[qubes-users] Re: [qubes-announce] QSB #33: Xen hypervisor (XSA-231 through XSA-234)

2017-09-12 Thread yreb-qusw

maybe could consider removing
"Occasionally fuckups happen,"   ..unless one is going for the 
unprofesional vulgarity crowd IMHO


2cents ,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5705dc3-9942-6349-32a7-764c01e83a1f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: UEFI secureboot issue

2017-08-20 Thread yreb-qusw

On 08/20/2017 05:44 AM, cooloutac wrote:

On Sunday, August 20, 2017 at 12:42:55 AM UTC-4, qubester wrote:

On 08/16/2017 05:55 AM, cooloutac wrote:

I'm glad Bruce Schneier changed his tune and is no longer encouraging kids to 
learn how to hack in live environments,  cause I think that breeds sociopaths, 
and is dangerous. (and we are living in an epidemic)

Now he has to stop calling secure boot security theater,  because alot of 
people seem to believe it and take his word like gospel.

Is protecting the bios from rootkits its intended purpose?  seems so?, it helps 
anyways, and it definitely was intended to protect the firmware.  Its not just 
kernel code signing,  its driver code too.

I would add also make a password on your bios obviously,  and enable flash 
protections.

I don't even think most the ITL members use aem, it sounds complicated and 
buggy and I can't afford to buy new hardware if it red flags anyways.



So..if you feel so strongly about it,  how come you are using Qubes?
Maybe I should go back to using Windows 10,  if secure boot  trumps
the other security aspects of Qubes.

Or, do you think your 'safer' using Qubes, if so, why ?


To be honest,  it really doesn't matter what os you use, its all about what the 
user does on it.  When using qubes the user still has to be careful.  It 
doesn't matter if dom0 is compromised if a vm with sensitive info is.  You 
really have to be strict with yourself.

You going to play online video games?  might as well use windows.

Dual booting?  might as well just use windows.

disabling iommu features?  might as well just use windows.

Worried about government spying?  Might as well not use anything.

You have to live like a monk if you really want privacy.

I have a windows machine and a qubes machine.  the qubes machine is for offline 
documents,  compartmentalizing specific website login activity, and random 
browsing.  The windows machine is for gaming and movies.

The guy Brad Spengler already warned dom0 and vms can be compromised by bad 
system updates. And I believe this happened to me and led to my bank account 
being hacked.   Also just after intel announced their patch for the hardware 
backdoor that existed for 8 years.

Qubes did last almost 2 years for me though(minus gaming),  when barebones 
linux wouldn't last a day and windows wouldn't last a couple months. Simply 
because I refuse to give up doing the things I own a pc for.   The other thing 
he warned about was using too much of the gpu in qubes...  I foresee that 
coming in the future with people demanding passthrough for it.

If you do decide to go back to windows 10,  hardenwindows10forsecurity.com  
also might interest you hardenubuntu.com  (scroll down to harden ubuntu 
section) The user activities and security and trust of the developers become 
the deciding factor after a point.

I don't think any operating system does it all.   Just like alot of people 
didn't think root privilege escalation in
vms, being trivial to bypass, was an excuse not to add that layer of 
protection.  I think its even worse not to use secure boot.


So, I'm still confused, if you feel secure boot is So important, why is 
it that you don't use an OS that supports it ?


Or are you saying that besides the secure boot, that Qubes or Linux  IS 
more "secure" , and it's a "know your adversary" thing?   If I'm 
understanding this correctly the main adversary re: secure boot would be 
some  "advanced threat" like a government  with that level of "skills" ??



I'm more "newb" than you,  what does a "failed" update look like ?? I 
have been feeling a lot more  secure  using a dedicated VM to do banking 
 , which actually was how I started down the path to use Qubes ...


I don't know what   "root privilege escalation in
vms, being trivial to bypass, was an excuse not to add that layer of 
protection"   means  ; if you might explain that as well .(btw, is some 
of this to improve with Qubes 4.x ?


Personally, I also enjoy how well Whonix  works in Qubes , and use it 
for most things that don't require logins, and I like the speed or the 
OS  vs win10  , which nows feel clunky,  esp  on VPN




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d30827f7-ef2f-c213-f9da-57853de15fe4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?

2017-08-17 Thread yreb-qusw

On 08/17/2017 06:25 AM, Ted Brenner wrote:

On Thu, Aug 17, 2017 at 1:23 AM, yreb-qusw  wrote:


On 08/15/2017 05:13 PM, yreb-qusw wrote:


Q4.0 upgrade path ?  am I eventually going to have to reinstall  as Q4.0
or will it be 3.2  be 'upgradeable' ?







One of the pages
<https://www.qubes-os.org/doc/version-scheme/#release-schedule>has a
schedule. I believe there are 5 weeks between release candidates with a
maximum of 3 candidates. So that would be 15 weeks before stable? RC1 was
July 31st. So stable could be November 13th at the latest? This is my best
guess.




Will It be requiring reinstall or will there be some way  to upgrade 
withOUT reinstalling ,  would you happen to know?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eba2e66c-1930-232e-99dc-b5caaa247cfd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?

2017-08-16 Thread yreb-qusw

On 08/15/2017 05:13 PM, yreb-qusw wrote:
Q4.0 upgrade path ?  am I eventually going to have to reinstall  as 
Q4.0  or will it be 3.2  be 'upgradeable' ?



Guesstimate when does it turn into "stable" ?


3) re: security advisorys, is there ever any suggestion what to do about 
them?

.or just keep upgrading dom0  and  magically  some of them get fixed ?


seem like obvious questions to me , sorry if they are basic


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ddaade3b-1f22-3030-2dc9-e07e76a41269%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?

2017-08-16 Thread yreb-qusw

On 08/15/2017 05:13 PM, yreb-qusw wrote:
Q4.0 upgrade path ?  am I eventually going to have to reinstall  as 
Q4.0  or will it be 3.2  be 'upgradeable' ?



Guesstimate when does it turn into "stable" ?


3) re: security advisorys, is there ever any suggestion what to do about 
them?

.or just keep upgrading dom0  and  magically  some of them get fixed ?


seem like obvious questions to me , sorry if they are basic


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/35610839-266a-2ce7-bbd1-1b8663cbacc8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Q4.0 upgrade path ? Guesstimate when does it turn into "stable" ? 3) re: security advisorys, is there ever any suggestion what to do about them?

2017-08-15 Thread yreb-qusw
Q4.0 upgrade path ?  am I eventually going to have to reinstall  as 
Q4.0  or will it be 3.2  be 'upgradeable' ?



Guesstimate when does it turn into "stable" ?


3) re: security advisorys, is there ever any suggestion what to do about 
them?

.or just keep upgrading dom0  and  magically  some of them get fixed ?


seem like obvious questions to me , sorry if they are basic

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef56d240-b309-938a-e80d-2b144935b4ae%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] F25 VM Manager Update green arrow persisting

2017-08-04 Thread yreb-qusw
Anyone else having this issue ?   Suggested fix  or just ignore,  I 
haven't actually rebooted the machine  but have closed all VMs and 
reopened only the F25 to 'update'  but 'there is nothing to do' and yet 
it persists..


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1027701f-02f7-b51b-a2c8-55833a435272%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] dvm removal ?

2017-08-01 Thread yreb-qusw

On 08/01/2017 01:05 AM, Marek Marczykowski-Górecki wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Mon, Jul 31, 2017 at 10:01:50PM -1000, qubester wrote:

Hello,

when I create a dvm  i'm now up to dvm-17  , is one supposed to be removing
dvm's manually?  because I do see how,  though each ititeration, continues
to count up  would that be expected behavior?


No, it isn't. For which Disposable VMs it happens? Started from menu,
opening a file in DispVM, or something else?
.often I have done, open pdf  in DispVM  and then when I close the 
pdf the DispVM disappears.  Rarely from the menu.


..fwiw, I had  been  using the Whonix suggested default DVM , but 
wanted/want to go back to the default method,  as I think the Whonix way 
is/was "over my head" ; so just recently I changed the default back to 
Fedora 25 template  FWIW.



I don't really recall which of the 3 options I used for the Whonix 
DVM setup  but 
(https://www.whonix.org/wiki/Qubes/Disposable_VM#Creating_a_New_DisposableVM-Template_Based_on_Whonix-Workstation)



How  would I now  delete  DVMs  that are not  in my list,  even when all 
hidden VMs  are enabled ?



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1e2674e-f277-72af-c9a9-d2926639e97c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Qubes Blog ? and/or Fedora 25 notices ?

2017-07-24 Thread yreb-qusw

Hello,
I don't really see where  , if anywhere,  there is official Qubes type 
updates for the OS , other than the canary and QSB thing

https://www.qubes-os.org/news/

ie., the Docs to see seem a bit static, Maybe that is what this mailing 
list is for in part.



For Example, is there a show of hands for people using Q3.2  whom have 
updated to F25?and/or  when if ever, would I know that , that may be 
recommended ?


Maybe when some doc appears in the Docs section ?

---

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e5071ee-d52a-f7ab-43bb-14832a2c7b9b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Keepass vault password no worky

2017-07-21 Thread yreb-qusw

On 07/21/2017 12:10 AM, 0brand wrote:

And sorry if this sounds absurd, but very frequently the database file will 
become unselected, this happens to everyone in my family all the time and you 
sometimes will repeatedly try the password, to have it fail, not realizing you 
actually have to re-select the database file again.
It does not sound absurd at all. There is a keepassx bug that is causing 
problems if users shutdown their database improperly just like you said. Its 
probably the same one I was reading about. And to be honest with you I would 
take any suggestions at this point no matter how absurd you think it is ; )
When I was first having the problem I removed the keepassx databases and 
restored from backups. Like I said I was having problems restoring them. I just 
realized that the old vault-appvms that I removed keep showing back up in 
/var/lib/qubes/appvms . Maybe this is either the problem or a symptom of the 
problem?
Hopefully I will have a solution soon. For what its worth I really appreciate 
everyones response and If you you have any more suggestion I would like to hear 
them.

