[qubes-users] Re: XFCE Application menu
Yeah I find that really annoying. I like my launcher to be neatly organized and now its a mess, I'm not willing to go in an fix it via text file in vi. Best third party way to make this editable? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8d99ab0-1ede-483d-b912-108459e51f6e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 3.2 has been released!
Congratulations! The updated graphics driver is very welcome, finally my screen brightness works and I'm sure it'll be more stable. One issue is my sys-wifi which uses an Intel wireless card. This worked perfectly in the 3.1 but now I get a kernel crash in the module responsible for my card, iwlwifi, attached. Looks like the intel firmware is missing? [5.367324] iwlwifi :00:00.0: Hardware error detected. Restarting. [5.367335] iwlwifi :00:00.0: CSR values: [5.367338] iwlwifi :00:00.0: (2nd byte of CSR_INT_COALESCING is CSR_INT_PERIODIC_REG) [5.367347] iwlwifi :00:00.0:CSR_HW_IF_CONFIG_REG: 0X00489204 [5.367355] iwlwifi :00:00.0: CSR_INT_COALESCING: 0X8040 [5.367364] iwlwifi :00:00.0: CSR_INT: 0X2000 [5.367370] iwlwifi :00:00.0:CSR_INT_MASK: 0X [5.367378] iwlwifi :00:00.0: CSR_FH_INT_STATUS: 0X [5.367386] iwlwifi :00:00.0: CSR_GPIO_IN: 0X [5.367394] iwlwifi :00:00.0: CSR_RESET: 0X0009 [5.367401] iwlwifi :00:00.0:CSR_GP_CNTRL: 0X080003c5 [5.367410] iwlwifi :00:00.0: CSR_HW_REV: 0X0144 [5.367420] iwlwifi :00:00.0: CSR_EEPROM_REG: 0X [5.367429] iwlwifi :00:00.0: CSR_EEPROM_GP: 0X8000 [5.367436] iwlwifi :00:00.0: CSR_OTP_GP_REG: 0X803a [5.367443] iwlwifi :00:00.0: CSR_GIO_REG: 0X00080046 [5.367450] iwlwifi :00:00.0:CSR_GP_UCODE_REG: 0X [5.367456] iwlwifi :00:00.0: CSR_GP_DRIVER_REG: 0X [5.367464] iwlwifi :00:00.0: CSR_UCODE_DRV_GP1: 0X [5.367473] iwlwifi :00:00.0: CSR_UCODE_DRV_GP2: 0X [5.367482] iwlwifi :00:00.0: CSR_LED_REG: 0X0018 [5.367490] iwlwifi :00:00.0:CSR_DRAM_INT_TBL_REG: 0X [5.367500] iwlwifi :00:00.0:CSR_GIO_CHICKEN_BITS: 0X27800200 [5.367510] iwlwifi :00:00.0: CSR_ANA_PLL_CFG: 0Xd5d5 [5.367517] iwlwifi :00:00.0: CSR_MONITOR_STATUS_REG: 0X2bb7f747 [5.367527] iwlwifi :00:00.0: CSR_HW_REV_WA_REG: 0X0001001a [5.367538] iwlwifi :00:00.0:CSR_DBG_HPET_MEM_REG: 0X [5.367543] iwlwifi :00:00.0: FH register values: [5.367564] iwlwifi :00:00.0: FH_RSCSR_CHNL0_STTS_WPTR_REG: 0X29cb8e00 [5.367589] iwlwifi :00:00.0:FH_RSCSR_CHNL0_RBDCB_BASE_REG: 0X029cb8f0 [5.367608] iwlwifi :00:00.0: FH_RSCSR_CHNL0_WPTR: 0X00f8 [5.367628] iwlwifi :00:00.0: FH_MEM_RCSR_CHNL0_CONFIG_REG: 0X80801114 [5.367647] iwlwifi :00:00.0: FH_MEM_RSSR_SHARED_CTRL_REG: 0X003c [5.367665] iwlwifi :00:00.0:FH_MEM_RSSR_RX_STATUS_REG: 0X0703 [5.367683] iwlwifi :00:00.0:FH_MEM_RSSR_RX_ENABLE_ERR_IRQ2DRV: 0X [5.367701] iwlwifi :00:00.0:FH_TSSR_TX_STATUS_REG: 0X05ff [5.367719] iwlwifi :00:00.0: FH_TSSR_TX_ERROR_REG: 0X [5.367724] iwlwifi :00:00.0: Not valid error log pointer 0x for Init uCode [5.738101] fuse init (API version 7.23) [7.094214] iwlwifi :00:00.0: Failed to load firmware chunk! [7.094243] iwlwifi :00:00.0: Could not load the [0] uCode section [7.094267] iwlwifi :00:00.0: Failed to start INIT ucode: -110 [7.100815] iwlwifi :00:00.0: Failed to run INIT ucode: -110 [7.101391] iwlwifi :00:00.0: L1 Enabled - LTR Enabled [7.325014] [ cut here ] [7.325014] WARNING: CPU: 4 PID: 475 at /home/user/rpmbuild/BUILD/kernel-4.4.14/linux-4.4.14/drivers/net/wireless/iwlwifi/pcie/trans.c:1552 iwl_trans_pcie_grab_nic_access+0xfb/0x110 [iwlwifi]() [7.325014] Timeout waiting for hardware access (CSR_GP_CNTRL 0x080003dc) [7.325014] Modules linked in: fuse xt_nat xen_netback xt_REDIRECT nf_nat_redirect ip6table_filter ip6_tables xt_conntrack ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iwlmvm(+) mac80211 iwlwifi cfg80211 rfkill intel_rapl iosf_mbi x86_pkg_temp_thermal coretemp crct10dif_pclmul crc32_pclmul crc32c_intel pcspkr xen_pcifront dummy_hcd udc_core u2mfn(O) xen_blkback xenfs xen_privcmd xen_blkfront [7.325014] CPU: 4 PID: 475 Comm: modprobe Tainted: G O 4.4.14-11.pvops.qubes.x86_64 #1 [7.325014] ffa653d9 8812fa40 813b06f3 [7.325014] 8812fa88 a01693e8 8812fa78 8109f402 [7.325014] 88000df14000 88000df175f0 8812fb28 [7.325014] Call Trace: [7.325014] [] dump_stack+0x63/0x90 [7.325014] []
