Re: [qubes-users] How do I install packages to a template over a VPN?

2016-07-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Zrubi, >> There is an issue with updating a template over a vpn: The >> intercepting updates proxy normally runs in sys-net, which can't >> see inside the encrypted vpn traffic. This may be a cause of the >> problem, however it should really

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

2016-07-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Chris & everyone, > On 06/23/2016 06:53 AM, Andrew David Wong wrote: >> On 2016-06-23 03:49, Rusty Bird wrote: >>> Hi Andrew, >>> >>>> On 2016-06-22 21:58, Todd Lasman wrote: >>>>&g

Re: [qubes-users] AEM boot option causes hard reboot/partial shutdown (Lenovo T450s)

2016-07-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Andrew, > On 2016-06-22 21:58, Todd Lasman wrote: >> On 05/16/2016 11:44 PM, Andrew David Wong wrote: I seem to have >> this exact same problem, but only after installing Qubes 3.2 >> (worked fine with 3.1) on my Thinkpad T430. > > Very

Re: [qubes-users] Video in Qubes 3.2

2016-07-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, > I often watch videos offline. I download .mp4 files dans I play > them in a dedicated VM (debian template) with MPV. When I launch a > video, the VM CPU goes up to 98%, It is quite strange. Try "-vo x11". mpv sometimes defaults to "-vo sdl",

Re: [qubes-users] Re: Two ways of "true" security.

2017-02-04 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 mr.l...@gmail.com: > четверг, 2 февраля 2017 г., 17:33:46 UTC+5 пользователь Connor Page написал: > > I have successfully castrated ME firmware on 2 Haswell laptops so I'd go > > for something more recent but well supported by Linux, reflash and

Re: [qubes-users] AEM and TPM no longer working

2017-01-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 qubenix: > 7. Restart, to BIOS, option for clearing tpm is gone from BIOS?!?! The option is only available on cold boot, not when you restart. Rusty -BEGIN PGP SIGNATURE- iQJ8BAEBCgBmBQJYgn6hXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w

Re: [qubes-users] Back up running VMs on btrfs

2017-02-21 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Chris! > On 02/20/2017 08:28 AM, Rusty Bird wrote: > > A small qvm-backup wrapper script that handles running VMs by chrooting > > into a temporary dom0 filesystem snapshot. The backed up data is the > > same as if those VMs

[qubes-users] Back up running VMs on btrfs

2017-02-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Something for the btrfs crowd: A small qvm-backup wrapper script that handles running VMs by chrooting into a temporary dom0 filesystem snapshot. The backed up data is the same as if those VMs had just been killed, which seems to work fine for the

Re: [qubes-users] Back up running VMs on btrfs

2017-02-21 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: > On 02/21/2017 07:43 AM, Rusty Bird wrote: > > Hi Chris! > > > > > On 02/20/2017 08:28 AM, Rusty Bird wrote: > > > > A small qvm-backup wrapper script that handles running VMs by chrooting >

Re: [qubes-users] backup failes

2017-02-09 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 haaber: > Cannot create /media/user/hexstring/qubes-backup/2017-02... : permission > denied. Try "sudo chown user:user /media/user/hexstring/qubes-backup". Rusty -BEGIN PGP SIGNATURE-

[qubes-users] Split dm-crypt 0.1.0

2016-09-08 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I've worked on this mostly out of stubbornness :), but maybe it is useful for someone here. README.md pasted below. https://github.com/rustybird/qubes-split-dm-crypt Rusty # _Split dm-crypt_ for Qubes R3.2-rc3 and later **Isolates

Re: [qubes-users] Split dm-crypt 0.1.0

2016-09-10 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > https://github.com/rustybird/qubes-split-dm-crypt If anyone has been using this already, please update to version 0.1.1 which contains a security bugfix. Rusty -BEGIN PGP SIGNATURE-

Re: [qubes-users] Split dm-crypt 0.1.0

2016-09-10 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Andrew! >> https://github.com/rustybird/qubes-split-dm-crypt > This looks great, Rusty! Thank you! I actually took the modern luksFormat parameters from your writeup at https://www.qubes-os.org/doc/encryption-config/. The 5 sec iteration time

Re: [qubes-users] Re: BTRFS?

