Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

[scurge1tl]

Chris Laprise:
> On 3/29/20 5:16 AM, scurge1tl wrote:
>>
>>
>> Chris Laprise:
>>> On 3/27/20 5:02 AM, scurge1tl wrote:
>>
>>>>
>>>> Hello all,
>>>>
>>>> I would like to ask about proper setting of AppVM flow if using
>>>> Mullvad VPN. I would like to connect to the clearnet following way: Me
>>>> - -> Tor -> VPN -> clearnet.
>>>>
>>>> When setting up mullvad in their web page, I set the parameters for
>>>> download here https://mullvad.net/en/download/openvpn-config/ in a
>>>> following way:
>>>> - - All countries (so that I can change my exit country as needed)
>>>> - - Port -> TCP 443 (Tor doesn't use UDP, right?)
>>>> - - tick Use IP addresses
>>>
>>> Using TCP 443 for the connection helps only if you are running the VPN
>>> on top of Tor. With Tor on top of VPN, you're probably better off
>>> with UDP.
>>
>> Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go
>> with UDP mullvad settings? Just to clear the "on top of".
> 
> To make it less ambiguous:
> 
> AppVM -> sys-whonix -> sys-vpn -> sys-net
> 
> The above connection is Tor on top of (or inside of) VPN, so UDP can be
> used for the VPN. If sys-whonix and sys-vpn places were reversed, then
> VPN should switch to TCP mode.
> 
> An easy way to remember this is that the sys-* VM attached to the AppVM
> is the one the service sees on the other end.
> 
>>
>>>
>>>>
>>>> To set the Mullvad VPN AppVM, I followed this guide from micahflee
>>>> https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with
>>>> mullvad is vpn-mullvad. All works fine and connects to the network.
>>>>
>>>> How should I connect Me -> Tor -> VPN -> clearnet? Am I right with
>>>> this setup (I didn't launch it yet): anon-whonix -> sys-whonix ->
>>>> vpn-mullvad -> sys-firewall, or I should use different setup?
>>>
>>> Whonix has a guide that examines the issues of combining Tor and a VPN.
>>> However, I think its better as a 'what-if/why' guide than a Howto...
>>>
>>> https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor
>>
>> Thank you I will check it.
>>
>>>
>>>>
>>>> Are there any other steps to follow to prevent leaks?
>>>
>>> Yes.
>>>
>>> The Qubes-vpn-support project is much easier to setup and should work
>>> more smoothly, in addition to providing better protection against leaks:
>>>
>>> https://github.com/tasket/Qubes-vpn-support
>>>
>>> There is also a VPN setup guide on the Qubes doc page (this is the one
>>> the Whonix page links to). FWIW, I wrote the scripts for both but the
>>> idea for Qubes-vpn-support was to automate the setup and improve the
>>> connection handling of Openvpn so re-connection doesn't take 5 minutes.
>>> It also checks the firewall to make sure leak prevention is in place
>>> before initiating connections.
>>
>> I will try to set the additional AppVM for this and try this guide. What
>> would be the linking of the AppVMs, if I would like to go Me -> Tor ->
>> VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM
>> -> sys-firewall ?
>>
>> Also I would like to use different exit countries of choice, so I
>> downloaded all countries from mullvad. Is there any simple way to switch
>> countries with this VPN settings?
> 
> There is no GUI way to do it when using the Qubes scripts. However, if
> you use the Network Manager method on the Qubes vpn howto, then you can
> import multiple configs (and cross your fingers that they can make
> connections :) ).
> 
> For a non-GUI solution, you could create a small script that lets you
> choose which ovpn config to use, and 'cp' or 'ln' that choice to the
> config filename that the scripts use (then restart the vpn). Some people
> have used simple random selection without a prompt, like 'ln -s $( ls
> *ovpn | shuf | head -n1 ) vpn-client.conf'.
> 
>> Sorry for noob questions, I am new to the VPN stuff, just used Tor only
>> till now, but I need to use tor-unfriendly services from time to time
>> and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't
>> work in qubes-whonix and I therefore can't select exit country easily if
>> I need to. So I need to have the VPN countr

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

[scurge1tl]

Chris Laprise:
> On 3/29/20 5:16 AM, scurge1tl wrote:
>>
>>
>> Chris Laprise:
>>> On 3/27/20 5:02 AM, scurge1tl wrote:
>>
>>>>
>>>> Hello all,
>>>>
>>>> I would like to ask about proper setting of AppVM flow if using
>>>> Mullvad VPN. I would like to connect to the clearnet following way: Me
>>>> - -> Tor -> VPN -> clearnet.
>>>>
>>>> When setting up mullvad in their web page, I set the parameters for
>>>> download here https://mullvad.net/en/download/openvpn-config/ in a
>>>> following way:
>>>> - - All countries (so that I can change my exit country as needed)
>>>> - - Port -> TCP 443 (Tor doesn't use UDP, right?)
>>>> - - tick Use IP addresses
>>>
>>> Using TCP 443 for the connection helps only if you are running the VPN
>>> on top of Tor. With Tor on top of VPN, you're probably better off
>>> with UDP.
>>
>> Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go
>> with UDP mullvad settings? Just to clear the "on top of".
> 
> To make it less ambiguous:
> 
> AppVM -> sys-whonix -> sys-vpn -> sys-net
> 
> The above connection is Tor on top of (or inside of) VPN, so UDP can be
> used for the VPN. If sys-whonix and sys-vpn places were reversed, then
> VPN should switch to TCP mode.
> 
> An easy way to remember this is that the sys-* VM attached to the AppVM
> is the one the service sees on the other end.
> 
>>
>>>
>>>>
>>>> To set the Mullvad VPN AppVM, I followed this guide from micahflee
>>>> https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with
>>>> mullvad is vpn-mullvad. All works fine and connects to the network.
>>>>
>>>> How should I connect Me -> Tor -> VPN -> clearnet? Am I right with
>>>> this setup (I didn't launch it yet): anon-whonix -> sys-whonix ->
>>>> vpn-mullvad -> sys-firewall, or I should use different setup?
>>>
>>> Whonix has a guide that examines the issues of combining Tor and a VPN.
>>> However, I think its better as a 'what-if/why' guide than a Howto...
>>>
>>> https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor
>>
>> Thank you I will check it.
>>
>>>
>>>>
>>>> Are there any other steps to follow to prevent leaks?
>>>
>>> Yes.
>>>
>>> The Qubes-vpn-support project is much easier to setup and should work
>>> more smoothly, in addition to providing better protection against leaks:
>>>
>>> https://github.com/tasket/Qubes-vpn-support
>>>
>>> There is also a VPN setup guide on the Qubes doc page (this is the one
>>> the Whonix page links to). FWIW, I wrote the scripts for both but the
>>> idea for Qubes-vpn-support was to automate the setup and improve the
>>> connection handling of Openvpn so re-connection doesn't take 5 minutes.
>>> It also checks the firewall to make sure leak prevention is in place
>>> before initiating connections.
>>
>> I will try to set the additional AppVM for this and try this guide. What
>> would be the linking of the AppVMs, if I would like to go Me -> Tor ->
>> VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM
>> -> sys-firewall ?
>>
>> Also I would like to use different exit countries of choice, so I
>> downloaded all countries from mullvad. Is there any simple way to switch
>> countries with this VPN settings?
> 
> There is no GUI way to do it when using the Qubes scripts. However, if
> you use the Network Manager method on the Qubes vpn howto, then you can
> import multiple configs (and cross your fingers that they can make
> connections :) ).
> 
> For a non-GUI solution, you could create a small script that lets you
> choose which ovpn config to use, and 'cp' or 'ln' that choice to the
> config filename that the scripts use (then restart the vpn). Some people
> have used simple random selection without a prompt, like 'ln -s $( ls
> *ovpn | shuf | head -n1 ) vpn-client.conf'.
> 
>> Sorry for noob questions, I am new to the VPN stuff, just used Tor only
>> till now, but I need to use tor-unfriendly services from time to time
>> and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't
>> work in qubes-whonix and I therefore can't select exit country easily if
>> I need to. So I need to have the VPN country

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

[scurge1tl]

Chris Laprise:
> On 3/27/20 5:02 AM, scurge1tl wrote:

>>
>> Hello all,
>>
>> I would like to ask about proper setting of AppVM flow if using
>> Mullvad VPN. I would like to connect to the clearnet following way: Me
>> - -> Tor -> VPN -> clearnet.
>>
>> When setting up mullvad in their web page, I set the parameters for
>> download here https://mullvad.net/en/download/openvpn-config/ in a
>> following way:
>> - - All countries (so that I can change my exit country as needed)
>> - - Port -> TCP 443 (Tor doesn't use UDP, right?)
>> - - tick Use IP addresses
> 
> Using TCP 443 for the connection helps only if you are running the VPN
> on top of Tor. With Tor on top of VPN, you're probably better off with UDP.

Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go
with UDP mullvad settings? Just to clear the "on top of".

> 
>>
>> To set the Mullvad VPN AppVM, I followed this guide from micahflee
>> https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with
>> mullvad is vpn-mullvad. All works fine and connects to the network.
>>
>> How should I connect Me -> Tor -> VPN -> clearnet? Am I right with
>> this setup (I didn't launch it yet): anon-whonix -> sys-whonix ->
>> vpn-mullvad -> sys-firewall, or I should use different setup?
> 
> Whonix has a guide that examines the issues of combining Tor and a VPN.
> However, I think its better as a 'what-if/why' guide than a Howto...
> 
> https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor

Thank you I will check it.

> 
>>
>> Are there any other steps to follow to prevent leaks?
> 
> Yes.
> 
> The Qubes-vpn-support project is much easier to setup and should work
> more smoothly, in addition to providing better protection against leaks:
> 
> https://github.com/tasket/Qubes-vpn-support
> 
> There is also a VPN setup guide on the Qubes doc page (this is the one
> the Whonix page links to). FWIW, I wrote the scripts for both but the
> idea for Qubes-vpn-support was to automate the setup and improve the
> connection handling of Openvpn so re-connection doesn't take 5 minutes.
> It also checks the firewall to make sure leak prevention is in place
> before initiating connections.

I will try to set the additional AppVM for this and try this guide. What
would be the linking of the AppVMs, if I would like to go Me -> Tor ->
VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM
-> sys-firewall ?

Also I would like to use different exit countries of choice, so I
downloaded all countries from mullvad. Is there any simple way to switch
countries with this VPN settings?
Sorry for noob questions, I am new to the VPN stuff, just used Tor only
till now, but I need to use tor-unfriendly services from time to time
and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't
work in qubes-whonix and I therefore can't select exit country easily if
I need to. So I need to have the VPN country as a strict exit.

> 

Thank you and I will let you know if it works!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e36a80c7-d1db-b533-3ef7-d45cde0acb75%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Backup/Restore issue

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



Claudio Chinicz:
> Hi,
>
> I've created an oathtool AppVM following instructions from here:
> https://www.qubes-os.org/doc/multifactor-authentication/
>
> On the Fedora-30-minimal template I've also installed Nautilus file
> manager and Gedit to easy my process of token creation.
>
> I tested it and it worked as designed. Then I want to test
> backup/recovery before I would rely on this to store my tokens.
>
> To my surprise, when I restored the OTP VM together with it's
> template the applications (file manager and text editor) did not
> show up as available applications.
>
> I had to open a terminal on the template and run again dnf install.
> Although they were not installed again (because they were present
> when I backed up), after running dnf install Qubes "remembered"
> they were there as if were notified just then.
>
> Did I miss something when I backed up? Or is this behaviour
> expected?
>
> Thanks
>

Are you sure you installed the oathtool and other apps in the
Fedora-30 template and not in the AppVM?

Once you install the packages in the Fedora-30 template, shutdown the
template. Once the template is switched off, start the AppVM based on
Fedora-30 and you should see the packages available (in all Fedora-30
AppVMs based on that template).

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl5972JfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uwriw//TMeDqlPrldYqR/QJa023S19h3LQy0seMqKToFR++YKMJAPg4PP917hJd
Ar468AzKTLcP4+UmJd6RXvzMBrMdgJD/NBOXap2mgFUrMrG7CICRSzsJ+hSS8Ze4
+owUQXIWNiTbiNlMii0IBQhpOdRbWa0RG9ocsUabBDZi5IPs0w19MGfelRkHU94Z
JjoH3boRgPk2QhzVGh25e5uT2WzLnXSBJRt7IyNdvxJ62BZMdgVDWjKS5nYzoZ6+
swjPjsZyLxkIHeePseGcC1r9FDekIwOhib5Mkak2Dk/WCfNsR7vUpgJ6e/XgTxSH
LBC1ul41+eefJ+UWzYs2Xw9giwHCtK7pEWE+elnjoRRRhFNdv2asQogUxiVmYt9g
xMivKaNmjhQyV+YQd728mPT9ltnlJvYuJaHwdACeof92AiMt053PApFv5U8HhWMZ
JKW/gUymrNsdVpTv3q7+ZFxF3qOfwt3y5Op67dzZ98PHUrum6Rw8G0KtA9y+ZVK9
cxYsgwLfO+xlB36PM+T5notXPTWaa9plP/f0R1JeWsO+WOQMa7f1JFuAkn/gBEzX
VhjA1qoVoq7Ge0DHtqJsylyvdoxEq0vaazzrYh8Iori6KgSEp8Msq3b5wPbIQB7Q
cCvojwHqrWTBW0NCvoKVWpa4Uv4RSjXJJNwCREsYb8Oco90xYtQ=
=BWBq
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/389c65e9-22ef-15c4-dfa5-0c7c7f4a2ba6%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello all,

I would like to ask about proper setting of AppVM flow if using
Mullvad VPN. I would like to connect to the clearnet following way: Me
- -> Tor -> VPN -> clearnet.

When setting up mullvad in their web page, I set the parameters for
download here https://mullvad.net/en/download/openvpn-config/ in a
following way:
- - All countries (so that I can change my exit country as needed)
- - Port -> TCP 443 (Tor doesn't use UDP, right?)
- - tick Use IP addresses

To set the Mullvad VPN AppVM, I followed this guide from micahflee
https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with
mullvad is vpn-mullvad. All works fine and connects to the network.

How should I connect Me -> Tor -> VPN -> clearnet? Am I right with
this setup (I didn't launch it yet): anon-whonix -> sys-whonix ->
vpn-mullvad -> sys-firewall, or I should use different setup?

Are there any other steps to follow to prevent leaks?

This setup should serve me to connect to the services that are not Tor
unfriendly from a country of my choice, and remain anonymous.

Thank you all for your support!

p.s. micahflee doesn't mention any need to install the OpenVPN in his
guide. Should I install it or is it intended to work without it?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl59wTJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwiXhAAivlJwfkjYv9ZQUQqEeYeQ+NsmrvpnETawv18blPjGJgNF6LTlfEwsr+L
S7liZfi9cdT3FfCMPBbl9mdESoFOhIubbru30cos4UGUHUzoCV6U0t/rVAYblugb
DhXAjGQk47VVcMmmUnhnY5Q7gm1DCpYb/yW9AUJPWrZWfhyK6CH58Zec892Q5iL2
FgHQo2yuJVxDVX4U/ZOWrWE3dmaxU8trfcw1VMtJDEEcKi33M4toHexsF34IwgKl
q/dNNhbtaPw/2ONmoTCmRElLCbShuiZDUEnQ+fg7fEkqraOlTYq/5LnLh0dTu57b
HcS1CQ7vwBErDr8ufoQpmTK9/4HEww6V4LLSZp/6QQoaej5nT/NNrMZ4iKOMjpuW
+hmnVLwVj3sKAmeOLOaLTW8LHgLOkMH0xohU06ZeNcvoQcfrK/Kw4J/JWZMoERtq
4kbHzmjDs50ZUpWGUppX/CsP/e9MCNO3uUcEGSRa3/NQEKPbUM/qzQFZe0bp9UOr
odoxUgWadY3hiKA2DXmhtY/+4k/ugpR6HdXRLuUrlDoysGsNU7VbGMj7Mpy/yhRQ
REr1h60jH6ZSZLRRK8EJkvY9kjhH6jIYyRikeB1mkbidDoi0ENCbB7UdLFzXqTlE
TU0eF9MVjCvdTY6XOJ5w6JgZo+DGMpfLt1ZlFGd4PpLrZXzaEiI=
=5OS5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d30b6b6-e140-8584-3e77-dedcb668da55%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Privacy Screen. How to

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



Catacombs:
> I have just installed Qubes on a Lenovo X230 with original Intel
> WiFi.  I go McDonalds to try to use public WiFi. I power up. I get
> A box to start Tor connection. Which I am pretty sure will not
> work.  I cancel.  I start Debian 10 Firefox.  After awhile I get a
> cherry red connection icon on the upper right side of screen.  It
> shows connections available.  I choose McDs.  McDs has a privacy
> screen. Harden wall.  A button.  Click here to use internet.
> Usually.  Nothing comes up in browser to allow me to get through
> this.
>
>
> By comparison.  If I start Tails Linux.  I can start untrusted
> browser.  Get it to initiate internet contact by typing in
> 1.1.1.1. And untrusted browser will bring up web page with login
> button to click on. After starting connection to intermet.  I turn
> off untrusted browser and start tor browser.
>
>
> Right now I have very limited time to test what might work as I
> only have few minutes sitting in my car outside McDs.  I do have
> an iPhone. But my searches have not brought up anything that tells
> me how to solve a problem.
>
> Thanks for any help.
>


Fresh install of qubes creates few DVMs. If I remember properly, one
is based on a Fedora template and one is based on Whonix template.
Mine is already adjusted so I don't remember what is the preset.