Sent with [ProtonMail](https://protonmail.com) Secure Email.


 Original Message 
Subject: Re: [qubes-users] Re: Keepass vault password no worky
Local Time: July 19, 2017 9:58 PM
UTC Time: July 19, 2017 9:58 PM
From: raahe...@gmail.com
To: qubes-users 
qube...@riseup.net, yreb...@riseup.net, 0bra...@protonmail.com
On Wednesday, July 19, 2017 at 5:43:39 PM UTC-4, 0brand wrote:

Which Keepass? On debian:

I use the same as you Keepassx.



I"m thinking it may have something to do with dom0 backup/restore. I have multiple 512 
Gib usb drives i do backups on. I don"t want to try to restore from one of my other ones 
because I"m afraid they may become corrupted as well.



My next step doing a fresh install on my other hard drive and see if I can restore 
my kepassx databases onto that. If that does not work I guess I"m out of luck.






Sent with ProtonMail Secure Email.



 Original Message 

Subject: Re: [qubes-users] Re: Keepass vault password no worky

Local Time: July 19, 2017 3:53 PM

UTC Time: July 19, 2017 3:53 PM

From: qub...@riseup.net

To: qubester , qubes-users , 
0br...@protonmail.com



qubester:


On 07/18/2017 02:27 PM, "0brand" via qubes-users wrote:



I"ve been trying to resolve a problem with both of my Debian-8



vault-appvms.. For some reason my Keepass passwords no longer work.



When I type in the password I get this message:



Unable to open database. Wrong key or database file is corrupt



I have been using the same password for both my Keepass databases for



quite some time now so the problem isn"t due to forgetting or



miss-typing my passwords. Normally this would not be much of a problem



except for the fact that restoring from backups is not remedying the



issue. I"ve restored both my Keepass vault-appvms and my Debian-8



Template.



Looking back at the day before this happened there is only one thing



that I did that may have contributed to the problem. I removed my



sys-usb (netvm) and created a sys-usb (appvm). After I created the new



sys-usb I realized that It would not run unless I set pci_strictreset



to false. This was not acceptable to me so I removed the new sys-usb



and created a new one with:



sudo qubesctl top.enable qvm.sys-usb



sudo qubesctl top.enable qvm.sys-usb



The reason I think this may have contributed to the problem is because



the first two times I tried to restore my appVMs things did not go



well. The first time the Gui completely froze and I was unable to



unmount the drive. The second time the backup-restore did not complete



but at least the screen did not freeze up. The third time I used a



backup from a couple days prior and everything went smoothly. It did



not solve the problem though. I still can not unlock my Keepass vaults.



I"m not really sure what to do next. Is it possible that my backups



are somehow being corrupted when I restore them? I"m a little



flustered at this point and I could use some guidance.



Thanks in advance







Sent with [ProtonMail](https://protonmail.com) Secure Email.











If it makes you feel better, I had the thing fail. with the same



messages, and I"d swear, I did nothing at all, after that I stopped



using it . as pretty pointless to use something that MUST be



reliable and have it fail so easily, whatever caused it IMHO of course



; I think mine was in the Vault VM








Which Keepass? On debian:



user@host:~$ apt-cache search keepass

keepass2 - Password manager

keepass2-doc - Password manager - Documentation

keepassx - Cross Platform Password Manager

kpcli - command line interface to KeePassX password manager databases

libfile-keepass-perl - interface to KeePass V1 and V2 database files



I ask because I have been using keepassx for three or four years with

only two databases. I keep multiple copies on di

[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)

2017-07-19 Thread yreb-qusw

On 07/19/2017 12:17 PM, cooloutac wrote:



secure boot isn't supported on qubes unfortunately. Hacking teams insyde bios 
exploit could be used remotely according to experts, so secure boot would 
actually defend against something like that remotely as well.  I hope people 
get over the anti microsoft and redhat notions about it.  Richard Stallman 
gives it the ok in its current state, so why spite.

 And ya AEM seems complicated to setup so unless you travel alot and are 
worried about evil maids or someone breaking into your computer, a  usbvm is 
probably more practical.



So, you do use both an Admin and User  pw  , but not secure boot  for 
your Qubes machine?


no evil maids here, but I guess there is/was talk  of remote exploits 
and or  USB drives  of possible uncertain   cleanliness,  that might 
also be protected by AEM ?



in my case, last time the USBVM thing  , or my attempted implementation, 
rather,  nearly cause a meltdown, but since I've the PS2 adapter, 
personaly, I'm also avoiding the USBVM . I suppose overall, I'm 
still safer than running  Windows 10  :)  aren't  I ...

or other Ubuntu  distros

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03c0e254-1043-256f-acd5-c873e9a54044%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Keepass vault password no worky

2017-07-19 Thread yreb-qusw

On 07/19/2017 05:53 AM, qubenix wrote:

qubester:

On 07/18/2017 02:27 PM, '0brand' via qubes-users wrote:

I've been trying to resolve a problem with both of my Debian-8
vault-appvms.. For some reason my Keepass passwords no longer work.
When I type in the password I get this message:
Unable to open database. Wrong key or database file is corrupt
I have been using the same password for both my Keepass databases for
quite some time now so the problem isn't due to forgetting or
miss-typing my passwords. Normally this would not be much of a problem
except for the fact that restoring from backups is not remedying the
issue. I've restored both my Keepass vault-appvms and my Debian-8
Template.
Looking back at the day before this happened there is only one thing
that I did that may have contributed to the problem. I removed my
sys-usb (netvm) and created a sys-usb (appvm). After I created the new
sys-usb I realized that It would not run unless I set pci_strictreset
to false. This was not acceptable to me so I removed the new sys-usb
and created a new one with:
sudo qubesctl top.enable qvm.sys-usb
sudo qubesctl top.enable qvm.sys-usb
The reason I think this may have contributed to the problem is because
the first two times I tried to restore my appVMs things did not go
well. The first time the Gui completely froze and I was unable to
unmount the drive. The second time the backup-restore did not complete
but at least the screen did not freeze up. The third time I used a
backup from a couple days prior and everything went smoothly. It did
not solve the problem though. I still can not unlock my Keepass vaults.
I'm not really sure what to do next. Is it possible that my backups
are somehow being corrupted when I restore them? I'm a little
flustered at this point and I could use some guidance.
Thanks in advance

Sent with [ProtonMail](https://protonmail.com) Secure Email.



If it makes you feel better, I had the thing fail. with the same
messages, and I'd swear, I did nothing at all, after that I stopped
using it . as pretty pointless to use something that MUST be
reliable and have it fail so easily, whatever caused it  IMHO  of course
 ; I think mine was in the Vault VM



Which Keepass? On debian:

user@host:~$ apt-cache search keepass
keepass2 - Password manager
keepass2-doc - Password manager - Documentation
keepassx - Cross Platform Password Manager
kpcli - command line interface to KeePassX password manager databases
libfile-keepass-perl - interface to KeePass V1 and V2 database files

I ask because I have been using keepassx for three or four years with
only two databases. I keep multiple copies on different storage devices
and I have had only one copy ever become corrupt, but it was the fault
of the usb device. I use keepassx and kpcli with pleasure.



keepass2
guess that is a good idea to keep copies in various places
I don't actually know why I would use a usb device with keepass2, so 
that wasn't it.
honestly, it was a trial, in the vault appVM  , I was a bit shocked that 
it failed within a few weeks, was enough, for me to use my other 
password manager instead ..YMMV of course


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6cdff271-5bee-64b0-f4eb-516a05c70aa3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)

2017-07-19 Thread yreb-qusw

On 07/18/2017 08:07 PM, pixel fairy wrote:

On Tuesday, July 18, 2017 at 10:52:05 PM UTC-7, yreb-qusw wrote:


So, If I haven't already, I should have secure boot enabled? ;   I saw
after I posted that, all the steps, I'd probably end up breaking the
machine or locking myself out of it .


you should definitely put a password on your bios and make a usb qube.

i would only do AEM if your comfortable with installation, backup and recovery, 
or dont have anything important on that machine yet. preferably set aside a 
couple days to work out any kinks.




I noticed a 'secure boot'  doesn't require a user or admin  pw,   I 
really can't imagine any physical security issues, unless  ,  a USB 
device remotely got infected somehow  , though , I almost never use any 
USB drives.


I have so many pw's  between all my encrypted drives (on which I re-use 
the same pw :)  ),  that I hesitate  to add   potential  disaster level 
pw's  unless it  really adds  something .


SO,  for the purposes  to this AMT  or  remote attacks on a Qubes system 
 ,  would enabling 'secure boot'  without a  admin pw  make sense,  and 
 you recommmeding a  admin  AND user  pw  with the 'secure boot'  ,  I 
thought   there was some issue  with Qubes  booting   with 'secure boot' 
 enabled ??


sorry, if this is too simple, or the paragraph rambles..