2016-09-23 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Connor, > The tricky bit was to put it on a LUKS partition as somehow the > installer encrypted only the swap partition. https://github.com/QubesOS/qubes-issues/issues/2294 has a workaround. Rusty -BEGIN PGP SIGNATURE-

Re: [qubes-users] Thoughts about installed software

2016-10-14 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Jeremy! > In Qubes 3.0, I noticed that source files for the "move to VM" > command would be deleted even if the move failed due to > insufficient disk space in the destination VM. (It goes without > saying that this is a Very Bad Thing.) That

Re: [qubes-users] Attaching a block to a DVM in dom0 script

2016-11-14 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Vít, > When trying to implement a backup script (for a different mechanism > than the builtin one), I need to start a DVM with an attached (RO) > image. How can I do it? If you're running R3.2: set -e

Re: [qubes-users] Thoughts about installed software

2016-10-12 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Robert, > However I would not use the "move to VM" command like this, as I > experienced those requests getting lost One time files were > actually deleted, since that time I always use copy instead of > move. Sounds troubling. Do you

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2017-01-12 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marek Marczykowski-Górecki: > Rusty, Matt rightly just pointed out to Qubes Security Team that the > current behaviour of AEM could be misleading. AEM should refuse to work > if TXT isn't really working - otherwise it's easy to not notice it and >

[qubes-users] ANN: Split Browser (disposable Tor Browser, persistent bookmarks/logins)

2016-11-30 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 "Everyone loves the Whonix approach of running Tor Browser and the tor daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix. Let's take it a step further and run Tor Browser (or other Firefox versions) in a DisposableVM connecting

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-12-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Swâmi Petaramesh: > Hi Rusty Bird, and thanks for your help, > > > Is the SINIT module working? Run the "find" command from step 2b of > > /usr/share/doc/anti-evil-maid/README, but look at the lines for PCRs > > 1

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-12-04 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Swâmi Petaramesh: > I now have downloaded 3rd_gen_i5_i7_SINIT_67.BIN from Intel, installed > it per instructions, completely redone everything (including resetting > the TPM chip in BIOS, uninstalling and reinstallind the AEM RPM... > > But still,

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-12-04 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Does /proc/cmdline in dom0 contain "rd.antievilmaid" at the end? If not: > > In the GRUB boot menu, do you choose the entry "AEM Qubes, with Xen > hypervisor"? If there is no such entry, you may hav

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Swâmi Petaramesh: > So after upgrading Xen in dom0 I rebooted the system and... nothing > special hapenned. AEM displayed my "secret" image as usual, without any > unusual behaviour or warning whatsoever. Some things you can check: Is the SINIT

Re: [qubes-users] Re: [R2B2] Unable to choose sound source (mic)

2017-03-08 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 peter.palen...@gmail.com: > On Saturday, October 12, 2013 at 3:51:51 AM UTC+2, Marek Marczykowski-Górecki > wrote: > > On 12.10.2013 03:22, Franz wrote: > > > I would like to launch skype with a .sh file from dom0 but I am not able > > > to > > >

Re: [qubes-users] Assigning microphone to AppVM from terminal

2017-03-06 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Fabrizio Romano Genovese: > I've built a little toggle script to automatically attach/detach my camera to > an appvm. For the sake of completeness, I'd like to do the same for the > internal microphone.