For this case,

- - open the Firefox in the Fedora-30-dvm and connect directly to the
clearnet like you usually do in Tails with unsafe browser.
- - open Tor Browser in the whonix-15-dvm and try IP Check if all works
well (it should).

Some of such connections like the one at McDs also have time limit for
connection, like 2 hours. If you used to use Tails, you will most
probably like to have your MAC address anonymized in Qubes too, as per
this guide
http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/do
c/anonymizing-your-mac-address/
Based on your MAC changer settings, you can just restart the
connection or sys- VMs and appear like a new user to continue your work.

If you are limited by time in the parking place you should most
probably consider to use something like this:
https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-w-
external-antenna-gnu-linux-tpe-n150usbl
to increase the range of your wifi card and limit your exposure to the
place where you connect to the net. With 9dBi antenna you can get to
about 800m range and add an another level to your anonymity.

Fly safe!

Let us know if it works for you.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl58m6ZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzBTQ//WORq9faLpn/vy49OHREUbFUVNyzcX098rA17HnTosfUGGsvZZqSpDLXO
Sv8kNzSSv2lJbg83IAUogF68NcZFM5Vcm0J3RX89EJa8ipm0VwmDnGHn7Qb30LE/
nuudKaddivCjjLH6OF29hdvgvDcgBtWlAtWuIGHblvJ5iZnE/J6dvDDkfEnt9UPW
uD6PqeqZ7Kd5045iyYT1iD/Q1hjhx0VrqykJFjUKFIi6W+0VKlKCj/yKOSh/YcR6
tEJtTLceJ5T/luxagbnX1xjA+dRp6vaxlriuSSFzPa7720dx6VQheyGC3/oXUDL/
je6fwAav3VmIbhFGoEYT0PTms7k7I2s0IS1Oai2cxD+QrI6BBSc3TKFddWYOb33/
A1hDj56ihOIT02IZO1KyIgYN41WF+apBwJuW97ocHTRieQJOfHVB9BVir3UktQvM
R825E57iJkxouJmEGFpJSCjWD8jxIePsrNcRO+owZwdPMLkjLYndZFymaLIh1QXq
cI/BpSy28t5qpNZSdhBoQubAu9yRAUYUVlXlIWNY7HRilbeSl5buz1rIlZYUQFH6
tWSzJ6AGJSuG9GseofKQxbMMkEAjqETNLaFCCgHYcBnBDJn77wAPn5+ZEttiz70g
xJ9OQRRf2s+1VUs+ahKaCtPu9Is9C+O+puyMYcYYmKeeq47CITo=
=HeQV
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a8c0511f-d3a7-c11f-d984-cd4d7386f121%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Lexar Professional SDXC not opening in sys-usb

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



unman:
> On Thu, Jan 23, 2020 at 02:06:39PM +0000, scurge1tl wrote: Hi, I am
> trying to open my Lexar Professional SDXC 128GB in sys-usb, but it
> returns error, on all USB ports and SD card reader as well. Other
> SD cards read nicely. The error I get after trying to open it, is:
>
> Error mounting filesystem Error mounting /dev/sda1 at
> /run/media/user/9C33-6BBD: unknown filesystem type 'exfat'
> (udisks-error-quark, 0)
>
> On my win7 machine I can open it nicely, but Qubes sys-usb can't
> open it. My sys-usb is based on Fedora 30 and is fully updated,
> like whole of latest QubesOS.
>
> Any idea how to solve that?
>
>>
>
> Not really a Qubes problem. Install exfat-utils and fuse-exfat in
> to the fedora template.
>

Thank you, for pointing out the packages. I didn't get fedora-30 to
digest the packages but I found out that debian-10 has it preinstalled
and so I changed the default template to debian-10 and created new
sys-usb through sudo qubesctl state.sls qvm.sys-usb and with the
sys-usb based on debian-10 I am good to go. Thanks again!

If I understand the sec model properly, I should not open the files
directly in the sys-usb but instead channel it to another AppVM and
deal with it there, right?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl4p6d5fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uxq5g/+JljJ6NmaXlePJQT6UGvfzLGH1B9JClzd4Yh0va7sVKQOYVOHas3BNc3U
/Ds5frkB1U+Q3p9L9ypwx0fy8Q1Nzv2yoi09nfyqHfRmnd4S9sJ6q+6obSHX7QeX
QdPCIqE19vB37A/fM55mhHQp3Zj4BGVsHGM7+xoO3DbuzmF0q5/M+sDq88yRj74v
XYU8uykvSZu7SStP8SN6IzDghajWx+6FJHVTTtHjLGQ/DOMMkGEOmi1p3gpXjcAo
nOEvalRpyGD5oKqY1WcTnytNodnyfB/oQbKFGEEaKTetBA3BUnpk2F+TDvExPQ6e
iNGT41FvHH9cG51TTqZUkvreV52UxpY8pSZrM9arun2p9Me3I8mvbf4q4OY5e839
aT2XU6TcOfQ5ORAjVe+gWbJ7nOJYuau7x8qg+LDp85LuDGgVBXRsfSPHzAugynsm
S+L7p/e1SCivSvJEOMMZlk5J8zRfaTqcl8FOfrf1PZ2AqO7r2uMoUi1IY/LQ0Hf7
Fe18HaB5YKp76Vm4XOBnpVQNCfmCK/0NZN62gDpg8G8OFCdw44Oys+EFy77tJf7q
SniZQZtSXiw7MtukcSv1lDu+WfODXaUHq0t66LOrt08ONL9chUjBmmJHw+mgPacX
kC3Rto/nyJZ3DgO/ktFu5ORMbrYlnatTm4IdE6r/YCQR6jB7bQ4=
=CljZ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5840fc32-db14-4b1e-3cad-fa9c99dbdd9d%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Lexar Professional SDXC not opening in sys-usb

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi, I am trying to open my Lexar Professional SDXC 128GB in sys-usb,
but it returns error, on all USB ports and SD card reader as well.
Other SD cards read nicely. The error I get after trying to open it, is:

Error mounting filesystem
Error mounting /dev/sda1 at /run/media/user/9C33-6BBD: unknown
filesystem type 'exfat' (udisks-error-quark, 0)

On my win7 machine I can open it nicely, but Qubes sys-usb can't open
it. My sys-usb is based on Fedora 30 and is fully updated, like whole
of latest QubesOS.

Any idea how to solve that?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl4pqFNfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwXPA//fBy/w4fwujLe3tuRbPTYCd4R5ArHXud2chO3gcl6W/zfUXOUh3qV0vrE
KaWX7HwlFftg13mKeUSGYzeSuuVxz7FrsWYg+y1vFpb6gqu2nyiPAUf9tBd6HFbg
8/kTCbO2+Eg15k/r/Qm5RuiaBLVzniYmqy0DhYVBOIpFiAFHugCQqk45ZV3JM5n4
C3nkicKgx7JyMHeAdOIHcSv30hGZP0nWQlM8fhKokseV+PU02HiVFkwDBAOQjJDi
wFH1VF+Ye9oRs5RWRPrhJt5k+0mN3VuDnLWOlQQK9MRGvIMOdqMCkQqra6B5wjPd
sLK1iRVOGHvY8Jrp7rqw3Rl9N8C9VJrhOktn7ZVwBbomJTtFy2qgHxSIxRxuDIfd
5vb/aQHG3ixBUG1KCB7hgEH4mv05uHq2ypl3//KpUBQlqudPDYF5lY9lWvm8qhre
KanY858eU8V2wmMURVerEVi8gVRKXE4fQ0LWWEN0I3xj1pzrQI4XFXAhRwtMil9Y
FtHAYCWszYwlcGvs76F/nTdbkTudCpwQJR2akuM3t2aM038KQ/85CuO1rvwLeVAO
woYrISrbfd3UleX+i8HaKxlsWZQLI1H/yH/9aO1PR+/IzXezUh6cnyx0Z1iWag0m
Vafdf9+p96uxTuEsFrs3KqODLBMmBFK25+0MNYcotQCRGX4QVpY=
=Rwny
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4e697697-6d3b-adf0-3584-fe1e39070835%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Split GPG refresh keys in work-email

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I am trying to refresh public keys of my contacts that I previously
imported to the backend work-gpg with

[user@work ~]$ qubes-gpg-import-key ~/Downloads/whateverkey.asc.

How do I refresh the keys, sitting in the offline work-gpg now? I tried
to use qubes-gpg-client --refresh-keys but the command is not recognized
.

Will I need to do it manually with every key? ^^

Thanks you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl4VmY5fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Ux/2xAAhO6TDsOufQEv74J1q9ypJqOE7jP0Ury9pJsN8ew0WKFakZQOjgzIstnW
pp2Sd4CHK3Yb6l13i9QYu0CBSJUmilo2zTgZiEZCF6nhaL34htMdqtaWM7H8i5KU
J0Gzcww0l5c8tZ7cG90Irrw3Gzo0QQrF15sT1z2OcTzkVw2H4c44DPwyPRI6zLWQ
3a5ic6R00GmmKu8n8UtBI+1+C36k+Wzvc1etcm2SavcateBo8XloM/AXIEC5CD0U
vhVA1X2Y1REizAabvjBbq3Aek+O8vN3Vd97cCm/NYCJp4lkEMlfCa62sRaQPQnbD
fbksoOAmKpPiJaOdbo2JNnPI+T4uBHQNv1yno+7IFyhYueNnmheJ+v63Vkn9bpgf
/qhhGqXvtKEMRm3bgwZXjmyh12nhgLFb0bGwr9FC6VXs2XRsQPDhIQ+OTnXrj8oo
KBCU/hqYa4WNEScxZwi/ts7dJXYTHWNaK7g2OQyZVLFg15ReYNdl/3HXPRYRGDWk
G74uhrSY4lHRLnkeNxCW98MUl55IoWwlwFWmUQU5nfwOXogtRG+yrCb/IVcKDL+o
iEipjKj7+tAUa8srXcq/aTM/XvnpGLBlcDrgqFPNs8hX6YqpQ6NI3vZxgDPOE7GK
sZlO+oSowXsmn6O1vdxV05ds1SIaIjq9UzYv5iAvv6LvVoU5Ue8=
=fYkM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bbffab44-65c8-f333-a9f5-516106f7c98f%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] App through apt of dnf to add subtitles to video in template

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I would like to apt or dnf install some app able to create, edit and
hardcode subtitles to the mp4 video, to be not forced to use unsigned
programs and utilize the sudo apt updte feature without need to do
otherwise.

Is there possibly any such good app that can be installed through apt
or dnf you know of for debian or fedora?

I use Flowblade in my media-debian template for video editing, but it
seems it doesn't have the option to work with subtitles.


Thank you a ton!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3up2JfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uw1eRAAnMGhZHPQB1Jo5TkP50U2rGjTO8k6yfoOK7noMi4HWSD2LPW0P/7l5DMu
vPNS7GLic6ESB9O/v9nOt63qH10+EFaj3h0YOhX9rvjKh6sIj8+XtsN2C5cjalfx
Zb5qMW/wdlL9U3dFjvBUjkmAevSJpWeoUBqM1feY0m93tDvLRVcKhQbTqdnWvJx/
JO1uN2S92wLVGMlXzL6GD/3ttw7PrcNFHT3NX285U7u1yAV4H5duCFCazfszp9D4
Ky6K9zJH3QnigVefrdcvxuu2tTD2VbtPPLdHoRp5HBZ23rmgapnMIDSxtK0vpryq
EWTmXL/JN6SawK57tMq2AB8Xypgoz6J9p2uypawrVKomrtMOPnHdB6Ya92RFgjb/
fTbwk+V5bWyW2gWF4Q4kRfxASXNNtCScZUgYXc9VxF4uf0zQUzK94x6TV+Oz+xGv
rsh2e1nepP+6Zsc5MAoFFgtUvkDvGsn+0kfc6pojvpjPsDJkHAMFluH1cMSMnRZc
mGp7KdHsNgTdg/cn2FCJQe3A5OuHoKg2uguKKUQi0Zx/N0xGP5v09IUEBwfrFXjS
QWJSC6cN98c6zNZCvg0/NPOb8LjKDoaz9TXiAphJ1ieb0+DoUYmYRs+SwkSRwhwU
g2zNMvsj0alJBpdg0eMdTs6wPZMlDC1DPlLu/1VzUc70grpST2U=
=7cbM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a75bcd1-9fc1-3b82-6042-fdf50cdd1dfb%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Has anybody gotten increased scrutiny at an international checkpoint because of having qubes installed?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



haaber:
> I I will be doing some international travel in the upcoming months.
> In
>> the past, I have had to turn on my laptop, and once I had to
>> bring the system fully up and allow people to see my desktop --
>> though nobody has actually seized and gone through my computer as
>> yet.  Has anybody gotten increased scrutiny because they were
>> running an enhanced security OS such as qubes when entering a
>> country?  If qubes is a "red flag," then I'll carry a different
>> laptop.
>
> Carry another then, that's the safest.
>
> The easy solution (if you accept some "risks") that works as well
> is a micro-usb & some std linux on it, that is already booted. Give
> it a family picture background with sweet kids & some green :) And
> two or three non-sense documents that you can open.
>
>

Unfortunately with linux we still don't have the hidden OS option
available in Vercrypt for Windows systems, where you can one decoy and
another real system on the same HDD.
Till this increasingly needed feature is available, we will need to be
extremely creative. Border searches are more and more common and can
beat your secure position easily.

Is there actually anyone working on the hidden OS option for the
linux? Would be very much appreciated.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3ukz9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uz4tQ//VE6qRHedi7YmYoArvTcwZMuRckF1hXZ4yYrToEM6aoXUhMYw+XFH1zkE
WEGq70C54SENeYW2nfrtJdO3ab/AGjU0GfdiIrkmzKYdejJJ3TnnuhofuW+8R9NA
4ap4Qn6XJ3JqM2RsTpC4WvMwcBm4eZ5DkDEJ/+tIJzTYWtugNn3F9Yji/bkKa6rk
8Wv58Lw//0flvtXKw95hjsbMW9W6ZE4f73BIVKAFhUGW9kXAXgvWX1gCcf1B2RC+
U/GoL7nf0XMpw/kmhk/GEo2f225H85qn81HUzAVW37FDY2PhOXrU8abGXCgUkqfG
rvD6xNAKQGaavJ66uOGPDEtBxoeZoulZyoUk83gDM8wy+YDG6AFaS1K6jgh2hX6v
kTSj0GqUuljhPmosoMJSMtEB+l5dJdkEPCtdRgiO/0i531euEWbMZ4G5RK/0AMC7
Nr2FBdf9/FLQp7mWqWEJaga0/fJN1QuFvpV3LRW5YfZ/H6Zb4TUY04Xj6qdY4P92
+F3CbV/8Yu531kh/abjPtt8t19zbLDiNo6BQE+G1Ib9sK6kivlyyk7CNkx+3hQiA
LVXIoMYv2GUQ4IpvvSo/pwF9xv7T85GaXOcNF1mVjqg7GFR+Az4Xh10whEZz4mx2
E9n33mjvJ0YYK8R9/jbFwYHzMN1i8Kmcc09FaS3HUiwl0gagmAQ=
=7Hjh
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/901b84f1-3d5c-bd67-6be6-e6bbc3e6bf01%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Android on Qubes

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I would like to ask if there is any reliable way to get Android
template into Qubes, so that I could create AppVMs for different
android apps (from google play too). I know about the project of
Daniel Micay who is working on a hardened version of Android
GrapheneOS, but don't know where the project stands.

Is there actually any reliable way to get the android into Qubes now
in the form of a template?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3qLeFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxW+hAAp76G9LwJ1Sba5bfWFk0LkY2GgO2+bHCWvmKtPoYQkgebIHMmEn89YCAu
+UBK0yfBOgJZ1sqAb341Zfdf8vNp0WyQct4/Ll2OUeFvlMJRg7wzlPcbVgt2AhEY
aRosGQsYHwWKyXrzDyLsDpqUgKPijTkuLmnvNVsXVbw+zrCnM4FgFmPFeoiU04xF
ng1tS1Ym6RUoeV0o6GtcEvljwu6yHnJ2ci+eJuvXzhhyIcicsU8eU6Ewh8fCMjq6
o/T5N8VWzz5Qqu11fHU1XJPHn3z2hJv+IUonBERIBjatDN9UZL4XcfC+vFOCdPVd
Pv63TZMI7FmiRvDxUG//k1kvEMAm9TunpjSTg1mW0xI+Pu9sQ7njy4Lgu+0Wu4zq
QW5bqRAlVGbyMbZR9efpH413thig/2pgBO3LUI9hFluabSq2jJPcgF/NsDafPxhG
vcwMlZOPdaasryGRBu8wj0HJXBgXGlNzzZAnYqerYP2mtoqOQCuMpzx2/SUBXAzd
AnCwbiVNaCZyVXjyJUZZQyt+Fs6XBxdkjvRkldFBHrxCSm2QoErbK3JdPsd0Odd8
mxHBJNUoGEePW6xd+X2tDCVpNwEZkQ5AhtL4NsVEkBG2Iqig2goUOHNVe6SPbxXI
UxTJozTbwefK8q1GvM2rsr8iaR6pa6yKpQFX5EZUgy2zddIC7vU=
=4aSS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4baf60f2-124b-0bf0-d0f5-6818404427a5%40cock.li.

