Re: [qubes-users] Using Salt to update TemplateVMs
On Thu, Jul 18, 2019 at 12:44 AM Johannes Graumann wrote: > > On Wed, 2019-07-17 at 18:56 +0530, Kushal Das wrote: > > On Tue, Jul 16, 2019 at 11:26 PM wrote: > > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > > > I really do recommend using qubesctl for almost all system > > > > configuration. If only because it makes recovery so much easier. > > > > I see people saying "keep a list of packages you've installed" - > > > > if you > > > > keep state and use salt you can rebuild your system (almost) > > > > completely > > > > automatically. > > > > > > Do you happen to have some example "personalized" salt scripts you > > > use (or a pointer to where someone has posted some)? > > > > > > I was planning to put together some bash scripts to push > > > configuration into my templates (90% repo adjustments and specific > > > packages to download), but your comment above is intriguing. > > > > > There is also https://qubes-ansible.readthedocs.io/en/latest/ if you > > like Ansible. > What's the relationship/comparison to > https://github.com/Rudd-O/ansible-qubes? https://qubes-ansible.readthedocs.io/en/latest/ is a pure Python implementation and does not use Salt anywhere. Also, the plugin is already merged in upstream Ansible project. Kushal -- Public Interest Technologist, Freedom of the Press Foundation CPython Core Developer Director, Python Software Foundation https://kushaldas.in -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAzeMbzFbov7Fr3GQ3xW0%3DYx9v7WZuuOE5O-uJhyUNHbnyya2g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Debian 10 Buster upgrade
sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10 ok -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d447fec-e9a6-4677-887a-2d37575ac2bf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - DELL XPS L701X A10 with Qubes 4.01
HVM: Yes (Active) I/O MMU: No HAP/SLAT: Yes TPM: No REMAPPING: No Qubes: R4.01 Xen: 4.8.5-7.fc25 Kernel: 4.14.119-2 Works like a charm after some minor tweaks: 1) Set BIOS/EFI date to UTC 2) During install, ignore messages about missing IOMMU 3) After installation, reboot WITHOUT any USB devices attached (storage, mouse etc.) 4) Ignore messages about sys-net not starting (xenlight error) 5) In Qubes Domain Manager, change Virtualization Mode in Advanced tab from HVM to PV for both sys-net and sys-usb (because of missing IOMMU) 6) Reboot 7) Set time zones to your preference in ALL domains, using "timedatectl set-timezone" in dom0/Fedora and "dpkg-reconfigure tzdata" in sys-net and all others 8) Use "System Tools"; "Qubes Update" tu update domains (if updates are available) 9) If no sound: run "sudo alsactl init" in dom0 terminal 10) Update dom0 rpm's running "sudo qubes-dom0-update" in a terminal 11) Perform apt updates/upgrades/dist-upgrades as instructed by WhonixCheck when firing up Whonix domains 12) Don't do binary TBB upgrades when proposed. Use inline upfdate only or you lose your settings. Cheers, Dirk (skyl...@jedi.be) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/656296140.270534252.1563399091761.JavaMail.zimbra%40telenet.be. For more options, visit https://groups.google.com/d/optout. --- layout: 'hcl' type: 'portable' hvm: 'yes' iommu: 'no' slat: 'yes' tpm: 'unknown' remap: 'no' brand: | Dell Inc. model: | XPS L701X bios: | A10 cpu: | Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz cpu-short: | FIXME chipset: | Intel Corporation Core Processor DRAM Controller [8086:0044] (rev 18) chipset-short: | FIXME gpu: | Intel Corporation Core Processor Integrated Graphics Controller [8086:0046] (rev 18) (prog-if 00 [VGA controller]) NVIDIA Corporation GF106M [GeForce GT 435M] [10de:0dd3] (rev a1) (prog-if 00 [VGA controller]) gpu-short: | FIXME network: | Intel Corporation Centrino Wireless-N 1000 [Condor Peak] Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06) memory: | 3828 scsi: | WDC WD5000BPKX-0 Rev: 1A01 DVD+-RW DS-8A5SH Rev: XD12 usb: | 3 versions: - works: 'FIXME:yes|no|partial' qubes: | R4.0 xen: | 4.8.5-7.fc25 kernel: | 4.14.119-2 remark: | FIXME credit: | FIXAUTHOR link: | FIXLINK ---
[qubes-users] HCL - Lenovo A485
