[qubes-users] Re: Tails
On 3/29/19 12:14 AM, Steven Walker wrote: Can anyone offer any advice to a newbie for installing Tails into Qubes. I am using the very latest version. TIA, Steve guess your aware of this , and tried a few things? https://www.qubes-os.org/doc/tails/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba216ed8-0e54-520c-3568-9cba65930129%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Tails
Can anyone offer any advice to a newbie for installing Tails into Qubes. I am using the very latest version. TIA, Steve -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a7922c62-05fc-4133-bfad-16abad15fc82%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: packages for conversion of pdfs to trusted pdfs
On 3/27/19 12:35 AM, unman wrote: > On Tue, Mar 26, 2019 at 11:33:46PM +, liked2-mmb7mzph...@public.gmane.org > wrote: >> On 3/26/19 12:46 AM, 22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote: >>> I am not sure of why this is happening in your case but have you tried >>> creating a new -dvm again? Does the issue persist? >>> >> What do you mean exactly by creating a new -dvm again? >> >> It happens every time I use the dvm based on the minimal template. If I >> switch back to a dvm based on fedora-29, I can use the feature again. The >> issue persists also after reboot. Is there more needed that the stated >> pre-requisites? > > You have installed the qubes-pdf-converter package, (And all strange > packages that it brings)? > uman, installing that package made the trick. Thank you very much! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/387b2297-8e06-997d-8447-ecc681b18efc%40gmx.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] coreboot on modern hardware?
On 3/28/19 3:51 PM, Sven Semmler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/25/19 4:49 PM, jrsmi...@gmail.com wrote: What does this say about the direction Joanna and Golem are taking? I am severely confused about that. I'd have thought the direction to go is open hardware, more local, more decentralized, more compartmentalized, zero trust. I think the idea is that "zero trust" can come from a crypto-based algorithm and that the hardware will be locally owned like bitcoin. But I don't necessarily agree with this model; it feeds the "monetize every relationship and action" trend along with other problems like pollution. And if the basis is intimately financial, then economies of scale and expertise will weigh heavily on it they way they have with crypto currencies: eventual centralization will be baked-in. Also there are many examples of zero trust (or accountability) in traditional methods, like counting paper ballots or balancing your checkbook from bank statements; its not an invention of Computer Science. But we love computers and must now throw billions of transistors at each instance of every little problem; A-Z must receive the silicon blessing. - What I love about personal computers is that they're the opposite of "strap some chips onto objects and forget about it". They're never mere "gadgets" but more like a workshop. They do many things and so we focus on one or two units most of the time we worry about how fit and secure our PCs are and we have a dialog with them about it. OTOH, iot and other gadgets rarely even real anything like an operating system to us bc we're not supposed to care. I want operating systems to reveal even more about a computer's internal state - in snazzy, intuitive ways - than they already are. That's why I thought at the beginning that "Invisible Things Lab" was such an awesome moniker while exposing awful things that hide in a computer. Then to boot they provided a solution that manifests itself in the window frames we constantly look at. Definitely not a trendy move but great nonetheless. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/21f0a927-05cc-7303-b7e2-d5aaa76dd867%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] coreboot on modern hardware?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/25/19 4:49 PM, jrsmi...