[qubes-users] Re: qubes-rufus-windows7

2017-02-25 Thread qmastery16
четверг, 23 февраля 2017 г., 12:45:43 UTC-5 пользователь руслан шатдинов 
написал:
> hello
> i wrote QubesOS on my USB-flash with DD-form option, but Windows7 doesnt see 
> this USB-flash-disk
> but
> ACRONIS can see this disk
> 
> why it doesnt for windows?

You need to boot Qubes OS USB drive from BIOS. Do not try to start it from 
Windows 7. Windows 7 probably does not support the filesystem of Qubes OS 
flashdrive, that is why you are unable to open it

Вы должны загрузить Qubes OS USB диск из BIOS. Не пытайтесь запустить его из 
Windows 7. Windows 7, возможно, не поддерживает файловую систему, которая 
находится на флэшку Qubes OS, поэтому вы не можете открыть его

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4546d49c-6b45-4a37-a32a-a5d567610498%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

2017-01-26 Thread qmastery16
четверг, 26 января 2017 г., 6:12:56 UTC+3 пользователь jkitt написал:
> On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com  wrote:
> 
> > I was sad when installed VirtualBox, tried launching it and it said that 
> > something like "not supported on Xen hosts"
> 
> But why would you want to do that? You already have virtual machines at your 
> disposal..

I need to use one app which is Mac OS X only and is not a cross platform 
(doesn't have a version for Linux or Windows). So I wanted to install a 
Hackintosh, but - while there are plenty of instructions about how to do it at 
VirtualBox and VMWare, there are no instructions for Xen. And I doubt that it 
could be done for Xen, because at their instructions for VirtualBox and VMWare 
they are setting up virtual machine's UEFI to make it be acceptable by Mac OS 
X, meanwhile - Xen does not have its own UEFI so I guess it cant be done there 
(one person tried some time ago, but without success - 
http://wiki.osx86project.org/wiki/index.php/Snow_Leopard_Server_on_Xen )

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d2da9f2d-513c-493e-b83f-292e17f7a494%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

2017-01-24 Thread qmastery16
вторник, 24 января 2017 г., 12:50:56 UTC+3 пользователь pixel fairy написал:
> On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote:
> > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
> > e5f3c2ea89...@tutanota.com написал:
> > > ... It makes you feel significantly less safe when using anything other 
> > > than Qubes :]
> > 
> > Haha you are a master of clickbait titles :]
> 
> lets make it real then.
> 
> - picky about hardware. probably the biggest issue now.
> 
> - no 3d acceleration. xengt / kvmgt might fix that, but last i checked, that 
> was a huge attack surface which no one at itl wants go over.
> 
> - some hardware will have performance issues even just watching videos as a 
> result of the above.
> 
> - no nested virtualization. again, big, complex attack surface. two common 
> use cases are vagrant and android development.
> 
> - only a few border colors to choose for appvms, so its easy to end up re 
> using colors.
> 
> - for some reason, dom0 borders are blue, one of the appvm colors. 
> 
> - you can copy / paste, but not copy / autotype into a vm. the support seems 
> to be in the gui protocol, just no interface to do it. tried to script it 
> with xdotool, but couldnt get window ids. 
> 
> thats all i can think of as real disadvantages. i would like to see qubes on 
> wayland. i think it greatly reduce attack surface and probably benefit 
> performance.
>
> also, no support for ipv6, though i think thats slated for qubes 4.x
>

> no 3d acceleration

There is 3D acceleration but its only for dom0 (on Qubes R3.2 it is through 
Mesa 11.1.0 which gives OpenGL)

> no nested virtualization

I was sad when installed VirtualBox, tried launching it and it said that 
something like "not supported on Xen hosts" :P At other Linux distros it is 
possible to nest virtualizations one inside another, but only for 32 bit OS for 
inside VMs (last time I checked)

> no support for ipv6

not really a problem. it is 2017 and I still haven't encountered any situation 
where IPv6 is actually being used, despite working a lot with computers and 
routers (IPv6 is there but nobody is using it... Never ever had to use those 
ridiculous IPv6 addresses, yet)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00befe3c-b949-48e2-a668-c2adaaa8031d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: new air-gapped security distro

2017-01-22 Thread qmastery16
воскресенье, 22 января 2017 г., 4:28:32 UTC+3 пользователь Syd Brisby написал:
> There's a new air-gapped security distro that is just CD-sized and loads into 
> RAM. It also recognises the threat of wirelessly leaked data. Unfortunately, 
> it's only bitcoin-focused, but it is Debian-based and has a web browser, so 
> it could be useful.
> 
> https://bitkey.io

I know a TempleOS operating system. This whole OS, kernel, all userspace & 
apps, compiler, assembler, unassembler, etc., even a special programming 
language for it, - over 10 years everything has created by a single genius man 
who hates CIA niggers with a passion ! TempleOS does not support networking, so 
its truly air-gapped ;) Lots of interesting stuff in this OS, even some games 
like 3D shooter and 3D flight simulator.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f338048-7995-4d95-ac9a-47194e21bbe9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

