[qubes-users] MTU setting for all interfaces
I have MTU 9000 set on my internal network. sys-net connects to this network. I want all qubes VM interfaces to default to MTU 9000 rather than 1500. Is there some simple global setting I can make to enable this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/deb2ae5e-6a2b-6fe1-17d1-ff53c6f7fc6d%40damon.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best ideal laptop for Qubes?
On Saturday, February 23, 2019 at 4:09:35 PM UTC-5, dexint...@gmail.com wrote: > Where can I find the memory guide? I have 16gb X1C6 that I acquired a couple > days ago. So far 16gb is running my Qubes well but hey might as well do some > tweaks.
Re: [qubes-users] [warn] last whonix-gw update, ipv6 and possible VPN leak!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Feb 15, 2019 at 09:14:51PM +, 'Evastar' via qubes-users wrote: > Hello, > > Seems after last whonix update my old VPN VM begin leaking traffic. After > investigation I found that it's because ipv6 primary connection to whonix-gw. > I guess that whonix-gw now supporting ipv6. It leak traffic through ipv6 > connection to whonix and ignore my default old ipv4 setup. > "qvm-features VM ipv6 0" fixed this issue! "0" in the command above is _not_ the correct way to disable it. It should be an empty string: qvm-features VM ipv6 '' Details: https://www.qubes-os.org/doc/networking/#ipv6 Anyway, Whonix comes with firewall rules blocking native IPv6, regardless of the above setting. If you reach some IPv6, it must be tunneled over Tor - - which does support IPv6. > But I'm not sure about all my others vpns and leaking with ipv6. How I must > fix this at vpn setup (on load) to be 100% sure that it never happen again? As Chris already mentioned, one way is to add extra firewall rules: https://github.com/QubesOS/qubes-doc/pull/795 qubes-vpn-support / qubes-tunnel also comes with relevant firewall rules. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxx5PAACgkQ24/THMrX 1yxNqQgAjVLqHETPZrpGoSIDCSEuqeK+vxsC8qjYKZnxOpUYBF4aEY54Jl1Uuo/n 9teh/XisK/25tarxSi+IZyvO//fA9KXHxB4ebFW5WJOqR3a+KakjvudXwuZFUNpv Zy76Tm6cBlnqWfCxUyJX93RX1TIysz9NoCPyqIQKeLmj01IdRmJGR8nZWnRVqzw7 7AgnCBjscz2h8WJfIZVHCefNH8uOlL3NWU7N7jzCLvVXjZ6NsWaUq3uYqbGskz6O v1X+daV1618H26NGUmg0vHUPjWvund/53uXSxuEj+bjk6ryXrtZZ8cP2u3YzqpCY QxzzLb+/HBNn1GF2ICJkT7tzWKN9Rw== =njJG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190224002728.GH9610%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] disposible vms for sys-net, firewall, usb?
