Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN
Chris Laprise: > On 3/29/20 5:16 AM, scurge1tl wrote: >> >> >> Chris Laprise: >>> On 3/27/20 5:02 AM, scurge1tl wrote: >> >>>> >>>> Hello all, >>>> >>>> I would like to ask about proper setting of AppVM flow if using >>>> Mullvad VPN. I would like to connect to the clearnet following way: Me >>>> - -> Tor -> VPN -> clearnet. >>>> >>>> When setting up mullvad in their web page, I set the parameters for >>>> download here https://mullvad.net/en/download/openvpn-config/ in a >>>> following way: >>>> - - All countries (so that I can change my exit country as needed) >>>> - - Port -> TCP 443 (Tor doesn't use UDP, right?) >>>> - - tick Use IP addresses >>> >>> Using TCP 443 for the connection helps only if you are running the VPN >>> on top of Tor. With Tor on top of VPN, you're probably better off >>> with UDP. >> >> Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go >> with UDP mullvad settings? Just to clear the "on top of". > > To make it less ambiguous: > > AppVM -> sys-whonix -> sys-vpn -> sys-net > > The above connection is Tor on top of (or inside of) VPN, so UDP can be > used for the VPN. If sys-whonix and sys-vpn places were reversed, then > VPN should switch to TCP mode. > > An easy way to remember this is that the sys-* VM attached to the AppVM > is the one the service sees on the other end. > >> >>> >>>> >>>> To set the Mullvad VPN AppVM, I followed this guide from micahflee >>>> https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with >>>> mullvad is vpn-mullvad. All works fine and connects to the network. >>>> >>>> How should I connect Me -> Tor -> VPN -> clearnet? Am I right with >>>> this setup (I didn't launch it yet): anon-whonix -> sys-whonix -> >>>> vpn-mullvad -> sys-firewall, or I should use different setup? >>> >>> Whonix has a guide that examines the issues of combining Tor and a VPN. >>> However, I think its better as a 'what-if/why' guide than a Howto... >>> >>> https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor >> >> Thank you I will check it. >> >>> >>>> >>>> Are there any other steps to follow to prevent leaks? >>> >>> Yes. >>> >>> The Qubes-vpn-support project is much easier to setup and should work >>> more smoothly, in addition to providing better protection against leaks: >>> >>> https://github.com/tasket/Qubes-vpn-support >>> >>> There is also a VPN setup guide on the Qubes doc page (this is the one >>> the Whonix page links to). FWIW, I wrote the scripts for both but the >>> idea for Qubes-vpn-support was to automate the setup and improve the >>> connection handling of Openvpn so re-connection doesn't take 5 minutes. >>> It also checks the firewall to make sure leak prevention is in place >>> before initiating connections. >> >> I will try to set the additional AppVM for this and try this guide. What >> would be the linking of the AppVMs, if I would like to go Me -> Tor -> >> VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM >> -> sys-firewall ? >> >> Also I would like to use different exit countries of choice, so I >> downloaded all countries from mullvad. Is there any simple way to switch >> countries with this VPN settings? > > There is no GUI way to do it when using the Qubes scripts. However, if > you use the Network Manager method on the Qubes vpn howto, then you can > import multiple configs (and cross your fingers that they can make > connections :) ). > > For a non-GUI solution, you could create a small script that lets you > choose which ovpn config to use, and 'cp' or 'ln' that choice to the > config filename that the scripts use (then restart the vpn). Some people > have used simple random selection without a prompt, like 'ln -s $( ls > *ovpn | shuf | head -n1 ) vpn-client.conf'. > >> Sorry for noob questions, I am new to the VPN stuff, just used Tor only >> till now, but I need to use tor-unfriendly services from time to time >> and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't >> work in qubes-whonix and I therefore can't select exit country easily if >> I need to. So I need to have the VPN countr
Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN
Chris Laprise: > On 3/29/20 5:16 AM, scurge1tl wrote: >> >> >> Chris Laprise: >>> On 3/27/20 5:02 AM, scurge1tl wrote: >> >>>> >>>> Hello all, >>>> >>>> I would like to ask about proper setting of AppVM flow if using >>>> Mullvad VPN. I would like to connect to the clearnet following way: Me >>>> - -> Tor -> VPN -> clearnet. >>>> >>>> When setting up mullvad in their web page, I set the parameters for >>>> download here https://mullvad.net/en/download/openvpn-config/ in a >>>> following way: >>>> - - All countries (so that I can change my exit country as needed) >>>> - - Port -> TCP 443 (Tor doesn't use UDP, right?) >>>> - - tick Use IP addresses >>> >>> Using TCP 443 for the connection helps only if you are running the VPN >>> on top of Tor. With Tor on top of VPN, you're probably better off >>> with UDP. >> >> Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go >> with UDP mullvad settings? Just to clear the "on top of". > > To make it less ambiguous: > > AppVM -> sys-whonix -> sys-vpn -> sys-net > > The above connection is Tor on top of (or inside of) VPN, so UDP can be > used for the VPN. If sys-whonix and sys-vpn places were reversed, then > VPN should switch to TCP mode. > > An easy way to remember this is that the sys-* VM attached to the AppVM > is the one the service sees on the other end. > >> >>> >>>> >>>> To set the Mullvad VPN AppVM, I followed this guide from micahflee >>>> https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with >>>> mullvad is vpn-mullvad. All works fine and connects to the network. >>>> >>>> How should I connect Me -> Tor -> VPN -> clearnet? Am I right with >>>> this setup (I didn't launch it yet): anon-whonix -> sys-whonix -> >>>> vpn-mullvad -> sys-firewall, or I should use different setup? >>> >>> Whonix has a guide that examines the issues of combining Tor and a VPN. >>> However, I think its better as a 'what-if/why' guide than a Howto... >>> >>> https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor >> >> Thank you I will check it. >> >>> >>>> >>>> Are there any other steps to follow to prevent leaks? >>> >>> Yes. >>> >>> The Qubes-vpn-support project is much easier to setup and should work >>> more smoothly, in addition to providing better protection against leaks: >>> >>> https://github.com/tasket/Qubes-vpn-support >>> >>> There is also a VPN setup guide on the Qubes doc page (this is the one >>> the Whonix page links to). FWIW, I wrote the scripts for both but the >>> idea for Qubes-vpn-support was to automate the setup and improve the >>> connection handling of Openvpn so re-connection doesn't take 5 minutes. >>> It also checks the firewall to make sure leak prevention is in place >>> before initiating connections. >> >> I will try to set the additional AppVM for this and try this guide. What >> would be the linking of the AppVMs, if I would like to go Me -> Tor -> >> VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM >> -> sys-firewall ? >> >> Also I would like to use different exit countries of choice, so I >> downloaded all countries from mullvad. Is there any simple way to switch >> countries with this VPN settings? > > There is no GUI way to do it when using the Qubes scripts. However, if > you use the Network Manager method on the Qubes vpn howto, then you can > import multiple configs (and cross your fingers that they can make > connections :) ). > > For a non-GUI solution, you could create a small script that lets you > choose which ovpn config to use, and 'cp' or 'ln' that choice to the > config filename that the scripts use (then restart the vpn). Some people > have used simple random selection without a prompt, like 'ln -s $( ls > *ovpn | shuf | head -n1 ) vpn-client.conf'. > >> Sorry for noob questions, I am new to the VPN stuff, just used Tor only >> till now, but I need to use tor-unfriendly services from time to time >> and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't >> work in qubes-whonix and I therefore can't select exit country easily if >> I need to. So I need to have the VPN country
Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN
Chris Laprise: > On 3/27/20 5:02 AM, scurge1tl wrote: >> >> Hello all, >> >> I would like to ask about proper setting of AppVM flow if using >> Mullvad VPN. I would like to connect to the clearnet following way: Me >> - -> Tor -> VPN -> clearnet. >> >> When setting up mullvad in their web page, I set the parameters for >> download here https://mullvad.net/en/download/openvpn-config/ in a >> following way: >> - - All countries (so that I can change my exit country as needed) >> - - Port -> TCP 443 (Tor doesn't use UDP, right?) >> - - tick Use IP addresses > > Using TCP 443 for the connection helps only if you are running the VPN > on top of Tor. With Tor on top of VPN, you're probably better off with UDP. Would this mean, if I plan to go with Me -> Tor -> VPN -> clarnet, to go with UDP mullvad settings? Just to clear the "on top of". > >> >> To set the Mullvad VPN AppVM, I followed this guide from micahflee >> https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with >> mullvad is vpn-mullvad. All works fine and connects to the network. >> >> How should I connect Me -> Tor -> VPN -> clearnet? Am I right with >> this setup (I didn't launch it yet): anon-whonix -> sys-whonix -> >> vpn-mullvad -> sys-firewall, or I should use different setup? > > Whonix has a guide that examines the issues of combining Tor and a VPN. > However, I think its better as a 'what-if/why' guide than a Howto... > > https://www.whonix.org/wiki/Tunnels/Connecting_to_a_VPN_before_Tor Thank you I will check it. > >> >> Are there any other steps to follow to prevent leaks? > > Yes. > > The Qubes-vpn-support project is much easier to setup and should work > more smoothly, in addition to providing better protection against leaks: > > https://github.com/tasket/Qubes-vpn-support > > There is also a VPN setup guide on the Qubes doc page (this is the one > the Whonix page links to). FWIW, I wrote the scripts for both but the > idea for Qubes-vpn-support was to automate the setup and improve the > connection handling of Openvpn so re-connection doesn't take 5 minutes. > It also checks the firewall to make sure leak prevention is in place > before initiating connections. I will try to set the additional AppVM for this and try this guide. What would be the linking of the AppVMs, if I would like to go Me -> Tor -> VPN -> clearnet? Is it like anon-whonix -> sys-whonix -> mullvad-AppVM -> sys-firewall ? Also I would like to use different exit countries of choice, so I downloaded all countries from mullvad. Is there any simple way to switch countries with this VPN settings? Sorry for noob questions, I am new to the VPN stuff, just used Tor only till now, but I need to use tor-unfriendly services from time to time and even if it were tor-friendly, ExitNodes {xx} StrictNodes 1 doesn't work in qubes-whonix and I therefore can't select exit country easily if I need to. So I need to have the VPN country as a strict exit. > Thank you and I will let you know if it works! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e36a80c7-d1db-b533-3ef7-d45cde0acb75%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Backup/Restore issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Claudio Chinicz: > Hi, > > I've created an oathtool AppVM following instructions from here: > https://www.qubes-os.org/doc/multifactor-authentication/ > > On the Fedora-30-minimal template I've also installed Nautilus file > manager and Gedit to easy my process of token creation. > > I tested it and it worked as designed. Then I want to test > backup/recovery before I would rely on this to store my tokens. > > To my surprise, when I restored the OTP VM together with it's > template the applications (file manager and text editor) did not > show up as available applications. > > I had to open a terminal on the template and run again dnf install. > Although they were not installed again (because they were present > when I backed up), after running dnf install Qubes "remembered" > they were there as if were notified just then. > > Did I miss something when I backed up? Or is this behaviour > expected? > > Thanks > Are you sure you installed the oathtool and other apps in the Fedora-30 template and not in the AppVM? Once you install the packages in the Fedora-30 template, shutdown the template. Once the template is switched off, start the AppVM based on Fedora-30 and you should see the packages available (in all Fedora-30 AppVMs based on that template). -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl5972JfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uwriw//TMeDqlPrldYqR/QJa023S19h3LQy0seMqKToFR++YKMJAPg4PP917hJd Ar468AzKTLcP4+UmJd6RXvzMBrMdgJD/NBOXap2mgFUrMrG7CICRSzsJ+hSS8Ze4 +owUQXIWNiTbiNlMii0IBQhpOdRbWa0RG9ocsUabBDZi5IPs0w19MGfelRkHU94Z JjoH3boRgPk2QhzVGh25e5uT2WzLnXSBJRt7IyNdvxJ62BZMdgVDWjKS5nYzoZ6+ swjPjsZyLxkIHeePseGcC1r9FDekIwOhib5Mkak2Dk/WCfNsR7vUpgJ6e/XgTxSH LBC1ul41+eefJ+UWzYs2Xw9giwHCtK7pEWE+elnjoRRRhFNdv2asQogUxiVmYt9g xMivKaNmjhQyV+YQd728mPT9ltnlJvYuJaHwdACeof92AiMt053PApFv5U8HhWMZ JKW/gUymrNsdVpTv3q7+ZFxF3qOfwt3y5Op67dzZ98PHUrum6Rw8G0KtA9y+ZVK9 cxYsgwLfO+xlB36PM+T5notXPTWaa9plP/f0R1JeWsO+WOQMa7f1JFuAkn/gBEzX VhjA1qoVoq7Ge0DHtqJsylyvdoxEq0vaazzrYh8Iori6KgSEp8Msq3b5wPbIQB7Q cCvojwHqrWTBW0NCvoKVWpa4Uv4RSjXJJNwCREsYb8Oco90xYtQ= =BWBq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/389c65e9-22ef-15c4-dfa5-0c7c7f4a2ba6%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hello all, I would like to ask about proper setting of AppVM flow if using Mullvad VPN. I would like to connect to the clearnet following way: Me - -> Tor -> VPN -> clearnet. When setting up mullvad in their web page, I set the parameters for download here https://mullvad.net/en/download/openvpn-config/ in a following way: - - All countries (so that I can change my exit country as needed) - - Port -> TCP 443 (Tor doesn't use UDP, right?) - - tick Use IP addresses To set the Mullvad VPN AppVM, I followed this guide from micahflee https://micahflee.com/2019/11/using-mullvad-in-qubes/ The AppVM with mullvad is vpn-mullvad. All works fine and connects to the network. How should I connect Me -> Tor -> VPN -> clearnet? Am I right with this setup (I didn't launch it yet): anon-whonix -> sys-whonix -> vpn-mullvad -> sys-firewall, or I should use different setup? Are there any other steps to follow to prevent leaks? This setup should serve me to connect to the services that are not Tor unfriendly from a country of my choice, and remain anonymous. Thank you all for your support! p.s. micahflee doesn't mention any need to install the OpenVPN in his guide. Should I install it or is it intended to work without it? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl59wTJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UwiXhAAivlJwfkjYv9ZQUQqEeYeQ+NsmrvpnETawv18blPjGJgNF6LTlfEwsr+L S7liZfi9cdT3FfCMPBbl9mdESoFOhIubbru30cos4UGUHUzoCV6U0t/rVAYblugb DhXAjGQk47VVcMmmUnhnY5Q7gm1DCpYb/yW9AUJPWrZWfhyK6CH58Zec892Q5iL2 FgHQo2yuJVxDVX4U/ZOWrWE3dmaxU8trfcw1VMtJDEEcKi33M4toHexsF34IwgKl q/dNNhbtaPw/2ONmoTCmRElLCbShuiZDUEnQ+fg7fEkqraOlTYq/5LnLh0dTu57b HcS1CQ7vwBErDr8ufoQpmTK9/4HEww6V4LLSZp/6QQoaej5nT/NNrMZ4iKOMjpuW +hmnVLwVj3sKAmeOLOaLTW8LHgLOkMH0xohU06ZeNcvoQcfrK/Kw4J/JWZMoERtq 4kbHzmjDs50ZUpWGUppX/CsP/e9MCNO3uUcEGSRa3/NQEKPbUM/qzQFZe0bp9UOr odoxUgWadY3hiKA2DXmhtY/+4k/ugpR6HdXRLuUrlDoysGsNU7VbGMj7Mpy/yhRQ REr1h60jH6ZSZLRRK8EJkvY9kjhH6jIYyRikeB1mkbidDoi0ENCbB7UdLFzXqTlE TU0eF9MVjCvdTY6XOJ5w6JgZo+DGMpfLt1ZlFGd4PpLrZXzaEiI= =5OS5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d30b6b6-e140-8584-3e77-dedcb668da55%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Privacy Screen. How to
