[qubes-users] Global settings button not working

2019-05-02 Thread qubes-fan
Hello all, after the last dom0 update my Global Settings button in Qube Manager 
stopped working. Any advices how to solve the issue?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LdthDWG--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] # !Mistake in the guide - new Qubes v3 onions for Whonix

2019-04-19 Thread qubes-fan
Hello all,

I spotted a mistake in the official announcement/guide for the new v3 Qubes 
onions. 

https://www.qubes-os.org/news/2019/04/17/tor-onion-services-available-again/ 


The part "Whonix templates do not require any action; their onionaddresses are 
still the same as before" should be replaced with this, as the whonix 
onionizing *needs* action too:


1. In the TemplateVM whonix-gw-14, open /apt/sources.list.d/qubes-r4.list The 
same do for /apt/sources.list.d/qubes-r4.list.save in a texteditor.

2. Update every .onion address to 
deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion.

3. Comment out every line that contains yum.qubes-os.org.

4. Uncomment every line that contains .onion. 


Lines should look like this:

# Qubes Tor updates repositories
# Main qubes updates repository
deb [arch=amd64] 
http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm
 

 stretch main
#deb-src 
http://deb.sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/r4.0/vm
 

 stretch main


Repat the same for the TemplateVM whonix-ws-14 in the 
/apt/sources.list.d/qubes-r4.list

Now your updates of Whonix templates are onionized. Whonix will change their 
guide for onionizing updates as well.

Thanks to Lilias from whonix chatroom for his assistance! 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LcpORVN--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Kernel of Fedora-29 not updating

2019-04-14 Thread qubes-fan
I have an issue with the Kernel of Fedora-29 template update. 

I execute sudo dnf update:

.
.
.
Running scriptlet: kernel-core-5.0.4-200.fc29.x86_64
   77/86
grubby fatal error: unable to find a suitable template
grubby: doing this would leave no kernel entries. Not writing out new config.

  Erasing  : kernel-core-5.0.4-200.fc29.x86_64  
 77/86
warning: file /lib/modules/5.0.4-200.fc29.x86_64/updates: remove failed: No 
such file or directory
.
.
.
Running scriptlet: kernel-core-5.0.7-200.fc29.x86_64
   86/86
grubby fatal error: unable to find a suitable template
grubby fatal error: unable to find a suitable template
grubby: doing this would leave no kernel entries. Not writing out new config.
.
.
.

Than after successful verification I get:

Installed:
  kernel-5.0.7-200.fc29.x86_64   
kernel-core-5.0.7-200.fc29.x86_64   
kernel-devel-5.0.7-200.fc29.x86_64   
kernel-modules-5.0.7-200.fc29.x86_64 

Removed:
  kernel-5.0.4-200.fc29.x86_64   
kernel-core-5.0.4-200.fc29.x86_64   
kernel-devel-5.0.4-200.fc29.x86_64   
kernel-modules-5.0.4-200.fc29.x86_64 


How do I get this right?
Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LcSOm2v--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

2019-03-04 Thread qubes-fan




Feb 23, 2019, 3:50 AM by patrick-mailingli...@whonix.org:

> Reminds me, would be good to have OpenPGP signed websites all over the
> internet. Unfortunately there is no project working towards it.
>
> https://www.whonix.org/wiki/Dev/OpenPGP_Signed_Website 
> 
>

Absolutely yes. What is the biggest hindrance to make it more widespread IYHO?


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/3d931f65-c1ba-3d8b-f510-9d38dfb82...@whonix.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_8EX1q--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-03-04 Thread qubes-fan




Feb 23, 2019, 12:23 AM by raahe...@gmail.com:

> and it would still require alot more discipline and restraint not to post 
> exposing information about yourself online,  that would defeat the purpose of 
> using something like facebook or twitter imno.Again not something I could 
> see practical for daily life.   Are there propagandists  and government 
> agents on these sites.  Of course,  but even they have a separate personal 
> digital life somewhere.The world is getting faker by the minute,  we 
> don't need more fakes.
>

This: "The world is getting faker by the minute,  we don't need more fakes."

I cant agree more cooloutac. Lets than not engage in the services which are 
faking everything with their censorship, manipulations, social engineering, 
surveillance, human rights violations for their profit and other uncountable 
malicious reasons, which are today very well documented. Lets use .onion sites 
for expressing your opinions instead. Where you can just finally come, and say 
what you fucking really think about the matter openly in your real words, 
without any fake poses forced on you. And get a real, uncensored feedback too. 
Does this makes sense?


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/8db1a24d-a13a-457c-980e-9ec3043e0...@googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L_8E1d5--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-03-04 Thread qubes-fan




Feb 23, 2019, 12:17 AM by raahe...@gmail.com:

> On Wednesday, February 20, 2019 at 4:17:45 AM UTC-5, qube...@tutanota.com 
> wrote:
>
>> I trust Whonix  the same as I trust Qubes and TAILS, or Debian, Fedora, Xen. 
>> I don't have enough intelligence, that would convince me otherwise. And I do 
>> research quite often when periodically adjusting my FMECA. Which is just a 
>> professional deformation. 
>> Every project, however secret, secure, top notch it seems to be, is 
>> vulnerable this or that way, and will always remain so. Some of the attacks 
>> are common, some are specific. Once old attacks are covered, new emerge. 
>> That is life. Disregard a project, only because one of the emerging attacks, 
>> is pathetic (I know not your case, you have different reasons mentioned), as 
>> this attack (ausie law like, or malicious dev) is possible for every other 
>> project too, including your refrigerator, assembled on the production line 
>> with malicious guy, willing to do evil. Living somewhere in cave is not a 
>> solution.
>>
>> Interestingly I don't have much problem with Whonix in Qubes, and I like it 
>> very much. Working very well. I use it on daily basis as my primary template 
>> in Qubes, for my company management, email, chat, browsing, research, and 
>> privately as well, because I believe that anonymity is a very strong 
>> security attitude to thread mitigation, even I understand well the 
>> limitations of Tor and Whonix as well. They are clear about what they can do 
>> and what not. Are they a magical wand, solving all problems of the world? 
>> No, and they don't claim that.
>> Most of the time I try to prefer connections to .onion websites rather than 
>> clearnet, because I don't see any benefit from exposing myself to 
>> surveillance capitalism. I like v3 onions, and prefer to use it wherever 
>> possible. I love to see myself as a person, not as a product. When chatting 
>> on XMPP with OTR I use .onion server for my identity and ask the other site 
>> to do the same, as I don't see any benefit using clernet server. Tor allows 
>> me to mitigate some risks, and of course opening me to another ones. This 
>> comparison is still putting the weight *for-tor-whonix-in-qubes*. Others may 
>> have it different, depending on ones OPSEC and ones willingness to give 
>> his/her life away for free to any random observer. 
>>
>> I hope Whonix will go on further with their excellent job, same as Qubes or 
>> TAILS or Torproject. 
>>
>> I would just stress out the importance to include the high-risk, high-impact 
>> emerging threads into their thread model and try to mitigate these risks 
>> same way, as other risks included there already - recognized. If you set up 
>> your bullet-proof environment and than by crossing a nation border just 
>> breaks it down by one simple question of the officer, than resistance of 
>> your security setup is extremely weak and breakable any time. More and more 
>> states will go on with this attacks in the near future. Australia is only 
>> the first one to make it so clear. There are tools and ways available for 
>> mitigation, for Plausible Deniability for example, like Hidden Operating 
>> System, Hidden Volumes, but are not included in the standard package of the 
>> projects yet. If I was a programmer, I would sure contribute, but I am not. 
>> And so the only point is to mention it, and try to stress it enough, to 
>> motivate people with skill-set to contribute for all of us.
>>
>>
>>
>>
>> Feb 20, 2019, 6:15 AM by >> raahe...@gmail.com >> 
>> :
>>
>> > I read that whonix thread.  Still not sure why whonix doesn't have a 
>> > canary.  What could it hurt?  Any aspect of the project could be 
>> > compromised for any reason.   Thats the same as people saying I have 
>> > nothing to hide so why worry.  In the other thread Patrick says US laws 
>> > affect all countries.
>> >
>> > And don't feel bad.  Patrick banned me from the forums too once a long 
>> > while ago.  I told him I'd never post there again and never did. lol.
>> >
>> > I was constantly having issues with whonix.   You are a target just for 
>> > using it.  You really have to pay attention when you are updating it.
>> >
>> > Sill never understood why the user qubes-whonix left the project in 
>> > flamboyant fashion claiming it was just a "cool experiment" and its 
>> > "security was not taken seriously" ...
>> >
>> > I stopped using whonix after the annoying clock issue.  And then couldn't 
>> > be troubled to install the latest version and just removed it instead. 
>> >
>> > I'm sure it has its purposes and some people need it.  But I don't.  The 
>> > websites I use qubes for ban tor or it just has no benefit.  Anonymity is 
>> > different then privacy.
>> >
>> > -- 
>> > You received this message because you are subscribed to the Google Groups 
>> > "qubes-users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an 
>> > 

Re: [qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

2019-02-20 Thread qubes-fan
I trust Whonix  the same as I trust Qubes and TAILS, or Debian, Fedora, Xen. I 
don't have enough intelligence, that would convince me otherwise. And I do 
research quite often when periodically adjusting my FMECA. Which is just a 
professional deformation. 
Every project, however secret, secure, top notch it seems to be, is vulnerable 
this or that way, and will always remain so. Some of the attacks are common, 
some are specific. Once old attacks are covered, new emerge. That is life. 
Disregard a project, only because one of the emerging attacks, is pathetic (I 
know not your case, you have different reasons mentioned), as this attack 
(ausie law like, or malicious dev) is possible for every other project too, 
including your refrigerator, assembled on the production line with malicious 
guy, willing to do evil. Living somewhere in cave is not a solution.

Interestingly I don't have much problem with Whonix in Qubes, and I like it 
very much. Working very well. I use it on daily basis as my primary template in 
Qubes, for my company management, email, chat, browsing, research, and 
privately as well, because I believe that anonymity is a very strong security 
attitude to thread mitigation, even I understand well the limitations of Tor 
and Whonix as well. They are clear about what they can do and what not. Are 
they a magical wand, solving all problems of the world? No, and they don't 
claim that.
Most of the time I try to prefer connections to .onion websites rather than 
clearnet, because I don't see any benefit from exposing myself to surveillance 
capitalism. I like v3 onions, and prefer to use it wherever possible. I love to 
see myself as a person, not as a product. When chatting on XMPP with OTR I use 
.onion server for my identity and ask the other site to do the same, as I don't 
see any benefit using clernet server. Tor allows me to mitigate some risks, and 
of course opening me to another ones. This comparison is still putting the 
weight *for-tor-whonix-in-qubes*. Others may have it different, depending on 
ones OPSEC and ones willingness to give his/her life away for free to any 
random observer. 

I hope Whonix will go on further with their excellent job, same as Qubes or 
TAILS or Torproject. 

I would just stress out the importance to include the high-risk, high-impact 
emerging threads into their thread model and try to mitigate these risks same 
way, as other risks included there already - recognized. If you set up your 
bullet-proof environment and than by crossing a nation border just breaks it 
down by one simple question of the officer, than resistance of your security 
setup is extremely weak and breakable any time. More and more states will go on 
with this attacks in the near future. Australia is only the first one to make 
it so clear. There are tools and ways available for mitigation, for Plausible 
Deniability for example, like Hidden Operating System, Hidden Volumes, but are 
not included in the standard package of the projects yet. If I was a 
programmer, I would sure contribute, but I am not. And so the only point is to 
mention it, and try to stress it enough, to motivate people with skill-set to 
contribute for all of us.




Feb 20, 2019, 6:15 AM by raahe...@gmail.com:

> I read that whonix thread.  Still not sure why whonix doesn't have a canary.  
> What could it hurt?  Any aspect of the project could be compromised for any 
> reason.   Thats the same as people saying I have nothing to hide so why 
> worry.  In the other thread Patrick says US laws affect all countries.
>
> And don't feel bad.  Patrick banned me from the forums too once a long while 
> ago.  I told him I'd never post there again and never did. lol.
>
> I was constantly having issues with whonix.   You are a target just for using 
> it.  You really have to pay attention when you are updating it.
>
> Sill never understood why the user qubes-whonix left the project in 
> flamboyant fashion claiming it was just a "cool experiment" and its "security 
> was not taken seriously" ...
>
> I stopped using whonix after the annoying clock issue.  And then couldn't be 
> troubled to install the latest version and just removed it instead. 
>
> I'm sure it has its purposes and some people need it.  But I don't.  The 
> websites I use qubes for ban tor or it just has no benefit.  Anonymity is 
> different then privacy.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/db18e185-a602-4b05-8111-0cae75355...@googlegroups.com
>  
> 

Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

2019-02-19 Thread qubes-fan




Feb 16, 2019, 4:08 AM by xa...@protonmail.com:

>
>
>
> Sent with ProtonMail Secure Email.
>
> ‐‐‐ Original Message ‐‐‐
> On Friday, February 15, 2019 10:58 PM, <> qubes-...@tutanota.com 
> > > wrote:
>
>> Dear Patrick,
>>
>> I appreciate your answer and understand your point of view. On the other 
>> side, the issue raised by the law in Australia (and GCHQ asked for that too, 
>> like the request of ghost user in all the "encrypted" conversations) is an 
>> important security concern and should be taken into consideration in the 
>> thread/trust model not only with Whonix, but with all the HW, SW, 
>> infrastructure and personnel. As of today, it is not.
>>
>
> While this threat is certainly a concern it is nothing new. Although new in 
> Australia, many other countries have had similar laws and/or don't have any 
> laws that would prevent the govts from forcing a person to do pretty much 
> what ever they want. With ever evolving threats it would be near impossible 
> to keep up. Once a mitigation is found for one, two more emerge. How do you 
> combat adversaries that have near unlimited resources? Trust model/concerns 
> have been considered in > https://www.whonix.org/wiki/Trust 
> > . (Has anyone bothered to read it?)
>

I am not talking about magical 100% protection or 10$-wrench-decryption. I 
believe this attack is different by its implications and consequences. Sure 
many govs using different methods today, many of which are but un-lawfull. 
Doing this can ruin any case be it getting to the court. By having these laws 
in place, like the ones in Australia, this attack yesterday unlawful, is lawful 
today. This has high consequences. To ruin any project today it is enough that 
they come and ask you for your keys, or ask to plant a backdoor. If not, you go 
to jail. Project is over, perfectly fit with law. Yesterday it wasn't possible 
so simply, they had to be on border with or cross the law, considering morality 
of the dev constant.


>> Existing thread models are currently not considering this form of attack. 
>> Same way as the existing thread models, including those of Qubes, TAILS, 
>> Whonix and others, are not covering the thread of being forced on the border 
>> to GB or US to hand over all the keys to all your digital devices under the 
>> thread of imprisonment. There is no Hidden OS functionality mentioned, and 
>> no known development in this area, even the thread exists and ppl are 
>> already successfully exploited by these attacks.
>>
>
> If anyone can come up with a mitigation to an adversary putting a gun to a 
> developers head and asking nicely for their private key - id like to hear it. 
> How exactly does someone overcome an impossible situation? How do you you 
> cover a - do as is say or die- threat model? Holy shit! It was here all 
> along! > https://www.whonix.org/wiki/Trust#Free_Software_and_Public_Scrutiny 
> 
>

As an example, if developer is anonymous, one can point gun at his own head 
only. This should be part of the thread model, mitigations and contingency 
plans. You are again trying to find 100% solution for everything, and if not 
available, you call it impossible situation. It is possible situation and must 
be analyzed separately from other threads with different characteristics.


