Re: [qubes-users] How to automate cloud backups of trusted vault files?
> > From: Andrew David Wong > Sent: Sat Jun 01 22:17:09 CEST 2019 > To: Side Realiq > Cc: > Subject: Re: [qubes-users] How to automate cloud backups of trusted vault > files? > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 01/06/2019 1.05 AM, Side Realiq wrote: > >> On 31/05/2019 10.33 AM, Side Realiq wrote: > >>> Thank you Andrew! > >>> > >>> Wouldn't described scenario be mitigated, if one downloads the > >>> backup in a separate disposable non-internet VM, decrypt it, > >>> and transfer the decrypted files to the vault? > >>> > >> > >> The problem is that, if the decrypted files have been > >> compromised, they could compromise the vault when you open them > >> inside the vault. > >> > > > > But how can the decrypted files be compromised if they were first > > encrypted first locally and only the encrypted files were uploaded? > > Attackers should be always able to compromise the encrypted files, > > and compromise the decrypted files only if they could break the > > encryption. You mean that qvm-backup could protect you if the > > attackers break the encryption and put malicious files inside your > > backup? > > > > If processing a malicious file compromises the DisposableVM, then the > attacker owns the DisposableVM. Therefore, any file you copy from the > DisposableVM to your vault could itself be malicious. > > You are assuming that if the file decrypts to a recognizable > plaintext, then it must not have been maliciously modified, and it > must not have just compromised the environment in which it was > decrypted. This does not follow. > > In practice, though, this might provide you with sufficient assurance, > depending on your threat model and risk tolerance. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > You nailed my faulty assumption! Thank you for sharing! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1790328617.84811.1559452737722%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] upgrading to fed 30 min for vpn proxy?
On 6/1/19 1:46 PM, Stumpy wrote: I upgraded to v30 fedora minimal, installed all the packages I installed on v28, and tried using the vpn vm but nada, its acting like its not even there? the vpn appvm has not been changed, same configuration, and as far as i can tell the same packages installed in the new template as the old template but when I try to use an appvm that uses the vpn vm as a net-sys and check (ifconfig.co) it shows me the same thing as if i wasnt using the vpn at all? When set my vpn appvm to use the old fed 28 min template it goes back to working fine... If you're using qubes-vpn-support or qubes-tunnel, I'm looking into it now. I think its happening on fedora-29/30 and debian-10. There is a difference in systemd that requires a different startup approach. But also, there is a bug in notify-send that causes it to hang for a while, which causes the vpn scripts to hang for the same period. Current workaround is to run it with debian-9. Issue: https://github.com/tasket/Qubes-vpn-support/issues/39 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f111fe3c-8725-6289-e90f-23d47e7f7baf%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Openbsd as a netvm
On Fri, May 31, 2019 at 06:25:41PM +, ronpunz wrote: > > On 5/31/19 10:30 AM, unman wrote: > > On Fri, May 31, 2019 at 08:43:59AM +, ronpunz wrote: > > > On 5/31/19 12:51 AM, unman wrote: > > > > On Thu, May 30, 2019 at 09:56:18AM +, ronpunz wrote: > > > > > I'm attempting setup a netvm using openbsd. > > > > > > > > > > I'm following Unman's guide > > > > > https://github.com/unman/notes/blob/master/openBSD_as_netvm but "fell > > > > > at the > > > > > first hurdle" i.e. Line No1 states "Install OpenBSD as HVM Template". > > > > > Does > > > > > this mean a standalone template? If so I've successfully completed > > > > > this > > > > > stage, but, am unable to proceed to line No2 " Create netvm "openFW" > > > > > using > > > > > OpenBSD as template" - as I understand it an appvm cannot be created > > > > > from a > > > > > standalone template. That being the case, it looks like I need to > > > > > create an > > > > > openbsd template - but how? I need either source code to build it or a > > > > > repository to download it? As far as I'm aware, neither exists? > > > > > > > > > > Any help would appreciated > > > > Those are notes, not really intended as a guide. > > > > > > > > What you need is: > > > > qvm-create --class TemplateVM openBSD --property virt_mode=HVM > > > > --property kernel='' -l purple > > > > qvm-create -t openBSD --property virt_mode=HVM --property kernel='' -l > > > > purple open > > > Thanks Unman for getting me up and running. > > > > > > I made it down to line 12 Set fw as netvm for openFW. > > > qvm-prefs openFW netvm fw. This command returns: qvm-prefs : error : the > > > fw > > > qube does not provide network. > > > > > > Is there a workaround for this? > > > > > > I managed to get round this with "qvm-prefs openFW provides_network true". > > I assume you meant:"qvm-prefs fw provides_network true". > > > > > This enabled me to proceed to the next step "start openFW". However, it > > > starts only in a transient state (i.e. qubes manager shows yellow led not > > > the usual green) As a consequence I can't start fw. > > > > > Ignore this - it's because you dont have any qvm hooks in the HVM. Same > > would apply for any HVM - windows, linux, BSDs > > Start fw first. Then openFW. > > > Have now completed all the steps with the exception of line No 44; Bring up > em0 - dhclient em0 - which resulted in an error. > > I now have a network applet associated with fw. But am unable to obtain a > connection to my router. > > From openFW I'm able to ping 10.137.0.34 and the gateway to fw; 10.137.0.33 > > Not sure which direction to go next and to be honest, feel a bit out of my > depth. When I started this task I thought there was a simple correlation > between openFW to sys-net and fw to sys-firewall. In reality it seems a > fair bit more complicated than that. For example, fw seems to have a dual > firewall and network interface role? > I dont understand what this means. There is simple correlation as you describe, it's just that fw needs to do a little more work to provide the internal interface to the HVM. What error do you get when you bring up em0? What's the output from ifconfig? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190602010615.le6c7cujkro23fel%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] future dom0 to run fedora-30 or debian-10 ?
On Sat, Jun 01, 2019 at 04:57:58PM -0700, drok...@gmail.com wrote: > Just curious, now that fedora-30 is officially here. > > Like many, I'm a Debian fan, been using it forever, so would love to see a > switch to Debian. > > I just installed fedora-30 template and checked it out. Looks good, no > problems. > > I also cloned debian-9 to debian-10 and upgraded to Buster. Works fine too. > I'm eager to upgrade whonix's too. > > I guess 2019 is the year Qubes gets major OS upgrades. > Remember buster still doesnt have a release date, and is still "testing". There'll be some changes before release, but yes, the buster template seems fine. If by "switch to Debian" you mean switch dom0 to Debian, I dont see this happening. With target of a GUI domain and management domain, there's more likely to be a very lightweight dom0. That dom0 Debian target dropped some time ago. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190602010206.s3pnnadtesoz5pai%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to create a new User in Qubes OS 4?
