Re: [qubes-users] Attaching a block to a DVM in dom0 script

2016-11-15 Thread Vít Šesták
Thank you, it seems to do exactly what I was looking for. (I will probably use trap in order to ensure the DVM is destroyed.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop

Re: [qubes-users] macbookpro 11,3 installer keeps returning to grub menu

2016-11-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-14 11:25, pixel fairy wrote: > just what the subject line says. there is an error message, but it flashes by > too fast to read. all four choices have the same result. > > hardware is late 2013 15" retina, 11,3 > Does this thread help

Re: [qubes-users] Disguising Qubes VMs

2016-11-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-14 17:02, Sec Tester wrote: > A thought on security through obfuscation. > > Right now in terminal is you type: "uname -r" we get the kernel version, > which has "qubes" in the name. > > Straight away the attacker, knows he's dealing

Re: [qubes-users] EFI / UEFI guest

2016-11-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 14, 2016 at 07:22:15PM -0800, TheGrandQubes wrote: > Hi, > > I was wondering what the status is for allowing for EFI / UEFI guest VM (ie > an appvm or HVM being able to use EFI rather than bios). > This feature seems to have been

Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2

2016-11-15 Thread Grzesiek Chodzicki
W dniu niedziela, 13 listopada 2016 23:26:10 UTC+1 użytkownik yaqu napisał: > On Sun, 13 Nov 2016 12:30:25 -0800 (PST), Grzesiek Chodzicki > wrote: > > > W dniu niedziela, 13 listopada 2016 20:54:06 UTC+1 użytkownik yaqu > > napisał: > > > > > > It looks like you

Re: [qubes-users] Disposable VMs are not disposed of

2016-11-15 Thread IX4 Svs
On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Tue, Nov 15, 2016 at 12:34:19AM +, Alex wrote: > > This is the second time I encounter this freaky issue on R3.1: > > > > Start a

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread Unman
On Tue, Nov 15, 2016 at 03:39:15PM +0100, Zrubi wrote: > On 11/15/2016 02:46 PM, Andrew David Wong wrote: > > > Licensing is a tricky issue. I'm not sure whether the Windows license > > allows you to clone Windows VMs or to run multiple Windows AppVMs from a > > single Windows TemplateHVM.

Re: [qubes-users] isolated workflows - image converter - trusted jpg

2016-11-15 Thread '019438'1094328'0914328'09143
Hello, thanks for the feedback, now I can understand the behavior. I would appreciate very much the same isolated work low for pictures / graphics like the PDF and the overwriting helps to keep the disk size tiny and the appendix secured really help to organize the files from the first step.

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread Zrubi
On 11/15/2016 02:46 PM, Andrew David Wong wrote: > Licensing is a tricky issue. I'm not sure whether the Windows license allows > you to clone Windows VMs or to run multiple Windows AppVMs from a single > Windows TemplateHVM. That's a question for the lawyers. Maybe others around > here have

Re: [qubes-users] isolated workflows - image converter - trusted jpg

2016-11-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-15 06:00, '091823'04918'032948'1093248018243 wrote: > Hello, > > wow cool, I found out that now QR32 also can convert pictures into a trusted > image. > > Only I got confused, because after the conversion, I got two files: > > i)

Re: [qubes-users] isolated workflows - image converter - trusted jpg

2016-11-15 Thread Unman
On Tue, Nov 15, 2016 at 06:00:21AM -0800, '091823'04918'032948'1093248018243 wrote: > Hello, > > wow cool, I found out that now QR32 also can convert pictures into a trusted > image. > > Only I got confused, because after the conversion, I got two files: > > i) xy.jpg > ii) xy_untrusted.jpg >

[qubes-users] installing nvidia

2016-11-15 Thread neznaika
https://www.qubes-os.org/doc/install-nvidia-driver/ here we have: "Build kernel package You will need at least kernel-devel (matching your Qubes dom0 kernel), rpmbuild tool and kmodtool, and then you can use it to build package:" What it means? I should on the fedora 18 with rpmfusion-repo