On 2/23/19 4:15 PM, 799 wrote: Hello, Stumpy mailto:stu...@posteo.net>> schrieb am Sa., 23. Feb. 2019, 17:58: (...) dvms could be used for things like sys-net usb and firewall which had never occured to me. I may not be thinking about it right but that seemed like a really good security idea, so my question is, why is that not the default? (...) I am also heavily interested in running "named" disposable VMs as sys-VMs with one enhancement, that I am able to store the Wifi-Credentials in a Vault-VM and that I can "push" the credentials into the sys-net VM when launching it (maybe by some custom scripts which use qvm-run --pass-io from dom0 to copy data from Vault-VM to the Sys-Net-VM). As you may already know, I created a Qubes service that provides most of the benefits of a dispVM by removing, hash checking, repopulating or whitelisting the contents of a VM's private volume: https://github.com/tasket/Qubes-VM-hardening It comes with a default that preserves Network Manager connection info for sys-net. The default also lets most /home files remain, but the executable parts are locked down with the immutable flag. This default can be changed to remove and/or repopulate the entire /home contents (along with everything else in /rw). Settings can be universal or for each individual VM, which allows layered customizations to be made without the need to create additional templates. (All settings are erased in the VM instance before startup is completed.) All of this happens immediately before Qubes first mounts the /rw private volume at startup. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4888d00a-47b5-28f7-cb01-3be2958f40b6%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] disposible vms for sys-net, firewall, usb?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Feb 23, 2019 at 10:15:32PM +0100, 799 wrote: > Hello, > > Stumpy schrieb am Sa., 23. Feb. 2019, 17:58: > > > (...) dvms could be used for things like sys-net usb and firewall which > > had never occured to me. > > I may not be thinking about it right but that seemed like a really good > > security idea, so my question is, why is that not the default? (...) > > > I am also heavily interested in running "named" disposable VMs as sys-VMs Take a look here: https://www.qubes-os.org/doc/disposablevm-customization/#using-static-disposablevms-for-sys- Multiple different DispVMs is a feature new in Qubes 4.0 and we're still exploring what would be the best configuration for disposable sys-*. > with one enhancement, that I am able to store the Wifi-Credentials in a > Vault-VM and that I can "push" the credentials into the sys-net VM when > launching it (maybe by some custom scripts which use qvm-run --pass-io from > dom0 to copy data from Vault-VM to the Sys-Net-VM). The above documentation cover this with another solution - have separate DVM template for it. This have one important advantage - will work universally regardless of configuration/tools you use, including custom VPN scripts etc. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAlxx0jUACgkQ24/THMrX 1yy4fQf8Ctbpd5mFk1BVx8O5EihKiJCTCFKPdUNECZ4NMRa6O3BJb2BgPR3uREu5 N+fBnDtBIrIvKADgO4LlA0FRFqKnmgwcMjOUXHu8RpFV+CjdeoJMytw9d/LWh23B w59/UQonxery+jgIgfaK86+Z6JvcytABeeZp88YOGainNEGY3YDLJMPDTf8MKrwI B+6vNdvoW6po7fC+wiO8PmNJ0flhnTfK4VutM2zY8/x6b3koYnPCbRXwlv6IrVMt k22WkCPcw90TX9AmPIo6mzn6vjwOMrPvgmpRVa9qiUeey3ww6soZ8VIupOlIBHOt cpHOd4JXml6SJY7MwmVUrgW0b3pIVg== =PfGZ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190223230734.GG9610%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fwd: Qubes on Macbook Pro 14,3
Hello everyone, Despite my obvious poor choice of security preferences when purchasing a MBP 14,3, I'd like nonetheless to get Qubes going. I have a fast portable SSD drive on the USB type C that I have installed it to. The keyboard and mouse don't work from the installation start so I use a usb keyboard/ mouse. Now I can get through the installation. Despite the installer saying it won't change anything on the main drive, it does edit the first preference of booting device in the EFI settings. When the sytem boots automatically I have a black screen. Instead I reboot with the drive out, which on my machine allows ReFind to load (great thing that is). If I pass the commands /mapbs and /noexitboot to the xen start up option, I get a screen. I have managed to get through the configuration on first boot. On auto rebooting, I have to unplug again then reboot with Refind, pass the same options. Again, I get a screen, type my decryption password etc. Eventually I get a mouse on a black screen. Eventually the mouse stops moving and the system reboots. Any ideas how I can troubleshoot this? Or ideas how to fix it. It would be ideal for me to keep the system portable, for plausable deniability purposes and obvious portability. My system specs are: Model Name:MacBook Pro Model Identifier:MacBookPro14,3 Processor Name:Intel Core i7 Processor Speed:2,8 GHz Number of Processors:1 Total Number of Cores:4 L2 Cache (per Core):256 KB L3 Cache:6 MB Memory:16 GB Intel HD Graphics 630: Chipset Model:Intel HD Graphics 630 Type: GPU Bus: Built-In VRAM (Dynamic, Max): 1536 MB Vendor: Intel Device ID:0x591b Revision ID: 0x0004 Automatic Graphics Switching: Supported gMux Version: 4.0.29 [3.2.8] Metal:Supported, feature set macOS GPUFamily2 v1 Displays: Colour LCD: Display Type: Built-In Retina LCD Resolution: 2880x1800 Retina Framebuffer Depth:30-Bit Colour (ARGB2101010) Main Display: Yes Mirror: Off Online: Yes Rotation: Supported Automatically Adjust Brightness: No Radeon Pro 555: Chipset Model:Radeon Pro 555 Type: GPU Bus: PCIe PCIe Lane Width: x8 VRAM (Dynamic, Max): 2048 MB Vendor: AMD (0x1002) Device ID:0x67ef Revision ID: 0x00c7 ROM Revision: 113-C980AJ-927 VBIOS Version:113-C9801AP-A02 EFI Driver Version: 01.A0.927 Automatic Graphics Switching: Supported gMux Version: 4.0.29 [3.2.8] Metal:Supported, feature set macOS GPUFamily2 v1 Regards and thanks in advance, M -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190223215255.28BC6E076D%40smtp.hushmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] disposible vms for sys-net, firewall, usb?