On Sun, Jun 02, 2019 at 12:05:31AM +0200, n6-w6...@tuta.io wrote: > > Hi! > > I need help to create a new user in Qubes OS 4.0. > > I went to “System Tools - Xfce Terminal” > > I did: > > useradd -m user > passwd user > > usermod -a -G sudo user = ERROR > > I can’t login with my my new user. > Login don’t accept my new created user and password. > > I can't find user+groups manager into Qubes OS 4.0. > > What to do? > > Please help, thanks! > I assume you ran those commands under sudo or as root. ERROR - no help at all - the group is "wheel" not "sudo" Otherwise, those commands are correct to set up new user. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190602005058.5zb35skj2jlxyy77%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] what happened to qvm-trim-template?
drok...@gmail.com: Don't see it. Deprecated; no longer needed in Qubes 4.0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ed6809c-73e7-a0c2-14b5-7e76f471b2d2%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] System Memory Issue
orion...@gmail.com: @dom0: free -h mem: total used free shared buff/cache available 3.1G1.0G 1.0G 514 m 1.1 G1.4G Dom0 is a VM running on the Xen hypervisor. Non-virtualization aware tools will only report VM resources. Do "xl top" or "xl info" instead. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b947933c-8fe2-c385-d083-18aba3e6b634%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] what happened to qvm-trim-template?
Don't see it. I cloned Debian-9 to Debian-10, upgraded to Buster. VM using 7912.65 MiB disk. Followed instructions here: https://groups.google.com/forum/#!searchin/qubes-users/debian|sort:date/qubes-users/OUui5jGPqGI/yJUnOVytBQAJ https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8409f598-ee20-4b62-9fc7-4402b26b9745%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] future dom0 to run fedora-30 or debian-10 ?
Just curious, now that fedora-30 is officially here. Like many, I'm a Debian fan, been using it forever, so would love to see a switch to Debian. I just installed fedora-30 template and checked it out. Looks good, no problems. I also cloned debian-9 to debian-10 and upgraded to Buster. Works fine too. I'm eager to upgrade whonix's too. I guess 2019 is the year Qubes gets major OS upgrades. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a5340e8-fafe-4b20-8abf-f0075db652f1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] System Memory Issue
I've been looking for a solution but haven't found one yet. I am running qubes 4.0.1. Linux dom0 5.1.2-1.pvops.x86_64 #1 Intel NUC5i7RYH 16GB RAM Samsung 970 EVO 250GB nvme, 500GB Samsung SSD @dom0: free -h mem: total used free shared buff/cache available 3.1G1.0G 1.0G 514 m 1.1 G1.4G swap:7.6G 0g 7.6G It looks to me that Qubes dom0 is not seeing a little more than half my memory and most of it is in the swap. I've checked on a Live Boot USB (Linux Mint) and the live boot sees all the memory. 2x8GB chips. Is there a way to have Qubes see all the RAM? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4d5a56a-b0df-4a82-b0b4-465bd3561b34%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Shorcuts for working with Qubes OS?
W dniu sobota, 1 czerwca 2019 09:11:08 UTC+2 użytkownik Side Realiq napisał: > What are your most used Qubes OS shortcuts? > > Some I found so far: > - Alt+F3 opens the Application Finder > - Ctrl+Alt+Left/Right navigates between workspaces. > > What is the shortcut to: > - move a window to another workspace > - open a terminal in the currently active VM > - lock the screen > - log out > - change display brightness > - change audio volume output Ctrl+Shift+V launches a dmenu script that allows me to select which qube I want to start (much faster than doing it from qube manager or terminal) Ctrl+Shift+B launches a similar dmenu script but this one allows to select which qube I want to shut down ThinkVantage button starts a terminal in dom0 Win+Enter starts a terminal in currently focused qube (this one is part of stock Qubes i3 config) Ctrl+Alt+D launches Chrome in a DispVM Ctrl+Alt+T launches Thunderbird in mail VM And several others almost identical to this one (launch App x in qube dedicated to running app X) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03c538b9-e23d-40e3-a97b-5e2eb24ccaa6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to create a new User in Qubes OS 4?
Hi! I need help to create a new user in Qubes OS 4.0. I went to “System Tools - Xfce Terminal” I did: useradd -m user passwd user usermod -a -G sudo user = ERROR I can’t login with my my new user. Login don’t accept my new created user and password. I can't find user+groups manager into Qubes OS 4.0. What to do? Please help, thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LgK3siE--3-1%40tuta.io. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installing software..
shamaarmarti...@gmail.com: Gear: Thinkpad 1TB SSD, 32GB, windows 10, 32GB USB flash Process: 1. Download qubes setup on usb. 2. I chose my 1TB SSD for the installation destination 3. I have to reclaim space even though it’s a new computer fresh out of the box. 4. Setup user creation and configuration. 5. When I try to finish installation it freezes during the user creation part. and I have to reset my laptop. That an unusual place for the installer to freeze. What was the error code? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d0046dd-a2c6-ca06-f36b-9d2e4766f28b%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Fedora 30 TemplateVM available
w00t! :) Thank you to everyone that worked on this. Awesome. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d988890-2eca-4c98-ad6a-5e0c32e0d52b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bootloop
keyloggerjoshwin...@gmail.com: Bootloop on AMD 1950x,titanx maxwell after entering fde password. If it only started when you updated the kernel, set the default back to the prior version in xen.cfg or grub.cfg. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f7a40a0-909f-b132-052e-29024fc9ae82%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows 7 based AppVMs supported on "Windows10-only" hardware?
