[qubes-users] Isn't it bad, that compromized vm can create any number of dispVMs?

2016-08-25 Thread Arqwer
Command qvm-run '$dispvm' xterm if called from an appVM will run xterm in a new dispVM. If attacker gained access to an appvm, he possibly can run script, that will create thousands of new dispVMs and freeze my computer. I don't like this. May be it's better to disable this functionality by

Re: [qubes-users] Isn't it bad, that compromized vm can create any number of dispVMs?

2016-08-25 Thread Alex
On 08/25/2016 12:53 PM, Arqwer wrote: > Command qvm-run '$dispvm' xterm if called from an appVM will run > xterm in a new dispVM. If attacker gained access to an appvm, he > possibly can run script, that will create thousands of new dispVMs > and freeze my computer. I don't like this. May be it's

[qubes-users] R3.2 rc2 blank screen - screenlock issue?

2016-08-25 Thread richard . f . gould
Problem description: After using the system all day (including unlocking and unlocking the screen just fine) and then leaving it overnight I come back to a blank screen. Doing a Ctrl-Alt-F2 gives me a command prompt but I can't get X to respond (with Ctrl-Alt-F1). After a reboot all is

Re: [qubes-users] R3.2 rc2 blank screen - screenlock issue?

2016-08-25 Thread Desobediente
I have the same issue using 3.1 since it launched, never bothered to find out why, nor filed anything in the issue tracker, I just turn the computer off and on again. My screen blacks out, I can move the mouse and see the cursor moving in the screen, keyboards do not respond at all. If there's

[qubes-users] Re: Building Archlinux Template Error

2016-08-25 Thread richard . gold
On Wednesday, August 24, 2016 at 3:15:09 PM UTC+1, Foppe de Haan wrote: > On Wednesday, August 24, 2016 at 4:14:12 PM UTC+2, Foppe de Haan wrote: > > On Thursday, August 18, 2016 at 6:40:42 PM UTC+2, Jovan Miloskovski wrote: > > > Hi, > > > I'm really learning all of this template building stuff

[qubes-users] Custom initramfs

2016-08-25 Thread Raphael Susewind
Dear all, how can I create a custom initramfs for dom0, using the current one as template? I was hoping for something like initramfs-tools in Debian... The aim is to include yubikey-luks in the FDE unlocking: https://github.com/cornelinux/yubikey-luks There might be other usecases, too -

[qubes-users] Re: R3.2 rc2 blank screen - screenlock issue?

2016-08-25 Thread richard . f . gould
@ Desobediente Yes I know it's seems trivial but I'm rolling it out to relatively inexperienced users and it never happened on any of my machines running R2, R3.0 or R3.1 (all on KDE). -- Richard -- You received this message because you are subscribed to the Google Groups "qubes-users"

[qubes-users] Template Updates through http proxy

2016-08-25 Thread John R. Shannon
I have a brand new Qubes OS 3.1 installation. In my network updates must be via a http proxy. Configuring dom0 for updates was easy. How do I configure to allow a template domain to update? -- John R. Shannon j...@johnrshannon.com -- You received this message because you are subscribed to the

Re: [qubes-users] Qubes VM compromised? - Follow up

2016-08-25 Thread Desobediente Civil
On 08/25/2016 01:54 AM, johnyju...@sigaint.org wrote > (Although accepting the password change on a Tor exit, and then refusing > that on a non-Tor https: connection was rather weird. Would they silently > fail a password change? Oh well, I won't stress over it, but will keep a > close eye on

Re: [qubes-users] Re: R3.2 rc2 blank screen - screenlock issue?

2016-08-25 Thread Desobediente Civil
I'm not minimizing the importance of this. On the contrary, I'm acknowledging it as a problem and adding my experience to that -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send

Re: [qubes-users] Qubes VM compromised?

2016-08-25 Thread Desobediente Civil
On 08/23/2016 07:25 PM, Chris Laprise wrote: > What threat model does this fit? If a skilled attacker tricks you into > thinking you created an account at sigaint, but you later cannot use > it... what is the advantage of that? The possible gain seems to be > little or nothing. Well, (s)he has

Re: [qubes-users] Node.js global modules

2016-08-25 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-24 18:17, angelo "angico" costa wrote: > Hi, all! > > I'm using Qubes 3.1 and I'm new with all this compartimented system idea. > > I use Node.js for my work and study, and several of its modules should to be > installed globally. My

[qubes-users] Anonymizing MAC adress through dvm ?

2016-08-25 Thread nishiwaka46
Hello everyone, I was just wondering if you can apply this documentation https://www.qubes-os.org/doc/anonymizing-your-mac-address/ to your disposable VM (like if you like to browse the internet being safe, not saving any data but also preserving your anonymity, in a way like Tails do). I

Re: [qubes-users] Qubes VM compromised? - Follow up

2016-08-25 Thread johnyjukya
> I am too paranoid for using tails other than the reccomended method (two > usb drives updating each other - I have two pairs of three). No aware of the two drive method. Is that just updating to the next version from the previous version, onto another USB drive? While it's a bit slower, I

Re: [qubes-users] Qubes VM compromised?

2016-08-25 Thread johnyjukya
> On 08/23/2016 07:25 PM, Chris Laprise wrote: >> What threat model does this fit? If a skilled attacker tricks you into >> thinking you created an account at sigaint, but you later cannot use >> it... what is the advantage of that? The possible gain seems to be >> little or nothing. > > Well,

Re: [qubes-users] Template Updates through http proxy

2016-08-25 Thread John R. Shannon
I found tinyproxy and it's configuration file tinyproxy-updates.conf. I should be able to add an "Upstream" directive to direct traffic to another proxy. This file is apparently generated and does not survive a reboot. I could not find a configuration file in /rc. Where do I update this file?

[qubes-users] qvm-block by UUID?

2016-08-25 Thread johnyjukya
Most standard Linux utilities that refer to block devices, allow you to specify by uuid as well (mount, cryptsetup are two examples). The documentation for qvm-block is sparse, but probably because it's a striaght-forward utility. There's no support in qvm-block to assign a device to a VM by

[qubes-users] Unnecessary things in dom0/templates?

2016-08-25 Thread arthur . summers
I just updated dom0 and saw a few packages - avahi and openssl - that made me curious as to why they are there. I'm all about having a lean system, so I remove things where and when I can. If there's a reason for these things being there, then that's cool, but since dom0 is network-isolated,

[qubes-users] Error loading PCI Device... Can anyone explain why this is having kittens?

2016-08-25 Thread Drew White
What is going on here? Please help? --- [{username}@dom0 {drive_id}]$ qvm-start TSTester --cdrom=/run/media/{username}/{drive_id}/isos/opsys1/opsys1_2.iso --> Loading the VM (type = HVM)... Traceback (most recent call last): File "/usr/bin/qvm-start", line 131, in main()

Re: [qubes-users] Requirements for Qubes Tools and seamless integration?

2016-08-25 Thread Drew White
On Thursday, 25 August 2016 07:25:20 UTC+10, Andrew David Wong wrote: > These probably aren't what you're looking for, but since you didn't say that > you've already read these documents, and since they're relevant to the topic, > I'll share the links here in case they happen to contain some