided to set up a new Vpn
>> connection . But when I try to select the type is only giving me
>> AppVM
>> and Standalone option so obviously I can't move forward . I am
>> attaching picture of it so you can see it youself :
>> https://imgur.com/a/xTmpUDX .
>>
>
> Tick the "provides network" box, that's the R4.0 equivalent to ProxyVM
> in older Qubes versions.
>
> Rusty
>

 I've come to the conclusion that attempting to change the terminology
 for VM types was a mistake. People are getting confused and
 referring to
 "network-providing appVM" in the generic is awkward at best --
 especially if you are merely describing or referring to VMs instead of
 giving instructions on creating them.
>>>
>>> Think some additional text in the dialog box like "provides network
>>> ('ProxyVM')" would do it? Agree that "network-providing appVM" is a
>>> bit of
>>> a mouthful.
>>>
>>
>> If I understand correctly, it's not merely a terminological change.
>> Rather, there is simply no longer such a thing as a "ProxyVM" in Qubes
>> 4.0, where a "ProxyVM" is understood to be a VM that has the inherent
>> property of proxying network access. Instead, "provides network" is a
>> switchable property can apply (or not) to *any* VM. You can flip the
>> switch on to make a VM play the role of a ProxyVM (and/or a NetVM?),
>> then switch it off again later, and it'll still be the same VM. At any
>> rate, that's what I gather from this comment from Marek:
>>
>> https://github.com/QubesOS/qubes-issues/issues/1763#issuecomment-188786341
>>
> 
> Except VMs internally still use the proxyVM term in /var/run/qubes for
> example. Its how my VPN code makes decisions about where+what to run.
> 
> I'd vote for adding (ProxyVM) in parentheses to the "provides network"
> label (not tooltip) in the create dialog.
> 

In that case, I certainly agree. Calling it "provides network" is
clearly an attempt to accommodate new users who don't know what a
ProxyVM is, but there's no reason to confuse experienced users by
removing *all* mention of ProxyVM, when we can accommodate both groups
by simply calling it "provides network (ProxyVM)".

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAluCW0AACgkQ203TvDlQ
MDCW0Q/7BNTyaCkmoC9788EIU9C6Q4ob+yuXJRHs8nLD4kEOW/cQJTByeUdErQOM
S+zgBOKkG28AzeOIMtjqbNPSQ9Pja28uWRLCEQPWIETnfHocxPpQemckOQa8f8Pz
1jpu5ndSekEkjSVGvXU05OEUVb4AEQcQ4Tm4R65NjarILGqDAf08zJdaIrnj3Up+
sS46FLqYNpy6J+A/6Pm2XeZRu4gwc48Dpuz+xAnMXhe7ZFQ7qtFagqsGcQQgksB4
T1If57Ndei0/pZmRKB7/p+uiAHtDkfYnj80mFg+x3gaK5J3ughaOWBE88eSWcnjc
J6AdUdSFOeU0YO5pejlVTrQP0kKU7mlKX5n76GS1bLr/OY/r4ijGKqcazeSj1lKy
xHT9sFWp+hpTCwP0F2wgSsnte0q/c/q9tNGUrTTQ3PzT26nf4N1t089wCg9KiqKR
PnT31EeNdBBlBMuq1XCq6xFjoy8sQnKh6Cih2qxk5h43OiwA8zstArTYc+eiJ3DH
U2D+4DZHLMxkcRYTmYUM6MObLjJS0gQ9A2qqWD0u+uv8rMkrrcnS5icUbKtwz0Xc
V9TGpcUdjhNAQF43y0AIx5EDgrofzLyqfOtOXgP7rSzYBbEkVp5mG1FVkeYfToKl
XpF7yulSsLe8dvv+I/KjaGwnkwpXUlffp4vlLNrS2dOyt7cOJSw=
=IZdK
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fcd24c61-b212-e57b-22d4-6906dad66442%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Sometimes all the programs disappear from the screen, and all I see is the cursor on the black deskt

[getoutandhide]

Hello.
Sometimes all the programs disappear from the screen, and all I see is the 
cursor on the black desktop (and I also see the color frame of one of the VMs 
around the black screen), then the running programs can still be seen by 
pressing Alt + Tab, but none of them they can not be brought to the fore. I 
still continue to see only a black screen with a cursor on the desktop.
I can not do anything, only rebooting helps. I do not really know if this 
problem is related to the error of my installation of Qubes OS or really 
intruders trying to hack it, and this somehow disrupts its work. 
Sorry for my bad english.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30e150f2-ec17-447a-9149-11b4a62b4bd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.