josefh.maier via qubes-users: Hello Forum Are Windows 7 based AppVMs supported on "Windows10-only" hardware? Thank's for your feedback! Joe PS I am totally new to QuebesOS If Qubes works on the hardware, a Win7 AppVM should as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e68884e-a890-65b1-ce30-0b2a7fd16142%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] dom0 update and system hanging
Stumpy: Ok, after reading through various posts it seems that a dom0 update borked something and a suggestion was made to boot a different kernel (or select a different boot option) and that seems to have at least gotten me back into my sytem. My question is, can I roll back whatever upgrade that was made which caused this? I am now leary of restarting my system so would like to try to resolve this before i bother to restart again. If you changed the default boot kernel in a config file, it's probably safest to just leave it until the next release. However, if you are sure you want to uninstall it, try "sudo dnf remove" then the package-version to remove. Make sure it doesn't remove the good version. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f63708bd-0b40-bf59-f9ed-6ca50d82d717%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: Fwd: Re: [qubes-users] Shorcuts for working with Qubes OS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/06/2019 2.19 PM, 'Side Realiq' via qubes-users wrote: >>> On 6/1/19 3:11 AM, 'Side Realiq' via qubes-users wrote: What are your most used Qubes OS shortcuts? Some I found so far: - Alt+F3 opens the Application Finder - Ctrl+Alt+Left/Right navigates between workspaces. What is the shortcut to: - move a window to another workspace - open a terminal in the currently active VM - lock the screen - log out - change display brightness - change audio volume output >>> >>> I actually changed a few shortcuts around. If you go to "settings >>> manager" > keyboard > application shortcuts you can see a few shortcuts, >>> and if you do settings manager > windows manager > keyboard then there >>> is a whole bucket load of xfce shortcuts. >>> >> Thank you! That was helpful for the logout, locking and moving to >> workspaces. >> >> Any ideas how to set the following shortcuts: >> - change display brightness >> - change audio volume output >> >> It seems that quickest way to open a terminal for a specific VM is: >> Alt+F3 then type "vmName: t" and 2x Enter. >> >> for brightness, sorry no ideas. >> >> For volume, I usually just hover the mouse over the volume icon and use >> the scroll wheel - but you seem to be looking for a keyboard only option >> for which I dont have any ideas. >> > > Thanks! I found them: > > Brightness: FN+Brightness +/- > Volume Up: amixer set Master 5%+ > Volume Up: amixer set Master 5%- > Volume Mute/Unmute: amixer set Master toggle > > Documented the findings so far here: > https://github.com/csriq/qubes-os-usage/blob/master/qubes-shortcuts.md > Just a note that these should almost all be XFCE shortcuts, so not Qubes-specific. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlzy5DgACgkQ203TvDlQ MDBk7hAAz1J3v0Zt6srzyTqEvoJOAvFwdxREhOETn4A41wzVz/6YPOEDQVGGGUhh 03ssei2YopdBrxMqIxpzc6c0NqOgsCfCF+kiTs6na2/XkhT5gIpbvIU4795R75gD b5xDLVvy+BcTQGiZwcjiaw4XnPM3IJA37gYJV3dIk31UkOaDDWidvm4GJTWkUDXj hkKJyeEA0JgXbo5jvi+JBIQq2GQRIWawgQJtM2pX2gHP9RuP9RgkvqYnUNHjy2BN 3EfJgS6thC/7Xd/RM7cmyPgontluIEDbvhM+hgGEOJMdYNEIPmslJpT64GEG/nKX Z7f6WiCKReTzxrn3rP7XFUzWRzCdAPK3v5inNLoV0yjxh/OIbtt+vTRMSuO1bdc4 uIeH0ipKlFviNFU/79ATzNqWDog4ITkChBBIjJm9unxQOVCLHPOuUTYhmFW0kpva 2eJULKxEL/ugaYId0NPm1gJrhLjtPX7s+K4Amc4sfX7t4l56Z0J8128CGHum1N0L dU70vOF5eOMpHCF+IH1Jq6g4mSnCTPIWjnQ9mopD8lBuF+v0nNN3OXv0/hIJC8dR jIAj4fRqgxdk4o9BkPDoz5s51TXEILYiPrxY9aBOMQZ02zoLA5nWXe74VZ7GMKiW RyDKYrBNIQCqmW2NM833Ohgy57gDuxoo8r7FzD6K4iBCoUK8EXg= =Zqbk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28f03624-6e66-5297-12aa-b2e9415e12c2%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Installing software..
Gear: Thinkpad 1TB SSD, 32GB, windows 10, 32GB USB flash Process: 1. Download qubes setup on usb. 2. I chose my 1TB SSD for the installation destination 3. I have to reclaim space even though it’s a new computer fresh out of the box. 4. Setup user creation and configuration. 5. When I try to finish installation it freezes during the user creation part. and I have to reset my laptop. Problem: I can’t use my original os (windows10) and when I tried to use my os on another usb it got fried when I plugged it into the laptop and now I can’t use it on any computer. I manage to pull up an error code and it has something to due with user creation. Any assistance would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37a11c44-c814-4a97-8a25-a74ea738f34e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weird icon in Applications, behavior of the deleted VMs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 01/06/2019 4.07 AM, scurge1tl wrote:
>> On 31/05/2019 2.58 AM, scurge1tl wrote:
>>
>> [...]
>>
>> I just submitted a PR to add this section in an attempt to
>> answer your question:
>
>> https://github.com/QubesOS/qubes-doc/pull/825/files
For reference, this has been merged as is now live here:
https://www.qubes-os.org/doc/managing-appvm-shortcuts/#fixing-shortcuts
>
> $ qvm-appmenus --update --force monero-on Traceback (most recent
> call last): File "/usr/bin/qvm-appmenus", line 9, in
> load_entry_point('qubesdesktop==4.0.17', 'console_scripts',
> 'qvm-appmenus')() File
> "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py", line
> 612, in main vm = args.app.domains[vm] File
> "/usr/lib/python3.5/site-packages/qubesadmin/app.py", line 87, in
> __getitem__ raise KeyError(item) KeyError: 'monero-on'
>
> Now I didn't try yet to execute $ rm -i
> ~/.local/share/applications/my-old-vm-* just in case you would like
> me to try some other tests when issue is alive, to see thats going
> on.
>
Please file a bug report for this. There should be no traceback.
Thank you!
> Also if you tell me how to log the boot sequence, where my long
> time deleted VMs are appearing and trying to boot, I will send it
> to you.
>
I'm afraid I don't know how to do that. Perhaps one of the more
knowledgeable folks around here will be able to help with this part.
>
>> Does it help?
>
>> For reference, this came from my discussion with Marek on:
>
>> https://github.com/QubesOS/qubes-issues/issues/4711
>
> I don't know if it is related, but when booting to Qubes,
> and watching the boot process, I can still see Qubes is
> trying to boot AppVMs which are for months deleted, with
> "Failed to start" the VM. How do I delete it permanently?
