Re: [qubes-users] Qubes Version from CLI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-06 20:36, Drew White wrote: > On Thursday, 7 July 2016 12:45:56 UTC+10, Andrew David Wong > wrote: >> Not sure what you mean. Is this way unreliable? > > Only in such a way that the file could be changed or corrupted or > altered in another way with ease. > > I know that everything can be changed, but using uname -a shows > everything, but there is nothing in there that signifies what > version of Qubes is being run. > > If the file is the only way, then I can work with that. > It's the only way that I'm aware of, and it seems to be a standard way of storing version information: $ ls /etc/ | grep release fedora-release@ os-release qubes-release redhat-release@ system-release@ system-release-cpe - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXfdGMAAoJENtN07w5UDAweTwQAJqq7fkmKFakIP9yxXa7TJtf xdgH1066DiJFQg8pC9zx7PEpnRLJfLUekhJkfIHmyk0wTlJ+TjHGnYFwqg3lZ+mk qbALZ/T3d8/OVqYROnQml6oHsmxF5zhRyshojSV5z+demHb58vcizsKED8SPIURa 70HdY2SS0LdqcXsKHzQoQWTFfwiBnPJ40B4tDSfIFB3SEKT4CC3et98vXGkX7cbr 49ND5cAkXIb3UmBPGHMJ/RfcN/uRUcG/LePta4TMT/7anWckodiph6t2NzJonxw0 n0TNRKuEVFNA4Mrqb62oUfptNxhtjHICU5n6MNKXEkJTmo4mvf1YRvTRU8T8BZMm Mg4cOYK+6npPQlzItK1KeXyN/nzjpYY06yzJSettgZYvUc3UDQG5mGcXb0LPDyuR SH4lnJg6/ibQbrww3BOpmSouvT8ic1X9TGTHL1R/hHW7cB1MuKUvwwijE0cUDlue RIplTZdCOswc7QDC4f4AB1TQsbRqZ+mY/WROQuZsJphEc2VHJhqTPzUQ7rWDe/Rd m1R4/EP/1aMyuVBZGkfYKc1kzs9dpfUjCQoJKgs9xkeTQJ119mflVz8JMPFNyTw2 jYCViZhZfwAVDS4CZKIPHF+KzQOM+VGOuB3+vqs5MuP3XZF+DOOh1dOXipQTQ2aC +bJxUla8uEffPpxaqMAU =NXch -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98505765-6adf-39c2-de8d-2772157ada33%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 3.1 crashing, no warning, no error message (Lenovo X230)
On Thursday, 7 July 2016 03:28:10 UTC+10, Andreas Rasmussen wrote: > Hi! > > I bought a Lenovo x230 and installed Qubes 3.1 early may. It has worked > like a charm, but in the last two or three weeks the computer has been > shutting down without warning or error message. It has happened five > times with no apparent pattern. It has both happened with both many and > few VM's open. > > The crash goes like this: The screen freezes for 3-5 seconds, then the > computer reboots. I get no error message. The reboot looks like a normal > boot. > > I have tried to look in the logfiles, but I'm not sure I'm looking the > right places. So for starters: Can anyone tell me what files to look in? > /var/log/messages only seem to have information about the session after > the crash, same goes for boot.log. > > (My computer skills are limited, so please bare with me) > > best, > > Andreas > > > -- > Andreas Rasmussen > Freelancejournalist (DJ) Twitter: @flinkeandreas > Email: a...@andreas-rasmussen.dk GPG: 7C72 581D 2645 7C25 I would advise installing Qubes 3.0 if you have not yet. If that doesn't have the issue, then it's something in 3.1 that changed from 3.0. I've had similar issues on another laptop. 3.0 didn't have an issue, 3.1 froze and crashed, and so did 3.2. So, go back a revision, if that doesn't work, put on version 2 and see if that has issues. If 3.0 works, maybe just try reinstallign 3.1, it may just have been a bad install, or else try installing it again first, before putting on 3.0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a3fdfdcf-d0c4-4c95-bd39-385407b9024b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Version from CLI
On Thursday, 7 July 2016 12:45:56 UTC+10, Andrew David Wong wrote: > Not sure what you mean. Is this way unreliable? Only in such a way that the file could be changed or corrupted or altered in another way with ease. I know that everything can be changed, but using uname -a shows everything, but there is nothing in there that signifies what version of Qubes is being run. If the file is the only way, then I can work with that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d49b290-fcbe-4f96-b86d-b9856f3ab969%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.1 crashing, no warning, no error message (Lenovo X230)
On 07/06/2016 01:28 PM, Andreas Rasmussen wrote: Hi! I bought a Lenovo x230 and installed Qubes 3.1 early may. It has worked like a charm, but in the last two or three weeks the computer has been shutting down without warning or error message. It has happened five times with no apparent pattern. It has both happened with both many and few VM's open. The crash goes like this: The screen freezes for 3-5 seconds, then the computer reboots. I get no error message. The reboot looks like a normal boot. I have tried to look in the logfiles, but I'm not sure I'm looking the right places. So for starters: Can anyone tell me what files to look in? /var/log/messages only seem to have information about the session after the crash, same goes for boot.log. (My computer skills are limited, so please bare with me) best, Andreas Logitech mice are known to trigger this bug. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0cbd52e5-8f24-8d9e-3f72-7650bb7ef0dc%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Networking