Re: [qubes-users] Problems installing on device running Coreboot

2017-03-06 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Duncan: > Coreboot was configured as follows: SeaBIOS as primary payload [...] > > The behavior of trying to boot a stock Qubes install that was installed > using the installer booted by Coreboot, is that selecting the SSD to > boot from just seems

[qubes-users] Re: [qubes-devel] Qubes Security Bulletin #32: Xen hypervisor and Linux kernel vulnerabilities (XSA-226 through XSA-230)

2017-08-15 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marek Marczykowski-Górecki: > On Tue, Aug 15, 2017 at 01:59:59PM +, Holger Levsen wrote: > > So, "sudo qubes-dom0-update" for the first paragraph, and > > "sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing" for the > > 2nd… > >

Re: [qubes-users] X230 2325-YBN + Coreboot

2017-08-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Finsh: > are there by chance any known Problems with the X230 2325-YBN + Coreboot with > cubes os? If it's R3.2 and you're using SeaBIOS, check out the last paragraph of https://github.com/QubesOS/qubes-issues/issues/2553#issuecomment-284367521

Re: [qubes-users] Proxy for packages

2017-07-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Salmiakki: > Has anybody managed to set up a proxy or mirror of sorts in the > net-vm or firewall-vm or something similar to avoid downloading all > the packages several times for updating all the templates?

Re: [qubes-users] AEM failure after upgrade

2017-07-14 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 loke...@gmail.com: > The AEM package was upgraded recently (probably because of this > thread: > https://groups.google.com/forum/#!topic/qubes-users/3ZkmS5v7E38), > and after I installed the updated version, AEM stopped working > completely. > >

Re: [qubes-users] Soft U2F in Qubes?

2017-07-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Micah Lee: > How hard would it be to build a Qubes version of Soft U2F that stores > the secret in a separate VM, similar to split gpg? This could make using > U2F much more usable and secure inside of Qubes, I think. I suppose the most secure way

Re: [qubes-users] How can I test that my AEM configuration is correct?

2017-06-29 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 loke...@gmail.com: > Yesterday, I installed a new dom0 update which included an updated > kernel package. I was expecting to see an AEM error when I rebooted, > but that never happened. I'm guessing you've installed anti-evil-maid v3.0.4? You could

Re: [qubes-users] Auto update download in Linux

2017-04-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Drew White: > > On Tuesday, 25 April 2017 07:51:46 UTC+10, Unman wrote: > > > I seem to recall that Fedora has such a service, but I dont think it's > >

Re: [qubes-users] Auto update download in Linux

2017-04-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Drew White: > On Tuesday, 25 April 2017 07:51:46 UTC+10, Unman wrote: > > I seem to recall that Fedora has such a service, but I dont think it's > > enabled in a default template. > It is enabled by default, and I asked somewhere how to disable it

Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!

2017-07-31 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Micah Lee: > I just installed Qubes 4.0-rc1 on a Lenovo ThinkPad T440 which runs > Qubes 3.2 without a problem. After installing it, when I boot up, grub > works, but then as soon as Qubes starts to boot the computer reboots, > and I end up back in

Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!

2017-08-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jean-Philippe Ouellet: > On Tue, Aug 1, 2017 at 7:02 AM, Rusty Bird <rustyb...@openmailbox.org> wrote: > > Zrubi: > >> So I would really appreciate some statement if Qubes will really drop > >> KDE support. I can acc

Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!

2017-08-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Zrubi: > So I would really appreciate some statement if Qubes will really drop > KDE support. I can accept that, but then I not waste my time trying to > make it work. Instead focusing to fix the XFCE issues I have ;) > > - the default login screen

Re: [qubes-users] Qubes and USB Ethernet adapter

2017-06-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Swâmi Petaramesh: > I have a new Asus laptop which comes with no integrated Ethernet, but an > USB Gigabit Ethernet adapter. > > I wonder if this will be compatible with Qubes' Net VM, or if I will > need to allocate the complete USB controller to

Re: [qubes-users] Qubes and USB Ethernet adapter

2017-06-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Swâmi Petaramesh: > > I have a new Asus laptop which comes with no integrated Ethernet, but an > > USB Gigabit Ethernet adapter. > > > > I wonder if this will be compatible with Qubes' Net VM, or if

Re: [qubes-users] Bug in qubes-backup or tar?