2017-01-22 Thread qmastery16
суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
e5f3c2ea89...@tutanota.com написал:
> ... It makes you feel significantly less safe when using anything other than 
> Qubes :]

Haha you are a master of clickbait titles :]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/386ce3bd-71aa-4ae5-a326-2e4b1835d5b8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Lenovo G505S Coreboot

2017-01-19 Thread qmastery16
четверг, 19 января 2017 г., 18:31:35 UTC+3 пользователь Asterysk написал:
> On Thursday, 19 January 2017 17:28:12 UTC+4, qmast...@gmail.com  wrote:
> > четверг, 19 января 2017 г., 12:16:12 UTC+3 пользователь qmast...@gmail.com 
> > написал:
> > > четверг, 19 января 2017 г., 7:08:46 UTC+3 пользователь Asterysk написал:
> > > > On Thursday, 19 January 2017 03:04:32 UTC+4, tai...@gmx.com  wrote:
> > > > > As always physical access is a checkmate situation, you need to not 
> > > > > be 
> > > > > an idiot and don't leave your stuff in overseas hotel rooms or not 
> > > > > have 
> > > > > secure locks on your door.
> > > > 
> > > > Unless USB port seals (e.g. 
> > > > http://www.padjack.com/padjack-versions/usb-port-lock/) are put in 
> > > > place as soon as the laptop is removed from the manufacturers box it is 
> > > > impossible to know whether someone has installed a device that has in 
> > > > turn infected firmware. A similar situation for any DMA access ports 
> > > > (Thunderbolt etc) 
> > > > 
> > > > I'm interested in being able to take a possibly infected laptop (i.e. 
> > > > infected with firmware malware) and reset it to a known safe starting 
> > > > point. Coreboot seems to handle the BIOS (thank you for clarification 
> > > > that it completely rewrite legacy and UEFI). Replacing the HD with a 
> > > > new SSD should handle that firmware attack vector. That leaves the 
> > > > other EEPROMS.
> > > > 
> > > > I figure, if I'm going to strip down my G505S to reflash with Coreboot, 
> > > > I should see what other EEPROMs I can reflash.
> > > > 
> > > > Apart from the obvious RAM and SSD upgrade and possible putting 
> > > > switches on peripherals, are there any other hardware mods you can 
> > > > suggest for the G505S.
> > > > 
> > > > Having sorted out the hardware, I am then going to be looking to use 
> > > > Qubes to protect against any attempts to reflash through Malware and 
> > > > after thats done, I'll be looking for ways to detect that any attack is 
> > > > being attempted.
> > > > 
> > > > All in all I think I've got about a years work ahead !
> > > 
> > > To reduce the number of "EEPROMs" you could disconnect: a touch pad, DVD 
> > > drive, web camera ; Maybe also a small board with LS-9901P part number 
> > > (dont confuse with LA-9901P), see its' google pictures online - and 
> > > according to G505S laptop's LA-A091P motherboard datasheet (which also 
> > > contains a datasheet for laptop's smaller boards) this board has a 
> > > Realtek chip for card reader. By the way, you could either find out what 
> > > lines of flex cable the card reader is using, and install a custom jumper 
> > > on them ; or maybe get a flex cable with the same number of pins / same 
> > > pitch between them , find (from datasheet?) what lines that lonely USB 
> > > port is using to get to Bolton-M3 FCH, get a USB female header and solder 
> > > a custom adapter which adds only a USB port to laptop (so no card reader 
> > > chip). Probably the hardest thing to do is to disconnect a web camera - 
> > > you will need to tear down a screen which is quite risky. BTW screen also 
> > > contains the internal reprogrammable memory (e.g. for storing EDID), and 
> > > a malicious firmware could cause screen to transfer information through 
> > > electromagnetic impulses (TEMPEST? - 
> > > http://www.surasoft.com/articles/tempest.php )
> > > 
> > > Actually it is possible to remove a motherboard with CPU, CPU Fan, 
> > > Heatsink, Power Jack Wire, and Power Button Board attached (could make a 
> > > custom power button adapter with huge convenient buttons!) and create a 
> > > custom case for all this stuff. If you are lucky you could find someone 
> > > selling a used G505S with broken screen for very cheap price, and do 
> > > that. This way you avoid webcam, screen, dvd drive, touchpad, card reader 
> > > chip, and internal keyboard (see below why)
> > > 
> > > Maybe don't need to seal the USB ports yet: it not just seriously 
> > > reducing the usability of this laptop, but also makes it impossible to 
> > > connect a USB keyboard. Maybe you would prefer that, when you type, your 
> > > keystrokes are going through external keyboard's USB controller, rather 
> > > than through laptop's Embedded Controller KB9012 which has a closed 
> > > source firmware and controls PS/2-like laptop's internal keyboard. You 
> > > could make your own open hardware USB keyboard with open source firmware, 
> > > and using it will be slightly safer (and slightly less convenient) than 
> > > laptop's internal one
> > > 
> > > Also, another possible hardware mod (not related to security) - instead 
> > > of DVD drive you could install a fan for extra cooling, see 
> > > http://forum.notebookreview.com/threads/10mm-5v-cooler-instead-of-laptops-dvd-slimline-sata.797064/
> > >  . Although dont know if it worth it, because some really great external 
> > > USB coolers are available - 
> > > 

