[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

[jkitt]

On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris  wrote:
> From a crypto list, seemed relevant here.
> .
> Oh joy...
> 
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/
> .

So I have my ME "turned off", and I understand off never means off, but can it 
still be remotely exploited? I'm using a wireless NIC.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb84ce1e-52bd-4da0-a4e4-a1f59b120f30%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Upgrading from rc2 to release.

[jkitt]

Is this just a case of running a Dom0 update? Or would I have to manually 
install the stable release?

FYI: I'm still on 3.2.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4d12e6d-43c3-48e9-80b1-c2b12f2a3b80%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Has anyone tried to activate SELINUX in Fedora 25?

[jkitt]

On Wednesday, 20 September 2017 09:41:58 UTC+1, pels  wrote:
> [1.617897] systemd[1]: Failed to mount tmpfs at /run: Permission denied
> [.[0;1;31m!!.[0m] Failed to mount API filesystems, freezing.
> [1.621206] systemd[1]: Freezing execution.

Looks like a tmpfs cannot be mounted at boot. In actual fact: these default 
policies are never in a "ready to deploy" state. You have to run the policy in 
permissive mode - throughout the normal boot process, and typical use of the 
confined binaries. Once you have built a log of fired rules then you have to go 
back and tweak the policy. There are, shockingly, no good tools to parse 
selinux audit logs outwith a couple of hard to get tools - distributed in the 
redhat repos. I think there is a Gentoo overlay that you can reverse engineer, 
or maybe you can find a working tool. But once you have ironed out all the 
policy violations,and you can boot without firing anything of concern, then you 
are ready for enforcing mode.

Here are some good primers on the subject. The first video, in particular, 
shows how to effectively parse audit logs - with the aforementioned redhat tool:

https://www.youtube.com/watch?v=MxjenQ31b70

https://www.youtube.com/watch?v=q_y30qZ_plQ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f1c9bc5-3b46-4b14-8856-1493f9ea6472%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Configuring i3 window titlebar in Qubes

[jkitt]

On Thursday, 15 June 2017 13:02:28 UTC+1, Jarle Thorsen  wrote:
> Paras Chetal:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> > 
> > On 06/15/2017 03:44 PM, Jarle Thorsen wrote:
> > > Having Qubes automatically give the titlebar of the windows the
> > > same coulour as defined for the VM is a nice thing.
> > > 
> > > However I would like to make it more easy to visually identify
> > > which window is in focus, the change of colour for focused windows
> > > is too subtle for me.I would like to use bold text in the title for
> > > example, or make the change of colour less subtle.
> > > 
> > > Is this something I can change myself, or is this hard-coded into
> > > the qubes version of i3 window manager?
> > > 
> > The colours seem to be hard-coded here [1]. You will have to make your
> > own changes and then build from source as mentioned in the docs [2].
> > 
> > I tried changing the config.focused property in the i3 config file,
> > but the patch file seems to overwrite the user settings [3].
> > 
> > 
> > Regards,
> > Paras Chetal
> > 
> > 
> > [1]:
> > https://github.com/QubesOS/qubes-desktop-linux-i3/blob/qubes-3.1/i3/0001
> > - -Show-qubes-domain-in-non-optional-colored-borders.patch#L200
> > 
> > [2]: https://www.qubes-os.org/doc/i3/
> > 
> > [3]:
> > https://github.com/QubesOS/qubes-desktop-linux-i3/blob/qubes-3.1/i3/0001
> > - -Show-qubes-domain-in-non-optional-colored-borders.patch#L89
> 
> Thank you, guess I'll have to compile then...

Strange.. because I've never had to do that, yet my title bar is automagically 
colored. I think I'm using the package from the testing repo, and also the 
qubes i3 config found on the wiki.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f50abc2-2b10-4099-9d5d-45ad01ce77c6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[jkitt]

On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com  wrote:

> I was sad when installed VirtualBox, tried launching it and it said that 
> something like "not supported on Xen hosts"

But why would you want to do that? You already have virtual machines at your 
disposal..

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/92fe7061-0ef1-4d28-9ebe-bf9e927f9b39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Question to Mirage OS firewall users

[jkitt]

What's it like to update - is it relatively simple? Would you say it's more 
secure than Debian or Fedora?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/795512a4-318c-46c5-a0fc-1d6afea965e4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes-devel, what are the rules for posting?

[jkitt]

Can I ask development related questions there? Or is the mailing list only for 
core developers and contributors? (I'd like to get involved)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3326e88c-6010-413c-86ca-04c40a1af8c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes takes a while to shut down (>30min!), is this normal?

[jkitt]

On Wednesday, 7 December 2016 13:37:36 UTC, throwaw...@tutanota.com  wrote:
> Hello everyone! =)
> 
> Usually when I update dom0 and then I shutdown the computer it takes quiet a 
> while to finish, the progress bar reaches the end after nearly 5 min, but 
> then it takes 30min (yes!) for it to completely shut down.
> 
> For info: When I click on Esc to see what happens after the progress bar 
> reaches the end I see:
> 
> [ OK ] Reached target Shutdown
> 
> I have a Sony VAIO with a C2D.
> 
> Thanks in advance for your help.
> 
> 
> 
> Kind regards.

This is a known bug afaik. It would seem that some of the mounted block devices 
are hanging before they can be properly unmounted. You can see this when you 
hit any of the F keys during shutdown.

I wonder if there's a ticket?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/394c54cc-798c-4533-8046-50723bc095f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Issues with debian-8 qrexec service

[jkitt]

Fixed.

Quoting marmarek:

"Missing libxen-4.6 update seems to be the cause, just uploaded the update. 
Also, enabling testing repository should be enough (the package was there, but 
I missed uploading it to stable).

So, to fix the issue - start the template, access its console (sudo xl console 
debian-8) and install updates (sudo apt-get update && sudo apt-get -V 
dist-upgrade)."

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58daabd0-ee97-4d91-ac01-ad8dd10888f5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Issues with debian-8 qrexec service

[jkitt]

On Monday, 5 December 2016 05:26:04 UTC, jkitt  wrote:
> I'm not 100% that this is the issue but I'm having troubles running anything 
> with qvm-run on a Debian-8 template/app-vms. This happened after a recent 
> upgrade. Fedora template/app-vms are working fine after some initiation 
> problems (I have to killall qrexec-client in dom0 - possibly because it's 
> hanging)
> 
> Right now I can't run anything, and I don't know if it's related, or an 
> unrelated bug (as I've seen it previous), but the qubes manager indicated 
> remains yellow on debian based VMs.
> 
> I struggle to give you all the information you probably need - I don't know 
> much about Xen or Xen tools.
> 
> Thanks.

typo: indicated = indicator.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b20bb03-50ef-44d3-a5fd-45b90ce43c7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Issues with debian-8 qrexec service

[jkitt]

I'm not 100% that this is the issue but I'm having troubles running anything 
with qvm-run on a Debian-8 template/app-vms. This happened after a recent 
upgrade. Fedora template/app-vms are working fine after some initiation 
problems (I have to killall qrexec-client in dom0 - possibly because it's 
hanging)

Right now I can't run anything, and I don't know if it's related, or an 
unrelated bug (as I've seen it previous), but the qubes manager indicated 
remains yellow on debian based VMs.

