[qubes-users] Re: XFCE Application menu

2016-10-03 Thread Cube
Yeah I find that really annoying. I like my launcher to be neatly organized and 
now its a mess, I'm not willing to go in an fix it via  text file in vi. 

Best third party way to make this editable?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8d99ab0-1ede-483d-b912-108459e51f6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS 3.2 has been released!

2016-10-01 Thread Cube
Congratulations! The updated graphics driver is very welcome, finally my screen 
brightness works and I'm sure it'll be more stable. 

One issue is my sys-wifi which uses an Intel wireless card. This worked 
perfectly in the 3.1 but now I get a kernel crash in the module responsible for 
my card, iwlwifi, attached. Looks like the intel firmware is missing?


[5.367324] iwlwifi :00:00.0: Hardware error detected.  Restarting.
[5.367335] iwlwifi :00:00.0: CSR values:
[5.367338] iwlwifi :00:00.0: (2nd byte of CSR_INT_COALESCING is 
CSR_INT_PERIODIC_REG)
[5.367347] iwlwifi :00:00.0:CSR_HW_IF_CONFIG_REG: 0X00489204
[5.367355] iwlwifi :00:00.0:  CSR_INT_COALESCING: 0X8040
[5.367364] iwlwifi :00:00.0: CSR_INT: 0X2000
[5.367370] iwlwifi :00:00.0:CSR_INT_MASK: 0X
[5.367378] iwlwifi :00:00.0:   CSR_FH_INT_STATUS: 0X
[5.367386] iwlwifi :00:00.0: CSR_GPIO_IN: 0X
[5.367394] iwlwifi :00:00.0:   CSR_RESET: 0X0009
[5.367401] iwlwifi :00:00.0:CSR_GP_CNTRL: 0X080003c5
[5.367410] iwlwifi :00:00.0:  CSR_HW_REV: 0X0144
[5.367420] iwlwifi :00:00.0:  CSR_EEPROM_REG: 0X
[5.367429] iwlwifi :00:00.0:   CSR_EEPROM_GP: 0X8000
[5.367436] iwlwifi :00:00.0:  CSR_OTP_GP_REG: 0X803a
[5.367443] iwlwifi :00:00.0: CSR_GIO_REG: 0X00080046
[5.367450] iwlwifi :00:00.0:CSR_GP_UCODE_REG: 0X
[5.367456] iwlwifi :00:00.0:   CSR_GP_DRIVER_REG: 0X
[5.367464] iwlwifi :00:00.0:   CSR_UCODE_DRV_GP1: 0X
[5.367473] iwlwifi :00:00.0:   CSR_UCODE_DRV_GP2: 0X
[5.367482] iwlwifi :00:00.0: CSR_LED_REG: 0X0018
[5.367490] iwlwifi :00:00.0:CSR_DRAM_INT_TBL_REG: 0X
[5.367500] iwlwifi :00:00.0:CSR_GIO_CHICKEN_BITS: 0X27800200
[5.367510] iwlwifi :00:00.0: CSR_ANA_PLL_CFG: 0Xd5d5
[5.367517] iwlwifi :00:00.0:  CSR_MONITOR_STATUS_REG: 0X2bb7f747
