Re: [qubes-users] sys-firewall based on debian-10-minimal not recognized

2020-08-25 Thread 54th Parallel 
On Wednesday, 26 August 2020 at 11:00:36 UTC+8 sv...@svensemmler.org wrote:

> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> On 8/22/20 10:10 AM, unman wrote: 
> > To deal with the question here, I use debian minimal templates 
> > extensively, (NOT with qubes-vm-hardening), and have never seen 
> > this issue - neither the unreliable firewall nor the warning 
> > prompts issue. I've asked fellow users who also use debian-minimal 
> > and they do no not recognise the issue. 
>
> As mentioned earlier ... I have seen it. Both with debian-10-minimal 
> and debian-10-minimal + kicksecure. However, just like before... when 
> I retraced my steps the problem went away. 
>
> I suspect that maybe one of the packages that need to be installed 
> runs a post-install script that sometimes fails (I have no proof). 
>
> Another thing that caused many issues for me (until I recognized and 
> fixed it) was that the time in my sys-net was wrong. 
>
> Sorry, got no answers... just observations. 
>
> /Sven 
>
> - -- 
> public key: https://www.svensemmler.org/0x8F541FB6.asc 
> fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 
> -BEGIN PGP SIGNATURE- 
>
> iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl9F0CQACgkQ2m4We49U 
> H7YfYBAAjlyS/ehbhbztuYNMMqU7HLoUk3LGCwJpBoe67Nz5+DB1H3gbM7l9T1xc 
> 7opa7aRbOUa1aI88sZUuOgFhvQHbokho9X9ebbADjjTYQHhiiBXqO3pULgh+P8+g 
> jHCObPgID/OX7ceiS7hp7Cy+SiDm1ZrUQIdSFlCduZJYC44a6BauSaF5P9o+fpnq 
> FlFSbLGq1XyLQcKtr6Gl5rgYVa52UfTWzKt9+TGzIyAV/TRbLisInvI9RhkmVBvj 
> yMJYbgYsjyjKLqFMvLzeMeeJoriHzNzWz6Zqwbmw6NXkGFAqmqCSfYLyLprgnPyf 
> g8DGkGhRmp9awK77C8HfruqyfADPsdXYrHdVxBJbiSOB7CKbst3ZIBCVvVfwD0oY 
> 8DGNXAfP5hN7wWuRas6IshRArgk0ujuU0uR8EQpOMgI/qutZYY1LiA8BQ0o7RhUf 
> o3Rc4JM4lU10EQPafZOeWDQueD4v837dd5IkCuNKeidRmCvFzIHu7/SJFlOvnbWB 
> PNi23k3Hxx8x5hHDUDK72tXcEWawdiUJ6NMfmQG31N/zptBu8FGBFROn8Ww+XJRb 
> ePIfHmcsdNJFekWzDe4Fa8B2EpioL4QJ8Gcqy3rFmn7ZQ870prAOpT8WbNYk49BW 
> fgd/H8PBXB09aa0oHYc2KBGphrbXToIDlBLULCe5HeCKxtp/tj0= 
> =hvfa 
> -END PGP SIGNATURE- 
>

Hi Sven,

Thanks for returning to this thread. As per unman's request, I have 
continued the discussion at the discourse.groups forum (
https://qubes-os.discourse.group/t/debian-10-minimal-firewall-issues/146/7). 
My sys-net time has also slipped, like yours, on occasion. Sometimes it's 
12+ minutes behind. This is apparently a common issue that's due to be 
fixed  (https://github.com/QubesOS/qubes-issues/issues/4939), so if this 
was a cause of firewall issues, more people should have noticed it. 

Also, unman correctly pointed out that I misspoke when I said that my 
issues are the same as yours, as you seem to focus on the warning prompt 
that shows when attempting to edit firewall rules, while I have that 
problem plus qubes-firewall.service being unreliable. Anyways, as a 
non-technical user, I'm in the same boat as you--no answers, just 
observations. I managed to get Mirage firewall 
 running and I highly 
recommend it to you in particular since it takes a lot of uncertainty out 
of the issue while being easy to use.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9379287-0b26-4a1d-9c93-8a82ef7f06bbn%40googlegroups.com.