I had some spf record issues, so re-sending. Apologies if this shows up double in your mailbox. So, I decided to get Qubes on a AMD Ryzen machine. It's been interesting. Fair warning: this is a bit of a novel. BIOS/uefi - Firstly, Qubes installation disk will not start in legacy BIOS mode. I'm not sure why, but X does not start. I'm not that interested in legacy BIOS anyway, so I did not investigate much. I simply installed in uefi mode. Secondly, sys-net crashes on installation. Instructions on how to get it working follows further down. Ryzen gpu & linux kernel < 4.17 --- Proper support for AMD Ryzen needs Linux kernel at least 4.17, so for Qubes 4.0, that means I had to enable dom0 testing repo. With the older, standard, kernel, the system needs to be booted with "nomodeset" kernel parameters. This has to be done on first boot. If the system reboots, after the first boot, without this parameter, it will not boot properly. So, on first boot, add "nomodeset" to /boot/efi/EFI/qubes/xen.cfg, last in the very long "kernel=..." line. To get graphics to work (backlight, gpu etc), we need to enable the testing repos in /etc/yum.repos.d/qubes-dom0.repo. Find the testing post, and change the "enabled=0" to "enabled=1". Then, we need to update and upgrade dom0. Sadly, though, sys-net doesn't work out of the box. sys-net --- Enabling networking is a bit complicated, though, because AMD has rather bad iommu support. The hardware is grouped in rather large groups, and the network cards cannot be added to sys-net without some extra pci hardware. The network cards on this machine are on pci addresses 1:00:0, 3:00:0 and 4:00:0 . But with only these PCI devices, sys-net cannot boot, because the 3:00:0 network card is grouped together with USB ports and a few other devices. These devices cannot be split between several machines. To get sys-net to boot, we need to edit it's Devices, and add everything with 3:00:x, or remove the 3:00:0 network card. After that, networking works fine (except occasionally the WiFi hangs, and needs to be dis- & reconnected. Probably about once a day or so). sys-usb --- Getting sys-usb to work (this will probably have to be on the sys-net machine) is something I still haven't managed. If the system is booted with the rd.qubes.hide_all_usb kernel parameter, the graphics drivers crash, and the system cannot boot. The only way to get a stable system is to remove that parameter, and then sys-usb doesn't work as intended. USB devices get attached straight into dom0. This isn't terribly acceptable to me. I'm currently using udev to whitelist USB devices, everything not on the whitelist doesn't get activated. This gives some protection, but it's not quite good enough. I think if I dig into the iommu groups, or possibly blacklists some devices like camera, I might get around this. But so far, sys-usb isn't working. However, if the kernel is up to date, and the hide_all_usb parameter is removed from /boot/efi/EFI/qubes/xen.cfg, we can activate the gpu. I removed "nomodeset" and added "iommu=1 iommu=pt". I honestly don't remember if the iommu parts are needed or not. AEM vs TPM2 TOTP To my great disappointment, AEM does not work. It needs legacy BIOS mode. Also, it might not work with this machine's rather splendid TPM2.0 from AMD. It seems it needs Intel's TXT engine, and I'm not sure this machine could work with it. I did, however, find an alternate solution that I'm quite happy with. First, I use secure boot, to sign my kernel. The, once the system is booted, I use TPM2 TOTP to verify the integrity of the BIOS & firmware. I'd rather get this done during boot, but I haven't quite figured out how to get dracut & plymouth to cooperate. But it's no big deal to me - I will find out if the firmware has been compromised, just a little later than I'd like. This solution, however, does not need a USB devices attached to dom0. It works with my TOTP app in my phone, which does not need to be attached. It would be fantastic if Qubes could package tpm2-totp and tpm2-tss (and, preferrably, tpm2-tools) in a good way. To get this to work, I had to build the packages myself, and then copy them into dom0. I'm not happy about this, but feel the gains outweigh the cost, security-wise. Later versions of fedora does have these packages, so it'll sort itself out later on. I believe this is all of it. It's taken about a month of tinkering, but now I have a stable system that I'm happy with. And without the random never-ending Intel security holes... If anyone has ideas on the sys-usb things, please do let me know. And if anyone tries to follow in my wobbly footsteps: I've likely missed some step somewhere. Get in touch in that case, I'll gladly help others. <3 /panina -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email
Re: [qubes-users] Re: i2p setup for Qubes
