Re: [qubes-users] Re: How To Replace Libvirt Drivers
Also, are there any driver updates that would fix this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/027a20d4-1068-41cf-b992-5c7a54baf768%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can't fin chrome
I downloaded chrome and started it but it doesn't show up as a program that I can make a shortcut for. I don't know if i installed it wrong or if I've installed it all please help. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6499182-ec54-48fb-9203-3c095fc81126%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: off topic - invite codes to 'riseup'
Hi, Can you send me rise up invitation code please. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6bc1afc7-3502-4897-a45c-27a4baff4188%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
On Wed, Nov 29, 2017 at 03:12:46PM -0800, pr0xy wrote: > On 2017-11-27 09:33, awokd wrote: > > On Mon, November 27, 2017 05:40, pr0xy wrote: > >> On 2017-11-20 18:08, awokd wrote: > >>> On Mon, November 20, 2017 10:01, pr0xy wrote: > Please help a somewhat noob who wants to use Qubes in the office. > > I got the OK to try using Qubes R3.2 in my company network as a > workstation. They have a very restrictive proxy that forces all traffic > through an HTTP/HTTPS proxy like: > > proxy.example.com:8080 > > How could I force all Qubes traffic to go through that proxy and that > port? > > Would that be in sys-net, or a Firewall VM? > >>> > >>> Check https://www.qubes-os.org/doc/vpn/ . Ignore the parts about VPN > >>> setup > >>> but you should be able to set up your proxy redirect in the Proxy VM. > >>> I'm > >>> assuming local traffic like DNS lookups would not go through the proxy. > >> > >> Thanks. I have been reading up on the ProxyVM, which seems to be the way > >> I would do this, but I'm a bit confused as to where I would add these > >> proxy settings. I'm not familiar with manipulating IP tables, or writing > >> the sort of scripts on that page, but is that what I would need to set? > >> > >> I wanted to stay away from setting the environment variables for > >> http_proxy, https_proxy, ftp_proxy and no_proxy in each VM. Ideally I > >> think I'd like to use a ProxyVM to proxify an entire AppVM, but the > >> documentation doesn't make it clear how I would attempt this. > > > > You're right, you'd need to manipulate IP tables. There is no built in way > > to do it with just the Qubes UI. > > > > See > > https://stackoverflow.com/questions/10595575/iptables-configuration-for-transparent-proxy > > for an example if you wanted to use the transparent proxy approach. > > Sys-whonix is essentially a transparent proxy that forwards all traffic > > through Tor. > > > > Another option could be > > https://www.qubes-os.org/doc/config/http-filtering-proxy/ . See also > > https://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html > > I know how to manipulate a torrc file to work through my proxy. That > works very well as I can just set HTTPProxy host[:port] and it goes. > > In a ProxyVM I'm a bit lost. Would I be setting Firewall rules in the > VM, or adding a network connection and manipulating that? I'm not clear > where I would be manipulating the IP Tables. You say you want ALL traffic to go through the proxy, but I'm guessing that there is a local DNS server on the network. The first thing is to be clear about what services are to pass through the proxy. Then the simplest way to get what you want is to manipulate the rules on sys-net. If you look at the rules there you will see that traffic from sys-firewall and below is subject to MASQUERADE in the nat table, and everything originating from vif interfaces outbound is allowed in the FORWARD chain. So if you want to direct http traffic through the proxy just insert a rule in the PREROUTING chain like this: iptables -t nat -I PREROUTING -i vif+ -p tcp --dport 80 -j DNAT --to proxy.example.com:8080 You can set this in /rw/config/rc.local - remember to chmod that file. Look at https://www.qubes-os.org/doc/firewall/ I hope this points you in the right direction. Obviously this wont affect traffic originating from sys-net but then I recommend having a restrictive OUTPUT on sys-net and sys-firewall. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171130022054.uql7ofsors5jen6f%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Printer working with Debian DVMs but not when opening up a doc in a DVM from e.g. Work VM?
