[qubes-users] Chromium OS in qubes

2020-02-10 Thread Dominique St-Pierre Boucher
Hello Qubes Users,

Did anyone tried or better succeeded in installing Chromium OS in qubes? 

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d7c64a2-9fbb-48d8-99d9-68e6b6c276cc%40googlegroups.com.


[qubes-users] debian-10-minimal as vpn proxy with qubes-vpn-support

2020-01-24 Thread Dominique St-Pierre Boucher
Good day Qubes OS Community,

I am trying to get a vpn proxy run based on the debian-10-minimal. I a 
trying to connect to protonvpn. I was able to do it with a fedora proxy so 
I know it works.

I was able to install everything needed in the template, I configured 
qubes-vpn-support on my vpn proxy but when I try to connect, I got error 
related to the update-resolv-conf script.
Getting this error message:
resolvconf: Error: Command not recognized
Usage: resolvconf (-d IFACE|-a 
IFACE|-u|--enable-updates|--disable-updates|--updates-are-enable

Can someone point me in the right direction with the difference between 
resolvconf on Fedora and resolvconf on Debian?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4a2b2dc-65af-476b-a067-3bea3bae1570%40googlegroups.com.


[qubes-users] debian-10-minimal template sudo

2020-01-22 Thread Dominique St-Pierre Boucher
Good afternoon,

I know that I have seen that somewhere but I am unable to find it. The 
debian-10-minimal template sudo require a password. How do I change that? I 
don't remember how to do it!!

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d11b881-f356-4c7a-9247-0c8db5b513e5%40googlegroups.com.


Re: [qubes-users] qvm-create-windows-qube 2.0

2020-01-17 Thread Dominique St-Pierre Boucher
Concerning the download of ISO, if you open a teminal in the windows-mgmt 
qube that is created by the script, there is a script in 
/home/user/Documents/qvm-create-windows-qube/windows-media/isos/ named 
download-windows.sh

Run that script, it will tell you what are the options. Do not forget to 
give network access to the windows-mgmt qube before starting the download 
and to remove the access after.

One of the possible reason you were not able to install Windows 10 is 
because of the version. The Windows 10 iso you got is probably not an 
Enterprise Eval version so the key wont work.

Dominique

On Thursday, January 16, 2020 at 10:48:02 PM UTC-5, scal...@posteo.net 
wrote:
>
> Thanks Elliot for posting this. I'm trying this now. I saw the note 
> saying you could download a different version of Windows in the 
> qvm-create-windows-qube.sh. But I didn't see how that was done. Seems 
> like you can just reference an already downloaded iso, which is what I 
> did. I already had a Windows 10 iso. So I set it to use that iso and to 
> use the answer file provided for win10x64-enterprise-eval.xml, but ran 
> into the problem below. But maybe it is because of the iso i'm using? 
>
> On 13.01.2020 10:48, 'Elliot Killick' via qubes-users wrote: 
> > -BEGIN PGP SIGNED MESSAGE- 
> > Hash: SHA256 
> > 
> >   * Hardcoding trial product key in answer files (or anywhere) is no 
> > longer necessary, Windows will use embedded trial key without any 
> > user interaction by default 
>
> This doesn't seem to be the case. 
> I'm getting the following: 
> on "Commencing first part of Windows installation process..." in the 
> install.sh script 
> I get a popup from "Windows Setup" that says Windows cannot read the 
>  setting from the unattend answer file." I click "OK" and it 
> reboots to a black screen from SeaBIOS that ends with  "No bootable 
> device." 
>
> >   * windows-mgmt is air gapped 
>
>
> What is this qube used for? Is it just for the setup? Can I delete it 
> after done? 
>
> Thanks. 
>
> > -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d871a2b3-e34b-4eec-b89a-47f07dec0bc5%40googlegroups.com.


[qubes-users] Re: Fedora-31 template

2019-11-26 Thread Dominique St-Pierre Boucher
Thanks for the info, I did exactly that before seeing you documentation.

Unfortunately, I got errors:

Problem: Problem with installed package 
qubes-core-agent-4.0.50-1.fc30.x86_64
 - package qubes-core-agent-4.0.50-1.fc31.x86_64 requires python-daemon, 
but none of the providers can be installed
 - package qubes-core-agent-4.0.48-1.fc31.x86_64 requires python-daemon, 
but none of the providers can be installed
 - package qubes-core-agent-4.0.50-1.fc31.x86_64 does not belong to a 
distupgrade repository
 - package python2-daemon-2.2.3-1.fc30.noarch does not belong to a 
distupgrade repository

Idea anyone?

Dominique
On Saturday, November 16, 2019 at 3:17:33 PM UTC-5, m...@militant.dk wrote:
>
> Hi Dominique,
>
> The official docs states: https://www.qubes-os.org/doc/templates/#updating
>
> In an earlier version, I updated another fedora, by renaming some stuff in 
> repo's.
>
> Guide is here, if you wan't to get inspiration:
>
> https://www.militant.dk/2018/04/04/cloning-fedora-26-to-fedora-27-template-qubes-3-2/
>
> Sincerely
> Max
>
> fredag den 15. november 2019 kl. 21.23.54 UTC+1 skrev Dominique St-Pierre 
> Boucher:
>>
>> Hello Qubes users,
>>
>> Do any of you tried and succeed upgrading a Fedora template to version 31?
>>
>> If so, how?
>>
>> Thanks
>>
>> Dominique
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/498d4cd7-1089-490d-a696-aa36ef02b896%40googlegroups.com.


[qubes-users] Fedora-31 template

2019-11-15 Thread Dominique St-Pierre Boucher
Hello Qubes users,

Do any of you tried and succeed upgrading a Fedora template to version 31?

If so, how?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dfe9bc75-c6ec-4680-bd80-0b2a75182509%40googlegroups.com.


[qubes-users] CVE-2019-11477

2019-06-18 Thread Dominique St-Pierre Boucher
Good day Qubes user,

Is qubes affected by CVE-2019-11477?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6dfee182-2d3b-4b27-b3d0-7d6c08584fba%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dsa-4371-update

2019-05-28 Thread Dominique St-Pierre Boucher
Hello again,

Found it by myself. I modified the script located in 
Dom0:/usr/libexec/qubes-manager/dsa-4371-update

I added those lines:
10.*)
codename="buster"
pkg="libapt-pkg5.0"
fixed_version="1.8.1"
;;

Seems to be working fine for now!!!

Any comments?

Thanks

On Tuesday, May 28, 2019 at 12:36:29 PM UTC-4, Dominique St-Pierre Boucher 
wrote:
> Good day Qubes community,
> 
> I created a debian-10 template and I cannot use the qubes-manager to start 
> the update because of the dsa-4371-update that is looking for a either 8.0 or 
> 9.0 in the /etc/debian-version and I have a 10.0.
> 
> How do I fix this?
> 
> Thanks!
> 
> Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50ddd851-c162-4a4e-b45d-007bc2b463f0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] dsa-4371-update

2019-05-28 Thread Dominique St-Pierre Boucher
Good day Qubes community,

I created a debian-10 template and I cannot use the qubes-manager to start the 
update because of the dsa-4371-update that is looking for a either 8.0 or 9.0 
in the /etc/debian-version and I have a 10.0.

How do I fix this?

Thanks!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4b61177-5760-4950-b3b2-64fbd2ae7042%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes-template-debian-10

2019-05-23 Thread Dominique St-Pierre Boucher
Good day qubes-users,

Do you know when a debian 10 template will be available?