Daniil Travnikov: On Tuesday, October 16, 2018 at 4:58:31 PM UTC+3, qube...@tutanota.com wrote: Hi, I would like to ask you about experiences with the i2p in Qubes 4. What setup would you consider as "best" in case I would like to use i2p without routing it through Tor first? I read the >Use I2P client inside Whonix-Workstation (Preferred)< guide on Whonix website and consider it to be the "best option" to for i2p over Tor. I am looking for the secure and reliable i2p setup without routing it through Tor. If you would like to use i2p to its full potential on Qubes, without going to clearnet with the i2p VMs, for anonymity with I2Pbotte, chat, eepsite browsing...what setup (template used, firewall setting, net VM setting, VMs structure used) would you advice for such a usage model? Thank you I suppose nobody uses i2p network for example instead of Tor in some cases? I've used it before, but not for a long time. It think should work fine just being installed in a whonix-ws connected to sys-firewall. But it's not very safe that way. I would highly recommend setting up a "sys-i2p" in which to run i2p itself. You could probably use the whonix template, or Fedora, or Debian, or whatever you can get i2p to run on. You'll probably have to configure i2p to listen on all interfaces. Then, create an "anon-i2p" AppVM with Tor Browser installed to use as your workstation, and connect it to sys-i2p. In anon-i2p, you should be able to directly access the i2p tunnels by using the address of sys-i2p. In firefox put in that address instead of localhost to access the i2p console. Basically you're mirroring how sys-whonix works with Tor, but with i2p. This way, if firefox or something else in anon-i2p gets compromised, it still can't make direct connections to the internet, or leak DNS, and so on. However, it could still probably discover your IP address from the i2p console, so better yet you'll want to make sure anon-i2p can't reach the console address, and use the i2p console from sys-i2p directly instead. This is all just off the top of my head, so it might not work exactly like that, but hopefully you get the idea. Let us know how you make out or if you need more help. - This free account was provided by VFEmail.net - report spam to ab...@vfemail.net ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/701d5b36-674c-835d-66e4-4fff6ca22ffd%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Don't see any files in the Qubes Private Image (D:) in Windows 7 Qube?
Had some trouble installing Windows Tools and got the endless reboot/startup repair failure, restarted and hit F8 during Windows boot, got to boot options and hit "Last successful configuration" and it started up fine. HOWEVER: I do not see any files in the Qubes Private Image disk within Windows. Does this mean Tools did not install correctly? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86861f40-975e-4a0a-860e-f3151c242eac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using Salt to update TemplateVMs
On Wed, 2019-07-17 at 18:56 +0530, Kushal Das wrote: > On Tue, Jul 16, 2019 at 11:26 PM wrote: > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > > I really do recommend using qubesctl for almost all system > > > configuration. If only because it makes recovery so much easier. > > > I see people saying "keep a list of packages you've installed" - > > > if you > > > keep state and use salt you can rebuild your system (almost) > > > completely > > > automatically. > > > > Do you happen to have some example "personalized" salt scripts you > > use (or a pointer to where someone has posted some)? > > > > I was planning to put together some bash scripts to push > > configuration into my templates (90% repo adjustments and specific > > packages to download), but your comment above is intriguing. > > > There is also https://qubes-ansible.readthedocs.io/en/latest/ if you > like Ansible. What's the relationship/comparison to https://github.com/Rudd-O/ansible-qubes? Sincerely, Joh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36698ed29b11a9bf709480ac35ec91ef5247c7be.camel%40graumannschaft.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hcl
Asustek k55a -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b88a5c01-ca61-495c-b74b-92c36202a9df%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Sys-net
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/70272b81-62f6-4498-ae77-4ebc8497bd29%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - ASUS Z-97A
HI, I had to turn CSM on and set SecureBoot to "OtherOS" to get the UEFI installer running (sometimes took 2-3 boot attempts). Installation process was smooth. At the beginning when I logged into Xen, my system froze and I could do nothing except to restart it. After I first thought that it may come from my NVIDIA card and I tested it by using the Onboard Intel Graphics chip, I later found out, that it was my old Creative Soundblaster PCI card which seemed to cause the crash. Once I removed it, everything was stable ever since. Thank you for the Qubes-OS development! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAK4VyvVw2henGORnNkpx2AUjfAZz_bqPWLAESQeae9%3Dt9eKgWw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASUS-All_Series-20190717-171704.yml Description: application/yaml
Re: [qubes-users] Where do I type command for enabling Fullscreen?