I am not sure of the pros and cons but I actually think its OK and makes sense. I like the restricted DVM having restrictions. Thanks again...and thanks Qubes team! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6e26cc8-7d45-43f3-a3c6-2f5349f6214c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Recover broken bootloader
On Tuesday, October 31, 2017 at 10:28:48 PM UTC+1, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Mon, Oct 30, 2017 at 08:23:39PM -0700, loke...@gmail.com wrote: > > My laptop has started to fail to boot my 4.0rc2 installation. This started > > after doing a qubes-dom0-update, but I'm pretty sure that I had rebooted > > the machine successfully at least once since then. > > > > The computer has now gone into a bootloop, and fails to display the GRUB > > screen. I can only assume that the bootloader is crashing. However, nothing > > is displayed on the screen. > > > > Is there a recommended procedure to reinstall GRUB when booting from the > > installation media? > > Standard things should work: > 1. Boot from installation media (rescue mode) > 2. Agree to mount the system > 3. Chroot into /mnt/sysimage (chroot /mnt/sysimage) > 4. If /dev is empty, mount it with: mount -t devtmpfs none /dev > 5. Execute: grub2-install /dev/sda (or other disk, depending on your > configuration) > > Then, exit from chroot and reboot the system. > > - -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJZ9wv1AAoJENuP0xzK19csWWAH/j190OmGcCr9LcFy5kpm0pZH > vvfIGrSm8MsydbhnRv5tCuuhCmBpLD71siC5fxcI63E/bon1VDIZFd7Glc0I6Z9B > +Uvwi1pMtc+i38ixfa9UUDmhenjQ5zZRAxNQwvCDVsNxFZBiAdWvk1FdtSqKsEU9 > SGKDxO81HgsL84JD0JzzCn4iCFBzcwTEJrnJHmrb+7KteevynFNMAGRIcoXXCNhH > cmuTB6QoRC5b5Kvx5NizKjUMfPehmfdik0FQVy1Mi3O9BwIgweNnUDEQ7mbjH6JR > seKuH2VYa/7DjgAv05nmjv8DjalDlhbimc5CkKlLwtac8NmFQUdeiM88no2lpaE= > =5yqg > -END PGP SIGNATURE- Was having a similar problem. I have boot installed in a separate usb and after following the process of chroot... grub2 install and rebooting it ask me for the passphrase and all end up with a grub> shell with the system not booting. There is a way to clone my boot usb to another usb or to build a new one? or better reinstall. Thanks guys. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bdb276e3-0736-42a1-980f-6304ee6d4ef7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-backup-restore --verify-only broken ?
On 11/29/2017 05:43 PM, Jean-Luc Duriez wrote: Hello Qubists I currently use Qubes R4 RC2, and would like to upgrade to RC3 after a backup. But I experience problems with the qvm-restore-backup --verify-only command. Should I worry about the quality of my backup ? Hi, I created issue #3303 about this. I've started to fix the code, and can verify backups already. So far all my backups appear to be OK, so I think qvm-backup is creating the backup files correctly. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6aff334f-245f-f5f9-a382-31538572d654%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Failed to load Kernel Modules
On Tuesday, November 28, 2017 at 11:04:06 AM UTC-5, Tom Zander wrote: > On Tuesday, 28 November 2017 14:18:44 CET cooloutac wrote: > > Of course many feel Qubes is for more advanced users, and apparently that > > will become a self fulfilling prophecy in version 4. > > Looking at the (lack of) UI tools at this time, you can be excused thinking > this. I personally think its a focus issue. The core devs are good at > security, and that is where their focus is. > The people behind Qubes don't have to focus on usability, though. They can > focus on an awesome core while others focus on tooling. > > I'd love to help write some great user interfaces that improve upon the > Qubes supplied ones (which is a low bar), and do that in an open source > manner which help improve the usability for everyone. > As long as I don't have to use python, so the only thing we really need is a > good interface which is language-agnostic. > > -- > Tom Zander > Blog: https://zander.github.io > Vlog: https://vimeo.com/channels/tomscryptochannel understandbale -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff000860-b5cc-4732-a488-2e615bfa280c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 3 different rez monitors doable?