I struggle to give you all the information you probably need - I don't know 
much about Xen or Xen tools.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38621bd7-47a1-4224-bb2c-0f852aa64c5b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

[jkitt]

The point is that the security of a grsecurity protected system depends on the 
userspace being compiled in a special way. The binaries need to be compiled 
with pie, and shared objects need to be compiled with pic. There are also some 
other mitigations like SSP.

A grsecurity kernel on it's own is not adequate enough. Someone will need to 
distribute a hardened userspace.

The coldhaka kernel is in alpha. It's a start but not a solution.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31fb0390-9210-423f-a5eb-f59f681fed15%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

[jkitt]

On Friday, 25 November 2016 11:38:21 UTC, raah...@gmail.com  wrote:
> can you just tell us the options so we can compile it ourselves?  paste the 
> cfg or something.

https://wiki.gentoo.org/wiki/Hardened/FAQ#Do_I_need_to_pass_any_flags_to_LDFLAGS.2FCFLAGS_in_order_to_turn_on_hardened_building.3F

Also:
 
> Can I add -fstack-protector-all or -fstack-protector in the make.conf CFLAGS?

> No, they will likely break the building of many packages, amongst others 
> glibc. 

in other words these options will break some packages - particularly glibc; 
ulibc is more flexible in that regards.

There's also: https://wiki.gentoo.org/wiki/Hardened/Toolchain

It's not as straightforward as you think. Perhaps you can build selected 
applications as statically linked with PIE, and place it in a grsec chroot 
instead - it would be a lot simpler.

I'd really like to see Gentoo (hardened) support, that and OpenBSD. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85a85993-5aaa-42a5-b627-3ff158fe456f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Quickest and easiest way to manage updates via command line?

[jkitt]

On Thursday, 24 November 2016 00:32:48 UTC, Marek Marczykowski-Górecki  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Wed, Nov 23, 2016 at 03:19:30PM -0800, jkitt wrote:
> > As the title states. Can this be done through salt?
> > 
> > I'm looking for put together something that will manage the updates for all 
> > my template VMs and even Dom0.
> 
> Yes, see here:
> https://groups.google.com/d/msgid/qubes-users/20161122121019.GX1145%40mail-itl
> 
> 
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2
> 
> iQEcBAEBCAAGBQJYNjUtAAoJENuP0xzK19cs8T4H/R1OZEHhqpSkwC4OG9nMzp/q
> fs64xz7wzJ4GogBqAA0Xrj1c+yepGXxbGjFmuDGOr131Ma8rrM+Lble4v/VIIvLE
> V6hPrfYhggszoOioXwvP6I9uE6D+X88LoGXHNNd1dWVmgXxtJNiDuXkoKo2ZVJNM
> OC8FkHbWWJZSMhauwWyXMEy4fXDMaCrUhS1gPMVKHcCELodCa/tJgFZXl/FWaxN6
> bPWYIL+d3rtsCqwLFCp7fBaPAifvHFzSPuphno+cSNHSqbZGC9n51Nt6C+IxsK0q
> NL3orgYSLXcFl1+u181ZdWKgv2x6zrRPXl/HJBTp7pRjxDJ3z1A0wJ4UntB9EzM=
> =bnf1
> -END PGP SIGNATURE-

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30b53b3b-06cd-4541-8aeb-10eee5ca0be2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

[jkitt]

On Tuesday, 22 November 2016 19:49:07 UTC, Ronald Duncan  wrote:
> Will this be using the latest linux kernel since grsecurity only provide the 
> latest version free.

Yes, it will be an "unstable" kernel. A bare metal grsec kernel is actually 
available in Debian's testing repo. However, it is not compiled with optimal 
hypervisor guest options, and will be slow (if working at all) in a Xen guest 
environment. And because it's in the testing repo it probably doesn't receive 
as much attention to security as stable.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53e4f203-21a9-4f2e-8cc9-b7bca64113de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 4 with Grsec could make a big splash

[jkitt]

On Tuesday, 22 November 2016 18:58:33 UTC, kev27  wrote:
> On Tuesday, November 22, 2016 at 8:57:56 PM UTC+2, kev27 wrote:
> > I saw this being retweeted by the Qubes account on Twitter. Can Grsec 
> > support still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc?
> > 
> > I think if Grsec would be enabled by default in Qubes, it would be no 
> > question that Qubes is the most secure operating system out there.
> 
> Forgot to add the link:
> 
> https://twitter.com/coldhakca/status/801107979126784000

That's great news! Except PAX protections require more than just the kernel - 
they require PIE/PIC compiled binaries/SO's. There's also a number of security 
options that should be enabled in the GCC compiler (see the Gentoo hardened GCC 
profile). This means that the entire userspace would need to be recompiled and 
distributed as a hardened image - someone will need to do the legwork; and it 
will need to be signed by a trusted party.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef008e2c-4682-43c8-8118-e80435faba97%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Quickest and easiest way to manage updates via command line?

[jkitt]

As the title states. Can this be done through salt?

I'm looking for put together something that will manage the updates for all my 
template VMs and even Dom0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7d1add90-ac73-47b5-8f25-d1e01b578e55%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: beginner trying to choose a laptop question

[jkitt]

On Monday, 21 November 2016 16:45:10 UTC, Warren  wrote:
> I'm looking at the "HP Laptop 250 G5 (X9U07UT#ABA) Intel Core i5 6200U (2.30 
> GHz) 8 GB Memory 256 GB SSD Intel HD Graphics 520" at 
> (http://www.newegg.com/Product/Product.aspx?Item=N82E16834266056&cm_re=HP_Laptop_250_G5_%28X9U07UT%23ABA%29-_-34-266-056-_-Product).
>  
> ark.intel.com says that VT-d and VT-x is supported by the processor but I 
> can't find out, so far, whether it's actually enabled or can be enabled. 
> HP site says the chipset is intel SoC. 
> 
> Would anyone care to hazard a guess as to whether or not I could use this 
> laptop to run qubes?
> 
> Thanks

As others have pointed out - the chipset has to also support IOMMU (VT-d). A 
lot of chipsets don't. There is the Qubes HCL that defines a lot of supported 
hardware.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21f97e0e-de98-4897-b86c-4326f7ac404e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: OpenBSD Xen PHVM

[jkitt]

On Friday, 21 October 2016 17:50:47 UTC+1, cubit  wrote:
> 7. Sep 2016 16:33 by jo...@johnrshannon.com:
> From the OpenBSD 6.0 Release Notes:
> The xen(4) driver now supports domU configuration under Qubes OS.
> 
> 
> Has any persons investegated if OpenBSD as a AppVM is likely to possible?