2017-06-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 svenssona...@gmail.com: > Emergency recovery of backups as described in > https://www.qubes-os.org/doc/backup-emergency-restore-v3/ states > that tar should be able to unpack a qubes backup file. > > [...] > tar tvf bu/qubes-* > # Shows only

[qubes-users] AEM: Should we drop .png support?

2017-06-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi everyone, What do you think about getting rid [1] of .png image secret support in the next major version of Anti Evil Maid? This would offset some of the increase in complexity incurred by the upcoming TOTP/keyfile support, in addition to other

[qubes-users] Re: [qubes-devel] AEM: Should we drop .png support?

2017-06-18 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marek Marczykowski-Górecki: > I think PNG support is a nice half-measure against shoulder surfing - > details on the image are harder to copy/remember (or even photograph > with a small camera), than some text. You're right, it is better. I hadn't

Re: [qubes-users] Auto update download in Linux

2017-05-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Drew White: > On Wednesday, 26 April 2017 11:05:43 UTC+10, Rusty Bird wrote: > > Rusty Bird: > > > Drew White: > > > > On Tuesday, 25 April 2017 07:51:46 UTC+10, Unman wrote: > > > > > I think the only

Re: [qubes-users] qvm-usb -a works on old phone, hangs on new phone

2017-05-05 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jarle Thorsen: > Connecting an old Samsung Galaxy S3 phone to my app-vm using > "qvm-usb -a" works just fine. I can connect to the phone via adb in > the appvm. > > Trying to connect a new Samsung Galaxy S7 Edge the same way, the > "qvm-usb -a"

Re: [qubes-users] Checking laptop compatibility using boot from USB drive

2017-05-05 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Vít Šesták: > I'll probably have an opportunity to verify some laptop's > compatibility. My idea is to boot Qubes OS or its installer from USB > and then to do some checks (most notably VT-d compatibility and USB > controller topology). It should be

Re: [qubes-users] Anyone disabled the Intel ME yet?

2017-09-18 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 alexclay...@gmail.com: > Has anyone here successfully disabled the Intel ME yet? > > http://blog.ptsecurity.com/2017/08/disabling-intel-me.html > > I'm hoping a future release of Qubes integrates this into the > install process for us. Or be

Re: [qubes-users] Prebuilt Fedora 26 template now available for 3.2

2017-11-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Lorenzo Lamas: > It was already possible to update your F25 templates to F26, but > fresh F26 templates are now also available to install. (Both normal > and minimal) Just a heads up, to use that version of the _minimal_ template (i.e 201711170336)

Re: [qubes-users] Anti Evil Maid (AEM) - possible to use text and picture at the same time?

2017-11-09 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Patrick, > Got secret.txt as well as secret.png - now it's only showing the image > at plymouth but no text. Looks like both cannot be combined? Yes. Image support is intended to be dropped in AEM4 anyway:

Re: [qubes-users] sys-usb needs more than default RAM to mount LUKS encrypted backup volume

2018-05-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Bernhard: > > You shouldn't mount encrypted drives on sys-usb. Use qvm-block to attach > > the partition to a different VM, then mount it there. > > > This is a good question, I think. Since we distrust sys-usb I agree that we > should not do the

Re: [qubes-users] 4.0-rc3: sys-net not getting updated template OS image?

2018-02-14 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Steve Coleman: > I have a strange situation where my sys-net's software template > "fedora-26-net" (variant of fedora-minimal) does not appear to be providing > updated OS images. My sys-net is the only vm using this specific image. Assuming that

Re: [qubes-users] 4.0-rc3: sys-net not getting updated template OS image?