Re: [qubes-users] sys-firewall based on debian-10-minimal not recognized

2020-08-25 Thread Sven Semmler 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 8/22/20 10:10 AM, unman wrote:
> To deal with the question here, I use debian minimal templates
> extensively, (NOT with qubes-vm-hardening), and have never seen
> this issue - neither the unreliable firewall nor the warning
> prompts issue. I've asked fellow users who also use debian-minimal
> and they do no not recognise the issue.

As mentioned earlier ... I have seen it. Both with debian-10-minimal
and debian-10-minimal + kicksecure. However, just like before... when
I retraced my steps the problem went away.

I suspect that maybe one of the packages that need to be installed
runs a post-install script that sometimes fails (I have no proof).

Another thing that caused many issues for me (until I recognized and
fixed it) was that the time in my sys-net was wrong.

Sorry, got no answers... just observations.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl9F0CQACgkQ2m4We49U
H7YfYBAAjlyS/ehbhbztuYNMMqU7HLoUk3LGCwJpBoe67Nz5+DB1H3gbM7l9T1xc
7opa7aRbOUa1aI88sZUuOgFhvQHbokho9X9ebbADjjTYQHhiiBXqO3pULgh+P8+g
jHCObPgID/OX7ceiS7hp7Cy+SiDm1ZrUQIdSFlCduZJYC44a6BauSaF5P9o+fpnq
FlFSbLGq1XyLQcKtr6Gl5rgYVa52UfTWzKt9+TGzIyAV/TRbLisInvI9RhkmVBvj
yMJYbgYsjyjKLqFMvLzeMeeJoriHzNzWz6Zqwbmw6NXkGFAqmqCSfYLyLprgnPyf
g8DGkGhRmp9awK77C8HfruqyfADPsdXYrHdVxBJbiSOB7CKbst3ZIBCVvVfwD0oY
8DGNXAfP5hN7wWuRas6IshRArgk0ujuU0uR8EQpOMgI/qutZYY1LiA8BQ0o7RhUf
o3Rc4JM4lU10EQPafZOeWDQueD4v837dd5IkCuNKeidRmCvFzIHu7/SJFlOvnbWB
PNi23k3Hxx8x5hHDUDK72tXcEWawdiUJ6NMfmQG31N/zptBu8FGBFROn8Ww+XJRb
ePIfHmcsdNJFekWzDe4Fa8B2EpioL4QJ8Gcqy3rFmn7ZQ870prAOpT8WbNYk49BW
fgd/H8PBXB09aa0oHYc2KBGphrbXToIDlBLULCe5HeCKxtp/tj0=
=hvfa
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a35e79ef-b3df-a593-c06a-9c89e615eac5%40SvenSemmler.org.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-25 Thread Sven Semmler 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 8/22/20 5:11 AM, 54th Parallel wrote:
> I don't want to get into an argument with you, so all I'll say is
> that you should probably read up more on ChromeOS.

Here are my thoughts: security is on a spectrum, here are two extremes:

a)
- - completely offline
- - in a locked room at a secure location
- - completely shielded
- - I never leave that room

b)
- - always connected to the internet
- - running on proprietary hardware
- - software is partly or completely closed
- - data lives "in the cloud" (aka other peoples computer)

Security is also about what I want to be secure from.

a) keeps me pretty secure except from the government of the location

b) keeps (maybe) some script kiddies away if the provider knows their
stuff, but any skilled criminal / company / state actor own you in no ti
me

... which is why I have no understanding at all for all those
companies moving their stuff into office365 ... what are they thinking?

