Re: [qubes-users] Ubuntu templates

2018-08-03 Thread Noor Christensen
On 08/03/2018 04:56 PM, Chris Willard wrote:
> On 03/08/18 15:31, Unman wrote:
>> Works for me.
>> Fri  3 Aug 15:30:28 BST 2018
>> Can you try again?
>>
> Works for me too.

Yep, seems to work fine for me now as well.

-- noor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58821db7-5cb1-6830-ed28-15cff9e19bc0%40fripost.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Ubuntu templates

2018-08-03 Thread Noor Christensen
On 08/03/2018 01:20 PM, Unman wrote:
> http://qubes.3isec.org/Templates.

The URL gives 404 Not Found at the moment (2018-08-03 15:47).

-- noor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f9d3454-f7fa-c899-bc46-e5d002fced42%40fripost.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Logitech C920 Webcam with Qubes?

2017-10-21 Thread Noor Christensen
On Sat, Oct 21, 2017 at 03:18:55PM +0200, evo wrote:
> Hey!
> 
> I've bought logitech C920 Webcam for Linux Mint device and want also one
> for my qubes OS device. But as i understood there are Problems to
> install in even on "normal" linux. Do somebody has some practical
> experience with Logitech C920?

Hi,

What kind of problems are you experiencing?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171021142053.c6hwhb64rqagfrgi%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Network chain (VPN)

2017-10-21 Thread Noor Christensen
On Sat, Oct 21, 2017 at 11:09:40AM +0200, Noor Christensen wrote:
> On Fri, Oct 20, 2017 at 12:58:27PM -0700, variableap...@gmail.com wrote:
> > Hello
> > 
> > In this doc https://www.qubes-os.org/doc/vpn/, a configuration is
> > described where app vms connect to the firewall VPN, which connects to
> > the VPN proxy, and finally the net vm.
> > 
> > Was this correctly documented as a configuration? Should the VPN proxy
> > sit behind the firewall?
> 
> AFAIK, if you connect your AppVMs directly to the VPN proxy, you lose
> the ability to firewall the traffic since it will be encrypted when it
> leaves the VPN proxy.
> 
> So, for this reason, if you want to apply any filtering for that traffic
> you would need a firewall VM between the AppVMs and the VPN VM. In this
> situation, any firewall rules configured for the AppVMs will then be
> applied by the firewall VM before it reaches the VPN VM.
> 
> There is a good explanation here (read "Security note" under Usage):
> 
> https://github.com/Rudd-O/qubes-vpn#usage

Additionally, this graph might help to understand the flow:

https://raw.githubusercontent.com/Rudd-O/qubes-vpn/master/doc/Qubes%20VPN%20filtering%20rules.png

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171021091738.wedrrlozdmahbeh3%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Network chain (VPN)

2017-10-21 Thread Noor Christensen
On Fri, Oct 20, 2017 at 12:58:27PM -0700, variableap...@gmail.com wrote:
> Hello
> 
> In this doc https://www.qubes-os.org/doc/vpn/, a configuration is
> described where app vms connect to the firewall VPN, which connects to
> the VPN proxy, and finally the net vm.
> 
> Was this correctly documented as a configuration? Should the VPN proxy
> sit behind the firewall?

AFAIK, if you connect your AppVMs directly to the VPN proxy, you lose
the ability to firewall the traffic since it will be encrypted when it
leaves the VPN proxy.

So, for this reason, if you want to apply any filtering for that traffic
you would need a firewall VM between the AppVMs and the VPN VM. In this
situation, any firewall rules configured for the AppVMs will then be
applied by the firewall VM before it reaches the VPN VM.

There is a good explanation here (read "Security note" under Usage):

https://github.com/Rudd-O/qubes-vpn#usage


-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171021090940.mzojthov4ikw4duc%40mail.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: shutdown problem with rc4.0

2017-10-20 Thread Noor Christensen
On Mon, Oct 16, 2017 at 01:48:21PM -0700, tharris...@gmail.com wrote:
> On Monday, October 16, 2017 at 8:03:57 PM UTC, Steffen Hartmann wrote:
> 
> I've had this problem too but I waited for a while like 2 mins and it
> finally shutdown but for some reason the disposable vms don't get
> reset. 

So, when you boot up your Qubes system the next time it still has
DispVMs left from the previous session?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171020170222.fxyuzfiqtjgfpgef%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] DispVM and Word/docx - no go

2017-10-20 Thread Noor Christensen
On Thu, Oct 19, 2017 at 11:08:07AM -0400, Ryan Tate wrote:
> In Qubes 3.2 from a fedora 25 AppVM, when I try and open a docx (Word)
> file via DispVM via the right-click menu, I just get a directory
> listing inside the DispVM. Instead of opening the file with
> LibreOffice it appears to unzip the file and show the underlying dir
> structure. (The docx format is zipped.)
> 
> I have LibreOffice available to the app vm via the Fedora 25 template.
> Is there somewhere else I need to put it to make it available to the
> DispVM? Or is this a known/expected behavior for DispVM?

First of all, you need to make sure that LibreOffice is installed in
your DispVM.

Regenerate your DispVM image using that fedora-25 template you mentioned:

$ qvm-create-default-dvm fedora-25

When it has completed, try opening the document in a DispVM again.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171020163437.6d25pqhwhvckzl5j%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: cannot trim whonix-ws template anymore

2017-10-20 Thread Noor Christensen
On Wed, Oct 18, 2017 at 06:50:13PM -0700, yuraei...@gmail.com wrote:
> [...]
> On Wednesday, October 18, 2017 at 8:11:53 PM UTC, Sven Semmler wrote:
> 
> Like you suggested, I would also try move the folder away, and see if
> it fixes things without breaking something. I haven't done this
> before, but perhaps it's best to make a quick copy backup of whonix-ws
> first, just to be safe.

If it still does not work, you could use virsh to force removal of the
Xen domain:

$ virsh destroy 34bfb7d4-b96d-4d8d-9042-53e212761316
$ virsh undefine 34bfb7d4-b96d-4d8d-9042-53e212761316
$ virsh vol-delete --pool vg0 34bfb7d4-b96d-4d8d-9042-53e212761316.img

Make sure you use the correct UUID when running these commands. It
should be the one from that error message you quoted:

> > libvirt.libvirtError: operation failed: domain 'trim-whonix-ws' already
> > exists with uuid 34bfb7d4-b96d-4d8d-9042-53e212761316

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171020152507.iav75nh5hdwuzpfv%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: off topic - invite codes to 'riseup'

2017-10-18 Thread Noor Christensen
On Sun, Oct 15, 2017 at 10:44:02PM -0700, Dave C wrote:
> On Friday, July 28, 2017 at 7:16:36 AM UTC-7, little help wrote:
> [snip...]
> > 
> > This also might also work: 
> > 1.Go here: https://user.riseup.net/
> > 
> > 2.Make a "help ticket", and write "I need an invitation code because I 
> > want to use(write your messages!!)".
> > ^ Don't copy & paste my sentence! Use your words!
> > 
> > 3.Then, someone(Riseup user) will assist you.
> 
> Just FYI, I tried this and was declined with:
> [...]
> Due to the numerous requests by spammers and scammers that tried to
> get a riseup account we have to insist on invites for new accounts. We
> know that this sucks. We are sorry about it but it is the only thing
> that makes sense right now.

If anybody have an invite over I would gladly accept one :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171018083048.pbfzfxspcfxc5x74%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Seeking moderators for unofficial Qubes IRC channels on Freenode and OFTC

2017-07-28 Thread Noor Christensen
On Thu, Jul 27, 2017 at 12:00:37PM -0700, cooloutac wrote:
>  sounds like a waste of time, freenode is an abandoned cesspool.  If
>  you care about your security you wouldn't even be using it.The
>  google mailing list is great though, because it already deters the
>  deplorables...

Well, it has three times more users than the OFTC channel and lots of
discussion daily.

Your argument about security makes no sense, care to elaborate on that?

Also, I think an IRC channel serves a different purpose than the mailing
list. The list is perfect for a threaded and archivable history of
lengthy topics, whereas the channel is better suited for ad hoc
questions and beginner questions that often are repeated.

Additionally, as said earlier in the thread, the plan is not to replace
the list. We're discussing how to take better care of those users that
already use IRC and prefer to get help there. Most of the time we refer
these users to the mailing list anyway; for example if they got
questions or opinions that already has a thread on the list.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170728125025.d2q2lghvxzzslizc%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Seeking moderators for unofficial Qubes IRC channels on Freenode and OFTC

2017-07-21 Thread Noor Christensen
On Fri, Jul 21, 2017 at 03:04:16AM -0400, 'P R' via qubes-users wrote:
> Hello David,
> 
> >> We're looking for well-known, trustworthy volunteers from the
> >> community who would like to be
> >> moderators in the unofficial Qubes IRC
> >> channels on Freenode and OFTC (#qubes on both).
> 
> Am 21.07.2017 2:28 vorm. schrieb "Andrew David Wong" <a...@qubes-os.org>:
> 
> We're looking for well-known, trustworthy volunteers from the
> community who would like to be moderators in the unofficial Qubes IRC
> channels on Freenode and OFTC (#qubes on both).
> 
> 
> As mentioned before I am happy to help, but some more details about what
> exactly must/should be done would be helpful including an information to
> which users the IRC channel is mainly aimed at.
> What is the strategy of having IRC available as the good thing with the
> mailing list is, that most topics have been raised already once and as such
> extends the excellent Qubes documentation.