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/75c55aa4-1f98-f878-6e8a-a7ed1bf3cf6b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)

2017-07-18 Thread yreb-qusw

On 07/17/2017 08:15 PM, cooloutac wrote:

On Monday, July 17, 2017 at 8:31:42 PM UTC-4, pixel fairy wrote:

On Sunday, July 16, 2017 at 9:55:55 AM UTC-7, yreb-qusw wrote:

On 07/16/2017 01:27 AM, pixel fairy wrote:

---
In Dom0 install anti-evil-maid:

sudo qubes-dom0-update anti-evil-maid
---

Doesn't sound like 'more work' just doing the above, perhaps there is
more to it, I thought, it mentioned it's better to install via a USB Drive?


https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README

as you can see, its a lot of steps, and only some laptops are compatible. there 
are even new laptops, like the system76 lemur7 (i7 skylake), that cant do AEM.

ideally you can boot from a non usb external device, such as an sd card in your 
purse or wallet. if you do use usb, then you have to disable hiding the usb 
controller for a bit, which gives your attacker a window of opportunity for the 
kinds of things AEM is meant to detect.

this is a small windows of opportunity, but there is the theoretical case that 
a clueless attacker with only a short time boots from their own device, the 
attack fails because usb is locked (and they may not even know this) and your 
laptop is ok. whereas if AEM needed that usb controller enabled to function, 
the attack would succeed, or at least succeed enough to trip AEM.


What would be the "trade off"  and/or  How would I disable it , if it
somehow messes up my Qubes install?


the most obvious trade off is needing your boot device to boot your laptop. so, 
you must protect this device. you'll probably want more than one of them in 
case one is lost or damaged, so you have to protect multiple devices. this is 
fine for cyborgs with implanted, bootable usb devices. but, for the rest of us, 
its something you must consider carefully in your threat model.

a more thorough discussion of all this in the background blog post, 
https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html

if it doesnt work, you wont be able to boot. youd have to reinstall qubes and 
start over. if you want to disable it, you might be able to make a new 
passphrase for luks that doesnt need the keyfile on your aem device. there may 
be other steps required, but i havent tried it.


like pixel said you either can use a usb stick like a yubikey to boot, or use a 
usbvm don't think you can do both.   so in most cases a home desktop pc 
probably would just use usbvm.  but if you someone that travels with a laptop, 
that might be accessible to others, you might want to boot with usb key.

aem can be used on both but without usb key if using usbvm,  but should note 
aem only notifies you that something happened, like pixel said it doesn't stop 
the attack,  like secure boot would in case of hacking teams insyde bios 
attack.  Also the only true option then would be to buy all new hardware if 
such a compromise did happen.  But some people upgrade their hardware every two 
years anyways.  If you careful you can last that long.



So, If I haven't already, I should have secure boot enabled? ;   I saw 
after I posted that, all the steps, I'd probably end up breaking the 
machine or locking myself out of it .


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/30f4e715-6c5b-bb32-92ab-56a3f2266c04%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)

2017-07-16 Thread yreb-qusw

On 07/16/2017 01:27 AM, pixel fairy wrote:

---
In Dom0 install anti-evil-maid:

sudo qubes-dom0-update anti-evil-maid
---
Doesn't sound like 'more work' just doing the above, perhaps there is 
more to it, I thought, it mentioned it's better to install via a USB Drive?



What would be the "trade off"  and/or  How would I disable it , if it 
somehow messes up my Qubes install?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/47a17193-5591-d170-a3bf-453dc80db9f0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)

2017-07-15 Thread yreb-qusw

On 07/14/2017 05:40 PM, pixel fairy wrote:

any network available OOB


sorry what would be an example of this ?  "out of band" ?

I'm not clear what SED is , :)

I don't really see  any docs on ?initializing  AEM  , I do see that it 
says  to :


---
In Dom0 install anti-evil-maid:

sudo qubes-dom0-update anti-evil-maid
---

I personally  have no USB-VM  ,  would my Bios need to be configured 
some particular way, beyond what it already is with 3.2  booting and stable



I have about zero concern on  malware  from  USB drives,  maybe I 
shouldn't , but seems far -fetched in my case.  So,   maybe I don't need 
AEM  depending  on  what  "network OOB"   would mean .


regards

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/558c150f-a391-9fbc-9a2b-2901b26054a0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Why does VPN needs its own firewall VM?

2017-07-10 Thread yreb-qusw

On 07/09/2017 11:56 PM, Chris Laprise wrote:

On 07/09/2017 11:48 PM, yreb-qusw wrote:

at the end of the VPN CLI setup it says :

==
If you want to be able to use the Qubes firewall, create a new
FirewallVM (as a ProxyVM) and set it to use the VPN VM as its NetVM.
Then, configure AppVMs to use your new FirewallVM as their NetVM.
==

is there some reason why I should or should not just use the existing
firewall, or should each of the VPN VMs each have it's own firewall VM
for some reason?



Qubes firewall creates DNS accept rules that target only the upstream
netVM. This has no side-effect until you start whitelisting in the
presence of a tunnel; then DNS queries become blocked by the "Deny
except" rule even if "Allow DNS" is selected.

One workaround is to use a firewall VM between the VPN VM and downstream
VMs, as suggested in doc. You need one for each VPN VM where you intend
to whitelist.

The existing sys-firewall normally interfaces to sys-net; In that
configuration it can't filter any traffic that gets routed through the
tunnel. But you can re-assign it to use a VPN VM instead of sys-net; The
only downside is if you have any VMs that need direct non-VPN access to
the net, in which case its still good to keep sys-firewall connected to
sys-net and use other proxyVMs as VPN firewalls.

-

A different workaround is to use 'sed' to update iptables with the
correct DNS entries, as in this script which can replace
"qubes-vpn-handler.sh":

https://github.com/tasket/Qubes-vpn-support/blob/new-1/rw/config/vpn/qubes-vpn-ns


...then add this to the end of "qubes-firewall-user-script":

/rw/config/vpn/qubes-vpn-ns fwupdate

Thanks, and if I DONT intend to white list anything, then is there any 
reason to use the separate fw-VPNs  for each  VPN VM?


As, I think this white listing fw  stuff has always been 'over my head' 
.


And I use suspend function daily, and it's a bit hassle to get the VPNs 
up and running again, even with the launcher workaround,  very often I 
must use the launcher rc.local  multiple times , and ping to see if it 
works, and quite often  they don't restart  properly


So, unless there is a great reason , in my case, to do the extra 
separate VPN fw VMs , I'd rather skip it :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ab79946c-4824-e813-22f9-9a5898815243%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Why does VPN needs its own firewall VM?

2017-07-09 Thread yreb-qusw

at the end of the VPN CLI setup it says :

==
If you want to be able to use the Qubes firewall, create a new 
FirewallVM (as a ProxyVM) and set it to use the VPN VM as its NetVM. 
Then, configure AppVMs to use your new FirewallVM as their NetVM.

==

is there some reason why I should or should not just use the existing 
firewall, or should each of the VPN VMs each have it's own firewall VM 
for some reason?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32ed9bd4-533d-5291-3ae3-a5a8b91201fa%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: sudo dnf remove qubes-template-fedora-23 fails for some reason

2017-07-05 Thread yreb-qusw

On 07/05/2017 07:24 AM, cooloutac wrote:

On Monday, July 3, 2017 at 10:36:54 PM UTC-4, yreb-qltop wrote:

sudo dnf remove qubes-template-fedora-23  fails  for some reason

no match for argument; qubes-template-fedora-23
eroor: no packages marked for removal


this is after going through successfully all the step to upgrade to 24
including changing all the defaults

and successfully changing the default dvm


anything else I should try  Else  jus learn to live with the unused
template VM?


pretty sure I already linked you this in another thread.  
https://www.qubes-os.org/doc/remove-vm-manually/



Dunno, in any event, I probably posted before searching the Goog-Qubez 
archives, which had That  URL.
Which Did work ,  but thanks so much  for responding your one whom 
does   cheers


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08e227d7-1ffe-3529-ddd7-89fa4229014d%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-03 Thread yreb-qusw

#! bin/sh -e

echo "add win10">&2

cat sudo grub2-mkconfig

win10





I didn't realize I could search and adapt  "fedora grub2-mkconfig" for win7


another time consuming kludge, esp. after getting lucky, that I guess it 
wasn't an EFI win10 install ,


IMHO, someone  Might update  the  qubes docs 

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8b58e7d-4f3d-8c24-2c27-22499bf05fe0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-01 Thread yreb-qusw

On 07/01/2017 02:46 PM, Unman wrote:

On Sat, Jul 01, 2017 at 12:49:59PM -1000, yreb-qusw wrote:

On 07/01/2017 12:10 PM, Unman wrote:

Nothing will go wrong if you get the partition specification wrong -
Windows wont boot and you will see an error message.
From what you have said you have two options: msdos1 and msdos2.
In grub partitions are numbered starting from 1, so these can be
referenced as hd0,msdos1 and hd0,msdos2.
Just create two entries, one for each partition, and try to boot: if
the first fails, reboot and choose the second.




I'd be happy to  if I had a clue  what that means   like  what ?



menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd0,msdos1)/bootmgr
}


menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,1)/bootmgr
}



Again, lets say it might be hd0  it might be hd1  , it might be partition
msdos1 msdos2   or ? should it just be labeled  1  or  2

then I would put in 4 entries or reboot and just keep guessing on the format



No need to guess:
grub references disks numbering from 0
grub references partitions numbering from 1

So the first partition on the first disk would be hd0,msdos1. (also
hd0,1 - doesn't matter)
The third partition on a second disk would be hd1,msdos3

So now you can create two menu entries, one for each partition: Give them
different names - like this -  menuentry "Windows msdos1"





PS:  What is supposed to happen ?  Where and When am I to make the choice to
boot the win10  vs Qubes .


When you start the machine you will see the grub menu - It should
contain a menu (obviously) with entries for Qubes, and the two entries
you have just created.
You can press up and down keys to move up and down the entries -
Pressing enter will try to boot with the highlighted entry.
(There are instructions under the menu)



And when one does :

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Should one be seeing something lie  'found windows .img" image  or  does 
it matter ?


