[qubes-users] Re: [qubes-announce] QSB #33: Xen hypervisor (XSA-231 through XSA-234)
maybe could consider removing "Occasionally fuckups happen," ..unless one is going for the unprofesional vulgarity crowd IMHO 2cents , -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e5705dc3-9942-6349-32a7-764c01e83a1f%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: UEFI secureboot issue
On 08/20/2017 05:44 AM, cooloutac wrote: On Sunday, August 20, 2017 at 12:42:55 AM UTC-4, qubester wrote: On 08/16/2017 05:55 AM, cooloutac wrote: I'm glad Bruce Schneier changed his tune and is no longer encouraging kids to learn how to hack in live environments, cause I think that breeds sociopaths, and is dangerous. (and we are living in an epidemic) Now he has to stop calling secure boot security theater, because alot of people seem to believe it and take his word like gospel. Is protecting the bios from rootkits its intended purpose? seems so?, it helps anyways, and it definitely was intended to protect the firmware. Its not just kernel code signing, its driver code too. I would add also make a password on your bios obviously, and enable flash protections. I don't even think most the ITL members use aem, it sounds complicated and buggy and I can't afford to buy new hardware if it red flags anyways. So..if you feel so strongly about it, how come you are using Qubes? Maybe I should go back to using Windows 10, if secure boot trumps the other security aspects of Qubes. Or, do you think your 'safer' using Qubes, if so, why ? To be honest, it really doesn't matter what os you use, its all about what the user does on it. When using qubes the user still has to be careful. It doesn't matter if dom0 is compromised if a vm with sensitive info is. You really have to be strict with yourself. You going to play online video games? might as well use windows. Dual booting? might as well just use windows. disabling iommu features? might as well just use windows. Worried about government spying? Might as well not use anything. You have to live like a monk if you really want privacy. I have a windows machine and a qubes machine. the qubes machine is for offline documents, compartmentalizing specific website login activity, and random browsing. The windows machine is for gaming and movies. The guy Brad Spengler already warned dom0 and vms can be compromised by bad system updates. And I believe this happened to me and led to my bank account being hacked. Also just after intel announced their patch for the hardware backdoor that existed for 8 years. Qubes did last almost 2 years for me though(minus gaming), when barebones linux wouldn't last a day and windows wouldn't last a couple months. Simply because I refuse to give up doing the things I own a pc for. The other thing he warned about was using too much of the gpu in qubes... I foresee that coming in the future with people demanding passthrough for it. If you do decide to go back to windows 10, hardenwindows10forsecurity.com also might interest you hardenubuntu.com (scroll down to harden ubuntu section) The user activities and security and trust of the developers become the deciding factor after a point. I don't think any operating system does it all. Just like alot of people didn't think root privilege escalation in vms, being trivial to bypass, was an excuse not to add that layer of protection. I think its even worse not to use secure boot. So, I'm still confused, if you feel secure boot is So important, why is it that you don't use an OS that supports it ? Or are you saying that besides the secure boot, that Qubes or Linux IS more "secure" , and it's a "know your adversary" thing? If I'm understanding this correctly the main adversary re: secure boot would be some "advanced threat" like a government with that level of "skills" ?? I'm more "newb" than you, what does a "failed" update look like ?? I have been feeling a lot more secure using a dedicated VM to do banking , which actually was how I started down the path to use Qubes ... I don't know what "root privilege escalation in vms, being trivial to bypass, was an excuse not to add that layer of protection" means ; if you might explain that as well .(btw, is some of this to improve with Qubes 4.x ? Personally, I also enjoy how well Whonix works in Qubes , and use it for most things that don't require logins, and I like the speed or the OS vs win10 , which nows feel clunky, esp on VPN -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d30827f7-ef2f-c213-f9da-57853de15fe4%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?
On 08/17/2017 06:25 AM, Ted Brenner wrote: On Thu, Aug 17, 2017 at 1:23 AM, yreb-qusw wrote: On 08/15/2017 05:13 PM, yreb-qusw wrote: Q4.0 upgrade path ? am I eventually going to have to reinstall as Q4.0 or will it be 3.2 be 'upgradeable' ? One of the pages <https://www.qubes-os.org/doc/version-scheme/#release-schedule>has a schedule. I believe there are 5 weeks between release candidates with a maximum of 3 candidates. So that would be 15 weeks before stable? RC1 was July 31st. So stable could be November 13th at the latest? This is my best guess. Will It be requiring reinstall or will there be some way to upgrade withOUT reinstalling , would you happen to know? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eba2e66c-1930-232e-99dc-b5caaa247cfd%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?
On 08/15/2017 05:13 PM, yreb-qusw wrote: Q4.0 upgrade path ? am I eventually going to have to reinstall as Q4.0 or will it be 3.2 be 'upgradeable' ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them? .or just keep upgrading dom0 and magically some of them get fixed ? seem like obvious questions to me , sorry if they are basic -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ddaade3b-1f22-3030-2dc9-e07e76a41269%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?
On 08/15/2017 05:13 PM, yreb-qusw wrote: Q4.0 upgrade path ? am I eventually going to have to reinstall as Q4.0 or will it be 3.2 be 'upgradeable' ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them? .or just keep upgrading dom0 and magically some of them get fixed ? seem like obvious questions to me , sorry if they are basic -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35610839-266a-2ce7-bbd1-1b8663cbacc8%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?
Q4.0 upgrade path ? am I eventually going to have to reinstall as Q4.0 or will it be 3.2 be 'upgradeable' ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them? .or just keep upgrading dom0 and magically some of them get fixed ? seem like obvious questions to me , sorry if they are basic -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ef56d240-b309-938a-e80d-2b144935b4ae%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] F25 VM Manager Update green arrow persisting
Anyone else having this issue ? Suggested fix or just ignore, I haven't actually rebooted the machine but have closed all VMs and reopened only the F25 to 'update' but 'there is nothing to do' and yet it persists.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1027701f-02f7-b51b-a2c8-55833a435272%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] dvm removal ?
On 08/01/2017 01:05 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jul 31, 2017 at 10:01:50PM -1000, qubester wrote: Hello, when I create a dvm i'm now up to dvm-17 , is one supposed to be removing dvm's manually? because I do see how, though each ititeration, continues to count up would that be expected behavior? No, it isn't. For which Disposable VMs it happens? Started from menu, opening a file in DispVM, or something else? .often I have done, open pdf in DispVM and then when I close the pdf the DispVM disappears. Rarely from the menu. ..fwiw, I had been using the Whonix suggested default DVM , but wanted/want to go back to the default method, as I think the Whonix way is/was "over my head" ; so just recently I changed the default back to Fedora 25 template FWIW. I don't really recall which of the 3 options I used for the Whonix DVM setup but (https://www.whonix.org/wiki/Qubes/Disposable_VM#Creating_a_New_DisposableVM-Template_Based_on_Whonix-Workstation) How would I now delete DVMs that are not in my list, even when all hidden VMs are enabled ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1e2674e-f277-72af-c9a9-d2926639e97c%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes Blog ? and/or Fedora 25 notices ?