[5.367527] iwlwifi :00:00.0:   CSR_HW_REV_WA_REG: 0X0001001a
[5.367538] iwlwifi :00:00.0:CSR_DBG_HPET_MEM_REG: 0X
[5.367543] iwlwifi :00:00.0: FH register values:
[5.367564] iwlwifi :00:00.0: FH_RSCSR_CHNL0_STTS_WPTR_REG: 
0X29cb8e00
[5.367589] iwlwifi :00:00.0:FH_RSCSR_CHNL0_RBDCB_BASE_REG: 
0X029cb8f0
[5.367608] iwlwifi :00:00.0:  FH_RSCSR_CHNL0_WPTR: 
0X00f8
[5.367628] iwlwifi :00:00.0: FH_MEM_RCSR_CHNL0_CONFIG_REG: 
0X80801114
[5.367647] iwlwifi :00:00.0:  FH_MEM_RSSR_SHARED_CTRL_REG: 
0X003c
[5.367665] iwlwifi :00:00.0:FH_MEM_RSSR_RX_STATUS_REG: 
0X0703
[5.367683] iwlwifi :00:00.0:FH_MEM_RSSR_RX_ENABLE_ERR_IRQ2DRV: 
0X
[5.367701] iwlwifi :00:00.0:FH_TSSR_TX_STATUS_REG: 
0X05ff
[5.367719] iwlwifi :00:00.0: FH_TSSR_TX_ERROR_REG: 
0X
[5.367724] iwlwifi :00:00.0: Not valid error log pointer 0x for 
Init uCode
[5.738101] fuse init (API version 7.23)
[7.094214] iwlwifi :00:00.0: Failed to load firmware chunk!
[7.094243] iwlwifi :00:00.0: Could not load the [0] uCode section
[7.094267] iwlwifi :00:00.0: Failed to start INIT ucode: -110
[7.100815] iwlwifi :00:00.0: Failed to run INIT ucode: -110
[7.101391] iwlwifi :00:00.0: L1 Enabled - LTR Enabled
[7.325014] [ cut here ]
[7.325014] WARNING: CPU: 4 PID: 475 at 
/home/user/rpmbuild/BUILD/kernel-4.4.14/linux-4.4.14/drivers/net/wireless/iwlwifi/pcie/trans.c:1552
 iwl_trans_pcie_grab_nic_access+0xfb/0x110 [iwlwifi]()
[7.325014] Timeout waiting for hardware access (CSR_GP_CNTRL 0x080003dc)
[7.325014] Modules linked in: fuse xt_nat xen_netback xt_REDIRECT 
nf_nat_redirect ip6table_filter ip6_tables xt_conntrack ipt_MASQUERADE 
nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 
nf_nat nf_conntrack iwlmvm(+) mac80211 iwlwifi cfg80211 rfkill intel_rapl 
iosf_mbi x86_pkg_temp_thermal coretemp crct10dif_pclmul crc32_pclmul 
crc32c_intel pcspkr xen_pcifront dummy_hcd udc_core u2mfn(O) xen_blkback xenfs 
xen_privcmd xen_blkfront
[7.325014] CPU: 4 PID: 475 Comm: modprobe Tainted: G   O
4.4.14-11.pvops.qubes.x86_64 #1
[7.325014]   ffa653d9 8812fa40 
813b06f3
[7.325014]  8812fa88 a01693e8 8812fa78 
8109f402
[7.325014]  88000df14000  88000df175f0 
8812fb28
[7.325014] Call Trace:
[7.325014]  [] dump_stack+0x63/0x90
[7.325014]  [] 