I'm seeing nothing when I run grub2-mkconfig  and also nothing

with any of my entries  at boot  using  both  suggested  versions  of 
the 'entry/stanza's'   in /etc/grub.d/40_custom



I'm sort of doubting its supposed to be  /etc/grub.d/40_custom,   with 
the  comma  at the end, and the docs  have a typo ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f0e91e5-c082-0333-0c1b-2585faa7efe7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-01 Thread yreb-qusw

On 07/01/2017 12:10 PM, Unman wrote:

Nothing will go wrong if you get the partition specification wrong -
Windows wont boot and you will see an error message.
From what you have said you have two options: msdos1 and msdos2.
In grub partitions are numbered starting from 1, so these can be
referenced as hd0,msdos1 and hd0,msdos2.
Just create two entries, one for each partition, and try to boot: if
the first fails, reboot and choose the second.



again fwiw this is what the
https://www.qubes-os.org/doc/multiboot/
says:

-
In blkid output, the system partition is the one with LABEL=’SYSTEM 
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)

Then update the grub config:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

There is no need to reinstall grub itself.

If the above stanza does not work, you may try this one (at your own 
risk!) instead:


menuentry "Windows" {
insmod part_msdos
insmod ntfs
set root='(hd0,msdosX)'
chainloader +1
}

(Change X to reflect the relevant system partition.)
--



see the part  "at your own risk!" ..hence, I'm cautious

as for "making two entries"


I'd be happy to  if I had a clue  what that means   like  what ?



menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd0,msdos1)/bootmgr
}


menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,1)/bootmgr
}



Again, lets say it might be hd0  it might be hd1  , it might be 
partition msdos1 msdos2   or ? should it just be labeled  1  or  2


then I would put in 4 entries or reboot and just keep guessing on the format




PS:  What is supposed to happen ?  Where and When am I to make the 
choice to boot the win10  vs Qubes .





I have been waiting over a week,  I don't 'expect' an answer  I am 
already  trying  different   stanza entries  so far  no   success


PPS: I've "cc'd the list"

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/586fdc5c-5a76-3dad-c8e8-2b15ac319da4%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-01 Thread yreb-qusw

On 07/01/2017 12:10 PM, Unman wrote:

and looking for "efi" entries - 'dmesg|grep efi'
Also,look in /sys/firmware for efi directory. If it's there then you
booted UEFI.



fwiw, neither of these indicates  EFI  boot

so, are you saying Legacy boot  might fix something ?

frankly, I am not even sure what behaviour to expect,  if I did get 
grub2  with the right boot partition 



Would I see something when I boot in Grub  that gives me a choice to 
boot win10  or  Qubes,  is there a choice that pops up in Grub


or ?


I'm sure this all makes sense to long term linux sysadmins...


eg I also noticed  with I do  qvm-shutdown --all  it seems to shutdown 
dom0  and freeze the computer


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa31eaa2-e611-05f5-d38d-c0b0aaf7eb0a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-01 Thread yreb-qusw

On 07/01/2017 12:10 PM, Unman wrote:

On Sat, Jul 01, 2017 at 10:05:36AM -1000, yreb-qusw wrote:

On 06/28/2017 04:03 PM, cooloutac wrote:

so you would put hd0,X  X= 1 2  or 3 etc...  you said it was 200mb right so 
just look for something around that in kb's.  probably the smallest partition 
it should say file type too no?  ntfs.



actualy this is from the qubes doc's  not me


--
Identify the Windows system partition that has /bootmgr

In blkid output, the system partition is the one with LABEL=’SYSTEM
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size
--


ntldr (hd0,msdos2)/bootmgr   ?

or

ntldr (hd0,2)/bootmgr  ?


I would think it would be  the 1st partitions when it comes to booting.


Is it possible my boot partition for win10   got  overwritten  when
installing  Qubes somehow ?



Maybe I should give up  ,  as  by the slow/no responses,  it seems there is
no way to get support for this



As far as I can see a number of people have tried to help you here
You should read the guidelines at www.qubes-os.org/mailing-lists and
be patient.
Also, a two minute search on the net would bring you to guides that
would enable you to learn something about grub and maybe solve the problem for
yourself.

On the specific points:
I doubt that your Win10 boot partition got overwritten , unless you
asked the installer to do so.
It is possible to run Windows without a SYSTEM partition, particularly if
installed in BIOS mode - it is, however, not standard.
fdisk -l shows you which partition has been marked as bootable - this
need not be the partition you want. It need not be the first partition.
Nothing will go wrong if you get the partition specification wrong -
Windows wont boot and you will see an error message.
From what you have said you have two options: msdos1 and msdos2.
In grub partitions are numbered starting from 1, so these can be
referenced as hd0,msdos1 and hd0,msdos2.
Just create two entries, one for each partition, and try to boot: if
the first fails, reboot and choose the second.

Incidentally, its relatively simple to enable legacy boot on InsydeH20 -
again, a simple search would show you how.
Unless someone did this for you it's most likely that you are in UEFI
mode. You can check this in Linux by looking at the output from dmesg,
and looking for "efi" entries - 'dmesg|grep efi'
Also,look in /sys/firmware for efi directory. If it's there then you
booted UEFI.
The partition layout you have described doesn't seem to be standard for
Windows under UEFI.

It isn't clear if you read the documentation before installing Qubes, or
if you have a back up or cloned disk. If you didn't I would do it now
before trying anything else. You can attach the NTFS partitions to a qube
and copy the data off, or clone the whole partition.

Good luck.

I appreciate your  replies,  I'm not a sysadmin,  enabled  legacy boot , 
i only vaguely understand  that that is requird for Qubes, anyway, i've 
got qubes installed,  it's just acting  different  than on my desktop 
version is,


I don't expect any replies, just hoping for more than 1 or 2  , hence I 
asked about the IRC,  but I'm guessing that isn't well attended  also


forgive me , for asking , it really isn't "a two minute" search it is 
that Grub and such are complicated for  non sysadmin  people



just for the record, I would think Qubes might like to have  normal non 
sysadmin  people  able to use the OS,  so my questions to the list, my 
serve those people,


The format of post and wait days or never for a reply  may  not be ideal 
 for anything  complicated  IMHO


anyway, thanks for listening

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/db6942e9-4094-dbd4-d955-ffa098e2ea28%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-01 Thread yreb-qusw

On 06/28/2017 04:03 PM, cooloutac wrote:

so you would put hd0,X  X= 1 2  or 3 etc...  you said it was 200mb right so 
just look for something around that in kb's.  probably the smallest partition 
it should say file type too no?  ntfs.


actually in the docs maybe instead they should recommmend

sudo fdisk -l

cause that Does show the boot partition /dev/sda2

however I'm left still not knowing how to write the 'stanza'


--
menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

--
https://www.qubes-os.org/doc/multiboot/





eg   in my case ?

ntldr (hd1,2)/bootmgr   ?  or

ntldr (hd0,2)/bootmgr


etc




sigh

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1fa64476-f887-290c-6873-f4d67123c9b3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-07-01 Thread yreb-qusw

On 06/28/2017 04:03 PM, cooloutac wrote:

so you would put hd0,X  X= 1 2  or 3 etc...  you said it was 200mb right so 
just look for something around that in kb's.  probably the smallest partition 
it should say file type too no?  ntfs.



actualy this is from the qubes doc's  not me


--
Identify the Windows system partition that has /bootmgr

In blkid output, the system partition is the one with LABEL=’SYSTEM
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size
--


ntldr (hd0,msdos2)/bootmgr   ?

or

ntldr (hd0,2)/bootmgr  ?


I would think it would be  the 1st partitions when it comes to booting.


Is it possible my boot partition for win10   got  overwritten  when 
installing  Qubes somehow ?




Maybe I should give up  ,  as  by the slow/no responses,  it seems there 
is no way to get support for this



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7fa47e67-87d4-7fb2-55e9-2642d53e97e1%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-30 Thread yreb-qusw

On 06/28/2017 04:03 PM, cooloutac wrote:

so you would put hd0,X  X= 1 2  or 3 etc...  you said it was 200mb right so 
just look for something around that in kb's.  probably the smallest partition 
it should say file type too no?  ntfs.



In general,  what would happen  if I guessed wrong  with the   1, 2,  3 
etc



It should be file type NTFS  not ext3 ??

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9eb0c954-989f-b248-fa8e-9d99b72e4504%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-29 Thread yreb-qusw

On 06/28/2017 05:17 PM, yreb-qusw wrote:

On 06/28/2017 04:03 PM, cooloutac wrote:

so you would put hd0,X  X= 1 2  or 3 etc...  you said it was 200mb
right so just look for something around that in kb's.  probably the
smallest partition it should say file type too no?  ntfs.


well since I haven't a clue which one it may be, I suspect I will ruin
both systems  qubes and win10

msdos3 seems to be the smallest, would the boot partition be on msdos3 ?
doesn't seem right, I thought boot partitions were usually the 1st
partition,  it also says it is NOT NTFS  it is ext3

should fdisk not work  at the  grub>  prompt ?



Whoops I forgot to "cc the list"  in the off chance, I could get some 
more support.



Is there any other place for support  maybe on one of the IRC channels, 
do folks really  ask and answer timely questions there ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c90bedb4-e8ee-870d-c751-b6ae16b84a21%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-28 Thread yreb-qusw

On 06/26/2017 05:11 PM, cooloutac wrote:

On Monday, June 26, 2017 at 2:21:02 PM UTC-4, yreb-qusw wrote:

On 06/25/2017 06:16 AM, yreb-qusw wrote:

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?

thx


What you want to do is install Windows first and then install Qubes,
you want to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/



thanks, so if I got Qubes installed and up and running, does this mean
my Bios is in "legacy mode" already? As I don't really see an option in
the INSYDEH20   Bios  to  enable  Legacy mode.

re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?