I forgot to mention, you should type Escape to exit Insert mode > On Jul 17, 2019, at 4:04 PM, O K wrote: > >> On Monday, July 15, 2019 at 9:20:03 PM UTC-4, Andrew David Wong wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >>> On 15/07/2019 4.13 PM, O K wrote: >>> Trying to enable fullscreen for a Windows 7 VM, and following the >>> Qubes instructions. They say to enter the following into the >>> /etc/qubes/guid.conf file in Dom0: >>> >>> VM: { personal: { allow_fullscreen = true; }; }; >>> >>> My question is, where do I type that in? I found the file in dom0 >>> but if I need to enter it into the document itself, then I need >>> software to open a text file. Is any include in Qubes? >>> >> >> I like to use vim in dom0. It's already included. >> >> It can be challenging if you're new to vim, so you might want to check >> out a tutorial. Here's an example of one of the top search engine hits >> for "vim" that looks helpful: >> >> https://www.howtoforge.com/vim-basics >> >> It looks like nano is also included. It's commonly regarded as easier >> to use, so you might want to check that out first if you're not >> familiar with vim. >> >> - -- >> Andrew David Wong (Axon) >> Community Manager, Qubes OS >> https://www.qubes-os.org >> >> -BEGIN PGP SIGNATURE- >> >> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0tJjEACgkQ203TvDlQ >> MDCcmg//Qar4kDq7jY7TbE0cDxs/9oBA7s6BrD023Ha3OdUyMHL7hYLHR2XrzVS9 >> 3yqgq5fUe77kIk0SFa5i/TJdXlgruhFvtQ3/+suThlUpwyIAqziWlfQ0q9nPgbV8 >> MeCPP+wOiML+PHFLNWlp3Jaq+pHwjcJl+xBzrmWOZib/vqtypbP/siuyH+UrhhdG >> EXk8wjkuW+vjU8KpXzZ3+E9jcJEgK5ji/c9xfcvwmmqmHhiW9ags77siwv2P5A/6 >> AgfP3ws+USFug1KeOven04QgMVFnuh7u/JEYZYCVNqrKWIEQEkiL6RC73fX1sj/N >> BgCROCx7ZjwGipToZ/jKdawJD8hzpeQRACCgGoyYWIMXAMdjht/9d1yQk3Ctqkpp >> bBAc7558AyIUEdaMot9TFnymkMKGJGerquSzhtXzNzNQp9ZbZwmniSYx8s2qcX4A >> +xOOlBhrqwUTeFB5ETTMA944Z9j9dz0J4H96LpjyfTCUVVSxqwugN1g0Xiq2Pg92 >> 9fpnd6gGxUMTEBCDTzq9oLDU9j1496wggVLP8P3sfGvyBhRF3lS6ps2AhKLMMzXQ >> qvB453l47AuL+giM1WOuIin0mxpxKPIOfUkOytTxar/amNjWO2p1lCuZN252zUSB >> XUTU73sEcRXQONQKuBBYOxpVKc6i1K2YIGlx0VJedR1SkE75fa4= >> =xtTg >> -END PGP SIGNATURE- > > Ok, I used vim and I wanted to just make sure with you that the file looked > right so I attached it. I may have accidentally made some changes, but I > don't think so. But I can't seem to figure out how to save the file as > edited. I tried a few commands like "x" from the instructions but the > "insert word is still at the bottom and it doesn't say anything when I press > enter. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/c7aca962-4c78-4e9f-ab73-f672367a24b5%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2FB881EF-88A0-448F-8F13-38A4D6AC2E1D%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Where do I type command for enabling Fullscreen?
