[qubes-users] Qubes OS Installation Resolution
It appears the USB stick that was used to flash the ISO was not sufficient. Switched to a 16GB USB stick as the previous was only 8GB. The 16GB USB stick worked. After installing the QUBES OS it was pretty straightforward thereafter. The reason was because had already experienced PARROT OS. Now... The problem with QUBES OS is not the security architecture. The problem is the ease of convenience when it comes to to eh various VM instances. As a new user to QUBES OS, it seems more complicated than usual. One of the main issues was the ethernet tethering passthrough. That was so difficult to set up due to the lack of or vague instructions. QUBES OS should have a more user friendly interface or framework. While it does seem simple as it can get, The ability to maneuver in the infrastructure can be confusing. Sometimes just using VIRTUALBOX can seem much more easier because of its visual compartmentalization. Along with the extension pack to share data between, QUBES OS does not have this setting options. In QUBES OS, you have to do it each time? Anyways, hope to some QUBES OS improvement in terms of interface and ease of use? You should give PARROT OS a try to get familiar with some features that QUBES OS can truly benefit from. Had to revert to PARROT OS again to use the tethering that was difficult to setup in QUBES OS. FOOTER Communicative Correspondence per procurationem /s/ in esse S.J. Agent Express Actual Notice: ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT (PUBLIC LAW 106–229—JUNE 30, 2000) & UNIFORM ELECTRONIC TRANSACTIONS ACT (1999) & UNIFORM COMMERCIAL CODE 3-401 SIGNATURE. This message is deemed private or confidential. Unless for criticism or news-report or research or scholarship or teaching or comment or opinion, this message may also be deemed copyright. Due to existence of sophisticated data collection programs globally, assume or presume by default that all digital data associated with this account is subject to intercepts, storage, surveillance or monitoring by intelligence systems and agencies, anytime or anywhere regardless of privacy or security or encryption (EO10995). Sender(s) or agent(s) accepts no liability for any message(s) or its attachment(s). All typing errors are not intended or intentional. Keep sent attachment size less than inbox size of 1 GB. Without Prejudice. All Rights Reserved. Special Deposit. If server failure, use alternative emergency secondary secure email(s): agent1...@bitmsg.ch (1GB) or agent1...@elude.in (50MB) Test your Net Security @ https://www.grc.com/x/ne.dll?rh1dkyd2 Test your browser SSL/TLS @ https://www.ssllabs.com/ssltest/viewMyClient.html You are receiving this due to possible time zone conflicts & to reduce and save forever paper, ink, phone minutes, fax, travel fuel and national-international mail postage expenses, excluding incurred data costs. Sent with [ProtonMail](https://protonmail.com) Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ghasZ0Cq9JbxzdYndf9FN_S7WzP970i7gNbiG1cZ07yNauf_6xdIouvZWFTqx_5-CKytZmY4wRNhD_hg2qgK3qMIe0wUwfccSCCuplToF9k%3D%40protonmail.ch. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unable to get network adapter working
> You fooled me with the cogent problem description and troubleshooting > approach. (~_^) I am a professional Googler and I might have found a solution. Rmb the dmesg logs above where qubes show [ 4.742826] igb :00:06.0: Using MSI interrupts. 1 rx queue(s), 1 tx queue(s) while Ubuntu show [13.700337] igb :01:00.0: Using MSI interrupts. 