Hello, I don't really see where , if anywhere, there is official Qubes type updates for the OS , other than the canary and QSB thing https://www.qubes-os.org/news/ ie., the Docs to see seem a bit static, Maybe that is what this mailing list is for in part. For Example, is there a show of hands for people using Q3.2 whom have updated to F25?and/or when if ever, would I know that , that may be recommended ? Maybe when some doc appears in the Docs section ? --- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e5071ee-d52a-f7ab-43bb-14832a2c7b9b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Keepass vault password no worky
On 07/21/2017 12:10 AM, 0brand wrote: And sorry if this sounds absurd, but very frequently the database file will become unselected, this happens to everyone in my family all the time and you sometimes will repeatedly try the password, to have it fail, not realizing you actually have to re-select the database file again. It does not sound absurd at all. There is a keepassx bug that is causing problems if users shutdown their database improperly just like you said. Its probably the same one I was reading about. And to be honest with you I would take any suggestions at this point no matter how absurd you think it is ; ) When I was first having the problem I removed the keepassx databases and restored from backups. Like I said I was having problems restoring them. I just realized that the old vault-appvms that I removed keep showing back up in /var/lib/qubes/appvms . Maybe this is either the problem or a symptom of the problem? Hopefully I will have a solution soon. For what its worth I really appreciate everyones response and If you you have any more suggestion I would like to hear them. Sent with [ProtonMail](https://protonmail.com) Secure Email. Original Message Subject: Re: [qubes-users] Re: Keepass vault password no worky Local Time: July 19, 2017 9:58 PM UTC Time: July 19, 2017 9:58 PM From: raahe...@gmail.com To: qubes-users qube...@riseup.net, yreb...@riseup.net, 0bra...@protonmail.com On Wednesday, July 19, 2017 at 5:43:39 PM UTC-4, 0brand wrote: Which Keepass? On debian: I use the same as you Keepassx. I"m thinking it may have something to do with dom0 backup/restore. I have multiple 512 Gib usb drives i do backups on. I don"t want to try to restore from one of my other ones because I"m afraid they may become corrupted as well. My next step doing a fresh install on my other hard drive and see if I can restore my kepassx databases onto that. If that does not work I guess I"m out of luck. Sent with ProtonMail Secure Email. Original Message Subject: Re: [qubes-users] Re: Keepass vault password no worky Local Time: July 19, 2017 3:53 PM UTC Time: July 19, 2017 3:53 PM From: qub...@riseup.net To: qubester , qubes-users , 0br...@protonmail.com qubester: On 07/18/2017 02:27 PM, "0brand" via qubes-users wrote: I"ve been trying to resolve a problem with both of my Debian-8 vault-appvms.. For some reason my Keepass passwords no longer work. When I type in the password I get this message: Unable to open database. Wrong key or database file is corrupt I have been using the same password for both my Keepass databases for quite some time now so the problem isn"t due to forgetting or miss-typing my passwords. Normally this would not be much of a problem except for the fact that restoring from backups is not remedying the issue. I"ve restored both my Keepass vault-appvms and my Debian-8 Template. Looking back at the day before this happened there is only one thing that I did that may have contributed to the problem. I removed my sys-usb (netvm) and created a sys-usb (appvm). After I created the new sys-usb I realized that It would not run unless I set pci_strictreset to false. This was not acceptable to me so I removed the new sys-usb and created a new one with: sudo qubesctl top.enable qvm.sys-usb sudo qubesctl top.enable qvm.sys-usb The reason I think this may have contributed to the problem is because the first two times I tried to restore my appVMs things did not go well. The first time the Gui completely froze and I was unable to unmount the drive. The second time the backup-restore did not complete but at least the screen did not freeze up. The third time I used a backup from a couple days prior and everything went smoothly. It did not solve the problem though. I still can not unlock my Keepass vaults. I"m not really sure what to do next. Is it possible that my backups are somehow being corrupted when I restore them? I"m a little flustered at this point and I could use some guidance. Thanks in advance Sent with [ProtonMail](https://protonmail.com) Secure Email. If it makes you feel better, I had the thing fail. with the same messages, and I"d swear, I did nothing at all, after that I stopped using it . as pretty pointless to use something that MUST be reliable and have it fail so easily, whatever caused it IMHO of course ; I think mine was in the Vault VM Which Keepass? On debian: user@host:~$ apt-cache search keepass keepass2 - Password manager keepass2-doc - Password manager - Documentation keepassx - Cross Platform Password Manager kpcli - command line interface to KeePassX password manager databases libfile-keepass-perl - interface to KeePass V1 and V2 database files I ask because I have been using keepassx for three or four years with only two databases. I keep multiple copies on di
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On 07/19/2017 12:17 PM, cooloutac wrote: secure boot isn't supported on qubes unfortunately. Hacking teams insyde bios exploit could be used remotely according to experts, so secure boot would actually defend against something like that remotely as well. I hope people get over the anti microsoft and redhat notions about it. Richard Stallman gives it the ok in its current state, so why spite. And ya AEM seems complicated to setup so unless you travel alot and are worried about evil maids or someone breaking into your computer, a usbvm is probably more practical. So, you do use both an Admin and User pw , but not secure boot for your Qubes machine? no evil maids here, but I guess there is/was talk of remote exploits and or USB drives of possible uncertain cleanliness, that might also be protected by AEM ? in my case, last time the USBVM thing , or my attempted implementation, rather, nearly cause a meltdown, but since I've the PS2 adapter, personaly, I'm also avoiding the USBVM . I suppose overall, I'm still safer than running Windows 10 :) aren't I ... or other Ubuntu distros -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/03c0e254-1043-256f-acd5-c873e9a54044%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Keepass vault password no worky
On 07/19/2017 05:53 AM, qubenix wrote: qubester: On 07/18/2017 02:27 PM, '0brand' via qubes-users wrote: I've been trying to resolve a problem with both of my Debian-8 vault-appvms.. For some reason my Keepass passwords no longer work. When I type in the password I get this message: Unable to open database. Wrong key or database file is corrupt I have been using the same password for both my Keepass databases for quite some time now so the problem isn't due to forgetting or miss-typing my passwords. Normally this would not be much of a problem except for the fact that restoring from backups is not remedying the issue. I've restored both my Keepass vault-appvms and my Debian-8 Template. Looking back at the day before this happened there is only one thing that I did that may have contributed to the problem. I removed my sys-usb (netvm) and created a sys-usb (appvm). After I created the new sys-usb I realized that It would not run unless I set pci_strictreset to false. This was not acceptable to me so I removed the new sys-usb and created a new one with: sudo qubesctl top.enable qvm.sys-usb sudo qubesctl top.enable qvm.sys-usb The reason I think this may have contributed to the problem is because the first two times I tried to restore my appVMs things did not go well. The first time the Gui completely froze and I was unable to unmount the drive. The second time the backup-restore did not complete but at least the screen did not freeze up. The third time I used a backup from a couple days prior and everything went smoothly. It did not solve the problem though. I still can not unlock my Keepass vaults. I'm not really sure what to do next. Is it possible that my backups are somehow being corrupted when I restore them? I'm a little flustered at this point and I could use some guidance. Thanks in advance Sent with [ProtonMail](https://protonmail.com) Secure Email. If it makes you feel better, I had the thing fail. with the same messages, and I'd swear, I did nothing at all, after that I stopped using it . as pretty pointless to use something that MUST be reliable and have it fail so easily, whatever caused it IMHO of course ; I think mine was in the Vault VM Which Keepass? On debian: user@host:~$ apt-cache search keepass keepass2 - Password manager keepass2-doc - Password manager - Documentation keepassx - Cross Platform Password Manager kpcli - command line interface to KeePassX password manager databases libfile-keepass-perl - interface to KeePass V1 and V2 database files I ask because I have been using keepassx for three or four years with only two databases. I keep multiple copies on different storage devices and I have had only one copy ever become corrupt, but it was the fault of the usb device. I use keepassx and kpcli with pleasure. keepass2 guess that is a good idea to keep copies in various places I don't actually know why I would use a usb device with keepass2, so that wasn't it. honestly, it was a trial, in the vault appVM , I was a bit shocked that it failed within a few weeks, was enough, for me to use my other password manager instead ..YMMV of course -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cdff271-5bee-64b0-f4eb-516a05c70aa3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On 07/18/2017 08:07 PM, pixel fairy wrote: On Tuesday, July 18, 2017 at 10:52:05 PM UTC-7, yreb-qusw wrote: So, If I haven't already, I should have secure boot enabled? ; I saw after I posted that, all the steps, I'd probably end up breaking the machine or locking myself out of it . you should definitely put a password on your bios and make a usb qube. i would only do AEM if your comfortable with installation, backup and recovery, or dont have anything important on that machine yet. preferably set aside a couple days to work out any kinks. I noticed a 'secure boot' doesn't require a user or admin pw, I really can't imagine any physical security issues, unless , a USB device remotely got infected somehow , though , I almost never use any USB drives. I have so many pw's between all my encrypted drives (on which I re-use the same pw :) ), that I hesitate to add potential disaster level pw's unless it really adds something . SO, for the purposes to this AMT or remote attacks on a Qubes system , would enabling 'secure boot' without a admin pw make sense, and you recommmeding a admin AND user pw with the 'secure boot' , I thought there was some issue with Qubes booting with 'secure boot' enabled ?? sorry, if this is too simple, or the paragraph rambles.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/75c55aa4-1f98-f878-6e8a-a7ed1bf3cf6b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On 07/17/2017 08:15 PM, cooloutac wrote: On Monday, July 17, 2017 at 8:31:42 PM UTC-4, pixel fairy wrote: On Sunday, July 16, 2017 at 9:55:55 AM UTC-7, yreb-qusw wrote: On 07/16/2017 01:27 AM, pixel fairy wrote: --- In Dom0 install anti-evil-maid: sudo qubes-dom0-update anti-evil-maid --- Doesn't sound like 'more work' just doing the above, perhaps there is more to it, I thought, it mentioned it's better to install via a USB Drive? https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README as you can see, its a lot of steps, and only some laptops are compatible. there are even new laptops, like the system76 lemur7 (i7 skylake), that cant do AEM. ideally you can boot from a non usb external device, such as an sd card in your purse or wallet. if you do use usb, then you have to disable hiding the usb controller for a bit, which gives your attacker a window of opportunity for the kinds of things AEM is meant to detect. this is a small windows of opportunity, but there is the theoretical case that a clueless attacker with only a short time boots from their own device, the attack fails because usb is locked (and they may not even know this) and your laptop is ok. whereas if AEM needed that usb controller enabled to function, the attack would succeed, or at least succeed enough to trip AEM. What would be the "trade off" and/or How would I disable it , if it somehow messes up my Qubes install? the most obvious trade off is needing your boot device to boot your laptop. so, you must protect this device. you'll probably want more than one of them in case one is lost or damaged, so you have to protect multiple devices. this is fine for cyborgs with implanted, bootable usb devices. but, for the rest of us, its something you must consider carefully in your threat model. a more thorough discussion of all this in the background blog post, https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html if it doesnt work, you wont be able to boot. youd have to reinstall qubes and start over. if you want to disable it, you might be able to make a new passphrase for luks that doesnt need the keyfile on your aem device. there may be other steps required, but i havent tried it. like pixel said you either can use a usb stick like a yubikey to boot, or use a usbvm don't think you can do both. so in most cases a home desktop pc probably would just use usbvm. but if you someone that travels with a laptop, that might be accessible to others, you might want to boot with usb key. aem can be used on both but without usb key if using usbvm, but should note aem only notifies you that something happened, like pixel said it doesn't stop the attack, like secure boot would in case of hacking teams insyde bios attack. Also the only true option then would be to buy all new hardware if such a compromise did happen. But some people upgrade their hardware every two years anyways. If you careful you can last that long. So, If I haven't already, I should have secure boot enabled? ; I saw after I posted that, all the steps, I'd probably end up breaking the machine or locking myself out of it . -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/30f4e715-6c5b-bb32-92ab-56a3f2266c04%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On 07/16/2017 01:27 AM, pixel fairy wrote: --- In Dom0 install anti-evil-maid: sudo qubes-dom0-update anti-evil-maid --- Doesn't sound like 'more work' just doing the above, perhaps there is more to it, I thought, it mentioned it's better to install via a USB Drive? What would be the "trade off" and/or How would I disable it , if it somehow messes up my Qubes install? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47a17193-5591-d170-a3bf-453dc80db9f0%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On 07/14/2017 05:40 PM, pixel fairy wrote: any network available OOB sorry what would be an example of this ? "out of band" ? I'm not clear what SED is , :) I don't really see any docs on ?initializing AEM , I do see that it says to : --- In Dom0 install anti-evil-maid: sudo qubes-dom0-update anti-evil-maid --- I personally have no USB-VM , would my Bios need to be configured some particular way, beyond what it already is with 3.2 booting and stable I have about zero concern on malware from USB drives, maybe I shouldn't , but seems far -fetched in my case. So, maybe I don't need AEM depending on what "network OOB" would mean . regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/558c150f-a391-9fbc-9a2b-2901b26054a0%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why does VPN needs its own firewall VM?
On 07/09/2017 11:56 PM, Chris Laprise wrote: On 07/09/2017 11:48 PM, yreb-qusw wrote: at the end of the VPN CLI setup it says : == If you want to be able to use the Qubes firewall, create a new FirewallVM (as a ProxyVM) and set it to use the VPN VM as its NetVM. Then, configure AppVMs to use your new FirewallVM as their NetVM. == is there some reason why I should or should not just use the existing firewall, or should each of the VPN VMs each have it's own firewall VM for some reason? Qubes firewall creates DNS accept rules that target only the upstream netVM. This has no side-effect until you start whitelisting in the presence of a tunnel; then DNS queries become blocked by the "Deny except" rule even if "Allow DNS" is selected. One workaround is to use a firewall VM between the VPN VM and downstream VMs, as suggested in doc. You need one for each VPN VM where you intend to whitelist. The existing sys-firewall normally interfaces to sys-net; In that configuration it can't filter any traffic that gets routed through the tunnel. But you can re-assign it to use a VPN VM instead of sys-net; The only downside is if you have any VMs that need direct non-VPN access to the net, in which case its still good to keep sys-firewall connected to sys-net and use other proxyVMs as VPN firewalls. - A different workaround is to use 'sed' to update iptables with the correct DNS entries, as in this script which can replace "qubes-vpn-handler.sh": https://github.com/tasket/Qubes-vpn-support/blob/new-1/rw/config/vpn/qubes-vpn-ns ...then add this to the end of "qubes-firewall-user-script": /rw/config/vpn/qubes-vpn-ns fwupdate Thanks, and if I DONT intend to white list anything, then is there any reason to use the separate fw-VPNs for each VPN VM? As, I think this white listing fw stuff has always been 'over my head' . And I use suspend function daily, and it's a bit hassle to get the VPNs up and running again, even with the launcher workaround, very often I must use the launcher rc.local multiple times , and ping to see if it works, and quite often they don't restart properly So, unless there is a great reason , in my case, to do the extra separate VPN fw VMs , I'd rather skip it :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab79946c-4824-e813-22f9-9a5898815243%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why does VPN needs its own firewall VM?