[qubes-users] Re: WTF with userbase counter? Is Qubes OS dying?

2016-09-04 Thread Cube
On Sunday, September 4, 2016 at 4:16:38 AM UTC-7, Arqwer wrote:
> Statistics page (https://www.qubes-os.org/counter/) shows that number of 
> users have fallen from 15 000 to less then 4000. Is it just a bug in counter, 
> or what is happening?

glitch in the Matrix

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/298a18fb-120e-4cf0-9fac-6f095b6763d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Why not a Whonix (or TOR) Disposible VM?

2016-08-28 Thread Cube
On Sunday, August 28, 2016 at 7:07:06 AM UTC-7, Cube wrote:
> On Saturday, August 27, 2016 at 10:59:50 PM UTC-7, Andrew David Wong wrote:

> any thoughts on either reverting my disposable VM statefile 

Well it's easy to revert

qvm-create-default-dvm --default-template

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35c7dba9-9628-409c-b628-07f325547452%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Why not a Whonix (or TOR) Disposible VM?

2016-08-28 Thread Cube
On Saturday, August 27, 2016 at 10:59:50 PM UTC-7, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> 
> This has been proposed and is being tracked here:
> 
> https://github.com/QubesOS/qubes-issues/issues/2024

OK that's in the direction of a pure tails HVM solution it seems. I think I'm 
more on the idea of simply a disposable Whonix/TOR VM. I followed the 
instructions I gave above

https://www.whonix.org/wiki/Qubes/Disposable_VM

And found that my disposable VM's have been taken over by Whonix. Wups ... any 
thoughts on either reverting my disposable VM statefile or having dual VM's?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc16fb73-8636-43dc-8dac-77d8799690b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?

2016-08-27 Thread Cube
On Saturday, August 27, 2016 at 1:50:22 PM UTC-7, johny...@sigaint.org wrote:
> BTW, keepassx rocks.  I'm working on some scripts to make it a little less
> painful with all the Ctrl-Alt-C and Ctrl-Alt-V'ing (which also conflicts
> with the standard konsole paste shortcuts).

I have no problem with the special cut/paste. Doesn't mean I don't screw it up 
on occasion, but I do like the assurance of having to do the step

Actually you betray yourself with the correct solution above; the Qubes 
shortcut to copy/paste between VM's is Ctrl-Shift-C/V which conflicts. I, like 
you, map that to Ctrl-Alt-C/V so no conflict. I've wondered why that isn't the 
default since the other is such an obvious conflict. 

> Using keepassx on Tails is so much more streamlined, without the extra
> level of copying/pasting.  It'd almost be nice if there were some explicit
> dom0 support for it somehow.

Yeah but Tails suffers from the same thing other OS's do which is one big 
system. So if it was theoretically compromised your streamlined copy/paste is 
exactly what you don't want. 

Nothing you don't know, but I don't want the inter-VM copy/paste to change a 
bit. It's a small burden for a huge benefit. It also has an additional benefit 
of each VM having it's own Paste buffer, which ends up being very convenient. 
> 
> Agreed.  I keep my keepass database on one removable device, with a
> keyfile on a separate removable device plus a password.  Some cowardly
> creep/crook wants to tamper with my system while I'm out, they're not
> going to get very far.

I'd argue that your actually less secure with that scheme. Johanna made some 
comments to that effect, what you are doing is a kind of air-gapping, but you 
have a large attack surface through USB. If an Evil Maid controls your system 
it does you no good to bring in your passwords on a USB. So, if you're really 
concerned with that you should be implementing Anti-Evil-Maid on your system as 
the only defense - not keeping passwords separate. 


> Since moving to that approach, I've noticed a lot more "noise" from the
> ones I suspect of being involved in my harassment.  Ironically, probably a
> good sign.

OH, OK then you have a situation with a probably not too computer sophisticated 
opponent. Never mind then. 


>  But having individual keys for each VM would go further towards one
> stated goal of disallowing each VM or dom0 from being able to snoop on
> each other.
> 

That should only be useful against Qubes bugs which allow sibling VM peeking, 
but otherwise doesn't help. 

> Right now, the overall dom0 filesystem is encrypted, which is cool, but
> nothing beyond that, unless you do it yourself.  Yeah, more passwords are
> a pain, but if you choose to do so in the name of security, it'd be nice
> if the Manager supported it.

The main problem with it is that the Qubes team is busy and underfunded enough 
to work on that feature. Their time is better spent making sure there are no 
chance of sneaky/peaky. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ff6fec9-f5f4-4741-a77f-d3ca4acd49f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Why not a Whonix (or TOR) Disposible VM?

2016-08-27 Thread Cube
On Saturday, August 27, 2016 at 10:50:20 AM UTC-7, Cube wrote:
> This would be more in the style of Tails - no persistent state.