[qubes-users] Re: WTF with userbase counter? Is Qubes OS dying?
On Sunday, September 4, 2016 at 4:16:38 AM UTC-7, Arqwer wrote: > Statistics page (https://www.qubes-os.org/counter/) shows that number of > users have fallen from 15 000 to less then 4000. Is it just a bug in counter, > or what is happening? glitch in the Matrix -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/298a18fb-120e-4cf0-9fac-6f095b6763d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why not a Whonix (or TOR) Disposible VM?
On Sunday, August 28, 2016 at 7:07:06 AM UTC-7, Cube wrote: > On Saturday, August 27, 2016 at 10:59:50 PM UTC-7, Andrew David Wong wrote: > any thoughts on either reverting my disposable VM statefile Well it's easy to revert qvm-create-default-dvm --default-template -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35c7dba9-9628-409c-b628-07f325547452%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?
On Saturday, August 27, 2016 at 1:50:22 PM UTC-7, johny...@sigaint.org wrote: > BTW, keepassx rocks. I'm working on some scripts to make it a little less > painful with all the Ctrl-Alt-C and Ctrl-Alt-V'ing (which also conflicts > with the standard konsole paste shortcuts). I have no problem with the special cut/paste. Doesn't mean I don't screw it up on occasion, but I do like the assurance of having to do the step Actually you betray yourself with the correct solution above; the Qubes shortcut to copy/paste between VM's is Ctrl-Shift-C/V which conflicts. I, like you, map that to Ctrl-Alt-C/V so no conflict. I've wondered why that isn't the default since the other is such an obvious conflict. > Using keepassx on Tails is so much more streamlined, without the extra > level of copying/pasting. It'd almost be nice if there were some explicit > dom0 support for it somehow. Yeah but Tails suffers from the same thing other OS's do which is one big system. So if it was theoretically compromised your streamlined copy/paste is exactly what you don't want. Nothing you don't know, but I don't want the inter-VM copy/paste to change a bit. It's a small burden for a huge benefit. It also has an additional benefit of each VM having it's own Paste buffer, which ends up being very convenient. > > Agreed. I keep my keepass database on one removable device, with a > keyfile on a separate removable device plus a password. Some cowardly > creep/crook wants to tamper with my system while I'm out, they're not > going to get very far. I'd argue that your actually less secure with that scheme. Johanna made some comments to that effect, what you are doing is a kind of air-gapping, but you have a large attack surface through USB. If an Evil Maid controls your system it does you no good to bring in your passwords on a USB. So, if you're really concerned with that you should be implementing Anti-Evil-Maid on your system as the only defense - not keeping passwords separate. > Since moving to that approach, I've noticed a lot more "noise" from the > ones I suspect of being involved in my harassment. Ironically, probably a > good sign. OH, OK then you have a situation with a probably not too computer sophisticated opponent. Never mind then. > But having individual keys for each VM would go further towards one > stated goal of disallowing each VM or dom0 from being able to snoop on > each other. > That should only be useful against Qubes bugs which allow sibling VM peeking, but otherwise doesn't help. > Right now, the overall dom0 filesystem is encrypted, which is cool, but > nothing beyond that, unless you do it yourself. Yeah, more passwords are > a pain, but if you choose to do so in the name of security, it'd be nice > if the Manager supported it. The main problem with it is that the Qubes team is busy and underfunded enough to work on that feature. Their time is better spent making sure there are no chance of sneaky/peaky. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ff6fec9-f5f4-4741-a77f-d3ca4acd49f6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Why not a Whonix (or TOR) Disposible VM?