at the end of the VPN CLI setup it says : == If you want to be able to use the Qubes firewall, create a new FirewallVM (as a ProxyVM) and set it to use the VPN VM as its NetVM. Then, configure AppVMs to use your new FirewallVM as their NetVM. == is there some reason why I should or should not just use the existing firewall, or should each of the VPN VMs each have it's own firewall VM for some reason? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32ed9bd4-533d-5291-3ae3-a5a8b91201fa%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: sudo dnf remove qubes-template-fedora-23 fails for some reason
On 07/05/2017 07:24 AM, cooloutac wrote: On Monday, July 3, 2017 at 10:36:54 PM UTC-4, yreb-qltop wrote: sudo dnf remove qubes-template-fedora-23 fails for some reason no match for argument; qubes-template-fedora-23 eroor: no packages marked for removal this is after going through successfully all the step to upgrade to 24 including changing all the defaults and successfully changing the default dvm anything else I should try Else jus learn to live with the unused template VM? pretty sure I already linked you this in another thread. https://www.qubes-os.org/doc/remove-vm-manually/ Dunno, in any event, I probably posted before searching the Goog-Qubez archives, which had That URL. Which Did work , but thanks so much for responding your one whom does cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08e227d7-1ffe-3529-ddd7-89fa4229014d%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Laptop Dual Win10 boot problem
#! bin/sh -e echo "add win10">&2 catsudo grub2-mkconfig win10 I didn't realize I could search and adapt "fedora grub2-mkconfig" for win7 another time consuming kludge, esp. after getting lucky, that I guess it wasn't an EFI win10 install , IMHO, someone Might update the qubes docs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8b58e7d-4f3d-8c24-2c27-22499bf05fe0%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Laptop Dual Win10 boot problem
On 07/01/2017 02:46 PM, Unman wrote: On Sat, Jul 01, 2017 at 12:49:59PM -1000, yreb-qusw wrote: On 07/01/2017 12:10 PM, Unman wrote: Nothing will go wrong if you get the partition specification wrong - Windows wont boot and you will see an error message. From what you have said you have two options: msdos1 and msdos2. In grub partitions are numbered starting from 1, so these can be referenced as hd0,msdos1 and hd0,msdos2. Just create two entries, one for each partition, and try to boot: if the first fails, reboot and choose the second. I'd be happy to if I had a clue what that means like what ? menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd0,msdos1)/bootmgr } menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,1)/bootmgr } Again, lets say it might be hd0 it might be hd1 , it might be partition msdos1 msdos2 or ? should it just be labeled 1 or 2 then I would put in 4 entries or reboot and just keep guessing on the format No need to guess: grub references disks numbering from 0 grub references partitions numbering from 1 So the first partition on the first disk would be hd0,msdos1. (also hd0,1 - doesn't matter) The third partition on a second disk would be hd1,msdos3 So now you can create two menu entries, one for each partition: Give them different names - like this - menuentry "Windows msdos1" PS: What is supposed to happen ? Where and When am I to make the choice to boot the win10 vs Qubes . When you start the machine you will see the grub menu - It should contain a menu (obviously) with entries for Qubes, and the two entries you have just created. You can press up and down keys to move up and down the entries - Pressing enter will try to boot with the highlighted entry. (There are instructions under the menu) And when one does : sudo grub2-mkconfig -o /boot/grub2/grub.cfg Should one be seeing something lie 'found windows .img" image or does it matter ? I'm seeing nothing when I run grub2-mkconfig and also nothing with any of my entries at boot using both suggested versions of the 'entry/stanza's' in /etc/grub.d/40_custom I'm sort of doubting its supposed to be /etc/grub.d/40_custom, with the comma at the end, and the docs have a typo ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7f0e91e5-c082-0333-0c1b-2585faa7efe7%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Laptop Dual Win10 boot problem
On 07/01/2017 12:10 PM, Unman wrote: Nothing will go wrong if you get the partition specification wrong - Windows wont boot and you will see an error message. From what you have said you have two options: msdos1 and msdos2. In grub partitions are numbered starting from 1, so these can be referenced as hd0,msdos1 and hd0,msdos2. Just create two entries, one for each partition, and try to boot: if the first fails, reboot and choose the second. again fwiw this is what the https://www.qubes-os.org/doc/multiboot/ says: - In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) Then update the grub config: sudo grub2-mkconfig -o /boot/grub2/grub.cfg There is no need to reinstall grub itself. If the above stanza does not work, you may try this one (at your own risk!) instead: menuentry "Windows" { insmod part_msdos insmod ntfs set root='(hd0,msdosX)' chainloader +1 } (Change X to reflect the relevant system partition.) -- see the part "at your own risk!" ..hence, I'm cautious as for "making two entries" I'd be happy to if I had a clue what that means like what ? menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd0,msdos1)/bootmgr } menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,1)/bootmgr } Again, lets say it might be hd0 it might be hd1 , it might be partition msdos1 msdos2 or ? should it just be labeled 1 or 2 then I would put in 4 entries or reboot and just keep guessing on the format PS: What is supposed to happen ? Where and When am I to make the choice to boot the win10 vs Qubes . I have been waiting over a week, I don't 'expect' an answer I am already trying different stanza entries so far no success PPS: I've "cc'd the list" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/586fdc5c-5a76-3dad-c8e8-2b15ac319da4%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Laptop Dual Win10 boot problem
On 07/01/2017 12:10 PM, Unman wrote: and looking for "efi" entries - 'dmesg|grep efi' Also,look in /sys/firmware for efi directory. If it's there then you booted UEFI. fwiw, neither of these indicates EFI boot so, are you saying Legacy boot might fix something ? frankly, I am not even sure what behaviour to expect, if I did get grub2 with the right boot partition Would I see something when I boot in Grub that gives me a choice to boot win10 or Qubes, is there a choice that pops up in Grub or ? I'm sure this all makes sense to long term linux sysadmins... eg I also noticed with I do qvm-shutdown --all it seems to shutdown dom0 and freeze the computer -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa31eaa2-e611-05f5-d38d-c0b0aaf7eb0a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Laptop Dual Win10 boot problem
On 07/01/2017 12:10 PM, Unman wrote: On Sat, Jul 01, 2017 at 10:05:36AM -1000, yreb-qusw wrote: On 06/28/2017 04:03 PM, cooloutac wrote: so you would put hd0,X X= 1 2 or 3 etc... you said it was 200mb right so just look for something around that in kb's. probably the smallest partition it should say file type too no? ntfs. actualy this is from the qubes doc's not me -- Identify the Windows system partition that has /bootmgr In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size -- ntldr (hd0,msdos2)/bootmgr ? or ntldr (hd0,2)/bootmgr ? I would think it would be the 1st partitions when it comes to booting. Is it possible my boot partition for win10 got overwritten when installing Qubes somehow ? Maybe I should give up , as by the slow/no responses, it seems there is no way to get support for this As far as I can see a number of people have tried to help you here You should read the guidelines at www.qubes-os.org/mailing-lists and be patient. Also, a two minute search on the net would bring you to guides that would enable you to learn something about grub and maybe solve the problem for yourself. On the specific points: I doubt that your Win10 boot partition got overwritten , unless you asked the installer to do so. It is possible to run Windows without a SYSTEM partition, particularly if installed in BIOS mode - it is, however, not standard. fdisk -l shows you which partition has been marked as bootable - this need not be the partition you want. It need not be the first partition. Nothing will go wrong if you get the partition specification wrong - Windows wont boot and you will see an error message. From what you have said you have two options: msdos1 and msdos2. In grub partitions are numbered starting from 1, so these can be referenced as hd0,msdos1 and hd0,msdos2. Just create two entries, one for each partition, and try to boot: if the first fails, reboot and choose the second. Incidentally, its relatively simple to enable legacy boot on InsydeH20 - again, a simple search would show you how. Unless someone did this for you it's most likely that you are in UEFI mode. You can check this in Linux by looking at the output from dmesg, and looking for "efi" entries - 'dmesg|grep efi' Also,look in /sys/firmware for efi directory. If it's there then you booted UEFI. The partition layout you have described doesn't seem to be standard for Windows under UEFI. It isn't clear if you read the documentation before installing Qubes, or if you have a back up or cloned disk. If you didn't I would do it now before trying anything else. You can attach the NTFS partitions to a qube and copy the data off, or clone the whole partition. Good luck. I appreciate your replies, I'm not a sysadmin, enabled legacy boot , i only vaguely understand that that is requird for Qubes, anyway, i've got qubes installed, it's just acting different than on my desktop version is, I don't expect any replies, just hoping for more than 1 or 2 , hence I asked about the IRC, but I'm guessing that isn't well attended also forgive me , for asking , it really isn't "a two minute" search it is that Grub and such are complicated for non sysadmin people just for the record, I would think Qubes might like to have normal non sysadmin people able to use the OS, so my questions to the list, my serve those people, The format of post and wait days or never for a reply may not be ideal for anything complicated IMHO anyway, thanks for listening -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db6942e9-4094-dbd4-d955-ffa098e2ea28%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/28/2017 04:03 PM, cooloutac wrote: so you would put hd0,X X= 1 2 or 3 etc... you said it was 200mb right so just look for something around that in kb's. probably the smallest partition it should say file type too no? ntfs. actually in the docs maybe instead they should recommmend sudo fdisk -l cause that Does show the boot partition /dev/sda2 however I'm left still not knowing how to write the 'stanza' -- menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } -- https://www.qubes-os.org/doc/multiboot/ eg in my case ? ntldr (hd1,2)/bootmgr ? or ntldr (hd0,2)/bootmgr etc sigh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1fa64476-f887-290c-6873-f4d67123c9b3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/28/2017 04:03 PM, cooloutac wrote: so you would put hd0,X X= 1 2 or 3 etc... you said it was 200mb right so just look for something around that in kb's. probably the smallest partition it should say file type too no? ntfs. actualy this is from the qubes doc's not me -- Identify the Windows system partition that has /bootmgr In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size -- ntldr (hd0,msdos2)/bootmgr ? or ntldr (hd0,2)/bootmgr ? I would think it would be the 1st partitions when it comes to booting. Is it possible my boot partition for win10 got overwritten when installing Qubes somehow ? Maybe I should give up , as by the slow/no responses, it seems there is no way to get support for this -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7fa47e67-87d4-7fb2-55e9-2642d53e97e1%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/28/2017 04:03 PM, cooloutac wrote: so you would put hd0,X X= 1 2 or 3 etc... you said it was 200mb right so just look for something around that in kb's. probably the smallest partition it should say file type too no? ntfs. In general, what would happen if I guessed wrong with the 1, 2, 3 etc It should be file type NTFS not ext3 ?? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9eb0c954-989f-b248-fa8e-9d99b72e4504%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/28/2017 05:17 PM, yreb-qusw wrote: On 06/28/2017 04:03 PM, cooloutac wrote: so you would put hd0,X X= 1 2 or 3 etc... you said it was 200mb right so just look for something around that in kb's. probably the smallest partition it should say file type too no? ntfs. well since I haven't a clue which one it may be, I suspect I will ruin both systems qubes and win10 msdos3 seems to be the smallest, would the boot partition be on msdos3 ? doesn't seem right, I thought boot partitions were usually the 1st partition, it also says it is NOT NTFS it is ext3 should fdisk not work at the grub> prompt ? Whoops I forgot to "cc the list" in the off chance, I could get some more support. Is there any other place for support maybe on one of the IRC channels, do folks really ask and answer timely questions there ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c90bedb4-e8ee-870d-c751-b6ae16b84a21%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/26/2017 05:11 PM, cooloutac wrote: On Monday, June 26, 2017 at 2:21:02 PM UTC-4, yreb-qusw wrote: On 06/25/2017 06:16 AM, yreb-qusw wrote: On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? FURTHER, re: -- Identify the Windows system partition that has /bootmgr In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size -- I seem not such partition, what I do see is : /dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs" PARTUUID="bdefoo-01" nothing with a LABEL='SYSTEM' not "SYSTEM" :) run fdisk from grub and try to identify it there. which will also be labeled in same format you need I believe. OK, so, I pressed 'e' during boot -grub and got to grub> when I type fdisk I get 'error: can't find the command 'fdisk' however if I type ls I see Device hd0: No known filesystem detected - Sector Size 512B -Total size 244198584Kib THEN: 4 Partitions all labeled hd0, after hd0 they are hd0,msdos1 msdos2 msdos 3 msdos5 the 'Data' one is msdos1 409600KiB that I guess is the same 'Data' partition msdos2 has filesystem ntfs 185764864KiB msdos3 is filesystem ext* size 512000KiB msdos5 says no known filesystem IIRC: Win10 has like a recovery partition ? Based on the above what would be my best chance-guess to try the grub 'stanza' ? ntldr (hd0,msdos2)/bootmgr ? or ntldr (hd0,2)/bootmgr ? Thanks in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/249f22ee-a4e2-dee1-f188-92171a20262b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/26/2017 05:11 PM, cooloutac wrote: On Monday, June 26, 2017 at 2:21:02 PM UTC-4, yreb-qusw wrote: On 06/25/2017 06:16 AM, yreb-qusw wrote: On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? FURTHER, re: -- Identify the Windows system partition that has /bootmgr In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size -- I seem not such partition, what I do see is : /dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs" PARTUUID="bdefoo-01" nothing with a LABEL='SYSTEM' not "SYSTEM" :) run fdisk from grub and try to identify it there. which will also be labeled in same format you need I believe. thx, and for that matter, how do I get to command line in grub ? tab? esc ? sorry if this is basic -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c5240e75-754e-af7a-f23e-8cfeeb0afc26%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/26/2017 05:11 PM, cooloutac wrote: On Monday, June 26, 2017 at 2:21:02 PM UTC-4, yreb-qusw wrote: On 06/25/2017 06:16 AM, yreb-qusw wrote: On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? FURTHER, re: -- Identify the Windows system partition that has /bootmgr In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size -- I seem not such partition, what I do see is : /dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs" PARTUUID="bdefoo-01" nothing with a LABEL='SYSTEM' not "SYSTEM" :) run fdisk from grub and try to identify it there. which will also be labeled in same format you need I believe. Should I have a file named 40_custom in grub.d dir ? there are No files in that dir. Happen to have an example of the >>> ntldr (hd1,X)/bootmgr >>> } >>> >>> (Change X to reflect the relevant system partition.) suggestion? I really dont want to input the wrong 'stanza' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3a7aa45-124a-f12c-90ad-df8bbf311cbe%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/25/2017 06:16 AM, yreb-qusw wrote: On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? FURTHER, re: -- Identify the Windows system partition that has /bootmgr In blkid output, the system partition is the one with LABEL=’SYSTEM RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size -- I seem not such partition, what I do see is : /dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs" PARTUUID="bdefoo-01" nothing with a LABEL='SYSTEM' not "SYSTEM" :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da22064e-9394-4ba9-e6c3-76d2863eb50e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/25/2017 06:16 AM, yreb-qusw wrote: On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ 1) thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. 2) re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? 3) ya, sorry again, but I have no file "40_custom," am I supposed to create that file in /etc/grub.d ? (I have no files at all in grub.d as dom0 as "40_custom" ? without the comma ? :) seems a strange filename -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98974675-cb9d-b924-dc1f-57d5d176c230%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/25/2017 06:16 AM, yreb-qusw wrote: On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? .maybe is should be sda1 ? eg menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (sda,1)/bootmgr } ?? withthe parentheses? really prefer not to make a bad thing worst ... :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d23b04f-752c-9fba-757d-02ed52a0f5b0%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Laptop Dual Win10 boot problem
On 06/24/2017 11:52 PM, Alchemist wrote: On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote: Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx What you want to do is install Windows first and then install Qubes, you want to edit GRUB so you can boot Windows from GRUB. https://www.qubes-os.org/doc/multiboot/ thanks, so if I got Qubes installed and up and running, does this mean my Bios is in "legacy mode" already? As I don't really see an option in the INSYDEH20 Bios to enable Legacy mode. re: -- Add this stanza to /etc/grub.d/40_custom, menuentry "Windows" { insmod part_msdos insmod ntldr insmod ntfs ntldr (hd1,X)/bootmgr } (Change X to reflect the relevant system partition.) -- What would be an example of what goes in "X" ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/221277a8-c542-38b1-b168-ef362e517076%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] getting win7 VM working licenses etc
On 06/25/2017 04:07 AM, Unman wrote: On Sat, Jun 24, 2017 at 04:51:36PM -1000, yreb-qusw wrote: forgive me , if this seems off topic. but, somehow I need to have a working version of windows that doesn't require me to reboot preferably. And i've been looking around, for this answer , but maybe someone else here might know: I have a windows 7 license that came preinstalled on an old desktop, I then used that license on a laptop reinstall, for win7, I then upgraded and have been using win10 on the laptop, is the original win7 license likely now invalid? as it was upgraded to win10 which uses a different system? Because I guess I need win7 to use in a Qubes VM ; and further, the win10 is still installed on the 1st partitions of the laptop, though I am at a loss how to boot it, as you can see in my other post. If I can't dual boot the win10 with Qubes on this InsydeH20 Bios , I may have to go reinstall win10 and not use Qubes on the laptop , hmmm In the arcane world of Windows licensing, the Windows7 on your laptop was almost certainly not licensed, and therefore your Windows10 isnt either. Even if it had been licensed properly, it now wouldnt be. This doesnt mean that you might not be able to install 7 and pass online licensing. thx, so what I am afraid of , is say, I "edit GRUB" and do get the win10 (that was already installed before Qubes) working correctly, since the win10 upgrade was based on the original win7 license (from an old desktop), then If I were to go and download a win7.iso (which seems to require the original code before allowing download), to install in a Qubes VM, THEN, that would invalidate the currently installed win10 on the other partition, if you follow ? I may not be allowed to have win7 in a Qubes VM and win10 on a partition on the same laptop that trace back to the same original license ? :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ed68b4f3-c0a1-1eed-ffb3-5a42293a39c5%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] getting win7 VM working licenses etc
forgive me , if this seems off topic. but, somehow I need to have a working version of windows that doesn't require me to reboot preferably. And i've been looking around, for this answer , but maybe someone else here might know: I have a windows 7 license that came preinstalled on an old desktop, I then used that license on a laptop reinstall, for win7, I then upgraded and have been using win10 on the laptop, is the original win7 license likely now invalid? as it was upgraded to win10 which uses a different system? Because I guess I need win7 to use in a Qubes VM ; and further, the win10 is still installed on the 1st partitions of the laptop, though I am at a loss how to boot it, as you can see in my other post. If I can't dual boot the win10 with Qubes on this InsydeH20 Bios , I may have to go reinstall win10 and not use Qubes on the laptop , hmmm -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d491c500-f13d-b9e1-12fc-21bb9530f900%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Laptop Dual Win10 boot problem
Hello, so I have win10 on the 1st 2 partitions of my SSD, and install Qubes 3.2 onto the empty partition/s after the win10 installation. However, looking in my InsydeH20 BIOS, I am given no option to select a win10 vs. Qubes boot. Only "notebook HD", "USB" etc. Perhaps my mistake for thinking the laptop BIOS might function the way the ASrock BIOS, does, which does give me a choice. So, Now the "notebook" option just boots Qubes,Can I still boot Win10 on the other , 1st, partitions? if so, how ? thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c86f450-322e-282f-1291-db8f10f86fcd%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?