>> This is but not an issue of Whonix. It is an issue of not addressing the 
>> new, emerging attacks clearly. The FMECA, which is constantly not updated, 
>> becomes obsolete, and continuously useless. From my personal experience, if 
>> people are sub-aware that some FMECA points could be very difficult to 
>> address and solve reasonably, they tend to avoid to put it in to the FMECA 
>> and start to care.
>>
>> Concerns related with that Ausie law and similar activities of some 
>> entities, are based on reality. Before the law was here, it was more 
>> difficult to successfully reach forced cooperation. Usually it was through 
>> blackmail, convincing, threads or similar activities, to forge the canaries 
>> and insert the dirt in the code or HW. There was still quite good space for 
>> an effective resistance of the personnel, if one wanted. The personnel was 
>> protected by law. The kind of moral part today is killed there completely. 
>> Today they just come and bring you the lawful request and you must comply 
>> with it and fulfill the request, or go directly to jail ( I think it is 5 
>> years?), and at the same time you are bound not to tell anyone, by any means 
>> be it your corporate employer, your teammate, brother or development project 
>> partner. They effectively created from every citizen a potential agent, 
>> which cant deny to become one if requested.
>>
>
> Yes, before the law other means would be necessary to compel a developer to 
> backdoor software in **Australa**. Now the laws says the govt can force a 
> 

Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

2019-02-15 Thread qubes-fan
Dear Patrick, 

I appreciate your answer and understand your point of view. On the other side, 
the issue raised by the law in Australia (and GCHQ asked for that too, like the 
request of ghost user in all the "encrypted" conversations) is an important 
security concern and should be taken into consideration in the thread/trust 
model not only with Whonix, but with all the HW, SW, infrastructure and 
personnel. As of today, it is not.

Existing thread models are currently not considering this form of attack. Same 
way as the existing thread models, including those of Qubes, TAILS, Whonix and 
others, are not covering the thread of being forced on the border to GB or US 
to hand over all the keys to all your digital devices under the thread of 
imprisonment. There is no Hidden OS functionality mentioned, and no known 
development in this area, even  the thread exists and ppl are already 
successfully  exploited by these attacks. 

This is but not an issue of Whonix. It is an issue of not addressing the new, 
emerging attacks clearly. The FMECA, which is constantly not updated, becomes 
obsolete, and continuously useless. From my personal experience, if people are 
sub-aware that some FMECA points could be very difficult to address and solve 
reasonably, they tend to avoid to put it in to the FMECA and start to care. 

Concerns related with that Ausie law and similar activities of some entities, 
are based on reality. Before the law was here, it was more difficult to 
successfully reach forced  cooperation. Usually it was  through blackmail, 
convincing, threads or similar activities, to forge the canaries and insert the 
dirt in the code or HW. There was still quite good space for an effective 
resistance of the personnel, if one wanted. The personnel was protected by law. 
The kind of moral part today is killed there completely. Today they just come 
and bring you the lawful request and you must comply with it and fulfill the 
request, or go directly to jail ( I think it is 5 years?), and at the same time 
you are bound not to tell anyone, by any means be it your corporate employer, 
your teammate, brother or development project partner. They effectively created 
from every citizen a potential agent, which cant deny to become one if 
requested.

Quite easy countermeasures were possible, if the devs (in this case), were 
anonymous. But they are not so much, right? Therefore are open to this 
particular attack that just emerged. How and when will it be added to the 
thread model and covered, together with other new emerging threads, by 
respective tams, is the only question to be answered.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LYnNVQl--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How secure is a VM if a user tries to tampers it?

2019-02-11 Thread qubes-fan




Feb 9, 2019, 3:41 AM by js...@bitmessage.ch:

> brendan.h...@gmail.com > :
>
>> On Friday, February 8, 2019 at 10:24:17 AM UTC-5, Laszlo Zrubecz wrote:
>>
>>> This kind of total (enterprise) control was planned for qubes 4.x -
>>> however I don't hear about real life usage.
>>>
>>
>> Yeah, I recall reading about that.
>>
>
> I think this is what you're talking about?
>
> https://www.qubes-os.org/news/2017/06/27/qubes-admin-api 
> 
>
> The idea was to separate admin and user roles to allow for remote management 
> in an enterprise environment. That post says that's probably a 5.0 thing.
>
> -- 
> Jackie
>

I think if I remember properly, thierry.laur...@gmail.com 
 spoke about a project he works here some 
time ago. It was connected with the remote administration of the QubesOS and he 
was asking if that was somehow interesting for the community here. Try to check 
with him. (and post it here, so we know too, lol)


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/e8fd48c6-5752-f435-38d3-845c5ffb3...@bitmessage.ch
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LYRMnIB--7-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How secure is a VM if a user tries to tampers it?

2019-02-08 Thread qubes-fan



Feb 8, 2019, 9:05 AM by frap...@gmail.com:

> Hi!
>
> The system administrators working in my company do not want to let user 
> access to the internal network with OS that are not under their control and 
> they only support Windows at the moment.
>
> I would like to propose QubesOS as an alternative, with a Windows VM managed 
> by them inside it, connected to the internal network via VPN (we already have 
> this VPN in place for accessing the internal network while working outside of 
> the building). In addition to this, users could run the operating systems and 
> the applications they want in different VMs, thanks to QubesOS features.
>
> The system administrators would not have to support QubesOS, just the Windows 
> VM, but this solution could only be accepted if I am able to show that there 
> is a reasonable guarantee that tampering the Windows VM from QubesOS is as 
> hard as tampering the same Windows system installed on a regular machine 
> (with secure boot, hardware encryption, etc.).
>
>
> My question is: how secure is a VM if a user tries to tampers it? Is SGX a 
> technology that can be used to provide that level of security? If so, is it 
> used by QubesOS at the moment?
>
>
> Any suggestion, comment or link would be greatly appreciated.
>
>
> Frafra
>

It shouldn't be an issue as employees were already given a certain level of 
trust in the organozation, based on their position and competencies. Employee 
with malicious intent can easily break into the current setup too, like copy 
and paste, deal with the critical information with malicious intent. Adding 
Qubes to the trusted setup doesn't make the situation significantly worse. It 
should, on the other hand, significantly increase the security of the endpoint, 
if set up properly. 

The issue you mention is more about trust in employees, the trust model, than 
about selected OS in usage. 


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/c78d47aa-e276-46b8-88b0-108a8e55d...@googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LYBU9U2--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] R.I.S.K.S. - Relatively Insecure System for Keys and Secrets (for Qubes OS)

2019-02-06 Thread qubes-fan




Jan 25, 2019, 1:43 PM by 19hundr...@tutanota.com:

>
> I just published R.I.S.K.S. (> https://19hundreds.github.io/risks-workflow 
> > ). The source repo is > 
> https://github.com/19hundreds/risks-workflow 
> >  .
>
>
> I've been searching for a viable system for managing my own secrets since a 
> while and I'm still on it.
>
>
> Inspired by Snowden's experience with journalists, projects like Enough (> 
> https://enough.community/ > ) and determined to 
> contribute the way I can against digital abuses (monitoring, tapping etc.) I 
> decided to sum up what I know in a step-by-step guide providing a reasonable 
> setup (hopefully) for defending user's secrets.
>
>
> I don't know if many feel the need for such a guide but I crafted it in the 
> hope to be helpful to the vast majority of the audience.
>
>
>
>
> I'd greatly appreciate any feedback, comment, critic and advice driven to 
> improve R.I.S.K.S.
>
> ---
> 1900
>
>
>
>

It is really interesting collection. Did you consider to:

- use the Hidden Volume function like provided in the Vera Crypt? Today in the 
US and GB, and more, you can be forced to unlock any encrypted partition under 
the threat to be locked up indefinitely. Plausible deniability of Hidden 
Volumes can help here. These risks are today very real.
- use some secure USB key, like Notrokey (I know, issue of trusting the vendor, 
but it is similar to an SD card trust). It decreases the need to remember more 
passphrases (all of it can theoretically sleep nicely on the secure USB). It 
can be used with Heads to provide an interesting protection against Evil Maid. 
It also decreases the behind shoulder watching of input of long-strong 
passwords in exposed areas. You just use few-char-pass to unlock the HD or log 
into the system and more.
- use even the Hidden operating system on the secure USB, like that of Nitrokey 
Storage. 

Combining the above mentioned with your attitude, could be very interesting. 
You maybe considered what I mentioned and didn't opt for it for some reason. If 
so, why?

Nice work tbh, good luck!


>
>
>
> --
>  You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
>  To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
>  To post to this group, send email to > qubes-users@googlegroups.com 
> > .
>  To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LX4F0AN--3-1%40tutanota.com 
> >
>  .
>  For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LY1PT7u--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Reversing dom0 testing repo installation

2019-02-01 Thread qubes-fan




Jan 31, 2019, 3:06 PM by un...@thirdeyesecurity.org:

> On Wed, Jan 30, 2019 at 03:28:17PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>>
>> Just a humble reminder for my question. I tried to research the topic, but 
>> didn't move anywhere. Can anyone advice me please?
>>
>> Jan 28, 2019, 3:59 PM by >> qubes-...@tutanota.com 
>> >> :
>>
>> > hi, I accidentaly downloaded and installed the dom0 update from the 
>> > testing repo. Is there any way to reverse the action and keep only the 
>> > stable version?
>> >
>> > I already disabled the testing repo in the /etc/yum.repos.d/qubes-dom0.repo
>> >
>> > Thank you
>> >
>>
>
> Check /var/log/dnf** to see exactly what changes have been made to your
> system
>
> If you are using a Fedora based qube as UpdateVM, then you can use the
> downgrade option:
> qubes-dom0-upgrade action=downgrade 
>
> I'm not familiar with this and don't use it. It isn't an option if you are
> using Whonix or another Debian based UpgradeVM
>
> In that case, you can get a list of all the available versions:
> qubes-dom-update --action=list --showduplicates 
>
> And then should be able to install a specific version:
> qubes-dom-update package-version
>
> It's a little more long winded, but you are exercising full control.
> Hope that helps somewhat.
>
> unman
>
Thank you, but it seems like bit advanced. I will wait till the stable rewrites 
the testing when out. Hope this works too. 

The only issue I encountered is the password entry at boot - the GUI doesnt 
appear and I am entering the pass terminal-like. 

>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20190131150632.tjsrviwzynazc...@thirdeyesecurity.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXcL6BT--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Fedora Modular 29??

2019-01-30 Thread qubes-fan
By updating Fedora 29 template I learned that after sudo dnf update I get also 
some Fedora Modular 29 downloads. Never spotted that before. Is it a normal 
behavior?

- I have the /etc/yum.repos.d/qubes-r4.repo set to the stable only. 
- I have onionized the updates
- I accidentally installed the dom0 testing repo before and duno yet how to 
return it to the non-testing, stable-only status.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXUGVt7--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Reversing dom0 testing repo installation

2019-01-30 Thread qubes-fan


Just a humble reminder for my question. I tried to research the topic, but 
didn't move anywhere. Can anyone advice me please?

Jan 28, 2019, 3:59 PM by qubes-...@tutanota.com:

> hi, I accidentaly downloaded and installed the dom0 update from the testing 
> repo. Is there any way to reverse the action and keep only the stable version?
>
> I already disabled the testing repo in the /etc/yum.repos.d/qubes-dom0.repo
>
> Thank you
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXU9GJn--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-29 Thread qubes-fan


Jan 28, 2019, 9:25 PM by alexandre.belgr...@mailbox.org:

> Le lundi 28 janvier 2019 à 16:47 +0100, > qubes-...@tutanota.com 
> >  a
> écrit :
>
>> What do you yourself use?
>>
> Hope I can answer too. 
>
> I use an X230 with Intel ME disabled from BIOS. It costs about 160€ on
> the second hand market and it has pretty decent hardware. Lenovo claims
> that Intel ME can be disabled, but Intel ME is still running and may
> accept remote shadow connections given a signed certificate from Intel.
>
> This is why I am only reading the mailing list and not using Qubes. At
> present, I consider Qubes as an interesting development, but not
> reaching its goals because dom0 can be penetrated using Intel ME.
>
> I am quite amused by tails sending an update command on each boot. You
> can be sure to light red light in a control center and be penetrated
> within seconds if need be. Remember that governments have control of
> most outgoing nodes. So neither do I use Tor.
>
> You just can't simply store valuable documents on a computer when
> connected to a network. Companies that care about security should have
> a complete process to manage workstations and internal networks,
> without access to the Internet. We are back to ancien times.
>
> Kind regards,
> Alexandre Belgrand
>

Hardware is only one part, right? The question was about the package you use. 
What OS, network, apps...yu propose? So, what so you use?

Realize please, that you stand against SW, the OS (Qubes), arguing about HW. 
Also you argue about statements Qubes devs and especially Joanna Rutkowska, 
never claimed. They never claimed that Qubes is IME resistant. Actually the 
opossite. If they did, post their statement here please. I heard her instead  
stressing publicky and repeatedly that the IME is a global issue, not only of 
Intel (see PSP), to be addressed. You are fighting against non-existent claims 
arguing against Qubes. Even the name of the Qubes-OS - A REASONABLY secure OS. 
They dont claim Qubes is - An omnipotent 100% solution and IME resistant. Or do 
they? :)

The IME attack is only one of many possible attacks. If you are opened to this 
kind of attack only, and resistant against many others, present in the 
traditional OSes, you increased your sec reasonably.

Lets put it other way round. Everyone of us is a wrench-decryption 
non-resistant. If an adversary starts your thumb-wrench party, what 
finger-wrench decrypts your password and all the secrets? Now knowing this, do 
you use passwords or you just gave up, because the found that terrible 
wrench-security-hole in the system? Do you let your phone unencrypted and 
unlocked, available to anyone, your credit card number CVV and PIN public, 
cause both ways it can be cracked? Your email password, chat pass, your https 
cert if you own the domain? Do you keep your house unlocked at all times, cause 
both ways the lock can be hacked? Do you see the point?

And the last question. Last but not least. You stated in one of your 
conversations here that you want people to stop using Qubes for security. 
Interesting - why would wish to do that? What is the benefit for you? How do we 
know you are not just another IS spook tasked with the attack on reasonable 
secure system, which provides very high security for even semi-tech users? 

Also if you would like to increase you paranoia, read the Yasha Levine, 
Surveillance Valley. In that case you can forget everything and ask only one 
question - can the tech that was designed to enslave us, save us? And if so, 
how one does that.


>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/84ef99dc3a6aad1e8e035b5dda640ed306d27792.ca...@mailbox.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXO7VPB--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Reversing dom0 testing repo installation

2019-01-28 Thread qubes-fan
hi, I accidentaly downloaded and installed the dom0 update from the testing 
repo. Is there any way to reverse the action and keep only the stable version?

