Re: [qubes-users] Install VPN in anon-whonix
On 06/08/2016 04:15 PM, asdfg...@sigaint.org wrote: Hello I read the guide on whonix site about how setup a VPN in workstation but it is old and my VPN is a little different, it has a GUI interface but also a setup for Open VPN (to work i have to use GUI). Do I setup like a normal VPN in debian (network connection, import configuration, certificate etc...) and change firewall? Thank you Mixing a VPN in the same VM as other tunnels or proxies is a more complex affair. Qubes proxy VMs allow us to do this kind of thing more cleanly. So I recommend using a debian proxy VM. The doc Andrew linked to contains a firewall script I created with Whonix (and other apps) in mind. Its designed to fail closed (block traffic) if openvpn stops working, and to stop all leaks. The only thing in or out is tunneled traffic and related ICMP. Its designed for simple VPNs that tunnel all traffic upstream (i.e. no special subnet selections), so it'll work with most services. There is a fancier version that creates systemd service and has a more explicit firewall setup, though its about the same protection: https://github.com/ttasket/Qubes-vpn-support What's more, you don't have to alter any template beyond installing openvpn to get this working. OTOH, if you're looking for a solution for Network Manager, the doc shows you how but its without a firewall. I am looking into a way to make the firewall script work with NM. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5758DB48.1070408%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install clean template?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 10:46, Albin Otterhäll wrote: > How should I go about to install a clean template? When setting up > a template for a specific domain, e.g. software development, it > could be useful to have a clean slate. > You can simply clone one of the default templates. If you've already modified the default template you want to use, you can clone it, then reinstall it from the repo. Here are the instructions for reinstalling the Whonix templates, but the same general procedure should apply to all templates: https://www.qubes-os.org/doc/whonix/reinstall/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWLYEAAoJENtN07w5UDAwrZ4P/36NNgpos/AHcDC7PxY/03LZ EBy9s/XVtQaMMoIIgdhlXVR5LnPYc555nS6mJ9aiLynUxbvJ8G2H/BHZgM4a1Buu qOVKsiXftyziyR7DIiXFPRq9MirNnKKEMZFp3SRnCuFU1LBotmssbV4OTeglOQcY MWmyoNWW8/uDocOVurGWTxWOUM9BQ4DqzH3GhGZhP9kKRPcsmR3wfx2I3Zn1tKIg M5IpSgmeJYN/3P+ENfNZVwLym+KaCSkMEn1VpeCwD119gMrsrijE5f+Ve7fQye94 lHkwnoMOaRtxsj9F6asak9ArH0OInvZy92bshKlW0PUq2en7/OqUelcwUqCLztag A8Ewz6mKwm/E5JGi7gt82dYYbd8eHVMtcbKlp6ODuLZjdQhMkhMTtTOpfEtlsrXS KFoktUbL7m9U8vj+Yl8gmU5V9Igr0o1Q4JxxNk3Bw223GRcYBhYnFjer46aQp48e MunlaZMk83y9HVgaOPxnXAJ+UZeINz0Ll1aj3ItgrQuG/5jfG4Pt9ywsNyj4v+VN 9dUuZof1EuST1k0iT0PmXgqQVu8j6Ibyp1HUtvKQlw632cgu6SEskXrVohNEX9dB Ia2GeDp9Pnro9QDfQOI0m2m+jA/Rx1KPRZAqyjYECnPxW1ogj2pdmfw238H1clP6 oQYOZQz8rYtb0EXUNknV =z7Wh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18729d7b-ca3f-b721-32d8-7b2f95aeeddd%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] choosing 1 upgrade of the month
the ram may be cheaper than you expect if you're willing to accept used. I recently bought 6x4g ddr3 ecc on ebay for ~$45 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8133178-3c8c-42b5-b628-cba932ac75b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New initramfs won't stick