FURTHER,

re:
--


Identify the Windows system partition that has /bootmgr

In blkid output, the system partition is the one with LABEL=’SYSTEM
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size
--

I seem not such partition, what I do see is :
/dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs"  PARTUUID="bdefoo-01"

nothing  with  a  LABEL='SYSTEM'  not "SYSTEM"  :)


run fdisk from grub and try to identify it there.  which will also be labeled 
in same format you need I believe.



OK, so, I pressed 'e'  during boot -grub  and got to  grub>   when  I 
type fdisk  I get  'error: can't find the command 'fdisk'


however if I type  ls  I see
Device hd0: No known filesystem detected - Sector Size 512B -Total size 
244198584Kib  THEN:


4 Partitions  all labeled hd0,   after hd0  they are  hd0,msdos1  msdos2 
msdos 3 msdos5


the 'Data' one is msdos1  409600KiB that I guess is the same 'Data' 
partition


msdos2 has filesystem ntfs 185764864KiB

msdos3 is filesystem ext* size 512000KiB

msdos5 says no known filesystem
IIRC:  Win10  has like a recovery partition ?



Based on the above  what would be my best chance-guess to try the grub 
'stanza' ?


ntldr (hd0,msdos2)/bootmgr   ?

or

ntldr (hd0,2)/bootmgr  ?


Thanks in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/249f22ee-a4e2-dee1-f188-92171a20262b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-26 Thread yreb-qusw

On 06/26/2017 05:11 PM, cooloutac wrote:

On Monday, June 26, 2017 at 2:21:02 PM UTC-4, yreb-qusw wrote:

On 06/25/2017 06:16 AM, yreb-qusw wrote:

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?

thx


What you want to do is install Windows first and then install Qubes,
you want to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/



thanks, so if I got Qubes installed and up and running, does this mean
my Bios is in "legacy mode" already? As I don't really see an option in
the INSYDEH20   Bios  to  enable  Legacy mode.

re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?


FURTHER,

re:
--


Identify the Windows system partition that has /bootmgr

In blkid output, the system partition is the one with LABEL=’SYSTEM
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size
--

I seem not such partition, what I do see is :
/dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs"  PARTUUID="bdefoo-01"

nothing  with  a  LABEL='SYSTEM'  not "SYSTEM"  :)


run fdisk from grub and try to identify it there.  which will also be labeled 
in same format you need I believe.



thx, and for that matter, how do I get to command line  in  grub ?  tab? 
esc ?


sorry if this is basic

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c5240e75-754e-af7a-f23e-8cfeeb0afc26%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-26 Thread yreb-qusw

On 06/26/2017 05:11 PM, cooloutac wrote:

On Monday, June 26, 2017 at 2:21:02 PM UTC-4, yreb-qusw wrote:

On 06/25/2017 06:16 AM, yreb-qusw wrote:

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?

thx


What you want to do is install Windows first and then install Qubes,
you want to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/



thanks, so if I got Qubes installed and up and running, does this mean
my Bios is in "legacy mode" already? As I don't really see an option in
the INSYDEH20   Bios  to  enable  Legacy mode.

re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?


FURTHER,

re:
--


Identify the Windows system partition that has /bootmgr

In blkid output, the system partition is the one with LABEL=’SYSTEM
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size
--

I seem not such partition, what I do see is :
/dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs"  PARTUUID="bdefoo-01"

nothing  with  a  LABEL='SYSTEM'  not "SYSTEM"  :)


run fdisk from grub and try to identify it there.  which will also be labeled 
in same format you need I believe.



Should I have a file named  40_custom   in  grub.d dir  ?   there are No 
files in that dir.


Happen to have an example of the

>>>  ntldr (hd1,X)/bootmgr
>>> }
>>>
>>> (Change X to reflect the relevant system partition.)

suggestion?  I really dont want to input the wrong  'stanza'

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3a7aa45-124a-f12c-90ad-df8bbf311cbe%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-26 Thread yreb-qusw

On 06/25/2017 06:16 AM, yreb-qusw wrote:

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?

thx


What you want to do is install Windows first and then install Qubes,
you want to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/



thanks, so if I got Qubes installed and up and running, does this mean
my Bios is in "legacy mode" already? As I don't really see an option in
the INSYDEH20   Bios  to  enable  Legacy mode.

re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?


FURTHER,

re:
--


Identify the Windows system partition that has /bootmgr

In blkid output, the system partition is the one with LABEL=’SYSTEM 
RESERVED’ or LABEL=’SYSTEM’ and is only about 100 to 200 MB in size

--

I seem not such partition, what I do see is :
/dev/sda1: LABEL="DATA" UUID=" foo " TYPE="ntfs"  PARTUUID="bdefoo-01"

nothing  with  a  LABEL='SYSTEM'  not "SYSTEM"  :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da22064e-9394-4ba9-e6c3-76d2863eb50e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-26 Thread yreb-qusw

On 06/25/2017 06:16 AM, yreb-qusw wrote:

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?



What you want to do is install Windows first and then install Qubes,
you want to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/




1)

thanks, so if I got Qubes installed and up and running, does this mean
my Bios is in "legacy mode" already? As I don't really see an option in
the INSYDEH20   Bios  to  enable  Legacy mode.

2)


re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?

3)

ya, sorry again, but I have no file  "40_custom,"

am I supposed to create that file in /etc/grub.d ?   (I have no files at 
all in grub.d  as dom0



as
"40_custom"  ? without the comma ? :)

seems a strange filename

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98974675-cb9d-b924-dc1f-57d5d176c230%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-26 Thread yreb-qusw

On 06/25/2017 06:16 AM, yreb-qusw wrote:

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?

thx


What you want to do is install Windows first and then install Qubes,
you want to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/



thanks, so if I got Qubes installed and up and running, does this mean
my Bios is in "legacy mode" already? As I don't really see an option in
the INSYDEH20   Bios  to  enable  Legacy mode.

re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?


.maybe is should be sda1  ?

eg
menuentry "Windows" {
  insmod part_msdos
  insmod ntldr
  insmod ntfs
  ntldr (sda,1)/bootmgr
}

??

withthe parentheses?

really prefer not to make a bad thing worst ... :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d23b04f-752c-9fba-757d-02ed52a0f5b0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Laptop Dual Win10 boot problem

2017-06-25 Thread yreb-qusw

On 06/24/2017 11:52 PM, Alchemist wrote:

On Saturday, June 24, 2017 at 7:09:32 PM UTC-7, yreb-qusw wrote:

Hello, so I have win10  on the 1st 2 partitions of my SSD, and install
Qubes 3.2 onto the empty partition/s  after the win10 installation.

However, looking in my InsydeH20 BIOS, I am given no option to select a
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.

Perhaps my mistake for thinking the laptop BIOS might function the way
the ASrock BIOS, does, which does give me a choice.

So, Now the "notebook" option just boots Qubes,Can I still boot
Win10 on the other , 1st, partitions?

if so, how ?

thx


What you want to do is install Windows first and then install Qubes, you want 
to edit GRUB so you can boot Windows from GRUB.

https://www.qubes-os.org/doc/multiboot/



thanks, so if I got Qubes installed and up and running, does this mean 
my Bios is in "legacy mode" already? As I don't really see an option in 
the INSYDEH20   Bios  to  enable  Legacy mode.


re:
--


Add this stanza to /etc/grub.d/40_custom,

menuentry "Windows" {
 insmod part_msdos
 insmod ntldr
 insmod ntfs
 ntldr (hd1,X)/bootmgr
}

(Change X to reflect the relevant system partition.)
--

What would be an example  of  what  goes in "X"   ?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/221277a8-c542-38b1-b168-ef362e517076%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] getting win7 VM working licenses etc

2017-06-25 Thread yreb-qusw

On 06/25/2017 04:07 AM, Unman wrote:

On Sat, Jun 24, 2017 at 04:51:36PM -1000, yreb-qusw wrote:

forgive me , if this seems off topic.  but, somehow I need to have a working
version of windows that doesn't require me to reboot preferably. And i've
been looking around, for this answer , but maybe someone else here might
know:

I have a windows 7 license that came preinstalled on an old desktop, I then
used that license on a laptop reinstall,  for win7,  I then upgraded and
have been using win10  on the laptop,  is the original win7 license likely
now invalid?  as it was upgraded to win10  which uses a different system?

Because I guess I need win7  to use in a Qubes  VM ;   and further,  the
win10  is still installed on the 1st partitions of the laptop, though I am
at a loss how to boot it,   as you can see in my other post.

If I can't dual boot the win10  with Qubes on this  InsydeH20 Bios   , I may
have to go reinstall win10  and not use Qubes on the laptop , hmmm


In the arcane world of Windows licensing, the Windows7 on your laptop
was almost certainly not licensed, and therefore your Windows10 isnt
either.
Even if it had been licensed properly, it now wouldnt be.

This doesnt mean that you might not be able to install 7 and pass online
licensing.

thx, so what I am afraid of , is say, I "edit GRUB" and do get the win10 
(that was already installed before Qubes)  working correctly,  since the 
win10 upgrade was based on the original win7 license (from an old 
desktop),  then If I were to go and download a win7.iso (which seems to 
require the original code before allowing download),  to install in a 
Qubes VM,  THEN, that would invalidate the currently installed win10  on 
 the other partition,  if you follow ?