Tried to do the manual upgrade and keep running into issues.

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/efdc1795-0e47-404b-aea4-e68ca8fc2cb0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] fedora-29 update indicator

2018-12-14 Thread Dominique St-Pierre Boucher
Thanks unman I will follow the issue.

Dominique

On Friday, December 14, 2018 at 10:19:40 AM UTC-5, unman wrote:
> On Fri, Dec 14, 2018 at 06:10:33AM -0800, Dominique St-Pierre Boucher wrote:
> > Good morning Qubes community,
> > 
> > I am using version 4 and I have fedora-29 template. Even after the updates, 
> > it still shows that the template needs update. How do I fix this issue?
> > 
> > Thanks
> > 
> > Dominique
> > 
> 
> It's a known issue, and a fix is on the way, but not yet resolved.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d3d4fec3-78f1-41b4-8a54-c5b0ab4c177b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] fedora-29 update indicator

2018-12-14 Thread Dominique St-Pierre Boucher
Good morning Qubes community,

I am using version 4 and I have fedora-29 template. Even after the updates, it 
still shows that the template needs update. How do I fix this issue?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d9a7c68-26c7-4f6a-8ff0-3b20dd5b04e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Access to template filesystem on Qubes 4

2018-11-21 Thread Dominique St-Pierre Boucher
Hello Qubes-users,



I need to get access to a file on a template I created. I did some changes and 
I am unable to boot the template.

How do I mount the filesystem in another VM to get access to the file?


Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5de09fb-346d-4a3f-b910-2f036433ddd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] R4.0.1 RC1 - qubes-dom0-update not working

2018-11-15 Thread Dominique St-Pierre Boucher
Hello Qubes Users,

Just installed RC1 on 2 laptops. This is working fine for install and template. 
Working fine for template update.

My issue is that qubes-dom0-update does not work for qubes repo. This is the 
message I am getting:

Failed to synchronize cache for repo 'qubes-dom0-current', inoring this repo.

With my check on what is appening in qubes-dom0-update and what is appening 
with yum, I think that the variable for the release is not set correctly and it 
prevents yum from connecting to the repo.

So here are my questions:

1- Am I right?
2- How do I fix it?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50113c5a-71cb-4b88-8c55-5038b768859d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Dell Latitude E6520

2018-11-12 Thread Dominique St-Pierre Boucher
Issues with Wifi adapter

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82e712bf-de9a-4c08-8167-6cfeb58b687e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Dell_Inc_-Latitude_E6520-20181112-121135.cpio.gz
Description: Binary data


Qubes-HCL-Dell_Inc_-Latitude_E6520-20181112-121135.yml
Description: Binary data


[qubes-users] Qubes 4 - Debian 9 as SYS-NET and SYS-FIREWALL

2018-09-09 Thread Dominique St-Pierre Boucher
Good afternoon,

Is there a list of step to use Debian 9 as template for sys-net and 
sys-firewall...

Thanks...

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c83788fb-f9e4-45c4-bd51-ac4012d93434%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Cloudflare DNS-over-HTTPS in Qubes?

2018-04-03 Thread Dominique St-Pierre Boucher
Hi,

Is there a way to have a DNS proxy in the sys-net interface that try to use 
DNS-over-HTTPS at 1.1.1.1 (cloudflare) and if not working standard DNS with 
what was received by the DHCP.

Is it possible

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69f2a4e5-54fe-48e4-8c99-d85c3e52d238%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0-rc5 freez during configuration

2018-03-19 Thread Dominique St-Pierre Boucher
On Monday, March 19, 2018 at 11:16:02 AM UTC-4, Frédéric Pierret (fepitre) 
wrote:
> Le dimanche 18 mars 2018 20:13:27 UTC+1, Dominique St-Pierre Boucher a écrit :
> > On Sunday, March 18, 2018 at 10:22:06 AM UTC-4, Frédéric Pierret (fepitre) 
> > wrote:
> > > Le dimanche 18 mars 2018 15:18:50 UTC+1, Dominique St-Pierre Boucher a 
> > > écrit :
> > > > On Sunday, March 18, 2018 at 10:16:30 AM UTC-4, Frédéric Pierret 
> > > > (fepitre) wrote:
> > > > > Is it related to this: 
> > > > > https://github.com/QubesOS/qubes-issues/issues/3198 ?
> > > > 
> > > > unfortunately no, it freezes in the setting up networking phase...
> > > 
> > > To be sure this is not the same strange phenomena, try to boot the setup 
> > > with rd.driver.blacklist=nouveau nouveau.modeset=0 video=vesa:off
> > 
> > Unfortunately same issue.
> 
> so you succeeded in installing Qubes?

I used awokd solutions (disable wireless in the BIOS) and it works. Now I need 
to figure out why, after installation is complete, if I re-enable the card in 
the BIOS and attach it to sys-net, sys-net lose network connectivity 
completely... I will open another thread for that after I have proper time to 
test it!

Thanks for the help!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3376d734-f819-4ddc-a312-c79d40f701fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0-rc5 freez during configuration

2018-03-18 Thread Dominique St-Pierre Boucher
On Sunday, March 18, 2018 at 10:22:06 AM UTC-4, Frédéric Pierret (fepitre) 
wrote:
> Le dimanche 18 mars 2018 15:18:50 UTC+1, Dominique St-Pierre Boucher a écrit :
> > On Sunday, March 18, 2018 at 10:16:30 AM UTC-4, Frédéric Pierret (fepitre) 
> > wrote:
> > > Is it related to this: 
> > > https://github.com/QubesOS/qubes-issues/issues/3198 ?
> > 
> > unfortunately no, it freezes in the setting up networking phase...
> 
> To be sure this is not the same strange phenomena, try to boot the setup with 
> rd.driver.blacklist=nouveau nouveau.modeset=0 video=vesa:off

Unfortunately same issue.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bacb062d-4627-4d24-8a42-ee12b9e2bf60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0-rc5 freez during configuration

2018-03-18 Thread Dominique St-Pierre Boucher
On Sunday, March 18, 2018 at 10:16:30 AM UTC-4, Frédéric Pierret (fepitre) 
wrote:
> Is it related to this: https://github.com/QubesOS/qubes-issues/issues/3198 ?

unfortunately no, it freezes in the setting up networking phase...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9404cb2-af31-438b-8746-9b9c34d9820b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes 4.0-rc5 freez during configuration

2018-03-18 Thread Dominique St-Pierre Boucher
Hello, I tried to install Qubes 4.0-rc5 on my laptop. It freezes during the 
configuration phase. Mouse stop responding, unable to switch screen. Any idea?

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/294388f2-6db2-443d-81db-e9b4a4353ddc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Privacy in Qubes

2017-09-20 Thread Dominique St-Pierre Boucher
On Wednesday, September 20, 2017 at 8:27:40 AM UTC-4, cooloutac wrote:
> On Monday, September 18, 2017 at 11:02:50 PM UTC-4, Person wrote:
> > Let's say you have an online identity that you want to keep separate from 
> > your personal information. On Qubes, is it possible to keep i information 
> > completely separate without physical separation? I have considered using a 
> > separate OS virtualized in Qubes, but it may possibly leak the same device 
> > data. Multibooting with Qubes is also not the safest idea. 
> > 
> > What is the best way to keep online information from being traced back to 
> > you on Qubes?
> 
> Not really sure what you are asking, or what information specifically.   
> Keeping information separate is the general purpose of Qubes.  One vm doesn't 
> know what data is on the other one.
> 
> If you are talking about keeping your identity hidden from the internet.  
> Just don't let the vm connect to the internet?
> 
> As far as information like device id's,  that would depend on the program you 
> are connecting to the internet and if it gathers such information.  I really 
> don't know if what core linux processes do this.  Browsers prolly do yes?
> 
> In general, hiding your identity is not really something thats Qubes 
> specific.  Use multiple whonix qubes with tor browser?  Don't log in the same 
> online identities on the same vm?