I'd really like to see this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85a34a91-27aa-4ebb-b68f-59640fdb3c28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Security announcement mailing list?

[jkitt]

Shouldn't a security focused distro make security announcement in a more direct 
and urgent way? I was surprised to find that Qubes only had a 'users' and 
'development' mailing list.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6ca183be-e33f-4dbd-a001-651f7ec08a78%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Why is whonix-ws necessary?

[jkitt]

Wouldn't an appvm, with the tor browser, and netvm set to sys-whonix do the 
same thing?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b71f2309-1d47-4ff4-bff5-3c81602596ab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: 3.2 installation crash on a ThinkPad

[jkitt]

Hey guys, i made this post and largely forgot about it. It would appear that 
the installation media I used corrupted the image. I used another USB stick and 
the installation boots no problem - I've been using 3.2 for about 3 or 4 days 
now without any problems on the T420s; no kernel parameters necessary.

I'm not sure about other builds of the T420s but I can post my specs for 
confirmation so the HCL can be updated.

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c7eacba8-1165-44d7-81cc-78994a1f656f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Why should I verify digests, if I already checked PGP signatures?

[jkitt]

On Saturday, 1 October 2016 14:07:32 UTC+1, Arqwer  wrote:
> Documentation says to check digests after I verified an .iso with gpg. Why? 
> Doesn't correct PGP signature mean, that .iso is good and came from Qubes 
> developers?

Yes it does. Normally distros sign the digest. Qubes signs the iso.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f23b737-4ed4-4718-bc1c-106228edf246%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: how many passphrases and passwords do you need?

[jkitt]

it's a stupid mess. People don't deal with it.

It would be nice if there was a specification, other than a shitty vulnerable 
USB, that would allow the plugging in of a key that stored a GPG private key. 
That way even your grandma could automagically sign an authentication token. 
Such a key-fob would have it's own hardware - to receive requests and possibly 
basic PIN authentication; or even fingerprint - if it was completely isolated 
(as in never leaves the device); the authentication module would be on the 
device itself and not through the OS. The idea is that the device itself 
functions like a removable TPM chip.

Although I personally don't trust hardware that stores fingerprint data - it is 
feasible for this method to be implemented rather securely and openly (as in 
libre)

In the meantime, I intend soon to make a firefox addon or plugin that stores a 
salt and domain in the firefox sync database. combine that with a standard 
manually inputted password to create an HMAC; which can be then be encoded with 
ASCII values from a lookup table. The result would be a completely random 
password for every domain. To change the generated pass you would change the 
salt. The salt is stored in firefox sync but your password is not.

I won't get to implement this until I finish UNI in a couple of years. Until 
then I'm stuck with what I have.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/59e98d09-b25f-45d8-80ab-5eed6a448d72%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: hosts file.

[jkitt]

On Thursday, 22 September 2016 02:57:39 UTC+1, Drew White  wrote:
> Hi Qubes devs,
> 
> Can you please point out how I can make the system STOP overwriting the HOSTS 
> FILE?
> 
> I have different domains targeted to 127.0.0.1
> then when I boot, you automatically overwrite anything that is...
> 127.0.0.1 mynewdomain.name
> 
> to
> 
> 127.0.0.1 thismachinehostname
> 
> This is really frustrating.
> I'm having to now alter the entire system config to target a hosts file on my 
> RW directory.
> 
> This is a STANDALONE guest, and thus shouldn't have anything like that 
> happening.

you can always set the immutable attribute with: chattr +i.

This will be a guest distro specific issue and not one with Qubes.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c81c07bc-d9fe-41f6-81d9-08891e35e070%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to completely disable update proxy?

[jkitt]

for the templates - how can I turn off the update proxy?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15885404-3980-4862-add0-9f82a84dead1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can DMA attacks work against Ethernet... or just WiFi/wireless...?

[jkitt]

Any software can have flaws. The only distinction between ethernet and wifi in 
that regards is that WiFi can be exploited by anyone within RF range regardless 
whether they're authenticated to the same network or not; ethernet requires a 
physical connection.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7f5322d-a304-439a-bb0f-3b122a14d25a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes Security Bulletin #25

[jkitt]

> A malicious guest administrator can crash the host, leading to a DoS. 
> Arbitrary code execution (and therefore privilege escalation)

Think this is an example of why it's a good idea to password protect guests?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a794d74d-e95d-4d55-9679-4287fcc1337e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Do Linux browser exploits exist..?

[jkitt]

On Saturday, 10 September 2016 19:18:10 UTC+1, neilh...@gmail.com  wrote:
> I've seen some dispute that a Linux browser exploit even exists.
> 
> Like, could you take Chrome or Firefox to a page, and then have a remote 
> shell, that loads a file onto the hard drive to monitor everything?
> 
> I can do this with Metasploit on Windows, but I've actually seen a lot of 
> people saying that it's not even possible on Linux.

Of course they do..

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/24ceb236-d61b-4574-ad8d-4e88daa5aa43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can DMA attacks work against Ethernet... or just WiFi/wireless...?

[jkitt]

On Monday, 12 September 2016 00:29:14 UTC+1, neilh...@gmail.com  wrote:
> Qubes uses VT-D to protect against DMA attacks on things such as WiFi chip.
> 
> But are there any proven DMA attacks against wired networking, i.e. 
> Ethernet..?
> 
> Hackers can exploit a buffer overflow on the network card's firmware, and use 
> that to take control of the network card, and issue a DMA attack to take 
> control of the entire host computer.
> 
> I previously posted a thread about this on qubes-users ("Question on DMA 
> attacks")
> ... and Marek mentioned WiFi when speaking of DMA attacks.
> 
> Is Ethernet also vulnerable...? Or just WiFi..?
> 
> I say this because I wanted to build a Tor router that sits between Qubes and 
> my main router... so that even if Qubes gets hacked, they can only see what 
> I'm doing, and not WHO I am. The theory being, that there are no exploits for 
> Tor itself, and only for the Firefox browser. Thus, the IP address is always 
> obscured behind the Tor router.
> 
> So my router box is going to have Ethernet only, because if my Qubes is 
> hacked, then it could just use WiFi to scan for nearby routers, including my 
> own WiFi router, and thus identify me.
> 
> So, wired networking is a must.
> 
> And thus, I wanted to know if Ethernet is vulnerable to DMA attacks, because 
> if it is, then I would have to use Qubes for the Tor box in the middle.. or 
> at least, use some OS that supports VT-D, even if it's not Qubes.
> 
> Qubes has high system requirements, thus I'd prefer to have a cheap computer 
> as the Tor router in the middle.. But if there truly are exploits against 
> Ethernet, then I'll just have to use Qubes.