On 06/23/2017 09:23 AM, Unman wrote: On Fri, Jun 23, 2017 at 08:21:07AM -1000, yreb-qusw wrote: On 06/23/2017 05:43 AM, Unman wrote: On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote: On 06/21/2017 04:21 PM, cooloutac wrote: On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote: Permit me to ask two questions? 1) I was reading this - https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c (Credits: Micah Lee) What's that “Convert to Trusted PDF” you were talking about? Let's say you found an interesting document, and let's say that you had an offline virtual machine specifically dedicated for storing and opening documents. Of course, you can directly send that document to that VM, but there could still be a chance that this document is malicious and may try for instance to delete all of your files (a behavior that you wouldn't notice in the short-lived DisposableVM). But you can also convert it into what's called a ‘Trusted PDF’. You send the file to a different VM, then you open the file manager, navigate to the directory of the file, right-click and choose “Convert to Trusted PDF”, and then send the file back to the VM where you collect your documents. But what does it exactly do? The “Convert to Trusted PDF” tool creates a new DisposableVM, puts the file there, and then transform it via a parser (that runs in the DisposableVM) that basically takes the RGB value of each pixel and leaves anything else. It's a bit like opening the PDF in an isolated environment and then ‘screenshoting it’ if you will. The file obviously gets much bigger, if I recall it transformed when I tested a 10Mb PDF into a 400Mb one. You can get much more details on that in this blogpost by security researcher and Qubes OS creator Joanna Rutkowska. [https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html] -- Upon reading it on the suggested sequence of opening random/all PDFs, maybe , people vary their sequence. It sounds like in say my Whonix Anon-appvm , I d/l a PDF, is it then suggested I copy this PDF to a , what, PDF dedicated AppVM 1st, Before doing a “Convert to Trusted PDF” on the PDF file ? This would add a step to the much faster, just “Convert to Trusted PDF” from the actual Anon-Whonix AppVM 2) Do folks typically backup their Template VMs ? as I noticed they aren't set up by default to backup ? and/or what is the thinking behind backing up various VMs ? I guess the ones that have been the most modified eg the AppVMs ? I have 1 very large 20 gigabyte VM with old videos/pictures on it, do I back that one up ? for example? you just right click on the file and hit convert to trusted pdf. i'm nto sure what you're asking. ...I separated the sentence out , above, it clearly says "you send the file to a different VM" THEN convert to a trusted PDF. What would this 'diferent VM' be? ?a disposable VM ? or ? I think you need to read that post more carefully, although it isn't altogether clear. I think the scenario Micah has in mind is that you have downloaded a PDF in an untrusted network connected qube, and have a trusted isolated qube for storage. Instead of converting the PDF in the untrusted machine (who knows what might have been done to your Qubes tools?), or qvm-copying the untrusted PDF in to the storage qube, he copies it to another, converts there and then moves the trusted PDF in to trusted storage.(I think the "copy back" is just a mistake.) That "other" qube can be anything you choose - a disposableVM, a dedicated converter.. This is one approach to take - I'd suggest using a disposableVM if you want to do it. However, it looks like overkill to me, because there's a suggestion that just having an untrusted PDF in the storage qube increases the risk. I don't believe this need be so. Another approach might be to have a mini template for the storage qube, and open every file in a disposableVM. If you are wedded to GUI file managers, you could still do this by setting default file handlers to use qvm-open-in-dvm for pretty much every filetype. I hope that make things a little clearer unman THIS only works for PDF files, not for other docs? I set up my default disposable VM as anon-whonix , and when I go to open .docx it tries to use Tor Browser . However, PDFs open normally in the PDF application hmmm You need to ensure that the dispVMTemplate is configured to properly deal with docx files. There was quite a long thread earlier in the year on "How to set file association in disposable VMs", which is worth looking at. In general, you should be able to use mimeopen in the dispVMTemplate to set the association, and provided that you then 'touch /home/user/.qubes-dispvm-customize
Re: [qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?
On 06/23/2017 05:43 AM, Unman wrote: On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote: On 06/21/2017 04:21 PM, cooloutac wrote: On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote: Permit me to ask two questions? 1) I was reading this - https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c (Credits: Micah Lee) What's that “Convert to Trusted PDF” you were talking about? Let's say you found an interesting document, and let's say that you had an offline virtual machine specifically dedicated for storing and opening documents. Of course, you can directly send that document to that VM, but there could still be a chance that this document is malicious and may try for instance to delete all of your files (a behavior that you wouldn't notice in the short-lived DisposableVM). But you can also convert it into what's called a ‘Trusted PDF’. You send the file to a different VM, then you open the file manager, navigate to the directory of the file, right-click and choose “Convert to Trusted PDF”, and then send the file back to the VM where you collect your documents. But what does it exactly do? The “Convert to Trusted PDF” tool creates a new DisposableVM, puts the file there, and then transform it via a parser (that runs in the DisposableVM) that basically takes the RGB value of each pixel and leaves anything else. It's a bit like opening the PDF in an isolated environment and then ‘screenshoting it’ if you will. The file obviously gets much bigger, if I recall it transformed when I tested a 10Mb PDF into a 400Mb one. You can get much more details on that in this blogpost by security researcher and Qubes OS creator Joanna Rutkowska. [https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html] -- Upon reading it on the suggested sequence of opening random/all PDFs, maybe , people vary their sequence. It sounds like in say my Whonix Anon-appvm , I d/l a PDF, is it then suggested I copy this PDF to a , what, PDF dedicated AppVM 1st, Before doing a “Convert to Trusted PDF” on the PDF file ? This would add a step to the much faster, just “Convert to Trusted PDF” from the actual Anon-Whonix AppVM 2) Do folks typically backup their Template VMs ? as I noticed they aren't set up by default to backup ? and/or what is the thinking behind backing up various VMs ? I guess the ones that have been the most modified eg the AppVMs ? I have 1 very large 20 gigabyte VM with old videos/pictures on it, do I back that one up ? for example? you just right click on the file and hit convert to trusted pdf. i'm nto sure what you're asking. ...I separated the sentence out , above, it clearly says "you send the file to a different VM" THEN convert to a trusted PDF. What would this 'diferent VM' be? ?a disposable VM ? or ? I think you need to read that post more carefully, although it isn't altogether clear. I think the scenario Micah has in mind is that you have downloaded a PDF in an untrusted network connected qube, and have a trusted isolated qube for storage. Instead of converting the PDF in the untrusted machine (who knows what might have been done to your Qubes tools?), or qvm-copying the untrusted PDF in to the storage qube, he copies it to another, converts there and then moves the trusted PDF in to trusted storage.(I think the "copy back" is just a mistake.) That "other" qube can be anything you choose - a disposableVM, a dedicated converter.. This is one approach to take - I'd suggest using a disposableVM if you want to do it. However, it looks like overkill to me, because there's a suggestion that just having an untrusted PDF in the storage qube increases the risk. I don't believe this need be so. Another approach might be to have a mini template for the storage qube, and open every file in a disposableVM. If you are wedded to GUI file managers, you could still do this by setting default file handlers to use qvm-open-in-dvm for pretty much every filetype. I hope that make things a little clearer unman THIS only works for PDF files, not for other docs? I set up my default disposable VM as anon-whonix , and when I go to open .docx it tries to use Tor Browser . However, PDFs open normally in the PDF application hmmm -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/83abb5b0-c544-7e68-bb62-5a4cb4c15227%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?