I already disabled the testing repo in the /etc/yum.repos.d/qubes-dom0.repo

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXKAuDB--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-28 Thread qubes-fan


Jan 27, 2019, 5:04 PM by alexandre.belgr...@mailbox.org:

> Le dimanche 27 janvier 2019 à 16:47 +, unman a écrit :
>
>> I'd be interested to know what system has been graced with your
>> approval.
>> If you believe all this, then what makes you think that national
>> intelligence agencies haven't infiltrated *bsd, coreboot and any
>> other
>> system you can name. 
>> imo Qubes does a reasonable job of providing a more secure system
>> that's usable by ordinary users.
>>
>
> Simply no x86 system is reasonably secure.
>
>> Spreading unfounded allegations is a disservice to the community.
>>

Most of the serious users are very well aware of the IME/AMT vulnerability and 
are addressing it continuously and publicly. See Joanna Rutkowska and her 
talks. You are looking for a 100% solution. Big surprise is a 100% solution is 
not existing and will never be. 
You can of course use a libre X200 without IME and without real virtualization 
too, having again to deal with issues of a monolythic system. 
Tradeoff can be the X230 with more-less disabled IME with proper virtualization.

What do you yourself use?


> Qubes is interesting because it is trying to answer security needs and
> the design is nice. 
>
> But think about Intel ME backdoor. Imagine that any officer with a
> signed certificate of Intel can penetrate dom0 in your computer within
> seconds and then view your screen, move your mouse and type on your
> keyboard. This is reality and Qubes cannot change it.
>
Qubes doesn't even claim to change it. You need to address Intel same way as 
Qubes ppl do and ask them to close the backdoor. 

Are you aware that spreading of the false claims *can be* an intelligence 
operation to undermine user's support and appreciation of the codes like Debian 
and Qubes? From leaked materials is known that the US IAs named for example 
Tails based on Debian as a total apocalypse for intelligence collection for 
them, if spread. 

Keep in mind, nothing is perfect. But if you have an option for a better set 
and setting, put it up.



> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/65d4efc1f6cc5203a5fc0802e2cdff2e9fc992f7.ca...@mailbox.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LXK87wZ--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] QSB #46: APT update mechanism experience

2019-01-25 Thread qubes-fan
Hi, I am just sharing my experience from the update mechanism process described 
here: 
http://sik5nlgfc5qylnnsr57qrbm64zbdx6t4lreyhpon3ychmxmiem7tioad.onion/news/2019/01/23/qsb-46/
 


Note please, that all downloads of the new patched templates were provided 
through fedora based VMs, to mitigate the potential compromise issue with the 
debian based templates and VMs based on it. Deletion of the 2018 
debian-tempaltes went smooth. 

All worked quite smoothly, with few exceptions. I followed the guide and point 
4  didnt work for me by default. As an example I update the whonix-gw-14 
template here:

$ sudo qubes-dom0-update \ --enablerepo=qubes-templates-community-testing \ 
qubes-template-whonix-gw-14

a) returned error that the testing repo isnt enabled
b) after enabling it, it started download the 2108 version

I worked around it in a following way in dom0:

a)
$ sudo nano /etc/yum.repos.d/qubes-templates.repo

#now just enable 
[qubes-tempates-community]
enabled = 1

#now just enable 
[qubes-tempates-community-testing]
enabled = 1

In case you set up qubes to update the system through Tor, don't forget to 
comment out the .onion baseurl, and uncomment the clearnet baseurl and metalink 
respectively. 

b) in the table provided, I just put the 
qubes-template-whonix-gw-14-4.0.1-201901231238 directly to the command ans it 
worked well.
$ sudo qubes-dom0-update \ --enablerepo=qubes-templates-community-testing \ 
qubes-template-whonix-gw-14-4.0.1-201901231238

This pointed to the right download of the 2019 version and prevented the 2018 
version to be downloaded. For the other templates, see the table provided in 
the guide. Just change it and you are fine.

Guide says that within 2 weeks there will be a migration of the testing content 
to a stable part, so there can possibly be some adjustments.

Also after updating the whonix-gw-14 and whonix-ws-14 there will be no 
sys-whonix and anon-whonix recreated. You need to do it manually. Thanks to 
marmarek for the help with that!

If you wish to keep your existing anon-whonix, just rename it, like 
anon-whonix-old. You can than transfer securely the data from the 
anon-whonix-old to the new one easily. If you dont rename it, the new 
anon-whonix will not be created with the command. The sys-whonix should be 
deleted already so it can be created fresh :)

With following command creates the new sys-whonix and anon-whonix  based on the 
patched 2019 template version.
in dom0:
sudo qubesctl state.sls qvm.anon-whonix

Follow the same logic with whonix-ws-14 and debian templates. 
Good luck!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4sO4G--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread qubes-fan
Jan 25, 2019, 4:26 PM by marma...@invisiblethingslab.com:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Jan 25, 2019 at 04:20:50PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>> Jan 25, 2019, 4:13 PM by >> marma...@invisiblethingslab.com 
>> >> :
>>
>> > On Fri, Jan 25, 2019 at 04:04:02PM +0100, > >> qubes-...@tutanota.com 
>> > >>  > qubes-...@tutanota.com 
>> > >> >>  wrote:
>> >
>> >> Thank you. Will the existing anon-whonix be recreated together with 
>> >> sys-whonix as well? I have an anon-whonix AppVM already existing. Should 
>> >> I back it up or chenge its name to prevent data loss?
>> >>
>> >
>> > No, if anon-whonix already exists, it will not be recreated.
>> > But note anon-whonix is based on whonix-ws-14 template, which is also
>> > affected. You should update it to unaffected version using one of the
>> > methods described in the QSB.
>>
>> Hi, I updated the whonix-gw-14 and whonix-ws-14 as well. I am planning to 
>> use the pre-update AppVMs as a backup and transfer necessary data to the 
>> newly created post-update AppVMs. Than delete them.
>> In this case, I can just rename the anon-whonix AppVM and the new 
>> anon-whonix will be created, right?
>>
>
> Yes, exactly.
>
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLKqcACgkQ24/THMrX
> 1yxYaAgAjuiGQxpY2tyiH62706bMQ7FejCNPdoBXwL5RzM7j6/5hYlA7cUa/L5fn
> Z4q/7F2k9olSQFDvobZ/PJw+cvaV8lFfNWUnSiIkgCVQ5VxZxCHmWR/QWoBf4oRE
> 7CGWOgT89u1jTUO595IQ3LSq7ixT5DhqhwRYc0JuWYHL0vYIMJJ3+e5X2/Y0bnNr
> 6DbR9EuY9F6PsLTwXLG1/Bf8XdA7MIaKVhkVQvAcvUFHvdjJIXzBT4HigjclXFzI
> AMgAvtEYJXiygylwlrC3fMprDYSSMmv2yDyaBMN9oQ1Q3Aw+hnb+X8unLebV5F8X
> hzLmEdXJ7KJJCIipvFzriOEckXqWxQ==
> =GgX4
> -END PGP SIGNATURE-
>

Thank you, all working well.


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20190125152631.GJ1429@mail-itl 
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4jA4r--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread qubes-fan
Jan 25, 2019, 4:13 PM by marma...@invisiblethingslab.com:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Fri, Jan 25, 2019 at 04:04:02PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>> Thank you. Will the existing anon-whonix be recreated together with 
>> sys-whonix as well? I have an anon-whonix AppVM already existing. Should I 
>> back it up or chenge its name to prevent data loss?
>>
>
> No, if anon-whonix already exists, it will not be recreated.
> But note anon-whonix is based on whonix-ws-14 template, which is also
> affected. You should update it to unaffected version using one of the
> methods described in the QSB.
>
> - -- 
> Best Regards,
> Marek Marczykowski-Górecki
> Invisible Things Lab
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxLJ7MACgkQ24/THMrX
> 1yyaCgf/c6fzqF6MahYzCVd0F+KxHiTrG9mtkCDti/HnFWh+uMkwHiROMDibnrZg
> 0Zqy4N00vqV4fiH5UhlvAvHPS8R+naVoJ5X/9lMxrjJSBNPmMNsMW03qFFBjbBVp
> OPyfKPk+pfZOW6Cmo5FsU3/qYQ3z3g6b3t8S59CRGuCEFub7wBBdTEB+2E2PM8Cg
> dLYVTaKU3gP6XLkIM1i/F3DWrRl7LE1/xQ1qatUQQMCEt7ydT54m3LSOgqfmA/e2
> VK2q8TTKCYj+gDI7SvJ53T4ndb6CQ+9u0deQ0Akmiq8ZgdsmO/avc5uCF6VOu0Mq
> e3R8bktGFlm8wu/pCkSq474xKEMMaA==
> =ttQ8
> -END PGP SIGNATURE-
>
Hi, I updated the whonix-gw-14 and whonix-ws-14 as well. I am planning to use 
the pre-update AppVMs as a backup and transfer necessary data to the newly 
created post-update AppVMs. Than delete them.
In this case, I can just rename the anon-whonix AppVM and the new anon-whonix 
will be created, right?


> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20190125151356.GI1429@mail-itl 
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4aLYE--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-25 Thread qubes-fan
Thank you. Will the existing anon-whonix be recreated together with sys-whonix 
as well? I have an anon-whonix AppVM already existing. Should I back it up or 
chenge its name to prevent data loss?


Jan 25, 2019, 4:36 AM by a...@qubes-os.org:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 24/01/2019 9.03 PM, Andrew David Wong wrote:
>
>> On 24/01/2019 7.53 AM, >> qubes-...@tutanota.com 
>> >>  wrote:
>>
>>> hi, I reinstalled successfully the whonix-ws-14, whonix-gw-14 and debian-9 
>>> templates as described here: >>> 
>>> https://www.qubes-os.org/news/2019/01/23/qsb-46 
>>> >> 
>>> https://www.qubes-os.org/news/2019/01/23/qsb-46 
>>> 
>>>
>>> With this kind of installation no sys-whonix is created by default. I 
>>> created therefore a new AppVM named sys-whonix, based on template 
>>> whonix-gw-14, NetVM set to sys-firewall. After running Connection Wizard it 
>>> stops at 5% if connecting directly to Tor, or at 10% if connecting with 
>>> Bridges. It stops in the bootstrap phase connecting to a relay directory. 
>>> Whonix check say gave up waiting. In the Arm it keeps popping up duplicates 
>>> hidden. 
>>> After few moments it tells me (when using bridges): [WARN] Proxy Client: 
>>> unable to connect to IP-address:443 "general SOCKS server failure" .
>>>
>>> Is there any setting in the original sys-whonix that is missing if the 
>>> sys-whonix I just created manually? 
>>> What is the solution for this issue? 
>>> I live in non-censored area, clearnet internet connection is working 
>>> smoothly.
>>> Thank you!
>>>
>>
>>
>> The correct way to (re)create sys-whonix is:
>>
>>  $ sudo qubesctl state.sls qvm.anon-whonix
>>
>> For details, see: >> https://www.whonix.org/wiki/Qubes/Install 
>> 
>>
>> We neglected to include this in the QSB.
>>
>
> PR: > https://github.com/QubesOS/qubes-secpack/pull/26 
> 
>
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org 
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxKhCkACgkQ203TvDlQ
> MDAH0g/9EeSTQHx5WqS99WEbtAay4G1oYoyA/ES0VZG0BRdzWCNvQRsYgsytT6pR
> 0jPUXHopUZ9I+CBxc4FBq+UjcjsqdYkUEmU9tahbCXAcFGfSatc66k/kY94Z5G3Y
> VZJUlxuDqLqYC+LqFdAcgmBy9a47hdmnoLWo6FzBR4uynyuK8CBV10cF8n3HSS78
> tpqeH4TYEFwqAp11QBmIdo+k7D8zjO0T1S0FyJl9yxQx62igwjC5LbredCSQ34mp
> MogR4ci4RPDEn2iRyNSFDDJHvQ4nqR9DMe/LXDCJhy56WBL+ynpySCdGnrKx764s
> pK5Z+yC25VWXeJzkhmu2Lo3M2DYdLmd/9Qrkn8gCmIaloKRui5Y20X70RYTwvvdw
> k2CBShPJtqAEcmOY3fKfpwa42re26eFXNp+flPnWAYxxdUOTZE2p534poZwp4h7x
> KMM5+rofC0r7YP2QKY5+iZ3us7uUTCDUataZUQXWJ4iq3b8ZwckFCt+LleP3VD74
> 686Hes0iYVTuP2UdnTQGGbDNIgSE6J7CSMdr95DK5iDZjdefG+jgnd+rWPS3b8FQ
> SY5bwDYefS3Sv7tL8InldAMgkrkxmJv3naaHpVvlJZ0/d3TxPEuXYgWylDpeTAzG
> ZRoPV2ArLHQameUdIhwTELNAvjMeWw9CDEdMaxCcjidrzWgbgqE=
> =c2zv
> -END PGP SIGNATURE-
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX4XV38--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] post-apt-reinstall-issues sys-whonix not connecting to tor

2019-01-24 Thread qubes-fan
hi, I reinstalled successfully the whonix-ws-14, whonix-gw-14 and debian-9 
templates as described here: https://www.qubes-os.org/news/2019/01/23/qsb-46/ 


With this kind of installation no sys-whonix is created by default. I created 
therefore a new AppVM named sys-whonix, based on template whonix-gw-14, NetVM 
set to sys-firewall. After running Connection Wizard it stops at 5% if 
connecting directly to Tor, or at 10% if connecting with Bridges. It stops in 
the bootstrap phase connecting to a relay directory. Whonix check say gave up 
waiting. In the Arm it keeps popping up duplicates hidden. 
After few moments it tells me (when using bridges): [WARN] Proxy Client: unable 
to connect to IP-address:443 "general SOCKS server failure" . 

Is there any setting in the original sys-whonix that is missing if the 
sys-whonix I just created manually? 
What is the solution for this issue? 
I live in non-censored area, clearnet internet connection is working smoothly.
Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LX-7pQR--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: dom0 update: sys-whonix: command failed with code: 1

2019-01-05 Thread qubes-fan
Thank you!


