[qubes-users] Re: VM Manager update / VMM setup for AppQube for web or mail only?
I'll take a shot, also willing to learn more if I am missing something: I would try to find the IP of the email provider if you are using a VM for email, e.g. Tutanota's IP address is: 81.3.6.162(no IMAP wit them), therefore my firewall settings for that VM would be: IP: 81.3.6.162 Service: https (or port 443) Protocol: TCP Things I have learned about the firewall include: 1) You can type a port number into the service field vs just using whats in the "Services" dropdown selection 2) MXToolbox is a good tool to find an IP address of a website 3) I created a print VM that only allows access to my networked printer IP and the network printer's port. With this VM I can access only the printer. Maybe your vault uses this VM as its DVM. I don't trust printers in general but at least its restricted For web only 443(https) and 80(http) are all that is needed for the most part. I believe ICMP(pings) and port 53(DNS) are allowed automatically. Open to being corrected? It would be nice to control the DNS more (Quad9 DNS resolver or OpenDNS). Not sure how to do this with ease. For Thunderbird, you could research your email providers IP and change the "*"/ANY for the specific IPs or IP. Google, Apple and others generally publish the ports needed for a service to work. Qubes team I would agree this latest update is working like a charm and has improved Qubes Manager and the Fedora/Pulse Audio update problem I was having. Thank you again for the work! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ac5095b-a77a-449d-b6b4-60b4b20cd6b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VM Manager update / VMM setup for AppQube for web or mail only?
Looks like the last dom0 update fixed the notifications of open/close VMs, and I believe the 'refresh' VMM is gone now? Is that right, so I assume it auto-refreshes in Q4.0 ? My question is simple, and sorry I'm iptables/fw illiterate but I was thinking for some time. For another layer of security I should use the VMM fw , which currently is blank in all the AppVMs except for one where in the Firewall rules Tab I've entered : address * Service https Protocol TCP and address * Service http Protocol TCP in 9/10 of my AppVMs I am just webbrowsing ; occasionally I use Hexchat or VLC , Signal or other messengers I use Thunderbird in it's own AppVM Is there anything further I would want for a Web only fw in the VMM and What should I use for Thunderbird ? address * Service SMTP Protocol ANY address * Service IMAP Protocol TCP address * Service IMAPS Protocol TCP or do most folks just not bother with further fw AppVM settings Lastly, what exactly happens in sys-firewall with default settings ? thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/96aafc33-ea69-dbb6-2370-2237fb6cf0f9%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4, copy/paste not working between AppVM's
On 08/04/2018 09:34 AM, max.militant-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > fredag den 3. august 2018 kl. 16.28.37 UTC-4 skrev John S.Recdep: >> On 08/03/2018 04:45 AM, >> max.militant-re5jqeeqqe8avxtiumwx3w-xmd5yjdbdmrexy1tmh2...@public.gmane.org >> wrote: If you open the VM Manager and go to Qube-> Keyboard Layout what is it set to ? >>> It's default on my individual VM's (set to qubes default layout). My Qubes >>> (Dom0) model is Generic 105-key (intl) PC on my Purism 13v2 laptop. The >>> layout is Danish. >>> >> >> I suppose you've tried setting dom0 to default to troubleshoot ? And >> sorry to ask but when was it last working, and did you change/install >> something etc ? > > Actually you hit the spot. If I'm running danish keyboard (system tools - > keyboard), the copying doesn't work. If I run system default in qubes and set > the layout to danish on every VM, it works. > > Thank you for showing me the forest, I apparently missed because of all the > trees :) > > Sincerely > Max > happens to me all the time, I just need to write it out, and hear it back from someone, sometimes :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b14b2ced-0843-cec9-d03a-19c3ef04cb64%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Purism Librem 13v2
Major issues with Coreboot, crashes, etc. - https://forums.puri.sm/t/building-coreboot-from-source-official-script/1264/113 - https://github.com/QubesOS/qubes-issues/issues/3753 After several updates, install went fine. Now only minor issues: Rattling fan noise, due to bios version. Will maybe get fixed: https://militant.dk/Ny%20optagelse%203.m4a?dl=0 Pipe not recognized properly: To make change permanent a workaround is required: https://forums.puri.sm/t/keyboard-layout-unable-to-recognize-pipe/2022/3?u=max4 Having issues with danish keyboard layout and the '@' sign. Also having issues with keyboard layout in qubes has to be default and not danish, since copy paste fails to work. Can not recommend this laptop for Qubes usage. I even ordered it with qubes installed, but PureOS was installed and I had a battle to get things right. Took forever and is actually not worth it, in my book. Read about it here, if you like: https://www.militant.dk/2018/02/22/ordering-a-purism-librem-13v2-to-run-qubes-4-0rc4/ Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c7302dc-e925-60ba-3ea5-f8a2e0762df7%40militant.dk. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Purism-Librem_13_v2-20180804-220810.yml Description: application/yaml signature.asc Description: OpenPGP digital signature
