[qubes-users] Re: Does anyone managed to have wireguard working on Fedora 29?

2019-07-30 Thread Jon deps

Hello,

I'm able to get wireguard working over debian when using a HVM AppVM. 
However I'd like to do use wireguard on the fedora template in a PVH 
template.
This issue (https://github.com/QubesOS/qubes-issues/issues/3591) that 
was closed marmarek states that the kernel-latest-(qubes-vm) contains 
wireguard module out of the box, however I don't find it anywhere.


Dies anyone managed to have wireguard working on a PVH fedora template?




On 7/29/19 8:01 PM, mmoris-dg3qef7t2pdafugrpc6...@public.gmane.org wrote:



I'm using kernel 4.19.43-1 so where can I find the wg module?

The search for tasket vpn qubes github results is wg being used with debian as 
a PVH AppVM, I guess you overlooked the initial part on the thread where I said 
that I want this to work in fedora and not in debian on PVH.





yes, sorry my about that post, anyway




 the 4.19 Fedora kernel doesn't include the wg module, like the deb-9 
one seems to ?



if not then this sort of thing doesn't work ? 
https://www.wireguard.com/install/



not sure why you having to use 'testing' in dom0 I am not, though, yes, 
I used deb-9  for the template for the sys-vpn-wg


are you using Arch templates ?



just curious any particular reason for the PVH and Fedora ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a236cf18-322e-0e59-d797-a3b20c82f0b4%40riseup.net.


[qubes-users] Re: ANN: Qubes-VM-hardening v0.8.4 released

2019-07-29 Thread Jon deps

On 7/29/19 1:54 PM, Chris Laprise wrote:

On 7/28/19 10:23 PM, Jon deps wrote:

On 7/29/19 12:02 AM, Chris Laprise wrote:

On 7/28/19 4:55 PM, Jon deps wrote:

On 7/28/19 7:52 PM, Jon deps wrote:

On 7/28/19 1:36 AM, Chris Laprise wrote:

On 7/27/19 8:27 PM, Jon deps wrote:

pardon my  non-sysadmin  query :


any chance of some real world  examples?  quite a few new terms 
there .


so install into Debian-9

but step 2  am already lost

eg how and where amd I "activating" vm-boot-protect   in the 
templatevm ?


or during install there is going to appear a choice  of which 
service to start  , then when one opens a  TBAVM based on the 
specified Deb-9 template   the protection work at that point ?


Go to the VM's Settings / Services tab, and add "vm-boot-protect" 
as a service.




Can I install it in a fresh Deb-9  , and if its breaking things, 
just delete  the fresh Deb-9 template,  or  is it touching  dom0 ?


It has a second-stage installation step that changes sudo/root 
access inside the template. And for that new root config to work, 
you have to add a couple dom0 config lines (it shows you the dom0 
lines at the end of the install process).


If you remove the altered Deb-9, the dom0 config lines will stay 
unless you change them back. However, in practice there is really 
no impact on your unmodified templates, so whether or not to 
remove the dom0 lines is a question of tidiness.


As an alternative, per the Readme step 3, you can sidestep the 
whole sudo auth reconfiguration.




I guess once installed there is no un-installing ?


Currently there is no "purge everything" function or uninstall. 
You can remove the service manually by deleting the following:


/lib/systemd/system/vm-boot-protect.service
/usr/lib/qubes/init/vm-boot-protect.sh
/etc/default/vms



I just ended up  using vm-boot-protect-root  for the  sys-net and 
sys-usb   in qube settings services


per the "Where to use basic examples"

and vm-boot-protect   for regular appVMs


think I'll skip it for anything else

sys-net is working (I am using fedora-30: because of the past clock 
sync issue) otherwise Deb-9  but  just curious  what  the 
"additional networks VMs would be here"  proxyVPNVMs ?


"The sys-net VM should work 'out of the box' with the 
vm-boot-protect-root service via the included whitelist file. 
Additional network VMs may require configuration, such as cp 
sys-net.whitelist sys-net2.whitelist."



PS: the appVMs seem a bit slower to boot,  but could be my 
imagination ? :)






as expected, since my sys-net was not based on the template I 
installed the script to  


I installed it to a deb-9-clone  and the  disp-qubes-manager  method 
seems to be failing to update   so typically when that happens  I go 
to a terminal  in  the  template and do it manually  usually it 
seems to want   -dist-upgrade   , which presumably  the disp-update  
has issues with  but  after  installing the script *


in the deb-9  template
$sudo apt-get update

fails  with what looks like a script  of having entered it 
incorrectly 3 times


so sorry, but am I supposed to add  vm-protect-root   to the 
template services as well  or  how to fix  this ?


'vm-protect-root' doesn't match any service created by 
Qubes-VM-hardening.


Adding vm-boot-protect or vm-boot-protect-root to the services of the 
template is optional. You can use either one, but it will always 
behave like plain vm-boot-protect in the template (the -root 
functions don't make sense in templates).


I'm not clear on when/where you're using fedora-30. Note that install 
step 3 is different for fedora.


With debian-9, if you're getting immediate errors from every 'sudo' 
command, this would be expected if you chose to uninstall 
'qubes-core-agent-passwordless-root' in install step 3 (this means no 
more sudo!). But if you chose to auto-configure sudo, you will still 
need to add the config lines to dom0 for sudo to work correctly 
(otherwise, sudo will just give you errors); these lines are printed 
in the shell at the end of the install process.




hence, my original query about  'examples'    thanks in advance



Not sure what example you're looking for. In debian, the installer 
asks you one question: 'Configure sudo authentication prompt now? 
(y/n)'.


After installing Qubes-VM-hardening with sudo auth configured, 
running a command like 'sudo apt-get update' will cause a dom0 auth 
prompt window to appear, at which point you can hit 'Enter' or click 
'OK'. Then the command will run normally.





At the vm-boot-protect level, you should see 'bin' automatically 
added to your home dir, and doing an 'lsattr -a' will show a number 
of files/dirs in home with the 'i' flag set.


At vm-boot-protect-root level, you should see a new dir 
'/rw/vm-boot-protect' and it should contain 'BAK' and/or 'ORIG' 
versions of config, bind-dirs and usrlocal.




1)
So, I  chose  'yes'  at the end of the script, fo

[qubes-users] Re: ANN: Qubes-VM-hardening v0.8.4 released

2019-07-28 Thread Jon deps

On 7/29/19 12:02 AM, Chris Laprise wrote:

On 7/28/19 4:55 PM, Jon deps wrote:

On 7/28/19 7:52 PM, Jon deps wrote:

On 7/28/19 1:36 AM, Chris Laprise wrote:

On 7/27/19 8:27 PM, Jon deps wrote:

pardon my  non-sysadmin  query :


any chance of some real world  examples?  quite a few new terms 
there .


so install into Debian-9

but step 2  am already lost

eg how and where amd I "activating" vm-boot-protect   in the 
templatevm ?


or during install there is going to appear a choice  of which 
service to start  , then when one opens a  TBAVM based on the 
specified Deb-9 template   the protection work at that point ?


Go to the VM's Settings / Services tab, and add "vm-boot-protect" as 
a service.




Can I install it in a fresh Deb-9  , and if its breaking things, 
just delete  the fresh Deb-9 template,  or  is it touching  dom0 ?


It has a second-stage installation step that changes sudo/root 
access inside the template. And for that new root config to work, 
you have to add a couple dom0 config lines (it shows you the dom0 
lines at the end of the install process).


If you remove the altered Deb-9, the dom0 config lines will stay 
unless you change them back. However, in practice there is really no 
impact on your unmodified templates, so whether or not to remove the 
dom0 lines is a question of tidiness.


As an alternative, per the Readme step 3, you can sidestep the whole 
sudo auth reconfiguration.




I guess once installed there is no un-installing ?


Currently there is no "purge everything" function or uninstall. You 
can remove the service manually by deleting the following:


/lib/systemd/system/vm-boot-protect.service
/usr/lib/qubes/init/vm-boot-protect.sh
/etc/default/vms



I just ended up  using vm-boot-protect-root  for the  sys-net and 
sys-usb   in qube settings services


per the "Where to use basic examples"

and vm-boot-protect   for regular appVMs


think I'll skip it for anything else

sys-net is working (I am using fedora-30: because of the past clock 
sync issue) otherwise Deb-9  but  just curious  what  the  
"additional networks VMs would be here"  proxyVPNVMs ?


"The sys-net VM should work 'out of the box' with the 
vm-boot-protect-root service via the included whitelist file. 
Additional network VMs may require configuration, such as cp 
sys-net.whitelist sys-net2.whitelist."



PS: the appVMs seem a bit slower to boot,  but could be my 
imagination ? :)






as expected, since my sys-net was not based on the template I 
installed the script to  


I installed it to a deb-9-clone  and the  disp-qubes-manager  method 
seems to be failing to update   so typically when that happens  I go 
to a terminal  in  the  template and do it manually  usually it seems 
to want   -dist-upgrade   , which presumably  the disp-update  has 
issues with  but  after  installing the script *


in the deb-9  template
$sudo apt-get update

fails  with what looks like a script  of having entered it incorrectly 
3 times


so sorry, but am I supposed to add  vm-protect-root   to the  template 
services as well  or  how to fix  this ?


'vm-protect-root' doesn't match any service created by Qubes-VM-hardening.

Adding vm-boot-protect or vm-boot-protect-root to the services of the 
template is optional. You can use either one, but it will always behave 
like plain vm-boot-protect in the template (the -root functions don't 
make sense in templates).


I'm not clear on when/where you're using fedora-30. Note that install 
step 3 is different for fedora.


With debian-9, if you're getting immediate errors from every 'sudo' 
command, this would be expected if you chose to uninstall 
'qubes-core-agent-passwordless-root' in install step 3 (this means no 
more sudo!). But if you chose to auto-configure sudo, you will still 
need to add the config lines to dom0 for sudo to work correctly 
(otherwise, sudo will just give you errors); these lines are printed in 
the shell at the end of the install process.




hence, my original query about  'examples'    thanks in advance



Not sure what example you're looking for. In debian, the installer asks 
you one question: 'Configure sudo authentication prompt now? (y/n)'.


After installing Qubes-VM-hardening with sudo auth configured, running a 
command like 'sudo apt-get update' will cause a dom0 auth prompt window 
to appear, at which point you can hit 'Enter' or click 'OK'. Then the 
command will run normally.





At the vm-boot-protect level, you should see 'bin' automatically added 
to your home dir, and doing an 'lsattr -a' will show a number of 
files/dirs in home with the 'i' flag set.


At vm-boot-protect-root level, you should see a new dir 
'/rw/vm-boot-protect' and it should contain 'BAK' and/or 'ORIG' versions 
of config, bind-dirs and usrlocal.




1)
So, I  chose  'yes'  at the end of the script, for 'configure sudo 
authentication prompt.
 a) somehow I missed the 'several comm

[qubes-users] Re: ANN: Qubes-VM-hardening v0.8.4 released

2019-07-28 Thread Jon deps

On 7/28/19 7:52 PM, Jon deps wrote:

On 7/28/19 1:36 AM, Chris Laprise wrote:

On 7/27/19 8:27 PM, Jon deps wrote:

pardon my  non-sysadmin  query :


any chance of some real world  examples?  quite a few new terms  there .

so install into Debian-9

but step 2  am already lost

eg how and where amd I "activating" vm-boot-protect   in the 
templatevm ?


or during install there is going to appear a choice  of which service 
to start  , then when one opens a  TBAVM based on the specified Deb-9 
template   the protection work at that point ?


Go to the VM's Settings / Services tab, and add "vm-boot-protect" as a 
service.




Can I install it in a fresh Deb-9  , and if its breaking things,  
just delete  the fresh Deb-9 template,  or  is it touching  dom0 ?


It has a second-stage installation step that changes sudo/root access 
inside the template. And for that new root config to work, you have to 
add a couple dom0 config lines (it shows you the dom0 lines at the end 
of the install process).


If you remove the altered Deb-9, the dom0 config lines will stay 
unless you change them back. However, in practice there is really no 
impact on your unmodified templates, so whether or not to remove the 
dom0 lines is a question of tidiness.


As an alternative, per the Readme step 3, you can sidestep the whole 
sudo auth reconfiguration.




I guess once installed there is no un-installing ?


Currently there is no "purge everything" function or uninstall. You 
can remove the service manually by deleting the following:


/lib/systemd/system/vm-boot-protect.service
/usr/lib/qubes/init/vm-boot-protect.sh
/etc/default/vms



I just ended up  using vm-boot-protect-root  for the  sys-net and 
sys-usb   in qube settings services


per the "Where to use basic examples"

and vm-boot-protect   for regular appVMs


think I'll skip it for anything else

sys-net is working (I am using fedora-30: because of the past clock sync 
issue) otherwise Deb-9  but  just curious  what  the  "additional 
networks VMs would be here"  proxyVPNVMs ?


"The sys-net VM should work 'out of the box' with the 
vm-boot-protect-root service via the included whitelist file. Additional 
network VMs may require configuration, such as cp sys-net.whitelist 
sys-net2.whitelist."



PS: the appVMs seem a bit slower to boot,  but could be my imagination ? :)





as expected, since my sys-net was not based on the template I installed 
the script to  


I installed it to a deb-9-clone  and the  disp-qubes-manager  method 
seems to be failing to update   so typically when that happens  I go to 
a terminal  in  the  template and do it manually  usually it seems to 
want   -dist-upgrade   , which presumably  the disp-update  has issues 
with  but  after  installing the script *


in the deb-9  template
$sudo apt-get update

fails  with what looks like a script  of having entered it incorrectly 3 
times


so sorry, but am I supposed to add  vm-protect-root   to the  template 
services as well  or  how to fix  this ?



hence, my original query about  'examples'thanks in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/14704167-16e9-5294-6f87-d454c9028726%40riseup.net.


[qubes-users] Re: ANN: Qubes-VM-hardening v0.8.4 released

2019-07-28 Thread Jon deps

On 7/28/19 1:36 AM, Chris Laprise wrote:

On 7/27/19 8:27 PM, Jon deps wrote:

pardon my  non-sysadmin  query :


any chance of some real world  examples?  quite a few new terms  there .

so install into Debian-9

but step 2  am already lost

eg how and where amd I "activating" vm-boot-protect   in the templatevm ?

or during install there is going to appear a choice  of which service 
to start  , then when one opens a  TBAVM based on the specified Deb-9 
template   the protection work at that point ?


Go to the VM's Settings / Services tab, and add "vm-boot-protect" as a 
service.




Can I install it in a fresh Deb-9  , and if its breaking things,  just 
delete  the fresh Deb-9 template,  or  is it touching  dom0 ?


It has a second-stage installation step that changes sudo/root access 
inside the template. And for that new root config to work, you have to 
add a couple dom0 config lines (it shows you the dom0 lines at the end 
of the install process).


If you remove the altered Deb-9, the dom0 config lines will stay unless 
you change them back. However, in practice there is really no impact on 
your unmodified templates, so whether or not to remove the dom0 lines is 
a question of tidiness.


As an alternative, per the Readme step 3, you can sidestep the whole 
sudo auth reconfiguration.




I guess once installed there is no un-installing ?


Currently there is no "purge everything" function or uninstall. You can 
remove the service manually by deleting the following:


/lib/systemd/system/vm-boot-protect.service
/usr/lib/qubes/init/vm-boot-protect.sh
/etc/default/vms



I just ended up  using vm-boot-protect-root  for the  sys-net and 
sys-usb   in qube settings services


per the "Where to use basic examples"

and vm-boot-protect   for regular appVMs


think I'll skip it for anything else

sys-net is working (I am using fedora-30: because of the past clock sync 
issue) otherwise Deb-9  but  just curious  what  the  "additional 
networks VMs would be here"  proxyVPNVMs ?


"The sys-net VM should work 'out of the box' with the 
vm-boot-protect-root service via the included whitelist file. Additional 
network VMs may require configuration, such as cp sys-net.whitelist 
sys-net2.whitelist."



PS: the appVMs seem a bit slower to boot,  but could be my imagination ? :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0b50d07-c98b-6230-6ca9-85bc1b5c3843%40riseup.net.


[qubes-users] Re: Does anyone managed to have wireguard working on Fedora 29?

2019-07-28 Thread Jon deps

On 7/28/19 2:29 PM, mmoris-dg3qef7t2pdafugrpc6...@public.gmane.org wrote:

It worked with the 5.1.15-1 !

Many thanks!

July 28, 2019 3:19 PM, mmoris-dg3qef7t2pdafugrpc6...@public.gmane.org wrote:


The 5.1.15-1 was deleted with the --action=upgrade
Is there a way to reinstall the package again?

July 28, 2019 2:49 PM, 
dhorf-hfref.4a288f10-wrfazjlk6nhg9huczpv...@public.gmane.org wrote:


On Sun, Jul 28, 2019 at 12:34:25PM +, 
mmoris-dg3qef7t2pdafugrpc6...@public.gmane.org wrote:


Thanks the package is now successfully installed!


good! (but actualy not required now that i think about it)


Now I changed the kernel of my sys-firewall to point to the new kernel
- 5.2.3-1 and tried to start the AppVM.
However the sys-firewall is started fine but qrexec fails and throws
an error that it cannot communicate with the sys-firewall so I'm no
longer able to run any command in the VM.


i can confirm 5.2.3 doesnt really want to start, and i didnt see
any obvious reason for it in the console log.


Is there anything missing apart from changing the kernel with the qvm-prefs?


no, thats all there is to it, but it needs to be a working kernel.
its in the not-enabled-by-default testing-repo for a reason.

try using the 5.1.15-1 you already have installed.




1) don't "top post"

2) in dom0   do  uname -a  does it say  kernel  4.19 , if so you don't 
need  "the wg package"


3) do a little search for  "tasket vpn qubes github"  and  try his 
script  per instructions


then report back

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2687f179-d637-b245-a729-b3d237df460c%40riseup.net.


