Re: [qubes-users] Qubes GUI for v4

[Kushal Das]

On Wed, Dec 20, 2017 at 12:55 PM, Matteo  wrote:
>
> Thanks so much, it's a thing that i miss a lot.
> i come from windows with virtual box and found the qubes manager similar
> to virtual box gui (both useful and well done).
>
> but before you code it you should talk to joanna to be sure it will be
> accepted and used.
>
The beauty of Free Software projects is that you don't need any tool to be
something official. The tool can be packaged in Fedora, and can be installed by
the users if they want. if in the future the application become super popular
among the users, the Qubes upstream may include it as an official package.


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzkHK19JoVbhRS1LqHF2KWEBvTCszC-JzL6gBjUpoY_WQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes GUI for v4

[Matteo]

> Last weeks there was a lot of talk about a lot of us missing the
> qubes-manager, or frankly any sort of useful graphical user interface.
> 
> As I’m a long time programmer I decided to just give this a go and try to 
> get something useful going.
> My approach is one where I talk directly to the Admin-API (at least when 
> running in dom0) from this code which happens to have been written using Qt 
> in C++, the code will be GPL licensed.
> 
> The GUI is showing some usefulness already, the ‘start’, ‘pause’ and ‘stop’ 
> buttons are functional.
> 
> I just wanted to show some progress, hope you like it.
> 

Thanks so much, it's a thing that i miss a lot.
i come from windows with virtual box and found the qubes manager similar
to virtual box gui (both useful and well done).

but before you code it you should talk to joanna to be sure it will be
accepted and used.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fd8e0b0-0563-c583-5762-0d331bd0c987%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes won't install from usb

[Adanfo Ehatlea]

Hey, I've tried all sorts of methods to get qubes to install after booting
from a usb, but it freezes no matter what option I choose. I believe it has
something to do with my NVIDIA graphics card but I can't disable it from my
BIOS. Please help!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAMiFpSHfq3h38z%3Dgri95nBiqtF_Ub_d4sd8Bbm1b0%2BawZ%2BLnbg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2.1 / An updated 3.2 iso?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-12-19 09:05, 'Vincent Adultman' via qubes-users wrote:
> Hi all
> 
> We were chatting today in IRC about current user expectations and
> experiences with the 4 release candidates. While many are happily
> testing there are indeed some visitors who drop by with the
> requirement of a daily driver stable system, but have some newer
> hardware than the kernel on the current 3.2 iso will support. These
> users seem to be in a somewhat painful position, the bravest are
> attempting to build their own isos or perform some cross install
> using a machine that will work. Some fail / give up.
> 
> https://www.qubes-os.org/doc/supported-versions/ suggests that at
> some point a 3.2.1 release was/is planned, h01ger suggested to me
> all focus is currently on 4, but can I ask:
> 
> 1. What are the current plans for 3.2.1? (if it was planned to be
> anything other than an updated iso) 2. Regardless of 1. is there a
> possibility of getting an updated 3.2 iso for Christmas, given that
> some will undoubtedly use the holiday time to try Qubes, quite
> possibly on shiny new hardware :)
> 
> Thanks for your time.
> 
> V
> 

We do still plan to have a 3.2.1 release, but I'm afraid we have no
estimated release date for it yet. We'll make an announcement as soon
as we know more.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaOfsrAAoJENtN07w5UDAwnjQQAI493E4S2rLQH7vfSuoRb4ct
nU8BqPLCWakMPsJRDvc9I04gQ8JCW2NCLoD5jVXhmTeQwsth8VavEcI/p85PdceE
culawn5PAL+huWftTr/ClDBzsQN495g3TrTqwHCpYER0IJLz8sjMNLjJniSJdPM+
87l7g+aq9QFvEVjqKoCE4aZFpIJm/63mPa0CvpsXXjeLhzHmhyqifyzaIM6VCkQo
yIZlFBlwmF/8LsXW8xutrAw6RcZ7UgOnagE+MqWwC55bnUu7gew4Aok+KBOrKc2J
+1B2tGitFSVmCj7EPIluDu1F1wrOef4RYaQHpD+aYvc0KPSMnU0TwkTxic+YD6pK
VcH8PWF/zeF+I/s0aoA8tovk1xxdKyZj4qZp8RaOddG2cJtq8jVzrTMhAyENtiN3
BFyl3WZ7Lp/iIBKUnVOkut8le5QffiQko9CUIl3698GcW462RgYFwjsMN7wPYsh9
ZPDwxdppgOjoxhGCfP94b+TKbJuWtA1haqRxVY6IxwnDGpUD7/DJpaTzYbZR+4/W
dVuHSobZaD2zyLpF1dPIqF5/tSxt4BPscXB+TSFh6S44AELGe4uNp0U80uAZzQGA
CDOOCv+ApJdoIOhxfzjE4BrtOkNoalYa95P0MPRtGUkFP9EgoK8N5R0MC6bdljnk
UAJZ+t98k7efTgjvvuUf
=n/RE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1c28c3ed-3205-75b6-0062-fd7cb2f502ed%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Unistalling Qubes

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-12-19 22:17, Noe Key wrote:
> Hello Mr.Wong,
> I apologize for the late response. Thanks so much for the speedy reply and
> information.
> Over the last few days, I found a way to test other operating systems on
> another machine,
> and I've been getting further accustomed to Qubes's GUI and I like it more
> and more.
> I've compared it to Parrot OS, Linux Mint, Subgraph among others and Qubes
> is by far the best.
> However, the only possible issue I have is that sometimes when I close my
> laptop and move to another
> room, Qubes shuts down/only returns a black screen causing me to restart
> it. Is there something I could
> do to stop that?
> 
> Thanks again.
> Enjoy your evening,
> Noe
> 

Hi Noe,

Glad to hear you like Qubes!