DMA is a privilege given to PCI(e) devices (DMA controllers) - eNIC's run over 
the PCI(e) bus - a lot of eNICs have DMA controllers. RDMA is a specification 
that relies solely on DMA.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6f4d87a1-a09c-4622-ac9d-8c913bc39ca2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Does anyone use a dedicated Tor router box..?

[jkitt]

On Friday, 9 September 2016 09:56:36 UTC+1, neilh...@gmail.com  wrote:
> the problem with Qubes, of course, is all the Xen exploits which make it 
> insecure.

Off-topic here but is Qubes really insecure? Should I be worried?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0bf7258b-b7c6-43e3-8e93-6068cf8e7614%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Streisand - AntiCensorship software

[jkitt]

On Wednesday, 7 September 2016 14:08:16 UTC+1, Connor Page  wrote:
> agree, when I looked at it some time ago I could not imagine why I would need 
> all of that. too large an attack surface for my taste. however, I did 
> investigate what individual elements are capable of and borrowed some ideas, 
> like using port 636 and tls-auth for openvpn.

Why specifically that port?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3048098-b29e-44a7-acea-83e79dd53974%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: OpenBSD Xen PHVM

[jkitt]

Fingers crossed on this one.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e601f1b-b79c-4a12-ae08-87b304653de7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Centrino 6505 hard blocked

[jkitt]

I have a Thinkpad t420s and the WiFi card is showing as hard blocked. 

The kill switch, on the side, is in the on position;
I've disabled and removed the card for an extended period of time (20 mins) to 
try and reset potential state corruption;
run rfkill on it with modules unloaded (however, it's hard blocked)

The card went into that state on it's own. I was midway through browsing the 
web. No updates - the card was working for a week without an update. It just 
suddenly stopped working.

Card: Intel Centrino Advanced-N 6205 [Taylor Peak] (rev 34)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e9cd5985-67c4-451e-8a78-be5600848927%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Unable to update templates

[jkitt]

My netvm is a proxyvm that I've set up. I've just found out about the global in 
which the updatevm can be changed. However, i've set this to my VPN VM yet 
nothing - it's still trying to connect to the same IP. IRRC that IP is a 
non-existent node but it's filtered by a proxy. How do i get that proxy running 
on my VPN VM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3d749176-bc90-4993-9082-3daa8f838abe%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to update templates

[jkitt]

I am unable to update either of my templates. Debian tries to connect to 
10.137.255.254; none of my VMs have that IP. Why is it trying to connect to 
that - is it an update proxy? Fedora tries to do the same.

I can ping google.com on both systems and I can also run an update in appvms.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/60a023f7-822d-41d7-8c2c-2777aff975dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: shared clipboard is inconsistent

[jkitt]

On Friday, 15 July 2016 21:32:05 UTC+1, Marek Marczykowski-Górecki  wrote:
> Len 0? VM returned no data for copy request. Are you sure you've copied
> it there (i.e. Ctrl-C before Ctrl-Shift-C)?

Well, therein lies the problem. I wasn't copying it to the clipboard first (for 
some reason I thought Ctrl-Shift-C would do that for me).

Thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e437975-035b-4e3a-9caf-d61b89b6b065%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: shared clipboard is inconsistent

[jkitt]

On Thursday, 14 July 2016 21:57:23 UTC+1, jkitt  wrote:
> Sometimes it works; sometimes it doesn't. Has anyone else noticed this? 
> 
> v3.1

secure copy
handle_clipboard_data, len=0x0
open /var/run/qubes/qubes-clipboard.bin.xevent: No such file or directory

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da553b3d-4f3c-40b8-91a5-6e616f1fc9dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] shared clipboard is inconsistent

[jkitt]

Sometimes it works; sometimes it doesn't. Has anyone else noticed this? 

v3.1

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/86097665-d4c5-45a0-ae7b-1f550f147448%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: adding gresecurity to Qubes

[jkitt]

I couldn't agree more - just because you live in a safe neighborhood it 
doesn't mean you go out and leave your door unlocked. Every mitigation is 
useful.

However, with grsecurity there's a great deal of performance overhead, some 
things like X really don't like grsecurity, and with a semi-stateless 
system there's not a great need for such mitigations. Also, I've heard that 
there's some things that just can't work under a virtualized environment - 
not sure what yet. However, a compromised system can still be used to 
attack other systems. I've noticed that by default Qubes domains don't 
block connections to the local LAN - which is an attack vector from default 
configured domains; not to mention the compromise of any data in that 
domain.

I'd like to see something like subgraph or a gentoo hardened GRS template.

On Monday, 20 June 2016 23:17:01 UTC+1, xopl...@gmail.com wrote:
>
> Also why does Qubes not ship with Gresecurity by default I know that 
>  privilege escalation protections would be meaningless according to 
> raah,but Gresecurity also add other security features 
> https://grsecurity.net/features.php 
> 
>  
>
> I know Qubes is quite reasonably secured with its isolation and xen 
> architecture,but I like adding precaution such as extra security in case of 
>  an attacker somehow bypasses the isolation or find an exploit or flaw in 
> the xen architecture 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a2f904ba-f43d-467d-a604-e76b463b4464%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: debian firefox and whonix torbrowser can no longer play videos in fullscreen and freeze

[jkitt]

The same happens with me. i suspect hardware acceleration. It can be 
switched off in flash with:

sudo su
mkdir /etc/adobe && echo "EnableLinuxHWVideoDecode = 0" > /etc/adobe/mms.cfg

Restart the browser.

For HTML5 videos (YouTube) the media.* configs are for controlling HTML5 
decoding extensions. Particularly "media.hardware-video-decoding.enabled" 
although is still can't seem to fullscreen HTML5 videos without it 
glitching my browser - I wonder if anyone else has fixed this?