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl9Fzl0ACgkQ2m4We49U
H7ZixRAAvXHCkPILxo/pAZbeZVa5ULpfq8+RB5nqP8JYnOWne0I8lJINK+uMpC31
h7/7I1MRaI2Y37BqjrIQrx0AMtBn9lDb59kUcDMKqpWjC+ISaVfM/m8n2mbt5hkD
CTQsex9gfesxcet/krybXZyj4GWAyjSe8AMtKbvWH7yZVEgE1ZoZD8zKHUzErz4/
xr1QnJLWbrsI3ThqgREAfw7PJhvrsV8Onr/u5lQo1V41Qup/uXvE3Kkxk/fERw7A
5fZZ/Ndw2AHhKZc+MnV6RNSjC5QJjvsyScAGpq0RqpgrACfdiCiHnOg+F06W7oFG
sIGwsaSs26rgbct9IU8UxrTsKz530BJlbp+bMMCReAfy+w88OxpafaJhPUGCjF37
emzvn1C/1ZPwz5PEDOf2p5siXu48O5a8kYS5vV48YqDDUw5bF2cj+WIq3YsfGZH8
hSE/yCYyuKb7pE+GywLU0miiF2eMfddsoIwpi0VtkIvixBUXMoFeKf9QMcFtGhnk
HEDWPNSmsb0p6bAyV0Wdr8O3R4rj7UG3m5ZTcdm8t2A1Bp0NZJhPevUMYRx2g7A5
9dX/extGXoXGEYiQipWh+rheAIF3tnN7s5RRcWYBkUPElJ/fkwooKwthIcZCnso1
1Q5R52UCk1xQDSjAhDOAudQHmvjcfqKFlCKLQDIKicpxMYaK2oI=
=7B+m
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4371ecf-46d7-abd8-8dde-7f5daa9e4dda%40SvenSemmler.org.

Re: [qubes-users] Witch one is the best?

2020-08-25 Thread Frédéric Pierret 

On 2020-08-25 23:51, Mélissa Ch. wrote:
> 
>> Silitech
>>
>> Intel(R) Core(TM) i5-3450 CPU @ 3.10 GHz 3.10GHz
>>
>> Mémoire 16.0 Go ram
>>
>> Système d’exploitation 64 bits
>>
>> Windows 7 Familiale Premium
>>
>> Carte graphique ADM Radeon HD 7470
> 
> This one is the better Qubes candidate because of the AMD video card and
> 16GB RAM. Be aware Qubes can sometimes be more challenging to install
> than Windows, so might need troubleshooting.
> 
> 
> Thank you! 
> 
> And another question. 
> How to veryfie the key. I mean, i have donwload the file and verify the key 
> on the web. But i can't fint on my systeme/machine  the GPG2 program to do 
> the rest of the vérifycation like on the Qube page said?  On this one tha i 
> use now i have Windows 10 and on the othr one not on the web for now. The 
> silitech is Windows 7. 


If you want to verify Qubes key on Windows I guess you can use one of the 
binary provided by GnuPG: https://gnupg.org/download/. I would dig through 
this. Another solution is to boot on a livecd on your current machine and use 
the gpg program provided. A Fedora livecd can do the work.

Best regards,
Frédéric

PS : BEGIN FRENCH Si vous avez des difficultés pour bien comprendre certaines 
parties ou démarches à faire, n'hésitez pas à me demander en français. Je 
ferais de mon mieux pour transcrire les infos demandées après en anglais pour 
tout le monde. END FRENCH

 
> Thank a lot ! 
> Le dimanche 23 août 2020 à 11 h 21 min 36 s UTC-4, awokd a écrit :
> 
> Mélissa Ch.:
> 
> > Silitech
> >
> > Intel(R) Core(TM) i5-3450 CPU @ 3.10 GHz 3.10GHz
> >
> > Mémoire 16.0 Go ram
> >
> > Système d’exploitation 64 bits
> >
> > Windows 7 Familiale Premium
> >
> > Carte graphique ADM Radeon HD 7470
> 
> This one is the better Qubes candidate because of the AMD video card and
> 16GB RAM. Be aware Qubes can sometimes be more challenging to install
> than Windows, so might need troubleshooting.
> 
> -- 
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com 
> .
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/22bea83c-bc5e-491b-a2eb-cd3901380063n%40googlegroups.com
>  
> .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a58e6a4-5552-e624-815b-946dac69eb13%40qubes-os.org.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Witch one is the best?

2020-08-25 Thread Mélissa Ch . 