We're looking into multiple wake-from-sleep issues that other users
have reported, for example:

https://github.com/QubesOS/qubes-issues/issues/2922
https://github.com/QubesOS/qubes-issues/issues/3411

I don't have any further guidance to offer on your problem right now,
but please feel free to ask for help on this list, since others may be
able to offer assistance. Also feel free to file an issue if you think
yours is distinct from those and not too localized for qubes-issues.

Best,
Andrew

P.S. - Please try to avoid top-posting.

> 
> On Mon, Dec 18, 2017 at 1:58 AM, Andrew David Wong  wrote:
> 
> On 2017-12-17 15:10, Noe Key wrote:
 Good afternoon Mr. Wong, My name is Noe and I have been looking for
 security OSes for about a month, and I came across Qubes and am
 very impressed. Recently, I installed in on a computer over Windows
 10 and have really enjoyed it so far. However, I would like to try
 other OSes before I settle on a specific one. Because of that I
 have tried to uninstall Qubes and I don't see any specific options
 on how to do that. (I am aware of the grub option, but Qubes was
 installed as my main OS, and I don't have grub installed.) I have
 looked on your website as well as others and don't see any
 information on uninstalling Qubes. At your nearest convenience, I'd
 appreciate your help with this.

 Thanks for what you all do. Looking forward to hearing back from
 you, Noe

> 
> Hi Noe,
> 
> Uninstalling Qubes requires no special instructions. You can simply
> wipe or format the partition or drive on which you installed Qubes, as
> you normally would, then install your OS of choice. It's likely that
> whichever new OS you choose to install over Qubes will offer to do
> this for you automatically as part of the installation process.
> 
> Best,
> Andrew
> 
> P.S. - Please direct any replies to qubes-users (CCed) so that others
> can provide and benefit from potentially useful information.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJaOfnAAAoJENtN07w5UDAw/e4P/1A/CjpjZWXYWI9UJrnafELS
wrUZuNxiYBMOVznzaaC3zt/xbWn+Ggn00f2hJvlMev4H1GhTzvsR3rEd6ZIjWmzH
KPcWbJmOisI/o/ra+UTk0fnGM9AFuuXa6Ok4S7dgDKiH3oCi77uwtcJLAYIRtr9W
SWL9/2TVSndl3b5RvLiaHboHpz3UMy+sIlrueQvH6lVWY3YE5qQgsJV9IYMZ0na5
e3AOvZyR2WwS7wANZ+bM+f4tvbTblQH8PocQuHsAwN9+hqe9etSI8MoFZQ8QP8Tu
hwlih24Q1qCjfB+PgF310BxQTBV7k43WeOeaDSkvXzQBAB1FxD2t4gEthGWb56pV
D+d1szAY0QG2/4tI2RtQqtpEs5pRWwOGUrr+Rn9X9HlTxFBk9BDv7TNp5NreiYDH
Hqh6mKC+lnlvaK4V0/jvdVUAOERSo9g5TU+4oLsjMwZWsruzTGxcwTDrMZbcAY+a
CAwPY9XZyvJpLiPt4ICBYuxqzUDpV2taGJIhFo3FpcL9JfFkViud6FYf60UYR3p7
O9aLUWqGZuYqHqr/U7vB/sGDMDsjHT983XrKzU/Xwc/WYi9YPZFWv2HTmhFXWmCh
visNG3GHHuKg2qZFmUqf/IcCtTYI2xCMrgypxAmvY5yINCX5C1BgIoZ0KBf6wQ1m
4rzCATOu8l9DfBgsPBBa
=VPAQ
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6bee4099-6045-76d1-b9dc-a7e1b5577573%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 3.2.1 / An updated 3.2 iso?

[Mike Freemon]

On 12/19/2017 01:04 PM, cooloutac wrote:
> On Tuesday, December 19, 2017 at 10:05:49 AM UTC-5, Vincent Adultman wrote:
>> Hi all
>>
>>
>>
>> We were chatting today in IRC about current user expectations and 
>> experiences with the 4 release candidates. While many are happily testing 
>> there are indeed some visitors who drop by with the requirement of a daily 
>> driver stable system, but have some newer hardware than the kernel on the 
>> current 3.2 iso will support. These users seem to be in a somewhat painful 
>> position, the bravest are attempting to build their own isos or perform some 
>> cross install using a machine that will work. Some fail / give up.
>>
>>
>>
>> https://www.qubes-os.org/doc/supported-versions/ suggests that at some point 
>> a 3.2.1 release was/is planned, h01ger suggested to me all focus is 
>> currently on 4, but can I ask:
>>
>>
>>
>> 1. What are the current plans for 3.2.1? (if it was planned to be anything 
>> other than an updated iso)
>>
>> 2. Regardless of 1. is there a possibility of getting an updated 3.2 iso for 
>> Christmas, given that some will undoubtedly use the holiday time to try 
>> Qubes, quite possibly on shiny new hardware :)
>>
>>
>>
>> Thanks for your time.
>>
>>
>>
>> V
> 
> sounds like an inherent linux problem,  not much qubes can do about that.

A number of the problems encountered by people trying to install R3.2 on
newer hardware would be avoided if the installation ISO contained a more
recent version of the linux kernel.

For example, see:
https://groups.google.com/forum/#!msg/qubes-users/fE2HCAdF-U0/eLovum3xAgAJ

That's what the OP was asking about, if I'm reading it correctly.

I completely support and appreciate the work of the Qubes team.  I can
imagine that updating R3.2 at the same time as finalizing R4 would be
asking a lot.  But with the extended support for R3.2[1] driven by the
new minimum hardware requirements, and also considering the lack of a
management GUI, I suspect that the value of a newer R3.2 ISO will become
clear.

Yes, count me as a technically-savvy person who uses the Qubes Manager
GUI continuously.  However, the Qubes team should not take this as a
criticism.  I understand the need to prioritize, and I don't disagree
with the decisions that were made.  But I do wonder to what extent the
lack of a GUI will slow the adoption of R4.