2 rx queue(s), 2 tx queue(s) Apparently since 2013, the Intel note for igb drivers contains a troubleshooting section. The latest note: > Some systems have trouble supporting MSI and/or MSI-X interrupts. If your > system needs to disable this style of interrupt, the driver can be built and > installed with the command: > make CFLAGS_EXTRA=-DDISABLE_PCI_MSI install > Normally the driver will generate an interrupt every two seconds. If you're no > longer getting interrupts in cat /proc/interrupts for the ethX igb device, > then this workaround may be necessary. Couldn't figure out how to build the drivers (no network to install kernel headers) so more Googling pointed to a kernel option to disable msi. I used to command 'qvm-prefs sys-net kernelopts "pci=nomsi"' in dom0 and rebooted sys-net. Lo and behold, the interface has gotten an IP address!!! Ping is good and so far no network drop. Kinda lost track of how many changes I have made so I will do a fresh install and confirm again that disabling msi does the trick. > I'd find new > hardware if it was me. I would have did that if Qubes had some certified hardware. But I also wanted something small just for secure work and leave my larger desktop PC for more resource intensive apps and Windows stuff. This thing is literally the size of my hand. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac02804f-b0df-42c3-8514-b98428d566a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] network graph [feature request]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 27/06/2019 8.15 PM, Andrew David Wong wrote: > On 27/06/2019 6.44 PM, haaber wrote: >> Hi, by running qvm-ls a directed graph of which qubes depends on >> which other as netVM can be obtained. I thought that this would >> be nice to have the network graph visualized in the qubes widget >> (or in network-manager, which is more natural, but maybe harder >> to fiddle in the code). > >> The graph is flat, loop-free, and easy to organise: on top go >> VM's without netvm, from there we branch childs. In general, 5 >> layers will suffice. The only question is whether that would need >> extra python libraries to be brought into dom0 (like networkx, >> pyplot which probably is not wanted) ... anyways, I though I >> throw the idea in the ring. Have a good one, Bernhard > > > Something like this has already been implemented. I remember seeing > it in Qubes OS. I can't seem to find it now, though, so either: > > 1. It was in 3.2 but not carried over to 4.0, or 2. It's accessed > from Qubes Global Settings, which is currently broken. > The Qubes Global Settings fix is in testing, by the way: https://github.com/QubesOS/qubes-issues/issues/4988 > There's also this open issue: > > https://github.com/QubesOS/qubes-issues/issues/2575 > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0VauYACgkQ203TvDlQ MDB0BRAAqVHjluh7Rmet6PwIa+Ku+yYcUrckYpMdH9houYem+67/fAZvv6jok8oa rbgZICJCWcX4DEkboYCRZUhcjFxB89uOMNi7NoI6UoNZSRsWLiG+lC0oDxOjXMrM f+f7gg/J63xO2WHYZ8EJUzo3w1xkHz8bYrgtIdEqbuR1M4iTroGWavuxU59HxfC2 +W71f2xk2LuKJKBfCY8dOLM7XPffDwWaLQBeFQ+uGKMDs5Qgb+8rXDDuprCDkEje yiRawynK6+rH0jDpmmi8iPcFc0uoL7dHno0M0yZCweAG5sFaE9UzYnkKDUdJK1EK /6qAQW/5mqBFMp1+cF3nIyMi5Mhqh3t0lpYYjzeM0Lwd/Pue+8A8S+eAU2L9h9wO E477ghXDUsQpiRVarPluGiiG78hpH1/d+1W83NSYw71VSQXkhBrUnkHk3lynDRta BuGm9I8B4UJD/PZjYN4ficuoTMCyPndcqiRY2XDwzwl97SBOlFkY31q0MD8y1v8c 3PNGyPR0tHS9VcapTzY2VSNXt4oTz2L3WlJt11YGlIKJOMC9GNlN/jJXseNtYUbd ywZtrlwi5DAbL8V/eOvrfp3xznxNc73GOUoHRiMltvaIjVsBg41IFZJCOC8LdfZK mOA7BYtQRXuJf9Su3xHNnLznE58cAw06wHzcMu98pQzGjNpfU7E= =Vopo -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0056a51e-158e-7a1c-c8b5-1230cd8135f9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Marek Marczykowski-Górecki to speak at Xen Developer and Design Summit 2019
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, Marek will be speaking at this year's Xen Developer and Design Summit. [1] The summit will take place July 9-11 in Chicago, Illinois. Marek's presentation is titled, "A Journey to Mirage OS as Xen PVH." Here is the description from the Xen summit schedule [2]: > Marek will present difficulties faced during converting Mirage OS Xen > build from old PV-only Mini-OS fork, to recent Unikraft with addition > of PVH support. This talk will focus mostly on the latter part - > adding PVH support to Unikraft, its current state and future work. > There will be also a little of context how is that useful for Qubes > OS. Please see the Xen summit schedule for further session details. [2] [1] https://events.linuxfoundation.org/events/xensummit-2019/ [2] https://xensummit19.sched.com/event/PFW3/a-journey-to-mirage-os-as-xen-pvh-marek-marczykowski-gorecki-invisible-things-lab