I don't see why this wouldn't work, but at the same time, I thought better to be safe than sorry. I have two monitors (1920x) hooked up to my comp which has two video out ports, I wanted to add a 4k monitor and will have to add an extra card. So. 1) Is there any reason this wouldn't work? 2) Is 3.2 working ok with 4k? 3) assuming it should work ok, any "super-compatible" cards I should be looking at? esp lower profile cards as my sys's internals are a bit crowded now. btw, I am not a gamer the most proc intensive things I do is watching videos, occasional video(minor/non-prof)/gfx editing, photo stitching etc... most of which i guess don't use a gfx proc anyway? Thx in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7980ff15293a3c1091548a951178259b%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: 4.0 rc1 firewall failed stderr cannot execute qrexec-daeomn
On 11.11.2017 13:43, David Hobach wrote: On 11/11/2017 12:52 AM, Stumpy wrote: On 10.11.2017 17:45, David Hobach wrote: On 11/10/2017 05:41 PM, David Hobach wrote: Your point about sys-net not working might very well be part of it as it seems to start sometimes and not others, though the firewall isn't starting 100% of the time. There's a few issues wrt the qubes firewall open on github. The funny/bad thing about it being that if it doesn't start, it'll default to "Allow all"... x_X That's present in 4.0rc2 at least. Correction: Just noticed that you were probably talking about the sys-firewall VM. I was talking about the qubes-firewall service running in sys-firewall. Well it seems that reinstalling didn't help. I tried w/o creating the whonix or usb sys templates, i didn't try the "advanced" option as I was not sure how to make templates and wasn't s motivated as to go that path. I did try the qvm-start route and wasn't able to start any of them, even when sys-net was up. A bit of a pity as I was looking forward to tinkering with it... and "learning how to stop worrying and love" Qubes w/o a VM Manager, I kinda liked the manager ;) Check the other threads on the topic (there were a couple about VMs not starting recently). Also try to set non-starting VMs to virt_mode = pv and try qvm-start again. That has some negative security implications (check Joannas thread on pv vs hvm virtualisation), but it might get them started at least. qvm-prefs sys-firewall virt_mode pv Ah well, will try later to upload (somehow) the journalctl outpt. Thx for the pv mode pointer, worked like a _charm_, much apprec. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/414f2be8108f133099343cb4199cb4b6%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Fedora-minimal template cloning issue
I can manage to load a Xterm in my newly clone VM with command in dom0 : "qvm-run -p -u root VMNAME xterm". But how comes, that it is not available in template applications ? Let's say i'm mostly a GUI user, actually digging the dark side of command management. maybe missed something ? Thanks ! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/394d4314-b5b0-4f28-995d-b5810831f119%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora-minimal template cloning issue
Hello everyone, >From a fresh Qubes Install (V4), I'm trying to set up MFA authentication like >explained here : https://www.qubes-os.org/doc/multifactor-authentication/ This requires the installation of "fedora25-minimal" template. Template install succesfully, with an "xterm" available for commands inputs... But, When I clone this VM, the new one does not have the "xterm" App available. Only app available is "Start" which only Loads the "domain", but does nothing else... What am I doing wrong with this clone ? Thanks & Best regards ! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2133a905-e74c-43d2-b013-0fa2ad1c7a06%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes in a corporate network behind HTTP proxy