>
I haven't heard of this problem before. Please consider
reporting this bug if it hasn't been reported yet:
>
https://www.qubes-os.org/doc/reporting-bugs/
>
>>> I will report it.
>
>> Thanks!
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlzy4boACgkQ203TvDlQ
MDC4GxAArnzZBCCzkMAZ6A8Mn0cj6/KaQqpOD8pnTDOPM0zpMgXbN/hueXtDgVnT
akUgKsv29Pf2guKd1TE0567XQF2SfOfvEneMjR32ZSlD6CcIRlwilV1+DI6Vn8cj
9XNUyjyqgfQrkHKwTrPmeOazYOQsZPhDcyFqfvFpOhAYKObOWwJxBB9nC1dXQ15F
vYzH7lD33mmCTI6M85KEw83Ca3k1YijumdiSCg4s57JKVM0qE5+Ix8tUlm7RYLna
fCKAKFrsqiEyc6f7qkKwVjvWdzdGIp33WZDKUWtVLkRWBz9eIxWSUjafXGHaoDbY
zKUOPsT/GOutUEg1OtbIQPMR6ZOlfbOQpUpipszulFgYYOxOo2WtzQGsGILrD9fg
c70xiEDk674WHnjakhblL4s2tFaskEIu64q/tamCVG923F8uv1Qx9Qv4j8r0rgL+
PmLnp2XOF+YDHIWnle+5k7CUt5WWmStinwsUNRjtWOOZknn4HkKym+NtRcI29dIX
Eg74Kiup0UOi4zCeDdi2px642m+0+1nUX+sHy4yZIjM+LEfSD7Sx4nsx2a5hIVnN
5GoosuMcS74ChJDCGvDXwtn4MUpp7SK7KxdFqy8MMDuY6TTvCJaNUnRgddF3X06z
svsntT6SBQcN/h732f4t5f6DeVPstTa/6M5YLOcsnb1X1aLHhD0=
=t4Tr
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/8be434cd-218f-2446-65e5-401049fdd988%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Announcement: Fedora 30 TemplateVM available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, A new Fedora 30 TemplateVM is now available. We previously announced that Fedora 28 reached EOL [1] and encouraged users to upgrade to Fedora 29. Fedora 29 is still supported by the Fedora Project, so users may now choose either Fedora 29 or 30 (or both) depending on their needs and preferences. Instructions are available for upgrading from Fedora 29 to 30. [2] We also provide fresh Fedora 30 TemplateVM packages through the official Qubes repositories, which you can get with the following commands (in dom0). Standard Fedora 30 TemplateVM: $ sudo qubes-dom0-update qubes-template-fedora-30 Minimal [3] Fedora 30 TemplateVM: $ sudo qubes-dom0-update qubes-template-fedora-30-minimal After upgrading to a Fedora 30 TemplateVM, please remember to set all qubes that were using the old template to use the new one. This can be done in dom0 either with the Qubes Template Manager [4] or with the qvm-prefs [5] command-line tool. [1] https://www.qubes-os.org/news/2019/05/29/fedora-28-eol/ [2] https://www.qubes-os.org/doc/template/fedora/upgrade-29-to-30/ [3] https://www.qubes-os.org/doc/templates/fedora-minimal/ [4] https://www.qubes-os.org/doc/templates/#how-to-switch-templates [5] https://dev.qubes-os.org/projects/core-admin-client/en/latest/manpages/qvm-prefs.html This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2019/05/30/fedora-30-template-available/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlzy4B4ACgkQ203TvDlQ MDCgTw//Yn4xHJxAIhGq6PgZW99FwAz+5/lI8JYy0H62aC5ngZG7MnNrRlw/+cx9 YtdtCXF/NEW2TES7k3nqLa2qXpXN6JUuPliPy2SfhrAIkXxnbuCrXcHNEpTk8ICd rU87rnf3zTuk2R46bsGVTkCavzRkOouiIvGNAl7R839v96T98FEWS0GptcTPDwmg LYl3gTBBkZUSixBMNemMy20W4m131S+OAtZhSjzEBLJxgaRDVO+VFCKYQFarNqlI sYv2MBUZ953Y7rOcPpBM5ffqBP8Eo0ztmJ+hPygIHDfhkI+W3PS27JEY6mo7a5aL eeikq9gX25hahI7hihvMF87oLY1QHGwNk54Ke7haBZBvLRITDJQhkUmN7LJTmmpj y8IZ+1s7csMaVuLMkC8WJRR6SK8FXELk3XaDgt6Qn/XNOo9RZsr5ZnRpsa1VEOy1 SEh7S+QpkoSOcmlvNqqQ46U4jNDC/lhLtsTKtau2gAoUx+83SwxkcYwkMBb9WSUT 4tSK/canqKUH9XSC4fq5klKvXcqbgAWM6BoW2/pZyLVrHqNMKbxNHUN8kMwpKjJF kFc0kq+LNgStqBXare8tOF+4dYIYnRB2ZzAGz0ku4dkEfZ/gFgDOevYri50bUCDR J5MxNGfHEHx3FKcFShFr+BBgAP7lXmIwEijBuzKnI41q2JTmAw0= =Fgkj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/369efc33-3e70-660f-c4a4-f4feb50d177b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to automate cloud backups of trusted vault files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 01/06/2019 1.05 AM, Side Realiq wrote: >> On 31/05/2019 10.33 AM, Side Realiq wrote: >>> Thank you Andrew! >>> >>> Wouldn't described scenario be mitigated, if one downloads the >>> backup in a separate disposable non-internet VM, decrypt it, >>> and transfer the decrypted files to the vault? >>> >> >> The problem is that, if the decrypted files have been >> compromised, they could compromise the vault when you open them >> inside the vault. >> > > But how can the decrypted files be compromised if they were first > encrypted first locally and only the encrypted files were uploaded? > Attackers should be always able to compromise the encrypted files, > and compromise the decrypted files only if they could break the > encryption. You mean that qvm-backup could protect you if the > attackers break the encryption and put malicious files inside your > backup? > If processing a malicious file compromises the DisposableVM, then the attacker owns the DisposableVM. Therefore, any file you copy from the DisposableVM to your vault could itself be malicious. You are assuming that if the file decrypts to a recognizable plaintext, then it must not have been maliciously modified, and it must not have just compromised the environment in which it was decrypted. This does not follow. In practice, though, this might provide you with sufficient assurance, depending on your threat model and risk tolerance. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlzy3UEACgkQ203TvDlQ MDCH5g/9GBwiA+fTjPaDYrZqQwodAXrDbGJuaIIwrkiPwyl2qYFMUSiE4FtNSX7N xz1TNSnmGJ74A0cjBe168fk5qMct4Hjdedz/ReLY3Hgkj2LF2FMkV7iXwxOwgTsV 0iBlyyxkV1xmsEHesOwRyJbKWQXNiIasF3OVkq+/lat4NYo/9djj4n7+PV3U/Ife vbFVCzi62dAFRY+GPOfTMg1TiymOiN8APJJdCdC2/w164laR2O4Lv+Bf9urhz++Z TmnRj+PdUd8lYwWGp0CpLD35imVjDOT4i8q1A7cC/pvzKnMXq6rUsFyusAN506yl 0jOyalucaXkndpFSeXe2NhRB/NP68XwRwbzFaq2vSncjWQ2sLaXsxWVaF1tN9jvT tCz6cPmjZj3/871rFWgJQI1lEf1/W/6a5P4lZJnLzDkmn8DV4i8CxKuahjhSAlzq JZz/n1MO4zyFWoFG1mUfdK16XRkxLgh//vih6VnxwB5HDy6imTxBPR0SlWLLTyfq u0azKWqnA88o2lHmNaGDs0BVHG+se16S4t3nlVefPbVsf7wXn14wL1VadkQMB1Zz hkwI/Luz+c/gnQH4YJf2SlzqkppqtRac4yqcKHlF3Q5v0nhKHws8W+S3gxJErRrk cOM2Q3qj/av97z0ps1jMGyOSDArSNWox6B7JmIWq7vPXbIOr4h4= =bspy -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3bc6c8bb-6e86-94a6-72a2-c820b4672e82%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Bootloop