You can save in vim by typing “:w” If you want to save and exit “:wq” If you want to quit without saving “:q!” The quotation marks are not part of the commands Best regards Aly Abdellatif > On Jul 17, 2019, at 4:04 PM, O K wrote: > >> On Monday, July 15, 2019 at 9:20:03 PM UTC-4, Andrew David Wong wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >>> On 15/07/2019 4.13 PM, O K wrote: >>> Trying to enable fullscreen for a Windows 7 VM, and following the >>> Qubes instructions. They say to enter the following into the >>> /etc/qubes/guid.conf file in Dom0: >>> >>> VM: { personal: { allow_fullscreen = true; }; }; >>> >>> My question is, where do I type that in? I found the file in dom0 >>> but if I need to enter it into the document itself, then I need >>> software to open a text file. Is any include in Qubes? >>> >> >> I like to use vim in dom0. It's already included. >> >> It can be challenging if you're new to vim, so you might want to check >> out a tutorial. Here's an example of one of the top search engine hits >> for "vim" that looks helpful: >> >> https://www.howtoforge.com/vim-basics >> >> It looks like nano is also included. It's commonly regarded as easier >> to use, so you might want to check that out first if you're not >> familiar with vim. >> >> - -- >> Andrew David Wong (Axon) >> Community Manager, Qubes OS >> https://www.qubes-os.org >> >> -BEGIN PGP SIGNATURE- >> >> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0tJjEACgkQ203TvDlQ >> MDCcmg//Qar4kDq7jY7TbE0cDxs/9oBA7s6BrD023Ha3OdUyMHL7hYLHR2XrzVS9 >> 3yqgq5fUe77kIk0SFa5i/TJdXlgruhFvtQ3/+suThlUpwyIAqziWlfQ0q9nPgbV8 >> MeCPP+wOiML+PHFLNWlp3Jaq+pHwjcJl+xBzrmWOZib/vqtypbP/siuyH+UrhhdG >> EXk8wjkuW+vjU8KpXzZ3+E9jcJEgK5ji/c9xfcvwmmqmHhiW9ags77siwv2P5A/6 >> AgfP3ws+USFug1KeOven04QgMVFnuh7u/JEYZYCVNqrKWIEQEkiL6RC73fX1sj/N >> BgCROCx7ZjwGipToZ/jKdawJD8hzpeQRACCgGoyYWIMXAMdjht/9d1yQk3Ctqkpp >> bBAc7558AyIUEdaMot9TFnymkMKGJGerquSzhtXzNzNQp9ZbZwmniSYx8s2qcX4A >> +xOOlBhrqwUTeFB5ETTMA944Z9j9dz0J4H96LpjyfTCUVVSxqwugN1g0Xiq2Pg92 >> 9fpnd6gGxUMTEBCDTzq9oLDU9j1496wggVLP8P3sfGvyBhRF3lS6ps2AhKLMMzXQ >> qvB453l47AuL+giM1WOuIin0mxpxKPIOfUkOytTxar/amNjWO2p1lCuZN252zUSB >> XUTU73sEcRXQONQKuBBYOxpVKc6i1K2YIGlx0VJedR1SkE75fa4= >> =xtTg >> -END PGP SIGNATURE- > > Ok, I used vim and I wanted to just make sure with you that the file looked > right so I attached it. I may have accidentally made some changes, but I > don't think so. But I can't seem to figure out how to save the file as > edited. I tried a few commands like "x" from the instructions but the > "insert word is still at the bottom and it doesn't say anything when I press > enter. > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/c7aca962-4c78-4e9f-ab73-f672367a24b5%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01B28BA6-5BCC-49B3-9359-131FB900BC69%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using Salt to update TemplateVMs
On Tue, Jul 16, 2019 at 11:26 PM wrote: > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > I really do recommend using qubesctl for almost all system > > configuration. If only because it makes recovery so much easier. > > I see people saying "keep a list of packages you've installed" - if you > > keep state and use salt you can rebuild your system (almost) completely > > automatically. > > Do you happen to have some example "personalized" salt scripts you use (or a > pointer to where someone has posted some)? > > I was planning to put together some bash scripts to push configuration into > my templates (90% repo adjustments and specific packages to download), but > your comment above is intriguing. > There is also https://qubes-ansible.readthedocs.io/en/latest/ if you like Ansible. Kushal -- Public Interest Technologist, Freedom of the Press Foundation CPython Core Developer Director, Python Software Foundation https://kushaldas.in -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAzeMby2OBN8%2BeqnNXxZkeDug19K%2BH78oL9mN_dvRNhreKCskg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Using Salt to update TemplateVMs
