from:"'\[799\]' via qubes\-users"

AW: Re: AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-03 Thread '[799]' via qubes-users

Hello yuraeitha,

 Original-Nachricht 
An 2. März 2018, 22:05, Yuraeitha schrieb:

> Thoughts about using a forum? Possibly with
> a frontpage blog? If we indeed go with
> something like this, forum or some other
> platform, as you also questioned Ivan

I don't know what the right platform looks like to share scripts and howtos 
which didn't make it to Qubes docs yet.
But what I know is that I would like to have something available as soon as 
possible.
I would call my self still a Qubes newbie which is a great opportunity to write 
documentation because I try to implement my existing workflows on Qubes and as 
soon as I find out that it will not work I am trying to work around it: either 
by changing my workflow or by enhancing Qubes so that it fits better.
This "knowledge" is interesting to be shared for other newbie users or people 
who are interested in Qubes, mainly because...

1) people might be interested in Qubes, but are looking for information if 
their current workflow could be done on Qubes

2) if they need to change their workflow, they might be interested what would 
be a good approach

3) an active community is a very good advertisement.

Thereof I think having a place at GitHub, where we can consolidate information 
is a good thing.
Two reasons:

1) we know how to use GitHub
2) transfer of "qualified documentation" to the Qubes docs will be easy.

Neverless it could make sense to present some of the more interesting subjects 
which have reached a certain quality level on the Qubes Blog or another blog.

Please keep in mind that Qubes is and should be very interesting for user which 
are not that experienced with Mailinglists and GitHub, they also have the right 
to be reasonable secure and thereof the access to the documentation should be 
easy in the end.

> who is interested in being a moderator? I'm
> okay with helping out with it, but I probably
> will need help to cover everything, especially
> when I have exams and so on.

I could also help out, but I don't think that there is much need to do so. If 
we are using Github as repository (soemthing maybe named 
"qubes-community-playground") we can start to use it.
Honestly I expect to see much more people take a very short look there to scan 
if there is something that is useful for them, instead of actually contributing 
documentation themselves. But this is totally fine.

I am currently writing a how-to to access Microsoft Exchange under Qubes which 
could be interesting to others, of they want to decide if they try it all.
While I could add it to my own GitHub repository it would make more sense to 
share it and to improve it step by step.

Maybe also a page like: "I wish Qubes would allow me to ..." where users leave 
their wishes and maybe others have a quick idea how to solve this. This could 
become something like a backlog to improve Qubes even further.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3mL8yqgzX82vXT0M2YQTfqtokZoNBaVgopo61t_IrBWJOu23qV2xMPREH9VLQdthorQIdTRoh_e_XqIJIGbZBHbKknThRCzmF0RhJXJZH2g%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Connect to MS Exchange under Qubes with Davmail (Was: For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up)

2018-03-02 Thread '[799]' via qubes-users

Hello,

I know that this might be slightly Offtopic, but I am sure that I am not the
only one working with davmail.

QUESTION:
Who else is using Davmail to connect Exchange to their favorite Linux Outlook
replacement?
And are you able to delete an appointment from Evolution or maybe khal?

I am trying to replace OWA (Outlook Web Access) with native Linux apps.

I got Email, Contacts and Calendar entries synced from our corporate Exchange
server to my "mail qube" using offlineimap and vdirsyncer.

There is only one annoying last topic:
I can't delete calendar entries, I can create them, sync them and if calendar
entries get deleted on my phone or my exchange server they will also disappear
from Evolution/Thunderbird/khal.
But under all three apps I have problems deleting an calendar entry, as such I
think it might be a Davmail issue, but I am unsure.

Just for the info about my setup:

Caldav connects to our corporate Exchange Server and provides local
imap/SMTP/caldav/carddav interface to the AppVM.

Currently I am still using various apps to finds what works best for me

Evolution
Connects to Davmail
Email and Contacts are working
Calendar entries can be created, synced, viewed but not deleted

Thunderbird
Connects to Davmail
Email and Contacts are working
Calendar entries can be created and synced, but not viewed and not deleted

Neomutt
Connects to maildirs, which are downloaded via offlineimap, which connects to
Davmail
Email is working

ikhal / khal
Connects via vdirsyncer to Davmail.
Calendar entries can be viewed and created but not deleted

khard
via vdirsyncer to Davmail
Contacts can be created, changed, synced and viewed

The only missing part in all calendar apps:
Deletion is not possible and results in an error message of Davmail.

[799]

Original-Nachricht
An 2. März 2018, 01:40, '[799]' via qubes-users schrieb:

Hello,

As my company is using Microsoft Exchange without enabling remote access per
IMAP I had to work with the Outlook Web Access (OWA) Interface.
But this is only a workarround as I can't access offline emails etc.

I found a solution which provides an Gateway between exchange and your favorite
Linux apps for mail/calendar: Davmail.

I got email and also calendar running and wrote a "quick'n dirty" how-to which
I would like to see improved.

https://github.com/QubesOS/qubes-doc/pull/608

Currently it covers only mailpart (reading Exchange emails with Thunderbird
and/or neomutt).
Reading my exchange mails with neomutt is fun.
Of course it will also work with Evolution.

Regarding calendar entries which is also very important as all my colleagues
are using Exchange:

I was able to sync evolution with the exchange calendar. I can create new
entries in evolution which are synced back to the exchange calendar. Great!
But I can't delete calendar entries from evolution. If I delete an calendar
entry on my phone or my corporate Outlook it will also be removed in the
evolution.

In Thunderbirds Lightning I was able also able to sync my Exchange calendar,
but as soon as I open a calendar entry I get an error message.

Thereof I have to troubleshoot this, having email AND calendar (connected to
Microsoft Exchange) working natively in Qubes would be a major Improvement to
productivity.

@yuaeitha:
This quick'n dirty how-to is a good example why your idea sharing scripts and
howtos is great.
It is far away from being a qualified how-to, still it might be of use for
someone who is trying to connect to their exchange server from within Qubes.

Thereof I have created a new document on the qubes-docs, so that other can see
it.

Still, I think a newbie user will not find this, as they will look in the Qubes
docs pages on the Qubes website and not within GitHub.
At least I wasn't doing it since a few weeks ago...

[799]
.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/9tK2AG4uMIWn4B9YmRKgF8YG_wic1vIFlgGzy7ThFyyo9AFIHl21P8yiBldb0NPXrdWise4lF6wUCVFNU67AlbngpEeT5VYe3A6uQnPhlf0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-03-01 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 2. März 2018, 04:10, Yuraeitha schrieb:

> It would be interesting to hear if the Qubes
> staff think this is a bad or good idea though,
> or if they're neutral about it. At least I'm not
> planning to keep going with this if they think
> it's a bad idea

I don't think it's a bad idea and I think that projects like Qubes should also 
be supported by us the users.
What I would like to see is a clear differentiation between "official" Qubes 
Docs and the "community scripts/ideas" which don't met Qubes standards or which 
have a controversial discussion about it (if a proposed solution is 
"reasonable" secure).

Maybe a solution would be to create an own "unofficial" "Qubes Beta Scripts 
repository" where scripts/ideas can be shared and after the reach a certain 
quality level, they get pushed over to qubes-docs.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p-uX5tavIz92-fwvIJnRRSFD-WqFaQsfrK4At8UiXHtw09EYse8U3Kh7ipZcp2KEbZ_eBo3BVAXDZxo-huP-26Us-xPqudGA94DsdO1Rxqg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Connect to MS Exchange under Qubes with Davmail (Was: For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up)

2018-03-01 Thread '[799]' via qubes-users

Hello,

I found a solution which provides an Gateway between exchange and your favorite
Linux apps for mail/calendar: Davmail.

I got email and also calendar running and wrote a "quick'n dirty" how-to which
I would like to see improved.

https://github.com/QubesOS/qubes-doc/pull/608

Currently it covers only mailpart (reading Exchange emails with Thunderbird
and/or neomutt).
Reading my exchange mails with neomutt is fun.
Of course it will also work with Evolution.

Regarding calendar entries which is also very important as all my colleagues
are using Exchange:

In Thunderbirds Lightning I was able also able to sync my Exchange calendar,
but as soon as I open a calendar entry I get an error message.

Thereof I have to troubleshoot this, having email AND calendar (connected to
Microsoft Exchange) working natively in Qubes would be a major Improvement to
productivity.

Thereof I have created a new document on the qubes-docs, so that other can see
it.

Still, I think a newbie user will not find this, as they will look in the Qubes
docs pages on the Qubes website and not within GitHub.
At least I wasn't doing it since a few weeks ago...

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/SfD1rh5hPyXhJ4G2a40m5rPm7dxGLMVoY2PXbJAzUgxuhtZ893vTL7ymahlIMLJSOLMgGOhETiBMLWgauNy5fdNaVSWAzyYMoph6BvEYkQQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] RDP or something like this to connect to a Dedicated Server?

2018-03-01 Thread '[799]' via qubes-users

Hello,

klausdiet...@mail2tor.com wrote:
> [...]
> i want to ask if there is a opportunity to
> connect to a Server (VPS / Dedi) with a
> programm like RDP on Qubes OS 3.2?

Have you looked at rdesktop or vinagre and remmina?

https://wiki.gnome.org/Apps/Vinagre
https://www.remmina.org/wp/

I can try to connect to our RDP servers later and keep you informed what works.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/hFF9x0JODlmBHGwipztWCC21CB9ead-jqmXsOMx1LMvCa49sPx-qtN3F95fcVIboa-kTaTAfwAPH_OZe6MRHCqrsynIn77AoAq38RzaBe3U%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Howto: Enable WWAN (LTE Sierra EM7345) in Qubes OS (Howto install ModemManager in Qubes)

2018-03-01 Thread '[799]' via qubes-users

Hello,

have you tried this:

qvm-prefs usbVM -s pci_strictreset false

See also:
https://www.qubes-os.org/doc/assigning-devices/

[799]

Original-Nachricht
An 1. März 2018, 17:22, akiraloopback via qubes-users schrieb:

Thanks for this howto, Piit.

I am trying to get the build-in LTE card running on my ThinkPad T540p. Its a
Sierra Wireless USB connected card. I can identify the USB bus, it's the first
USB bus (Intel family xHCI rev 04), where the fingerprint reader and some other
internal stuff also is located.

When I attach this USB device to sys-net VM, this VM does not start any more,
however, but throws the error: "qubes sys-net modem VM: internal error: unable
to reset PCI device : no FLR, PM reset or bus reset available"

Rebooting the whole Qubes (3.2) doesn't help either.

Any ideas?

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c6dcb667-815e-4efe-9a99-9e55f33ea833%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/XdnbaEMo-OmqYRMXAff5I9EH6F7hip4D4ALWKrTIr7J4gfbTSKZ3b3AkxFXaNxkcP6tIUrR375uYWWRgwrMshXdsBnfzqhl6GdFCf5Znc7Y%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: AW: Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 1. März 2018, 18:15, 'MirrorWay' via qubes-users schrieb:

> First, grep through dmesg to look for errors
> related to probing for me or mei.
> If you find some, then try blacklisting
> Intel ME-related kernel modules:
> In /etc/modprobe.d, create a new file called
> e.g. blacklist-me.conf, and put in there
> blacklist mei
> blacklist mei_me

Ok, I understand that you guys were speaking about blacklisting within the 
Operating System.
I thought that you are using a blacklist to do something to the Coreboot config.

Strangely my X230 has something like a 10sec delay, when I got the start button 
and I am running coreboot Bios.
After this delay the boot up is fast, no delay even without blacklisting 
something within the main OS.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KVIfgSJA9VMAtNJDAFFaWCZMHroFZOV14-HO_UdGC1YEqP9JlgHwDiRClcCvJePToxntMIbM-Yav1hY--f-y6JaSIykuucc_N-Vk3a2uZ94%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Qubes 4 and coreboot

2018-03-01 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 1. März 2018, 14:46, Jo schrieb:

> If you strip down ME, you should
> blacklist me / ime, to speed up boot.

I've read this within this thread sometimes, what exactly needs to be done here?
I have run ME_cleaner and when booting up there is a delay, can this be 
resolved by blacklisting something? If so where? What?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/td9V9a8-WhKwOCtfFwPWBxKZZk2h8blJApWm6FksRzimcZWGNv_QO3XoNyCmjkyI9G7LPQChdMYdjPvvVnw_S30V_WkVFaeakHv9kX-4ZcU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] For community by community - A way to preserve/focus everyones work going into Qubes, bottom-up

2018-02-28 Thread '[799]' via qubes-users

Hello Yuraeitha,

 Original-Nachricht 
An 28. Feb. 2018, 21:39, Yuraeitha schrieb:

> It seems from time to time that various
> people have shared a good unofficial script,
> guides and 'how to's', and even code, for
> Qubes related content, on their github page or
> similar. The problem however is that while
> shared, it isn't very visible, and even if they are
> from time to time mentioned in a mail thread,
> it quickly gets buried under many new mails.

I have recognized the same and was wondering already what could be the reason 
that people have written own small projects which I only knew of because 
following this mailing list.
Honestly I started the same, after coming up with the first draft of ma 
qvm-screenshot-to-clipboard script.

The main reason why I didn't upload it (yet) to Qubes docs:

1) it is on a very early stage and while it is working I would feel a bit 
ashamed, as there is no error handling etc.

2) I am unsure if the script is not only working but also "reasonable secure" 
to use

3) I like the quality of the existing Qubes documentation, but it takes some 
time for a newbie user not only to write a good how-to but also include all the 
valuable feedback or keep the discussion ongoing.

Maybe those are the reasons why others like to keep developing their stuff 
outside of the Qubes doc repository. Summarized:

1. Scripts are not yet ready/to basic
2. Unknown impact on security
3. Not enough time to craft a quality "product"

> To solve an issue like this, it'd be helpful to
> have a place where we can keep track of
> everyone's projects which are shared for
> others to use. It may also be worth discussing
> on quality and security, and how we "censor"?
> bad scripts/guides/code.

Yes, please! His could also be a good ressource to browse looking to fine-tune 
Qubes.

> It could be done in many various of different
> ways, which is also why I think it'd make
> sense to open a discussion on the matter, so
> we can find the most preferred method. First
> though, a location might be ideal starting
> place, where to keep everything updated?
> (...)
> A https://www.qubes-os.org/doc/ page listing
> all the unofficial projects. The most simple
> and easy way.

I like the idea having it available at GitHub as we can easily contribute to 
the code and GitHub has all the features to keep discussion ongoing etc.
It is also allows to keep a copy of the latest version of the scripts and 
people don't have to learn another tool when their code is ready to be released.

The bad thing:
If you're not a developer and have never worked with GitHub the learning curve 
might be high.
At least I had to click some time arround to understand what is located where 
and how it is working.

> Generally the main concern is the visibility of
> the effort that the community puts in Qubes,
> from the bottom-up, often goes to waste and
> few people see's it.

The other benefit is, that I learn a lot from reading other person's scripts 
and of course following the discussion.

Maybe some of the ideas there could also be mentioned in a maybe monthly blog 
post, so that new users can see that Qubes is a living project.

I would call this site/place where all the ideas are summarize "Qubes Garden" 
or "Qubes Playground" :-)

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0pr2C-ky5f2cKco20qOf5PtKmsLafq7Xmw0-9qKvG0demT1mbPRyAv1QOkn6w6oYvxjrv-XP_eVgyhuqrbNE8Hac1U2BLhioUJ9M6l5SlkA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] High spec laptop for Qubes OS

2018-02-27 Thread '[799]' via qubes-users

Hello Taiidan,

 Original-Nachricht 
An 26. Feb. 2018, 00:33, taii...@gmx.com schrieb:

> In terms of laptops, the most free is the
> Lenovo G505S which can run
> qubes (no ME/PSP) although it doesn't have
> an eGPU capability and max ram is 16GB so
> the best choice would be the W520 if one
> wants an eGPU capable laptop with 32GB
> max ram.

Depending on the use case I would always also think about battery runtime, 
something where the W520 fails.
I would always always think about a x230 which runs so well under Qubes and can 
be coreboot'ed.

Out of interest, why are you not recommending the W540? I have both (x230 and 
W540) and the biggest benefit of the W540 is the high resolution display.
Unfortunately it doesn't support Coreboot and build quality is not as nice as 
the older x230 series.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bCLo2zbEJzq2g8yi9fFPzDvaRcFATsBImFwnghnOFqmVq-S7dH3uQNGmsYbITkLAwnWOq_wm2SsizInclJpVtpr4uut-eGAMVR25SOdFd0E%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Re: Windows on R4 (rc4) - Install crash on splash screen: Starting Windows

2018-02-27 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 27. Feb. 2018, 23:58, Alex Dubois schrieb:

> Would you know have to validate the rpm
> signature by any chance?

Haven't tried it out, but you're asking to verify the rpm package prior to 
installing it?

Something like this?
Verifying the signatures of packages
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-check-rpm-sig.html

[799]

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/631e9154-8387-4c78-a803-6f42a4adb315%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/xY9ORfM1zuHxZ4fiWbw696dRx2VFtnJ0QBtV7j-NGVQ4fFgVxUS60DCsbQfNr1An_nvJ5W3mj8--IPbBplno3K9khCNY5hBJtiq3gE0PMRw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Qubes 4 and coreboot

2018-02-27 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 27. Feb. 2018, 22:41, schrieb:

> Do the Qubes devs recommend a specific
> payload to use with coreboot and
> Qubes 4?
> For those who are using coreboot with the
> Qubes 4 release candidates,
> what payload are you using?

Are you running Qubes in a Dual Boot configuration or as the single Operating 
System (which would be the better option regarding security)?

I was running Qubes OS and Windows in a dual boot setup as I needed Windows 10 
ony corporate laptop (unfortunately).
Thereof I was using Coreboot with SeaBIOS in order to be able to boot Qubes and 
Windows.
Unfortunately I had issues with standby/resume and decided to run Qubes as 
primary OS removing windows.
To access Windows I am now using a "my-work" Qube which has Cisco AnyConnect 
and VMware Horizon View Client installed to access my windows 10 virtual 
desktop or network shares.

Thereof I think I don't need SeaBIOS anymore and will reflash with a Coreboot 
without SeaBIOS.

I am also interested in some recommendations for an optimized Coreboot Config, 
maybe also some shared config files.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aQovtbmOgsPvXRzLdUe5V18kQLf2hWjzT5KiaswX8na1SlrfcqAWg5ZmFQ2DreHb7u3j5IlZ0aMOru4lxR8i8OWbQH_8la1uGtiisq12sXg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: AW: Re: [qubes-users] Installing Chrome

2018-02-26 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 27. Feb. 2018, 00:59, Yuraeitha schrieb:

> It is by no means a complete guide as you
> make it sound though, it's relying overly much
> on closed code, and Chromium is no good
> here to look into Google Chrome. I wouldn't
> call it the "go to" guide to get everything
> working.

Seriously? Do you know how much time it takes to write a how-to? To test all 
steps and to use the feedback from other committed users to make it better?
And as mentioned the guide is written for a special use case, playing 
multimedia on Qubes as I wanted an OS which I can use for everything I'm using 
a laptop for.

> Also as far as my opinion goes, Google
> Chromes one and only strong point is the
> support of Silverlight content, which is not a
> technical strength, but monopolize of pure
> power on a free market in a democracy. It just
> downright sucks.

The good thing is that you are totally free to use whatever you want to choose.
And yes it would be better if all content and app providers are offering 
solutions for "the rest of us", but they aren't and the workarround using 
chrome is good for everyone who likes to use Netflix & Co. I don't think that 
sucks. It's better (for some) to use chrome on qubes instead of Windows to 
stream video content.
But yes, if we could use a default Linux installation to do all this task, this 
would be great.

> Firefox will play everything around, as long as
> the content delivery isn't scamming their
> customers by using platform monopolized
> Silverlight.

Doesn't make sense to me, as you're saying Firefox plays everything, as long ...
The fact is: currently Firefox is not playing all content. And yes it sucks.

> Microsoft's hate towards Linux seems as
> strong as ever, despite their so called claims
> for otherwise.

Any evidence for this strong argument? As far as I know Microsoft is even using 
some Linux technologies (Linux on Windows / Linux on Azure / ...)

> If possible, we really shouldn't support
> scumbag companies doing something as
> manipulative like this, which is on a level only
> a real psychopathic sick person would pull
> off.

the good thing is ... You don't have to.

> The fact that Firefox isn't even mentioned in
> that "between the lines self-proclaimed all
> solution page guide", makes me a bit sad and
> disappointed in Qubes. I hope this is a
> mistake.

Honestly it was me writing this "self-proclaimed all solution page guide" which 
took me lots of hours starting from the first version and following the 
excellent feedback from other users to improve it.
Maybe you should provide content instead of being sad that others try to 
contribute to the Qubes project?
Do you know how motivating it feels if people comment on your work like you're 
doing?
The Qubes documentation is done by all of us, if you want to add a section how 
you can use Firefox to play content, feel free to do so.
Make a difference!
And if you think Chrome, closed source content providers are the devil, don't 
use it, but I think giving users options is always a good thing.