The IRC channels are unofficial, and should probably continue to be so
since we already have the mailing lists as our official means of
communication.

That being said, I would be glad to help out as a moderator.

People will continue joining the #qubes channel (or another one) and ask
for help, no matter if we are there or not. I think it's a great way to
introduce new users to the project and point users with questions or
answers to the offical docs and lists for further discussion.

Mailing lists are not for everyone, but we can at least make sure that
our IRC visitors know where to look by being reachable in the channel.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170721073920.dt7ovgibqekimedr%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Standalone Windows VM

2017-07-20 Thread Noor Christensen
On Thu, Jul 20, 2017 at 03:09:07AM -0700, jakis2...@gmail.com wrote:
> Is there a way to increase the size when you clone a VM? I changed the
> storage settings but it doesnt show storage over 20gb inside of
> windows. 

You might have to resize the partition from inside the HVM as well,
after resizing the outer volume. I don't know how to do this in Windows,
but I think there's a Disk Manager or similar...

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170720115536.yhqw6njamlhcvx45%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Why doesn't the TemplateVM make the newly installed software present the option to add the shortcut?

2017-07-20 Thread Noor Christensen
On Tue, Jul 18, 2017 at 11:53:46AM -0700, Patrick Bouldin wrote:
> On Tuesday, July 18, 2017 at 2:40:06 PM UTC-4, Noor Christensen wrote:
> > On Tue, Jul 18, 2017 at 11:22:29AM -0700, Patrick Bouldin wrote:
> > > On Tuesday, July 18, 2017 at 2:12:39 PM UTC-4, Patrick Bouldin wrote:
> > > > Hi, I added routine software like libre office draw or writer in the
> > > > TemplateVM. I am then able to run it in the corresponding appVM -
> > > > however, I attempt to "add shortcuts" either on the template or the
> > > > appVM they don't show as available. I think I can do it manually but
> > > > would like to fix this bug, it wasn't a problem before. I have done
> > > > a dom0 update by the way.
> > > > 
> > > > Thanks,
> > > > Patrick
> > > 
> > > update: I tried to mannually add with the command qvm-sync-appmenus ,
> > > and that command is not valid. Is this the problem? How to recover?
> > 
> > What do you mean with "not valid"? It needs a VM name as its only
> > argument, which should be clear from the help output. 
> > 
> > Try the following in dom0:
> > 
> > $ qvm-sync-appmenus 
> > 
> > Replace  with the name of your TemplateVM.
> > 
> > It will show any errors encountered during the process, which might give
> > you a clue of what's wrong.
> > 
> > -- noor
> > 
> > |_|O|_|
> > |_|_|O|  Noor Christensen  
> > |O|O|O|  n...@fripost.org ~ 0x401DA1E0
> 
> Thanks noor. I tried that but it said I had to do that in the template
> VM, weird. Tried it there and command wasn't available.
> 
> Anyway I decided to update the overall template VM and all of a sudden
> the shortcuts showed up as available - weird again!

Glad you got it to work!

However, I'm just curious... What did qvm-sync-appmenus say about having
to run in the TemplateVM? Can you please copy/paste the command you
entered and its output?

Maybe it's a bug :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170720083800.hcbemt2m3xcw5cns%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Why doesn't the TemplateVM make the newly installed software present the option to add the shortcut?

2017-07-18 Thread Noor Christensen
On Tue, Jul 18, 2017 at 11:22:29AM -0700, Patrick Bouldin wrote:
> On Tuesday, July 18, 2017 at 2:12:39 PM UTC-4, Patrick Bouldin wrote:
> > Hi, I added routine software like libre office draw or writer in the
> > TemplateVM. I am then able to run it in the corresponding appVM -
> > however, I attempt to "add shortcuts" either on the template or the
> > appVM they don't show as available. I think I can do it manually but
> > would like to fix this bug, it wasn't a problem before. I have done
> > a dom0 update by the way.
> > 
> > Thanks,
> > Patrick
> 
> update: I tried to mannually add with the command qvm-sync-appmenus ,
> and that command is not valid. Is this the problem? How to recover?

What do you mean with "not valid"? It needs a VM name as its only
argument, which should be clear from the help output. 

Try the following in dom0:

$ qvm-sync-appmenus 

Replace  with the name of your TemplateVM.

It will show any errors encountered during the process, which might give
you a clue of what's wrong.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170718184001.rfxjexjwz5jeuy22%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Proxy for packages

2017-07-15 Thread Noor Christensen
On Sun, Jul 16, 2017 at 12:03:49AM +0200, PhR wrote:
> Hello,
> 
> On 07/15/2017 11:53 PM, Noor Christensen wrote:
> > Just a thought:
> > 
> > Create a ProxyVM and set it to be the NetVM for the file server and all
> > those VMs that need access to it. Now you have a single point where
> > all traffic to the file server comes through, and iptables can be set up
> > to allow specific AppVMs to access it.
> I don't get it...
> 
> [AppVM] -> [Repository ProxyVM] -> [Firewall ProxyVM] -> [NetVM]

More like:

[RepositoryVM] \
|---> [Repository ProxyVM] ---> system fw and netvm etc
   [AppVM] /

Repository ProxyVM is where you do your iptables config to allow traffic
from AppVM to reach RepositoryVM. See the docs[0] for some examples on how
to configure proxies.

Please reply to the mailing list next time.

[0]  https://www.qubes-os.org/doc/

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715222423.33xruiepu3e7yov5%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Proxy for packages

2017-07-15 Thread Noor Christensen
On Sat, Jul 15, 2017 at 11:16:28PM +0200, 'PhR' via qubes-users wrote:
> Hello Salmiakki,
> 
> 
> On 07/15/2017 10:45 PM, Salmiakki wrote:
> [...]
> 
> But this would require that the AppVMs see the repository-Server and AFAIK
> there shouldn't be inter-VM-trafiic.

Just a thought:

Create a ProxyVM and set it to be the NetVM for the file server and all
those VMs that need access to it. Now you have a single point where
all traffic to the file server comes through, and iptables can be set up
to allow specific AppVMs to access it.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715215333.t3dxwqgdnaou3oxz%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] "Storage Qube" or otherwise share folders of a drive selectively?

2017-07-15 Thread Noor Christensen
On Sat, Jul 15, 2017 at 03:20:44PM -0400, 'P R' via qubes-users wrote:
> Hello,
> 
> Am 15.07.2017 10:45 vorm. schrieb "Noor Christensen" <
> kchr+qubes-us...@fripost.org>:
> 
> 
> I found this project the other day: https://github.com/rustybird/
> qubes-split-dm-crypt
> 
> Haven't tried it myself yet but it looks like it could fit your idea.
> 
> 
> Thank you for the link, very interesting!
> As far as I understand the qubes-split-dm-crypt has a security benefit as
> the credentials are not entered in an AppVM where the encrypted partition
> should be mounted but in another VM.
> As such there is less opportunity to grab the passphrase as it is entered
> in another VM.
> 
> As far as I have understand 'codegeak98' he is asking for a solution to
> store data in one storage qube, which might be accessed by several AppVMs
> while still beeing sure that the data is protected from access by other VMs
> or even the storage Qube itself.

Yeah, I'm looking for a similar solution myself...

I think we can learn a lot from the qubes-split-dm-crypt for this since
it's more or less the same workflow but without the LUKS layer.

But if someone else have a working solution to the use case please
share!

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715192539.mq6ttqvpqgrvucwu%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Xorg and Oom killer, i3

2017-07-15 Thread Noor Christensen
On Sat, Jul 15, 2017 at 11:57:26AM -0700, cyrinux wrote:
> Le samedi 15 juillet 2017 20:20:55 UTC+2, Noor Christensen a écrit :
> > On Sat, Jul 15, 2017 at 10:55:16AM -0700, cyrinux wrote:
> > > Hi,
> > > I have 20gb memory, but I use a lot of VM.
> > > Sometimes xorg is randomly kill.
> > > I would like to protect xorg from being killed. I'm trying to play with 
> > > overcommit but is it a good idea?
> > > Must I boot dom0 minimal memory?
> > > 
> > > Bonus: after a xorg crash, I can't reconnect to guid daemon. How to do? I 
> > > use i3, is it a i3 problem?
> > > Regards
> > 
> > What version of Qubes are you running on your dom0?
> > 
> > By "using a lot of VM", do you mean virtual memory or virtual machines?
> > For clarity, I will use the term meaning the latter, and "virtual
> > memory" when referring to the former.
> > 
> > Just want to make clear since the topic makes it a bit ambiguous :-)
> > 
> > Is it your dom0 Xorg process that is being killed, or one that is
> > running in a VM?
> > 
> > You might want to take a look at how your resources are being used by
> > dom0 and any running VMs. Run "xentop" in a dom0 terminal for a nice
> > realtime summary.
> 
> Hi Noor,
> By VM, i mean Virtual Machine (we can say Qubes), I have at minimum 15 Qubes 
> running.
> It is xorg in dom0 which is killed, I type 'dmesg' in dom0 terminal and see 
> it is killed.
> I will retry to play with xentop. In idle my dom0 use 700MB (and 2200MB 
> cache)/~3000MB.
> About reconnect to guid, before i use 'qvm-run --all true' to reconnect to 
> them, but after this OOM this doesn't work. Do you have an idea?

If you check the RAM and CPU allocation settings for those 15 VMs you have
running, are they reasonably set? I mean, compared to your total amount
of memory.