Thanks for the very quick reply! Yes I think you are correct. I will give it a go, passing the correct path for efi. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86c0aec9-a478-4ca5-bef9-fb3b713662f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Fwd: qubes wont start anymore]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 14:40, boromirsbe...@sigaint.org wrote: > > I havent done much with my new qubes install so far, ive maybe > loaded it a few times to test it, now ive gone back on to > configure bridges and it gives this error right after the boot menu > and hangs: > > usb 2-5: device descriptor read/64, error -71 usb 2-5: device not > accepting address 6, error -71 > > > Nothing changed on my system since i last used it. > > > - > > > I've found the bug causing this, qubes starts up into its timed > autoselect bootup menu under the assumption your disks will be > fast enough to load the background processes before its timer runs > up and it starts. By cancelling the timer and waiting a few more > seconds this will allow usb based qubes to load properly. Not that > anyone cares since no ones bothered to respond to this in the > first place. > Thank you for following up to report the solution. FWIW, I think it was probably that no one knew the answer, not that no one cared. I, for one, would never have guessed that this was the solution. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWJnFAAoJENtN07w5UDAwYogP/1sWVoMzL1d2fz6Q4gphQ0mr Jpr+7UH46YHQr5lMLWVZ47/IumTOF6406lOp+VsbqSdmRNdXdhfp0m8dOyX+emT3 G589XbR7en/Rr8HS4zeRp4MC6nVPQdc7s8GVaa9FsLru1PH1OpmpAM0HwYXj3RDF lLVKqUV6RftY+GeC9zEtj0Wr5n0/at4IsNJJd52IRbVoy4Pg3X7sS+Bqh4ovDgTe C4SoZ66xzSKH1H6syMezgVzHCRcmnQ4GR1i3aK5Bd9rh+MF6BQ6a4IV7mEvod6nz VG6T1BR/NxYsMC8Smi6Fdk8pgpGHDLVaeaRrLmaFlLfhqL1kEMDkYsHdFhaE7wQc SkBAw62szIovsSVuq2VyxutYyZxZrAcHzQSVxkpEsDUpNuIFAEWkpNoPhj1OPjrW Bn2CrX9EmyYLqNhRj2pS9jgCzVRaSDNiePVrvoOJhbeY0a+nOAwguHv8WJIemOzA wAOLLb3pAXcEr/zVjxAglkUKZiXbjPV4devjBliCTuMkb/GCBouggrxi7gfD1/nj iqifuO9Lnm6n2A0jteZLR0PlkVL2XyHWiSI33qH80m4eCbXNgIjZtLyD5IMtBRaT KY8XVAYvtCiVqVJyWFfP0AhxaC97B+T9FW5+Ccxcwh9vc/28fXB9uLi4W7D6xxhD EUrnHRvbgknfXDX/3Xfc =WKzI -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/376ea662-518f-dbc6-524a-6e9083ac7c0c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 13:15, asdfg...@sigaint.org wrote: > Hello I read the guide on whonix site about how setup a VPN in > workstation but it is old and my VPN is a little different, it has > a GUI interface but also a setup for Open VPN (to work i have to > use GUI). Do I setup like a normal VPN in debian (network > connection, import configuration, certificate etc...) and change > firewall? > > Thank you > Take a look at our VPN documentation if you haven't already. It was recently updated: https://www.qubes-os.org/doc/vpn/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWJk8AAoJENtN07w5UDAwOR8P/2/P8q03qeL4xmx3tkN8VOOT jeJJaAKQOkPjNADQ+uFrAsqA/qTpD4KqESAcX8zJmMTAu3TGSA9U57yXggzSQBdG rmOMgs5s7u3LRoMyoYqDYDG/nUn8wFvTyGp/yyunsx5oJ2WQgSaSCuUJRCKputAg UIDMeD0+6Ci+uc0KG6zzMiPa9WfhsnGjcIZ7vEmUeP+xi0IGOOhQkRQgWKL3PAp3 wB63FJHMW9qOBYsjQrqOLh7dupqgekh98nDY+IOs9UclBN3/IQOeuKWe9GFEAzA5 ywhR6BWP1lxmTXRKw6Cm8oFvw9+axxnX2E0Nq2DIpQ2F5GGAQPkgqiN7d++ji1Cu W6TmMeXXM15FZuE8QneZFA+J6eLiJ2GzOE+gam1ZmVU4Hgn56yPIhDto0vTyNvFn Cf5tDllC4jHaus9zx2ombkH3Fd2vWj9Lq5x2uKjc6bRxuvG6GTuqMHJMnEu62D+M jKrwnZMydrsGjHNyeBA8ktac3jtSxYgXMNV/DQBC8xBGdtJ8VsvJ9Jy1su8cIFBS 6jXsd1Kb6mf2w59WD3gGLrsCm/TtfxfzXJbxtSjJ/EsdPhCfEZKBtumTqyx9XMO9 vNTwZK/HKkN9AQvVulnj8yChkxTPXNi5O35msCzWISQqBFn2MYRoN3/HoEoGOrj/ 2iW2tUnlxhbm3Te1AEC+ =B9Ij -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20ec2d6a-60d1-1c3d-9bc8-fce7644bee59%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: VM CPU mapping - countermeasurements against covert channels via cpu caches?