Re: [qubes-users] Fresh R3.2 install, no /etc/default/grub

2016-11-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 12:30:44PM -0800, dmoer...@gmail.com wrote: > Hi, > > I just completed a fresh R3.2 install on a Lenovo X1 Carbon 3rd generation > (20BSCT01WW). Thanks to all the devs for their amazing work on this release. > So far as I

Re: [qubes-users] PAM errors after disabling password-less root

2016-11-15 Thread Unman
On Tue, Nov 15, 2016 at 02:26:12PM -0500, Chris Laprise wrote: > On 11/15/2016 07:20 AM, Unman wrote: > >On Tue, Nov 15, 2016 at 11:55:13AM +, Unman wrote: > >>On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: > >>>Following the instructions for the 'vm-sudo' doc, I get the

Re: [qubes-users] Re: Intel TXT advice

2016-11-15 Thread taii...@gmx.com
So you know AFIAK OPOWER8+ systems have a emulation layer for x86 that works quite well, on the TALOS page you can see them playing a modern 3d game with it via pass thru video although obvious you wouldn't want to emulate a VMM. Xen isn't the be all-end all of virtualization, there are many

Re: [qubes-users] Fresh R3.2 install, no /etc/default/grub

2016-11-15 Thread Daniel Moerner
On Tue, Nov 15, 2016 at 3:48 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > I guess you have installed the system in UEFI mode. In that case, kernel > parameters are in /boot/efi/EFI/qubes/xen.cfg. Hi Marek, Thank you for the quick response. That hint and a bit more

Re: [qubes-users] Re: Does Qubes log login attempts?

2016-11-15 Thread Unman
On Tue, Nov 15, 2016 at 12:16:10PM -0800, RJ P wrote: > Also just learned the 'last' command - https://linux.die.net/man/1/last > Yeah I'm still sort of a nubie you can say. :-/ > try journalctl - you want the xscreensaver and audit units. e.g journalctl -t xscreensaver -- You received this

[qubes-users] Fresh R3.2 install, no /etc/default/grub

2016-11-15 Thread dmoerner
Hi, I just completed a fresh R3.2 install on a Lenovo X1 Carbon 3rd generation (20BSCT01WW). Thanks to all the devs for their amazing work on this release. So far as I can tell, everything works out of the box. (One of my favorite features is the ease of implementing VM-by-VM VPNs.) I want to

[qubes-users] Re: Does Qubes log login attempts?

2016-11-15 Thread RJ P
OK, never mind about the login attempts I found them. They are in /var/log/lightdm/lightdm.log But I still need the xscreensaver login attempts log. Also the lightdm.log only displays [+69.22s] and not the time and date. Is there a way to change that? -- You received this message because you

Re: [qubes-users] Re: HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

2016-11-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 02:47:29AM -0500, Jean-Philippe Ouellet wrote: > On Mon, Nov 14, 2016 at 4:16 PM, Marek Marczykowski-Górecki > wrote: > > You can

Re: [qubes-users] Disposable VMs are not disposed of

2016-11-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 15, 2016 at 02:37:14PM +, IX4 Svs wrote: > On Tue, Nov 15, 2016 at 1:14 AM, Marek Marczykowski-Górecki < > marma...@invisiblethingslab.com> wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Tue, Nov 15,

Re: [qubes-users] Re: One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

2016-11-15 Thread dumbcyber
On Tuesday, 15 November 2016 18:14:00 UTC+11, Jean-Philippe Ouellet wrote: > On Tue, Nov 15, 2016 at 12:17 AM, dumbcyber <> wrote: > > On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki > > wrote: > >> you need to remove 'rd.qubes.hide_all_usb' from kernel parameters. > >

Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2

2016-11-15 Thread yaqu
On Tue, 15 Nov 2016 23:06:48 +0100, yaqu wrote: > You have tried to remove fedora-23 using dnf, while some appVMs still > were using it as a template. Dnf has displayed an error, but also it > has removed package, leaving it in qubes config (and not cleaning >

Re: [qubes-users] Re: Fedora 24 template available for Qubes 3.2

2016-11-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 16, 2016 at 12:28:17AM +0100, yaqu wrote: > On Tue, 15 Nov 2016 23:06:48 +0100, yaqu > wrote: > > > You have tried to remove fedora-23 using dnf, while some appVMs still > > were using it as a template. Dnf