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Catacombs: > I have just installed Qubes on a Lenovo X230 with original Intel > WiFi. I go McDonalds to try to use public WiFi. I power up. I get > A box to start Tor connection. Which I am pretty sure will not > work. I cancel. I start Debian 10 Firefox. After awhile I get a > cherry red connection icon on the upper right side of screen. It > shows connections available. I choose McDs. McDs has a privacy > screen. Harden wall. A button. Click here to use internet. > Usually. Nothing comes up in browser to allow me to get through > this. > > > By comparison. If I start Tails Linux. I can start untrusted > browser. Get it to initiate internet contact by typing in > 1.1.1.1. And untrusted browser will bring up web page with login > button to click on. After starting connection to intermet. I turn > off untrusted browser and start tor browser. > > > Right now I have very limited time to test what might work as I > only have few minutes sitting in my car outside McDs. I do have > an iPhone. But my searches have not brought up anything that tells > me how to solve a problem. > > Thanks for any help. > Fresh install of qubes creates few DVMs. If I remember properly, one is based on a Fedora template and one is based on Whonix template. Mine is already adjusted so I don't remember what is the preset. For this case, - - open the Firefox in the Fedora-30-dvm and connect directly to the clearnet like you usually do in Tails with unsafe browser. - - open Tor Browser in the whonix-15-dvm and try IP Check if all works well (it should). Some of such connections like the one at McDs also have time limit for connection, like 2 hours. If you used to use Tails, you will most probably like to have your MAC address anonymized in Qubes too, as per this guide http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/do c/anonymizing-your-mac-address/ Based on your MAC changer settings, you can just restart the connection or sys- VMs and appear like a new user to continue your work. If you are limited by time in the parking place you should most probably consider to use something like this: https://www.thinkpenguin.com/gnu-linux/penguin-wireless-n-usb-adapter-w- external-antenna-gnu-linux-tpe-n150usbl to increase the range of your wifi card and limit your exposure to the place where you connect to the net. With 9dBi antenna you can get to about 800m range and add an another level to your anonymity. Fly safe! Let us know if it works for you. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl58m6ZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzBTQ//WORq9faLpn/vy49OHREUbFUVNyzcX098rA17HnTosfUGGsvZZqSpDLXO Sv8kNzSSv2lJbg83IAUogF68NcZFM5Vcm0J3RX89EJa8ipm0VwmDnGHn7Qb30LE/ nuudKaddivCjjLH6OF29hdvgvDcgBtWlAtWuIGHblvJ5iZnE/J6dvDDkfEnt9UPW uD6PqeqZ7Kd5045iyYT1iD/Q1hjhx0VrqykJFjUKFIi6W+0VKlKCj/yKOSh/YcR6 tEJtTLceJ5T/luxagbnX1xjA+dRp6vaxlriuSSFzPa7720dx6VQheyGC3/oXUDL/ je6fwAav3VmIbhFGoEYT0PTms7k7I2s0IS1Oai2cxD+QrI6BBSc3TKFddWYOb33/ A1hDj56ihOIT02IZO1KyIgYN41WF+apBwJuW97ocHTRieQJOfHVB9BVir3UktQvM R825E57iJkxouJmEGFpJSCjWD8jxIePsrNcRO+owZwdPMLkjLYndZFymaLIh1QXq cI/BpSy28t5qpNZSdhBoQubAu9yRAUYUVlXlIWNY7HRilbeSl5buz1rIlZYUQFH6 tWSzJ6AGJSuG9GseofKQxbMMkEAjqETNLaFCCgHYcBnBDJn77wAPn5+ZEttiz70g xJ9OQRRf2s+1VUs+ahKaCtPu9Is9C+O+puyMYcYYmKeeq47CITo= =HeQV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8c0511f-d3a7-c11f-d984-cd4d7386f121%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Lexar Professional SDXC not opening in sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 unman: > On Thu, Jan 23, 2020 at 02:06:39PM +0000, scurge1tl wrote: Hi, I am > trying to open my Lexar Professional SDXC 128GB in sys-usb, but it > returns error, on all USB ports and SD card reader as well. Other > SD cards read nicely. The error I get after trying to open it, is: > > Error mounting filesystem Error mounting /dev/sda1 at > /run/media/user/9C33-6BBD: unknown filesystem type 'exfat' > (udisks-error-quark, 0) > > On my win7 machine I can open it nicely, but Qubes sys-usb can't > open it. My sys-usb is based on Fedora 30 and is fully updated, > like whole of latest QubesOS. > > Any idea how to solve that? > >> > > Not really a Qubes problem. Install exfat-utils and fuse-exfat in > to the fedora template. > Thank you, for pointing out the packages. I didn't get fedora-30 to digest the packages but I found out that debian-10 has it preinstalled and so I changed the default template to debian-10 and created new sys-usb through sudo qubesctl state.sls qvm.sys-usb and with the sys-usb based on debian-10 I am good to go. Thanks again! If I understand the sec model properly, I should not open the files directly in the sys-usb but instead channel it to another AppVM and deal with it there, right? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl4p6d5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uxq5g/+JljJ6NmaXlePJQT6UGvfzLGH1B9JClzd4Yh0va7sVKQOYVOHas3BNc3U /Ds5frkB1U+Q3p9L9ypwx0fy8Q1Nzv2yoi09nfyqHfRmnd4S9sJ6q+6obSHX7QeX QdPCIqE19vB37A/fM55mhHQp3Zj4BGVsHGM7+xoO3DbuzmF0q5/M+sDq88yRj74v XYU8uykvSZu7SStP8SN6IzDghajWx+6FJHVTTtHjLGQ/DOMMkGEOmi1p3gpXjcAo nOEvalRpyGD5oKqY1WcTnytNodnyfB/oQbKFGEEaKTetBA3BUnpk2F+TDvExPQ6e iNGT41FvHH9cG51TTqZUkvreV52UxpY8pSZrM9arun2p9Me3I8mvbf4q4OY5e839 aT2XU6TcOfQ5ORAjVe+gWbJ7nOJYuau7x8qg+LDp85LuDGgVBXRsfSPHzAugynsm S+L7p/e1SCivSvJEOMMZlk5J8zRfaTqcl8FOfrf1PZ2AqO7r2uMoUi1IY/LQ0Hf7 Fe18HaB5YKp76Vm4XOBnpVQNCfmCK/0NZN62gDpg8G8OFCdw44Oys+EFy77tJf7q SniZQZtSXiw7MtukcSv1lDu+WfODXaUHq0t66LOrt08ONL9chUjBmmJHw+mgPacX kC3Rto/nyJZ3DgO/ktFu5ORMbrYlnatTm4IdE6r/YCQR6jB7bQ4= =CljZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5840fc32-db14-4b1e-3cad-fa9c99dbdd9d%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Lexar Professional SDXC not opening in sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I am trying to open my Lexar Professional SDXC 128GB in sys-usb, but it returns error, on all USB ports and SD card reader as well. Other SD cards read nicely. The error I get after trying to open it, is: Error mounting filesystem Error mounting /dev/sda1 at /run/media/user/9C33-6BBD: unknown filesystem type 'exfat' (udisks-error-quark, 0) On my win7 machine I can open it nicely, but Qubes sys-usb can't open it. My sys-usb is based on Fedora 30 and is fully updated, like whole of latest QubesOS. Any idea how to solve that? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl4pqFNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UwXPA//fBy/w4fwujLe3tuRbPTYCd4R5ArHXud2chO3gcl6W/zfUXOUh3qV0vrE KaWX7HwlFftg13mKeUSGYzeSuuVxz7FrsWYg+y1vFpb6gqu2nyiPAUf9tBd6HFbg 8/kTCbO2+Eg15k/r/Qm5RuiaBLVzniYmqy0DhYVBOIpFiAFHugCQqk45ZV3JM5n4 C3nkicKgx7JyMHeAdOIHcSv30hGZP0nWQlM8fhKokseV+PU02HiVFkwDBAOQjJDi wFH1VF+Ye9oRs5RWRPrhJt5k+0mN3VuDnLWOlQQK9MRGvIMOdqMCkQqra6B5wjPd sLK1iRVOGHvY8Jrp7rqw3Rl9N8C9VJrhOktn7ZVwBbomJTtFy2qgHxSIxRxuDIfd 5vb/aQHG3ixBUG1KCB7hgEH4mv05uHq2ypl3//KpUBQlqudPDYF5lY9lWvm8qhre KanY858eU8V2wmMURVerEVi8gVRKXE4fQ0LWWEN0I3xj1pzrQI4XFXAhRwtMil9Y FtHAYCWszYwlcGvs76F/nTdbkTudCpwQJR2akuM3t2aM038KQ/85CuO1rvwLeVAO woYrISrbfd3UleX+i8HaKxlsWZQLI1H/yH/9aO1PR+/IzXezUh6cnyx0Z1iWag0m Vafdf9+p96uxTuEsFrs3KqODLBMmBFK25+0MNYcotQCRGX4QVpY= =Rwny -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e697697-6d3b-adf0-3584-fe1e39070835%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Split GPG refresh keys in work-email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I am trying to refresh public keys of my contacts that I previously imported to the backend work-gpg with [user@work ~]$ qubes-gpg-import-key ~/Downloads/whateverkey.asc. How do I refresh the keys, sitting in the offline work-gpg now? I tried to use qubes-gpg-client --refresh-keys but the command is not recognized . Will I need to do it manually with every key? ^^ Thanks you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl4VmY5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Ux/2xAAhO6TDsOufQEv74J1q9ypJqOE7jP0Ury9pJsN8ew0WKFakZQOjgzIstnW pp2Sd4CHK3Yb6l13i9QYu0CBSJUmilo2zTgZiEZCF6nhaL34htMdqtaWM7H8i5KU J0Gzcww0l5c8tZ7cG90Irrw3Gzo0QQrF15sT1z2OcTzkVw2H4c44DPwyPRI6zLWQ 3a5ic6R00GmmKu8n8UtBI+1+C36k+Wzvc1etcm2SavcateBo8XloM/AXIEC5CD0U vhVA1X2Y1REizAabvjBbq3Aek+O8vN3Vd97cCm/NYCJp4lkEMlfCa62sRaQPQnbD fbksoOAmKpPiJaOdbo2JNnPI+T4uBHQNv1yno+7IFyhYueNnmheJ+v63Vkn9bpgf /qhhGqXvtKEMRm3bgwZXjmyh12nhgLFb0bGwr9FC6VXs2XRsQPDhIQ+OTnXrj8oo KBCU/hqYa4WNEScxZwi/ts7dJXYTHWNaK7g2OQyZVLFg15ReYNdl/3HXPRYRGDWk G74uhrSY4lHRLnkeNxCW98MUl55IoWwlwFWmUQU5nfwOXogtRG+yrCb/IVcKDL+o iEipjKj7+tAUa8srXcq/aTM/XvnpGLBlcDrgqFPNs8hX6YqpQ6NI3vZxgDPOE7GK sZlO+oSowXsmn6O1vdxV05ds1SIaIjq9UzYv5iAvv6LvVoU5Ue8= =fYkM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbffab44-65c8-f333-a9f5-516106f7c98f%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] App through apt of dnf to add subtitles to video in template
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I would like to apt or dnf install some app able to create, edit and hardcode subtitles to the mp4 video, to be not forced to use unsigned programs and utilize the sudo apt updte feature without need to do otherwise. Is there possibly any such good app that can be installed through apt or dnf you know of for debian or fedora? I use Flowblade in my media-debian template for video editing, but it seems it doesn't have the option to work with subtitles. Thank you a ton! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3up2JfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uw1eRAAnMGhZHPQB1Jo5TkP50U2rGjTO8k6yfoOK7noMi4HWSD2LPW0P/7l5DMu vPNS7GLic6ESB9O/v9nOt63qH10+EFaj3h0YOhX9rvjKh6sIj8+XtsN2C5cjalfx Zb5qMW/wdlL9U3dFjvBUjkmAevSJpWeoUBqM1feY0m93tDvLRVcKhQbTqdnWvJx/ JO1uN2S92wLVGMlXzL6GD/3ttw7PrcNFHT3NX285U7u1yAV4H5duCFCazfszp9D4 Ky6K9zJH3QnigVefrdcvxuu2tTD2VbtPPLdHoRp5HBZ23rmgapnMIDSxtK0vpryq EWTmXL/JN6SawK57tMq2AB8Xypgoz6J9p2uypawrVKomrtMOPnHdB6Ya92RFgjb/ fTbwk+V5bWyW2gWF4Q4kRfxASXNNtCScZUgYXc9VxF4uf0zQUzK94x6TV+Oz+xGv rsh2e1nepP+6Zsc5MAoFFgtUvkDvGsn+0kfc6pojvpjPsDJkHAMFluH1cMSMnRZc mGp7KdHsNgTdg/cn2FCJQe3A5OuHoKg2uguKKUQi0Zx/N0xGP5v09IUEBwfrFXjS QWJSC6cN98c6zNZCvg0/NPOb8LjKDoaz9TXiAphJ1ieb0+DoUYmYRs+SwkSRwhwU g2zNMvsj0alJBpdg0eMdTs6wPZMlDC1DPlLu/1VzUc70grpST2U= =7cbM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a75bcd1-9fc1-3b82-6042-fdf50cdd1dfb%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Has anybody gotten increased scrutiny at an international checkpoint because of having qubes installed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 haaber: > I I will be doing some international travel in the upcoming months. > In >> the past, I have had to turn on my laptop, and once I had to >> bring the system fully up and allow people to see my desktop -- >> though nobody has actually seized and gone through my computer as >> yet. Has anybody gotten increased scrutiny because they were >> running an enhanced security OS such as qubes when entering a >> country? If qubes is a "red flag," then I'll carry a different >> laptop. > > Carry another then, that's the safest. > > The easy solution (if you accept some "risks") that works as well > is a micro-usb & some std linux on it, that is already booted. Give > it a family picture background with sweet kids & some green :) And > two or three non-sense documents that you can open. > > Unfortunately with linux we still don't have the hidden OS option available in Vercrypt for Windows systems, where you can one decoy and another real system on the same HDD. Till this increasingly needed feature is available, we will need to be extremely creative. Border searches are more and more common and can beat your secure position easily. Is there actually anyone working on the hidden OS option for the linux? Would be very much appreciated. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3ukz9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uz4tQ//VE6qRHedi7YmYoArvTcwZMuRckF1hXZ4yYrToEM6aoXUhMYw+XFH1zkE WEGq70C54SENeYW2nfrtJdO3ab/AGjU0GfdiIrkmzKYdejJJ3TnnuhofuW+8R9NA 4ap4Qn6XJ3JqM2RsTpC4WvMwcBm4eZ5DkDEJ/+tIJzTYWtugNn3F9Yji/bkKa6rk 8Wv58Lw//0flvtXKw95hjsbMW9W6ZE4f73BIVKAFhUGW9kXAXgvWX1gCcf1B2RC+ U/GoL7nf0XMpw/kmhk/GEo2f225H85qn81HUzAVW37FDY2PhOXrU8abGXCgUkqfG rvD6xNAKQGaavJ66uOGPDEtBxoeZoulZyoUk83gDM8wy+YDG6AFaS1K6jgh2hX6v kTSj0GqUuljhPmosoMJSMtEB+l5dJdkEPCtdRgiO/0i531euEWbMZ4G5RK/0AMC7 Nr2FBdf9/FLQp7mWqWEJaga0/fJN1QuFvpV3LRW5YfZ/H6Zb4TUY04Xj6qdY4P92 +F3CbV/8Yu531kh/abjPtt8t19zbLDiNo6BQE+G1Ib9sK6kivlyyk7CNkx+3hQiA LVXIoMYv2GUQ4IpvvSo/pwF9xv7T85GaXOcNF1mVjqg7GFR+Az4Xh10whEZz4mx2 E9n33mjvJ0YYK8R9/jbFwYHzMN1i8Kmcc09FaS3HUiwl0gagmAQ= =7Hjh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/901b84f1-3d5c-bd67-6be6-e6bbc3e6bf01%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Android on Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I would like to ask if there is any reliable way to get Android template into Qubes, so that I could create AppVMs for different android apps (from google play too). I know about the project of Daniel Micay who is working on a hardened version of Android GrapheneOS, but don't know where the project stands. Is there actually any reliable way to get the android into Qubes now in the form of a template? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3qLeFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxW+hAAp76G9LwJ1Sba5bfWFk0LkY2GgO2+bHCWvmKtPoYQkgebIHMmEn89YCAu +UBK0yfBOgJZ1sqAb341Zfdf8vNp0WyQct4/Ll2OUeFvlMJRg7wzlPcbVgt2AhEY aRosGQsYHwWKyXrzDyLsDpqUgKPijTkuLmnvNVsXVbw+zrCnM4FgFmPFeoiU04xF ng1tS1Ym6RUoeV0o6GtcEvljwu6yHnJ2ci+eJuvXzhhyIcicsU8eU6Ewh8fCMjq6 o/T5N8VWzz5Qqu11fHU1XJPHn3z2hJv+IUonBERIBjatDN9UZL4XcfC+vFOCdPVd Pv63TZMI7FmiRvDxUG//k1kvEMAm9TunpjSTg1mW0xI+Pu9sQ7njy4Lgu+0Wu4zq QW5bqRAlVGbyMbZR9efpH413thig/2pgBO3LUI9hFluabSq2jJPcgF/NsDafPxhG vcwMlZOPdaasryGRBu8wj0HJXBgXGlNzzZAnYqerYP2mtoqOQCuMpzx2/SUBXAzd AnCwbiVNaCZyVXjyJUZZQyt+Fs6XBxdkjvRkldFBHrxCSm2QoErbK3JdPsd0Odd8 mxHBJNUoGEePW6xd+X2tDCVpNwEZkQ5AhtL4NsVEkBG2Iqig2goUOHNVe6SPbxXI UxTJozTbwefK8q1GvM2rsr8iaR6pa6yKpQFX5EZUgy2zddIC7vU= =4aSS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4baf60f2-124b-0bf0-d0f5-6818404427a5%40cock.li.