Jan 2, 2019, 1:37 PM by a...@qubes-os.org:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 1/1/19 10:10 PM, > 22...@tutamail.com >  wrote:
>
>> Same thing here...no answers/solutions but your not alone!
>>
>
> The fix is already in testing:
>
> https://github.com/QubesOS/qubes-issues/issues/4616 
> 
>
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org 
>
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlwssIIACgkQ203TvDlQ
> MDA0Jg/7Bk2KUHRMDuxIWFPrxgeOulc9Q2UdmApl6fgp9PU8BPkY4GISdi39uixH
> Yu9Af2GU/MWfDu3j0zqYcyIQYY6qnVa038ZNYd3BSwjhk1K4sqPY27T7+HAzF3Uy
> W1CGQWmLh+ry7uCisiPbbBTaT8IGP/Fohzp+vr0UhtR/vrXU5gzc+R8fw6vBDaPY
> Inv8D1+Tl/+z3oumAFxb2eWn0rRTSdwILLVo2bR4Rd2RpSszENaCBQvChB94MHw8
> SLRn0YiDJZM6UXMGlpunHVrihbv9Irue75LFcpSUa2SWIlTNoINv8VpcugnhybuD
> WjuCqiuuNCD8KZEtYrZg8L+zX+uuo0p/rcfDFoaEHQTrCXQW/cZRpqIaGOySBuQS
> x1P/vDX3YwAJjpXeJALVFZzndd8HqpxlL45qgLI0xD7eGa0lqsD1DpSfDt6S08oU
> y8yZdCPnlOWvRRF7Xb7OA2y94ClRoHzoOW1tJgDQeZ462/I3qXtHIwTfYDhO9B3/
> UJoB5zniVh5CKvCuYYr4miL98NIa92xoH5Vgj80A32Qz+ih7S2iraL4lIiqozXet
> Db6X4e5V6miQULpix6LDXs/am44O6hKjHpPf3iCvcfdybW2oF7+O04Uu7K4nT96B
> i7DCdAzuw/nLK/7yalez9ADM9xh60DF5XK2UqF1t90PRhGOiPQc=
> =EiKP
> -END PGP SIGNATURE-
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/7828b6e0-8d82-ea10-11c1-8fe9eafc3...@qubes-os.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LVSokl2--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] dom0 update: sys-whonix: command failed with code: 1

2019-01-01 Thread qubes-fan
Hi, during dom0 update I get following output:

$ sudo qubes-dom0-update
Using sys-whonix as UpdateVM to download updates fro dom0; this may take some 
time...
sys-whonix: command failed with code: 1
No new updates available
Qubes OS Repository for Dom0  23 MB/s | 52 kB

The update than goes as normal. What does that mean and is there any action 
needed from my side?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LVAXE7Y--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Updating to whonix-14. Error: "ImportError: No module named qubesadmin.exc"

2018-12-19 Thread qubes-fan
I was stuck with the Whonix upgrade 13-14 too. The best worked to just backup 
all the data from Whonix-13 templates and make a fresh install of Whonix 14. 
Than just copy all the needed data to the W-14 AppVMs like sys-whonix, 
anon-whonix and any other AppVM created. 


Dec 19, 2018, 6:05 AM by qubes-users@googlegroups.com:

> jeppewr...@gmail.com > :
>
>> Hi all,
>>
>> I'm quite new to Qubes and Linux in general yet I have manged to run Qubes 
>> OS as my main desktop for several weeks. At the moment I'm fiddling with 
>> networking, more specifically I'm trying to get whonix-14 working, as Qubes 
>> comes with an outdated version(!?).
>>
>> First I removed all traces of the old outdated Whonix (including 
>> qubes-core-admin-addon-whonix.noarch) on my system. Then I ran "sudo 
>> qubesctl state.sls qvm.whonix-ws-dvm" according to the documentation: >> 
>> https://www.whonix.org/wiki/Qubes/Install 
>> 
>>
>> After getting "bash: qubesctl: command not found" i reinstalled 
>> "qubes-core-admin-addon-whonix.noarch" with no effect. After that I tried 
>> searhing dom0 repo for salt and found "qubes-mgmt-salt.noarch" witch i also 
>> installed, it seems to help the first problem, but qubesctl seems broken. 
>> When running the command i get this in return:
>>
>> File "/usr/bin/qubescl", line 11, in 
>>  import qubessalt
>> File "/usr/bin/python2.7/site/packages/qubessalt/__init__.py", line 10, in 
>> 
>>  import qubesadmin.exc
>> ImportError: No module named qubesadmin.exc
>>
>> How do i fix this and get whonix-14 installed properly? Thanks!
>>
> I'm wondering if removing qubes-core-admin-addon-whonix.noarch broke some 
> other packages accidentally. Might be quickest to backup your AppVMs, 
> reinstall, restore, and try again? You might want to manually install the 
> newer Whonix templates (ws & gw) first, then try that "sudo qubesctl 
> state.sls qvm.whonix-ws-dvm" command again.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/a3a9ab08-41e4-7add-7421-a571dc99f...@danwin1210.me
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LU52MwR--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Fed-28 update error

2018-12-19 Thread qubes-fan
Hi, I updated the dom0 and after I tried to update the Fed-28 template. I get 
following error:

[user@fedora-28 ~]$ sudo dnf update
Last metadata expiration check: 0:27:37 ago on Wed 19 Dec 2018 11:04:23 AM CET.
Dependencies resolved.

Problem 1: cannot install the best update candidate for package 
hplip-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-3.18.6-11.fc28.x86_64
Problem 2: cannot install the best update candidate for package 
hplip-libs-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-libs-3.18.6-11.fc28.x86_64
Problem 3: cannot install the best update candidate for package 
libsane-hpaio-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
libsane-hpaio-3.18.6-11.fc28.x86_64
Problem 4: package hplip-libs-3.18.6-10.fc28.x86_64 requires 
hplip-common(x86-64) = 3.18.6-10.fc28, but none of the providers can be 
installed
  - cannot install both hplip-common-3.18.6-11.fc28.x86_64 and 
hplip-common-3.18.6-10.fc28.x86_64
  - problem with installed package hplip-libs-3.18.6-10.fc28.x86_64
  - cannot install the best update candidate for package 
hplip-common-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-libs-3.18.6-11.fc28.x86_64

Package  Arch  Version    Repository  Size

Skipping packages with conflicts:
(add '--best --allowerasing' to command line to force their upgrade):
hplip-common x86_64    3.18.6-11.fc28 updates    110 k
Skipping packages with broken dependencies:
hplip    x86_64    3.18.6-11.fc28 updates 16 M
hplip-libs   x86_64    3.18.6-11.fc28 updates    204 k
libsane-hpaio    x86_64    3.18.6-11.fc28 updates    127 k

Transaction Summary

Skip  4 Packages

Nothing to do.
Complete!

***

When doing the --best --allowerasing I get this:

[user@fedora-28 ~]$ sudo dnf --best --allowerasing update
Last metadata expiration check: 0:28:55 ago on Wed 19 Dec 2018 11:04:23 AM CET.
Error:
Problem 1: cannot install the best update candidate for package 
libsane-hpaio-3.18.6-10.fc28.x86_64
  - problem with installed package libsane-hpaio-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
libsane-hpaio-3.18.6-11.fc28.x86_64
Problem 2: cannot install the best update candidate for package 
hplip-libs-3.18.6-10.fc28.x86_64
  - problem with installed package hplip-libs-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-libs-3.18.6-11.fc28.x86_64
Problem 3: cannot install the best update candidate for package 
hplip-3.18.6-10.fc28.x86_64
  - problem with installed package hplip-3.18.6-10.fc28.x86_64
  - nothing provides libnetsnmp.so.35()(64bit) needed by 
hplip-3.18.6-11.fc28.x86_64

*

Any help appreciated. 
Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LU51-R---3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Adobe Flash - official guide is not working for me

2018-12-15 Thread qubes-fan
Omg I see :) I did both now, with and without install but same result. I 
downloaded the file npapi again and now it works. I suppose it should be npapi 
if I plan to use it with the Firefox.

I am now stack with the: 

create ~/.mozilla/plugins if it does not exist
move libflashplayer.so to ~/.mozilla/plugins, and restart iceweasel.

Sorry ppl :-/


Dec 15, 2018, 5:26 PM by un...@thirdeyesecurity.org:

> On Sat, Dec 15, 2018 at 06:23:09PM +0200, Ivan Mitev wrote:
>
>>
>>
>> On 12/15/18 6:10 PM, >> qubes-...@tutanota.com 
>> >>  wrote:
>> > This is precisely what I did. See below:
>> > 
>> > user@flash:~$ ls
>> > flash_player_npapi_linux.x86_64.tar.gz
>> > user@flash:~$ tar xf install_flash_player_npapi_linux.x86_64.tar.gz
>> > tar: install_flash_player_npapi_linux.x86_64.tar.gz: Cannot open: No such 
>> > file or directory
>> > tar: Error is not recoverable: exiting now
>>
>> Maybe for some reasons your tar version doesn't automatically detect that
>> the file is a gz archive. Try to extract it with `tar xzf` instead of `tar
>> xf`.
>>
>> But it's most likely that you didn't download the archive properly. I've
>> just downloaded flash_player_npapi_linux.x86_64.tar.gz from the link in the
>> doc and had no problem extracting it.
>>
>> Check the file's md5sum - mine is dce1cb23cf104e8e9aaba6d217efe884, yours
>> should be the same.
>>
>> (md5sum flash_player_npapi_linux.x86_64.tar.gz)
>>
> Look at the file names ;-)
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20181215162647.kuwxbaw7xjuoy...@thirdeyesecurity.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LTmns9A--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Adobe Flash - official guide is not working for me

2018-12-15 Thread qubes-fan
This is precisely what I did. See below:

user@flash:~$ ls
flash_player_npapi_linux.x86_64.tar.gz
user@flash:~$ tar xf install_flash_player_npapi_linux.x86_64.tar.gz
tar: install_flash_player_npapi_linux.x86_64.tar.gz: Cannot open: No such file 
or directory
tar: Error is not recoverable: exiting now


Dec 15, 2018, 5:01 PM by un...@thirdeyesecurity.org:

> On Sat, Dec 15, 2018 at 04:34:05PM +0100, > qubes-...@tutanota.com 
> >  wrote:
>
>> Hi all, I am having an issue with the installation of the Flash Player: >> 
>> https://www.qubes-os.org/faq/#how-do-i-install-flash-in-a-debian-qube 
>> >>  
>> <>> https://www.qubes-os.org/faq/#how-do-i-install-flash-in-a-debian-qube 
>> >> >
>>
>> The Adobe download offers only the PPAPI or NPAPI versions for Linux 64, for 
>> tar.gz. I tried both but when executing the: 
>>
>> tar xf install_flash_player_npapi_linux.x86_64.tar.gz 
>>
>> I get error: 
>>
>> tar: install_flash_player_ppapi_linux.x86_64.tar.gz: Cannot open: No such 
>> file or directory
>> tar: Error is not recoverable: exiting now
>>
>> I tried to instal it both into a debian template and AppVM. Both fail. The 
>> name of the file is correct. I of course execute it in the folder where the 
>> file is present. 
>>
>> Thank you!
>>
>
> The file name has changed - it's  flash_player_ppapi_linux.x86_64.tar.gz
> (or _npapi_)
> Check the name you have again.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20181215160117.vyv2x2tkimm7a...@thirdeyesecurity.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LTmc_pX--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Adobe Flash - official guide is not working for me

2018-12-15 Thread qubes-fan
Hi all, I am having an issue with the installation of the Flash Player: 
https://www.qubes-os.org/faq/#how-do-i-install-flash-in-a-debian-qube 


The Adobe download offers only the PPAPI or NPAPI versions for Linux 64, for 
tar.gz. I tried both but when executing the: 

tar xf install_flash_player_npapi_linux.x86_64.tar.gz 

I get error: 

tar: install_flash_player_ppapi_linux.x86_64.tar.gz: Cannot open: No such file 
or directory
tar: Error is not recoverable: exiting now

I tried to instal it both into a debian template and AppVM. Both fail. The name 
of the file is correct. I of course execute it in the folder where the file is 
present. 

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LTmVC-E1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] VPN-tunnels officially in Qubes. When?

2018-11-27 Thread qubes-fan
hi all, is there any plan to add the VPN tunnels officially into the Qubes? 

https://github.com/tasket/Qubes-vpn-support 


Would be nice if less-tech people could benefit from the default setup, if 
working.

Thank you :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LSL5UzG--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-15 Thread qubes-fan
Hi Holger, if this point was to me :), sorry for "hijacking" the thread. The 
flame about Purism laptops here got a bit hot with RYF-puristic guys last time, 
and the questions (one can work with), were mostly unanswered. But they were 
basically right. 

Just to remind you, I had a conversation directly with the Todd Weaver about, 
if I remember properly, 2 weeks before they announced the ME cleanup. He told 
me in the conversation that they will completely remove the ME ( 2 weeks before 
the announcement), and they actually didn't. I am not blaming them, maybe he 
was just misinformed. I am just a semi-tech, and as many others I am not able 
to check stuff in depth, cause my extensive specialization is elsewhere. I am 
depending in Tech-Threat-Modeling on ppl like you or Thierry or Joanna, same 
way as you are depending on psychology specialists on psychology part of your 
Threat  Modeling (right)?

The implications of the claim "ME is completely removed" from Purism, can be 
extensive If I (or anyone else) advice to an organization (lets say a large, 
influential one), as a trusted advisor, the Purism laptops with claim: "ME is 
completely removed and your attack map is shrinked to this or that" and it is 
not.  It can kill the relation and even worse, put the organization in risk by 
not considering the threat in their OpSec. This is THE SHAME.

I can't help myself but, after that "mistake" from Purism I must include this 
to my Trust Model as a handicap for them. They should just make this clear 
somehow.

Thierry finally cleared this up somehow (at least for me), and put some light 
for decision making. This is actually something I can work with. 

Have a nice day :)


Nov 14, 2018, 10:30 PM by hol...@layer-acht.org:

> On Sat, Nov 10, 2018 at 09:24:40AM -0800, Kyle Rankin wrote:
>
>> It's a shame this thread got hijacked by people...
>>
> [...discussing other stuff...]
>
>> Could someone who is responsible for the HCL please update it with the data
>> I've provided in this thread? This would update the HCL with a version of
>> the Librem 13v2 that provides a TPM for people who are considering running
>> Qubes 4.0 with AEM.
>>
>
> has this (updating the HCL for Librem 13v2) happend now?
>
>
> -- 
> cheers,
>  Holger
>
> ---
>  holger@(debian|reproducible-builds|layer-acht).org
>  PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/20181114213042.y4w4qdaogapxq...@layer-acht.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRLc0ca--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-14 Thread qubes-fan
Hi Thierry, thank you for your excellent and extensive explanation of the 
topic, just wow! This is precisely what semi-techs as me need, to understand 
the heavy-tech topics more. 

It helped me to see the differences in between vt-d1 vs vt-d2 and its 
implications. Yes, the X200 is excellent for Tails, but I need to run Qubes 4 
too. 

So if I understand it properly, the X230 has remains of the ME which are but 
deactivated before kernel boots. This quite shrinks the attack options, clear. 

I understand you prefer to post answers directly on the forum. About the prices:

- What exactly means the Hardware reprogramming fee? Is it the ME
cleanup? Is it an extra charge of $250 on top of $620 for actually
freeing the X230? The $620 is for non-free X230 than?