Re: [qubes-users] Bug Thunderbird: kills addons after last update

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



scurge1tl:
>
>
> scurge1tl:
>> Today's upgrade of Thunderbird to 68.2.2 (64-bit) killed all
>> addons in Whonix-ws-15 AppVMs.
>>
>> Enigmail seems to be already running, but Torbirdy and Qubes
>> addon for Attachments opening in a DispVM disappeared.
>>
>>
>
> Update. Newly created anon-whonix through sudo qubesctl state.sls
> qvm.anon-whonix doesnt include any addons by default on first
> launch. No Torbirdy, Qubes-attachments nor Enigmail.
>
> Manual install is possible only for Enigmail, but Thunderbirds'
> Enigmail somehow cant work with my backend gpg-split. It launches
> work-gpg, asks me for the confirmation, but than cant decrypt or
> even load emails.
>
> But qubes-gpg-client can work with my gpg backend easily, without
> any issue.
>

Is there anything new in this regard?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3UCdZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UyyRg//ZC9LLtFZsFdFQ31lcJk/576fvaVsaca5goQtk1DeTTfYb5I9l4avFZTS
xVZJZV1d29X18vPyf0rjXuzoISMR7sjq7VMN0VEWE8yG4qNdbDKMevo3mXtItpEX
M7xol7aW3dJMRtGfvci3CeVCiqVjjJXZ4wWHFSX6JdBgY/QgA7F+pdhdSeCcEMQZ
F5jx3s5YXvTXd5+0dhb78Im4DSugAT4udjjkhcYxdnI8nJnNbrxJEVh39UbLAi9X
U21mKj4RkpYoCBrzeFWcpeF2RNWk2acq8sEtjbb7HBk8RE69K/0N1Zr7Yf3SZHY8
NWzcgsxz8kkRa7cwmGkMp9NdKI/RigotH4zHMNiFgg4shLW2VplufhcdEhem4lCo
xmDcjBZlLAtutR1betrHQl790QNv8jZJKXwXden436/I2IFE0JVU+tiwkcCHE6Jy
CyynFlZrDqmBdU4512/L1yNyuAajSgjSTuybszAjZCV1QOLSwaZlaHeZy+x78tE1
VYwWUPVUGg8J7TSc6nKzt1lnv/b6dAFFrXpazWtJZnQiJ/HiBn3dGJEXXqtlYaAL
VLyn0mrJLfY6y7Z+VwOprztJ5CNgKu+Khg4KeEFGL34K/i/o+OC85OvrSxWFqSS/
YQprW7T6GlCu4EBaACF2CHptbYQqSAUSOTsO1vnhBBMrSlIOP3c=
=uMgo
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1ae50d81-ba97-b0c8-ea22-3b5054b436f8%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Bug Thunderbird: kills addons after last update

[scurge1tl]

scurge1tl:
> Today's upgrade of Thunderbird to 68.2.2 (64-bit) killed all addons in
> Whonix-ws-15 AppVMs.
> 
> Enigmail seems to be already running, but Torbirdy and Qubes addon
> for Attachments opening in a DispVM disappeared.
> 
>

Update. Newly created anon-whonix through sudo qubesctl state.sls
qvm.anon-whonix doesnt include any addons by default on first launch. No
Torbirdy, Qubes-attachments nor Enigmail.

Manual install is possible only for Enigmail, but Thunderbirds' Enigmail
somehow cant work with my backend gpg-split. It launches work-gpg, asks
me for the confirmation, but than cant decrypt or even load emails.

But qubes-gpg-client can work with my gpg backend easily, without any issue.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e74e6a04-6ce8-be06-cc59-f0578909b7a5%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Bug Thunderbird: kills addons after last update

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Today's upgrade of Thunderbird to 68.2.2 (64-bit) killed all addons in
Whonix-ws-15 AppVMs.

Enigmail seems to be already running, but Torbirdy and Qubes addon
for Attachments opening in a DispVM disappeared.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3SfWFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UyKXg//Q6qKn34KAE0iUjRuTgY76YQBmLcSXZqTSjVJtNqOd7Uxg/siJLpyEUSK
sFtc1XWJzjEMKKr4fZVKp/Czl631xs92ouKg/mewfUdiWvBwZb6fegp6kOEr+x1m
+BPy7jXkfXOs+uobxx7lgIskzysU9AbaryZDkwyCS0aCgfAH8sxBgNtuff1xU9Cq
lzU/2hrvcU0EbFPpgCkstWqZODa+e29GgWUx7T38/OUlFGtjV5y+ZdrHl+pdC9wN
N9WPhPwlneZYOSETVU0bamYo3kzodyrJzTcCtwuPGzx9xxLYa4HPUQg9v05rXfzN
lxSEgMlFXsXlUazjXUyl7dSqkyEKfSUXa21ocuzIbLddviEu2nEEGI2iMwIqgoEF
Gok6HSjBNraCbZWGP2tKFAvVi6dkgDBcCb5Q2GRCkKoth6hpclBGxtHVv8knMN7J
3yqL9j5JJZzrm2CMx6XYPf3cUcGGnt/KLEIXWIWVfAZRTWCJ4HdaFyf8VPXwYkpT
9Ll3J2ymUK9HtS3jmaLF5A25yP7IXMEViIqUozTFlxA1qhKALixX8Tj+XQfafGHN
pw3yrNmrUTgWoHvgPX7JlStQG9V0eFnup79LU6aHBtDpcyzsO3fbL8TVTnZIVePR
nyXujb0JpVgPphY19/iOgrmwsZJY9wehOhhkgeS7iMK1p4NWof4=
=4ms1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4d258a0-429c-cf64-b0fb-b21539346947%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Tor qubes-r4.list returning error

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'Jackie' via qubes-users:
> scurge1tl:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>> 
>> I try to onionize the debian-10, but Tor main qubes-r4.list is 
>> returning error. Qubes is set to onionize everything, Whonix
>> onionized and working well.
>> 
>> I un-comment this line in my
>> /etc/apt/sources.list.d/qubes-r4.list (and comment everything
>> else):
>> 
>> # Qubes Tor updates repositories # Main qubes updates repository 
>> deb [arch=amd64] 
>> tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymd
ad.
>>
>> 
onion/r4.0/vm
>> buster main
>> 
>> I get following error:
>> 
>> user@debian-10:~$ sudo apt update Hit:1
>> http://vwakviie2ienjx6t.onion/debian buster InRelease Hit:2
>> http://sgvtcaew4bxjd7ln.onion buster/updates InRelease Reading
>> package lists... Done E: The method driver
>> /usr/lib/apt/methods/tor+http could not be found. N: Is the
>> package apt-transport-tor installed? E: Failed to fetch 
>> tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymd
ad.
>>
>> 
onion/r4.0/vm/dists/buster/InRelease
>> 
>> E: Some index files failed to download. They have been ignored,
>> or old ones used instead.
>> 
>> 
>> BTW in my /etc/apt/sources.list I have:
>> 
>> #deb https://deb.debian.org/debian buster main contrib non-free 
>> #deb-src https://deb.debian.org/debian buster main contrib
>> non-free deb http://vwakviie2ienjx6t.onion/debian buster main
>> contrib non-free
>> 
>> #deb https://deb.debian.org/debian-security buster/updates main 
>> contrib non-free #deb-src https://deb.debian.org/debian-security
>> buster/updates main contrib non-free deb
>> http://sgvtcaew4bxjd7ln.onion buster/updates main contrib
>> non-free
>> 
>> 
>> Any ideas? Thank you!
> 
> Hi,
> 
> I don't know for sure, but if you haven't yet, try removing the
> "tor+" part. My understanding is that the debian template doesn't
> need to know how to connect via tor, since it's updating over
> sys-whonix and sys-whonix itself routes connections through tor, so
> you can just put the onion address in there and it will work. At
> least it works for me (in whonix templates too).
> 

Yes, that did the trick. Thank you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3H35BfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uy/rg/7B6IxaIQso9jH6VjJckRz9TskOpKcR3MpSfLd8f254gE+rPqdnj/nhvCp
SypaQHuYDJ7PjhlSYchMx9tE4tsvQbPYNnXBBcctXxOISI8tpn6J1/x2mPK+zMvk
SQoPNl9V081Ain2nzLGe07f4ZrqQP+sfnEfYn1LHg/fqoS895QGILju8Z+UG8hR5
9iXNewehn6JKe9H3GGeZUWqFapIsMisQlpSYfiUQtDp7/42Jl2uYrS1zeqGktDe8
HbQYqMTjnyerr8sJyleyjPPrt48mZpz35qpxeS83Vaigh4WEo2sr4YLgJ6Po0Uhx
ppFiP+CZ5EehS/CioHL+2KNgarauVPcvlQhq/QKBUYefi/QVYregYelBCDZhLme6
v9RF4ST2pYXfp6VfgHbbE+5bLfkH/C++Gp5yvOxyWjoKKabbCrjK8IlL8fOYLlYC
wJ2UXlPdcVfQy/YeSUEwaX3bYoEWZenFELLMik6DbYPYt8rM28EWItEOYoWY8Xyc
pmyBAmL1ty6s+NYRQSIv2iOWsEYdnQCzxYtWObVtkMkzCLjSZ31e2K51xLBjKSEK
1mNiyWwDyAKIfGVMSkk5cwP4VAssE8gd1YpFdzLmS1WleCF8EKqepLSP0Y2q2NEm
dLhOl8UbC3GVX+/Ok6rrLlQniE5fr5iSad7s8TuXUkmPSGeWyS8=
=MaQJ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bc3e8b59-f096-95fc-ad37-ccfa8c9f28ac%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Tor qubes-r4.list returning error

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I try to onionize the debian-10, but Tor main qubes-r4.list is
returning error. Qubes is set to onionize everything, Whonix onionized
and working well.

I un-comment this line in my /etc/apt/sources.list.d/qubes-r4.list
(and comment everything else):

# Qubes Tor updates repositories
# Main qubes updates repository
deb [arch=amd64]
tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.
onion/r4.0/vm
buster main

I get following error:

user@debian-10:~$ sudo apt update
Hit:1 http://vwakviie2ienjx6t.onion/debian buster InRelease
Hit:2 http://sgvtcaew4bxjd7ln.onion buster/updates InRelease
Reading package lists... Done
E: The method driver /usr/lib/apt/methods/tor+http could not be found.
N: Is the package apt-transport-tor installed?
E: Failed to fetch
tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.
onion/r4.0/vm/dists/buster/InRelease

E: Some index files failed to download. They have been ignored, or old
ones used instead.


BTW in my /etc/apt/sources.list I have:

#deb https://deb.debian.org/debian buster main contrib non-free
#deb-src https://deb.debian.org/debian buster main contrib non-free
deb http://vwakviie2ienjx6t.onion/debian buster main contrib non-free

#deb https://deb.debian.org/debian-security buster/updates main
contrib non-free
#deb-src https://deb.debian.org/debian-security buster/updates main
contrib non-free
deb http://sgvtcaew4bxjd7ln.onion buster/updates main contrib non-free


Any ideas?
Thank you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3FYYBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwJBA/+NgfOAbjIySS+tWaYV8IIO3mQBcCwTTAqQm9pE1n1MHIUnaUBTv8ckd3v
gj2RarYvVu2eBMWzRsMWUEnXfK2K8mt5joNXbHVAjufKtLjArR8TmD+HVfSpBm2i
ZhMM4oq4Nl3DBig4z4D1w2bPrZ4UCirGBAIxNmzAwmwpKQCR9Naf6ynpIiotoNnA
RMbzsiArzv4fLF4ZozGxixIbFf8GlrF7GFmUMYvhq5xx+kVdlSvtdi+ukYNKQIFV
K0/s/52rPUpv4/t5jxd+YjW6YeEdcW1xckKIUv8MIAdJcQZoYd2YzELu/8aTlKIt
D6OhKzuvrbN8rcgo2ZtbhNBLlI77b3rvwVo30rSGgt09Q+MKmPl7nvWgxirkx5n7
CV6A0xw752JlcHfMXMA7T1tB+eAFtpfA0NI0rJtxjHvBx550sXoicYud80KPKFLl
4Dk9PUi9gtQGnPxqijhNSJLtNwqLbZzSAsSBs4+ObK30JQpWNVMLmnIqTZ+o5a/D
SVgkOk/Baya+pgIAA3/hpKL2BEkyzfWs55jPGQz2WrAoq8KuUh9/f8Eji2zv1AmZ
wwA23UsKgiuXx/Q5Fd+rTzPLsMisl5WSrR3shGC9JvJRgL05T0oIeFnNtmS30iog
oMrpUS8g4uQu7YAzYmsk7PcK0POPdZVj4mm71O3EncN9+pW6t3o=
=WG6+
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9665d7b-5a6b-be4c-7bcd-40116e7ea9c4%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] whonix-15 TB in dvm on Safest has whitelisted sites in NoScript by default

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



Patrick Schleizer:
> Whonix source code doesn't write literally googlevideo, netflix, 
> outlook, etc. anywhere. It does not do anything to give special 
> treatment to any websites.
> 
> By policy, for simplicity, clean implementation and whatnot, the 
> "inside" of Tor Browser isn't modified by Whonix. This is
> elaborated here:
> 
> https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser
_Settings.3F
>
>  Tor Browser upstream issue. Bug report written just now.
> 
> wipe all mentions of netflix, paypal, youtube, ... from noscript in
> Tor Browser
> 
> https://trac.torproject.org/projects/tor/ticket/31798
> 
> See also:
> 
> https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-h
oles-in-noscripts-default-whitelist/
>
>  
> https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs
- -zendcdn-net/
>
> 
>> From noscript FAQ:
> 
> Q: What websites are in the default whitelist and
> 
> https://noscript.net/faq#qa1_5
> 
> Q: What is a trusted site?
> 
> https://noscript.net/faq#qa1_11
> 
> Whonix forum discussion:
> 
> https://forums.whonix.org/t/noscript-with-security-slider-at-safest-pe
rmits-around-30-sites/8160
>
>  Cheers, Patrick
> 


Hello Patrick, thank you for the reaction.

Just shortly: Tails fresh install 3.16 or 4.0-beta TB don't have this
issue. Even it starts on "Standard" by default of course. Fresh
install of TBB on win7 doesn't have the issue. It seems to be
qubes-whonix (dont know how is ti in non-qubes-whonix) specific for
some reason.

I believe that if one sets the security setting to "Safest", she for
sure didn't meant to be tracked by entities like google, youtube,
microsoft, yahoo, paypal and others - the worst surveillance
capitalists on this planet.

Interesting is that the issue with the whitelist can be easily
"solved" just by clicking on the Standard security setting and than
again back to the Safest -> no "Trusted" websites anymore, zero. Can
you please check deeper on this issue? Thank you!

Weird ^^

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl2Do7VfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uyy+hAAgDc4f/iwLGoTfQKaAX8xcpiaKWEd+p032laJ8rKdSIB6Kd5JG3bBYSGh
iHY5MeAZene44f3DyloDcny6Kv6ibw31/877sIVNDWKIQQQi/rtfkVT+nyp1Bb+5
32xrh+u+MhTIKbBjYCjyy+E5F1fVWK1Q3+dBApLHWsJxseeAON1lL41dH63fP4zX
ApSoOmvJM3fiLZGgPYA2zr/W4VzSTmWag5pp27X4r2rMPpoonZghFv5B+IjixhHX
tTntE+cfxTXqkoNwLY/upsJeXLoFgWr4ss7FQ3OfDE7X743fbu2Y3j857rPSPs00
V2eArJjxh5a2pwmrZcFzW+KN30CHIAXRplIt5/k2Nfa+UcHfkPlZOsZlGXBtVba2
AofLm/OlGjqupgFMpIwDcwP+zHEIGrN/HTyr61GAozInK4A1YU7+Q0Jz+b0fJl8j
927uxdZVFE9JZXpF8YmO7pMrTcAwfo7fqV9/tfjEkvm6EtvlNdt5FLPRGLF4QGMI
tH7ovKxRedvdHRLp+81CqLjxn8R5zkdnoZzNMOfWN/Q5NtETNOLxWiRPKt6iLg4l
qW07ICAkQYJaVDTVKfH49CrKRWZF88f+I2s+/6AVUivvuPAM/n8p64ABsGyS5e+h
QgRIhBZbIvu+6kGxSWQkftKTwTuQHn24JFPM2jIQgaO1g9stTwg=
=Vqtn
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3d201ef-93c4-6a34-3acd-da933cc68dc7%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] whonix-15 TB in dvm on Safest has whitelisted sites in NoScript by default

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Current behavior:
- - start TB in a whonix-15-dvm AppVM (Q -> whonix-ws-15-dvm -> Tor
Browser (Anon Dist)
- - set Advanced security settings on Safest (click Yes)
- - about:addons -> NoScript Preferences -> Per-site Permissions
- - there are plenty of whitelisted sites like google.com,
microsoft.com, passport.com, afx.ms and many others.

This behavior is whonix-ws-15-dvm specific. I don't see this behavior
in anon-whonix (no whitelisted sites on Safest).

Expected behavior:
I believe that on Safest settings the TB shouldn't have any sites
whitelisted by default.

I tried to reinstall the whonix-15-dvm but it doesn't help. The
whitelisted sites are still there in the popped up dvm.

