Updating Qubes Post-Installation

This is a brief checklist of operations to conduct after a fresh installation of Qubes. Full documentation is available at https://www.qubes-os.org/doc/updating-qubes-os/.

After configuring your network first update the dom0:
sudo qubes-dom0-update

Next, update your TemplateVMs: Qubes Menu > System Tools > Qubes Update.

The Qubes Update utility doesn't always work the first time for me. If you find it hangs and produces no details launch the TemplateVMs individually and from the command line run:
dnf update
for Fedora and
apt-get update
for Debian.

Now reboot to effect any kernel updates and load the updated dom0 environment.

Install critical software that you will definitely need to your TemplateVMs. Things like:

  • screen
  • sshfs
  • nmap
  • links/lynx
  • nano
  • whois
  • bind-utils (fedora) dnsutils (debian)

Next, duplicate the default fedora and debian TemplateVMs and update your personal, work etc AppVMs to rely on the copies. Since system Qubes like sys-net and usb rely on the default fedora TemplateVM you may regret making changes directly to it when setting up your regular working AppVMs.

Software I like to install into my duplicated TemplateVMs includes:

  • kde-standard
  • kate
  • chromium (part of default repos) or google-chrome (third party download)
  • telegram-desktop

Enable USB Keyboard for Qubes dom0

Full documentation is available at https://www.qubes-os.org/doc/usb-qubes/. You should read the Security Warning about USB Input Devices before doing this.

To enable a USB keyboard for dom0 (making it available to all VMs) modify /etc/qubes-rpc/policy/qubes.InputKeyboard on dom0 to reflect:
#sys-usb dom0 allow,user=root sys-usb dom0 ask,default_target=dom0 $anyvm $anyvm deny

You will then be prompted to grant USB keyboards access any time they are connected. To also allow USB keyboards to enter the LUKS and login passwords please refer to the official documentation.

Comparing proc and ps Process Counts

Some rootkits and malicious versions of ps will hide processes from stdout but leave /proc alone. You can compare the number of processes ps reports to the number of processes being tracked inside /proc to help determine if your ps is lying to you. Note that a race condition exists here, it is possible on a server with lots of new processes being spawned naturally that the number reported will change between the execution of the two commands so it may be necessary to run this script multiple times to get a clear picture. Since speed is essential it is important to run them together in a script rather than individually.

#!/bin/bash ls /proc | grep "^[0-9]" | wc -l ps aux | wc -l

A New NATO Phonetic Alphabet to Make Voice Calls Fun Again

If you're like me you spend a lot of time on the phone with people who are challenged with aural disabilities (customer service reps, level 1 tech support, etc.). To bring a little joy to the experience I have painstakingly developed a new NATO Phonetic Alphabet you can use to brighten everyone's day.

A as in Asshole
B as in Bitch
C as in Cunt
D as in Dick
E as in Ecstasy
F as in Fuck
G as in Gabapentin
H as in Heroin
I as in Injection
J as in Junk
K as in Ketamine
L as in Lick
M as in Molly
N as in Naloxone
O as in Orgasm
P as in Penis
Q as in Quaalude
R as in Rohypnol
S as in Sex
T as in Tramadol
U as in Urine
V as in Vagina
W as in Watersports
X as in Xanax
Y as in Yiff
Z as in Zoloft

You're welcome.

Disable (Most) Annoying and Useless Emergency Alerts on Android


It's a quiet, snowy Sunday morning. Finally slipping off to sleep with the cat curled up on my chest I am treated to the banshee's serenade of an Android emergency alert. Maybe if I ignore it it will go away.... it cries out again. And again. The damn thing will not leave you alone until you physically get up and throw your phone out the window. Or acknowledge receipt of the message. Your call; no judgement.


This is a Province of Ontario emergency bulletin which applies to people within ten (10) kilometres of the Pickering Nuclear Generating Station. An incident was reported at the Pickering Nuclear Generating Station. There has been NO abnormal release of radioactivity from the station and emergency staff are responding to the situation. People near the Pickering Nuclear Generating Station DO NOT need to take any protective actions at this time. Remain tuned to local media for further information and instructions.

Let me get this straight, wise overlords. You just woke and put the fear of god into me - in the most obnoxious and irritating way posible - to tell me that:

  • DON'T PANIC! - Everything is OK.
  • The alert only applies to people within 10 KM of Pickering WHICH IS 100 KM AWAY.
  • This message has no useful details; glue your docile plebeian eyes to local media for further trauma.

I quickly found out people as far as Ottawa received the same message. Evidently in this golden age of geolocation the alerts system is lazily province-wide. Maybe that makes sense in Bumscrew Delaware but you can fit a dozen european countries in a province the size of Ontario.

Which reminds me... didn't I disable this crap after the third missing child alert that happened 100 miles away and was resolved within 10 minutes without the child even having the baseline courtesy to lose a leg (or at least a finger)...

Forgive me for taking you seriously...

Oh. Silly me. It seems I left "Emergency Alerts" enabled, on the assumption that it would only give me a fun surprise heart attack for serious issues, like those pertaining to "extreme threats to life and property". Do forgive my stupidity for assuming this classification would not also become abused by the same power-drunk, trigger-happy freakout artists (or whatever title is properly attributed to the officials at the wheel).

The exact location of the Emergency Alert settings differs depending on your version of Android. The simplest route is to use the built-in search function:

  1. Open the Settings app.
  2. Use the Search bar along the top of the screen to search for Emergency Alert.
  3. Tap on the first result, which should simply be titled Emergency Alert.
  4. You should now be presented with the settings page similar to the figure shown above.
  5. Disable each of the alert types you no longer wish to receive. In the United States "Extreme alerts" might be called "Presidential alerts" or an additional option may be present to distinguish an alert type pursuant to legislation recently enacted there.
  6. In case there are additional alert types it may be impossible to disable, you may wish to additionally disable vibration, the text-to-speech option abd disable the Alert reminder. On my Android it is sadly not possible to change the alert tone.

I've heard reports that even with Extreme Alerts disabled this particular type of alert bypasses your settings. However it has been conjectured by some users that having the DnD mode enabled does block the sound.

Well that's embarrassing...

Yep, not 20 minutes later my screed was rendered impotent by another goddamned alert that gave zero regard to my updated settings.

Sorry folks, at least if you follow these steps you will reduce the number of lower level alerts you receive!

Can't win em all I guess... q.q