Re: [qubes-users] Re: Lenovo G505S Coreboot

2017-01-19 Thread qmastery16
четверг, 19 января 2017 г., 12:16:12 UTC+3 пользователь qmast...@gmail.com 
написал:
> четверг, 19 января 2017 г., 7:08:46 UTC+3 пользователь Asterysk написал:
> > On Thursday, 19 January 2017 03:04:32 UTC+4, tai...@gmx.com  wrote:
> > > As always physical access is a checkmate situation, you need to not be 
> > > an idiot and don't leave your stuff in overseas hotel rooms or not have 
> > > secure locks on your door.
> > 
> > Unless USB port seals (e.g. 
> > http://www.padjack.com/padjack-versions/usb-port-lock/) are put in place as 
> > soon as the laptop is removed from the manufacturers box it is impossible 
> > to know whether someone has installed a device that has in turn infected 
> > firmware. A similar situation for any DMA access ports (Thunderbolt etc) 
> > 
> > I'm interested in being able to take a possibly infected laptop (i.e. 
> > infected with firmware malware) and reset it to a known safe starting 
> > point. Coreboot seems to handle the BIOS (thank you for clarification that 
> > it completely rewrite legacy and UEFI). Replacing the HD with a new SSD 
> > should handle that firmware attack vector. That leaves the other EEPROMS.
> > 
> > I figure, if I'm going to strip down my G505S to reflash with Coreboot, I 
> > should see what other EEPROMs I can reflash.
> > 
> > Apart from the obvious RAM and SSD upgrade and possible putting switches on 
> > peripherals, are there any other hardware mods you can suggest for the 
> > G505S.
> > 
> > Having sorted out the hardware, I am then going to be looking to use Qubes 
> > to protect against any attempts to reflash through Malware and after thats 
> > done, I'll be looking for ways to detect that any attack is being attempted.
> > 
> > All in all I think I've got about a years work ahead !
> 
> To reduce the number of "EEPROMs" you could disconnect: a touch pad, DVD 
> drive, web camera ; Maybe also a small board with LS-9901P part number (dont 
> confuse with LA-9901P), see its' google pictures online - and according to 
> G505S laptop's LA-A091P motherboard datasheet (which also contains a 
> datasheet for laptop's smaller boards) this board has a Realtek chip for card 
> reader. By the way, you could either find out what lines of flex cable the 
> card reader is using, and install a custom jumper on them ; or maybe get a 
> flex cable with the same number of pins / same pitch between them , find 
> (from datasheet?) what lines that lonely USB port is using to get to 
> Bolton-M3 FCH, get a USB female header and solder a custom adapter which adds 
> only a USB port to laptop (so no card reader chip). Probably the hardest 
> thing to do is to disconnect a web camera - you will need to tear down a 
> screen which is quite risky. BTW screen also contains the internal 
> reprogrammable memory (e.g. for storing EDID), and a malicious firmware could 
> cause screen to transfer information through electromagnetic impulses 
> (TEMPEST? - http://www.surasoft.com/articles/tempest.php )
> 
> Actually it is possible to remove a motherboard with CPU, CPU Fan, Heatsink, 
> Power Jack Wire, and Power Button Board attached (could make a custom power 
> button adapter with huge convenient buttons!) and create a custom case for 
> all this stuff. If you are lucky you could find someone selling a used G505S 
> with broken screen for very cheap price, and do that. This way you avoid 
> webcam, screen, dvd drive, touchpad, card reader chip, and internal keyboard 
> (see below why)
> 
> Maybe don't need to seal the USB ports yet: it not just seriously reducing 
> the usability of this laptop, but also makes it impossible to connect a USB 
> keyboard. Maybe you would prefer that, when you type, your keystrokes are 
> going through external keyboard's USB controller, rather than through 
> laptop's Embedded Controller KB9012 which has a closed source firmware and 
> controls PS/2-like laptop's internal keyboard. You could make your own open 
> hardware USB keyboard with open source firmware, and using it will be 
> slightly safer (and slightly less convenient) than laptop's internal one
> 
> Also, another possible hardware mod (not related to security) - instead of 
> DVD drive you could install a fan for extra cooling, see 
> http://forum.notebookreview.com/threads/10mm-5v-cooler-instead-of-laptops-dvd-slimline-sata.797064/
>  . Although dont know if it worth it, because some really great external USB 
> coolers are available - 
> https://www.aliexpress.com/item/Mini-LCD-Vacuum-USB-Cooler-Air-Extracting-Cooling-Fan-Turbo-Radiator-Low-Noise-Desgin-for-Laptop/32231641439.html