Can others please check if they have the same issue?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl2AjGVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxlLA//aJgx+14d7omw2O4aMIZzY+KWGA8dwePEt61O/p1rNuJo+Bb1w83vLwrD
g0xULHyun4jf0EIdI59og+AXuL77yIEbUMtBr98QeB1PZwvtsGK2Kbzm1GwbPTif
4S7ZRlwhq9gcPmq0DCbkguEzF3nHcLuOa2rNIQhe7s79Mugx2uYIjC/y9p6U3yyf
qEpzwxs392lNW8fkiR4wdE5qOPIHkxSMpqGekS/sh5Xoqc1GdKrzccsyALqzRV+Q
G7ymCDTGc96ROoUg6az71XmpmZB5hx87c1k63LYj3aBi/8ijkdyx+0fwoaarsGND
zcPiqyyJSq7l9qso7PgpcIiSezL+TjWA58R99YYUwl1+ZM2ngEtaeTsyR0Kj7z6H
wdu6ixvvFb4cCoVEMibdDaapT2iFKsFYCgI/8NOuHuUI8TWeNDS7+CKLSJ7UXZM/
T2RBGTORvDN7JzSv8TynWZoiSaekst9g0HmlUd/JbKqkL8OFC7rRgwa0DKzpXj/D
DFiHXkJiuj/OWeH47uViw3asz9c6w5N62Jjte/jo1KepsBfQBC+BgZIZBoap+dyF
jfWwis/39eAcGIExU1Yvy+W6fMZq6Exz6gKmh89GaTFUKnP+DsMZp2XcEe/tNnor
e8BzMrWgrirKUCtBf0Qlj8TILY0oBw/f/JLugc3RVq29zTZZna8=
=YeAi
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2a8bd079-2de7-a54a-ab65-96d3d68227e7%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Re: Whonix Tor Browser Starter safest setting fails

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'awokd' via qubes-users:
> 'b17b7bdb' via qubes-users:
>> On 9/13/19 9:31 AM, 'awokd' via qubes-users wrote:> 'b17b7bdb'
>> via qubes-users:
 Setting tb_security_slider_safest=true (either by selecting
 Yes in the Tor Browser Starter screen or by creating a line
 in /etc/torbrowser.d/50_user.conf) does not result in the
 expected behavior.
>>> 
 Actual Behavior: - Shield icon is fully colored - Security
 Level is set to Safest in about:preferences#privacy -
 JavaScript is ALLOWED on selected sites. To view these sites
 click on the NoScript Preferences button in the about:addons
 page and then select the Per-Site Permissions tab.
 
>>> When I do this in a fresh DispVM with the above setting, I see
>>> no sites listed on the Per-Site Permissons tab. Are you using a
>>> disposable VM?
>>> 
>> 
>> That's correct.  I observed the same behavior in the Whonix
>> DispVMs on two different machines, one of which is a fresh (and
>> updated) install of R4.0.1.  Notably, if I manually set the
>> security level to safer in about:preferences#privacy then the
>> per-site permissions disappear.
>> 
>> These permissions are clearly the default permissions included
>> with no-script add-on.  For example, a variety of google,
>> microsoft, yahoo, paypal, and netflix sites are default trusted,
>> among others.
>> 
> We might be miscommunicating. I'm saying when I set 
> /etc/torbrowser.d/50_user.conf with tb_security_slider_safest=true
> and start a new DispVM (on current-testing), I see zero sites
> listed. Did you add the setting in whonix-ws-15 template? I tried
> it in the DVM template first, but it didn't stick. I do see what
> you mean with about 30 sites listed when I start a DispVM (on a
> different client on current) without that setting. Is your Tor
> Browser 8.5? Odd that you're experiencing different behavior. Might
> want to mention on qubes-whonix forum too.
> 


Hi, I have the same issue. But I am now communicating with a guy in
the Whonix forum and if he starts his Whonix-15 dvm TB, he has no
whitelisted sites in the Per-site Permission on Safest. This issue
seems to be selective. We both have the 8.5.5 Firefox 60.9.0esr and I
didn't do any mods in whonix-15 templates. He doesn't have any
whitelisted sites on Safest and I do ^^

Can others please check the issue too and add their situation?
Thank you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1/NI1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxWLQ/+MWFyDFy9xKjBD9CmNSEY53CG8pf/5X122B4kggFn3yT+TJ79o4v1PyYM
Y2XkyjhmkxmC0q9U+MFEYIzE0evX2uLZOXWXqlH3UE0QN+DI5htUZR30QoAjB5dL
rdq+fNYtrvxsBY70GeoD39g5RqLPjnmye8rtogQFszp9ldiA5OJ4n5cOwB27lFUj
CT0Lk8F11o4FERhoff1F/Ff/2LSXJDcSMRRCuosG+Q4GgWw2d2pPiqXmeWUCamdH
UxlptUhTb/GvKLMGBQ7sBylk79q8MipVjPj3ZtVNi6pfhu4ZsDH5QZfiRAiIK1Kz
bTp13YVjuFOCHDYy5CeWoYrLxycMeqCt8yngHSvHYo5aPaxk0jf9x+CYvIpdYn5B
Sjn/z8+C8f3zLeERqq4q6jC700cgFU3f5ZBFTP4R0XHp7kzhgfnCHAUJ/qFUuc+b
a+GYNVxIBgCBZknPTdzS8raFW2EhlvumWD8YhKhAMES86Vqz9z3SRRRWxQ/5sb/+
CAp4jJ4Ispg1K8OyJox4G4jXgWfk5JCqy3E8CnQC+xbVvgnE6jTI7igKMhE1n8vE
Gv0w3maOGk9/byNzCW4PGf9vb1YEeu5CFaG0WPGcmKT/DWxNGc1h5q3Jo5gnVWuU
NngevmJgzKjsahgabSzxSD408u2ddVCwFR/zdgCqPgviQxdqA98=
=tck6
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b312990-b661-5fb6-227d-ce842839b9b7%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Anonymous as possible

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



GT500Shlby:
> Recently I went looking for as high as humanly possible anonymity
> but quickly deployed.
> 
> For a purely hypothetical example, say I have evidence on a
> prominent person. Think got mistress prego, mistress no want
> abortion, mistress gets bookend to skull, murder cover-up gone
> awry. So obviously me having said info, puts me in severe risk of
> being killed myself. Like full on conspiracy theory novel/adventure
> story. The idea is to be as realistic to the cyber security
> preparations as possible.
> 
> So I pick out an older laptop from recycle, flash the bios and
> remove any serial numbers and assets tags, pop in a newer SSD from
> a different recycled system (0 purchae records), reflash its
> firmware to remove serial number. Source an external wireless
> adapter with changeable MAC address and again, make sure no digital
> serial number. Now I need an OS. TAILS is a good option, but I saw
> Qubes used a while back and thought of it.
> 
> The idea is to go to a public place with lots of stores/cafes that
> have free wifi, but sitting outside those establishments in a
> non-cctv area but jacking their wifi, probably using a sharklasers
> email to get registered then using a vpn with bitcoin and another
> sharklasers email and then using tor above that to then create a
> throwaway reddit account to browse on r/gonewild err I mean drop
> the docs on the bad dude. However, my concern is, I'm having
> trouble finding the latest release date. the listed release
> schedule makes it look like the current stable release is over a
> year old. What is the TL;DR of the state of development of Qubes?
> 
>> From other privacy focused people, are their any holes in my
>> privacy scheme?
> 


Your model is actually a high risk environment, involving actions of
physical harm or death of you or your close ones.
In this case you would need to employ much measures and
countermeasures, not necessarily related to the digital behavior, more
than the OS like Tails or Qubes, to stay safe. Your behavior patterns
changes, your physical movement and monitoring of your life emissions,
the way you obtained the compro, from whom, how, when, where and so
on. Your contacts can be compromised already. Beware of your writing
stylistics, typos, and other similar leakages of your identity. In
case you have written something publicly under your real identity, you
should count that if you don't use deception, it can be one of the
identifiers narrowing options from adversary in pursuit of finding you.

Know your adversary and its level of determination, resources and time
available to find out key indicators leading to you. The higher it is,
the higher security measures and deception layers need to be employed
by you.

In this case you will for sure need certain level of well pre-prepared
deception layers to make sure that if your contingency plans fail, you
have a well working backup plan, spreading options on more ways
adversary needs to follow on each layer, to give you time and a
especially clear warning, that there is somehow successful adversarial
activity, without leaking this intelligence to the adversary.

You will basically need to do the job done and destroy all traces from
you, and remain exposed shortest time possible, and leak as little as
possible emissions about your activity and at the same time not break
too significantly your daily routine. All preparation activities are
deviations from your routine, and can rise suspicion even after the
job done.
Once done, there should be more less zero possibility to get any
intelligence about your sensitive activity by any means, even backwards.

Coming to the OS, in this case Tails will do the job. It is amnesic
and the only hot potato is the SD card, if your activity isn't leaked
already, which is still possible.
If you were for example searching for the Tails through an insecure
OS, downloaded TBB through a non-anonymous channel, or even through
your IP address, and so on, you can already be on a watch list.
Estimate how many people in your area use Tor or Tails and you will
see it is not much. It can be see you are using Tor or Tails, as it
has very unique behavior.

All that, provided you know what you are doing, you are able to get
Tails securely, can reliably obtain their signing pgp keys, confirm
the downloaded file with it, its hash, can run it securely, in this
case remotely (see external wifi card, with cantenna for example, to
get wifi connection from few kilometers away) and having clear OpSec,
and be sure you are not compromised already, from the very beginning,
you could be quite safe.


-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1lgZlfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzsEw//Q7enT4Rw/8x8yYiXzmWy2GMJ4AAez4x38UMI91j+VLgZ9ER9O5MnBEHO
7oZiXyAjPTGswYZP8beceaR3a7z

Re: [qubes-users] Done with Qubes

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



O K:
> Thanks for all the help but I've been trying to figure out how to
> get Qubes running for months and I've decided it's just a giant
> waste of my time because every time I get one bug fixed, two more
> show up to take it's place.  I think it's a brilliant idea but it
> needs a lot of work and streamlining before it's ready for public
> use.  It's a shame because my privacy and anonymity online are a
> matter of my personal safety and it would be nice to have a secure
> OS.  TAILS is not a fully usable system either.  I will have to
> install Ubuntu.  Good luck, everyone.
> 

Dear oak2572,

I understand your sentiment about the issues rising during your usage
of the OS. You need a reliable and just working thing.

My 2 cents to this are simple, and it solved all my issues with
QubesOS. In my case it was simply a matter of hardware selected. It
can be tricky to select the right one, but we have the excellent and
updated list of supported HW. Im my case and for my use I am
absolutely happy with the Asus Zenbook UX305F. It is not a beast, but
is capable to run qubes without any issues.

I also recommended QubesOS to other friends and it ended up same way
as in your case - they gave up cause of need to heavily mod the
existing HW and its SW part.

If security, privacy, anonymity (you consider Tails too, right?)
matters to you, try to reconsider the HW you try to run the QubesOS
on. I am pretty sure this solves the issues fast and it will simply be
a breeze.

Good luck and fly safe!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1jdNxfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwZChAAjLQSzAqsX3nk6f1w4l2uFClGueXYtJZgKvyvP3TCOzaD5ZxzvXJLLgtr
5DyLUcQGJ4hX1xdIGkevPxQy05jz0swr8Bi+yJWJhrfza0GQvRvkVlDN9AkZ5cgu
6HBPDVi2IeZicWfKBAfr1ed+Onx/vmwbLqzqqFBs/f4/4U2VDJBfv52eX6NkGn/n
RIOT5UQ3pRBsig69HviXR9Awvuh231Ltxu/CCUdcwECWkZVEhNr62EAsMNPiyCoL
4ge8d62tY/AQD+EWvRLmPsfA6NEvSdzlyMuMFDZNn5CRFaRZnwzaVzdaq4DNaaXs
ST9/99WQAYkKSdogGa2Gm7jKg+uUynSHzCW85y+vJu4DIYpVB/8sllsCLWUMdmgx
ZLw/gDhPEredszfeixrQd3cLxe5ZyQrE0HCGmWR8X4ABkAA/VQs6tC39I5rwfUUU
98OHKrGh0aKEYYz9K9ESkPZH233+CyyOGaXXbUiaqtm6a41pEHQNcyICJEQUqR6O
lSm9nveZU+C7Ekd/VOUdckyd9cqcVNRidnAVw/DQseIBGSpVdJyxrpLFLYLdVowa
rIVnlf9UZ0LxsheqXzZmqkNIA3KtlBbvBDBPjkbqbjtlOGWDWC7UT4WYGzJkBRn8
G2w6IJ4WRr5S373y9+fi5+Fh7wHTk9+BlwH8mcWRXjH8F0VwkJk=
=oZve
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89d0d886-4591-6afc-003f-6b32c1ed8b4a%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] ~/.gnupg/gpg.conf not existing in debian 9 and 10 by default?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

hi, I tried to set up gpg in my Vault AppVM based on debian 9 and 10,
and learned that the ~/.gnupg/gpg.conf is returning an empty file. It
is the case for the debian 10 as well.

In whonix-15 AppVMs I get the file ~/.gnupg/gpg.conf full of settings
by default.

I would like to follow the guide here
https://riseup.net/en/gpg-best-practices , but the ~/.gnupg/gpg.conf
is not existing by default, and so I cant pass the needed settings.

I would like to ask where the gpg in debian is getting the settings
from, and if I create the file ~/.gnupg/gpg.conf and put in my
settings, if the gpg will behave based on the gpg.conf settings same
as it does in whonix-15.

Thank you.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1fw+NfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uw9Ug/+PYiJ7arxzBG4MTZDM3DRn3rOmv94T5pxCp4Yzf87rtx43A5+ihlDXIp0
FBgFwbMHIZs01YI1U/gphAD1BKizFqAu0H0Y24uOcChGBizYt7zeDPt0srE21jZ1
eSNUp7rTHKFaw6NCq5OZEH8aKuNU7yOTDGmIYsLqmTlIzzL6P6L6O9XJX/cEyBV0
H7cSHaIDExPwQnJVsF4CKuSdsIqcx1udsxdX3cYVJ5FDl1obu02S8xhteadtVnDo
NACCF4nZJGBJvOgPMASsYRTgWmYeZKGi3a+DEipq7K44I8nRQEt5vE7oUL5KPdg0
YMAPFzyB2Bw53Pivy9HOEePwkDzkPBnfH5tRt6UQRMJhsj1OYOmK9TqsZ0xbscd3
TrVzrzsBYjSelUZupUVh6s62TJSYkWlUn1fm2P+2tIZZ5rDtR0dLCZ1280wREA/H
Bwbm9og5zOXBmCtgRiO78tV4JXzjEgjIkze4g/JE1H8ef1iU8cbpTz0jQCyCkAZI
xf85XYwxpCAydEvnVJrNoipkL9TOAEL74sbnt/ot1fJLJ4pJiAgupwXVijyxjQM9
9L792MspFsdFdtgsNqV1FSAztc/jOsxjcVx//l6vQ5KwD3rc6ow2tVO2pcZ8uoCS
93lK3Xsflg82tZup+hDcm5Js1L2ormkEL3CQvrWF0wjhP1I98pw=
=gjH/
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5aea2b51-6bb5-dfc4-197e-2d285b5cc0cc%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] How to update debian-10

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I installed debian-10 by executing command sudo qubes-dom0-update
- --enablerepo=qubes-templates-itl-testing qubes-template-debian-10

After installation it pops up update, but I get this error:

user@debian-10:~$ sudo apt update
Hit:1 https://cdn-aws.deb.debian.org/debian buster InRelease

Hit:2 https://cdn-aws.deb.debian.org/debian-security buster/updates
InRelease
Ign:3 https://deb.qubes-os.org/r4.0/vm buster InRelease
Err:4 https://deb.qubes-os.org/r4.0/vm buster Release
  Could not wait for server fd - select (11: Resource temporarily
unavailable) [IP: 127.0.0.1 8082]
Reading package lists... Done
E: The repository 'https://deb.qubes-os.org/r4.0/vm buster Release' no
longer has a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.

Should I set something up?

Thank you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1epW1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Ux+VhAAjVNjP1OaHl6+6+VmPn3y1JE0FR/sAX+jaWarZurtZqLWaeo1KJmSyCrV
p24e/szpD4M2s+x03K1XlQjiLqnvybcJWsXcYl/G3euzfjyV2M/kMe6pvq6NrfST
BWVzCglHUMFvJJ4wJ3Lb6Wxnohaji3b7F35vsophMBUuhuKy8pf6vu+mZwmAPL2X
X9gJrSXNC1qNHle8rTzdYs+fY3EXfdCbnxEeILfbOYQIgkIUf2nxKvAZqTj0pHgO
45kx/4k+hiJQWaUTLN9retD5kRntTVv0VZjGRCtiXXwgrkFB0sW+F5HDMGDwOx/O
prchrvi1aJ8fdZTo1ZR7tPara/JQLemeBy8oG6lPZHmf/jz48C6nUS+UZR7hosUU
QrPdOfZ2kFxOnsgVFxXXci79cW5wzv6LxJdRJqh/JDTtLccdB+dlM869+Ax8BwH1
zcwHlKY6FjolibFzLf5sZFvoBSNwVEAg2PNCxezgnSfo1JgAfdjuYWX3Apm3eBjY
vtZuG/6skQBMHFYeSOwliSO7qnJyCgsZNNl98/GpCXt1aVYGM3SoPF0FZ2A3lELO
8G7/CCqTPYwaXTOqKi2eJxSEfRwlowx9Udui8mF60ACmaW+a6hbdv+Mi2PXovY/y
bNkWy/LH3c5oM4y3HtSBYuvZhw+eSYokvxQXN/oKs+phhlusV9o=
=H4ni
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b58ec9b1-fc1b-dc1b-2174-421d0f700658%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] error: when upating dom0

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi, I am getting following error when sudo qube-dom0-update:

error: could not delete old database at
/var/lib/qubes/dom0-updates/home/user/.rpmdbold.3822

The update than finishes without any issue. But the error is
persistent throughout every update. I am seing this error for
sometime, but it gets annoying a bit now.

Is there any workaround to get rid of it?