On 06/23/2017 05:43 AM, Unman wrote: On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote: On 06/21/2017 04:21 PM, cooloutac wrote: On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote: Permit me to ask two questions? 1) I was reading this - https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c (Credits: Micah Lee) What's that “Convert to Trusted PDF” you were talking about? Let's say you found an interesting document, and let's say that you had an offline virtual machine specifically dedicated for storing and opening documents. Of course, you can directly send that document to that VM, but there could still be a chance that this document is malicious and may try for instance to delete all of your files (a behavior that you wouldn't notice in the short-lived DisposableVM). But you can also convert it into what's called a ‘Trusted PDF’. You send the file to a different VM, then you open the file manager, navigate to the directory of the file, right-click and choose “Convert to Trusted PDF”, and then send the file back to the VM where you collect your documents. But what does it exactly do? The “Convert to Trusted PDF” tool creates a new DisposableVM, puts the file there, and then transform it via a parser (that runs in the DisposableVM) that basically takes the RGB value of each pixel and leaves anything else. It's a bit like opening the PDF in an isolated environment and then ‘screenshoting it’ if you will. The file obviously gets much bigger, if I recall it transformed when I tested a 10Mb PDF into a 400Mb one. You can get much more details on that in this blogpost by security researcher and Qubes OS creator Joanna Rutkowska. [https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html] -- Upon reading it on the suggested sequence of opening random/all PDFs, maybe , people vary their sequence. It sounds like in say my Whonix Anon-appvm , I d/l a PDF, is it then suggested I copy this PDF to a , what, PDF dedicated AppVM 1st, Before doing a “Convert to Trusted PDF” on the PDF file ? This would add a step to the much faster, just “Convert to Trusted PDF” from the actual Anon-Whonix AppVM 2) Do folks typically backup their Template VMs ? as I noticed they aren't set up by default to backup ? and/or what is the thinking behind backing up various VMs ? I guess the ones that have been the most modified eg the AppVMs ? I have 1 very large 20 gigabyte VM with old videos/pictures on it, do I back that one up ? for example? you just right click on the file and hit convert to trusted pdf. i'm nto sure what you're asking. ...I separated the sentence out , above, it clearly says "you send the file to a different VM" THEN convert to a trusted PDF. What would this 'diferent VM' be? ?a disposable VM ? or ? I think you need to read that post more carefully, although it isn't altogether clear. I think the scenario Micah has in mind is that you have downloaded a PDF in an untrusted network connected qube, and have a trusted isolated qube for storage. Instead of converting the PDF in the untrusted machine (who knows what might have been done to your Qubes tools?), or qvm-copying the untrusted PDF in to the storage qube, he copies it to another, converts there and then moves the trusted PDF in to trusted storage.(I think the "copy back" is just a mistake.) That "other" qube can be anything you choose - a disposableVM, a dedicated converter.. This is one approach to take - I'd suggest using a disposableVM if you want to do it. However, it looks like overkill to me, because there's a suggestion that just having an untrusted PDF in the storage qube increases the risk. I don't believe this need be so. Another approach might be to have a mini template for the storage qube, and open every file in a disposableVM. If you are wedded to GUI file managers, you could still do this by setting default file handlers to use qvm-open-in-dvm for pretty much every filetype. I hope that make things a little clearer unman Yes, sir, Unman, that is closer to what I was asking. Sorry, for any confusion. If you look at the original URL, I'm just quoting from Micah's article, as you said, so Unman, you are saying it probably is fine to NOT copy the pdf to a disposable qube before doing the "converted to trusted PDF?" I guess if one doesn't want to keep the PDF file, there is no reason to "convert" it, one would just 'open in a disposable VM' anyway, but good opsec would be to make sure to go back and del the PDF that was downloaded and opened in the disposable VM, ? I wish they could automate this as well, that after opening it in the disposable VM the original in th
[qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?
On 06/21/2017 04:21 PM, cooloutac wrote: On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote: Permit me to ask two questions? 1) I was reading this - https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c (Credits: Micah Lee) What's that “Convert to Trusted PDF” you were talking about? Let's say you found an interesting document, and let's say that you had an offline virtual machine specifically dedicated for storing and opening documents. Of course, you can directly send that document to that VM, but there could still be a chance that this document is malicious and may try for instance to delete all of your files (a behavior that you wouldn't notice in the short-lived DisposableVM). But you can also convert it into what's called a ‘Trusted PDF’. You send the file to a different VM, then you open the file manager, navigate to the directory of the file, right-click and choose “Convert to Trusted PDF”, and then send the file back to the VM where you collect your documents. But what does it exactly do? The “Convert to Trusted PDF” tool creates a new DisposableVM, puts the file there, and then transform it via a parser (that runs in the DisposableVM) that basically takes the RGB value of each pixel and leaves anything else. It's a bit like opening the PDF in an isolated environment and then ‘screenshoting it’ if you will. The file obviously gets much bigger, if I recall it transformed when I tested a 10Mb PDF into a 400Mb one. You can get much more details on that in this blogpost by security researcher and Qubes OS creator Joanna Rutkowska. [https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html] -- Upon reading it on the suggested sequence of opening random/all PDFs, maybe , people vary their sequence. It sounds like in say my Whonix Anon-appvm , I d/l a PDF, is it then suggested I copy this PDF to a , what, PDF dedicated AppVM 1st, Before doing a “Convert to Trusted PDF” on the PDF file ? This would add a step to the much faster, just “Convert to Trusted PDF” from the actual Anon-Whonix AppVM 2) Do folks typically backup their Template VMs ? as I noticed they aren't set up by default to backup ? and/or what is the thinking behind backing up various VMs ? I guess the ones that have been the most modified eg the AppVMs ? I have 1 very large 20 gigabyte VM with old videos/pictures on it, do I back that one up ? for example? you just right click on the file and hit convert to trusted pdf. i'm nto sure what you're asking. ...I separated the sentence out , above, it clearly says "you send the file to a different VM" THEN convert to a trusted PDF. What would this 'diferent VM' be? ?a disposable VM ? or ? when it comes to backing up template vms. I only backup my cloned vms. I clone vms from the defaults if I'm gonna install custom configs in them. also so it has a diff name then default vms for less chance of issues when restoring. and of course you back up your videos and pictures, are you being serious? lol. thats what most people backup. and deeper thought is what if they all have viruses and everytime you open one up you infect your system. So that leads to another thought that well if you are willing to reinstall all your programs and configs from scratch on a default template, mabe you'd be better off. But backing them up and restoring them is for convenience. ...ya, like many people perhaps, though, I used Qubes 90% of the time, my old files/photos, are also on laptop, google photos, removable large hard drive, windows 10 dual boot HD, etc, yes, they are on Qubes, but take up a huge amount of space, HENCE, backing them up would be a bit of a pain for the time it takes. ..you clone AppVMs you mean then back them up ; I really can't follow what your saying about your backups in sum, thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d85a9bc5-3cb2-259b-4834-fb2626209a8e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] EFI_MEMMAP is not enabled
EFI_MEMMAP is not enabled I get this during boot, sometimes it stops there, and I have to cold reboot, most times, it just continues. I am sorry, I've asked a few times before , but as of yet, I'm not sure I've gotten any clear answer what if anything can be / should be done about it The 2nd line is something about ESRD or so I did go into the bios and change the GPU memory from "auto" to "1024" but this didn't make any change thx FWIW, these 2 lines of messages, Also popup between /after entering the disk password, and before the user password entry -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fdec9567-f5a8-76e5-a98f-30de2eb07dd7%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] “Convert to Trusted PDF” protocol, & Backup VMs, which typically?