On Tue 16 Jul 2019 at 19:56, wrote: > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote: > > I really do recommend using qubesctl for almost all system > > configuration. If only because it makes recovery so much easier. > > I see people saying "keep a list of packages you've installed" - if you > > keep state and use salt you can rebuild your system (almost) completely > > automatically. > > Do you happen to have some example "personalized" salt scripts you use (or > a pointer to where someone has posted some)? > > I was planning to put together some bash scripts to push configuration > into my templates (90% repo adjustments and specific packages to download), > but your comment above is intriguing. > > B Hi, I was also interested and found some documentation on the Qubes website: https://www.qubes-os.org/doc/salt/ Hope it helps! ++ > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/46f4a28d-fe95-4ce3-abad-162ccd8d5a4f%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPdbrW9DzTZrGt4dU-XaMS9-KSVOvs%2B%3D78iF2D3Q7cpE0UN22g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] The PGP Encryption Problem
On 7/17/19 5:40 AM, ronpunz wrote: Reading this article, https://latacora.micro.blog/2019/07/16/the-pgp-problem.html, it's clear the authors have little to no confidence in the security or capabilities of PGP encryption. Is this article a scare mongering propaganda exercise or do they have valid concerns about why we should not be using PGP? The seem to advocate using OPENBSD's Signify - do we move to this? I worry when I read articles like this, because they make some good points (along with some bad ones) against PGP but their recommendations often demonstrate a blindness to the things they're criticizing. Case in point: 'Use Signal.' While Signal is a pleasure to use for many people, its tied to identities in the telephone system, which is a problem from the 1890s not 1990s. When I see this slip up, I start worrying about the soundness of their other recommendations. I also don't necessarily agree with the idea that many different encryption tools should be used for many different purposes. This is another red flag for me, because it hides deeper UX and compatibility issues behind a veneer of simplistic apps. Yet another red flag is the way the author treats some of PGP's problems as specific to an old design, when really the problem is more fundamental. Leaking metadata, for example, is a common problem that bedevils even programs like Tor. And yet another is arguing from the assumption that Web Of Trust is a necessary ingredient in PGP usage. It isn't, and that fact dispels many claims that PGP is too complex to use. IMO, the reason we're having this bout of "don't use PGP" is the keyserver vulnerability that enables the recent spate of DoS attacks. This problem is rooted in design, but luckily doesn't run deep and is therefore solvable. That's not to say I think PGP is just fine, but if we're going to move beyond it and its (admittedly crummy) formats then we should have something else to manage identity across a broad range of use cases – we should have a proper replacement. Otherwise, I fear that information security as a field will have failed. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de86c214-a496-aa2d-dd61-e1620302ca27%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] The PGP Encryption Problem
Reading this article, https://latacora.micro.blog/2019/07/16/the-pgp-problem.html, it's clear the authors have little to no confidence in the security or capabilities of PGP encryption. Is this article a scare mongering propaganda exercise or do they have valid concerns about why we should not be using PGP? The seem to advocate using OPENBSD's Signify - do we move to this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f161fd0-fad8-b202-e323-e1e27e050d72%40riseup.net. For more options, visit https://groups.google.com/d/optout. pEpkey.asc Description: application/pgp-keys
[qubes-users] HCL Asus GL502VT
BIOS_SETTINGS: Fastboot = Off CSM = ON SecureBoot= Off NOTES DURING INSTALL: During boot from USB, you must select non-uefi option and during install. HARDWARE_NOTES_POST_INSTALL: After install, everything will work hardware wise except for the FN+F3-F4 keyboard light adjustment and the trackpad is nearly un-usable so plan to use an external mouse. Sphinx.py Sent with [ProtonMail](https://protonmail.com) Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dQVW4vnEEPfTO4uDfBxkG4yYnJm_h1wke-HDDMktEUwOl0ARGG_quXFmKx0Qoh-ATQmj8WudJ6DP9xrI69tvIVjMIrhwUFOJnpHh37yOf-k%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASUSTeK_COMPUTER_INC_-GL502VT-20190717-033240.yml Description: application/yaml