Please read a message above... If we are talking about the motherboard, main 
board of this laptop : aside from 4MB BIOS flash chip and 128KB EC KB9012's 
internal memory, I am not aware about any other "EEPROMs" on this board which 
could be reflashed and how to reflash them. Well, there is probably a CMOS 
memory somewhere, but I dont know where it is located and dont know how to 
access 

Re: [qubes-users] Re: Lenovo G505S Coreboot

2017-01-19 Thread qmastery16
четверг, 19 января 2017 г., 7:08:46 UTC+3 пользователь Asterysk написал:
> On Thursday, 19 January 2017 03:04:32 UTC+4, tai...@gmx.com  wrote:
> > As always physical access is a checkmate situation, you need to not be 
> > an idiot and don't leave your stuff in overseas hotel rooms or not have 
> > secure locks on your door.
> 
> Unless USB port seals (e.g. 
> http://www.padjack.com/padjack-versions/usb-port-lock/) are put in place as 
> soon as the laptop is removed from the manufacturers box it is impossible to 
> know whether someone has installed a device that has in turn infected 
> firmware. A similar situation for any DMA access ports (Thunderbolt etc) 
> 
> I'm interested in being able to take a possibly infected laptop (i.e. 
> infected with firmware malware) and reset it to a known safe starting point. 
> Coreboot seems to handle the BIOS (thank you for clarification that it 
> completely rewrite legacy and UEFI). Replacing the HD with a new SSD should 
> handle that firmware attack vector. That leaves the other EEPROMS.
> 
> I figure, if I'm going to strip down my G505S to reflash with Coreboot, I 
> should see what other EEPROMs I can reflash.
> 
> Apart from the obvious RAM and SSD upgrade and possible putting switches on 
> peripherals, are there any other hardware mods you can suggest for the G505S.
> 
> Having sorted out the hardware, I am then going to be looking to use Qubes to 
> protect against any attempts to reflash through Malware and after thats done, 
> I'll be looking for ways to detect that any attack is being attempted.
> 
> All in all I think I've got about a years work ahead !

To reduce the number of "EEPROMs" you could disconnect: a touch pad, DVD drive, 
web camera ; Maybe also a small board with LS-9901P part number (dont confuse 
with LA-9901P), see its' google pictures online - and according to G505S 
laptop's LA-A091P motherboard datasheet (which also contains a datasheet for 
laptop's smaller boards) this board has a Realtek chip for card reader. By the 
way, you could either find out what lines of flex cable the card reader is 
using, and install a custom jumper on them ; or maybe get a flex cable with the 
same number of pins / same pitch between them , find (from datasheet?) what 
lines that lonely USB port is using to get to Bolton-M3 FCH, get a USB female 
header and solder a custom adapter which adds only a USB port to laptop (so no 
card reader chip). Probably the hardest thing to do is to disconnect a web 
camera - you will need to tear down a screen which is quite risky. BTW screen 
also contains the internal reprogrammable memory (e.g. for storing EDID), and a 
malicious firmware could cause screen to transfer information through 
electromagnetic impulses (TEMPEST? - 
http://www.surasoft.com/articles/tempest.php )

Actually it is possible to remove a motherboard with CPU, CPU Fan, Heatsink, 
Power Jack Wire, and Power Button Board attached (could make a custom power 
button adapter with huge convenient buttons!) and create a custom case for all 
this stuff. If you are lucky you could find someone selling a used G505S with 
broken screen for very cheap price, and do that. This way you avoid webcam, 
screen, dvd drive, touchpad, card reader chip, and internal keyboard (see below 
why)

Maybe don't need to seal the USB ports yet: it not just seriously reducing the 
usability of this laptop, but also makes it impossible to connect a USB 
keyboard. Maybe you would prefer that, when you type, your keystrokes are going 
through external keyboard's USB controller, rather than through laptop's 
Embedded Controller KB9012 which has a closed source firmware and controls 
PS/2-like laptop's internal keyboard. You could make your own open hardware USB 
keyboard with open source firmware, and using it will be slightly safer (and 
slightly less convenient) than laptop's internal one

Also, another possible hardware mod (not related to security) - instead of DVD 
drive you could install a fan for extra cooling, see 
http://forum.notebookreview.com/threads/10mm-5v-cooler-instead-of-laptops-dvd-slimline-sata.797064/
 . Although dont know if it worth it, because some really great external USB 
coolers are available - 
https://www.aliexpress.com/item/Mini-LCD-Vacuum-USB-Cooler-Air-Extracting-Cooling-Fan-Turbo-Radiator-Low-Noise-Desgin-for-Laptop/32231641439.html