On Monday, 20 June 2016 20:50:26 UTC+1, raah...@gmail.com wrote:
>
> If i go to youtube click the fullscreen button on the player,  the browser 
> goes fullscreen but not the video, and the browser becomes unresponsive. 
>
> This is the exact same issue that has always been present with fedora's 
> firefox on qubes.   Something has changed now in debian around the time 
> they dropped iceweasel for firefox esr.  The same issue now also happens in 
> torbrowser.  I don't know why this happens.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea73f133-cb29-4274-ac06-25c2958491e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] adding gresecurity to Qubes

[jkitt]

It's an old English idiom that means to "not take seriously":

http://idioms.thefreedictionary.com/take+with+a+pinch+of+salt
 
On Monday, 20 June 2016 23:00:41 UTC+1, xopl...@gmail.com wrote:
>
> On Friday, June 17, 2016 at 11:55:40 AM UTC-4, Sandy Harris wrote:
> > Lorenzo Lamas > wrote:
> > >
> > > On Wednesday, June 15, 2016 at 6:31:23 AM UTC+2, Sandy Harris wrote:
> > >>
> > >> It may not be necessary. There is a kernel hardening project
> > >> which is bringing some of the grsecurity & PaX stuff into the
> > >> mainline kernel.
> > >> http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
> > >
> > >
> > > May not be objective coming from the grsecurity dev, but the kernel
> > > hardening project should be taken with some salt:
> > > https://forums.grsecurity.net/viewtopic.php?f=7&t=4476
> > 
> > In security work, more-or-less everything should be taken with
> > salt, but you make a good point.
> > 
> > The main argument on the other side, as I understand it (salt
> > needed here too), is that kernel developers want bite-size
> > patches,incremental stuff that changes one thing at a time
> > and can be tested independently. grsecurity does not provide
> > those, so it is unlikely to ever be incorporated into the
> > mainline kernel.
> > 
> > The hardening project mostly takes good ideas from grsecurity
> > and other sources and massages them into a form that is
> > likely to produce patches that mainline kernel developers
> > will accept.
>
> hi what do you mean by takened with salt?
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/250e8b5a-26b3-48b9-bd6c-d6b5279abe04%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] T420s and pci passthrough

[jkitt]

I ask because I'm wondering what kind of risk I expose Dom0 to if pci 
passthrough fails at some point. By reset - does that mean the state of the 
device? Which includes compromised firmware? I'm not entirely sure.

On Sunday, 19 June 2016 19:52:41 UTC+1, jkitt wrote:
>
> Thanks. I read that in the man page but what does "reset" mean in this 
> context?
>
> On Sunday, 19 June 2016 15:07:12 UTC+1, Andrew David Wong wrote:
>>
>> -BEGIN PGP SIGNED MESSAGE- 
>> Hash: SHA512 
>>
>> On 2016-06-18 17:49, jkitt wrote: 
>> > So I was unable to get pci passthrough working for any of the USB 
>> > devices without disabling pci_strictreset. What does this option 
>> > actually do? 
>> > 
>>
>> "Control whether prevent assigning to VM a device which does not 
>> support any reset method. Generally such devices should not be 
>> assigned to any VM, because there will be no way to reset device state 
>> after VM shutdown, so the device could attack next VM to which it will 
>> be assigned. But in some cases it could make sense - for example when 
>> the VM to which it is assigned is trusted one, or is running all the 
>> time." 
>>
>> Source: https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/ 
>>
>> Also available via `qvm-prefs --help`. 
>>
>> - -- 
>> Andrew David Wong (Axon) 
>> Community Manager, Qubes OS 
>> https://www.qubes-os.org 
>> -BEGIN PGP SIGNATURE- 
>>
>> iQIcBAEBCgAGBQJXZqcKAAoJENtN07w5UDAwdVoQAMi1EtvNDEnfVMUQPaHWV6C5 
>> dRZlpOaMrCBk2BtnC7Mu5z1qp1JiM0OyfNtykQnmP06+gyflkIyNHqdjINMFEp38 
>> uZiuu40FBVLv4/yNia8BPxBdOlgIMnUP2viisGivJx+EAc1w9tI4Y8N+VMn7Lx3a 
>> oM+RGBkt00csizM7sKf8nziYkzjmXVvjF764G0EU2V3MYcPdvjPu9r/YMnyLvSiU 
>> h3WwBSBWbH+6t+AKiMh+zH0W2mVBiLvWzvs1AMzUMeAw+yb6wY8fomI2wQElpgkG 
>> t3yTlFICEmm9gRXVNLIC+fVbAPw/eIsklSJa9zaw7pc/LRJ34TCryYWvfA6fzQKJ 
>> Poq3ODHrFBoSeLls8qtdb7BvIGKWBMCSo1L8aQshsw/RDU/UU0uWknqB/qoh4eDD 
>> /3X2q/PEcwEFIody3adOXHrCUd2xjOAThP3yUDU9wRcnEYuNeifQ0XXslcSkA0ux 
>> wLQ3L8gskgqlnfA2Zes+bhOp6FYOBgLC5mpeIh6oTdeOnR+h+J31KBHnEjYUqZjo 
>> fs1W3JgyrlJZIaSGE76I8LFLabBgcGamS8J5f5dIQyVE1JDHtTITq4QXyi/2/pvd 
>> K+zvwxswJ2Sg4X1jh58u+M6MKsychJ00I5p0cQDidyhbMqYnjjq08hpPP9wAQ2t5 
>> Ze6FAzGqrG7Hwl1BBL25 
>> =0ZD0 
>> -END PGP SIGNATURE- 
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d74e27a-2a13-47f9-8c2e-b3d054902a56%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] T420s and pci passthrough

[jkitt]

Thanks. I read that in the man page but what does "reset" mean in this 
context?

On Sunday, 19 June 2016 15:07:12 UTC+1, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA512 
>
> On 2016-06-18 17:49, jkitt wrote: 
> > So I was unable to get pci passthrough working for any of the USB 
> > devices without disabling pci_strictreset. What does this option 
> > actually do? 
> > 
>
> "Control whether prevent assigning to VM a device which does not 
> support any reset method. Generally such devices should not be 
> assigned to any VM, because there will be no way to reset device state 
> after VM shutdown, so the device could attack next VM to which it will 
> be assigned. But in some cases it could make sense - for example when 
> the VM to which it is assigned is trusted one, or is running all the 
> time." 
>
> Source: https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/ 
>
> Also available via `qvm-prefs --help`. 
>
> - -- 
> Andrew David Wong (Axon) 
> Community Manager, Qubes OS 
> https://www.qubes-os.org 
> -BEGIN PGP SIGNATURE- 
>
> iQIcBAEBCgAGBQJXZqcKAAoJENtN07w5UDAwdVoQAMi1EtvNDEnfVMUQPaHWV6C5 
> dRZlpOaMrCBk2BtnC7Mu5z1qp1JiM0OyfNtykQnmP06+gyflkIyNHqdjINMFEp38 
> uZiuu40FBVLv4/yNia8BPxBdOlgIMnUP2viisGivJx+EAc1w9tI4Y8N+VMn7Lx3a 
> oM+RGBkt00csizM7sKf8nziYkzjmXVvjF764G0EU2V3MYcPdvjPu9r/YMnyLvSiU 
> h3WwBSBWbH+6t+AKiMh+zH0W2mVBiLvWzvs1AMzUMeAw+yb6wY8fomI2wQElpgkG 
> t3yTlFICEmm9gRXVNLIC+fVbAPw/eIsklSJa9zaw7pc/LRJ34TCryYWvfA6fzQKJ 
> Poq3ODHrFBoSeLls8qtdb7BvIGKWBMCSo1L8aQshsw/RDU/UU0uWknqB/qoh4eDD 
> /3X2q/PEcwEFIody3adOXHrCUd2xjOAThP3yUDU9wRcnEYuNeifQ0XXslcSkA0ux 
> wLQ3L8gskgqlnfA2Zes+bhOp6FYOBgLC5mpeIh6oTdeOnR+h+J31KBHnEjYUqZjo 
> fs1W3JgyrlJZIaSGE76I8LFLabBgcGamS8J5f5dIQyVE1JDHtTITq4QXyi/2/pvd 
> K+zvwxswJ2Sg4X1jh58u+M6MKsychJ00I5p0cQDidyhbMqYnjjq08hpPP9wAQ2t5 
> Ze6FAzGqrG7Hwl1BBL25 
> =0ZD0 
> -END PGP SIGNATURE- 
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a65592ee-839f-4ebd-a7e0-646bed8145e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] T420s and pci passthrough