1093284'109438'019438'0914328'0913284'0913: > Hi Andrew, > > could it be that with some real-time OS features, it will possible to splitt > the Cores of an CPU in two clean domains? > > This would lead to a better latency performance for real time communication, > like skype and for some "air-gapped engines" inside Q. > > Kind Regards > I'm confused what you're trying to achieve: static scheduling of some VMs on some cores, or the elimination of caches as potential inter-VM covert channels. Can you explain exactly what your goal is? I have an idea: go read up on the relevant literature (which I am sure exists in substantial volume), reformulate your goal if necessary, and tell us what you learn. Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a04e1cd0-b9b6-8446-23d3-3022a782ffcf%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM available space
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 08, 2016 at 12:37:39PM -0700, Connor Page wrote: > I've noticed that there is no private image mounted in /rw in disposable vms. > 1. What is the point of private image size setting in Qubes Manager then? No point at all... > 2. Is there an easy way to expand dvm storage without affecting it's template? > 3. Am I missing something? > > I need to load large files in dvm, check them and then move to another vm. > There is not enough RAM to use ramdisk. > Any quick hints will be appreciated. One idea is to add additional block device, even file based[*], optionally encrypt it with ephemeral key and mount in that DispVM. Not very convenient, but effective. [*] In dom0: truncate -s 10G /var/tmp/some-file.img qvm-block --attach-file dispN dom0:/var/tmp/some-file.img rm /var/tmp/some-file.img The actual space will be automatically released as soon as you shutdown the DispVM. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXWJLuAAoJENuP0xzK19csR20H/jtymqHwp17SxTMCH9CULXq0 7af38ycxEAUq2XgNqPDYXWAcMZPKHUChT/EoVnIK4w+4HIG7Xiw428xKMlg6fxZH 5oATPU/BTU270dp3JMPzy9dqkIRPX0WiwPieGVF1rDsQOkFzQmuU2hbG61mIDCjQ +FW6ujdiywO9vmbJlTZqBiI4OtsXVw1KATUOY+B6HLlMUlUCftWMtS1XT+Ehb8F2 nKxCze/oM63d2eHTbIy6Pm43OWW9tUTEhk1IO4WjfCnKN8NQLK5Pa51d/qNMuXC1 KSOLV2wemGr/Nkzh7niltbX/jjGbZupVXSyI3heKBFieOuF2X4mYESbBa02wyjY= =h7BW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160608214933.GU1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?
Andrew David Wong: > On 2016-06-08 00:14, Albin Otterhäll wrote: >> I'm assuming that if you connect to Tor using the same Whonix >> gateway (e.g. "sys-whonix"), you get the same "identity" (IP, etc.) >> on both your workstations. Is this correct? > > > Not entirely. By default, stream isolation applies to different > workstations and to any supported apps in those workstations. This > means that every VM connected to sys-whonix will (and every supported > app in those VMs) will use a different circuit through the Tor > network, hence a different exit node, hence have a different IP address. > > However, there are still side-channel attacks that can be used to > correlate multiple workstations running on the same host (stressing > hardware and observing the effects in all workstations, clock skew, > network timings, etc.). > > Details: > https://www.whonix.org/wiki/Multiple_Whonix-Workstations > https://www.whonix.org/wiki/Stream_Isolation > > What Andrew said. Some nitpicking: There is no guarantee that you will have a different exit node (or even a different circuit). It's random so you might wind up with the same but not intentionally. Also, Tor Browser has stream isolation features of its own, such as separate circuits per tab and new circuits after a set time interval. Finally, non-stream-isolated (meaning non-tor-proxified) apps in the *same* workstation will share the same circuit since they will route through Whonix-Gateway's Transparent Proxy Port (TransPort). The TransPort can be disabled to prevent this. (Instructions in Andrew's links). - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57586A08.1050606%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to install clean template?