Are you sometimes in EU? 

thx

Nov 13, 2018, 5:52 PM by thierry.laur...@gmail.com:

> Hi all,
> Sorry to have misadvertised Purism work. Didn't went across that post: > 
> https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/ 
> <https://puri.sm/posts/neutralizing-intel-management-engine-on-librem-laptops/>
> So it seems that Intel ME deactivation is on par with Ivy bridge, resulting 
> in only the ROMP and BUP modules being required to initialize ME. 
>
> For firmware binary blob requirements, FSP is still required, see here: > 
> https://github.com/osresearch/heads/tree/master/blobs/librem_skl 
> <https://github.com/osresearch/heads/tree/master/blobs/librem_skl>>  and here 
> > 
> https://github.com/osresearch/heads/blob/master/config/coreboot-librem13v2.config
>  
> <https://github.com/osresearch/heads/blob/master/config/coreboot-librem13v2.config>
>
> Thierry
>
>
> On Tue, Nov 13, 2018 at 10:44 AM Thierry Laurion <> thierry.laur...@gmail.com 
> <mailto:thierry.laur...@gmail.com>> > wrote:
>
>>  Hi qubes-fan. Answers inline.
>> On Tue, Nov 13, 2018 at 6:27 AM <>> qubes-...@tutanota.com 
>> <mailto:qubes-...@tutanota.com>>> > wrote:
>>
>>> Hi Thiery, I wasn't aware the X230 can be freed same way as the X200 can.
>>>
>> Unfortunately, the x230 cannot have Intel ME deleted the same way the x200 
>> can, even though binary free firmware is par with it.
>>
>> The x200 is RYF certified where the x230 isn't for approximately the same 
>> reasons Libreboot supports only the former. RYF and Libreboot have a really 
>> strong guideline against binary blobs. Even Libreboot opened up it's ethic 
>> to support the x220 (Sandy bridge), but backed off, since part of the ME 
>> engine is still present even if deactivated. The RYF certification could not 
>> be obtainable for those. See archive: >> 
>> https://web.archive.org/web/20170404144825/https://minifree.org/product/libreboot-x220/
>>  
>> <https://web.archive.org/web/20170404144825/https://minifree.org/product/libreboot-x220/>
>>
>> Intel ME can be completely removed on the x200 (GM45 based), leaving no 
>> trace of it at all. (>> https://libreboot.org/faq.html#intel 
>> <https://libreboot.org/faq.html#intel>>> ). It can be neutralized on the 
>> x220 and x230 (Ivy bridge), leaving only the ROMP and BUP modules (<90k of 
>> it), but "deactivating" ME before it's kernel is even booted, where the 
>> Librem Laptops have parts of it deactivated only, and unfortunately contains 
>> binary blobs in the firmware. Once again, depending of your threat model, 
>> that may or not be a deal breaker for you. 
>>
>> Neutralizing/Deactivating/Deleting/Freeing Intel ME is a word game where a 
>> lot of ink spilled over the last years. I suggest you to read this doc: (>> 
>> https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F 
>> <https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F>>> ) . 
>> Basically, Intel ME version <11 can be deactivated, since no kernel needs to 
>> be present in the firmware for validation prior to initialization, resulting 
>> in the BUP module only being launched, permitting the machine to boot, where 
>> version >11 requires the kernel and syslib modules to be present and 
>> validated at initialization. So even if Intel ME is neutralized by 
>> me_cleaner, the modules are still there in >11. Could they be executed? That 
>> depends on your beliefs and threat modeling.
>>
>> Technically, GM45 based laptops are currently the last Intel based hardware 
>> where Intel ME can be completely removed. Unfortunately, such old hardware 
>> comes with important limitations, some of which makes it incompatible with 
>> QubesOS 4 requirements for isolation and virtualization. The x200 has vt-d1 
&g

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread qubes-fan
Hi Thiery, I wasn't aware the X230 can be freed same way as the X200 can. As 
you saw, I am thinking about buying the RYF https://tehnoetic.com/tet-t400s 
 to be able to run with the Qubes 4. The  
T400s has but unfortunately 8GB RAM max and so the X230 with 16GB seems very 
interesting.

So my question is if the X230 is really deprived of all ME-AMT, or any non-free 
dirt? If this is the case, your offer seems really interesting with all 
mentioned options available. I also use the RYF X200 for non-Qubes activities, 
but it would be just excellent if I could have just one machine for 
Qubes+non-Qubes too. 


Nov 12, 2018, 7:30 AM by thierry.laur...@gmail.com:

> Hi!
>
>> I checked out the x230 and you are right they are available and cheap. I 
>> would still be interested in finding some company/individual who I can trust 
>> to take care of the BIOS flashing for me as a service(I would think others 
>> would also want this service as well...). The problem is who?
>>
> I started Insurgo Technologies Libres/Open Technologies exactly for that! (> 
> https://www.facebook.com/InsurgoTech/insights/?section=navPosts 
> > )
>
> We actually reprogram A-Grade refurbished x230 with Heads firmware (> 
> http://osresearch.net/ > ), while neutralizing Intel 
> ME (> 
> https://github.com/osresearch/heads-wiki/blob/master/Clean-the-ME-firmware.md 
> >
>  ) while being there.
>
> I collaborate with Heads and QubesOS developers for a while now.. 
> QubesOS can even be preinstalled with user's desired customizations (> 
> https://github.com/SkypLabs/my-qubes-os-formula/issues 
> > ) or shipped with 
> latest QubesOS ISO on external MicroSD support. Heads validates ISO integrity 
> with distribution's signing keys prior to boot them (Tails, Fedora, QubesOS).
>
> Heads, deployed with a Nitrokey Pro v2/LibremKey or by using internal TPM, 
> validates rom' integrity before booting from it. With the help of a 
> NitroKey/LibremKey (> https://puri.sm/posts/introducing-the-librem-key/ 
> > ), the boot 
> configurations are signed with user's keys and verified and the firmware 
> integrity is attested at each reboot through HOTP (led flashing or TPMTOTP on 
> user's cell phone through Google Authenticator or compatible app.
>
> The user receives the Nitrokey/LibremKey and his computer in distinct 
> shipping packages and reunites at first laptop boot to attest that the 
> firmware of the computer has not been tampered with in transit. (> 
> https://puri.sm/posts/introducing-the-librem-key/ 
> > ). 
>
> The user, upon bootup integrity attestation, proceeds to the ownership of his 
> new laptop (TPM) and his LibremKey. The user is then invited to reencrypt his 
> SSD encrypted content with it's own chosen passphrase(> 
> https://github.com/osresearch/heads/issues/463 
> > ) and to choose a secondary 
> disk unlock passphrase, which will unlock encrypted disk content only if the 
> firmware has boot attested integrity.
>
> Notes: 
> The user will be able to ask > Insurgo>  interactive support in the near 
> future. (> https://github.com/SkypLabs/my-qubes-os-formula/issues/6 
> > ). 
> Buying from>  Insurgo (ITL/IOT)>  funds directly my participation to those 
> projects.
> Bulk discount are available upon request. Insurgo plans to transit into a 
> working/buying cooperative in the near future. 
>
>
> Prices are in Canadian Dollars (CDN)
> x230>  i5 240GB SSD 16GB Webcam and IPS: $620 
> Hardware reprogramming fee: +250$ 
> Backlit Keyboard: 40$  (optional)
> Webcam 10$  (optional)
> Nitrokey/LibremKey: + 80$ 
> The refurbisher offers a warranty plan on the value of the purchase:
> 1 Month %5
> 3 Months %10
> 6 Months %15
> 1 Year %25
>
> Thierry Laurion:
> GitHub: > https://github.com/tlaurion/ 
> LinkedIn: > https://www.linkedin.com/in/thierry-laurion-40b4128/ 
> 
>
> Insurgo, Technologies Libres / Open Technologies:
> email: > insu...@riseup.net >  for more 
> information.
> GPG key: > http://keys.gnupg.net/pks/lookup?op=get=0x79C78E6659DB658F 
> 
> Follow this guide or it's platform equivalent: > 
> https://securityinabox.org/en/guide/thunderbird/mac/ 
> 
> Website: > https://Insurgo.ca 
> Facebook: > https://www.facebook.com/InsurgoTech/ 
> 
>
> On Sun, Nov 11, 2018 at 9:26 PM <> 

Re: [qubes-users] HCL - Purism Librem 13 v2

2018-11-13 Thread qubes-fan
Sorry to jump out of the Purism thing. Some weeks ago I put here the question 
too and it was bit stormy, so I keep it aside. 

Mate, you mention the "Lenova 400 series". That was my question short before in 
my post. I am planning to buy this guy: https://tehnoetic.com/tet-t400s 
 It is RYF and so the ME and AMT is completely 
removed. My question was, if I could run Qubes 4 on it. The answer was it is 
too old to have the required virtualization needed to run Qubes 4. 

Now, do you think the RYF T400s above, which si T400 series you mention, could 
run the Qubes 4? This would be great. One could run the reasonably secure OS on 
reasonably secure HW. Yay!


Nov 11, 2018, 6:07 AM by 22...@tutamail.com:

> Tough questions and discussion but in the spirit of finding the "best" we can 
> get laptop for Qubes 4.0  (Best being defined as: available to purchase, 
> priced right, most open, most "reasonably" secure and"reasonably simple" 
> to maintain), for me I see the following as my best options, ranked:
>
> Lenovo Carbon 5G X1
> Available
> Good RAM
> Little pricey
> Easy install/maintain? Not sure if I can flash these BIOS...
>
> Lenova 400 series
> Available
> Affordable
> Limited RAM?
> Little boxy
> Easier to install/maintain
>
> Librem 'what ever" model
> Available
> NOT Affordable
> Limited RAM?
> Reasonably easy to install/maintain!
>
> G505
> NOT as Available
> Affordable
> Limited RAM?
> Very boxy?
> Tough to install/maintain (Flash BIOS?? Out of my scope...)
>
>
> 200 series
> NOT as Available?
> Affordable
> Limited RAM?
> Very boxy?
> Tough to install/maintain! (Flash BIOS?? Out of my scope...)
>
>
> Dell/HP/Other?
> I don't know, but I suspect Qubes was developeded on Lenovo's yet select 
> models work
>
> Desk Tops
> I need a laptop...
>
> Keep in mind I might weigh some of the "Easy to install/maintain" perspective 
> more heavily but I see my best options as:
>
> 1)Carbon X1 being the ultimate winner (if I want to invest the $1k)
> 2)T400+ series for the budget concerned
> 3)Librem if you want to get the best you can with out the "fuss" and pay some 
> $$
> 4)G505/200 if you have the technical know-how/experience
>
>
> What I am struggling to weigh is the security/privacy/trust compromises and 
> implications I have made/would make? I know G505/200 type products are most 
> secure but how can I get one pre-installed and done (Easy) yet still balance 
> trust, security, afford-ability, etcI fear the open source BIOS are out 
> of my technical scope to install and maintain.
>
> I find Librem intriguing with the easiest "most" open source option for the 
> "reasonable" layman(person)...sure not Intel/AMD/government secure but at 
> least non chip maker collusion secure? Lets assume Librem screwed up 
> initially with their claimsare they clear now? Is their product a good 
> option?
>
> Decisions, Decisions...
>
>  
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/d53fd873-90fb-4426-b960-efd57aafb...@googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRBjPh9--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Thinkpad T400s RYF

2018-11-13 Thread qubes-fan
Outch, bad news :-( Basically I have only two options than: run reasonably 
secure QubesOS on a flawed-by-design-HW, or use RYF HW with not so secure OS. I 
am not maximalist, but you know, one doesn't go on boat that has holes in it, 
even he has nicely and safely packed cookies on board.

Or is there any other RYF laptop which could run QubesOS? Sad days, these days.


Nov 10, 2018, 4:43 PM by qubes-users@googlegroups.com:

> qubes-...@tutanota.com > :
>
>> Hi, I am thinking about getting the RYF T400s for Qubes 4. Is there anyone 
>> here who is running the T400s successfully with Qubes 4? If yes, how is the 
>> install/setup?
>>
>> https://tehnoetic.com/tet-t400s >>  <>> 
>> https://tehnoetic.com/tet-t400s >> >
>>
> It's a respectable piece of hardware, but I think it is too old to support 
> the hardware virtualization (VT-d) Qubes 4.0 requires.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/8d3d3601-b64e-77c5-3740-f89e41321...@danwin1210.me
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LRBemDI--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Thinkpad T400s RYF

2018-11-10 Thread qubes-fan
Hi, I am thinking about getting the RYF T400s for Qubes 4. Is there anyone here 
who is running the T400s successfully with Qubes 4? If yes, how is the 
install/setup?

https://tehnoetic.com/tet-t400s 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LQxy5dy--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] GRUB upgrade debian-9 - what device to install it on

2018-11-10 Thread qubes-fan
Hi, I downloaded the debian-9 update which includes the GRUB upgrade. It asks 
me to decide where to install it. What device should I take? I run on Qubes 4.

/dev/xvda
/dev/xvdb
/dev/xvdc
/dev/xvdd
/dev/xvda3

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LQxu90b--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] i2p setup for Qubes

2018-10-16 Thread qubes-fan
Hi, I would like to ask you about experiences with the i2p in Qubes 4. What 
setup would you consider as "best" in case I would like to use i2p without 
routing it through Tor first? I read the >Use I2P client inside 
Whonix-Workstation (Preferred)< guide on Whonix website and consider it to be 
the "best option" to for i2p over Tor. I am looking for the secure and reliable 
i2p setup without routing it through Tor.

If you would like to use i2p to its full potential on Qubes, without going to 
clearnet with the i2p VMs, for anonymity with I2Pbotte, chat, eepsite 
browsing...what setup (template used, firewall setting, net VM setting, VMs 
structure used) would you advice for such a usage model?

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LOx9ulb--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] VPN Tunnels - any date for official release?

2018-09-26 Thread qubes-fan
You are a hero mate :-B
Looking forward!


Sep 26, 2018, 6:20 PM by tas...@posteo.net:

> On 09/26/2018 11:39 AM, > qubes-...@tutanota.com 
> >  wrote:
>
>> Is there anything new with the Integration of VPN Tunnels for Qubes? The 
>> release of the U2F Proxy was an excellent move. Is there any date to 
>> officially launch the VPN Tunnels for less technically skilled users?
>>
>> If someone finds the time to give it some love, we would be significantly 
>> happier \o/
>>
>> Thank you!
>>
>
> I'm working on getting the packaging correct so that it integrates properly 
> with qubes-builder. Its a bit more complicated than I expected but I think it 
> could happen this week.
>
>
> -- 
>
> Chris Laprise, > tas...@posteo.net 
> https://github.com/tasket 
> https://twitter.com/ttaskett 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LNLjm2N--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] VPN Tunnels - any date for official release?

2018-09-26 Thread qubes-fan
Is there anything new with the Integration of VPN Tunnels for Qubes? The 
release of the U2F Proxy was an excellent move. Is there any date to officially 
launch the VPN Tunnels for less technically skilled users? 

If someone finds the time to give it some love, we would be significantly 
happier \o/

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LNLXGcV--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Signal installation returns gpg: no valid OpenPGP data found.

2018-09-26 Thread qubes-fan
Solved.