Bootloop on AMD 1950x,titanx maxwell after entering fde password. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58b7d2a7-5edd-4622-9fd8-cde41141d8a3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Fwd: Re: [qubes-users] Shorcuts for working with Qubes OS?
> > From: Stumpy > Sent: Sat Jun 01 19:34:01 CEST 2019 > To: Qubes users > Subject: Fwd: Re: [qubes-users] Shorcuts for working with Qubes OS? > > > > > > Forwarded Message > Subject: Re: [qubes-users] Shorcuts for working with Qubes OS? > Date: Sat, 1 Jun 2019 17:27:38 +0200 (CEST) > From: 'Side Realiq' via qubes-users > Reply-To: Side Realiq > To: stu...@posteo.net, qubes-users@googlegroups.com > > > > > From: Stumpy > > Sent: Sat Jun 01 16:31:52 CEST 2019 > > To: Side Realiq , > > Subject: Re: [qubes-users] Shorcuts for working with Qubes OS? > > > > > > On 6/1/19 3:11 AM, 'Side Realiq' via qubes-users wrote: > > > What are your most used Qubes OS shortcuts? > > > > > > Some I found so far: > > > - Alt+F3 opens the Application Finder > > > - Ctrl+Alt+Left/Right navigates between workspaces. > > > > > > What is the shortcut to: > > > - move a window to another workspace > > > - open a terminal in the currently active VM > > > - lock the screen > > > - log out > > > - change display brightness > > > - change audio volume output > > > > > > > I actually changed a few shortcuts around. If you go to "settings > > manager" > keyboard > application shortcuts you can see a few shortcuts, > > and if you do settings manager > windows manager > keyboard then there > > is a whole bucket load of xfce shortcuts. > > > > -- > > You received this message because you are subscribed to the Google Groups > > "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to qubes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to qubes-users@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/qubes-users/5743a71a-ef7b-afaa-5f51-ffc0155b93b9%40posteo.net. > > For more options, visit https://groups.google.com/d/optout. > > Thank you! That was helpful for the logout, locking and moving to > workspaces. > > Any ideas how to set the following shortcuts: > - change display brightness > - change audio volume output > > It seems that quickest way to open a terminal for a specific VM is: > Alt+F3 then type "vmName: t" and 2x Enter. > > for brightness, sorry no ideas. > > For volume, I usually just hover the mouse over the volume icon and use > the scroll wheel - but you seem to be looking for a keyboard only option > for which I dont have any ideas. > Thanks! I found them: Brightness: FN+Brightness +/- Volume Up: amixer set Master 5%+ Volume Up: amixer set Master 5%- Volume Mute/Unmute: amixer set Master toggle Documented the findings so far here: https://github.com/csriq/qubes-os-usage/blob/master/qubes-shortcuts.md -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1913376267.71786.1559416774642%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] upgrading to fed 30 min for vpn proxy?
I upgraded to v30 fedora minimal, installed all the packages I installed on v28, and tried using the vpn vm but nada, its acting like its not even there? the vpn appvm has not been changed, same configuration, and as far as i can tell the same packages installed in the new template as the old template but when I try to use an appvm that uses the vpn vm as a net-sys and check (ifconfig.co) it shows me the same thing as if i wasnt using the vpn at all? When set my vpn appvm to use the old fed 28 min template it goes back to working fine... ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d62cbd8-8cfc-03e8-38b1-1ecc37741b9f%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Fwd: Re: [qubes-users] Shorcuts for working with Qubes OS?
Forwarded Message Subject: Re: [qubes-users] Shorcuts for working with Qubes OS? Date: Sat, 1 Jun 2019 17:27:38 +0200 (CEST) From: 'Side Realiq' via qubes-users Reply-To: Side Realiq To: stu...@posteo.net, qubes-users@googlegroups.com From: Stumpy Sent: Sat Jun 01 16:31:52 CEST 2019 To: Side Realiq , Subject: Re: [qubes-users] Shorcuts for working with Qubes OS? On 6/1/19 3:11 AM, 'Side Realiq' via qubes-users wrote: > What are your most used Qubes OS shortcuts? > > Some I found so far: > - Alt+F3 opens the Application Finder > - Ctrl+Alt+Left/Right navigates between workspaces. > > What is the shortcut to: > - move a window to another workspace > - open a terminal in the currently active VM > - lock the screen > - log out > - change display brightness > - change audio volume output > I actually changed a few shortcuts around. If you go to "settings manager" > keyboard > application shortcuts you can see a few shortcuts, and if you do settings manager > windows manager > keyboard then there is a whole bucket load of xfce shortcuts. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5743a71a-ef7b-afaa-5f51-ffc0155b93b9%40posteo.net. For more options, visit https://groups.google.com/d/optout. Thank you! That was helpful for the logout, locking and moving to workspaces. Any ideas how to set the following shortcuts: - change display brightness - change audio volume output It seems that quickest way to open a terminal for a specific VM is: Alt+F3 then type "vmName: t" and 2x Enter. for brightness, sorry no ideas. For volume, I usually just hover the mouse over the volume icon and use the scroll wheel - but you seem to be looking for a keyboard only option for which I dont have any ideas. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5128038c-14b7-8bc2-db7a-4c931506f419%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to automate cloud backups of trusted vault files?