[qubes-users] Re: ANN: Qubes-VM-hardening v0.8.4 released

2019-07-27 Thread Jon deps

On 7/18/19 3:53 PM, Chris Laprise wrote:

Description:


Qubes-VM-hardening

Leverage Qubes template non-persistence to fend off malware at VM 
startup: Lock-down, quarantine and check contents of /rw private storage 
that affect the execution environment.


    * Acts at VM startup before private volume /rw mounts
    * User: Protect /home desktop & shell startup executables
    * Root: Quarantine all /rw configs & scripts, with whitelisting
    * Re-deploy custom or default files to /rw on each boot
    * SHA256 hash checking against unwanted changes
    * Provides rescue shell on error or request
    * Works with template-based AppVMs, sys-net and sys-vpn

Version 0.8.4 expands protection to the /home/user systemd directory, 
and now hides its vms config directory on all VM startups (not just when 
its enabled). Upgrading is recommended.


Github link - https://github.com/tasket/Qubes-VM-hardening



pardon my  non-sysadmin  query :


any chance of some real world  examples?  quite a few new terms  there .

so install into Debian-9

but step 2  am already lost

eg how and where amd I "activating" vm-boot-protect   in the templatevm ?

or during install there is going to appear a choice  of which service to 
start  , then when one opens a  TBAVM based on the specified Deb-9 
template   the protection work at that point ?



Can I install it in a fresh Deb-9  , and if its breaking things,  just 
delete  the fresh Deb-9 template,  or  is it touching  dom0 ?




I guess once installed there is no un-installing ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33117978-ed56-0e09-53fa-76331a057623%40riseup.net.


[qubes-users] Re: Confuse Update QUbes OS

2019-07-26 Thread Jon deps

On 7/25/19 3:48 PM, unman wrote:

On Thu, Jul 25, 2019 at 08:49:00AM +, 'awokd' via qubes-users wrote:

Jon deps:


if the debian 10 sentence is current, is the documentation soon to be
updated ?

any guesstimate on the -10 fresh templates ETA <-- sorry to ask?? :)


The Debian 10 Qubes template isn't out yet. It's in testing so it should
be soon. Hopefully, associated documentation would be updated around the
same time.


PS: in tbird how does one reply to
awokd 

I can a popup error recipient name rejected no domain found


I don't know how Gmane works. Maybe you can't reply to posters directly
with it. Using the Qubes listserv with email does work for that.



Debian-10 is stuck in testing at the moment because it needs packages
from the *testing* repositories for updating. This could be confusing if
users install from current and don't want to use the testing
repositories.

Also, I've noticed a few regressions in the minimal template which need
fixing before release. So testing it remains.
Andrew will announce when the templates become available in "current".

I don't think that Gmane works any more, does it? If you have a message 
referenced
ed there you should be able to find it in archive.org, and reply from
there.




I use thunderbird to read the qubes-users, then I right click and 
"respond to all" it populates and email  with


qubes-users-/jypxa39uh5tlh3mboc...@public.gmane.org 



awokd 

in the "To:" fields

then there is a "newsgroup:" field  gmane.os.qubes.user

I retitle the "to:" field to  qubes-users@googlegroups.com 



and delete the other fields

but actually have no idea if this is  the  best method for   gmane  use


so seems gmane does work at least for reading  the newsgroup  sir unman   :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a72fd20-a827-9f12-e6c7-6fc3195f82a1%40riseup.net.


[qubes-users] Re: Confuse Update QUbes OS

2019-07-25 Thread Jon deps

On 7/19/19 9:11 PM, 'awokd' via qubes-users wrote:

Luc libaweb:

Hello,

When I update my Dom0, I have :
Failed to synchronize cach for repo "template" and "current"

But, I have then nothing to do and complete.


This error is usually temporary, like if you are having internet 
trouble. Try running update again.



Qubes OS is updated ?

My release cat is 4.0 but not 4.0.1 ?


A fully patched install of 4.0 is no different than 4.0.1.

I don't uderstand if I have to upgrade template or it's automatic 
whith the update tool.


Thanks

The update tool will update patches within templates. However, it does 
not handle updating to entirely new template versions like Fedora 29 to 
30 or Debian 9 to 10. See https://www.qubes-os.org/doc/templates for those.




if the debian 10 sentence is current, is the documentation soon to be 
updated ?


any guesstimate on the -10 fresh templates ETA <-- sorry to ask  :)


PS: in tbird how does one reply to
awokd 

I can a popup error recipient name rejected no domain found

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/577a44a3-ae99-7b8e-64b3-c2482cb33cb4%40riseup.net.


[qubes-users] Re: is it possible to have two sys-net for one firewall vm?

2019-07-24 Thread Jon deps
On 7/22/19 2:51 PM, alain.cordat-re5jqeeqqe8avxtiumw...@public.gmane.org 
wrote:

hello,
I use Qubes-os 4 on a computer which provides 2 ethernet intefaces. For my
project iI need to separate these 2 interfaces (sys-net1, sys-net2). But i
have to use only 1 firewall on which the 2 sys-net would be linked.
Is it possible?
I don't find the solution for the moment. One of these 2 sys-net is created
without vif interface...
Thanks a lot!
Alain



I know this is unrelated but when I look at Xentop   I see  two  sys-net 
  and 1 sys-firewall   and  2   sys-vpn (appbased proxy VMs)


but in Qubes manager there is 1 sys-net and 1 sys-vpnis this normal 
or what might cause this ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95343d88-e6cf-8771-d761-f406721cba4c%40riseup.net.


[qubes-users] Re: Whonix 15 has been released

2019-07-08 Thread Jon deps

On 7/3/19 6:54 PM, 'awokd' via qubes-users wrote:

Make sure
you're on mgmt-salt-dom0-virtual-machines v4.0.16 or higher. If you are
doing it manually, you should review everything the scripts do to make
sure you've run the appropriate qvm-features commands, etc. Not
following all the same steps as the Salt scripts could result in
unexpected traffic disclosures.



so for the record as far as I can tell v4.0.15  is the "latest"  please 
tell me if it makes some difference.


if I'm going to need to 'review salt scripts'probably time to move on

appreciate the Qubes devs, but I sort of don't want to know what salt is 
and does beyond the very basics  :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e85814a8-d271-579d-e263-49c83be316f3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: I don't see no stinkin' jinja file

2019-07-08 Thread Jon deps

On 7/9/19 2:17 AM, drokmed-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

Giving up trying to run tor on qubes.

whonix-gw-14 no longer updates, and I got the whonix-gw-15 installed, but it 
doesn't update either.

Saw something about a jinja file mentioned in a couple comments here, but no 
mention of it on the whonix installation instructions.  Don't know where it is, 
and wouldn't know what to do with it if I found it.

I'm glad you veterans knee deep in testing here got it working, but for us new 
people, not a prayer.



maybe you don't see it because the  developer removed it , as it  Was 
there before

https://www.whonix.org/wiki/Qubes/Install


In dom0.

Open file whonix.jinja with root rights.

sudo nano /srv/formulas/base/virtual-machines-formula/qvm/whonix.jinja

Change 14 to 15 .

Save.



hence, I can't vouche that this is the official  "way" forward

also note after you do get it installed with the script (waiting up to 
30-60 minutes to avoid the dreaded "unstable system"  there is a new caveat


you likely/may not be able to do sudo apt-get update in the new  -ws -gw 
 templates  until you 1st do


sudo apt-get --allow-releaseinfo-change update

https://forums.whonix.org/t/apt-get-error-e-repository-tor-https-cdn-aws-deb-debian-org-debian-security-buster-updates-inrelease-changed-its-suite-value-from-testing-to-stable/7704


sometimes I think there are about 15 people in the world using this OS   :)

yours truly,
jinja

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e44bdad6-520a-c022-4c2a-4ff2dee2a183%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: using static dispVM for sys-net

2019-07-08 Thread Jon deps

On 7/3/19 8:50 PM, 'awokd' via qubes-users wrote:

Jon deps:


https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys-



I can't really understand what the differences would be  with a static
dispvm (based on a dispvm-template)   vs  just a regular  sys-net

if nothing is disposed (static) isn't it just the same


"Static" there refers to the name and VM configuration, not the
contents. You only have to set them up once, not every time.




so making a sys-net2 as a -C DispVM (with persistent PCI tag)  based on 
a custom-dispvm-template has more disposable qualities   than


just an appvm based on say Deb-9 template ?


and hence might be a security protocol  to  make and toss sys-net2 
(dispvm)  from time to timeor


is it very minor and not worth the effort?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c82977d9-1be3-6a88-457f-bc2073bb4296%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Upgrading to whonix 15

2019-07-07 Thread Jon deps

On 7/7/19 10:06 PM, Steven Walker wrote:

I am a virtual newbie to qubes. I am using 4.0.1 on a thinkpad T420. I would 
like to upgrade from whonix 14 to 15 without screwing anything up.

Can anyone advise?

Steve



Uninstall old whonix-14   Reinstall  new whonix-15   search this forum 
then ask


https://www.whonix.org/wiki/Qubes/Install


it may look more complicated than it is  ; because of the formatting


start at the start , learn the terminology  ,  your just  changing the 
appvms  to not reference the  whonix-14 templates  then removing the 
templates  via   dom0


and either running the script   or  reinstalling  the same way most 
templates are installed via  dom0



only trick  may be  changing the  "jinja" config file
from -14 to -15

though if you read the thread some folks didn't remove  -14 before 
installing -15   and apparently  that may  be  "safe" also


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/72c95733-788d-39fd-c27e-51b9a21bb80b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installing qubes, new machine.

2019-07-06 Thread Jon deps

On 7/5/19 9:59 PM, Denis Buchwalter wrote:

I'm a long time Qubes user. Qubes has been happily running on an older laptop.

Decided to go for more modern hardware.

Long story made short. Apart from the graphic invite never showing (just plain 
old vga text messages scrolling), on the first few installations, there were 
some random problems ranging from not shutting down to missing the Qubes system 
tray icon, but it was installing.

Some red lines in dmesg, apparently unrelated to the issue(s), since, more or 
less, the same messages were shown after installing Debian 10, and fixed with 
some firmware (iwliwifi, realtek, and the nvidia driver).

Now, installation is impossible. The hardware is detected until the the USB boot drive, 
attached as a SCSI device (5:0:0:0). The size, serial number and so on is displayed, then 
it freezes for some time before showing an endless "dracut-initqueue timeout" 
message.

I'm at a loss.

Just in case: Intel i7-8750H, GeForce MX150




how did you create the install usb media?

so its a legacy boot ?  have you changed the graphic settings in the 
uefi-bios  what are the options there


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c553397-71cf-2221-6fef-f7838b34aad5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: No vpn-handler-openvpn in service tab

2019-07-05 Thread Jon deps

On 7/6/19 1:05 AM, Philip Pians wrote:

Hmm… First install of Qubes had networking error which couldn’t be completely 
rectified without fresh install. Second install seemed to have worked 
flawlessly, but if the DisposableVM’s networking setting is not what it should 
be by default, is it possible my Qubes iso is faulty? The only networking I 
recall changing is that of sys-net, and the VPN AppVM at time of creating if 
you count that? Perhaps a third install is needed? Changing sys-net networking 
back to (none) (current) hasn't helped being able to connect to the net again, 
so can't even find out if I finally got the VPN setup correctly.



in a dom0 terminal you can do

$qubes-prefs  to see what the default system-wide default_disp_vm is 
or you the menus -> global settings


I advise if your concerned just do

$qube-prefs default_dispvm none


then later when you've used qubes for a while you can use the  Qubes 
Manager  Application   and go in there and change  some qube to the 
disposable vm  you might want


like for opening pdf files from thunderbird, so you would use your  Mail 
AppVM (TBAVM) "qube"   settings to change to 1  AppVM disposable VM 
setting rather than system-wide, then you won't have to see the yellow 
triangles :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4bfafc6-45b0-1369-e5da-6fe01a9d0a45%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Whonix 15 has been released

2019-07-04 Thread Jon deps

On 7/4/19 2:12 AM, 'awokd' via qubes-users wrote:

Jon deps:

On 7/3/19 8:33 PM, 'awokd' via qubes-users wrote:



dom0: dnf list installed


well this doesn't show the version  all the other qubes-mgmt-salt  show
versions but Not

qubes-mgmt-salt-dom0-virtual-machines.noarch


Try dnf info then.



ah ok so
$dnf info says

I'm on
Installed Packages
Name: qubes-mgmt-salt-dom0-virtual-machines
Arch: noarch
Epoch   : 0
Version : 4.0.15
Release : 1.fc25


not 4.0.16
and
$sudo qubes-dom0-update
says no updates


so, is one supposed to be updating dom0  some other way ?

I do note that whonix-15 seems to be installed , but maybe with  4.0.16 
one would not have had to chage  the  "jinja" settings from 14 -> 15 ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df662a94-0e46-9580-bcf5-5c5ac80d42e6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: ANN: Qubes-vpn-support v1.4.1 released!

2019-07-04 Thread Jon deps

On 6/20/19 8:00 PM, Chris Laprise wrote:
Version 1.4.1 of Qubes-vpn-support has been released. It includes tweaks 
for smoother operation, greater control over the firewall, and revised 
docs in the Readme:


https://github.com/tasket/Qubes-vpn-support

Features

     Provides a fail closed, antileak VPN tunnel environment
     Isolates the tunnel client within a dedicated Proxy VM
     Prevents configuration errors
     Separate firewall VM not required

Easy setup

     Simple install script; No file editing or IP numbers necessary
     Lets you 'drop in' configuration files from VPN service provider
     Flexible installation into template or to individual ProxyVMs

New in this version, v1.4.1

     Qubes 4.0.1 support
     Control over specific firewall restrictions
     Better compatibility with MTU fragmentation detection

New in v1.4.0

     Anti-leak for IPv6
     All DNS requests forced to chosen VPN DNS
     Firewall integrity checked before connecting
     Quicker re-connection
     Supports passwordless cert authentication


* Also note that Qubes 3.x is no longer detected or supported.

* Updating to the new version is simple and described in the 
'Quickstart' guide.


* For users of qubes-tunnel (twin vpn project), an equivalent update is 
forthcoming in the next week. However, if you wish to switch to 
Qubes-vpn-support now, you can install it without issues for a new VPN VM.





Which Debian-9  packages besides  openvpn  need to be installed in the 
Template for  QVS  to work ?


I'm finding that
sudo apt-get install openvpn   isn't enough on the default Deb-9 
Template just installed,  and  copying over backed up  AppVMs from 
another machine.


It does worked with another Debian-9 template copied over from the other 
machine  but I'd like to use the fresh installed Deb-9 on the new 
machine instead.



am finding that  bash ./install   is  just returning  empty   if it's 
installed already . would that be normal ?



Regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8ce0f84d-f250-4ed3-693c-25a48a5c117c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Browsers

2019-07-03 Thread Jon deps

On 7/3/19 1:22 AM, 'Epinsion Polickye' via qubes-users wrote:

Hi,

I am attempting to use my personal domain to use a few services, however I'm 
finding a particular issue with two services.

When I attempt to watch some particular videos from pluralsight, or access a 
service in Office365, the site loops / reloads 3-20 times before failing to 
load the resource. Errors in the browser console seem to indicate it is to do 
will supported file types and codecs.

I don't have any blockers, issues with cookies, issues with filters.

Attempted to resolve by installing some gstreamer plugins to no avail (with 
untrusted repos, without checking signatures etc).

Can anyone provide recommended reading for:
- Trusting new repos, adding them, verifying signatures, and why (what threats 
am I defending against, and the likelihood of such threats occuring?)
- Linux video and audio formats, mimetypes, the defaults, how to add all of 
them / common types (good, bad, and ugly)
- Linux + firefox - getting the services I mentioned to work, and ensure codecs 
and the like are available for other services in the future (want to avoid a 
similar issue - disruptive to productivity)
- advice if anyone has come across such issues before

Thanks a heap.



I'm guessing you might want to try a less secure, and hence easier to 
use  linux distro



While you can get a lot of multimedia working, there is a trade off for 
security by isolation


maybe you might want to try this  with maybe  Fedora-30
https://www.qubes-os.org/doc/multimedia/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f2acf3a-8350-f950-57b7-6a336ab22a69%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Whonix 15 has been released

2019-07-03 Thread Jon deps

On 7/4/19 4:14 AM, dimi wrote:

I think the whonix upgrade guide is missing how to handle the a) renaming of 
the now upgraded templates or b) deleting them. I tried renaming 14 to 15 and 
ended up with new templates having the upgraded name with 15 in them. Maybe 
this is just a problem with Qubes Manager.

Please advice how to proceed, delete the new 15 templates and manually rename 
the 14 ones to 15 or manually delete the upgraded 14 templates?



they usually want you to ask  Whonix questions on the Qubes-Whonix forum 
 fwiw


https://forums.whonix.org/c/qubes-whonix

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7c8970ee-8aab-dbb3-1c6f-b32c1da3f2df%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Whonix 15 has been released

2019-07-03 Thread Jon deps

On 7/3/19 8:33 PM, 'awokd' via qubes-users wrote:

Jon deps:


besides the script if you don't change the "jinja" file, you won't get
-15  installed


Well it's in his docs for  New Install , added after the other elements 
were, apparently




The version of mgmt-salt-dom0-virtual-machine I mentioned should cover that.


re: removing old anon-whonix TBA-AppVMs
I believe Patrick said:  you can either remove sys-whonix (on my machine
sys-whonix-14)  before   new install  or just leave it (and presumably
have it set to 'dummy template' -- not sure why can't just set it to any
other template temporarily )

so presumably that goes for anon-whonix  and its just like any other
template  upgrade ,  reassigning to the new upgraded Template


Thanks, wasn't sure!