2018-02-14 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Steve Coleman: > Here is the sys-net . I re-wraped the xml to make it a little > more readable in email: > > > pool="lvm" > revisions_to_keep="0" > size="21474836480" >

Re: [qubes-users] Qubes 4.0 without IOMMU/VT-d/AMD-Vi or Interrupt Remapping

2018-02-05 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Utility Panel: > Can anyone tell me what I might expect without IOMMU/VT-d/AMD-Vi and > Interrupt Remapping? https://www.qubes-os.org/faq/#can-i-install-qubes-4x-on-a-system-without-vt-x-or-vt-d Rusty -BEGIN PGP SIGNATURE-

Re: [qubes-users] R4 rc4 Whonix-ws-dvm. Requires repeated tor-browser downloads

2018-02-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 sebuq: > Each time I run the disposable whonix vm [whonix-ws-dvm] I am forced to > go thro' th long-winded procedure of downloading a new tor-browser > instance. The tricky part is that you need to run the updater in whonix-ws-dvm itself, not in a

Re: [qubes-users] X230 Webcam

2017-12-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jo: > im trying to pass trough to a VM my build-in Webcam (x230 with > coreboot). However, im unable to find it in the devicelist. It's a USB device (not PCI), so you'd forward it using qvm-usb:

Re: [qubes-users] What exactly is 'private-cow.img' in appvms?

2018-08-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Stickstoff: > there is documentation about 'root-cow.img' online [1], but nothing > about 'private-cow.img'. > Am I right to assume that the 'private.img' is the writable part the VM > sees, with the changes the VM wrote saved on 'private-cow.img'

Re: [qubes-users] What exactly is 'private-cow.img' in appvms?

2018-08-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Stickstoff: > > there is documentation about 'root-cow.img' online [1], but nothing > > about 'private-cow.img'. > > Am I right to assume that the 'private.img' is the writable part the VM > > sees, with the

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-15 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sphere: > https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/ > > There are other vulnerabilities disclosed along with this today and > if possible, I would like to confirm

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: > On 08/15/2018 08:40 AM, Rusty Bird wrote: > > To me as a layman, it looks like Qubes is indeed vulnerable to the > > XSA-273 data leak, and that fixing it involves > > > > 1. disabling hyperthreading (b

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Sphere: > I have hyperthreading disabled on my BIOS, do I still have to add > that option to Xen command line? Disabling it in the BIOS is okay too, according to the XSA. > By pull request you mean, it's still being grabbed for use and >

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rob Fisher: > I'm wondering when we can expect information on the impact of XSA-273 (1) on > Qubes R4? I'd guess early next month: https://groups.google.com/d/msg/qubes-users/Isn_hko7tQs/PcqIuUleEQAJ > what are the best options for a Qubes user

Re: [qubes-users] Proxy VM option missing upon creating a new VM !

2018-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 odindva0...@gmail.com: > I am using version R 4.O and recently decided to set up a new Vpn connection . > But when I try to select the type is only giving me AppVM and > Standalone option so obviously I can't move forward . I am attaching > picture

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'awokd' via qubes-users: > > Rob Fisher: > >> what are the best options for a Qubes user right now? ^ > Get Qubes running on non-x86 architectures less prone to > vulnerabilities! Don't hold

Re: [qubes-users] XSA-273 - Impact on Qubes?

2018-08-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ivan Mitev: > On 08/26/2018 12:50 AM, Rusty Bird wrote: > > Rob Fisher: > >> what are the best options for a Qubes user right now? > > > > - - Add smt=off as a Xen boot parameter (which disables hyperthreading) >

Re: [qubes-users] Is Qubes vulnerable to CVE-2018-3620?