If you are talking about the first the identity of your computer, that will 
always be the same hostname, mac address if you connect both vm through the 
same network card. If you have 2 network card (and different sys-net), you can 
maybe have the traffic through one card for one ID and the other ID through the 
other card but if you are using it at home on the same lan, I don't see the 
point. But doing it on a public wifi and using 2 differents network card (and 
different sys-net vm) you can have 2 different session on the same website and 
I don't see a way from the server side to figure out that you are doing it from 
the same computer.

Hope I make sense!!!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7cbe2c87-12c1-454c-bbd5-6c228cb879ad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: AMD and ME?

2017-09-01 Thread Dominique St-Pierre Boucher
On Friday, September 1, 2017 at 2:19:05 PM UTC-4, Sandy Harris wrote:
> Since the Management Engine (ME) is an Intel feature, can one avoid
> its risk by just buying an AMD-based machine? Or does AMD have a
> similar feature? Or lack some of the virualisation support Qubes
> relies on?
> 
> Perhaps some other sort of machine altogether?

AMD has the equivalent of Intel ME named AMD PSP. See info here:
https://libreboot.org/faq.html

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2938242-c0db-4e5b-bd3f-6ce3d5e34a10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: A worrisome threat? Kinda...

2017-08-30 Thread Dominique St-Pierre Boucher
On Wednesday, August 30, 2017 at 11:32:05 AM UTC-4, Alex wrote:
> On 08/30/2017 05:17 PM, wordswithn...@gmail.com wrote:
> >> Please also note that any remote administration command can only
> >> be received through networking, so proper firewalling (ipv6 may
> >> complicate things - prepare your studies in advance) and monitoring
> >> may help great lengths. Also, do avoid using x86-based
> >> firewalls/routers... ;)
> >> 
> >> -- Alex
> > 
> > Just to be clear for beginners - this means that if you're running
> > Qubes on an x86 processor, you cannot trust Qubes as a firewall to
> > prevent IME remote administration.
> > 
> > You would need a separate device to act as a firewall. Most routers
> > have recently been shown to be compromised in similar ways. It will
> > be difficult, but should be possible, to find a device that is secure
> > given current knowledge.
> > 
> 
> You are right. With "proper firewalling" I was implying separate
> physical hardware, and that was the basis for "avoid x86 based firewalls".
> 
> There's no isolation benefit with a software firewall if the remote
> administration packets are received by the local network adapter, since
> the "zombie RAT fungus" (Intel ME) fiddles with PCI devices on its own.
> 
> -- 
> Alex

Does AMD or ARM motherboard have similar feature(like Intel ME)?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/435d58b8-05cc-4113-aa81-4d423a65587e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] How to create a minimal template of Debian and Fedora on Qubes 4.0-rc1

2017-08-10 Thread Dominique St-Pierre Boucher
Good morning,

I was able to install Qubes 4.0-rc1. I am happy with the result so far.

I would like to be able to create a minimal template for Debian and Fedora. Is 
there an how-to or some documentation?

Also, is there a way to trim the template on this version?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac23cc18-1d0c-428e-bbaf-bc6b86bb1412%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Is it possible to change sys-net's network class in case of collisions with VPN networks?

2017-06-29 Thread Dominique St-Pierre Boucher
On Thursday, June 29, 2017 at 11:49:39 AM UTC-4, Chris Laprise wrote:
> On 06/28/2017 02:05 PM, Dominique St-Pierre Boucher wrote:
> > On Wednesday, June 28, 2017 at 12:10:44 PM UTC-4, peterw...@gmail.com wrote:
> >> Hi I have a VPN which uses 10.0.0.0/8 this makes collisions with all the 
> >> subnets that sys-net uses, I was wondering if I could switch out the 
> >> networks and use a class B network instead.
> >>
> >> Let me know if this info is not sufficient, I am going home from work so 
> >> I'm in a hurry :P
> >>
> >> Thanks for your time.
> >>
> >> Best regards,
> >> Petur.
> >
> > I am also interested by this request. I have no idea how to change this!
> >
> > Dominique
> >
> 
> Seems the definition of a /8 block could be the cause; this looks sloppy 
> on the part of the VPN service provider.
> 
> You could monitor the logs of your VPN client to see what ip/route 
> commands are being pushed down (assuming a protocol similar to openvpn) 
> and then add an override to the local config that uses a more specific 
> block like /16. But you have to consider if there are many (addressable 
> to you) hosts on that VPN net and if their effective host addresses 
> range beyond 16 bits; there probably aren't but if so then this solution 
> may not work.
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

Hi Chris,

I work for a big company and the use 10.0.0.0/8 for the internal network. 
Multiple Site with all 10.x.0.0/16 network. Impossible to have that changed. 

All I want, is to change the base IP adressing scheme for the Qubes VM!

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13b977bf-4f98-43f8-9ef0-18148b04f083%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Is it possible to change sys-net's network class in case of collisions with VPN networks?

2017-06-28 Thread Dominique St-Pierre Boucher
On Wednesday, June 28, 2017 at 12:10:44 PM UTC-4, peterw...@gmail.com wrote:
> Hi I have a VPN which uses 10.0.0.0/8 this makes collisions with all the 
> subnets that sys-net uses, I was wondering if I could switch out the networks 
> and use a class B network instead.
> 
> Let me know if this info is not sufficient, I am going home from work so I'm 
> in a hurry :P
> 
> Thanks for your time.
> 
> Best regards,
> Petur.

I am also interested by this request. I have no idea how to change this!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99c82a98-0af6-4fc0-9605-6140c5d1fd2a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Debian Buster repo

2017-06-23 Thread Dominique St-Pierre Boucher
Hello,

Anyone switched their template from Stretch to Buster? I want to try but there 
is no qubes repo for it!!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55b8af7d-0b5d-4c93-89e1-8b3292b8843e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Weird SSL issues

2017-06-07 Thread Dominique St-Pierre Boucher
On Wednesday, June 7, 2017 at 12:57:35 PM UTC-2:30, Unman wrote:
> On Wed, Jun 07, 2017 at 04:43:18PM +0200, Bernhard wrote:
> > 
> > > Hello Qubes community!
> > >
> > > I have a weird issue with SSL (HTTPS) access. 
> > >
> > > Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal 
> > > sys-firewall. Any app-vm running Fedora 24 or Debian 9 (have not tested 
> > > any other) have issues connecting to https sites with Chrome, Chromium or 
> > > Firefox-esr. Sometimes it works, sometimes not...
> > >
> > > I have tested on numerous wired and wireless network with the same result.
> > >
> > > Please help me figure this out!
> > >
> > > Dominique
> > >
> > Hello, I sometimes have SSL issues that all from the fact that the time
> > in the appvm are wrong (sometimes even in the future) - although dom0 is
> > accurately set up. If you have a cure to that (especially for debian) I
> > am interested ... maybe you experience the same problem? Bernhard
> > 
> 
> Dominique
> 
> Is this something new, or have you always had this problem?
> 
> Have you updated your kernel in the VMs? If so, there's a known issue
> affecting SSL. Try changing the kernel that you are using in the qubes
> to an earlier version and see if that helps.
> 
> unman

Thanks for the quick answer. Do I change the kernel in the sys-net / 
sys-firewall or on the app-vm or both?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b29a0d8d-bb9a-400b-9556-17867112e8a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Weird SSL issues

2017-06-07 Thread Dominique St-Pierre Boucher
Hello Qubes community!