[1]
https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/40ae7f43-4e8c-3a0f-9ca4-cf81260df540%40zoho.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: 3.2.1 / An updated 3.2 iso?

[Mike Freemon]

On 12/19/2017 01:04 PM, cooloutac wrote:
> On Tuesday, December 19, 2017 at 10:05:49 AM UTC-5, Vincent Adultman wrote:
>> Hi all
>>
>>
>>
>> We were chatting today in IRC about current user expectations and 
>> experiences with the 4 release candidates. While many are happily testing 
>> there are indeed some visitors who drop by with the requirement of a daily 
>> driver stable system, but have some newer hardware than the kernel on the 
>> current 3.2 iso will support. These users seem to be in a somewhat painful 
>> position, the bravest are attempting to build their own isos or perform some 
>> cross install using a machine that will work. Some fail / give up.
>>
>>
>>
>> https://www.qubes-os.org/doc/supported-versions/ suggests that at some point 
>> a 3.2.1 release was/is planned, h01ger suggested to me all focus is 
>> currently on 4, but can I ask:
>>
>>
>>
>> 1. What are the current plans for 3.2.1? (if it was planned to be anything 
>> other than an updated iso)
>>
>> 2. Regardless of 1. is there a possibility of getting an updated 3.2 iso for 
>> Christmas, given that some will undoubtedly use the holiday time to try 
>> Qubes, quite possibly on shiny new hardware :)
>>
>>
>>
>> Thanks for your time.
>>
>>
>>
>> V
> 
> sounds like an inherent linux problem,  not much qubes can do about that.

A number of the problems encountered by people trying to install R3.2 on
newer hardware would be avoided if the installation ISO contained a more
recent version of the linux kernel.

For example, see:
https://groups.google.com/forum/#!msg/qubes-users/fE2HCAdF-U0/eLovum3xAgAJ

That's what the OP was asking about, if I'm reading it correctly.

I completely support and appreciate the work of the Qubes team.  I can
imagine that updating R3.2 at the same time as finalizing R4 would be
asking a lot.  But with the extended support for R3.2[1] driven by the
new minimum hardware requirements, and also considering the lack of a
management GUI, I suspect that the value of a newer R3.2 ISO will become
clear.

Yes, count me as a technically-savvy person who uses the Qubes Manager
GUI continuously.  However, the Qubes team should not take this as a
criticism.  I understand the need to prioritize, and I don't disagree
with the decisions that were made.  But I do wonder to what extent the
lack of a GUI will slow the adoption of R4.

[1]
https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6ee4681-caca-46cb-7243-acb668ce0d05%40zoho.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Unistalling Qubes

[Noe Key]

Hello Mr.Wong,
I apologize for the late response. Thanks so much for the speedy reply and
information.
Over the last few days, I found a way to test other operating systems on
another machine,
and I've been getting further accustomed to Qubes's GUI and I like it more
and more.
I've compared it to Parrot OS, Linux Mint, Subgraph among others and Qubes
is by far the best.
However, the only possible issue I have is that sometimes when I close my
laptop and move to another
room, Qubes shuts down/only returns a black screen causing me to restart
it. Is there something I could
do to stop that?

Thanks again.
Enjoy your evening,
Noe


On Mon, Dec 18, 2017 at 1:58 AM, Andrew David Wong  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2017-12-17 15:10, Noe Key wrote:
> > Good afternoon Mr. Wong, My name is Noe and I have been looking for
> > security OSes for about a month, and I came across Qubes and am
> > very impressed. Recently, I installed in on a computer over Windows
> > 10 and have really enjoyed it so far. However, I would like to try
> > other OSes before I settle on a specific one. Because of that I
> > have tried to uninstall Qubes and I don't see any specific options
> > on how to do that. (I am aware of the grub option, but Qubes was
> > installed as my main OS, and I don't have grub installed.) I have
> > looked on your website as well as others and don't see any
> > information on uninstalling Qubes. At your nearest convenience, I'd
> > appreciate your help with this.
> >
> > Thanks for what you all do. Looking forward to hearing back from
> > you, Noe
> >
>
> Hi Noe,
>
> Uninstalling Qubes requires no special instructions. You can simply
> wipe or format the partition or drive on which you installed Qubes, as
> you normally would, then install your OS of choice. It's likely that
> whichever new OS you choose to install over Qubes will offer to do
> this for you automatically as part of the installation process.
>
> Best,
> Andrew
>
> P.S. - Please direct any replies to qubes-users (CCed) so that others
> can provide and benefit from potentially useful information.
>
> - --
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
>
> -BEGIN PGP SIGNATURE-
>
> iQIcBAEBCgAGBQJaN2cMAAoJENtN07w5UDAw4jQP/0qZfKCXZuXrbnNXXKVZC/jI
> Vy8Jh8HvBdt3rN67TRtiDejTdSTCn6b8TmvosVbtGOESpWQ8h6Rlszy39BKkThK5
> rPAIHzfh2yL6vwITM91RGsBJfHwoM5Bdcpit0vy0Cnxt9ZGsEAC1cDs3skALfIYI
> Qd/r23OYl4q6bWzUNGwt4oOzDGCsX1axTuBElldVkHWYF9HXGsuHht1EDReyxHG9
> jpJWnckTCi7GrJds21rZRrIS8sTkE9rPn9BivlJZBAnf5GDoaz85sUWfpCRHt+uu
> Yl1N8xIE3JVckvB3Bg3ALxV6a/VQ/PPnpXlPARSgsHrE5RPYfCMftbqpHGSRAo6p
> 9CGAMnOpJ6NjWF38COxFnvbtVrQ46YS62UTU71pRBXyoU7shLIPXdg2id/Dgpdpx
> iJg2gRFpDIR51tKeaxW/n9ceHlQDjsMROiLB1US0rlGKIedrZLVkLednF7TBEmEb
> wFE901JdMoyNyyFPyYRTAw7lSWsuIJW426FqiLWBu45VC15m5Y7A9gpKaGMAvs/q
> wLyg2OKDoItB42hGSZWnjwo9iSaTSft2JKCEv4oavVmMuOi21JQ1laVktPDkmRu9
> XJF7TlpInDmmZXUuHti/RNEPkA3zRHQiirmwkOI7YOli+dnK64NcIfZYWl4eS5X7
> 6CkWtTgECYFpP+2QvKW8
> =R6q6
> -END PGP SIGNATURE-
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAFw5J1nCw%2ByKyUxO8MgP%3DkayREpcRpxqgsHe4gr5RBDLvkjD-Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Attempting to securely wipe drives, running into issue.