He just made the remark re: sys-whonix  so its just a presumption





PS :  how would I check  I'm on the correct  mgmt-salt-dom0-virtual-machine





dom0: dnf list installed


well this doesn't show the version  all the other qubes-mgmt-salt  show 
versions but Not


qubes-mgmt-salt-dom0-virtual-machines.noarch






dom0 ~]$ dnf list -v installed|grep mgmt
qubes-mgmt-salt.noarch 4.0.18-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-admin-tools.noarch 4.0.18-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-base.noarch4.0.3-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-base-config.noarch 4.0.1-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-base-overrides.noarch  4.0.2-1.fc25 
@qubes-dom0-cached

qubes-mgmt-salt-base-overrides-libs.noarch
qubes-mgmt-salt-base-topd.noarch   4.0.1-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-config.noarch  4.0.18-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-dom0.noarch4.0.18-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-dom0-qvm.noarch4.0.8-1.fc25 
@qubes-dom0-cached
qubes-mgmt-salt-dom0-update.noarch 4.0.8-1.fc25 
@qubes-dom0-cached

qubes-mgmt-salt-dom0-virtual-machines.noarch

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9f16faa-640e-ba6d-2dc5-95aebf069743%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] using static dispVM for sys-net

2019-07-03 Thread Jon deps

am curious if anyone actually does this , and how

or would it make any sense instead to use a static sys-firewall ,  if I 
just have the default  sys-firewall  (which might be easier because 
there would not be a need for the PCI  setup  ?each time)



https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys-


I can't really understand what the differences would be  with a static 
dispvm (based on a dispvm-template)   vs  just a regular  sys-net


if nothing is disposed (static) isn't it just the same

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a18a7bec-e905-4fb6-e4fa-75810f52709d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Whonix 15 has been released

2019-07-03 Thread Jon deps

On 7/3/19 6:54 PM, 'awokd' via qubes-users wrote:

Daniil Travnikov:

On Wednesday, July 3, 2019 at 4:24:01 AM UTC+3, haaber wrote:

The "instructions" on the whonix webpage are more than confusing. There
are 3 alternative "ways" suggested. Which one is best /advised?

I got the impression that a complete reinstall requires (a) a fedora
appvm (I have none), (b) does *not* work over TOR, since the AppVM's
based on whonix must be removed (or set to dummy  template) before
removing the whonix-14-templates. Then sys-whonix is gone, right?
That seems awkward asprocedure. Can someone explain, please? Why can't I
install whonix-gw-15 and whonix-ws-15 via dnf in dom0 and THEN remove
the *-14-* ones? Cheers, Bernhard



Thank you for your post, I thought that I am alone, but I think the same.

I don't understand why in Qubes we can't install Whonix Templates of any 
version from Dom0 like we usually do when we want to install Fedora,
for example:

sudo qubes-dom0-update qubes-template-fedora-XX


I don't see why you couldn't, but you should possibly recreate
sys-whonix and anon-whonix. Not sure it's safe to re-use them. You
should try to use the Salt commands to do this, once you have the -15
templates installed and the -14 and sys/anon-whonix removed. Make sure
you're on mgmt-salt-dom0-virtual-machines v4.0.16 or higher. If you are
doing it manually, you should review everything the scripts do to make
sure you've run the appropriate qvm-features commands, etc. Not
following all the same steps as the Salt scripts could result in
unexpected traffic disclosures. Haven't upgraded these myself yet; I'll
let the early adopters work out the bugs first. ;)

See https://github.com/QubesOS/qubes-issues/issues/3765 and
https://github.com/QubesOS/qubes-issues/issues/3447 for a longer
discussion of why the upgrade procedure is the way it is. If you can
write smarter Salt scripts, I suspect the Whonix team would be appreciative.



besides the script if you don't change the "jinja" file, you won't get 
-15  installed


re: removing old anon-whonix TBA-AppVMs
I believe Patrick said:  you can either remove sys-whonix (on my machine 
sys-whonix-14)  before   new install  or just leave it (and presumably 
have it set to 'dummy template' -- not sure why can't just set it to any 
other template temporarily )


so presumably that goes for anon-whonix  and its just like any other 
template  upgrade ,  reassigning to the new upgraded Template



PS :  how would I check  I'm on the correct  mgmt-salt-dom0-virtual-machine


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b74540b3-e231-48ac-1509-e68d379ec7cf%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Quick question please, need help!

2019-06-28 Thread Jon deps

On 6/27/19 10:01 AM, Sphere wrote:

The general idea is correct
If dom0 gets pwned then everything else can be pwned and stolen, including your 
data
pwning dom0 properly and successfully however, is not trivial because dom0 has 
no direct access to network hardware to communicate in the first place and 
malicious actors would need malware to communicate directly to the C2 server 
for commands.

What's great about qubes is the fact that with proper hardening, it becomes 
very resilient thanks to the fact that it follows a 0-trust model.




just curious what "proper hardening"  you  do  (Sphere)


maybe the argument is are you "safer" using hypervisors   , because 
'qubes' isn't really an  traditional  OS  of course


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3938aafb-d997-d535-9031-d23091f59481%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes OS Installation Resolution

2019-06-28 Thread Jon deps

On 6/28/19 7:56 AM, 'awokd' via qubes-users wrote:

'[NOTIFICATION]' via qubes-users:

The problem is the ease of convenience when it comes to to eh various VM 
instances. As a new user to QUBES OS, it seems more complicated than usual. One 
of the main issues was the ethernet tethering passthrough. That was so 
difficult to set up due to the lack of or vague instructions. QUBES OS should 
have a more user friendly interface or framework. While it does seem simple as 
it can get, The ability to maneuver in the infrastructure can be confusing. 
Sometimes just using VIRTUALBOX can seem much more easier because of its visual 
compartmentalization. Along with the extension pack to share data between, 
QUBES OS does not have this setting options. In QUBES OS, you have to do it 
each time? Anyways, hope to some QUBES OS improvement in terms of interface and 
ease of use?


Glad you were able to get it installed and try it out. 8GB should be
sufficient- I wonder if it's not a bad stick. I missed having a
graphical representation of networking too, when I came to Qubes from
other OS/virtualization products.

Not sure what you mean by ethernet tethering passthrough in context of
Qubes. What were you trying to do, and where did you have trouble?





Along with the extension pack to share data between, QUBES OS does not 
have this setting options. In QUBES OS, you have to do it each time?


you probably are not going to get far comparing VBox  and  Qubes, I 
believe your talking about VB extensions to do things.


Qubes are designed Not to share easily, I think that is the point. So, 
if your wanting a permanent data sharing between Qubes, afaik, not 
possible, what would be the point ?


maybe you can make a  HVM and install VBox on it and see how far you get
https://www.qubes-os.org/doc/hvm/

it's probably as complicated as you make it

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8236422-17d2-e8df-0051-afe0501b5694%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-26 Thread Jon deps

On 6/27/19 1:10 AM, Chris wrote:

Quickest thing to try is to switch sys-net's template to Debian. Also,
experiment with


I tried the Debian template but it still doesn't work. Same symptoms


https://www.qubes-os.org/doc/pci-devices/#pci-passthrough-issues attach
options.


I need some help here. Couldn't find the configuration file mentioned 
(/var/lib/qubes/servicevms/ is empty) to insert pci_permissive=1. I am not very 
good with Linux.




fedora-30 is the newer qubes template , maybe it will have some support 
for your device, that older OS doesn't , seems logical to me


in dom0:

$ sudo qubes-dom0-update qubes-template-fedora-30


IMO: you shouldn't have to get into the  config files,  I'd find new 
hardware if it was me.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d8bf8265-9fe7-ee69-a3db-7c7c6da38894%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Quick question please, need help!

2019-06-26 Thread Jon deps

On 6/21/19 10:37 PM, ljul8047-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

So I’m still learning about Qubes but I have a question please. I was told that 
if dom0 gets infected, everything in the laptop can be found and read. The ip 
is not a problem but I’m not sure about the MAC address? If they found out the 
latter by infecting dom0, what are the possibilities to trace that MAC address 
to the laptop owner?



https://www.qubes-os.org/intro/

I would guess no different than any other  operating system /  probably 
your question is not  specific  to  Qubes  or this forum


the selling point for Qubes seems to be  tied to Xen Hypervisor  being 
"bare metal"   vs.  other efforts at virtualization safety,  which I 
hear even  windows is using to some extent now


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9ca3a6d-cf0a-b278-c84e-a67c9e2a4d32%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Video-screen

2019-06-26 Thread Jon deps

On 6/25/19 2:13 AM, 'awokd' via qubes-users wrote:

danotty via qubes-users:

Hello
Does exist a software to capture video-screen in Qubes?

Check under Productivity on 
https://github.com/Qubes-Community/Contents/tree/master/code.




you would install a debian or fedora  package that  does a 
"screen-grab"   if that is what you mean  by  capture screen  or 
youtube-dl  is another package   for  capturing streaming  data


but maybe you know this already

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a8144ea-bf45-712a-33d2-577d3063e15e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get network adapter working

2019-06-26 Thread Jon deps

On 6/26/19 1:33 PM, Chris Laprise wrote:

On 6/26/19 7:56 AM, 'awokd' via qubes-users wrote:

Chris:

Hi all!


Welcome!


Successfully booted into Qubes but couldn't get network working.

1. Physically, port LEDs go off and start blinking after awhile. 
Keeps repeating.

2. Network icon on top right is red and shows 'loading animation'
3. Network adapter can negotiate speed and duplex but cannot get IP 
address from DHCP server
4. Changing of network cable and connecting to another switch gives 
the same results

5. dmesg shows adapter in reset cycle
6. Network adapter works perfect when boot into Live Ubuntu using 
same hardware


Quickest thing to try is to switch sys-net's template to Debian. Also, 
experiment with 
https://www.qubes-os.org/doc/pci-devices/#pci-passthrough-issues 
attach options.




Debian can be a good sys-net distro, but unfortunately the template 
doesn't have all the wifi drivers pre-installed... I have to manually 
install 'firmware-iwlwifi' to get Intel cards working.




I don't think you said  which template you are using for sys-net  did you?

IMO  use Fedora-30   as last I checked using Debian-9  is likely to mess 
up your dom0 clock , which matters for updates


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59829b75-3f4d-e297-338c-ad4b0f069d8f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Upgrading directly from Fedora 23 to 26 ?

2019-06-22 Thread Jon deps

On 6/20/19 8:40 AM, polish farmer wrote:

are you saying to run the command "sudo qubes-dom0-update 
qubes-template-fedora-26"  in dom0 ?



maybe you meant  dom0  is running  Fedora-23

don't try to upgrade it other than the normal  way


$sudo qubes-dom0-update


dom0   is  the over-seer  of  all your  other   "domains"   like sys-net 
 sys-usb



the latter  "systems"  you can  choose  which  "template"  / OS  to 
command them . eg Fed-30  or  Debian-9



dom0  rarely needs to be updated ,  Template  are constantly  wanting to 
be updated    with occasional  major  upgrades  to the  next  like 
someday soon  Debian-10



but maybe you know all this ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b521328f-3821-9f65-80b2-692ba629b48b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: ANN: Qubes-vpn-support v1.4.1 released!

2019-06-21 Thread Jon deps

On 6/21/19 11:27 PM, Jon deps wrote:

On 6/20/19 8:00 PM, Chris Laprise wrote:
Version 1.4.1 of Qubes-vpn-support has been released. It includes 
tweaks for smoother operation, greater control over the firewall, and 
revised docs in the Readme:


https://github.com/tasket/Qubes-vpn-support

Features

 Provides a fail closed, antileak VPN tunnel environment
 Isolates the tunnel client within a dedicated Proxy VM
 Prevents configuration errors
 Separate firewall VM not required

Easy setup

 Simple install script; No file editing or IP numbers necessary
 Lets you 'drop in' configuration files from VPN service provider
 Flexible installation into template or to individual ProxyVMs

New in this version, v1.4.1

 Qubes 4.0.1 support
 Control over specific firewall restrictions
 Better compatibility with MTU fragmentation detection

New in v1.4.0

 Anti-leak for IPv6
 All DNS requests forced to chosen VPN DNS
 Firewall integrity checked before connecting
 Quicker re-connection
 Supports passwordless cert authentication


* Also note that Qubes 3.x is no longer detected or supported.

* Updating to the new version is simple and described in the 
'Quickstart' guide.


* For users of qubes-tunnel (twin vpn project), an equivalent update 
is forthcoming in the next week. However, if you wish to switch to 
Qubes-vpn-support now, you can install it without issues for a new VPN 
VM.




Updating, and the Template used for the ProxyAppVM being Debian-9    I 
am repeatedly  getting the   corner pop-up box   "Ready to Start Link" 
 and using it as the netvm  there is no  networking





hmm maybe disregard seems to have magically fixed itself  

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/599d66c8-ecdd-e26c-2732-021ac49850a6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: ANN: Qubes-vpn-support v1.4.1 released!

2019-06-21 Thread Jon deps

On 6/20/19 8:00 PM, Chris Laprise wrote:
Version 1.4.1 of Qubes-vpn-support has been released. It includes tweaks 
for smoother operation, greater control over the firewall, and revised 
docs in the Readme:


https://github.com/tasket/Qubes-vpn-support

Features

     Provides a fail closed, antileak VPN tunnel environment
     Isolates the tunnel client within a dedicated Proxy VM
     Prevents configuration errors
     Separate firewall VM not required

Easy setup

     Simple install script; No file editing or IP numbers necessary
     Lets you 'drop in' configuration files from VPN service provider
     Flexible installation into template or to individual ProxyVMs

New in this version, v1.4.1

     Qubes 4.0.1 support
     Control over specific firewall restrictions
     Better compatibility with MTU fragmentation detection

New in v1.4.0

     Anti-leak for IPv6
     All DNS requests forced to chosen VPN DNS
     Firewall integrity checked before connecting
     Quicker re-connection
     Supports passwordless cert authentication


* Also note that Qubes 3.x is no longer detected or supported.

* Updating to the new version is simple and described in the 
'Quickstart' guide.


* For users of qubes-tunnel (twin vpn project), an equivalent update is 
forthcoming in the next week. However, if you wish to switch to 
Qubes-vpn-support now, you can install it without issues for a new VPN VM.




Updating, and the Template used for the ProxyAppVM being Debian-9I 
am repeatedly  getting the   corner pop-up box   "Ready to Start Link" 
 and using it as the netvm  there is no  networking


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7987bab-b86d-c14d-58b9-462ecb28af7d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: CPU overheating issues, pulsating fan, recommendations?

2019-06-19 Thread Jon deps

On 6/18/19 11:39 AM, Mike Keehan wrote:

On Tue, 18 Jun 2019 04:44:04 +
omerta-3q9s2cxqgw4kltdg6p0...@public.gmane.org wrote:


Hey all,

Over the last week I've noticed my laptops CPU keeps peaking @ 80-85
every now and then, even when I'm not doing any resource intensive
tasks.

I run 11-12 VMs @ a time which barely scratches the 34GB RAM on a P51
Thinkpad with a i7 7820HQ running in a standard temperature room
environment majority of the time.

Have thought of getting a cooling pad to resolve this, but would
prefer to see if there are any tweaks which can be made within dom0
or the BIOS to put an end to this.

Also of note, I'm getting similar pulsating fan noise as posted here
https://github.com/QubesOS/qubes-issues/issues/3599.

Many thanks,
om



Run xentop in dom0 to see which of your VMs are using cpu the most.
Web browsers can use lots of cpu on some pages!

Mike.



fwiw, this morning I woke up and my system was at the qubes 1st login 
screen , apparently the system has crashed just far enough to close all 
VMs but not reboot?


I am now looking at the Xentop  CPU numbers and with whonix-ws update 
and one up to date torbrowser window 1 tab  open  and one page view, the 
CPU is at 150%


Maxmem was at 2000 , up'd that a bit,  but also changed the VCPU to '3' 
it was set to '2'  and now the CPU with 1 page torbrowser open is at 5%



I guess my question what effect changing the VCPU  of the  TB-AppVM-Qube 
 is


or maybe something changed with the whonix-ws recently  to mess up the 
CPU usages???


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/05c46c80-7a21-d998-aaf8-37822685a849%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Any issues with changing template for sys-usb?

2019-06-16 Thread Jon deps

On 6/9/19 5:42 PM, Stumpy wrote:

On 6/8/19 12:37 PM, 'awokd' via qubes-users wrote:

Stumpy wrote on 6/8/19 1:18 PM:
I have a sys-usb that is currently based on fedora but i need to run 
a package on debian.
Should it be a problem if i install the package on debian, 
temporarily switch the template to debian, use the app when i need, 
then switch back?



Shouldn't be a problem, but you could also just leave it on Debian.



Thanks, will give it a try then




just messes up your  app shortcuts, then one has to  fix them if one 
uses them  ; course you can just use qvm-run


what is the application?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0771b4b-1133-cbe8-631c-d52b1ab13e38%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Does Qubes-OS 4.0.1 have support for KDE or GNOME desktop environment?

2019-06-15 Thread Jon deps

On 6/16/19 12:49 AM, Chris Laprise wrote:

On 6/15/19 4:44 PM, john s. wrote:

On 6/15/19 12:50 AM, Chris Laprise wrote:

On 6/14/19 6:00 PM, Jon deps wrote:

On 6/5/19 8:00 PM, Chris Laprise wrote:

On 6/2/19 3:41 AM, Finn wrote:

I've installed Qubes-OS 4.0.1 and it's XFCE desktop environment but I
would rather prefer either KDE or GNOME desktop environment. I found
this document[1] where mentioned that Qubes-OS is migrating towards
GNOME but at the time of installation only XFCE (neither KDE nor 
GNOME)

is available. I was wondering, is there a way I can use my preferred
desktop environment? Or, I have to wait for GNOME until migration 
is not
fully completed because it seems currently there is no support for 
KDE.



[1]: https://www.qubes-os.org/doc/usability-ux/


KDE does have support AFAIK, although its no long the default. If 
you can get used to the blank-space network icon, then I recommend 
KDE as there are many pluses.


I don't believe Qubes is actually going to migrate to Gnome. There 
was an aborted attempt and Gnome 3's paradigm (tablet touch UI, 
melded WM/app widgets) doesn't seem compatible with Qubes' concept.





seems to want about 4 times  the dom0  RAM   and still  buggy  am 
getting all these  flashing  windows bar and applications menu  hit 
and miss giving dom0 memory boost 800 MiB and minimal qubes memory 
400 MiB or so ,  so gave up



btw,  is there any documentation on recommended RAM for  dom0  using 
XFCE


I'd like to put back the  Default memory settings  but  don't know 
what they are


What GPU does your system have? I'm running KDE comfortably in only 
1.5GB dom0 memory, and my graphics are Intel HD integrated.