I forgot to mention, I use iptraf-ng for monitoring with speeds. You can set it to kbits/s or kbytes/s for each location targeting to and from. So you will start one, watch the speed, start another and another and another. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b4689985-f0b9-4b79-81f8-01ce2e0bbbc2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Networking
On Thursday, 7 July 2016 11:52:57 UTC+10, raah...@gmail.com wrote: > I have an i5 machine with integrated nic and ssd, and using a full 100mbps > will make it noticeably slower. But I guess if you have a powerful machine, > why not. > > How can I check what max speed is set to on the different vms. So it > doesn't just go by what the netvm can do? Easiest way... Run monitor on the netVM, or firewall VM if that is where you are at for the forking of networking. Do the same on the netVM too if you want. After that, create a file on another PC/Server that has a Gigabit NIC. Create a 5 GB file. Or less.. Maybe on 500 MB needed. Or 1 GB to be on the safe side. Perform a WGET on that file. Watch the speed in each window. In the Firewall VM you will see the speeds. In the NetVM you will see the speeds too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8dccdcc-39fd-4ce7-be5c-35fff115f716%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes Version from CLI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-06 18:46, Drew White wrote: > On Thursday, 7 July 2016 00:49:29 UTC+10, Andrew David Wong > wrote: >> >> In dom0: >> >> $ cat /etc/qubes-release >> > > Is there a reliable way? > Not sure what you mean. Is this way unreliable? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXfcJdAAoJENtN07w5UDAwK8QP/iq8CNYvRR8prtOkn43pFM1e ZwNdDyY2OesJ83J66FrYJk+QlIsHk8aykebQXspa8uFIriXrREF/4kGWB6OnUGTK dEZ3nFL5r/oycN6fMZ807NMejp4W8X/DDOZ0sMZzGkFkSH9jKY0YW8AEw6si5RcT 4IGAi6im8UNS2fbbpSxts0z7nu5HwMlgreowCdn5tEh0wWPI7Oa2vX+Hlul7uINy 0T3/6qA7K1e2whmtMFaEyM4nhmLx3mHsEkVI5UrcmGPVxEcBy4gu//7uH8hZBmv5 a+NLzyEh7XPzk1OocPyHymOH++6nLtKdneQHxvRaPvqYZhTQd2R6MDHBpk1w8p4p f646w5bLWjaKv3MkDdTmqJa51EG52iITg2R9aoLzsk/DyxV/An+OY5tWE2pD4L8U 96ELJD6T3kIOxvc6CgaOeFnzxaM5i8t7ggwriv6Nh4x+r9rbR1BPjvM4blLF5DPE 2Vedj8+PAb0vfx21/uo/JaCJPztQdOEsm01/BD4KivVuFjnNFSd2zmgN5vxrW4Yd palsEeZVJDMO9s9J7/KxWiXXLuHyx5vTLn71tRSnuoVhviy/0KAR/ao16xpT2G8c so0aQvZdB93FsmFYQeGTrr8bGHv3Ioug7VLnMBEut1jOFkfxThrF5cNkNFvL0JM6 UIm/DgNeQH0u4Y1Qjs/D =jcbn -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5ef0d5e-00a4-c1a3-f0ac-f208b99b90b5%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes top priorities suggestions for me as an user.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-06 14:24, juris...@gmail.com wrote: > Em quarta-feira, 6 de julho de 2016 17:28:49 UTC-3, Andrew David > Wong escreveu: On 2016-07-06 12:33, juris...@gmail.com wrote: Em quarta-feira, 6 de julho de 2016 12:37:31 UTC-3, Andrew David Wong escreveu: On 2016-07-05 12:35, juris...@gmail.com wrote: I mean, what is the default encryption? what are the default iteractions? How many bits? > > $ cryptsetup --help cryptsetup 1.6.4 [...] Default compiled-in > device cipher paramters: [...] LUKS1: aes-xts-plain64, Key: 256 > bits, LUKS header hashing: sha1, RNG: /dev/urandom > Plus, like i said, i am an USER. I am a LAWYER, not a programmer. The system should not be directed for people to, without ANYTHING in installer telling me things like i read in the link you pointed me like "aes-xts-plain should not be used for encrypted container sizes larger than 2TiB. Use aes-xts-plain64 for that" should be automatic warning in a pop up when the person chosing encryption inside the installer is chosing it! > > aes-xts-plain64 is already the default, so there's no need for such > a pop-up warning. That would just unnecessarily confuse users and > clutter up the installer. > > The same applies for most other settings. Sensible defaults are > already in place, and there's a limit to how much information > users are willing to digest and read through in order to go through > with the installation. The information presented must be > prioritized, since users' cognitive resources are limited. > Still the suggestion remains and with solid reasons: 1) a normal user DO NOT KNOW what WAS USED as encryption inside the installer. When i say that, i say AES? SERPENT? 