If my how-to will convince one user to try out Qubes because he can even do the 
"evil closed source" stuff, I am happy.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/PHliEufZeFQnasw_JBqvvRtLQTDrqm9ZFfLsjxC0rYnV0fmH_KUbglf05EIJqlwp_dm7GDLhUZ3-cyFBSTJEwrGXN8AN1oTyLT4ahpyGJwY%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Installing Chrome

2018-02-26 Thread '[799]' via qubes-users

Hello,

I haven't fully understand what the first post was about, but if it is about 
how to install chrome... Don't look further, it's all covered:

https://www.qubes-os.org/doc/multimedia/

The last point covers the complete installation, including setting up the 
directories and downloading & verifying the public signing keys.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/D9mHmrcplr0_Bral6NvPTRIzM9bptq1zayO5xOzMaPBYvXGMTY-fNnSyxPnME85FSQpTcJCpgDXI6pjzXy6bh86AflWLAN7KKtdQ61Ye-8E%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] fix resume in Qubes (Was X230 Corebooted -> resume broken

2018-02-24 Thread '[799]' via qubes-users

Hello,

Just for the archive:

Resume was fixed after a clean installation of Qubes 4rc4 - I was running Q4rc3 
on my Lenovo x230 before.

[799]

--
Qubes 4rc4 > Lenovo X230
Qubes 4rc4 > Lenovo W540

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/U9sy0r8aqPaRdTrw3116_0ZQbtAjjb3pTN-Is4f3_gExDfc0_2scjfuvLHreEaXzzK8Pc7Kf2a5l4iovVU1NDogHCNdK7LsXbct8QaiIj8o%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] fix resume in Qubes (Was X230 Corebooted -> resume broken

2018-02-23 Thread '[799]' via qubes-users

Hello,

a topic I had in the Coreboot Mailing list about fixibg resume in Qubes ...
belongs mostly to this list.

Original-Nachricht
An 24. Feb. 2018, 02:13, [799] schrieb:

// Please excuse my recent mail as it was sent while I was writing, the scriot
wasn't yet complete - here the complete version //

Original-Nachricht
An 23. Feb. 2018, 14:32, [...] schrieb:

Me >> If I close the lid, the laptop shuts off.

> I do have the very same problem,if you find a
> solution, id be glad if you give me a hint .

I think I came up with an idea how to work arround this problem:

I found out that I can put the laptop to sleep when choosing "shutdown" from
the top right Qubes button with your username on it (where you normally
shutdown Qubes).

The laptop will switch to resume to RAM and you can then close the laptop lid.
if you open the laptop again you need to login but run into a problem with all
AppVMs that had PCI Controllers attached, which will also affect your
networking.

What you need to do is to kill those AppVMs (mainly sys-net and sys-usb) and
restart them again.
After the restart if sys-net your AppVMs can't through the sys-net VM.

A workarround is to reconnect your firewall-VMs to sys-net by setting the netvm
to none (= "" in Qubes 4) and then setting it back to the sys-net VM.
This will bring back networking. As such my workarround is:

1) use "Suspend" from the upper right Qubes menu

2) close Laptop lid after resume

3) open lid and login

4) run the following script in dom0 to kill sys-net/sys-usb and reconnect the
proxy VMs:

#!/bin/bash
# qvm-resume
# kills and reconnect sys-net/sys-usb
# to fix networking after resume
qvm-kill --force sys-net sys-usb
qvm-start sys-net sys-usb
# for Qubes 4rc4, Qubes 3.2 uses another
# Syntax with qvm-prefs to disable the NetVm
qvm-prefs --set sys-firewall netvm ""
qvm-prefs --set sys-firewall netvm sys-net

Can you try if this will also work in your case?

If this is working the only thing we need to do, is to setup resume when
closing the lid and then the run the "qvm-resume" script after wake up or login
back.

what do you think?

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/DPRp9G4MaM6lAsDB_S4H1YV8wkTakNJzcLC4M8O0OmPf9lDIIqrCOyXl3D5a9DhnJjaD1Ezh-Corpjv-PfGz7z99ttcYy7Q32tdivswpyh0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: AW: [qubes-users] Re: i3 under Qubes 4 RC3

2018-02-22 Thread '[799]' via qubes-users

Hello Florian

 Original-Nachricht 
An 22. Feb. 2018, 09:07, Florian Brandes schrieb:

> I use i3 under Q4rc4 without any issues
> or problems.

Would you mind sharing your i3-config files?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fgkaOM_dacYgqN8iMgQsa6_mqpTqLxTIcYvSbqN89sMmyzxQSxIho-uT7OQHMH__wSBn4YMcx_Mfc8XWwQa2nQchu2nCMgpzzdE8XAcZa6s%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: i3 under Qubes 4 RC3

2018-02-21 Thread '[799]' via qubes-users

Hello,

 Original-Nachricht 
An 26. Jan. 2018, 10:18, aaq via qubes-users schrieb:

> My dmenu is broken, for starters. Dmenu only
> shows dom0 applications, so I cannot start
> anything that way.
> When I run qvm-run to start something, I can
> see that my VM is started (with qvm-ls) and I
> can hear my CPU responding (as in it starts
> fanning), but nothing visually happens.
> Nothing is ever started.

Same problem for me, but I haven't found a solution. Using Qubes 4rc4 but i3 is 
not working like it has under Qubes 3.2.

Anyone else using i3 under Q4rc4?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/spAy2oxk35wRL-Hgx6meItSOdM934bSnC2ohdym9R-wI_d6vCuAgR9y0H0vYgnOUwwJZjyxDHPnE09Oy5IQwBt0F6N2B8O4j6u1vCcyQRJc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Q4rc4 :: qvm-prefs-screenshot-to-clipboard - 1st attempt

2018-02-18 Thread '[799]' via qubes-users

--
Qubes 4rc3 > Lenovo X230 + Lenovo W540

Gesendet von ProtonMail mobile

 Original-Nachricht 
An 18. Feb. 2018, 22:25, Yuraeitha wrote:

On Saturday, February 17, 2018 at 11:11:40 PM UTC+1, [799] wrote:
> Hello,
>
> having the idea of a qvm-screenshot-to-clipboard script I was eager to try 
> writting a script.
> The solution I had in mind could work but I am struggling with a small issue 
> and would like to get some help.
> The script takes a screenshot in dom0, store it to a file and qvm-copy the 
> file to the target appvm (one and only command line argument for the script).
> Then within the AppVM it is using xclip to copy the graphic to clipboard and 
> removes all temporary files in the AppVM and dom0
> All pieces are working, except the xclip command when launced from dom0.
>
> When I launch the command within the AppVM it is working.
> But I need to start the xclip command from an external script and when I do 
> so, the same command is not working.
> It seems that I am missing something when using xclip via script which is run 
> in a new terminal session (from dom0 but also within the App)
>
> Any ideas how to fix this?
> It feels so frustrating that I nearly have a working solution but I am 
> missing the last few meters.
>
> How to use the script:
>
> 1) in dom0: launch script
>
> 2) make the screenshot by selection the area
>
> as the xclip is not working in the AppVM as supposed:
>
> 3) switch to the AppVM where the screenshot should be used
>
> 4) launch the "helper script" in the AppVM which is running the following 
> command
>
> xclip -selection clipboard -t image/png 
> /home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png
>
> My qvm-screenshot-to-clipboard script which has to be placed and run from 
> dom0:
>
> --- BEGIN of script ---
>
>
> #!/bin/bash
> # qvm-screenshot-to-clipboard
> # Creates a dom0 screenshot and copy it to the Clipboard of an AppVM
>
> MyAppVM=$1
> MyScreenshot=qvm-screenshot-to-clipboard.png
>
> # Take screenshot in dom0 by selecting an area and adding border+shadow
> gnome-screenshot --area --include-border --border-effect=shadow 
> --file=/tmp/$MyScreenshot
>
> # Copy screenhot to AppVM command line argument / delete existing file
>
> qvm-run $MyAppVM 'rm -f /home/user/QubesIncoming/dom0/$MyScreenshot'
>
> qvm-copy-to-vm $MyAppVM /tmp/$MyScreenshot
>
> ###FIXME begin
>
> # I would like to just invoke the following
> # command via qvm-run in the AppVM
> # but the clipboard is just empty when using
> # this approach.
> # running the same command
> # xclip -selection clipboard -t image/png 
> /home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png
> # therof I have put the command into a helper
> # script in my AppVM:
> # qvm-run $MyAppVM /home/user/qvm-screenshot-to-clipboard-appvm.sh
> # the script is working when it is launched from
> # an already opened gnome-terminal window
> # but it will not work when the script is invoked
> # from dom0 via qvm-run or through an own
> # strangely it is also not working when I start
> # the script from within the appvm
> # 'xterm -e

> If interested, I've recently made a similar
> script that works a little differently.
> [...]
> mv "$(xfce4-screenshooter -fo ls)" ~/Screenshots
> ( sleep 3 )
> qvm-move-to-vm Base ~/Screenshots/screenshot_*
> [...]

Your scripts can be used to save all screenshots to a folder in an AppVM 
whereas my scripts is mainly for quick copy'n paste.

I think I'll also change my script to use xfce4-screenshoiter instead of 
gnome-screenshot.
Thanks for the hint.

I have uploaded my script to GitHub, maybe you should do the same or we add it 
to the repository so that users can pick the right script for their needs?

As you mentioned:
Choice is always a good thing.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Yekef6OjKPpwPjI-xqxT_nSnXoHRm9BjlG8YaNa36L9YOdGyQwzsiesfsyxieEXbD0zj-R-_GTp2KWoWAHBtxjyukwYjOnGj6ZYOEEy06qc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Q4rc4 :: qvm-prefs-screenshot-to-clipboard - 1st attempt

2018-02-17 Thread '[799]' via qubes-users

Hello awokd,

Original-Nachricht
An 17. Feb. 2018, 23:41, 'awokd' via qubes-users schrieb:

> Can't really find a man page for xclip. What
> happens when you run this in dom0?

xclip doesn't have to be present in dom0 as the command is only used in the
AppVM.
As such you might need to install it in your template VM.

In dom0 you are only using gnome-screenshot to make the screenshot.
If it is not available in dom0 you can install it via qubes-dom0-update
gnome-screenshot or use any other existing sxreenshot-app which is available in
your dom0 and offers the option to safe screenshots directly to file.

Question regarding security:
As far as I can tell I don't think that the suggested solution to transfer
screenshots to an AppVM offers a great security risk as the data is only
flowing from (!) dom0 to your AppVM and the graphic file is creating in dom0.
But as I am far away from being a security expert, I'd like to hear a more
qualified feedback if working with this script might be a bad idea.

Regards

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/AL37bZG5Hx8rhAmBB80s4QVshi6YjlRISmbEnM42yYLv9BqzzHVR4jhtdAWqBeKkK0F_USpF3VLbx_pk4IALInqtkXZS7nZE5TtDr3zFo9c%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Q4rc4 :: SUCCESS qvm-screenshot-to-clipboard - 1st working version 0.1

2018-02-17 Thread '[799]' via qubes-users

Hello,

after some troubleshooting I can now present a working alpha-solution for copy 
& paste screenshots between dom0 and AppVMs.

You might have to install 2 packages:
xclip in your AppVM
gnome-screenshot in dom0

I had to tweak the xclip command a bit and now the script does exactly what it 
should do.

You also don't need to have a helper script within the AppVMs, just copy the 
script to dom0 and launch it with:

qvm-screenshot-to-clipboard

Then choose the area you want to screenshot and switch to your AppVM and paste 
it. There is an effect that the xclip command will wait until you pasted the 
image before the script continues.

But this is a nice thing as you can get two notification:

1) Screenshot is available in AppVMs Clipboard
2) Screennshot has been pasted from AppVMs clipboard.

Attention:

This script has mainly be made to provide a quick workarround and to get 
inter-VM screenshots working.

There is much improvement for error detection and also mabye usability 
improvements that the script can be launched without a command line argument, 
presenting a popup after the screenshot to which AppVM the screenshot should be 
placed.

Feel free to improve this, I'll upload the code to GitHub.

regards

[799]

 the script follows here ---

#!/bin/bash
# qvm-screenshot-to-clipboard
# Creates a dom0 screenshot and copy it to the Clipboard of an AppVM

# Define Variables
MyAppVM=$1
MyScreenshot=qvm-screenshot-to-clipboard.png

# Take screenshot in dom0 by selecting an area and adding border+shadow
gnome-screenshot --area --include-border --border-effect=shadow 
--file=/tmp/$MyScreenshot

# Copy screenhot to AppVM
qvm-move-to-vm $MyAppVM /tmp/$MyScreenshot

# Create a helper-Script in the AppVM to copy screenshot file to clipboard
echo "xclip -selection clipboard -l 1 -t image/png 
/home/user/QubesIncoming/dom0/$MyScreenshot" > /tmp/file2clipboard.sh
chmod +x /tmp/file2clipboard.sh
qvm-move-to-vm $MyAppVM /tmp/file2clipboard.sh
# Send notification for 5sec when Screenshot has been pasted into (!) AppVM
notify-send --urgency low --icon image --expire-time=5000 
"qvm-screenshot-to-clipboard" "Screenshot available in $MyAppVM's clipboard"
# Run the helper script in the AppVM
qvm-run $MyAppVM /home/user/QubesIncoming/dom0/file2clipboard.sh

### The last command will remain active until the pasting has been done in the 
AppVM

# Send notification for 5sec after Screenshot has been pasted from (!) AppVM
notify-send --urgency low --icon image --expire-time=5000 
"qvm-screenshot-to-clipboard" "Screenshot pasted from $MyAppVM's clipboard"

# Remove helper script and screenshot file in AppVM
qvm-run $MyAppVM "rm -f /home/user/QubesIncoming/dom0/file2clipboard.sh 
/home/user/QubesIncoming/dom0/$MyScreenshot"

--
Qubes 4rc3 > Lenovo X230
Qubes 4rc4 > Lenovo W540

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/jWqY0kFqz0HXioEDtSxmAsYpj1LAlpzsGNTGR_GV_zvXGRnQjf5ogbGPbcU8ViSZGx_69UYTwqNl3sc2S49nLRHEjeDl644n200HuWYGSek%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.


qvm-screenshot-to-clipboard.sh
Description: Binary data

[qubes-users] Q4rc4 :: qvm-prefs-screenshot-to-clipboard - 1st attempt

2018-02-17 Thread '[799]' via qubes-users

Hello,

having the idea of a qvm-screenshot-to-clipboard script I was eager to try 
writting a script.
The solution I had in mind could work but I am struggling with a small issue 
and would like to get some help.
The script takes a screenshot in dom0, store it to a file and qvm-copy the file 
to the target appvm (one and only command line argument for the script).
Then within the AppVM it is using xclip to copy the graphic to clipboard and 
removes all temporary files in the AppVM and dom0
All pieces are working, except the xclip command when launced from dom0.

When I launch the command within the AppVM it is working.
But I need to start the xclip command from an external script and when I do so, 
the same command is not working.
It seems that I am missing something when using xclip via script which is run 
in a new terminal session (from dom0 but also within the App)

Any ideas how to fix this?
It feels so frustrating that I nearly have a working solution but I am missing 
the last few meters.

How to use the script:

1) in dom0: launch script

2) make the screenshot by selection the area

as the xclip is not working in the AppVM as supposed:

3) switch to the AppVM where the screenshot should be used

4) launch the "helper script" in the AppVM which is running the following 
command

xclip -selection clipboard -t image/png 
/home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png

My qvm-screenshot-to-clipboard script which has to be placed and run from dom0:

--- BEGIN of script ---

#!/bin/bash
# qvm-screenshot-to-clipboard
# Creates a dom0 screenshot and copy it to the Clipboard of an AppVM

MyAppVM=$1
MyScreenshot=qvm-screenshot-to-clipboard.png

# Take screenshot in dom0 by selecting an area and adding border+shadow
gnome-screenshot --area --include-border --border-effect=shadow 
--file=/tmp/$MyScreenshot

# Copy screenhot to AppVM command line argument / delete existing file

qvm-run $MyAppVM 'rm -f /home/user/QubesIncoming/dom0/$MyScreenshot'

qvm-copy-to-vm $MyAppVM /tmp/$MyScreenshot

###FIXME begin

# I would like to just invoke the following
# command via qvm-run in the AppVM
# but the clipboard is just empty when using
# this approach.
# running the same command
# xclip -selection clipboard -t image/png 
/home/user/QubesIncoming/dom0/qvm-screenshot-to-clipboard.png
# therof I have put the command into a helper
# script in my AppVM:
# qvm-run $MyAppVM /home/user/qvm-screenshot-to-clipboard-appvm.sh
# the script is working when it is launched from
# an already opened gnome-terminal window
# but it will not work when the script is invoked
# from dom0 via qvm-run or through an own
# strangely it is also not working when I start
# the script from within the appvm
# 'xterm -e

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83oC6xNoYAsoP38eTDzM6CjCNyJlG0OG5UFNufeW4ID0bW0heejkX6oCffPAmI_LIKMVbelsQLxzboiwv3Rt-SM3Htd-rLsGgXSSi8jomnE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Q4rc4 :: qvm-screenshot-to-clipboard (Was: Q4rc4 :: AppVM Screenshot-Tool only generates black window)

2018-02-17 Thread '[799]' via qubes-users

Hello,

I have made some research and it seems that it is not possible to make 
screenshots within one AppVM but only from dom0.

Having a short walk in our forest I came up with a great idea (at I think it is 
:-) which I would like to share to hear your opinions.

I know that there are some screenshot tools for Qubes like the 
qvm-screenshot-tool, which are trying to make the screenshot workflow easier 
when taking screenshots from dom0.

https://github.com/evadogstar/qvm-screenshot-tool/blob/master/README.md

I would like to have a tool, which makes a screenshot on dom0 (select area 
which should be screenshoted) then save this to a file, which gets qvm-copied 
to the AppVM I need the screenshot on and then copy the graphic file into the 
clipboard and delete the file afterwards.

This would make the workflow working with screenshots much easier.
It seems that something like "copy graphic file to clipboard" can be done:

https://askubuntu.com/questions/759651/how-to-copy-an-image-to-the-clipboard-from-a-file-using-command-line

xclip -selection clipboard -t image/png -i example.png

Can someone build a script in dom0 to do this?

qvm-screenshot-to-appvm-clip

- start

1) command to open a screenshot tool in dom0 with the possibility to select an 
area of the screen and make a screenshot.

2) after the taking the screenshot the screenshot is saved to a file on dom0 
(/tmp/screenshot-.PNG

3) qvm-copy-to-appvm  /tmp/screenshot-.PNG

4) qvm-run  "copy-picture-to-clipboard.sh screenshot-.PNG"

5) copy-picture-to-clipboard.sh is a script in the AppVM which copy the file 
from the Qubes-Incoming/dom0 directory into the clipboard
Maybe something like xclip mentioned here:
https://askubuntu.com/questions/759651/how-to-copy-an-image-to-the-clipboard-from-a-file-using-command-line

6) delete the screenshot in the AppVm

7) delete the screenshot in dom0

- end

What do you think? Wouldn't this feature be a great enhancement for working 
with Qubes?

[799]

--
Qubes 4rc3 > Lenovo X230
Qubes 4rc4 > Lenovo W540

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3apEtk6xkySIumJlE8GzYVFxeHvEqAaDiVJArzvclkIJpw4NkDaX8XxChaM5KUfbc0h6wLc_1-BPt5c9elbO1vpd0kahu--SZVbA710Tyts%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Q4rc4 :: Fedora AppVM Screenshot-Tool only generates black window

2018-02-15 Thread '[799]' via qubes-users

Additional Info:

I have tested the screenshot tool in an unchanged Fedora 26 template, no 
content is shown after screenshoting.
Instead of my first post, the screenshot is only shown as a white (not black) 
area.

The screenshot tool is working in dom0.