2018-08-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > To me as a layman, it looks like Qubes is indeed vulnerable to the > XSA-273 data leak, and that fixing it involves > > 1. disabling hyperthreading (by adding smt=off to the Xen command line) > 2. AND upgrading

Re: [qubes-users] How to use the raw vchan library - no Qrexec

2018-08-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 nicholas roveda: > I want to experiment a bit with the vchan library and develop a > program that make unprivileged VMs communicate without using the > network and without Qrexec or any Qubes specific framework. I'd imagine this is supposed to be

Re: [qubes-users] Questions about non-standard services & selective start

2018-08-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 trueriver: > Chris L recently showed me how to touch files in a VM to enable a > standard service to start, in that case NetworkManager > > https://groups.google.com/forum/#!topic/qubes-users/0_LUn4ha8Jg > > I now want to do something similar with

Re: [qubes-users] sys-net turning on itself

2018-08-27 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Daniil Travnikov: > I turned off auto-start of sys-net when laptop starting, and all is > ok with this moment. > > But if my laptop will be turned on some while and I will be just in > Qubes Manager with turned off all of the VM's, after some time

Re: [qubes-users] qvm-backup --exclude no longer exluding specified VMs from backup

2018-03-13 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Xaver: > After updating system from 4.0-rc4 to rc5 qvm-backup --exclude no > longer excludes the specified VM from the backup. I recently broke that. Sorry, and thanks for the bug report! https://github.com/QubesOS/qubes-core-admin/pull/202 Rusty

Re: [qubes-users] Coreboot + Qubes :: Best Practises / Coreboot docs page

2018-03-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 799: > Seabios or Grub and are there any special options which might make sense? SeaBIOS is nice. You can build it with CONFIG_SEABIOS_VGA_COREBOOT=y (might be the default now), and completely disable dynamic loading of any dubious option ROMs:

Re: [qubes-users] qvm-run blocks Dom0 terminal in R4

2018-03-20 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Bill Wether: > In 3.2's dom0, typing > > qvm-run -a work konsole > > returns as soon as the VM has started up and the command has been > issued. > > In R4, though, the Dom0 terminal just gets stuck--I can get it back > with ctl-C, but that's

Re: [qubes-users] Coreboot + Qubes :: Best Practises / Coreboot docs page

2018-03-18 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 799: > > $ build/cbfstool build/coreboot.rom add-int -i 0 -n > > etc/pci-optionrom-exec > > When do I need to run this? After building my Coreboot ROM? Yes, see payloads/external/SeaBIOS/seabios/docs/Runtime_config.md for a list of cbfs

Re: [qubes-users] Qubes 4.0 rc4 / Qubes backup doesn't find the directory

2018-02-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 ThierryIT: > When running the Qubes backup, and choosing the newly created folder, I have > this error: > > Selected directory do not exists or not a directory https://github.com/QubesOS/qubes-issues/issues/3594 Rusty -BEGIN PGP

Re: [qubes-users] systemd replacement for dom0

2018-09-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marcus Linsner: > I'm mainly asking because I fail to make certain services stop in a > certain order at reboot/shutdown. Hmm, maybe I should focus on > starting them in a certain order? then maybe shutdown will do it in > reverse order [...] Yes,

Re: [qubes-users] Re: Dom0 (System tools) shortcuts suddenly disappeared

2018-09-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Patrick: > Hello, on my 4.0 platform somehow I'm now missing the "Display" > shortcut. I'm thinking I may have accidentally dragged it into the > desktop and then deleted it. I found this thread and tried a couple > things but still not there. > >

Re: [qubes-users] Symlinks for "some" AppMVs to other partition in Qubes 4.x?

2018-09-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Teqleez Motley: > I want to store only some AppVMs (and some custom TemplateVMs) on a > different ext4 partition. See , with the exception that if you want to store your VMs in files on ext4, you'd

Re: [qubes-users] Some problems with 4.0.2-rc1

2019-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 donoban: > 2) Btrfs installation seems too hard. After some tries I did an unbootable > installation. Did you create the btrfs partitions manually or did you use the installer partitioning screen's "Click here to create them automatically" button?