I have a weird issue with SSL (HTTPS) access. 

Here is my setup: Debian 9 minimal sys-net - Fedora 24 minimal sys-firewall. 
Any app-vm running Fedora 24 or Debian 9 (have not tested any other) have 
issues connecting to https sites with Chrome, Chromium or Firefox-esr. 
Sometimes it works, sometimes not...

I have tested on numerous wired and wireless network with the same result.

Please help me figure this out!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db501baf-181e-4aea-a13c-d80da03fde14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Wifi not reconnecting after sleep

2017-05-21 Thread Dominique St-Pierre Boucher
On Saturday, May 20, 2017 at 7:00:14 PM UTC-4, Reg Tiangha wrote:
> On 05/20/2017 04:53 PM, Reg Tiangha wrote:
> > On 05/20/2017 08:23 AM, Dominique St-Pierre Boucher wrote:
> >> Hello Qubes users
> >>
> >> Everything was working fine until updates were installed a couples of week 
> >> back. I was unable to get wifi access back after a sleep. My sys-net vm 
> >> use a minimal debian stretch template and I never had a sleep issue before.
> >>
> >> I have included part of the syslog after the sleep. I you need more info, 
> >> I still have the full syslog.
> >>
> >> Anyone have seen this before?
> > What version of the kernel are you running?
> >
> > To find out, open up a terminal in dom0 and type in
> >
> > uname -r
> >
> >
> And do it in sys-net as well, in case you're running different kernels
> between the two for whatever reason.

Same Kernel!!! 4.9.28-16.pvops.qubes.x86_64

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10589c2c-0d41-4f16-9cfb-4aa2db29aaf2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Wifi not reconnecting after sleep

2017-05-20 Thread Dominique St-Pierre Boucher
Hello Qubes users

Everything was working fine until updates were installed a couples of week 
back. I was unable to get wifi access back after a sleep. My sys-net vm use a 
minimal debian stretch template and I never had a sleep issue before.

I have included part of the syslog after the sleep. I you need more info, I 
still have the full syslog.

Anyone have seen this before?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3618a66-cf47-4dc2-aaa1-581de88c35fc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
May 19 20:37:35 localhost kernel: [  190.118366] IPv6: ADDRCONF(NETDEV_UP): 
wlan0: link is not ready
May 19 20:37:35 localhost kernel: [  190.120769] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:35 localhost kernel: [  190.121832] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:40 localhost kernel: [  195.551126] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:37:40 localhost kernel: [  195.551138] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:37:40 localhost kernel: [  195.551151] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:37:40 localhost kernel: [  195.551155] iwlwifi :00:01.0: Failed 
to run INIT ucode: -110
May 19 20:37:40 localhost NetworkManager[521]:  [1495240660.7219] 
platform-linux: do-change-link[3]: failure changing link: failure 110 
(Connection timed out)
May 19 20:37:40 localhost NetworkManager[521]:   [1495240660.7222] device 
(wlan0): set-hw-addr: set MAC address to B2:F3:BC:27:26:7B (scanning)
May 19 20:37:40 localhost NetworkManager[521]:   [1495240660.7238] 
manager: NetworkManager state is now DISCONNECTED
May 19 20:37:40 localhost NetworkManager[521]:   [1495240660.7239] audit: 
op="sleep-control" arg="off" pid=1290 uid=0 result="success"
May 19 20:37:40 localhost kernel: [  195.566763] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:40 localhost kernel: [  195.568226] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:45 localhost kernel: [  200.671177] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:37:45 localhost kernel: [  200.671220] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:37:45 localhost kernel: [  200.671266] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:37:45 localhost kernel: [  200.671290] iwlwifi :00:01.0: Failed 
to run INIT ucode: -110
May 19 20:37:45 localhost wpa_supplicant[482]: Could not set interface wlan0 
flags (UP): Connection timed out
May 19 20:37:45 localhost wpa_supplicant[482]: nl80211: Could not set interface 
'wlan0' UP
May 19 20:37:45 localhost wpa_supplicant[482]: nl80211: deinit ifname=wlan0 
disabled_11b_rates=0
May 19 20:37:45 localhost kernel: [  200.682871] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:45 localhost kernel: [  200.683990] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:37:50 localhost kernel: [  205.791500] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:37:50 localhost kernel: [  205.791557] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:37:50 localhost kernel: [  205.791614] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:37:50 localhost kernel: [  205.791647] iwlwifi :00:01.0: Failed 
to run INIT ucode: -110
May 19 20:37:50 localhost wpa_supplicant[482]: Could not set interface wlan0 
flags (UP): Connection timed out
May 19 20:37:50 localhost wpa_supplicant[482]: WEXT: Could not set interface 
'wlan0' UP
May 19 20:37:50 localhost NetworkManager[521]:  [1495240670.9673] 
sup-iface[0x7f88f40048d0,wlan0]: error adding interface: wpa_supplicant 
couldn't grab this interface.
May 19 20:37:50 localhost wpa_supplicant[482]: wlan0: Failed to initialize 
driver interface
May 19 20:37:50 localhost NetworkManager[521]:   [1495240670.9675] device 
(wlan0): supplicant interface state: starting -> down
May 19 20:38:01 localhost NetworkManager[521]:   [1495240681.1774] device 
(wlan0): re-acquiring supplicant interface (#1).
May 19 20:38:01 localhost kernel: [  216.019459] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:38:01 localhost kernel: [  216.020586] iwlwifi :00:01.0: L1 
Enabled - LTR Enabled
May 19 20:38:06 localhost kernel: [  221.151097] iwlwifi :00:01.0: Failed 
to load firmware chunk!
May 19 20:38:06 localhost kernel: [  221.15] iwlwifi :00:01.0: Could 
not load the [0] uCode section
May 19 20:38:06 localhost kernel: [  221.151126] iwlwifi :00:01.0: Failed 
to start INIT ucode: -110
May 19 20:38:06 localhost kernel: [  221.151132] iwlwifi 