Hello, Stumpy schrieb am Sa., 23. Feb. 2019, 17:58: > (...) dvms could be used for things like sys-net usb and firewall which > had never occured to me. > I may not be thinking about it right but that seemed like a really good > security idea, so my question is, why is that not the default? (...) I am also heavily interested in running "named" disposable VMs as sys-VMs with one enhancement, that I am able to store the Wifi-Credentials in a Vault-VM and that I can "push" the credentials into the sys-net VM when launching it (maybe by some custom scripts which use qvm-run --pass-io from dom0 to copy data from Vault-VM to the Sys-Net-VM). - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tsoyNd4ksiXAZV1TP%3Dc9F1wU%2BUd%2BNuEg0BPOGBWEChhQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best ideal laptop for Qubes?
Where can I find the memory guide? I have 16gb X1C6 that I acquired a couple days ago. So far 16gb is running my Qubes well but hey might as well do some tweaks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2609e21c-4ffd-49f2-884a-11239386b118%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best ideal laptop for Qubes?
On Saturday, February 23, 2019 at 11:44:51 AM UTC-5, 799 wrote: > schrieb am Sa., 23. Feb. 2019, 14:35: > > Not quite sure why people try use Qubes with laptops. I found far better > > performance on desktops. Laptops are the opposite of flexible. PC's you can > > upgrade to your hearts content. I disagree that laptops aren't flexible. E.g. A 2011(!)-era Thinkpad W520 can be upgraded to 32GB of RAM and 16.4TB of SSD (2 x 7.68TB 2.5" SSD; 1 x 1TB mSATA SSD). 17.4TB SSD if you don't need all your drives to support a standard hardware FDE and don't mind cracking open one of Samsung's portable drives to extract the 2TB mSATA board. Newer higher-end Thinkpad models can do 64B or 128GB of RAM, have 6 core options (12 threads possible, but we turn off HT for now) and support internal 4K displays...but due to the switch M.2 being primary storage with some support for 0 or 1 2.5" SSDs, they are currently limited to 4TB SSD of storage (or 11.5TB if they support 1 2.5" SSD). Faster though...and lighter than older models. > Maybe because for 90% a laptop offers enough performance, has much lower > space & power requirement and can be used flexible? Agreed. I have performed installs on the x230 and x230 tablet and they are quite usable with 16GB of RAM after a little bit of tweaking. Chris Laprise has posted handy default memory tuning advice on this mailing list for constrained memory systems. B -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6fa765e-be53-44ef-b178-701e976446b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Dom0 upgrade and reinstallation packages
On Friday, February 22, 2019 at 7:25:54 PM UTC-5, cooloutac wrote: > On Thursday, February 21, 2019 at 7:40:06 PM UTC-5, Andrzej Andrzej wrote: > > but for example packages related to anaconda and a few others just > > downloaded and did not update them, leaving them in the field for > > reinstallation. Certainly you also had this after the last updates dom0. > > What should I do? Command with dnf system-upgrade reboot? > > Do you have any other repositories enabled. like testing, security? I > vaguely remember something like this happening to me. Have you tried to > update again? The packages were apparently recompiled by the Qubes team, but the versions weren't bumped. They recommend performing dnf reinstall to clear the issue. There have been several threads about this recently. Please see: https://github.com/QubesOS/qubes-issues/issues/4792#issuecomment-465859358 Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2eeff228-452d-4ffc-acc2-d5b623e9608b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix Yes or No
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 19/02/2019 8.12 PM, unman wrote: > On Sun, Feb 17, 2019 at 08:50:01PM +0100, r...@posteo.net wrote: >> On 2/17/19 10:49 PM, jrsmi...@gmail.com wrote: >>> Reading through the post questioning the trustworthiness of >>> Whonix, I can't tell whether we can continue trusting/using >>> Whonix or not. Can someone (preferably in a position to speak >>> for QubesOS), please state, in a straightforward and >>> unambiguous manner, spell this out for us? >> >> Personally, I don't trust Whonix. The decision to not trust >> Whonix is not based on the sysadmin/aussie issue that came up >> recently on the list. I'm simply not convinced that they are >> capable of designing and writing secure software. Furthermore, >> there is no reason to use whonix in the first place, especially >> when you are using Qubes. Creating a tor netvm is rather >> straight forward (and a dispvm that includes the Tor Browser if >> you like to use that as well). If there is enough interest, I can >> also write up a summary on how to do that in Qubes. >> >> Regards > > Have you looked at the qubes-tor package and > www.qubes-os.org/doc/torvm? - that page is removed from the menu > but still available. The qubes-tor package is OK but with some > tweaking makes a solid replacement for Whonix gw - certainly for > live images and machines with limited RAM. imo the decision to > deprecate that package and then remove all reference to it from > the docs was a mistake. > > unman > It's not true that all reference to TorVM was removed from the docs. In fact, the intro section of our main Whonix page specifically mentions TorVM and links to the the TorVM page. [1] As you know, the decision to deprecate TorVM was years ago, [2][3] and it's been unmaintained ever since. Using it now could be dangerous, unless you really know what you're doing. [1] https://www.qubes-os.org/doc/whonix/ [2] https://github.com/QubesOS/qubes-issues/issues/1196 [3] https://github.com/QubesOS/qubes-issues/issues/1201 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlxxpKUACgkQ203TvDlQ MDAfIhAAni1qEcGYUJZ2Rvr7mzlenxY4BAY/I5fxm+ROZpMxWMmkJBJGHvRoPn8b W39f+d1WRH6RXCb9xsoJ9up4fTs05ZmjD8mULwoy5ugh58lYLfipTJwGyOLReQnM DtkpWhmLxGF8O8U3ndjZJLOBSg73EmnlxsyDwLdBdVkqSfzCS++pdPlpjEgjfjSy H8gBX+YnBuev/hUdTDBYsLsoHy35uIlq/AWkULLv+Md8zLh9fCfqHYsvRNdbUFfA 7aCv/9M2KwNZyWAr8hjhVyncPaqKHupaROv3bRN9sKCiH3vjFapNb44FRTMO1cb7 NytBgwR2mimluXvYFgFhOq7RzRgejmB1ZeNvmV98FFOJAOlE/Wadc4BIPd77aRWk z6lZCcUz7OfoAUYfO2FqlGhJJjLsSX8qMcnv2hNTHRBbj7SLDsXisoBIxXpVHDTi zFCU/d8UimN9gOodybfF4TxkwG3taRO7GmDzhZJMx2S3uzqZpgAO9qut8lzZAevl SH3grIuANK3BBkqi+2QcXuKByxljVTjiZocxwjdmJP3a5pgG258zTxn43+QW2PU5 WB1/maSXyColKLHcimypxTpBHFNw/EjecqUiCWFMZgQAlsLYjjfA87O7pg5/YnYf ICPz6EW9Chb2wP3ULSIcwnXkm6q22HpsUfTzk9Ld2fbx8RWyJAg= =6ucB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28874664-abb4-6d34-a5ae-7a35d62fd592%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix Yes or No
On 2/19/19 5:05 PM, ashleybrown...@tutanota.com wrote: > > Personally, I don't trust Whonix. The decision to not trust Whonix is > not based on the sysadmin/aussie issue that came up recently on the > list. I'm simply not convinced that they are capable of designing and > writing secure software. Furthermore, there is no reason to use whonix > in the first place, especially when you are using Qubes. Creating a tor > netvm is rather straight forward (and a dispvm that includes the Tor > Browser if you like to use that as well). If there is enough interest, I > can also write up a summary on how to do that in Qubes. > > Regards > > > Please, it would be greatly appreciated. Especially on how to ensure no > clear traffic happens and that it only goes over tor. This is covered now here: https://hackmd.io/JIXLStC-Sbq8rr1mjomCDQ Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28b16c3f-5144-150b-b8e7-b2578c6cf3a4%40posteo.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix Yes or No
On 2/20/19 3:12 AM, unman wrote: > Have you looked at the qubes-tor package and www.qubes-os.org/doc/torvm? > - that page is removed from the menu but still available. > > The qubes-tor package is OK but with some tweaking makes a solid > replacement for Whonix gw - certainly for live images and machines with > limited RAM. > imo the decision to deprecate that package and then remove all reference > to it from the docs was a mistake. I fully agree. See https://hackmd.io/JIXLStC-Sbq8rr1mjomCDQ for a first guide on a simple tor gateway (sys-tor). Looking forward to discussions! Regards PS: I will continue to write up a more advanced guide that covers clock synchronization over Tor, routing DNS requests of non-torified VMs through Tor, and routing VM updates over Tor. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f319543c-11ed-c876-a7a9-60376d839f06%40posteo.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to fix Intel CPU Throttling on Qubes?
So I have an X1C6 and there seems to be an issue with the intel CPUs throttling. I found this https://github.com/erpalma/throttled/blob/master/README.md Which happens to work on Linux but I’m not sure on how to get it to work on Qubes, any help would be appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3715d2c4-c18c-4c51-9fba-c8603933492d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] disposible vms for sys-net, firewall, usb?
Hi, I was customizing my dvm templates and of course had to refer to the docs (thanks doc maintainers/contributors!) and it mentioned that dvms could be used for things like sys-net usb and firewall which had never occured to me. I may not be thinking about it right but that seemed like a really good security idea, so my question is, why is that not the default? Just curious, i suppose the same could be said about why arent vms hardened by default (which i get the impression is because its a bit of a PITA). Anyway, i'd be curious to know. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f481f7cc-ceca-4fdf-0e03-c5266f1d7d50%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best ideal laptop for Qubes?