[qubes-users] android networking at Q4
Hello, How to setup networking (internet access) at Android / Qubes 4? Thanks! 2Qubes Devs: thanks for new Qubes Manager :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/Q7FBo8DrD0hqMHx1Gjwj_kQNU1xCSN6-mwOSFpRYj-uDe0PFSQrmEeQSPwQiAa1pid7zvtHEfeQsGr0fmEuRwqvLUnjBK3c2R_6yLENjHpA%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes 4, copy/paste not working between AppVM's
fredag den 3. august 2018 kl. 16.28.37 UTC-4 skrev John S.Recdep: > On 08/03/2018 04:45 AM, > max.militant-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > >> If you open the VM Manager and go to Qube-> Keyboard Layout what is it > >> set to ? > > It's default on my individual VM's (set to qubes default layout). My Qubes > > (Dom0) model is Generic 105-key (intl) PC on my Purism 13v2 laptop. The > > layout is Danish. > > > > I suppose you've tried setting dom0 to default to troubleshoot ? And > sorry to ask but when was it last working, and did you change/install > something etc ? Actually you hit the spot. If I'm running danish keyboard (system tools - keyboard), the copying doesn't work. If I run system default in qubes and set the layout to danish on every VM, it works. Thank you for showing me the forest, I apparently missed because of all the trees :) Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/31ce96dc-84c0-4ae9-8ccd-be30bf7acf63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] NSA’s Encryption Algorithm in Linux Kernel is Creating Unease in the Community
Just reading this. It appears Speck is a module and can be excluded, so hopefully nothing to worry about. https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/59af40f7-5b79-4b78-bb84-eb796e6fb2ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: newbie question about converting pictures into a trusted image
On 08/04/2018 06:11 AM, tirejeremy-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: > Can you help please to understand how it works more deeper > > Why all random pic (jpeg,png, bmp etc) marked as untrusted. Are they not > passing the tests on dispvms? > > *.jpg-untrusted - Does it usable or not? > > if I have many different virtual machines (dispvms based on different > templates, which one do the tests start and do they run at all? how to check > it? very grateful. > > https://github.com/QubesOS/qubes-issues/issues/2437 > https://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html > I am guessing "untrusted" is just the Name of your AppVM (qube), there is no tests . There is the ability to "create trusted pdfs" via an Disp Qube which transforms the pdf format to all pixels then it puts a larger copy back in your original App Qube and changes the name to "foo-trusted.pdf" but its no longer a pdf per se I hope that helps ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20f1a263-a4a4-00ba-17d2-b95f170cfc1d%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] newbie question about converting pictures into a trusted image
Can you help please to understand how it works more deeper Why all random pic (jpeg,png, bmp etc) marked as untrusted. Are they not passing the tests on dispvms? *.jpg-untrusted - Does it usable or not? if I have many different virtual machines (dispvms based on different templates, which one do the tests start and do they run at all? how to check it? very grateful. https://github.com/QubesOS/qubes-issues/issues/2437 https://theinvisiblethings.blogspot.com/2013/02/converting-untrusted-pdfs-into-trusted.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/de8a222c-1fdc-469f-95c6-138f03289dc9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to Disable Wi-Fi in Qubes 4.0?
On Fri, August 3, 2018 7:52 pm, Daniil .Travnikov wrote: > Tell me please the command in Dom0 or maybe somewhere in settings. How > can I disable the Wi-Fi adapter? Right click the Wifi icon top right, edit connections, edit the one for wireless, uncheck "automatically connect" on general tab. If you want to disable it entirely, check your UEFI configuration- should be able to turn off the adapter there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c550573f185b31c1f57661b0b33ca24.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QWT has effect in Dom0
On Fri, August 3, 2018 5:33 pm, Sven Semmler wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > Let me describe my issue once more, maybe a bit easier: > > > - -> I have a Windows 7 HVM and when I install QWT 4.0.1.3 I get the > shared clipboard and the ability to send/receive files from other VMs > > - -> but something in Dom0 seems stuck... > > > -> when I try to launch another Fedora based VM nothing happens, > until... > > -> ... I shutdown the Windows VM. Then the Fedora VM launches. > > > -> Even qmv-ls on Dom0 is stuck "please wait \" until I shutdown > the Windows VM. > > This is not a resource problem. I routinely run 20+ VMs, have 32 GB of > memory and 800+ GB of free space. > > Any ideas? You might want to add the above as a comment on the related issue: https://github.com/QubesOS/qubes-issues/issues/3585. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c841de71da71f28b475add48d15b8f33.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encrypt only part of SSD or How to encrypt after installation?