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80b3bae1-4efe-44eb-bbe2-d45d459db4ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Installation Problems; Qubes 3.2

2017-01-17 Thread qmastery16
вторник, 4 октября 2016 г., 22:10:17 UTC+3 пользователь habib.b...@gmail.com 
написал:
> I have a brand new Lenovo t450s I just bought for the purpose of installing 
> qubes onto it and I have thoroughly followed all the instructions
> 
> Iam using a USB device which I used Rufus to instal the ISO image in DD mode 
> and then I went into xen.cfg and did exactly as instructions stated to add 
> 
> mapbs=1
> noexitboot=1
> 
> To each kernel but it keeps getting stuck in boot loop
> 
> Someone please help
> Thanks

You could try installing Qubes 3.1 and then upgrading it to Qubes 3.2
Yes, it is time consuming and not really a solution, but maybe it could help to 
clarify what is wrong

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd6a2e3a-d091-4cad-995f-95e08eac7a9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] [whonixcheck] HOWTO fix "nonfree packages found" if you already removed them

2017-01-16 Thread qmastery16
Your whonix setup could complain about nonfree packages, even if you have 
already uninstalled them: "Non-free packages with status other than installed" 
VRMS error message from whonixcheck script (Whonix-Check).

The only answer I've found about what to do in this situation is "sudo apt-get 
clean" - but it either didnt solve this issue at all, or solved it only 
partially (not completely!), and so I still was getting this issue even though 
I have removed this non-free package long time ago...

However, the following command has helped me to finally fix this problem:

sudo apt-get --purge remove 

For example:

sudo apt-get --purge remove libfaac0

(libfaac0 is the only non free package I have accidentally encountered during 
the recent days)

Hope that helps!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27825bd3-1329-4f4b-ba0a-fb568e215fd6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Prob installing VLC in Fedora24 Template

2017-01-15 Thread qmastery16
Saturday, 14 January 2017 г., 12:15:17 UTC-5 Arnulf Maria Bultmann wrote:
> > > did you try this?  You can remove cached packages by executing 'dnf clean 
> > > packages'
> > 
> > Yes I tried it several times with the same result
> 
> I solved my problem by downloading the rpm in a appvm and then copying it to 
> the template vm. But it should work in the template vm without work around. 
> Or?

You could have tried cloning a vlc git repository and compiling it from source 
https://wiki.videolan.org/UnixCompile/ This way you would have had a more 
recent vlc 3.0 (rpm which you have installed is from older git revision) BTW 
there is no stable vlc 3.0 yet, only development versions

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/27479c47-48fa-4507-a3b3-a65e028ad4c8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: MacBook Pro retina 2015

2017-01-15 Thread qmastery16
Sunday, 15 January 2017 г., 11:25:56 UTC-5 user Steve wrote:
> On Sunday, January 15, 2017 at 3:20:46 AM UTC+4, Andrew Densmore wrote:
> > I was planning on installing qubes on my macbook pro 2015 but even if it is 
> > compatible, is it worth having to deal with all the apparent problems with 
> > installing on a mac or should I just try to dual boot it on my PC?
> 
> I too would be very interested to know. At the moment I have Qubes nicely 
> installed on an HP Elitebook but would rather have it on my Mac (and look at 
> a Hackintosh solution to OSX in a Domain)

I tried looking for that "Hackintosh solution" yesterday, OS X in a Domain 
seems quite hard to accomplish. Cant find any successful reports about running 
any recent OS X in HVM Xen Domain (macOS Sierra, or El Capitan at least)
Someone tried to do it with Snow Leopard, but no luck - 
http://wiki.osx86project.org/wiki/index.php/Snow_Leopard_Server_on_Xen

Seen some instructions about running macOS Sierra in Virtual Box, but sadly 
Virtual Box can't be used in a Xen environment (and same goes for closed source 
VMWare)

if you have any ideas about how it could be done, please drop them here

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0bc7de9d-a9d8-4ac4-ac0f-3a186e7c3f95%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Can anyone recommend a video card for Qubes

2017-01-14 Thread qmastery16
Saturday, 14 January 2017 г., 14:20:23 UTC-5 tai...@gmx.com wrote:
> On 01/14/2017 12:15 PM, qmastery wrote:
> 
> > Saturday, 14 January 2017 г., 5:01:34 UTC-5 Chris Willard написал:
> >> Hello All,
> >>
> >> I  am  using my on-board video but only getting 1024x768 resolution so
> >> wondered if there is another video card type I could use.
> >>
> >> -- 
> >> Best regards,
> >> Chris
> >>
> > any AMD graphic card should be great for Qubes, because AMD has pretty good 
> > open source drivers for Linux. Dont get NVIDIA because in that case you 
> > would have to use NVIDIA closed source drivers with hidden backdoors and 
> > proven telemetry; nouveau is still not in a good shape, probably because no 
> > real assistance from NVIDIA - they want everyone to use their closed source 
> > stuff
> >
> Wait the nvidia linux drivers have telemetry?
> I thought it was only windows, and only if you install the "geforce 
> experience".
> 
> Irreguardless nvidia is an awful company that adds "bugs" to nerf 
> featuresets on non-windows platforms, and they make it hard to attach 
> the card to a virtual machine (ex: error 43).
> 
> Just say NO to binary blobbed hardware.