schrieb am Sa., 23. Feb. 2019, 14:35: > > Not quite sure why people try use Qubes with laptops. I found far better > performance on desktops. Laptops are the opposite of flexible. PC's you can > upgrade to your hearts content. > Maybe because for 90% a laptop offers enough performance, has much lower space & power requirement and can be used flexible? And because maybe more people "have to use" computers than they "like to build" them thereselves. Just a guess ;-) I was asking the other question: Who is buying those desktop PCs today? - O -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tpO6odOyvObqC6cqdFZ84pE4_vjgZpTwrJtuOuD022gA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] last qubes-dom0-update brings kernel 4.19 and crashs login
> hd7790 should work fine using the old radeon driver though. How to enable the old driver, though? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e5412aa-1e1f-4e15-b52b-fb2a9cce9f4a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Android-x86 7.1-r2 with GAPPS installation guide
On Tuesday, February 19, 2019 at 10:38:39 AM UTC, nosugar...@gmail.com wrote: > Hi Alex, > > Let me just start by saying a massive thank you. This guide has been great. I > have used it for the 8.1 - Oreo - which was just changing: > 'repo init -u git://git.osdn.net/gitroot/android-x86/manifest -b > android-x86-7.1-r2' to 'repo init -u > git://git.osdn.net/gitroot/android-x86/manifest -b oreo-x86.' > > With 8.1, mouse support comes out the box and completing the last part of the > guide actually makes the mouse worse in Oreo. So, disregard that part anyone > following this guide for 8.1. You can change resolution by affixing 'vga=ask' > and choosing your desired resolution > (https://groups.google.com/forum/#!topic/qubes-users/KZm8aGJuiO0). > > I have come across one issue, and I am wondering if you could help me. > Android has installed great, and loads up fine. However, I simply cannot open > the Settings app, as it crashes every single time. Others who have > encountered this issue modified it using adb > (https://stackoverflow.com/questions/3480201/how-do-you-install-an-apk-file-in-the-android-emulator?rq=1), > but I don't know how to do this with a Qubes HVM. Any help with this? > > Thanks in advance :) You can use adb via network: Create tmpvm with adb. Select Networking vm for tmpvm with adb to sys-android. Select Networking vm for Android VM to sys-android. In sys-android run: sudo nft add rule ip qubes-firewall forward meta iifname eth0 accept sudo iptables -I FORWARD 2 -i vif+ -s 10.137.0.0/24 -d 10.137.0.0/24 -p tcp -m conntrack --ctstate NEW -j ACCEPT In android terminal run: su setprop service.adb.tcp.port stop adbd start adbd In tmpvm witd adb run: adb connect 10.137.0.xx: Where 10.137.0.xx - android IP And then run your commands. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9cd2dfa9-8dec-4d19-aa46-435763450951%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best ideal laptop for Qubes?
On Thursday, 21 February 2019 11:49:27 UTC+11, dexint...@gmail.com wrote: > I've been spending hours and hours looking at laptop configs from dell to > lenovo and I still have yet to make a decision. I'm hoping you guys can help > me. > > Uses: > > - Programming > - Web Dev > - Tor > - Screen real estate > - Regular web surfing and videos > - Some video and photo editing but I have a PC for that > > I'd like to keep cost as low as possible but my budget is very flexible if I > need to stretch it. I want something that will last me 3-5 years. Not quite sure why people try use Qubes with laptops. I found far better performance on desktops. Laptops are the opposite of flexible. PC's you can upgrade to your hearts content. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae42b5a1-e412-4ec7-ac27-1b160f695c0c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Lenovo G505s A10-5750m / qubes 4.0rc5 / Unsupported Hardware Detected
By the way: Mike Banon frequently visits reddit.com/r/coreboot , so you may also ask him if you have some coreboot G505S questions -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/055ef80f-dbac-4c28-ac2e-e4ddef65c142%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: tor with ipv6 leak, what is this threat modle?
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com wrote: > Hi All, > > > Recently I noticed ipv6-test website can see tor browser’s ipv6 address > > though it might not be necessaiyly my own ipv6, but that does somehow put me > on alart and to post a question at here, > > I do see other people asked this question at stackexchange before, but I > don't quite get the answer for the question of mine. > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com > > So I like to know if it's secure to check webmail thought tor, since if exit > node's ipv6 can be identified, > there is a chance to track further back to other nodes as well. > > you can say mac address can be changed, but it's not difficult to find out > the real one as well. > > So should we use tor to check webmails? especially tor+VPN make it more > obviours on tor network, > does this make it actually wraker than just use firefox+vpn? > > if you are a qubes user, what browser do you use to check w > ebmails? > > really want know how you think, thank you just checked it, and it looks like its using the exit nodes ipv6, not yours. so if there was a bug, it seems to be fixed. just in case, you should check it against the ipv6 in sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3674428b-0bba-4d8f-9d0b-67e7c2fb9ff1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: tor with ipv6 leak, what is this threat modle?