This will give you the current settings for a specific VM:

# qvm-prefs -l  | egrep 'memory|maxmem'

You might have to experiment a bit with those settings, since there are
no optimal defaults for this. It really depends on what you are doing
with your VMs, and how much you allocate for each VM.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715192001.rl5ki7k4ddmsdx5q%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Xorg and Oom killer, i3

2017-07-15 Thread Noor Christensen
On Sat, Jul 15, 2017 at 10:55:16AM -0700, cyrinux wrote:
> Hi,
> I have 20gb memory, but I use a lot of VM.
> Sometimes xorg is randomly kill.
> I would like to protect xorg from being killed. I'm trying to play with 
> overcommit but is it a good idea?
> Must I boot dom0 minimal memory?
> 
> Bonus: after a xorg crash, I can't reconnect to guid daemon. How to do? I use 
> i3, is it a i3 problem?
> Regards

What version of Qubes are you running on your dom0?

By "using a lot of VM", do you mean virtual memory or virtual machines?
For clarity, I will use the term meaning the latter, and "virtual
memory" when referring to the former.

Just want to make clear since the topic makes it a bit ambiguous :-)

Is it your dom0 Xorg process that is being killed, or one that is
running in a VM?

You might want to take a look at how your resources are being used by
dom0 and any running VMs. Run "xentop" in a dom0 terminal for a nice
realtime summary.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715182048.w72yn34c5k3lu3bk%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] "Storage Qube" or otherwise share folders of a drive selectively?

2017-07-15 Thread Noor Christensen
On Sat, Jul 15, 2017 at 10:45:38AM +0200, Noor Christensen wrote:
> On Tue, Jul 11, 2017 at 01:08:55PM -0700, codegee...@gmail.com wrote:
> > Right now, I have a lot of stuff all just "consolidated" on one hard drive.
> > /var/storage/{Anime,public_html,Documents,Pictures,.config/{pale\ 
> > moon,deluge}} and so on.
> > 
> > But, obviously, I want to try with Qubes to have some isolation from
> > my webserver, perhaps have my Torrent client not be able to read my
> > browser profile, etc.
> > 
> > I'm thinking of setting up perhaps something like a "Storage Qube",
> > which will have the storage drive permanently attached, and be in
> > charge of managing permissions and serving the folders to authorized
> > VMs via…NFS? SSHFS?
> > 
> > The catch is, I want to try to have it at least be reasonably
> > performant (i.e., my browser profile is there currently), and
> > preferably not make it "too" hacky/inelegant, in case the Qubes devs
> > roll their own guided/integrated system for this.
> > 
> > DOES Qubes have a facility to do this currently?
> 
> I found this project the other day: 
> https://github.com/rustybird/qubes-split-dm-crypt
> 
> Haven't tried it myself yet but it looks like it could fit your idea.

Also, one of the main Qubes workflows is to create AppVMs separated by
"domain". 

This can mean many things, but in your case I can think of at least two:
browser and torrents. You can have two AppVMs (one for browser, one for
torrents) that share the same TemplateVM but have their own private
storage for persistent files (browser profile, torrent client config).

By separating applications into their own AppVMs they are isolated from
each other, and they cannot read private data from other AppVMs. If you
need them to share anything, you just put that in the template and it
will be available for any AppVM using that template next time it starts.

Everything stored in an AppVM's private storage is persistent between
restarts. It is only available to that AppVM.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715085730.ojdqv3wvwazfd3tg%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] "Storage Qube" or otherwise share folders of a drive selectively?

2017-07-15 Thread Noor Christensen
On Tue, Jul 11, 2017 at 01:08:55PM -0700, codegee...@gmail.com wrote:
> Right now, I have a lot of stuff all just "consolidated" on one hard drive.
> /var/storage/{Anime,public_html,Documents,Pictures,.config/{pale\ 
> moon,deluge}} and so on.
> 
> But, obviously, I want to try with Qubes to have some isolation from
> my webserver, perhaps have my Torrent client not be able to read my
> browser profile, etc.
> 
> I'm thinking of setting up perhaps something like a "Storage Qube",
> which will have the storage drive permanently attached, and be in
> charge of managing permissions and serving the folders to authorized
> VMs via…NFS? SSHFS?
> 
> The catch is, I want to try to have it at least be reasonably
> performant (i.e., my browser profile is there currently), and
> preferably not make it "too" hacky/inelegant, in case the Qubes devs
> roll their own guided/integrated system for this.
> 
> DOES Qubes have a facility to do this currently?

I found this project the other day: 
https://github.com/rustybird/qubes-split-dm-crypt

Haven't tried it myself yet but it looks like it could fit your idea.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170715084538.tps5njk3xqhdxwm3%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] i3 not working on two screens

2017-07-14 Thread Noor Christensen
On Fri, Jul 14, 2017 at 04:07:15AM -0700, zioasterb...@gmail.com wrote:
> Yes, by "separating them" i mean to extend the desktop to two screens,
> since now I see them mirrored (i.e. the eternal one is a copy of the
> laptop's display)

You can use xrandr to set up the different display outputs.

For example, the following command defines my external display (VGA1) as
being positioned to the right of my internal display (LVDS1):

$ xrandr --output VGA1 --right-of LVDS1 --preferred

To get the names of your display outputs, run xrandr without flags:

$ xrandr

It's a bit unclear whether or not you are using XFCE or i3wm as your
window manager, but the xrandr method should be effective in either
case. 

Another solution is to set up your xorg.conf properly, so your desired
display outputs are configured when X starts, before any window manager
is run.

Here is an example config for a Thinkpad X220:

Section "Device"
# Specify the device we are configuring
Identifier "Intel HD 3000"
Driver "intel"
BusID  "PCI:0:2:0" # Video card PCI address

# Give friendly names to the display outputs
Option "Monitor-LVDS1" "LCD"
Option "Monitor-VGA1"  "VGA"
EndSection

# Internal monitor (LVDS1)
Section "Monitor"
Identifier "LCD"
Option "Enable" "true"
Option "PreferredMode" "1366x768"
EndSection

# External monitor (VGA1)
Section "Monitor"
Identifier "VGA"
Option "Enable" "true"
Option "PreferredMode" "1680x1050" # Acer AL2216W
Option "RightOf" "LCD"
EndSection

This config has the same effect as the xrandr example shown before -
external display output VGA1 positioned to the right of LVDS1.

You can put the file in /etc/X11/xorg.conf.d and it will be read by X on
next start.

Use the "Enable" option to specify whether you want it to activate on X
start, or manually (via xrandr). See the documentation for X.org and the
graphics driver you are using for more options.

NOTE: You probably have to replace some/all values to fit your specific
scenario. Obviously the "Device" section (first paragraph) of the
xorg.conf in particular, but also the xrandr parameters.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170714123150.kismbkdgoim3v5bj%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


[qubes-users] [marma...@invisiblethingslab.com: [qubes-devel] Fedora 25 template for Qubes 3.2]

2017-07-14 Thread Noor Christensen
Good news everyone!

/noor

- Forwarded message from Marek Marczykowski-Górecki 
 -

From: Marek Marczykowski-Górecki 
To: qubes-devel 
Date: Thu, 13 Jul 2017 22:49:53 +0200
Subject: [qubes-devel] Fedora 25 template for Qubes 3.2

Hi all,

We've uploaded Fedora 25 template for Qubes 3.2. It was already possible
to perform in-place upgrade[1], but now we also provide full template.

You can install it with:

sudo qubes-dom0-update qubes-template-fedora-25

We've tested it internally, but you can help us here too!
This is one of things to be included in Qubes 3.2.1.

[1] https://www.qubes-os.org/doc/template/fedora/upgrade-24-to-25/


- End forwarded message -

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170714102855.nqn7dcbncq4aiw4k%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] i3 not working on two screens

2017-07-14 Thread Noor Christensen
On Thu, Jul 13, 2017 at 12:37:27PM -0700, zioasterb...@gmail.com wrote:
> Hi,
> I've just tried i3 on qubes3.2 but there is an issue with my external
> monitor. I cannot separate them, even when I split and dispose
> properly the screen in the settings, as you can see in the image. The
> screens did not even refresh. 

Could you elaborate what you mean by "separating them"? 

Are the monitors showing the same image, and you want to have two
separate desktops instead?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170714102058.y4y3cbgfxix35qj5%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Qubes silently ditches Librem

2017-07-13 Thread Noor Christensen
On Thu, Jul 13, 2017 at 01:44:24PM +0200, bald...@tutanota.com wrote:
> 
> That's easy to say Andy, but have you any proof? Qubes is an Open
> Source project so why not open up the qubes accounts and let the users
> see some factual information. Surely, there can't be anything to hide?

What would be the point of opening up "the qubes accounts"?

Let's return to your initial questions regarding Librem 13 not getting
certified. Andrew addressed your concerns and explained what happened
with the collaboration process between Librem and Qubes, and why.

Do you have any reason to believe anyone is lying?

It looks to me that neither Qubes or Librem made any promises to anyone,
and that you might have read the *partnership announcement* post as if
the certification was a fact.

They decided to not proceed with the certification, end of story.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170713150106.axbqd5a77flkxa3b%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Qubes USB Installation Error

2017-07-13 Thread Noor Christensen
On Wed, Jul 12, 2017 at 07:44:40PM -0700, M wrote:
> Receive this error booting from live USB:
> 
> 
>Incompatible license
>Aborted. Press any key to exit.
> 
> 
> Qubes image written to USB with:
> 
> 
>dd if=Qubes-R3.2-x86_64.iso of=/dev/sdb
> 
> 
> USB drive is SanDisk 64GB USB formatted via GParted

Hmmm, what exactly did you do in GParted?