On Fri, August 3, 2018 3:53 pm, Steve Coleman wrote: > > On 08/03/18 03:56, Daniil .Travnikov wrote: > >> I installed Qubes 4.0 and in process of installation I created only >> >> >> /boot/efi 400MB >> / 240GB >> >> >> Even I set passphrase in some reason the '/' did not encrypted (maybe I >> did some mistake) and now I have non-encrypted 240Gb drive with Qubes >> OS. >> > > That's not a mistake. A computer can not boot from an encrypted > partition without a little magic to load the unencrypted executable image > first. I think Daniil is saying he manually set partitions, and tried to use the installer to LUKS encrypt "/", not "/boot/efi". >> I created this volumes manually because I need to install second OS - >> Windows 7 (multi-boot) on the rest of 250 GB on SSD drive. That's why I >> can't use the whole drive encryption. >> >> I need only the part of drive to be encrypted. >> >> >> >> >> Now as I can see I have 2 possible variations: >> >> >> 1. Encrypt this 240 GB part of Drive after Qubes 4.0 installation. Not sure how to do this after install. >> 2. Re-install Qubes 4.0 with right options in installation process. According to https://fedoraproject.org/wiki/Disk_Encryption_User_Guide, when creating an individual partition you can check the "Encrypt" checkbox. Try that for "/" when you re-install. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc28dba27ed4d92b612ed75a01602dce.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Request clarification on using a USB-qube vs all USB devices on dom0
On Tue, July 31, 2018 2:26 pm, Ole wrote: > I cannot seem to figure this out on my own: > > > If I have a USB-qube and use a USB keyboard and mouse, obviously the > USB-qube will have full control over my system. > > > But is this any worse than having all USB devices on dom0? (The general > tone in the documentation[1] makes it sound like it is, but I cannot find > a mention of a concrete problem that could arise.) I think it's more about bad USB devices that drop a compromise into the system. If you're using dom0 to handle USB, getting it compromised is very bad vs. just bad if using sys-usb. The documentation is saying a PS/2 keyboard in dom0 is preferable to a USB one in sys-usb. > If I forward USB devices from the USB-qube to other qubes, does this open > up the USB-qube to attacks from those qubes? (This would be the only > reason I could think of why using a USB-qube with input devices would be > less secure. But I cannot find whether this is true or not.) I think some USB commands are filtered out on device forwards, so I expect they've considered the possibility but I'm not familiar with the exact mechanisms involved. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dcbf5133d85ca932bc2c6b4042459736.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: getting usb broadband working in Qubes 4.0
On 08/01/18 16:33, delightdazza-re5jqeeqqe8avxtiumw...@public.gmane.org wrote: hi all, new to Qubes and pretty clueless atm about Qubes. Background is 25 years on Windows and a few years on Linux Mint. I finally got sick of Microsoft and Qubes ticks all the boxes. Seems a pretty steep learning curve, tho, and am in desperate need of help. With Mint, i just plug the usb dongle in, and hey presto - internet connection. Have dug around a little and the following is the only info i can give regarding getting the usb dongle to work: Result of lsusb: Bus 002 Device 001: ID 1d6b:003 Linux Foundation 3.0 root hub Bus 001 Device 010: ID 12d1:14dc Huawei Technologies Co., Ltd Bus 001 Device 008: ID 046d:c534 Logitech, Inc. Unifying Receiver Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Result of sudo dmesg | grep -i cdc: [ 537.011842] cdc_ether 1-7:1.0 eth0: register 'cdc_ether' at usb-:00:14.0-7, CDC Ethernet Device, 0c:5b:8f:27:9a:64 [ 537.012563] usbcore: registered new interface driver cdc_ether [ 537.073972] cdc_ether 1-7:1.0 enp0s20f0u7: renamed from eth0 from what i have learned the modem is not being recognized, as there is no ttyACM0 i have read that i need to create a usb VM, and then enable Network Manager in it, Any help would be appreciated. You might have asked for a usb vm when you installed qubes as an optional component. There is a way to install as a package from dom0 in a running quebes AFAIK, check docs, google. Then: 1. Find out which VM owns the USB. system tools - qube manager see if you have an "sys-usb" 2. If you have sys-usb: right click - qube settings click on the devices tab check if you have your USB controller in the "selected" list (it is probably the only entry) If not find the USB controller on the "available list", highlight and click on "", "apply" "ok" 3. verify that your device is seen in this vm right click on the sys-usb again, select execute command, type "xterm" issue the lsusb command your device should be there 4. allocate this device to "sys-net" using the widget, the same one that allocates the microphone. You might need the output of lsusb above to figure which is your device. _ Citromail.hu levelezőrendszerből küldve Lépj be vagy regisztrálj -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20180804103417.8045%40citromail.hu. For more options, visit https://groups.google.com/d/optout.