Re: [qubes-users] Win7 template serial number activation

2017-04-26 Thread Dominique St-Pierre Boucher
On Wednesday, April 26, 2017 at 9:00:27 AM UTC-4, Francesco wrote:
> @Zrubi
> 
> 
> 
> On Wed, Apr 26, 2017 at 9:51 AM, Dominique St-Pierre Boucher 
> <domin...@gmail.com> wrote:
> 
> 
> On Wednesday, April 26, 2017 at 2:19:24 AM UTC-4, Laszlo Zrubecz wrote:
> 
> > -BEGIN PGP SIGNED MESSAGE-
> 
> > Hash: SHA256
> 
> >
> 
> > On 04/26/2017 01:44 AM, Franz wrote:
> 
> > > Hello friends, I need to install Win7 for the first time after
> 
> > > years and wonder if it is possible to activate a template Win7 with
> 
> > > the proper serial number and then have child VMs that are already
> 
> > > activated and keep so over time.
> 
> >
> 
> > Short answer: No, you better create a HVM
> 
> >
> 
> >
> 
> > Details:
> 
> > Depends on your licence - but in general the activation are bound to
> 
> > your hardware - Virtual Machine in case Qubes.
> 
> >
> 
> > If you activate your template, that will be permanent. And at least you
> 
> > will be fine with updating windows.
> 
> >
> 
> > However if you create an AppVM using this template, windows will see
> 
> > another hardware and asking for an activation. Even if you activate this
> 
> > instance you will lost that state by rebooting it.
> 
> >
> 
> > In practice this will not limiting you using template based Windows VMs.
> 
> > At least technically.
> 
> >
> 
> > Not sure how long you can run an unactivated windows before start poking
> 
> > you about this fact.
> 
> >
> 
> 
> 
> Many thanks Zrubi for your very detailed answer. Reading your explanation I 
> remembered that once was able to use a non-Qubes windows installation even if 
> it was not activated. So imagine that the same may be done with template 
> childs, particularly if they are somehow created anew after every reboot. So 
> this may be an acceptable compromise.
> 
> 
> 
> 
> > For a legal solution - ask your windows licencing expert ;)
> 
> 
> 
> 
> I imagine that even Microsoft representatives do not know the reply 
> 
> 
> >
> 
> >
> 
> > - --
> 
> > Zrubi
> 
> >
> 
> >
> 
> > -BEGIN PGP SIGNATURE-
> 
> > Version: GnuPG v2
> 
> >
> 
> > iQIcBAEBCAAGBQJZADvgAAoJEH7adOMCkunmB7UQAJk68yVp2oNfIWDs/NsZyliY
> 
> > r8mftxdcZFiqzr6MlCyu/QGR4lKeV5DxjMoXoIx3Ms9IXM2DBE6tM/i7t0pT4bds
> 
> > gYgQ749LuzOYN7wa4c9aYK0Q2K6+0yJs/Oykhqpyjb8M3MAXmUuISu/6bnt4KyHJ
> 
> > yuIeTbEeLY+xuAI/nYJCP0WMfZDbmjQPsFuimDnxcXyB8xPdEOJ1kJp6TQ2soML9
> 
> > bdETCO4G/9Dzrl2dbfK/Rfz3r/Z5TbvvWTWegyezRkLriaj/xgLtBZEGtFVAsRHR
> 
> > gamESfnXB5LHW/nOKYJYhS4j0nZrcfL6vfvgonAOZTTxWf4tZrZKsgC2kYOiOIU6
> 
> > zUyx4Fw7qjj3RM08gGtV+lKLkouebmgFWYIxfrbuRWsTT41w1+WXoYQIG3UR6W0r
> 
> > kYIbNeAGIwaZXrlwvjUk4cFfqLGErUr7S8BoV66NqoQQ7aniNbOphZ2IeBnYpmrc
> 
> > O/Ir9vaEzH0zU4isn3mx78dzG350PgcMd1K0UicdyDpblh5q2aqHaFtgbYxd4sYl
> 
> > wF+aNOOG5i3RQN3AckdbA/BlPRf4UDXd7Evv1nf03h0M0N9jkhC4VhgNm0OF39f/
> 
> > 3ENYu8qTJ7PYdzhORe8rSeBckpJuUcByGAgTcflvrf5DLTC7q0s6UZqbr2iF0zqj
> 
> > j5bBTix3j3fNX1k4IkpQ
> 
> > =J5AW
> 
> > -END PGP SIGNATURE-
> 
> 
> 
> Is there really such thing as a Micro$oft licensing expert? License term 
> change all the time. Refering you to a website that can be change after 
> you've accepted the EULA...
> 
> 
> 
> In theory, when you reboot your VM, it should look like a new install so 
> every time you reboot, it should work?!?!?!
> 
> 
> 
> I just finished installing a Windows 7 template. I will do some test!
> 
> 
> 
> 
> 
> Yes, let us know Dominique, thanks 
> 
> 
> Dominique
> 
> 
> 
> --
> 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> 
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users...@googlegroups.com.
> 
> To post to this group, send email to qubes...@googlegroups.com.
> 
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/222af6be-b129-4eb8-a482-d652f0fd3eda%40googlegroups.com.
> 
> 
> 
> For more options, visit https://groups.google.com/d/optout.

Preliminary test with Windows 7 Pro and a MAK key installed in the template:
- when I start the appvm, it activates with the proper MAK key with no issue
- I think that retail or OEM are different.

Can someone confirm?

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f5715477-7ae6-4ead-b560-b02ee1f79766%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Win7 template serial number activation

2017-04-26 Thread Dominique St-Pierre Boucher
On Wednesday, April 26, 2017 at 2:19:24 AM UTC-4, Laszlo Zrubecz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 04/26/2017 01:44 AM, Franz wrote:
> > Hello friends, I need to install Win7 for the first time after
> > years and wonder if it is possible to activate a template Win7 with
> > the proper serial number and then have child VMs that are already
> > activated and keep so over time.
> 
> Short answer: No, you better create a HVM
> 
> 
> Details:
> Depends on your licence - but in general the activation are bound to
> your hardware - Virtual Machine in case Qubes.
> 
> If you activate your template, that will be permanent. And at least you
> will be fine with updating windows.
> 
> However if you create an AppVM using this template, windows will see
> another hardware and asking for an activation. Even if you activate this
> instance you will lost that state by rebooting it.
> 
> In practice this will not limiting you using template based Windows VMs.
> At least technically.
> 
> Not sure how long you can run an unactivated windows before start poking
> you about this fact.
> 
> For a legal solution - ask your windows licencing expert ;)
> 
> 
> - -- 
> Zrubi
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQIcBAEBCAAGBQJZADvgAAoJEH7adOMCkunmB7UQAJk68yVp2oNfIWDs/NsZyliY
> r8mftxdcZFiqzr6MlCyu/QGR4lKeV5DxjMoXoIx3Ms9IXM2DBE6tM/i7t0pT4bds
> gYgQ749LuzOYN7wa4c9aYK0Q2K6+0yJs/Oykhqpyjb8M3MAXmUuISu/6bnt4KyHJ
> yuIeTbEeLY+xuAI/nYJCP0WMfZDbmjQPsFuimDnxcXyB8xPdEOJ1kJp6TQ2soML9
> bdETCO4G/9Dzrl2dbfK/Rfz3r/Z5TbvvWTWegyezRkLriaj/xgLtBZEGtFVAsRHR
> gamESfnXB5LHW/nOKYJYhS4j0nZrcfL6vfvgonAOZTTxWf4tZrZKsgC2kYOiOIU6
> zUyx4Fw7qjj3RM08gGtV+lKLkouebmgFWYIxfrbuRWsTT41w1+WXoYQIG3UR6W0r
> kYIbNeAGIwaZXrlwvjUk4cFfqLGErUr7S8BoV66NqoQQ7aniNbOphZ2IeBnYpmrc
> O/Ir9vaEzH0zU4isn3mx78dzG350PgcMd1K0UicdyDpblh5q2aqHaFtgbYxd4sYl
> wF+aNOOG5i3RQN3AckdbA/BlPRf4UDXd7Evv1nf03h0M0N9jkhC4VhgNm0OF39f/
> 3ENYu8qTJ7PYdzhORe8rSeBckpJuUcByGAgTcflvrf5DLTC7q0s6UZqbr2iF0zqj
> j5bBTix3j3fNX1k4IkpQ
> =J5AW
> -END PGP SIGNATURE-

Is there really such thing as a Micro$oft licensing expert? License term change 
all the time. Refering you to a website that can be change after you've 
accepted the EULA...