On Saturday, February 23, 2019 at 12:25:27 AM UTC-8, pixel fairy wrote: > On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com > wrote: > > Hi All, > > > > > > Recently I noticed ipv6-test website can see tor browser’s ipv6 address > > > > though it might not be necessaiyly my own ipv6, but that does somehow put > > me on alart and to post a question at here, > > > > I do see other people asked this question at stackexchange before, but I > > don't quite get the answer for the question of mine. > > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com > > > > So I like to know if it's secure to check webmail thought tor, since if > > exit node's ipv6 can be identified, > > there is a chance to track further back to other nodes as well. > > > > you can say mac address can be changed, but it's not difficult to find out > > the real one as well. > > > > So should we use tor to check webmails? especially tor+VPN make it more > > obviours on tor network, > > does this make it actually wraker than just use firefox+vpn? > > > > if you are a qubes user, what browser do you use to check w > > ebmails? > > > > really want know how you think, thank you > > can you disable ipv6 or ipv6 forwarding in sys-whonix? > > try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all > and either echo 0 > forwarding or 1 into disable_ipv6 > > hopefully that will working until upstream fixes it. this change is not persistent across reboots. for that youd need to run that everything time you start sys-whonix or make the change in /etc/sysctl.conf and make that file persistent https://www.qubes-os.org/doc/bind-dirs/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7073c0a8-9c38-4f2b-b078-1a0fea385a43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: tor with ipv6 leak, what is this threat modle?
On Wednesday, February 20, 2019 at 2:00:06 PM UTC-8, winter...@scryptmail.com wrote: > Hi All, > > > Recently I noticed ipv6-test website can see tor browser’s ipv6 address > > though it might not be necessaiyly my own ipv6, but that does somehow put me > on alart and to post a question at here, > > I do see other people asked this question at stackexchange before, but I > don't quite get the answer for the question of mine. > https://security.stackexchange.com/questions/193843/why-ipv6-showing-on-whatismyip-com > > So I like to know if it's secure to check webmail thought tor, since if exit > node's ipv6 can be identified, > there is a chance to track further back to other nodes as well. > > you can say mac address can be changed, but it's not difficult to find out > the real one as well. > > So should we use tor to check webmails? especially tor+VPN make it more > obviours on tor network, > does this make it actually wraker than just use firefox+vpn? > > if you are a qubes user, what browser do you use to check w > ebmails? > > really want know how you think, thank you can you disable ipv6 or ipv6 forwarding in sys-whonix? try sudo sysctl or echo into the right file in /proc/sys/net/ipv6/conf/all and either echo 0 > forwarding or 1 into disable_ipv6 hopefully that will working until upstream fixes it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/724c8c40-e2ac-4059-ac1f-d0dcb2959a0b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best ideal laptop for Qubes?
On Wednesday, February 20, 2019 at 4:49:27 PM UTC-8, dexint...@gmail.com wrote: > I've been spending hours and hours looking at laptop configs from dell to > lenovo and I still have yet to make a decision. I'm hoping you guys can help > me. > > Uses: > > - Programming > - Web Dev > - Tor > - Screen real estate > - Regular web surfing and videos > - Some video and photo editing but I have a PC for that > > I'd like to keep cost as low as possible but my budget is very flexible if I > need to stretch it. I want something that will last me 3-5 years. https://system76.com/laptops/galago one of the few that you can get with 4 real cores instead of just 2 with hyper threading. at least as of a few months ago when i got a few for work. the 4 core thing is important because those speculative execution blunders mean you cant use HT anymore. using the 1080p version with a 4k display. they also have a hidpi version, but the screens only 13". may or may not fit your need for screen estate. everything works and its great up until you want to watch youtube full screen at 4k. then it starts getting choppy. blender is fluid, for at least the small scenes ive done. so, video editing shouldnt be a problem. just remember to give your editing appvm lots of ram, and all the cores. if your photo editing for print, you might need to keep that pc. you could try the plasma (kde) desktop and see if it can take an icc profile. never tried it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dce1fe83-b026-4ce9-9a81-ed555d5d1f93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