128 bits? 256? Whirlpool? Not if it used LUKS, but even that is something that should be pointed, not just a "chose your password" > > A normal user doesn't need to know these details. An advanced user > can easily find out, or even configure things themselves: > > https://www.qubes-os.org/doc/encryption-config/ > 2) Outside the installer, is sad that is not in qubes faq or in the website. > > Feel free to help us improve the documentation: > > https://www.qubes-os.org/doc/doc-guidelines/#tocAnchor-1-1-2 > 3) And options to chose encryption are still a need. So the user can chose speed/security. For example, i dont trust AES intel thing, so i like to use serpent. > > Again, patches are welcome. > Plus, when i typed wrong FDE password, i could try again VERY QUICKLY, so i doubt a good secure iteraction number was used. > > Again, you can configure this yourself: > > https://www.qubes-os.org/doc/encryption-config/ > Imagine i keep telling my windows friends that knows nothing about programming to install QUBES and then when they ask about the encryption i paste a link like that and say STUDY SOME HOURS AND SOLVE THE PROBLEMS EVERY ONE OF YOU. HOURS FOR EACH STEP SO YOU DONT MAKE DUMB THINGS. Thats kinda nonsense. > > Not necessary. The defaults are fine for most users. > I mean, a security distro for desktop user, should have like a warning button pop up, "IF YOU USE SSD YOU CAN HAVE THE ISSUES X OR Y WITH ENCRYPTION", or other warnings everyone should know, in the programmer choice. > > Again, too many pop-ups of that sort would create unnecessary > cognitive load on users. In cases where something is truly > dangerous, either a sensible default is chosen, or if the user must > make a choice, a warning will be shown. Otherwise, we make sure to > clearly state such warnings in the documentation. > For example, after i did read the link you pasted, i tought was VERY IMPORTANT to know that: "CLONING/IMAGING: If you clone or image a LUKS container, you make a copy of the LUKS header and the master key will stay the same! That means that if you distribute an image to several machines, the same master key will be used on all of them, regardless of whether you change the passphrases. Do NOT do this! If you do, a root-user on any of the machines with a mapped (decrypted) container or a passphrase on that machine can decrypt all other copies, breaking security. See also Item 6.15." ... So... wth?? If you change the password, anyone with any password can read my encryption WITHOUT MY PASSWORD? So, whats the point in changing password of a container in case was compromised? > > I think you're misreading that. That only applies under a very > specific set of circumstances (described in the quotation). > I mean, giving warnings and orientations would be a very time consuming thing, i know, i was just mentioning the ideal scenario from a security distro installer, but
[qubes-users] Yellow Status Icon in VM Manager
I am using Qubes 2.0. Lately I noticed something odd in the VM Manager. Both the "Netvm" and "Firewall" have a yellow colored icon under the "State" column. Sometimes they stay like that even if I plugin my Ethernet cable to go online. I don't notice any difference in function but it concerns me because yellow usually means warning. The only way I can, for sure, make the "State" icon turn green is to stop then restart them. Should I be concerned? If yes, then what are your suggestions? Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/22b0aec8-f291-4801-bcc2-d5493697cfba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes top priorities suggestions for me as an user.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-06 12:33, juris...@gmail.com wrote: > Em quarta-feira, 6 de julho de 2016 12:37:31 UTC-3, Andrew David > Wong escreveu: On 2016-07-05 12:35, juris...@gmail.com wrote: Em terça-feira, 5 de julho de 2016 06:54:14 UTC-3, Andrew David Wong escreveu: On 2016-07-04 22:46, juris...@gmail.com wrote: >>> 1) qubes is a system for security and isolation. But >>> when you install, you have no encryption options. Qubes uses full disk enryption by default: https://www.qubes-os.org/doc/user-faq/#does-qubes-use-full- disk-encryption-fde >>> distros thinks that if a user wants some strong crypto >>> thing, they must research themselves and do all >>> manually. We dont even find nothing about qubes >>> encryption in docs. That is wrong. I added this page to our docs a week ago: https://www.qubes-os.org/doc/encryption-config/ >>> [...] >>> >>> 5) i will use this post to state that tor behaves >>> differently to connect in windows tor browser, or >>> linux tor browser, compared to whonix, and i dont know >>> why. Whonix gets always same speed, 250 to 500 Kbps, >>> (not KBps) with speed of 30 to 60 kB/s of downloads, >>> and in tor browser outside whonix, i get 500 to 1 Mb >>> kB/s downloads. Thats really strange and wasn`t >>> expected. I get this behavior for almost 2 years, and i >>> dont have the expertize to know why. after some >>> googling, i saw i am not the only one getting different >>> special routes in tor using whonix. >>> This sounds like something that should be reported to the Tor project or Whonix. Thanks, Andrew. But