I have run lspci in dom0:

00:02:0 VGA compatible controller: Intel Corporation 4th Gen Core Processor 
Integrated Graphics Controller (rev 06)

01:00.0 VGA compatible controller: NVIDIA Corporation GK106GLM [Quadro K2100M] 
(rev all)

[799]

 Original-Nachricht 
An 16. Feb. 2018, 07:23, '[799]' via qubes-users schrieb:

> Hello Schnurenentwickler,
>
>  Original-Message 
> An 16. Feb. 2018, 03:28, "Schnurentwickler" wrote:
>
>> So you want my brain involved to troubleshoot
>> your screenshot problem to get your brain
>> back to work creating screenshots for
>> troubleshooting?
>
> Yes something like that, collaborative troubleshooting is always better.
> Seriously of course I want to get screenshots working asap but I also don't 
> want to see that a newbie users, tries Qubes run into the same problem and 
> thinks "boo, the Linux moment again - nothing works".
> (this is the attitude of my "windows colleques")
>
>> In example what video device does lspci list?
>
> The lenovo W530 has two GPUs:
> 1) Intel HD 4000
> 2) nVidia Quadro K2000M
>
> Are you interested in lspci of the AppVM or in dom0?
> Screenshots in dom0 are working btw. I'll check if screenshots are working in 
> a Debian based AppVM and if I run an unchanged Fedora 26 template App VM (as 
> I have updated the templates).
>
>> What processor are you using?
>
> Intel Core i7-3820QM (4x 2.70 GHz, 8MB cache)
>
>> Any modifications in grub config files?
>
> Yes, only to add Windows as dual boot and to disable graphical grub selection 
> menu:
>
> GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
> GRUB_DISABLE_SUBMENU=true
> #GRUB_TERMINAL_OUTPUT="gfxterm"
> #start disable graphical grub
> GRUB_TERMINAL=console
> GRUB_GFXPAYLOAD_LINUX=text
> #end disable graphical grub
> GRUB_CMDLINE_LINUX="rd.luks.uuid=luks- rd.lvm.lv=qubes_dom0/root 
> rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet"
> GRUB_CMDLINE_XEN_DEFAULT="console=none dom0_mem=min:1024M dom0_mem=max:4096M" 
> iommu=no-igfx
> GRUB_DISABLE_RECOVERY="true"
> GRUB_THEME="/boot/grub2/themes/system/theme.txt"
> GRUB_DISABLE_OS_PROBER="true"
> GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb"
>
>> Have you started your template one more
>> time to (maybe) finish some system tasks?
>
> I have cloned the Fedora 26 template and added some basic packages needed for 
> productivity, but this shouldn't do anything to the default screenshot tool
> sudo dnf -y install libreoffice mc nano gimp pass mlocate git screen wget 
> emacs
>
>> Have you tried turning it off and on again?
>
> :-) yes, but normally this is my quote.
>
> [799]
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/smWAwVYOjPnUu2QsYkjbPMO7C_w3Y5jWSCo9u6-uzDWQUmcmYYYZHMI-D7Z0zNSJUH8K1wneZA0IFevxxQVAnQ98j3NNH5Gin67JbkoaGlc%3D%40protonmail.com](https://groups.google.com/d/msgid/qubes-users/smWAwVYOjPnUu2QsYkjbPMO7C_w3Y5jWSCo9u6-uzDWQUmcmYYYZHMI-D7Z0zNSJUH8K1wneZA0IFevxxQVAnQ98j3NNH5Gin67JbkoaGlc%3D%40protonmail.com?utm_medium=email_source=footer).
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/qyusi2ufIHROQDK4zbvSqkVF0-svSHIV12fzi4s8Xz569bOFszxvAwrydqFr8AYipp4dJyigQBErIJPIZ69dS5_1Sqjz2ilZ2jr9bokLVxE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Q4rc4 :: Fedora AppVM Screenshot-Tool only generates black window

2018-02-15 Thread '[799]' via qubes-users

Hello Schnurenentwickler,

 Original-Message 
An 16. Feb. 2018, 03:28, "Schnurentwickler" wrote:

> So you want my brain involved to troubleshoot
> your screenshot problem to get your brain
> back to work creating screenshots for
> troubleshooting?

Yes something like that, collaborative troubleshooting is always better.
Seriously of course I want to get screenshots working asap but I also don't 
want to see that a newbie users, tries Qubes run into the same problem and 
thinks "boo, the Linux moment again - nothing works".
(this is the attitude of my "windows colleques")

> In example what video device does lspci list?

The lenovo W530 has two GPUs:
1) Intel HD 4000
2) nVidia Quadro K2000M

Are you interested in lspci of the AppVM or in dom0?
Screenshots in dom0 are working btw. I'll check if screenshots are working in a 
Debian based AppVM and if I run an unchanged Fedora 26 template App VM (as I 
have updated the templates).

> What processor are you using?

Intel Core i7-3820QM (4x 2.70 GHz, 8MB cache)

> Any modifications in grub config files?

Yes, only to add Windows as dual boot and to disable graphical grub selection 
menu:

GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DISABLE_SUBMENU=true
#GRUB_TERMINAL_OUTPUT="gfxterm"
#start disable graphical grub
GRUB_TERMINAL=console
GRUB_GFXPAYLOAD_LINUX=text
#end disable graphical grub
GRUB_CMDLINE_LINUX="rd.luks.uuid=luks- rd.lvm.lv=qubes_dom0/root 
rd.lvm.lv=qubes_dom0/swap i915.preliminary_hw_support=1 rhgb quiet"
GRUB_CMDLINE_XEN_DEFAULT="console=none dom0_mem=min:1024M dom0_mem=max:4096M" 
iommu=no-igfx
GRUB_DISABLE_RECOVERY="true"
GRUB_THEME="/boot/grub2/themes/system/theme.txt"
GRUB_DISABLE_OS_PROBER="true"
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb"

> Have you started your template one more
> time to (maybe) finish some system tasks?

I have cloned the Fedora 26 template and added some basic packages needed for 
productivity, but this shouldn't do anything to the default screenshot tool
sudo dnf -y install libreoffice mc nano gimp pass mlocate git screen wget emacs

> Have you tried turning it off and on again?

:-) yes, but normally this is my quote.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/smWAwVYOjPnUu2QsYkjbPMO7C_w3Y5jWSCo9u6-uzDWQUmcmYYYZHMI-D7Z0zNSJUH8K1wneZA0IFevxxQVAnQ98j3NNH5Gin67JbkoaGlc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Q4rc4 :: Fedora AppVM Screenshot-Tool only generates black window

2018-02-15 Thread '[799]' via qubes-users

Hello,

I am migrating most of my work tasks to Qubes but found out, that I can't use 
the screenshot tool in the Fedora based AppVM.

When I launch the screenshot tool, I can launch a screenshot, which covers 
another window are part of the screen with a window from the same AppVM, but 
the screenshot only result in a black copy, the content is not shown.

I am using a Fedora 26 AppVM based on the default Fedora template which comes 
with Qubes 4rc4.
I have updated the template to the latest version.

Can someone verify if this is a really a bug or what I need to do to get 
screenshots working.
Most of my work involved creating screenshots for troubleshooting and 
documentation.

Regards

[799]

--
Qubes 4rc4 > Lenovo X230 + Lenovo W540

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/lVXCtj9Im12fldktpou_5rKNfh5Rayju-SNT3c1NYzn-pLhKRa_EIFhbDuyABtKsyol50UFPzgS7eoMC94lRtiwhW2N2iV2nHzfxVdOEY2o%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4rc4: Can't boot from Iso to install a Standalone VM

2018-02-11 Thread '[799]' via qubes-users

Hello,

I need to install a standalone CentOS based VM and have thereof downloaded a 
CentOS minimal ISO, created a new standalone VM which is not (!) based on a 
template and attached the ISO to the new VM.

Unfortunately the VM is not booting into the ISO.
The VM window comes up when starting the VM, then tries to boot from ROM and 
that's it.
After a few seconds the window closes and the VM is Shutdown.

I tried both ways to create a standalone VM: via Qubes GUI and also CLI.

Do I need to do anything to force the VM that it boots from the ISO, I haven't 
found anything in the docs.

[799]

--
Qubes 4rc3 > Lenovo X230 + Lenovo W540

Gesendet von ProtonMail mobile

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/wIphYVoTa3uTx8i2tBLX5LBrX6-OGGajSR8tm_A5MzoRHAGcMkplXxAVrKSS16SUQdcrQWEt8_KZmVB2hl9S0XHxW7ZF50g4lQFiGtGe9Yw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Error on clean install of Q4rc4: domain sys-firewall is already running

2018-02-11 Thread '[799]' via qubes-users

Hello,

I am trying to install a fresh copy of Qubes 4rc4 but run into a problem after 
the 1st of to the installation and the reboor, when the default Qubes are 
beeing installed.

After a while I get the following error message:

['/use/bin/qvm-start', 'sys-firewall'] failed:
stdout: ""
stderr: "domain sys-firewall is already running"

I am trying to install Qubes 4rc4 on a USB-drive on my Lenovo W540.
Because of other problems before, I've chosen to reduce some problem sources 
and disabled my internal SD-Card reader, which was mentioned in a bug report 
causing problems when booting up VMs.

I have also removed the no igfx entry present in GRUB in a default setup.

Any idea how to proceed ?

[799]

--
Qubes 4rc3 > Lenovo X230 + Lenovo W540

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YrFmFed4Sx76fYYadSRkFD2sDZOBaWfEj7cOh03TAJSTqLvRcCic0MtIpYYzhTMWyNaVNyE7YRs9SXxIrPW1FJFwEnCp5bkAWpcB6RInrXg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Qubes Manager / Qubes 4.0 R3 ?

2018-01-28 Thread '[799]' via qubes-users

Hello,

ThierryIT wrote:
> Hi, Not possible anymore to hide "un-running
> VMs" ?

Ist Qubes Manager already available in 4rc3?
I haven't read anything and thought that it will come with Qubes 4rc4.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/tbI3qHvl8r4Cnkt-ZYbOlNTuTC3uhhV42IuLHW6M0pSyHukwQJXtNxgTatV69qsMb8se3jnMDq3-6o9ZnO1Z-fDs1Hauy3PJGnW0aXl-3XU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Split GPG and Emacs/mu4e: able to retrieve email but not send

2018-01-28 Thread '[799]' via qubes-users

Hello Rumsey,

>> I can now send email using emacs/mu4e
>> and Qubes split gpg

I am also interested in this setup. Can you give me some more information what 
needs to be done to start from a plain installation?
Something like a copy of the relevant configuration files (stripping out the 
personal configuration of course by replacing it with something like 
MAILSERVER.COM, loginn...@domain.com, YOUR-GPG-KEY-ID etc).

Would really appreciate this, to get things up and running.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Sg7yaE_MsuJN4TeW35SHra2JoVzrnA5Ju4d1usmuSHjFE2zAaLQSBRiop-v-7zMqrQ3UEVwM3hk6QlfVrv9qXzHRAIZfg2_p_N24FdlhePg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] help, trying to make custom launchers

2018-01-21 Thread '[799]' via qubes-users

pixel fairy wrote:

>> qubes 4.0rc3 Id like to make custom
>> launchers for two purposes [...]

Hello pixel fairy,

My suggestion is: don't spend time playing around tweaking custom . desktop 
files.
I have installed menulibre in dom0 and I am now able to tweak my menu through a 
comfortable GUI.

https://bluesabre.org/projects/menulibre/

As an additional benefit it is also very easy to hide menu items you don't need 
and you can reorder the menu.

qubes-dom0-update menulibre

If you want this additional comfort through installing additionall packages in 
dom0 is up to you - most users don't like to go this road.

You can also install menulibre by downloading the package manually.

Suggestion:
Having a default installation of menulibre in dom0 (through the Qubes Team)

Regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/PGMymgXLyYUSJebI-TWJ_PAgN1eBgntDq1t7Q_yL7ER3vGYeJFA_yVN8DR2ob4_w4LV0ENHfpzo106SJaDOpuNOaMXg_kmXWXDivVryNXrs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Using fedora-26-minimal sys-vms

2018-01-20 Thread '[799]' via qubes-users

Hello,

Unman wrote:

> You DO have a working network manager -
> see the response from systemctl.
> I assume what you want is a nice gui
> interface this is nm-applet. If  it is installed,
> start it and you will get the nice tray icon - if
> not installed, install it.

I was able to get Network Manager running and instead of using the default 
"fat" fedora-templates, I am now running the sys-VMs with fedora-26-minimal 
templates.
I was always wondering why Qubes doesn't come with a dedicated sys-template, so 
that the sys VMs (sys-net | sys-firewall | sys-usb) are running with a 
smaller/maybe even hardened template.

For the Google Archive a short how-to, how I have built the template for the 
sys-VMs:

--- --- --- 8# Install default minimal template in dom0
sudo qubes-dom0-update qubes-template-fedora-26-minimal

# Clone template to keep the original template
qvm-clone fedora-26-minimal t-sys

# Launch xterm in the new template as root
qvm-run -u root t-sys xterm

# Install basic applications in the template VM
sudo dnf -y install gnome-terminal terminus-fonts less vim-minimal nano 
dejavu-sans-fonts

# install basic tools
dnf -y install sudo pciutils psmisc gnome-keyring

# Install missing packages für Sys-VMs
dnf -y install qubes-core-agent-qrexec qubes-core-agent-systemd 
qubes-core-agent-passwordless-root qubes-core-agent-nautilus 
qubes-core-agent-networking qubes-core-agent-network-manager 
qubes-core-agent-dom0-updates pulseaudio-qubes usbutils

# Install missing drivers (to support the network devices)
dnf -y install linux-firmware iwl7260-firmware

# install additional packages to get network manager working
dnf install -y NetworkManager NetworkManager-wifi network-manager-applet 
wireless-tools

# shutdown template
shutdown -h now

# Change Templates for sys-VMs in dom0
qvm-prefs --set sys-net template t-sys
qvm-prefs --set sys-firewall template t-sys
qvm-prefs --set sys-usb template t-sys
--- --- --- 8
[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/-BuSXf2YMvlH0cwfdLE7WPqqYBMjDeV3JAj5CIthJ0Ri61D74wyUpvaGiO_NZ2AVV8WxzXzdrH8Rwimf-IFACspMTgWegOvXXhb-8N4iYsw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Another "Best Hardware" 4 VMs setup question.

2018-01-20 Thread '[799]' via qubes-users

Davidson wrote:

> I am running 3.2, have 16gb mem, and a
> Samsung ssd drive and it still takes 10 sec
> (timed it) to put up a terminal in a new vm

I am also interested in comparing App(VM) start times, to compare the 
performance.

I have run the following test after boot and with only sys-firewall and sys-net 
running:

Test on my Lenovo x230
Intel Core i5-3320M @ 2.60Ghz
16 GB RAM
500 GB SanDisk SSD
Qubes 4.0rc3
Coreboot'able

startup/boot till xterm window = 17sec (normal AppVM)
startup/boot till xterm window = 21sec (Disposable AppVM)

Test on my Lenovo W540
Intel Core i7-4900MQ @ 2.8 Ghz
16 GB RAM
480 GB Samsung SSD
Qubes 4.0rc3
Not Coreboot'able

startup/boot till xterm window = 15sec (normal AppVM)
startup/boot till xterm window = 16sec (Disposable AppVM)

If the AppVM is already running launching new applications is done within in 1 
or 2 sec.

Your question regarding hardware recommendation:
I would look at the Coreboot HCL/Compatibility List and choose a model which 
fits your preferred display size and resolution.
https://www.coreboot.org/Supported_Motherboards

Using Coreboot you can also remove large parts of Intel ME.

Then as a 2nd test check the Qubes HCL
https://www.qubes-os.org/hcl/

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ZZb07xj5Bxb2MPWCOFsK9ggitygqGD_gIUiIs59RUxbFXiTR7ldGL9wqatBqd0Xynbp09egpUOUwCXSTwZHO_fZ8eWHB-y_FjGB_6PXo_Dw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Using fedora-26-minimal sys-vms

2018-01-20 Thread '[799]' via qubes-users

Hello,

I want to use fedora-26-minimal based sys-vms and followed the documentation
(https://www.qubes-os.org/doc/templates/fedora-minimal )

I have updated the default fedora-26-minimal template and installed all
packages mentioned in the docs (Qubes 4.0 part of the above documentation link)
plus all firmware packages.

What do I need to install to get the network manager icon working?

NetworkManager is installed in the template and I have verified in the sys-net
VM that it is running:

systemctl status NetworkManager

Says: active (running)

I tried to start NetworkManager from command line, but got the message:

You must be root to run NetworkManager.

I then started a xterm from dom0 as the Root user:

qvm-start -u root sys-net NetworkManager but nothing happened. I also try to do
this from a xterm session (qvm-start -u root sys-net xterm).

Any ideas how to get a sys-net which has a working network manager?

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/BbBUvPEuJO1mn1_nuijkn0vBxPn5xAorFclHFOsQUwXeKtaNWwMhl8VHFATTVmmwWbXI2Nd8SGeKn6YPoIJ7n5XvDKzRXgdfSCt4PGZkxU8%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Created new fedora-26 dvm, how to delete old dvm

2018-01-19 Thread '[799]' via qubes-users

> I tried to remove the default DVM, but it didn't > work. What do I need to 
> do, to get rid of the
> old (Fedora 25 based) DVM which comes with > the default Qubes 4rc3 
> isntallation ?

After some trial and error I found out what was causing the problem, deleting 
the default fedora-25-dvm and the fedora-25 template.

I had not only to migrate all AppVMs to the new fedora-26 template, I also had 
to edit /var/lib/qubes/qubes.xml and change the entries default_template and 
default_dispvm from fedora-25 to fedora_26.

After that I was able to qvm-remove the fedora-25-dvm and also the fedora-25 
template via sudo dnf remove qubes-template-fedora-25

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/_wbkzGY79kVeiPvZCdx5yvLLWLA_Xz4df_VLCSAZOPZs7eGsnulKxvtRWenKCQCLn9eJxAJpR6IfKiJrScjcFdj7JxDxwc4yEu49g8GVOeI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: AW: [qubes-users] Alt-Tab not passed through

2018-01-19 Thread '[799]' via qubes-users

Hello,

[799] wrote:
>> Is there anything I can do, so that Alt+Tab is
>> not (!) working in dom0 but in the AppVM
>> window / in the virtual desktop connection?

mossy-nw answered:
> I'm not sure you want to do this, e.g. if your
> virtual desktop ever ends up in full-screen
> mode, there are security reasons why you
> want alt-tab as a sanity check to be sure
> you're in direct communication with dom0.
> Could you assign a different shortcut
> (SHIFT-CTRL tab?) within the VM?

I haven't thought about the Alt+Tab behaviour as a (security) feature - thank 
you for the interesting view.
I have chosen to come up with a workarround as solution to switch my Apps in my 
virtual desktop window:

1) Download Autohotkey in the virtual desktop

2) Create a my-autohotkey.ahk configuration file with the following entries:

LAlt & w::AltTab
LAlt & q::ShiftAltTab

3) run Autohotkey with the above configuration

I am now able to switch windows back & forward using Alt + Q and Alt + W, which 
is good enough.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aaGK4T9a58873cage7VERtwbNHqFKUGtknfEIWJUWTKcN0250jE8xx0f0FHdPOraCNRnjyk5lE6g6d8fI4JuObqrk-A3f91kEse50T0-SgE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Alt-Tab not passed through

2018-01-18 Thread '[799]' via qubes-users

Sorry for my first empty email, which has been send to early.

I am using a fedora template which has wäre Horizon View installed, so that I 
can use the AppVM to access my corporate desktop.

I can start the application, login, launch my virtual desktop and work with it.

One very annoying thing (I would not call it Bug) is, that Alt+Tab is not 
recognized within the virtual desktop, but instead in dom0.
If I want to switch windows in the virtual desktop via Alt+Tab, I get the next 
Qubes Window.

Is there anything I can do, so that Alt+Tab is not (!) working in dom0 but in 
the AppVM window / in the virtual desktop connection?

[799]

Gesendet von ProtonMail mobile

 Original-Nachricht 
An 18. Jan. 2018, 18:33, '[799]' via qubes-users schrieb:

> Gesendet von ProtonMail mobile
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/Nl7cAH9ddI5FqNGUN-o4Rg3ug-seBZDJTmAvHv4Ycm413VhtoGd4pRBX2usaMoILBuXD6c8IVTI-AlGoQo_s_-2QXl35nRkheQJ9BKfFnR4%3D%40protonmail.com](https://groups.google.com/d/msgid/qubes-users/Nl7cAH9ddI5FqNGUN-o4Rg3ug-seBZDJTmAvHv4Ycm413VhtoGd4pRBX2usaMoILBuXD6c8IVTI-AlGoQo_s_-2QXl35nRkheQJ9BKfFnR4%3D%40protonmail.com?utm_medium=email_source=footer).
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/_rTsrajKQzpoexmmM1GlN48NIaV-PnsynXtaQvuayIinNPXrE0mHiG4QV5IRfVVeUveNBOJQ-4iFVtyRFjJkcTz9EtkapnTmEXwlZILVZrE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Created new fedora-26 dvm, how to delete old dvm

2018-01-18 Thread '[799]' via qubes-users

Hello,

After migrating my templates to Fedora 26, I have also created a new disposable 
VM, based on a Fedora 26 template.

I have set the new DVM to start, from all other AppVMs, as such the DVM should 
not be referenced to in any other app vm.
I tried to remove the default DVM, but it didn't work.
What do I need to do, to get rid of the old (Fedora 25 based) DVM which comes 
with the default Qubes 4rc3 isntallation ?