In theory, when you reboot your VM, it should look like a new install so every 
time you reboot, it should work?!?!?!

I just finished installing a Windows 7 template. I will do some test!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/222af6be-b129-4eb8-a482-d652f0fd3eda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Compromise recovery on Qubes OS

2017-04-26 Thread Dominique St-Pierre Boucher
On Wednesday, April 26, 2017 at 7:40:24 AM UTC-4, Joanna Rutkowska wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Hello,
> 
> Just a FYI that we have recently implemented a so called "Paranoid Mode" 
> backup
> recovery for Qubes OS. Arguably this is a new approach to dealing with full
> system compromises (thanks to Qubes architecture (TM)).
> 
> The packages for Qubes 3.2 that bring this functionality are currently in the
> qubes-dom0-current-testing repository [1]. Note that you need these packages 
> on
> a fresh system where you want to restore to, and only there.
> 
> I also wrote a post [2] explaining the rationale for this, as well as how it 
> is
> implemented, and what are still the limitation in 3.2, and how these will gone
> in 4.0. The post also touches on AppVM compromise recovery challenges and how
> Qubes OS might help here also.
> 
> Of course I wish we all didn't have to use this feature too often... :/
> 
> Cheers,
> joanna.
> 
> [1] https://github.com/QubesOS/qubes-issues/issues/2737
> [2] https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCAAGBQJZAIceAAoJEDOT2L8N3GcYGxgQAKMdaO/1VBOXh8RD4kMmiS7K
> KTHvQuU+V0iP20KHSEh9kt/QSM2DV9ru7hIfNNo44LlU2dxDLJ6NFtykC6bZvdjN
> Vk93f2iOaRSrKclwEXRaa/Bo399ZE0pMXOO4alHHaMerYkFCn4WEtwYQB8mclgyI
> TvaF9X+EUdpa7DZsO4wHONYqLu722wvjprDHnAyQjYwyrhdiRXEmABCr6FkT5Dx/
> isRJR7JIOTyt1Fa80oqwjyaA+6RxCoBjM4IjqIhxHs6ebAgnNd7vRpbZglqnEVi7
> CWYMqYxm83F1mO/W+GqufIXw2UvRF1RyHl4hRVfEtjltwZpvsgFUMofHcTAQzM2X
> 1GGMXM+8Di+1lYmPJf4rM4FzkYvUL/DlA+BMPRWRw05hCsBvn+t0AjLUOa7RgSlH
> Vr3fLAdpFCSAvkunc/tM9DHcR7UyWiRU/4WS9Fdl2U1ekaqPxMToNLF/FFfYT2y1
> HTMkhX9rAgZvIynmbpH1yjaKVJgGSfLI/U9Il/1OETWO4p0b+iXuEM2HZQ/Oqwz3
> qYf+LCWAJRWokf46E7YIPmO4OhMD29EjgUyCEX6nFJWGI4Lx7EBB+coRlm7Nm6P1
> mNZM5wnkCLVF47l6RL5+uiHQjvDaOxNefIchMAiLY4yeERdgoJJlo+DGdbdsX5KC
> spbT/xcjj1p2DkLbIWDK
> =deyL
> -END PGP SIGNATURE-

Wow!!! Just incredible. Excellent work. What a nice feature that I hope I will 
never have to use.

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5422398c-388a-46fc-9ad5-0f6979d0e400%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] say it out (loud) - Qubes OS Stickers

2017-04-21 Thread Dominique St-Pierre Boucher
On Friday, April 21, 2017 at 6:38:35 PM UTC-4, cooloutac wrote:
> On Friday, April 21, 2017 at 9:06:04 AM UTC-4, Jean-Philippe Ouellet wrote:
> > On Fri, Apr 21, 2017 at 8:16 AM, Franz <169...@gmail.com> wrote:
> > > On Thu, Apr 20, 2017 at 7:57 PM, cooloutac  wrote:
> > >> On Thursday, April 20, 2017 at 6:07:45 PM UTC-4, Francesco wrote:
> > >> > On Thu, Apr 20, 2017 at 4:16 PM, J. Eppler 
> > >> > I really like the simple design from Brennan Novak.
> > >> >
> > >> > Writing on a sticker "a reasonable secure operating system" is very
> > >> > rational and balanced, but is too long to find its place close to the
> > >> > keyboard. Perhaps just a single word coupled with the logo, like 
> > >> > "secure" or
> > >> > "secured" or "security" or something similar.
> > >>
> > >> "somewhat secure"
> > >
> > > "Security Focus"
> > 
> > That invokes thoughts of something specific and different:
> > http://www.securityfocus.com/ & the mailing lists there like Bugtraq.
> > Not exactly Qubes...
> 
> I meant to shorten it to just "reasonably secure",  I would def buy stickers 
> just for the logo to stick on my pc.  paypal hopefully.

I would love a big logo like the one on the Twitter post in 2015. I would also 
like to have a small on to cover that windows logo on the keyboard... I would 
also like one with "Qubes inside"...

So enough with what I would like... What can we do to get some done!!!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04f7d18a-a417-4e06-8929-7ed25a5b3572%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - HP Probook 450 G3

2017-04-20 Thread Dominique St-Pierre Boucher
Running template:
Debian 8
Debian 8 minimal
Debian 9
Debian 9 minimal
Fedora 24
Fedora 24 minimal
Xenial

Running HVM
Windows 10
Windows 7

No problem to report

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAHRxXHsagRZnEup%2BLbaDp-1c0%3DFOECV%2BcomLzXojSRfXQEPbMQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-HP-HP_ProBook_450_G3-20170420-101832.yml
Description: application/yaml


Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-15 Thread Dominique St-Pierre Boucher
On Saturday, April 15, 2017 at 3:06:52 PM UTC-4, qubenix wrote:
> peter...@hushmail.com:
> > 
> > Is there a script to randomize hostname on each boot?
> > 
> I think blank hostname is better than randomized. How would it be
> randomized: dictionary words, rng, cycling popular hostnames, etc.? Your
> randomization method may make you more identifiable than blank.
> 
> -- 
> qubenix
> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

I was looking to use the Windows 10 naming patern for new computer:
DESKTOP-XXX (7 random alphanumeric character)

That would be Good

:)

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20e07325-7a60-44b3-a91f-844eb900d527%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Anbox?

2017-04-14 Thread Dominique St-Pierre Boucher
On Friday, April 14, 2017 at 11:32:51 AM UTC-4, Vít Šesták wrote:
> Alex, have you tried to debug it with strace or something similar? Maybe 
> there is some unlisted dependency…
> 
> OpenGL should work on Qubes through llvmpipe. Although its performance is not 
> perfect, it should suffice for many Android apps. Except that I had problems 
> with OpenGL (error message like “missing OpenGL”) when trying to run Android 
> apps in Chromium, but I haven't seen such problem in any other case, 
> including those that surely do use OpenGL.
> 
> Regards,
> Vít Šesták 'v6ak'

I built an ubuntu template to try to install anbox but unfortunately, it tries 
to create kernel module through DKMS and failed... I am not knowledgeable 
enough to try to fix this issue.