How should I go about to install a clean template? When setting up a template for a specific domain, e.g. software development, it could be useful to have a clean slate. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nj9lmj%24lag%241%40ger.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Proxify VM
Yes, sys-firewall could be a problemI can use JonDo in another dedicated proxyVM above sys-firewallnetVM--sys-firewall--proxyVM1(withJondo)--proxyVM2(vpn)From: Chris Laprise tas...@openmailbox.orgSent: Tue, 07 Jun 2016 01:35:24To: Jeremy Lator jeremyla...@rediffmail.com, Andrew David Wong a...@qubes-os.org, qubes-users@googlegroups.comSubject: Re: [qubes-users] Proxify VMOn 06/06/2016 06:11 AM, Jeremy Lator wrote: Shortly I have JonDo in the first VM and a VPN in the second VM. I want that the VPN detect socks of JonDo during the connection MyISP -- JonDo -- Firewall -- VPN-- internet \ / \ / \/ \ / | | | |sys-net sys-firewall proxyVM appVMSo internet is really an appvm with your browser?Then your diagram implies that you want to use vpn software (i.e.openvpn) through jondo. That would mean configuring openvpn to access asocks proxy. I think jondo was created to have the browser (and otherapps) access the socks proxy, but if you really want it this way openvpncan support socks proxies. Check this out:https://www.comparitech.com/blog/vpn-privacy/hide-openvpn-traffic-with-ssh-tunnel/Having sys-firewall there might be a problem. Thats because you have toput the address of the jondo vm (seen as the gateway address in thedownstream vm) in the openvpn config.Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1465243524.S.3691.8849.f5-147-124.1465408561.9082%40webmail.rediffmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS' mailing lists now available via Gmane!
Hello, that is nice, but do you have the links to the page? Best regards J. Eppler -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c694226e-4137-4c35-b89e-d68fd19ce7e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 08:36, Andrew David Wong wrote: > On 2016-06-08 08:21, Franz wrote: >> Hello, > >> I noted that when I insert a SD card into the corresponding slot >> of my Lenovo x230, it is automatically attached to Dom0 rather >> then sys-usb (default configuration). Well I use the SD card only >> for my Nikon camera and I have no reason to trust Nikon less then >> Lenovo, so no problem for me, but wonder if this is expected >> behaviour. > >> Best Fran > > > It's probably that the associated hardware device is not assigned > to any domU (e.g., your USB qube, if you use one). On my ThinkPad, > the device is labeled "PCI Express Card Reader." Assigning it to my > USB qube results in any inserted SD card showing up in the USB > qube. > Issue for implementing an option to have this performed for the user when the USB qube is first created: https://github.com/QubesOS/qubes-issues/issues/2055 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWD1JAAoJENtN07w5UDAwa0YP/Rdb0qlMttyudH+VjExiibgX wf1RsNHeqeO2gG2lne18ejXE1E+KvIWFKROJYoKwLxspLH12VAkUVhgpcV2j0z4b LYF8T/AFBSOryFiI6Yv2s63pFocNrOesAfG3PRwXttBHbouH5RZ0EIxPfkwwvpFd XTYvPL2k9oDrWeXVOxBQOtkzgjZMQjoI96p6wJBFh8SQYbxI2L5YFklkl12wb3ng 8/6a6pIAMdOgQvtOv8GqF4u2f1yjaZRiCvzpBA8/ihbt9rlZFMxk8hr0yMYxboSQ ROQDshLfHGvc4A7xJh8MEQawP4Fh8P0nWHfesTch/p16QJW5d3yfQbU/Svh/PwfN tcQYTsBXgSVGMVUYNUZrV2jUCkFV7mkcxgkOO+PBxh212zYdrbrsH352XRzcfG6z 2DI3fFtyfAQSR5Fvlv6/g+dzI5sGipqktikMfW7wnEnXEbKHIf7P+Wsm1naHw6Ii 8LQ4sRkEb0VKcnWdcMuiXO2eRAvd88PSHF//dtBFNoUXcqNlhvQJiXE0JSS6OUGT B6dm8fk7OsUhvBXuPPzLEXeNqv42M2UETlWEMW6r26LxX9souA7bcqEEr8q/2xaF IIS1OZvxcEUUCFUQQTFOZpXKcwDFNcRCuHKPiO1JmlL6huRfvRhc43JLdro7TyN4 bmMcIM90BXvFI9VDCAbN =5x7p -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b862716-1559-7f63-2b69-121bb193f63d%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] inter-vm traffic cant ping windows 10 hvm