[799]

my procedure to create a new Fedora 26 DVM:

---8# Create a new Disposable App-VM "my-dvm" which is based on a custom 
template t-fedora-26
qvm-create --template t-fedora-26 --label red --property 
template_for_dispvms=True --class=AppVM my-dvm

# TEST: Start an application in this dvm
qvm-run --dispvm=my-dvm xterm

# Fix menu entry from Domain: my-dvm to Disposable: my-dvm
# https://groups.google.com/forum/#!msg/qubes-users/gfBfqTNzUIg/sbPp-pyiCAAJ
# https://github.com/QubesOS/qubes-issues/issues/1339#issuecomment-338813581
qvm-features vmname appmenus-dispvm 1
qvm-sync-appmenus --regenerate-only my-dvm

# Change the Disp-VM from an AppVM (here: my-untrusted)
qvm-prefs --set my-untrusted default_dispvm my-dvm

# Try to start something from this AppVM in a disposable VM
qvm-run --auto my-untrusted 'qvm-open-in-dvm https:/google.de'
# This should start a new dispvm which is based on your dvm-App

---8

Gesendet von ProtonMail mobile

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/HshR1Yx4N8HrY_ywCzx0n-Yydoi5s14S7B28ExPTOYTQvi7BkmpwQYLJsAt9pw5Sb3C4wtZhbDvN5SnlIKJqrp6uFsitl-8REAeN9rUdaHA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Alt-Tab not passed through

2018-01-18 Thread '[799]' via qubes-users

Gesendet von ProtonMail mobile

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Nl7cAH9ddI5FqNGUN-o4Rg3ug-seBZDJTmAvHv4Ycm413VhtoGd4pRBX2usaMoILBuXD6c8IVTI-AlGoQo_s_-2QXl35nRkheQJ9BKfFnR4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] How to play videos in qubes? says needs codec H.264, Mpeg-4 something

2018-01-18 Thread '[799]' via qubes-users

 Tim W wrote:
>> [799] wrote
>> I have a complete How-to which you can just
>> follow per copy & paste to get a multimedia
>> AppVM which is based on Debian-8 and can
>> be used to listen to Spotify, watch DVD and
>> use Amazon Prime or Spotify.
>> If you are interested I can send you the
>> installation script.

> why not post up the how to as I think many
> would find it beneficial with so many new
> users.

Actually I started to write a how-to for Qubes, but I found it hard to 
understand how to add new content to the Qubes site using GITHUB.
I've read the Qubes Docu Howto located here:
https://www.qubes-os.org/doc/doc-guidelines/
I was able to add a new page but it seems that it takes a long time until a 
push request make it back to the Qubes Doc repository, which feels kind a 
frustrating, as such I decided to create my own how-to repository.

[799]

Here is my procedure how to create a multimedia AppVM based on a Debian 
template.

# Firewall needs to be open to access Internet and DNS as we need to install 
additional packages on the multimedia-template VM.

# Based on the default Qubes OS Debian-8 template

# Clone template
qvm-clone debian-8 my-debian-8

# Setup networking for the new template as we need to download some files
qvm-prefs -s my-debian-8 netvm my-sys-firewall

# Launch new template
qvm-start my-debian-8

# Edit Firewall Rules in the VM
# [X] Allow network access except...
# [X] Allow DNS queries

# Launch Terminal in the newly started VM template
qvm-run my-debian-8 gnome-terminal

# Become root
su -

### Installation Spotify
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 
BBEBDCB318AD50EC6865090613B00F1FD2C19886
# TODO where to find the GPG Fingerprint for Spotify??
# Public-Key: 
http://keyserver.ubuntu.com/pks/lookup?op=vindex=0xD2C19886=on
# Fingerprint: BBEB DCB3 18AD 50EC 6865 0906 13B0 0F1F D2C1 9886
echo deb http://repository.spotify.com stable non-free | tee 
/etc/apt/sources.list.d/spotify.list
apt-get update
apt-get install -y spotify-client
# Create a spotify desktop-entry
cp -p /usr/share/spotify/spotify.desktop /usr/share/applications/
cp /usr/share/spotify/icons/spotify-linux-16.png 
/usr/share/icons/hicolor/16x16/apps/spotify.png

### Installation VLC
# Add Repository for libdvdcss
# http://www.videolan.org/developers/libdvdcss.html
# TODO where to find the GPG Fingerprint for VLC??
# Public-Key: 
http://keyserver.ubuntu.com/pks/lookup?op=vindex=0xB84288D9=on
# Fingerprint: 8F08 45FE 77B1 6294 429A 7934 6BCA 5E4D B842 88D9
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 
8F0845FE77B16294429A79346BCA5E4DB84288D9
echo "deb http://download.videolan.org/pub/debian/stable/ /" >> 
/etc/apt/sources.list
echo "deb-src http://download.videolan.org/pub/debian/stable/ /" >> 
/etc/apt/sources.list
apt-get update
apt-get install -y libdvdcss2
apt-get install -y vlc

### Installation Google Chrome
# Howto verify the debian repository?
# https://www.google.com/linuxrepositories/
wget -c 
https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
# better option instead of using wget?
# Try to install Google Chrome
dpkg -i google-chrome-stable_current_amd64.deb
# Install dependencies for Google Chrome (if not installation will fail)
# This will install: fonts-liberation libappindicator1 libdbusmenu-glib4 
libdbusmenu-gtk4 libindicator7 libxss1
apt-get -f upgrade
# Install Google Chrome
dpkg -i google-chrome-stable_current_amd64.deb
rm google-chrome-stable_current_amd64.deb

# Shutdown template
qvm-shutdown my-debian-8

# Create a new App-VM from this new Debian 8 template
qvm-create --template=my-debian-8 --label=orange --mem=512 --vcpus=2 multimedia
qvm-prefs -s multimedia netvm sys-firewall

# Add Google Chrome, VLC and Spotify to the AppVM Menu via "add/remove app 
shortcuts"

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/VVuhEIIBBBgzcqpVcCTKqNVqTkJ3C6PDYztNeLboi06svSMKjt3RAu4Wklv4_dIRA8v3Xga-AOY0zwP3M7KIkDyI24rRWcwpgOCDPGJtAKc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Release of Qubes R4.0rc4 :: fix Release Schedule date

2018-01-16 Thread '[799]' via qubes-users

Hello,

Can someone from the Qubes Dev Team update the Release Schedule for Qubes R4.0?

https://www.qubes-os.org/doc/releases/4.0/schedule still shows that release 
candidate 4 will be released on the 8th of January.

Maybe fix the entry to "to be announced" or maybe add a hint "because of 
SPECTRE/Meltdown".

It just looks bad if the release schedule is not up-to-date.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/XGRmYfqrd8liNJ2pfmqVfqaMMzxpiBzNiuVeYQG_dRMQ6mDNRXKNwHxmeTofyxK2TD2IE1QIpCDRah1tyyDYNmY_ZP-zW_O0aGs-FWku1XU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes Manager is coming back in Qubes 4.0-rc4!

2018-01-13 Thread '[799]' via qubes-users

Andrew David Wong wrote:

> Specifically, it will not duplicate functionality
> that is already provided by the new 4.0
> widgets. Specific examples include attaching
> and detaching block devices, attaching and
> detaching the microphone, and VM CPU
> usage.

Great news that the Qubes Manager will come back. Linux has always be about 
free choice and as Qubes Manager will be an additional way to interact with 
Qubes the users who don't want, don't have to use it.

I am also voting for a Qubes Manager which has nearly full functionally, as I 
don't like to use different places to do stuff.
Maybe this can also be configured, so that you have "lean mode" and an "full 
mode" or something similar. As mentioned: choice is good.

The current user interface results in much more "mouse meters" compared to 
Qubes 3.2

Thanks to the Qubes Team that they're listening to the user base.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/rXY2pHVr2yJByJ7mdrDFoCDBJ02dDONU0rKKipV8Qv-rvHeSzreelj0wFkX7pZauueBFTGd3ow1FR0kNx5pDp-0qsbPm-5HJhb1DH3mggYc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: how to clone template (fedora?), and print from cloned template in disposable vm? printer configuration

2017-12-26 Thread '[799]' via qubes-users

x x xxx xx x xxx "xj

Gesendet von ProtonMail mobile

 Original-Nachricht 
An 26. Dez. 2017, 15:53, cooloutac schrieb:

> On Saturday, December 23, 2017 at 5:45:47 PM UTC-5, jerry wrote:
>> 
>
> https://www.qubes-os.org/doc/dom0-tools/qvm-clone/
>
> then install printer in the cloned template, using your printer models linux 
> instructions. You can download the drivers using a disposable vm then 
> transfer them to the template or temporarily allow net access to the conled 
> template to install drivers.
>
> Set your diposable vm to use the new template as its netvm. 
> https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/bfbecd46-ef10-4acf-8061-f4aa2154f47f%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/jUrhaibkZUOIGXgz2gAiIO8sKkqjV_dU5WqnlRxrAskfNhX4xXQoLZ9IkUuUoDJ4J8C7xvV_wiiHGbq7XZl4GwKKWBjBM1oJrd5tlZPwb48%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

2017-12-22 Thread '[799]' via qubes-users

 Original-Nachricht 
An 22. Dez. 2017, 06:49, MirrorWay schrieb:

>> Since watts is already energy/time,
>> this should just say 9.5W

Ok, thanks :-)

>> As I understand it, Xen PV code has bad
>> track record of vulnerabilities, hence the
>> change to HVM in Qubes 4.0.
>> Also why I set only set trustworthy
>> VMs to PV.

This I also what I assumed as there must be a good reason why Qubes Team has 
switched to HVM instead of using PV VMs.
Still I'd like to learn more about the vulnerabilities, so I can make a 
decision risk vs. runtime. And as we can easy switch the Virtualization Mode 
via qvm-prefs, I could use a script to do so:
- shutdown VMs
- change virt_mode
- restart VMs

If I switch to disposable VMs, I assume the risk would be reduced.
Can this be done for the sys-vms?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/NcKMA5FrNQqQx8ikX9JjrHnd5BjcEF1XlO9UNwq7H6UCjr3csU_Pf-joQiguee5eVwVXv4KLfbVCYSqI-GptsZQiQViuw9YeVRWhfEciyqA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

2017-12-21 Thread '[799]' via qubes-users

Hello,

I was able to improve battery runtime following the tips from this thread:
I've switched all my AppVMs to virt_mode = pv, using:

dom0: qvm-prefs --set  virt_mode pv

In order to monitor my battery runtime and battery discharge rate, I've setup a 
small monitor in my xfce4-panel:

1) Create a new file in dom0: ~/bin/batmon.sh
2) Add the following content:
#!/bin/bash
# Show Battery Drain and Battery Runtime
echo BAT: `upower -d | grep "time to empty" | head -1 | awk '{ print $4 }'`"h 
@" `upower -d | grep "energy-rate"   | head -1 | awk '{ print $2 }' | head -c 
-3`"W/h"
3) make this file executable: chmod +x ~/bin/batmon.sh
4) Test it out, by launching it from the commandline: ~/bin/batmon.sh (as ~/bin 
is included in the PATH variable, it should run from everywhere via batmon.sh), 
Output should like:
BAT: 6.5h @ 9.5W/h

Add the ouput to your top menu bar as a small panel:

1) Right Click on the upper bar and choose "Panel", then "Add New Items..."
2) Choose "Generic Monitor", which will add it to the top bar
3) Right Click the new panel and choose "Properties"
4) Add the following information, where USERNAME ist your user in dom0
You can find the correct path by opening a terminal in dom 0 and run the 
following command: cd & pwd
Command: /home/USERNAME/bin/batmon.sh
Label: leave this disabled
Period (s): 15

If everything has been done correctly, you should Battery Discharge Rate and 
also Runtime in a new panel, which can be moved to your desired location withon 
the upper bar (Right Click, and then: Move).

This discharge rate can be uses very easy to monitor the impact of  different 
configurations settings in Qubes regarding the battery runtime.
Would like to hear your discharge rates.
My current System
> Lenovo X230
> SSD + 16 GB RAM
> sys-net + sys-firewall + Fedora AppVM
> Display Brightness ~25%
> Wifi on
Battery Runtime:
> Battery Drain: 9.3 W/h
> Battery Runtime: 6.6h with Battery Level at 68%
> Full Battery Runtime: 9.7h :-)

QUESTION:
What is the advantage of using PV vs HVM in Qubes? If I can double the battery 
runtime using PV AppVMs instead of HVMs, this is a strong argument to do so.

Kind regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Vl9CiQV1pE3vCHM77_YjoV5ssjyFlbsHc6U1Oz84DjtvRi2nEHLENHNGhR7Y0THpsOaswOYd27qm-Mn75AuHAZKI3x8MRuBZvM7elEwolM4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] X230 Webcam

2017-12-20 Thread '[799]' via qubes-users

 Original-Nachricht 
An 21. Dez. 2017, 03:11, Franz schrieb:

> I have a x230 and the default position
> of the webcam is in sys-usb where it appears
> as follows: Bus 002 Device 003: ID 04f2:b2eb
> Chicony Electronics Co., Ltd

I'd like to change the name so that it says "Internal Webcam" instead of 
"Chicony Electronics Co., LTD"
I know that there are some files which contains all USB device IDs and the 
description.
I also changed it there but the name wasn't changed.

https://askubuntu.com/questions/227881/lsusb-where-device-description-comes-from

Any idea how to get this done?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/UYmOSUzZXq3YCX5CqgNPpPFy77UbJ-kkf2jsnNIsSWG6LmnXtx1nk0YXi_eoCb-zDsPOFygp2M85A0D_eQLgZ0LQ7kHpPaNZGGNnVQG63y4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

2017-12-13 Thread '[799]' via qubes-users

Hello Chris,

 Original-Nachricht 
An 13. Dez. 2017, 19:15, Chris Laprise schrieb

> Increased CPU usage is a known issue.
> You can see it in the 'xentop' listing.
> This may be one of the core tradeoffs
> when moving to R4.0

Thanks for the hint.
Honestly I can't believe that Qubes 4 comes with such a big trade-off. Keep in 
mind that the X230 has a very big battery and reduced performance that's why I 
can squeeze out ~10hrs battery runtime on Windows and Qubes 3.2.

A "normal" laptop would run out after ~2 hrs of time.

To test this I'll run my x230 connected to a power meter with batteries out and 
take a look at how much power is needed.

I'll run the test on Q4rc3 and Q3.2 which will hopefully help investigating 
this problem.

On which level is the increased CPU generated? If this is happening on the 
AppVM level. This would mean that I should get a better runtime when running 
only dom0, correct?
Of course this is only meant for investigating this issue.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/vjmeYnLvB13_2T6n10PealolwPGK8ky3v4YplrW4BJqP4JVZuQBTiOnXe1IksjyEVn_8tb0s0HyGwujD09LH1zOwOSwOEragitwJHjdEPi8%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4rc3 :: 50% reduced battery runtime compared to Qubes 3.2 on Lenovo X230

2017-12-13 Thread '[799]' via qubes-users

Hello,

I'm am running version 4rc3 on my X230 and I am suffering from a very reduced 
battery runtime.

Under Qubes 3.2 I was able to get 10 to 11hrs of battery runtime with "tlp" 
enabled and powertop optimizations.

Runtime is now reduced to ~4-5 hrs under Qubes 4rc3. I have installed tlp and 
powertop in dom0 but am still far far away from my excellent batter runtime 
under Qubes 3.2

Any ideas what is 'wrong' with 4rc3 or what I am missing?
Are there any power optimizations missing in the kernel? workload and AppVM 
configuration has not be changed.

Any ideas would be great as I need to work lots of time at the customer 
location and battery runtime is as important as security.

Running out of battery after half a day adds a lot to security but 
unfortunately affects productivity ;-)

Kind regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/B05rlo39-9KoGaMQbDy4VBffYGleP_0FwO4WtaqCZz0rTMrSc8xb3w_N31XkUgq3IsqQR8V2ZGUvuTV1Mqm3Le5ahSjZq4-8syI1LjzypZU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Re: Crossover (Office 2016) and Qubes 4rc3

2017-12-12 Thread '[799]' via qubes-users

Hello,

 An 12. Dez. 2017, 18:00, Adrian Rocha schrieb:
Hi, I am using Crossover on Qubes 3.2. I suppose that it have to work fine in 
Qubes 4. You just have to install it and register on the template VM, like any 
other software. After that you can install the Windows apps in the App VM 
because they are installed in the user home dir

I tried 2h to install Office 2016 with Crossover 17 using a Fedora 25 Template 
under Qubes 4rc3.

While the installation of Crossover itself is very easy, I wasn't able to 
install office 2016.
The Installation starts, but end in a loop, after installing the dependencies 
like fonts the Office 2016 installer launches and then the window dissapears 
and the installer keeps saying it is installing.
But nothing else happens.

This test was done with the offline installer of office 2016 from the o365 
package.

I'll try to rerun with an office 2016 pro plus installer

[799]
.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/jLPpHF4_E_W0_mvD_NccmEOmDB7pY2R904dKz8L2RjPEzNHPcsI773bPEmt1Qse8TWKkwD7txhzYDhDbVmyO4Otd8hqIeaCwWH9EFl13bok%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Crossover (Office 2016) and Qubes 4rc3

2017-12-12 Thread '[799]' via qubes-users

Hello David,

>> I'd like to use Crossover to run Office in a
>> Fedora based AppVM.

> You may find it prudent to simply run
> windows, like such:
> https://www.qubes-os.org/doc/windows-appvms/

I know that I can run a Windows VM in Qubes and I have also done so in Qubes 
3.2.
Unfortunately seamless mode was not always working and I don't want to deal 
with the overhead of a full windows OS.

- Philipp
-- You received this message because you are subscribed to the Google Groups 
"qubes-users" group. To unsubscribe from this group and stop receiving emails 
from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to 
this group, send email to qubes-users@googlegroups.com. To view this discussion 
on the web visit 
https://groups.google.com/d/msgid/qubes-users/p0nkpj%24s4b%241%40blaine.gmane.org.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KNIj6uXovkrreP1MbuJK2wlzFDeWM9aaNvgSLea_aVy_owyqjW1kdORj90RiNUNCegsAWoD7VDPop5pxAL-85HaslPnSlyDp-r08M_G1OEU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Re: Qubes support Secure Boot

2017-12-01 Thread '[799]' via qubes-users

Gesendet von ProtonMail mobile

 Original-Nachricht 
An 1. Dez. 2017, 17:15, Andrew Eason schrieb:

> Couloutac mentioned Richard Stallman's comments.  I was curious what he said, 
> so I looked it up.
>
> There is an addendum at the bottom to his original essay.
>
> from the bottom of the essay at 
> https://www.gnu.org/philosophy/can-you-trust.html
> (I added a * to the most relevant line):
>
> As of 2015, treacherous computing has been implemented for PCs in the form of 
> the “Trusted Platform Module”; however, for practical reasons, the TPM has 
> proved a total failure for the goal of providing a platform for remote 
> attestation to verify Digital Restrictions Management. Thus, companies 
> implement DRM using other methods. At present, “Trusted Platform Modules” are 
> not being used for DRM at all, and there are reasons to think that it will 
> not be feasible to use them for DRM. Ironically, this means that the only 
> current uses of the “Trusted Platform Modules” are the innocent secondary 
> uses—for instance, to verify that no one has surreptitiously changed the 
> system in a computer.
>
> *Therefore, we conclude that the “Trusted Platform Modules” available for PCs 
> are not dangerous, and there is no reason not to include one in a computer or 
> support it in system software.
>
> This does not mean that everything is rosy. Other hardware systems for 
> blocking the owner of a computer from changing the software in it are in use 
> in some ARM PCs as well as processors in portable phones, cars, TVs and other 
> devices, and these are fully as bad as we expected.
>
> This also does not mean that remote attestation is harmless. If ever a device 
> succeeds in implementing that, it will be a grave threat to users' freedom. 
> The current “Trusted Platform Module” is harmless only because it failed in 
> the attempt to make remote attestation feasible. We must not presume that all 
> future attempts will fail too.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/CAL8H3o9mGQP2Oqnjt4sL0_obqOMdmo1ch%2BOWT%2B_p7RSqicstBg%40mail.gmail.com](https://groups.google.com/d/msgid/qubes-users/CAL8H3o9mGQP2Oqnjt4sL0_obqOMdmo1ch%2BOWT%2B_p7RSqicstBg%40mail.gmail.com?utm_medium=email_source=footer).
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0QxwpBasWfESrU0FRPf-TNt-B-GNLjQdIJcU4gRpcFH8zuyCmwxHYASjJXWilwCdfpmirdoC3Nry37m51wXgg0NjI2MLdnpJvNMLxCjB9k%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)

2017-11-28 Thread '[799]' via qubes-users

Hello Unman,

>> It's perfectly possible that the installer (not principally written by
>> Qubes) could mistakenly include a passphrase string.

As far as I have understand, the problem is not that the password is shown, but 
that the report with this error mistake and the password could get transferred. 
I don't want that my password gets transferred in some part of an error report.

>> I've seen similar stuff included in all sorts of error reports in the past.

This might be true, but this doesn't make this less harmless, if the password 
is really bundled in an error report that gets transferered somewhere.

>> It doesn't mean that Qubes "can't be trusted"

Wait, it's not (!) about blaming the Qubes team.
If my understanding is correct, and the password is included in an error report 
that gets transferred to a 3rd party, this is a really bad thing as something 
like this should not happen from my understanding.