[Ángel]

Steve is right in the wrong placement of sudo, but I don't think
brackets would do (that would create a subshell in your current sh).

You simply need to add sudo in front of dd, which is the only one that
needs elevated privileges, ie.


openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1
2>/dev/null | base64)" -nosalt  | sudo dd bs=64K of=/dev/sd"X"

Cheers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1513727438.933.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: qubes-mirage-firewall 0.4

[Foppe de Haan]

On Tuesday, December 19, 2017 at 8:05:34 PM UTC+1, Thomas Leonard wrote:
> I'd like to announce the release of qubes-mirage-firewall 0.4:
> 
>   https://github.com/talex5/qubes-mirage-firewall/releases/tag/v0.4
> 
> This is a unikernel that can run as a QubesOS ProxyVM, replacing 
> sys-firewall. It may be useful if you want something smaller or 
> faster-to-start than the Linux-based sys-firewall, are worried about possible 
> attacks against Linux's C net-front code, or just like playing with 
> unikernels.
> 
> 
> Changes since 0.3:
> 
> - Add support for HVM guests (needed for Qubes 4). I don't use Qubes 4 myself 
> yet, but other people have said it works now for them. Note that the firewall 
> itself must still have virt_mode set to 'pv'.
> 
> - Add support for disposable VMs.
> 
> - Drop frames if an interface's queue gets too long.
> 
> - Show (log) the packet when failing to add a NAT rule. The previous message 
> was just: WRN [firewall] Failed to add NAT rewrite rule: Cannot NAT this 
> packet
> 
> 
> For installation instructions, see:
> 
>   https://github.com/talex5/qubes-mirage-firewall/blob/master/README.md
> 
> For a blog post explaining the background for this, with a walk-through of 
> the code, see:
> 
>   http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/

Thanks, will probably try it out later this week. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c6f593de-3ff0-4aac-adea-5e27f794a6fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

['Tom Zander' via qubes-users]

On Tuesday, 19 December 2017 16:33:49 CET Unman wrote:
> Tom
> 
> Ive suggested before that if you give this advice you should
> clearly state the consequences.

Ok, no worries. Here you go:

The consequences is that the template, which has no personal or identifying 
information, can be used to run apps that make outbound connections. Don’t 
worrry! No inbound connections are possible.

In short;
* There is no possibility of loss of private data (since there is none).
* There is no possibility of a remote hacking attack (b/c no 
listening services).
* There is no possibility of a hacker installing bad software in 
your template (only you can do that).

Bottom line is that there is no additional risk when a user uses a corporate 
firewall and a http proxy to allow him to download updates.

Unman, being paranoid is fine, but making users unable to update their system 
unless they do it the very complicated way you approve of will not help 
security.
We are dealing with people, lets keep that in mind.
Specifically, the result of being too strict on this is that they will end up 
either not updating (and missing security updates) or maybe just giving up 
and using the simple route of throwing security out the window and just 
getting the job done.

Perfection is the enemy of good enough.


And since I’m being nasty today, lets focus on another illusion in this 
email. You wrote;
> sys-net will not enforce a firewall 

Basically true, sys-net indeed bypasses sys-firewall.
But you are mistaken if you think that sys-firewall adds security.
Sys-firewall adds the _option_ of allowing you to _manually_ add security.
IF you have the know-how on how to do so. Which most people don’t. 
sys-firewall allows you to block remote hosts by IP-address, manually. And 
optionally.

Making people believe that having sys-firewall makes them more secure is 
selling an illusion of security, which is really bad for actual security 
because it follows that people will believe they are magically secured.
In reality the configuration of the firewall is a highly specialized and low-
level task that most people without sys-admin-training will simply not do.

Security is not about following a rulebook, it is about people first and 
foremost. Lets not lose focus of that, please.

-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/tomscryptochannel

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2682772.EKl5eY0fiO%40strawberry.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] AEM? USB devices? Love the name but need guidance...running 3.2

[velcro]

I have read the instructions here:

https://www.qubes-os.org/doc/anti-evil-maid/
In dom0: sudo qubes-dom0-update anti-evil-maid

...but still a little unsure how and where to set up AEM?

My setup is as follows:
a) I have setup a sys-usb with 2 devices selected in VM settings(working well!)
b) I believe my threat is likely from something I click online or in 
email(including an attachment)
c) I am concerned however with some one plugging in a malicious USB
d) I am running qubes 3.2 on a laptop and do not have/need any peripheral USB 
devices such as mouse, webcam, etc. 
e) I do however need to plug in a thumbdrive and backup drive so I can backup 
my data and save/get files to and from a thumb drive. 

If I am reading the instructions correctly I need to make a choice between 
threat vector c) or d).

My question are:
1) I have only selected 2 devices for my sys-usb yet have 3 USB slots on my 
laptop? Why is there not a 3rd device for me to select in my sys-usb? The 2 I 
have selected are labeled "00:1a.0" and "00:1d.0" followed by "USB 
controller..."

2) If I need to decide between threat vector c) or d). How would this command 
be different for each scneario? "sudo qubes-dom0-update anti-evil-maid"...

