[qubes-users] Use YubiKey for Anti-Evil-Maid?

2016-11-12 Thread Eric
Is there any way to use a YubiKey for Anti-Evil-Maid, instead of just a regular USB flash drive? I imagine (though I will be the first to say that I don't know), that the firmware on it is much less resistant to compromise/BadUSB attacks, and since it crypto something something, it seems a

[qubes-users] Re: proper way to autostart script in dom0

2016-11-12 Thread Sec Tester
maybe it needs to be made exacutable.. from the directory of file in terminal sudo chmod +x /the/directory/of/file/filename.sh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it,

Re: [qubes-users] proper way to autostart script in dom0

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 12, 2016 at 09:55:44AM -0300, Franz wrote: > Hello, > > I looked on various old threads and there is mentioned a > ~/.config/autostart, so I tried in dom0 using Qubes 3.2 > > cp myfile.sh ~/.config/autostart > > but after rebooting

[qubes-users] VM label icons

2016-11-12 Thread longridge
AM new user - just finding my way around. On all VM's that I open, the label heading is clear and bold (obviously less so when inactive) but the icons (eg minimise, maximise, close etc) are all very faint. (barely visible) Am sure there just be a way to enhance them (screen examples from

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-12 Thread Chris Laprise
On 11/11/2016 10:21 PM, Sec Tester wrote: So Im still new to Qubes, but after going through a bit of a learning curve, building & customizing VM's to suit my security needs, I have a few thoughts on its security. Firstly I really love the direction Qubes has taken the future of operating

[qubes-users] Genymotion in Qubes

2016-11-12 Thread pl11ty
Good day I want to install an android emulator in Qubes and reading some review, Genymotion is the best. The issue is that it run in Virtualbox, how can I install it in Qubes? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 11, 2016 at 07:21:18PM -0800, Sec Tester wrote: > So Im still new to Qubes, but after going through a bit of a learning curve, > building & customizing VM's to suit my security needs, I have a few thoughts > on its security. > >

[qubes-users] Re: Qubes Windows Tools 3.2.2-3 released

2016-11-12 Thread Eric Shelton
On Saturday, October 22, 2016 at 9:26:08 AM UTC-4, omeg wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi all, > > We uploaded a new version of Qubes Windows Tools (3.2.2-3) to the > current-testing repository. > > Changelog: > - - Updated Xen PV drivers to be in line with

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-12 Thread Chris Laprise
On 11/12/2016 06:26 AM, David Hobach wrote: > I would also advise users *not* to > rely on firewall settings in Qubes Manager/VM Settings as the options > are too limited to stop compromised VMs that are supposed to be confined > to the VPN tunnel from leaking data to clearnet (e.g. a hostile

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread 'IntersolarMN' via qubes-users
Can someone provide me with the terminal commands (from template: fedoara-23) to receive the downloaded LibreOffice install file (LibreOffice_5.2.3_Linux_x86-64_rpm.tar.gz) from the [work: web browser], and then run the installation script? Alternatively, could you provide the terminal

Re: [qubes-users] VM label icons

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 12, 2016 at 10:38:41AM -0800, longridge wrote: > AM new user - just finding my way around. > > On all VM's that I open, the label heading is clear and bold (obviously less > so when inactive) but the icons (eg minimise, maximise, close

Re: [qubes-users] [feature request] Shutdown template after update

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 08, 2016 at 01:07:38AM -0800, Andrew David Wong wrote: > On 2016-11-07 10:05, Eva Star wrote: > > After template updated ask user at the console to shutdown current template. > > > > "Shutdown current template [Y/n]" > > > > Currently

[qubes-users] Re: Genymotion in Qubes

2016-11-12 Thread Sec Tester
Nice question. I would also like to know. Have you setup a Win7 HVM? This maybe be the best place to try setup Genymotion. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-12 Thread Sec Tester
> > This might add significant time to the install, but could be a tick box > > option, with a note about extra time. > > I think a better practice along these lines is to supply the additional > packages needed to create a desktop-friendly template... alongside the > minimal template. This

Re: [qubes-users] Arch-template and Firefox (49.0.2)

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Nov 10, 2016 at 02:21:38PM +0100, Marek Marczykowski-Górecki wrote: > On Thu, Nov 03, 2016 at 08:17:18PM +0100, Achim Patzner wrote: > > Hi! > > > > > > I just tried moving my main working environments from the Fedora > > template to Arch.

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread Sec Tester
you want to copy the file from your work VM to the fedora-23 template and then install all with terminal? 1)open terminal in your workVM 2)ls (useful to lists directories/files) 3)cd Downloads (or where ever you saved it) 4)qvm-copy-to-vm "DestinationVM" filename

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-12 Thread Chris Laprise
On 11/12/2016 05:47 PM, hed...@tutanota.com wrote: I guess the question still stands: is the latest version materially superior to the March 2015 version? (And enough to want to re-create over a dozen proxyVMs?) Yes, the VPN doc method is better in the sense that it separates packets

[qubes-users] Screen blanks instead of power off

2016-11-12 Thread taii...@gmx.com
I have tried all the options in the power control menu but my screen still doesn't turn off it just disconnects the output so the screen will say "NO VGA/DVI DETECTED" when power save mode turns on. Ideas? -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Re: Genymotion in Qubes

2016-11-12 Thread entr0py
Sec Tester: > pl1...@sigaint.org: >> Good day >> I want to install an android emulator in Qubes and reading some review, >> Genymotion is the best. The issue is that it run in Virtualbox, how can I >> install it in Qubes? >> >> Thanks >> > Nice question. I would also like to know. > > Have you