> > From: scurge1tl > Sent: Sat Jun 01 11:34:00 CEST 2019 > To: > Subject: Re: [qubes-users] How to automate cloud backups of trusted vault > files? > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > > 'Side Realiq' via qubes-users: > >> From: Andrew David Wong > >> Sent: Sat Jun 01 03:33:28 CEST 2019 To: Side > >> Realiq Cc: > >> Subject: [qubes-users] How to > >> automate cloud backups of trusted vault files? > >> > >> > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > >> > >> On 31/05/2019 10.33 AM, Side Realiq wrote: > >>> Thank you Andrew! > >>> > >>> Wouldn't described scenario be mitigated, if one downloads the > >>> backup in a separate disposable non-internet VM, decrypt it, > >>> and transfer the decrypted files to the vault? > >>> > >> > >> The problem is that, if the decrypted files have been > >> compromised, they could compromise the vault when you open them > >> inside the vault. > >> > >> P.S. -- Please avoid top-posting. > >> > >> - -- Andrew David Wong (Axon) Community Manager, Qubes OS > >> https://www.qubes-os.org > >> > > > > But how can the decrypted files be compromised if they were first > > encrypted first locally and only the encrypted files were uploaded? > > Attackers should be always able to compromise the encrypted files, > > and compromise the decrypted files only if they could break the > > encryption. You mean that qvm-backup could protect you if the > > attackers break the encryption and put malicious files inside your > > backup? > > > > Basic rule for any security setup is to never move any data upwards > from low sec to higher sec area, under any circumstances. > > Thats why we have in the /etc/qubes-rpc/policy/qubes.ClipboardPaste an > option to set: > > $anyvm vault deny > $anyvm $anyvm ask > > To prohibit the insecure behavior. > > But would here help this as a higher sec option for cloud storage of > sensitive data? Could this be reasonably automatize: > > To get the file TO the cloud from the high-sec vault-vm to lower sec VMs > - - encrypt the container/file in vault-vm > - - hash the container/file after encryption in vault-vm > - - log the container hash > - - cp the container to the cloud-vm > - - cloud it > > To get the file FROM the cloud, and move it from the low-sec to > high-sec VMs (even not recommended) > - - download the container/file from cloud to the cloud-vm > - - hash it directly in the cloud-vm, or hash it in the DispVM > - - check the hash with the logged hash in the vault-vm for authenticity > - - if ok, cp (even not recommended) the file to the vault-vm > - - hash it again (?) and make double check the authenticity of the file > - - decrypt it and enjoy its content > > Here you mitigate the option of running a malicious file changed by > the adversary, but not the attacks related to the dirt leaking from > the process of copying the files from low-sec to high-sec VMs. > > One could lower the issue with multiple vault VMs, which would > compartmentalize the possible damage but also increase complexity. > Thank you sharing the process! Overall it seems that there is currently no existing open source solution that 1) helps with backups from vault to cloudVM and 2) is automated. So every user is doing their own solution. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1317973014.68501.1559407403897%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: dom0 update and system hanging
On Saturday, June 1, 2019 at 8:44:27 AM UTC-7, Stumpy wrote: > Ok, after reading through various posts it seems that a dom0 update > borked something and a suggestion was made to boot a different kernel > (or select a different boot option) and that seems to have at least > gotten me back into my sytem. > > My question is, can I roll back whatever upgrade that was made which > caused this? I am now leary of restarting my system so would like to try > to resolve this before i bother to restart again. That problem was fixed earlier in the week. There was a kernel that gave some users problems. For me, because of my old ATI Radeon video card. That kernel was pulled from stable, back on Monday??? All is fine for me now. Did you get a kernel update? Are you having problems? Good time to learn how to do backups regardless. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec6727a3-2cf7-4491-9ba2-77bd0fc062eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] dom0 update and system hanging
Ok, after reading through various posts it seems that a dom0 update borked something and a suggestion was made to boot a different kernel (or select a different boot option) and that seems to have at least gotten me back into my sytem. My question is, can I roll back whatever upgrade that was made which caused this? I am now leary of restarting my system so would like to try to resolve this before i bother to restart again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13e4669a-2c71-30b5-a414-6ef54ac9d492%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Shorcuts for working with Qubes OS?
> > From: Stumpy > Sent: Sat Jun 01 16:31:52 CEST 2019 > To: Side Realiq , > Subject: Re: [qubes-users] Shorcuts for working with Qubes OS? > > > On 6/1/19 3:11 AM, 'Side Realiq' via qubes-users wrote: > > What are your most used Qubes OS shortcuts? > > > > Some I found so far: > > - Alt+F3 opens the Application Finder > > - Ctrl+Alt+Left/Right navigates between workspaces. > > > > What is the shortcut to: > > - move a window to another workspace > > - open a terminal in the currently active VM > > - lock the screen > > - log out > > - change display brightness > > - change audio volume output > > > > I actually changed a few shortcuts around. If you go to "settings > manager" > keyboard > application shortcuts you can see a few shortcuts, > and if you do settings manager > windows manager > keyboard then there > is a whole bucket load of xfce shortcuts. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/5743a71a-ef7b-afaa-5f51-ffc0155b93b9%40posteo.net. > For more options, visit https://groups.google.com/d/optout. Thank you! That was helpful for the logout, locking and moving to workspaces. Any ideas how to set the following shortcuts: - change display brightness - change audio volume output It seems that quickest way to open a terminal for a specific VM is: Alt+F3 then type "vmName: t" and 2x Enter. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/783484234.65926.1559402858161%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Shorcuts for working with Qubes OS?