Yes, you are correct, maybe I am wrong here... After that experience when I 
uninstalled a Geforce Experience from my friend's Windows PC, but telemetry 
"virus" wasn't removed and continued to work until I wiped those nvidia 
telemetry executable files manually using Ubuntu LiveCD - the remains of my 
trust to this company has been completely lost. Maybe it is more safe to assume 
that their telemetry is in all their software, and the best way to avoid it is 
to stop using NVIDIA products. The source is closed, and we just can't verify 
with 100% confidence that their latest Linux drivers don't have a telemetry as 
well, they had plenty of time to build in telemetry into Linux drivers and 
conceal it

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20649aef-b739-4409-8023-35e1c3efe1aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] New Lenovo laptops: X1 (4th Gen), T460/p, and T560

2017-01-14 Thread qmastery16
26 December 2016 г., 18:00:43 UTC-5 tai...@gmx.com написал:
> Lenovo is a shitty company if you care about security, they have stuck 
> irremovable rootkits their BIOS 4 separate times and they are partially 
> owned by the PRC government

Having a PRC backdoor is better than NSA one! (most laptop companies are 
American, so...) By the way, why not to get a Lenovo G505S laptop?
1) It is the latest AMD-based laptop which is supported by coreboot open source 
BIOS (so no closed source BIOS backdoors), and it does not have Intel ME 
backdoor. G505S's APUs are Richland - the last generation before AMD started to 
embed their own version of Intel ME, "AMD Security Processor" or PSP ( 
http://www.extremetech.com/wp-content/uploads/2013/11/AMDRoadmap-Mobility.png ) 
Although a closed source vga blob is still required for working graphics, 
luckily a coreboot's YABEL prevents the possible undocumented accesses of vga 
blob to other PCI devices
2) Supported by Qubes 3.2 - see HCL, 
https://groups.google.com/d/msg/qubes-users/TS1zfKZ7q8w/JQFkVF4xBgAJ . Most 
likely to be supported by Qubes 4.0 ( HVM=y, IOMMU=y, SLAT=y) and seems to meet 
its certification criteria so far - 
https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/ <-- 
webcam could be covered, speakers and wireless card are not soldered and could 
be removed, and just checked the last concerning thing - embedded microphone is 
a PCI device, not USB connected ;) 
3) High end version of G505S has a top of the Richland generation A10-5750M 
APU, 3352 score at Passmark cpu-benchmark. If to compare with i5-6200U of 
Lenovo T460s, 3933 score - 17% faster. But i5-6200U is dual core, while 
A10-5750M is quad core. Also, despite being three years older, A10-5750M 
integrated graphics is faster than of i5-6200U. According to Passmark: Intel HD 
520 - 844 G3D score, AMD HD 8650G - 950 G3D score, 13% faster.
3) In contrast with many modern laptops, G505S has two slots for RAM (instead 
of one) and its RAM is not soldered. That means: when your RAM fails a memtest 
after some years, instead of paying a fortune for the RAM chips replacement you 
could just remove RAM and install a new one. Also you could easily upgrade to 
16 GB RAM (2x8GB), which helps not to think of RAM usage while using Qubes 
(currently running 14 VMs at the same time, with a lot of applications started, 
and they eat just 13 GB out of 16 GB)
4) G505S has either integrated or both integrated and discrete graphics 
(depends on G505S version). In any case, it is AMD only - which has great open 
source drivers for Linux. No need for NVIDIA closed source proprietary drivers 
with telemetry...
5) Almost all the components could be replaced by user, even a CPU is not 
soldered. Easy to tear down a laptop and assemble it back. Thanks to open 
source BIOS, no WiFi card whitelist, so possible to install any wireless card 
which has open source drivers for Linux (such as AR9462)
Currently it is almost impossible to buy a new G505S, but the used ones are 
selling for cheap (e.g. 3 auctions currently at eBay for G505S version with 
A10-5750M APU, 1 UK and 2 US-based, one of them with buy it now price $250 - 
half of the original $500)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9e475d58-682b-4a38-973e-f19d45521cab%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Disable Intel ME

2017-01-14 Thread qmastery16
On 14 January 2017, 3:50:52 Reg Tiangha wrote:
> On 2017-01-13 5:57 PM, Connor Page wrote:
> > thank you for the link. I have successfuly tried it on a Haswell notebook. 
> > it doesn't disable ME but (supposedly) limits it's functionality by 
> > removing all modules but 2.
> > 
> 
> I'm curious:  Does one absolutely need an external hardware flasher to
> do this procedure, or are there software tools that can be used within
> Windows or Linux to flash the ME with the modified image?