When writing the image to the entire block device (/dev/sdb), you will
also write the partition table from the image. If you modify the
partitions after this point, you might break the setup and not be able
to boot...

Also, what laptop vendor and model are you using?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170713114751.2wr6w7tccwwmjpwx%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Install issues

2017-07-13 Thread Noor Christensen
On Thu, Jul 13, 2017 at 03:41:36AM -0700, Ray James wrote:
> I've picked up two issues which may be related, the first issue is
> that the installer will not perform a md5 check, and goes straight to
> Anaconda. 

Good point, although I am curious what checksum it should compare
against? I guess the intended way is to verify the image before it is
copied on to an installation medium, or verify the block device after it
has been written.

And don't trust any medium you haven't verified in this manner... :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170713114514.mocxtevgrxe3y36f%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Fedora 24 will EOL on 2017-08-08. Are F25/26 Templates ready?

2017-07-13 Thread Noor Christensen
On Thu, Jul 13, 2017 at 10:30:00AM +, Michael Carbone wrote:
> Noor Christensen:
> > On Thu, Jul 13, 2017 at 10:05:34AM +0100, Unman wrote:
> >> On Fri, Jun 30, 2017 at 01:19:48AM +0200, Illidan Pornrage wrote:
> >>> The latest Fedora template, 24, in the repo will EOL soon on 2017-08-08.
> >>>
> >>> Are templates with newer Fedora Versions ready?
> >>>
> >>> If not, what is missing? Maybe I can help porting whatever.
> >>
> >> There are templates for Fedora-25 for both 3.2 and 4 , and the packages
> >> are also available at yum.qubes-os.org. so you can either upgrade
> >> existing templates or install a shiny new one.
> > 
> > Anybody know if 3.2 will ever support FC24, or if 4.0 is the only way?
> 
> As shown in the link you quote, you can download FC24 for 3.2:
> [...]

Sorry, my bad - I meant to ask about FC24 support in dom0...

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170713104837.lc72a6pp2hge4ocn%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Fedora 24 will EOL on 2017-08-08. Are F25/26 Templates ready?

2017-07-13 Thread Noor Christensen
On Thu, Jul 13, 2017 at 10:05:34AM +0100, Unman wrote:
> On Fri, Jun 30, 2017 at 01:19:48AM +0200, Illidan Pornrage wrote:
> > The latest Fedora template, 24, in the repo will EOL soon on 2017-08-08.
> > 
> > Are templates with newer Fedora Versions ready?
> > 
> > If not, what is missing? Maybe I can help porting whatever.
> 
> There are templates for Fedora-25 for both 3.2 and 4 , and the packages
> are also available at yum.qubes-os.org. so you can either upgrade
> existing templates or install a shiny new one.

Anybody know if 3.2 will ever support FC24, or if 4.0 is the only way?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170713094123.7kd7tc6h3zcjdb4g%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Completely disabling pulse audio (playback and record) in service VMs that don't need sound

2017-07-12 Thread Noor Christensen
On Wed, Jul 12, 2017 at 06:17:53AM -0700, daltong defourne wrote:
> On Wednesday, July 12, 2017 at 3:04:44 AM UTC+3, Salmiakki wrote:
> > Putting a name in there did not work for me but going to an AppVM and doing 
> > this:
> > mkdir ~/.config/autostart
> > cp /etc/xdg/autostart/pulseaudio.desktop ~/.config/autostart/
> > 
> > and adding X-GNOME-Autostart-enabled=false
> > to that worked!
> 
> Hi!
> Tried that (X-GNOME-Autostart-enabled=false) and pulse still starts
> 
> Does it have to be the only line there (I mostly kept the original
> content)
> 
> I also tried doing those manipulations with qubes-pulseaudio.desktop
> file, to no result 

I don't know what the X-GNOME-Autostart-enabled does, but here's a short
summary on how to use the "ShowIn" XDG fields.

You can provide multiple values for this field. For example, if you only
want the application to run on AppVMs and DisposableVMs:

> [Desktop Entry]
> OnlyShowIn=X-AppVM;X-DisposableVM;

The "ShowIn" field can also be negated. For example, if you want an
application to never run in a TemplateVM but anywhere else:

> [Desktop Entry]
> NotShowIn=X-TemplateVM;

>From /etc/qubes/autostart/README.txt:

> This mechanism overrides only content of /etc/xdg/autostart, files
> placed in ~/.config/autostart are unaffected, so can be used to
> override settings per-VM basis.

It is suggested to use ~/.config/autostart if you need to override anything for
a specific VM. In your case, I guess you want something like the following...

# In TemplateVM
# /etc/qubes/autostart/qubes-pulseaudio.desktop.d/30_qubes.conf:

[Desktop Entry]
NotShowIn=X-QUBES;

On each AppVM you want to enable this application for, create:

# ~/.config/autostart/qubes-pulseaudio.desktop.d/30_qubes.conf

[Desktop Entry]
OnlyShowIn=X-AppVM;
NotShowIn=

Possibly you can skip "OnlyShowIn" and just clear the "NotShowIn" value.

I have found the following Qubes-specific identifiers so far, partly from an
earlier qubes-users thread[0]:

X-QUBES Seems to match any type of Qubes VM

X-AppVM Any VM except TemplateVM, ProxyVM, NetVM
X-NetVM
X-ProxyVM
X-TemplateVM
X-DisposableVM
X-UpdateableVM  TemplateVM or StandaloneVM
X-NonUpdateableVM   Any VM except UpdateableVM

Also, here are some non-Qubes identifiers I've seen elsewhere:

GNOME
KDE
MATE
Unity
Cinnamon

I am not aware of any way to specify a VM name in this context. Maybe because
/etc/xdg/autostart is only relevant for a TemplateVM. And when you get to your
custom files in ~/.config/autostart you are already in a specific VM so no need
to specify it there.

If you really want to do it on the TemplateVM and no config on AppVM, I guess
you could put something in /rw/config/rc.local that only runs if $HOST variable
matches your VM name.

[0]  https://groups.google.com/forum/#!topic/qubes-users/smztkltkwOg

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170712143408.zcy4mqte7g3bcvpi%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: How do I upgrade to Fedora 26?

2017-07-12 Thread Noor Christensen
On Wed, Jul 12, 2017 at 09:48:18AM +0200, Alex wrote:
> On 07/11/2017 05:15 PM, Salmiakki wrote:
> > So what is required to get a new template? If I understand correctly
> > third parties create templates for other distros as well, right?
> > 
> Yes, and you can also upgrade an existing template, and that's what I
> usually do (because I tend to customize my templates, preferring the
> wonders of multiple usable VM to anonimity).
> 
> The problem is that there are no yum sources for qubes-related things
> for fedora 26, as Foppe said, so the upgrade will likely fail and, in
> case you manage to complete the upgrade, you will be left with a
> non-updatable set of qubes software for a while.

There are fedora-25 templates in the templates-itl repo for 4.0, but not
yet for 3.2 what I can see...

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170712103919.rompahcmeym4pk44%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: Fw: Re: [qubes-users] Re: Qubes 4 Fails to Boot With Coreboot

2017-07-11 Thread Noor Christensen
On Tue, Jul 11, 2017 at 07:58:17AM -0400, Protonmij wrote:
> I appreciate you are trying to help, but I have no desire to try
> unauthorised workarounds that potentially leave my machine compromised
> or in an undefined state.
> I think I'll wait until Qubes get the Coreboot issues resolved and
> then formally issue a solution
> Thank again for your efforts

Sure, no problem.

Mind if I ask what makes you feel that updating your GRUB configuration
would be compromising and/or lead to undefined behavior?

These GRUB commands mentioned in the workaround are the same ones that
gets called by your Linux distribution upon upgrading the kernel, for
example. They are standard procedure for updating the GRUB
configuration.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711160005.cnt33zvgp7haxen2%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Completely disabling pulse audio (playback and record) in service VMs that don't need sound

2017-07-11 Thread Noor Christensen
On Tue, Jul 11, 2017 at 01:40:34AM -0700, daltong defourne wrote:
> All other commands in rc. local are executed as expected, so it's not
> a rc.local issue per se, but rather maybe something like pulseaudio
> startup thing.
> 
> Any pointers as to how to reliably "de-pulse-ize" VMs at startup?
> 
> P.S.: uninstalling pulseaudio from template breaks things for me on
> several VMs and is not an option.

You might want to take a look at /etc/qubes/autostart directory in your
TemplateVMs. There is a "OnlyShowIn" that can be used to define in what VMs
the application should autostart, either by name or type
(appvm/templatevm etc).

Check the README.txt in that directory for some guidelines, and look at
the existing files for examples.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711093746.qds3rradyiffsxfk%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: Fw: Re: [qubes-users] Re: Qubes 4 Fails to Boot With Coreboot

2017-07-11 Thread Noor Christensen
On Tue, Jul 11, 2017 at 04:52:27AM -0400, 'Protonmij' via qubes-users wrote:
> > The most significant fact about my post appears to have been
> > overlooked - my x230 with Coreboot onboard boots all Linux distros
> > I've tried, including;Tails, Debian, Fedora etc. Why does it not
> > boot Qubes? Is there something special I need to do to get Qubes to
> > boot. If so, I suggest Qubes post that installation information to
> > the wider community.- after all Qubes recommended Coreboot in the
> > first place.