Dominique 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/950677ba-b06b-4261-87ae-29cbbcd3b8e1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-11 Thread Dominique St-Pierre Boucher
On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote:
> qubenix:
> > Andrew David Wong:
> >> On 2017-04-09 15:25, Joonas Lehtonen wrote:
> >>> Hi,
> >>
> >>> if you setup MAC randomization via network manager in a debian 9
> >>> template as described here:
> >>> https://www.qubes-os.org/doc/anonymizing-your-mac-address/
> >>> you still leak your hostname.
> >>
> >>> Once your MAC address is randomized you might also want to prevent the
> >>> disclosure of your netvm's hostname to the network, since "sys-net"
> >>> might be a unique hostname (that links all your random MAC addresses and
> >>> the fact that you likely use qubes).
> >>
> >>> To prevent the hostname leak via DHCP option (12):
> >>> - start the debian 9 template
> >>> - open the file /etc/dhcpd/dhclient.conf
> >>> - in line number 15 you should see "send host-name = gethostname();"
> >>> - comment (add "#" at the beginning) or remove that line and store the 
> >>> file
> >>> - reboot your netvm
> >>
> >>> I tested the change via inspecting dhcp requests and can confirm that
> >>> the hostname is no longer included in dhcp requests.
> >>
> >>
> >> Thanks. Added as a comment:
> >>
> >> https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-292843628
> >>
> >>
> > 
> > Nice. I was just thinking about this after spending some time on my
> > routers interface. Thanks for the post!
> > 
> 
> After testing this, 'sys-net' still shows up on my router interface.
> 
> -- 
> qubenix
> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

Did the same test and got the same result.

Anyone has a solution? I can always change my hostname for something else, but 
I would prefer not sending the hostname or finding a way to randomize it!!!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec2607a9-c361-4043-b219-76e349f4a790%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: can we have debian-minimal?

2017-03-23 Thread Dominique St-Pierre Boucher
I was able to build a jessie minimal template but not a stretch one. So I 
decided to clone it and upgrade the template. I ran into a lot of issues with 
that. The way I was able to finally do it was to enable the qubes-testing repo 
for stretch before the updgrade and doing the upgrade from the console (sudo xl 
console [vm_name]).

Now I have a working jessie and stretch template.

I have to do it again on my other qubes computer. I will try to post a 
step-by-step how to!!!

Dominique

The build for stretch di
On Thursday, March 23, 2017 at 3:13:27 AM UTC-4, Vít Šesták wrote:
> Well, you have simplified it too much. It seems to be basically equivalent to 
> curl http://… | sudo bash. (AFAIK, there is no authentication when using 
> git:// URL.) The signature verification mentioned on the page is there for a 
> reason – you should not run the code without knowing it has not been altered.
> 
> It would be even better to use either https;// URL or SSH URL, as they 
> authenticate the transport. This can somehow mitigate attacker providing you 
> an old version with known vulnerabilities.
> 
> Regards,
> Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0dec225-960e-44dd-b98b-142229b06cc4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: VLAN to AppVM ?

2017-03-22 Thread Dominique St-Pierre Boucher
Interesting question, I don't think that will work right out of the box... I 
would suggest having a second network card with a second netvm in order to do 
this easily... But I would love to have a netvm that could redirect to 
different Firewallvm based on vlan!

Dominique
On Wednesday, March 22, 2017 at 8:10:47 AM UTC-4, Marcus Dilger wrote:
> Hello,
> i try to connect a group of AppVMs to different VLAN Networks. The VLAN 
> networks are available at the physical network adapter (LAN Adapter).
> 
> What i have done :
> Setup up an VLAN Interface in the netVM via NetworkManager, that Interface is 
> already visible via ifconfig and also get a IP from the DHCP Server of the 
> VLAN.
> 
> But i have no idea how to connect a sys-firewall / proxy vm to that 
> additional VLAN interface of the netVM ? Is that the best approach at all ? 
> Or maybe it is possible to have multiple netVM for each VLAN ?
> 
> Thank you,
> best
> Marcus

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fad28791-94b1-44a8-804b-1d6bd767baf8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: can we have debian-minimal?

2017-03-19 Thread Dominique St-Pierre Boucher
On Sunday, March 19, 2017 at 5:51:39 AM UTC-4, tnt_b...@keemail.me wrote:
> hi there,
> 
> fedora minimal is great idea to have inside Qubes, i wonder why we dont have 
> debian minimal as well inside Qubes ?
> 
> (debian-qubes has many packages which r not necessary to be installed e.g 
> printing packages. tho, it will be nice to install the needed packages from 
> the user pleasures not by default.)
> 
> Thanks

This would be wonderful. I tried to create one by removing some package but not 
a big impact on space or memory usage.

I will follow this thread with interest!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c2165f0-065c-4dfe-b1b9-2acba0a339fa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Alternate net-vm

2017-03-16 Thread Dominique St-Pierre Boucher
On Thursday, March 16, 2017 at 8:33:49 AM UTC-4, Chris Willard wrote:
> Hello All,
> 
> Does anyone use an alternate net-vm and have any notes on setting it
> up as I am having problems with internet connection? I am going to try
> getting it going but wondered if there was an alternative!
> 
> Regards,
> 
> Chris

Good morning,

I did change the net-vm with a Debian 9 template that I created for that. I 
followed the instruction here: 

https://www.qubes-os.org/doc/anonymizing-your-mac-address/
https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/

I created a template only for the net-vm since I already had a Debian 9 
template with a lot of package not needed for net-vm

Hope you succeed!

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05ea0766-82dd-4ec3-9dff-b2580f7780af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Anonymizing hostname

2017-02-28 Thread Dominique St-Pierre Boucher
Thanks for your code. I will try to use it with /dev/urandom to generate a 
random hostname...

I will post my findings

Dominique

On Tuesday, February 28, 2017 at 11:24:31 AM UTC-5, steve.coleman wrote:
> On 02/27/2017 03:48 PM, Dominique St-Pierre Boucher wrote:
> > Hello,
> >
> > I have setup the mac address change for qubes 3.2 with debian 9 as my 
> > sys-net.
> >
> > I am trying to figure out a way to randomize the hostname that is sent to 
> > the DHCP server. This is in an effort to minimize the risk of os 
> > identification.
> 
> I'm not quite sure why you need to hide you hostname on your local DHCP 
> network. Is the purpose so that you "feel" more hidden? Anyone running 
> p0f on your local network will guess your OS regardless of your 
> IP/MAC/hostname randomization, and people outside your domain won't have 
> your MAC or DHCP hostname, just your IP unless you/IT publish your name 
> through DNS to the outside.
> 
> 
> But, You could try:
> 
> sys-net>$ nmcli general hostname
> <<< mine was empty
> sys-net>$ sudo nmcli general hostname xyzpdq.nowhere.com
> sys-net>$ sudo systemctl restart systemd-hostnamed
> sys-net>$ nmcli general hostname
> xyzpdq.nowhere.com
> sys-net>$ cat /etc/hostname
> xyzpdq.nowhere.com
> 
> 
> You may need to disconnect and reconnect to get the DHCP server lease to 
> acknowledge a change. Mine did not propagate to DNS right away but 
> eventually did.
> 
> nmcli --help
> 
> > Dominique
> >

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c01fa087-731c-4186-85b7-c2a3257ddf58%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Anonymizing hostname

2017-02-27 Thread Dominique St-Pierre Boucher
Hello,

I have setup the mac address change for qubes 3.2 with debian 9 as my sys-net.