Thank you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1WXQ9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UynHhAAwfU+apZBR9r1wNwzV299m6LvbtKwo12cwl/jOlQu0rhtMi+XC+4J7f89
ctcNaXjC1f/uljP06xzT7YmgnplghUCU39A3rCmhlvEX9FE2xo0K/raiYruWaNxU
uAN9TeATAtvf9eL19K/f9TwatJzHVTyhi0sT1//AuQdvCdW47jqcKLPH/fStNYlO
2nZ11mltyGJCFTB8hSgtTTDlZMZDevhtuk7vQP+DzxHc6g1gf7ZX63KGuL/Q8Vb4
bFe/JaECn7uFUh/bbppmibYfYSOGnFP++ostScsBeGEuYTUy30BL26mzREabV4P0
kGxDgHPUOfXRVcu/Q2+qRnjqfx+5nyZ7+ZFEBLzUZIQPZq7RmCm5vPML9yAs6DK9
I3eIBHARkXYFkvziZPVxbs5YOpqCAreBgo1j3G4kEChMwRBHDocvOWsVU3k3/FWw
jmL91QyKopoiGvH+ZXMBIuRb8rOl6P1XvzHI5x18I8j7ueuVukQ+p1TrErPP6P+U
c06h/MvDkB8zCVDYYFHri2fOrA40Hd4EB+JPlHWlArT7gqgjOms2Rhe1eGUPyczA
Rfdnkr18cpLCko0bJFOcJ86Txhck2w8qMwWxjoZ0W7slrxzLBudGq5lO9l+L+mEz
cjo8ePjkT+MMIR9WO1CNP75tIPaGYhpXU1R6l7qe8f6N87pYJfc=
=rxWx
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c75d4f12-2898-15fd-9909-cf8a63bb588c%40cock.li.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Error on update on whonix-15 templates

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi, I made a fresh install of Qubes 4. I followed carefully the
instructions on the whonix website for fresh installation of the new
whonix-gw-15 and whonix-ws-15 (with previous complete uninstall of the
whonix-14 templates and its VMs including DVM).

I can update any template like fedora-29 and 30 and debian-9 including
dom0, nicely. When I but try to update whonix-gw-15 or whonix-ws-15
through the arrow in Qube Manager, I get following error:

[Dom0] Error on qube update!
Failed to apply DSA-4371 fix: Error: Error: Could not determine Debian
release!

However if I enable in the Global settings to check for updates for
all qubes automatically, it finds the updates for both whonix-15
templates, shows it in the upper right corner orange-flower-icon, and
updates both whonix-15 templates without any error.
If I than try again to press the update arrow, it returns the same error
.

Can I somehow work around this issue?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl0booZfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzyhQ//WMLrGOIUUSzGjcIz6jvlerRn2k9cJGXOKguhzojDW0KGm61UVS6iF/ep
FMcDQ6CjDTYywaN6otxWNdKqafxetsRW6mcugKH7ijNEZ7/DLdofzH5jbPuTWgvi
18yieKvf2N5Bo1ZLGGyaYKKpmujyAKtLxoSLAM4URW3Y11ywsxEhB7rVGzgnY17W
8p9OHFWIdk8PyZaq5+pv6m946Dno0zDq50mc44aLu8jF1pLPf45XWUf99zqM+9Zn
p7JDNDSKsE4yQjuA6uf1sJoPEodwSIOqNtwZIN2Xf054VDWmQhgoX5H+W0Cjz2EN
NI0RGa0SBV8ASxTf2oaYy/zpYAcYU+YYbaTein+DeRBOdrmmkAQBBS3jZ0tjmjlh
BDWQBIG5xuTD7K7rkJS3OmDHN3pR2nzUVpeqEOUXqyXtG9QKQiChSB1j5FCoNUGX
buK+1HO1Nim5TL/cWSfr6lh15KwvkZd5okvQtRhS/+Cv76rT5L8m3YGI7t42l+bZ
BYYxGfwqWESTaNGqvhgDYhpXpqwBcF51KGWyW9vTrcwkarLsgtoDYTJXdu9RqEeX
X/FiadO+o75ykbKZFYnRGkc5Ia+3zSqX1Xn3Uc8PDmJM2xUxas/O1uZJtouf2j9U
WmGQIBzhumTYTbxU7hsH2YIuZN+fUBIaceLGsGzQWpismNU9rK8=
=wr9Q
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/17276226-ea68-173f-1d88-b7804172e11e%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Re: Any issues with changing template for sys-usb?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



unman:
> On Sun, Jun 16, 2019 at 06:16:00PM +, 'awokd' via qubes-users 
> wrote:
>> jules.die...@gmail.com:
>>> Le samedi 8 juin 2019 15:19:00 UTC+2, Stumpy a écrit :
 I have a sys-usb that is currently based on fedora but i
 need to run a package on debian. Should it be a problem if i 
 install the package on debian, temporarily switch the 
 template to debian, use the app when i need, then switch 
 back?
>>> 
>>> I wanted to do the same to move the template sys-usb was based 
>>> on, but you need to stop sys-usb to do it which in the case of 
>>> a Deskop computer make you without keyboard and mousse ...
>>> 
>> You could temporarily remove rd.qubes.hide_all_usb from your 
>> xen.cfg. This exposes dom0 to your USB controllers, so unplug 
>> everything except keyboard & mouse. Reboot, and verify you have 
>> keyboard after shutting down sys-usb. Make the changes you need 
>> and verify sys-usb starts normally. Add rd.qubes.hide_all_usb 
>> back to xen.cfg.
>> 
>> I believe the above is relatively low risk, anyone have a better
>>  approach? You could also script the template change, but I 
>> wouldn't be confident enough to attempt it...
>> 
> 
> How about?
> 
> #!/bin/bash qvm-shutdown sys-usb qvm-prefs sys-usb template 
> debian-9 qvm-start sys-usb sleep 3m qvm-shutdown sys-usb qvm-prefs 
> sys-usb template fedora-30 qvm-start sys-usb
> 
> Just long  enough to check all works fine and then switches back. 
> If all's fine, delete the last 4 lines.
> 
> If worried about races, pepper in a few more sleeps.
> 

Nice one. Where should I normally put the #!/bin/bash scripts in dom0?
Is it ok to use /usr/bin or is it better to leave it for
package-managed executables and have an another /bin?
Thank you.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl0HJkFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uz5TBAAsgsmgiB1LtVqdIsTdwO4SPwrieAhl6jqECOZSZl8Q4+bUc5lZJvzF313
PwqND0izsXFGE5ewiAWK2pc7MVHlsh0sn85wQS/ivSTrvymaTQcT/lY3SONEkQn+
0uZfrxSf6aQpVHRSbZI/kNcld2hg3u/0nUjzdx9fmjLgclWyaL9CBmQr+80p6BI2
ob8zNn23P5Uj+AvsN/VPVK9ZclDwSZy+qzy7NTPD4SBskwO4pFmYTrMmuYmpvTM3
COwqeju8onuXFCCOUujXkwXWF+eC67/zgfnwJnKWFvAe8FIpADDbBQmWrCKLYXGX
JAuTWYOgVLRzJM7inv4qdp8mYkeIBtQhFq+9t1bA9uKTwC0rhRsyL6jEoN1K4MQo
lA511PCQSjFFYRrjvdTU4RAQo8aEuBKCEMtmUZusPMmwQwbpvM4Uzwh2h6vxcdd6
X4xZ96tQ7T/lQZbOuf47xIa8aBRWE65/lFtfHxZRZkOgz3A0Y7aI40zpjZyOaigc
ZAkUOJ5I9CB7Ptf5WyiSXxy6laP+dPejgw1SI6KH3nj52Eg9SckRQ9TxgKGzbkFc
bCZIRQZucNtX3M0jmIv8DLnfo5TcWHUNePPyybNU/xy9pQNlBTBr8WIiXfleHWBT
yJ/c6p+xlL57ZK18boIOHzQW020uaxEca/5BV8YXCWkgVvkM2Fo=
=PSXa
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0391901d-995f-41fd-ddbd-491837cd355c%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] gpg-split, what am I signing/encrypting

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> On 07/06/2019 10.04 AM, scurge1tl wrote:
>> I have been playing with the gpg-split and would like to know,
>> if there is an option to see precisely for what specific task the
>>  work-email AppVM is connecting to the work-gpg AppVM.
> 
>> Currently I let the work-email to have a blank access to the 
>> work-gpg for a defined time (300sec by default). During this 
>> time, the communication between the qubes is unrestricted (is 
>> it?).
> 
>> Is there an option to set the gpg-split to approve a specific 
>> task only? Lets say I write an email to j...@email.ok. I click 
>> Send and I get a message asking me "would you like to 
>> encrypt/sign the message for j...@email.ok with your key
>> ABC?" In this way I am restricting the comms in between the
>> AppVMs for a single, specific task only.
> 
>> I am reacting to the Trezor-T where you can see on the Trezor-T 
>> display what precisely you are signing. Can this be applied to 
>> the pass split as well https://github.com/Rudd-O/qubes-pass too?
> 
> 
> Please file a feature request for this. I thought we already had 
> one, but I wasn't able to find one. All I found was these two 
> somewhat related issues:
> 
> https://github.com/QubesOS/qubes-issues/issues/1835 
> https://github.com/QubesOS/qubes-issues/issues/2443
> 
> 


Hi, I try to start a new issue but github doesnt like my email
provider cock.li or even newly created vfemail.net and tells me it
cant be verified. (Is the new github owner progressing so fast with BS?)

May I ask you humbly to start this new feature request? Thank you!!



-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl0B94BfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxZdBAAsk53uDrMRL7xUjRXQwG+tCFGmSBJuvq/RswRL/z8c+4J8jM+7ZOHkbhg
y4jrYrlp2OFKXWb4sXdIabXmKCLPQRA0N1WS8MWzWgCgiPMQfVc+I/u4/Qd/Hw5G
TY375VBr9u/vb29h/7eM878R5Wo0MPNn1xY1A7a4iHLKzslTpRrtwvuIJr03prdc
2QB/qW69tD3DmsLs+Ps92II2R1hOhedqBJLR+sgbvn6O5DyGgVFKW4Qzvs7LZFxq
P1Qb9zSGEqcakkZ9y++sGAEx8nROrLRKnUVEtMc9vgOj4C75w0dszlGTNHVZoszn
Mfv/fvk7tYjOq3AxqNOj/mF0urlovadw37YRf1AuJKqtLrdgKBvsQBFKnYlY2D/C
qFBxJq2Jq77PqEXYqBSVbjTuvO5gosxRRsZfJ9F4dAPjNYflmzabWJtpph76hrO8
IrIduRfrVIdPU0fQbJmTn2chpthyMDC+wrH8W6vAbUDaG+LaOVFflcOsYJKMyKl4
vQTnlj46dIP80+PHDk/SrU3XnLRt16/L4GcT+LWhGqnGaMJdxgPCMmlqM9fyom3y
refRmmCP8QdlgLSbZQIeIeYdB+LI6z3KFTAvUAYhB3Rob/d9vHRBVfUakhlPTHRE
Cd6H/Fl3QQBtL/Hb+u+uH7J6g/o2+9ubWIkt17p3jGIhb69S3hg=
=fGZC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e6c8654-cd23-0cd7-355c-6986d52810f5%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] gpg-split, what am I signing/encrypting

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I have been playing with the gpg-split and would like to know, if
there is an option to see precisely for what specific task the
work-email AppVM is connecting to the work-gpg AppVM.

Currently I let the work-email to have a blank access to the work-gpg
for a defined time (300sec by default). During this time, the
communication between the qubes is unrestricted (is it?).

Is there an option to set the gpg-split to approve a specific task
only? Lets say I write an email to j...@email.ok. I click Send and I
get a message asking me "would you like to encrypt/sign the message
for j...@email.ok with your key ABC?" In this way I am restricting
the comms in between the AppVMs for a single, specific task only.

I am reacting to the Trezor-T where you can see on the Trezor-T
display what precisely you are signing. Can this be applied to the
pass split as well https://github.com/Rudd-O/qubes-pass too?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlz6fPdfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uw1+BAAm7Vw5ilKzpR+Z38k35ElkS8GhLe5QVrEyfcRsePcWHV97O/Z0GD6GJAw
Ffmh/RYv9i4jBGfpwoPCVjC7KezqS2rpeAnDAkwOyFnmdBvJZtyMwnKT65N5cxUI
npuC9j6D+6AVyWwn8YCUr2P9yiNHFAgmRqXEHfoTPK12WJdeOgmoGfSaPhZiAilI
jQh7bYrxEm6dK6u4BWVZKYYHH9dCoCORPc7Yj3K+P+mRQEugkEqk4ysZsYwqZo+v
WuPwWKO67LeBkv2CJ1Dl5bPq+OhtNAtH8os05ZqvGSQEo28za77rKY8pgJuNIelx
5Cqi8BbKAmBUaqy+2iKHK8tHN2KakRTrvbkbgOnfXBK90eboPDEskjkZT2g/Ahd+
iL/kRk4YKIU1oxGzyorAYd2Kbh5s+MY1tcUWj/m98f4ZzVDr5f5ZyJQz+GXCpc+7
3Z4ZeaGz2rMQHL8SQx7ZQ74M71pECcGdyLp+5IbTCUA9JOYXEQo7vrjfZpI7KIkV
RvRJ15fh56OF07smhE4/jxioEAYsTWDTrfswOOlLYDBdwgIIg3qGeVVEMf81PcfI
AAGuGp1kqyldYPvjUflc5VFZXelpqq556z4IkX0D1juwGwOWpZ29PNEl74KwwV2w
fPV2B8z8SlXAz9PKEj7r+Q7+MsWYmnEVRJJOKwOLz0d27Hb32jU=
=lbJ0
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/281ac966-7393-dbc0-5883-3eab33518005%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] How to automate cloud backups of trusted vault files?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'Side Realiq' via qubes-users:
>>  From: Andrew David Wong
>>  Sent: Sat Jun 01 03:33:28 CEST 2019 To: Side
>> Realiq  Cc:
>>  Subject: [qubes-users] How to
>> automate cloud backups of trusted vault files?
>> 
>> 
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512
>> 
>> On 31/05/2019 10.33 AM, Side Realiq wrote:
>>> Thank you Andrew!
>>> 
>>> Wouldn't described scenario be mitigated, if one downloads the 
>>> backup in a separate disposable non-internet VM, decrypt it,
>>> and transfer the decrypted files to the vault?
>>> 
>> 
>> The problem is that, if the decrypted files have been
>> compromised, they could compromise the vault when you open them
>> inside the vault.
>> 
>> P.S. -- Please avoid top-posting.
>> 
>> - -- Andrew David Wong (Axon) Community Manager, Qubes OS 
>> https://www.qubes-os.org
>> 
> 
> But how can the decrypted files be compromised if they were first
> encrypted first locally and only the encrypted files were uploaded?
> Attackers should be always able to compromise the encrypted files,
> and compromise the decrypted files only if they could break the
> encryption. You mean that qvm-backup could protect you if the
> attackers break the encryption and put malicious files inside your
> backup?
> 

Basic rule for any security setup is to never move any data upwards
from low sec to higher sec area, under any circumstances.

Thats why we have in the /etc/qubes-rpc/policy/qubes.ClipboardPaste an
option to set:

$anyvm  vault   deny
$anyvm  $anyvm  ask

To prohibit the insecure behavior.

But would here help this as a higher sec option for cloud storage of
sensitive data? Could this be reasonably automatize:

To get the file TO the cloud from the high-sec vault-vm to lower sec VMs
- - encrypt the container/file in vault-vm
- - hash the container/file after encryption in vault-vm
- - log the container hash
- - cp the container to the cloud-vm
- - cloud it

To get the file FROM the cloud, and move it from the low-sec to
high-sec VMs (even not recommended)
- - download the container/file from cloud to the cloud-vm
- - hash it directly in the cloud-vm, or hash it in the DispVM
- - check the hash with the logged hash in the vault-vm for authenticity
- - if ok, cp (even not recommended) the file to the vault-vm
- - hash it again (?) and make double check the authenticity of the file
- - decrypt it and enjoy its content

Here you mitigate the option of running a malicious file changed by
the adversary, but not the attacks related to the dirt leaking from
the process of copying the files from low-sec to high-sec VMs.