Sorry, I did not realize you've had actual installs of the other
distributions. I was assuming you just tried to boot Live ISOs, which
could work even though you have a broken payload/boot loader after
SeaBIOS.

> > From this post https://github.com/QubesOS/qubes-issues/issues/2553
> > there is a clear acknowledgement from Qubes Developers that there
> > are significant problems with Coreboot/Qubes compatibility.
> > Seemingly, those problems are not being formally acknowledged by
> > Qubes.

In my setup, I have chosen GRUB as the Coreboot payload. Then I copied
my grub.cfg from Qubes and added it to the Coreboot firmware. 

Could you try this and see if it works better?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711092718.yfg6vkptxsv4okvg%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Attaching non-PCI block devices to VM

2017-07-11 Thread Noor Christensen
On Tue, Jul 11, 2017 at 05:17:06AM -0400, Chris Laprise wrote:
> On 07/11/2017 04:25 AM, Noor Christensen wrote:
> > Hi,
> > 
> > I am curious if it is possible to attach "arbitrary" block devices to a
> > VM, similar to how additional disks drives can be specified for HVMs.
> > 
> > For example, let's say I have a backup disk image on dom0 that I would
> > like to read from another VM without having to copy the entire file. Is
> > this possible?
> 
> Yes, have a look at 'qvm-block -a' and 'qvm-block -A' in dom0.
> 
> Also remember you don't have to use dom0 or sys-usb as a source; you can
> specify any VM that contains the volume.

Thanks for your swift response!

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711093149.p2juzswgqlfu37di%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: Fw: Re: [qubes-users] Re: Qubes 4 Fails to Boot With Coreboot

2017-07-11 Thread Noor Christensen
On Tue, Jul 11, 2017 at 11:27:18AM +0200, Noor Christensen wrote:
> On Tue, Jul 11, 2017 at 04:52:27AM -0400, 'Protonmij' via qubes-users wrote:
> > > From this post https://github.com/QubesOS/qubes-issues/issues/2553
> > > there is a clear acknowledgement from Qubes Developers that there
> > > are significant problems with Coreboot/Qubes compatibility.
> > > Seemingly, those problems are not being formally acknowledged by
> > > Qubes.
> 
> In my setup, I have chosen GRUB as the Coreboot payload. Then I copied
> my grub.cfg from Qubes and added it to the Coreboot firmware. 
> 
> Could you try this and see if it works better?

Also, did you try the workaround mentioned in the Github issue?

https://github.com/QubesOS/qubes-issues/issues/2553#issuecomment-296442883

I remember doing this "for good measure" after flashing the firmware, so
maybe it was a crucial step...

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711092947.phzfbbve4jc72rzd%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Why does VPN needs its own firewall VM?

2017-07-11 Thread Noor Christensen
On Mon, Jul 10, 2017 at 04:09:09PM -0400, Chris Laprise wrote:
> On 07/10/2017 03:15 PM, yreb-qusw wrote:
> > On 07/09/2017 11:56 PM, Chris Laprise wrote:
> > And I use suspend function daily, and it's a bit hassle to get the VPNs
> > up and running again, even with the launcher workaround,  very often I
> > must use the launcher rc.local  multiple times , and ping to see if it
> > works, and quite often  they don't restart  properly
> 
> This has become a problem with newer openvpn versions: It appears to give up
> due to an internal error instead of reconnecting.
> 
> My VPN support project solves this by setting up a systemd service for the
> VPN; this forces openvpn to restart after it exits. It also makes it more
> manageable via systemctl start/stop/restart/status etc...
> 
> https://github.com/tasket/Qubes-vpn-support

Really useful, thanks for the contribution!

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711082832.p5mc7affycafpxdd%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


[qubes-users] Attaching non-PCI block devices to VM

2017-07-11 Thread Noor Christensen
Hi,

I am curious if it is possible to attach "arbitrary" block devices to a
VM, similar to how additional disks drives can be specified for HVMs.

For example, let's say I have a backup disk image on dom0 that I would
like to read from another VM without having to copy the entire file. Is
this possible? 

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170711082547.4q27el5cctcz76xn%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Qubes 4 Fails to Boot With Coreboot

2017-07-10 Thread Noor Christensen
On Mon, Jul 10, 2017 at 03:55:09AM -0400, 'Protonmij' via qubes-users wrote:
> I see the Seabios screen "booting from hard drive", this hangs for 10
> to 20 secs then goes the through the boot again endlessly

What payload did you choose in SeaBIOS menuconfig?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170710135234.3u3md76ugltvblmz%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Qubes 4 Fails to Boot With Coreboot

2017-07-10 Thread Noor Christensen
On Sat, Jul 08, 2017 at 09:01:41AM -0700, Andrew Morgan wrote:
> On 07/07/2017 10:20 AM, 'Protonmij' via qubes-users wrote:
> > As recommended by Qubes, I have installed Coreboot on my X230 - which
> > successfully runs Debian, Tails etc. I've tried to run Qubes 3.2 but
> > although the Installer process works OK, Qubes refuses to boot [hangs].
> > From what I can gather, its a Zen issue that's preventing the boot.
> > I had hoped the issue would be resolved in Qubes 4. However, I've been
> > disappointed - I get exactly the same symptoms having downloaded the
> > trial version from
> > https://ftp.qubes-os.org/~marmarek/Qubes-DVD-x86_64-20170706.iso
> > <https://ftp.qubes-os.org/%7Emarmarek/Qubes-DVD-x86_64-20170706.iso>
> > Is this an isolated example or is there a wider problem with Coreboot
> > and Qubes?
> 
> Can you provide any more details about at what point in the boot process
> it hangs? It's hard to suggest anything to try based on the current
> description.

Just want to add that there are no "wider problem" with Qubes and
Coreboot, that I know of. I've been using this setup on my X220 without
hurdles for 6 months now.

Protonmij, 

* What payload are you using for Coreboot?
* Did you configure SeaBIOS and GRUB correctly?
* Did you flash a working GRUB config together with the firmware?

Also as Andrew mentioned it is very hard to diagnose anything without a
better description of what actually happens when you try to boot.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170710095812.6nshqbtoc3snpaaz%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Why does VPN needs its own firewall VM?

2017-07-10 Thread Noor Christensen
On Sun, Jul 09, 2017 at 05:48:55PM -1000, yreb-qusw wrote:
> at the end of the VPN CLI setup it says :
> 
> ==
> If you want to be able to use the Qubes firewall, create a new FirewallVM
> (as a ProxyVM) and set it to use the VPN VM as its NetVM. Then, configure
> AppVMs to use your new FirewallVM as their NetVM.
> ==
> 
> is there some reason why I should or should not just use the existing
> firewall, or should each of the VPN VMs each have it's own firewall VM for
> some reason?

You can use this firewall to manage a policy of what should be allowed
through the VPN, and what should be blocked. To do this, you need the
firewall to be in front of the VPN, since the traffic after VPN will be
encrypted.

Additionally, if you want to use a non-VPN NetVM for any other AppVMs
while the VPN is active you probably don't that traffic to be mixed with
the VPN traffic. Especially not if that firewall is in front of the VPN
(unencrypted).

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170710095258.3uvr5nij2wi4fpbl%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Qubes OS 4 pre RC1

2017-07-09 Thread Noor Christensen
On Sun, Jul 09, 2017 at 12:42:35AM +0200, 'P R' via qubes-users wrote:
> Hello,
> 
> I tried to install Qubes 4 pre RC1 on my Lenovo Thinkpad W540.
> I've seen some warning messages during the Boot process of the installation
> stick but the installation process itself was working without any problems.
> After ~15min Qubes was ready to reboot.
> 
> When I reboot, Qubes Boot Menu comes up, but when I hit enter, after
> roughly 6 seconds a reboot happens.
> 
> I have also tried to remove rhgb quiet from the grub line, to get more
> information, but I just get a black screen, then reboot.
> 
> Any idea where to look for the for cause.


Can you boot in rescue mode or some Live CD and copy the follow file
from the partition where Qubes is installed?

/boot/grub2/grub.cfg

It would be really helpful to see how your GRUB is configured.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170709141658.f3nob4ltaabfnrac%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Win7 Template?

2017-07-09 Thread Noor Christensen
On Fri, Jul 07, 2017 at 04:45:03PM +0200, Noor Christensen wrote:
> On Fri, Jul 07, 2017 at 06:42:02AM -0700, henrydoblin...@gmail.com wrote:
> > I have 2 use cases for Windows.
> > 1. Watch Netflix or Amazon etc. They reject the use of VPN and ask for
> > a lot of "information", which is basically ok for me.
> 
> They don't have Linux support yet? That's just crazy...

Just had to do some digging, looks like both of them support Linux now :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170709134636.dn2erytq6kkjjfdr%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] qubes manager cli for bspwm/i3 users

2017-07-09 Thread Noor Christensen
On Sun, Jul 09, 2017 at 10:37:15AM +0200, Noor Christensen wrote:
> $ find /bin/ /usr/bin/ -iname "qvm-*"

Just remembered /bin is symlinked to /usr/bin, so you just have to look
in one of them :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170709084010.fwcclynzkzyuydg6%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] qubes manager cli for bspwm/i3 users

2017-07-09 Thread Noor Christensen
On Sat, Jul 08, 2017 at 02:13:18PM -0700, trul...@gmail.com wrote:
> Hi guys, tell me please, is there any qubes manager cli for bspwm/i3 users ?