Sep 26, 2018, 4:27 PM by qubes-...@tutanota.com:

> hi, it only shows itself in the <>, I put it precisely like what you show and 
> with the same result..
> gpg: no valid OpenPGP data found
>
> My curl is 7.52.1-5+deb9u7, and I am using cloned debian-9 template. Dont 
> know how to proceed.
> Any support appreciated.
>
>
> Sep 25, 2018, 5:03 PM by > qube...@riseup.net > :
>
>> qubes-...@tutanota.com >>  <>> 
>> mailto:qubes-...@tutanota.com >> >> :
>>
>>> I try to install the Signal to my debian-9 template, following the guide >> 
>>> >>> https://www.qubes-os.org/doc/signal 
>>> >> 
>>> https://www.qubes-os.org/doc/signal 
>>> >>  <>> >>> 
>>> https://www.qubes-os.org/doc/signal 
>>> >> 
>>> https://www.qubes-os.org/doc/signal 
>>> >> > .
>>>
>>> After I initiate 
>>> $ curl -s >> >>> https://updates.signal.org/desktop/apt/keys.asc 
>>> >> 
>>> https://updates.signal.org/desktop/apt/keys.asc 
>>> >>  <>> >>> 
>>> https://updates.signal.org/desktop/apt/keys.asc 
>>> >> 
>>> https://updates.signal.org/desktop/apt/keys.asc 
>>> >> > | sudo apt-key 
>>> add -
>>> I get 
>>> $ gpg: no valid OpenPGP data found.
>>>
>>> Thank you
>>>
>>
>> You have added this part
>> "<> >> https://updates.signal.org/desktop/apt/keys.asc 
>> >>  <>> 
>> https://updates.signal.org/desktop/apt/keys.asc 
>> >> >> >" accidentally. The
>> correct command, as shown in the guide, is:
>>
>> curl -s > >> https://updates.signal.org/desktop/apt/keys.asc 
>> >>  <>> 
>> https://updates.signal.org/desktop/apt/keys.asc 
>> >> >>  | sudo apt-key add -
>>
>> This should work as expected, I just tested it.
>>
>> -- 
>> qubenix
>> PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
>> OTR: > >> qube...@chat.freenode.net >>  
>> <>> mailto:qube...@chat.freenode.net 
>> >> >
>> OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to > >> qubes-users+unsubscr...@googlegroups.com 
>> >>  <>> 
>> mailto:qubes-users+unsubscr...@googlegroups.com 
>> >> >> .
>> To post to this group, send email to > >> qubes-users@googlegroups.com 
>> >>  <>> 
>> mailto:qubes-users@googlegroups.com 
>> >> >> .
>> To view this discussion on the web visit > >> 
>> https://groups.google.com/d/msgid/qubes-users/ee063803-5308-39bc-d192-150f3cab93b8%40riseup.net
>>  
>> >>
>>   <>> 
>> https://groups.google.com/d/msgid/qubes-users/ee063803-5308-39bc-d192-150f3cab93b8%40riseup.net
>>  
>> >>
>>  >> .
>> For more options, visit > >> https://groups.google.com/d/optout 
>> >>  <>> 
>> https://groups.google.com/d/optout >> >> 
>> .
>>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LNLGn-s--3-1%40tutanota.com 
> > .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 

Re: [qubes-users] Signal installation returns gpg: no valid OpenPGP data found.

2018-09-26 Thread qubes-fan
hi, it only shows itself in the <>, I put it precisely like what you show and 
with the same result..
gpg: no valid OpenPGP data found

My curl is 7.52.1-5+deb9u7, and I am using cloned debian-9 template. Dont know 
how to proceed.
Any support appreciated.


Sep 25, 2018, 5:03 PM by qube...@riseup.net:

> qubes-...@tutanota.com > :
>
>> I try to install the Signal to my debian-9 template, following the guide >> 
>> https://www.qubes-os.org/doc/signal >> 
>>  <>> https://www.qubes-os.org/doc/signal 
>> >> > .
>>
>> After I initiate 
>> $ curl -s >> https://updates.signal.org/desktop/apt/keys.asc 
>> >>  <>> 
>> https://updates.signal.org/desktop/apt/keys.asc 
>> >> > | sudo apt-key add -
>> I get 
>> $ gpg: no valid OpenPGP data found.
>>
>> Thank you
>>
>
> You have added this part
> "<> https://updates.signal.org/desktop/apt/keys.asc 
> > >" accidentally. The
> correct command, as shown in the guide, is:
>
> curl -s > https://updates.signal.org/desktop/apt/keys.asc 
> >  | sudo apt-key add -
>
> This should work as expected, I just tested it.
>
> -- 
> qubenix
> PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
> OTR: > qube...@chat.freenode.net 
> OTR: DFD1DA35 D74E775B 3E3DADB1 226282EE FB711765
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/ee063803-5308-39bc-d192-150f3cab93b8%40riseup.net
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LNLGn-s--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Signal installation returns gpg: no valid OpenPGP data found.

2018-09-25 Thread qubes-fan
I try to install the Signal to my debian-9 template, following the guide 
https://www.qubes-os.org/doc/signal/  .

After I initiate 
$ curl -s https://updates.signal.org/desktop/apt/keys.asc 
 | sudo apt-key add -
I get 
$ gpg: no valid OpenPGP data found.

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LNG2enI--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: whonix-ws-14 apt-get autoremove broke the template

2018-09-18 Thread qubes-fan
After the install, did you just use:

sudo apt update && apt dist-upgrade 
# than
sudo apt autoremove

?


Sep 18, 2018, 3:21 PM by sbore...@gmail.com:

> Am Montag, 17. Septe 2018 23:48:27 UTC+2 schrieb > qube...@tutanota.com 
> > :
>
>> hi, after the last update of the whonix-ws-14 template with recommended 
>> apt-get autoremove, the template got broken. 
>> - Most of the apps disappeared
>> - torbrowser doesnt connect to net
>> - template itself cant be updated. 
>>
>> user@host:~$ sudo apt-get update
>> Reading package lists... Done
>> E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource 
>> temporarily unavailable)
>> E: Unable to lock directory /var/lib/apt/lists/
>>
>> Upon launching TorBrowser, the wellcome page is "File not found". Upon 
>> trying to connect to a web page, "Secure connection failed".
>>
>> any ideas?
>>
>
> Hi,
>
> was bitten by this as well. The whonix repos must have been in a strange 
> state yesterday (Sep 17), and a dist-upgrade removed too much stuff (with 
> essentially
> the symptoms you describe).
>
> I bit the bullet and just reinstalled the whonix templates, followed by
> apt update/dist-upgrade/autoremove and today everything behaved as expected.
>
> It would be great though if it were possible to avoid these 'flaky' states of
> the whonix repos ..
>
> Best,
>
> Stefan
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/d3458446-379c-4b54-967f-c9d82cf028c2%40googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMhbVbN--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Purism Librem 13 v2

2018-09-17 Thread qubes-fan
Looks like it is a bit of a blind way. To use the reasonably secure OS without 
possibility to use it on the reasonably secure HW, is an issue which needs to 
be addressed a bit. I originally guessed that Qubes would run on the RYF 
devices well, and I am quite surprised it doesn't (doesnt it?). Is there any 
strong issue which prevents Qubes to function with RYF devices? 

Am I missing something on the assumption that RYF devices, with disabled 
IME-AMT known security hole, with the coreboot  instead of BIOS and so on, are 
more secure-potential than the non-RYFs? 

I need a working laptop. Desktop is not an option. 


Sep 17, 2018, 11:54 PM by taii...@gmx.com:

> On 09/16/2018 02:51 AM, 'awokd' via qubes-users wrote:
>
>> On Sat, September 15, 2018 10:30 am, >> qubes-...@tutanota.com 
>> >>  wrote:
>>
>>> Hi, during my email conversation with the Todd Weaver
>>>
>
> That liar comes out of nowhere with his super slick marketing and sets
> the computing freedom movement back 10 years.
>
> At first I thought it was just being naive but now as he persists it
> seems more like malice.
>
> puri.junk does NOT respect you, it is fully blobbed and the ME is not at
> all disabled.
>
> Todd weaver is a lying fraudster.
>
>>> in the
>>> pre-IME-disabled time, he told me they will fully disable the IME and AMT
>>> within next week. After about a week they announced they did just that.
>>> Are this links a lie?
>>> https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-compu 
>>> 
>>> ter/
>>> <>>> 
>>> https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-com 
>>> 
>>> puter/>
>>> https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-mana 
>>> 
>>> gement-engine/
>>> <>>> 
>>> https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-man 
>>> 
>>> agement-engine/>
>>>
>>
>> "Lie" depends on your definition of "completely". Skylake onwards
>> processors can have much of ME disabled. I believe Purism with Heads and a
>> handful of other manufacturers are using the technique here:
>> http://blog.ptsecurity.com/2017/08/disabling-intel-me.html 
>> >> , but as you 
>> can
>> see there are still some modules required for initialization before the
>> HAP bit takes effect and skips the remainder. Additionally, there is an
>> FSP blob needed for init. Currently shipping AMD CPUs are no better.
>>
>
> Skylake kernel still runs, that is not disabled and there is more than
> enough ability to play dirty tricks like SMM rootkits or what not.
>
> HAP is asking politely.
>
>>> Talking about alternatives: how the Qubes 4.0 stand with RYF certified
>>> X200? Like for example this one: >>> 
>>> https://tehnoetic.com/laptops/tet-x200s 
>>> 
>>> <>>> https://tehnoetic.com/laptops/tet-x200s 
>>>  and others like T400 and 
>>> T500,
>>> which can be found there as well. Working well? Any issues known? Thank
>>> you
>>>
>>
>> At present, RYF has not certified any laptops with hardware capable of
>> running Qubes 4.0, but there are a couple older AMDs that can. A scale of
>> hardware openness/owner control from most to least would be something
>> like:
>>
>> 10: OpenPOWER, RYF certified x86 with all blobs replaced- Qubes 4.0 can't
>> run on either
>>
>
> Since you mention power and there aren't currently any laptops do you
> mean laptops or desktops? In terms of desktops there are a variety that
> qubes 4.0 can run on.
>
> The future is POWER for all...
>
>> 8: older AMD like A10-5750M- a couple blobs required but Qubes 4.0 works
>> on these and the rest listed
>> 6: pre-Skylake Intel with ME/HAP tweaks- a few more blobs and 2 ME modules
>> required
>> 4: Skylake+ Intel with ME/HAP tweaks, AMD Ryzen with PSP disabled in UEFI
>> config- more blobs and modules required
>>
>
> That doesn't disable it! you are simply asking nicely for it to shut off
> and hoping that it does so. It is not at all equivilant to say pre-core
> intel systems where one really could disable it or even better one that
> doesn't have any black boxes like the talos.
>
>> 0: Intel/AMD x86 with no tweaks- most shipping volume today
>>
>> ARM (& possibly RISC) is a special case in that the integrator can decide
>> where on the scale they want to deliver their product, but neither support
>> Qubes 4.0.
>>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> 

[qubes-users] whonix-ws-14 apt-get autoremove broke the template

2018-09-17 Thread qubes-fan
hi, after the last update of the whonix-ws-14 template with recommended apt-get 
autoremove, the template got broken. 
- Most of the apps disappeared
- torbrowser doesnt connect to net
- template itself cant be updated. 

user@host:~$ sudo apt-get update
Reading package lists... Done
E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily 
unavailable)
E: Unable to lock directory /var/lib/apt/lists/

Upon launching TorBrowser, the wellcome page is "File not found". Upon trying 
to connect to a web page, "Secure connection failed".

any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMdVNII--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Purism Librem 13 v2

2018-09-17 Thread qubes-fan
It is offtopic, but I gues he is referring to the need to run JS to have 
Protonmail running with web-browser and register, or a need to run Bridge to 
use the Thenderbird. The JS can be anytime replaced with a malicious one and it 
is game over. 

All clear but it really depends on the OPSEC one has. 

My point here was actually about running Qubes, which I consider as one of the 
best security solutions available out there in tandem with Tails, on the as 
much as possible secure HW. I know I knowdont stone me, but if I use a 
reasonably secure OS, I would like to use it on reasonably secure hardware 
(laptop), if thats anyhow possible. 


Sep 16, 2018, 9:57 AM by riverbo...@gmail.com:

>>
>> This made me laugh out loud. All your ranting and raving about security and 
>> dishonesty, and you sent the message using PROTON MAIL. Good lord. Talk 
>> about dishonesty and pseudo-security.
>>
>
> Off Topic - but... would you care to elaborate what fault you alleged in 
> Protonmail and your source?
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/dabcb4d5-4400-47a8-b624-3b2cd9c5e6b5%40googlegroups.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMb0l84--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] HCL - Purism Librem 13 v2

2018-09-15 Thread qubes-fan
Hi, during my email conversation with the Todd Weaver in the pre-IME-disabled 
time, he told me they will fully disable the IME and AMT within next week. 
After about a week they announced they did just that. Are this links a lie?
 https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/ 

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
 


Talking about alternatives: how the Qubes 4.0 stand with RYF certified X200? 
Like for example this one: https://tehnoetic.com/laptops/tet-x200s 
 and others like T400 and T500, which 
can be found there as well. Working well? Any issues known?
Thank you


Sep 15, 2018, 1:00 AM by taii...@gmx.com:

> Everyone please be aware that purism's marketing is dishonest.
>
> Their products do not have open source firmware[1] and the ME is not
> disabled (the kernel still runs along with mask roms and the me hw init
> code)
>
> Intel chips or any new x86 for that matter do NOT respect your privacy!
>
> [1]Their coreboot is simply a shim loader layer for Intel's FSP binary
> blob that performs the hardware initiation - these days coreboot doesn't
> necessarily mean open source firmware.
>
> In terms of laptops it is much better to purchase for instance an owner
> controlled pre-PSP AMD G505S[2] which has open cpu/ram init via coreboot
> or one of the ivy/sandy thinkpads which while not owner controlled are
> significantly more free than puri.crap as they have open cpu/ram/gpu
> init via coreboot and their ME can be nerfed down to the BUP layer which
> while is not at all equivilant to not having an ME at all such as on
> non-x86 arches or pre-PSP AMD it is still much better.
>
> All of my laptop recommendations here work great with Qubes 4.0 and
> there is a nice little qubes g505s community.
>
> [2](for the best user experience make sure to get the highest end quad
> core A10 model if you buy one - although the less expensive A6 quad core
> models are still quite usable)
>
>
> I do not have an issue with purism selling non-free laptops - I have an
> issue with them being dishonest.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMRlztC--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] pEp in Enigmail-Thunderbird in Whonix-14 Qubes

2018-09-13 Thread qubes-fan
Hi, I learned that in Whonix-14 in Qubes 4.0 there is no default support for 
pEp in Enigmail-Thunderbird. Is it Qubes specific or Whonix specific? Is there 
any reason for not supporting pEp in Whonix? 

In other templates after installing the Enigmail addon the support for pEp 
jumps up automatically like Enigmail/pEp.

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMIW1vl--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??

2018-08-30 Thread qubes-fan
Patrick this is exactly my point - all other whonix VMs like anon-whonix are 
working well. Only the whonix-ws-14-dvm is having this issue. 


Aug 29, 2018, 6:15 PM by patrick-mailingli...@whonix.org:

> qubes-...@tutanota.com > :
> >The dvm should just get the Tor Browser from the whonix-ws-14-dvm same as 
> >anon-whonix for example, right?
>
> Yes.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/df8846be-ecba-74b2-b913-b88a784dbfd0%40whonix.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LL9eskW--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Whonix 14 - Updated, just lost Tor Browser for Whonix-dvm??

2018-08-29 Thread qubes-fan
Hi Peter, I try to figure out (same issue with my whonix-ws-14-dvm Tor Browser) 
how my whonix-ws-14 template is nicely containing the Tor Browser, and all VMs 
based on it are having it too (working well), and only the whonix-ws-14-dvm 
which is based on the same whonix-ws-14 template doesnt have it "updated".  The 
dvm should just get the Tor Browser from the whonix-ws-14-dvm same as 
anon-whonix for example, right? What am I missing?

Also could you please elaborate more on the

>> "set the date back a
>> couple weeks in the template"
>>
How do I do that?

