Re: [qubes-users] Salting your Qubes
unman writes: >> Because whonix ensure updates comes from the tor network. I didn't >> figured yet if it is desirable to search to do something here. >> > > I dont use Whonix. > Since you can configure cacher to fetch across the Tor network, this > looks brain dead to me. I think you must mean that Whonix ensures that > updates run through Whonix. Yes. That's it. In another thread you spoke about not indexing for each template (so eventually reducing our fingerprint by reducing the request we made, right?) ; and potential drawbacks, do you mind to share what you find about that? I know there is this this checkbox in acng-report.html but don't know what option exactly it correspond in acng.conf nor the drawbacks and eventual mitigations. -- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87r1ercydi.fsf%40riseup.net.
[qubes-users] dependencies of qubes-gpg-split in debian minimal templates
Hi, Processing to set up again qubes-gpg-split in my vms, qubes v4.0, I assume I have to install the package qubes-gpg-split to have the command qubes-gpg-client in the client and server VM. My client template is up to date and upgraded before asking the package. However looking at the dependencies involved I just don't understand, starting with a set of dictionary packages, and then a lot of other stuff. Some make sense, I didn't check all. But dictionnaries ? Intel drivers ? What's the matter for setting up this split gpg client ? Please look at this output of apt : -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87sfza5tys.fsf%40riseup.net. apt_wtf Description: wtf apt Is something bad with my template or is this normal behavior ? -- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87sfza5tys.fsf%40riseup.net.
Re: [qubes-users] Salting your Qubes
unman writes: > The repository was unavailable for a while. Was that the issue? Yes. I panicked. > Yes, apt-cacher-ng works for Fedora updates. Thanks for the details. I finally took the time to look at it. > You have to make some changes - > First, on the client side, comment out "metalink" lines, and uncomment > "baseurl" lines. The cisco repository of the codec openh264 does not have a baseurl, I found that I could use http://HTTPS///codecs.fedoraproject.org/openh264/$releasever/$basearch in place, I assume this can be safely added to /etc/apt-cacher-ng/fedora_mirrors Also fedora ships with #baseurl=https://download.example/[...] in /etc/yum.repos.d conf files, I assume I had to replace them with baseurl=http://HTTPS///downloads.fedoraproject.org/[...] Then don't forget to $ dnf clean all > This is because the metalink will keep loading new https:// > repositories, and apt-cacher-ng cant cache those requests, as you > know. I think we could also specify &protocol=http on metalinks as explained in https://unix.stackexchange.com/questions/240010/how-to-create-an-on-demand-rpm-mirror/426331#426331 I have not tested it thought. > Second, watch the caches in /var/cache/apt-cacher-ng , and add > any new ones to the fedora_mirrors file - this is because that file > doesn't contain all Fedora repositories. It is maybe too soon to see, I don't know yet if having manipulated the url to use downloads.fedoraproject.org will effectively lead to mirrors to manage. What I know is, it was creating a directory named downloads.fedoraproject.org before I add https://downloads.fedoraproject.org/pub/fedora/linux/ to /etc/apt-cacher-ng/fedora_mirrors And that downloads.fedoraproject.org is supposed to redirect to mirrors... In the doubt I run a script to duplicate all http url of fedora_mirror to https. I put a systemd timer to watch new directories on /var/cache/apt-cacher-ng/ I also put a timer to run /etc/cron.daily/apt-cacher-ng that manage expired files and make the html report. Interestingly enough debian ships with scripts in /usr/share/doc/apt-cacher-ng/examples/dbgenerators.gz that may take care to update the mirrors files list at the cost of a lengthy cycle of queries ... That could be triggered weekly. Do you known about it? Your instruction didn't said anything for the AppvM so I figured out that I could put an instruction in /rw/config/rc.local to switch back the repositories files to their initial values so I can still test out packages there before really installing them in a template. Lastly, whonix-* will fail to update with, in dom0:/etc/qubes-rpc/policy/qubes.UpdatesProxy $type:TemplateVM $default allow,target=cacher Because whonix ensure updates comes from the tor network. I didn't figured yet if it is desirable to search to do something here. -- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/871r7it5uy.fsf%40riseup.net.
Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?