Yes, there are several CLI tools:

qvm-prefs   VM settings
qvm-start   Start VM
qvm-stopStop VM
qvm-killKill VM
qvm-run Run command in VM
qvm-copy-to-vm  Copy file to VM
qvm-move-to-vm  Move file to VM

And many more... For a more or less complete list:

$ find /bin/ /usr/bin/ -iname "qvm-*"

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170709083715.dvrpuhmzvhn2xjqq%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Win7 Template?

2017-07-07 Thread Noor Christensen
On Fri, Jul 07, 2017 at 06:42:02AM -0700, henrydoblin...@gmail.com wrote:
> I have 2 use cases for Windows.
> 1. Watch Netflix or Amazon etc. They reject the use of VPN and ask for
> a lot of "information", which is basically ok for me.

They don't have Linux support yet? That's just crazy...

> 2. Banking. I have 2 banking applications that have multilevel
> authentication one of which makes use of a usb token. Here I want a
> usb-vm to connect these and only these usb devices. And I want a VPN
> connection with a trusted server and on top of that a very restrictive
> (IP-range based) Firewall. 
> 
> The two contradict. That's why I wanted a basic Windows installation
> and from that two or more domains with specific configs.

To answer your general question, that workflow is very much possible and
officially documented (as you've already read in the docs). You will
have to run a CLI command or two to create the initial template, but
from there on it looks like you create them much the same way as any
other template-based VM using the GUI tools.

Hopefully someone else have more experience in using win7 in the normal
TemplateVM sense and can share some notes. :-)

> But your idea of cloning is interesting. It seems simple, but it's a
> bit harddisk consuming ...

Yeah, it's harddisk consuming and I have to upgrade each cloned VM
manually... 

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170707144503.u3hr4xqfcpopr4do%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Win7 Template?

2017-07-07 Thread Noor Christensen
On Fri, Jul 07, 2017 at 03:15:00PM +0200, Noor Christensen wrote:
> On Fri, Jul 07, 2017 at 05:57:42AM -0700, henrydoblin...@gmail.com wrote:
> > is it possible to have a win7 Template VM in order to create
> > disposable VMs from that?
> 
> There is some information on this workflow in the official docs[0].

Whoops, here's the link[0]:

https://www.qubes-os.org/doc/windows-appvms/#using-template-based-windows-appvms-qubes-r2-beta-3-and-later

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170707134108.kpxb3rqtxzqvjux7%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] No Wifi Adapter in my-sys-net (based on fedora-24-minimal)

2017-07-06 Thread Noor Christensen
On Tue, Jul 04, 2017 at 08:43:04PM +0200, 'P R' via qubes-users wrote:
> Hello,
> 
> On 07/03/17 13:24, Connor Page wrote:
> > I guess you need to install any firmware packages for your network
> > devices first.
> > IIRC it's called iwl7260-firmware or something like that.
> 
> I've tar'ed /usr/lib/firmware from my fedora-23 sys-net VM which comes
> with the Qubes OS 3.2 installation.
> 
> Transferred the file to my new fedora-24-minimal sys-net Net-VM and
> untar'red it.

I think it's a good idea to install the required package instead of
copying the firmware files manually.

Before creating the NetVM, make sure your template has the firmware
packages installed. This way they will be present on the NetVM and you
can update them along with the rest of the system, when needed.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170706173451.r5gexy4l4urdijfu%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Attach cd-rom block device to Fedora Template VM (where does it show up?)

2017-07-06 Thread Noor Christensen
On Tue, Jul 04, 2017 at 08:12:31AM -0700, Greg Strong wrote:
> 4. run the following command, substituting your device name for xvdi:
> 
> sudo mount -t iso9660 -o ro /dev/xvdi /mnt/removable/

Glad you got it working!

As a side note, most of the time you don't need to specify options when
mounting common filesystems, like iso9660. It will figure out the
filesystem and whether or not it is ro/rw.

You can also define a mount point in /etc/fstab allowing you to just do:

# mount /mnt/removable

If you actually want auto mounting maybe a udev rule would suffice.

However, personally I feel auto mounting is a bit scary... :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170706102641.zj66es2yfdvwlxm7%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: How to Switch Keyboard Layouts?

2017-07-06 Thread Noor Christensen
On Thu, Jul 06, 2017 at 10:38:27AM +0200, Noor Christensen wrote:
> On Wed, Jul 05, 2017 at 06:34:58PM -0700, J. Eppler wrote:
> > Awesome, That works. Thanks. However, how can I change the keyboard
> > layout very fast between to different layouts. Basically, just with a
> > shortcut? Any idea?
> 
> I configure this in /etc/X11/xorg.conf.d/20-keyboard.conf on dom0:
> 
> [...]
> 
> There is a list of available values for XkbOptions here:
> 
>   /usr/share/X11/xkb/rules/base.lst

You can also set these options in a running X11 session using
setxkbmap(1). Example:

$ setxkbmap -layout us,se -option grp:alt_shift_toggle

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170706101750.h7g4hjuqz5v3njp4%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: How to Switch Keyboard Layouts?

2017-07-06 Thread Noor Christensen
On Wed, Jul 05, 2017 at 06:34:58PM -0700, J. Eppler wrote:
> Awesome, That works. Thanks. However, how can I change the keyboard
> layout very fast between to different layouts. Basically, just with a
> shortcut? Any idea?

I configure this in /etc/X11/xorg.conf.d/20-keyboard.conf on dom0:

Section "InputClass"
Identifier "system-keyboard"
MatchIsKeyboard "on"

# Primary layout:US
# Secondary layout:  Swedish
Option "XkbLayout"   "us,se"

# Both shiftsSwitch to next layout
# Right Alt  Toggle next layout while pressed
Option "XkbOptions"  "grp:shifts_toggle,grp:switch"
EndSection


As you can see in the comments, I have layout switching bound to
pressing Left Shift + Right Shift together. I also use AltGr to
temporarily switch to the next layout while key is pressed.

There is a list of available values for XkbOptions here:

    /usr/share/X11/xkb/rules/base.lst


Kind regards,

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170706083827.nnrq7ode7yzuyqa6%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Those using a Kali vm. Which download iso do you have that is working on qubes?

2017-06-30 Thread Noor Christensen
On Fri, Jun 30, 2017 at 04:51:28AM -0700, jakis2...@gmail.com wrote:
> I'm not getting anything properly up. I've seen the errors on here
> that some people have and never a solution really. I've also seen the
> errors talked about in other places but no solution works on qubes
> 
> As of now I can login and just get the small space at the bottom visible. 
> 
> On windows running virtual box there is no problems whatsoever 

Hi!

There is no real reason to run Kali as a HVM machine if you only want
the tools that comes with it. You can use a basic Debian template, add
the Kali repos and install all available packages using the katoolin[0]
utility.

As suggested in an earlier thread about running Kali in Qubes OS:

On Wed, Jun 28, 2017 at 07:37:17PM +0200, Noor Christensen wrote:
> I guess an alternative would be to use the katoolin[0] utility to
> install the Kali packages in an existing Debian template. There are
> several articles on how to do this on the net, but here's one of
> them[1].
> 
> Basically, it adds the Kali APT repositories + GPG key and provides a
> simple menu for selecting packages for install using the same categories
> as Kali. I think it also includes a script to create the same
> application menu structure as the default Kali install.
> 
> Seems to work fine, been using Kali like this since I switched over to
> an Qubes based environment.
> 
> [0]  https://github.com/LionSec/katoolin
> [1]  
> https://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/

If you need any help, just ask - this workflow works fine in my case.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170630124617.fz66l73wooqqmyvn%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] can not delete old template-VM

2017-06-30 Thread Noor Christensen
On Fri, Jun 30, 2017 at 08:26:52AM +0200, evo wrote:
> Hello!
> 
> i updated to fedora 24 some time ago and tried to delete the old one,
> with no success. After that i deleted it manually. Is there any simple
> way to get it out of my Vm manager and menu?

Did you remove the qubes-template-fedora-23 package?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170630065524.irzbu4p7lqm7hs2q%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] switch to integrated Intel graphic

2017-06-29 Thread Noor Christensen
On Wed, Jun 28, 2017 at 11:18:01PM -0700, Vít Šesták wrote:
> Hmm, HD graphics 2000 looks like old Sandy Bridge, so preliminary HW
> support should not have any effect in theory. Also, installing a new
> kernel is not much likely to help (it would be if you had a recent GPU
> that is too new for the kernel), but you might try it.

Thanks for the info!

 
> Eva, what does «sudo rmmod i915» do? If it proceeds, then the driver
> doesn't recognize the GPU. If it doesn't, then the driver recognizes
> GPU, but there is something wrong with config or with the driver.
> 
> You might also try checking if the same issue happens in Fedora 23.