Yes, of course you need an external hardware flasher, because it is a laptop. 
Laptops have EC embedded controller, which interferes with "software" internal 
flashing and makes it either fail completely, or write a corrupted BIOS image 
(which would result in computer not booting next time). That is why in 
flashrom, a flag for internal flashing on laptops is: -p 
internal:laptop=force_I_want_a_brick . See more information here - 
https://www.flashrom.org/Laptops
About external hardware flashing: this method is described in great detail here 
- http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate 
although most of the time it talks about Bus Pirate programmer, this method is 
almost the same for CH341A - which is the cheapest hardware programmer 
supported by flashrom (costs just $2-$3). Just a slightly different flashrom 
command - mentioned at the end of this article. It will be great if you could 
reproduce this method - not just for the sake of reflashing a BIOS of your 
laptop to remove ME, but also you will be able to reflash other laptops who 
failed a BIOS update and now not booting, - probably earning some good money on 
it

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f3c9d94a-9501-49ba-8667-60e7025200c9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Can NOT get Broadcom BCM43602 Wifi Card working , DELL XPS 15 9950- Qubes sys-net freezes/ crashes

2017-01-09 Thread qmastery16
Tuesday, 4 August 2016, 17:45:39 UTC+3 kelo wrote:
> anyone knows a solution to get it working somehow with this specific dell xps 
> 15 wirless card the 
>  Broadcom BCM43602 .  Im not an expert with anything terminal related.

Broadcom wireless cards always require proprietary closed drivers, which are 
probably not just full of backdoors but also contain a lot of badly written 
code with security vulnerabilities and bugs. Their hardware is not good 
either... maybe Broadcom could be acceptable for Windows users, but it really 
sucks for Linux ! At the same time, wireless cards of Atheros ath9k family - 
are running on 100% open source drivers, and giving a quite good quality/power 
of signal. https://wikidevi.com/wiki/Atheros <--- from this list, I recommend 
Atheros AR9462, it is the best card of ath9k family - supports 2.4GHz & 5GHz 
WiFi networking, as well as Bluetooth 4.0 . It works flawlessly with QubesOS, I 
have tested it. AR9462 could be received from AliExpress or eBay for less than 
$10, shipping included, so there are no reasons to continue struggling with low 
end Broadcom card - that was shipped with your laptop only because it was among 
the cheapest options for laptop's manufacturer (only a few people care about 
preinstalled wireless cards, so the manufacturers are usually going for the 
cheapest offer, which is often Broadcom)

The only catch there is: your manufacturer could have installed a WiFi card 
whitelist in your BIOS, which prevents booting your computer if non-listed 
wireless card has been found. However, it is possible to mod your BIOS file and 
break this artificial limitation - either by removing whitelist completely, or 
disabling a check for it, or altering the whitelist to replace device IDs of 
whitelisted WiFi card with device ID of your new WiFi card. Luckily, there are 
already a lot of BIOS'es with whitelist removed, available at bios-mods site 
and other websites, so if your laptop's model is relatively popular - you are 
likely to find that someone already did that work for you. Also, in some lucky 
cases, your laptop is supported by Coreboot or Libreboot project - which do not 
contain any whitelists, and could replace the manufacturer's BIOS...

>From what I see online, XPS 9550 does not have any WiFi card whitelist. Good 
>for you ;)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6b93015-e9bf-4d60-9d2c-f01dcddc81aa%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Built the software in TemplateVM from source and installed => it doesn't appear in TemplateBasedVM?

2017-01-08 Thread qmastery16
понедельник, 9 января 2017 г., 0:32:26 UTC+3 пользователь Ángel написал:
> qmaster...@gmail.com wrote:
> > Please tell, how can I enable sharing the 
> > compiled-and-installed-from-source software with the TemplateBasedVM's ? Or 
> > it is discouraged by Qubes to compile the software by yourself?
> 
> It should be working:
> * Place the files in the TemplateVM (somewhere different than /home
> or /usr/local).
> * Power down the Template
> * (Re)start the VM based on that template
> 
> Are you sure that the VM is based on the template that you customized?

Thank you for replying, Angel. Yes I restarted a computer after installing this 
software from source, so that included restarting all the VM's. But, a 
wonderful thing happened: I've done a few more reboots since the time of 
writing, right now checked again: everything is OK, new executable files are 
seen by TemplateBasedVMs! Not sure why it didn't happen earlier, after the 
first reboot... Could there be some delay in refresh/update of root filesystem 
(e.g. /usr/sbin/ directory), even if I reboot QubesOS ? Just trying to find the 
explanation for that mystery...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11ff355a-1d10-45a2-96a2-260c3353fab5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Built the software in TemplateVM from source and installed => it doesn't appear in TemplateBasedVM?