On 6/1/19 3:11 AM, 'Side Realiq' via qubes-users wrote: What are your most used Qubes OS shortcuts? Some I found so far: - Alt+F3 opens the Application Finder - Ctrl+Alt+Left/Right navigates between workspaces. What is the shortcut to: - move a window to another workspace - open a terminal in the currently active VM - lock the screen - log out - change display brightness - change audio volume output I actually changed a few shortcuts around. If you go to "settings manager" > keyboard > application shortcuts you can see a few shortcuts, and if you do settings manager > windows manager > keyboard then there is a whole bucket load of xfce shortcuts. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5743a71a-ef7b-afaa-5f51-ffc0155b93b9%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows 7 based AppVMs supported on "Windows10-only" hardware?
Hello Forum Are Windows 7 based AppVMs supported on "Windows10-only" hardware? Thank's for your feedback! Joe PS I am totally new to QuebesOS -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190601123856.521DF20112%40smtp.hushmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Using sys-whonix with Windows AppVM
Do you have this problem with Win10 only or with Win7 AppVm too? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/165b9079-f9aa-487c-93bd-9ef44001921f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to automate cloud backups of trusted vault files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'Side Realiq' via qubes-users: >> From: Andrew David Wong >> Sent: Sat Jun 01 03:33:28 CEST 2019 To: Side >> Realiq Cc: >> Subject: [qubes-users] How to >> automate cloud backups of trusted vault files? >> >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 >> >> On 31/05/2019 10.33 AM, Side Realiq wrote: >>> Thank you Andrew! >>> >>> Wouldn't described scenario be mitigated, if one downloads the >>> backup in a separate disposable non-internet VM, decrypt it, >>> and transfer the decrypted files to the vault? >>> >> >> The problem is that, if the decrypted files have been >> compromised, they could compromise the vault when you open them >> inside the vault. >> >> P.S. -- Please avoid top-posting. >> >> - -- Andrew David Wong (Axon) Community Manager, Qubes OS >> https://www.qubes-os.org >> > > But how can the decrypted files be compromised if they were first > encrypted first locally and only the encrypted files were uploaded? > Attackers should be always able to compromise the encrypted files, > and compromise the decrypted files only if they could break the > encryption. You mean that qvm-backup could protect you if the > attackers break the encryption and put malicious files inside your > backup? > Basic rule for any security setup is to never move any data upwards from low sec to higher sec area, under any circumstances. Thats why we have in the /etc/qubes-rpc/policy/qubes.ClipboardPaste an option to set: $anyvm vault deny $anyvm $anyvm ask To prohibit the insecure behavior. But would here help this as a higher sec option for cloud storage of sensitive data? Could this be reasonably automatize: To get the file TO the cloud from the high-sec vault-vm to lower sec VMs - - encrypt the container/file in vault-vm - - hash the container/file after encryption in vault-vm - - log the container hash - - cp the container to the cloud-vm - - cloud it To get the file FROM the cloud, and move it from the low-sec to high-sec VMs (even not recommended) - - download the container/file from cloud to the cloud-vm - - hash it directly in the cloud-vm, or hash it in the DispVM - - check the hash with the logged hash in the vault-vm for authenticity - - if ok, cp (even not recommended) the file to the vault-vm - - hash it again (?) and make double check the authenticity of the file - - decrypt it and enjoy its content Here you mitigate the option of running a malicious file changed by the adversary, but not the attacks related to the dirt leaking from the process of copying the files from low-sec to high-sec VMs. One could lower the issue with multiple vault VMs, which would compartmentalize the possible damage but also increase complexity. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzyRrdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Ux0bw//de1gDobKj3EeR8MmWFREz74ovx4bPs1MU0UDMCnGVFNGp20oBn2wHyiS 2dYSw08FJywZQxoBWMYGl0c0Iem45hvQu1sUCGFKhRFFUv2rVlJwcTbn2khLayGq B/SBoCY59YbTTxxA9KSBBDGeNLymziIn3N/U14A4TyGM6me+oQzoLRo5U3cDO81w BNdbBaKxT2bYIFGhk8LbYQQ/oAzXzfJJW6YWqFCkBu2qxu3FKln3DISVkvPIf26c wVEp2bD1emM2EjE9kMQEtkE0fJMrPWRvDqHoTVRHGUK1ddZmow+Eukf+LENWxRFz 75eMByj2Y1aWLu3H39pUA71iqzMGq/VHbSw8Kio4uN/BT2njwwksrZbdgW7/GMYN qXuUzREYxO3Age5PXOzR49t1KwKcVQUn4dyLiz8s/XL3gDzSdiVUPej1gnkw2BU0 cFUypt85dxqO6khkd5ialHCArDAxUMhWUqKGywz8v6hh+tW/AFMJIdnKAyFTtwsX KQVyzoh21QW7zTI4yHl8lpli8nuAKsW+tpkETuk8zsvTbn9HAX4hujz/oYuUVKuK kzEQkUxxGyr11bw4XRcpF2MEXJvCJFtjsPxAqsZClTbIk4chhPUxaxjn8W24zYCf k30uAfKBjaIIkcCQyewUVnLvca/CzYdoejnQ+OsgzFvIx+3oOKg= =Xm39 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e8adeff-bea5-0329-9de0-c2f74152983e%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Weird icon in Applications, behavior of the deleted VMs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> On 31/05/2019 2.58 AM, scurge1tl wrote:
>>> On 30/05/2019 7.43 AM, scurge1tl wrote:
Yesterday I was experimenting with monero gui. I just
unpacked the monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash
and PGP verifications were ok) in the AppVM named monero-on
based on whonix-ws-14 and played with it for some time. Than
I deleted the AppVM and shut down the laptop .
>
Today, when I click on the Q icon Applications, I see a weird
icon in the list between domain: and service: named
"monero-on-vm", with a weird icon which looks like a box with
trash or what. Options available are:
>
monero-on: Chat support monero-on: Dolphin
>
None is working when clicked. I thought the Q button
Applications is under control of dom0 and there is no way
how the monero-gui-linux-x64-v0.14.0.0.tar.bz2 would
influence dom0 this way.
>
>
>>> This usually indicates that the VM has been deleted, and the
>>> leftover Application Menu shortcut was not cleaned up
>>> correctly. It's a box of trash because the original, correct
>>> icon is no longer available.
>
>>> You can clean up the shortcuts manually using the information
>>> documented here:
>
>>> https://www.qubes-os.org/doc/managing-appvm-shortcuts/#behind-the-sc
enes
>
>>>
>> If I understand it properly, I should go in dom0 to
>> /etc/qubes-rpc/qubes.GetAppMenus and delete the entry manually.