Additionally, you might want to check the X.org logs on dom0 for any
messages from the intel driver (which you should be using by default
unless you have changed the X.org config):

$ grep -i intel /var/log/Xorg.0.log

I have attached the output from my X.org log file if you need a baseline
to compare against.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170629063953.q745wxc677xevf5f%40mail.
For more options, visit https://groups.google.com/d/optout.
[73.732] (**) |   |-->Device "Intel HD 3000"
[73.746] (II) LoadModule: "intel"
[73.747] (II) Loading /usr/lib64/xorg/modules/drivers/intel_drv.so
[73.752] (II) Module intel: vendor="X.Org Foundation"
[73.752] (II) intel: Driver for Intel(R) Integrated Graphics Chipsets:
[73.752] (II) intel: Driver for Intel(R) HD Graphics: 2000-6000
[73.752] (II) intel: Driver for Intel(R) Iris(TM) Graphics: 5100, 6100
[73.752] (II) intel: Driver for Intel(R) Iris(TM) Pro Graphics: 5200, 6200, 
P6300
[73.754] (II) intel(0): Using Kernel Mode Setting driver: i915, version 
1.6.0 20151010
[73.755] (--) intel(0): Integrated Graphics Chipset: Intel(R) HD Graphics 
3000
[73.755] (--) intel(0): CPU: x86-64, sse2, sse3, ssse3, sse4.1, sse4.2, 
avx; using a maximum of 2 threads
[73.755] (II) intel(0): Creating default Display subsection in Screen 
section
[73.755] (==) intel(0): Depth 24, (--) framebuffer bpp 32
[73.755] (==) intel(0): RGB weight 888
[73.755] (==) intel(0): Default visual is TrueColor
[73.756] (II) intel(0): Output LVDS1 using monitor section LCD
[73.756] (**) intel(0): Option "PreferredMode" "1366x768"
[73.756] (**) intel(0): Option "Enable" "true"
[73.768] (--) intel(0): Found backlight control interface acpi_video0 (type 
'firmware') for output LVDS1
[73.768] (II) intel(0): Enabled output LVDS1
[73.768] (II) intel(0): Output VGA1 using monitor section VGA
[73.768] (**) intel(0): Option "PreferredMode" "1680x1050"
[73.768] (**) intel(0): Option "RightOf" "LCD"
[73.768] (II) intel(0): Enabled output VGA1
[73.768] (II) intel(0): Output HDMI1 has no monitor section
[73.768] (II) intel(0): Enabled output HDMI1
[73.768] (II) intel(0): Output DP1 has no monitor section
[73.768] (II) intel(0): Enabled output DP1
[73.768] (II) intel(0): Output HDMI2 has no monitor section
[73.768] (II) intel(0): Enabled output HDMI2
[73.768] (II) intel(0): Output HDMI3 has no monitor section
[73.768] (II) intel(0): Enabled output HDMI3
[73.768] (II) intel(0): Output DP2 has no monitor section
[73.768] (II) intel(0): Enabled output DP2
[73.768] (II) intel(0): Output DP3 has no monitor section
[73.768] (II) intel(0): Enabled output DP3
[73.768] (--) intel(0): Using a maximum size of 256x256 for hardware cursors
[73.768] (II) intel(0): Output VIRTUAL1 has no monitor section
[73.768] (II) intel(0): Enabled output VIRTUAL1
[73.768] (II) intel(0): EDID for output LVDS1
[73.768] (II) intel(0): Manufacturer: LGD  Model: 2d3  Serial#: 0
[73.768] (II) intel(0): Year: 2011  Week: 0
[73.768] (II) intel(0): EDID Version: 1.3
[73.768] (II) intel(0): Digital Display Input
[73.768] (II) intel(0): Max Image Size [cm]: horiz.: 28  vert.: 16
[73.768] (II) intel(0): Gamma: 2.20
[73.768] (II) intel(0): DPMS capabilities: StandBy Suspend Off
[73.768] (II) intel(0): Supported color encodings: RGB 4:4:4 YCrCb 4:4:4 
[73.769] (II) intel(0): First detailed timing is preferred mode
[73.769] (II) intel(0): redX: 0.586 redY: 0.345   greenX: 0.340 greenY: 
0.559
[73.769] (II) intel(0): blueX: 0.158 blueY: 0.127   whiteX: 0.313 whiteY: 
0.329
[73.769] (II) intel(0): Manufacturer's m

Re: [qubes-users] Re: How much inital and max memory for sys and template VMs?

2017-06-29 Thread Noor Christensen
On Wed, Jun 28, 2017 at 05:22:33AM -0700, jakis2...@gmail.com wrote:
> Additionally my personal Debian VM is using its Max 3gb also also and only 
> running Firefox

Does this mean that your VMs are working now? You mentioned just earlier
how you couldn't get any VM to start, just wanted to check back on your
progress. :-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170629062435.xsjdub74po7ie5sm%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Error Starting VM- Insuffecient Memory- Already tried the info in docs

2017-06-29 Thread Noor Christensen
On Wed, Jun 28, 2017 at 03:28:58AM -0700, jakis2...@gmail.com wrote:
> Ive followed the info at qubes-os.org/doc/out-of-memory/ and nothing
> helps there. Everything showed fine with plenty of room. 
> 
> I took it a step further today to see if the ram was an issue at all
> and upgraded my ram to have 12gb now. Same error. 
> 
> Any ideas on this and what the best VM settings should be for what I
> have?

What's your current settings for CPU and memory limits on this VM?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170629062303.ez6glb7enxlyrz7v%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Unable to get right X display for kali on HVM

2017-06-28 Thread Noor Christensen
On Wed, Jun 28, 2017 at 11:52:09PM +0200, Noor Christensen wrote:
> Personally I use a launcher like rofi[0] or dmenu[1] for running stuff,
> or from a terminal on the VM itself.

Sorry, forgot the links.

[0]  https://davedavenport.github.io/rofi/
[1]  http://tools.suckless.org/dmenu/

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628221650.42cb3cckkwvs7svm%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Unable to get right X display for kali on HVM

2017-06-28 Thread Noor Christensen
On Wed, Jun 28, 2017 at 11:18:59AM -0700, jakis2...@gmail.com wrote:
> How are you accessing the Kali apps installed? I had played with what
> I read from the site about katoolin but no apps show on the vm to
> list. How are you launching the apps without a full display?

Personally I use a launcher like rofi[0] or dmenu[1] for running stuff,
or from a terminal on the VM itself.

But if you want the application menu in dom0 (and the Applications list
in VM settings) to show the menu entries from Kali, you probably need an
additional step to install them in the right location. They are
currently installed under /usr/share/kali-menu.

So, in your template run the following:

$ /usr/share/kali-menu/update-kali-menu

This will install the Kali application entries to the default location.

Now you should be able to run qvm-sync-appmenus in dom0:

$ qvm-sync-appmenus templatename

After which the new entries will be visible in the list of applications
available for any VM based on that template.

This was recited by memory so I guess YMMV.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628215209.bgso4a6y6ow5mwvh%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Unable to get right X display for kali on HVM

2017-06-28 Thread Noor Christensen
On Wed, Jun 28, 2017 at 08:08:09PM +0200, Noor Christensen wrote:
> I cloned my usual debian template and installed all Kali packages on
> that one. No HVM, normal AppVM.

I meant "No HVM, normal TemplateVM", of course. Then, as said, I create
AppVMs based on that template whenever I need a Kali machine for
something.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628180953.baypa3zsvcvvzpv3%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Unable to get right X display for kali on HVM

2017-06-28 Thread Noor Christensen
On Wed, Jun 28, 2017 at 10:43:58AM -0700, jakis2...@gmail.com wrote:
> Are you using this a standalone hvm or as template app vm?

I cloned my usual debian template and installed all Kali packages on
that one. No HVM, normal AppVM.

This way I have a debian-kali template that I can keep updated
and base other VMs on, like customer-specific pentesting VMs.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628180809.urhsgp3l2a3ye2fk%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Unable to get right X display for kali on HVM

2017-06-28 Thread Noor Christensen
On Wed, Jun 28, 2017 at 07:18:39AM -0700, jakis2...@gmail.com wrote:
> On Monday, August 1, 2016 at 9:58:56 AM UTC-4, NewbieG wrote:
> > Second one, as someone already pointed out in the list, introduces
> > conflicts between X packages from kali and X packages from the
> > debian-9 template.
> > 
> > Any help would be most appreciated.
> > 
> > Thanks!
> 
> Anyone have a fix for the misplaced yet? I can run calling fine
> booting into windows harddrive and using virtualbox

I guess an alternative would be to use the katoolin[0] utility to
install the Kali packages in an existing Debian template. There are
several articles on how to do this on the net, but here's one of
them[1].

Basically, it adds the Kali APT repositories + GPG key and provides a
simple menu for selecting packages for install using the same categories
as Kali. I think it also includes a script to create the same
application menu structure as the default Kali install.

Seems to work fine, been using Kali like this since I switched over to
an Qubes based environment.

[0]  https://github.com/LionSec/katoolin
[1]  
https://www.tecmint.com/install-kali-linux-tools-using-katoolin-on-ubuntu-debian/

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170628173717.yes7lujf4t3pwofd%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] what does qubes do to protect sys-usb?

2017-06-26 Thread Noor Christensen
On Mon, Jun 26, 2017 at 01:02:44AM -0700, pixel fairy wrote:
> what does qubes-os do to protect sys-usb from dma or other attacks?

The main purpose of using a dedicated sys-usb VM (as I have understood
it), is that it provides a workflow where you enable USB devices when
needed and only for the specific VM that needs it.

The effect being that no VMs have access to the USB device unless you
attach it to them first, which would limit the attack surface since the
devices are not exposed unnecessarily.

That being said, I have no knowledge about any additional security
measures applied by Qubes in this context, besides this whitelisting
workflow.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170626143139.774u2qztevj6sxtb%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Long-time Beta Users, do you wipe or upgrade?

2017-06-26 Thread Noor Christensen
On Thu, Jun 22, 2017 at 08:21:10AM -0700, Eric Duncan wrote:
> Alternatively... Is there a way to use some type of "Testing" repo for
> Qubes?  Something like rolling updates of Debian Testing does?
> 
> I was perfectly happy with Debian Testing on a previous build, until I
> moved to Arch which was a bit more stable with its rolling releases.
> 
> I wouldn't mind installing a "rolling release" of Qubes under a
> Testing repo, if there is one.  