[799]

>> Also, since this is an installation error, let's not over egg the problem

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2vKwbiORCF0Y-jH7FmGByGR2KjUE_uWWB7aM37w1BGKIBhobDyrJ99ult90ahUXjt0CrPMr0WDuOBIHTPwB7XlTjkwSqE5RmPisTB3A5Ycw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)

2017-11-28 Thread '[799]' via qubes-users

Hello,

Original-Nachricht
An 29. Nov. 2017, 00:48, schrieb:
Sorry but I almost fainted ! (I even took a picture ! I could not believe this
MEGA-HUGE security flaw right in front of my eyes )
(...)
Sorry, you are supposed to be good and security expert but you are asking me
(THE dumb USER) to report MY OWN PASSPHRASE AS A STRING to help you??
(...)
--

Honestly I can't believe that this is true, until you prove this, which might
be hard, as even a picture can be simple "ASCII Art".

If you are correct, this would of course mean that Qubes OS can't be trusted.
There should never be the option that a passphrase will be shown unencrypted.

Even worse including this passphrase in an error report which gets saved or
transferred to a 3rd party (even if it the Qubes Team) is an absolute no-go.

As mentioned, I don't believe this.

Can you provide more guidance what you have done and what hardware you are
using, so that someone can verify this problem, if it is reproducable?

Please also include all hardware specs, so that can also take this in account.

If you are right and if Qubes is Open Source the source code should be analyzed
to find this "hidden feature".

But as mentioned, I think this is BS.

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/UhGsICECEp38obsnohZcvD2OCQ0R5-cRIk0f4GwjenEgvkHBUE5bA4HRQtXNvFNIbC5qI7p1cERgfNNAta7GYMsPZRd3K-2pcoaY5sPPZ2o%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] sys-usb won't start under Qubes 4.0rc2 / pci strict reset for RC2

2017-11-28 Thread '[799]' via qubes-users

Hello David,

 Original-Nachricht 
An 27. Nov. 2017, 21:32, David Hobach schrieb:

>> Search for the related doc bug @qubes-issues.
>> It gives you the command, but I don't have it
>> at hand right now.

as Qubes 4rc3 has been released I've reinstalled RC3 and got rid of the problem 
with the sys-usb VM.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/iF0M5SkBsNdEKQ_dhdx3OdTruQIpmpAmmfTkd_VtCouzrqWsECv4L_RRcq81MzYvt4b-H-KlJFOHluud5XEfGWMCaF7ljsmpD70CU9k2x_4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] sys-usb won't start under Qubes 4.0rc2 / pci strict reset for RC2

2017-11-27 Thread '[799]' via qubes-users

Hello,

After having lots of problems to install Qubes 4rc2 on my X230 replaced my 
Coreboot BIOS with the stock/factory ROM and reinstalled from scratch.

Luckily I can now start AppVMs and also create new VMs.
The only thing which is not working is my sys-usb. Under Qubes 3.2 I got it 
working enabling strict PCI reset, but I don't know how to get it working under 
Qubes 4.

Any idea where to troubleshoot this problem?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/KnLJInT7j7wSYq9swzCmAciDE_ho-VjdtQKSHVaytQwr7DsgrB0J3Tf_VVMqTKiutbwvxGFESdA0LPbQcCXmDgoMHi6xcRBePzC08dWQmO4%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] 4.0-rc2 install error

2017-11-08 Thread '[799]' via qubes-users

Original-Nachricht
An 9. Nov. 2017, 01:07, just_testing schrieb:

I'm fairly new to Linux, but I managed to get 3.2 to run and like it. But, I
get this message during a 4.0-rc2 install with the same hardware: [Dom0] error
["/usr/bin/qvm-start", "sys-firewall"] failed: stdout:"" stderr: "Start
failed:internal error:libxenlight failed to create new domain "sys-firewall" ".

Lenovo T410 with intel centrino 6300 wireless card. So any hope? Maybe fixed in
the official 4.0 release? Something I can try? Incompatible hardware?

ANSWER:
I run into the same problem with my Lenovo X230 and invested several hours
reinstalling and trying different Grub settings (IOMMU) on boot.
Nothing made it work, thereof I suggest waiting until the final Release of
Qubes 4 comes out and don't invest any time here.
If you are new to Qubes be assured that Qubes 3.2 is perfectly fine to be used
for daily production use until Q4 has been released as stable version.

In my case I am unsure if running Coreboot adds additional complexity and
thereof will try to reinstall Qubes 4 after I've reflashed the original BIOS.

What would be great is a list of devices which are known to be able to run
Qubes 4.

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/afXZ_abe9OSLBH5iloYMNQ8Qr5FtnkIrsAPi6jPUn6FG-_3Jbn4Lcs_6Ra8lIidsBa6cmDP7_c3JMQaZqykQUq4aPpkLRdtNtv8SR0WYeFw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Mainboard buying advice :: Should we still avoid mainboards with Intel vPro ??

2017-11-02 Thread '[799]' via qubes-users

Hello,

> It seems that most new mainboards with Intel
> chipset have support for "Intel vPro"
> technology.

Have you looked here:
https://groups.google.com/forum/m/#!topic/qubes-users/8XrF_CpyEU0

> Is "Intel vPro" a real no-go or can Qubes still
> work with it?

Qubes will work with vpro. But with vpro it is possible to remotly administrate 
a PC.
This is something we are using for some of our customers and is helpful in an 
Enterprise environment but maybe not something you would like to have on your 
private machine.

Here some more details:
https://security.stackexchange.com/questions/128619/what-are-the-privacy-and-security-risks-associated-with-intels-management-engin

(This one has also the link to the Qubes article addressing the vpro/Intel AMT 
topic)

Additionaly:
https://puri.sm/learn/avoiding-intel-amt/

If vpro/Intel AMT is bothering you, I suggest running Coreboot (you might want 
to check which hardware is compatible:
https://www.coreboot.org/Supported_Motherboards)

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/yW8Np9legJcD2HqMmCUIwF56crlQ_HOhSKudXexwQvswDUNrFMwvEM7kHymtu2qxF4T9X_YO6Z3Hr8rkl54Sqzc18jNarZBJD9RFft98g-0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-11-02 Thread '[799]' via qubes-users

Hello,

>> Did you make it permanently ?

Yes of course :-) but thank you for the reminder, I edited in once in grub for 
the first boot after installation and then applied it in the Grub configuration.
Same results, VMs won't start - it seems only the both sys network VMs work.

>> Dont give up :)

Of course not ... Don't be afraid, there ist just nothing more I can contribute 
to the Devs and I am sure the topic will be solved in the next Release 
Candidate.
Happy to test then, but it seems that this horse is dead (or I have the wrong 
saddle to ride it).

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2IxLUmJFmspoGKHVjB6035DAcwPVJZ5ryNNKzEGz170zEWn4wr3eAV1H2IDjrm9A5jUN3XDapNRqrGQhd02jduLd4gxZnIDoPG5u_rhDnTU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-11-02 Thread '[799]' via qubes-users

Hello,

I tried the suggestion to remove the iommu line from Grub and did so on the 
first reboot after the installation.

Strangely this seems to work for sys-net and sys-firewall which boot up fine.
I also once been able to launch a disposable VM.
sys-usb and also other VMs which I've created using the same template like 
sys-net sys-firewall.
While sys-usb creates an error message. The other VMs don't give any error 
message, I can see the VMs shortly when I enter "watch -n 1 xl list" in the 
terminal, but that's it.
After a few seconds they fade away.

I have also been unable to start a new disposable on the next reboot.

As I can't give any qualified details why Qubes 4 behaves like this, I'll wait 
for Qubes 4-rc3.

What I would like to see is a information on which Hardware Qubes 4 has been 
successfully installed and launched at least once, including the start of the 
sys-vms and at least one AppVM.
If this basic functionality is given, I am happy to test - currently 4.0-rc2 
doesn't feel like it is ready to be a release candidate yet.

[799]

 Original-Nachricht 
An 1. Nov. 2017, 01:41, Sergio da Matta schrieb:

> Dear Sir,
>
> I think all the people needs feedback, but I know they are just a few people.
> And even that, Qubes are each time better ...
> Let's wait. Good luck.
>
> "7126 52E0 5754 8FEA BA46  9318 A3E7 BA7C 6D76 B8D7
> gmail/hangouts/skype/instagram/twitter/[sip.justvoip.com](http://sip.justvoip.com/)
>  : sergiomatta
>  whatsapp 031998050020, 06140639186" 
>
> 2017-10-31 22:25 GMT-02:00 [799] :
>
>> Hello,
>>
>> Honestly what is bothering me a bit, is that there seem to be lots of 
>> problems with Qubes 4-rc2, which is ok, as it is a testing release - bit I'd 
>> like to see more feedback from the Qubes Dev's, so that we can find out what 
>> is the Root cause.
>>
>> Isn't this how a test release should work? We (normal) users are testing, so 
>> that developers can get a qualified feedback what needs to be fixed.
>>
>> Or am I missing something and there is some action on the developer mailing 
>> list?
>>
>> [799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ChIerVb-rThYIlazF-SfMoefTQ0psRblc-qQrlH4wzgSYx2bbja0nWJBG-NOTqtHme0DbqDh8tJtjs270Ojf6PouObN9x_UlX9RefOOjtjo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Rc2 hangs on install -- Dell Inspiron i5759-8835SLV

2017-11-01 Thread '[799]' via qubes-users

Hello,

>> I use these cheap flash drives I buy in bulk
>> off ebay. I'll go get a pricey one and see if it
>> makes a difference.

I've migrated my USB drives to only one Modell:
SanDisk
https://www.amazon.com/gp/aw/d/B01NARBPI7/

It has a good performance (I have installed Qubes on of those to showcase it to 
friends and colleques.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ILM-tb116toA7ujD1-281zzymNU56buNw6e97HN_i71UBFmSsqpgHNJH8yQkcjLlHMQyYpd-jwuVBS1b24w6EBavfVdHvlikbDT7SpKIfw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-11-01 Thread '[799]' via qubes-users

Hello,

>> Hi all sergio matta mention to remove the
>> iommu=no-igfx. this solve the problem and i
>> think it will solve 90% of you the issue . so
>> the credit is for you sergio . Thanks . R

I've reinstalled Qubes 4rc2 and removed the line "iommu=no-igfx" upon first 
restart (after installing Qubes).

I found a small bug/typo in Grub, where it says that I should press Enter to 
boot, while the correct command is Ctrl+X.

Currently the installer is installing the default AppVMs. I'll keep you updated.
So far it looks good.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ijUiNaExeZ6NH-dFiY-Hp3ETjjycNLesDTZ8yU7Duhv7FEnnQI5XGyA9wO2x0OHyF2br6ak_hi0DKqqmAdKatWUDEqKv7NqLFAKnrJuyiRI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-10-31 Thread '[799]' via qubes-users

Hello,

Honestly what is bothering me a bit, is that there seem to be lots of problems 
with Qubes 4-rc2, which is ok, as it is a testing release - bit I'd like to see 
more feedback from the Qubes Dev's, so that we can find out what is the Root 
cause.

Isn't this how a test release should work? We (normal) users are testing, so 
that developers can get a qualified feedback what needs to be fixed.

Or am I missing something and there is some action on the developer mailing 
list?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cN0eVl_x2fCMyjKkbEij_kCRXH6Ba5tuKBWwe93gCxehDdXW17GSVDgmVxqhGk6z1bEVnNCEvjBgW8d3P_4k8Uy9IO0QF1WR1RoCkbBTdbQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: AW: [qubes-users] Reinstalled Qubes 3.2 -> /grub2/i386-pc/normal.mod not found

2017-10-30 Thread '[799]' via qubes-users

Hello,

> Try repeating the Qubes install but when you
> get to the custom partitioning step, make sure
> to specify the appropriate partitions for boot
> and /. You will probably want to re-enable the
> boot flag on your hda1 partition as well

Thank you for the feedback, I have meanwhile installed a fresh installation of 
Fedora 26 and could boot up fine, I reinstalled Qubes 3.2 afterwards and got 
the same result.

Can't boot, tried to setup the partitions manually and made sure that the Boot 
partition is installed correctly.
I also set the Boot flag to the first partition.
It doesn't matter ... Can't boot.
Totally annoyed that I tried Qubes 4 which can't boot any VMs and that I can't 
go back to Qubes 3.2 without deleting all partitions including my windows setup.

I think I'll try to reboot into windows when Fedora is installed, make a backup 
of my windows partition and then reinstall Qubes from scratch.
Have invested so much time already in this Qubes upgrade/downgrade topic that I 
am done for the year.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/I_CNqlWqIvivLmwrbLMPh1SjSn6xbh9cSN6pC8HgTSDLby2yBhqpMqkPRhe5tyXGe5XZ1yQVOxzVkzK4QpsbRJGBDU7aC6_2R8WRDuAvCY8%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-10-30 Thread '[799]' via qubes-users

Hello Rob,

>> So what is the solution ? Every reboot I am
>> struggle to Start the vm’s

As I haven't seen any good solution for this yet, I recommend going back to 
Qubes 3.2 until 4.0 has been updated to fix this or until we know what is 
causing the problems (hardware?).

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Dwat7n5DGrJThbSI2WeZFbsHWLlTkZLyvGcayi_3Dg7R81imem3LgVx9NhX4f1XVFelLKKTA95Pz4wP2jNojYAkXUTV79sP8SRhmLNCoVtc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Reinstalled Qubes 3.2 -> /grub2/i386-pc/normal.mod not found

2017-10-30 Thread '[799]' via qubes-users

Additional information:
I found out that Qubes didn't boot into /dev/sda3 but in /dev/sda5 which can't 
be started as this is not primary partition.
See also my attached screenshot.

I have mounted both partition with a live Linux and copied all files from 
/dev/sda5 to /dev/sda3.
I have also edited in /dev/sda3 grub2/grub.cfg and edited all entries which 
said msdos5 and changed it to msdos3.
Not sure if I need to changes some more lines and what to do afterwards.

As far as I know there are also references which are referenced to with a UUID 
(some weirds long numbers/characters) - do I need to change them also?

Also do I need to run a specific Grub command to apply the manually modified 
grub.cfg?

I tried to boot up, but run into the same error.
How can I reinstalled Qubes 3.2 and force it to use dev/sda3 as boot not a 
logical partition?

[799]

Gesendet von ProtonMail mobile

 Original-Nachricht 
An 30. Okt. 2017, 19:27, '[799]' via qubes-users schrieb:

> Hello,
>
> After Qubes 4 wasn't working for me I reinstalled Qubes 3.2 but on the first 
> boot I get the following error message:
>
> error: file '/grub2/i386-pc/normal.mod' not found.
> Entering rescue mode...
>
> I had 4 partitions before:
>
> /dev/hda1 = windows boot
> /dev/hda1 = windows 10
> /dev/hda3 = Qubes boot
> /dev/hda4 = logical partition
> /dev/hda5 = Qubes LUKS partition
>
> I tried to install Qubes a second time but iI get the same Error message.
>
> I booted with a gparted Live disk and changed to boot flag from /dev/hda1 to 
> /dev/hda3 still the same problem.
>
> Any idea where to go from here?
>
> [799]
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/_3tyghg4Vw7vQiie4gA8Cs_QidAzs5OPKo4fMNymrggMbS58D02Y_ebWic8ohUb1xEDvHOlVckWi-mwiflRNVVWcyJJ6_2Zndo2sJzJ-vPE%3D%40protonmail.com](https://groups.google.com/d/msgid/qubes-users/_3tyghg4Vw7vQiie4gA8Cs_QidAzs5OPKo4fMNymrggMbS58D02Y_ebWic8ohUb1xEDvHOlVckWi-mwiflRNVVWcyJJ6_2Zndo2sJzJ-vPE%3D%40protonmail.com?utm_medium=email_source=footer).
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9Z-_5gdft3mPG077MWS4gN1oJ_j6IVye-zYcny__ZVUlpSfTliMOgDYjm-dAokXO6-g7BsNoVxwMaNZLOQk_AKEseMFZL3vbP627l2dg43s%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Reinstalled Qubes 3.2 -> /grub2/i386-pc/normal.mod not found

2017-10-30 Thread '[799]' via qubes-users

Hello,

After Qubes 4 wasn't working for me I reinstalled Qubes 3.2 but on the first 
boot I get the following error message:

error: file '/grub2/i386-pc/normal.mod' not found.
Entering rescue mode...

I had 4 partitions before:

/dev/hda1 = windows boot
/dev/hda1 = windows 10
/dev/hda3 = Qubes boot
/dev/hda4 = logical partition
/dev/hda5 = Qubes LUKS partition

I tried to install Qubes a second time but iI get the same Error message.

I booted with a gparted Live disk and changed to boot flag from /dev/hda1 to 
/dev/hda3 still the same problem.

Any idea where to go from here?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/_3tyghg4Vw7vQiie4gA8Cs_QidAzs5OPKo4fMNymrggMbS58D02Y_ebWic8ohUb1xEDvHOlVckWi-mwiflRNVVWcyJJ6_2Zndo2sJzJ-vPE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Why is there no qubes manager in V4.0?

2017-10-28 Thread '[799]' via qubes-users

Hello,

> What original Qubes Manager did wrong:
> Didn't expose all per-VM settings (qvm-prefs)
> Didn't expose all global settings (guid.conf)
> Didn't expose all device options (USB mostly,
> block devices were available) Duplicated
> some functionality of the Applications menu
> Was non-resizable (serious issue when
> screen real estate is at a premium)
> Those are some of the reasons it was
> scrapped.

Thanks for the feedback, the most annoying thing was the non-resizable window, 
specifically when using a tiling window manager.

Still I think dropping Qubes Manager totally is a not the best solution as 
everyone who didn't like Qubes Manager had the choice to close it or not use it 
at all.

All other users who could live with the above 'problems' and would like to use 
Qubes Manager or something similar are now lost.
As mentioned I understand if Qubes Team thinks (!) that Qubes Manager is not 
that good and that they drop support for it, but I just a bad taste as it 
currently seems that the loss of Qubes Manager is trying to be sold as a good 
feature.
It's not. Users should always have the choice, that's what is so great about 
Linux.

Thereof I just want to raise my voice that a replacement for Qubes Manager 
(maybe with less options) would be great.

I'm fine with using the CLI to setup machines. Change complicated options etc. 
but for daily use Qubes Manager was great.

Maybe we should start to collect voices to bring a Qubes GUI App back to 4.0.

Thereof:
My vote for Qubes GUI-Manager.
Willing to pay 40 eur for a good replacement.
Who is joining this "campaign"?
Maybe someone likes to program this, if we throw in some budget.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/qOHhumU7cKdGlZxgDDB-RxOOI5WjwCXmvNKu0whHmWcbC8Jr18Sc5zaLpVIjf29kv0TEiXG5SxyIeQbo04RCHhnVygNArS-i8ELWaZtjdM8%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Why is there no qubes manager in V4.0?

2017-10-28 Thread '[799]' via qubes-users

Hello,

> While I do know how to use the cli tools I
> enjoy a gui for at a glance viewing and tasks,
> it is much easier to press start/stop on a
> nice list rather than type two commands.

While I appreciate the new features in Qubes 4, the lack of a graphical
frontend like Qubes Manager is a step backwards, as Linux is always about
choice.
Can't someone program a very simple GUI which offers the following functions:

1) show all VMs with the option to hide:
- internal VMs (I really hope to get this setting back from Qubes 3.2)
- Template VMs
- all VMs which are not running

2) indicate which VMs are running

3) offer the option to do the following actions on a VM:
- start
- restart
- shutdown
- kill
- open preferences

Nice to have:

4) maybe also: attach/remove USB and Block-Devices

5) show an icon if an USB/Block-Device is mounted

I think that having the options 1 - 3 is perfectly fine, as this will make the
interaction with VMs easier (also for newbies who come from any other OS).

Please don't get me wrong, I like the new widgets as they offer additional
options, but a central cockpit to do basic tasks is missing.

I can live without additional features like performance metrics in Qubes
Manager, but the basic tasks would be great.

Can maybe someone outside of the Qubes Team program this?

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/PMUSHJUSM_YjHGdqMIJTlwz5I5fdL3SeNQPW_v5p4i2y2RpQ35uqwaYGwmofav8wd6RNzuLf-ZJXQs2HYV6H5qmKpE7AA3Q7RbEpZ5XWfVc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] Re: Update sys-net and sys-firewall to fedora-25?

2017-10-27 Thread '[799]' via qubes-users

Hello,

>> I hope we can still use a gui with mouse
>> clicks to do this stuff in 4.0 lmao

I also hope that there is a replacement for Qubes Manager as (even as regular 
Qubes 3.2 User) Qubes 4.x feels much more complicated, compared to 3.2.

The Qubes Manager which was running on an own Workspace was the best way to see 
what is going on with one glance.
It was also possible to make adaptions to several VMs in one go.
If I want to switch the Net Template for 3 VMs it is much easier doing so from 
Qubes Manager instead of opening the upper left menu and click through the 
submenus to open AppVM Preferences.

>> Otherwise once 3.2 is eol, my family
>> will find other solutions...

As it seems more users have issues with the current release (VMs not starting) 
and because of hardware dependencies I hope that 4 0 get "fixed".
I don't want to buy new hardware for Qubes 4 as I like to stay with Coreboot 
and the possible hardware which has enough power, is in 12" form factor and 
support Coreboot AND (!) Qubes 4.x seems to be small.