On 2017-11-27 09:33, awokd wrote: > On Mon, November 27, 2017 05:40, pr0xy wrote: >> On 2017-11-20 18:08, awokd wrote: >>> On Mon, November 20, 2017 10:01, pr0xy wrote: Please help a somewhat noob who wants to use Qubes in the office. I got the OK to try using Qubes R3.2 in my company network as a workstation. They have a very restrictive proxy that forces all traffic through an HTTP/HTTPS proxy like: proxy.example.com:8080 How could I force all Qubes traffic to go through that proxy and that port? Would that be in sys-net, or a Firewall VM? >>> >>> Check https://www.qubes-os.org/doc/vpn/ . Ignore the parts about VPN >>> setup >>> but you should be able to set up your proxy redirect in the Proxy VM. >>> I'm >>> assuming local traffic like DNS lookups would not go through the proxy. >> >> Thanks. I have been reading up on the ProxyVM, which seems to be the way >> I would do this, but I'm a bit confused as to where I would add these >> proxy settings. I'm not familiar with manipulating IP tables, or writing >> the sort of scripts on that page, but is that what I would need to set? >> >> I wanted to stay away from setting the environment variables for >> http_proxy, https_proxy, ftp_proxy and no_proxy in each VM. Ideally I >> think I'd like to use a ProxyVM to proxify an entire AppVM, but the >> documentation doesn't make it clear how I would attempt this. > > You're right, you'd need to manipulate IP tables. There is no built in way > to do it with just the Qubes UI. > > See > https://stackoverflow.com/questions/10595575/iptables-configuration-for-transparent-proxy > for an example if you wanted to use the transparent proxy approach. > Sys-whonix is essentially a transparent proxy that forwards all traffic > through Tor. > > Another option could be > https://www.qubes-os.org/doc/config/http-filtering-proxy/ . See also > https://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html I know how to manipulate a torrc file to work through my proxy. That works very well as I can just set HTTPProxy host[:port] and it goes. In a ProxyVM I'm a bit lost. Would I be setting Firewall rules in the VM, or adding a network connection and manipulating that? I'm not clear where I would be manipulating the IP Tables. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0d09ed0eda8239c50cd38fdf2c96338%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-backup-restore --verify-only broken ?
Hello Qubists
I currently use Qubes R4 RC2, and would like to upgrade to RC3 after a backup.
But I experience problems with the qvm-restore-backup --verify-only command.
Should I worry about the quality of my backup ?
Here is my workflow:
1) backup on a USB external drive:
[jl@dom0 bin]$ qvm-backup --compress --encrypt --passphrase-file
/home/jl/bin/savequbes.passphrase /run/media/jl/qubes_backup \
debian-9\
fedora-25 \
fedora-25-dvm \
mail\
media \
trusted \
vault \
dom0\
sys-net \
sys-firewall
--+--+--+
VM | type | size |
--+--+--+
media | VM |419.8 MiB |
dom0 |User home | 10.5 MiB |
fedora-25 | Template VM | 4.9 GiB |
sys-net | VM |100.4 MiB | <-- The VM is running, backup
will contain its state from before its start!
sys-firewall | VM |100.4 MiB | <-- The VM is running, backup
will contain its state from before its start!
mail | VM |580.4 MiB |
vault | VM | 2.7 GiB |
fedora-25-dvm | VM |156.3 MiB |
trusted | VM |122.1 MiB |
debian-9 | Template VM | 6.2 GiB |
--+--+--+
Total size: |15.3 GiB |
--+--+--+
VMs not selected for backup:
- anon-whonix
- debian-8
- sys-whonix
- whonix-gw
- whonix-ws
- whonix-ws-dvm
Do you want to proceed? [y/N] y
2017-11-29 22:35:41,073 [MainProcess selector_events.__init__:65] asyncio:
Using selector: EpollSelector
Making a backup... 100.00%
2) the verify option fails
[jl@dom0 ~]$ qvm-backup-restore -p bin/savequbes.passphrase --verify-only
/run/media/jl/qubes_backup/qubes-2017-11-29T223541
app: Checking backup content...