Hello, I tried to connect my windows 10 hvm, which firewall is disabled, with my fedora appvm, but I can't connect/ping it.I tried the same with 2 fedora vm's and it worked properly... Thank you for helping in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bb9e638-bb15-4f1f-a417-b92a2eb0ad19%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 00:14, Albin Otterhäll wrote: > I'm assuming that if you connect to Tor using the same Whonix > gateway (e.g. "sys-whonix"), you get the same "identity" (IP, etc.) > on both your workstations. Is this correct? > Not entirely. By default, stream isolation applies to different workstations and to any supported apps in those workstations. This means that every VM connected to sys-whonix will (and every supported app in those VMs) will use a different circuit through the Tor network, hence a different exit node, hence have a different IP address. However, there are still side-channel attacks that can be used to correlate multiple workstations running on the same host (stressing hardware and observing the effects in all workstations, clock skew, network timings, etc.). Details: https://www.whonix.org/wiki/Multiple_Whonix-Workstations https://www.whonix.org/wiki/Stream_Isolation - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWDTtAAoJENtN07w5UDAwkIMQAIsKMKDrWfy6JnVW0TZGFTgj xk8QqTVg8sCwC0TqNBbpNccexb6AWB2IjS63k7CYfe9/mfPih92w+Qx+JzUiAiBo Uyx+iTQ7MI9oNK/Aaqw0KEahTN/BiB4T+MhrebOyUEZNL0E0C4ax3SiZboMbNo+9 7wUlJ2DHrFNALYiYlQ40UKTtcaqpQB+aZ7RMi6fI+XU0Dpi35lSqTNEpqdxRaCot M9oXap6tXn4PltF8JU+GR6lg43svdVMqrM/w+y0M/pi2Q0L83wxtc1W3FQJWsNOs /dZazPoQsiongnjmxzUmW3L/ebgwZneVzb3Gzf2D3jTfKNNBtxvM2grX7Q6Z+H/t S3lUaxkSH7dMDAyFoC0gBT08wZqlwiljjCUigDkuPdxiPOmefe5KftfhAWJHYjrK RbjdYkzq0C0an3coT6cXCePIoIPA9cY7+j3tP42UkaW/lR/te5EvoywMrvPEDV+O quuYBoajZgBP8K6Xp1yp4ykxJJjEm42LYY14WCdtZhYep6y9IUazsdxUeRSQnGM2 SSCdBW97S2gI1mzJlDaCz8szFK4mwNK7H5iUk7kqQ8LGFlB3DbTyfSIuy1ZetqE4 COUMWM8Ho/8jUVh9Ex8fTqsztdtSOAXDBNhn+4+y6XKcTVdYOYYUltHY30mQPEg8 iiYBUAdh/VIb8loHlBPS =nJMD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f416ee32-8df3-b154-66a7-573f3b26a886%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] choosing 1 upgrade of the month
I know SSD is recommded running up front and I have a good one on a pretty decent xeon dell with 8gig ram..the processor doesn't show overload ever, the ram doesn't get hit hard..but with 2 maybe 3 qubes running and taking into consideration it shares one router to the modem with 2 other machines...I'm beginning to think that any slow downs are happening because one or the other machines is clogging up the router...and while the qubes arch keeps this separated when these machines are all plugged into the same router it's like they are in there having a secrets telling party... well, i was going to get a solid wd black, or max out on the ssd (these are going in the workstation as qubes is being worked on in the laptop...they have the same specs just the workstation is got more juice..i mean basically the same).. the question is..do I complete the endless goal of [ a. getting the 2nd (and which one) NIC and cause the workstation to arbitrate as THE router and keeping things separated correctly maybe by pfsense and friends..almost get how that is to be implemented and am priviting OPNsense to get involved more..they asked me what I wanted them to do all I had said was give me an .iso so I can make the VM... and is that probably why my Qubes which is coming along joanna gonna