Thank you


Aug 27, 2018, 3:54 PM by peterstil...@gmail.com:

> Thanks! Good idea.
>
> On Mon, 27 Aug 2018 at 14:04, awokd <> aw...@danwin1210.me 
> > > wrote:
>
>> On Mon, August 27, 2018 9:30 am, code9n wrote:
>>  > Same issue but when I try to update-torbrowser (or via Tor Browser
>>  > Downloader) the install fails because ttb's signature has expired.
>>  >
>>  >
>>  > I have to wait for the tor project to resign ttb (7.5.6), right?  If I
>>  > tried to get the key that comes with it from >> torproject.org 
>> >>  and import it
>>  > into Whonix it'd still be the same, expired, key anyway?
>>  
>>  Not exactly a Qubes issue, but you could temporarily set the date back a
>>  couple weeks in the template then update-torbrowser.
>>  
>>  
>>
>
>
> -- 
> Peter Stiles
> 0779 3533 947
>
>
>
> --
>  You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
>  To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
>  To post to this group, send email to > qubes-users@googlegroups.com 
> > .
>  To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/CA%2BSwr7GFE5WcPpXz_5X%3DG8-XcX7YaLZu%2BTr4EoO8-L%2BydkrM7g%40mail.gmail.com
>  
> >
>  .
>  For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LL3yTHI--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] sys-whonix uninstal error

2018-08-26 Thread qubes-fan
Solved! I had to change the ClockVM in the Qubes Global Settings from 
sys-whonix to sys-whonix-copy. Now the sys-whonix is deleted sucessfully.  


Aug 26, 2018, 1:51 PM by qubes-...@tutanota.com:

> hi, I am trying to follow the fresh install of whonix 14 guide as posted by 
> Patrick here, which requires me to uninstall the sys-whonix together with the 
> whonix-ws, whonix-gw and anon-whonix. 
>
> When I try to uninstall the sys-whonix, it comes with the following error:
>
> ERROR: Domain is in use: 'sys-whonix'; details in system log
>
> I already removed whonix-ws, whonix-gw, anon-whonix. Before I clonned them to 
> -clone including sys-whonix-clone; I removed sys-whonix from all whonix based 
> VMs, including DVMs. I cant see its use anywhere.
> I added qubes-prefs updatevm sys-whonix-clone in dom0 to force the updates of 
> whonix through Tor.
> I even changed the /etc/qubes-rpc/policy/qubes.UpdatesProxy from sys-whonix 
> to sys-whonix-clone
>
> Whatever I try, the error persists when trying to delete sys-whonix, to 
> follow the whonix 14 guide.
>
> Any ideas?
> Thank you
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LKq3jNH--3-1%40tutanota.com 
> > .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKqG12Y--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] sys-whonix uninstal error

2018-08-26 Thread qubes-fan
hi, I am trying to follow the fresh install of whonix 14 guide as posted by 
Patrick here, which requires me to uninstall the sys-whonix together with the 
whonix-ws, whonix-gw and anon-whonix. 

When I try to uninstall the sys-whonix, it comes with the following error:

ERROR: Domain is in use: 'sys-whonix'; details in system log

I already removed whonix-ws, whonix-gw, anon-whonix. Before I clonned them to 
-clone including sys-whonix-clone; I removed sys-whonix from all whonix based 
VMs, including DVMs. I cant see its use anywhere.
I added qubes-prefs updatevm sys-whonix-clone in dom0 to force the updates of 
whonix through Tor.
I even changed the /etc/qubes-rpc/policy/qubes.UpdatesProxy from sys-whonix to 
sys-whonix-clone

Whatever I try, the error persists when trying to delete sys-whonix, to follow 
the whonix 14 guide.

Any ideas?
Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKq3jNH--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-22 Thread qubes-fan
Thank you mate :)


Aug 17, 2018, 2:41 PM by qubes-users@googlegroups.com:

> On Thu, August 16, 2018 11:28 am, > qubes-...@tutanota.com 
> >  wrote:
>
>> Hi Patrick, I summed up how I understand it. Correct me if I am wrong:
>>
>>
>> - I back up the whonix(13) VMs of choice
>> - I clone the sys-whonix, anon-whonix, whonix-ws and whonix-gw to -backup
>> (whonix-gw is a base template for the sys whonix, and must be deleted
>> before install procedure too, right?) - I assign sys-whonix-backup to
>> whonix-gw-backup template; anon-whonix-backup to whonix-ws-backup
>> template, so they dont suffer the deletion of the whonix-13 templates -
>> delete the anon-whonix and sys-whonix VMs - detele whonix-ws and whonix-gw
>> templates - [user@dom0 ~]$ sudo qubesctl state.sls qvm.anon-whonix
>> - if error appears: 
>> [user@dom0 ~]$ sudo qubes-dom0-update
>> --enablerepo=qubes-dom0-current-testing
>> qubes-mgmt-salt-dom0-virtual-machines -if needed, edit the
>> /etc/yum.repos.d/qubes-templates.repo as per guide
>> -  clone the -backup VMs to its original names like sys-whonix-backup to
>> sys-whonix, and anon-whonix-backup to anon-whonix
>>
>
> Instead of cloning these back, I would use qvm-copy to copy files you want
> to keep.
>
>> - assign new renamed
>> sys-whonix to whonix-gw(14) and anon-whonix to whonix-ws(14) templates
>>
>
> New ones should already have the 14 templates assigned.
>
>> - delete anon-whonix-backup, sys-whonix-backup, whonix-ws-backup,
>> whonix-gw-backup
>>
>
> Rest looked right to me.
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/7950df8d21d75c7bd28d3e60579d83ef.squirrel%40tt3j2x4k5ycaa5zt.onion
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LKWANXN--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-16 Thread qubes-fan
Hi Patrick, I summed up how I understand it. Correct me if I am wrong:

- I back up the whonix(13) VMs of choice
- I clone the sys-whonix, anon-whonix, whonix-ws and whonix-gw to -backup 
(whonix-gw is a base template for the sys whonix, and must be deleted before 
install procedure too, right?) 
- I assign sys-whonix-backup to whonix-gw-backup template; anon-whonix-backup 
to whonix-ws-backup template, so they dont suffer the deletion of the whonix-13 
templates
- delete the anon-whonix and sys-whonix VMs
- detele whonix-ws and whonix-gw templates
- [user@dom0 ~]$ sudo qubesctl state.sls qvm.anon-whonix 
- if error appears: 
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing 
qubes-mgmt-salt-dom0-virtual-machines
-if needed, edit the /etc/yum.repos.d/qubes-templates.repo as per guide
-  clone the -backup VMs to its original names like sys-whonix-backup to 
sys-whonix, and anon-whonix-backup to anon-whonix
- assign new renamed sys-whonix to whonix-gw(14) and anon-whonix to 
whonix-ws(14) templates
- delete anon-whonix-backup, sys-whonix-backup, whonix-ws-backup, 
whonix-gw-backup

Do I get it right?
Thank you
 

Aug 16, 2018, 12:57 PM by qubes-...@tutanota.com 
:c

> Hi Patrick, should one switch the Qubes Tor networking backed normally by the 
> sys-whonix to newly created sys-whonix-backup? It make sense to 
> update/upgrade whonix through Tor.
> thx
>
> Aug 14, 2018, 10:10 PM by > patrick-mailingli...@whonix.org 
> > :
>
>> This is completely untested. Let me know what you think and if this
>> works for you.
>>
>> * A backup of all Qubes VMs using the usual Qubes backup mechanism
>> (independent from below) is advisable anyhow.
>>
>> * One who mind about their contents could clone their sys-whonix to
>> sys-whonix-backup and clone their anon-whonix to anon-whonix-backup.
>> Those who don't mind about their contents probably don't have this issue
>> anyhow?
>>
>> * Then delete anon-whonix and sys-whonix.
>>
>> * Then proceed as per >> https://www.whonix.org/wiki/Qubes/Install 
>> 
>>
>> * Then delete the newly created sys-whonix / anon-whonix.
>>
>> * Clone sys-whonix-backup to sys-whonix.
>>
>> * Clone anon-whonix-backup to anon-whonix.
>>
>> * Finally delete superfluous sys-whonix-backup / anon-whonix-backup.
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to >> qubes-users+unsubscr...@googlegroups.com 
>> >> .
>> To post to this group, send email to >> qubes-users@googlegroups.com 
>> >> .
>> To view this discussion on the web visit >> 
>> https://groups.google.com/d/msgid/qubes-users/c99cf0c7-5fcd-f75c-cc61-3cb8ebf5a703%40whonix.org
>>  
>> >>
>>  .
>> For more options, visit >> https://groups.google.com/d/optout 
>> >> .
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LK1UdW6--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-16 Thread qubes-fan
Hi Patrick, should one switch the Qubes Tor networking backed normally by the 
sys-whonix to newly created sys-whonix-backup? It make sense to update/upgrade 
whonix through Tor.
thx

Aug 14, 2018, 10:10 PM by patrick-mailingli...@whonix.org:

> This is completely untested. Let me know what you think and if this
> works for you.
>
> * A backup of all Qubes VMs using the usual Qubes backup mechanism
> (independent from below) is advisable anyhow.
>
> * One who mind about their contents could clone their sys-whonix to
> sys-whonix-backup and clone their anon-whonix to anon-whonix-backup.
> Those who don't mind about their contents probably don't have this issue
> anyhow?
>
> * Then delete anon-whonix and sys-whonix.
>
> * Then proceed as per > https://www.whonix.org/wiki/Qubes/Install 
> 
>
> * Then delete the newly created sys-whonix / anon-whonix.
>
> * Clone sys-whonix-backup to sys-whonix.
>
> * Clone anon-whonix-backup to anon-whonix.
>
> * Finally delete superfluous sys-whonix-backup / anon-whonix-backup.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/c99cf0c7-5fcd-f75c-cc61-3cb8ebf5a703%40whonix.org
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LK1NaJx--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-14 Thread qubes-fan
Thanks Chris. If you dont mind, could you please elaborate more on your 
procedure which worked for you? These two guides are a bit confusing to follow. 

What I understand from your text is following:

1) you followed the guide on whonix page (not the one on qubes page)
Q: 
http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Install#
 

2) you cloned the whonix-ws(13) and assigned all VMs to the whonix-ws-clone. 
Than uninstall the original  whonix-ws(13).
3) you didnt touch the whonix-gw(13). 
Q: Did the sys-whonix (whch is based on whonix-gw(13)) work without an issue 
than? Did you install the new whonix-gw(14) as well with the install procedure?
4) did you use any other commands or procedures in the process?

Did I get it right?

Thank you in advance!  


Aug 13, 2018, 2:32 PM by tas...@posteo.net:

> On 08/13/2018 07:32 AM, > qubes-...@tutanota.com 
> >  wrote:
>
>> Chris, which guide did you follow when installing the new whonix 14 Template 
>> as a "recommended whonix install procedure"? I found these two.
>>
>> http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Install#
>>  
>> >>
>>   <>> 
>> http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Install#
>>  
>> >>
>>  >
>>
>> https://www.qubes-os.org/doc/reinstall-template 
>> >>  <>> 
>> https://www.qubes-os.org/doc/reinstall-template 
>> >> >
>>
>> Thanks
>>
>
> It was a bit confusing, but from the wiki Install page I picked out these 
> relevant steps for dom0 (Qubes 4.0):
>
> $ sudo qubes-dom0-update qubes-core-admin-addon-whonix
> $ sudo qubesctl state.sls qvm.anon-whonix
>
> The second command will start the download and install, although it does not 
> give much feedback.
>
> Also, there is no need to clone old whonix-gw in the steps I mentioned 
> earlier; only whonix-ws is needed. Once you have your appVMs switched over to 
> whonix-ws-14 you can delete the clone.
>
> -- 
>
> Chris Laprise, > tas...@posteo.net 
> https://github.com/tasket 
> https://twitter.com/ttaskett 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LJs8UKK--Z-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-13 Thread qubes-fan
Chris, which guide did you follow when installing the new whonix 14 Template as 
a "recommended whonix install procedure"? I found these two.

http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/wiki/Qubes/Install#
 


https://www.qubes-os.org/doc/reinstall-template/ 


Thanks

Aug 13, 2018, 2:48 AM by tas...@posteo.net:

> On 08/12/2018 05:23 PM, Andrew David Wong wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 2018-08-12 14:26, 'awokd' via qubes-users wrote:
>>
>>> On Sun, August 12, 2018 6:16 pm, >>> qubes-...@tutanota.com 
>>> >>
 I am planning to move from my Whonix 13 to Whonix 14 on Qubes. My
 question is what way it should be easier, based on the Q user
 experiences. What would you propose - upgrade or re-install? Are
 there any known issues which would call for one or other way?

>>>
>>> Re-install is usually easier.
>>>
 I have few VMs based on the Whonix template with data and
 settings on it. Will the contents of these VMs remain, or will
 it be destroyed - re-install vs upgrade?

>>>
>>> Contents should remain, just set them to the new Whonix template.
>>> Make sure to back up everything first.
>>>
>>
>> The installation guide [1] states:
>>
>> "Re-installation will destroy any existing user data stored in Whonix
>> VMs, unless it is backed up first. To avoid this scenario, it is
>> possible to upgrade Whonix 13 to 14 instead of following these
>> instructions."
>>
>> This was puzzling to me, too, since TemplateVM upgrades usually don't
>> affect user data in TemplateBasedVMs. Could you shed some light on
>> this, Patrick?
>>
>
> What I did: Cloned the old whonix-ws template, switched appvms to the clone, 
> then did 'dnf remove' on the old templates and finally performed the 
> recommended whonix install procedure.
>
> Later, I was able to switch existing whonix appVMs to whonix-ws-14.
>
> -- 
>
> Chris Laprise, > tas...@posteo.net 
> https://github.com/tasket 
> https://twitter.com/ttaskett 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/4433888d-cbfe-8ea2-2143-1ba4a0dcae0e%40posteo.net
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LJn2jxP--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-13 Thread qubes-fan
This sounds very interesting Chris. This could be the way around the "loss of 
VM data" during the install process and push the INSTALL over UPGRADE 
decission. Did you do the same with the whonix-gw too?


Aug 13, 2018, 2:48 AM by tas...@posteo.net:

> On 08/12/2018 05:23 PM, Andrew David Wong wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> On 2018-08-12 14:26, 'awokd' via qubes-users wrote:
>>
>>> On Sun, August 12, 2018 6:16 pm, >>> qubes-...@tutanota.com 
>>> >>
 I am planning to move from my Whonix 13 to Whonix 14 on Qubes. My
 question is what way it should be easier, based on the Q user
 experiences. What would you propose - upgrade or re-install? Are
 there any known issues which would call for one or other way?

>>>
>>> Re-install is usually easier.
>>>
 I have few VMs based on the Whonix template with data and
 settings on it. Will the contents of these VMs remain, or will
 it be destroyed - re-install vs upgrade?