The window appeared about a little bit lower than the middle of the screen. onsdag den 23. december 2020 kl. 00.02.55 UTC+1 skrev awokd: > ME: > > When I inserted my USB storage device in my Qubes OS pc after login to > > Qubes OS, their appeared a small transparent window (before I mounted the > > USB device to a VM) where I only could see its frame. > > > > I then wondered if it could be caused of a virus that was planted on the > > USB storage device that I only have used to transfer files between two > > Qubes OS pc's. > > > > And if so, how can I get rid of the virus or rootkit on the Qubes OS pc ? > > If it was in the top right corner, it was a message from Qubes telling > you a device was connected. Sometimes the text doesn't always show up. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13d4d889-3260-4cde-9b95-28900ebece8en%40googlegroups.com.
Re: [EXT] [qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?
When I inserted my USB storage device in my Qubes OS pc after login to Qubes OS, their appeared a small transparent window (before I mounted the USB device to a VM) where I only could see its frame. I then wondered if it could be caused of a virus that was planted on the USB storage device that I only have used to transfer files between two Qubes OS pc's. And if so, how can I get rid of the virus or rootkit on the Qubes OS pc ? mandag den 21. december 2020 kl. 01.05.02 UTC+1 skrev Ulrich Windl: > On 12/20/20 10:27 AM, ME wrote: > > Lets say I have a USB storage device which has a virus on it that will > > infect a Linux pc when it is inserted. > > > > If I insert the USB storage device in my Qubes OS pc after login to > > Qubes OS, is it then possible for the virus to infect my pc immediately > > after I have plugged it in before or after attaching the device to a VM ? > > I think it depends on how the virus works. For example if it could cause > code execution by overflowing the SCSI vendor/model buffer (I'm not > saying that this is possible, BTW), it could cause execution even before > anything is mounted... > > > > > -- > > You received this message because you are subscribed to the Google > > Groups "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send > > an email to qubes-users...@googlegroups.com > > <mailto:qubes-users...@googlegroups.com>. > > To view this discussion on the web visit > > > https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com > > > < > https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com?utm_medium=email&utm_source=footer > >. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2cdd26f8-f1e1-4293-bd59-57abf8faf688n%40googlegroups.com.
Re: [qubes-users] How to control Bluetooth connections in Qubes OS 4.0.3 ?
What is "native tools" ? mandag den 21. december 2020 kl. 16.38.02 UTC+1 skrev unman: > On Mon, Dec 21, 2020 at 06:16:21AM -0800, ME wrote: > > How to control Bluetooth connections in Qubes OS 4.0.3 ? > > > > Try to attach bluetooth controller to a qube, and use native tools in that > qube. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2df5095a-869e-4085-abdd-57b3c4c95eacn%40googlegroups.com.
[qubes-users] How to control Bluetooth connections in Qubes OS 4.0.3 ?
How to control Bluetooth connections in Qubes OS 4.0.3 ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1177db15-e23b-4b3d-a973-4ac59dbbef90n%40googlegroups.com.
[qubes-users] How do you stream and whatch mp4-video's in your Firefox Browser ?
How do you stream and whatch mp4-video's in your Firefox Browser ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5290bec5-d65e-41d4-953e-9493180d3abfn%40googlegroups.com.
[qubes-users] Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ?
Why isn't it possible to manually control if the pc should enable networking and wi-fy at login or not ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d2f8d5e-c7af-4f4d-b643-051b5a404fbbn%40googlegroups.com.
[qubes-users] Is it possible for an intruder to see the passwords that is being sent through a compromised router/networkconnection ?
Lets say I have a compromised router/networkconnection. I use a Qubes OS pc to go on the internet through the compromised router/networkconnection. Is it then possible for the intruder to see the passwords that I enter and is being sent through the compromised router/networkconnection ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b2f7b3b-f84d-4f82-9fa7-eabd22952f15n%40googlegroups.com.
[qubes-users] Can a virus be transfered from a USB storage device before or after attaching it to a App VM ?
Lets say I have a USB storage device which has a virus on it that will infect a Linux pc when it is inserted. If I insert the USB storage device in my Qubes OS pc after login to Qubes OS, is it then possible for the virus to infect my pc immediately after I have plugged it in before or after attaching the device to a VM ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3fb1091-e270-49ee-bd8b-b0a239aec5a3n%40googlegroups.com.