>> The issue is that in my /etc/qubes-rpc/ there is no
>> qubes.GetAppMenus file.
>
>
> No, that's the RPC policy directory. Don't delete anything in that
> directory unless you know what you're doing. Modifying the contents
> of that directory can have significant security implications. You
> can read more about RPC policies here:
>
> https://www.qubes-os.org/doc/rpc-policy/
>
>> Also in dom0 the /usr/libexec I dont see any qubes-appmenus to
>> get to qubes-receive-appmenus. Maybe I am doing something wrong.
>> Could you be more specific with precise commands to follow?
>
>
> I just submitted a PR to add this section in an attempt to answer
> your question:
>
> https://github.com/QubesOS/qubes-doc/pull/825/files
$ qvm-appmenus --update --force monero-on
Traceback (most recent call last):
File "/usr/bin/qvm-appmenus", line 9, in
load_entry_point('qubesdesktop==4.0.17', 'console_scripts',
'qvm-appmenus')()
File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py",
line 612, in main
vm = args.app.domains[vm]
File "/usr/lib/python3.5/site-packages/qubesadmin/app.py", line 87,
in __getitem__
raise KeyError(item)
KeyError: 'monero-on'
Now I didn't try yet to execute $ rm -i
~/.local/share/applications/my-old-vm-* just in case you would like me
to try some other tests when issue is alive, to see thats going on.
Also if you tell me how to log the boot sequence, where my long time
deleted VMs are appearing and trying to boot, I will send it to you.
>
> Does it help?
>
> For reference, this came from my discussion with Marek on:
>
> https://github.com/QubesOS/qubes-issues/issues/4711
>
I don't know if it is related, but when booting to Qubes, and
watching the boot process, I can still see Qubes is trying
to boot AppVMs which are for months deleted, with "Failed to
start" the VM. How do I delete it permanently?
>
>
>>> I haven't heard of this problem before. Please consider
>>> reporting this bug if it hasn't been reported yet:
>
>>> https://www.qubes-os.org/doc/reporting-bugs/
>
>> I will report it.
>
>
> Thanks!
>
>
-BEGIN PGP SIGNATURE-
iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzyQF1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzEtg//fgtYzKJZpCYPXXCzrCPrGUMPi4c4OdfFx5th+wQvkQPwWu82ya9hXGPe
uBFLZ5eCKqwSjxvcBiLqJgJ75Ye+r4FWVm8MoOh4ZQRbTf89/CixpGKrzzspUh5M
9hlNnG60kKuGMqV84TWcRZy8Lcc+uAgJTyZBlhonyP/SQ94/unSMwgfqfwDUe5C3
Ag/EdiLhOIogiA0fTCbf/KZCf3LuHU/uR46jVcqylHJMrwUDHbir55X2XzwU8aY/
9/0KiUfhAlMYH9tI27NEdHqOGPSlhieGiZzIXfeZYshQrNiCRNVGnupoWJztdUFo
U7ZzJzX+jg7kI3Z10jLjmaW84m8mYSgJSgZL0mfXNMhVIsJKnv1W7bAKpp07QL7q
M2wQUGEqFiYCdzDKkycsTUGlOqNCdXYDSI00G72eAjIObZUPXgT9h38WOkmhNWX9
DmHWwxlACTA4245XIbGLr9MDSdo3e3Uxb6wprH0Iw6dJEcSJAm+lLDs5PrwvuJDY
TxLIpN2KhZi8WmjDx9zBroj3AiJ/7Xt9q20k91GKsvo7CVIVqQEw+3F9uTV2ClOH
js7dkGSvR0d/Fe81A0qjwhStbo/LAo/AbrqmoTL3AIOIo/ZuOVpbMb3pZBUufMo/
y/vza+yOwu68s/vqRVHLLzbBMfPNRvkOPZEGptoy2Nt1hYezOvw=
=9bda
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3f725f8c-368d-e829-f2c0-9e805ee11aa0%40cock.li.
For
Re: [qubes-users] How to automate cloud backups of trusted vault files?
But how can the decrypted files be compromised if they were first encrypted first locally and only the encrypted files were uploaded? Attackers should be always able to compromise the encrypted files, and compromise the decrypted files only if they could break the encryption. You mean that qvm-backup could protect you if the attackers break the encryption and put malicious files inside your backup? that depends how you encrypt. Have a look here: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Often encryption is done "word-by-word" (i.e. in ECB mode). In that mode, if you can guess the position of a specific data (i.e. a header, etc), you might replace the ciphertext by something, that (with high probability), crashes vulnerable software *after decryption* .. thereby generating general vulnerability of your vault. An explicit exploit of that is very theoretical, but the chance exists. That is enough to introduce countermeasures. But even if you just "destroy data" by changing a few ciphertext bits, and, say, after decryption your keepassX database becomes corrupt, you're in a bad mood for a certain time :) Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/51f9c20c-ed44-5d19-d220-023b31fc27e3%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Shorcuts for working with Qubes OS?
What are your most used Qubes OS shortcuts? Some I found so far: - Alt+F3 opens the Application Finder - Ctrl+Alt+Left/Right navigates between workspaces. What is the shortcut to: - move a window to another workspace - open a terminal in the currently active VM - lock the screen - log out - change display brightness - change audio volume output -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1747100322.53383.1559373063008%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to automate cloud backups of trusted vault files?
> > From: Andrew David Wong > Sent: Sat Jun 01 03:33:28 CEST 2019 > To: Side Realiq > Cc: > Subject: [qubes-users] How to automate cloud backups of trusted vault files? > > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 31/05/2019 10.33 AM, Side Realiq wrote: > > Thank you Andrew! > > > > Wouldn't described scenario be mitigated, if one downloads the > > backup in a separate disposable non-internet VM, decrypt it, and > > transfer the decrypted files to the vault? > > > > The problem is that, if the decrypted files have been compromised, they > could compromise the vault when you open them inside the vault. > > P.S. -- Please avoid top-posting. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > But how can the decrypted files be compromised if they were first encrypted first locally and only the encrypted files were uploaded? Attackers should be always able to compromise the encrypted files, and compromise the decrypted files only if they could break the encryption. You mean that qvm-backup could protect you if the attackers break the encryption and put malicious files inside your backup? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1249448060.51611.1559369157145%40ichabod.co-bxl. For more options, visit https://groups.google.com/d/optout.