Permit me to ask two questions? 1) I was reading this - https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c (Credits: Micah Lee) What's that “Convert to Trusted PDF” you were talking about? Let's say you found an interesting document, and let's say that you had an offline virtual machine specifically dedicated for storing and opening documents. Of course, you can directly send that document to that VM, but there could still be a chance that this document is malicious and may try for instance to delete all of your files (a behavior that you wouldn't notice in the short-lived DisposableVM). But you can also convert it into what's called a ‘Trusted PDF’. You send the file to a different VM, then you open the file manager, navigate to the directory of the file, right-click and choose “Convert to Trusted PDF”, and then send the file back to the VM where you collect your documents. But what does it exactly do? The “Convert to Trusted PDF” tool creates a new DisposableVM, puts the file there, and then transform it via a parser (that runs in the DisposableVM) that basically takes the RGB value of each pixel and leaves anything else. It's a bit like opening the PDF in an isolated environment and then ‘screenshoting it’ if you will. The file obviously gets much bigger, if I recall it transformed when I tested a 10Mb PDF into a 400Mb one. You can get much more details on that in this blogpost by security researcher and Qubes OS creator Joanna Rutkowska. [https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html] -- Upon reading it on the suggested sequence of opening random/all PDFs, maybe , people vary their sequence. It sounds like in say my Whonix Anon-appvm , I d/l a PDF, is it then suggested I copy this PDF to a , what, PDF dedicated AppVM 1st, Before doing a “Convert to Trusted PDF” on the PDF file ? This would add a step to the much faster, just “Convert to Trusted PDF” from the actual Anon-Whonix AppVM 2) Do folks typically backup their Template VMs ? as I noticed they aren't set up by default to backup ? and/or what is the thinking behind backing up various VMs ? I guess the ones that have been the most modified eg the AppVMs ? I have 1 very large 20 gigabyte VM with old videos/pictures on it, do I back that one up ? for example? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d7631b1-9885-ec62-abe9-4ee4c20f82a6%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Fedora updates in small sessions, and I must reboot my VMs
On 06/10/2017 11:52 AM, Foppe de Haan wrote: On Saturday, June 10, 2017 at 11:33:24 PM UTC+2, yreb-qusw wrote: Is there some special reason, why Fedora updates 10 times a week, it's kind of a pain to manual reboot 10 AppVMs just for some tiny update, yes, I could just not update the AppVMs , or wait and not update Fed24 when it suggest I do but. You do know that you don't *have* to reboot them every time you update the template, right? :) Sure thats what I said, but who knows maybe one of these crazy packages is related to security or something, that or I don't like seeing the little green circles :) thanks for replying -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e365d5fa-bb01-62f5-5167-bb6737c5012a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora updates in small sessions, and I must reboot my VMs
Is there some special reason, why Fedora updates 10 times a week, it's kind of a pain to manual reboot 10 AppVMs just for some tiny update, yes, I could just not update the AppVMs , or wait and not update Fed24 when it suggest I do but. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a3a5353-f531-1584-d03d-d3549c8e51a0%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] has anyone got U2F keys working in Fed24 Template or so?
I found the instructions on yubikeys site, however when I went and changed rules.d my system basic froze, and I had to hard reboot, was considered I may have totally broke Qubes, but was able to remove the rules.d reference, but I see no other instructions to do this: https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules https://forum.yubico.com/viewtopic.php?f=26&t=1535 Pardon me, if I'm off-topic :| -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d978c289-e03c-64df-5763-e475c7ee9762%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Suggestion on VPN Docs Qubes instructions
In this section: Set up a ProxyVM as a VPN gateway using iptables and CLI scripts Where it says this: Set up and test the VPN client. Make sure the VPN VM and its template VM are not running. Run a terminal (CLI) in the VPN VM this will start the VM. Then make a new ‘vpn’ folder with sudo mkdir /rw/config/vpn and copy your VPN config files here (the example config filename used here is openvpn-client.ovpn). Files accompanying the main config such as *.crt and *.pem should also go here, and should not be referenced in the main config by absolute paths such as ‘/etc/…’. Notes about VPN config options: The VPN scripts here are intended to work with commonly used tun interfaces, whereas tap mode is untested. Also, the config should route all traffic through your VPN’s interface after a connection is created; For openvpn the directive for this is redirect-gateway def1. Lastly, the VPN client may not be able to prompt you for credentials when connecting to the server: Creating a file in the ‘vpn’ folder with your credentials and using a directive such as openvpn’s auth-user-pass is recommended. It seems like this file needs to be changed to be read-only, for the appropriate ownershipbased on the complaints that pop up, when testing in the terminal before one doesn't notice it later, when not using the terminal to start the openvpn --config -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f8e601e-29b1-635e-1b5e-b65401a332e3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] efi: EFI_MEMMAP is not enabled.
I'm guessing this may not be only a Qubes thing, but it is during every Qubes boot. But, are these two references during boot normal, I did do some searching but didn't find an answer.. efi: EFI_MEMMAP is not enabled. esrt: ESRT header is not in the -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ec12ec1-dbea-e57f-b1f3-c63f86f4f4e7%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: updated to fedora 24, deleted Template for 23 , however menus remain
On 06/07/2017 04:29 PM, cooloutac wrote: On Wednesday, June 7, 2017 at 9:59:25 PM UTC-4, yreb-qusw wrote: went thru this https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ upgrade all the defaults however I'm still seeing the Fedora 23 Template Domain in the Applications menu pull downs https://www.qubes-os.org/doc/remove-vm-manually/ step 4 is prolly all you need but check them all. ah so, that seems to have worked ; seems like it might be an idea to add it to the end of the upgrade F23->24 page .. :) cc: 'thelist' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8e6417d0-c904-9869-7300-eed08356e309%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] updated to fedora 24, deleted Template for 23 , however menus remain
went thru this https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ upgrade all the defaults however I'm still seeing the Fedora 23 Template Domain in the Applications menu pull downs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67d984f3-d76e-b2c3-70db-1e5228b1e225%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VM refused to give back memory in dom0 ?
This is just a random thing, no need to reboot the VM when I see this ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc89d993-caf9-575d-dd78-c3ad95bced7e%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Basics: if I'm in an AppVM and I do PrintScreen, and Save ....
for cropping use Shotwell. also, it is not advised to move screengrabs or any jpegs to dom0 , you'll just have to live with whatever screengrabs you take with printscreen in dom0 without cropping them seems like what the docs might say , as I noticed wallpapers is listed as one of the few reasons to move anything to dom0 too bad the default desktop images selection then, is so small IMHO :P -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f9c851c-0b07-d074-de24-69520ab6776b%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Basics: if I'm in an AppVM and I do PrintScreen, and Save ....
and what is the preferred image manipulator in fed24? all I want to do is crop the screenshot, but so far I don't see anything in the list of applications for fed24 out of the box. i don't mind installing something in the template for fed24 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/025f7c50-ac6f-a84c-bbb8-0dd568573240%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Basics: if I'm in an AppVM and I do PrintScreen, and Save ....
though I do see 1 Screenshot.png - If I go to XFCE desktop settings-> Desktop (background tab) -> folder -> other -> everything is greyed out , so though I see Desktop -> Screenshot.png I am unable to use it I would deduct that Term in dom0 is "Desktop" FWIW anyway Please keep the list cced. In the terminal just 'cd' to get to your home directory then cd Pictures. 'pwd' will show you the current directory name. In the Settings tool, everything is greyed because the filetype selector is set to "Image files." Just navigate to the Folder you want using the buttons at the top, and/or type in a Folder in "Location" bar. Click on "Open" and the "background" tab will then show you the contents of that Folder, and you can select the one you want for your background. unman hmm, so if I use the AppVM utility screenshot is that going to save to the AppVM files? or dom0 , maybe that what I should have been doing, and then if I want it as a background move it to dom0 ? ...I did say 'basic' , so, can I get random photos slideshow of my own photos in dom0 by putting them where ? in "images", where the other stock backgrounds are? ..if so, where is this dir 'images' , I'll look again but -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d3c84ef-a311-5984-706b-514f8e0c3f94%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Basics: if I'm in an AppVM and I do PrintScreen, and Save ....
It then goes to main_qube_username/Pictures However in a Terminal I don't see any hierachy like that, nor how to allow something like the desktop background utility to use what I've grabbed. I understand that dom0 is not supposed to have a filestructure , but where or how to interact with things that appear to be confined to dom0? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e0c5356-edc1-a64d-d88a-0b09eb84fd0c%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Debian 9 and Fedora 24 Should I be upgrading to these?
addendum, I think this one is sorted, so marked *solved i guess :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/518f3b70-9d63-88c1-1150-e3ada348a964%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: error starting VM : invalid argument: network device with mac 00:16:00:00:00:00 already exists when starting sys-whonix
I should add this is intermittent, and I detect no loss of function, so maybe I just close my eyes, and let it go ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eafd18d7-639f-d2cf-e437-ac87c8155ac7%40riseup.net. For more options, visit https://groups.google.com/d/optout.