still... I did not find wich encryption is used by default in qubes documentation. > > Well, Qubes just uses cryptsetup/LUKS/dm-crypt from upstream, so > you should really be looking for that in the cryptsetup > documentation (FAQ): > > https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestion s > > > And people still has to do it manually. Plus, when i went to the advanced partitioning, there were lots of bugs. We need to be able to chose serpent, aes, cascade, iteractions, etc. > > Patches welcome! > > > I mean, what is the default encryption? what are the default > iteractions? How many bits? $ cryptsetup --help cryptsetup 1.6.4 [...] Default compiled-in device cipher paramters: [...] LUKS1: aes-xts-plain64, Key: 256 bits, LUKS header hashing: sha1, RNG: /dev/urandom > Plus, like i said, i am an USER. I am a LAWYER, not a programmer. > The system should not be directed for people to, without ANYTHING > in installer telling me things like i read in the link you pointed > me like "aes-xts-plain should not be used for encrypted container > sizes larger than 2TiB. Use aes-xts-plain64 for that" should be > automatic warning in a pop up when the person chosing encryption > inside the installer is chosing it! > aes-xts-plain64 is already the default, so there's no need for such a pop-up warning. That would just unnecessarily confuse users and clutter up the installer. The same applies for most other settings. Sensible defaults are already in place, and there's a limit to how much information users are willing to digest and read through in order to go through with the installation. The information presented must be prioritized, since users' cognitive resources are limited. > Still the suggestion remains and with solid reasons: > > 1) a normal user DO NOT KNOW what WAS USED as encryption inside > the installer. When i say that, i say AES? SERPENT? 128 bits? 256? > Whirlpool? Not if it used LUKS, but even that is something that > should be pointed, not just a "chose your password" > A normal user doesn't need to know these details. An advanced user can easily find out, or even configure things themselves: https://www.qubes-os.org/doc/encryption-config/ > 2) Outside the installer, is sad that is not in qubes faq or in > the website. > Feel free to help us improve the documentation: https://www.qubes-os.org/doc/doc-guidelines/#tocAnchor-1-1-2 > 3) And options to chose encryption are still a need. So the user > can chose speed/security. For example, i dont trust AES intel > thing, so i like to use serpent. Again, patches are welcome. > Plus, when i typed wrong FDE password, i could try again VERY > QUICKLY, so i doubt a good secure iteraction number was used. > Again, you can configure this yourself: https://www.qubes-os.org/doc/encryption-config/ > Imagine i keep telling my windows friends that knows nothing about > programming to install QUBES and then when they ask about the > encryption i paste a link like that and say STUDY SOME HOURS AND > SOLVE THE PROBLEMS EVERY ONE OF YOU. HOURS FOR EACH STEP SO YOU > DONT MAKE DUMB THINGS. Thats kinda nonsense. >
[qubes-users] Re: Windows Tools - save some state
Yes. It was possible to manage the size of this window(WinHVM), before I switched to XFCE. Try right click on title bar, then select "resize". Yes, I do it this way :) But "resize" is "grey" and it's not possible to select it. And when I "move" it, then window automatically go to it place as it was before moving it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nljpg6%24tjn%241%40ger.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.1 crashing, no warning, no error message (Lenovo X230)
On 07/06/2016 07:28 PM, Andreas Rasmussen wrote: > Hi! Hi :) > [...] > I have tried to look in the logfiles, but I'm not sure I'm looking > the right places. So for starters: Can anyone tell me what files to > look in? /var/log/messages only seem to have information about the > session after the crash, same goes for boot.log. In the next boot just after the crash, try with this command in a dom0 terminal, after having gained root permissions: journalctl -b -1 -xe this asks journalctl (the new centralized log manager, comes with systemd) to tell you everything about the last boot session (-b -1, it is relative to current boot, so you will have different results if you reboot!) and to automatically jump to the end (-e) and add explanations (-x) where available. Explanations start with a double minus sign, actual log lines start with the timestamp. On a normal boot session, using this command, you will see entries that lead to the unmount of the filesystems and the shutdown of the system. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d10f23d6-efc0-d244-2090-493f2647b17d%40gmx.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Add options for making performance tweaks/enhancements with disclaimers?