[jkitt]

So I was unable to get pci passthrough working for any of the USB devices 
without disabling pci_strictreset. What does this option actually do?

Has anyone got any experience with the T420s or the Intel 6 series/c200 
chipset HC?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/635b2b1b-7a4d-499e-b814-ecff79092297%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes - Wine & Security?

[jkitt]

It really depends on what you are installing. You can run Wireshark to find 
out where it's connecting and if it's using HTTPS.

On Saturday, 18 June 2016 20:26:10 UTC+1, 
'093845'0923845'09238'045928'039458 wrote:
>
> Hello,
>
> I installed Wine in a Standalone VM.
>
>
> https://wiki.winehq.org/Wine_User%27s_Guide#How_to_install_and_run_Windows_programs
>
> If I typed wine, I got a .Net Framework installation box.
>
> It seems not so clear, if this "downloads" came from a clean and verified 
> connection.
>
> So Wine will not work properly OR the Standalone VM is probably 
> compromised?
>
> Kind Regards
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/21767d0c-e1da-42ac-81d3-e95701d33410%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes 3.2 rc1 has been released!

[jkitt]

Nice! Since I'm new to Qubes my question would be - "upgrade path" does 
this mean that releases normally can be upgraded via qubes-update-dom0?

On Saturday, 18 June 2016 09:49:02 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> Details here: 
>
> https://www.qubes-os.org/news/2016/06/18/qubes-OS-3-2-rc1-has-been-released/ 
>
> As usual, you can download new image from: 
> https://www.qubes-os.org/downloads/ 
>
> Keep in mind it is only release candidate, so not recommended for daily 
> use. 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXZQr2AAoJENuP0xzK19csn7UH/jCj+lfb6i9FGWXvWZi+2f1j 
> 9Jg+LUNzJmKFtcvUqmzkN75tJ4ErSGPJsOBLZef4b1d0y9xR8Xcv4tfnG09fv+xe 
> lQM+BY0VZ2vWjwyjrKZKyvOA5aDyjA73NFeOW1XFojafl7m3ykef7M2j6cW8eyEz 
> VXq+IetkSFzvGW9yAA3qwxi8QuytbAvih9qPqqqzKLGIPF6bauXxoLNgm4Vqjy37 
> fq91hYD9+/DK3yGN0SlYQv3mojlrKQ+yBSA8S74dRPHeNp/laL/P/zWLWVFKqDng 
> 9e0TZSDAg4igKHlKJ7il9X8A72LnHG3OAIRpAgVTyJ1OwTG3f2KxDxANM7zRgjg= 
> =5mIU 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b57c6139-69c0-40af-bc3a-945137297120%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Debian listening sockets and RPC

[jkitt]

Bump, okay, the "systemd" process turned out to be a service for scanners. 
However, I'm stil not sure whether qubes requires quests to run rpcbind or 
not.

On Sunday, 12 June 2016 13:38:17 UTC+1, jkitt wrote:
>
> I was wondering what listening sockets are required for qubes guests. 
> Specifically rpcbind and systemd have ports listening. Does Qubes require 
> either of these?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb3836b7-770d-4c21-8e0f-88635e756c29%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: i3-configs?

[jkitt]

I  would share mine but it's pretty much the default. There's not really 
much to tinker with in i3 because it's pretty headless. I was going to 
write some scripts to place some VM info in the bar at the bottom but I 
haven't got round to it yet - I will no doubt post them in this group when 
I do.

On Thursday, 16 June 2016 12:43:43 UTC+1, Niels Kobschätzki wrote:
>
> Hi, 
>
> does anyone have their personal i3-config publicly available for Qubes? 
> I like to look at other peoples config to see what they have done or how 
> they solved certain stuff. 
>
> Niels 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/07f50461-58af-4be2-a7c3-dcd892c579b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Controlling pulse form the command line

[jkitt]

Oh.. my bad. I've got ACPID working in a way i want now.

This is going to sound like a really stupid question but there are two n/s 
sections in dnf stdout - one in red; one in white. What's the difference?

On Thursday, 16 June 2016 01:43:41 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On Wed, Jun 15, 2016 at 05:12:33PM -0700, jkitt wrote: 
> > So it appears that pactl or pacmd isn't in qubes Dom0 repository. 
>
> They are - pulseaudio-utils package. 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXYfY1AAoJENuP0xzK19csQVQH/32LFcpScA/3bZHAu7YQRI97 
> nPtNXcsDlnfgsa48xQTTuE+bh+ao06iif+hQYhoq+n7r4gmnQFmk0tobPYoHk1Jl 
> 7pXc4J9vEo6R4WeJJXaq9m5ImnKRKEq8wqUB5yQVkdnLTk7sb1u8gUmeud/AnKdt 
> 7W85csvAJXpXhmiQtCJWE7n23ZFBAPzABohDePvuovDWuSK2r+xvIYchNCOrVv1b 
> Yj+lNNkVBOHycxHoSbXqCgT8Ik8pkBNKe0wyRiQwq8eI6kuv7LkJZu2Ib85gLQ41 
> IVqV74LFpTSUaa+g7BkS6iYem1qgrPvDCeY3muVTEarDQ8NbmxoqYBTbOfeQEoU= 
> =WARD 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1b104d6-2660-4a5f-a82c-a92912e49dbc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Controlling pulse form the command line

[jkitt]

So it appears that pactl or pacmd isn't in qubes Dom0 repository. Any 
suggestions on how I can control Pulse Audio through the command line? 
Apparently it can be done with amixer:

amixer -D pulse sset Master mute

However, the device pulse doesn't exist. amixer without arguments displays 
all the devices - no pulse device.

amixer sset Master mute

Works - but that, i think, is setting it through Alsa - and once Alsa is 
muted Pulse Audio remains muted until explicitly unmuted.. which has to be 
done through pavucontrol.