Re: [qubes-users] Using distribution kernel in Template VM

2016-11-15 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Nov 07, 2016 at 08:46:24PM +, Fred wrote: > > I followed the instructions here > https://www.qubes-os.org/doc/managing-vm-kernel/ for using the VM kernel. > > So in short: > > in dom0: sudo qubes-dom0-update grub2-xen > in fedora-23

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread pixel fairy
On Tuesday, November 15, 2016 at 8:46:51 AM UTC-5, Andrew David Wong wrote: > > As far as I'm aware, any laptop with VT-x should be able to handle a Windows > VMs, and in general, most laptops comes with Windows. So, you're basically > just looking for a laptop that has good Qubes

Re: [qubes-users] PAM errors after disabling password-less root

2016-11-15 Thread Unman
On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: > Following the instructions for the 'vm-sudo' doc, I get the following error > in Debian 9: > > /usr/lib/qubes/qrexec-client-vm failed: exit code 1 > sudo: PAM authentication error: System error > > > Also, in the Debian 8 template

Re: [qubes-users] PAM errors after disabling password-less root

2016-11-15 Thread Unman
On Tue, Nov 15, 2016 at 11:55:13AM +, Unman wrote: > On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: > > Following the instructions for the 'vm-sudo' doc, I get the following error > > in Debian 9: > > > > /usr/lib/qubes/qrexec-client-vm failed: exit code 1 > > sudo: PAM

[qubes-users] PAM errors after disabling password-less root

2016-11-15 Thread Chris Laprise
Following the instructions for the 'vm-sudo' doc, I get the following error in Debian 9: /usr/lib/qubes/qrexec-client-vm failed: exit code 1 sudo: PAM authentication error: System error Also, in the Debian 8 template the instructions don't match, as there appears to be no file

[qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread pixel fairy
management is interested in qubes, but still need windows for some tasks. this means buying a laptop that comes with windows, but still can run qubes well. any recommendations? any license issues to be aware of? -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread raahelps
On Tuesday, November 15, 2016 at 7:44:53 PM UTC-5, pixel fairy wrote: > On Tuesday, November 15, 2016 at 8:46:51 AM UTC-5, Andrew David Wong wrote: > > > > As far as I'm aware, any laptop with VT-x should be able to handle a > > Windows VMs, and in general, most laptops comes with Windows. So,

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread raahelps
On Tuesday, November 15, 2016 at 10:45:06 PM UTC-5, raah...@gmail.com wrote: > On Tuesday, November 15, 2016 at 7:44:53 PM UTC-5, pixel fairy wrote: > > On Tuesday, November 15, 2016 at 8:46:51 AM UTC-5, Andrew David Wong wrote: > > > > > > As far as I'm aware, any laptop with VT-x should be able

[qubes-users] CVE-2016-4484: Cryptsetup Initrd root Shell

2016-11-15 Thread Valko
Is it possible attack scenario with Qubes OS? http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html#impact -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from

Re: [qubes-users] recommendation for a laptop to use windows in qubes?

2016-11-15 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-15 03:52, pixel fairy wrote: > management is interested in qubes, but still need windows for some tasks. > this means buying a laptop that comes with windows, but still can run qubes > well. any recommendations? any license issues to be

[qubes-users] Re: Installing VPN in Qubes Versus VPN on a Router

2016-11-15 Thread amadaus
amad...@riseup.net: > We see much correspondence in these forums about installing a VPN within > Qubes. Surely, the most secure place for VPN is to install on a Router? > I say these things after reading the following paper [ > https://cryptome.org/2013/12/Full-Disclosure.pdf ] in which a group of

[qubes-users] isolated workflows - image converter - trusted jpg

2016-11-15 Thread '091823'04918'032948'1093248018243
Hello, wow cool, I found out that now QR32 also can convert pictures into a trusted image. Only I got confused, because after the conversion, I got two files: i) xy.jpg ii) xy_untrusted.jpg In the PDF work flow it was the opposite: i) xy.pdf ii) xy_trusted.pdf I liked the last work flow