I am trying to figure out a way to randomize the hostname that is sent to the 
DHCP server. This is in an effort to minimize the risk of os identification.

Can you help?

Can you think of anything else to protect the id of the OS?

Thanks

Dominique

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46437ad8-dfee-417e-919e-b44fe3cbd2cd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?

2017-02-13 Thread Dominique St-Pierre Boucher
Got it!!!

The package qubes-template-minimal-stub prevent the install of tinyproxy.

In order to do that, you have to install with the full package name:

sudo dnf install tinyproxy.x86_64

I don't know if you have to do something else but it worked for me!!!

Dominique!

On Monday, February 13, 2017 at 9:04:17 PM UTC-5, Dominique St-Pierre Boucher 
wrote:
> What do you mean, forcing install by version number?
> 
> I looked into the difference between the minimal and the full version of the 
> template... Missing the tinyproxy.conf file and missing 2 lines in the 
> iptables:
> -A PR-QBS-SERVICES -d 10.137.1.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j 
> REDIRECT
> -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT
> 
> Did I missed a step somewhere?
> 
> Thanks Dominique
> On Monday, February 13, 2017 at 6:41:55 PM UTC-5, Unman wrote:
> > On Mon, Feb 13, 2017 at 10:59:14PM +, Unman wrote:
> > > On Mon, Feb 13, 2017 at 12:00:40PM -0800, Dominique St-Pierre Boucher 
> > > wrote:
> > > > Hello,
> > > > 
> > > > I have the exact same issue!!! Tinyproxy does not seems to work 
> > > > correctly and I never worked with TinyProxy before.
> > > > 
> > > > Please Help
> > > > 
> > > > Thanks
> > > > 
> > > > Dominique
> > > > 
> > > > On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote:
> > > > > Hello,
> > > > > 
> > > > > I am running Qubes 3.2 on a laptop smoothly for some days. Following 
> > > > > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to 
> > > > > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on 
> > > > > Fedora-24 by new ones based on Fedora-24-minimal.
> > > > > 
> > > > > Default minimal template works perfectly as a ProxyVM. Cloned 
> > > > > template 
> > > > > with network device firmware and recommended packages effectively 
> > > > > provide an internet connection but does not allow updates of 
> > > > > TemplateVMs.
> > > > > 
> > > > > As a workaround, it is possible to update those TemplateVMs using 
> > > > > sys-whonix as NetVM. Another workaround is to use the default netVM 
> > > > > based on fedora-23 while keeping the default fedora-24-minimal as 
> > > > > firewall.
> > > > > 
> > > > > Any idea on how to setup the new NetVM to allow those updates without 
> > > > > those workarounds?
> > > > > 
> > > > > Thanks
> > > > 
> > > 
> > > If I remember the qubes-stub package stops straightforward installation
> > > of many of the netvm packages. I assume you worked around this issue.
> > > 
> > > The obvious places to look are:
> > > "iptables -L -nv" to ensure that you have an INPUT rule allowing traffic
> > > to the tinyproxy.
> > > And "systemctl status qubes-updates-proxy" to see what the status of
> > > tinyproxy is.
> > > 
> > > Look at those outputs and you may be able to see the problem.
> > > 
> > > unman
> > 
> > I've just run through the configuration, forcing installs by using the
> > version number, and it works fine.
> > Don't forget that you have to enable the qubes-update-proxy service:
> > qvm-service  -e  qubes-update-proxy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4865210-be72-48c8-837c-ab415a2efbb9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?

2017-02-13 Thread Dominique St-Pierre Boucher
What do you mean, forcing install by version number?

I looked into the difference between the minimal and the full version of the 
template... Missing the tinyproxy.conf file and missing 2 lines in the iptables:
-A PR-QBS-SERVICES -d 10.137.1.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j 
REDIRECT
-A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT

Did I missed a step somewhere?

Thanks Dominique
On Monday, February 13, 2017 at 6:41:55 PM UTC-5, Unman wrote:
> On Mon, Feb 13, 2017 at 10:59:14PM +, Unman wrote:
> > On Mon, Feb 13, 2017 at 12:00:40PM -0800, Dominique St-Pierre Boucher wrote:
> > > Hello,
> > > 
> > > I have the exact same issue!!! Tinyproxy does not seems to work correctly 
> > > and I never worked with TinyProxy before.
> > > 
> > > Please Help
> > > 
> > > Thanks
> > > 
> > > Dominique
> > > 
> > > On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote:
> > > > Hello,
> > > > 
> > > > I am running Qubes 3.2 on a laptop smoothly for some days. Following 
> > > > https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to 
> > > > replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on 
> > > > Fedora-24 by new ones based on Fedora-24-minimal.
> > > > 
> > > > Default minimal template works perfectly as a ProxyVM. Cloned template 
> > > > with network device firmware and recommended packages effectively 
> > > > provide an internet connection but does not allow updates of 
> > > > TemplateVMs.
> > > > 
> > > > As a workaround, it is possible to update those TemplateVMs using 
> > > > sys-whonix as NetVM. Another workaround is to use the default netVM 
> > > > based on fedora-23 while keeping the default fedora-24-minimal as 
> > > > firewall.
> > > > 
> > > > Any idea on how to setup the new NetVM to allow those updates without 
> > > > those workarounds?
> > > > 
> > > > Thanks
> > > 
> > 
> > If I remember the qubes-stub package stops straightforward installation
> > of many of the netvm packages. I assume you worked around this issue.
> > 
> > The obvious places to look are:
> > "iptables -L -nv" to ensure that you have an INPUT rule allowing traffic
> > to the tinyproxy.
> > And "systemctl status qubes-updates-proxy" to see what the status of
> > tinyproxy is.
> > 
> > Look at those outputs and you may be able to see the problem.
> > 
> > unman
> 
> I've just run through the configuration, forcing installs by using the
> version number, and it works fine.
> Don't forget that you have to enable the qubes-update-proxy service:
> qvm-service  -e  qubes-update-proxy

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05139270-7128-4ab5-9752-a54fa3bc7f80%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: How to setup NetVM based on fedora-24-minimal template to allow updates?

2017-02-13 Thread Dominique St-Pierre Boucher
Hello,

I have the exact same issue!!! Tinyproxy does not seems to work correctly and I 
never worked with TinyProxy before.

Please Help

Thanks

Dominique

On Monday, February 6, 2017 at 8:22:40 AM UTC-5, CF wrote:
> Hello,
> 
> I am running Qubes 3.2 on a laptop smoothly for some days. Following 
> https://www.qubes-os.org/doc/templates/fedora-minimal/, I wanted to 
> replace default NetVM (sys-net) and ProxyVM (sys-forewall) based on 
> Fedora-24 by new ones based on Fedora-24-minimal.
> 
> Default minimal template works perfectly as a ProxyVM. Cloned template 
> with network device firmware and recommended packages effectively 
> provide an internet connection but does not allow updates of TemplateVMs.
> 
> As a workaround, it is possible to update those TemplateVMs using 
> sys-whonix as NetVM. Another workaround is to use the default netVM 
> based on fedora-23 while keeping the default fedora-24-minimal as firewall.
> 
> Any idea on how to setup the new NetVM to allow those updates without 
> those workarounds?
> 
> Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d576bb3-a1ad-423d-b340-80ea9036b849%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.