Re: [qubes-users] Bug Thunderbird: kills addons after last update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 scurge1tl: > > > scurge1tl: >> Today's upgrade of Thunderbird to 68.2.2 (64-bit) killed all >> addons in Whonix-ws-15 AppVMs. >> >> Enigmail seems to be already running, but Torbirdy and Qubes >> addon for Attachments opening in a DispVM disappeared. >> >> > > Update. Newly created anon-whonix through sudo qubesctl state.sls > qvm.anon-whonix doesnt include any addons by default on first > launch. No Torbirdy, Qubes-attachments nor Enigmail. > > Manual install is possible only for Enigmail, but Thunderbirds' > Enigmail somehow cant work with my backend gpg-split. It launches > work-gpg, asks me for the confirmation, but than cant decrypt or > even load emails. > > But qubes-gpg-client can work with my gpg backend easily, without > any issue. > Is there anything new in this regard? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3UCdZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UyyRg//ZC9LLtFZsFdFQ31lcJk/576fvaVsaca5goQtk1DeTTfYb5I9l4avFZTS xVZJZV1d29X18vPyf0rjXuzoISMR7sjq7VMN0VEWE8yG4qNdbDKMevo3mXtItpEX M7xol7aW3dJMRtGfvci3CeVCiqVjjJXZ4wWHFSX6JdBgY/QgA7F+pdhdSeCcEMQZ F5jx3s5YXvTXd5+0dhb78Im4DSugAT4udjjkhcYxdnI8nJnNbrxJEVh39UbLAi9X U21mKj4RkpYoCBrzeFWcpeF2RNWk2acq8sEtjbb7HBk8RE69K/0N1Zr7Yf3SZHY8 NWzcgsxz8kkRa7cwmGkMp9NdKI/RigotH4zHMNiFgg4shLW2VplufhcdEhem4lCo xmDcjBZlLAtutR1betrHQl790QNv8jZJKXwXden436/I2IFE0JVU+tiwkcCHE6Jy CyynFlZrDqmBdU4512/L1yNyuAajSgjSTuybszAjZCV1QOLSwaZlaHeZy+x78tE1 VYwWUPVUGg8J7TSc6nKzt1lnv/b6dAFFrXpazWtJZnQiJ/HiBn3dGJEXXqtlYaAL VLyn0mrJLfY6y7Z+VwOprztJ5CNgKu+Khg4KeEFGL34K/i/o+OC85OvrSxWFqSS/ YQprW7T6GlCu4EBaACF2CHptbYQqSAUSOTsO1vnhBBMrSlIOP3c= =uMgo -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ae50d81-ba97-b0c8-ea22-3b5054b436f8%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Bug Thunderbird: kills addons after last update
scurge1tl: > Today's upgrade of Thunderbird to 68.2.2 (64-bit) killed all addons in > Whonix-ws-15 AppVMs. > > Enigmail seems to be already running, but Torbirdy and Qubes addon > for Attachments opening in a DispVM disappeared. > > Update. Newly created anon-whonix through sudo qubesctl state.sls qvm.anon-whonix doesnt include any addons by default on first launch. No Torbirdy, Qubes-attachments nor Enigmail. Manual install is possible only for Enigmail, but Thunderbirds' Enigmail somehow cant work with my backend gpg-split. It launches work-gpg, asks me for the confirmation, but than cant decrypt or even load emails. But qubes-gpg-client can work with my gpg backend easily, without any issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e74e6a04-6ce8-be06-cc59-f0578909b7a5%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Bug Thunderbird: kills addons after last update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Today's upgrade of Thunderbird to 68.2.2 (64-bit) killed all addons in Whonix-ws-15 AppVMs. Enigmail seems to be already running, but Torbirdy and Qubes addon for Attachments opening in a DispVM disappeared. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3SfWFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UyKXg//Q6qKn34KAE0iUjRuTgY76YQBmLcSXZqTSjVJtNqOd7Uxg/siJLpyEUSK sFtc1XWJzjEMKKr4fZVKp/Czl631xs92ouKg/mewfUdiWvBwZb6fegp6kOEr+x1m +BPy7jXkfXOs+uobxx7lgIskzysU9AbaryZDkwyCS0aCgfAH8sxBgNtuff1xU9Cq lzU/2hrvcU0EbFPpgCkstWqZODa+e29GgWUx7T38/OUlFGtjV5y+ZdrHl+pdC9wN N9WPhPwlneZYOSETVU0bamYo3kzodyrJzTcCtwuPGzx9xxLYa4HPUQg9v05rXfzN lxSEgMlFXsXlUazjXUyl7dSqkyEKfSUXa21ocuzIbLddviEu2nEEGI2iMwIqgoEF Gok6HSjBNraCbZWGP2tKFAvVi6dkgDBcCb5Q2GRCkKoth6hpclBGxtHVv8knMN7J 3yqL9j5JJZzrm2CMx6XYPf3cUcGGnt/KLEIXWIWVfAZRTWCJ4HdaFyf8VPXwYkpT 9Ll3J2ymUK9HtS3jmaLF5A25yP7IXMEViIqUozTFlxA1qhKALixX8Tj+XQfafGHN pw3yrNmrUTgWoHvgPX7JlStQG9V0eFnup79LU6aHBtDpcyzsO3fbL8TVTnZIVePR nyXujb0JpVgPphY19/iOgrmwsZJY9wehOhhkgeS7iMK1p4NWof4= =4ms1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4d258a0-429c-cf64-b0fb-b21539346947%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Tor qubes-r4.list returning error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'Jackie' via qubes-users: > scurge1tl: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 >> >> I try to onionize the debian-10, but Tor main qubes-r4.list is >> returning error. Qubes is set to onionize everything, Whonix >> onionized and working well. >> >> I un-comment this line in my >> /etc/apt/sources.list.d/qubes-r4.list (and comment everything >> else): >> >> # Qubes Tor updates repositories # Main qubes updates repository >> deb [arch=amd64] >> tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymd ad. >> >> onion/r4.0/vm >> buster main >> >> I get following error: >> >> user@debian-10:~$ sudo apt update Hit:1 >> http://vwakviie2ienjx6t.onion/debian buster InRelease Hit:2 >> http://sgvtcaew4bxjd7ln.onion buster/updates InRelease Reading >> package lists... Done E: The method driver >> /usr/lib/apt/methods/tor+http could not be found. N: Is the >> package apt-transport-tor installed? E: Failed to fetch >> tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymd ad. >> >> onion/r4.0/vm/dists/buster/InRelease >> >> E: Some index files failed to download. They have been ignored, >> or old ones used instead. >> >> >> BTW in my /etc/apt/sources.list I have: >> >> #deb https://deb.debian.org/debian buster main contrib non-free >> #deb-src https://deb.debian.org/debian buster main contrib >> non-free deb http://vwakviie2ienjx6t.onion/debian buster main >> contrib non-free >> >> #deb https://deb.debian.org/debian-security buster/updates main >> contrib non-free #deb-src https://deb.debian.org/debian-security >> buster/updates main contrib non-free deb >> http://sgvtcaew4bxjd7ln.onion buster/updates main contrib >> non-free >> >> >> Any ideas? Thank you! > > Hi, > > I don't know for sure, but if you haven't yet, try removing the > "tor+" part. My understanding is that the debian template doesn't > need to know how to connect via tor, since it's updating over > sys-whonix and sys-whonix itself routes connections through tor, so > you can just put the onion address in there and it will work. At > least it works for me (in whonix templates too). > Yes, that did the trick. Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3H35BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uy/rg/7B6IxaIQso9jH6VjJckRz9TskOpKcR3MpSfLd8f254gE+rPqdnj/nhvCp SypaQHuYDJ7PjhlSYchMx9tE4tsvQbPYNnXBBcctXxOISI8tpn6J1/x2mPK+zMvk SQoPNl9V081Ain2nzLGe07f4ZrqQP+sfnEfYn1LHg/fqoS895QGILju8Z+UG8hR5 9iXNewehn6JKe9H3GGeZUWqFapIsMisQlpSYfiUQtDp7/42Jl2uYrS1zeqGktDe8 HbQYqMTjnyerr8sJyleyjPPrt48mZpz35qpxeS83Vaigh4WEo2sr4YLgJ6Po0Uhx ppFiP+CZ5EehS/CioHL+2KNgarauVPcvlQhq/QKBUYefi/QVYregYelBCDZhLme6 v9RF4ST2pYXfp6VfgHbbE+5bLfkH/C++Gp5yvOxyWjoKKabbCrjK8IlL8fOYLlYC wJ2UXlPdcVfQy/YeSUEwaX3bYoEWZenFELLMik6DbYPYt8rM28EWItEOYoWY8Xyc pmyBAmL1ty6s+NYRQSIv2iOWsEYdnQCzxYtWObVtkMkzCLjSZ31e2K51xLBjKSEK 1mNiyWwDyAKIfGVMSkk5cwP4VAssE8gd1YpFdzLmS1WleCF8EKqepLSP0Y2q2NEm dLhOl8UbC3GVX+/Ok6rrLlQniE5fr5iSad7s8TuXUkmPSGeWyS8= =MaQJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc3e8b59-f096-95fc-ad37-ccfa8c9f28ac%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Tor qubes-r4.list returning error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I try to onionize the debian-10, but Tor main qubes-r4.list is returning error. Qubes is set to onionize everything, Whonix onionized and working well. I un-comment this line in my /etc/apt/sources.list.d/qubes-r4.list (and comment everything else): # Qubes Tor updates repositories # Main qubes updates repository deb [arch=amd64] tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad. onion/r4.0/vm buster main I get following error: user@debian-10:~$ sudo apt update Hit:1 http://vwakviie2ienjx6t.onion/debian buster InRelease Hit:2 http://sgvtcaew4bxjd7ln.onion buster/updates InRelease Reading package lists... Done E: The method driver /usr/lib/apt/methods/tor+http could not be found. N: Is the package apt-transport-tor installed? E: Failed to fetch tor+http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad. onion/r4.0/vm/dists/buster/InRelease E: Some index files failed to download. They have been ignored, or old ones used instead. BTW in my /etc/apt/sources.list I have: #deb https://deb.debian.org/debian buster main contrib non-free #deb-src https://deb.debian.org/debian buster main contrib non-free deb http://vwakviie2ienjx6t.onion/debian buster main contrib non-free #deb https://deb.debian.org/debian-security buster/updates main contrib non-free #deb-src https://deb.debian.org/debian-security buster/updates main contrib non-free deb http://sgvtcaew4bxjd7ln.onion buster/updates main contrib non-free Any ideas? Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl3FYYBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UwJBA/+NgfOAbjIySS+tWaYV8IIO3mQBcCwTTAqQm9pE1n1MHIUnaUBTv8ckd3v gj2RarYvVu2eBMWzRsMWUEnXfK2K8mt5joNXbHVAjufKtLjArR8TmD+HVfSpBm2i ZhMM4oq4Nl3DBig4z4D1w2bPrZ4UCirGBAIxNmzAwmwpKQCR9Naf6ynpIiotoNnA RMbzsiArzv4fLF4ZozGxixIbFf8GlrF7GFmUMYvhq5xx+kVdlSvtdi+ukYNKQIFV K0/s/52rPUpv4/t5jxd+YjW6YeEdcW1xckKIUv8MIAdJcQZoYd2YzELu/8aTlKIt D6OhKzuvrbN8rcgo2ZtbhNBLlI77b3rvwVo30rSGgt09Q+MKmPl7nvWgxirkx5n7 CV6A0xw752JlcHfMXMA7T1tB+eAFtpfA0NI0rJtxjHvBx550sXoicYud80KPKFLl 4Dk9PUi9gtQGnPxqijhNSJLtNwqLbZzSAsSBs4+ObK30JQpWNVMLmnIqTZ+o5a/D SVgkOk/Baya+pgIAA3/hpKL2BEkyzfWs55jPGQz2WrAoq8KuUh9/f8Eji2zv1AmZ wwA23UsKgiuXx/Q5Fd+rTzPLsMisl5WSrR3shGC9JvJRgL05T0oIeFnNtmS30iog oMrpUS8g4uQu7YAzYmsk7PcK0POPdZVj4mm71O3EncN9+pW6t3o= =WG6+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9665d7b-5a6b-be4c-7bcd-40116e7ea9c4%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] whonix-15 TB in dvm on Safest has whitelisted sites in NoScript by default
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Patrick Schleizer: > Whonix source code doesn't write literally googlevideo, netflix, > outlook, etc. anywhere. It does not do anything to give special > treatment to any websites. > > By policy, for simplicity, clean implementation and whatnot, the > "inside" of Tor Browser isn't modified by Whonix. This is > elaborated here: > > https://www.whonix.org/wiki/FAQ#Does_Whonix_Change_Default_Tor_Browser _Settings.3F > > Tor Browser upstream issue. Bug report written just now. > > wipe all mentions of netflix, paypal, youtube, ... from noscript in > Tor Browser > > https://trac.torproject.org/projects/tor/ticket/31798 > > See also: > > https://www.helpnetsecurity.com/2015/07/01/researchers-point-out-the-h oles-in-noscripts-default-whitelist/ > > > https://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs - -zendcdn-net/ > > >> From noscript FAQ: > > Q: What websites are in the default whitelist and > > https://noscript.net/faq#qa1_5 > > Q: What is a trusted site? > > https://noscript.net/faq#qa1_11 > > Whonix forum discussion: > > https://forums.whonix.org/t/noscript-with-security-slider-at-safest-pe rmits-around-30-sites/8160 > > Cheers, Patrick > Hello Patrick, thank you for the reaction. Just shortly: Tails fresh install 3.16 or 4.0-beta TB don't have this issue. Even it starts on "Standard" by default of course. Fresh install of TBB on win7 doesn't have the issue. It seems to be qubes-whonix (dont know how is ti in non-qubes-whonix) specific for some reason. I believe that if one sets the security setting to "Safest", she for sure didn't meant to be tracked by entities like google, youtube, microsoft, yahoo, paypal and others - the worst surveillance capitalists on this planet. Interesting is that the issue with the whitelist can be easily "solved" just by clicking on the Standard security setting and than again back to the Safest -> no "Trusted" websites anymore, zero. Can you please check deeper on this issue? Thank you! Weird ^^ -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl2Do7VfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uyy+hAAgDc4f/iwLGoTfQKaAX8xcpiaKWEd+p032laJ8rKdSIB6Kd5JG3bBYSGh iHY5MeAZene44f3DyloDcny6Kv6ibw31/877sIVNDWKIQQQi/rtfkVT+nyp1Bb+5 32xrh+u+MhTIKbBjYCjyy+E5F1fVWK1Q3+dBApLHWsJxseeAON1lL41dH63fP4zX ApSoOmvJM3fiLZGgPYA2zr/W4VzSTmWag5pp27X4r2rMPpoonZghFv5B+IjixhHX tTntE+cfxTXqkoNwLY/upsJeXLoFgWr4ss7FQ3OfDE7X743fbu2Y3j857rPSPs00 V2eArJjxh5a2pwmrZcFzW+KN30CHIAXRplIt5/k2Nfa+UcHfkPlZOsZlGXBtVba2 AofLm/OlGjqupgFMpIwDcwP+zHEIGrN/HTyr61GAozInK4A1YU7+Q0Jz+b0fJl8j 927uxdZVFE9JZXpF8YmO7pMrTcAwfo7fqV9/tfjEkvm6EtvlNdt5FLPRGLF4QGMI tH7ovKxRedvdHRLp+81CqLjxn8R5zkdnoZzNMOfWN/Q5NtETNOLxWiRPKt6iLg4l qW07ICAkQYJaVDTVKfH49CrKRWZF88f+I2s+/6AVUivvuPAM/n8p64ABsGyS5e+h QgRIhBZbIvu+6kGxSWQkftKTwTuQHn24JFPM2jIQgaO1g9stTwg= =Vqtn -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3d201ef-93c4-6a34-3acd-da933cc68dc7%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] whonix-15 TB in dvm on Safest has whitelisted sites in NoScript by default