Re: [qubes-users] Installing Qubes 4.0 on a Dell XPS 9570 i9
On Sunday, August 19, 2018 at 12:12:25 PM UTC-4, Wael Nasreddine wrote: > try appending the kernel param nouveau.modeset=0 > > I purchased and returned this laptop because it does not fully work with > Linux, I have a Precision 7530 now, much better. See my notes at > https://github.com/NixOS/nixpkgs/issues/44284 > > Hi Wael, I am having trouble installing Qubes 4.0.1 on a Dell Precision 7530. How did you get yours setup? Legacy mode? Any tips or tricks you can pass along would be greatly appreciated. Thanks, Paul -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83611ca8-7641-4a6c-b014-3835cb4ec3db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Teamviewer 13 won't start (QubesOS 3.2)
On 05/25/2018 05:52 PM, 799 wrote: > Hello, > > Others call me jean <mailto:nom...@trash-mail.com>> schrieb am Fr., > 25. Mai 2018, 14:32: > > [...] > Since Fedora 26 and Teamviewer 13 I can't open teamviewer anymore: > > [user@fedora-28-dvm ~]$ teamviewer > > Init... > CheckCPU: SSE2 support: yes > Checking setup... > Launching TeamViewer ... > Launching TeamViewer GUI ... > [user@fedora-28-dvm ~]$ > > -> no GUI > > This issue sounds like the same problem, but I don't know how I can get > the solution: > https://github.com/QubesOS/qubes-issues/issues/3664 > > > What display resolution are you running and what about other > applications in the same AppVM? > > [799] Display resolution: 1920x1080 I don't run other application in the same VM (only a test vm for teamviewer) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/pedt7p%245vf%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Teamviewer 13 won't start (QubesOS 3.2)
Hi Since Fedora 26 and Teamviewer 13 I can't open teamviewer anymore: [user@fedora-28-dvm ~]$ teamviewer Init... CheckCPU: SSE2 support: yes Checking setup... Launching TeamViewer ... Launching TeamViewer GUI ... [user@fedora-28-dvm ~]$ -> no GUI This issue sounds like the same problem, but I don't know how I can get the solution: https://github.com/QubesOS/qubes-issues/issues/3664 Thanks for help -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/pe8vl7%24ahv%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Looking for a Qubes enthusiast in the Baar / Zug area of Switzerland
Maybe it is because public.gmane.org can't receive mails? I had some time ago this error message: "Host or domain name not found. Name service error for name=public.gmane.org type=: Host found but no data record of requested type" On 01/10/2018 02:31 PM, mbaarc...@gmail.com wrote: > Hi Qubes Community, > > I have not received even one notice of interest. Can it really be that here > in "Crypto Valley", there are no security and privacy concerned enthusiasts > who has some spare time and need some cash for spare expenses whilst doing > some interesting and independent work ..? > > I obviously don't want to force anyone's hand, but any input towards someone > who could fill this role will be highly appreciated. > > Best regards Mogens > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/p37eus%24tfg%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: R3.2 Upgrading Fedora 25 --> 26 templates - PulseAudio issue
+1 if possible a rawhide repository too (for latest package updates -> security reason) On 11/05/2017 11:00 PM, J. Eppler wrote: > I would be interested in Fedora 26 or even better 27 in R3.2 as well. > > Best regards > J. Eppler > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/oto2gg%24o58%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DisplayPort problems -> HowTo driver update?
Hi I really need help! I'm despairing )-: First, with Arch Linux and GNOME my hardware configuration worked well. Now I can't make runnable the same config with Qubes OS (XFCE and KDE). It freezes with every change or suspend/resume. My CPU is a Skylake one and therefore I maybe need newer drivers. So my question: how can I update the Intel driver? (e.g. to mesa 13) Thanks! (See the first mail too: https://groups.google.com/forum/#!msg/qubes-users/W-KAQN_k0Yw/9sNcgk4DAAAJ;context-place=msg/qubes-users/Sh7ckO2SpBk/A5-gQ3FE6pYJ) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o8vg7m%248k9%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] secure update of mesa driver?