I may not be allowed to have win7 in a Qubes VM and win10  on a 
partition on the same laptop  that  trace back  to the same original 
license ?   :)


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ed68b4f3-c0a1-1eed-ffb3-5a42293a39c5%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] getting win7 VM working licenses etc

2017-06-24 Thread yreb-qusw
forgive me , if this seems off topic.  but, somehow I need to have a 
working version of windows that doesn't require me to reboot preferably. 
And i've been looking around, for this answer , but maybe someone else 
here might know:


I have a windows 7 license that came preinstalled on an old desktop, I 
then used that license on a laptop reinstall,  for win7,  I then 
upgraded and have been using win10  on the laptop,  is the original 
win7 license likely now invalid?  as it was upgraded to win10  which 
uses a different system?


Because I guess I need win7  to use in a Qubes  VM ;   and further,  the 
win10  is still installed on the 1st partitions of the laptop, though I 
am at a loss how to boot it,   as you can see in my other post.


If I can't dual boot the win10  with Qubes on this  InsydeH20 Bios   , I 
may have to go reinstall win10  and not use Qubes on the laptop , hmmm


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d491c500-f13d-b9e1-12fc-21bb9530f900%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Laptop Dual Win10 boot problem

2017-06-24 Thread yreb-qusw
Hello, so I have win10  on the 1st 2 partitions of my SSD, and install 
Qubes 3.2 onto the empty partition/s  after the win10 installation.


However, looking in my InsydeH20 BIOS, I am given no option to select a 
win10 vs. Qubes boot.  Only "notebook HD", "USB" etc.


Perhaps my mistake for thinking the laptop BIOS might function the way 
the ASrock BIOS, does, which does give me a choice.


So, Now the "notebook" option just boots Qubes,Can I still boot 
Win10 on the other , 1st, partitions?


if so, how ?

thx

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c86f450-322e-282f-1291-db8f10f86fcd%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?

2017-06-23 Thread yreb-qusw

On 06/23/2017 09:23 AM, Unman wrote:

On Fri, Jun 23, 2017 at 08:21:07AM -1000, yreb-qusw wrote:

On 06/23/2017 05:43 AM, Unman wrote:

On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote:

On 06/21/2017 04:21 PM, cooloutac wrote:

On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote:

Permit me to ask two questions?



1) I was reading this

-
https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c

(Credits: Micah Lee)
What's that “Convert to Trusted PDF” you were talking about?

Let's say you found an interesting document, and let's say that you had
an offline virtual machine specifically dedicated for storing and
opening documents. Of course, you can directly send that document to
that VM, but there could still be a chance that this document is
malicious and may try for instance to delete all of your files (a
behavior that you wouldn't notice in the short-lived DisposableVM). But
you can also convert it into what's called a ‘Trusted PDF’.



You send the

file to a different VM, then you open the file manager, navigate to the
directory of the file, right-click and choose “Convert to Trusted PDF”,
and then send the file back to the VM where you collect your documents.





But what does it exactly do? The “Convert to Trusted PDF” tool creates a
new DisposableVM, puts the file there, and then transform it via a
parser (that runs in the DisposableVM) that basically takes the RGB
value of each pixel and leaves anything else. It's a bit like opening
the PDF in an isolated environment and then ‘screenshoting it’ if you
will. The file obviously gets much bigger, if I recall it transformed
when I tested a 10Mb PDF into a 400Mb one. You can get much more details
on that in this blogpost by security researcher and Qubes OS creator
Joanna Rutkowska.

[https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]

--
Upon reading it on the suggested sequence of opening  random/all PDFs,
maybe , people vary  their sequence.

It sounds like in say my Whonix Anon-appvm  , I d/l  a PDF, is it then
suggested I copy this PDF  to a , what,  PDF dedicated AppVM 1st,
Before doing  a  “Convert to Trusted PDF”  on the PDF file ?

This would add a step to the much faster,  just  “Convert to Trusted
PDF”  from the actual  Anon-Whonix  AppVM


2)
Do folks typically backup  their Template VMs  ?  as I noticed they
aren't set up by default to backup ?

and/or what is the thinking behind backing up various VMs ?  I guess the
ones that have been the most modified eg  the AppVMs ?   I have 1 very
large 20 gigabyte  VM with old videos/pictures on it,  do I  back that
one up ? for example?


you just right click on the file and hit convert to trusted pdf.  i'm nto sure 
what you're asking.


...I separated the sentence out , above,  it clearly says  "you send the
file to a different VM"  THEN convert to a trusted PDF.   What would this
'diferent VM' be?   ?a disposable VM ? or  ?



I think you need to read that post more carefully, although it isn't
altogether clear.
I think the scenario Micah has in mind is that you have downloaded a PDF
in an untrusted network connected qube, and have a trusted isolated qube
for storage.
Instead of converting the PDF in the untrusted machine (who knows what
might have been done to your Qubes tools?), or qvm-copying the untrusted
PDF in to the storage qube, he copies it to another, converts there and
then moves the trusted PDF in to trusted storage.(I think the "copy back"
is just a mistake.) That "other" qube can be anything you choose - a
disposableVM, a dedicated converter..
This is one approach to take - I'd suggest using a disposableVM if you
want to do it. However, it looks like overkill to me, because there's a
suggestion that just having an untrusted PDF in the storage qube
increases the risk. I don't believe this need be so.
Another approach might be to have a mini template for the storage qube,
and open every file in a disposableVM. If you are wedded to GUI file
managers, you could still do this by setting default file handlers to use
qvm-open-in-dvm for pretty much every filetype.

I hope that make things a little clearer

unman


THIS only works for PDF files,  not for  other docs?  I set up my default
disposable VM  as  anon-whonix  ,  and when I go to open  .docx  it tries
to use  Tor Browser .  However,  PDFs open normally in the PDF  application
hmmm



You need to ensure that the dispVMTemplate is configured to properly
deal with docx files.
There was quite a long thread earlier in the year on "How to set file
association in disposable VMs", which is worth looking at. In general,
you should be able to use mimeopen in the dispVMTemplate to set the
association, and provided that you then
'touch /home/user/.qubes-dispvm-customize

Re: [qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?

2017-06-23 Thread yreb-qusw

On 06/23/2017 05:43 AM, Unman wrote:

On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote:

On 06/21/2017 04:21 PM, cooloutac wrote:

On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote:

Permit me to ask two questions?



1) I was reading this

-
https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c

(Credits: Micah Lee)
What's that “Convert to Trusted PDF” you were talking about?

Let's say you found an interesting document, and let's say that you had
an offline virtual machine specifically dedicated for storing and
opening documents. Of course, you can directly send that document to
that VM, but there could still be a chance that this document is
malicious and may try for instance to delete all of your files (a
behavior that you wouldn't notice in the short-lived DisposableVM). But
you can also convert it into what's called a ‘Trusted PDF’.



You send the

file to a different VM, then you open the file manager, navigate to the
directory of the file, right-click and choose “Convert to Trusted PDF”,
and then send the file back to the VM where you collect your documents.





But what does it exactly do? The “Convert to Trusted PDF” tool creates a
new DisposableVM, puts the file there, and then transform it via a
parser (that runs in the DisposableVM) that basically takes the RGB
value of each pixel and leaves anything else. It's a bit like opening
the PDF in an isolated environment and then ‘screenshoting it’ if you
will. The file obviously gets much bigger, if I recall it transformed
when I tested a 10Mb PDF into a 400Mb one. You can get much more details
on that in this blogpost by security researcher and Qubes OS creator
Joanna Rutkowska.

[https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]

--
Upon reading it on the suggested sequence of opening  random/all PDFs,
maybe , people vary  their sequence.

It sounds like in say my Whonix Anon-appvm  , I d/l  a PDF, is it then
suggested I copy this PDF  to a , what,  PDF dedicated AppVM 1st,
Before doing  a  “Convert to Trusted PDF”  on the PDF file ?

This would add a step to the much faster,  just  “Convert to Trusted
PDF”  from the actual  Anon-Whonix  AppVM


2)
Do folks typically backup  their Template VMs  ?  as I noticed they
aren't set up by default to backup ?

and/or what is the thinking behind backing up various VMs ?  I guess the
ones that have been the most modified eg  the AppVMs ?   I have 1 very
large 20 gigabyte  VM with old videos/pictures on it,  do I  back that
one up ? for example?


you just right click on the file and hit convert to trusted pdf.  i'm nto sure 
what you're asking.


...I separated the sentence out , above,  it clearly says  "you send the
file to a different VM"  THEN convert to a trusted PDF.   What would this
'diferent VM' be?   ?a disposable VM ? or  ?



I think you need to read that post more carefully, although it isn't
altogether clear.
I think the scenario Micah has in mind is that you have downloaded a PDF
in an untrusted network connected qube, and have a trusted isolated qube
for storage.
Instead of converting the PDF in the untrusted machine (who knows what
might have been done to your Qubes tools?), or qvm-copying the untrusted
PDF in to the storage qube, he copies it to another, converts there and
then moves the trusted PDF in to trusted storage.(I think the "copy back"
is just a mistake.) That "other" qube can be anything you choose - a
disposableVM, a dedicated converter..
This is one approach to take - I'd suggest using a disposableVM if you
want to do it. However, it looks like overkill to me, because there's a
suggestion that just having an untrusted PDF in the storage qube
increases the risk. I don't believe this need be so.
Another approach might be to have a mini template for the storage qube,
and open every file in a disposableVM. If you are wedded to GUI file
managers, you could still do this by setting default file handlers to use
qvm-open-in-dvm for pretty much every filetype.

I hope that make things a little clearer

unman

THIS only works for PDF files,  not for  other docs?  I set up my 
default disposable VM  as  anon-whonix  ,  and when I go to open  .docx 
 it tries  to use  Tor Browser .  However,  PDFs open normally in the 
PDF  application hmmm


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83abb5b0-c544-7e68-bb62-5a4cb4c15227%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?