I'm lost. I've never liked sound on Linux.. it makes my brain hurt.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/22f904e1-cc7e-4bf6-b13c-9654d904af39%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Issues with ACPID in Dom0?

[jkitt]

Oh thanks! Turns out i wasn't setting the display variable.

On Wednesday, 15 June 2016 08:08:28 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On Tue, Jun 14, 2016 at 09:11:41AM -0700, jkitt wrote: 
> > Are there any specific issues with ACPID in Dom0? 
> > 
> > For whatever reason the actions are not being executed. acpi_listen is 
> > displaying the event fine though. 
> > 
> > Is there an alternative? 
>
> It works fine for me. Maybe you've forgotten about some configuration? 
> This is mine: 
>
> [marmarek@dom0 ~]$ cat /etc/acpi/events/lid-close 
> event=button/lid LID close 
> action=/etc/acpi/actions/lid-close.sh 
> [marmarek@dom0 ~]$ cat /etc/acpi/actions/lid-close.sh 
> #!/bin/sh 
> 
> su -c 'DISPLAY=:0 XAUTHORITY=/var/run/lightdm/marmarek/xauthority 
> xscreensaver-command -lock' marmarek 
>
>
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXYP7jAAoJENuP0xzK19csWREH/R3zZ5JHYZGJetja/cI7/ZNx 
> HXPKnprjA02tugWOyInxP58DlgwPVtEk+MK2U+NO0mEFO3ISY0hBGDwX7o+QJroL 
> q9jQp9Yo+JMR/C4YHEiV7eL6WZE4S92Qm2TFQ0pO/zfBdc5QzL4wwjFLJeR/CsO8 
> vWUDAZ9Rp5MPoZ8XsQohd15+1Xz5y6iips911bfSFPhHajxTH/FtRdrnukGh0hVj 
> wzlD7mESfWkZewJCXStpdUQ4sKy3tsAbGndxduaujQRKN/4WHZn9eixggIOd6GW5 
> 42cuMfbsiuyUYQGdobjVpj/x/nmfN0VD9AtzJpnamtWz/Dgdi53QmbGpvLlNbX8= 
> =MUcT 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d8f45a3-389a-41b7-b621-0ca5d80d8d7b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Updating Dom0, Qubes, grumbles, things that need to be fixed and not need to be fixed.

[jkitt]

One of the many benefits of FOSS is that users can contribute - even if 
it's just writing tickets on the issue tracker.

On Wednesday, 15 June 2016 08:11:54 UTC+1, Drew White wrote:
>
> Hi folks,
>
> Please, do not take this whole thing the wrong way.
> It will seem like it is sounding the way it is not sounding, just because 
> of the way
> it is put together. It's all things that I find need to be looked into, 
> things that I know
> need to be fixed, and that I have fixed on my local.
> Hopefully you will understand where I'm coming from and understand this 
> the way I
> intend for it to be understood, and not the way you will most likely take 
> it.
>
>
>
> When will Dom0 be updated to a recent version of something?
>
> If this was CentOS for Dom0 then there would not be this update issue 
> where Fedora
> removes the packages and repositories for their "obsolete" operating 
> systems, and
> you wouldn't have a useless Dom0 that one couldn't get updates for.
>
> This is the problem with Fedora. CentOS is heading the same way slowly 
> after version 7.
>
> But at least they have long term updates and stable system that doesn't 
> have
> invalid repositories after a few months.
>
> Please change the way things are done so that they work long term, not 
> short term.
>
> Or else have a workaround for things to work properly over a long period 
> of time.
>
> Another thing, please get the menu structuring and naming correct, that 
> way we don't
> have to alter your code to make the menus correct.
>
> With Windows HVM Templates and AppVMs wether they are standalone or not, 
> why
> do you have the menus the way they are? Why not build the tools to build 
> the menu
> correctly instead of us having to edit EVERY menu item to get it the way 
> it should
> have been built?
>
> Why is the networking so difficult?
> I have my DNS server set to the parent virtual (proxyvm or netvm) which 
> has the main
> DNS server as the one that's on the network acting as the DNS server, but 
> the
> virtuals can't find it, unless I specify it explicitly.
>
> Why is it that the Qubes-Windows-Tools almost never work?
> Why is it that the tools never set up the screens right?
> Why does it set it up as ONE screen, instead of multiple screens when I 
> use 2+ monitors?
>  (This is the reason you are having the issue and bug that you 
> have with the tools on
> large displays)
>
> When reading https://github.com/QubesOS/qubes-issues/issues/1870
> There are some good ideas, and some that aren't really good at all.
>
> https://github.com/QubesOS/qubes-issues/issues/1870#issuecomment-223055937
> If THAT is what the manager will be like, it has no structure, no layout 
> that is understandable,
> it is designed to be "*wanky*" and not *functional*.
>
> Your current manager needs only altering to work better, and adding onto 
> it. Not a facelift to
> make it look like crap.
>
> The installer doesn't allow for multiple HDDs to be used. It just decides 
> that all HDDs are 1 HDD.
> If I select the smaller HDD that the O/S is going on, and the drive I want 
> /var/lib/qubes to go on,
> then it sets them up as one hdd and just wants me to assign space.
> But that's not what I want. The one that will have the virtuals on it is a 
> mirrored drive, to
> keep my virtuals protected.
> I don't want half of the virtual to be on the main drive and the other 
> half to be on a mirrored drive
> because then if my primary drive dies I won't have the first part of the 
> virtual, only the second.
> That's pretty useless to me.
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67e655bd-2013-460e-8653-a2e4f3bc9aaf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change WM_CLASS(STRING) on domain windows

[jkitt]

That's a good idea - thanks. I will certainly choose something soon enough. 
I'm currently reading through the developer documentation.

Thanks!