Hi How can I secure update the mesa driver in dom0 to 13.x or 17.x? Best regards, jean -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o8eaqr%24bt2%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Lenovo T460s [20FAS0AE00]
Works very well! For NVMe installation you need the workaround from: https://github.com/QubesOS/qubes-issues/issues/2381 With the unstable kernel (current 4.8.12) it works more stable. The DisplayPort has some problem and the system crash regularly on plug in. HDMI works. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o7vds8%24brs%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-20FAS0AE00-20170214-180106.yml Description: application/yaml
[qubes-users] DisplayPort problems
Hi community Yesterday I installed Qubes OS and it works fine. Thank you guys! But I could not solve one problem yet. Here my configuration: - Lenovo T460s, NVMe SSD, i7-6600U - Qubes OS 3.2 - 4.8.12-12.pvops.qubes.x86_64 - ThinkPad Ultra Dock (Docking Station) - 2x Dell U2415b with DP to Docking Station Before I installed Qubes, I used Arch Linux with GNOME. The Displays normally works, even when I dock/undock from my docking station. Now, the Qubes OS freeze/crash, when I plug in the display direct or dock/undock from the docking station with DisplayPort. This is really annoying! With HDMI this problem does not exist. But unfortunately I have only 1 HDMI connection on my docking station (I don't know why, because with daisy chaining you could use multiple display with only 1 DP port!). Do you know a possible solution for DisplayPort support? Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/o7s893%24k7h%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Riseup Services Likely Compromised
Michael Carbone:
> Me:
>> Qubes users beware. Riseup Services (including email)are likely
>> compromised by State actors.
>> For more info and to verify above statement visit
>> https://riseup.net/canary {here you'll see that the canary statement
>> hasn't been updated quarterly as promised} and here
>> https://www.whonix.org/blog/riseup.
>> Google the topic and you'll see lots of other statements that Riseup is
>> no longer trusted.
>> Stay Safe
>
> https://theintercept.com/2016/11/29/something-happened-to-activist-email-provider-riseup-but-it-hasnt-been-compromised/
>
> which includes statements from the Riseup team.
>
> It sounds like they were served with something boring, but because of
> how they defined their warrant canary they had to not update it.
> Removing a warrant canary does not mean compromise, which is one of the
> weaknesses of poorly defined (and followed) warrant canaries.
>
The Intercept may be correct. However they do not publish this tweet
from Riseup "listen to the hummingbird, whose wings you cannot see,
listen to the hummingbird, don't listen to me." It doesn't take a rocket
scientist to intepret this. In any case, I have my doubts about the
integrity of The Intercept; which is funded by the owner of PAYPAL; that
well known privacy activist! who in the past hast blocked donations to
Wikileaks et al
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/9d376fbd-4db4-9a7f-80f2-83909f936718%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Riseup Services Likely Compromised
Qubes users beware. Riseup Services (including email)are likely
compromised by State actors.
For more info and to verify above statement visit
https://riseup.net/canary {here you'll see that the canary statement
hasn't been updated quarterly as promised} and here
https://www.whonix.org/blog/riseup.
Google the topic and you'll see lots of other statements that Riseup is
no longer trusted.