Re: [qubes-users] Some problems with 4.0.2-rc1

2019-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 donoban: > On 8/25/19 4:22 PM, Rusty Bird wrote: > > donoban: > > > 2) Btrfs installation seems too hard. After some tries I did an unbootable > > > installation. > > > > Did you create the btrfs partitions ma

Re: [qubes-users] Some problems with 4.0.2-rc1

2019-08-25 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 donoban: > On 8/25/19 5:58 PM, Rusty Bird wrote:> Here are some screenshots of how to > get automatic btrfs partitioning: > > https://openqa.qubes-os.org/tests/3240 ("install_partitioning_btrfs" > > is the relevant sec

Re: [qubes-users] Per-VM stream isolation in Whonix

2019-09-30 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 tetrahedra: > Naturally I want Alice to appear to be using a different IP address than > Bob, else the two identities are linked. > > Right now it appears this is not necessarily the case -- the network > traffic of AppVMs A and B may end up using

Re: [qubes-users] programs run on different qubes freeze

2020-01-23 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 roger paranoia: > A couple of days ago I started to experience a problem on chromium browsers > run on any qubes that I have. They freeze for 2 to 5 seconds when I stress > the browser a bit (using it a bit faster). Sounds like

Re: [qubes-users] How to find which AppVM launched particular DispVM?

2020-05-15 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Martin Habovštiak: > I'd love to query from command line which AppVM called an RPC (`qvm-run > --dispvm`) that caused particular dispvm (of which I have the name) to > start. It's brittle but this seems to work alright in R4.0: $ pgrep -af

Re: [qubes-users] select vm to restore from a qvm-backup

2020-10-27 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 lik...@gmx.de: > I'm looking for a possibility to restore only 1 AppVM from a system > backup. I could find this by studying the parameters of > qvm-backup-restore. Seems that it performs a whole system restore > (only to choose between with or

Re: [qubes-users] disposible vm shuts down after qvm-copy

2020-07-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dave C: > When I start a dvm, for example right click a file and "view in disposable > vm", if I later open a terminal in that dvm and run "qvm-copy something", I > find that the qvm-copy succeeds but the disposible vm shuts down (or > crashes?)

Re: [qubes-users] imagemagick in debian-minimal ?

2020-07-01 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 haaber: > I discoverd with a little surprise that my 3 debian-minimal templates > (used for firewall, usb, net) have imagemagick installed. https://github.com/QubesOS/qubes-issues/issues/5009#issuecomment-489357218 Rusty -BEGIN PGP

Re: [qubes-users] Setting block.no_part_scan=no on sys-usb???s command line does not work

2020-12-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 unman: > On Fri, Dec 25, 2020 at 09:13:24PM -0500, Demi M. Obenour wrote: > > I am trying to disable automatic partition scanning in sys-usb, > > and tried including block.no_part_scan=no in sys-usb’s kernelopts. > > However, it had no effect.

Re: [qubes-users] Re: Getting wifi working on a new machine in qubes 4.0.3 and 4.0.4-rc1

2020-11-26 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 River~~: > 00.08.0 Network controller: Intel Corporation Wi-Fi 6 AX200 (rev 1a) https://github.com/QubesOS/qubes-issues/issues/5615#issuecomment-702032377 Rusty -BEGIN PGP SIGNATURE-

Re: [qubes-users] Installing Rofi on dom0 via contributed packages?

2020-12-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Stumpy: > On 12/16/20 2:40 PM, Frédéric Pierret wrote: > > Fedora 32 version for qubes-tunnel is currently uploading to stable. > Error: Unable to find a match: qubes-tunnel > > So perhaps its currently for fedora regular rather than minimal?

Re: [qubes-users] Installing Rofi on dom0 via contributed packages?