Traceback (most recent call last):
File "/usr/bin/qvm-backup-restore", line 9, in
load_entry_point('qubesadmin==4.0.9', 'console_scripts',
'qvm-backup-restore')()
File
"/usr/lib/python3.5/site-packages/qubesadmin/tools/qvm_backup_restore.py", line
219, in main
appvm, passphrase)
File "/usr/lib/python3.5/site-packages/qubesadmin/backup/restore.py", line
838, in __init__
self.backup_app = self._process_qubes_xml()
File "/usr/lib/python3.5/site-packages/qubesadmin/backup/restore.py", line
1237, in _process_qubes_xml
backup_app = Core3Qubes(qubes_xml_path)
File "/usr/lib/python3.5/site-packages/qubesadmin/backup/core3.py", line 60,
in __init__
super(Core3Qubes, self).__init__(store)
File "/usr/lib/python3.5/site-packages/qubesadmin/backup/__init__.py", line
33, in __init__
self.load()
File "/usr/lib/python3.5/site-packages/qubesadmin/backup/core3.py", line 159,
in load
self.import_core3_vm(element)
File "/usr/lib/python3.5/site-packages/qubesadmin/backup/core3.py", line 134,
in import_core3_vm
vm.label = self.labels[vm.properties.pop('label')]
KeyError: 'red'
3) I managed to check manually the validity of the backup with this article:
https://www.qubes-os.org/doc/backup-emergency-restore-v4/
Jean-Luc
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/84718114-4c1c-4249-9d13-aa801e963174%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)
On Wed, 2017-11-29 at 15:59 +, Unman wrote: > In the Fedora documentation there ARE methods described for getting > bug > reports out of the install process, but they require active > intervention > from the user (copy to another drive or scp across network). There's > no > suggestion that these reports would be automatically submitted. > > I've had a quick look through the code and i dont see any mechanism > for > passing on bug reports - but it was a very quick look. Interesting & very good to know this but that would have surprise me a lot from a Qubes OS installation. Have you learned if it is specific to Qubes 4.0 rc3 (perhaps the installation part has been there for a long time before this release) ? 3-4 questions remains for me. If you can learn those answer in the future, I believe this issue would have been truly investigated for me. With an "active" intervention from the user (or if I had connected to the internet and submitted my report from my computer to the computer receiving those reports) 1.1 : Does my passphrase would have been transmitted ? YES/NO ? 1.2 encrypted along the way ? YES/NO ? 2.1 : If YES 1.1, where/who does the passphrase would have been transmitted/ transmitted to 2.2 : Who would have had access to this information ? I am not looking for an immediate answer. However, I am still curious about all this. Such a strange 'Bug Report' to see it like this.. Seems complicated to use those information to comprise the whole system via dom0 (that's good) P-S & It means, I can continue my own little project of giving Qubes usb stick to people around me so they can access their bank account online without having to worry about being on their "vulnerable" (or even worst compromised win10 OS) windows OS. Futhermore, I feel you have made a great job at Qubes OS so it would be simple for me to teach people how to open a disposable-vm for this purpose and this purpose only (without really having to learn about Dom0 or about this fascinating architecture if they are not interessed). Love the Qubes "color code" BTW. It will make my life very easy when I'll explain to people which color they must see on their browser to feel more secure without having to teach to any grandparents about VM, Xen Hypervisor and Dom0 interaction lol) Just using a linux distro would be superior I think.. but Qubes and a disposable-vm seems perfect to be just to "go to the bank online" if you are old and know little about computers. The cost of this is idea is minimal too (really just having a 32gb usb media lying around). I do not think those would have been targeted Qubes user. Qubes does not even need any modification for this project. I will be able to teach to many people in less than <30 minutes I think with one demonstration during the holidays. Better safe than sorry and with no money ! Agree ? :-) Take Care & Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1511989413.14418.54.camel%40gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 4.0 RC3 IO Remapping differences - qubes-hcl and xl dmesg on Asus Sabertooth Rev 2.0 bios 2901