I still don't know if my X230 + Coreboot will run 4.x
Thereof I have also migrated back to 3.2.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/jzXYriBYjxKmyG-MqyDxc5tq5eGg7nqIUm4qFUAQjDpclobtK8v2qd7jtgob6nnW59Rp8Pbi3MclMRi3iuIScJ5jPKJLcz0iXlMYnGMvRHw%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-10-25 Thread '[799]' via qubes-users

>> I've made a clean install of Qubes 4-rc2
>> but ~70% of the time I can't boot the VMs

After 2h troubleshooting I deleted my whole setup and reinstalled, again 
running into problems when trying to create new VMs.
... Ahrk. I. Hate. Linux. (From time to time).

Seriously, I burned now ~2h trying to get Qubes 4 running. Can't be that hard 
for a user who is running Qubes for ~2y.

Question:
Can we get an information on which laptops/Modells Qubes 4-rc2 has been tested?
Currently I don't know if I just to dumb to get things up and running or if my 
hardware has a problem.
As I have already invested lots of time in Qubes 4 rc1 before abandoning it and 
go back to 3.2, I just don't want to burn any time in case that my hardware is 
a dead horse.

Having the information on which laptops Qubes 4 "should" run or even more where 
it is running (Dev Users?) would help.
The HCL https://www.qubes-os.org/hcl/ does not help me, as it has no 
information if 4.x is ok for the X230.

As mentioned before I am running Coreboot, should I go back to stock ROM?

[799]
I need to

. > > This includes sys-net, sys-firewall, but also . > > > > I tried to check 
the logs but I don't get any valuable information. > > See screenshot. > > > > 
I started the following command in dom0: > > > > watch -n 1 xl list > > > > 
When I try to launch a VM I can see that the VMs appears in the xl list output, 
but the State is -- and the Time(s) is 0.0. > > After ~30sec the start is 
aborted with error message: Cannot execute qrexec-daemon. > > > > Questions: > 
> 1) is anyone running Qubes 4.0-rc2 on a Lenovo X230? > > 2) is someone 
additionaly running Coreboot? > > 3) I am running the Qubes Installation with 
the default settings, any options to tweak on the Grub command line > > > > 
[799] > > > > > > > > > > > > Gesendet von ProtonMail mobile > Set pci strict 
reset on sys-net and sys-usb to false and try again. If that doesn't help set 
virt_mode to pv. If that helps it means your laptop does not meet minimum 
system requirements Same for me. It worked after a lot of restarting and 
changing settings. Sys-firewall started after I set initial ram higher. The 
others on debug mode with no network-vm set in settings. Not immediately 
though, try it, even change templates, and restart the templates a few times. I 
didn't get the qrexec logs from the qubes-applet and didn't bother to check 
further since it worked after several retries. -- You received this message 
because you are subscribed to the Google Groups "qubes-users" group. To 
unsubscribe from this group and stop receiving emails from it, send an email to 
qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to 
qubes-users@googlegroups.com. To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0326dd36-a12e-45f3-ad4e-ce89ad688772%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/-eRgdQDQFTTwNdHXLhB497Flh6HWeMHUfuTBAA87lVz-poaDrd2zQ03XH6EDMtIkEogtZwdx9nU07fLR3bmdjeM7oBjZui01iRGyQAZ7WCA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes 4.0-rc2 :: VMs fail to start

2017-10-25 Thread '[799]' via qubes-users

Hello,

>> Set pci strict reset on sys-net and sys-usb to
>> false and try again. If that doesn't help set
>> virt_mode to pv

qvm-prefs -s sys-usb pci_strictreset false

Results in:

qvm-prefs: error: no such property: 'pci_strictreset'

Has the setting be changed in Qubes 4? Same question has been asked by me for 
the internal setting, which hides VM from the menu.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9xauEp9fAThnlIDOtfnH7OJUBjhrIT3yaFh_ICk5vN8BtRZP0rLLQ3SicgLoKw9O0gRYZw_e1ZJnxESd6cshQlynsclsTJqCVCRkRzz2Awk%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Windows 10 guest support (in Qubes 4.x)?

2017-10-25 Thread '[799]' via qubes-users

Hello Tine,

>> I would like to know if there are any plans for
>> better Windows (10) support in the
>> upcoming 4.X version?

I have the same question regarding the future strategy for windows support:

- will we see Windows 10 support in Qubes 3.2?
(Not relevant as Qubes 3.2 will become EOL)

- what about windows 7 and 10 support in Qubes 4.0?

With "supported" I mean that we'll have Qubes Tools available and maybe the 
option to use seamless mode.

In the past I read about Windows Support for windows 8.1 which I think is not 
relevant as most people run either Windows 7 or 10.
Looking at my customers I have not a single customer who is running windows 8.x 
(for a good reason).

To Qubes Dev's

I really think the Qubes Dev-Team should be honest and transparent about Qubes 
Windows Support - maybe answering the question if they are working on this at 
all, or if Windows on Qubes is more like another project which is out of scope 
of the Qubes Dev Team as they are mainly focussing on the Qubes (Core) OS 
themselves (which I would totally understand).

>> I really appreciate your work, but currently
>> this is preventing me to use Qubes as the
>> daily driver

As you said I need to run windows for my daily workflow and would really like 
to do so in Qubes.
I guess there are more users who work in Enterprise environments (as 
non-developers) where windows is basically the default OS where lots of 
applications are running.
One example is that lots of my work is done on Outlook (Exchange 2016) and I 
have not been able to get this done with Linux.

I think it would be good to know how many users are asking for windows on Qubes 
and maybe raise some funding so that a capable developer can work on this topic.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/akE3h9OJmfmidm58UyS7FxK0sCUVtgRK__X6rHkfGjTeIQhvEp-ac2FROHm42zpJw5VLDDEeAj6PiXJP4-IBerWOnS46Pmzv_FbRadShsg0%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes 4.0-rc2 :: how to hide VMs from menu

2017-10-25 Thread '[799]' via qubes-users

Hello,

Thanks to the Qubes-Team for releasing v4.0-rc2.
After having problems with my Lenovo X230 and 4.0rc1 I decided to wait for the
next release and gave it a try yesterday.

I went through the installation process and booting up was fine, even when
running Coreboot.

Some feedback:

1) I had to boot 2 times until the sys-net VM could launch network manager.

2) it feels like the starting of VMs is a slower than on Qubes 3.2.
My X230 has 16GB RAM and a 500GB SSD, i5-CPU, so I don't understand the light
performance loss.

3) starting VMs fails occasionally:
The auto start of sys-firewall fails. I tried to manually start it and run a
terminal with:

qvm-start sys-firewall && qvm-run --gui sys-firewall Gnome-Terminal

I see that the VM seems to start up (Qubes Icon on top right corner, shows a
"progress circle icon" behind sys-firewall, but the start is aborted and I get
an error message:
"cannot execute qrexec-daemon"

3) missing Feature:
It seems that is not possible to hide VMs from the startmenu as before.
In Qubes 3.2 there was the option in Qubes Manager "Internal" which would hide
the VM.
It was also possible to use "qvm-prefs -s internal true"
Please bring back this feature as it allows me to keep my list of VMs in the
menu "clean and lean"

Any idea what I can do to fix 2)?

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/n_iu0nSlMteG489F6wQyfQIYYQRCtZEDHFzE_OmJuNONk82qzLBAa8wQMTJ5G68IILSCusUc4oEXGep2K3tLvWxyIKTuVsRYFjRSt1l9ytM%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Qubes OS 4.0 second candidate (rc2) has been released!

2017-10-24 Thread '[799]' via qubes-users

Hello Roy,

>> Hi is it possible to update from rc1 to rc2 ?

It's all in the news ;-)

=> https://www.qubes-os.org/news/2017/10/23/qubes-40-rc2/

"[...] As a consequence of the partition layout change, it will be necessary 
for current 4.0-rc1 testers to perform a clean reinstall of 4.0-rc2 rather than 
attempting to upgrade in-place. [...]"

Regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/VG4HL6d5E8X_FN_GTA33XtMASUI3RFtwJ1VeJkg6sstVrKRVRXkJkTaqEku8o9Uup_-rnp_4Irag8GPa6InTOK1wZTPf-NmGV15wrm09DHk%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Anyone have any luck setting up KDE Connect or another Android-sync tool?

2017-10-24 Thread '[799]' via qubes-users

Hello,

You can use iptables to manipulate the firewall within the AppVM.
Additionaly you might need to edit sys-firewalls firewall.
Do you have information about the IP addresses of your Android phone and the
AppVM you want to use?

Using IPtables is really easy and it makes sense to look through the existing
documentation.
And it makes sense to understand how a firewall is working as it is part of
your line of defense.

Read this documents:

https://devopscube.com/iptables-tutorial-beginners/

https://www.howtogeek.com/177621/the-beginners-guide-to-iptables-the-linux-firewall/

And I like this one, as it explains not only the commands:
http://www.pinoylinux.org/tutorial/the-beginners-guide-to-iptables-the-linux-firewall/

You need to allow traffic on the INPUT and OUTPUT chain as you want incoming
and outgoing traffic.

Hint: To allow a port range you could add something like this:

Example: allowing incoming TCP traffic on ports 1000-2000 from any IP address.
iptables -I INPUT -p tcp --dport 1000:2000

I would suggest start with a simple rule and harden it by replacing it with
source & destination options, so that only specific traffic is allowed.

I have started to built my own iptables rules, by deleting everything and
rewrite from scratch what I need.

If you have any question or need help after reading some of the above links, do
not hesitate to contact me ;-)

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/d372Yw7Kiir_UX6vw4GiJcWdX7Gn2oN6SMcFzB8YWgmO0rNRgCKs_jB86AZvDO2AU5FPanZXF6fpIBOy2CrLMxQU-R97VQ7o9XOAmLN3oPA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Update to Qubes 4rc2 Release Schedule

2017-10-23 Thread '[799]' via qubes-users

Hello Qubes Dev's,

will there be an update to the release date of Qubes 4.0-rc2?
I've looked at the website, but the release date is still the old one 
(23.10/today)
:
https://www.qubes-os.org/doc/releases/4.0/schedule/

Don't want to put any pressure here, as I'd rather see open topics removed in 
rc2 and what some days/week instead of having problems with the new release.

[799]

Gesendet von ProtonMail mobile

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/z24iiaUj6B-mJxzrnpfjkDevasJEJ9_oO8--6-vwZSDMdiNd3_79fZlx4C64kg1-xQtKMHBeX3Rs9h93uaB-uy4BJjUpX5_dwb1ojyyqMzo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] windows tools on qubes 4.0

2017-10-21 Thread '[799]' via qubes-users

Hello,

>> trying to install windows on qubes few problems
>> 1. trying to download windows tools not able due to not exist .
>> 2. trying to copy predefined img with windows ... not working .
>> any ideas ?

I've asked already what will be strategy regarding windows support in Qubes 4.x
As far as I remember I haven't received an answer - I hope that we still have 
windows support (including seamless mode) in Qubes 4.x, so if someone from the 
Qubes Development Team could answer this, this would be great.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/gDOpVVgiXB9dAUFJg1n_3cd2WX-NruZ5xSzzRpW0CP3DtI1KbkTThQ82uKoKiq6_Izjm8ks2OeUjXd-TD5bRZzIJGfZc5cxzOBdiv7QAk7U%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-21 Thread '[799]' via qubes-users

Hello rysiek,

> For what it's worth, we're using (not with Qubes, just generally) a system of
> LUKS volumes in large (hundreds of GiB) files on SSHFS-mounted volumes (for
> backups), and we're quite happy with that set-up.

thanks for the info, good to know that sshfs seems to work on a daily basis.
I have migrated from NFS to SSHFS already.
I'm using certificates for additional security and have restricted firewall 
rules so that only transfer between both VMs TC/port 22 is allowed.
Seems like a solution that is ok, even when I'll not out the 
"save-the-world-formula" there (as encfs seems to be the weakest link in my 
setup).

Regarding my specific use case I would like to synchronize the data to keep a 
copy at another location.
Using LUKS images can cause a problem depending on the transfer mechanism, as I 
need to use a mechanism which will only transfer the qctual changed blocks not 
the whole image.
As such I'd like to use an encryption which works with file based encryption - 
knowing that this has reduced security as metadata etc. can be used to attack 
the encryption.

See my other mail, how my solution with SSHFS looks like.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/V0dpX3W2EbJzCW_ZRiDmER_jVJ-scQxwql22ImWdVFpJItIIybF4bQri6R77rIDUGRTaAiUNcdg9sF1nIbKQ7lCir8vTDxmTmsjVNEuj2FI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Update sys-net and sys-firewall to fedora-25?

2017-10-21 Thread '[799]' via qubes-users

Hello,

here you can find my scripts, which will rebuild all your sys-vms:
All scripts must be made executable with chmod +x FILENAME

1) qvm-destroy.sh
this script  is a helper script which can be used to kill and remove a VM in 
one step
I'd like to see an option in qvm-kill to get this done:
something like: qvm-kill --purge
Until then, this script should work (Warning: it will kill the VM without any 
further questions :-)

#!/bin/bash
# Kill a running AppVM and remove it
# Usage: qvm-destroy 
echo "Killing VM: $1"
qvm-kill $1
echo "Removing VM: $1"
qvm-remove $1
echo "Waiting for 5s (just to be sure)"
sleep 5s

2) create-t-fedora-25-minimal.sh
Built a custom template which will be used to create the new sys-vms
mytemplatevm is the name of the new template, which will then be used in step 3 
to build the sys-vms.
I like to work with clones of the default templates, so that I can always go 
back to a standard template.
I name my VMs with t-... to indicate that this VM is a template VM.

#!/bin/bash
# Variables
templatebasevm=fedora-25-minimal
mytemplatevm=t-fedora-25-minimal
# Install templatebasevm (just to make sure it is available)
sudo qubes-dom0-update qubes-template-$templatebasevm
# Remove existing Template VM
echo "Killing VM: $mytemplatevm"
qvm-kill $mytemplatevm
echo "Removing VM: $mytemplatevm"
qvm-remove $mytemplatevm
echo "Waiting for 10s until everything is finished"
sleep 10s
# Create a new template based on default template
echo "Clone $templatebasevm to $mytemplatevm"
qvm-clone $templatebasevm $mytemplatevm
# Hide original template
qvm-prefs -s $templatebasevm internal true
qvm-prefs -s $mytemplatevm internal false
# Launch new template
echo Launch new template-vm $mytemplatevm
qvm-start --tray $mytemplatevm
echo "Wait for 10sec until $mytemplatevm VM is up"
sleep 10s
# Install Updates and additional packages
echo "Install updates and additional applications in $mytemplatevm"
qvm-run $mytemplatevm 'xterm -e "sudo dnf -y update && \
   sudo dnf -y install mc nano pass langpacks-en langpacks-de 
glibc-locale-source qubes-usb-proxy \
   qubes-input-proxy-sender gnome-terminal terminus-fonts 
less dejavu-sans-fonts \
   NetworkManager NetworkManager-wifi 
network-manager-applet wireless-tools dbus-x11 \
   tinyproxy notification-daemon gnome-keyring 
iwl6000g2a-firmware keepass \
   linux-firmware && \
   shutdown -h now "'
echo "Wait until all updates have been installed"
read -p "Press Enter to continue"

3) create-my-sysvms.sh
This script will actually build the new sys-vms (and remove the old one before).
It will use the template you have created in step 2)

#!/bin/bash
systemplate=t-fedora-25-minimal
## Kill and remove existing vms
./qvm-destroy sys-firewall
./qvm-destroy sys-net
./qvm-destroy sys-usb
## Create a new Net VM
qvm-create --template $systemplate --label=red --net --mem=300 --vcpus=2 sys-net
# Disable PCI_Strictreset
# Attach PCI-Controllers  to AppVM
qvm-pci --add-class sys-net net
# Fix Wifi when waking up from Resume
# https://www.qubes-os.org/doc/wireless-troubleshooting
sleep 10s
qvm-run --auto sys-firewall 'xterm -e "sudo echo iwlmvm  >> 
/rw/config/suspend-module-blacklist && \
sudo echo iwlwifi >> 
/rw/config/suspend-module-blacklist "'
qvm-shutdown --wait --force sys-net
## Create a new Firewall VM
qvm-create --template $systemplate --label=orange --proxy --mem=300 --vcpus=2 
sys-firewall
#  Set Net-VM
qvm-prefs sys-firewall -s netvm sys-net
## Create a new USB Qube
qvm-create --template $systemplate --label=red --net --mem=1024 --vcpus=2 
sys-usb
# Disable PCI_Strictreset
qvm-prefs sys-usb -s pci_strictreset false
# Enable Autostart
qvm-prefs sys-usb -s autostart true
# Attach USB-Controllers  to AppVM
qvm-pci --add-class sys-usb usb
## Start sys-vms
qvm-start sys-firewall
qvm-start sys-usb

4) create-default-sys-vms.sh
This script can be used to revert to the default sys-vms (based on the full 
fedora-25 default image, not the minimal image)

#!/bin/bash
## Kill and remove existing vms
./qvm-destroy sys-firewall
./qvm-destroy sys-net
./qvm-destroy sys-usb
## Create a new Net VM
qvm-create --template fedora-25 --label=red --net --mem=300 --vcpus=2 sys-net
# Disable PCI_Strictreset
# Attach PCI-Controllers  to AppVM
qvm-pci --add-class sys-net net
# Fix Wifi when waking up from Resume
# https://www.qubes-os.org/doc/wireless-troubleshooting
sleep 10s
qvm-run --auto sys-firewall 'xterm -e "sudo echo iwlmvm  >> 
/rw/config/suspend-module-blacklist && \
sudo echo iwlwifi >> 
/rw/config/suspend-module-blacklist "'
qvm-shutdown --wait --force sys-net
## Create a new Firewall VM
qvm-create --template fedora-25 --label=orange --proxy --mem=300 --vcpus=2 
sys-firewall
#  Set Net-VM
qvm-prefs sys-firewall -s netvm sys-net
## Create a new USB VM
qvm-create --template fedora-25

Re: [qubes-users] Re: Update sys-net and sys-firewall to fedora-25?

2017-10-21 Thread '[799]' via qubes-users

Hello,

as your sys-vms will connect to the outside world, I would recommend to run 
those with an OS which gets proper patches/updates.
As mentioned in another thread, it is easily possible to switch the sys-vms to 
fedora-25.
I'm running fedora 25 for all my VMs (Qubes 3.2).
I suggest that you keep the names of the sys-vms as I've run into a few issues 
when changing the names.
How to migrate:
1) download/install fedora-25 or fedora-25-minimal template in dom0
2) clone this template in a "sys-template" and install some more packages
3) delete your old sys-vms
4) create new sys-vms.

I have written a script which will do all the above steps, so that you can 
easily start with a fresh copy of sys-vms.
One more thing: depending on your hardware it might be, that using a 
fedora-25-template instead of fedora-25-minimal will be better for sys-net.
But as with all VMs, you can easily change the template via dom0 afterwards.
I would recommend the fedora-25-minimal templates.

If you are interested I can send you the setupscripts to migrate from your 
existing sys-vms to fedora-25-minimal based sys-vms.

[799]

>  Original Message 
> Subject: [qubes-users] Re: Update sys-net and sys-firewall to fedora-25?
> Local Time: October 19, 2017 5:31 PM
> UTC Time: October 19, 2017 3:31 PM
> From: yuraei...@gmail.com
> To: qubes-users 
>
> On Thursday, October 19, 2017 at 1:18:21 PM UTC, cqui...@gmail.com wrote:
>
>> Hi, I read around a bit but didn't really find much on this. I just created 
>> fedora-24 and fedora-25 vms following the docs pages. Since these are newer 
>> versions of the fedora os, should I switch sys-net and sys-firewall to use 
>> fedora-25 as a template instead of fedora-23, or should I just leave it as 
>> is?
>> Thanks!
>>
>> Fedora 23 is not supported by Fedora anymore, hench you don't get the 
>> important updates. For example, just last monday, a major crisis happened 
>> with Wi-Fi, leaving essentially all Wi-Fi networks across the planet 
>> vulnurable, especially those in Linux/Android, but also Windows/iOS/etc, not 
>> to mention all routors have to be updated too. This update won't come to 
>> Fedora 23, you will get the update for Fedora 25 however. This is just an 
>> example, using Fedora 23 is likely to be a big security issue. Dom0 being 
>> Fedora is less of a concern though, since it has no internet connection, and 
>> all system commnucation with Dom0 to VM's is updated by the Qubes team/Xen. 
>> Qubes still send updates to fedora-23 for the qubes toosl, but fedora-23 
>> itself isn't being updated anymore.
>>
>> Essentially the Qubes command to upgrade/install the template should include 
>> all the Qubes tools, so it shouldn't be a problem to replace them in the 
>> Qubes Global Settings, as well as the individual VM's.
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to qubes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to qubes-users@googlegroups.com.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/qubes-users/49518b9c-47ca-44a5-877d-20b4954a3c7e%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2P7liioHSTxPrv4N-uosFutrgjrE6B8KV4yAYF_gMBCzw5Jae4-4RdVylgKnuPivyWtuUcdrDvSXHnwHWVIafGGx8FPK3pteXWjO_N-LeeI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: XEN)QUBES END POINT SECYRITY

2017-10-21 Thread '[799]' via qubes-users

Hello,

>> Somewhere in qubes site is mentioning that it is not a linux based os but 
>> xen [hv.](http://hv.So)

true, the management (dom0) is a fedora based VM

[>> So](http://hv.So) on my question in internet security I took the answers on 
what was looking for but
>> I am searching too if the Xen bare metal Hypervisor can be secured that way
>> not only the virtual machines on it.