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Current behavior: - - start TB in a whonix-15-dvm AppVM (Q -> whonix-ws-15-dvm -> Tor Browser (Anon Dist) - - set Advanced security settings on Safest (click Yes) - - about:addons -> NoScript Preferences -> Per-site Permissions - - there are plenty of whitelisted sites like google.com, microsoft.com, passport.com, afx.ms and many others. This behavior is whonix-ws-15-dvm specific. I don't see this behavior in anon-whonix (no whitelisted sites on Safest). Expected behavior: I believe that on Safest settings the TB shouldn't have any sites whitelisted by default. I tried to reinstall the whonix-15-dvm but it doesn't help. The whitelisted sites are still there in the popped up dvm. Can others please check if they have the same issue? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl2AjGVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxlLA//aJgx+14d7omw2O4aMIZzY+KWGA8dwePEt61O/p1rNuJo+Bb1w83vLwrD g0xULHyun4jf0EIdI59og+AXuL77yIEbUMtBr98QeB1PZwvtsGK2Kbzm1GwbPTif 4S7ZRlwhq9gcPmq0DCbkguEzF3nHcLuOa2rNIQhe7s79Mugx2uYIjC/y9p6U3yyf qEpzwxs392lNW8fkiR4wdE5qOPIHkxSMpqGekS/sh5Xoqc1GdKrzccsyALqzRV+Q G7ymCDTGc96ROoUg6az71XmpmZB5hx87c1k63LYj3aBi/8ijkdyx+0fwoaarsGND zcPiqyyJSq7l9qso7PgpcIiSezL+TjWA58R99YYUwl1+ZM2ngEtaeTsyR0Kj7z6H wdu6ixvvFb4cCoVEMibdDaapT2iFKsFYCgI/8NOuHuUI8TWeNDS7+CKLSJ7UXZM/ T2RBGTORvDN7JzSv8TynWZoiSaekst9g0HmlUd/JbKqkL8OFC7rRgwa0DKzpXj/D DFiHXkJiuj/OWeH47uViw3asz9c6w5N62Jjte/jo1KepsBfQBC+BgZIZBoap+dyF jfWwis/39eAcGIExU1Yvy+W6fMZq6Exz6gKmh89GaTFUKnP+DsMZp2XcEe/tNnor e8BzMrWgrirKUCtBf0Qlj8TILY0oBw/f/JLugc3RVq29zTZZna8= =YeAi -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a8bd079-2de7-a54a-ab65-96d3d68227e7%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Re: Whonix Tor Browser Starter safest setting fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > 'b17b7bdb' via qubes-users: >> On 9/13/19 9:31 AM, 'awokd' via qubes-users wrote:> 'b17b7bdb' >> via qubes-users: Setting tb_security_slider_safest=true (either by selecting Yes in the Tor Browser Starter screen or by creating a line in /etc/torbrowser.d/50_user.conf) does not result in the expected behavior. >>> Actual Behavior: - Shield icon is fully colored - Security Level is set to Safest in about:preferences#privacy - JavaScript is ALLOWED on selected sites. To view these sites click on the NoScript Preferences button in the about:addons page and then select the Per-Site Permissions tab. >>> When I do this in a fresh DispVM with the above setting, I see >>> no sites listed on the Per-Site Permissons tab. Are you using a >>> disposable VM? >>> >> >> That's correct. I observed the same behavior in the Whonix >> DispVMs on two different machines, one of which is a fresh (and >> updated) install of R4.0.1. Notably, if I manually set the >> security level to safer in about:preferences#privacy then the >> per-site permissions disappear. >> >> These permissions are clearly the default permissions included >> with no-script add-on. For example, a variety of google, >> microsoft, yahoo, paypal, and netflix sites are default trusted, >> among others. >> > We might be miscommunicating. I'm saying when I set > /etc/torbrowser.d/50_user.conf with tb_security_slider_safest=true > and start a new DispVM (on current-testing), I see zero sites > listed. Did you add the setting in whonix-ws-15 template? I tried > it in the DVM template first, but it didn't stick. I do see what > you mean with about 30 sites listed when I start a DispVM (on a > different client on current) without that setting. Is your Tor > Browser 8.5? Odd that you're experiencing different behavior. Might > want to mention on qubes-whonix forum too. > Hi, I have the same issue. But I am now communicating with a guy in the Whonix forum and if he starts his Whonix-15 dvm TB, he has no whitelisted sites in the Per-site Permission on Safest. This issue seems to be selective. We both have the 8.5.5 Firefox 60.9.0esr and I didn't do any mods in whonix-15 templates. He doesn't have any whitelisted sites on Safest and I do ^^ Can others please check the issue too and add their situation? Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1/NI1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxWLQ/+MWFyDFy9xKjBD9CmNSEY53CG8pf/5X122B4kggFn3yT+TJ79o4v1PyYM Y2XkyjhmkxmC0q9U+MFEYIzE0evX2uLZOXWXqlH3UE0QN+DI5htUZR30QoAjB5dL rdq+fNYtrvxsBY70GeoD39g5RqLPjnmye8rtogQFszp9ldiA5OJ4n5cOwB27lFUj CT0Lk8F11o4FERhoff1F/Ff/2LSXJDcSMRRCuosG+Q4GgWw2d2pPiqXmeWUCamdH UxlptUhTb/GvKLMGBQ7sBylk79q8MipVjPj3ZtVNi6pfhu4ZsDH5QZfiRAiIK1Kz bTp13YVjuFOCHDYy5CeWoYrLxycMeqCt8yngHSvHYo5aPaxk0jf9x+CYvIpdYn5B Sjn/z8+C8f3zLeERqq4q6jC700cgFU3f5ZBFTP4R0XHp7kzhgfnCHAUJ/qFUuc+b a+GYNVxIBgCBZknPTdzS8raFW2EhlvumWD8YhKhAMES86Vqz9z3SRRRWxQ/5sb/+ CAp4jJ4Ispg1K8OyJox4G4jXgWfk5JCqy3E8CnQC+xbVvgnE6jTI7igKMhE1n8vE Gv0w3maOGk9/byNzCW4PGf9vb1YEeu5CFaG0WPGcmKT/DWxNGc1h5q3Jo5gnVWuU NngevmJgzKjsahgabSzxSD408u2ddVCwFR/zdgCqPgviQxdqA98= =tck6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7b312990-b661-5fb6-227d-ce842839b9b7%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Anonymous as possible
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 GT500Shlby: > Recently I went looking for as high as humanly possible anonymity > but quickly deployed. > > For a purely hypothetical example, say I have evidence on a > prominent person. Think got mistress prego, mistress no want > abortion, mistress gets bookend to skull, murder cover-up gone > awry. So obviously me having said info, puts me in severe risk of > being killed myself. Like full on conspiracy theory novel/adventure > story. The idea is to be as realistic to the cyber security > preparations as possible. > > So I pick out an older laptop from recycle, flash the bios and > remove any serial numbers and assets tags, pop in a newer SSD from > a different recycled system (0 purchae records), reflash its > firmware to remove serial number. Source an external wireless > adapter with changeable MAC address and again, make sure no digital > serial number. Now I need an OS. TAILS is a good option, but I saw > Qubes used a while back and thought of it. > > The idea is to go to a public place with lots of stores/cafes that > have free wifi, but sitting outside those establishments in a > non-cctv area but jacking their wifi, probably using a sharklasers > email to get registered then using a vpn with bitcoin and another > sharklasers email and then using tor above that to then create a > throwaway reddit account to browse on r/gonewild err I mean drop > the docs on the bad dude. However, my concern is, I'm having > trouble finding the latest release date. the listed release > schedule makes it look like the current stable release is over a > year old. What is the TL;DR of the state of development of Qubes? > >> From other privacy focused people, are their any holes in my >> privacy scheme? > Your model is actually a high risk environment, involving actions of physical harm or death of you or your close ones. In this case you would need to employ much measures and countermeasures, not necessarily related to the digital behavior, more than the OS like Tails or Qubes, to stay safe. Your behavior patterns changes, your physical movement and monitoring of your life emissions, the way you obtained the compro, from whom, how, when, where and so on. Your contacts can be compromised already. Beware of your writing stylistics, typos, and other similar leakages of your identity. In case you have written something publicly under your real identity, you should count that if you don't use deception, it can be one of the identifiers narrowing options from adversary in pursuit of finding you. Know your adversary and its level of determination, resources and time available to find out key indicators leading to you. The higher it is, the higher security measures and deception layers need to be employed by you. In this case you will for sure need certain level of well pre-prepared deception layers to make sure that if your contingency plans fail, you have a well working backup plan, spreading options on more ways adversary needs to follow on each layer, to give you time and a especially clear warning, that there is somehow successful adversarial activity, without leaking this intelligence to the adversary. You will basically need to do the job done and destroy all traces from you, and remain exposed shortest time possible, and leak as little as possible emissions about your activity and at the same time not break too significantly your daily routine. All preparation activities are deviations from your routine, and can rise suspicion even after the job done. Once done, there should be more less zero possibility to get any intelligence about your sensitive activity by any means, even backwards. Coming to the OS, in this case Tails will do the job. It is amnesic and the only hot potato is the SD card, if your activity isn't leaked already, which is still possible. If you were for example searching for the Tails through an insecure OS, downloaded TBB through a non-anonymous channel, or even through your IP address, and so on, you can already be on a watch list. Estimate how many people in your area use Tor or Tails and you will see it is not much. It can be see you are using Tor or Tails, as it has very unique behavior. All that, provided you know what you are doing, you are able to get Tails securely, can reliably obtain their signing pgp keys, confirm the downloaded file with it, its hash, can run it securely, in this case remotely (see external wifi card, with cantenna for example, to get wifi connection from few kilometers away) and having clear OpSec, and be sure you are not compromised already, from the very beginning, you could be quite safe. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1lgZlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzsEw//Q7enT4Rw/8x8yYiXzmWy2GMJ4AAez4x38UMI91j+VLgZ9ER9O5MnBEHO 7oZiXyAjPTGswYZP8beceaR3a7z
Re: [qubes-users] Done with Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 O K: > Thanks for all the help but I've been trying to figure out how to > get Qubes running for months and I've decided it's just a giant > waste of my time because every time I get one bug fixed, two more > show up to take it's place. I think it's a brilliant idea but it > needs a lot of work and streamlining before it's ready for public > use. It's a shame because my privacy and anonymity online are a > matter of my personal safety and it would be nice to have a secure > OS. TAILS is not a fully usable system either. I will have to > install Ubuntu. Good luck, everyone. > Dear oak2572, I understand your sentiment about the issues rising during your usage of the OS. You need a reliable and just working thing. My 2 cents to this are simple, and it solved all my issues with QubesOS. In my case it was simply a matter of hardware selected. It can be tricky to select the right one, but we have the excellent and updated list of supported HW. Im my case and for my use I am absolutely happy with the Asus Zenbook UX305F. It is not a beast, but is capable to run qubes without any issues. I also recommended QubesOS to other friends and it ended up same way as in your case - they gave up cause of need to heavily mod the existing HW and its SW part. If security, privacy, anonymity (you consider Tails too, right?) matters to you, try to reconsider the HW you try to run the QubesOS on. I am pretty sure this solves the issues fast and it will simply be a breeze. Good luck and fly safe! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1jdNxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UwZChAAjLQSzAqsX3nk6f1w4l2uFClGueXYtJZgKvyvP3TCOzaD5ZxzvXJLLgtr 5DyLUcQGJ4hX1xdIGkevPxQy05jz0swr8Bi+yJWJhrfza0GQvRvkVlDN9AkZ5cgu 6HBPDVi2IeZicWfKBAfr1ed+Onx/vmwbLqzqqFBs/f4/4U2VDJBfv52eX6NkGn/n RIOT5UQ3pRBsig69HviXR9Awvuh231Ltxu/CCUdcwECWkZVEhNr62EAsMNPiyCoL 4ge8d62tY/AQD+EWvRLmPsfA6NEvSdzlyMuMFDZNn5CRFaRZnwzaVzdaq4DNaaXs ST9/99WQAYkKSdogGa2Gm7jKg+uUynSHzCW85y+vJu4DIYpVB/8sllsCLWUMdmgx ZLw/gDhPEredszfeixrQd3cLxe5ZyQrE0HCGmWR8X4ABkAA/VQs6tC39I5rwfUUU 98OHKrGh0aKEYYz9K9ESkPZH233+CyyOGaXXbUiaqtm6a41pEHQNcyICJEQUqR6O lSm9nveZU+C7Ekd/VOUdckyd9cqcVNRidnAVw/DQseIBGSpVdJyxrpLFLYLdVowa rIVnlf9UZ0LxsheqXzZmqkNIA3KtlBbvBDBPjkbqbjtlOGWDWC7UT4WYGzJkBRn8 G2w6IJ4WRr5S373y9+fi5+Fh7wHTk9+BlwH8mcWRXjH8F0VwkJk= =oZve -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89d0d886-4591-6afc-003f-6b32c1ed8b4a%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] ~/.gnupg/gpg.conf not existing in debian 9 and 10 by default?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 hi, I tried to set up gpg in my Vault AppVM based on debian 9 and 10, and learned that the ~/.gnupg/gpg.conf is returning an empty file. It is the case for the debian 10 as well. In whonix-15 AppVMs I get the file ~/.gnupg/gpg.conf full of settings by default. I would like to follow the guide here https://riseup.net/en/gpg-best-practices , but the ~/.gnupg/gpg.conf is not existing by default, and so I cant pass the needed settings. I would like to ask where the gpg in debian is getting the settings from, and if I create the file ~/.gnupg/gpg.conf and put in my settings, if the gpg will behave based on the gpg.conf settings same as it does in whonix-15. Thank you. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1fw+NfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uw9Ug/+PYiJ7arxzBG4MTZDM3DRn3rOmv94T5pxCp4Yzf87rtx43A5+ihlDXIp0 FBgFwbMHIZs01YI1U/gphAD1BKizFqAu0H0Y24uOcChGBizYt7zeDPt0srE21jZ1 eSNUp7rTHKFaw6NCq5OZEH8aKuNU7yOTDGmIYsLqmTlIzzL6P6L6O9XJX/cEyBV0 H7cSHaIDExPwQnJVsF4CKuSdsIqcx1udsxdX3cYVJ5FDl1obu02S8xhteadtVnDo NACCF4nZJGBJvOgPMASsYRTgWmYeZKGi3a+DEipq7K44I8nRQEt5vE7oUL5KPdg0 YMAPFzyB2Bw53Pivy9HOEePwkDzkPBnfH5tRt6UQRMJhsj1OYOmK9TqsZ0xbscd3 TrVzrzsBYjSelUZupUVh6s62TJSYkWlUn1fm2P+2tIZZ5rDtR0dLCZ1280wREA/H Bwbm9og5zOXBmCtgRiO78tV4JXzjEgjIkze4g/JE1H8ef1iU8cbpTz0jQCyCkAZI xf85XYwxpCAydEvnVJrNoipkL9TOAEL74sbnt/ot1fJLJ4pJiAgupwXVijyxjQM9 9L792MspFsdFdtgsNqV1FSAztc/jOsxjcVx//l6vQ5KwD3rc6ow2tVO2pcZ8uoCS 93lK3Xsflg82tZup+hDcm5Js1L2ormkEL3CQvrWF0wjhP1I98pw= =gjH/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5aea2b51-6bb5-dfc4-197e-2d285b5cc0cc%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] How to update debian-10