I don't recall the exact procedure to set dom0 memory. It begins with 
changing GRUB_CMDLINE_XEN_DEFAULT in /etc/default/grub and then you 
run a command to update it.





so your 1.5GB  of dom0  memory  is  NOT  the  dom0 "memory boost" in 
the Qubes Global Settings?  which I'm assuming is akin to  "maxmem"  
for other VMs ?


Right, its the base dom0 memory settings, which you can also add 
temporarily from grub menu (hit 'e', make change then boot). My dom0 
'memory boost' in Qubes Global Settings is only 160MB.


The dom0 kernel I'm using is 4.19.43.




I also have intel integrated graphics,  maybe kabylake generation


Mine is Ivy Bridge, much older.

at minimal qube memory 1564  and  dom0 memory boost  5138  I am 
still finding it unusable   the  app menus  don't appear ,  I keep 
fighting the taskbar widgets  which then somehow  I make appear on the 
desktop not the  taskbar,  then  can't get them back on the taskbar, 
etc,  which maybe a / the KDE learning curve . nice to see 
something less austere  using Qubes, that I might be able to 
understand   but


if it requires me to change something in Grub  and not just the  
Global Settings  ...maybe time to give up  :)


What happens if you change to sddm, what I'm using? In fact, it seems I 
removed lightdm from dom0.


Also, for something easy to try, you can turn off the compositor with 
Alt-Shift-F12. And the KDE compositor settings are under Display / 
Compositor.


If none of that works, it may simply be a compatibility problem that the 
old Fedora 25 possesses.




Well,  I'm trying to not doing anything that I might break the system, 
hence  no sddm ,  no grub tweaks ..


So, does it make any difference  how  I setup  the   two  Qubes Global 
Settings?



I'll try out the  compositor thing  though, sort of don't want to 
touch Grub  even for temp settings  :)




Maybe I can try  it  on my  old thinkpad  ,  esp  if you happen to  have 
specifics  on  making  the  1.5gb  of dom0  permanent,so far the 
thinkpad  may be running the KDE better than the   modern  hardware  ...


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/01697dee-e6e6-2452-0b39-32e34c56dde0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: usb keyboards

2019-06-15 Thread Jon deps

On 6/15/19 12:21 PM, 'awokd' via qubes-users wrote:

Jon deps wrote on 6/14/19 10:11 PM:

2) is this normal behavior that I can't just plug in any USB kb to my 
PS2 convertr/port,  it  MUST be the  hardware that qubes knows or 
something ?



if #2 is the case, what is the trick to start using a new USB -> PS2 
converter -> PS2 port ?    for reference


Hardware issue, not Qubes. Only some USB keyboards are compatible with 
PS/2 converters.




so there is a list or some guidelines for USB keyboards?  didn't see one 
on qubes.org



and sounds like no tutorial on  non PS2,  non laptop  computers for USB 
keyboards .



maybe pixelfairy's method  could be added  to some document . else 
like me  , at the beginning,  may  fail and get locked out of new 
installs .


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4c9ace7-24a7-453a-ef94-5081f9aab20d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes Package updater - No network connection was detected

2019-06-15 Thread Jon deps
On 6/14/19 9:55 PM, atrainonline-re5jqeeqqe8avxtiumw...@public.gmane.org 
wrote:

So I'm trying to update everything I can with Qubes and I keep running into an 
issue when I try to run the Package Updater in Qubes.  Originally I was going 
to use Tor when I set up Qubes but it never worked so I had to revert back to 
using my VPN.  With the help of some people here, I think I got everything 
converted over, but this program won't work.



you seem to be doing something fundamentally incorrect,  afaik,  your 
Templates netvm  (qvm-prefs   ) should be set to 
'none'  (dom0 terminal qvm-prefs  netvm none )   all 
'updating'proceeds by the order  of   the   qubes.UpdatesProxy 
sequence



https://www.qubes-os.org/doc/rpc-policy/   or so


if you change anything in there   write down  the  exact  order  or the 
original  so you can fall back   as needed



anything not correct in there might break  your  opsec  or  break your 
updates . but maybe you knew all this ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c269630-d9df-ca62-b305-944ec1326189%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] usb keyboards

2019-06-14 Thread Jon deps
I've looked through the docs just now a bit.  As this morning I tried to 
plug a new usb keyboard into my PS2 converter and login, and was 
surprised to find that the system would not allow this.


When I plugged in the existing old USB kb to the PS2 converter and PS2 
port it again works.



but, 1)  is there a tutorial for folks to use a USB keyboard NOT using a 
PS2 port and / or converter?




2) is this normal behavior that I can't just plug in any USB kb to my 
PS2 convertr/port,  it  MUST be the  hardware that qubes knows or 
something ?



if #2 is the case, what is the trick to start using a new USB -> PS2 
converter -> PS2 port ?for reference


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bcc66b4-d9a9-90c1-8fb7-5c4d26569ca9%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Does Qubes-OS 4.0.1 have support for KDE or GNOME desktop environment?

2019-06-14 Thread Jon deps

On 6/5/19 8:00 PM, Chris Laprise wrote:

On 6/2/19 3:41 AM, Finn wrote:

I've installed Qubes-OS 4.0.1 and it's XFCE desktop environment but I
would rather prefer either KDE or GNOME desktop environment. I found
this document[1] where mentioned that Qubes-OS is migrating towards
GNOME but at the time of installation only XFCE (neither KDE nor GNOME)
is available. I was wondering, is there a way I can use my preferred
desktop environment? Or, I have to wait for GNOME until migration is not
fully completed because it seems currently there is no support for KDE.


[1]: https://www.qubes-os.org/doc/usability-ux/


KDE does have support AFAIK, although its no long the default. If you 
can get used to the blank-space network icon, then I recommend KDE as 
there are many pluses.


I don't believe Qubes is actually going to migrate to Gnome. There was 
an aborted attempt and Gnome 3's paradigm (tablet touch UI, melded 
WM/app widgets) doesn't seem compatible with Qubes' concept.





seems to want about 4 times  the dom0  RAM   and still  buggy  am 
getting all these  flashing  windows bar and applications menu  hit and 
miss giving dom0 memory boost 800 MiB and minimal qubes memory 400 MiB 
or so ,  so gave up



btw,  is there any documentation on recommended RAM for  dom0  using XFCE

I'd like to put back the  Default memory settings  but  don't know what 
they are


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0344fb1-7aae-8978-4d1c-471570d153fa%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-14 Thread Jon deps

On 6/13/19 11:06 PM, Jon deps wrote:

On 6/13/19 8:55 PM, 'awokd' via qubes-users wrote:

Jon deps:


in my case turns out, I have an Intel i5  which apparently doesn't 
have multithreading,


I did look around the UEFI anyway, and see no references to it

sudo cat /boot/efi/EFI/qubes/xen.cfg
has 4.19.43-1   smt=off


on cold reboot  I don't see  the  kernel vuln  journal entry


If your system doesn't even have multithreading, that warning on 
resume from suspend must be a bug and is safe for you to ignore.


so I guess its as I suspected  qubes isn't  going to suspend well and 
may break  various things   ??


Yes, the threading warning is unrelated to the sys-usb suspend issues 
you were having. Did you try Daniel's suggestions up thread?




well Daniel said

--
This is a long-standing issue for some, resolved for some but not for 
others at different times. See 
https://github.com/QubesOS/qubes-issues/issues/4042


The situation has improved for me by getting kernel 4.19.43-1 from 
qubes-dom0-security-testing. You could try the new kernel. (But note 
that our problems might be a bit different, I never had a qrexec problem 
when restarting sys-usb after resume.)


If you need to automate restarting of sys-usb because you can't avoid 
this problem, you can add commands in 
/usr/lib64/pm-utils/sleep.d/52qubes-pause-vms for suspend and resume, 
e.g., qvm-shutdown sys-usb and qvm-start sys-usb. You might need to 
qvm-kill sys-usb before suspend to get this to work reliably.

--


but curiously, AFAIK per  dom0 uname -a  I am already using

Linux dom0 4.19.43-1.pvops.qubes.x86_64 #1 SMP


but I shouldn't be on  security-testing





otherwise I don't see much advantage to doing the 2nd paragraph and 
maybe potential  for  badthings  so  ...





don't suppose it matter than my active kernel  says  #1 SMP  but  my 
i5-6500  doesn't have  SMT  ?   if  xen.cfg  says  smt=off



maybe
the UEFI is smart enough to not show me what my CPU doesn't have,  as I 
 saw  no   references  to  SMT multithreading  at all  ?


this is a Z170 Asrock   UEFI


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/efd35a89-138d-ced5-379b-5e2a4573b7f0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread Jon deps

On 6/13/19 8:55 PM, 'awokd' via qubes-users wrote:

Jon deps:


in my case turns out, I have an Intel i5  which apparently doesn't 
have multithreading,


I did look around the UEFI anyway, and see no references to it

sudo cat /boot/efi/EFI/qubes/xen.cfg
has 4.19.43-1   smt=off


on cold reboot  I don't see  the  kernel vuln  journal entry


If your system doesn't even have multithreading, that warning on resume 
from suspend must be a bug and is safe for you to ignore.


so I guess its as I suspected  qubes isn't  going to suspend well and 
may break  various things   ??


Yes, the threading warning is unrelated to the sys-usb suspend issues 
you were having. Did you try Daniel's suggestions up thread?




well Daniel said

--
This is a long-standing issue for some, resolved for some but not for 
others at different times. See 
https://github.com/QubesOS/qubes-issues/issues/4042


The situation has improved for me by getting kernel 4.19.43-1 from 
qubes-dom0-security-testing. You could try the new kernel. (But note 
that our problems might be a bit different, I never had a qrexec problem 
when restarting sys-usb after resume.)


If you need to automate restarting of sys-usb because you can't avoid 
this problem, you can add commands in 
/usr/lib64/pm-utils/sleep.d/52qubes-pause-vms for suspend and resume, 
e.g., qvm-shutdown sys-usb and qvm-start sys-usb. You might need to 
qvm-kill sys-usb before suspend to get this to work reliably.

--


but curiously, AFAIK per  dom0 uname -a  I am already using

Linux dom0 4.19.43-1.pvops.qubes.x86_64 #1 SMP


but I shouldn't be on  security-testing





otherwise I don't see much advantage to doing the 2nd paragraph and 
maybe potential  for  badthings  so  ...


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/898af278-785c-9be5-6e50-035c5142f26c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-13 Thread Jon deps

On 6/13/19 7:14 AM, 'awokd' via qubes-users wrote:

Jon deps:

On 6/12/19 8:14 AM, Jon deps wrote:


Jun 12 07:52:01 dom0 kernel: MDS CPU bug present and SMT on, data 
leak possible. See 
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html 
for more details.




.any idea on the  "data leak possible"    journal entry?

sounds a bit scary,  maybe I need to  look around in my UEFI  to 
disable   some cache-ing ?


SMT should be off. Do you see that same message if you do a cold power 
on? Also, in "sudo cat /boot/efi/EFI/qubes/xen.cfg", do you see 
"smt=off" in the Xen options lines?


I wonder if there is a Xen bug making SMT re-enable after a resume. 
Please check the above, then look in your UEFI options to disable 
Hyperthreading/SMT.




in my case turns out, I have an Intel i5  which apparently doesn't have 
multithreading,


I did look around the UEFI anyway, and see no references to it

sudo cat /boot/efi/EFI/qubes/xen.cfg
has 4.19.43-1   smt=off


on cold reboot  I don't see  the  kernel vuln  journal entry



so I guess its as I suspected  qubes isn't  going to suspend well and 
may break  various things   ??




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9d75e67-730b-d3b0-11af-1e099b144fa7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Does Qubes-OS 4.0.1 have support for KDE or GNOME desktop environment?

2019-06-13 Thread Jon deps

On 6/13/19 2:04 PM, unman wrote:

On Thu, Jun 13, 2019 at 03:34:53AM +, Jon deps wrote:

On 6/5/19 8:00 PM, Chris Laprise wrote:

On 6/2/19 3:41 AM, Finn wrote:

I've installed Qubes-OS 4.0.1 and it's XFCE desktop environment but I
would rather prefer either KDE or GNOME desktop environment. I found
this document[1] where mentioned that Qubes-OS is migrating towards
GNOME but at the time of installation only XFCE (neither KDE nor GNOME)
is available. I was wondering, is there a way I can use my preferred
desktop environment? Or, I have to wait for GNOME until migration is not
fully completed because it seems currently there is no support for KDE.


[1]: https://www.qubes-os.org/doc/usability-ux/


KDE does have support AFAIK, although its no long the default. If you
can get used to the blank-space network icon, then I recommend KDE as
there are many pluses.

I don't believe Qubes is actually going to migrate to Gnome. There was
an aborted attempt and Gnome 3's paradigm (tablet touch UI, melded
WM/app widgets) doesn't seem compatible with Qubes' concept.



https://www.qubes-os.org/doc/kde/

suppose one follow these instructions but does *not want to use  sddm nor
change any windows management settings

on reboot

one is logged into XFCE  then,  in dom0  can type

startkde

or startkde --replace xfce  ?

but this seems to  result in 2 taskbars running


what would be the way to  choose the DM on login  or to startkde  and close
xfce   or is that possible ?



At the login screen, there's a drop dowm menu allowing you to choose
which DM to apply, no?



ah OK it was up in the corner bar , not in the login area , hadn't 
notice  :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f476df70-f9d9-9767-c9c4-7679f74d38e5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Does Qubes-OS 4.0.1 have support for KDE or GNOME desktop environment?

2019-06-12 Thread Jon deps

On 6/5/19 8:00 PM, Chris Laprise wrote:

On 6/2/19 3:41 AM, Finn wrote:

I've installed Qubes-OS 4.0.1 and it's XFCE desktop environment but I
would rather prefer either KDE or GNOME desktop environment. I found
this document[1] where mentioned that Qubes-OS is migrating towards
GNOME but at the time of installation only XFCE (neither KDE nor GNOME)
is available. I was wondering, is there a way I can use my preferred
desktop environment? Or, I have to wait for GNOME until migration is not
fully completed because it seems currently there is no support for KDE.


[1]: https://www.qubes-os.org/doc/usability-ux/


KDE does have support AFAIK, although its no long the default. If you 
can get used to the blank-space network icon, then I recommend KDE as 
there are many pluses.


I don't believe Qubes is actually going to migrate to Gnome. There was 
an aborted attempt and Gnome 3's paradigm (tablet touch UI, melded 
WM/app widgets) doesn't seem compatible with Qubes' concept.




https://www.qubes-os.org/doc/kde/

suppose one follow these instructions but does *not want to use  sddm 
nor change any windows management settings


on reboot

one is logged into XFCE  then,  in dom0  can type

startkde

or startkde --replace xfce  ?

but this seems to  result in 2 taskbars running


what would be the way to  choose the DM on login  or to startkde  and 
close xfce   or is that possible ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0fbaf002-8da5-f751-2969-a5afd6646e34%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: desktop suspend breaks sys-usb/ CPU bug present

2019-06-12 Thread Jon deps

On 6/12/19 8:14 AM, Jon deps wrote:
Hello, using the suspend function, when I awake the desktop, the usb 
mouse non longer functions.


have a PS2 keyboard so was able to qvm-kill sys-usb and do qvm-start 
sys-usb  but it complained  couldn't connect  to qrexec  or so and failed.


so qvm-start sys-usb a 2nd time and then the mouse functions again


is this to be expected,  or  is there something to fix ?


---
looking around journalctl I didn't find much but did find this

un 12 07:52:01 dom0 kernel: sd 5:0:0:0: [sdb] Starting disk
Jun 12 07:52:01 dom0 kernel: sd 1:0:0:0: [sda] Starting disk
Jun 12 07:52:01 dom0 kernel: pcieport :00:1d.7: Intel SPT PCH root 
port ACS workaround enabled
Jun 12 07:52:01 dom0 kernel: pcieport :00:1d.3: Intel SPT PCH root 
port ACS workaround enabled

Jun 12 07:52:01 dom0 kernel: ACPI: Waking up from system sleep state S3
Jun 12 07:52:01 dom0 kernel: CPU3 is up
Jun 12 07:52:01 dom0 kernel:  cache: parent cpu3 should not be sleeping
Jun 12 07:52:01 dom0 kernel: cpu 3 spinlock event irq 147
Jun 12 07:52:01 dom0 kernel: installing Xen timer for CPU 3
Jun 12 07:52:01 dom0 kernel: CPU2 is up
Jun 12 07:52:01 dom0 kernel: MDS CPU bug present and SMT on, data leak 
possible. See 
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for 
more details.

Jun 12 07:52:01 dom0 kernel:  cache: parent cpu2 should not be sleeping
Jun 12 07:52:01 dom0 kernel: cpu 2 spinlock event irq 140
Jun 12 07:52:01 dom0 kernel: installing Xen timer for CPU 2
Jun 12 07:52:01 dom0 kernel: CPU1 is up
Jun 12 07:52:01 dom0 kernel:  cache: parent cpu1 should not be sleeping
Jun 12 07:52:01 dom0 kernel: cpu 1 spinlock event irq 133
Jun 12 07:52:01 dom0 kernel: installing Xen timer for CPU 1
Jun 12 07:52:01 dom0 kernel: Enabling non-boot CPUs ...


went to the URL says something like I should be  "enable CPU buffer 
clearing"


but can't find how to do that, curious if it's actual needed ?



moral of the story don't suspend your qubes desktop ?




.any idea on the  "data leak possible"journal entry?

sounds a bit scary,  maybe I need to  look around in my UEFI  to disable 
 some cache-ing ?



BTW,  kudos to qubes team for the  dom0 copy to clipboard  widget , sure 
makes it easier  to get dom0  notes  out  !