I am already using RC3 and everything is working fine, but: qubes-hcl-report says HVM: Active I/O MMU: Active HAP/SLAT Yes Remapping: no xl dmesg says (XEN) AMD-Vi: IOMMU 0 Enabled. (XEN) I/O virtualisation enabled (XEN) - Dom0: mode: Relaxed (XEN) Interrupt remapping enabled Is there a error in qubes-hcl-report? Thank you for your great Qubes! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2a850752-fe00-4887-8632-59d5f774e119%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-ASUSTeK_COMPUTER_INC_-SABERTOOTH_990FX_R2_0-20171129-135745.yml Description: Binary data Xen 4.8.2-10.fc25 (XEN) Xen version 4.8.2 (user@) (gcc (GCC) 6.4.1 20170727 (Red Hat 6.4.1-1)) debug=n Sun Nov 5 01:42:52 UTC 2017 (XEN) Latest ChangeSet: (XEN) Bootloader: GRUB 2.02~beta3 (XEN) Command line: placeholder console=none dom0_mem=min:1024M dom0_mem=max:4096M iommu=no-igfx (XEN) Video information: (XEN) VGA is text mode 80x25, font 8x16 (XEN) VBE/DDC methods: none; EDID transfer time: 0 seconds (XEN) EDID info not retrieved because no DDC retrieval method detected (XEN) Disc information: (XEN) Found 3 MBR signatures (XEN) Found 6 EDD information structures (XEN) Xen-e820 RAM map: (XEN) - 0009e800 (usable) (XEN) 0009e800 - 000a (reserved) (XEN) 000e - 0010 (reserved) (XEN) 0010 - ba40a000 (usable) (XEN) ba40a000 - ba43a000 (reserved) (XEN) ba43a000 - ba44a000 (ACPI data) (XEN) ba44a000 - bb266000 (ACPI NVS) (XEN) bb266000 - bca2d000 (reserved) (XEN) bca2d000 - bca2e000 (usable) (XEN) bca2e000 - bcc34000 (ACPI NVS) (XEN) bcc34000 - bd083000 (usable) (XEN) bd083000 - bd7f4000 (reserved) (XEN) bd7f4000 - bd80 (usable) (XEN) f800 - fc00 (reserved) (XEN) fec0 - fec01000 (reserved) (XEN) fec1 - fec11000 (reserved) (XEN) fec2 - fec21000 (reserved) (XEN) fed0 - fed01000 (reserved) (XEN) fed61000 - fed71000 (reserved) (XEN) fed8 - fed9 (reserved) (XEN) fef0 - 0001 (reserved) (XEN) 00011000 - 00084000 (usable) (XEN) ACPI: RSDP 000F0490, 0024 (r2 ALASKA) (XEN) ACPI: XSDT BA442078, 0064 (r1 ALASKAA M I 1072009 AMI 10013) (XEN) ACPI: FACP BA449118, 010C (r5 ALASKAA M I 1072009 AMI 10013) (XEN) ACPI Warning (tbfadt-0464): Optional field "Pm2ControlBlock" has zero address or length: /1 [20070126] (XEN) ACPI: DSDT BA442170, 6FA8 (r2 ALASKAA M I0 INTL 20051117) (XEN) ACPI: FACS BB260F80, 0040 (XEN) ACPI: APIC BA449228, 008E (r3 ALASKAA M I 1072009 AMI 10013) (XEN) ACPI: FPDT BA4492B8, 0044 (r1 ALASKAA M I 1072009 AMI 10013) (XEN) ACPI: TCPA BA449300, 0032 (r2 APTIO4 NAPAASF1 MSFT 113) (XEN) ACPI: MCFG BA449338, 003C (r1 ALASKAA M I 1072009 MSFT10013) (XEN) ACPI: HPET BA449378, 0038 (r1 ALASKAA M I 1072009 AMI 5) (XEN) ACPI: IVRS BA449588, 00F8 (r1 AMD RD890S 202031 AMD 0) (XEN) ACPI: SSDT BA449408, 017A (r1 AMDPOWERNOW1 AMD 1) (XEN) System RAM: 32680MB (33464332kB) (XEN) Domain heap initialised (XEN) ACPI: 32/64X FACS address mismatch in FADT - bb260f80/, using 32 (XEN) IOAPIC[0]: apic_id 7, version 33, address 0xfec0, GSI 0-23 (XEN) IOAPIC[1]: apic_id 8, version 33, address 0xfec2, GSI 24-55 (XEN) Enabling APIC mode: Flat. Using 2 I/O APICs (XEN) Using scheduler: SMP Credit Scheduler (credit) (XEN) Platform timer is 14.318MHz HPET (XEN) Detected 3311.228 MHz processor. (XEN) Initing memory sharing. (XEN) PCI: Not using MCFG for segment bus 00-ff (XEN) AMD-Vi: IOMMU 0 Enabled. (XEN) I/O virtualisation enabled (XEN) - Dom0 mode: Relaxed (XEN) Interrupt remapping enabled (XEN) ENABLING IO-APIC IRQs (XEN) -> Using new ACK method (XEN) Allocated console ring of 16 KiB. (XEN) HVM: ASIDs enabled. (XEN) SVM: Supported advanced features: (XEN) - Nested Page Tables (NPT) (XEN) - Last Branch Record (LBR) Virtualisation (XEN) - Next-RIP Saved on #VMEXIT (XEN) - Pause-Intercept Filter (XEN) HVM: SVM enabled (XEN) HVM: Hardware Assisted Paging (HAP) detected (XEN) HVM: HAP page sizes: 4kB, 2MB, 1GB (XEN) Brought up 6 CPUs (XEN) mtrr: your CPUs had inconsistent variable MTRR settings (XEN) Xenoprofile: Failed to setup IBS LVT offset, IBSCTL
Re: [qubes-users] Printer working with Debian DVMs but not when opening up a doc in a DVM from e.g. Work VM?