Stay Safe
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/o2jmi7%24prs%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal
Andrew David Wong: > A strange networking problem just started in the past day or so: > > Every few hours, around 2/3 of my VMs will suddenly lose network > access. I can still ping websites from sys-net and sys-firewall, > and some VMs still have normal network access, even though all of > them are using the same sys-firewall. (Other devices on my LAN are > also fine.) > > The weird part is, if I create a new, additional "sys-firewall1" > ProxyVM and switch over one of the non-working VMs to it > *without restarting* the non-working VM, network access gets > successfully restored. So, the problem must be in sys-firewall > or the AppVMs, I think. > > I've tried basing sys-firewall on fedora-24 and fedora-24-minimal > with the same results. Also double-checked NetVM assignments > and firewall rules, of course. > > Any ideas for logs or tools I should check to find out what's > failing, or where it's failing? > > - > > I can't imagine what caused this problem to suddenly start, > except maybe a dom0 or template update, so here are the packages > I've updated in dom0 recently as part of normal qubes-dom0-update: > > libsndfile > sudo > bind99-libs > bind99-license > ghostscript-core > hswdata > perf > ntfs-3g > ntfsprogs > perl > perl-libs > perl-macros > > And here are the packages I've updated in my fedora-24 template > (again, as normal updates): > > libicu > libidn2 > gnome-abrt > gnome-software > libdmapsharing > libmetalink > lz4 > lz4-r131 > rpm > rpm-build-libs > rpm-libs > rpm-plugin-selinux > rpm-plugin-systemd-inhibit > rpm-python > rpm-python3 > > Any ideas? > I had networking issues after downloading Fedora 24. I've ditched that and gone back to Fedora 23 - all is well again > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0eed97d-610b-72ed-81db-6d9ff485fd97%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installing VPN in Qubes Versus VPN on a Router
amadaus: > amad...@riseup.net: >> We see much correspondence in these forums about installing a VPN within >> Qubes. Surely, the most secure place for VPN is to install on a Router? >> I say these things after reading the following paper [ >> https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of >> hackers demonstrate that the majority of routers (in-particular those >> provided by ISP's] have backdoors to government agencies. These >> adversary's are able attack our LAN and its devices; including the >> ability to intercept VPN and Tor traffic. >> The solution they say is to isolate these rogue routers in the >> Militarized Zone by creating a DMZ [demilitarized zone]. Achieved by >> installing a 2nd router [flashed with open source firmware such as >> OPenWRT]. It is here, on the router, that we should enable and run OpenVPN. >> Thoughts on this paper and it's conclusions are welcomed >> > Thanks everyone for your contributions. > Implicit in most of your replies is a distinct distrust of the > modems/routers provided to us. > If anyone is interested, the solution we adopted to securing our LAN is > copied from this blog; > https://tokyobreeze.wordpress.com/2015/02/01/create-a-nsa-and-hacker-proof-home-network-that-you-control/ > This guy uses a couple of cheap routers loaded with OpenWRT which sit > behind his infected Modem. His 2nd routed utilises OpenVPN Client and is > configured to protect "high value" devices. > We've successfully copied this configuration and it seems!! to work. - > unless you know better?? > The Blogger is correct, the best place to install OpenVPN is to use it within OpenWRT on a Router. As well as helping protect incoming and outgoing traffic to your Qubes device, it can help protect smart phones, tablets & IoT devices from being attacked and employed for Denial of Service purposes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32bb2ecc-7e3f-3a88-c3da-834a5500b585%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Qubes for the Asus X205ta ?
pierremartinf...@gmail.com: > Hi, I wonder if the Asus X205ta can handle Qubes ? > Thank, > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2d69ffcc-94d4-175f-35dc-0fa42bf5c3b3%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes - Revocation of the Qubes Signing Key
Do Qubes have any intention of following in the footsteps of TAILS as
proposed below:
[ see link
https://tails.boum.org/doc/about/openpgp_keys/signing_key_revocation/index.en.html
]
This document proposes a mechanism for the distribution and activation
of the revocation certificate of the Tails signing key.
Goals
Covered by current proposal:
Prevent any single individual from revoking our signing key.
Allow a coalition of people from ta...@boum.org to revoke our
signing key in case most of the people from ta...@boum.org become
unavailable.
Allow a coalition of people, not necessarily from ta...@boum.org, to
revoke our signing key in case everybody or almost everybody from
ta...@boum.org becomes unavailable.
Make it hard for a coalition of people not from ta...@boum.org to
revoke our signing key unless everybody or almost everybody from
ta...@boum.org becomes unavailable.
People not from ta...@boum.org shouldn't know how the shares are
spread and who has them.
People in possession of a share of the signing key should have
instructions on how to use it if needed.
Groups
We define four complementary groups of trusted people:
Group A: people from ta...@boum.org themselves
Group B
Group C
Group D
All these people should have an OpenPGP key and understand what a
revocation certificate is.
Cryptographic shares
We generate a revocation certificate of the signing key and split it
into a number of cryptographic shares, using for example Shamir's secret
sharing scheme implemented by gfshare.