2020-12-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Stumpy: > > On 12/16/20 2:40 PM, Frédéric Pierret wrote: > > > Fedora 32 version for qubes-tunnel is currently uploading to stable. > > > Error: Unable to find a match: qubes-tunnel > > > > So p

Re: [qubes-users] Installing Rofi on dom0 via contributed packages?

2020-12-16 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Stumpy: > [bob@dom0 ~]$ sudo qubes-dom0-update qubes-rofi [...] > No Match for argument qubes-rofi The package is called just "rofi": https://contrib.qubes-os.org/yum/r4.0/current/dom0/fc25/rpm/ > which seems to be similar to an error i get when i

[qubes-users] ANN: Split Browser in qubes-repo-contrib

2021-01-17 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Split Browser - "Tor Browser (or Firefox) in a DisposableVM, with persistent bookmarks and login credentials" - is now fully available via qubes-repo-contrib for easier installation: https://github.com/rustybird/qubes-app-split-browser

Re: [qubes-users] Exported Volume Error.

2021-01-27 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 'Stuart Perkins' via qubes-users: > Ok, now I'm afraid to turn off my computer or even stop any Debian template > based VM's... Don't panic, it's just a bug* in qubes-core-dom0-4.0.56. Your VM data is still okay. > Here is what happened. > > I

Re: [qubes-users] The safest way to search in files on an external hard drive

2021-06-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Michael Singer: > I had to find a way to mount the read-only volume in the destination > qube. I discovered the page > https://www.qubes-os.org/doc/block-devices/ But it doesn't say how > to mount it either. The normal way with "$ sudo mount

Re: [qubes-users] The safest way to search in files on an external hard drive

2021-06-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Michael Singer: > > I had to find a way to mount the read-only volume in the destination > > qube. I discovered the page > > https://www.qubes-os.org/doc/block-devices/ But it doesn't say how > > to moun

Re: [qubes-users] The safest way to search in files on an external hard drive

2021-06-03 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Michael Singer: > I am looking for a really secure way to use Qubes for searching not > only a hard drive for file names, but for text that is in files. > > The goal is to avoid an exploit in the searched files leading to a > takeover of the hard

Re: [qubes-users] delaying total shutdown of disposable qube

2021-04-21 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rusty Bird: > Ólafur Jens Sigurðsson: > > We would like to add a new disposable template in which the disposable vm's > > will be shut down with a delay of a few minutes, just enough for the person > > to start replying to

Re: [qubes-users] delaying total shutdown of disposable qube

2021-04-21 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Ólafur Jens Sigurðsson: > We would like to add a new disposable template in which the disposable vm's > will be shut down with a delay of a few minutes, just enough for the person > to start replying to the email and finding that they need the file

Re: [qubes-users] qubes-split-browser issues

2021-02-08 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 taran1s: > Rusty Bird: > > taran1s: > > > Rusty Bird: > > > > Anything interesting in 'sudo journalctl' on > > > > the DisposableVM? > > > > > Can you navigate me how to open the terminal in

Re: [qubes-users] kernel-latest broke my system

2021-02-04 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Fabrizio Romano Genovese: > In trying to make my wifi adapter working, I decided to try `kernel-latest` > on Dom0, which installed kernel `5.10.11-1.fc25.qubes.x86_64`. The result > is a system where I cannot start VMs (not even VMs with no

Re: [qubes-users] Recover data from 'private-cow.img'

2021-04-19 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Stickstoff: > [dom0] qvm-volume revert vmname:private old > > Got empty response from qubesd. See journalctl in dom0 for details. > > Journal says: > > unhandled exception while calling src=b' dom0' meth=b' \ > > admin.vm.volume.Revert'

Re: [qubes-users] qubes-split-browser issues

2021-02-04 Thread Rusty Bird
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 taran1s: > - TB opens up in disp-VM whonix-ws-15-disp. In a VM named like disp1234 though, right? > The welcome page is not Whonix Welcome Page as normally when I open > the TB in the disp VM directly, but instead it opens up the About > Tor

  1   2   >