@gmail.com wrote: > What does this say about the direction Joanna and Golem are > taking? I am severely confused about that. I'd have thought the direction to go is open hardware, more local, more decentralized, more compartmentalized, zero trust. /Sven -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlydJdgACgkQ2m4We49U H7ZZ9w/7Bc1xKBcK6UuV3yvodiFbSxG5mu3sXCq/6o9kKtmhX3K2GObluqWknq1R WrM4uMj8PjdVmuOZn/A4etylmm6TrEim2iFHnrS4I7KLFrR+7FJrfgx1F3Tzfy/c jVWyVDwruXb7OmxXOem3iSzWSLKqEsh26/821huMFdNxPp0DZAK5JDry4YSbd3Ov JTtBhbXlEYdQ0yuRYLinI53yFyqPxG/xcrL5JT6DX/4phHEuvtZhPu1n+wXI/FM0 bCiOQUpBwPSMf/yL84ah1EqEd+KfCHM5SmRUobJEqTSO/cwbgu7glpF6nf2AwSGV 6XFjA9wiCLqTfMKK2/8vr4h0aMWGLGiKGCpqCkDDClWILTYHmKxB8GjHwQFvXqmf xQmn06Dmzz1VMo6rEUvANweAUmE1541RF8n5bwhleDsISGbOJOep+GNyQA7mqbGD dbc7oNgxaRt9PE9+737eAGQ+5/M+whsUYWVU5++GJsKPrO7LdPn2gXK8KL/YknXT xlrbjYo9TZsCcjjJJ5b46ylYwmXu1kl/b64hLNVdl7n58UuINVJJTLUtRyw1yHKH kJv5ao3ttZ95tSOciAAcLTOHffPQpdAnAC5I/G1ivKGyj+qx9ntDDIciUXtwwahk stMw6Lb1U0nGau7tbn2PEhyV/pKok1VZ8JpcCg8SRD2kitZHex8= =zT7e -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19184bdc-a7e4-eeb8-e500-06bde14bc70a%40SvenSemmler.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: debian 10 [SOLVED]
On 3/28/19 11:55 PM, unman wrote: On Thu, Mar 28, 2019 at 10:00:22PM +1100, haaber wrote: I dont want to be *that* person, but this upgrade works flawlessly for me. Can you check you have upgraded debian-9 prior to clone, and then changed the Qubes repos to use buster, as well as the Debian, before running apt update? Dear Unman, stupid me! It was up-to-date, but in qubes.r4-list was lurking an overlooked stretch. Next time sed rather than vi :)) Since this broke the update receiver I could not repair it by downloading missing packages, and I decided to restart once more from scratch ... I presume things will work now. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ead8096-fe69-cfe8-af55-7cc62c4ed202%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] X events going to wrong VM?
Hello, Something peculiar happens occasionally on my qubes 4.0 system. I run claws-mail in one VM, and mousing over the message list shows tooltips as intended (not very useful; they just repeat the text that is under the mouse). As I mouse up or down, the old tooltip disappears and a new one appears, as you would expect. But sometimes this happens when another VM's window (say firefox) is on top of the claws window, and all the mouse movement takes place inside the window on top. Somehow claws seems to be receiving X mouse-motion events meant for the other VM. Obviously this looks like a violation of qube isolation. The tooltip windows are properly colored. So as I move the mouse, yellow-bordered tooltip windows appear and disappear on top of a (say) red-bordered window that is on top of a yellow-bordered claws window. Visually this is very strange. I wish I knew how to reproduce this. It just seems to happen by itself every few days. I have a vague memory of something similar happening *once* with some app other than claws. But I forget the details. Anyone else have this experience? Or thoughts about what to try to maybe reproduce it more reliably? Thanks, Daniel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190328131317.03fe4395%40allcock.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Using http_proxy environment variable in Templates with qubes Updates Proxy
On Sunday, March 10, 2019 at 3:24:08 PM UTC, farrilis wrote: > Using Qubes 4.0 in Whonix 14 template > > > When using curl, the -x (or --proxy) parameter accepts the address > (127.0.0.1:8082) that redirects to Qubes Updates proxy over RPC, and > returns what you would expect. > > But with wget (which I think is a better choice than curl), setting the > http_proxy environment variable is needed (according to 'man wget' and > web resources) > > > Using the following commands: > > 'export use_proxy=on' > 'export http_proxy=http://127.0.0.1:8082' > 'wget https://gitlab.com/repo/filename' > > produces this output: > > " Resolving gitlab.com (gitlab.com)... failed: Non-recoverable failure > in name resolution. > wget: unable to resolve host address 'gitlab.com' " > > > Then try a domain name that does not exist: > > " Connecting to 127.0.0.1:8082... connected. > Proxy request sent, awaiting response... 500 Unable to connect > 2019-03-10 15:17:23 ERROR 500: Unable to connect. " > > > What could the problem be? curl can use 127.0.0.1:8082, why not wget? wget leaks dns - by this I mean wget tries resolving the domain name locally and then uses the result from that as the destination of the proxied connection. If the DNS resolution query fails, then wget gives you that error. Curl, in comparison, (correctly) asks the proxy to handle the entire connection including the hostname resolution. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bf862a9-f536-41b0-90fb-80557c8bf825%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Torsocks and dnf no longer work in Fedora 29 -- Any Ideas?