One could lower the issue with multiple vault VMs, which would
compartmentalize the possible damage but also increase complexity.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzyRrdfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Ux0bw//de1gDobKj3EeR8MmWFREz74ovx4bPs1MU0UDMCnGVFNGp20oBn2wHyiS
2dYSw08FJywZQxoBWMYGl0c0Iem45hvQu1sUCGFKhRFFUv2rVlJwcTbn2khLayGq
B/SBoCY59YbTTxxA9KSBBDGeNLymziIn3N/U14A4TyGM6me+oQzoLRo5U3cDO81w
BNdbBaKxT2bYIFGhk8LbYQQ/oAzXzfJJW6YWqFCkBu2qxu3FKln3DISVkvPIf26c
wVEp2bD1emM2EjE9kMQEtkE0fJMrPWRvDqHoTVRHGUK1ddZmow+Eukf+LENWxRFz
75eMByj2Y1aWLu3H39pUA71iqzMGq/VHbSw8Kio4uN/BT2njwwksrZbdgW7/GMYN
qXuUzREYxO3Age5PXOzR49t1KwKcVQUn4dyLiz8s/XL3gDzSdiVUPej1gnkw2BU0
cFUypt85dxqO6khkd5ialHCArDAxUMhWUqKGywz8v6hh+tW/AFMJIdnKAyFTtwsX
KQVyzoh21QW7zTI4yHl8lpli8nuAKsW+tpkETuk8zsvTbn9HAX4hujz/oYuUVKuK
kzEQkUxxGyr11bw4XRcpF2MEXJvCJFtjsPxAqsZClTbIk4chhPUxaxjn8W24zYCf
k30uAfKBjaIIkcCQyewUVnLvca/CzYdoejnQ+OsgzFvIx+3oOKg=
=Xm39
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e8adeff-bea5-0329-9de0-c2f74152983e%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Weird icon in Applications, behavior of the deleted VMs

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> On 31/05/2019 2.58 AM, scurge1tl wrote:
>>> On 30/05/2019 7.43 AM, scurge1tl wrote:
>>>> Yesterday I was experimenting with monero gui. I just
>>>> unpacked the monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash
>>>> and PGP verifications were ok) in the AppVM named monero-on
>>>> based on whonix-ws-14 and played with it for some time. Than
>>>> I deleted the AppVM and shut down the laptop .
> 
>>>> Today, when I click on the Q icon Applications, I see a weird
>>>>  icon in the list between domain: and service: named 
>>>> "monero-on-vm", with a weird icon which looks like a box with
>>>>  trash or what. Options available are:
> 
>>>> monero-on: Chat support monero-on: Dolphin
> 
>>>> None is working when clicked. I thought the Q button 
>>>> Applications is under control of dom0 and there is no way
>>>> how the monero-gui-linux-x64-v0.14.0.0.tar.bz2 would
>>>> influence dom0 this way.
> 
> 
>>> This usually indicates that the VM has been deleted, and the 
>>> leftover Application Menu shortcut was not cleaned up
>>> correctly. It's a box of trash because the original, correct
>>> icon is no longer available.
> 
>>> You can clean up the shortcuts manually using the information 
>>> documented here:
> 
>>> https://www.qubes-os.org/doc/managing-appvm-shortcuts/#behind-the-sc
enes
>
>>> 
>> If I understand it properly, I should go in dom0 to 
>> /etc/qubes-rpc/qubes.GetAppMenus and delete the entry manually. 
>> The issue is that in my /etc/qubes-rpc/ there is no 
>> qubes.GetAppMenus file.
> 
> 
> No, that's the RPC policy directory. Don't delete anything in that 
> directory unless you know what you're doing. Modifying the contents
> of that directory can have significant security implications. You
> can read more about RPC policies here:
> 
> https://www.qubes-os.org/doc/rpc-policy/
> 
>> Also in dom0 the /usr/libexec I dont see any qubes-appmenus to
>> get to qubes-receive-appmenus. Maybe I am doing something wrong.
>> Could you be more specific with precise commands to follow?
> 
> 
> I just submitted a PR to add this section in an attempt to answer
> your question:
> 
> https://github.com/QubesOS/qubes-doc/pull/825/files

$ qvm-appmenus --update --force monero-on
Traceback (most recent call last):
  File "/usr/bin/qvm-appmenus", line 9, in 
load_entry_point('qubesdesktop==4.0.17', 'console_scripts',
'qvm-appmenus')()
  File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py",
line 612, in main
vm = args.app.domains[vm]
  File "/usr/lib/python3.5/site-packages/qubesadmin/app.py", line 87,
in __getitem__
raise KeyError(item)
KeyError: 'monero-on'

Now I didn't try yet to execute $ rm -i
~/.local/share/applications/my-old-vm-* just in case you would like me
to try some other tests when issue is alive, to see thats going on.

Also if you tell me how to log the boot sequence, where my long time
deleted VMs are appearing and trying to boot, I will send it to you.

> 
> Does it help?
> 
> For reference, this came from my discussion with Marek on:
> 
> https://github.com/QubesOS/qubes-issues/issues/4711
> 
>>>> I don't know if it is related, but when booting to Qubes, and
>>>>  watching the boot process, I can still see Qubes is trying
>>>> to boot AppVMs which are for months deleted, with "Failed to 
>>>> start" the VM. How do I delete it permanently?
> 
> 
>>> I haven't heard of this problem before. Please consider 
>>> reporting this bug if it hasn't been reported yet:
> 
>>> https://www.qubes-os.org/doc/reporting-bugs/
> 
>> I will report it.
> 
> 
> Thanks!
> 
> 
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzyQF1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzEtg//fgtYzKJZpCYPXXCzrCPrGUMPi4c4OdfFx5th+wQvkQPwWu82ya9hXGPe
uBFLZ5eCKqwSjxvcBiLqJgJ75Ye+r4FWVm8MoOh4ZQRbTf89/CixpGKrzzspUh5M
9hlNnG60kKuGMqV84TWcRZy8Lcc+uAgJTyZBlhonyP/SQ94/unSMwgfqfwDUe5C3
Ag/EdiLhOIogiA0fTCbf/KZCf3LuHU/uR46jVcqylHJMrwUDHbir55X2XzwU8aY/
9/0KiUfhAlMYH9tI27NEdHqOGPSlhieGiZzIXfeZYshQrNiCRNVGnupoWJztdUFo
U7ZzJzX+jg7kI3Z10jLjmaW84m8mYSgJSgZL0mfXNMhVIsJKnv1W7bAKpp07QL7q
M2wQUGEqFiYCdzDKkycsTUGlOqNCdXYDSI00G72eAjIObZUPXgT9h38WOkmhNWX9
DmHWwxlACTA4245XIbGLr9MDSdo3e3Uxb6wprH0Iw6dJEcSJAm+lLDs5PrwvuJDY
TxLIpN2KhZi8WmjDx9zBroj3AiJ/

Re: [qubes-users] Weird icon in Applications, behavior of the deleted VMs

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> On 30/05/2019 7.43 AM, scurge1tl wrote:
>> Yesterday I was experimenting with monero gui. I just unpacked
>> the monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash and PGP
>> verifications were ok) in the AppVM named monero-on based on
>> whonix-ws-14 and played with it for some time. Than I deleted the
>> AppVM and shut down the laptop .
> 
>> Today, when I click on the Q icon Applications, I see a weird
>> icon in the list between domain: and service: named
>> "monero-on-vm", with a weird icon which looks like a box with
>> trash or what. Options available are:
> 
>> monero-on: Chat support monero-on: Dolphin
> 
>> None is working when clicked. I thought the Q button Applications
>> is under control of dom0 and there is no way how the 
>> monero-gui-linux-x64-v0.14.0.0.tar.bz2 would influence dom0 this
>> way.
> 
> 
> This usually indicates that the VM has been deleted, and the
> leftover Application Menu shortcut was not cleaned up correctly.
> It's a box of trash because the original, correct icon is no longer
> available.
> 
> You can clean up the shortcuts manually using the information
> documented here:
> 
> https://www.qubes-os.org/doc/managing-appvm-shortcuts/#behind-the-scen
es

If
> 
I understand it properly, I should go in dom0 to
/etc/qubes-rpc/qubes.GetAppMenus and delete the entry manually. The
issue is that in my /etc/qubes-rpc/ there is no qubes.GetAppMenus file.

Also in dom0 the /usr/libexec I dont see any qubes-appmenus to get to
qubes-receive-appmenus. Maybe I am doing something wrong. Could you be
more specific with precise commands to follow?

> 
>> I don't know if it is related, but when booting to Qubes, and 
>> watching the boot process, I can still see Qubes is trying to
>> boot AppVMs which are for months deleted, with "Failed to start"
>> the VM. How do I delete it permanently?
> 
> 
> I haven't heard of this problem before. Please consider reporting
> this bug if it hasn't been reported yet:
> 
> https://www.qubes-os.org/doc/reporting-bugs/

I will report it.

> 
> 
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzw3oVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxRRRAAuDNdemKY7HtKUmInJv7hkSDlLND6qaK/ULF47iJ/SCkH+Se9kVSw3bjF
/VH6AZzIS6JQM9CRV9o8Jbl2++5ekDjVQ70vfTinK3zhwTJAsy4q6avY9Kau0UTr
WiGXdM7IEBihYlVL6V32ySl14FOgTTUzOtrCklUz+5aKssZHXN7LWE9p4bY4Kerr
yzAspUJkbVRKcLzDfjNE7jjx+xLgranTVR62rW6TSZfxAbFBYG2R1RxRRlzOOic3
qU2/ldSh90WBdylFnAQrYauU40uW2rSfVpHMj0sbnd9zfZeH0S5W1cFH2vTYPPJj
MApjjx1TL5zbkIYMCpSzsTvvyHtfCwDMJlNT4MiytfPI4UJ0Ww1qQsAmDdFFLOrv
37PiPMdTMXnBCA0QRPntEurkhOCTRQTFcV0V8x77TqD63oD5dqFOaTSR2gWWZB6o
RcVGQ525VvSqYhIm1LvqDb02PzJM2XCjyAnTLP6EyZBSYKxBzmwcPA8xSYN2gPXF
upnDfxfG7A6GED5nFkON3GkvPmdxFV0UNPuDGe8GaHY2Z0yJmvtQ2rX9ZNeE/NeD
LMlfic3m3g6iuUPl+91/ptBPmvm/QvDzBhns2B+t8hQIKcDdp0ijeFYAUUdmM12o
x5BOJqMdWsMZKgKvhRVW3lAki0X7glsEU5qyOEes3CImSpvRZFQ=
=5dzo
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cf5facae-6eeb-69a4-3d91-d3a0e4deee74%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Weird icon in Applications, behavior of the deleted VMs

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Yesterday I was experimenting with monero gui. I just unpacked the
monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash and PGP verifications
were ok) in the AppVM named monero-on based on whonix-ws-14 and played
with it for some time. Than I deleted the AppVM and shut down the laptop
.

Today, when I click on the Q icon Applications, I see a weird icon in
the list between domain: and service: named "monero-on-vm", with a
weird icon which looks like a box with trash or what. Options
available are:

monero-on: Chat support
monero-on: Dolphin

None is working when clicked. I thought the Q button Applications is
under control of dom0 and there is no way how the
monero-gui-linux-x64-v0.14.0.0.tar.bz2 would influence dom0 this way.

I don't know if it is related, but when booting to Qubes, and watching
the boot process, I can still see Qubes is trying to boot AppVMs which
are for months deleted, with "Failed to start" the VM. How do I delete
it permanently?

Can you advice me how to work it out, and put a bit light into the matte
r?

Thank you!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzv0AFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uz6nQ//T7N8S/u+mCX6hCwCI+e6GSW7WdOiFygmWV6IoPA+UnX5K3ypracVyiQM
DidkaqLYP4Nr5sH3h4WvYcD1Gpr4lv5PCIB5Gc/3g2pe0N+iv6FAfFDz/0T4shGM
xhbjux9mQPXFTcvRNSiyDsUYIl7QNf+iMXnDMwdsCCBLkm7tblxRxmSWy+/mkKML
ceTm7Wt/6TsOk/oMvMWtDIf1V7ud9GeGUyNmrZUuh+nBsHxvCndOdmWYkswuvSir
oGkBAgyg3iAYfBLSMeBPAzMyYnGoSqx1OP3qxozKNyGh9cIZuBvQfDMTyJQjK2f1
vaOTCh9Ia2IRK9nrynG5QnI+iWXKZnZAlWTFrZ6Rr5Ghg5SQgyGhr55ERb5e+QiE
HveE6jvAwoF2qmYk+YeeWjzc3Fe1doeNEmTyNGO103td5uxiuZ96c3kOfW6q0uCc
sRHpBgM4/gToeDEB93c1TVUU4h+b847yROBC0kfz7k2WyYqSnIyHO9NODrpDGY3P
On56xqYA6pwzuLLsDToSz001bNMfMKtTtMuL1jkhsGXpxj77P7pBUhK6zLSnZxys
BA5w7HFQEmICH/+A4QLsRYvra4CFeVXv392MXOdlXa3y8V+zQTaAzaYiAC1NqV99
rYE4QNh4X8GbAsY/IcqZYoJvVvgNVAWijRSYhxXL12YUA0Eeczs=
=GZCa
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0acf14dd-f40d-06d7-1381-dfde3447da78%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Global Setting return error

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'awokd' via qubes-users:
> scurge1tl:
>> The only thing I spotted to have issues, is the Global Settings 
>> button, which is not reacting.
> 
> Check https://github.com/QubesOS/qubes-issues/issues/4988. Use 
> "qubes-prefs" in a dom0 terminal as a workaround.
> 

Is there any guide of how to use the command?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzvyelfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwYmRAAni+FSOEFrK36yX4MzPkk5fFBCWD2rYTYpuKmPHDakf4hjcSIDPvFTYHQ
kl5rCXopsbVF+aApjvnzdRwvPdX0oLzp57PQ983tFPS+HRjjd/HFnGiNioStF9F4
L75xReFyeMVHG6M5t7xWh+t4j1Q6v8o+H+T3JVeOHSI5n1KvDgq0u1EggSrrqsW4
1ADcJWBlC4ynrAIf+fjyUUcOFh8f4CvR9/iSZq0zVM8v527szPsuQjhXdYzbHz78
rfZWme1E1gBn2ZitOKpQql9qaEqQLn3eCFjRil8oM935LkOANUprCyGRC4zjC3tv
etuBIYRB278BYwj6TPd/jXmFYjDrsHLecJGFBlEXXDT8FtqCCbllhApz9OcdTFLp
SVsUoHOUpHaS+sMYPvinZ3uzIbVZSmBJy0/SgJEnG8AispyrXkKNNHYnJ9EXE8LW
x9ef5pfP6n0gzAx5SKw85NaiHaLOSsarFaw+rkEAJZD4kPS1vGKjQYeL589SvZ+V
e6V+mD+2gMcF2iNVtYGXV+zoBnPVU7I4z4CG9bJVCMVYycbt9/zHm4fFAuZyS9Ys
64eKKySIfuWQFKBkvUGMYDGegPICJtoSEFvkf4rJibvP9l7at1Gj6wispbWN001B
+nDaq8azUACjv1YNfV1N3AeF7oWzJADcvotyYtpv/+cfS7DBqjA=
=gVM1
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13fe4684-2b46-3396-076e-219089f51069%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Global Setting return error

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

After yesterday's dom0 update all works well. Even my login gui screen
returned from afterlife.

The only thing I spotted to have issues, is the Global Settings
button, which is not reacting.
Also the Applications -> System Tools -> Qubes Global Settings returns
following error:

TypeError: setChecked(self, bool): argument 1 has unexpected type
'str'at line 248 of file global_settings.py.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzuxfJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzvxRAAl80EJX//QzKT++JJSwappybMZMDcId7EHXYglKaMeks9Y6ZFUsuIrFAH
ld1dqUsPx6SQam2LCzDRHgrEEzQGywOXT0xWMIgWJ4jjY1QHg6vD0GUo70Xzfs3g
6ooCnhf4pzYQssFaxI7J68TQCeUYkw9hULOqMoU6RKPbQs20WQaL0Q+1QPUxzBkD
h4P9lXGc21aspOL2x4QujJHyDqck9lpvf9iCq791sqs8nty9bU+sYYykQnJCU1kq
NpdxIse5CW7ZxoyL3pqKPaTiqKqRyfN1LT5J4Ro1X7er7anwMclBcF+cKB1Cctuy
bnPfwasIHvPKu7Wo/xKRiA9x+fTJCy5xfU1x6rsxlFdZ9trC7Ek7x2HS26VDz5c3
Grj3wSe9EZfeDbGRlCpXdVQAxIB9/0ESZrGhkecXAFZWZL6Z4jX1XuUb1Nj32WHt
0HflKQSn65FkTayyUFUmLEahqAEv9YIiW+0vpt+Hy2c1Kj/ZzfRnBlxgUE2g+b5h
Igg8Gdpw+mNerWjgoWcKj9+ID0adzGaR984Gc0qcoK3XeiFfQQ3yXbqLCAitjGc7
nJBMRRF+dRHKTjN1nSEXiUOW4+2SAQLAuW1nZ2FJT8TesuoCATl0I+g7qx9w/fSR
tPTl3OWsdzMQzRQvcNPB6SMzpJud4mA/Z/Ns6UdO8xa7VCdjhyI=
=LN67
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1dbf4005-657c-a59b-6308-2b342fa64220%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] X230 vs Purism - real world attack probability

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'awokd' via qubes-users:
> scurge1tl:
> 
>> Can the G505S be bought in the setup you mentioned, with CPU/RAM 
>> HW init opensource and so on, or it is needed to hack it myself?
>>  What is the performance of the X230 versus G505S? Seems that
>> X230 and G505S have 1366x768. Is there full HD option? Can the
>> Ram be upgraded to 16GB on both?
> 
> You need to Coreboot a G505s yourself with a hardware flash. No HD
>  option, but it supports 16GB RAM.
> 

Are the inits opensource by default or it needs to be flashed too?
Also how does the G505S stand against X230 in regards of performance?