> Silitech
>
> Intel(R) Core(TM) i5-3450 CPU @ 3.10 GHz 3.10GHz
>
> Mémoire 16.0 Go ram
>
> Système d’exploitation 64 bits
>
> Windows 7 Familiale Premium
>
> Carte graphique ADM Radeon HD 7470

This one is the better Qubes candidate because of the AMD video card and
16GB RAM. Be aware Qubes can sometimes be more challenging to install
than Windows, so might need troubleshooting.


Thank you! 

And another question. 
How to veryfie the key. I mean, i have donwload the file and verify the key 
on the web. But i can't fint on my systeme/machine  the GPG2 program to do 
the rest of the vérifycation like on the Qube page said?  On this one tha i 
use now i have Windows 10 and on the othr one not on the web for now. The 
silitech is Windows 7. 

Thank a lot ! 
Le dimanche 23 août 2020 à 11 h 21 min 36 s UTC-4, awokd a écrit :

> Mélissa Ch.:
>
> > Silitech
> > 
> > Intel(R) Core(TM) i5-3450 CPU @ 3.10 GHz 3.10GHz
> > 
> > Mémoire 16.0 Go ram
> > 
> > Système d’exploitation 64 bits
> > 
> > Windows 7 Familiale Premium
> > 
> > Carte graphique ADM Radeon HD 7470
>
> This one is the better Qubes candidate because of the AMD video card and
> 16GB RAM. Be aware Qubes can sometimes be more challenging to install
> than Windows, so might need troubleshooting.
>
> -- 
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22bea83c-bc5e-491b-a2eb-cd3901380063n%40googlegroups.com.

[qubes-users] electrum on debian-10

2020-08-25 Thread Qubes 

Does Electrum work for you guys on the debian-10 template?

I only see it in the unstable/testing branch, which I don't mind using,

user@debian-10-electrum:~$ apt search electrum
Sorting... Done
Full Text Search... Done
electrum/unstable,testing 4.0.2-0.1 all
  Easy to use Bitcoin client

But it does not work. In that, when I install it it breaks my debian-10 
template beyond repair. I have tried to 'sudo apt-mark manual 
package-name' all the 'qubes-*' and 'salt-*' packages but it makes no 
difference. While the electrum installation is in progress it already 
breaks. I can reboot the templateVM but it is broken.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d389f125-1457-1931-2cc5-626d1ac31a12%40ak47.co.za.