On Sunday, March 24, 2019 at 6:22:49 PM UTC, ashleyb...@tutanota.com wrote: > I utilize torsocks dnf to perform updates over tor inside of HVM linux > installs (so not in templates obviously which would use qubes normal update > mechanism). > > > > Since upgrading to Fedora 29 torsocks is not working with DNF. It throws an > exception message. This is not directly related to qubes, but I imagine > others have had this issue. Does anyone know how to use torsocks with dnf > now. For example: > > > > sudo torsocks --isolate dnf update > > > > > > Running the above used to work perfectly. Now, it will work until it reaches > a random error which is unrelated to networking. It is the following: > > > > terminate called after throwing an instance of 'libdnf::File::CloseException' > > what(): Cannot close file: /var/cache/dnf/fedora-modular-[random > letters]/repodata/[random letters]]-modules.yaml.gz > > Aborted > > > > So, it seems related to closing a file and for some reason this causes a > termination, but only when using torsocks. When not using torsocks it works > normally. I have run dnf clean all and all of that. Nifty. This could be a torsocks bug. I stopped using torsocks with dnf, I configure dnf with proxy support directly, in '/etc/dnf/dnf.conf' I add: proxy="socks5h://127.0.0.1:9050" proxy_username="dnf" proxy_password="1234" Unfortunately, it doesn't seem like dnf respects the http_proxy env variable (and it doesn't like username/password within the url). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2b9b170-c713-4e61-a275-2df6d67f16cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: debian 10 ?
On Thu, Mar 28, 2019 at 10:00:22PM +1100, haaber wrote: > > On 3/28/19 4:35 PM, Foppe de Haan wrote: > > > Hi fellows, I tried to qvm-clone & upgrade a debian-9 to debian-10 > > > (buster). In a reproducible way, the apt-get dist-upgrade will fail > > > while installing (so: after download is finished) with the terminal > > > crashing surprisingly. So NO output is available. > > > I then (again: reproducibly) try to get access to the half-upgraded > > > system by running qvm-run -v -u root debian-10 xterm - which fails as > > > well saying "command failed with code 1" -- thereby not even unveiling a > > > minor hint where the error might sit. I have no idea how I could > > > possibly get to re-animate this half-dead install, if I cannot even get > > > an xterm. If I shutdown it, it will maybe start (or hang, who knows) > > > since it remains inaccessible. My last try is still running in hope for > > > some help from you. > > > > > > Cheers, Bernhard > > > > tried 'sudo xl console debian-10'? > > > I tried it 10h ago and it was completely stalled with random ascii-chars > mixed between text. I could not even quit it without killing the > dom0-terminal. Now, hours later, after reading you message, I tried once > more, and it worked, at least a bit: I could relaunch apt --fix-broken > and it went well - until it got stuck with "Setting up grub-pc" followed > by random-looking ascii code that actually is not random but should > probably be one of these "blue/white ascii boxes" with a text menu and > some choice that is instead shot "raw" and without color in the console > (and thus hardly readable). The console does not react any more on the > keyboard, no clue how to continue ... > > Bernhard > I dont want to be *that* person, but this upgrade works flawlessly for me. Can you check you have upgraded debian-9 prior to clone, and then changed the Qubes repos to use buster, as well as the Debian, before running apt update? unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190328125524.4bcmsni2laz7ftr7%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes cannot install on Asus x79 Sabertooth and 2 AMD GPUs. Need advice.