I suppose it can run Qubes without any issues. Is it?
Thank you.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzuwNBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxBJA//UvHzk/0oNswv+zM7KxBeVSV43XomDN2vuezJyE0Lq9t+M1ykht88wDOp
kq5BXN60CNWd8F95DiHjrmeErTNCkGPjNI8IWxh5N6rDCDwyOO0kD0p/xlXdxvU4
L3KEb+wRdxI0/BMjJEgPi9Cfrjn9kgWYYoTcbJqDQMdN+PlZy6rA4xcMk2gIoUN3
MiONCJ0b5bfmohAW5YIUsMLq3nG929gKn8VujsMRjZ9jNeHehgxtViZi9rpLiUbT
N+lNXJ5Y/JT1Qu/oTXu1iAQDnJcX98GA9fubna8swBma90sykTgKAz93qf5H5oKI
vjtthK9nIjVSKo+fuvAHUVUPvEK22NweX5DV7AacWo2su6J7onsVO3V29Bfqn5ia
+T3fhqL88nN2VRyHp9TrXH33T6cpznAYhI8ITkknMxQeVCKjpPrF6r/35mMbFaZ8
AV6F2IpJKIqRD8DFsweqqYYXAwP6WdrCxmeDSxFxVeALDZ4IIalJqX+L1yL9zRUD
j+yxfM+NjW1wEjcoL6rM0+vqZzqqMZ8VqAZNACvVWtQPHb6E/HYZHjzLyIAHhIph
u9FcoFrxRFmdDoUCoEZB4jjV904YDxQ6BsJxHe+L0FvjXgoH/MTh3IGwKiqEQJ2k
guzvaFJefahJT//u5U8nxsa1DlaowrT2Zme5x/C7paX/5aYYNhM=
=4Z6K
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d7cae21a-e357-b4cf-5b19-0dcccaeb663e%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] X230 vs Purism - real world attack probability

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



taii...@gmx.com:
> On 05/21/2019 09:52 AM, scurge1tl wrote:
>> I have a question related to the decision about what laptop is
>> the better option for Qubes usage, from the security point of
>> view, in the real world.
>> 
>> The question is related to the IME on Intel, PSP on AMD and
>> other Hardware holes. I took these laptop examples to sample the
>> differences somehow.
>> 
>> Pose the non-existent micro controllers updates, like in case of
>> X230 with IME disabled and corebooted, which doesn't but get
>> these updates anymore,
> 
> What updates? who told you that? What micro controllers?

I heard that many times during discussions. I am not a programmer so I
have to rely on others to evaluate the situation.

> 
>> higher risk than only partial disabling of the IME by Purism 
>> which still but gets the micro controllers updates? Or is it a
>> vice versa?
>> 
>> If I would like to have a strong security position, in case of
>> the laptop Hardware with Qubes, and would decide in between the
>> two, which variant will be more prone to the real world attacks?
>> What attack vectors are available in both cases? For example, is
>> one of the cases more resistant to the remote exploitation. Is
>> one of the options forcing an attacker more to execute an attack
>> with physical access than the other option?
>> 
> 
> pur.company is junk, they are an incredibly dishonest company that
> sells "coreboot open firmware librem" machines that have a hw init
> process that is entirely performed via the Intel FSP binary blob.
> 
> The x230 is far more free than anything pur.company could sell
> you, freeing intel fsp won't happen due to how difficult it would
> be without documentation and how long it would take and it is both
> impossible and illegal to free Intel ME.
> 
> Illegal? Yes - ME/PSP is a DRM mechanism and bypassing them is
> illegal in the usa where they are based.
> 
> But since the 230 still has an ME abit more nerfed than the
> purijunk you should get a G505S which has no ME/PSP and is the most
> free laptop option.

You mention G505S. Can it run Qubes without issues?

> 
> Pur.junk = me kernel+init code run (not disabled), HW init 100%
> blobbed - performed via Intel FSP X230 = me init code runs (not
> disabled), HW init is open source G505S = No ME/PSP, CPU/RAM hw
> init is open source, graphics/power mgmt requires blob but IOMMU
> prevents them from messing with stuff. - the most free

Can the G505S be bought in the setup you mentioned, with CPU/RAM HW
init opensource and so on, or it is needed to hack it myself?
What is the performance of the X230 versus G505S? Seems that X230 and
G505S have 1366x768. Is there full HD option? Can the Ram be upgraded
to 16GB on both?

> 
> pur.company lies by claiming their ME is "disabled" when the kernel
> and init code still run.
> 
> 
> I don't want to say their name as they send someone out of the
> woodwork to defend them and waste my time every time someone
> mentions them in a negative light they go and start claiming that
> they are "doing their best" - whereas various other much newer
> companies are actually selling owner controlled libre firmware
> trustworthy general computing hardware proving their claims of
> "doing our best" to be bullshit.
> 
> If you want more info see my other posts as I have made many of
> them re: pur.company or laptop/desktop/workstation selections.
> 
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztYvBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uy78A/+N+BL/lLBodnYBR7yfrOisHvUtxMacQ2A/m6+4OAsZSRyGVN+qxSOg269
LZgxwZfaJuWZuuhPGuLftY7j7Vz4zopgPjlcVQ0UR01HD9jx16lXD3E2mvGxxuSr
gwOY1FlrknV15qFl/V1HvGXKXpqOCKOyPUjdjSyGpB8kc0lvjAaC1KDj09G6CzXF
scp98rOLFYbvIairEfWuiIvwjTmfwyTxNQRrG7hYomiE5EzDslPT4Owpoky9RGzj
T3ICHJq2pq/8GqgnX7DarxkPRlKt7VNMg6ZdfoCkeN+zqty0T2WMvre77kgAlykQ
HMh+hdkrGztFapM1lA1PBifxNhznxDcsICEzl5khPyey3sZYkA1HVZ37Z+SVMYyB
XtbFc+vFx8l0uEhyXlJkotgxg+1liguReK3KCn1t75CpUsiVrQI2dtxC7Ns3SjmI
H/Hlg30Ju4KV9emb0icNHwtv9HhE9huOnFzKS3KjGHTn+GrS0ubzQXfvRmfrAFbC
Kwz6OYQP6VsX4FwJek6UwS+rfTyHi50Uef/QvxKqN3OyukonVfGFzB+l7EWZthpd
U63IdtVD0dcHag27qh65ayPXwTTLLHxpa+52eHxnxI+19u2RT5XErhdEDBzL9UDC
kghFEw/Rmt1sGaG93+vRRVFpyph1JWnyyQEbnji/FAx72ALv754=
=YmLb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a16d0794-a892-0a75-16f9-6bf20aa2fb29%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Updating Fedora-template

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



josefh.maier via qubes-users:
> Hello forum. I am new to Qubes and Fedora... is there an equivalent
> to the Debian 'apt-get update upgrade' ? Thank's a lot for your
> feedback!
> 
> Joe
> 

apt-get of debian is equal to dnf in fedora

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztVaVfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UxgJA//SfVfi/QgI4lz6BWRuHTzc1QuQVpT4hLpNQdOHmpFWw19toHVu4Lrq+Jp
GQzUhfDBjcv98fpXJFzSoHhqDqbvwkJNIyG0JQRV95XxoaBPlW3HiZ9FBbIW0GHY
LtsbXXrefI5OLC9O4E8QPUoPatBRvIpJkDxOjwp+9b5AsOnGMA3p5Q2D6eOkqYkQ
xAQKUdms2pwbYXIyAMzbXUJQlFMdm9seH2++RLL0MjbaMI6IO/8iq4GtpyFYabhy
2k1v/be1KQeYYioFI9bkL+ukD0T0RxCq9P54v33a91qJyPPs9HQZxzMeXBXhn5QQ
mqeR6nlW00rBUk9/syudJYIRbzVD7iD0knDWgKmgyXFqrPEfzXzM5GJl8HsLtSQ9
dGXut6XWUZwWwQyTAu5g3u74+feJ1M/ppL981/aQpM+TlSJ1M+s63n+TZVGddHuB
NFCEzk85sz/SUvfWA7VqrKO5sU36PkTBhdFvHwtTXIWLN7DV/ptulImi0yGKkZTU
SX6WGHkheQQgWI3rmCxfHTT8axWXEtXRxoNUUH868otN6BHee0FVhPPTWqxOqiBB
0mT8UABm0VTryFkKzvpanrYL9Ddm4POTzsJOFG08U/MCh0apFwHCGfoihfVA1iE9
y839ExqvoFXJHS2YAoXE2XFg0AS4DmqQlOl+JwHDREBLhy9o9ds=
=MGnb
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/594ed318-d404-0445-4adc-d7277e250d85%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Is it safe to update dom0 now?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> 


> 
> 'awokd' via qubes-users:
>>>> scurge1tl:
>>>>> I am reading the threads related to the issues with the 
>>>>> dom0 update. Do I understand it properly that now it is 
>>>>> safe to update the dom0 and the mentioned issues are not 
>>>>> spawning anymore?
>>>>> 
>>>>> Should I better backup my qubes before proceeding to the 
>>>>> USB?
>>>> 
>>>> Yes, the newer branch of kernel has been temporarily pulled 
>>>> from updates. It is still a good idea to do a backup before 
>>>> major updates.
>>>> 
> 
> 
> 
> How would one know if an update is a major one? Or you mean every 
> dom0 update should be considered to be major?
> 
> 
> Kernel updates and/or Xen updates for dom0 are considered major.
> 
> Basically, you should update all other qubes as you normally
> would, but when it says there are dom0 updates, check them out
> first.
> 
>> From Qubes Manager:
> 
> dom0 -> Upgrade qube
> 
> It will download updates, but before installing, will show you
> what they are, and ask if you want to install.  If you see kernel
> and/or xen updates, it's always a good idea of cancelling the
> update, and do a backup first.  And check here for problems too.
> 


Is it a good practice to backup the Templates as well? It is a bit
large, but I guess if I would like to restore the qubes from backup, I
will need to have the templates installed to make it successful,
right? Or is it enough to backup the important VMs only?


-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztPj1fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzA4RAAkHhfH8OhsxNa2OKpdgwM3//zAePxInV4tK3hknm54czDRP9jnZwXLnyS
E6ni8pneWu+3pja16o97ivr1gzJiz7lY+TmMH+uyAs8xUKQytl9qaTlw6B89jg8r
3C3i495QrHGRerWS9rD5B3l47Ukhc/wS+oEBTwgdWpm2KB0pz0I6QI2Oc+zPruGQ
QTK3QwCBAfX6QxOW5pJhHFG0wj49xuhdbseSfia0MjhobNSEsMJgPAAVs5ABvm27
BM/2g5xU5RvfP6iToh5htLfWQflSzwxmpNXVY+OFyGunPTj80zAW7iTtI7BIi+KN
0Y8jIkw8Gopxrc4qa9y5uZNXtmAZmbIify35/Bglms+DW5+wFOhxNUfSpsq9YkFt
f5nyxa0qpnb81CzWRlmoiOqZuA3sLg1ACs4TEhw3tIsqaOmqn+xgI6SNkycNCrRG
xOEHQTWe9iZA6aWtX7nnAElcqljZCVdmiMNyM1K2MqtfH7EQ+P4DRO0nNe/KY3NN
QCZizlY1uvHyoVqoOpoMaOmVpefg3qpshDLt6gu02TJNm3JRd1wwY7RcLqvp5PoF
1+5r+TTsf2ncPIXUsYJJ/Fka7i3Rmr3R9ofyRUsRL6gr+0iRvgU1ZdsDEXgY1RHs
OqOyyxotG6NTnP7SQQJi08HOJWgANIqVeqQzDA74Zm+vKXyrTvA=
=47bF
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e68dcedf-49c7-9342-be2e-120a0a2cbebb%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Is it safe to update dom0 now?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> 

> 
> 'awokd' via qubes-users:
>>>> scurge1tl:
>>>>> I am reading the threads related to the issues with the
>>>>> dom0 update. Do I understand it properly that now it is
>>>>> safe to update the dom0 and the mentioned issues are not
>>>>> spawning anymore?
>>>>> 
>>>>> Should I better backup my qubes before proceeding to the
>>>>> USB?
>>>> 
>>>> Yes, the newer branch of kernel has been temporarily pulled
>>>> from updates. It is still a good idea to do a backup before
>>>> major updates.
>>>> 
> 
> 
> 
> How would one know if an update is a major one? Or you mean every
> dom0 update should be considered to be major?
> 
> 
> Kernel updates and/or Xen updates for dom0 are considered major.
> 
> Basically, you should update all other qubes as you normally would,
> but when it says there are dom0 updates, check them out first.
> 
>> From Qubes Manager:
> 
> dom0 -> Upgrade qube
> 
> It will download updates, but before installing, will show you what
> they are, and ask if you want to install.  If you see kernel and/or
> xen updates, it's always a good idea of cancelling the update, and
> do a backup first.  And check here for problems too.
> 

Thank you, clear enough!

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsJJBfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UyDehAAiIfRbAGpqFwJF8kjzk9A/D467Lb70zwh+susEQnHWmFaa1w3qnUgZh8k
m8oM63NqcrdQVKJsvHfuZyFwHKncBf1wrG95MlfEG8vGq/pq0ezyz9HGwwt1ba9M
mp8nKZTCJ03C8EHGEovDIqYHbjppESa4U3m0MOt7CsdDVlsVrudYpwpENXJWoN5w
J3e/eW11NPEyxXQCFAZYOkZZ7Lp0atBgj3s9LWb/FmlEUXSBtz62/uBg4wYlU2UI
kfNwKLbZy1fctZD9jEYVddO3CVwqSZz9fPCruZL28VA3sdXW2Li/T0+LsbcwfFb6
6eNf8YSK4VB0hoJzLwjpvJ5qKAd/dxlhe3PYwTJSbBefF7CbI5IJpaIXguLcx0Mu
JfRlGNE7VazPXHWnrnaDIXUaQo9aNBGVs1WesLhMlHkLLb9rPXn2Nai827I8yjtD
9+TOh8gfo2o6D2FYs9x5yRh2mhAHstseTIl1I8hj0DyrhKxXqQoa+2hwFEFcImrm
IJ+LmIMBiy4Br6Tghbl6WMH3Spsz8IemDtvriey5mm/+DaxL28zDWmWZHaKpKo01
4EQ1Dv11YXSHD3uX1QwqrAxm0e5YfDpHhFDYBCx7vjgDPpCqc5YjM3lp+DqaqADk
Cy/589q76YJMJ8kYMBcWUmVe3e11QGV9BhDi9aX/yqw4JadNVIg=
=z281
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d4f81417-dc21-5628-1e89-54b1847f3cc8%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] sys-usb not showing up for attached USB

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

> I attach my USB key I use for the backup of my USB port. It gets 
> recognized as Device available. But when I want to attach it to my
>  running sys-usb, it doesn't give me the option.
> 
> I tried to create a new AppVM, and it shows me the option to attach
> it, but after I try to attach it to the new AppVM, it doesn't
> attach.
> 
> I use the icon Qubes Devices in my panel. My internal microphone 
> has the option to attach to sys-usb easily and is working.
> 
> 

Sorry, the first sentence should look like that:

I attach my USB key I use for the backup of *my Qubes to my laptop's*
USB port.


-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsJAJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uyucg//eiEx+WaAtkOA23HeA0ViDkDqFXzieHntx3ffcoTPNpiPxPKj8jlZFmhh
MQm5tqIInUV0yYIZ6N4xfaI6o2XgBFwtT3mP1aMYxCu6TLg0xAI1FYU9xZlDTbiU
2AVtgbUwuLFAkqP+i8uiIy9tdVwwYcJRQ1WaRjYRNxFrlDIDOg1PxWmDDWupEryb
qiXp4GpIngaop3lNF9x174hmPSlzj8r+rrJ53xKdlGrzTQbeidL2GeZd40hSYUuw
USkfAiWau2H6IPZNngMT5mTI2US1gv1V8hQcmZpcitIayQC0lh4HiJDPOg4TNqno
MbDEcEbodRd6RRAqae5K0jn7Zv9Doidu4uUGZqZ/ITyac5r6klRcno4Fci5V+DFU
XUO38vYnimROqnMvVfBVXZKcOR96KtTyHasoN5h5wFgZncC9LcgfNCu0dhSoG5Kd
dh2N0oWK46oue/yxoqMetmO66pzvZmxoTNkRDI8QFJ0ydUsWRZfqRavx2vSQFENZ
xtpQGpGcJxqunVfHEJ4odoXp9v4wjzv8LVaAfHzTcam1glyVuq6JXQAx7IQQaG3R
C+6a4daiOc1pdWTKvh4/drcHSZ5oE6lVCivqnaSExwGd0pYNY4oZ+F+UHMtpzOtq
hJcO2b0t9uoIxvmIXF6cJpK9OhAr5QoAN+8ijTLEsELpSjx863g=
=WdSA
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f23c60d1-8877-4c0c-7600-59dd2f3866fb%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] sys-usb not showing up for attached USB

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I attach my USB key I use for the backup of my USB port. It gets
recognized as Device available. But when I want to attach it to my
running sys-usb, it doesn't give me the option.

I tried to create a new AppVM, and it shows me the option to attach
it, but after I try to attach it to the new AppVM, it doesn't attach.

I use the icon Qubes Devices in my panel. My internal microphone has
the option to attach to sys-usb easily and is working.