Yes, there are three repos that offer packages not yet merged to stable:

qubes-dom0-current-testingtesting packages that will eventually land in the 
stable (current) repository
qubes-dom0-security-testing   a subset of qubes-dom0-current-testing that 
contains packages that qualify as security fixes
qubes-dom0-unstable   packages that are not intended to land in the 
stable (qubes-dom0-current) repository; mostly experimental debugging packages

See the "Testing repositories" section of the official docs:
https://www.qubes-os.org/doc/software-update-dom0/#how-to-update-software-in-dom0

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170626140918.77wkdxbyo2xw6yom%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Keyboard shortcuts in /etc/qubes/guid.conf

2017-06-26 Thread Noor Christensen
On Sun, Jun 25, 2017 at 03:03:44PM +0100, Unman wrote:
> I assume you mean the "Side view of four qubes waving around" key?(TM Rusty 
> Bird)

Haha, yes! That's the one. From this moment on, I am never calling that
key "the flag key" anymore...

> Use xev and you will probably find it's mapped to Super_L, but "Super" will
> probably do. Try it.

Thanks, I'll try it out later tonight.

-- noor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170626134707.4ngasgsbvj3klaf4%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] switch to integrated Intel graphic

2017-06-26 Thread Noor Christensen
On Mon, Jun 26, 2017 at 01:31:45AM +0300, Eva Star wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On 06/26/2017 01:07 AM, Chris Laprise wrote:
> > On 06/25/2017 03:14 PM, Eva Star wrote:
> >> After I remove Radion card, system loaded. But resolution is
> >> only 1280x800 and no network access (network managed do not see
> >> wired network) Is it because Qubes installeted on Radion
> >> card? Or I have too old integrated intel graphic (hd 2000 ) ?
> >> 
> > 
> > I'd guess that the PCI order/ID of your devices changed when you
> > removed the Radeon card, causing the NIC to no longer be recognized
> > by its old ID. If you go into Devices tab for your sys-net and
> > remove/re-add the NIC (then restart) it may work.
> > 
> > 
> Thanks. I will try, but it's part of the problem... How to fix
> resolution? Look like Qubes do not recognize intel graphic... But how
> it's possible...

I'm have an Thinkpad X220 with Intel HD3000 which works fine.

However, I needed to add the following to my kernel boot flags:

i915.preliminary_hw_support=1

This was done a long time ago and I haven't experimented with removing
it, so please just consider it a hint for possible next action rather
than a working solution ;-)

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170626124313.n4kxxgbaxopjbayu%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Keyboard shortcuts in /etc/qubes/guid.conf

2017-06-24 Thread Noor Christensen
On Sat, Jun 24, 2017 at 10:44:14AM +0200, Noor Christensen wrote:
> Hi,
> 
> I was about to change the key sequences gobally used for VM clipboard
> managament and found /etc/qubes/guid.conf to be the correct place.
> 
> Then I got curious, what subsystem is Qubes using for the keyboard
> bindings? I need to figure out what the Mod4/Meta/Windows key is called
> in this particular context.
> 
> I took a peek at the libconfig manual[0] as mentioned in the "Getting
> started" docs[1] but it does not mention anything specific about
> keyboard or input control, so I guess those values are parsed by some
> other entity actually handling the key bindings.

I found some clues in the qubes-gui-daemon source:

https://github.com/QubesOS/qubes-gui-daemon/blob/ad966ddd5d57b30a47651471a1cbdbe7ac8231fa/gui-daemon/xside.c#L2957

However, I'm having problems using Mod4 as a key identifier here.

Anybody else having success with this?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170624091334.cbi5iajk5iw2wzo5%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


[qubes-users] Keyboard shortcuts in /etc/qubes/guid.conf

2017-06-24 Thread Noor Christensen
Hi,

I was about to change the key sequences gobally used for VM clipboard
managament and found /etc/qubes/guid.conf to be the correct place.

Then I got curious, what subsystem is Qubes using for the keyboard
bindings? I need to figure out what the Mod4/Meta/Windows key is called
in this particular context.

I took a peek at the libconfig manual[0] as mentioned in the "Getting
started" docs[1] but it does not mention anything specific about
keyboard or input control, so I guess those values are parsed by some
other entity actually handling the key bindings.

[0] http://www.hyperrealm.com/libconfig/libconfig_manual.html
[1] https://www.qubes-os.org/getting-started/

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170624084414.2qv4gd3avqessmet%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Whonix-ws template will not connect to sys-whonix after upgrade

2017-06-23 Thread Noor Christensen
On Thu, Jun 22, 2017 at 08:38:05PM -0400, 'Essax' via qubes-users wrote:
> I also cloned a whonix-ws temp for testing to make sure it was the
> upgrade that caused the problem and sure enough as soon as I did the
> upgrade I could not connect it to sys-whonix. (the gui and qvm-prefs
> said other wise though) When I ran sudo apt-get update from whoinix-ws
> konsole i get
> 
> Err http://sgvtcaew4bxjd7ln.onion jessie/updates Release.gpg Cannot
> initiate the connection to 10.137.255.254:8082 (10.137.255.254). -
> connect (101: Network is unreachable

Have you enabled "Allow connections to Updates Proxy" in the firewall
settings for your whonix-ws TemplateVM?

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170623083251.m7ikzpaz2i6ev4rr%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: The issue of non-proprietary BIOS and Qubes OS

2017-06-22 Thread Noor Christensen
On Wed, Jun 21, 2017 at 12:14:35PM +0200, math blanc wrote:
> Thanks ! I didn't hear about heads before, it's very interesting :)
> 
> Does an X230 with Coreboot and ME cleaned can match a Libreboot laptop ?

Just want to chip in to say I'm running the same setup on a X220 with
great results!

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170622155754.4sjkxk6xqgxar4yb%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Internet is not running on virtual machine

2017-06-22 Thread Noor Christensen
On Wed, Jun 21, 2017 at 05:24:13AM -0700, manasshr...@gmail.com wrote:
> Hi,
> I am using using virtual box on windows 10, my guest machine is Mac OS
> X El Capitan. Host machine(Windows 10) is connected to wi-fi, but no
> internet on guest machine. I tried every solution available on
> internet. I already killed 2 days on this.
> 
> Any help here please?

Hi!

This is a mailing list for the Qubes OS project. 

We are not related to the VirtualBox project in any way, so I suggest
you look for help at their official community support site:

https://www.virtualbox.org/wiki/Community

Good luck!

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2017062219.dud343kxoihwmjnh%40mail.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Terminalcomman Lockscreen

2017-06-17 Thread Noor Christensen
On Fri, Jun 09, 2017 at 08:16:21AM -0700, Finsh wrote:
> i want to create a shortcut with the windows-key to lock my screen,
> but therefore i guess i would have to know the terminal-command to
> lock the screen, which i dont know? is there a "library" ore something
> like that to search for the commands?

If you're just looking for a quick way to lock your screen, take a look at 
slock[0] or i3lock[1].

[0] http://tools.suckless.org/slock/
[1] https://i3wm.org/i3lock/

No dependencies, no xscreensaver required.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170617184438.g5llvhlazude26zc%40mail.local.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Fan too loud during install

2017-06-16 Thread Noor Christensen
On Thu, Jun 15, 2017 at 01:52:44PM -0700, interestedtest...@gmail.com wrote:
> I am trying to install Qubes on my ASUS laptop but the fan is just too
> loud during the install. Is there any way I can fix this?

I am just speculating here, but it might be that the installer
environment is missing some kernel module needed to control the fan
speed or gauge the temperature sensors. This may or may not be
an indication that the problem will persist, so I suggest you continue
the installation and see whether it does.

> Even if it's not fixable during the install itself, I fear the fan
> will continue to work very hard if I manage to successfully boot into
> the new system after the install. Would there be a fix for it then, if
> not during the install?

Depending on your laptop model, chipset and firmware support there are
several utilities available that enable you to control the fan speed and
CPU throttling, both in the Fedora package repositories as well as
elsewhere on the web.

-- noor

|_|O|_|
|_|_|O|  Noor Christensen  
|O|O|O|  n...@fripost.org ~ 0x401DA1E0
-
() ascii ribbon campain - against html e-mail
/\  www.asciiribbon.org - against proprietary attachments

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170616062900.26azwm6ehmy2gtpv%40mail.local.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature


Re: [qubes-users] Re: Question(s) regarding Qubes minimal templates

2017-06-15 Thread Noor Christensen
On Wed, Jun 14, 2017 at 10:50:10PM +, Qubed One wrote:
> 'Tomei Ningen' via qubes-users:
> >> I'm a strong advocate of using minimal (or smaller) templates,
> >> customised for specific use cases. Some people HATE this approach.
> >> 
> >> unman
> > 
> > Really? Coming from the sort of people with the patience for an OS
> > like Qubes? I'd think anyone who's involved enough to have an opinion
> > would be in favor of that -- that's kind of the idea here, isn't it?
> > One thing I wish I could change would be the visual clutter it
> > produces; anybody know of a means to flag these VMs as internal so I
> > can hide the ones I'm not interested in seeing regularly?
> 
> In dom0, type this from the command line:
> 
>  qvm-prefs -s  internal True

Does the internal flag affect the VM in any other way than how it is
displayed in the GUI manager? Like, are they automatically started at
boot or similar?

-- noor

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170615090031.spfjd4ar5etw6ipj%40mail.local.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: PGP signature