2017-06-23 Thread yreb-qusw

On 06/23/2017 05:43 AM, Unman wrote:

On Thu, Jun 22, 2017 at 07:24:56PM -1000, yreb-qusw wrote:

On 06/21/2017 04:21 PM, cooloutac wrote:

On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote:

Permit me to ask two questions?



1) I was reading this

-
https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c

(Credits: Micah Lee)
What's that “Convert to Trusted PDF” you were talking about?

Let's say you found an interesting document, and let's say that you had
an offline virtual machine specifically dedicated for storing and
opening documents. Of course, you can directly send that document to
that VM, but there could still be a chance that this document is
malicious and may try for instance to delete all of your files (a
behavior that you wouldn't notice in the short-lived DisposableVM). But
you can also convert it into what's called a ‘Trusted PDF’.



You send the

file to a different VM, then you open the file manager, navigate to the
directory of the file, right-click and choose “Convert to Trusted PDF”,
and then send the file back to the VM where you collect your documents.





But what does it exactly do? The “Convert to Trusted PDF” tool creates a
new DisposableVM, puts the file there, and then transform it via a
parser (that runs in the DisposableVM) that basically takes the RGB
value of each pixel and leaves anything else. It's a bit like opening
the PDF in an isolated environment and then ‘screenshoting it’ if you
will. The file obviously gets much bigger, if I recall it transformed
when I tested a 10Mb PDF into a 400Mb one. You can get much more details
on that in this blogpost by security researcher and Qubes OS creator
Joanna Rutkowska.

[https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]

--
Upon reading it on the suggested sequence of opening  random/all PDFs,
maybe , people vary  their sequence.

It sounds like in say my Whonix Anon-appvm  , I d/l  a PDF, is it then
suggested I copy this PDF  to a , what,  PDF dedicated AppVM 1st,
Before doing  a  “Convert to Trusted PDF”  on the PDF file ?

This would add a step to the much faster,  just  “Convert to Trusted
PDF”  from the actual  Anon-Whonix  AppVM


2)
Do folks typically backup  their Template VMs  ?  as I noticed they
aren't set up by default to backup ?

and/or what is the thinking behind backing up various VMs ?  I guess the
ones that have been the most modified eg  the AppVMs ?   I have 1 very
large 20 gigabyte  VM with old videos/pictures on it,  do I  back that
one up ? for example?


you just right click on the file and hit convert to trusted pdf.  i'm nto sure 
what you're asking.


...I separated the sentence out , above,  it clearly says  "you send the
file to a different VM"  THEN convert to a trusted PDF.   What would this
'diferent VM' be?   ?a disposable VM ? or  ?



I think you need to read that post more carefully, although it isn't
altogether clear.
I think the scenario Micah has in mind is that you have downloaded a PDF
in an untrusted network connected qube, and have a trusted isolated qube
for storage.
Instead of converting the PDF in the untrusted machine (who knows what
might have been done to your Qubes tools?), or qvm-copying the untrusted
PDF in to the storage qube, he copies it to another, converts there and
then moves the trusted PDF in to trusted storage.(I think the "copy back"
is just a mistake.) That "other" qube can be anything you choose - a
disposableVM, a dedicated converter..
This is one approach to take - I'd suggest using a disposableVM if you
want to do it. However, it looks like overkill to me, because there's a
suggestion that just having an untrusted PDF in the storage qube
increases the risk. I don't believe this need be so.
Another approach might be to have a mini template for the storage qube,
and open every file in a disposableVM. If you are wedded to GUI file
managers, you could still do this by setting default file handlers to use
qvm-open-in-dvm for pretty much every filetype.

I hope that make things a little clearer

unman

Yes, sir, Unman, that is closer to what I was asking.   Sorry, for any 
confusion.


If you look at the original URL, I'm just quoting from  Micah's 
article, as you said, so Unman, you are saying   it probably is fine to 
NOT copy the pdf  to a disposable qube  before doing  the  "converted to 
trusted PDF?"


I guess if one doesn't want to keep the PDF file, there is no reason to 
"convert" it,  one would just  'open in a disposable VM' anyway,  but 
good  opsec  would be to make sure to go back and del  the  PDF that was 
downloaded and opened in the disposable VM,  ?


I wish they could automate this as well, that after opening it in the 
disposable VM the original in th

[qubes-users] Re: “Convert to Trusted PDF” protocol, & Backup VMs, which typically?

2017-06-22 Thread yreb-qusw

On 06/21/2017 04:21 PM, cooloutac wrote:

On Saturday, June 17, 2017 at 5:45:45 PM UTC-4, yreb-qusw wrote:

Permit me to ask two questions?



1) I was reading this

-
https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c

(Credits: Micah Lee)
What's that “Convert to Trusted PDF” you were talking about?

Let's say you found an interesting document, and let's say that you had
an offline virtual machine specifically dedicated for storing and
opening documents. Of course, you can directly send that document to
that VM, but there could still be a chance that this document is
malicious and may try for instance to delete all of your files (a
behavior that you wouldn't notice in the short-lived DisposableVM). But
you can also convert it into what's called a ‘Trusted PDF’.



You send the

file to a different VM, then you open the file manager, navigate to the
directory of the file, right-click and choose “Convert to Trusted PDF”,
and then send the file back to the VM where you collect your documents.





But what does it exactly do? The “Convert to Trusted PDF” tool creates a
new DisposableVM, puts the file there, and then transform it via a
parser (that runs in the DisposableVM) that basically takes the RGB
value of each pixel and leaves anything else. It's a bit like opening
the PDF in an isolated environment and then ‘screenshoting it’ if you
will. The file obviously gets much bigger, if I recall it transformed
when I tested a 10Mb PDF into a 400Mb one. You can get much more details
on that in this blogpost by security researcher and Qubes OS creator
Joanna Rutkowska.

[https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]

--
Upon reading it on the suggested sequence of opening  random/all PDFs,
maybe , people vary  their sequence.

It sounds like in say my Whonix Anon-appvm  , I d/l  a PDF, is it then
suggested I copy this PDF  to a , what,  PDF dedicated AppVM 1st,
Before doing  a  “Convert to Trusted PDF”  on the PDF file ?

This would add a step to the much faster,  just  “Convert to Trusted
PDF”  from the actual  Anon-Whonix  AppVM


2)
Do folks typically backup  their Template VMs  ?  as I noticed they
aren't set up by default to backup ?

and/or what is the thinking behind backing up various VMs ?  I guess the
ones that have been the most modified eg  the AppVMs ?   I have 1 very
large 20 gigabyte  VM with old videos/pictures on it,  do I  back that
one up ? for example?


you just right click on the file and hit convert to trusted pdf.  i'm nto sure 
what you're asking.


...I separated the sentence out , above,  it clearly says  "you send 
the file to a different VM"  THEN convert to a trusted PDF.   What would 
this 'diferent VM' be?   ?a disposable VM ? or  ?




when it comes to backing up template vms.  I only backup my cloned vms.  I 
clone vms from the defaults if I'm gonna install custom configs in them.  also 
so it has a diff name then default vms for less chance of issues when restoring.

and of course you back up your videos and pictures, are you being serious? lol. 
 thats what most people backup.  and deeper thought is what if they all have 
viruses and everytime you open one up you infect your system.

So that leads to another thought that well if you are willing to reinstall all 
your programs and configs from scratch on a default template, mabe you'd be 
better off.  But backing them up and restoring them is for convenience.


...ya, like many people perhaps,  though, I used Qubes 90% of the 
time, my old files/photos, are also on laptop, google photos, removable 
large hard drive, windows 10 dual boot HD, etc,  yes, they are on Qubes, 
but take up a huge amount of space, HENCE, backing them up would be a 
bit of a pain for the time it takes.


..you clone AppVMs you mean then back them up ; I really can't 
follow what your saying about  your backups in sum, thanks






--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d85a9bc5-3cb2-259b-4834-fb2626209a8e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] EFI_MEMMAP is not enabled

2017-06-19 Thread yreb-qusw

EFI_MEMMAP is not enabled


I get this during boot, sometimes it stops there, and I have to cold 
reboot, most times, it just continues.


I am sorry, I've asked a few times before , but as of yet, I'm not sure 
I've gotten any clear answer  what if anything   can be / should be done 
about it


The 2nd line is something about
ESRD  or so


I did go into the bios and change the GPU memory from "auto"  to "1024" 
but this didn't make any change   thx


FWIW, these 2 lines of messages, Also  popup  between  /after entering 
the disk password,  and before the user password  entry



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fdec9567-f5a8-76e5-a98f-30de2eb07dd7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] “Convert to Trusted PDF” protocol, & Backup VMs, which typically?

2017-06-17 Thread yreb-qusw

Permit me to ask two questions?



1) I was reading this

-
https://security.stackexchange.com/questions/151300/what-is-the-safest-way-to-deal-with-loads-of-incoming-pdf-files-some-of-which-c

(Credits: Micah Lee)
What's that “Convert to Trusted PDF” you were talking about?

Let's say you found an interesting document, and let's say that you had 
an offline virtual machine specifically dedicated for storing and 
opening documents. Of course, you can directly send that document to 
that VM, but there could still be a chance that this document is 
malicious and may try for instance to delete all of your files (a 
behavior that you wouldn't notice in the short-lived DisposableVM). But 
you can also convert it into what's called a ‘Trusted PDF’. You send the 
file to a different VM, then you open the file manager, navigate to the 
directory of the file, right-click and choose “Convert to Trusted PDF”, 
and then send the file back to the VM where you collect your documents. 
But what does it exactly do? The “Convert to Trusted PDF” tool creates a 
new DisposableVM, puts the file there, and then transform it via a 
parser (that runs in the DisposableVM) that basically takes the RGB 
value of each pixel and leaves anything else. It's a bit like opening 
the PDF in an isolated environment and then ‘screenshoting it’ if you 
will. The file obviously gets much bigger, if I recall it transformed 
when I tested a 10Mb PDF into a 400Mb one. You can get much more details 
on that in this blogpost by security researcher and Qubes OS creator 
Joanna Rutkowska.