On Wed, Nov 29, 2017 at 07:51:12AM -0800, vel...@tutamail.com wrote: > I managed to work it out! It is a wireless printer...thank you Unman...you > rock! > > However my trouble shooting brought up another question: It appears as if the > DVM launched from "work" inherits the firewall settings from "work"? Is that > to be expected? All I needed to do was add my printers IP to my "work" > firewall...is that correct? It does work! I have detailed the step-by-step > instructions I followed below in case others want to do this. If I have done > something wrong or there is a better way to do this...I am open to feedback. > > Installing wireless network HP Printer into Debian template for DVM: > 1) Clone updated Debian Template for printer > 2) Download “HPLIP” driver in disposable VM(from HP website) > 3) Move drivers/downloaded file to “Cloned Debian Template for printer” > 4) Move file to “Cloned Debian Template for printer” desktop > 5) Open terminal in “Cloned Debian Template for printer” and type: > cd Desktop > sh hplip-3.17.11.run(“hplip-3.17.11.run” was the file name for my > drivers) > (when prompted for password type “su”) > 6) Open printer settings in “Cloned Debian Template for printer” > 7) Click “+” icon in the printer settings > 8) Click “Network Printer” → “AppSocket/HP JetDirect” → enter printers ip > address in “Host:” → “Forward” > 9) A choose driver screen pops up → in my case I selected “HP” → I then > selected my specific printer → this then allowed me to print a test page > > Additional Notes: > * Assumes GNOME is installed (sudo tasksel → GNOME (use space bar to select > GNOME) > * Need to temporary allow network access to “Cloned Debian Template for > printer” to print test page > * If printing from “work” or other trusted VM, make sure to allow firewall > access in “work” to printer IP if firewall for “work” is restricted > * Change DVM to “Cloned Debian Template for printer” > https://www.qubes-os.org/doc/dispvm-customization/ > This is expected behaviour - the disposableVM inherits netvm and firewall rules, although there is a ticket open on the subject of considerable vintage. An alternative could be to have a dedicated printerVM to which you copy files if you dont want to open up "work" firewall. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171129160659.umlxshpd5zu5udr5%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)
On Wed, Nov 29, 2017 at 02:51:33AM -0500, '[799]' via qubes-users wrote: > Hello Unman, > > >> It's perfectly possible that the installer (not principally written by > >> Qubes) could mistakenly include a passphrase string. > > As far as I have understand, the problem is not that the password is shown, > but that the report with this error mistake and the password could get > transferred. I don't want that my password gets transferred in some part of > an error report. > > >> I've seen similar stuff included in all sorts of error reports in the past. > > This might be true, but this doesn't make this less harmless, if the password > is really bundled in an error report that gets transferered somewhere. > > >> It doesn't mean that Qubes "can't be trusted" > > Wait, it's not (!) about blaming the Qubes team. > If my understanding is correct, and the password is included in an error > report that gets transferred to a 3rd party, this is a really bad thing as > something like this should not happen from my understanding. > > [799] > > >> Also, since this is an installation error, let's not over egg the problem > > - cant be trusted" quote came from your previous comment. I dont think there's any evidence that the error report DOES get sent to a 3rd party is there? (Qubes? Fedora? NSA?) There are install logs in /tmp which are stored in RAM, and disappear after the installation process ends/aborts. The same would likely appply to this report. In the Fedora documentation there ARE methods described for getting bug reports out of the install process, but they require active intervention from the user (copy to another drive or scp across network). There's no suggestion that these reports would be automatically submitted. I've had a quick look through the code and i dont see any mechanism for passing on bug reports - but it was a very quick look. I havent seen a bug report from anaconda, but looking at the install logs there is material that privacy minded individuals might object to including in there. Until there's some evidence that the bug report is actually sent off the system I continue to think this is over egged. Even if it is transferred to dom0 (IF), it doesnt pose a huge security risk. IF it were copied to unencrypted /boot that would be an issue. But just preparing a report that includes a password doesnt seem in itself to be a major issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171129155956.3xl6w5daevtuwovb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Printer working with Debian DVMs but not when opening up a doc in a DVM from e.g. Work VM?