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsIzJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uw6Lg//QDyu+VxIIeRw5fkuisnnIFozAWXJDWCoFnmQ5LsFj/j6n9fh6yDKt8dP
Yp2KybimO14wfauI6Lhvj+g+NF1ZGGd+c2v5C+jrWNdUMVEJBfo0OUb+SpyAZrtp
TuDohtlZfcHZXQHHhtEypd+XCknRqyHbRptmX5iEOUY3PINInjiK+vEEJV9BF7u+
P3YdOa0x6KGKqOTD1SOUw5rnDMMmXwq1t2I18psznAoJfON9XCz2kgZtpvDQWCzc
8B0ULwhBOwIUv2mRKjg1A4JVEWCdzJRoBA13PUySO7DmKgMf2IawMn1XrxCnScgy
YpGf9ASQzN+qFq2no7rE43d85skH6P+HpTSSGmH0ezGvaGzzWXf8Y84TzzL/URAo
j7uNGKwfklnzmGgEljeJH8/QRJYDWuPAMCbEBrcXN7AyxJmdA+TxoBFcIHqT1tu6
HvsLxMp7/nSL5Syg7il3dAIVUe2QqVsW1rHZBVPkt1N0aMfRAY1k74SjaAOgKNU9
APFqNNGIW+dPXuMmm0TzdYbJoUtqMXvII4OYCBNr+VA499JnvQNUzAIahfZlnVVU
SYqM5NV7aAwpKkZ8r1fW5r4Uq7XYQqDfTtwKVLNTv4Ql2X70c4WMjDjl2NUFDHrg
D7sWQay+RweMSfC+jMD0oSKvBs9uJftm9A21+6tAMw/zen4Ej5s=
=LGf5
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77ff063b-6c8c-2c94-6a0c-9ecc758defae%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Is it safe to update dom0 now?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'awokd' via qubes-users:
> scurge1tl:
>> I am reading the threads related to the issues with the dom0 
>> update. Do I understand it properly that now it is safe to
>> update the dom0 and the mentioned issues are not spawning
>> anymore?
>> 
>> Should I better backup my qubes before proceeding to the USB?
> 
> Yes, the newer branch of kernel has been temporarily pulled from 
> updates. It is still a good idea to do a backup before major 
> updates.
> 



How would one know if an update is a major one? Or you mean every dom0
update should be considered to be major?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsCRFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UwO7g//RVfE68n6LoxtvbkTYVEP8LAJepsDydMXlyX42honL9jHqwAWDFXozwiu
IYTvUswaTvAFef1na1bguI0EQxTw7jxXzOoIKKIxpOtABp51Oakn25CB8KUVAQBt
O62Uy/S6z50dPvLWRRzn/uKbtBZw5ywqdWP+qSSrEOVjIe3h6r++nZVFZa6gwn0j
Ms7Mcp7y3Q3pnO3wcgpJ9hHqpyv8+9al3IJylOiQ5vwFMMlMiz5sm5j1CX36epYz
v5nzth5jIETy9MiCUdPeFZcPzVRCyMxAvaLhFsZCtVAGIHVS3WPORuZT3EPaxIJ2
SfwetZE1A4R1OqqKEuEXegOGcq7sgoMSkb/b6GgPqzf09sjWoLJmwnU4vVM/cnza
T0GoAA8r2Y3U4t58vKH+vUAtTuLuD4k+PD1M1Ejy1CmEUfILRA7tEekxps9qqvbx
LMK2yI9nRCakiAUOBm8EjO7oxwXbnJ5DmVJf08hl7F7VpRhx31W+8gdaoR6rJhe/
KlzysRUjhyR+ta3aZDZqkl3LetHz21f85Ne9ut2JPM0l57NIEEGpBWRo8YP2ZtWk
qyX7biivo3IssM5dSl0dwU9XxP5tofDiyhDg01WIER0h356f9XboNvOitOfLhmQi
4VYznVl4+q0yTxBKkB44HfFXRc+Qd1JO3npD3tdEklHhkyD5AYU=
=WHiZ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/54c49bc5-2fdc-31df-68da-cde2223f5422%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

Re: [qubes-users] Qubes not updating

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



'awokd' via qubes-users:
> scurge1tl:
> 
>> http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.o
nion/r4.0/vm
>>
>>
>>
>> 
stretch InRelease
>> Err:7 
>> http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.o
nion/r4.0/vm
>>
>>
>>
>> 
stretch Release
>> Connection failed Reading package lists... Done E: The repository
>>  
>> 'http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.
onion/r4.0/vm
>>
>>
>>
>> 
stretch Release' does no longer have a Release file.
>> N: Updating from such a repository can't be done securely, and is
>> therefore disabled by default.
> 
> This means either the update location is temporarily unavailable, 
> or it is in the middle of being updated. Try again in an hour or 
> two.
> 

Thank you, I will check it.
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsCC9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uz9shAAjUPx5G8cLJIp9wlFzqem3CkVALOw/ppE2yC2DVzudedw/IBU0RaCamP5
lqCwDH9GN4SXvBRoKIsmvJNKcdoCYNRfcrmUv4020Ku2sVDocJaWjSXWWRiQrIMW
Vij3MDerh+VCsN+GKndIi0YoHGwoYJafAyb1z8mlW4KVQaYw/h+QsfLu2cvM52gL
U4x+PvrwmVCKSwRVRtXSJHb7ypM9IU1fbHscDXv3Zhaw3tRKZKhq1H9w3N9lmnBp
H6rXqJXHburZuJMQGXlFtqKty9/X9Q+PryoW6NDYgNsPgzAlDZVevIbiEhUd2Iqy
k8wFfAhdmJK3ArAIc88r2lP2Muap3vDRuWWQ1N2rRZ+PsC+6oY+DbX8uMUsQO9NW
UJjQVKm3G5Ma6N56XSI8CMURPKshAcK3wfaSSUBe5s9kqWqwvJ9MtBVwQ9VJ60oa
6OVJKVodR3L+Qz66R7J0m51D8de6K6YFBOVG63gAL3nm8iccmir1HlC2alM0rsy2
dY4bFbO98fCMyhEKalY5IL2ASjjfCu84uJm5rIe+XCi+2y/dUMfzNl5Rxf4nUEZ4
Qo1mM1XcW6XqFSs7W5DgvXoqLSZkqQ8dF476xoiCo03RvpQ0YxbO5EnbrWsDIQyE
AqRyTn/nZ34aFjwnvh1CPAVvWprShCMUdx9G3ZhMP0/cuaIeP4g=
=wdQ3
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8d386ab9-19a9-5641-b932-89167a9a0efe%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Qubes not updating

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I tried to update my templates and none of it updates (fedora 29,
debian 9 and whonix-ws and gw). I didn't change anything from few days
ago and now get this error:

user@debian-9:~$ sudo apt update
Ign:1 http://vwakviie2ienjx6t.onion/debian stretch InRelease
Hit:2 http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease
Hit:3 http://vwakviie2ienjx6t.onion/debian stretch-backports InRelease
Hit:4 http://vwakviie2ienjx6t.onion/debian stretch Release
Ign:6
http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm
stretch InRelease
Err:7
http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm
stretch Release
  Connection failed
Reading package lists... Done
E: The repository
'http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm
stretch Release' does no longer have a Release file.
N: Updating from such a repository can't be done securely, and is
therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user
configuration details.


It seems like the
http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion
is no more considered to be secure.
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsAfdfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzS3Q/+OMl7RD9SuRfmKdqoklv3gtASO386gOrJHX0PSbMDCK6a1owdLGjT6F69
cvIz8QMkzdmfOZKxHfTcA829q+8uhGBeT4PgkvIkBK2hNn7aArFyLk56pLCcCgpm
HOnGIbyjcj9FkMVG8JJNKFVeNKm876uhBd/XaitjoBjJK+iw35EdU13zZ1pjtlno
4Nl8VPN9oV5Uu1RB9JkvRxRnN9rCJ/KHMy6BpF15XXF9zXWIR6BZNjG4dfajNDq/
En5TcKGSb9MFkcMsmQ9E7Y89SjVYsIz1bav5Bwj2QwYZiVU+CKAJebmZzwU3pPM8
K+VdBHhCCdL6htJtMhGe+4r1SaK7oaOX/UQo2BwHdyJrG1CAwU0e5ZQYdaNQ7fZ1
y7FbNB8eYor8ziTqfBPeUsQwKzfFtfKMXxDlxGT88kDLF//p4t9AQGzlxSBDGgJ6
8vPg5+j8jWefD/ba53mDRznQ1y4bmy+li6Rif00zsgg4zfWIfmPmnjuXwh5P+Mjq
x7i6+RTMb0Kl/0C/rnf1WuaXfuBkQxvNyFl5TzQUm4Ae9S2Fo2Mogadnpsibd8G4
6IXDhYNy+nrCD9DQ0C4KJxO3asUWHla31+8P7uY97ZE75pUQ8z5sz5IOdbg3G/cR
4+ScpXYz4LD80oGAT3WNtKdEy9EUWTWxLbudmMzzGZzQj/KB1e8=
=XJB9
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31a52644-5121-ea2c-4825-719cb09fa54f%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] Is it safe to update dom0 now?

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I am reading the threads related to the issues with the dom0 update.
Do I understand it properly that now it is safe to update the dom0 and
the mentioned issues are not spawning anymore?

Should I better backup my qubes before proceeding to the USB?

Thank you.
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzr+O9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UySvhAAuIjh38RDUmTZOZN1aGaCrBEBhGpWgbDDmpAg9aRucHFu4T1NF4M+FsBH
TDJe7Rqo5w/8Uz986h7ysH5LS2aIbflrKtOJYlEzJuG1MC7+e3rcvvxEeIWuM7bK
g0E+hVfo8XQfOdd3pSazFCeigLyXFzn0+XZtLI6H/ArrWmYkB3o5hlL608KvBZdC
tpYtZ8BagXOqi2eTFmGKBug82i186xwG7gx0hzM32rs7F05vr27STuOWpanl2M03
AVxu8W3Ex02tpvbOBRYQjiltnntw/7p4gQrwjTNawteiUvFlPhxfFQmZPlvPUa1f
6Xs9Rr1Z9xqle/AZqlg0j4mdaOKKpzKX6NflIV7iF0B+yOcIltZslHxyPu9TMNfd
8xHnG6LvgRfo21rYHo8dHYpKCAg7kMtK+nzRDbO9XtZPP/Fm3pevznnLZ7hmit1Y
3xuGNvX9oKJuIOChSqBBPfLTNw4jxqFiFw0cKbEolcT754iFtPhInRP4gD1979Zl
3TiojxPiMq81AL9g13umDB26Yca1e0sgA1Y4lrSj7pbM7xDx7Fth99uVuwnPSP5a
XUAlGQlYa89CMv3sriWlnJqjX9g733zzqGlxjNGGvE5cgZILbKrkUXNnx7geddRc
JVsfS42GHN7JM2hIKq3YDsFSqBOKVx1QIZ3izL1JhWmKEXGz43M=
=1OEM
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c7dd670f-0fff-eee6-4b4c-79f7b6490765%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys

[qubes-users] X230 vs Purism - real world attack probability

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I have a question related to the decision about what laptop is the
better option for Qubes usage, from the security point of view, in the
real world.

The question is related to the IME on Intel, PSP on AMD and other
Hardware holes. I took these laptop examples to sample the differences
somehow.

Pose the non-existent micro controllers updates, like in case of X230
with IME disabled and corebooted, which doesn't but get these updates
anymore, higher risk than only partial disabling of the IME by Purism
which still but gets the micro controllers updates? Or is it a vice
versa?

If I would like to have a strong security position, in case of the
laptop Hardware with Qubes, and would decide in between the two, which
variant will be more prone to the real world attacks? What attack
vectors are available in both cases? For example, is one of the cases
more resistant to the remote exploitation. Is one of the options
forcing an attacker more to execute an attack with physical access
than the other option?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzkAp9fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6UzOVBAAvH7Wp+GJSrKoptNX5OEzxm9Q3FEkgVgnaZ57HlIH94TCy3Rc+kk+cR5m
DGghaSnhSOvOxEKgZXM1g6+KIAUUH1yNRfSKkmPQANjUgrhs65VsNd1miKOzkLmV
5INzHAtiOvTQFYuCaBkzIvuxPaHDqOyDyIOSVxgzeQOYJ7k4NgGWCES7hUHrp2f2
TmhSZwdWqaNo1n6YJZvLetKj8ZxqqJwg/T0GPzvmMHo9KGohx8mHWVPFsVsRFhgM
ObcvPRempjhLE4aZR6UVKoJOxf2M6VPYFzghejeFb7wh3ncha9c38dspWV4ALlIj
lC7K5fXFWH0t7TX0YreXWnxQgdMKuCBHY9KZFKXnHPDKg/X5QXJtduabY/ZhqU/g
6+rW8MSEE6PrhIjQWKU4Zvw3y58zKePqwCCgHOZwpguQ+uUr1ZFjyKVnjSKGlPgF
QnH9rHqMQY9FNTnYCSuD5hoXAifXQg7AZ2MlB83SkbekMRjf5XsSRGDQ29cewKG/
igDFRgH3UCe0dwwqHY3hzshxKkPCvqcmkQiyb+G8nYSVeaYuzilbC+q1MEZ1xQS/
0uhNJ8ysLk8CoQRKUCc18dctKUCWdmqicJlvoeliEovUK3rAY/Uy5q86z8Ad5A42
PNraTWlfOfQ2wegc+YEPv37341+LPXSbt2RzHOg9BAaRkvupFWk=
=N5BL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c2b8746e-a005-2086-aa05-12fb0ed41955%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys


0xC1F4E83AF470A4ED.asc.sig
Description: Binary data

[qubes-users] No gui on disk encryption

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

During boot operation where I am required to enter the disk password,
I dont get the gui password field, but I get terminal like field. I
have this issue for few weeks now, and I thought that after some dom0
updates it gets solved, but the issue remains.

Any ideas how to make it work as normal?

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzj/ipfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uwrbg//bjxiJdBvVwgf50MhTJDEnyuhF6D08gv/N6p5lxcvXxRAzTuidr2N4Rgw
L0v5+p5R0rpAPcWc6UVMWdkIDQOBbswj5xF7CGlVErCU4hghIY7DARnWquhKpO0h
T0PzdVpE8zKNZY68eF6IYKwYABQJ/Vm8a1DN1YnZ+8uvrYPblaZYxgQgaFzvA0p6
xW8FGdNcsNWA4SUd0d9PBGtYww4LJqpoV/217Xx5N9m4cms3tWOJIBPkKmAeJnax
8HfuX9n9FkAvRIxyLlg7UCCTe1C2Kq+JJTL4nK01J7aWDsT8BHcEBZqSEiZTjm0V
Z7HGm21QK4C9R7VUjziy5CYzWbW+GSkNJ29TCXVgLyS+FSRK91txv6FP0c2JeXw3
t9WT14fo+LcGZUYFUGLsi0FbDcouugAfZ04NdaZsALxSIvh8ec/0vj6VRfrvG3sA
PQj7Fa5iCm1YA4yxFduiTIXweCtbwIl2T2QjBXVXWoK5IyjfWNBmAD4a6N6+dnFM
rTDkEvdVDVn0nDV+tHaKZTN982BVJiXuS23nF5JleXUALUuXbB0anexw+Fj1GO6B
592WpNtHiC1oQZdvWPaSyBgXQ/pITsvLV2xENZqzqv9o3cAavPnejYOmFWUKnUEz
peGJYlSwthrv9qESn4lXiIDhAlPeF283PjnNOzUx5yKKtYoApnM=
=228f
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95d638bf-a57d-8362-1838-bf283e10d1af%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys


0xC1F4E83AF470A4ED.asc.sig
Description: Binary data

Re: [qubes-users] Global settings button stopped working on Qube Manager

[scurge1tl]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

I tried to go on through the menu but I get error:


Whoops. A critical error has occured. This is most likely a bug in
Qubes Global Settings application.

TypeError: setChecked(self, bool): argument 1 has unexpected type
'str'at line 248 of file global_settings.py.



'awokd' via qubes-users:
> scurge1tl:
>> The button Global settings, stopped working in my Qubes manager
>> window. Once I press the button, nothing happens. I run latest
>> Qubes 4. The issue appeared after latest dom0 update.
> 
> Have heard that's a known issue with a fix coming. Try it from the
> menus instead, or qubes-prefs in dom0 terminal.
> 
-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzZcm5fFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2
NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK
6Uw1FQ//fqpQdekZClD4TAOoqGLIxKhfLiQHqUUhjgx7Z/wwN7qqvX5QDYptuoTw
RKiJFdEg1vL0q7tN5DJTgvbVQ69Gz0DkV4hvi3asPhimZ2u9zAeRfrymW9NpweKZ
fE8ZzQrrGaoa1IpOREgSrUHt1zcdegr4Plc8NBi4nJWJ1dWGkpPvgJsXeE/ferK9
/uzRmlTUZU9w6ns3XV7QE15DFP1L3SJr1BWoykb6LcY+jFK0EL1uUF410syScURw
78AE9BgbIbiY2uH39m7VzGLC5ujqC/wPLCD36leQWcuLR87Pldmbsl+fh5C1IoPj
WfteFg36apWUIz5nKoYfx0cBVRGhovLMwfYlTDFDlgc9IkfKcqa0IpXpmo4ZkOPM
/z/q627IkqaWSUY1FeA66M3nMj5wq7FytxNgc3XiaA7CKUpnYZQ6mBD5GSfUj6OX
Zgx+eqVfrql0G6FvUHw2vXq0d435y12hxMiy/qA//xV0szI+bv0w0ysyRukXICuA
JNDVWHK5jLnI74Fd5JMiTSJs6TzRQTP8k243O6qVE47zKKOSEIB0Zv3SJ6F5rmQU
2536It/El5J1UQ9n+2xDXmpvXOICEh5UBy1WoZ6+GEn+WLCYC0HajUrg8h10Mecl
SvYcR9gfZzSS9P8Q4MiqI/iZN9HuJ+1Vq0K4nhK+Ov6bQt3SaY4=
=HISv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/31d64693-dde0-e182-710e-c905faccea32%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys


0xC1F4E83AF470A4ED.asc.sig
Description: Binary data

[qubes-users] Global settings button stopped working on Qube Manager

[scurge1tl]

The button Global settings, stopped working in my Qubes manager window.
Once I press the button, nothing happens. I run latest Qubes 4. The
issue appeared after latest dom0 update.

Any ideas welcome!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6d888751-3689-6dc9-d13f-382d54875f9b%40cock.li.
For more options, visit https://groups.google.com/d/optout.


0xC1F4E83AF470A4ED.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

[qubes-users] loula

[scurge1tl]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/322807a4-0570-4456-8b6d-5a68759ebaa1%40cock.li.
For more options, visit https://groups.google.com/d/optout.