The question you're asking (as far I understand it) is "is there something like 
Antivirus/Antimalware for Qubes OS"?
The question should be maybe more something like:
- what kind of attacks put my privacy/data at risk?
- how likely are they and who can run those attacks?
- where do they happen?
- how much budget (mainly time, as additional security most time results in 
less comfort) am I willing to spent?

When I started with Qubes I took a piece of paper and draft an idea how I want 
to separate data and workspaces.
This was a guide to start the journey and was adapted to my workflow.

A good starting point showing the possibilties can be found here (even when it 
is some days old):
https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/l3iuaCqpZnbmOCbdMp77BKnArjmUDHuB0K_MYWwPduxPo39HHhi1sWo48UZ4FiJLueLpeBAXYThoe8QW605lXaU3iV68RuElVVwNpQ42spA%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re:SOLVED: Re: Windows HVM has network access, but claims there isn't

2017-10-21 Thread '[799]' via qubes-users

Hello,

>> but the icon on the system tray states: identifying... no network access

I have the same problem with Qubes 3.2 and my Windows 7 HVM.
As I had some time, I tried to troubleshoot this and found a solution which at
least seems to work for me:

What brought the solution to me, after doing some reading:
- Go to network settings and open the properties for your LAN-card.
- click on "Properties" which will bring you to the window where you can
configure IP settings.
- do not configure something here yet! Click on "configure" which will bring
you to the hardware settings screen.
- there choose the 2nd Tab ("Advanced") and go to "IP4 Checksum Offload" and
change it to "disabled", then click OK.
- return to your LAN-properties screen and disable IPv6 and change IPv4 to
static IP
(in my case: 10.137.2.13, DNS and Gateway: 10.137.2.1, gateway: 255.255.255.0)
- Click ok, close all windows and reboot

On next reboot the yellow warning sign should be gone.
I tried this and verified it with 3 reboots ... yippiyayoo :-)

Further reading
Link:
https://community.spiceworks.com/topic/590092-networking-icon-shows-warning-not-connected-but-it-is

Can you try this out and give a feedback, if this fixes the problem?
If so, this info should go into the documentation.
Unfortunately adding documentation to the official Qubes site seems to be very
complicated and it takes a long time until it is approved.
That's why I don't invest time there, but prefer to throw the information into
this mailinglist (and hopefully others will add it).

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/-PE9jM7c22ChOXxQHa2s1k1THpLvfwfjvIHbZSizMn6BdyI6ePvbO-58yYW_lGN-6Lw-ej_caCoeATyxptkHTbB2GhZWaaVHA4wBJgrvj9s%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] XEN)QUBES END POINT SECYRITY

2017-10-20 Thread '[799]' via qubes-users

 Original-Nachricht 
An 19. Okt. 2017, 19:44, Νικος Παπακαρασταθης wrote:

>> Hello Is there any kind of end point security
>> fore qubes xen hv except of isolation?

If you talk about Qubes, I understand the Qubes Hypervisor (XEN) and maybe dom0 
as management VM.
For both of them an endpoint security is not needed, as all data manipulation 
and data access is done in specific AppVMs.

>> Something like usual ...internet security
>> software used in windows(antivirus
>> antispam etc unified).

Honestly I think that all those internet security suites don't offer additional 
safety.
As they have to be integrated deeply into the OS to be secured against 
manipulation of the software itself, it is also likely that new security holes 
will be opened.

Also people who think that a antivirus product will help them, forgett to use 
drive encryption, which will offer protection in case the device is lost or use 
bad passwords.
Security is much more than antivirus.

I am working in IT and don't use any internet security except on one windows 
laptop which is brought to customer and customer compliance policies force us 
to work with antivirus protection.
On my own machines I have abandoned the use of additional "protection software" 
except the default protection from the OS itself.
I haven't got a virus/trojan within years.

All my customers who have been hit by virus and mostly crypto Trojans had 
antivirus protection running without offering any help.

There are only two products which will offer the best protection:
bra.in + TBYC*

If you add Qubes and use ApoVMs wisely you will have a better protection than 
95% of all users.

*ThinkBeforeYouClick

>> If not how for example
>> payments are safe?

Very easy:
- Create an AppVM and use Plugins like noscript, https anywhere, adblockers etc.
- set the Qubes firewall (sys-firewall) to block all traffic and use a 
whitelist only allowing access to the banking site.

I am using this to work with 3 different banking accounts, sometimes you need 
to tweak a bit to know which other IPs are necessary so that the banking works.

Another option could be to use a disposable VM.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EGxP9CRVIgK5zIqJFJ_IMlx_bJWGw88Xun9Ub89Z4aDDkPQDTp-8amDvdDKQP3Us5PJGU-3x_tg51wbCf6VvV5bbn5HWuP1XbunIyjszkzs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: [qubes-users] Re: Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-17 Thread '[799]' via qubes-users

Hello Ron,

Thank you for the feedback.

> Have you considered using SSHFS rather than
> NFS? I'm no security expert, but it would
> seem to me to be more secure than NFS.

Actually yes, I thought about it after other mentioned that enabling NFS would 
offer another attack window.
Even when I am unsure as I have but some encryption and firewall restrictions 
in place.
The Access VM is the only one connected to the internet and the NFS 
Storage VM.
The other AppVMs who will connect to the storage VM don't have an online 
connection.
>From my understanding an attacker must come through the Access VM and 
>then attack the Storage VM.

Unfortunately I don't how those attacks take place and how much time is 
necessary. It could be possible to launch the access VM only 
periodically just to sync the data.
Keep in mind, that all data is encrypted from the view of the access+transfer 
VM.

I'd like to setup firewall rules, which will only allow traffic from the 
access+transfer VM to the cloud storage provider, but this need some further 
investigation.
As far as I understand Qubes Firewall GUI will not work with domain names but 
with IPs.

Regarding sshfs I will give it a try, as ssh is used to connect remotly I am 
(reasonable) sure that it has less attack possibilities than NFS.

Even when enabling inter-VM networking I feel more secure when I can keep my 
data encrypted+synced and have the data access separated in different VMs.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/_HKrGSpPkv_IGVU_nDSatjZ4QDQ6hwh-gT4QSoB4PQBtS3JIYwjXXpKVyGXELcaiaBLgo1y39vRZtqjP9gQYalHxJ0pLn2IHdrDe088ZrDQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

AW: Re: [qubes-users] AW: Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-15 Thread '[799]' via qubes-users

Hello David,

Thank you for the open feedback.

> I think you have some misconceptions here
> - the main one being why people tend to use
> Qubes OS: Segregation of data to application-
> specific domains, i.e. impact of a domain
> compromise is limited.

You are right, regarding why people use Qubes.
But depending on specific workflows there is a need to either work with cloud 
storage for collaboration or to switch the OS completely for this use case.
Think about a (cloud based or on premise) storage service which is used by 
several people.
My goal is to work 100% in Qubes and I think that splitting access of data and 
local storage offers a better security than having the data synced and stored 
in one AppVM.
And I tried to build something that makes it easier to access data from various 
VMs in an easy way (knowing that it is less secure than using qvm-copy-to-vm).
But using some scripts we can reduce the attack surface on nfs in such a way, 
that we only enable NFS/open ports when access is needed.
I can't see how this approach is less secure than using one VM for 
syncing/storing/accessing the data?

> Your idea however makes your Qubes
> installation vulnerable to: - Any attacks
> originating from that OS ("files should still be
> accessible/decryption from other Operating
> systems")

True, but wouldn't this mean that the AppVM which is working as NFS Client must 
be compromised before NFS is attacked?

> Nfs-based attacks (basically all your AppVMs
> using nfs will be vulnerable to all nfs
> vulnerabilities

NFS access to the server is allowed on a per VM basis (firewall allow per IP), 
shouldn't this be enough to reduce NFS attack surface?

> encfs based attacks which people can even
> find on wikipedia.

Yes true, it is a shame, that we still don't have a multiplatform open source 
encryption standard that could maybe also be adapted by cloud storage providers.
But as mentioned the idea could also be implemented with other encryption 
solutions like CryFS, ...

> if you don't want to add
> another idea to the security circus
> I'd reconsider either using Qubes OS, your
> other OS or your architecture.

Hmm ..., why should I abandon Qubes and use a much more less secure OS just 
because working with cloud/external storage is part of some (!) of my workflows?

Even if all VMs which I use in the described solution are compromised, I can 
still have other VMs which are fine.
So basically it's one more reason to use Qubes ;-)

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/oZiNcfSwB33LIJmkEc-H483lwPzzbGTv-Wbwrq9BnvNnuyLKXbc1yshBcPkBf5MeimHjaCULUTr-XgLh70ZV_tMW4IJ68RG220hccF2Pqso%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] AW: Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-15 Thread '[799]' via qubes-users

Hello,

I'd like to add, that I know that EncFS seems to have some issues, mentioned 
here for example:
https://defuse.ca/audits/encfs.htm
While this report is from 2014 and a new version has been issued it seems that 
encfs 2.x (which should provide better security) is still on its way - if it 
will come at all.

Unfortunately encfs is the only solution which is cross-platform, if someone is 
using a Linux only environment, the encryption layer could be replaced with 
other solutions:
https://www.cryfs.org/comparison

As such the subject should not be...

"Idea for (resonable secure) cloud-storage usage with Qubes"

... but ...

"Idea for (a slightly more secure) cloud-storage usage with Qubes"

[799]

PS: sorry for Top-Posting ;-)
I have a typo in my initial post, replace my-untrusted with my-work (where I 
unmount the encfs uencrypted directory)

 Original-Nachricht 
An 15. Okt. 2017, 01:54, [799] schrieb:

> Hello,
> I thought about how to work with cloud storage under Qubes OS and I'd like to 
> share my idea with you, to provide feedback.
> I have already build a prototype that works "reasonable" well, but I am far 
> away from being a security professional, as such I'd like to hear your opion 
> about it.
> Assumptions:
> You are using cloud storage like Microsoft OneDrive and you would like to do 
> so under Qubes in a more secure way.
> Goals:
> - all files within onedrive should be encrypted
> - files should still be accessible/decryption from other Operating systems
> - decrypted data storage and cloud storage access should be separated into 
> two AppVMs
> - different AppVMs should have access to data in the cloud storage, but it's 
> impossible for an AppVM to read the data which should be read by other AppVMs 
> (meaning you have the option to create individuall encrypted directories)
> - solution should be easy to use and relying on scripts to provide good 
> automation and a good tradeoff between security and user experience.
>
> Idea:
> In order to reach the goals, the idea is to work with two AppVMs:
> 1. "Access+Transfer AppVM" this VM will access the cloud storage provider, 
> provide synchronisation and will always see encrypted data
> 2. "Storage-AppVM" this VM will receive the encrypted files from the 
> Access+Transfer AppVM and store the files. It will also work as a data-hub to 
> provide access to data to your other AppVMs which you use to manipulate the 
> data within this VM.
>
> As such we have separated:
> - Access & Transfer of data from cloud storage provider
> - Local data storage
> - Data manipulation
>
> Solution Design:
> [Access+Transfer AppVM]
> Template: fedora-25-minimal
> Additional packages:
> - OneDrive Freeclient 
> ([https://github.com/skilion/onedrive)](https://github.com/skilion/onedrive)
> - sudo dnf -y install nfsutils
> Will be configured to mount a NFS-share from the Storage AppVM and to access 
> OneDrive to synchronize the files
> Data will be downloaded and storad in the mounted NFS-Share of the Storage 
> AppVM
>
> [Storage App-VM]
> Template: fedora-25-minimal
> Additional packages:
> - sudo dnf -y nfs-utils encfs
> This machine has been setup as a NFS Server.
> The /etc/exports file and also the iptables Firewall of this AppVM has been 
> setup, so that the [Access+Transfer AppVM] kann access a certain location.
> Within this location all files ENCFS-encrypted.
> As such the Access+Transfer AppVM but also the Cloud Storage provider will 
> only see encrypted files.
> Additional AppVMs can also mount the main NFS Share/directory.
> Those AppVMs can access certain subfolders and mount them via ENCFS to get 
> the unecrypted data.
> So the ENCFS decryption are done in those AppVMs.
> You could setup various subfolders within your Onedrive directory and each 
> folder could be encrypted within the different AppVMs.
> Example:
> onedrive\photos --> NFS Share to --> my-photo-appvm
> onedrive\work --> NFS Share to --> my-work-appvm
> onedrive\media --> NFS Share to --> my multimedia-appvm
>
> Let's look at one AppVM (example my-work-appvm = 10.137.2.25 // storage-appvm 
> = 10.137.2.20)
> On sys-firewall there is a rule, so that the work-appvm can access the 
> storage-appvm:
> [user@sys-firewall ~]$ sudo iptables -I FORWARD 2 -s 10.137.2.25 -d 
> 10.137.2.20 -j ACCEPT
>
> On the storage appvm:
> [user@my-storage ~]$ sudo iptables -I INPUT 5 -i eth0 -s 10.137.2.25 -d 
> 10.137.2.20 -j ACCEPT
> The NFS Exports file:
> [...]
> # 10.137.2.15 = Access+Transfer AppVM
> /var/nfs 10.137.2.15(rw,sync,no_subtree_check)
> # 10.137.2.25 = Work AppVM
> /var/nfs/work 10.137.2.25(rw,sync,no_subtree_check)
> [...]
>
> In the Work AppVM you are mounting the NFS Share from the Storage AppVM:
> sudo mount 10.137.2.20:/var/nfs/work /mnt/onedrive-work.encfs
>
> In Order to access the files, the NFS share is encfs-mounted:
> encfs /mnt/onedrive-work.encfs ~/work
>
> the unencrypted files can be accessed in ~/work.
> If saved they will be encfs-encrypted and

[qubes-users] Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-14 Thread '[799]' via qubes-users

Hello,
I thought about how to work with cloud storage under Qubes OS and I'd like to 
share my idea with you, to provide feedback.
I have already build a prototype that works "reasonable" well, but I am far 
away from being a security professional, as such I'd like to hear your opion 
about it.
Assumptions:
You are using cloud storage like Microsoft OneDrive and you would like to do so 
under Qubes in a more secure way.
Goals:
- all files within onedrive should be encrypted
- files should still be accessible/decryption from other Operating systems
- decrypted data storage and cloud storage access should be separated into two 
AppVMs
- different AppVMs should have access to data in the cloud storage, but it's 
impossible for an AppVM to read the data which should be read by other AppVMs 
(meaning you have the option to create individuall encrypted directories)
- solution should be easy to use and relying on scripts to provide good 
automation and a good tradeoff between security and user experience.

Idea:
In order to reach the goals, the idea is to work with two AppVMs:
1. "Access+Transfer AppVM" this VM will access the cloud storage provider, 
provide synchronisation and will always see encrypted data
2. "Storage-AppVM" this VM will receive the encrypted files from the 
Access+Transfer AppVM and store the files. It will also work as a data-hub to 
provide access to data to your other AppVMs which you use to manipulate the 
data within this VM.

As such we have separated:
- Access & Transfer of data from cloud storage provider
- Local data storage
- Data manipulation

Solution Design:
[Access+Transfer AppVM]
Template: fedora-25-minimal
Additional packages:
- OneDrive Freeclient 
([https://github.com/skilion/onedrive)](https://github.com/skilion/onedrive)
- sudo dnf -y install nfsutils
Will be configured to mount a NFS-share from the Storage AppVM and to access 
OneDrive to synchronize the files
Data will be downloaded and storad in the mounted NFS-Share of the Storage AppVM

[Storage App-VM]
Template: fedora-25-minimal
Additional packages:
- sudo dnf -y nfs-utils encfs
This machine has been setup as a NFS Server.
The /etc/exports file and also the iptables Firewall of this AppVM has been 
setup, so that the [Access+Transfer AppVM] kann access a certain location.
Within this location all files ENCFS-encrypted.
As such the Access+Transfer AppVM but also the Cloud Storage provider will only 
see encrypted files.
Additional AppVMs can also mount the main NFS Share/directory.
Those AppVMs can access certain subfolders and mount them via ENCFS to get the 
unecrypted data.
So the ENCFS decryption are done in those AppVMs.
You could setup various subfolders within your Onedrive directory and each 
folder could be encrypted within the different AppVMs.
Example:
onedrive\photos --> NFS Share to --> my-photo-appvm
onedrive\work --> NFS Share to --> my-work-appvm
onedrive\media --> NFS Share to --> my multimedia-appvm

Let's look at one AppVM (example my-work-appvm = 10.137.2.25 // storage-appvm = 
10.137.2.20)
On sys-firewall there is a rule, so that the work-appvm can access the 
storage-appvm:
[user@sys-firewall ~]$ sudo iptables -I FORWARD 2 -s 10.137.2.25 -d 10.137.2.20 
-j ACCEPT

On the storage appvm:
[user@my-storage ~]$ sudo iptables -I INPUT 5 -i eth0 -s 10.137.2.25 -d 
10.137.2.20 -j ACCEPT
The NFS Exports file:
[...]
# 10.137.2.15 = Access+Transfer AppVM
/var/nfs 10.137.2.15(rw,sync,no_subtree_check)
# 10.137.2.25 = Work AppVM
/var/nfs/work 10.137.2.25(rw,sync,no_subtree_check)
[...]

In the Work AppVM you are mounting the NFS Share from the Storage AppVM:
sudo mount 10.137.2.20:/var/nfs/work /mnt/onedrive-work.encfs

In Order to access the files, the NFS share is encfs-mounted:
encfs /mnt/onedrive-work.encfs ~/work

the unencrypted files can be accessed in ~/work.
If saved they will be encfs-encrypted and stored to NFS share of the Storage 
AppVM.
The Storage AppVM is connected to the Access-Transfer-AppVM which will 
recognize that an (encrypted) file has changed and will upload it to Onedrive.

As you can guess, you can use different AppVMs, which access different 
subfolders with different ENCFS-Keys.
For additional security you can also choose to shutdown the Access+Transfer 
AppVM and disable the NFS Server in the Storage AppVM if you don't need access 
to the files.

Script to start the NFS Server from dom0
#!/bin/bash
qvm-run my-storage 'xterm -e "sudo systemctl start nfs"'
sleep 2

Scripts to unencrypt the data in an AppVM from dom0:
#!/bin/bash
qvm-run my-work 'xterm -e "encfs /mnt/onedrive-work.encfs ~/work"'

Script to unmount the unencrypted share in an AppVM:
#!/bin/bash
qvm-run my-untrusted 'xterm -e "fusermount -u ~/work"'

I have already a working prototype, regarding the NFS server and ENCFS-part and 
will now add the onedrive part.

What's your opinion about this approach (I hope I could make clear what the 
idea is) - am I opening to much attack possibilities because I need to have NFS

Re: [qubes-users] How to export (H)VMs from Qubes/Xen to VMware vSphere

2017-10-14 Thread '[799]' via qubes-users

Hello,

as mentioned in the other thread, I was able to successfully create a cent os
minimal HVM.
There are still same smaller problems, as for example the time from grub
selection menue to the login prompt is ~10min, but at least I get a login
prompt and can login.

*** Converting QEmu/Qubes disk to a VMware .vmdk image ***
>> Me: How can I get a (H)VM out of Qubes into a VMware VM.
> I assume you use Qubes 3.2. You can get VM"s disk image from
> /var/lib/qubes/appvms//root.img. This is raw disk image in
> sparse file. You can convert it to vmdk using qemu-img tool, like this:
> qemu-img convert -f raw -O vmdk /path/to/root.img /path/to/root.vmdk

[USER@dom0 ~]$ ls -lah /var/lib/qubes/appvms/my-test/ | grep .img
-rw-rw-r-- 1 USER qubes 2.0G Oct 14 16:07 private.img
-rw-rw-r-- 1 USER qubes 20G Oct 14 17:26 root.img
-rw-rw-r-- 1 USER qubes 22G Oct 14 16:07 volatile.img

During the installation of Cent OS, I choosed to only use the 20GB root image,
not the private 2GB image, as such I didn't understand the size ls is reporting.

[USER@dom0 home]$ du -sh /var/lib/qubes/appvms/my-test/* | grep .img
0 /var/lib/qubes/appvms/my-test/private.img
1.3G /var/lib/qubes/appvms/my-test/root.img
0 /var/lib/qubes/appvms/my-test/volatile.img

this filesizes make more sense to me.
As Marek suggested I tried to convert the image using qemu-img, but as this is
not available in dom0 I used qemu-img-xen:
(my-test is my newly created Cent OS HVM, created from a CentOS minimal ISO)

cd /var/lib/qubes/appvms/my-test
qemu-img convert -f raw -O vmdk root.img root.vmdk

this throws an error direct after starting:
qemu-img: error while writing

I have also looked at
https://www.howtoforge.com/how-to-convert-a-xen-virtual-machine-to-vmware
but this uses another syntax (which I also tried but didn't work).