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I installed debian-10 by executing command sudo qubes-dom0-update - --enablerepo=qubes-templates-itl-testing qubes-template-debian-10 After installation it pops up update, but I get this error: user@debian-10:~$ sudo apt update Hit:1 https://cdn-aws.deb.debian.org/debian buster InRelease Hit:2 https://cdn-aws.deb.debian.org/debian-security buster/updates InRelease Ign:3 https://deb.qubes-os.org/r4.0/vm buster InRelease Err:4 https://deb.qubes-os.org/r4.0/vm buster Release Could not wait for server fd - select (11: Resource temporarily unavailable) [IP: 127.0.0.1 8082] Reading package lists... Done E: The repository 'https://deb.qubes-os.org/r4.0/vm buster Release' no longer has a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Should I set something up? Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1epW1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Ux+VhAAjVNjP1OaHl6+6+VmPn3y1JE0FR/sAX+jaWarZurtZqLWaeo1KJmSyCrV p24e/szpD4M2s+x03K1XlQjiLqnvybcJWsXcYl/G3euzfjyV2M/kMe6pvq6NrfST BWVzCglHUMFvJJ4wJ3Lb6Wxnohaji3b7F35vsophMBUuhuKy8pf6vu+mZwmAPL2X X9gJrSXNC1qNHle8rTzdYs+fY3EXfdCbnxEeILfbOYQIgkIUf2nxKvAZqTj0pHgO 45kx/4k+hiJQWaUTLN9retD5kRntTVv0VZjGRCtiXXwgrkFB0sW+F5HDMGDwOx/O prchrvi1aJ8fdZTo1ZR7tPara/JQLemeBy8oG6lPZHmf/jz48C6nUS+UZR7hosUU QrPdOfZ2kFxOnsgVFxXXci79cW5wzv6LxJdRJqh/JDTtLccdB+dlM869+Ax8BwH1 zcwHlKY6FjolibFzLf5sZFvoBSNwVEAg2PNCxezgnSfo1JgAfdjuYWX3Apm3eBjY vtZuG/6skQBMHFYeSOwliSO7qnJyCgsZNNl98/GpCXt1aVYGM3SoPF0FZ2A3lELO 8G7/CCqTPYwaXTOqKi2eJxSEfRwlowx9Udui8mF60ACmaW+a6hbdv+Mi2PXovY/y bNkWy/LH3c5oM4y3HtSBYuvZhw+eSYokvxQXN/oKs+phhlusV9o= =H4ni -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b58ec9b1-fc1b-dc1b-2174-421d0f700658%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] error: when upating dom0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I am getting following error when sudo qube-dom0-update: error: could not delete old database at /var/lib/qubes/dom0-updates/home/user/.rpmdbold.3822 The update than finishes without any issue. But the error is persistent throughout every update. I am seing this error for sometime, but it gets annoying a bit now. Is there any workaround to get rid of it? Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1WXQ9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UynHhAAwfU+apZBR9r1wNwzV299m6LvbtKwo12cwl/jOlQu0rhtMi+XC+4J7f89 ctcNaXjC1f/uljP06xzT7YmgnplghUCU39A3rCmhlvEX9FE2xo0K/raiYruWaNxU uAN9TeATAtvf9eL19K/f9TwatJzHVTyhi0sT1//AuQdvCdW47jqcKLPH/fStNYlO 2nZ11mltyGJCFTB8hSgtTTDlZMZDevhtuk7vQP+DzxHc6g1gf7ZX63KGuL/Q8Vb4 bFe/JaECn7uFUh/bbppmibYfYSOGnFP++ostScsBeGEuYTUy30BL26mzREabV4P0 kGxDgHPUOfXRVcu/Q2+qRnjqfx+5nyZ7+ZFEBLzUZIQPZq7RmCm5vPML9yAs6DK9 I3eIBHARkXYFkvziZPVxbs5YOpqCAreBgo1j3G4kEChMwRBHDocvOWsVU3k3/FWw jmL91QyKopoiGvH+ZXMBIuRb8rOl6P1XvzHI5x18I8j7ueuVukQ+p1TrErPP6P+U c06h/MvDkB8zCVDYYFHri2fOrA40Hd4EB+JPlHWlArT7gqgjOms2Rhe1eGUPyczA Rfdnkr18cpLCko0bJFOcJ86Txhck2w8qMwWxjoZ0W7slrxzLBudGq5lO9l+L+mEz cjo8ePjkT+MMIR9WO1CNP75tIPaGYhpXU1R6l7qe8f6N87pYJfc= =rxWx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c75d4f12-2898-15fd-9909-cf8a63bb588c%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Error on update on whonix-15 templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I made a fresh install of Qubes 4. I followed carefully the instructions on the whonix website for fresh installation of the new whonix-gw-15 and whonix-ws-15 (with previous complete uninstall of the whonix-14 templates and its VMs including DVM). I can update any template like fedora-29 and 30 and debian-9 including dom0, nicely. When I but try to update whonix-gw-15 or whonix-ws-15 through the arrow in Qube Manager, I get following error: [Dom0] Error on qube update! Failed to apply DSA-4371 fix: Error: Error: Could not determine Debian release! However if I enable in the Global settings to check for updates for all qubes automatically, it finds the updates for both whonix-15 templates, shows it in the upper right corner orange-flower-icon, and updates both whonix-15 templates without any error. If I than try again to press the update arrow, it returns the same error . Can I somehow work around this issue? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl0booZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzyhQ//WMLrGOIUUSzGjcIz6jvlerRn2k9cJGXOKguhzojDW0KGm61UVS6iF/ep FMcDQ6CjDTYywaN6otxWNdKqafxetsRW6mcugKH7ijNEZ7/DLdofzH5jbPuTWgvi 18yieKvf2N5Bo1ZLGGyaYKKpmujyAKtLxoSLAM4URW3Y11ywsxEhB7rVGzgnY17W 8p9OHFWIdk8PyZaq5+pv6m946Dno0zDq50mc44aLu8jF1pLPf45XWUf99zqM+9Zn p7JDNDSKsE4yQjuA6uf1sJoPEodwSIOqNtwZIN2Xf054VDWmQhgoX5H+W0Cjz2EN NI0RGa0SBV8ASxTf2oaYy/zpYAcYU+YYbaTein+DeRBOdrmmkAQBBS3jZ0tjmjlh BDWQBIG5xuTD7K7rkJS3OmDHN3pR2nzUVpeqEOUXqyXtG9QKQiChSB1j5FCoNUGX buK+1HO1Nim5TL/cWSfr6lh15KwvkZd5okvQtRhS/+Cv76rT5L8m3YGI7t42l+bZ BYYxGfwqWESTaNGqvhgDYhpXpqwBcF51KGWyW9vTrcwkarLsgtoDYTJXdu9RqEeX X/FiadO+o75ykbKZFYnRGkc5Ia+3zSqX1Xn3Uc8PDmJM2xUxas/O1uZJtouf2j9U WmGQIBzhumTYTbxU7hsH2YIuZN+fUBIaceLGsGzQWpismNU9rK8= =wr9Q -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17276226-ea68-173f-1d88-b7804172e11e%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Re: Any issues with changing template for sys-usb?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 unman: > On Sun, Jun 16, 2019 at 06:16:00PM +, 'awokd' via qubes-users > wrote: >> jules.die...@gmail.com: >>> Le samedi 8 juin 2019 15:19:00 UTC+2, Stumpy a écrit : I have a sys-usb that is currently based on fedora but i need to run a package on debian. Should it be a problem if i install the package on debian, temporarily switch the template to debian, use the app when i need, then switch back? >>> >>> I wanted to do the same to move the template sys-usb was based >>> on, but you need to stop sys-usb to do it which in the case of >>> a Deskop computer make you without keyboard and mousse ... >>> >> You could temporarily remove rd.qubes.hide_all_usb from your >> xen.cfg. This exposes dom0 to your USB controllers, so unplug >> everything except keyboard & mouse. Reboot, and verify you have >> keyboard after shutting down sys-usb. Make the changes you need >> and verify sys-usb starts normally. Add rd.qubes.hide_all_usb >> back to xen.cfg. >> >> I believe the above is relatively low risk, anyone have a better >> approach? You could also script the template change, but I >> wouldn't be confident enough to attempt it... >> > > How about? > > #!/bin/bash qvm-shutdown sys-usb qvm-prefs sys-usb template > debian-9 qvm-start sys-usb sleep 3m qvm-shutdown sys-usb qvm-prefs > sys-usb template fedora-30 qvm-start sys-usb > > Just long enough to check all works fine and then switches back. > If all's fine, delete the last 4 lines. > > If worried about races, pepper in a few more sleeps. > Nice one. Where should I normally put the #!/bin/bash scripts in dom0? Is it ok to use /usr/bin or is it better to leave it for package-managed executables and have an another /bin? Thank you. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl0HJkFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uz5TBAAsgsmgiB1LtVqdIsTdwO4SPwrieAhl6jqECOZSZl8Q4+bUc5lZJvzF313 PwqND0izsXFGE5ewiAWK2pc7MVHlsh0sn85wQS/ivSTrvymaTQcT/lY3SONEkQn+ 0uZfrxSf6aQpVHRSbZI/kNcld2hg3u/0nUjzdx9fmjLgclWyaL9CBmQr+80p6BI2 ob8zNn23P5Uj+AvsN/VPVK9ZclDwSZy+qzy7NTPD4SBskwO4pFmYTrMmuYmpvTM3 COwqeju8onuXFCCOUujXkwXWF+eC67/zgfnwJnKWFvAe8FIpADDbBQmWrCKLYXGX JAuTWYOgVLRzJM7inv4qdp8mYkeIBtQhFq+9t1bA9uKTwC0rhRsyL6jEoN1K4MQo lA511PCQSjFFYRrjvdTU4RAQo8aEuBKCEMtmUZusPMmwQwbpvM4Uzwh2h6vxcdd6 X4xZ96tQ7T/lQZbOuf47xIa8aBRWE65/lFtfHxZRZkOgz3A0Y7aI40zpjZyOaigc ZAkUOJ5I9CB7Ptf5WyiSXxy6laP+dPejgw1SI6KH3nj52Eg9SckRQ9TxgKGzbkFc bCZIRQZucNtX3M0jmIv8DLnfo5TcWHUNePPyybNU/xy9pQNlBTBr8WIiXfleHWBT yJ/c6p+xlL57ZK18boIOHzQW020uaxEca/5BV8YXCWkgVvkM2Fo= =PSXa -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0391901d-995f-41fd-ddbd-491837cd355c%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] gpg-split, what am I signing/encrypting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > On 07/06/2019 10.04 AM, scurge1tl wrote: >> I have been playing with the gpg-split and would like to know, >> if there is an option to see precisely for what specific task the >> work-email AppVM is connecting to the work-gpg AppVM. > >> Currently I let the work-email to have a blank access to the >> work-gpg for a defined time (300sec by default). During this >> time, the communication between the qubes is unrestricted (is >> it?). > >> Is there an option to set the gpg-split to approve a specific >> task only? Lets say I write an email to j...@email.ok. I click >> Send and I get a message asking me "would you like to >> encrypt/sign the message for j...@email.ok with your key >> ABC?" In this way I am restricting the comms in between the >> AppVMs for a single, specific task only. > >> I am reacting to the Trezor-T where you can see on the Trezor-T >> display what precisely you are signing. Can this be applied to >> the pass split as well https://github.com/Rudd-O/qubes-pass too? > > > Please file a feature request for this. I thought we already had > one, but I wasn't able to find one. All I found was these two > somewhat related issues: > > https://github.com/QubesOS/qubes-issues/issues/1835 > https://github.com/QubesOS/qubes-issues/issues/2443 > > Hi, I try to start a new issue but github doesnt like my email provider cock.li or even newly created vfemail.net and tells me it cant be verified. (Is the new github owner progressing so fast with BS?) May I ask you humbly to start this new feature request? Thank you!! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl0B94BfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxZdBAAsk53uDrMRL7xUjRXQwG+tCFGmSBJuvq/RswRL/z8c+4J8jM+7ZOHkbhg y4jrYrlp2OFKXWb4sXdIabXmKCLPQRA0N1WS8MWzWgCgiPMQfVc+I/u4/Qd/Hw5G TY375VBr9u/vb29h/7eM878R5Wo0MPNn1xY1A7a4iHLKzslTpRrtwvuIJr03prdc 2QB/qW69tD3DmsLs+Ps92II2R1hOhedqBJLR+sgbvn6O5DyGgVFKW4Qzvs7LZFxq P1Qb9zSGEqcakkZ9y++sGAEx8nROrLRKnUVEtMc9vgOj4C75w0dszlGTNHVZoszn Mfv/fvk7tYjOq3AxqNOj/mF0urlovadw37YRf1AuJKqtLrdgKBvsQBFKnYlY2D/C qFBxJq2Jq77PqEXYqBSVbjTuvO5gosxRRsZfJ9F4dAPjNYflmzabWJtpph76hrO8 IrIduRfrVIdPU0fQbJmTn2chpthyMDC+wrH8W6vAbUDaG+LaOVFflcOsYJKMyKl4 vQTnlj46dIP80+PHDk/SrU3XnLRt16/L4GcT+LWhGqnGaMJdxgPCMmlqM9fyom3y refRmmCP8QdlgLSbZQIeIeYdB+LI6z3KFTAvUAYhB3Rob/d9vHRBVfUakhlPTHRE Cd6H/Fl3QQBtL/Hb+u+uH7J6g/o2+9ubWIkt17p3jGIhb69S3hg= =fGZC -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1e6c8654-cd23-0cd7-355c-6986d52810f5%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] gpg-split, what am I signing/encrypting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have been playing with the gpg-split and would like to know, if there is an option to see precisely for what specific task the work-email AppVM is connecting to the work-gpg AppVM. Currently I let the work-email to have a blank access to the work-gpg for a defined time (300sec by default). During this time, the communication between the qubes is unrestricted (is it?). Is there an option to set the gpg-split to approve a specific task only? Lets say I write an email to j...@email.ok. I click Send and I get a message asking me "would you like to encrypt/sign the message for j...@email.ok with your key ABC?" In this way I am restricting the comms in between the AppVMs for a single, specific task only. I am reacting to the Trezor-T where you can see on the Trezor-T display what precisely you are signing. Can this be applied to the pass split as well https://github.com/Rudd-O/qubes-pass too? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlz6fPdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uw1+BAAm7Vw5ilKzpR+Z38k35ElkS8GhLe5QVrEyfcRsePcWHV97O/Z0GD6GJAw Ffmh/RYv9i4jBGfpwoPCVjC7KezqS2rpeAnDAkwOyFnmdBvJZtyMwnKT65N5cxUI npuC9j6D+6AVyWwn8YCUr2P9yiNHFAgmRqXEHfoTPK12WJdeOgmoGfSaPhZiAilI jQh7bYrxEm6dK6u4BWVZKYYHH9dCoCORPc7Yj3K+P+mRQEugkEqk4ysZsYwqZo+v WuPwWKO67LeBkv2CJ1Dl5bPq+OhtNAtH8os05ZqvGSQEo28za77rKY8pgJuNIelx 5Cqi8BbKAmBUaqy+2iKHK8tHN2KakRTrvbkbgOnfXBK90eboPDEskjkZT2g/Ahd+ iL/kRk4YKIU1oxGzyorAYd2Kbh5s+MY1tcUWj/m98f4ZzVDr5f5ZyJQz+GXCpc+7 3Z4ZeaGz2rMQHL8SQx7ZQ74M71pECcGdyLp+5IbTCUA9JOYXEQo7vrjfZpI7KIkV RvRJ15fh56OF07smhE4/jxioEAYsTWDTrfswOOlLYDBdwgIIg3qGeVVEMf81PcfI AAGuGp1kqyldYPvjUflc5VFZXelpqq556z4IkX0D1juwGwOWpZ29PNEl74KwwV2w fPV2B8z8SlXAz9PKEj7r+Q7+MsWYmnEVRJJOKwOLz0d27Hb32jU= =lbJ0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/281ac966-7393-dbc0-5883-3eab33518005%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] How to automate cloud backups of trusted vault files?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'Side Realiq' via qubes-users: >> From: Andrew David Wong >> Sent: Sat Jun 01 03:33:28 CEST 2019 To: Side >> Realiq Cc: >> Subject: [qubes-users] How to >> automate cloud backups of trusted vault files? >> >> >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 >> >> On 31/05/2019 10.33 AM, Side Realiq wrote: >>> Thank you Andrew! >>> >>> Wouldn't described scenario be mitigated, if one downloads the >>> backup in a separate disposable non-internet VM, decrypt it, >>> and transfer the decrypted files to the vault? >>> >> >> The problem is that, if the decrypted files have been >> compromised, they could compromise the vault when you open them >> inside the vault. >> >> P.S. -- Please avoid top-posting. >> >> - -- Andrew David Wong (Axon) Community Manager, Qubes OS >> https://www.qubes-os.org >> > > But how can the decrypted files be compromised if they were first > encrypted first locally and only the encrypted files were uploaded? > Attackers should be always able to compromise the encrypted files, > and compromise the decrypted files only if they could break the > encryption. You mean that qvm-backup could protect you if the > attackers break the encryption and put malicious files inside your > backup? > Basic rule for any security setup is to never move any data upwards from low sec to higher sec area, under any circumstances. Thats why we have in the /etc/qubes-rpc/policy/qubes.ClipboardPaste an option to set: $anyvm vault deny $anyvm $anyvm ask To prohibit the insecure behavior. But would here help this as a higher sec option for cloud storage of sensitive data? Could this be reasonably automatize: To get the file TO the cloud from the high-sec vault-vm to lower sec VMs - - encrypt the container/file in vault-vm - - hash the container/file after encryption in vault-vm - - log the container hash - - cp the container to the cloud-vm - - cloud it To get the file FROM the cloud, and move it from the low-sec to high-sec VMs (even not recommended) - - download the container/file from cloud to the cloud-vm - - hash it directly in the cloud-vm, or hash it in the DispVM - - check the hash with the logged hash in the vault-vm for authenticity - - if ok, cp (even not recommended) the file to the vault-vm - - hash it again (?) and make double check the authenticity of the file - - decrypt it and enjoy its content Here you mitigate the option of running a malicious file changed by the adversary, but not the attacks related to the dirt leaking from the process of copying the files from low-sec to high-sec VMs. One could lower the issue with multiple vault VMs, which would compartmentalize the possible damage but also increase complexity. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzyRrdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Ux0bw//de1gDobKj3EeR8MmWFREz74ovx4bPs1MU0UDMCnGVFNGp20oBn2wHyiS 2dYSw08FJywZQxoBWMYGl0c0Iem45hvQu1sUCGFKhRFFUv2rVlJwcTbn2khLayGq B/SBoCY59YbTTxxA9KSBBDGeNLymziIn3N/U14A4TyGM6me+oQzoLRo5U3cDO81w BNdbBaKxT2bYIFGhk8LbYQQ/oAzXzfJJW6YWqFCkBu2qxu3FKln3DISVkvPIf26c wVEp2bD1emM2EjE9kMQEtkE0fJMrPWRvDqHoTVRHGUK1ddZmow+Eukf+LENWxRFz 75eMByj2Y1aWLu3H39pUA71iqzMGq/VHbSw8Kio4uN/BT2njwwksrZbdgW7/GMYN qXuUzREYxO3Age5PXOzR49t1KwKcVQUn4dyLiz8s/XL3gDzSdiVUPej1gnkw2BU0 cFUypt85dxqO6khkd5ialHCArDAxUMhWUqKGywz8v6hh+tW/AFMJIdnKAyFTtwsX KQVyzoh21QW7zTI4yHl8lpli8nuAKsW+tpkETuk8zsvTbn9HAX4hujz/oYuUVKuK kzEQkUxxGyr11bw4XRcpF2MEXJvCJFtjsPxAqsZClTbIk4chhPUxaxjn8W24zYCf k30uAfKBjaIIkcCQyewUVnLvca/CzYdoejnQ+OsgzFvIx+3oOKg= =Xm39 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e8adeff-bea5-0329-9de0-c2f74152983e%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Weird icon in Applications, behavior of the deleted VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > On 31/05/2019 2.58 AM, scurge1tl wrote: >>> On 30/05/2019 7.43 AM, scurge1tl wrote: >>>> Yesterday I was experimenting with monero gui. I just >>>> unpacked the monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash >>>> and PGP verifications were ok) in the AppVM named monero-on >>>> based on whonix-ws-14 and played with it for some time. Than >>>> I deleted the AppVM and shut down the laptop . > >>>> Today, when I click on the Q icon Applications, I see a weird >>>> icon in the list between domain: and service: named >>>> "monero-on-vm", with a weird icon which looks like a box with >>>> trash or what. Options available are: > >>>> monero-on: Chat support monero-on: Dolphin > >>>> None is working when clicked. I thought the Q button >>>> Applications is under control of dom0 and there is no way >>>> how the monero-gui-linux-x64-v0.14.0.0.tar.bz2 would >>>> influence dom0 this way. > > >>> This usually indicates that the VM has been deleted, and the >>> leftover Application Menu shortcut was not cleaned up >>> correctly. It's a box of trash because the original, correct >>> icon is no longer available. > >>> You can clean up the shortcuts manually using the information >>> documented here: > >>> https://www.qubes-os.org/doc/managing-appvm-shortcuts/#behind-the-sc enes > >>> >> If I understand it properly, I should go in dom0 to >> /etc/qubes-rpc/qubes.GetAppMenus and delete the entry manually. >> The issue is that in my /etc/qubes-rpc/ there is no >> qubes.GetAppMenus file. > > > No, that's the RPC policy directory. Don't delete anything in that > directory unless you know what you're doing. Modifying the contents > of that directory can have significant security implications. You > can read more about RPC policies here: > > https://www.qubes-os.org/doc/rpc-policy/ > >> Also in dom0 the /usr/libexec I dont see any qubes-appmenus to >> get to qubes-receive-appmenus. Maybe I am doing something wrong. >> Could you be more specific with precise commands to follow? > > > I just submitted a PR to add this section in an attempt to answer > your question: > > https://github.com/QubesOS/qubes-doc/pull/825/files $ qvm-appmenus --update --force monero-on Traceback (most recent call last): File "/usr/bin/qvm-appmenus", line 9, in load_entry_point('qubesdesktop==4.0.17', 'console_scripts', 'qvm-appmenus')() File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py", line 612, in main vm = args.app.domains[vm] File "/usr/lib/python3.5/site-packages/qubesadmin/app.py", line 87, in __getitem__ raise KeyError(item) KeyError: 'monero-on' Now I didn't try yet to execute $ rm -i ~/.local/share/applications/my-old-vm-* just in case you would like me to try some other tests when issue is alive, to see thats going on. Also if you tell me how to log the boot sequence, where my long time deleted VMs are appearing and trying to boot, I will send it to you. > > Does it help? > > For reference, this came from my discussion with Marek on: > > https://github.com/QubesOS/qubes-issues/issues/4711 > >>>> I don't know if it is related, but when booting to Qubes, and >>>> watching the boot process, I can still see Qubes is trying >>>> to boot AppVMs which are for months deleted, with "Failed to >>>> start" the VM. How do I delete it permanently? > > >>> I haven't heard of this problem before. Please consider >>> reporting this bug if it hasn't been reported yet: > >>> https://www.qubes-os.org/doc/reporting-bugs/ > >> I will report it. > > > Thanks! > > -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzyQF1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzEtg//fgtYzKJZpCYPXXCzrCPrGUMPi4c4OdfFx5th+wQvkQPwWu82ya9hXGPe uBFLZ5eCKqwSjxvcBiLqJgJ75Ye+r4FWVm8MoOh4ZQRbTf89/CixpGKrzzspUh5M 9hlNnG60kKuGMqV84TWcRZy8Lcc+uAgJTyZBlhonyP/SQ94/unSMwgfqfwDUe5C3 Ag/EdiLhOIogiA0fTCbf/KZCf3LuHU/uR46jVcqylHJMrwUDHbir55X2XzwU8aY/ 9/0KiUfhAlMYH9tI27NEdHqOGPSlhieGiZzIXfeZYshQrNiCRNVGnupoWJztdUFo U7ZzJzX+jg7kI3Z10jLjmaW84m8mYSgJSgZL0mfXNMhVIsJKnv1W7bAKpp07QL7q M2wQUGEqFiYCdzDKkycsTUGlOqNCdXYDSI00G72eAjIObZUPXgT9h38WOkmhNWX9 DmHWwxlACTA4245XIbGLr9MDSdo3e3Uxb6wprH0Iw6dJEcSJAm+lLDs5PrwvuJDY TxLIpN2KhZi8WmjDx9zBroj3AiJ/
Re: [qubes-users] Weird icon in Applications, behavior of the deleted VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > On 30/05/2019 7.43 AM, scurge1tl wrote: >> Yesterday I was experimenting with monero gui. I just unpacked >> the monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash and PGP >> verifications were ok) in the AppVM named monero-on based on >> whonix-ws-14 and played with it for some time. Than I deleted the >> AppVM and shut down the laptop . > >> Today, when I click on the Q icon Applications, I see a weird >> icon in the list between domain: and service: named >> "monero-on-vm", with a weird icon which looks like a box with >> trash or what. Options available are: > >> monero-on: Chat support monero-on: Dolphin > >> None is working when clicked. I thought the Q button Applications >> is under control of dom0 and there is no way how the >> monero-gui-linux-x64-v0.14.0.0.tar.bz2 would influence dom0 this >> way. > > > This usually indicates that the VM has been deleted, and the > leftover Application Menu shortcut was not cleaned up correctly. > It's a box of trash because the original, correct icon is no longer > available. > > You can clean up the shortcuts manually using the information > documented here: > > https://www.qubes-os.org/doc/managing-appvm-shortcuts/#behind-the-scen es If > I understand it properly, I should go in dom0 to /etc/qubes-rpc/qubes.GetAppMenus and delete the entry manually. The issue is that in my /etc/qubes-rpc/ there is no qubes.GetAppMenus file. Also in dom0 the /usr/libexec I dont see any qubes-appmenus to get to qubes-receive-appmenus. Maybe I am doing something wrong. Could you be more specific with precise commands to follow? > >> I don't know if it is related, but when booting to Qubes, and >> watching the boot process, I can still see Qubes is trying to >> boot AppVMs which are for months deleted, with "Failed to start" >> the VM. How do I delete it permanently? > > > I haven't heard of this problem before. Please consider reporting > this bug if it hasn't been reported yet: > > https://www.qubes-os.org/doc/reporting-bugs/ I will report it. > > -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzw3oVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxRRRAAuDNdemKY7HtKUmInJv7hkSDlLND6qaK/ULF47iJ/SCkH+Se9kVSw3bjF /VH6AZzIS6JQM9CRV9o8Jbl2++5ekDjVQ70vfTinK3zhwTJAsy4q6avY9Kau0UTr WiGXdM7IEBihYlVL6V32ySl14FOgTTUzOtrCklUz+5aKssZHXN7LWE9p4bY4Kerr yzAspUJkbVRKcLzDfjNE7jjx+xLgranTVR62rW6TSZfxAbFBYG2R1RxRRlzOOic3 qU2/ldSh90WBdylFnAQrYauU40uW2rSfVpHMj0sbnd9zfZeH0S5W1cFH2vTYPPJj MApjjx1TL5zbkIYMCpSzsTvvyHtfCwDMJlNT4MiytfPI4UJ0Ww1qQsAmDdFFLOrv 37PiPMdTMXnBCA0QRPntEurkhOCTRQTFcV0V8x77TqD63oD5dqFOaTSR2gWWZB6o RcVGQ525VvSqYhIm1LvqDb02PzJM2XCjyAnTLP6EyZBSYKxBzmwcPA8xSYN2gPXF upnDfxfG7A6GED5nFkON3GkvPmdxFV0UNPuDGe8GaHY2Z0yJmvtQ2rX9ZNeE/NeD LMlfic3m3g6iuUPl+91/ptBPmvm/QvDzBhns2B+t8hQIKcDdp0ijeFYAUUdmM12o x5BOJqMdWsMZKgKvhRVW3lAki0X7glsEU5qyOEes3CImSpvRZFQ= =5dzo -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cf5facae-6eeb-69a4-3d91-d3a0e4deee74%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Weird icon in Applications, behavior of the deleted VMs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Yesterday I was experimenting with monero gui. I just unpacked the monero-gui-linux-x64-v0.14.0.0.tar.bz2 (the hash and PGP verifications were ok) in the AppVM named monero-on based on whonix-ws-14 and played with it for some time. Than I deleted the AppVM and shut down the laptop . Today, when I click on the Q icon Applications, I see a weird icon in the list between domain: and service: named "monero-on-vm", with a weird icon which looks like a box with trash or what. Options available are: monero-on: Chat support monero-on: Dolphin None is working when clicked. I thought the Q button Applications is under control of dom0 and there is no way how the monero-gui-linux-x64-v0.14.0.0.tar.bz2 would influence dom0 this way. I don't know if it is related, but when booting to Qubes, and watching the boot process, I can still see Qubes is trying to boot AppVMs which are for months deleted, with "Failed to start" the VM. How do I delete it permanently? Can you advice me how to work it out, and put a bit light into the matte r? Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzv0AFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uz6nQ//T7N8S/u+mCX6hCwCI+e6GSW7WdOiFygmWV6IoPA+UnX5K3ypracVyiQM DidkaqLYP4Nr5sH3h4WvYcD1Gpr4lv5PCIB5Gc/3g2pe0N+iv6FAfFDz/0T4shGM xhbjux9mQPXFTcvRNSiyDsUYIl7QNf+iMXnDMwdsCCBLkm7tblxRxmSWy+/mkKML ceTm7Wt/6TsOk/oMvMWtDIf1V7ud9GeGUyNmrZUuh+nBsHxvCndOdmWYkswuvSir oGkBAgyg3iAYfBLSMeBPAzMyYnGoSqx1OP3qxozKNyGh9cIZuBvQfDMTyJQjK2f1 vaOTCh9Ia2IRK9nrynG5QnI+iWXKZnZAlWTFrZ6Rr5Ghg5SQgyGhr55ERb5e+QiE HveE6jvAwoF2qmYk+YeeWjzc3Fe1doeNEmTyNGO103td5uxiuZ96c3kOfW6q0uCc sRHpBgM4/gToeDEB93c1TVUU4h+b847yROBC0kfz7k2WyYqSnIyHO9NODrpDGY3P On56xqYA6pwzuLLsDToSz001bNMfMKtTtMuL1jkhsGXpxj77P7pBUhK6zLSnZxys BA5w7HFQEmICH/+A4QLsRYvra4CFeVXv392MXOdlXa3y8V+zQTaAzaYiAC1NqV99 rYE4QNh4X8GbAsY/IcqZYoJvVvgNVAWijRSYhxXL12YUA0Eeczs= =GZCa -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0acf14dd-f40d-06d7-1381-dfde3447da78%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Global Setting return error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > scurge1tl: >> The only thing I spotted to have issues, is the Global Settings >> button, which is not reacting. > > Check https://github.com/QubesOS/qubes-issues/issues/4988. Use > "qubes-prefs" in a dom0 terminal as a workaround. > Is there any guide of how to use the command? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzvyelfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UwYmRAAni+FSOEFrK36yX4MzPkk5fFBCWD2rYTYpuKmPHDakf4hjcSIDPvFTYHQ kl5rCXopsbVF+aApjvnzdRwvPdX0oLzp57PQ983tFPS+HRjjd/HFnGiNioStF9F4 L75xReFyeMVHG6M5t7xWh+t4j1Q6v8o+H+T3JVeOHSI5n1KvDgq0u1EggSrrqsW4 1ADcJWBlC4ynrAIf+fjyUUcOFh8f4CvR9/iSZq0zVM8v527szPsuQjhXdYzbHz78 rfZWme1E1gBn2ZitOKpQql9qaEqQLn3eCFjRil8oM935LkOANUprCyGRC4zjC3tv etuBIYRB278BYwj6TPd/jXmFYjDrsHLecJGFBlEXXDT8FtqCCbllhApz9OcdTFLp SVsUoHOUpHaS+sMYPvinZ3uzIbVZSmBJy0/SgJEnG8AispyrXkKNNHYnJ9EXE8LW x9ef5pfP6n0gzAx5SKw85NaiHaLOSsarFaw+rkEAJZD4kPS1vGKjQYeL589SvZ+V e6V+mD+2gMcF2iNVtYGXV+zoBnPVU7I4z4CG9bJVCMVYycbt9/zHm4fFAuZyS9Ys 64eKKySIfuWQFKBkvUGMYDGegPICJtoSEFvkf4rJibvP9l7at1Gj6wispbWN001B +nDaq8azUACjv1YNfV1N3AeF7oWzJADcvotyYtpv/+cfS7DBqjA= =gVM1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13fe4684-2b46-3396-076e-219089f51069%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Global Setting return error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 After yesterday's dom0 update all works well. Even my login gui screen returned from afterlife. The only thing I spotted to have issues, is the Global Settings button, which is not reacting. Also the Applications -> System Tools -> Qubes Global Settings returns following error: TypeError: setChecked(self, bool): argument 1 has unexpected type 'str'at line 248 of file global_settings.py. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzuxfJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzvxRAAl80EJX//QzKT++JJSwappybMZMDcId7EHXYglKaMeks9Y6ZFUsuIrFAH ld1dqUsPx6SQam2LCzDRHgrEEzQGywOXT0xWMIgWJ4jjY1QHg6vD0GUo70Xzfs3g 6ooCnhf4pzYQssFaxI7J68TQCeUYkw9hULOqMoU6RKPbQs20WQaL0Q+1QPUxzBkD h4P9lXGc21aspOL2x4QujJHyDqck9lpvf9iCq791sqs8nty9bU+sYYykQnJCU1kq NpdxIse5CW7ZxoyL3pqKPaTiqKqRyfN1LT5J4Ro1X7er7anwMclBcF+cKB1Cctuy bnPfwasIHvPKu7Wo/xKRiA9x+fTJCy5xfU1x6rsxlFdZ9trC7Ek7x2HS26VDz5c3 Grj3wSe9EZfeDbGRlCpXdVQAxIB9/0ESZrGhkecXAFZWZL6Z4jX1XuUb1Nj32WHt 0HflKQSn65FkTayyUFUmLEahqAEv9YIiW+0vpt+Hy2c1Kj/ZzfRnBlxgUE2g+b5h Igg8Gdpw+mNerWjgoWcKj9+ID0adzGaR984Gc0qcoK3XeiFfQQ3yXbqLCAitjGc7 nJBMRRF+dRHKTjN1nSEXiUOW4+2SAQLAuW1nZ2FJT8TesuoCATl0I+g7qx9w/fSR tPTl3OWsdzMQzRQvcNPB6SMzpJud4mA/Z/Ns6UdO8xa7VCdjhyI= =LN67 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1dbf4005-657c-a59b-6308-2b342fa64220%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] X230 vs Purism - real world attack probability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > scurge1tl: > >> Can the G505S be bought in the setup you mentioned, with CPU/RAM >> HW init opensource and so on, or it is needed to hack it myself? >> What is the performance of the X230 versus G505S? Seems that >> X230 and G505S have 1366x768. Is there full HD option? Can the >> Ram be upgraded to 16GB on both? > > You need to Coreboot a G505s yourself with a hardware flash. No HD > option, but it supports 16GB RAM. > Are the inits opensource by default or it needs to be flashed too? Also how does the G505S stand against X230 in regards of performance? I suppose it can run Qubes without any issues. Is it? Thank you. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzuwNBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxBJA//UvHzk/0oNswv+zM7KxBeVSV43XomDN2vuezJyE0Lq9t+M1ykht88wDOp kq5BXN60CNWd8F95DiHjrmeErTNCkGPjNI8IWxh5N6rDCDwyOO0kD0p/xlXdxvU4 L3KEb+wRdxI0/BMjJEgPi9Cfrjn9kgWYYoTcbJqDQMdN+PlZy6rA4xcMk2gIoUN3 MiONCJ0b5bfmohAW5YIUsMLq3nG929gKn8VujsMRjZ9jNeHehgxtViZi9rpLiUbT N+lNXJ5Y/JT1Qu/oTXu1iAQDnJcX98GA9fubna8swBma90sykTgKAz93qf5H5oKI vjtthK9nIjVSKo+fuvAHUVUPvEK22NweX5DV7AacWo2su6J7onsVO3V29Bfqn5ia +T3fhqL88nN2VRyHp9TrXH33T6cpznAYhI8ITkknMxQeVCKjpPrF6r/35mMbFaZ8 AV6F2IpJKIqRD8DFsweqqYYXAwP6WdrCxmeDSxFxVeALDZ4IIalJqX+L1yL9zRUD j+yxfM+NjW1wEjcoL6rM0+vqZzqqMZ8VqAZNACvVWtQPHb6E/HYZHjzLyIAHhIph u9FcoFrxRFmdDoUCoEZB4jjV904YDxQ6BsJxHe+L0FvjXgoH/MTh3IGwKiqEQJ2k guzvaFJefahJT//u5U8nxsa1DlaowrT2Zme5x/C7paX/5aYYNhM= =4Z6K -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7cae21a-e357-b4cf-5b19-0dcccaeb663e%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] X230 vs Purism - real world attack probability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 taii...@gmx.com: > On 05/21/2019 09:52 AM, scurge1tl wrote: >> I have a question related to the decision about what laptop is >> the better option for Qubes usage, from the security point of >> view, in the real world. >> >> The question is related to the IME on Intel, PSP on AMD and >> other Hardware holes. I took these laptop examples to sample the >> differences somehow. >> >> Pose the non-existent micro controllers updates, like in case of >> X230 with IME disabled and corebooted, which doesn't but get >> these updates anymore, > > What updates? who told you that? What micro controllers? I heard that many times during discussions. I am not a programmer so I have to rely on others to evaluate the situation. > >> higher risk than only partial disabling of the IME by Purism >> which still but gets the micro controllers updates? Or is it a >> vice versa? >> >> If I would like to have a strong security position, in case of >> the laptop Hardware with Qubes, and would decide in between the >> two, which variant will be more prone to the real world attacks? >> What attack vectors are available in both cases? For example, is >> one of the cases more resistant to the remote exploitation. Is >> one of the options forcing an attacker more to execute an attack >> with physical access than the other option? >> > > pur.company is junk, they are an incredibly dishonest company that > sells "coreboot open firmware librem" machines that have a hw init > process that is entirely performed via the Intel FSP binary blob. > > The x230 is far more free than anything pur.company could sell > you, freeing intel fsp won't happen due to how difficult it would > be without documentation and how long it would take and it is both > impossible and illegal to free Intel ME. > > Illegal? Yes - ME/PSP is a DRM mechanism and bypassing them is > illegal in the usa where they are based. > > But since the 230 still has an ME abit more nerfed than the > purijunk you should get a G505S which has no ME/PSP and is the most > free laptop option. You mention G505S. Can it run Qubes without issues? > > Pur.junk = me kernel+init code run (not disabled), HW init 100% > blobbed - performed via Intel FSP X230 = me init code runs (not > disabled), HW init is open source G505S = No ME/PSP, CPU/RAM hw > init is open source, graphics/power mgmt requires blob but IOMMU > prevents them from messing with stuff. - the most free Can the G505S be bought in the setup you mentioned, with CPU/RAM HW init opensource and so on, or it is needed to hack it myself? What is the performance of the X230 versus G505S? Seems that X230 and G505S have 1366x768. Is there full HD option? Can the Ram be upgraded to 16GB on both? > > pur.company lies by claiming their ME is "disabled" when the kernel > and init code still run. > > > I don't want to say their name as they send someone out of the > woodwork to defend them and waste my time every time someone > mentions them in a negative light they go and start claiming that > they are "doing their best" - whereas various other much newer > companies are actually selling owner controlled libre firmware > trustworthy general computing hardware proving their claims of > "doing our best" to be bullshit. > > If you want more info see my other posts as I have made many of > them re: pur.company or laptop/desktop/workstation selections. > -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztYvBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uy78A/+N+BL/lLBodnYBR7yfrOisHvUtxMacQ2A/m6+4OAsZSRyGVN+qxSOg269 LZgxwZfaJuWZuuhPGuLftY7j7Vz4zopgPjlcVQ0UR01HD9jx16lXD3E2mvGxxuSr gwOY1FlrknV15qFl/V1HvGXKXpqOCKOyPUjdjSyGpB8kc0lvjAaC1KDj09G6CzXF scp98rOLFYbvIairEfWuiIvwjTmfwyTxNQRrG7hYomiE5EzDslPT4Owpoky9RGzj T3ICHJq2pq/8GqgnX7DarxkPRlKt7VNMg6ZdfoCkeN+zqty0T2WMvre77kgAlykQ HMh+hdkrGztFapM1lA1PBifxNhznxDcsICEzl5khPyey3sZYkA1HVZ37Z+SVMYyB XtbFc+vFx8l0uEhyXlJkotgxg+1liguReK3KCn1t75CpUsiVrQI2dtxC7Ns3SjmI H/Hlg30Ju4KV9emb0icNHwtv9HhE9huOnFzKS3KjGHTn+GrS0ubzQXfvRmfrAFbC Kwz6OYQP6VsX4FwJek6UwS+rfTyHi50Uef/QvxKqN3OyukonVfGFzB+l7EWZthpd U63IdtVD0dcHag27qh65ayPXwTTLLHxpa+52eHxnxI+19u2RT5XErhdEDBzL9UDC kghFEw/Rmt1sGaG93+vRRVFpyph1JWnyyQEbnji/FAx72ALv754= =YmLb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a16d0794-a892-0a75-16f9-6bf20aa2fb29%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Updating Fedora-template
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 josefh.maier via qubes-users: > Hello forum. I am new to Qubes and Fedora... is there an equivalent > to the Debian 'apt-get update upgrade' ? Thank's a lot for your > feedback! > > Joe > apt-get of debian is equal to dnf in fedora -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztVaVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UxgJA//SfVfi/QgI4lz6BWRuHTzc1QuQVpT4hLpNQdOHmpFWw19toHVu4Lrq+Jp GQzUhfDBjcv98fpXJFzSoHhqDqbvwkJNIyG0JQRV95XxoaBPlW3HiZ9FBbIW0GHY LtsbXXrefI5OLC9O4E8QPUoPatBRvIpJkDxOjwp+9b5AsOnGMA3p5Q2D6eOkqYkQ xAQKUdms2pwbYXIyAMzbXUJQlFMdm9seH2++RLL0MjbaMI6IO/8iq4GtpyFYabhy 2k1v/be1KQeYYioFI9bkL+ukD0T0RxCq9P54v33a91qJyPPs9HQZxzMeXBXhn5QQ mqeR6nlW00rBUk9/syudJYIRbzVD7iD0knDWgKmgyXFqrPEfzXzM5GJl8HsLtSQ9 dGXut6XWUZwWwQyTAu5g3u74+feJ1M/ppL981/aQpM+TlSJ1M+s63n+TZVGddHuB NFCEzk85sz/SUvfWA7VqrKO5sU36PkTBhdFvHwtTXIWLN7DV/ptulImi0yGKkZTU SX6WGHkheQQgWI3rmCxfHTT8axWXEtXRxoNUUH868otN6BHee0FVhPPTWqxOqiBB 0mT8UABm0VTryFkKzvpanrYL9Ddm4POTzsJOFG08U/MCh0apFwHCGfoihfVA1iE9 y839ExqvoFXJHS2YAoXE2XFg0AS4DmqQlOl+JwHDREBLhy9o9ds= =MGnb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/594ed318-d404-0445-4adc-d7277e250d85%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Is it safe to update dom0 now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > > > 'awokd' via qubes-users: >>>> scurge1tl: >>>>> I am reading the threads related to the issues with the >>>>> dom0 update. Do I understand it properly that now it is >>>>> safe to update the dom0 and the mentioned issues are not >>>>> spawning anymore? >>>>> >>>>> Should I better backup my qubes before proceeding to the >>>>> USB? >>>> >>>> Yes, the newer branch of kernel has been temporarily pulled >>>> from updates. It is still a good idea to do a backup before >>>> major updates. >>>> > > > > How would one know if an update is a major one? Or you mean every > dom0 update should be considered to be major? > > > Kernel updates and/or Xen updates for dom0 are considered major. > > Basically, you should update all other qubes as you normally > would, but when it says there are dom0 updates, check them out > first. > >> From Qubes Manager: > > dom0 -> Upgrade qube > > It will download updates, but before installing, will show you > what they are, and ask if you want to install. If you see kernel > and/or xen updates, it's always a good idea of cancelling the > update, and do a backup first. And check here for problems too. > Is it a good practice to backup the Templates as well? It is a bit large, but I guess if I would like to restore the qubes from backup, I will need to have the templates installed to make it successful, right? Or is it enough to backup the important VMs only? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlztPj1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzA4RAAkHhfH8OhsxNa2OKpdgwM3//zAePxInV4tK3hknm54czDRP9jnZwXLnyS E6ni8pneWu+3pja16o97ivr1gzJiz7lY+TmMH+uyAs8xUKQytl9qaTlw6B89jg8r 3C3i495QrHGRerWS9rD5B3l47Ukhc/wS+oEBTwgdWpm2KB0pz0I6QI2Oc+zPruGQ QTK3QwCBAfX6QxOW5pJhHFG0wj49xuhdbseSfia0MjhobNSEsMJgPAAVs5ABvm27 BM/2g5xU5RvfP6iToh5htLfWQflSzwxmpNXVY+OFyGunPTj80zAW7iTtI7BIi+KN 0Y8jIkw8Gopxrc4qa9y5uZNXtmAZmbIify35/Bglms+DW5+wFOhxNUfSpsq9YkFt f5nyxa0qpnb81CzWRlmoiOqZuA3sLg1ACs4TEhw3tIsqaOmqn+xgI6SNkycNCrRG xOEHQTWe9iZA6aWtX7nnAElcqljZCVdmiMNyM1K2MqtfH7EQ+P4DRO0nNe/KY3NN QCZizlY1uvHyoVqoOpoMaOmVpefg3qpshDLt6gu02TJNm3JRd1wwY7RcLqvp5PoF 1+5r+TTsf2ncPIXUsYJJ/Fka7i3Rmr3R9ofyRUsRL6gr+0iRvgU1ZdsDEXgY1RHs OqOyyxotG6NTnP7SQQJi08HOJWgANIqVeqQzDA74Zm+vKXyrTvA= =47bF -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e68dcedf-49c7-9342-be2e-120a0a2cbebb%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Is it safe to update dom0 now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > > > 'awokd' via qubes-users: >>>> scurge1tl: >>>>> I am reading the threads related to the issues with the >>>>> dom0 update. Do I understand it properly that now it is >>>>> safe to update the dom0 and the mentioned issues are not >>>>> spawning anymore? >>>>> >>>>> Should I better backup my qubes before proceeding to the >>>>> USB? >>>> >>>> Yes, the newer branch of kernel has been temporarily pulled >>>> from updates. It is still a good idea to do a backup before >>>> major updates. >>>> > > > > How would one know if an update is a major one? Or you mean every > dom0 update should be considered to be major? > > > Kernel updates and/or Xen updates for dom0 are considered major. > > Basically, you should update all other qubes as you normally would, > but when it says there are dom0 updates, check them out first. > >> From Qubes Manager: > > dom0 -> Upgrade qube > > It will download updates, but before installing, will show you what > they are, and ask if you want to install. If you see kernel and/or > xen updates, it's always a good idea of cancelling the update, and > do a backup first. And check here for problems too. > Thank you, clear enough! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsJJBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UyDehAAiIfRbAGpqFwJF8kjzk9A/D467Lb70zwh+susEQnHWmFaa1w3qnUgZh8k m8oM63NqcrdQVKJsvHfuZyFwHKncBf1wrG95MlfEG8vGq/pq0ezyz9HGwwt1ba9M mp8nKZTCJ03C8EHGEovDIqYHbjppESa4U3m0MOt7CsdDVlsVrudYpwpENXJWoN5w J3e/eW11NPEyxXQCFAZYOkZZ7Lp0atBgj3s9LWb/FmlEUXSBtz62/uBg4wYlU2UI kfNwKLbZy1fctZD9jEYVddO3CVwqSZz9fPCruZL28VA3sdXW2Li/T0+LsbcwfFb6 6eNf8YSK4VB0hoJzLwjpvJ5qKAd/dxlhe3PYwTJSbBefF7CbI5IJpaIXguLcx0Mu JfRlGNE7VazPXHWnrnaDIXUaQo9aNBGVs1WesLhMlHkLLb9rPXn2Nai827I8yjtD 9+TOh8gfo2o6D2FYs9x5yRh2mhAHstseTIl1I8hj0DyrhKxXqQoa+2hwFEFcImrm IJ+LmIMBiy4Br6Tghbl6WMH3Spsz8IemDtvriey5mm/+DaxL28zDWmWZHaKpKo01 4EQ1Dv11YXSHD3uX1QwqrAxm0e5YfDpHhFDYBCx7vjgDPpCqc5YjM3lp+DqaqADk Cy/589q76YJMJ8kYMBcWUmVe3e11QGV9BhDi9aX/yqw4JadNVIg= =z281 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d4f81417-dc21-5628-1e89-54b1847f3cc8%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] sys-usb not showing up for attached USB
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > I attach my USB key I use for the backup of my USB port. It gets > recognized as Device available. But when I want to attach it to my > running sys-usb, it doesn't give me the option. > > I tried to create a new AppVM, and it shows me the option to attach > it, but after I try to attach it to the new AppVM, it doesn't > attach. > > I use the icon Qubes Devices in my panel. My internal microphone > has the option to attach to sys-usb easily and is working. > > Sorry, the first sentence should look like that: I attach my USB key I use for the backup of *my Qubes to my laptop's* USB port. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsJAJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uyucg//eiEx+WaAtkOA23HeA0ViDkDqFXzieHntx3ffcoTPNpiPxPKj8jlZFmhh MQm5tqIInUV0yYIZ6N4xfaI6o2XgBFwtT3mP1aMYxCu6TLg0xAI1FYU9xZlDTbiU 2AVtgbUwuLFAkqP+i8uiIy9tdVwwYcJRQ1WaRjYRNxFrlDIDOg1PxWmDDWupEryb qiXp4GpIngaop3lNF9x174hmPSlzj8r+rrJ53xKdlGrzTQbeidL2GeZd40hSYUuw USkfAiWau2H6IPZNngMT5mTI2US1gv1V8hQcmZpcitIayQC0lh4HiJDPOg4TNqno MbDEcEbodRd6RRAqae5K0jn7Zv9Doidu4uUGZqZ/ITyac5r6klRcno4Fci5V+DFU XUO38vYnimROqnMvVfBVXZKcOR96KtTyHasoN5h5wFgZncC9LcgfNCu0dhSoG5Kd dh2N0oWK46oue/yxoqMetmO66pzvZmxoTNkRDI8QFJ0ydUsWRZfqRavx2vSQFENZ xtpQGpGcJxqunVfHEJ4odoXp9v4wjzv8LVaAfHzTcam1glyVuq6JXQAx7IQQaG3R C+6a4daiOc1pdWTKvh4/drcHSZ5oE6lVCivqnaSExwGd0pYNY4oZ+F+UHMtpzOtq hJcO2b0t9uoIxvmIXF6cJpK9OhAr5QoAN+8ijTLEsELpSjx863g= =WdSA -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f23c60d1-8877-4c0c-7600-59dd2f3866fb%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] sys-usb not showing up for attached USB