On Tuesday, 14 June 2016 21:46:42 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On Tue, Jun 14, 2016 at 06:39:18AM -0700, jkitt wrote: 
> > Soon is good. Are the qvm-tools something I can contribute to? I will be 
> > making something for myself anyway and it will be properly tested. 
>
> If you just want to work on something useful, take a look at qubes 
> issues with label "help wanted". 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXYG0qAAoJENuP0xzK19csG2oH/A7eDnbWfT6ddel0IyOk3eYt 
> Vv/qg2hFpIFWz4rveDmRUNehotnt5FiqD+0SxRSKykugf5Qka6XgeMpgTubJ/1hM 
> jKhHeybsPHixuxQEM5zphVyohtzE+u7vEL9ytDu+nmK/V1gDHV6N7LAkiVQmqeee 
> LcNl781nINjIf5Mlsj86jB1BQYYZSIlLIaNPt9vcAFpoR3ztvqVrZvGBzMD0hUzG 
> 5/OL2ODP3kIt7Mq7tMuuwo3CqcgZOELX353rzWmMBkbXEK1X+0zeRtGq1IvzSp6s 
> QTJ4BRvaojU4Y3n91yPG1eVkEiNzF/QNtA1Fy4h0fvxz9IU0hlZwGhyl0TKxgV4= 
> =QY9O 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fedbd925-9102-421d-96c2-ff86aa7d0ed3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Issues with ACPID in Dom0?

[jkitt]

Are there any specific issues with ACPID in Dom0?

For whatever reason the actions are not being executed. acpi_listen is 
displaying the event fine though.

Is there an alternative?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25af8809-51ea-41ad-b005-bdc0fe71278b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change WM_CLASS(STRING) on domain windows

[jkitt]

Soon is good. Are the qvm-tools something I can contribute to? I will be 
making something for myself anyway and it will be properly tested.

On Tuesday, 14 June 2016 13:02:36 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On Tue, Jun 14, 2016 at 04:59:19AM -0700, jkitt wrote: 
> > That's great! What's the rough timescale for 3.2? 
>
> "soon" 
>
> > Also, can you point me in the direction of the repository that contains 
> the 
> > cli tools? I wish to have a look at qvm-run. 
>
> https://github.com/QubesOS/qubes-core-admin/tree/master/qvm-tools 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXX/JTAAoJENuP0xzK19cspXIH/2VWdBdXkVSRxezoAEcuKLza 
> vIpOb/2AYAsGBY+IMXRXRT9z8J5D2+b+CqCmMyRsrXqhKKPgsRETFo5/pIFXON8L 
> WNYZnyUn4i1PO0BSsiXFUXC3FRzv0qlqwo02HlE2mZW1pp3ntCgcrWXvm2FArS3c 
> nLwCoZQIZEJScMFrP3PtFykYQocw6OboOja8EquYO13bnVdZteK2dfbhDc5k8fZN 
> k7jvUPtMSnSmgRldOc6t/0HPhSW0gw4ey+zwdKc+Kj3p3unVVaMNqAmPz4IhDeAx 
> xq64m60GhuQUHuwK40NhqjTBjN7ulcvdaH6RnIrUyxKy7CKSfg67xtZZshb4cyg= 
> =YigO 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/63bbec6e-d3ad-4466-a022-93dbb79cfb28%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Change WM_CLASS(STRING) on domain windows

[jkitt]

That's great! What's the rough timescale for 3.2?

Also, can you point me in the direction of the repository that contains the 
cli tools? I wish to have a look at qvm-run.

Thanks!

On Tuesday, 14 June 2016 04:26:30 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE- 
> Hash: SHA256 
>
> On Mon, Jun 13, 2016 at 06:31:49PM -0700, jkitt wrote: 
> > Is there a quick and easy way to do this? 
> > 
> > I need to change both the class and instance strings for i3wm. 
>
> https://github.com/QubesOS/qubes-issues/issues/1953 
>
> In short: is/will be in Qubes 3.2 
>
> - -- 
> Best Regards, 
> Marek Marczykowski-Górecki 
> Invisible Things Lab 
> A: Because it messes up the order in which people normally read text. 
> Q: Why is top-posting such a bad thing? 
> -BEGIN PGP SIGNATURE- 
> Version: GnuPG v2 
>
> iQEcBAEBCAAGBQJXX3leAAoJENuP0xzK19csWv0IAInjOuvKEi6kkgjBcUmQZQ4S 
> 73lyy22Ild4xaVnG9114fsUQHyQ6PQ5x7NZ2Dgw15bjqp48R06oDEb0rPIxSDriy 
> W4eWvGem5Ym815s+ufrqUIOwDmw57nWy29nZ3+QN6tJN2pd6z8K9JGyc7Bm582Yr 
> gcT0M1o4Vhdxg+RJ99gdvk/eKaYwRPA5MhiM7W500QTeHLiFcBfhgbvlUptL/nHO 
> THXhGj4n2qDWy94er6jTYRdUdKwIc2FgJ9pNYNwtomVQBp0kFeyRjQCaIzXpIvfF 
> O2AVaRJlAbMzQ2UiwbKva51HtZDYlX0758i1hmZTDAFxYLLYJTl+kncTuyIvSLM= 
> =6j/B 
> -END PGP SIGNATURE- 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11012dd8-ac80-486b-af65-1b41a536f8a9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Change WM_CLASS(STRING) on domain windows

[jkitt]

Is there a quick and easy way to do this?

I need to change both the class and instance strings for i3wm.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d1ce9d8d-cf05-465c-8a90-1b3328d609da%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes-Cheatsheet user feedback request

[jkitt]

Great! Most of the commands are quite easy to remember anyway but there's a 
lot of xen specific stuff in there that's very useful - plus a few extra 
commands I didn't know about.

I'll be using this as a reference for a lot of things.

On Saturday, 11 June 2016 15:35:16 UTC+1, J. Eppler wrote:
>
> Hello, 
>
> what would you change or add to the Qubes Cheatsheet?
>
> link to the Cheatsheet: https://github.com/Jeeppler/qubes-cheatsheet
>
> I am eager to get your feedback :-)
>
> Best regards
>   J. Eppler
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7386f032-a631-4188-9f2a-c7eb0710e80f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Anyone got any interesting scripts for i3wm they wish to share?

[jkitt]

Since i3 is without most of th pointy clicky benefits I was wondering if 
any of you guys have any scripts that make life easier. I was thinking 
about writing a python script to control VM applications and domains with 
little effort.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0bdc179-0c95-4ea9-b716-35d71959c26d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Apt attempting to remove packages in whonix-gw

[jkitt]

I'm trying to remove some applications that I don't need (like VLC).

The problem is that apt attempts to remove a number of packages that I'm 
not sure if i need or not - some of the whonix-gw/qubes specific packages 
seem reasonably important. 

1. Are these packages needed? What are the for - the initial install?

2. Also would it be safe to autoremove? Given the huge list of packages in 
the autoremove section.

The last time i done autoremove the whonix-gw complained that the 
"qubes-whonix-gateway" package was missing.

Thanks.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ec4d6d89-9239-4edd-95e4-dcec95dd3f67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


apt-get.out
Description: Binary data