Wow, that was fast . . . First, I was just using the full screen thing as an easy example because it's something that I /know/ can be modified. I didn't want to suggest something that isn't an option since I'm a Xen noob. With that said, I'll pose some options as a Xen/Qubes noob. Doesn't Qubes isolate memory and vCPUs between VMs instead of allowing for shared resources (which I believe is something that Xen does)? Things like that is what I'm after, I suppose. I'm sure you're sick of hearing it, but man, I really wish my FirePro card had support under Qubes or that I could "sneaker-net" the appropriate drivers into dom0. ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de836f37-7614-496b-81ee-c4f5c74ba4b3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Creating a VPN VM using openvpn issues? (starting with no /rw/config/openvpn ?)
On Wednesday, July 6, 2016 at 9:50:10 AM UTC+12, Chris Laprise wrote: > On 07/06/2016 09:31 AM, gaikokujinkyofu...@gmail.com wrote: > > On Wednesday, July 6, 2016 at 5:40:20 AM UTC-4, Chris Laprise wrote: > >> On 07/05/2016 03:05 PM, gaikokujinkyofu...@gmail.com wrote: > >>> I renamed the file, and that seems to have gotten it, in that I am now > >>> prompted to login to the vpn but now I noticed that my VpnVM does not > >>> have network access? > >>> > >>> I don't know at what point this happened but perhaps this is related to > >>> what Chris was talking about with the firewall blocking openvpn? (though > >>> I am not even able to ping things like google.com etc, vpn running or > >>> not). I did not change the NetVM, it is still sys-firewall if that > >>> matters? > >> You will probably need to put your username and password in an > >> /rw/config/openvpn/auth.txt file, then add 'auth-user-pass filename' to > >> your ovpn config. This will allow openvpn to connect without user input. > >> > >> Connecting the vpn vm to either sys-firewall or sys-net is fine. > >> > >> Once the qubes-firewall-user-script is running you can't ping or make > >> other connections from inside the vpn vm. You should connect an appvm to > >> the vpn vm and test from there. > >> > >> BTW, I'll be submitting a revised doc that mentions when and where to > >> test the connection. > >> > >> Chris > > Thanks for that auth part, quite handy. As for not being able to connect > > from inside the vpn, ok I guess except shouldn't the vpn at least be able > > to connect? when I try to start up the vpn (now with the handy auth > > automatically put in) I get this: > > > > sudo openvpn --cd /rw/config/openvpn/ --config > > /rw/config/openvpn/openvpn-client.ovpn > > Wed Jul 6 09:10:59 2016 RESOLVE: Cannot resolve host address: > > vpnprovider.org: No address associated with hostname > > ^CWed Jul 6 09:11:06 2016 RESOLVE: signal received during DNS resolution > > attempt > > Wed Jul 6 09:11:06 2016 SIGINT[hard,init_instance] received, process > > exiting > > [user@VPN openvpn]$ > > Right... It should do that because with the firewall rules only programs > run under group 'qvpn' can access the net. You didn't run it with the > group there. > > And I guess you can also ping and stuff in the VPN VM, too, if you run > those programs under the group. But in general you should avoid it. > > Chris Hurrah! Happy to see that an error is actually a *good* thing. So, with your reminder I retried it with sg and it works! and using it as a proxyvm for other appvms works! I am going to let this soak in a bit, read up on (quite) a few things (like sg?) then try to figure some other aspects out like randomly (or somewhat randomly, or at least more easily than editing files each time) being able to switch vpn servers as my provider has a few to pick from. Thoughts? Thank you so *very* much for your help/patience, there is no way I would have been able to read my way through this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7a79da70-210d-458f-acdc-4ac2d3a215f9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Install Help Lenovo W540
Additional info: I have never been able to get linux to play nice on this W540 except the Ubuntu 12.04 image that lenovo provides. I do have that if there is some info we can salvage from it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d3100b8-5d8c-467f-abf7-e39323531d5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Install Help Lenovo W540