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/619dd1d0-45f6-e271-c4de-2eb2303a0a8c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes: Unable to connect to VPN

2019-06-12 Thread Jon deps

On 6/12/19 2:53 PM, Chris Laprise wrote:

On 6/12/19 10:14 AM, 'Crypto Carabao Group' via qubes-users wrote:
We've also been trying for days to get a VPN to  resolve on a brand 
new R4.0 install, to either one of 2 different VPN providers, using 
the iptables and cli scripts:
https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts 


I've also set it up before on a 3.x cubes and it worked using the above.
So far, what's pretty certain is that these instructions were carried 
over automatically, but actually don't work for the R4.0 version.


BTW, there is no "/usr/lib/qubes/qubes-vpn-setup" in the Fedora 29 or 
Debian 9  templates. So, wherever that came from, it's not in the new 
installer version we got.


There is no mention of a 'qubes-vpn-setup' in the vpn doc you linked to. 
That script is a part of my Qubes-vpn-support project on github. You 
might want to use that instead since the setup process is much simpler:


https://github.com/tasket/Qubes-vpn-support


Neither is there a path: /etc/openvpn/update-resolv-conf in the VMs 
based on Fedora 29. (Haven't tried Debian 9 for that yet.)
That probably came from a particular VPN provider, and would have to 
be installed in the template anyway to persist, right?


There is no mention of 'update-resolv-conf' in the vpn doc, either.

One of the most frequent causes of failed vpn setups is when the user 
decides to mix or combine different instructions because 'more is 
better' or because they saw different people discussing the merits of 
different approaches. This does NOT work; you have to pick one and 
follow it.




It seems that the update-resolve-conf is a default script that ships 
with some distros, such as Mint (attached), and works on our other 
machine, and does the function that the "|qubes-vpn-handler.sh|" does 
in the Qubes VPN instructions, but it doesn't work on Qubes in our 
case for the same VPN provider either.
Seems to require a lot of modification and merge the two maybe, which 
will take us another several days to figure out, if ever.


Updating resolv.conf is not required at all to get DNS working for 
downstream appVMs. The instructions avoid doing this to help keep the 
VPN VM in a locked-down state, so it doesn't inadvertently try to access 
the tunnel for its internal programs (i.e. only downstream VMs get to 
access the tunnel).


What IS necessary is populating the DNAT rules in the firewall. Check 
the PR-QBS chain to see if your DNS server IPs were added: iptables -L 
-v -t nat PR-QBS





Install per the instructions for Mr.Laprise's  excellent 
qubes-vpn-setup   in  an  Template-based AppVM   , don't miss any steps. 
 ELSE


delete the AppVM and startover make sure  openvpn  is installed in 
the Template chosen ,   make sure to   enable proxy in the created AppVM 
, and  for services   add the  openvpn  in the   qubes manager tab



Which VPN provider are you using ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac3b7cc3-eede-c2f3-d368-7de333dd3c2a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] desktop suspend breaks sys-usb/ CPU bug present

2019-06-12 Thread Jon deps
Hello, using the suspend function, when I awake the desktop, the usb 
mouse non longer functions.


have a PS2 keyboard so was able to qvm-kill sys-usb and do qvm-start 
sys-usb  but it complained  couldn't connect  to qrexec  or so and failed.


so qvm-start sys-usb a 2nd time and then the mouse functions again


is this to be expected,  or  is there something to fix ?


---
looking around journalctl I didn't find much but did find this

un 12 07:52:01 dom0 kernel: sd 5:0:0:0: [sdb] Starting disk
Jun 12 07:52:01 dom0 kernel: sd 1:0:0:0: [sda] Starting disk
Jun 12 07:52:01 dom0 kernel: pcieport :00:1d.7: Intel SPT PCH root 
port ACS workaround enabled
Jun 12 07:52:01 dom0 kernel: pcieport :00:1d.3: Intel SPT PCH root 
port ACS workaround enabled

Jun 12 07:52:01 dom0 kernel: ACPI: Waking up from system sleep state S3
Jun 12 07:52:01 dom0 kernel: CPU3 is up
Jun 12 07:52:01 dom0 kernel:  cache: parent cpu3 should not be sleeping
Jun 12 07:52:01 dom0 kernel: cpu 3 spinlock event irq 147
Jun 12 07:52:01 dom0 kernel: installing Xen timer for CPU 3
Jun 12 07:52:01 dom0 kernel: CPU2 is up
Jun 12 07:52:01 dom0 kernel: MDS CPU bug present and SMT on, data leak 
possible. See 
https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for 
more details.

Jun 12 07:52:01 dom0 kernel:  cache: parent cpu2 should not be sleeping
Jun 12 07:52:01 dom0 kernel: cpu 2 spinlock event irq 140
Jun 12 07:52:01 dom0 kernel: installing Xen timer for CPU 2
Jun 12 07:52:01 dom0 kernel: CPU1 is up
Jun 12 07:52:01 dom0 kernel:  cache: parent cpu1 should not be sleeping
Jun 12 07:52:01 dom0 kernel: cpu 1 spinlock event irq 133
Jun 12 07:52:01 dom0 kernel: installing Xen timer for CPU 1
Jun 12 07:52:01 dom0 kernel: Enabling non-boot CPUs ...


went to the URL says something like I should be  "enable CPU buffer 
clearing"


but can't find how to do that, curious if it's actual needed ?



moral of the story don't suspend your qubes desktop ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e735f62-644d-9f80-d580-ceb5ff07da94%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dispvm issues

2019-06-11 Thread Jon deps

On 6/12/19 12:34 AM, Jon deps wrote:

On 6/12/19 12:24 AM, unman wrote:

On Tue, Jun 11, 2019 at 10:26:59PM +, Jon deps wrote:

Hello,

for my Foo1 appVM in the Qube Manager I see default disp_vm as printqube
(another AppVM)

but in the Qubes Settings (accessed via the QM) for that Foo1 AppVM 
on the

Advanced Tab it shows  Default DispVM as  default(none)  and in the pull
down menu   there is no option for  printqube  as the dispvm


I had it working using a Fedora Template with printer drivers installed,
then using a that same printer-template based appvm  as the default 
dispvm

so I could use  DispVMs  to print

but somehow I've broken the setup and dispVMs will only open if I use 
the

fedora-28-dvm  or whonix-ws-dvm-14


any suggestions please ?



I cant account for the Qube Manager entry, but the most obvious
explanation is that you have somehow removed the "template for dispvms"
setting from printqube.
Either set that again (using qvm-prefs) or create another qube, set
the "template_for_dispvms", and then use that for Foo1.

unman



OK  thanks for making me look again

qvm-prefs printqube template_for_dispvms True    was the trick  for now :)




when I use  printqube  as the basis for the dispVM  to open a  PDF 
file  it is using  libreoffice,  I have evince  aka "document viewer" 
but apparently it is not the  default app for pdf  I don't see where 
in  printqube  to  make  my default app choices  forthe  file types 
, I would assume it's possible?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20bb88a9-47e4-7883-d4dd-f418b665f6ef%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dispvm issues

2019-06-11 Thread Jon deps

On 6/12/19 12:24 AM, unman wrote:

On Tue, Jun 11, 2019 at 10:26:59PM +, Jon deps wrote:

Hello,

for my Foo1 appVM in the Qube Manager I see default disp_vm as printqube
(another AppVM)

but in the Qubes Settings (accessed via the QM) for that Foo1 AppVM on the
Advanced Tab it shows  Default DispVM as  default(none)  and in the pull
down menu   there is no option for  printqube  as the dispvm


I had it working using a Fedora Template with printer drivers installed,
then using a that same printer-template based appvm  as the default dispvm
so I could use  DispVMs  to print

but somehow I've broken the setup and dispVMs will only open if I use the
fedora-28-dvm  or whonix-ws-dvm-14


any suggestions please ?



I cant account for the Qube Manager entry, but the most obvious
explanation is that you have somehow removed the "template for dispvms"
setting from printqube.
Either set that again (using qvm-prefs) or create another qube, set
the "template_for_dispvms", and then use that for Foo1.

unman



OK  thanks for making me look again

qvm-prefs printqube template_for_dispvms Truewas the trick  for now :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3081726-f2fd-00fd-cd5a-0639ed7aadf6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] dispvm issues

2019-06-11 Thread Jon deps

Hello,

for my Foo1 appVM in the Qube Manager I see default disp_vm as 
printqube (another AppVM)


but in the Qubes Settings (accessed via the QM) for that Foo1 AppVM on 
the Advanced Tab it shows  Default DispVM as  default(none)  and in the 
pull down menu   there is no option for  printqube  as the dispvm



I had it working using a Fedora Template with printer drivers installed, 
then using a that same printer-template based appvm  as the default 
dispvm so I could use  DispVMs  to print


but somehow I've broken the setup and dispVMs will only open if I use 
the  fedora-28-dvm  or whonix-ws-dvm-14



any suggestions please ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ea685e8-b903-a1ce-6c71-ade22b3dcafe%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: whonix tor browser noscript button missing?

2019-05-28 Thread Jon deps

On 5/29/19 12:02 AM, mossy wrote:

g80vmgmsqw-sgozh3hwpm2stnjn9+b...@public.gmane.org:

mossy:

Hello Qubes Community,

Has anyone noticed the blue/white noscript S button is missing since a
recent whonix-torbrowser update?  AFAIK this is needed use javascript in
whonix.

Anyone notice this or have a workaround?

thx!

-m0ssy



See https://trac.torproject.org/projects/tor/ticket/30600 .

It's a pretty contentious issue, with Tor Browser devs closing as
WONTFIX because they plan to introduce a new permissions UI sometime in
the future.

The NoScript widget still exists, and in fact its use is apparently
still necessary for some sites to work, but you'll have to manually add
the widget back to the toolbar (Settings button > Customize... >
Right-click NoScript > Add to Toolbar).



Hey, thanks!

So really just annoying in Qubes to have to re-enable the widget in
(whonix) disp-VMs.

Appreciate the link to the tor project issue.

-m0ssy



in 8.5  its still there

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e79a507f-0d15-7350-5574-8894216d3016%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Updating Fedora-template

2019-05-28 Thread Jon deps

On 5/28/19 3:32 PM, josefh.maier via qubes-users wrote:

Hello forum.
I am new to Qubes and Fedora... is there an equivalent to the Debian
'apt-get update upgrade' ?
Thank's a lot for your feedback!

Joe



for debian it's
$ sudo apt-get update && apt-get dist-upgrade

for fedora seems to be

$sudo dnf update && sudo dnf upgrade

but I am just at qubes 'kludge' level as to what is upgraded in both , 
though suppose could find the answer somewherez


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c4d117b-7e31-9fe4-b848-6fae623baacc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: WARNING: don't update qubes, will break your install

2019-05-28 Thread Jon deps

On 5/26/19 1:32 AM, drokmed-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

I just noticed on the Fedora forums they released Fedora 30 today.

Qubes runs Fedora 29, so I don't know if today's updates had anything to do 
with f30, but it might be related.  Checking to see if anyone else on fedora 
forums has similar issue as mine.




Are you saying you think your Fedora-29  template  caused your  dom0 
domain to fail ?


afaik the Qubes Fedora-29 template is not going to auto update to 
Fedora-30like with $dnf upgrade   or something


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e48de006-2a47-aed8-0078-4cd3475c44e0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: WARNING: don't update qubes, will break your install

2019-05-28 Thread Jon deps

for the record from the github


qubes-bot said

The package kernel-4.19.46-3.pvops.qubes has been pushed to the r4.0 
testing repository for dom0.

To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing


I did a dom0 update but  haven't rebooted yet, I am at uptime of 10 
days,   shall I install over the top  of  the last  dom0 update  with 
the above ???





personally I don't even backup 1x/month, but then I am not creating very 
many files locally


those are in the Vault , and rarely do I add anything to it 

I can't recall the last dom0 reinstall ,  nice thing is  I can fail on 
the Templates and just  reinstall those   akin to borking a computer 
OS, without the risk to my local files as they live in the AppVMs   :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9dd30c6d-6761-a06b-f941-223c49bfe694%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Unable to get the QubesOSMaster signing key

2019-05-27 Thread Jon deps
On 5/27/19 9:57 PM, sahara090312-re5jqeeqqe8avxtiumw...@public.gmane.org 
wrote:

I have tried all available methods to obtain the Master siging key and none of 
them work.  It tells me “keys.qubes-os.org/keys” can’t be found. The public 
keyserver method also doesn’t work because it doesn’t recognize the key in the 
string “0x4...”



can you explain step by step how your doing it, and where it fails, and 
the complete  error  messaging  please ?


iirc, I myself had some challenge with this  some year/s ago when I was 
creating my install media USB drive


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ac7105fe-2091-7cea-bf79-90c155772367%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Window and Clipboard question

2019-05-27 Thread Jon deps
Hello, Is there some tweak to turn off or reduce how many seconds the 
popups appear for  Ctl+Shift+v   copying clipboard to another window?


or can someone request that?

B)
when I have a window configured to 1/2 the screen and I pick it up by 
the windows bar to drag it to another monitor,  it goes to full size, 
I'm not sure what to look for in XFCE  "windows tweaks"  Qubes 4 to 
have it keep it's  1/2  screen size


TIA , jon

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/68f137f6-8d92-27a2-29d3-129d53ff47bc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: real and virtual storage usage by qubes

2019-05-27 Thread Jon deps

On 5/27/19 8:23 AM, Eva Star wrote:

Hello,

Qubes Manager show virtual storage per qube? If qube storage increase on day 
then decreased again Qubes Manager will still show maximum? How to make it show 
real size? And how to check real storage usage per qube?

Thanks



I believe once you increase it, you can't decrease it, all you can do it 
make a new smaller qube and  qvm-move the files over ; hence I don't 
think of it as virtual storage 


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/656093a6-aa20-0d25-50f0-739074d0c0cd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] more spontaneous rebooting, or, i’m as mad as hell and i’m not gonna take this anymore!

2019-05-16 Thread Jon deps

On 5/12/19 11:51 PM, google-urqzgfyzkpiwjxpxxpr...@public.gmane.org wrote:

related:
https://www.mail-archive.com/qubes-users-/jypxa39uh5tlh3mboc...@public.gmane.org/msg27890.html 



system may appear stable for over a month then flat-out reboot or may 
reboot within days. quite unpredictable.
tried toggling rc6 for i915, downgrading xen, kernels, disabling 
microcode_ctl, downgrading bios version and toggling assorted bios 
options. nothing.
fan works, sensors register values within operating range, reboots 
happen also when system is idle.

not a clue in logs (with default verbosity.)
in short, my trusty X220 has turned into a mysterious timebomb.
switching hardware in order to regain a solid (as in mucho uptime) system.

to unman, could you be a little bit more specific about the rig you 
mentioned which seems immune to this particular issue?

anyone else with system uptime 60+ days?

thank you



did you say how much RAM you have, how long it has been installed?  any 
new updates / upgrades ?


is it all stock hardware  SSD?

X220  is circa  what year , I know thinkpads are a good fit for qubes, 
but one might wonder if that means forever  :)


hate me but what about backing up all your qubes and reinstalling

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a2cfaa4-4af8-b430-0c74-a32b52d5f639%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] AppVM Qube date created ?

2019-05-16 Thread Jon deps
Hello  is there any way to see the date an AppVM/s  were created ?  This 
would be convenient.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/291ad33c-e293-1a8b-ca7d-194f863b7004%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Adding a Firefox add-on error to -dvm ?

2019-05-15 Thread Jon deps

On 5/15/19 11:45 AM, 'awokd' via qubes-users wrote:

john s.:


in /etc/apt/sources.list there is this

deb https://deb.debian.org/debian-security stretch/updates main 
contrib non-free

but that is not the same as
deb https://deb.debian.org/debian stretch-updates main contrib non-free


No, they are different. First is for high priority security updates. 
Second is for proposed general updates- most of them will make it to 
stable but not if there's a problem found with them in this stage. For 
example, when I checked while responding to the above, there was also a 
kernel update and some bind updates in there that hadn't yet been pushed 
to stable.




ok, yeah I went ahead and updates those  kernel and bind updates, 
before I realized it was pulling them from the  stretch-updates, then 
removed that  repo , hopefully,  no harm done


thxagain

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a044955-fb2c-a673-d696-3036d575f233%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Adding a Firefox add-on error to -dvm ?

2019-05-09 Thread Jon deps

On 5/8/19 6:31 AM, 'awokd' via qubes-users wrote:

22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote:


Recently I noticed an add-on needed update and when I went to update
it, it says it was no longer compatible? I knew enough to start the
-dvm using gnome->terminal->firefox in -dvm however this time it
didn't allow me to update the add-on?


The new Tor Browser package with updated certificate and working addons 
is out. Use update-torbrowser in your whonix-ws template to upgrade to 
8.0.9.




any guess what happens to  debian-9  firefox-esr  re: intermediate 
certifcate bug fix ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fe53fb2-626d-f40a-c38a-1c9c78a81c40%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Adding a Firefox add-on error to -dvm ?

2019-05-07 Thread Jon deps

On 5/7/19 1:32 AM, haaber wrote:

On Mon, 6 May 2019 10:58:47 -0700 (PDT)
22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote:


Recently I noticed an add-on needed update and when I went to update
it, it says it was no longer compatible? I knew enough to start the
-dvm using gnome->terminal->firefox in -dvm however this time it
didn't allow me to update the add-on?


Perhaps this is a side effect of firefox's recent (last day or two)
failure to update some key, leading everyone's firefox's to reject all
addons?  google this and you will find tons of people complaining.
You can circumvent this by disabling signing altogether (!?!).
Obviously it's ridiculous for me to suggest this on the qubes list; you
should not install unsigned updates. But I was fine doing this for
my already-installed addons, whose signatures had been checked before.
Once they come up with a fix, I will turn signing back on and then
update.

The update is through on debian (called firefox 60.6.2-esr), android
(different version number) and I guess also on fedora (but I have no
fedora anymore, so I cannot tell you. Just update all of your templateVMs.



fwiw not debian-9 template update here

user@debian-9-1:~$ sudo apt-get install firefox-esr
Reading package lists... Done
Building dependency tree
Reading state information... Done
firefox-esr is already the newest version (60.6.1esr-1~deb9u1).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a1fc186b-2df2-fc46-49cd-b5a5be3a2dde%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Adding a Firefox add-on error to -dvm ?