>>>
>>> Contents should remain, just set them to the new Whonix template.
>>> Make sure to back up everything first.
>>>
>>
>> The installation guide [1] states:
>>
>> "Re-installation will destroy any existing user data stored in Whonix
>> VMs, unless it is backed up first. To avoid this scenario, it is
>> possible to upgrade Whonix 13 to 14 instead of following these
>> instructions."
>>
>> This was puzzling to me, too, since TemplateVM upgrades usually don't
>> affect user data in TemplateBasedVMs. Could you shed some light on
>> this, Patrick?
>>
>
> What I did: Cloned the old whonix-ws template, switched appvms to the clone, 
> then did 'dnf remove' on the old templates and finally performed the 
> recommended whonix install procedure.
>
> Later, I was able to switch existing whonix appVMs to whonix-ws-14.
>
> -- 
>
> Chris Laprise, > tas...@posteo.net 
> https://github.com/tasket 
> https://twitter.com/ttaskett 
> PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/4433888d-cbfe-8ea2-2143-1ba4a0dcae0e%40posteo.net
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LJmoob9--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Whonix 14 - upgrade or re-install? Whats more smooth, less troublesome?

2018-08-12 Thread qubes-fan
I am planning to move from my Whonix 13 to Whonix 14 on Qubes. My question is 
what way it should be easier, based on the Q user experiences. What would you 
propose - upgrade or re-install? Are there any known issues which would call 
for one or other way?

I have few VMs based on the Whonix template with data and settings on it. Will 
the contents of these VMs remain, or will it be destroyed - re-install vs 
upgrade?

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LJjLgjh--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] No .gnupg/gpg.conf created in vault-safe VM

2018-05-25 Thread qubes-fan
Hi, this is more precise continuation of my previous post about my issue with 
.gnupg/gpg.conf. I am trying to modify the gpg.conf in my vault-safe VM, but 
the gpg.conf isnt there. See the comparison of work VM and vault VM gnupg:

# Here I can see the gpg.conf and I can modify it. See below:
user@work:~/.gnupg$ ls
crls.d    gpg.conf   pubring.kbx   trustdb.gpg
dirmngr.conf  gpg.conf.save  pubring.kbx~
dirmngr.conf.gpgconf.bak  openpgp-revocs.d   sshcontrol
gpg-agent-info-host   private-keys-v1.d  tofu.db

# Here I cant see the gpg.conf and have no idea where the gpg knows my 
preferences. 
# It creates by default the SHA256 bit keys for example. See below: 
user@vault-safe:~/.gnupg$ ls
openpgp-revocs.d   pubring.kbx   sshcontrol  trustdb.gpg
private-keys-v1.d  pubring.kbx~  tofu.db

Where are the differences coming from and how to solve it?  
Thank you?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LDLFKr_--B-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] ~/.gnupg/gpg.conf doesnt exist in vault-safe VM, even pgp keys were generated there

2018-05-24 Thread qubes-fan
Hi, I am using split gpg. vault-safe VM is a no-net VM with master secret keys, 
work is the VM to communicate the gpg actions to the world. 

I generated 2 sets of keys in the vault-safe VM. It is working well also with 
the work VM through qubes-gpg-client. 
I wanted now to adjust the ~/.gnupg/gpg.conf in the vault-safe VM, but the file 
~/.gnupg/gpg.conf doesnt exist there. In the work VM, the ~/.gnupg/gpg.conf 
exists. Am I missing something? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LDHUdOM--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qubes gpg setup - default algorithms and its changes

2018-05-21 Thread qubes-fan
I would like to know what are the default algos used by the qubes-os, and how 
to change it. 

I execute following in my vault-safe VM (using gpg-split, with work VM as a 
frontend). 

user@vault-safe:~$ gpg --edit-key mykey
user@vault-safe:~$ setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 
ZLIB BZIP2 ZIP Uncompressed
user@vault-safe:~$ save

When I than execute
user@vault-safe:~$ gpg --clearsign -u mykey
than the hash is  Hash: SHA256. Why If I setpref the SHA512 first? Shouldnt it 
be the SHA512 instead?

With 
user@vault-safe:~$ gpg --clearsign -u mykey --digest-algo SHA512
...it returns the right Hash: SHA512

How do I set the SHA512 as a default algo? 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LD2A1P5--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: why Whonix and not Tails or the anon-vm?

2018-05-19 Thread qubes-fan
I would say that the main point here is the core, basic difference between 
Tails and Whonix itself, from the OpSec point of view. 
Tails is amnesic, and is for use in an environment where there is a danger of 
physical attack against the possessor of the media (Tails should run on the 
removable media only, like SD, USB, CD, otherwise it has loosing its main 
strength), to be forced to handle it to an adversary. The machine, which run 
the Tails media doesnt remember the Tails was run on it, and the only trace is 
the media itself, which can be destroyed in case of danger, and therefore the 
physical attack on the victim, to handle over the keys to the Tails Persistent 
volume to adversary, loses its meaning (there is nothing to unlock). It can be 
used by activists, normal people in oppressive regimes, or it can be used by 
businesses, handling valuable data in an environment, where there is a danger 
to be physically forced from an adversary, to give him the key to the 
valuables. To be safe from the above mentioned threads. 
Qubes is not amnesic, and therefore not suitable for running amnesic Tails. 
Therefore the decission for non- amnesic Whonix, running itself by default, in 
a virtual environment loved by Qubes. 
Whonix and Tails answering completely different Thread models. But Qubes and 
Whonix have quite common understanding of the threads, as I see it. 
It is my guess ;)

--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com 

19. May 2018 14:02 by aw...@elude.in :


> On Sat, May 19, 2018 7:52 am, john wrote:
>
>> ya, your right, but  how about this , try and fail like I did to get
>> tails in a VM ..maybe it will be more obvious,
>
> I had Tails running in a VM on R3.2, but haven't tried with 4. It was a
> bit of a hassle, IIRC.
>
>> here's another one
>> what is the difference between a  whonix-dvm  and tails  ?
>
> From a Qubes perspective, whonix-dvm depends on sys-whonix to act as a
> gateway, whereas tails is self-contained. Apologies if I'm missing your
> point...
>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/f454fe0cd8260ed003764db9ef773e02%40elude.in
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LCsQjUw--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] split-gpg export QUBES_GPG_DOMAIN doesnt survive the reboot

2018-05-19 Thread qubes-fan
Should I put it into the ~/.bash_profile of which VM: vault-safe VM or work VM 
in this case?

--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com 

10. May 2018 15:47 by mossy...@riseup.net :


> qubes-...@tutanota.com > :
>> I set up the split-gpg with vault-safe VM, where my private keys are stored, 
>> and the work VM, with pub keys and server communication. 
>>
>> All runs well after executing the 
>> [user@work ~]$ export QUBES_GPG_DOMAIN=vault-safe
>>
>> The issue is, that the export doesnt survive rebooting the work VM, and I 
>> need to export it again. Is it a Qubes preset, and needs to be executed 
>> every reboot, or am I missing something?
>>
>
> You should add `export QUBES_GPG_DOMAIN=vault-safe`  to your
> ~/.bash_profile
>
> good luck!
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/c2cf2253-9462-ab1e-492a-d51771b79142%40riseup.net
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LCsK6SI--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] split-gpg export QUBES_GPG_DOMAIN doesnt survive the reboot

2018-05-10 Thread qubes-fan
I set up the split-gpg with vault-safe VM, where my private keys are stored, 
and the work VM, with pub keys and server communication. 

All runs well after executing the 
[user@work ~]$ export QUBES_GPG_DOMAIN=vault-safe

The issue is, that the export doesnt survive rebooting the work VM, and I need 
to export it again. Is it a Qubes preset, and needs to be executed every 
reboot, or am I missing something?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LC8YldD--Z-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] gnupg-curl installation issue

2018-05-09 Thread qubes-fan
I try to install the gnupg-curl into a debian-9 template with:

$ sudo apt install gnupg-curl

I get in return this:

Reading package lists... Done
Building dependency tree   
Reading state information... Done
Package gnupg-curl is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'gnupg-curl' has no installation candidate

Any idea how can I get it in?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LC3Ziql--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] gpg-split revoke command $ export QUBES_GPG_DOMAIN=work-gpg

2018-05-09 Thread qubes-fan
I am playing with gpg-split and I did a missclick. I would need to revoke the 
command.

I executed the  command   
$ export QUBES_GPG_DOMAIN=work-gpg 
by mistake in vault qube instead of work-gpg cube. 

Is there a way to revoke it? 

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LC2fxBC--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] File viewer in debian-9 template in qubes?

2018-05-03 Thread qubes-fan
Hi, one noobish question. Is there any preinstalled file viewer in debian-9 
template? There is the the File viewer in Fedora-26 and Dolphin in Whonix, but 
in the debian-9 I am stuck with konsole.
thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LBZvkUo--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] dvm is not starting from command line, starts normal AppVM

2018-04-27 Thread qubes-fan
hi, I try to start firefox in my deb-dvm-net from command line with alt+f2

qvm-run deb-dvm-net firefox

It starts a normal AppVM deb-dvm-net instead of dvm. 

If I but start the firefox directly from Start - Disposable: deb-dvm-net - 
firefox, it starts the dvm normally like for example disp2441. 

Is the dvm disabled in konsole? Also I cant start konsole in dvm. The console 
window blinks and disapears.

Thank you!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LB51oz2--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Created dvm appears as a normal AppVM instead of dvm

2018-04-24 Thread qubes-fan
Sry, solved. 

Had to create an AppVM deb-dvm-net in advance through the Qube Manager. Than:

[user@dom0 ~]$ qvm-prefs deb-dvm-net template_for_dispvms True
[user@dom0 ~]$ qvm-features deb-dvm-net appmenus-dispvm 1

Now I can see the deb-dvm-net as a dvm in the Start menu as well. 


--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com 

24. Apr 2018 09:54 by qubes-...@tutanota.com :


> I created the new dvm:
>
> [user@dom0 ~]$ qvm-create --template debian-9 --label red deb-dvm-net
> [user@dom0 ~]$ qvm-prefs deb-dvm-net template_for_dispvms True
> [user@dom0 ~]$ qvm-features deb-dvm-net appmenus-dispvm 1
>
> The created deb-dvm-net is seen in the Qube Manager as a normal AppVM.  
>
> In the menu of Advanced - Default DispVM it can still be seen as a dvm.
>
> Any ideas?
>   
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LAr3lVk--3-0%40tutanota.com 
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAr8IFj--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Created dvm appears as a normal AppVM instead of dvm

2018-04-24 Thread qubes-fan
I created the new dvm:

[user@dom0 ~]$ qvm-create --template debian-9 --label red deb-dvm-net
[user@dom0 ~]$ qvm-prefs deb-dvm-net template_for_dispvms True
[user@dom0 ~]$ qvm-features deb-dvm-net appmenus-dispvm 1

The created deb-dvm-net is seen in the Qube Manager as a normal AppVM.  

In the menu of Advanced - Default DispVM it can still be seen as a dvm.

Any ideas?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAr3lVk--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] GPG setting stuck on copying keys to another VM

2018-04-23 Thread qubes-fan
After research I executed the new command Q4.0. I get now this error:

user@vault:~$ qvm-copy personal whatever_gpg p*_lesser.key
qfile-agent: Fatal error: stat personal (error type: No such file or directory)
/usr/lib/qubes/qubes-rpc-multiplexer: 14: 
/etc/profile.d/20_power_savings_disable_in_vms.sh: shopt: not found
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
EOF


--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com 

23. Apr 2018 20:54 by qubes-...@tutanota.com :


> I am stuck with the process of settign up my gpg based on this guide: > 
> https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos 
> 
>
> After executing the 
> qvm-copy-to-vm personal whatever_gpg_p*_lesser.key
> ...I get this:
>
> user@vault:~$ qvm-copy-to-vm personal wahatever_gpg p*_lesser.key
> qvm-copy-to-vm/qvm-move-to-vm tools are deprecated,
> use qvm-copy/qvm-move to avoid typing target qube name twice
> qfile-agent: Fatal error: stat whatever_gpg (error type: No such file or 
> directory)
> Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.
>
> Any idea how to proceed?
>   
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/LAnqvRb--3-0%40tutanota.com 
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAntBHF--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] GPG setting stuck on copying keys to another VM

2018-04-23 Thread qubes-fan
I am stuck with the process of settign up my gpg based on this guide: 
https://apapadop.wordpress.com/2013/08/21/using-gnupg-with-qubesos 


After executing the 
qvm-copy-to-vm personal whatever_gpg_p*_lesser.key
...I get this:

user@vault:~$ qvm-copy-to-vm personal wahatever_gpg p*_lesser.key
qvm-copy-to-vm/qvm-move-to-vm tools are deprecated,
use qvm-copy/qvm-move to avoid typing target qube name twice
qfile-agent: Fatal error: stat whatever_gpg (error type: No such file or 
directory)
Gtk-Message: GtkDialog mapped without a transient parent. This is discouraged.

Any idea how to proceed?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAnqvRb--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] AppVM doesnt offer the option to open file in a DVM

2018-04-23 Thread qubes-fan
Hi, 

I downloaded and saved the .pdf and .jpeg files in the anon-whonix AppVM. Now I 
try to open the file in a dvm but afer rightclick I dont see the option to 
"Open in Disposable VM". 

I understand the whonix-ws-dvm is assigned to the anon-whonix AppVM, and it 
should be avialable in the anon-whonix by default, right?

Where do I make the mistake? 

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAnW85M--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Cant update fedora-26 template in Q4.0

2018-04-23 Thread qubes-fan

Hi, I cant update  successfully fedora-26 template. 

I try to update fedora-26 template and I get following:

Error: Failed to synchronize cache for repo 'qubes-vm-r4.0-current'
Done.
Press Enter to shutdown the template, or Ctrl-C to just close this window.

Any ideas? Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAnM2zZ--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Help with setting up qubes domains structure

2018-04-23 Thread qubes-fan
Hi, I went carefully through the 
https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html
 

 article and would like to get more insight. I am trying to set my structure of 
cubes up, and looking for the inputs and ideas. Also I know the thread modeling 
is a key every time and there is no fit-for-all layout, but the logic behind 
would be nice to see.

I have a very similar setup of domains as mentioned by Joanna in the article. 
What I am missing are the settings of the TemplateVMs  for the mentioned 
AppVMs. What additional apps are installed in which TemplateVM and why. 

I understand it is a personal question, but it would help a lot to see whole 
picture with reasons for this or that setup. If all the AppVMs are just used 
with the preset Templates debian-9, fedora-26 and whonix, or there are some 
custom ones. 
Like Joanna is mentioning she is using her work-pub AppVM for presentations. Is 
it like preparing presentations with Libreoffice  installed in a debian-9 
TemplateVM for example, or is there an another TemplateVM dedicated to this 
task? If there is, why so?

Maybe some more experienced user could clear this more for me? 

Thanks

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LAnEFi2--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] TemplateVM clonning returning a cube with blank Applications - Available field and no terminal

2018-04-08 Thread qubes-fan
My laptop is Asus UX305F, running Qubes-OS 4.0

Hi, I have an issue with a TemplateVM cloning. When I clone a template 
(debian-9, fedora-26, whonix) the clone gets completely blank field under 
Applications - Available. There are no apps available. Also there is no 
terminal available for the clone. 
When I go to Start - debian-9-clone, I get an option only debian-9-clone: Qube 
Settings, no terminal available.

I tried to clone all 3 default Qubes templates, through terminal commands or 
through Qube manager, but still the same output. 

Thank you in advance for your support. 

p.s. as my first post here, hank you guys for your excellent job you do!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/L9ZZilp--3-0%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.