I managed to work it out! It is a wireless printer...thank you Unman...you rock! However my trouble shooting brought up another question: It appears as if the DVM launched from "work" inherits the firewall settings from "work"? Is that to be expected? All I needed to do was add my printers IP to my "work" firewall...is that correct? It does work! I have detailed the step-by-step instructions I followed below in case others want to do this. If I have done something wrong or there is a better way to do this...I am open to feedback. Installing wireless network HP Printer into Debian template for DVM: 1) Clone updated Debian Template for printer 2) Download “HPLIP” driver in disposable VM(from HP website) 3) Move drivers/downloaded file to “Cloned Debian Template for printer” 4) Move file to “Cloned Debian Template for printer” desktop 5) Open terminal in “Cloned Debian Template for printer” and type: cd Desktop sh hplip-3.17.11.run(“hplip-3.17.11.run” was the file name for my drivers) (when prompted for password type “su”) 6) Open printer settings in “Cloned Debian Template for printer” 7) Click “+” icon in the printer settings 8) Click “Network Printer” → “AppSocket/HP JetDirect” → enter printers ip address in “Host:” → “Forward” 9) A choose driver screen pops up → in my case I selected “HP” → I then selected my specific printer → this then allowed me to print a test page Additional Notes: * Assumes GNOME is installed (sudo tasksel → GNOME (use space bar to select GNOME) * Need to temporary allow network access to “Cloned Debian Template for printer” to print test page * If printing from “work” or other trusted VM, make sure to allow firewall access in “work” to printer IP if firewall for “work” is restricted * Change DVM to “Cloned Debian Template for printer” https://www.qubes-os.org/doc/dispvm-customization/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c91c606-2c59-41b4-84ae-4a5e6c6c958a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Veracrypt a drive connected to sys-usb
Hi, how can I decrypt a drive connected to sys-usb and then connect this decrypted drive to another vm? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ad10fb7-a50e-4f5b-a68b-b95adc31983f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)
On Wednesday, 29 November 2017 02:40:01 CET Genevieve Gauthier wrote: > What do you need me to do ? Please expain in a little more detail what versions of the software you were using, what steps we might follow to reproduce the problem. For instance which screen was the last thing that was on before this error popped up. Cheers! -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5092306.yHsbj7elGM%40strawberry. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 RC3 (installation) MEGA-HUGE security flaw! (report the bug below or quit the program)
On Wednesday, 29 November 2017 08:51:33 CET '[799]' via qubes-users wrote: > As far as I have understand, the problem is not that the password is > shown, but that the report with this error mistake and the password could > get transferred. I don't want that my password gets transferred in some > part of an error report. Thats not what the guy wrote. He said that it was showing on screen in an error dialog. The problem seems to be that the password is requested from the user and then kept in memory to be passed to specific tools that do the work while the installation is ongoing. Then if the installation goes wrong it prints the log of what has happened so far, and that contains the password. I have seen no indication that the password is kept after the installation has completed and operations are given over to Qubes-OS. I agree its rather sloppy, but as far as I know the installer has no option of reporting issues. I don’t even think you connect to the network at all (did you type your wifi password, I never did). So, lets allow the devs to fix this without making this into a bigger thing than it is. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2706301.yDkeRr7QO1%40strawberry. For more options, visit https://groups.google.com/d/optout.