2019-05-07 Thread Jon deps

On 5/7/19 1:32 AM, haaber wrote:

On Mon, 6 May 2019 10:58:47 -0700 (PDT)
22rip-2xk3N/kkaK1Wk0Htik3J/w...@public.gmane.org wrote:


Recently I noticed an add-on needed update and when I went to update
it, it says it was no longer compatible? I knew enough to start the
-dvm using gnome->terminal->firefox in -dvm however this time it
didn't allow me to update the add-on?


Perhaps this is a side effect of firefox's recent (last day or two)
failure to update some key, leading everyone's firefox's to reject all
addons?  google this and you will find tons of people complaining.
You can circumvent this by disabling signing altogether (!?!).
Obviously it's ridiculous for me to suggest this on the qubes list; you
should not install unsigned updates. But I was fine doing this for
my already-installed addons, whose signatures had been checked before.
Once they come up with a fix, I will turn signing back on and then
update.

The update is through on debian (called firefox 60.6.2-esr), android
(different version number) and I guess also on fedora (but I have no
fedora anymore, so I cannot tell you. Just update all of your templateVMs.



just use chromium till  whonix-ws  and ESR get updated  IMO ,

pretty lame FF is calling it a bug, when apparently it was them 
forgetting to update their middleman certificates or so


found out chromium is much faster anyway  :(

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6cd943f-38ac-9fea-0e29-66b6e7266036%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Yubikey attached to an AppVM - possible?

2019-04-27 Thread Jon deps

On 4/27/19 8:44 PM, j.granyt-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

Did you figure out how to do it in the end?



I ended up finally re-discovering a new trick for OTP eg  LP webpage 2FA 
using debian-9 minimal as the template


https://www.qubes-os.org/doc/multifactor-authentication/

pretty slick,  now I can leave my  android off,  and not use SMS for 2FA


for U2F logins : there is also a write up in the docs,  but its way over 
my head  prolly circles back to  Qubes doesn't want  HID-keyboard 
emulation to have access via USB


for the few sites for U2F I use, I just use Chromium ,  if you Yubikey 
has both IIRC you have disable one or other of the functions anyway


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a80b620a-8736-d43b-1e53-cc8c69fc8109%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Very confused setting up a vpn

2019-04-26 Thread Jon deps

On 4/24/19 7:11 PM, Mishima wrote:

Hello,
I'm running qubes 4.0.1
Ok, so I'm doing the guide using the qubes-tunnel service and i am at this step 
where I have to copy the opevpn client's config files to ProxyVM's created 
folder named qtunnel, which i cant find anywhere.
I did sudo mkdir /rw/config/qtunnel in proxyvm's terminal.
Now i am supposed to get the client's config files from the template and get 
them into there. How do i do that??
The guide is saying that i should first install the client's package in the 
template before proceeding? How do I install this? I just unzipped them there, 
it's a folder with the clien't openvp files. And how do I copy them from the 
templateVM to the proxyvm's specified folder? And where this folder is anyway? 
Also, should i just copy ALL of them or just the one that i want to use??
I am supposed to do as saying

cd /rw/config/qtunnel
sudo unzip ~/ovpn-configs-example.zip
sudo ln -s US_East.ovpn qtunnel.conf

He is just unzipping them directly into there, but i can't do that either. Was 
the proxyvm supposed to be communication with its templatevm? Have i done 
something setting this up? Sorry if i'm asking something very basic, I'm not 
experienced on this, nor too much with terminals in general, the setup looks 
very complicated.
Appreciate any help.



I would start over in a fresh AppVM,  and click  provides network  in 
when making the AppVM


Make sure openvpn  is installed  , in debian-9  you have to add it

make sure you put the config files in

/rw/config/vpn


run  the script and should pop open  request  for a password


which VPN provider are you using ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb05997d-82fc-78a8-0e35-0f54ed71bb6e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora-29 update does not work

2019-04-25 Thread Jon deps

On 4/24/19 12:58 PM, Claudio Chinicz wrote:

On 18/03/2019 12:10, Claudio Chinicz wrote:

Hi All,

I'm getting notification that I need to update Fedora-29 (Qubes 
4.0.1), I do it but it keeps asking to update.


On Qubes manager all VMs based on Fedora-29 template show they need to 
restart because I've updated Fedora-29, although it keeps asking to 
update.


I've even updated it manaully (opened terminal and issued sudo dnf 
update/upgrade) and it seems updated, but still Qubes thinks it needs 
to update.


Any insights?

Thanks,

Claudio Chinicz



Hi again,

After a long time, the issue returned and for almost I see the update 
icon on the upper right corner indicating I need to update Fedora 29 
template.


When I try to update, I get an error saying "Failed to synchronize cache 
for repo \ 'fedora-modular\'\n . Comment: System is already 
up-to-date\n".


When I try to update using command line I get this error message:

sudo dnf update

Error: Failed to synchronize cache for repo 'fedora-modular'

Anyone else has been having this same problem? any ideas how to clear it?

Thanks in advance,

Claudio




what does dom0
$qubes-prefs   say  for  updateVM  ?


did you happen to recently change anything?  I suppose you are aware 
that the Qubes Manager  sometimes  won't get rid of the  little green 
arrow even though your  up to date  ?If your saying that  you 
closed your Fedora-29 template and then closed all your AppVM Qubes and 
restarted them and still see   the  recycle green circle on them,  I've 
never heard of that problem before .



have you ever done

$sudo dnf upgradevs  update



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8ec5b15-e2bf-c11a-2394-bc3bbf93933e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: randomizing VPN servers i connect to with my vpnvm?

2019-04-20 Thread Jon deps

On 4/21/19 2:48 AM, Chris Laprise wrote:

On 4/20/19 7:14 PM, Jon deps wrote:

On 4/19/19 9:22 PM, Jon deps wrote:

On 4/18/19 12:08 PM, Chris Laprise wrote:

On 4/17/19 8:38 PM, Stumpy wrote:
I was thinking the line "remote random" in my .ovpn file, along 
with the ip addresses would make the VPN VM randomly select 
different servers but that doesnt *seem* to be the case, the bit 
that was included in the .ovpn files that I think is relevant is:


remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3

Is there something else i need to do? I assumed it would either 
change when it reconnects or is restarted but that doesnt seem to 
be the case.




You also have to specify multiple "remote" lines, one for each address.




is there some howto URL writeup on this , sounds like something I may 
like to try




cd /rw/config/vpn/
user@localhost:/rw/config/vpn$ sudo cat vpn-client.conf
client
dev tun
proto udp

remote-random

remote server1.net 1197
remote server2.net 1194
remote server3.net 1301


#remote-random


cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288

fast-io



auth-user-pass _userpass.txt
ca server_ca.crt



tun-ipv6
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf




apparently is    not  the  solution  , h ,  guess I'll keep  web 
searching ..



If they're at different domains it should work. Otherwise, domain name 
caching may cause the same address to be re-used. The best way to avoid 
it is to specify IP addresses instead of domain names. But there is also 
the '--remote-random-hostname ' option that can prevent dns 
caching.





ok yes, that worked !   thankyou  using the IP addresses instead of the 
vpndomain.names


I do see that the ovpn server list has many servers for each geolocation 
, and apparently what happens is   using the  country.domainname.net 
cause one of them randomly on the server end to be chosen, beyond 
my/user control.


so  hopefully me,  designating  one of often the many  , by using the 
specific  IP address  isn't too much of a downside ?  re: obsfucation of 
whom user is


looks like this remote-random   is more used  for load balancing 

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/297b5991-0430-941a-7089-52edc676d425%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: randomizing VPN servers i connect to with my vpnvm?

2019-04-20 Thread Jon deps

On 4/19/19 9:22 PM, Jon deps wrote:

On 4/18/19 12:08 PM, Chris Laprise wrote:

On 4/17/19 8:38 PM, Stumpy wrote:
I was thinking the line "remote random" in my .ovpn file, along with 
the ip addresses would make the VPN VM randomly select different 
servers but that doesnt *seem* to be the case, the bit that was 
included in the .ovpn files that I think is relevant is:


remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3

Is there something else i need to do? I assumed it would either 
change when it reconnects or is restarted but that doesnt seem to be 
the case.




You also have to specify multiple "remote" lines, one for each address.




is there some howto URL writeup on this , sounds like something I may 
like to try




cd /rw/config/vpn/
user@localhost:/rw/config/vpn$ sudo cat vpn-client.conf
client
dev tun
proto udp

remote-random

remote server1.net 1197
remote server2.net 1194
remote server3.net 1301


#remote-random


cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288

fast-io



auth-user-pass _userpass.txt
ca server_ca.crt



tun-ipv6
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf




apparently isnot  the  solution  , h ,  guess I'll keep  web 
searching ..





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07fc1acd-d423-7256-39aa-689cf4a59e16%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Removing Thunderbird from fedora-29 removes 68 packages (of which 11 qubes packages)

2019-04-20 Thread Jon deps

On 4/20/19 4:36 AM, Foppe de Haan wrote:

On Friday, April 19, 2019 at 10:28:15 PM UTC, 
tom...-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

Hi guys,

   I installed Q4.0.1 on USB HDD to see changes from 3.2.
As I've decided to use fedora-29 for system-related VMs, I wanted to remove 
large apps like Firefox and Thunderbird from it.
But running 'dnf remove thunderbird' on f29 template resulted in removal of 67 
other packages, which seems important.

Any idea what's wrong?
I used latest Qubes ISO and updated dom0 and fedora-29 template before this 
removal.

Remove  68 Packages
{code}

regards,
   tom


try dnf remove thunderbird --noautoremove



something similar happened when I removed  Firefox  from Debian-9  , 
thinking I could use it for  sys-net  and  have   less updates   I


hope I didn't remove  anything  that weakened security  or  such ?


but for the record  how would one Not  just removed   Tbird/FF  without 
removing it's Qubes  dependencies  if any ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c939648-7ad0-4a7b-54cd-16a9e1d6ae0d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: randomizing VPN servers i connect to with my vpnvm?

2019-04-19 Thread Jon deps

On 4/18/19 12:08 PM, Chris Laprise wrote:

On 4/17/19 8:38 PM, Stumpy wrote:
I was thinking the line "remote random" in my .ovpn file, along with 
the ip addresses would make the VPN VM randomly select different 
servers but that doesnt *seem* to be the case, the bit that was 
included in the .ovpn files that I think is relevant is:


remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
comp-lzo
verb 3

Is there something else i need to do? I assumed it would either change 
when it reconnects or is restarted but that doesnt seem to be the case.




You also have to specify multiple "remote" lines, one for each address.




is there some howto URL writeup on this , sounds like something I may 
like to try


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94f73182-0ae9-9d37-cd5e-44a1dd9a82cc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Announcement: Qubes Tor onion services are available again!

2019-04-19 Thread Jon deps

On 4/18/19 3:05 AM, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Dear Qubes Community,

We previously announced that the Qubes Tor onion services were no
longer being maintained due to lack of resources. [1] However, Unman
generously agreed to bring them back, and they're now available once
again!

Here are the new onion service URLs:

Website:  www.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Yum repo: yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
Deb repo: deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
ISOs: iso.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion

Soon, you will be able to get the new, correct repo definitions just by
updating dom0 and your TemplateVMs. However, if you can't wait, you can
edit your repository definitions by following the instructions below.


Instructions


Follow these instructions *only if* you wish to update dom0 and your
TemplateVMs over Tor (via `sys-whonix`). This is an opt-in feature. If,
instead, you wish to update over your regular network connection (aka
"clearnet"), *or if you are not sure*, then *do not* follow these
instructions.

In order to use the new onion services, you must ensure that *every*
line that contains an onion address uses the appropriate *new* address
above. We'll go through this for dom0, Fedora templates, and Debian
templates. Whonix templates do not require any action; their onion
addresses are still the same as before. For additional information, see
"Onionizing Repositories" on the Whonix wiki. [2]


dom0


1. In dom0, open `/etc/yum.repos.d/qubes-dom0.repo` in a text editor.

2. Comment out all the `baseurl = https://yum.qubes-os.org/[...]` and
`metalink` lines.

3. Uncomment all the `baseurl = [...].onion` lines.

4. Update every `.onion` address to
`yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:

#baseurl = https://yum.qubes-os.org/r$releasever/current/dom0/fc25
baseurl = 
http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r$releasever/current/dom0/fc25
#metalink = 
https://yum.qubes-os.org/r$releasever/current/dom0/fc25/repodata/repomd.xml.metalink

5. Open `/etc/yum.repos.d/qubes-templates.repo` in a text editor and
repeat steps 2-4.

6. In *Qubes Global Settings*, set *Dom0 UpdateVM* to `sys-whonix`.


Fedora TemplateVMs
==

1. In the TemplateVM, open `/etc/yum.repos.d/qubes-r4.repo` in a text
editor.

2. Comment out every line that contains `yum.qubes-os.org`.

3. Uncomment every line that contains `.onion`.

4. Update every `.onion` address to
`yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:

#baseurl = https://yum.qubes-os.org/r4.0/current/vm/fc$releasever
baseurl = 
http://yum.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/current/vm/fc$releasever

5. In dom0, ensure that the first non-comment line in
`/etc/qubes-rpc/policy/qubes.UpdatesProxy` is:

$type:TemplateVM$defaultallow,target=sys-whonix


Debian TemplateVMs
==

1. In the TemplateVM, open `/etc/apt/sources.list.d/qubes-r4.list` in a
text editor.

2. Comment out every line that contains `deb.qubes-os.org`.

3. Uncomment every line that contains `.onion`.

4. Update every `.onion` address to
`deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion`.
The affected lines should look like this:

# Main qubes updates repository
#deb [arch=amd64] https://deb.qubes-os.org/r4.0/vm stretch main
#deb-src https://deb.qubes-os.org/r4.0/vm stretch main


# Qubes Tor updates repositories
# Main qubes updates repository
deb [arch=amd64] 
http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm
 stretch main
#deb-src 
http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm
 stretch main

5. In dom0, ensure that the first non-comment line in
`/etc/qubes-rpc/policy/qubes.UpdatesProxy` is:

$type:TemplateVM$defaultallow,target=sys-whonix


[1] 
https://www.qubes-os.org/news/2018/01/23/qubes-whonix-next-gen-tor-onion-services/
[2] https://www.whonix.org/wiki/Onionizing_Repositories

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2019/04/17/tor-onion-services-available-again/

- -- 
Andrew David Wong (Axon)

Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAly36YEACgkQ203TvDlQ
MDD+/g//eGzEagElqNLg/6tQdHTUNZaFQQmEZlNYFt7ZU8QhS7TNQqFR77bHpy+W
1Fbwz2tGMcJwUVj/sQ1A7CQXhhKRL96BtxMjDxTYt5ZQVv7oKs7m1MYUc/3I1hg/
GtNsT7qlPjwMb4XZdrmjyeJg96lYp75msKWDXDsHiAp5Nlq/vuw190TCnw+lGfUJ
+1gf99rGUcfwZZLPl8ZaGlOCjAo6e8qb4ysJH01YvYUt04GQhuUKTyS6OJ8Vq9AV

[qubes-users] Re: Spontaneous rebooting

2019-04-19 Thread Jon deps

On 4/13/19 8:01 PM, Michael Siepmann wrote:
  


On 4/13/19 12:28 PM, Chris wrote:

Hello Michael,

‐‐‐ Original Message ‐‐‐
On Friday, April 12, 2019 3:24 PM, Michael Siepmann
 wrote:


On 8/10/18 12:37 PM, Kelly Dean wrote:


Am I the only one having a problem with Qubes spontaneously rebooting on Intel 
hardware? Only other reports I see are about AMD problems, but I'm using an 
Intel Core i3.

Happens every few weeks. Sometimes just 1 or 2 weeks, sometimes 5 or 6. Got it 
on Qubes 3.2, and now 4.0 too (new installation, not upgrade), multiple times.

Unlikely to be a hardware problem. The system passed both memtest86 and a 
multi-day mersenne prime stress test. And other OSes tested on this hardware 
before I switched to Qubes, including Debian and Windows, never had a problem.

The rebooting seems completely random. No apparent trigger, and no warning. 
Acts like an instant hard reset. Sometimes even when the system is idle, and I 
haven't touched the console for hours.

It's wearingly inevitable enough that I don't even bother intentionally 
rebooting after system updates anymore, in order to minimize how many reboots I 
have to deal with (setting my workspace back up is an ordeal), because I know 
the system will end up spontaneously rebooting a week or two later anyway.


I'm having this problem too. I hadn't had it for a while but in the
past week or so it's happened a few times. I have a Lenovo ThinkPad
T440p with Intel Core i7, and Qubes 4.0 which I keep updated.



I had this problem which was due to Intel AMT Control being enabled in
the BIOS. Since turning this off my system has not rebooted.

Regards,

Chris

-
Chris Willard
chris-houdeaah+1aqdljmjb2...@public.gmane.org 




Thanks for the suggestion, Chris. I appreciate it. I checked and Intel
AMT was already disabled so I guess something else must be causing it in
my case.




and what does
#journalctl -r   say if anything ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/134896c5-7333-4d3a-8feb-35f37ff389b1%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes Os 4.0 - problem with performance

2019-04-08 Thread Jon deps

On 4/7/19 7:40 PM, Cranix wrote:

By mistake i sent direct answer, not mail to list sorry for that.

I have checked logs and found
dom0 kernel: sp5100_tco: I/O address 0x0cd6 already in use
TBD: tbd_open_ex could not open file /var/lib/xenstored/tbd no such file
or directory
xen free = too small for satisy assignments! assigned_but_unused

both duckduckgo and google did not gave me answer what is going on.
systemd-analyze bleme shown me that AppVM needs 1 to 3 minutes to start,
rest of services was rather quick.

After installation performance of system was torelable, maybe not super
fast but it was usable. Right now i had to increase qrexec-timeout to 5
minutes to be able to launch AppVM.