3) If I add AEM to my laptop can I still wipe my laptop and reinstall Qubes 
again?

Sorry for the noobie question...

Thanks,
V   

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7f73261c-5b94-4789-8aaf-dafadcdbdb16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes GUI for v4

[David]

On 12/19/2017 07:38 AM, 'Tom Zander' via qubes-users wrote:

Last weeks there was a lot of talk about a lot of us missing the
qubes-manager, or frankly any sort of useful graphical user interface.

As I’m a long time programmer I decided to just give this a go and try to
get something useful going.
My approach is one where I talk directly to the Admin-API (at least when
running in dom0) from this code which happens to have been written using Qt
in C++, the code will be GPL licensed.

The GUI is showing some usefulness already, the ‘start’, ‘pause’ and ‘stop’
buttons are functional.

I just wanted to show some progress, hope you like it.



Tom,

Looks like a great start, looking forward to seeing it firsthand.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p1bvmf%2467q%242%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Attempting to securely wipe drives, running into issue.

[David]

Steve,

Thank you for the insight, digging in!

On 12/19/2017 04:14 PM, Steve Coleman wrote:
With the redirection pipe operators you may need to put \(  \) around 
the command so that all commands in the pipe are running at elevated privs.



On 12/19/2017 04:09 PM, David wrote:


Nothing urgent, just stumped — if you've got free time to poke at a 
command, thank you in advance!


I've trawled around the web, and the most sane/simple way of wiping is 
wielding dd & overwriting a drive with zeroes/urandom/random/etc.


Another, is encrypted random data. That sounds more fun, though 
perhaps useless.


I'm attempting to wield a command from the archlinux wiki and getting 
access denied, even with sudo in front, and even when on dom0 (against 
my better judgment). Any thoughts?


Source:

https://wiki.archlinux.org/index.php/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example 



Command below:

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 
count=1 2>/dev/null | base64)" -nosalt 
 | pv -bartpes  | dd bs=64K of=/dev/sd"X"


In this case, sd"X" is referencing a specific drive. If you run the 
command, you'll want to ensure that's a drive with nothing of use on it.


p.s., I'm open to alternative suggestions. If you think a single pass 
with /dev/zero is sufficient, I'm all ears or eyes, in this context. 
I've never attempted to recover a drive under any circumstances, so 
I'm no expert. Happy to accept the lazy way out ;)











--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p1bvir%2467q%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Attempting to securely wipe drives, running into issue.

[Steve Coleman]

With the redirection pipe operators you may need to put \(  \) around 
the command so that all commands in the pipe are running at elevated privs.



On 12/19/2017 04:09 PM, David wrote:


Nothing urgent, just stumped — if you've got free time to poke at a 
command, thank you in advance!


I've trawled around the web, and the most sane/simple way of wiping is 
wielding dd & overwriting a drive with zeroes/urandom/random/etc.


Another, is encrypted random data. That sounds more fun, though perhaps 
useless.


I'm attempting to wield a command from the archlinux wiki and getting 
access denied, even with sudo in front, and even when on dom0 (against 
my better judgment). Any thoughts?


Source:

https://wiki.archlinux.org/index.php/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example 



Command below:

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 
2>/dev/null | base64)" -nosalt 
     | pv -bartpes  | dd bs=64K of=/dev/sd"X"


In this case, sd"X" is referencing a specific drive. If you run the 
command, you'll want to ensure that's a drive with nothing of use on it.


p.s., I'm open to alternative suggestions. If you think a single pass 
with /dev/zero is sufficient, I'm all ears or eyes, in this context. 
I've never attempted to recover a drive under any circumstances, so I'm 
no expert. Happy to accept the lazy way out ;)







--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2ddf88be-f2b7-c759-8b82-a8a1f000f37c%40jhuapl.edu.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Attempting to securely wipe drives, running into issue.

[David]

Nothing urgent, just stumped — if you've got free time to poke at a 
command, thank you in advance!


I've trawled around the web, and the most sane/simple way of wiping is 
wielding dd & overwriting a drive with zeroes/urandom/random/etc.


Another, is encrypted random data. That sounds more fun, though perhaps 
useless.


I'm attempting to wield a command from the archlinux wiki and getting 
access denied, even with sudo in front, and even when on dom0 (against 
my better judgment). Any thoughts?


Source:

https://wiki.archlinux.org/index.php/Securely_wipe_disk/Tips_and_tricks#dd_-_advanced_example

Command below:

openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 
2>/dev/null | base64)" -nosalt 
| pv -bartpes  | dd bs=64K of=/dev/sd"X"


In this case, sd"X" is referencing a specific drive. If you run the 
command, you'll want to ensure that's a drive with nothing of use on it.


p.s., I'm open to alternative suggestions. If you think a single pass 
with /dev/zero is sufficient, I'm all ears or eyes, in this context. 
I've never attempted to recover a drive under any circumstances, so I'm 
no expert. Happy to accept the lazy way out ;)





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/p1bv2k%24s6q%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] template /home/user is not copied when creating appvm

[Dave C]

According to https://www.qubes-os.org/doc/templates/ ,

Whenever a TemplateBasedVM is created, the contents of the /home directory 
of its parent TemplateVM are copied to the child TemplateBasedVM’s /home...

Is this true in Qubes 4.0 rc3?

In my experience, changes made to /home/user in the template are not copied to 
the appvm when it is created.

Thanks for any help.  -Dave

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66505f5d-68bf-4208-aeb9-4c74714e39e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] vms fail to return memory after pc idle for a long time.

[cooloutac]

didn't realize I left my pc on overnight.  Came back to it to see almost all 
the vms had yellow triangles. 