The following combinations of people could get together and reassemble
their shares to reconstruct a complete revocation certificate:
Three people from ta...@boum.org: A{3}
Two people from ta...@boum.org and one person not from
ta...@boum.org: A{2}+(B|C|D)
One person from ta...@boum.org, and two people not from
ta...@boum.org but from two different groups: A+(B|C|D){2}
Three people not from ta...@boum.org but from three different
groups: (B+C+D){3}
We generate these shares:
N shares, one for each person from ta...@boum.org
1 share for people in group B
1 share for people in group C
1 share for people in group D
Who knows what
People from ta...@boum.org know the composition of each group
People not from ta...@boum.org:
Are explained in which circumstances they should revoke the
signing key
Are told to write to a certain contact email address if they
decide to revoke the signing key
Are told that they need three different shares to reassemble the
revocation certificate
Infrastructure
Everybody who owns a share is subscribed to a mailing list.
This mailing list is hosted on a trusted server different from
boum.org to be more resilient than our usual communication channels.
Changing the members of the groups B, C, or D
To add someone to a given group:
Request someone from that group to send her share to the new person
in the group.
To remove someone from a given group:
Send new shares to everybody except to the person who is being removed.
Request everybody to delete their previous share and track this.
Once everybody in 2 groups amongst B, C, or D have deleted their share,
it becomes impossible for them to reassemble the revocation certificate
with the previous set of shares.
Let's hope that this doesn't happen very often :)
Expiry
There is no expiry date on revocation certificates. One way of
cancelling the revocation power is to destroy all copies of shares of 2
groups amongst B, C, or D.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/o0v4t9%24rd4%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] 3.2 Install: Error unpacking qubes-template-fedora-23
I'm trying to install Qubes 3.2 on a Thinkpad T450s (i7), which is listed on the hardware compatibility list as being generally successful with both releases 3.1 and 3.2. I have had to use the UEFI Lenovo workaround documented at https://www.qubes-os.org/doc/uefi-troubleshooting/ so my install process has been as follows: - dd write a checksum and signature verified Qubes-R3.2-x86_64.iso to a 32GB USB drive - Enable legacy boot in the Thinkpad BIOS - Boot from the USB drive - Select "Troubleshooting" > "Boot from local disk" to enter secondary GRUB menu - Highlight the "Verify and Install" option and press 'e' - Add '/mapbs /noexitboot' to the 'chainloader' GRUB line - Press ctrl-x to boot with modified config - See successful verification of the USB drive contents and launch of Qubes 3.2 installer - Secondarily verify the install media from the "Installation Source" GUI panel - Configure install destination to "reclaim all space" by deleting the existing partitions and use the automatic paritioning - Begin the install About halfway through the progress bar, the status reads: "Installing qubes-template-fedora-23.noarch (800/930)" Switching to tty-1 with ctrl-alt-f1 shows the error message: "Error unpacking rpm package qubes-fedora-23-3.0.6-201608081228.noarch" If left along for long enough, this rpm task seems to error out completely and get skipped over to finish the rest of the installation. I then add the documented UEFI workaround to /mnt/sysimage/boot/efi/EFI/qubes/xen.cfg. After rebooting into the Qubes install, asking the Configuration helper to set up the default system qubes (sys-net, sys-firewall) fails with an alert message: [Dom0] Error ['/usr/bin/qubes-prefs'. '--set', 'default-template', 'fedora-23'] failed: stdout: "" stderr: "A VM with the name 'fedora-23' does not exist in the system." I'm confused about why such a specific package would consistently fail to install from good installation media over multiple install runs on my laptop. I've now tried with two different USB drives and ISO files from different sources. When running the installed Qubes, manually adding the package to dom0 with: sudo yum install /run/media//Qubes-R3.2-x86_64/Packages/q/qubes-template-fedora-23-3.0.6-201608081228.noarch.rpm installs successfully and provides the fedora-23 vm template in the VM Manager, from which I'm able to create a new NetVM and connect to a wired network. So that's all working, once it's in place. I would very much like to have the default sys-net and sys-firewall qubes. The way I see it, there are two semi-automated ways to get them: 1) Re-run the firstboot qubes-anaconda-addon now that the fedora-23 vm template is installed. 2) Re-install again, manually adding the qubes-template-fedora-23 package before the reboot so that it's available for the normal firstboot process. [Implicit option 3) Figure out and manually type the sys-net and sys-firewall creation commands by picking through the qubes-anaconda-addon source.] Any helpful hints come to mind? Thanks, Evan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d246f46-132a-4b52-97a3-73fc3fc01e5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