I have read a lot of documentation and the laptop is on the HCL as working. W540 i7 4900 Nvidia K2100M 16GB RAM 3k Dispaly Issue: Installer will freeze after about 1 minute in the GUI everytime, no matter what step you are one. Things I noticed: About t-5 seconds to a total system halt (keyboard and mouse stop working) The progress spinning wheel hangs. If you are in a CLI installer you see the error: (anaconda:1131): Gdk-ERROR **: error: XDG_RUNTIME_DIR not set in the enviroment Pane is dead Troubleshooting done: Download... Verified and Redownloaded Image... Using Rufus Tried multiple USB drives Set BIOS to UEFI/EFI CSM on and off (every combo) Disabled TPM in BIOS as that was how the W540 in HCL was setup No Change Changed power management settings in BIOS Reset BIOS to factory settings Disabled VT-D Slammed head against wall Added args to xen.cfg to disable nvidia card Attempt 1 [qubes] options=console=none kernel=vmlinuz inst.stage2=hd:LABEL=Qubes\x20R3.1\x20x86_64 i915.preliminary_hw_support=1 rd.blacklist.drivers=nouveau nouveau.modeset=0 quiet rhgb ramdisk=initrd.img Attempt 2 [qubes] options=console=none kernel=vmlinuz inst.stage2=hd:LABEL=Qubes\x20R3.1\x20x86_64 i915.preliminary_hw_support=1 i915.modeset=1 nouveau.modeset=0 quiet rhgb ramdisk=initrd.img Nouveau messages can still be seen on startup with both of those on xen.cfg on the flash drive. Notes: BIOS does not have an option for disabling NVIDIA chip This is really stressing me out thanks for any help. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c505760-838c-4396-b6c8-c7193981fa05%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes top priorities suggestions for me as an user.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-05 12:35, juris...@gmail.com wrote: > Em terça-feira, 5 de julho de 2016 06:54:14 UTC-3, Andrew David > Wong escreveu: On 2016-07-04 22:46, juris...@gmail.com wrote: 1) qubes is a system for security and isolation. But when you install, you have no encryption options. > > Qubes uses full disk enryption by default: > > https://www.qubes-os.org/doc/user-faq/#does-qubes-use-full- > disk-encryption-fde > distros thinks that if a user wants some strong crypto thing, they must research themselves and do all manually. We dont even find nothing about qubes encryption in docs. That is wrong. > > I added this page to our docs a week ago: > > https://www.qubes-os.org/doc/encryption-config/ > [...] 5) i will use this post to state that tor behaves differently to connect in windows tor browser, or linux tor browser, compared to whonix, and i dont know why. Whonix gets always same speed, 250 to 500 Kbps, (not KBps) with speed of 30 to 60 kB/s of downloads, and in tor browser outside whonix, i get 500 to 1 Mb kB/s downloads. Thats really strange and wasn`t expected. I get this behavior for almost 2 years, and i dont have the expertize to know why. after some googling, i saw i am not the only one getting different special routes in tor using whonix. > > This sounds like something that should be reported to the Tor > project or Whonix. > > > Thanks, Andrew. But still... I did not find wich encryption is used > by default in qubes documentation. Well, Qubes just uses cryptsetup/LUKS/dm-crypt from upstream, so you should really be looking for that in the cryptsetup documentation (FAQ): https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions > And people still has to do it manually. Plus, when i went to the > advanced partitioning, there were lots of bugs. We need to be able > to chose serpent, aes, cascade, iteractions, etc. > Patches welcome! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXfSWyAAoJENtN07w5UDAw3C4QAMA/sIgs5nXL6TJN/kyLslkK vycm0sed8mLJy9caFbh1N2rgo6COaMD4ql6UHFast9JYpwugZ0ld6u0za2Nx7eoh XPiuUpHY4r745UEz7VhAHEkJZtNXnPlzmcJlb7r79lq35Ck/oHlvbrUBGXfzRctJ FYNK7CSoWqy385hFSNcH5EHrlySmwIpxFjs7zLYegN3MyBTjqmXlTex8whyiV7o7 zSdvsZsawKcB172LUbwxCcKTc33a7uFsFRsDpcdDjIlkoSBjKFfQVQovcXMLzxFU dv7Sse3j6cmeV7MbegD9zYRNC4/KIE5rIva0bWM8rDwLhgIdpWyrdZyEl5PQf4Zz prFRE8c0+6CCSAxFLVcK8GVtWmjHPN5IjeFDV/qNpL8/hRBI9B8U2liDaC+6XQhM CEo7Cqx98ciOz+pP7Rq3PsArWmi57J/ZgjPtU/5ITDkuiU6MzIMuzVnhiQVMMV+p VztfM4239yDQGc/Xh+lTRKeFqebFW7w4+02nm0VFslIYbmmkzvKcwkv2Zd6vTAGw WfGnf5aTf0SdILL7QZ1gVHoPq6bPIM3Bxg9Bs1JhLACcRT18JJotCBnAmttcCUxJ MDuBTkXPB5H27oWybgyv0KPnNFFLCjwWmU1vcMB9p426CGiOSdzoEemj4TdF1OvZ 6yl1Ymih9pRVSb6y/r88 =qvTi -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c42f20ef-3647-5e91-186d-b9c0371aa716%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] newbie question about port forwarding and remote connection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-06 02:07, Nicola Schwendener wrote: > Eva, another question: should I use the HVM or HVM-Template for the > windows VM? what the main difference between them in a Windows VM? > best regards Nick > If you haven't already had a chance to read these pages, you may find it useful to learn about how TemplateVMs work in general: https://www.qubes-os.org/getting-started/ https://www.qubes-os.org/doc/templates/ The basic TemplateVM principle is the same when it comes to Windows TemplateVMs. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXfSP6AAoJENtN07w5UDAw+BAP/1sn4le0yUqnnQgu7C1tyYYP GCNQNBtvT7qoR2VbJjvtQxxO98dgyyTbveqtt0CO150f9WRTxUVjw/J8DHT3IcPQ bPp0dbOLUKTvomIItVDEz5T52dQH0lmsX2RjO7jt5xSEhUTNAPEVR1wrsZG77B6e NVZCIoWURYuEcyvR43cfFFpAJJcqWk2S0geTKDSU4Szow89PigINPVClNpxqHrEF AGuDSrammiC/kgka5nEmMFkOMysBhAtWrsgESfszcKl0uTIbhh9Xs7NttbIOJaqX /5M7EWO57F5dOhBn1YMMgQBS7SXmpRWtxJ9+FT+9zwEDaGy90pL3dXfLVx4CaAF9 6SE7jQScAGu4fd7M+0+6PcsukUIbStcliW6H0xUd0lzKzxmEx/fxR7UXu4/BC/HZ Y0+dnW7+e6d/DT93Uo2Wz8rS2xNDwMTaF0oRSAtoHRc+Wuo3+Kdfsofbr7NuHXB2 veVdv6o08fooFTgjvdE3tIangz+y4sF51zXaxpVxPQd3SEghQVkyYHyclRrDzVWQ x+aM6yPm1J8XPppA0YwOQz6paMEFrhv0Y8olYqzsR6tDQCzx+DwX6AQ6RB5q+0Yl xKl6DdHYSMlBkXqsVnjKGsyF/l3wmgRXgS4jTL2fNotrvll09WJFmox0lk9Fg2m0 9rI7inGrEnEiUfWdAE8M =FWny -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9fd41b11-6736-96ff-bea5-5d973317603c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-06 00:04, Marco D'emet wrote: > Hello, > > Recently I have installed Qubes-whonix. To begin with I had > trouble updating dom0 and the VM templates, alongside this I had > tor bootstrapping errors which highlighted an issue with not being > able to download the meta packages for both whonix-gw and > whonix-ws templates. I resolved this issue and lastly updated the > fedora template VM. After reboot tor was then able to connect > however in the system tray a new icon appeared with two desktops > and a red cross square, hovering over it read 'Networking > disabled'. What is this issue and how do I resolve it? > > Further details, When I right click the icon the prompt to 'enable > networking' is shaded out. When I click the 'about' prompt I get > the window title '[sys-firewall] About NetworkManager Applet', > inside it reads that it is NetworkManager Applet 1.0.10. > This is the NetworkManager applet running in sys-firewall. Normally, sys-firewall is connected to sys-net for network access, and the NetworkManager applet only runs in sys-net. (The situation can be different if you're running things like VPN VMs, but we'll set those aside here.) In short: the NetworkManager applet shouldn't be visible in sys-firewall in the first place, but it's not a big problem (just a confusing one). There's normally a script that hides it, but in your case, that's not working for some reason. You should be able to kill the applet by opening a terminal in sys-firewall, then running: $ sudo kill $(pidof nm-applet) See this thread for a similar discussion: https://groups.google.com/d/topic/qubes-users/DMqWMAi8EP0/discussion > I have read many other discussions in this group and none have a > solution that works. I am very new so I apologise for not being > able to provide more information. As an aside it would be helpful > if in addition to helping me solve this problem I might also be > directed to sources which will let me better learn how to > understand and work with qubes. > The main sources are our documentation: https://www.qubes-os.org/doc/ And our mailing lists: https://www.qubes-os.org/mailing-lists/ > Lastly, I have tried updating all templates and dom0, as I said I > have tried the solutions found elsewhere regarding enabling > networkmanager.dispatcher. I have tried as much as I know or > understand. Looking forward to some resolution to diminish > frustrations of qubes. > So, are you still having problems updating dom0 and your templates? If so, can you explain the problems? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXfSJNAAoJENtN07w5UDAwpw8P/As4yk3dA9PwhixXLDRlrN1V /MPmBQovQNB3IXHfXkO7lUW2OZUzpzsJAqNc4BmPoSeOwkV4A6IIYD7xOIlClU/e bYOOwPQBHHGjHCrE8zeMOHuMYTpF8j6EcBKm/6jGDVoNSe4VqTtHTl8Z7hSps6gv 5/pZakWSspgsxPpnlxZ3E3fBUvItswaYESxVBAyM0sZoCNIVd2qcJXTN/xjSVkvs 9Rwb/PtsRgxcH1vq28dE4k6Tlh8ZRgDofFI13GULhjq+FO2qntGTA2Mp/qYAIZ/z 5M4tf1z1st7+f8I0snqFezuF0jsnmGOXhRz4zQvVtxhrzEojFUV+mXe5C6Sp6BZt F+OFiqObgQL+fL2crCWb83+JR2nA0e9qrRCzYvk/0YLCsef2wyNcgtOpfDrzGyUu YjzNvbPugwrxIAOoV//Pz9TxWrvQ6AsUCaCPMh//42ZrL+HRb2A3L6zV6U9PYwMS 4pMROZjmDBsbMHXeHZ2qGiRo/Rtskz0VHpADEyRrhHyObGxepbzmqJvSsA640Dqq FENqCPT+vAL9khoZA8HWTQuyQQQjMJu6PSD0sNzb9Zyl6YwUh9PZ5kpgrijuggKi QPPQM4vlhodOqnfKEK7OdvypuYUbDTOvu3gE5JwZFdY3HKEKYzO3EcjlIo50RlAA h5h6prqZ+Nd0J+8mlRdl =eajJ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85963240-0c44-8506-ca2e-d1c498276a81%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows Tools - save some state
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jul 06, 2016 at 02:14:29AM +0300, Eva Star wrote: > > >> * On XFCE it's not possible to somehow "unmaximize" WinHWM > >> window (make it any size). When you resize it, then it become > >> full-size automatically. > > > > Strange. Does it happen only on XFCE? > > > > Yes. It was possible to manage the size of this window(WinHVM), before > I switched to XFCE. Try right click on title bar, then select "resize". > > You are probably talking about GPU passthrough (giving a single VM > > control over the whole GPU - assuming it isn't the only one in the > > system). Yes, currently it requires running qemu in dom0, we we > > don't want to. To solve this problem, first we need to fix this: > > https://github.com/QubesOS/qubes-issues/issues/1659 > > > > "GPU passthrogh" requests secondary display to be connected to the > GPU? Yes, this one. > Or VM which control secondary GPU can redirect image to primary > display and only use computing resources of GPU number two ? thanks I guess it should be possible with optimus, but probably will be tricky at least. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXfMBTAAoJENuP0xzK19csiBIH/iG+Qi4ajkcrv+tFymZFH+Tb +EO7Wao4XOW7JREhs900sGyLJJRtjMqi4gMMFEhz4Q6PvAOQ+Fa4SoVHcGseFNkt BQFrMGPxGSiG9L01UE0iQgJ1UsHB/LWYYjLohl+41GoU9xsYkIIt0ilMVtcW76Ps nZFpkbCHPD9XsICiuL5vdvN6wQxN2aIq44Qe+cjJ4DHrZSJUfG3FWiUhPxWCgHTg IiDpsZnmq2hMswKngPrAnc0dRz3nXNX1rGaUGO+8Ektbi0I9buTiWr3QdTebNsA2 6B4DlorRqyXooRmgAjf81nBz1AGksfuCCwnptEDpOoRKdykwfAt77fQH5Ss4r8A= =hB5C -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160706082449.GH4609%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Networking Disabled - cannot enable NetworkManager Applet [sys-firewall]
Hello, Recently I have installed Qubes-whonix. To begin with I had trouble updating dom0 and the VM templates, alongside this I had tor bootstrapping errors which highlighted an issue with not being able to download the meta packages for both whonix-gw and whonix-ws templates. I resolved this issue and lastly updated the fedora template VM. After reboot tor was then able to connect however in the system tray a new icon appeared with two desktops and a red cross square, hovering over it read 'Networking disabled'. What is this issue and how do I resolve it? Further details, When I right click the icon the prompt to 'enable networking' is shaded out. When I click the 'about' prompt I get the window title '[sys-firewall] About NetworkManager Applet', inside it reads that it is NetworkManager Applet 1.0.10. I have read many other discussions in this group and none have a solution that works. I am very new so I apologise for not being able to provide more information. As an aside it would be helpful if in addition to helping me solve this problem I might also be directed to sources which will let me better learn how to understand and work with qubes. Lastly, I have tried updating all templates and dom0, as I said I have tried the solutions found elsewhere regarding enabling networkmanager.dispatcher. I have tried as much as I know or understand. Looking forward to some resolution to diminish frustrations of qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de9805fa-48de-4494-b9d4-45d8111ca9a2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