2017-01-08 Thread qmastery16
I wanted to get the latest implementation of exFAT (fuse-exfat + exfat-utils). 
These packages are not available by default, to get them you could use RPM 
Fusion repository which I didn't wanted. So I just git clone'd the official 
exFAT github repository (https://github.com/relan/exfat), tar'ed it, copied the 
tar archive to TemplateVM fedora-23, then boot to TemplateVM & untar'ed, 
installed all the dependencies listed at at GitHub page, and finally installed 
exFAT a traditional Linux way: autoreconf --install , ./configure --prefix=/usr 
, make , sudo make install

After compiling from source and installing this software, I got 
/usr/sbin/mount.exfat ELF file which could be successfully executed by root - 
sudo mount.exfat ... However, even after completely rebooting QubesOS R3.2 , 
while I could see these installed binaries in TemplateVM ("fedora-23") - I 
can't see them in TemplateBasedVM (such as "personal"). Meanwhile, the software 
which I installed through a package manager (such as gcc) - is available to 
both parties. This is strange for me, because I've thought that TemplateVM 
shares its' root filesystem with TemplateBasedVM's - and, as result, all the 
software should be available to TemplateBasedVM regardless of its' way of 
installation

Please tell, how can I enable sharing the compiled-and-installed-from-source 
software with the TemplateBasedVM's ? Or it is discouraged by Qubes to compile 
the software by yourself?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04cbef64-c3a0-453e-9f78-5477cfa55d0c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: HCL for R3.2 - Lenovo G505S (AMD laptop with Coreboot 4.5 + SeaBIOS 1.10)

2017-01-07 Thread qmastery16
I have created a new pull request to qubes-hcl repository - 
https://github.com/QubesOS/qubes-hcl/pull/3 . all FixMe's already replaced with 
relevant information. also attaching this file below, just in case...

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b6b86d21-c5ff-448d-a8c7-9e7dac22cf3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Lenovo-G505S-qmastery16.yml
Description: Binary data


[qubes-users] HCL for R3.2 - Lenovo G505S (AMD laptop with Coreboot 4.5 + SeaBIOS 1.10)

2017-01-07 Thread qmastery16
Following the steps of Vladimir... ( 
https://groups.google.com/d/msg/qubes-users/5dwZt4xANpA/0a8VkMQlaQYJ )
I got the same G505S laptop, built Coreboot / SeaBIOS from the latest sources 
and also included some great payloads: memtest, filo (minimalistic bootloader), 
tint (Tint Is Not Tetris), nvramcui (tool to change some CMOS values), coreinfo 
(information about system hardware),
as well as ramdisk with KolibriOS - tiny operating system that fits on a 
floppy! (http://kolibrios.org/en/index)
Build instructions, configs and ROMs could be obtained here, for those people 
who are interested - http://board.kolibrios.org/viewtopic.php?f=25=3446 
(sorry that it is on Russian, please use Google Translate)

SeaBIOS is a pure classical BIOS (no UEFI!), so it relies on MBR to boot from 
Hard Drive. I have experienced the following problem: 1) Qubes R3.1 boots fine 
instantly after the installation; also, if to upgrade R3.1 to R3.2 - will boot 
fine as well 2) meanwhile, after a Clean Install of Qubes R3.2, it fails to 
boot - stuck at "Booting from hard drive:" SeaBIOS message with blinking "_" 
character, cant reach GRUB Boot Menu because MBR (or GRUB) is corrupted 
out-of-the-box. Luckily it can be fixed: boot from your Qubes R3.2 installation 
media, go to "Troubleshooting -> Rescue a Qubes system", after booting to 
anaconda installer please choose "1) Continue" (and enter your Qubes partition 
password if you chose to encrypt it during install), then enter "chroot 
/mnt/sysimage" - and, finally, "grub2-install /dev/sdX" (where X is a letter 
for your hard drive with Qubes, in my case it was sda: "grub2-install /dev/sda")

After I fixed MBR/GRUB with the steps above, Qubes R3.2 boots perfectly! 
Although without GRUB graphical themes - the whole booting process (including 
the moment when you are asked to enter a Qubes partition password) will be a 
pure text... but it works! :) Dont worry: starting with a graphical login 
screen, (where you need to choose a user and enter password), you will see the 
"nice graphics" again. Everything else is normal and works OK ! :) Have not 
encountered any other problems yet...

qubes-hcl-report told that my hardware/software configuration got all the 
important features working: HVM, IOMMU, and even SLAT (thanks to A10-5750M APU 
which supports NPT) 
https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/
 - Minimum requirements of Qubes 4.0 have been met by this AMD-based system

P.S. Going to make a pull request to qubes-hcl repository - HCL report (.yml 
file)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/413a479a-760a-47f8-a2bf-c7858230a8c2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.