Computer doesn't go to sleep or anything, and alL i woke was the monitor and 
possibly hdd.   System has 16gb of memory,  was only a couple appvms and 
sys-vms and not much open in them.

should I be worried? lol.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f7a5238c-fcd1-426a-9cf0-92933f8d6c35%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 26 VLC/mplayer fullscreen problem

[donoban]

On 12/19/2017 02:57 PM, 'Tom Zander' via qubes-users wrote:
> On Sunday, 17 December 2017 19:59:36 CET donoban wrote:
>> Any idea?
> 
> If you hit the ‘f’ key to go full screen, or use the application menu, then 
> you end up doing this using the application in the Qube.
> Try to do it using the menu on the titlebar, which makes the trusted-window-
> manager be the one to instruct the full-screen option.
> 
> That tends to work better.
> 

It works ty.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7cdd5f5e-7a40-ecbe-fdbf-7e6d19cc9570%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Fedora 26 VLC/mplayer fullscreen problem

[cooloutac]

On Sunday, December 17, 2017 at 1:59:46 PM UTC-5, donoban wrote:
> Hi,
> 
> since Fedora 25 reached his EOL I have upgraded to Fedora 26 and I am 
> having a problem with VLC.
> 
> When I go to fullscreen mode the video gets the full area of the window 
> but the size of the window is unchanged . If I maximize it, it doesn't 
> get the whole screen. It doesn't get the top panel like an standard 
> maximize of another window.
> 
> Wondering if it could be a Fedora or VLC problem instead Qubes related I 
> tested mplayer too getting the same behavior.
> 
> I have allow_fullscreen = true for all VM's, also this VM doesn't have 
> this problem with debian or fedora 25 templates.
> 
> Any idea?

I use a theme that has those extra buttons in the windows titlebars like above 
user says.  Then you can hit fullscreen with mouse for desktop after making it 
fullscreen in the vm.  take note of the key combination to go back out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/762589c0-d30b-43ff-9a32-8b90f1ad586a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes-mirage-firewall 0.4

[Thomas Leonard]

I'd like to announce the release of qubes-mirage-firewall 0.4:

  https://github.com/talex5/qubes-mirage-firewall/releases/tag/v0.4

This is a unikernel that can run as a QubesOS ProxyVM, replacing sys-firewall. 
It may be useful if you want something smaller or faster-to-start than the 
Linux-based sys-firewall, are worried about possible attacks against Linux's C 
net-front code, or just like playing with unikernels.


Changes since 0.3:

- Add support for HVM guests (needed for Qubes 4). I don't use Qubes 4 myself 
yet, but other people have said it works now for them. Note that the firewall 
itself must still have virt_mode set to 'pv'.

- Add support for disposable VMs.

- Drop frames if an interface's queue gets too long.

- Show (log) the packet when failing to add a NAT rule. The previous message 
was just: WRN [firewall] Failed to add NAT rewrite rule: Cannot NAT this packet


For installation instructions, see:

  https://github.com/talex5/qubes-mirage-firewall/blob/master/README.md

For a blog post explaining the background for this, with a walk-through of the 
code, see:

  http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e43821fd-3027-4a02-8839-110959349527%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: 3.2.1 / An updated 3.2 iso?

[cooloutac]

On Tuesday, December 19, 2017 at 10:05:49 AM UTC-5, Vincent Adultman wrote:
> Hi all
> 
> 
> 
> We were chatting today in IRC about current user expectations and experiences 
> with the 4 release candidates. While many are happily testing there are 
> indeed some visitors who drop by with the requirement of a daily driver 
> stable system, but have some newer hardware than the kernel on the current 
> 3.2 iso will support. These users seem to be in a somewhat painful position, 
> the bravest are attempting to build their own isos or perform some cross 
> install using a machine that will work. Some fail / give up.
> 
> 
> 
> https://www.qubes-os.org/doc/supported-versions/ suggests that at some point 
> a 3.2.1 release was/is planned, h01ger suggested to me all focus is currently 
> on 4, but can I ask:
> 
> 
> 
> 1. What are the current plans for 3.2.1? (if it was planned to be anything 
> other than an updated iso)
> 
> 2. Regardless of 1. is there a possibility of getting an updated 3.2 iso for 
> Christmas, given that some will undoubtedly use the holiday time to try 
> Qubes, quite possibly on shiny new hardware :)
> 
> 
> 
> Thanks for your time.
> 
> 
> 
> V

sounds like an inherent linux problem,  not much qubes can do about that.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cc19e9e-1336-4181-8a86-58e5b46673cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes in a corporate network behind HTTP proxy

[cooloutac]

On Tuesday, December 19, 2017 at 2:02:11 PM UTC-5, cooloutac wrote:
> On Monday, November 20, 2017 at 5:01:45 AM UTC-5, pr0xy wrote:
> > Please help a somewhat noob who wants to use Qubes in the office.
> > 
> > I got the OK to try using Qubes R3.2 in my company network as a
> > workstation. They have a very restrictive proxy that forces all traffic
> > through an HTTP/HTTPS proxy like:
> > 
> > proxy.example.com:8080
> > 
> > How could I force all Qubes traffic to go through that proxy and that
> > port?
> > 
> > Would that be in sys-net, or a Firewall VM?
> 
> I woiuld ask the it guys at your company how to do it from linux.   Then I'd 
> create a new template vm and also proxy vm if you'd like and do basically 
> same thing.
> 
> https://www.qubes-os.org/doc/firewall/

 or just do it in sys-net like Uman said, which is suspect anyways.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c776ea84-f3f0-44d8-b64d-e1950d5388e3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes in a corporate network behind HTTP proxy

[cooloutac]

On Monday, November 20, 2017 at 5:01:45 AM UTC-5, pr0xy wrote:
> Please help a somewhat noob who wants to use Qubes in the office.
> 
> I got the OK to try using Qubes R3.2 in my company network as a
> workstation. They have a very restrictive proxy that forces all traffic
> through an HTTP/HTTPS proxy like:
> 
> proxy.example.com:8080
> 
> How could I force all Qubes traffic to go through that proxy and that
> port?
> 
> Would that be in sys-net, or a Firewall VM?