Update: I'm having some luck now since I randomly decided to change back my SATA controller to AHCI and use a new hard drive. Qubes started installing. I won't be able to update my question again for many hours, because I'm transferring data from my fast hard drive so I can use it for the Qubes install. But I'm sure I will have plenty more questions! I expect I will have difficulty with making a Windows 10 HVM and getting GPU passthrough for it (I have a whole separate GPU and hard drive set aside just for the Windows 10 HVM). When I get Qubes installed and updated, I will see if I can update my mobo on the compatibility list with the steps I used to finally get it working. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/016bf8db-5588-4ffd-bfe0-b0965573ddb0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mounting a second hard drive -- I can't figure out how to make qvm-block see it....
On Sunday, March 24, 2019 at 7:22:30 PM UTC-4, awokd wrote: > > > Most flexible way to use the secondary drive would be to backup the data > somewhere else, then https://www.qubes-os.org/doc/secondary-storage/. If > you want to assign sda3 to a VM, you'd have to unmount it from dom0 > first, then use qvm-block to attach it to a single VM at a time. Thanks. I'm happy to attach using qvm-block. My mistake was that I didn't recognize that if I mount the drive in dom0, then I can't attach it elsewhere using qvm-block. Whenever I did qvm-block l in the vm, the drive didn't come up on the list -- so there was nothing to use qvm-block on. But, then, when I unmounted it from dom0 as you instructed, boom -- there it was. Now that I think about it, it's a rather stupid security breach to mount the same drive in dom0 and "work," so this is a clear example of the design saving me from not thinking things through. Good on qubes. And thanks for the answer. -- on a totally unrelated note, is there a way to mark a question [SOLVED] in the subject line in Google Groups? I can't seem to edit it... billo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9112f9a2-adf1-4384-ac9e-4602f62d854b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: debian 10 ?
On 3/28/19 4:35 PM, Foppe de Haan wrote: Hi fellows, I tried to qvm-clone & upgrade a debian-9 to debian-10 (buster). In a reproducible way, the apt-get dist-upgrade will fail while installing (so: after download is finished) with the terminal crashing surprisingly. So NO output is available. I then (again: reproducibly) try to get access to the half-upgraded system by running qvm-run -v -u root debian-10 xterm - which fails as well saying "command failed with code 1" -- thereby not even unveiling a minor hint where the error might sit. I have no idea how I could possibly get to re-animate this half-dead install, if I cannot even get an xterm. If I shutdown it, it will maybe start (or hang, who knows) since it remains inaccessible. My last try is still running in hope for some help from you. Cheers, Bernhard tried 'sudo xl console debian-10'? I tried it 10h ago and it was completely stalled with random ascii-chars mixed between text. I could not even quit it without killing the dom0-terminal. Now, hours later, after reading you message, I tried once more, and it worked, at least a bit: I could relaunch apt --fix-broken and it went well - until it got stuck with "Setting up grub-pc" followed by random-looking ascii code that actually is not random but should probably be one of these "blue/white ascii boxes" with a text menu and some choice that is instead shot "raw" and without color in the console (and thus hardly readable). The console does not react any more on the keyboard, no clue how to continue ... Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eede8710-4786-ecdb-980e-43d25785599d%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Feature discussion: creating storage volumes
On 3/27/19 8:30 PM, thomas.ke...@gmail.com wrote: I wanted to ask about including a feature in Qubes to create storage volumes on disk which can then be assigned to a VM. Presently, I'm writing an ISO to a USB, by downloading it in one VM, and writing it to disk in another. Instead of copying the data, I'd rather write it directly to a volume I can later mount on the other VM. I imagine it'd go into Qubes Manager, listing volumes, their usage, and where each is attached. It's of course possible with a second drive, or making space on my drive for other volume, but I'd much rather they were managed they qubes. I haven't found a discussion on this before, please forgive me if I missed it! This could be nice to have. I imagine it would let you pick any file or device from a VM, do a 'losetup' if necessary, then attach it to the desired target VM. The final step could have check boxes for A) decrypting a LUKS volume, and B) mounting the filesystem (if any). An extra option to link the volume to QubesIncoming might also be nice. Currently, in order to send info directly from one VM to an external disk in another VM, you have to use 'mount --bind' in addition to all of the above steps. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43493cd0-53a6-0aa5-4229-23265cbc6f9d%40posteo.net. For more options, visit https://groups.google.com/d/optout.