get a nobel medal... or, am I wrong in that and so A) max the ram from 8 to 16 (it's costly as I would want to keep up the ECC), or B) go ahead now and get what I will need eventually too expensive a 4GB WD black as I have to match another 4GB drive and raid may happen sometime.. or C) get I have plenty of HDD, 8gig ram seems like it's not the problem..and so all in on the SSD for the workstation ..the pro samsung 3d one is robust but my budget is the shits.. So, isolate these computers as bog downs seem to break through when I kill a process even though its not even in the Qubes machine..and if so how to properly do that...It may be as simple as correctly setting up the Dlink to qos or whatever to stop that interference. one day I swear I thought one computer was playing music that another one should have been although it was faded etc... Or, for this month, get the ram maxed, or 1 of the 2 drives both I will need eventually... Remember, this is because I can't find a good explanation for why I get really bogged except it seems to be because of competition for router..and failures in other computers which share the router... I need to get this right as it's ready and getting more ready (qubes that is) and I want it to have a proper platform. thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-a79b0248-499c-4896-b24c-00fff101ed52-1465396065881%403capp-mailcom-bs15. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New initramfs won't stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 08, 2016 at 04:39:47AM -0700, mpatton...@gmail.com wrote: > Hi there, > > My USB keyboard requires a kernel module that isn't contained within > initramfs by default (hid-logitech-hidpp). > > I have added a new file to the dracut modules conf directory which contains: Just to make sure: it should be in /etc/dracut.conf.d > add_drivers+=" hid-logitech-hidpp " > > After creating a new initramfs, I have checked the contents with lsinitrd and > the kernel module is there. > > However after I reboot, the keyboard still doesn't work at the LUKS decrypt > prompt. > > When I check the initramfs again, the kernel module isn't there? > > Do I have to do something else to make the change stick? Do you boot in UEFI mode? In such a case, initramfs is on ESP, not /boot directly. The path is /boot/efi/EFI/qubes/initramfs-KERNELVERSION, so you need to pass this path to dracut when generating it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXWByyAAoJENuP0xzK19csg8AH/1VEAuufzi1Rvotaqu5tUSqz iwoR0yLK293p0OkhNO8MBU9ZVuZB1vuBvf4NctlqpvNV0/fUyrN6CszlXyYYhSLV S1qzjdoxqJUiHOwnCsG4oQF2DOrNpcLTWn3nYoZw+1V5jDcI0nmCqdSnsF4C4kUX Jt2koYIMlR8xODP2kZ75Q49MfKfXTm30nD3jkaKHLmGYoa+ax4d7shx5YtkVKwDF sP9oyO26Si3XhPoW7ng4IFpj3zpdgorGarhuOoVf5FGxaVYcfHY82P1s57I/s11r K8/+H2/WBhlozVCOh6UO0p+QpM3Fd+B5TXDrv+py6+nXh0L6RIBPuqQzAGLkncs= =E/cV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160608132505.GQ1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Everything is Tiny and Buggy in Display
Welcome. I also have the same experience with graphic artifacts and low graphic performance on GUI. I'm waiting for new Qubes 3.2 with new Fedora and Kernel. Hope new kernel 4.6+ will support my new graphic card. So, we are at the same boat. I think RC of Qubes 3.2 will be available on next week... > This graphic problem is literally the only issue preventing me from using > Qubes because it makes it unusable and after reading other threads, it > seems many other people are put off from Qubes due to graphic issues as well > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/386bc5b8-71f7-4716-913f-ab82564add39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.