Re: [qubes-users] Stuck in kernel panic, cannot rescue my system with anaconda

2020-08-25 Thread 'Chempes Amt' via qubes-users 
> 
> From: Frédéric Pierret 
> Sent: Wed Jul 22 20:33:36 CEST 2020
> To: Chempes Amt , donoban 
> Cc: 
> Subject: Re: [qubes-users] Stuck in kernel panic, cannot rescue my system 
> with anaconda
> 
> 
> 
> 
> On 2020-07-22 20:23, 'Chempes Amt' via qubes-users wrote:
> > (...) My problem now is that there is no more folders nor files in 
> > /boot/efi. I think that I need to regenerate the entire efi directory and I 
> > don't know how to do. Could you or someone else explain me how to do that ?
> > Here are files and directories of my /boot :
> > 
> > */boot*
> > config-4.19.107-1.pvops.qubes.x86_64
> > config-4.19.125-1.pvops.qubes.x86_64
> > config-4.19.128-1.pvops.qubes.x86_64
> > efi
> > grub
> > grub2
> > initramfs-4.19.107-1.pvops.qubes.x86_64.img
> > initramfs-4.19.125-1.pvops.qubes.x86_64.img
> > initramfs-4.19.128-1.pvops.qubes.x86_64.img
> > symvers-4.19.107-1.pvops.qubes.x86_64.gz
> > symvers-4.19.125-1.pvops.qubes.x86_64.gz
> > symvers-4.19.128-1.pvops.qubes.x86_64.gz
> > System.map-4.19.107-1.pvops.qubes.x86_64
> > System.map-4.19.125-1.pvops.qubes.x86_64
> > System.map-4.19.128-1.pvops.qubes.x86_64
> > vmlinuz-4.19.107-1.pvops.qubes.x86_64
> > vmlinuz-4.19.125-1.pvops.qubes.x86_64
> > vmlinuz-4.19.128-1.pvops.qubes.x86_64
> > xen-4.8.5-19.fc25.config
> > xen-4.8.5-19.fc25.gz
> > xen-4.8.gz
> > 
> >  
> >> 
> >> From: donoban 
> >> Sent: Tue Jul 21 23:46:29 CEST 2020
> >> To: 
> >> Subject: Re: [qubes-users] Stuck in kernel panic, cannot rescue my system 
> >> with anaconda
> >>
> >>
> >> On 2020-07-21 21:26, 'Chempes Amt' via qubes-users wrote:
> >> > 
> >> > (...) My QubesOS is installed on an external SSD storage (I know it's 
> >> > not ideal but . In order to make my computer recognize Qubes, I have to 
> >> > copy manually the xen.cfg and the xen.efi files at every kernel update 
> >> > (as here : 
> >> > https://www.qubes-os.org/doc/uefi-troubleshooting/#boot-device-not-recognized-after-installing
> >> >  ).
> >> >
> >> > The problem is that at last update I forgot to change the xen.efi file 
> >> > version and that now I'm stuck with a kernel panic every time I try to 
> >> > boot on my QubesOS.
> >> >
> >> > (...) - whenever I choose my external storage for booting, there is no 
> >> > grub menu and Qubes boots automatically. So I cannot access any 
> >> > troubleshooting or rescue shell.
> >> >
> >> > - (...) You should mount EFI and Qubes partitions if needed with
> >> default file manager without problems.
> >>
> >> https://fedoraproject.org/wiki/FedoraLiveCD
> >>
> >> --
> >> 
> 
> (...) If you used default Qubes partitioning, you should have another 
> partition containing what's in /boot/efi with xen.efi and conf.
> 
> Frédéric
> 
> 
Good morning everybody,

I'm back from holidays and I have some days left to restore my QubesOS system 
before I come back to work. As Frédéric suggested, I tried to find a separate 
partition containing xen.efi and conf files but I couldn't find it. The only 
partitions I found are the virtual partitions of my vms, their backup 
partitions, and a big main partition with no file in /boot/efi . I think that 
it's due to the fact that my QubesOS is installed on an external SSD storage.
Would anyone have a suggestion on how to recover /boot/efi  directory or should 
I do a clean install ?

Thank you a lot !
Chempes

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/549065399.68455.1598352386742%40ichabod.co-bxl.

Re: [qubes-users] Recover vm after lvresize

2020-08-25 Thread Filippo Merli 
Thanks, with sudo `xl console [vmname]`  I have been able to open a 
terminal in the damaged vm and solve the problem. The problem was that the 
block count of `xvdb`, the shrinked volume mounted in /rw , exceeded the 
size of the device. So I just set the device size with `lvresize` to a 
bigger one and everything seems to work.

On Monday, August 24, 2020 at 11:19:13 PM UTC+2 awokd wrote:

> Filippo Merli:
> > 
> > Hi,
> > 
> > after shrink a standalone vm volume with lvresize is not possible 
> anymore 
> > access the volume data.
> > The vm start but is not possible to open a terminal. Is there a way to 
> > access the data from another vm or from dom0?
>
> Enabling debug mode in Qube Settings might get you a terminal so you can
> see what's wrong. Also can try sudo xl console [vmname] in dom0 when
> it's powered on. It is possible to copy the volume to a file to attempt
> recovery in another VM.
>
> -- 
> - don't top post
> Mailing list etiquette:
> - trim quoted reply to only relevant portions
> - when possible, copy and paste text instead of screenshots
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d46524f-7973-4e4f-9a5f-fbfa34cd7a4an%40googlegroups.com.

[qubes-users] Alerts, notifications, calendar in Qubes

2020-08-25 Thread evado...@gmail.com 
Hello,

What apps do you use on Qubes to get notifications of upcoming events? 
I'm searching for some app to manage notifications (want to start it 
automatically on boot of my main appVM)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eea6577c-7b5a-45b7-af57-0909f85db3b0n%40googlegroups.com.