[https://theinvisiblethings.blogspot.nl/2013/02/converting-untrusted-pdfs-into-trusted.html]

--
Upon reading it on the suggested sequence of opening  random/all PDFs, 
maybe , people vary  their sequence.


It sounds like in say my Whonix Anon-appvm  , I d/l  a PDF, is it then 
suggested I copy this PDF  to a , what,  PDF dedicated AppVM 1st, 
Before doing  a  “Convert to Trusted PDF”  on the PDF file ?


This would add a step to the much faster,  just  “Convert to Trusted 
PDF”  from the actual  Anon-Whonix  AppVM



2)
Do folks typically backup  their Template VMs  ?  as I noticed they 
aren't set up by default to backup ?


and/or what is the thinking behind backing up various VMs ?  I guess the 
ones that have been the most modified eg  the AppVMs ?   I have 1 very 
large 20 gigabyte  VM with old videos/pictures on it,  do I  back that 
one up ? for example?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d7631b1-9885-ec62-abe9-4ee4c20f82a6%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora updates in small sessions, and I must reboot my VMs

2017-06-10 Thread yreb-qusw

On 06/10/2017 11:52 AM, Foppe de Haan wrote:

On Saturday, June 10, 2017 at 11:33:24 PM UTC+2, yreb-qusw wrote:

Is there some special reason, why Fedora updates 10 times a week, it's
kind of a pain to manual reboot 10 AppVMs  just for some tiny update,
yes, I could just not update the AppVMs , or wait and not update Fed24
when it suggest I do but.


You do know that you don't *have* to reboot them every time you update the 
template, right? :)

Sure thats what I said, but who knows maybe one of these crazy packages 
is related to security or something,  that or I don't like seeing the 
little green circles  :)


thanks for replying

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e365d5fa-bb01-62f5-5167-bb6737c5012a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Fedora updates in small sessions, and I must reboot my VMs

2017-06-10 Thread yreb-qusw
Is there some special reason, why Fedora updates 10 times a week, it's 
kind of a pain to manual reboot 10 AppVMs  just for some tiny update, 
yes, I could just not update the AppVMs , or wait and not update Fed24 
when it suggest I do but.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8a3a5353-f531-1584-d03d-d3549c8e51a0%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] has anyone got U2F keys working in Fed24 Template or so?

2017-06-10 Thread yreb-qusw

I found the instructions on yubikeys site,
however when I went and changed  rules.d
my system basic froze, and I had to hard reboot, was considered I may 
have totally broke Qubes, but was able to remove the rules.d reference, 
but I see no other instructions to do this:


https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules
https://forum.yubico.com/viewtopic.php?f=26&t=1535


Pardon me, if I'm off-topic   :|

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d978c289-e03c-64df-5763-e475c7ee9762%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Suggestion on VPN Docs Qubes instructions

2017-06-10 Thread yreb-qusw

In this section:

Set up a ProxyVM as a VPN gateway using iptables and CLI scripts

Where it says this:



Set up and test the VPN client.

Make sure the VPN VM and its template VM are not running.

Run a terminal (CLI) in the VPN VM  this will start the VM. Then make a 
new ‘vpn’ folder with sudo mkdir /rw/config/vpn and copy your VPN config 
files here (the example config filename used here is 
openvpn-client.ovpn). Files accompanying the main config such as *.crt 
and *.pem should also go here, and should not be referenced in the main 
config by absolute paths such as ‘/etc/…’.


Notes about VPN config options: The VPN scripts here are intended to 
work with commonly used tun interfaces, whereas tap mode is untested. 
Also, the config should route all traffic through your VPN’s interface 
after a connection is created; For openvpn the directive for this is 
redirect-gateway def1.






Lastly, the VPN client may not be able to prompt you for credentials 
when connecting to the server: Creating a file in the ‘vpn’ folder with 
your credentials and using a directive such as openvpn’s auth-user-pass 
 is recommended.



It seems like this file needs to be changed to  be read-only, for the 
appropriate ownershipbased on the complaints that pop up, when 
testing   in the terminal before  one doesn't notice it later, when not 
using the terminal to start the openvpn --config


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9f8e601e-29b1-635e-1b5e-b65401a332e3%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] efi: EFI_MEMMAP is not enabled.

2017-06-09 Thread yreb-qusw
I'm guessing this may not be only a Qubes thing, but it is during every 
Qubes boot.


But, are these two references during boot normal, I did do some 
searching but didn't find an answer..



efi: EFI_MEMMAP is not enabled.
esrt: ESRT header is not in the

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7ec12ec1-dbea-e57f-b1f3-c63f86f4f4e7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: updated to fedora 24, deleted Template for 23 , however menus remain

2017-06-07 Thread yreb-qusw

On 06/07/2017 04:29 PM, cooloutac wrote:

On Wednesday, June 7, 2017 at 9:59:25 PM UTC-4, yreb-qusw wrote:

went thru this
https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/

upgrade all the defaults

however I'm still seeing the Fedora 23  Template Domain in the
Applications menu pull downs 


https://www.qubes-os.org/doc/remove-vm-manually/

step 4 is prolly all you need but check them all.

ah so,  that seems to have worked ; seems like it might be an idea to 
add it to the end of   the   upgrade  F23->24  page   .. :)


cc: 'thelist'

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e6417d0-c904-9869-7300-eed08356e309%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] updated to fedora 24, deleted Template for 23 , however menus remain

2017-06-07 Thread yreb-qusw

went thru this
https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/

upgrade all the defaults

however I'm still seeing the Fedora 23  Template Domain in the 
Applications menu pull downs 


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/67d984f3-d76e-b2c3-70db-1e5228b1e225%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] VM refused to give back memory in dom0 ?

2017-06-07 Thread yreb-qusw

This is just a random thing, no need to reboot the VM when I see this ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc89d993-caf9-575d-dd78-c3ad95bced7e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Basics: if I'm in an AppVM and I do PrintScreen, and Save ....

2017-06-03 Thread yreb-qusw

for cropping use Shotwell.

also, it is not advised to move screengrabs or any jpegs to dom0 , 
you'll just have to live with whatever screengrabs you take with 
printscreen in dom0  without cropping them


seems like what the docs might say , as I noticed wallpapers is listed 
as one of the few reasons to move anything to dom0


too bad the default desktop images selection then, is so small IMHO  :P

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f9c851c-0b07-d074-de24-69520ab6776b%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Basics: if I'm in an AppVM and I do PrintScreen, and Save ....

2017-06-02 Thread yreb-qusw
and what is the preferred image manipulator in fed24?   all I want to do 
is crop the screenshot,  but so far I don't see anything in the list of 
applications for fed24  out of the box.


i don't mind installing something in the template for fed24

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/025f7c50-ac6f-a84c-bbb8-0dd568573240%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Basics: if I'm in an AppVM and I do PrintScreen, and Save ....

2017-06-02 Thread yreb-qusw




though I do see 1  Screenshot.png
-
If I go to XFCE desktop settings-> Desktop (background tab) -> folder ->
other ->  everything is greyed out  , so though I see  Desktop ->
Screenshot.png

I am unable to use it

I would deduct that Term in dom0  is  "Desktop"  FWIW anyway


Please keep the list cced.

In the terminal just 'cd' to get to your home directory then cd
Pictures. 'pwd' will show you the current directory name.

In the Settings tool, everything is greyed because the filetype selector
is set to "Image files."
Just navigate to the Folder you want using the buttons at the top,
and/or type in a Folder in "Location" bar. Click on "Open" and the
"background" tab will then show you the contents of that Folder, and
you can select the one you want for your background.

unman



hmm, so if I use the AppVM utility screenshot  is that going to save 
to the AppVM  files?  or  dom0 , maybe that what I should have been 
doing,  and then if I want it as a background  move it to dom0 ?


...I did say 'basic' , so, can I get random photos slideshow of my own 
photos in dom0   by putting them where ?   in "images",  where the other 
stock  backgrounds are?


..if so,  where is this  dir  'images'  , I'll look again but  

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d3c84ef-a311-5984-706b-514f8e0c3f94%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Basics: if I'm in an AppVM and I do PrintScreen, and Save ....

2017-06-01 Thread yreb-qusw

It then goes to main_qube_username/Pictures

However in a Terminal I don't see any hierachy like that, nor how to 
allow something like  the desktop background  utility to use  what I've 
grabbed.


I understand that dom0 is not supposed to have a filestructure , but 
where or how to interact with things that  appear to be confined to dom0?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e0c5356-edc1-a64d-d88a-0b09eb84fd0c%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Debian 9 and Fedora 24 Should I be upgrading to these?

2017-05-23 Thread yreb-qusw

addendum, I think this one is sorted, so   marked *solved   i guess  :)

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/518f3b70-9d63-88c1-1150-e3ada348a964%40riseup.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: error starting VM : invalid argument: network device with mac 00:16:00:00:00:00 already exists when starting sys-whonix

2017-05-23 Thread yreb-qusw
I should add this is intermittent, and I detect no loss of function, so 
maybe I just  close my eyes,  and let it go ?


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eafd18d7-639f-d2cf-e437-ac87c8155ac7%40riseup.net.
For more options, visit https://groups.google.com/d/optout.