Wups, there is some thought on this already

https://www.whonix.org/wiki/Qubes/Disposable_VM

There are issues, anybody try this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd1ca536-c8d3-440a-a756-ebd20f4258d2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Why not a Whonix (or TOR) Disposible VM?

2016-08-27 Thread Cube
This would be more in the style of Tails - no persistent state. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4df461af-9f72-43ca-963b-324d7d7f9436%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?

2016-08-27 Thread Cube
On Saturday, August 27, 2016 at 9:31:31 AM UTC-7, Alex wrote:
> On 08/27/2016 05:59 PM, Cube wrote:
> For specific services (say, the mentioned Amazon) I keep a keepassx
> database on the specific AppVM in which the service is expected to be
> used - the Amazon account I use to buy work stuff is saved in the
> keepassx database in the Work appVM, the personal one is saved in the
> personal appVM.

Interesting idea. For the downside of having to remember extra passwords (for 
the databases), backups (albeit part of the general backups), and managing the 
running instances of XKeyPass, you can save a few keystrokes pasting between 
VM's. It does seem like there are more disadvantages, why not just keep them 
together in one Vault XKeyPass?

> And there are some types of password I keep in a non-internet-connected
> AppVM, together with some OTP generator scripts. They are meant to be
> used for targets that may be sensitive to large scale attacks (say, home
> banking credentials, amazon AWS otp generators, etc.) where attackers
> may have the financial power to aggressively attack the target AppVM -
> so my line of defense here is to be sure not to have the sensitive
> information available on the filesystem at all.
> 

Well they're in the AppVM though so are on the filesystem, aren't they? What 
you buy is network isolation, effectively air gapping, but even better. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af95ccc0-0120-42eb-952b-e1218d880e74%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?

2016-08-27 Thread Cube
Assume you have a disconnected Vault VM with your passwords, and a Shopping VM 
where you access Amazon, etc. Highest security is to copy/paste passwords over 
from the Vault as needed. Less secure (but still highly secure) is to cache 
them in the Firefox database.

What path do people generally take?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c0617ee5-2106-40b2-8ef8-558a65544d76%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Burning a USB attached CDROM

2016-08-27 Thread Cube
On Friday, August 26, 2016 at 4:09:34 PM UTC-7, Connor Page wrote:
> you should use the drive as normal in sys-usb. just make the private image 
> large enough and copy whatever it is you want to burn to that vm.

Thanks! I had forgotten now that with Salt Qubes has a nice way of doing USB 
VM's. 

Any recommendations for how to CLI burn a file?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/440e4c68-4cce-431e-9c98-c153923cb37e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: WiFi NetVM works at first, then not on restart

2016-08-27 Thread Cube
Figure it out, documented here for others.

The problem is for whatever reason the kernel module for my card (Intel laptop 
WIFI) wasn't being properly probed for and loaded. So I added the following 
line to /rw/config/rc.local and made the file executable

cp /rw/config/iwlwifi-net.conf /etc/modules-load.d

and made the file named above with the name of my module inside of it. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f1e49ec-086b-4b06-8c7a-7053a4dc92b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] WiFi NetVM works at first, then not on restart

2016-08-26 Thread Cube
I created a NetVM and attached my WIFI card to it, worked great and I connected 
to the network. Later killed the VM and restarted (restarted the computer 
actually) - no go. Even though "lspci" shows the card still attached and 
available, the WiFI Network connect widget says no network devices available. 

Thoughts?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4795c6c8-790a-4f66-b863-a33936d6be53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Burning a USB attached CDROM

2016-08-26 Thread Cube
Would like to do some rc2 testing and have a USB CDROM which I believe is 
supported? AFAIK it's the internal drives which can't be done. 

I installed 'wodim' but it's not seeing any drivers. Attaching the block device 
to a VM doesn't work either (the CDROM isn't visible to wodim). I tried 
attaching the PCI USB controllers but they are in use by a xen driver. 

Any help appreciated. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3fddc3f-618f-4d47-b08d-7992713f1bad%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.