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I attach my USB key I use for the backup of my USB port. It gets recognized as Device available. But when I want to attach it to my running sys-usb, it doesn't give me the option. I tried to create a new AppVM, and it shows me the option to attach it, but after I try to attach it to the new AppVM, it doesn't attach. I use the icon Qubes Devices in my panel. My internal microphone has the option to attach to sys-usb easily and is working. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsIzJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uw6Lg//QDyu+VxIIeRw5fkuisnnIFozAWXJDWCoFnmQ5LsFj/j6n9fh6yDKt8dP Yp2KybimO14wfauI6Lhvj+g+NF1ZGGd+c2v5C+jrWNdUMVEJBfo0OUb+SpyAZrtp TuDohtlZfcHZXQHHhtEypd+XCknRqyHbRptmX5iEOUY3PINInjiK+vEEJV9BF7u+ P3YdOa0x6KGKqOTD1SOUw5rnDMMmXwq1t2I18psznAoJfON9XCz2kgZtpvDQWCzc 8B0ULwhBOwIUv2mRKjg1A4JVEWCdzJRoBA13PUySO7DmKgMf2IawMn1XrxCnScgy YpGf9ASQzN+qFq2no7rE43d85skH6P+HpTSSGmH0ezGvaGzzWXf8Y84TzzL/URAo j7uNGKwfklnzmGgEljeJH8/QRJYDWuPAMCbEBrcXN7AyxJmdA+TxoBFcIHqT1tu6 HvsLxMp7/nSL5Syg7il3dAIVUe2QqVsW1rHZBVPkt1N0aMfRAY1k74SjaAOgKNU9 APFqNNGIW+dPXuMmm0TzdYbJoUtqMXvII4OYCBNr+VA499JnvQNUzAIahfZlnVVU SYqM5NV7aAwpKkZ8r1fW5r4Uq7XYQqDfTtwKVLNTv4Ql2X70c4WMjDjl2NUFDHrg D7sWQay+RweMSfC+jMD0oSKvBs9uJftm9A21+6tAMw/zen4Ej5s= =LGf5 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77ff063b-6c8c-2c94-6a0c-9ecc758defae%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Is it safe to update dom0 now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > scurge1tl: >> I am reading the threads related to the issues with the dom0 >> update. Do I understand it properly that now it is safe to >> update the dom0 and the mentioned issues are not spawning >> anymore? >> >> Should I better backup my qubes before proceeding to the USB? > > Yes, the newer branch of kernel has been temporarily pulled from > updates. It is still a good idea to do a backup before major > updates. > How would one know if an update is a major one? Or you mean every dom0 update should be considered to be major? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsCRFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UwO7g//RVfE68n6LoxtvbkTYVEP8LAJepsDydMXlyX42honL9jHqwAWDFXozwiu IYTvUswaTvAFef1na1bguI0EQxTw7jxXzOoIKKIxpOtABp51Oakn25CB8KUVAQBt O62Uy/S6z50dPvLWRRzn/uKbtBZw5ywqdWP+qSSrEOVjIe3h6r++nZVFZa6gwn0j Ms7Mcp7y3Q3pnO3wcgpJ9hHqpyv8+9al3IJylOiQ5vwFMMlMiz5sm5j1CX36epYz v5nzth5jIETy9MiCUdPeFZcPzVRCyMxAvaLhFsZCtVAGIHVS3WPORuZT3EPaxIJ2 SfwetZE1A4R1OqqKEuEXegOGcq7sgoMSkb/b6GgPqzf09sjWoLJmwnU4vVM/cnza T0GoAA8r2Y3U4t58vKH+vUAtTuLuD4k+PD1M1Ejy1CmEUfILRA7tEekxps9qqvbx LMK2yI9nRCakiAUOBm8EjO7oxwXbnJ5DmVJf08hl7F7VpRhx31W+8gdaoR6rJhe/ KlzysRUjhyR+ta3aZDZqkl3LetHz21f85Ne9ut2JPM0l57NIEEGpBWRo8YP2ZtWk qyX7biivo3IssM5dSl0dwU9XxP5tofDiyhDg01WIER0h356f9XboNvOitOfLhmQi 4VYznVl4+q0yTxBKkB44HfFXRc+Qd1JO3npD3tdEklHhkyD5AYU= =WHiZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54c49bc5-2fdc-31df-68da-cde2223f5422%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
Re: [qubes-users] Qubes not updating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > scurge1tl: > >> http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.o nion/r4.0/vm >> >> >> >> stretch InRelease >> Err:7 >> http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.o nion/r4.0/vm >> >> >> >> stretch Release >> Connection failed Reading package lists... Done E: The repository >> >> 'http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad. onion/r4.0/vm >> >> >> >> stretch Release' does no longer have a Release file. >> N: Updating from such a repository can't be done securely, and is >> therefore disabled by default. > > This means either the update location is temporarily unavailable, > or it is in the middle of being updated. Try again in an hour or > two. > Thank you, I will check it. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsCC9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uz9shAAjUPx5G8cLJIp9wlFzqem3CkVALOw/ppE2yC2DVzudedw/IBU0RaCamP5 lqCwDH9GN4SXvBRoKIsmvJNKcdoCYNRfcrmUv4020Ku2sVDocJaWjSXWWRiQrIMW Vij3MDerh+VCsN+GKndIi0YoHGwoYJafAyb1z8mlW4KVQaYw/h+QsfLu2cvM52gL U4x+PvrwmVCKSwRVRtXSJHb7ypM9IU1fbHscDXv3Zhaw3tRKZKhq1H9w3N9lmnBp H6rXqJXHburZuJMQGXlFtqKty9/X9Q+PryoW6NDYgNsPgzAlDZVevIbiEhUd2Iqy k8wFfAhdmJK3ArAIc88r2lP2Muap3vDRuWWQ1N2rRZ+PsC+6oY+DbX8uMUsQO9NW UJjQVKm3G5Ma6N56XSI8CMURPKshAcK3wfaSSUBe5s9kqWqwvJ9MtBVwQ9VJ60oa 6OVJKVodR3L+Qz66R7J0m51D8de6K6YFBOVG63gAL3nm8iccmir1HlC2alM0rsy2 dY4bFbO98fCMyhEKalY5IL2ASjjfCu84uJm5rIe+XCi+2y/dUMfzNl5Rxf4nUEZ4 Qo1mM1XcW6XqFSs7W5DgvXoqLSZkqQ8dF476xoiCo03RvpQ0YxbO5EnbrWsDIQyE AqRyTn/nZ34aFjwnvh1CPAVvWprShCMUdx9G3ZhMP0/cuaIeP4g= =wdQ3 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d386ab9-19a9-5641-b932-89167a9a0efe%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Qubes not updating
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I tried to update my templates and none of it updates (fedora 29, debian 9 and whonix-ws and gw). I didn't change anything from few days ago and now get this error: user@debian-9:~$ sudo apt update Ign:1 http://vwakviie2ienjx6t.onion/debian stretch InRelease Hit:2 http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease Hit:3 http://vwakviie2ienjx6t.onion/debian stretch-backports InRelease Hit:4 http://vwakviie2ienjx6t.onion/debian stretch Release Ign:6 http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch InRelease Err:7 http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch Release Connection failed Reading package lists... Done E: The repository 'http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/r4.0/vm stretch Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. It seems like the http://deb.qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion is no more considered to be secure. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzsAfdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzS3Q/+OMl7RD9SuRfmKdqoklv3gtASO386gOrJHX0PSbMDCK6a1owdLGjT6F69 cvIz8QMkzdmfOZKxHfTcA829q+8uhGBeT4PgkvIkBK2hNn7aArFyLk56pLCcCgpm HOnGIbyjcj9FkMVG8JJNKFVeNKm876uhBd/XaitjoBjJK+iw35EdU13zZ1pjtlno 4Nl8VPN9oV5Uu1RB9JkvRxRnN9rCJ/KHMy6BpF15XXF9zXWIR6BZNjG4dfajNDq/ En5TcKGSb9MFkcMsmQ9E7Y89SjVYsIz1bav5Bwj2QwYZiVU+CKAJebmZzwU3pPM8 K+VdBHhCCdL6htJtMhGe+4r1SaK7oaOX/UQo2BwHdyJrG1CAwU0e5ZQYdaNQ7fZ1 y7FbNB8eYor8ziTqfBPeUsQwKzfFtfKMXxDlxGT88kDLF//p4t9AQGzlxSBDGgJ6 8vPg5+j8jWefD/ba53mDRznQ1y4bmy+li6Rif00zsgg4zfWIfmPmnjuXwh5P+Mjq x7i6+RTMb0Kl/0C/rnf1WuaXfuBkQxvNyFl5TzQUm4Ae9S2Fo2Mogadnpsibd8G4 6IXDhYNy+nrCD9DQ0C4KJxO3asUWHla31+8P7uY97ZE75pUQ8z5sz5IOdbg3G/cR 4+ScpXYz4LD80oGAT3WNtKdEy9EUWTWxLbudmMzzGZzQj/KB1e8= =XJB9 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/31a52644-5121-ea2c-4825-719cb09fa54f%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] Is it safe to update dom0 now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I am reading the threads related to the issues with the dom0 update. Do I understand it properly that now it is safe to update the dom0 and the mentioned issues are not spawning anymore? Should I better backup my qubes before proceeding to the USB? Thank you. -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzr+O9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UySvhAAuIjh38RDUmTZOZN1aGaCrBEBhGpWgbDDmpAg9aRucHFu4T1NF4M+FsBH TDJe7Rqo5w/8Uz986h7ysH5LS2aIbflrKtOJYlEzJuG1MC7+e3rcvvxEeIWuM7bK g0E+hVfo8XQfOdd3pSazFCeigLyXFzn0+XZtLI6H/ArrWmYkB3o5hlL608KvBZdC tpYtZ8BagXOqi2eTFmGKBug82i186xwG7gx0hzM32rs7F05vr27STuOWpanl2M03 AVxu8W3Ex02tpvbOBRYQjiltnntw/7p4gQrwjTNawteiUvFlPhxfFQmZPlvPUa1f 6Xs9Rr1Z9xqle/AZqlg0j4mdaOKKpzKX6NflIV7iF0B+yOcIltZslHxyPu9TMNfd 8xHnG6LvgRfo21rYHo8dHYpKCAg7kMtK+nzRDbO9XtZPP/Fm3pevznnLZ7hmit1Y 3xuGNvX9oKJuIOChSqBBPfLTNw4jxqFiFw0cKbEolcT754iFtPhInRP4gD1979Zl 3TiojxPiMq81AL9g13umDB26Yca1e0sgA1Y4lrSj7pbM7xDx7Fth99uVuwnPSP5a XUAlGQlYa89CMv3sriWlnJqjX9g733zzqGlxjNGGvE5cgZILbKrkUXNnx7geddRc JVsfS42GHN7JM2hIKq3YDsFSqBOKVx1QIZ3izL1JhWmKEXGz43M= =1OEM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7dd670f-0fff-eee6-4b4c-79f7b6490765%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys
[qubes-users] X230 vs Purism - real world attack probability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I have a question related to the decision about what laptop is the better option for Qubes usage, from the security point of view, in the real world. The question is related to the IME on Intel, PSP on AMD and other Hardware holes. I took these laptop examples to sample the differences somehow. Pose the non-existent micro controllers updates, like in case of X230 with IME disabled and corebooted, which doesn't but get these updates anymore, higher risk than only partial disabling of the IME by Purism which still but gets the micro controllers updates? Or is it a vice versa? If I would like to have a strong security position, in case of the laptop Hardware with Qubes, and would decide in between the two, which variant will be more prone to the real world attacks? What attack vectors are available in both cases? For example, is one of the cases more resistant to the remote exploitation. Is one of the options forcing an attacker more to execute an attack with physical access than the other option? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzkAp9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UzOVBAAvH7Wp+GJSrKoptNX5OEzxm9Q3FEkgVgnaZ57HlIH94TCy3Rc+kk+cR5m DGghaSnhSOvOxEKgZXM1g6+KIAUUH1yNRfSKkmPQANjUgrhs65VsNd1miKOzkLmV 5INzHAtiOvTQFYuCaBkzIvuxPaHDqOyDyIOSVxgzeQOYJ7k4NgGWCES7hUHrp2f2 TmhSZwdWqaNo1n6YJZvLetKj8ZxqqJwg/T0GPzvmMHo9KGohx8mHWVPFsVsRFhgM ObcvPRempjhLE4aZR6UVKoJOxf2M6VPYFzghejeFb7wh3ncha9c38dspWV4ALlIj lC7K5fXFWH0t7TX0YreXWnxQgdMKuCBHY9KZFKXnHPDKg/X5QXJtduabY/ZhqU/g 6+rW8MSEE6PrhIjQWKU4Zvw3y58zKePqwCCgHOZwpguQ+uUr1ZFjyKVnjSKGlPgF QnH9rHqMQY9FNTnYCSuD5hoXAifXQg7AZ2MlB83SkbekMRjf5XsSRGDQ29cewKG/ igDFRgH3UCe0dwwqHY3hzshxKkPCvqcmkQiyb+G8nYSVeaYuzilbC+q1MEZ1xQS/ 0uhNJ8ysLk8CoQRKUCc18dctKUCWdmqicJlvoeliEovUK3rAY/Uy5q86z8Ad5A42 PNraTWlfOfQ2wegc+YEPv37341+LPXSbt2RzHOg9BAaRkvupFWk= =N5BL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2b8746e-a005-2086-aa05-12fb0ed41955%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys 0xC1F4E83AF470A4ED.asc.sig Description: Binary data
[qubes-users] No gui on disk encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 During boot operation where I am required to enter the disk password, I dont get the gui password field, but I get terminal like field. I have this issue for few weeks now, and I thought that after some dom0 updates it gets solved, but the issue remains. Any ideas how to make it work as normal? -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzj/ipfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uwrbg//bjxiJdBvVwgf50MhTJDEnyuhF6D08gv/N6p5lxcvXxRAzTuidr2N4Rgw L0v5+p5R0rpAPcWc6UVMWdkIDQOBbswj5xF7CGlVErCU4hghIY7DARnWquhKpO0h T0PzdVpE8zKNZY68eF6IYKwYABQJ/Vm8a1DN1YnZ+8uvrYPblaZYxgQgaFzvA0p6 xW8FGdNcsNWA4SUd0d9PBGtYww4LJqpoV/217Xx5N9m4cms3tWOJIBPkKmAeJnax 8HfuX9n9FkAvRIxyLlg7UCCTe1C2Kq+JJTL4nK01J7aWDsT8BHcEBZqSEiZTjm0V Z7HGm21QK4C9R7VUjziy5CYzWbW+GSkNJ29TCXVgLyS+FSRK91txv6FP0c2JeXw3 t9WT14fo+LcGZUYFUGLsi0FbDcouugAfZ04NdaZsALxSIvh8ec/0vj6VRfrvG3sA PQj7Fa5iCm1YA4yxFduiTIXweCtbwIl2T2QjBXVXWoK5IyjfWNBmAD4a6N6+dnFM rTDkEvdVDVn0nDV+tHaKZTN982BVJiXuS23nF5JleXUALUuXbB0anexw+Fj1GO6B 592WpNtHiC1oQZdvWPaSyBgXQ/pITsvLV2xENZqzqv9o3cAavPnejYOmFWUKnUEz peGJYlSwthrv9qESn4lXiIDhAlPeF283PjnNOzUx5yKKtYoApnM= =228f -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/95d638bf-a57d-8362-1838-bf283e10d1af%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys 0xC1F4E83AF470A4ED.asc.sig Description: Binary data
Re: [qubes-users] Global settings button stopped working on Qube Manager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I tried to go on through the menu but I get error: Whoops. A critical error has occured. This is most likely a bug in Qubes Global Settings application. TypeError: setChecked(self, bool): argument 1 has unexpected type 'str'at line 248 of file global_settings.py. 'awokd' via qubes-users: > scurge1tl: >> The button Global settings, stopped working in my Qubes manager >> window. Once I press the button, nothing happens. I run latest >> Qubes 4. The issue appeared after latest dom0 update. > > Have heard that's a known issue with a fix coming. Try it from the > menus instead, or qubes-prefs in dom0 terminal. > -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAlzZcm5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6Uw1FQ//fqpQdekZClD4TAOoqGLIxKhfLiQHqUUhjgx7Z/wwN7qqvX5QDYptuoTw RKiJFdEg1vL0q7tN5DJTgvbVQ69Gz0DkV4hvi3asPhimZ2u9zAeRfrymW9NpweKZ fE8ZzQrrGaoa1IpOREgSrUHt1zcdegr4Plc8NBi4nJWJ1dWGkpPvgJsXeE/ferK9 /uzRmlTUZU9w6ns3XV7QE15DFP1L3SJr1BWoykb6LcY+jFK0EL1uUF410syScURw 78AE9BgbIbiY2uH39m7VzGLC5ujqC/wPLCD36leQWcuLR87Pldmbsl+fh5C1IoPj WfteFg36apWUIz5nKoYfx0cBVRGhovLMwfYlTDFDlgc9IkfKcqa0IpXpmo4ZkOPM /z/q627IkqaWSUY1FeA66M3nMj5wq7FytxNgc3XiaA7CKUpnYZQ6mBD5GSfUj6OX Zgx+eqVfrql0G6FvUHw2vXq0d435y12hxMiy/qA//xV0szI+bv0w0ysyRukXICuA JNDVWHK5jLnI74Fd5JMiTSJs6TzRQTP8k243O6qVE47zKKOSEIB0Zv3SJ6F5rmQU 2536It/El5J1UQ9n+2xDXmpvXOICEh5UBy1WoZ6+GEn+WLCYC0HajUrg8h10Mecl SvYcR9gfZzSS9P8Q4MiqI/iZN9HuJ+1Vq0K4nhK+Ov6bQt3SaY4= =HISv -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/31d64693-dde0-e182-710e-c905faccea32%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys 0xC1F4E83AF470A4ED.asc.sig Description: Binary data
[qubes-users] Global settings button stopped working on Qube Manager
The button Global settings, stopped working in my Qubes manager window. Once I press the button, nothing happens. I run latest Qubes 4. The issue appeared after latest dom0 update. Any ideas welcome! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d888751-3689-6dc9-d13f-382d54875f9b%40cock.li. For more options, visit https://groups.google.com/d/optout. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
[qubes-users] loula
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/322807a4-0570-4456-8b6d-5a68759ebaa1%40cock.li. For more options, visit https://groups.google.com/d/optout.