I woiuld ask the it guys at your company how to do it from linux.   Then I'd 
create a new template vm and also proxy vm if you'd like and do basically same 
thing.

https://www.qubes-os.org/doc/firewall/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dc4e8542-0ab1-4873-bde2-01db2a02040c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

[cooloutac]

boom,  was just aobut to suggest this.   its the beauty of qubes.  do it for 
any anomaly.  when in doubt delete it and recreate it in seconds.  its the most 
suspect vm of them all.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/638deced-d729-4e78-b9e5-177c41f1026a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

[cooloutac]

boom,  was just aobut to suggest this.   its the beauty of qubes.  do it for 
any anomaly.  when in doubt delete it and recreate it in seconds.  its the most 
suspect vm of them all.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58b5205b-4b16-4757-9fcf-7661185413a8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

[Unman]

On Tue, Dec 19, 2017 at 03:09:05PM +0100, 'Tom Zander' via qubes-users wrote:
> On Monday, 18 December 2017 10:13:48 CET pr0xy wrote:
> > I am still a bit stuck concerning the Qubes Update Proxy. Where would I
> > set the environment variables for my corporate proxy so that I could
> > update dom0, templates and VMs?
> 
> You should add sys-net to your template VM if you want that since the proxy 
> that is in place today is to avoid your template VM from accessing the 
> intranet or internet outside of your own machine.
> 
> Then google on where the template operating system (Fedora or Debian etc) 
> sets proxies for doing the command-line update, the configuration is the same 
> as Fedora or Debian etc.
> I don’t know fedora at all,
> in archlinux you’ll have a file in /etc/pacman/ which sets the current proxy, 
> in debian you’ll likely have one in /etc/apt/
> 
> grep -R -i  PROXY /etc/*
> 
> may be useful too.

Tom

Ive suggested before that if you give this advice you should
clearly state the consequences.

op - please dont do this. sys-net will not enforce a firewall and it is
bad practice to expose your templates in this way.

i understand you chose  not to use the iptables route.
If you want to combine the Qubes proxy with an external proxy on
your network you should be able to do this by editing the tinyproxy.conf
file. You will find this in /etc/tinyproxy.

Qubes uses tinyproxy for all the template updates. you can make
tinyproxy use an external proxy.
The change you need to make is:
upstream  host:port

check the documentation at
https://tinyproxy.github.io

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171219153349.vmkxn7epchvynfrm%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

[Kushal Das]

On Tue, Dec 19, 2017 at 8:29 PM, Roy Bernat  wrote:

> Its happen to me also .
>
> you should restart the computer and try again .
>
> if not copy the appvm .
I kept rebooting from last Thursday :) I finaly solved the issue by
recreating the vm. I wrote
a post about the same at [1]. I hope this will help someone in future.

[1] https://kushaldas.in/posts/duplicate-mac-address-error-in-qubes-vms.html

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbyRXDorTvMDZjmLJcXV%3DQQq-Oy8fPN%3D-cQ75ZwPH8pZ8g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 3.2.1 / An updated 3.2 iso?

['Vincent Adultman' via qubes-users]

Hi all

We were chatting today in IRC about current user expectations and experiences 
with the 4 release candidates. While many are happily testing there are indeed 
some visitors who drop by with the requirement of a daily driver stable system, 
but have some newer hardware than the kernel on the current 3.2 iso will 
support. These users seem to be in a somewhat painful position, the bravest are 
attempting to build their own isos or perform some cross install using a 
machine that will work. Some fail / give up.

https://www.qubes-os.org/doc/supported-versions/ suggests that at some point a 
3.2.1 release was/is planned, h01ger suggested to me all focus is currently on 
4, but can I ask:

1. What are the current plans for 3.2.1? (if it was planned to be anything 
other than an updated iso)
2. Regardless of 1. is there a possibility of getting an updated 3.2 iso for 
Christmas, given that some will undoubtedly use the holiday time to try Qubes, 
quite possibly on shiny new hardware :)

Thanks for your time.

V

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/N-1wnPOykS8pCH8sPzKe9RLHQ4fxFkfG2II-1yZdMUHiuRzDUIyJuo53uH1j30YuVS7nmj0yjRWZr6_xiPCaNirEDjD8ebGDoe4ak7n9jwc%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Duplicate MAC address error

[Roy Bernat]

On Tuesday, 19 December 2017 10:39:37 UTC+2, Kushal Das  wrote:
> Hi,
> 
> My Qubes 4.0rc3 (updated) is showing error for sys-net vm saying it
> has a duplicate mac address for the NIC. This error message came
> before (on the fresh install), and was fixed in a few reboots. But,
> now I could not make it work for the last few days :(
> 
> Any tips how to solve this? I could not find any duplicate NIC value
> in the /var/lib/qubes/qubes.xml file.
> 
> 
> Kushal
> -- 
> Staff, Freedom of the Press Foundation
> CPython Core Developer
> Director, Python Software Foundation
> https://kushaldas.in

Its happen to me also . 

you should restart the computer and try again . 

if not copy the appvm .

Roy 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83377a42-23bb-477a-94cf-cb017dab01bf%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes in a corporate network behind HTTP proxy

['Tom Zander' via qubes-users]

On Monday, 18 December 2017 10:13:48 CET pr0xy wrote:
> I am still a bit stuck concerning the Qubes Update Proxy. Where would I
> set the environment variables for my corporate proxy so that I could
> update dom0, templates and VMs?

You should add sys-net to your template VM if you want that since the proxy 
that is in place today is to avoid your template VM from accessing the 
intranet or internet outside of your own machine.