I had also noticed warning in logs that it's running out of storate
about 80% full.

So this is rather software related issue, not a hardware one?



for me, the culprit was the "speedstep" in the bios/uefi,  if you have 
that try it with and without,  and maybe turn up your cpu fan speeds if 
you have that option


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3c27cc1e-e514-9cf5-635c-9234ce84bf5c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: is this time issue ever going to be properly fixed?

2019-04-05 Thread Jon deps

On 4/5/19 6:21 PM, 'awokd' via qubes-users wrote:

Jon deps wrote on 4/4/19 4:30 PM:


on rebooting my taskbar time is for some reason not persisting Again !
I can try explaining but  there seem to be too many moving parts  to 
ever get this to stop breaking  on random reboots ?




I know it was supposed to have been fixed at one point and I had been 
using a different template that wasn't broken,  maybe I need to go 
find that manual  fix  and try it again  though  my  debian-10 was 
just an upgrade not a new template ,  but maybe the upgrade broke  ntp 
or something ,  doesn't explain why fedora-29  would be broken


Yes, going back to fedora-28 or debian-9 should fix it. It's possible 
the issue re-occurred in fedora-29. Try the same manual fix there.


Think Qubes' policy is only the current version of Debian is supported, 
so if you choose to upgrade to 10 it's entirely possible you'll break 
things. If I remember right, there will be an announcement once 10 is 
supported and available for download as a template.






PS:  is it a bad idea  to  upgrade (which I've done successfully to 
debian-10)  if the templates are not available,  guess I was thinking 
the fact that I was able to upgrade  means there were templates there ...


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f51d5673-53fe-5c2e-aa3d-f2a975768145%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: is this time issue ever going to be properly fixed?

2019-04-05 Thread Jon deps

On 4/5/19 6:21 PM, 'awokd' via qubes-users wrote:

Jon deps wrote on 4/4/19 4:30 PM:


on rebooting my taskbar time is for some reason not persisting Again !
I can try explaining but  there seem to be too many moving parts  to 
ever get this to stop breaking  on random reboots ?




I know it was supposed to have been fixed at one point and I had been 
using a different template that wasn't broken,  maybe I need to go 
find that manual  fix  and try it again  though  my  debian-10 was 
just an upgrade not a new template ,  but maybe the upgrade broke  ntp 
or something ,  doesn't explain why fedora-29  would be broken


Yes, going back to fedora-28 or debian-9 should fix it. It's possible 
the issue re-occurred in fedora-29. Try the same manual fix there.


Think Qubes' policy is only the current version of Debian is supported, 
so if you choose to upgrade to 10 it's entirely possible you'll break 
things. If I remember right, there will be an announcement once 10 is 
supported and available for download as a template.






appreciate the reply.

ya, iirc, the templates being there sometimes precedes the 
announcements, so I went on ahead.


guess my thinking was that once it was fixed it would stay fixed then 
afterwards,  but guess I can run one template just for  sys-net  if 
I must


fwiw, setting it manually with timedatectl  and not even rebooting, and 
it ( the taskbar clock and what I think whonix wants )  seems to have 
reverted to UTC or some random hour actually ...


as long as  I know I can fix it,  I'll  sort it out I guess  :/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9ae32bb0-467f-5db5-476f-d7210f98c29f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] is this time issue ever going to be properly fixed?

2019-04-04 Thread Jon deps



on rebooting my taskbar time is for some reason not persisting Again !
I can try explaining but  there seem to be too many moving parts  to 
ever get this to stop breaking  on random reboots ?



clockvm is sys-net   ;  sys-net  at the moment  is debian-10 based, but 
using fedora-29   didn't seem to help  when I changed it, and then did


qvm-sync clock  in  dom0

I went and peaked at the widget setup, which give a mouse-over that say 
leave blank to use local time  for timezone  , it HAD had my current TZ 
, so I emptied it , but  no change at all


so I finally ended up using timedatectl   to set the date

however, sys-whonix-14  is still complaining  that the time isn't good 
enough ..



so to me, something fundamentally remains wrong with  Qubes 4.0   that I 
have to do all this  ..



there is like a chain of breaks, and I don't like having to sort through 
something  with  no protocol  and random problems.



I know it was supposed to have been fixed at one point and I had been 
using a different template that wasn't broken,  maybe I need to go find 
that manual  fix  and try it again  though  my  debian-10 was just an 
upgrade not a new template ,  but maybe the upgrade broke  ntp or 
something ,  doesn't explain why fedora-29  would be broken



sigh

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32abd45b-a8bf-843b-4605-5fe88155025e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Starting Win10 HVM install crashes Qubes, and other bugs

2019-04-02 Thread Jon deps

On 4/1/19 2:15 AM, Mindus Amitiel Debsin wrote:

On Sunday, March 31, 2019 at 2:22:21 PM UTC-7, awokd wrote:

Try finding the BDF of that SATA controller with lspci in dom0, then
making Xen/Qubes ignore it by adding xen-pciback.hide=(0x:0y.z) to the
boot options (where xyz=BDF). It might not like having it surprise
removed when the VM grabs it. Then reboot, assign it to your HVM, and
attempt your custom ISO again.


I will get to this good advice as soon as I'm done with my current problem.
I was doing a lot of reading on the Qubes-users group and also through the 
Qubes docs site, and I decided to update my kernel in dom0 using the
sudo qubes-dom0-update kernel-latest
console command. I did this for several reasons, including the fact that I have 
no sound. While the update was successful, when I restarted the computer, there 
were several problems.
1) The HDD decrypt password is invisible. It's just a blank screen until you 
type something, and then it shows a text based prompt for the password.
2) There are huge graphical artifacts in the user password prompt screen.
3) After a successful password entry in the user password prompt screen, it 
briefly boots into the Qubes desktop and then immediately goes back to the 
password prompt. It does this repeatedly, with no escape. If you enter the 
wrong password, it functions correctly and tells you that it is the incorrect 
password.

I am hoping there is troubleshooting that I can do to change my boot options, 
or that somebody else has faced this problem as well. Otherwise I will want to 
roll back the kernel, but I hope that I don't have to.

Here are my computer specifications:
Mobo: Asus Sabertooth x79
CPU: Intel i7 3930k 6 core @ 3.2ghz
RAM: G-skill Ripjaws 4gb x 8 sticks in quad-channel, XMP profile @ 3.2 ghz (I 
believe)
GPU1: AMD RX 580 8gb [XFX brand]
GPU2: AMD RX 460 4gb [XFX brand]
Boot HDD: Seagate 2TB Firecuda hybrid drive.
Other HDDs: 1TB Toshiba OCZ SATA SSD. 3TB Toshiba Sata HDD.

Thanks!



it's great your enthusiastic , but in my years of using qubes, I'm never 
done anything but  the  sudo qubes-dom0-update


initially I tried to get win7 working in 3.2 , and it did breifly , till 
I did something wrong, then it never was the same,  I believe the 
windows tools  is  more  like  a   semi supported feature no one seems 
to use of talk about.


qubes is qubes ,  you can dual boot on a separate HD, otherwise there is 
enough to learn  without  trying to get  fancy   unless you got  the 
time  and  "skillz"  IMO


if you don't have sound there are various other reasons have nothing to 
do with dom0


welcome

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5c5d1454-1de3-4476-e5ad-8f36f64a5186%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: debian 10 [SOLVED] install ??s, FF non ESR tasket

2019-03-30 Thread Jon deps

On 3/30/19 9:39 PM, Jon deps wrote:

On 3/30/19 9:02 PM, Jon deps wrote:

On 3/30/19 7:23 PM, Chris Laprise wrote:

On 3/30/19 2:57 PM, Jon deps wrote:
Tasket, on installing  non-ESR Firefox, I see it's available as a 
.tar.gz,  so I assume one would just stick that in the Debian-10 
/usr/sbin  Template . along with updater service and do manual 
updates when cued  in the  AppVM using the  FF browser ??


You could do that, but installing the non-ESR from Debian is easier 
and more secure.





1)
so if I add this :
deb http://http.debian.net/debian unstable main
or
deb http://http.debian.net/debian buster main


to /etc/apt/sources.list



I **don't need to do anything to

/etc/apt/sources.list.d/qubes4.list


for  non-ESR



2)
so far seem to work in a test AppVM  using  "unstable" not sure if 
"buster"    will keep it  current over time ?







re: 1)  testing  it  ,  "buster" won't work must  stay as "unstable"  , 
but maybe everyone knows this but me   :)


not sure what happens when  buster becomes  "stable"    and shouldn't it 
be  https  not  http ?





final note

installing it manually to /opt   then making the  ln -s 
/opt/firefox/firefox  /usr/bin/firefox  is fine  but there is not 
qubes shortcut  and  neither refreshing the list   nor 
qubes-appmenus-sync   seems to make a shortcut


it appears in 4.0  there is no longer a manual way to make a shortcut, 
so I'm curious   how are shortcuts generally generated? by appearing 
in /usr/bin   or ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71cf00c5-52a0-cf90-1a78-657baf696367%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: debian 10 [SOLVED] install ??s, FF non ESR tasket

2019-03-30 Thread Jon deps

On 3/30/19 9:02 PM, Jon deps wrote:

On 3/30/19 7:23 PM, Chris Laprise wrote:

On 3/30/19 2:57 PM, Jon deps wrote:
Tasket, on installing  non-ESR Firefox, I see it's available as a 
.tar.gz,  so I assume one would just stick that in the Debian-10 
/usr/sbin  Template . along with updater service and do manual 
updates when cued  in the  AppVM using the  FF browser ??


You could do that, but installing the non-ESR from Debian is easier 
and more secure.





1)
so if I add this :
deb http://http.debian.net/debian unstable main
or
deb http://http.debian.net/debian buster main


to /etc/apt/sources.list



I **don't need to do anything to

/etc/apt/sources.list.d/qubes4.list


for  non-ESR



2)
so far seem to work in a test AppVM  using  "unstable" not sure if 
"buster"    will keep it  current over time ?







re: 1)  testing  it  ,  "buster" won't work must  stay as "unstable"  , 
but maybe everyone knows this but me   :)


not sure what happens when  buster becomes  "stable"and shouldn't 
it be  https  not  http ?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b44ba9e-efd6-ab94-e42c-7290c6924b60%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: debian 10 [SOLVED] install ??s, FF non ESR tasket

2019-03-30 Thread Jon deps

On 3/30/19 7:23 PM, Chris Laprise wrote:

On 3/30/19 2:57 PM, Jon deps wrote:
Tasket, on installing  non-ESR Firefox, I see it's available as a 
.tar.gz,  so I assume one would just stick that in the Debian-10 
/usr/sbin  Template . along with updater service and do manual 
updates when cued  in the  AppVM using the  FF browser ??


You could do that, but installing the non-ESR from Debian is easier and 
more secure.





1)
so if I add this :
deb http://http.debian.net/debian unstable main
or
deb http://http.debian.net/debian buster main


to /etc/apt/sources.list



I **don't need to do anything to

/etc/apt/sources.list.d/qubes4.list


for  non-ESR



2)
so far seem to work in a test AppVM  using  "unstable" not sure if 
"buster"will keep it  current over time ?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e004659-3de3-cc96-26d1-28beeedd37c3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: debian 10 [SOLVED] install ??s, FF non ESR tasket

2019-03-30 Thread Jon deps
On 3/30/19 1:37 PM, brendan.hoar-re5jqeeqqe8avxtiumw...@public.gmane.org 
wrote:

On Saturday, March 30, 2019 at 9:35:58 AM UTC-4, 
brend...-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

  Similar except I remind myself to dismount any large volumes mounted
  (those can take to run trim against):

   ^(those can take a lot of time to run trim against):



interesting, I've never thought to trim an AppVM,  not sure I understand 
your guys language to do it now either :)


btw, with Debian-10 install (sorry if this is off-qubes)  it ask 
something about restarting services,  I said "yes",  then it asked 
something about installing  a new GRUB  ,  I said "no" .


system will probably work, but just curious if I guessed correctly ?

Tasket, on installing  non-ESR Firefox, I see it's available as a 
.tar.gz,  so I assume one would just stick that in the Debian-10 
/usr/sbin  Template . along with updater service and do manual 
updates when cued  in the  AppVM using the  FF browser ??


jon

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc283654-531c-6894-93bb-ac0eecb1e66c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: debian 10 [SOLVED]

2019-03-29 Thread Jon deps

On 3/28/19 7:45 PM, haaber wrote:

On 3/28/19 11:55 PM, unman wrote:

On Thu, Mar 28, 2019 at 10:00:22PM +1100, haaber wrote:



I dont want to be *that* person, but this upgrade works flawlessly for
me.
Can you check you have upgraded debian-9 prior to clone, and then
changed the Qubes repos to use buster, as well as the Debian, before
running apt update?


Dear Unman, stupid me! It was up-to-date, but in qubes.r4-list was
lurking an overlooked stretch. Next time sed rather than vi :))
Since this broke the update receiver I could not repair it by
downloading missing packages, and I decided to restart once more from
scratch ... I presume things will work now.  Thank you.



what is the suggested method to trim the template in 4.0  now ?

as  Compacting the Upgraded Template Section  has no reference for 4.0

https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/

I just upgraded from 9 to 10   using these instructions

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/150c4b62-3684-d578-cbf2-564b03e5c836%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Tails

2019-03-28 Thread Jon deps

On 3/29/19 12:14 AM, Steven Walker wrote:

Can anyone offer any advice to a newbie for installing Tails into Qubes. I am 
using the very latest version.

TIA,

Steve


guess your aware of this , and tried a few things?


https://www.qubes-os.org/doc/tails/

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba216ed8-0e54-520c-3568-9cba65930129%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: anyone else getting fails on apt-get update debian-9 ?

2019-03-26 Thread Jon deps

On 3/26/19 4:17 AM, haaber wrote:



On 3/26/19 2:33 PM, Jon deps wrote:

On 3/26/19 12:17 AM, unman wrote:

On Tue, Mar 26, 2019 at 10:48:08AM +1100, haaber wrote:

On 3/26/19 10:42 AM, Jon deps wrote:

Err:7 https://cdn-aws.deb.debian.org/debian jessie-backports Release
    404  Not Found
Reading package lists... Done
E: The repository 'https://deb.debian.org/debian jessie-backports
Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.


a test run inside an app vm (with direct sys-firewall access, to avoid
tor-related false errors) does confirm your observation for me. Is this
qubes-related or debian-related ? If the second one applies, we discuss
it in the wrong mailing list :)


It's not a Qubes issue.
jessie-backports was deprecated since June last year. The Release file
signing expired last month and it was removed from mirrors last week.

The packages can still be found at archive.debian.org, and you can
change your sources list to use this, but the Release file is still
expired.
You can work round this by getting a new copy of the signing key (if you
can) and updating with apt-key.




so do I need  ?
deb https://deb.debian.org/debian jessie-backports main

(  I don't even know what it is, I'm guessing it is the default
/etc/apt/sources.list

so maybe I missed a memo? )



if not then just  #comment it out  and problem solved  ?


As we just learned, Unman is quite busy (thank you unman!). What I would
do, is to try it out in an AppVM : comment it out and run apt-get update
  and then apt-get upgrade. If somethings messes, just shutdown the
AppVM (thereby taking all the mess into nirvana) : thats a short play
coming with no risk! If upgrading without that line works easily (I
guess so), do the same in the template.   Bernhard


Bernhard



Sorry I don't see the point of doing it in an AppVM,  myself. I 
understand  you think it might brake the  package list, but I can always 
just comment it back in  and apt-get update,  in my case Debian-9  is 
not my main  Template ..though it seems from reading here recently 
maybe it should be  ?  :)


My question is , If this is the default  /sources.list   and users 
don't regularly  go and change  their  sources.list isn't this going 
to break  on everyone's   systemsand  hence  some attention  should 
be paid to it.




This posting is meant for the group,  not any  one user  , be it  Mr. 
Unman  or anyone





My 2nd question is simply  what is backports  anyway , and what would be 
a suggested  fix  if  #commenting it out ..  isn't a great  idea ?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4692797-9a79-027c-79e2-5d9520f5085e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: anyone else getting fails on apt-get update debian-9 ?

2019-03-25 Thread Jon deps

On 3/26/19 12:17 AM, unman wrote:

On Tue, Mar 26, 2019 at 10:48:08AM +1100, haaber wrote:

On 3/26/19 10:42 AM, Jon deps wrote:

Err:7 https://cdn-aws.deb.debian.org/debian jessie-backports Release
    404  Not Found
Reading package lists... Done
E: The repository 'https://deb.debian.org/debian jessie-backports
Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.


a test run inside an app vm (with direct sys-firewall access, to avoid
tor-related false errors) does confirm your observation for me. Is this
qubes-related or debian-related ? If the second one applies, we discuss
it in the wrong mailing list :)


It's not a Qubes issue.
jessie-backports was deprecated since June last year. The Release file
signing expired last month and it was removed from mirrors last week.

The packages can still be found at archive.debian.org, and you can
change your sources list to use this, but the Release file is still
expired.
You can work round this by getting a new copy of the signing key (if you
can) and updating with apt-key.




so do I need  ?
deb https://deb.debian.org/debian jessie-backports main

(  I don't even know what it is, I'm guessing it is the default 
/etc/apt/sources.list


so maybe I missed a memo? )



if not then just  #comment it out  and problem solved  ?






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7b3b043-b67c-67b5-22ea-81a64de31401%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] anyone else getting fails on apt-get update debian-9 ?

2019-03-25 Thread Jon deps
Err:7 https://cdn-aws.deb.debian.org/debian jessie-backports Release 


  404  Not Found
Reading package lists... Done 

E: The repository 'https://deb.debian.org/debian jessie-backports 
Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is 
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user 
configuration details.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8be325e3-36fe-2e43-e5d1-3322cdb2a841%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installing software..

2019-03-23 Thread Jon deps

On 3/24/19 2:27 AM, unman wrote:

On Sat, Mar 23, 2019 at 06:31:07PM +, Jon deps wrote:

On 3/19/19 4:59 PM, Steven Walker wrote:

I am still pretty new to Qubes. I have managed to create a new qube, but I want 
to install some software for use with this qube. I have read that it has to be 
installed to the template and not the actual qube. As the template has no 
actual network connection, how do I go about this?