Strangely trying to get informatiom from my root.img via...
qemu-img-xen info root.img
.. results in an error:
qemu-img: Could not open 'root.img'
While I am in the folder and I can see the file with ls.

Any idea where to go from here?
Can someone try to run qemu-img-xen on their system to see if they can get any
information out of their image files?

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/rNSGEa5I1T-hmCvGdH681dALa6ddM89Bx41o-WF_Q_mbLtytQ9d7KB5f1tYFKqZ3PJTkdGhsdyFDT8cQQjBpMIktF3LLHLmyeObr0w5x0SU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install a CentOS HVM with a debug-window = mo seamless mode

2017-10-14 Thread '[799]' via qubes-users

Hello Marek,

as the original question has been answered (what needs to be done to get 
seamless mode) has been answered, I think we should cover the other topic in a 
separate thread.
I'll answer to your feedbackthere.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/qVDNFNMj5-FsaksqEgtOhT9CkLg1wkXow4KhH8nL4EPwBaVIk0etnchj7pgWe2quvQvs9F2zBA6xnCe0V9PHWLBtj3uo_WLXH-ekCwypv7g%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install a CentOS HVM with a debug-window = mo seamless mode

2017-10-14 Thread '[799]' via qubes-users

Sorry for reposting shortly, but I need to add something more:

>>> is it possible to create a standalone HVM based on an existing Qubes 
>>> template?
>> Yes, qvm-create --standalone --template TEMPLATE_NAME ...
> Wow, I didn't know that, I think this is the best approach, as I have the 
> benefits from both worlds

I tried to follow your suggestion and created new VM based on an existing 
template:

qvm-create --standalone --template=t-fedora-25-minimal --label=blue --mem=2048 
--vcpus=2 my-test

But this will create an AppVM not a HVM which is based on the choosen template.
I've installed some packages, rebooted and the changes where persistent, but we 
were talking about HVMs not AppVMs - as far as I understand (reading from the 
Qubes docu):

HVM (Hardware Virtual Machine) =  fully virtualized, or hardware-assisted, 
[VM](https://www.qubes-os.org/doc/glossary/#vm) utilizing the virtualization 
extensions of the host CPU
Whereas the AppVM is a paravirtualized VM.

Strangely I don't see the Enable Seamless Mode button in Qubes Manager with the 
VM I have created with the above command.
When enabling Debug-Mode there is also now Boot-Up/Full VM-window, the 
(standalone App)VM is a seamless VM. If I use qvm-run to open applications the 
appear without any problems.
So what is the benefit of using Debug Mode?

There are no options "qrexec_installed" and "guiagent_installed", these seem to 
exist only with HVMs.

*** Question ***
Is it also possible to migrate a standalone AppVM to vsphere with the hint you 
gave me?

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/uhXCdNn6Xm-wAars7oZM6rSRmejmZCNhYZBsZHwwq5AA5b8DA_Xn6tLfLckkGmlQQ2-mxmt7OMSXCUeiulfZ9QVjtjJrc7riyloPdpZGJdM%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Install a CentOS HVM with a debug-window = mo seamless mode

2017-10-14 Thread '[799]' via qubes-users

Hello Marek,

first of all thanks for all your qualified answers (not only in my but also 
other threads).

> Did you switched "guiagent_installed" and/or "qrexec_installed"
> properties? Both should be set to "false", unless you really installed
> those components inside.

Ok, now I understand, I've read something about qrexec_installed somewhere in 
the documentation, but I didn't understand in which context this was meant.
Yes, I've verified quiagent_installed and qrexec_installed and both are set to 
False.

>> b) can I install the missing Qubes parts later on to get seamless mode
>> working and to launch applications from dom0 (qrexec...)

> Not easily. Theoretically both qrexec and gui agent should just work
> but in practice packages shipping them depends on specific system
> configuration [...]
> This is improved for Qubes OS 4.0 - packages are split into
> smaller parts and it is possible to install just parts you want, without
> the whole system reconfiguring stuff.

I tried to run Qubes 4.0rc1 on my X230 but ran into problems, as I am now 
addionally running Coreboot I don't know if this adds even more complexity and 
thought about waiting until Qubes 4.0rc2 comes out.

>> c) is it possible to create a standalone HVM based on an existing Qubes 
>> template?

> Yes, qvm-create --standalone --template TEMPLATE_NAME ...

Wow, I didn't know that, I think this is the best approach, as I have the 
benefits from both worlds:
1) all qubes part to be able to run seamless mode (if needed)
2) all flexibility of a HVM to add additional packages etc.

As I want to migrate the HVM later on to vsphere (see my other thread which you 
have also answered :-) it might be a good idea to remove all specific qubes 
packages after the HVM has been migrated.

*** Question ***
Which packages should/can I uninstall to remove the specific Qubes parts (which 
are not needed after the VM has been migrated)?

My HVM which I've build with a standard centos-minimal ISO is now booting up in 
a window, which is great unfortunately it seems to stuck at boot.
I have removed rhgb quiet from GRUB when starting up to see what is going on 
and the VM is booting up very slowly and is then stucked with the last message:

[1.443023] [TTM] Initializing DMA pool allocator

I've waited for ~5 min but nothing happens after this.

*** Question ***
Do you have any idea why the boot is stucket after/at: "[1.443023] [TTM] 
Initializing DMA pool allocator"

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/nnwD-CjqeaGacyp1wZ2EbdD6HfeG9-cae8wJcmUnl0YQ5fX19cu2fMk2fsxueABrfQLraqm4If7s-sq6zNG-Fh9rIK_PiS120TFFBh11uwU%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Making Your Own Sys-VMs

2017-10-14 Thread '[799]' via qubes-users

Hello Sam,

> Thanks for those scripts! After reading through the create-my-sysvms.sh
> script, I am a little more confused as to why my templates aren"t
> working.
> [...]
> When I start up mine it shows the ethernet interface, but it can"t find
> the wireless interface.

I guess you are missing some neccesary drivers in your (new minimal) sys-net VM.
I suggest the following:
Just switch the template of your new sys-net VM, which is currently using the 
fedora-25-minimal template with the ("full size") fedora image:

#kill all VMs
qvm-kill sys-usb
qvm-kill sys-firewall
qvm-kill sys-net

#Show current template
qvm-prefs -l sys-net | grep template

# Switch template
qvm-prefs -s sys-net template fedora-25

Then start all VMs and check if you can see the wifi card.
If so this means that there is just some driver or module missing in your 
minimal sys-net VM.

An easy approach might to just keep the fedora-25 instead of the 
fedora-25-minimal template.
But solving thing is better than living with workarrounds :-)
Can you enter the lspci or comannd in dom0 and look which Wifi adapter you are 
using?
using lspci | grep Network might be easier to find your wifi card.
Please send the full line of what is shown there, in my case for example:

[USER@dom0 ~]$ lspci | grep Network
00:19.0 Ethernet controller: Intel Corporation 82579LM Gigabit Network 
Connection (rev 04)
02:00.0 Network controller: Intel Corporation Centrino Advanced-N 6205 [Taylor 
Peak] (rev 34)

We'll look from there what needs to be done to get wifi working in your sys-net 
VM when you choose the minimal template.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2mYtFr04PrbvoZJa7krk-DL90J-bnIpEjWyNWAteGu5x2sRbWB6xXP0IuN7GTs9D-b0ww9Ar2VTt9Rw2fkbhGkE6EgdjMZ0Gwd3V8VKX-AY%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to export (H)VMs from Qubes/Xen to VMware vSphere

2017-10-12 Thread '[799]' via qubes-users

Hello,

Currently I still need to run a 2nd OS to use VMware Workstation to 
prepare/test VMs/Setup for customers.

I'd like to prepare VMs in Qubes and then migrate/export them to the customers 
environment which are mostly based on VMware vSphere/ESXi.

Questions:

a) How can I get a (H)VM out of Qubes into a VMware VM. If I know what to do, I 
can script this to get a good workflow.
Worst Case Szenario would be to backup the VM, then manually create a new VM in 
vSphere, boot with a live Linux and recover the VM - so mainly migrating the 
harddrive from Qubes/Xen to a VMware .vmdk/virtual harddrive

Other possible approach:

b) Is it possible to do "nested virtualization" and create something like a 
'monster-VM" in Qubes in which I install VMware Workstation or ESXi to 
prepare/test VMs and then export them from there?

c) Do you have any other idea how to use Qubes as primary OS to provision VMs 
locally and migrate them to vSphere/ESXi at the end of the workflow?
Or is this task not solveable in a good way with Qubes?

Working with Qubes at the customer location would greatly improve security for 
both sides as I can use separate VMs for each customer or work with disposable 
VMs when connecting to the network.p

Kind regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/P_biCS1Ene0bEltrviezlrT-b4crULnwAB-RglLyZjZygOs6RMfcMJxHxBX4wbYGDnpv35-ZdbKXWy_ND8Eiw2PJkw9RJHtoOHZ4Ew-tRxo%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Install a CentOS HVM with a debug-window = mo seamless mode

2017-10-12 Thread '[799]' via qubes-users

Hello,

I'd like to switch from using VMware Workstation to Qubes to test/specific 
software for customers.

I want to setup a CentOS HVM and created a HVM, attached a CentOS minimal ISO 
and installed it without any problem.
After restart I was unable to get a Terminal window as qrexec is not installed.
I tried to boot into a normal "HVM-window" by disabling seamless mode and 
enabling Debug mode, but I could get any window.

Questions:

a) how can I get a terminal window to install additional applications

b) can I install the missing Qubes parts later on to get seamless mode working 
and to launch applications from dom0 (qrexec...)

c) is it possible to create a standalone HVM based on an existing Qubes 
template?

Kind regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/_H47YaQn22zqiQmrQA_p4eEGj62YaNX4QhfL30eKrQJ67F6eiyAnRrylsegJhmCMKJ-Vh0-VDGCG3fsNqKY_ezs7Mfp3HN75CQmD3F0CYLE%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Making Your Own Sys-VMs

2017-10-12 Thread '[799]' via qubes-users

Hello Sam,

>> I"ve been looking at changing all my VM templates to fedora minimal.

I've done exactly the same to reduce the footprint of running services and
applications and to work with fedora-25 instead of the old fedora-23 templates.

>> However, I"m still having some trouble making fedora minimal templates
>> that will work for my NetVM, FirewallVM, and USBVM.

I've attached all scripts for you:
If you store those scripts in dom0 unter ~/bin you can run those scripts
without changing to the directory, as ~/bin is included in the PATH
environment variable (in dom0: echo $PATH )

*** create-t-fedora-25-minimal.sh
this script will download and clone a fedora-25-minimal template.
it will install all needed packages in the template.
(the reason why I clone the template is that I like to have the original
template untouched. The original fedora-25-minimal template will be hidden in
Qubes Manager to get a better overview)

*** qvm-destroy
is just a helper script which will kill a VM and remove it.
I'm using qvm-destroy in my scripts so that I can run those scripts even when
the AppVMs are in place already and I want to reinstall. With that I can
rebuild all my sys-vms within a very short time.

*** create-my-sysvms.sh
this script will remove and then recreate the 3 sys-vms.
after this script you'll end up with running freshly installed sys-net,
sys-firewall and sys-usb.
This scripts assumes that the first script has been run already (creation of
fedora-minimal-template).

*** create-default-sys-vms.sh
this script will create the 3 sys-vms using the fedora-25 default image which
is slightly bigger but might have all drivers etc. installed.
I've just used it to test out my other minimal-script :-)
So it can be used to migrate from the standard fedora-23 to fedora-25 sys-vms.

If you have any question regarding those scripts, do not hesitate
to contact me.
I am using all sys-vms based on my t-fedora-25-minimal template and they work
fine.
If you start up the new sys-usb it might be that you get a 2nd nm-applet icon
in the taskbar. I haven't been able to disable the start of nm-applet in
sys-usb and as such I'm just killing the nm-applet through dom0:
I'm running this command in dom0 in a script which is executed when I login
into qubes:

qvm-run sys-usb "killall nm-applet"

>> For the NetVM specifically, I installed the driver and software
>> that was stated on the Fedora Minimal page but it still doesn"t
>> register my wireless card.

You need to find out what your wifi card is and then install the proper driver.
I think this was covered here in the mailinglist already.
You could look into your current sys-net (based on the original template) and
then use lsmod to find which kernel modules are running and find the proper
drivers - but this is something I am not that familiar with.
Someone more skilled might help you out

Just one more thing which might be usefull for your new sys-net VM if you're
working with a WWAN/LTE-card.
I have a scripts which auto-attached my LTE card to the sys-net VM:

#!/bin/bash
# attach-wwan.sh - connect the LTE-card to sys-net
# Description of LTE Card (it's ok to enter only a part of the description)
# to find out the description enter qvm-usb in dom0
LTECard=Lenovo_H5321_gw_
# Mount Card to sys-net
qvm-usb -a sys-net `qvm-usb | grep $LTECard | awk '{print $1}'`

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/Ls3Ya50Yc2k2OehBS-IMZdt6_RuK0pcB8n54otelOKH9Mlbj2-HMN38oJ4KTzUKYwJR4lTxH4ZKVm6E6qxRzgFTtB36OwZU-guWorgQwIvs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

create-t-fedora-25-minimal.sh
Description: application/shellscript

qvm-destroy
Description: Binary data

create-default-sys-vms.sh
Description: application/shellscript

create-my-sysvms.sh
Description: application/shellscript

[qubes-users] Howto add eyecandy in dom0: i3wm with compton + rofi (how to install?)

2017-10-10 Thread '[799]' via qubes-users

Hello,

I'd like to get some more eyecandy in dom0 and adapt my i3wm installation with 
installing rofi and compton.
rofi = replacement launcher for dmenu
https://github.com/DaveDavenport/rofi

compton = graphical effects/smooth animations/fading etc. when moving windows
https://github.com/chjj/compton

Unfortunately both packages are not available in the regular repositories and 
both applications need some dependencies:
https://github.com/chjj/compton/blob/master/README.md
https://github.com/DaveDavenport/rofi/blob/next/README.md

Can someone point me into a direction how can I install both apps in dom0 ?
I'm afraif that I need to manually download tons of packages and install those 
and still not all dependencies will be resolved - that's the point why we 
handle such tasks with package management.

Who is making the decision which packages will be available in the "official 
Qubes" (dom0) repositories.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/AQFPUQnkqM3BhV4zPXoIWnaKgpbbBt7K2ut0FGpYJU16uwaTfxEFCTBxMb8MOkXI4kG5glGMHuEQzSfm0CoRvIi33xhBnikXcYxZOxv9gzk%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Win 7 HVM in seamless mode will run fullscreen in i3wm

2017-10-10 Thread '[799]' via qubes-users

Hello,

after some more testing I found the root cause why a Windows 7 HVM will always 
run in fullscreen mode under the tiling window manager i3wm.
The following config line was used to move the windows VM to a specific 
workspace:
set $workspace3 "3 Windows"
assign [class="win7"] $workspace3

Problem:
Windows 7 will not work in seamless mode with i3wm.
When booting up the VM will always run in fullscreen mode.

Root cause:
having an "assign"-entry in your ~/.local/i3/config which can move a windows to 
a specific workspace/desktop will break seamless mode.

Solution:
Removing the configuration option in your i3 config.
This will make seamless mode work with your win7 HVM and you'll get a windows 
in a tilinmg window manager.
unfortunately you need to move windows manually to the desired workspace.

This behaviour looks strange to me, so I name this a bug, but I am unsure if 
this is i3wm or Qubes related.

[799]

Sent with [ProtonMail](https://protonmail.com) Secure Email.

>  Original Message 
> Subject: [qubes-users] Win 7 HVM in seamless mode will run fullscreen in i3wm
> Local Time: October 5, 2017 10:30 PM
> UTC Time: October 5, 2017 8:30 PM
> From: qubes-users@googlegroups.com
> To: qubes-users 
>
> Hello,
>
> I would like to use my Win 7 HVM with i3wm in seamless mode.
> After making sure that seamless mode is working without any problems under 
> the xfce window manager in Qubes 3.2 i triet to run the same Win 7 HVM in 
> i3wm.
>
> Unfortunately the Win 7 AppVM will always run in fullscreen mode.
> If I disable seamless mode and start up the VM in Debug mode, I get two win7 
> windows, one is the black startupwindow and the 2nd one the real desktop.
>
> If I disable debug mode and enable seamless mode, the first windows which 
> will some up when starting the win7 appvm will be gone but the main win7 
> windows will still stay on top.
>
> QUESTION:
> 1) Is it possible to use Win 7 in seamless mode when using i3wm
> 2) if yes, how can I make it work or where to look for a root cause?
>
> [799]
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit 
> [https://groups.google.com/d/msgid/qubes-users/y2Ao5bgMTfRrahn8Ahyvb5HaB0dRD6z0XD0D77Wcp5bkl89HLK4MVmEnQczic5m6xQWlL4aU2046mjj2ogKCXccFYKuqeqSiwhkT8TRpJSA%3D%40protonmail.com](https://groups.google.com/d/msgid/qubes-users/y2Ao5bgMTfRrahn8Ahyvb5HaB0dRD6z0XD0D77Wcp5bkl89HLK4MVmEnQczic5m6xQWlL4aU2046mjj2ogKCXccFYKuqeqSiwhkT8TRpJSA%3D%40protonmail.com?utm_medium=email_source=footer).
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/opEqfTwfpCiYUTpsehD8UpAbhM85JLMfNGcNVHqLEwXzJyQMOaeVfDt5ivw7tK4F7cAOc0fbFwxBgXgs-2-EN-Z5qr5xgpkLinVRfhSIaJI%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] (Urgent) How do I uninstall qubes or install anything else over it

2017-10-10 Thread '[799]' via qubes-users

Hello

From: micmacoffici...@gmail.com
>> I installed qubes os on my ssd hard-drive with windows 7 and
>> now I"m trying to get back windows but for some reason I can"t

in case you've joined the Qubes Community for the first time, welcome :-)

I really hope that you've made a backup before (!) installing any other OS on
the same harddrive/ssd.
And even if you're not working with a dual boot setup:
BACKUP YOUR DATA - even more important when using windows.
Today you can get a 2,5 portable hdd/ssd for less than 100eur and backup
solutions like Veeam are a setup & forgett solution.
Please (if you haven't done so): get a backup solution!
https://www.veeam.com/windows-endpoint-server-backup-free.html

Regarding your current setup:
>From the information you've provided I assume that:
- you had a working windows 7 installation on your ssd
- you have installed qubes os on the same ssd
- you can succesfully boot Qubes and login

If this is correct, keep calm and take closer look what happened.
1) login into Qubes and start a terminal in dom0

2) find the identifier of your internal ssd:
[username@dom0 ~]$ sudo pvdisplay | grep PV
PV Name /dev/sda5
PV Size 327.94 GiB / not usable 4.00 MiB
PV UUID A5YJiZ-mYa8-jG9K-6bYd-wYcR-vu3Q-9SBpNp

this will print out three line, one of them: PV Name /dev/sda5
(this could also be something else but the part behin /dev/ is important)
additionally you'll see a line: PV Size 327 GiB
(size will be different in your case).
If the size is much smaller than your ssd capacity it might be, that the other
space is still occupied with your windows installation.

3) Show how your ssd is currently partitioned:
In my case I got /dev/sda5 which means that my Qubes setup is running on
partition 5 and my ssd is identified by /dev/sda (remove the last number).

[username@dom0 ~]$ sudo fdisk -l /dev/sda
Disk /dev/sda: 447.1 GiB, 480103981056 bytes, 937703088 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x435892a5

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 1026047 1024000 500M 7 HPFS/NTFS/exFAT
/dev/sda2 1026048 245762047 244736000 116.7G 7 HPFS/NTFS/exFAT
/dev/sda3 245762048 249956351 4194304 2G 83 Linux
/dev/sda4 249956352 937701375 687745024 328G 5 Extended
/dev/sda5 249958400 937701375 687742976 328G 8e Linux LVM

If you can see something like NTFS this indicates a windows partition.
Make sure that the partition has a reasonable size.
As you can see I have two NTFS (windows formatted) partitions, where the 1st
one is only 500mb in size, which indicates the boot partition.
the 2nd one is the one we are looking for.

Do this now and enter the output.
You can copy the data from the terminal in dom0 if you right click on the
Q-icon in the upper right corner and choose "Copy dom0 Clipboard".
Then switch to your internet-AppVM and copy the content using Shift+Ctrl+V and
after that Ctrl+V

Depending on the output we can provide the next steps.

[799]

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/oXgyiCXHMw_BKGvq3XHDqJMAAfyNWVkNydIk2blmSbWRy8imEYyIICiPL6oRbJZFsxwhrUKPku4KNa747DuXz1qRH_L-LOz1mfCKFcEla08%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

98 matches

Mail list logo