On Saturday, August 27, 2016 at 10:50:20 AM UTC-7, Cube wrote: > This would be more in the style of Tails - no persistent state. Wups, there is some thought on this already https://www.whonix.org/wiki/Qubes/Disposable_VM There are issues, anybody try this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd1ca536-c8d3-440a-a756-ebd20f4258d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why not a Whonix (or TOR) Disposible VM?
This would be more in the style of Tails - no persistent state. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4df461af-9f72-43ca-963b-324d7d7f9436%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?
On Saturday, August 27, 2016 at 9:31:31 AM UTC-7, Alex wrote: > On 08/27/2016 05:59 PM, Cube wrote: > For specific services (say, the mentioned Amazon) I keep a keepassx > database on the specific AppVM in which the service is expected to be > used - the Amazon account I use to buy work stuff is saved in the > keepassx database in the Work appVM, the personal one is saved in the > personal appVM. Interesting idea. For the downside of having to remember extra passwords (for the databases), backups (albeit part of the general backups), and managing the running instances of XKeyPass, you can save a few keystrokes pasting between VM's. It does seem like there are more disadvantages, why not just keep them together in one Vault XKeyPass? > And there are some types of password I keep in a non-internet-connected > AppVM, together with some OTP generator scripts. They are meant to be > used for targets that may be sensitive to large scale attacks (say, home > banking credentials, amazon AWS otp generators, etc.) where attackers > may have the financial power to aggressively attack the target AppVM - > so my line of defense here is to be sure not to have the sensitive > information available on the filesystem at all. > Well they're in the AppVM though so are on the filesystem, aren't they? What you buy is network isolation, effectively air gapping, but even better. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/af95ccc0-0120-42eb-952b-e1218d880e74%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?
Assume you have a disconnected Vault VM with your passwords, and a Shopping VM where you access Amazon, etc. Highest security is to copy/paste passwords over from the Vault as needed. Less secure (but still highly secure) is to cache them in the Firefox database. What path do people generally take? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c0617ee5-2106-40b2-8ef8-558a65544d76%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Burning a USB attached CDROM
On Friday, August 26, 2016 at 4:09:34 PM UTC-7, Connor Page wrote: > you should use the drive as normal in sys-usb. just make the private image > large enough and copy whatever it is you want to burn to that vm. Thanks! I had forgotten now that with Salt Qubes has a nice way of doing USB VM's. Any recommendations for how to CLI burn a file? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/440e4c68-4cce-431e-9c98-c153923cb37e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: WiFi NetVM works at first, then not on restart
Figure it out, documented here for others. The problem is for whatever reason the kernel module for my card (Intel laptop WIFI) wasn't being properly probed for and loaded. So I added the following line to /rw/config/rc.local and made the file executable cp /rw/config/iwlwifi-net.conf /etc/modules-load.d and made the file named above with the name of my module inside of it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f1e49ec-086b-4b06-8c7a-7053a4dc92b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] WiFi NetVM works at first, then not on restart
I created a NetVM and attached my WIFI card to it, worked great and I connected to the network. Later killed the VM and restarted (restarted the computer actually) - no go. Even though "lspci" shows the card still attached and available, the WiFI Network connect widget says no network devices available. Thoughts? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4795c6c8-790a-4f66-b863-a33936d6be53%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Burning a USB attached CDROM
Would like to do some rc2 testing and have a USB CDROM which I believe is supported? AFAIK it's the internal drives which can't be done. I installed 'wodim' but it's not seeing any drivers. Attaching the block device to a VM doesn't work either (the CDROM isn't visible to wodim). I tried attaching the PCI USB controllers but they are in use by a xen driver. Any help appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3fddc3f-618f-4d47-b08d-7992713f1bad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.