Using 4.0.1, Fedora 29

Any help greatly appeciated.

Steve



pretty sure, there are different ways to skin the cat, though


the Templates are designed to obtain access indirectly, that is what the
"salt" stuff is they talk about it seems by default to be setup to use
sys-whonix-14  to  install updates  , somewhat magically

you can actually change the netvm without shutting down the templates

generally it's bad form  to give  the templates direct access,  though may
you might want to once in while  in order  to troubleshoot something , etc
.testing it the morning ,  you should be able to install non updates
without  Direct  access



for me  Templates  aren't  worth backing up  , I'm not worried about my
system  melting down  much . and anyway  its going to be best to fresh
install , which is easy-ist  in Qubes, which is one of the beauties of the
technology 

hence, I clone for other reasons

one word of advice  is  keep a paper list of  custom  packages you install
so when it goes to Fedora-30  you install fresh and then add back fresh
packages ,  your files  will persist,


my problem  what few files I have end up spread out over  10 App Qubes



It's only if you selected the "update over Whonix" option on install that you 
get
updating using sys-whonix qube. It's not the default.
Salt doesnt have anything to do with the "indirect" access - the access
is using qubes-rpc to the UpdateProxy - the proxy to use is set in
/etc/qubes-rpc/policy/qubes.UpdateProxy.
You can change the proxy to use by editing that file.

You *can* use salt to install software in to the templates. If you do
this then you need only maintain the salt formula and you can easily
recreate a template, without having to keep a paper list. That's an
ideal way of using salt to configure your systems.



I think I'm stuck  at   mere mortal  qube user  level  forever  :)

https://groups.google.com/forum/#!topic/qubes-users/F_TB7Zzseeo


PS: for some reason I am able to  $sudo dnf install  foosoftware   in 
Fedora-29  though  I have  no  "direct"  netvm  for the Template , 
though I recall in the pastallowing netvm access  for   packages  I 
wanted to install,  or maybe when I was trying to install a VPN  to the 
template,   gave up and installed  it  in the AppVM  I guess


There is a 3rd trick  to  discern  whats custom installed  IIRC , though 
maybe it was more for Debian than Fedora if one searches the 
usergroup  fwiww


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/050cc6d6-c3bb-cb7b-f381-2ff445ebf14d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installing software..

2019-03-23 Thread Jon deps

On 3/19/19 4:59 PM, Steven Walker wrote:

I am still pretty new to Qubes. I have managed to create a new qube, but I want 
to install some software for use with this qube. I have read that it has to be 
installed to the template and not the actual qube. As the template has no 
actual network connection, how do I go about this?

Using 4.0.1, Fedora 29

Any help greatly appeciated.

Steve



pretty sure, there are different ways to skin the cat, though


the Templates are designed to obtain access indirectly, that is what the 
 "salt" stuff is they talk about it seems by default to be setup to 
use  sys-whonix-14  to  install updates  , somewhat magically


you can actually change the netvm without shutting down the templates

generally it's bad form  to give  the templates direct access,  though 
may you might want to once in while  in order  to troubleshoot something 
, etc  .testing it the morning ,  you should be able to install non 
updates without  Direct  access




for me  Templates  aren't  worth backing up  , I'm not worried about my 
system  melting down  much . and anyway  its going to be best to 
fresh install , which is easy-ist  in Qubes, which is one of the 
beauties of the technology 


hence, I clone for other reasons

one word of advice  is  keep a paper list of  custom  packages you 
install so when it goes to Fedora-30  you install fresh and then add 
back fresh packages ,  your files  will persist,



my problem  what few files I have end up spread out over  10 App Qubes


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/49bdea1a-d524-7089-ded3-2440f9fe884e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Dom0 Update breaks sys-usb widget

2019-03-23 Thread Jon deps

On 3/23/19 11:28 AM, ronpunz-sgozh3hwpm2stnjn9+b...@public.gmane.org wrote:

Qubes 4.0.1.
Following a recent dom0 update my sys-usb widget is partially broken; 1/
devices show in the widget when plugged into usb port but are not
removed when unplugged from the port. 2/ Plugged in devices can be
attached to VM's via widget but there's now no indication (other the
qvm-block in dom0) that they are attached. 3/ Unable to detach usb
device from VM's via the widget (although I can do this from dom0).

To check that I hadn't done something stupid and thereby broken the
widget I did the following procedure.

1. Reinstalled laptop with 4.0.1 from qubes website.
2. Tested sys-usb widget - It worked perfectly.
3. Updated Dom0 and tested widget - It worked perfectly.
4. Rebooted laptop - tested widget, but its now broken - same  diagnosis
as described above

It seems that a dom0 update has broken the widget?
Does anyone else have this problem?



And you don't want to use the terminal eg  qvm-usb attach  
sys-usb:2-10


etc?

afaik the widget has never been reliable, and faster for me just to do 
it in a terminal than expect the widget to work  :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fa9adca4-c90d-bee6-adb4-5b1c7ef83234%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dispvm browser retains information

2019-03-13 Thread Jon deps

On 3/13/19 11:06 AM, unman wrote:

On Tue, Mar 12, 2019 at 06:57:41PM +, Jon deps wrote:

On 3/12/19 4:34 PM, unman wrote:

On Tue, Mar 12, 2019 at 08:35:04AM +, Jon deps wrote:

Hello,  in Thunderbird when I do open-in-vm and check firefox it has
retained bookmarks from a previous session,

I believe this is Not how DVMs are supposed to work ?


If so how would I troubleshoot and/or  remove  old  DVM data sesssions
please


You're right. It isn't how disposableVMs are supposed to work.

The obvious question is, what did you select when you "did" open-in-vm?
If you selected an appVM, have you made sure that you have made that
appVM in to a template for disposableVMs?
(qvm-prefs  template_for_dispvms True)

Also check to see what you have set in
/etc/qubes-rpc/policy/qubes.OpeninVM  and
/etc/qubes-rpc/policy/qubes.OpenURL

unman




What I did/have done is for secure printing(per Qubes docs advice) , cloned
fedora-29 -> fedora-29printtemplate,  then I use the clone as the template
for an AppVM (named fedoraprintqube).

when I do :
$qvm-prefs fedoraprintqube

template - fedora-29printtemplate
template_for_dispvms - True

$qubes-prefs

default_dispvm - fedoraprintqube


re: "what did I choose"  there is only 1 choice  in Thunderbird
Open-in-dispvm

right click and choose and it open the atttachment in a dispvm


re: rpc policy  everything is as default setup


further the AppVM in which Thunderbird is  running  has it's  default DispVM
set to:  fedoraprintqube



is there some  directory  I  should  clear  where  dispVM  information would
be stored to  perhaps  reset  the system ?


or any further ideas  welcome  regards


There was an issue before where disposableVMs were leaking information
but that was under 3 where the structure was somewhat different.
There may be 2 cases:
1. a disposableVM is created and you are seeing information from the
underlying fedoraprintqube - normal, and to be expected;
2. a disposableVM is created and you are seeing information from a previous
disposableVM session. Bug.
Are you able to rule out (1) and confirm that it is (2)? When a qube is
created, it is definitely named dispXX?



ah ok , so it's #1  ,  so  what is disposed of in this configuration by 
using the DVM based on a   AppVM  instead of a TemplateVM ?


or is there any benefit for the disposable-ness  ?  perhaps I should be 
using  a Template for true  disposable  data ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa853f6b-9a9e-d241-1411-464f40f8c98e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dispvm browser retains information

2019-03-12 Thread Jon deps

On 3/12/19 4:34 PM, unman wrote:

On Tue, Mar 12, 2019 at 08:35:04AM +, Jon deps wrote:

Hello,  in Thunderbird when I do open-in-vm and check firefox it has
retained bookmarks from a previous session,

I believe this is Not how DVMs are supposed to work ?


If so how would I troubleshoot and/or  remove  old  DVM data sesssions
please


You're right. It isn't how disposableVMs are supposed to work.

The obvious question is, what did you select when you "did" open-in-vm?
If you selected an appVM, have you made sure that you have made that
appVM in to a template for disposableVMs?
(qvm-prefs  template_for_dispvms True)

Also check to see what you have set in
/etc/qubes-rpc/policy/qubes.OpeninVM  and
/etc/qubes-rpc/policy/qubes.OpenURL

unman




What I did/have done is for secure printing(per Qubes docs advice) , 
cloned fedora-29 -> fedora-29printtemplate,  then I use the clone as the 
template for an AppVM (named fedoraprintqube).


when I do :
$qvm-prefs fedoraprintqube

template - fedora-29printtemplate
template_for_dispvms - True

$qubes-prefs

default_dispvm - fedoraprintqube


re: "what did I choose"  there is only 1 choice  in Thunderbird
Open-in-dispvm

right click and choose and it open the atttachment in a dispvm


re: rpc policy  everything is as default setup


further the AppVM in which Thunderbird is  running  has it's  default 
DispVM  set to:  fedoraprintqube




is there some  directory  I  should  clear  where  dispVM  information 
would be stored to  perhaps  reset  the system ?



or any further ideas  welcome  regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e4f6969-50fa-9700-0eed-b0470f5b432e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] dispvm browser retains information

2019-03-12 Thread Jon deps
Hello,  in Thunderbird when I do open-in-vm and check firefox it has 
retained bookmarks from a previous session,


I believe this is Not how DVMs are supposed to work ?


If so how would I troubleshoot and/or  remove  old  DVM data sesssions 
please


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/14660f26-9714-f7ba-31fb-2079cf782238%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: thunderbird address book corrupted

2019-03-03 Thread Jon deps

On 3/1/19 7:31 PM, John Goold wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 2/28/19 12:39 PM, Jon deps wrote:

On 2/25/19 7:07 AM, Foppe de Haan wrote:

On Sunday, February 24, 2019 at 10:04:30 PM UTC+1, Jon deps
wrote:

Hello, I realize it's not exactly a qubes thing. but, does
anybody else unable to save any new entries in thunderbird
address book


try updating tb, looks like it's a bug in 60.5.



thanks, well I just use whatever Fedora-29  provides which at the
moment is 60.5.1

where did you see the bug report ?

it seems to have been this way for many months,  can't create new
contact, can add any new info to existing entries,  I tried
removing the .mab  files  in .thunderbird and making a new "book"
but still can't add any entries ...



I resolved the problem using the Thunderbird CardBook plug-in. Follow
the installation instructions as they provide useful information about
switching from the built-in address book.

It is more standards compliant (easier import/export options) and the
UI is better (in my opinion). You can try it for a while before
committing to CardBook (I only took a couple of days; my wife took a
couple of weeks).

Cheers,
John
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEEe8Wcf7Po7bts2Rl4jWN9/rQYsRwFAlx5iJsACgkQjWN9/rQY
sRxaqwf+JEZx4zWRO525YPuI2Pj+HB/Ix72WpvIFE0OHgatmjLapzdQWhbyNWhqf
jMraQClp/PnApbQm268TFPeNHvaJDWMzrdtSJi7S8YXHzzil+8Ma1wI9twrHwljT
illhec4EzDl3+v8Ra8EGPQD1OpMtk7b0lBv76NQsvtllOTcQ9AhTfsKRwIZ4ze1H
/6ryKsbnK3kpuZaRAD19a+KPfdXF4VYYxSsNrVeSdkIiQpTxjg4P3e+IiXJzwpvS
csGu9MbTt52w4jOiS43+C6nD0aXtelpPzA53XZ8/5CTtt02TVQMkNsGxwuBhoX3r
AG5RP2hnbf1EF8p/rkD69nTSBRMUlw==
=yy+X
-END PGP SIGNATURE-




I'll give it a try, ty much for you suggestion .

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/072c6fc1-a721-a1f3-4492-b9340985b01b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Best ideal laptop for Qubes?

2019-02-28 Thread Jon deps
On 2/21/19 12:49 AM, 
dexinthecity-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

I've been spending hours and hours looking at laptop configs from dell to 
lenovo and I still have yet to make a decision. I'm hoping you guys can help me.

Uses:

- Programming
- Web Dev
- Tor
- Screen real estate
- Regular web surfing and videos
- Some video and photo editing but I have a PC for that

I'd like to keep cost as low as possible but my budget is very flexible if I 
need to stretch it. I want something that will last me 3-5 years.



IMO get a thinkpad with 32 gb  ram  and don't worry about a TPM  unless 
your a stable jenius .


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80555bc8-e982-b52c-5015-734332ef0550%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes 4.0 Cannot change desktop background

2019-02-28 Thread Jon deps

On 2/28/19 10:15 AM, Swâmi Petaramesh wrote:

Hi list,

On a fresh Qubes 4.01 install with updates applied :

I copied a couple images to the user's home in dom0 and would like to
use them as a wallpaper.

But when I open the "Desktop settings" I cannot navigate the filsystem :
all the directories and files in the

"Folder / Other" selection dialog are grayed out.

Still I can manually type the path in the upper box and see the
directories and files appear - so it doesnt' seem to be a rights issue -
but they're still greyed out.

When I'm back to the pictures selection box, even though the correct
folder name is displayed, I can anyhow only see the images from the
original picture folder.

I checked the rights of the files and folders and everything seems to be
OK, still I cannot navigate and select what I want.

Any clue appreciated :)

Best regards.

ॐ



I'd say it's ' a feature not a bug '  ; as ideally you don't want to 
touch  dom0  . qubes isn't about  eye candy and gaming :)


having said that  iirc  there was a work around in 3.2  not sure about 
4.x


you'll find in xfce,  many of the  'global settings'  may not operate as 
they would  say  in  Ubuntu XFCE  or so .. though some folks do run 
KDE  apparently on qubes  like  tasket :P


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50ecc0e5-2401-6a85-bacb-a2f6b6655dd3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: thunderbird address book corrupted

2019-02-28 Thread Jon deps

On 2/25/19 7:07 AM, Foppe de Haan wrote:

On Sunday, February 24, 2019 at 10:04:30 PM UTC+1, Jon deps wrote:

Hello, I realize it's not exactly a qubes thing.
but, does anybody else unable to save any new entries in thunderbird
address book


try updating tb, looks like it's a bug in 60.5.



thanks, well I just use whatever Fedora-29  provides which at the moment 
is 60.5.1


where did you see the bug report ?

it seems to have been this way for many months,  can't create new 
contact, can add any new info to existing entries,  I tried removing the 
 .mab  files  in .thunderbird and making a new "book"  but still can't 
add any entries ...


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3bd80442-1156-b2bd-42ab-64153384b8fb%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] thunderbird address book corrupted

2019-02-24 Thread Jon deps

Hello, I realize it's not exactly a qubes thing.
but, does anybody else unable to save any new entries in thunderbird 
address book


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/90a46503-ac6a-9fee-1da4-bb368d016f43%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: No audio problem in Qubes 4

2019-02-19 Thread Jon deps

On 2/8/19 10:35 AM, Shahin Azad wrote:

Hi,

After a fresh install on this device, I hear no sound from neither speakers nor 
headphones. Pulse audio volume control (on dom0) has correctly selected the 
audio card, and blue line indicators, already are showing the sound signals. 
But I hear no sound of the speakers. The software I use to test the audio are 
Firefox and VLC from the Fedora 29 template. I also tried the Debian 9 
template, and the problem remains.

Also, the microphone input indicators shows that the microphone successfully 
receives the signals.




.sure this is obvious but of course the  Template  have no internet 
connection by default,  perhaps you  changed the netvm  to sys-firewall 
as you do see   an internet  stream or   probably best to test it in a 
connected AppVM "qube"


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4156c053-7620-6f2d-fc89-be9a0c96a0dc%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Qubes: Unable to connect to VPN

2019-02-19 Thread Jon deps

On 2/14/19 5:55 PM, Otto Kratik wrote:

Just reviving a thread of mine from a few months ago with a related follow-up 
question.

When trying to connect to a VPN using openvpn from a Debian-9 AppVM within 
Qubes, I could connect but instantly lost DNS resolution which rendered the 
connection unusable.

Installing he package 'resolvconf' and adding the following lines to the .ovpn 
script supplied by the VPN provider:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf


...solved the issue and I was able to achieve full connectivity through the VPN.


Now, when trying to *disconnect* from that VPN using Ctrl-C from command line 
(or any other method) I am able to end the connection, but the DNS assignment 
does not appear to automatically reverse/undo and revert to the default
DNS servers provided by sys-net within Qubes, namely 10.139.1.1/2. And as a 
result I once again cannot connect to any websites due to lack of functioning 
DNS lookup.

Having done a bit of research I've tried using commands like:

sudo ifconfig tun0 down
sudo ip link delete tun0


..but in both cases I get a response that 'tun0 does not exist' or something 
similar.

Is there any extra step needed to completely drop the VPN connection and revert 
to using normal sys-net connectivity, without requiring a restart of the AppVM 
itself?

If I manually examine /etc/resolv.conf within the AppVM it still shows the 
default sys-net DNS entries as expected, so there must be some additional
command needed to fully end the connection and revert to normal.

What am I missing?



https://www.qubes-os.org/doc/vpn/

I believe it would be helpful  if you indicate  which method  you have 
used to create the VPNper the URL  there 



perhaps it is more obvious to others 




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37bfa956-5206-a16f-1689-1321d4e78bec%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: dom0 command to update multiple templates?

2019-02-09 Thread Jon deps

On 2/8/19 2:52 AM, Stumpy wrote:

I tried a variation or two of:
sudo qvm-run -u root fedora-29 dnf update && sudo qvm-run -u root 
debian-8 apt-get update

but none of them worked.
The little sun icon/updater doesnt seem to be working completely yet 
though it be nice to just have everything check for then update with one 
neat little script, possible?



you could try tasket's tool . though I guess its still unofficial

my little sun thing works fine,  and iirc ,  there are some minuses from 
doing the updates via terminals   unless you need to do  dist-upgrade


PS: you might want to upgrade to debian-9  :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9d42e81f-2c62-307f-5598-8937e3dbd650%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


  1   2   >