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread 'IntersolarMN' via qubes-users
Can someone provide me with the terminal commands (from template: fedoara-23) to receive the downloaded LibreOffice install file (LibreOffice_5.2.3_Linux_x86-64_rpm.tar.gz) from the [work: web browser] Downloads, and then run the installation script? Alternatively, could you provide the

[qubes-users] Re: Fedora 24 template available for Qubes 3.2

2016-11-12 Thread Sec Tester
NICE!! Any specific improvements or fixes running Fedora-24? I noticed F-23 seemed to have trouble playing flash videos for me. F-24 Min template coming? A Deb-8 min template would also be nice :) -- You received this message because you are subscribed to the Google Groups "qubes-users"

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-12 Thread hedron
12. Nov 2016 20:39 by tas...@openmailbox.org: > > By 'template' you mean the setup at my github repo? If you look closely, they > are 90% the same except the doc version uses rc.local to start the client and > the one on github creates a systemd service for it. What makes it look > simpler

Re: [qubes-users] Use YubiKey for Anti-Evil-Maid?

2016-11-12 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-12 12:07, Eric wrote: > Is there any way to use a YubiKey for Anti-Evil-Maid, instead of just a > regular USB flash drive? AFAIK, yes, but I haven't personally tried it, since I don't own a YubiKey. > I imagine (though I will be the

[qubes-users] Fedora 24 template available for Qubes 3.2

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all, Fedora 24 template is now available for direct installation. This means there are now two ways to have it on Qubes 3.2 system: 1. Upgrade existing Fedora 23 template according to this instruction:

Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2

2016-11-12 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Nov 12, 2016 at 08:01:37PM -0800, Sec Tester wrote: > NICE!! > > Any specific improvements or fixes running Fedora-24? Nothing specific to Qubes, see upstream release notes for non-Qubes changes:

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-12 Thread hedron
13. Nov 2016 02:54 by tas...@openmailbox.org: > On 11/12/2016 05:47 PM, > hed...@tutanota.com> wrote: >> >> I guess the question still stands: is the latest version materially superior >> to the March 2015 version? (And enough to want to re-create over a dozen >> proxyVMs?) > > Yes, the VPN

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-12 Thread Sec Tester
Hi Marek, >On Sunday, 13 November 2016 03:33:50 UTC+10, Marek Marczykowski-Górecki wrote: > > They have basically said, Elite hackers can gain root, so lets just not > > even bother with this foundational layer of security. > > The point is _if_ someone is able to run arbitrary code as user,

Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2

2016-11-12 Thread Sec Tester
> Yes, it is also available - as noted in the message. And i read too quickly, doh :o) Look forward to taking 24 for a spin. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-12 04:28, 'IntersolarMN' via qubes-users wrote: >> Your trying to modify the fedora-23 template correct? Yes. >> Is sys-firewall specified as its net VM? Yes. >> Do your other app VM's have internet access? Yes. >> Does sys-firewall have

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-12 Thread Chris Laprise
On 11/12/2016 07:48 PM, Sec Tester wrote: Hi Marek, On Sunday, 13 November 2016 03:33:50 UTC+10, Marek Marczykowski-Górecki wrote: They have basically said, Elite hackers can gain root, so lets just not even bother with this foundational layer of security. The point is _if_ someone is able

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-12 Thread David Hobach
> I would also advise users *not* to > rely on firewall settings in Qubes Manager/VM Settings as the options > are too limited to stop compromised VMs that are supposed to be confined > to the VPN tunnel from leaking data to clearnet (e.g. a hostile access > point or other upstream node)

Re: [qubes-users] Re: Please help, can't get into Qubes

2016-11-12 Thread Alex
On 11/12/2016 04:32 AM, Sec Tester wrote: > On Saturday, 12 November 2016 06:39:50 UTC+10, Fred wrote: >> I made a change to the PCI devices for the sys-net VM and now >> Qubes hangs on boot when starting this vm. >> >> I've tried using the installation image to get to system rescue via >> the

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread 'IntersolarMN' via qubes-users
sudo dnf install libreoffice yielded the following results, despite multiple attempts: Error: Error downloading pachages: Cannot download l/libreoffice-core-5.0.6.2-10.fc23.x86_64.rpm: All mirrors were tried Additionally, in the Software applicaton, LibreOffice is missing, including when I

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread Sec Tester
Your trying to modify the fedora-23 template correct? Is sys-firewall specified as its net VM? If not, set the fedora-23 template NetVM to sys-firewall. Then try "sudo dnf install libreoffice" Do your other app VM's have internet access? If not. Does sys-firewall have sys-net set as its "NetVM"?

Re: [qubes-users] Re: #2 .odt files and LibreOffice Install

2016-11-12 Thread 'IntersolarMN' via qubes-users
>Your trying to modify the fedora-23 template correct? Yes. >Is sys-firewall specified as its net VM? Yes. >Do your other app VM's have internet access? Yes. >Does sys-firewall have sys-net set as its "NetVM"? Yes. >Sys-net and Sys-firewall pings to Google both were successful. >After restarting

[qubes-users] Re: Thoughts on Qubes OS Security... Could be improved.

2016-11-12 Thread Sec Tester
Some examples of Default Root access possibly being exploited in Qubes. === Looks like the DRAMA attack would require root access in VM, to compromises Qubes shared memory "taskset 0x2 sudo ./measure -p 0.7 -s 16." https://groups.google.com/forum/#!topic/qubes-users/qAd8NxcJB3I

[qubes-users] proper way to autostart script in dom0

2016-11-12 Thread Franz
Hello, I looked on various old threads and there is mentioned a ~/.config/autostart, so I tried in dom0 using Qubes 3.2 cp myfile.sh ~/.config/autostart but after rebooting nothing is autostarted. The script is simply for starting various applicaions and settings in VMs and works well with