Then google on where the template operating system (Fedora or Debian etc) 
sets proxies for doing the command-line update, the configuration is the same 
as Fedora or Debian etc.
I don’t know fedora at all,
in archlinux you’ll have a file in /etc/pacman/ which sets the current proxy, 
in debian you’ll likely have one in /etc/apt/

grep -R -i  PROXY /etc/*

may be useful too.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/floweethehub

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3673012.sFe5jTk4l6%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 26 VLC/mplayer fullscreen problem

['Tom Zander' via qubes-users]

On Sunday, 17 December 2017 19:59:36 CET donoban wrote:
> Any idea?

If you hit the ‘f’ key to go full screen, or use the application menu, then 
you end up doing this using the application in the Qube.
Try to do it using the menu on the titlebar, which makes the trusted-window-
manager be the one to instruct the full-screen option.

That tends to work better.
-- 
Tom Zander
Blog: https://zander.github.io
Vlog: https://vimeo.com/channels/floweethehub

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/11660533.ZimtETrxDG%40strawberry.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Qubes GUI for v4

['Tom Zander' via qubes-users]

Last weeks there was a lot of talk about a lot of us missing the
qubes-manager, or frankly any sort of useful graphical user interface.

As I’m a long time programmer I decided to just give this a go and try to 
get something useful going.
My approach is one where I talk directly to the Admin-API (at least when 
running in dom0) from this code which happens to have been written using Qt 
in C++, the code will be GPL licensed.

The GUI is showing some usefulness already, the ‘start’, ‘pause’ and ‘stop’ 
buttons are functional.

I just wanted to show some progress, hope you like it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4703087.nNqGHXKHql%40strawberry.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Recommended wireless or Ethernet card / chipset

[taii...@gmx.com]

On 12/19/2017 12:07 AM, 'EW' via qubes-users wrote:


Hi!

trying to make Qubes 4.0 work on a brand new Ryzen based laptop. No built-in 
ethernet and wireless not working with Linux (yet). Acquired USB ethernet and 
wireless which both work out of the box in Ubuntu but not in Qubes,
They are not seen with sys-usb or "USB in sys-net" options, but are at least seen when 
installing without defined USB assignment. However, then using manager to assign to sys-net, they 
never "get there"...

I tried a lot of things from various posts but to no avail, I'm going to just 
assume for now that the HW is not compatible (they are USB 3 adapters, some 
posts are at least opening the possibility that USB 3 is no really supported 
yet). The system worked off of a USB 3 based SD card though (before I installed 
to bullt-in SSD).

Thus my question - any proposals for "out-of-box" adapters or chipsets?

Thanks,
E.


You don't want a crappy usb networking adapter.

Get a half mini pci-e card that uses an A9K or A5K driver, look on the 
linux wireless wiki for ones that have open source drivers and no binary 
firmware modules required.
Get one that has the max amount of antenna connections your laptop 
supports (mine is 3x3) - I would suggest a dual band 802.11A/N, AFAIK 
there are no open source linux drivers for AC chips but A is still 
plenty fast.


I assume your laptop has a mini pci-e slot like most (mine has two)

In the future I would buy something that has integrated ethernet as that 
is always better supported - I can't believe all the major brands are 
following apples lead and making you buy a dongle for everything while 
saying stupid stuff like "ethernet is legacy"I don't know what is 
"legacy" about the 10gbps that should be coming standard on every device 
- and in reality AC will never ever have the security, speed and 
it-just-works of even 1gbps ethernet as wireless is simply terrible.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6250d13a-f8ad-c1fa-74cf-1aa05f0b27cf%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Duplicate MAC address error

[Kushal Das]

Hi,

My Qubes 4.0rc3 (updated) is showing error for sys-net vm saying it
has a duplicate mac address for the NIC. This error message came
before (on the fresh install), and was fixed in a few reboots. But,
now I could not make it work for the last few days :(

Any tips how to solve this? I could not find any duplicate NIC value
in the /var/lib/qubes/qubes.xml file.


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbysDtTkH6QM3ZwFYW3PBxPTn09AC2S90_gATCW7SawQVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Q4rc3 debian-9 template fails to update.

[Bernhard]

On 12/18/2017 07:34 PM, David Hobach wrote:
>
>
> On 12/18/2017 03:58 PM, Chris Laprise wrote:
>> On 12/16/2017 07:49 AM, Yuraeitha wrote:
>>> On Saturday, December 16, 2017 at 10:51:30 AM UTC, Chris Laprise wrote:
 On 12/16/2017 04:21 AM, haaber wrote:
> I freshly installed debian-9 ; when installing packages, apt-get
> hangs
> for days(!) with
>
> 81% [waiting for headers] ...
> followed by Err:XX Connection failed.
>
> Has someone an idea where to look / how to procede? (there is
> definitely
> no other apt* running ). Thank you, Bernhard

 I just updated a freshly-installed debian-9 on 4.0rc3 two days ago
 without connection errors.

 The difference may be that I have been updating my dom0 with
 --enablerepo=qubes*testing, and a template having connection errors
 suggests a problem with dom0/xen or with whatever is running sys-net.

>>
>> Now I'm experiencing this with fedora-26 updates.
>
> Yes, I know that issue for quite some time as well on debian-8 (I had
> done a testing upgrade there some time ago as well). Disabling the
> Qubes proxy & allowing a direct connection fixes it for me, but of
> course that shouldn't become a permanent solution.
>
I don't like direct connection. I am more and more convinced that
hilbernate/suspend is the origin of these problems. I tried out a full
reboot of all net-related qubes (sys-net, sys-firewall, sys-whonix) ,
and that indeed solves the pb.  I now look, as a better workaround, for
a dom0-script that: on running qubes saves the NetVM setting, then sets
NetVM to none, then reboots these 3 bad guys, and finally restores old
NetVM's. How could this be done?  Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b21b25a3-4188-be6d-aad1-325360ba8d78%40web.de.
For more options, visit https://groups.google.com/d/optout.