This announcement is also available on the Qubes website: https://www.qubes-os.org/news/2019/06/27/marek-marczykowski-gorecki-xen-summit-2019/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0VaqwACgkQ203TvDlQ MDAi9g/+JmhsJOSVbbe4xo34GHZT2ngsQSZb+lQl58K/Bzy5m0IgtwbQWopf3s2r 4eVp4Se1V+l6RzA2V16abETwn1PtAJ3U+YzbNVqGlHc2to8TagtW+g8+2cRXPqvZ UkZjptQToQLv5+3Je6eHYne3fnqd18tqMnsPYqhuTVN36RA0zkiKbURSiVjzrvEe HrcFhloRKzcuFzdYBXAdXGit0rcoVG0c6bv3CadXMEzPOhQHBvmxVlpPRLaFe1zI yb6rI667KBk745Y3nn/A1l5WkZWo5IQlZqHCDH8YF8y1hQBeidF7LvlsliBl9J3R bC7vGcqc//FN5SlKme+ifAFduArNnwoQx83/oFqerI7YIxnJLQw0B741Kpb8EDGn DhHre/TIEHlaIuxs/Plo6L00A3bzxYlqUKVDW+i7SD5Ef89JhcgfsN0DvaohONti QfqNF3+e9moBoz5YzdYmmiY5FYbNfBT5sb2lUjrIPhnixXrsv3NyuHrnDX3RLIY+ N9dRoxqXAS9D2f+87laRCRbk7CcFcb7zApGi7freGAoSFtetALponmn63oGUC5Ud OcGtsNkSyvJK9LtV4LKU/0qNWQ/N7/hPN3H0rFsx/J12ObsXjfwt0Z8TTB2pS+Lo 1Plg39d4ay92/vPPOarPfuvvn+iRoOLIl101NItp2H5A/alnRn8= =m9AK -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82947a40-4b2d-593c-9f96-77dac3d20731%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] network graph [feature request]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 27/06/2019 6.44 PM, haaber wrote: > Hi, by running qvm-ls a directed graph of which qubes depends on > which other as netVM can be obtained. I thought that this would be > nice to have the network graph visualized in the qubes widget (or > in network-manager, which is more natural, but maybe harder to > fiddle in the code). > > The graph is flat, loop-free, and easy to organise: on top go VM's > without netvm, from there we branch childs. In general, 5 layers > will suffice. The only question is whether that would need extra > python libraries to be brought into dom0 (like networkx, pyplot > which probably is not wanted) ... anyways, I though I throw the > idea in the ring. Have a good one, Bernhard > Something like this has already been implemented. I remember seeing it in Qubes OS. I can't seem to find it now, though, so either: 1. It was in 3.2 but not carried over to 4.0, or 2. It's accessed from Qubes Global Settings, which is currently broken. There's also this open issue: https://github.com/QubesOS/qubes-issues/issues/2575 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0VaiMACgkQ203TvDlQ MDCWHg//aGjM3pGJzrjjIMZhYkMPp/NOMrgGb8/DCp80DoIuD6VNFA7EXP4cwWX+ HfpYEx0CvlyrOdi9r2w1GT+/7s8FHhr1GOKJTwEFzKBRoGH5k+cLmbjYwzg7/nPv 6Jq4JYd8OeZepaIds7YpQ5xe/KPmtQaguhHXLCSLJYs/xOssPTbwXjedu3zqRUlj ZGgcUt6GLytR0Cjhg7Fi++outjfmSA+dExMEvkt+fnFift4Ou5yA45bwQYVdcT/S c76Ljl6FRy0OyPgF7NmXC4eQSz2PB7TvM+SGHTuyQ3Joq38tXSOXAdvwaTCChU4h 5P4sGyoudyR4r3cSrq1QneC6p5SXY1HAi8YSwRykY8sIP8nuVjVBIEM+oHUxiQTH 00qrvpA/vSYJ6Elqm6rpw+In/petxBJhBKal1gAE3MXLJfVLAl/4CWYMg7+IOswr JE/u+5q7+Jfxjeaq4G7b7LfMk65NCzADkSrxpJGEx2ZRNrABsD/FXP+CjFDvMmX2 c6dxMjqMHy+mrGLqy/2VmNltxYve90rGNFJos1ByjOUyk5UgMKAsMrJUZHo+SGrQ zzKzr3gyFEhjxqgjBrSNMVKqUvNIK3rHLfDmDBS0VTf1LEI1JQtJP0HvIYZd6ePp TuWyM9voyUhbbrNjnHpf9HgvbtV46ZcXz6lex6U1ilEvXMbUR9o= =XZ7H -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a72cfdee-873b-9a86-3c7f-a52267abae07%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] network graph [feature request]
Hi, by running qvm-ls a directed graph of which qubes depends on which other as netVM can be obtained. I thought that this would be nice to have the network graph visualized in the qubes widget (or in network-manager, which is more natural, but maybe harder to fiddle in the code). The graph is flat, loop-free, and easy to organise: on top go VM's without netvm, from there we branch childs. In general, 5 layers will suffice. The only question is whether that would need extra python libraries to be brought into dom0 (like networkx, pyplot which probably is not wanted) ... anyways, I though I throw the idea in the ring. Have a good one, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66a092df-544a-4165-53e1-fdec78c89178%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] debian-dvm [solved]
That's very strange. I dont see this behaviour. I'll take a look in the mornng. I'm afraid I cant reproduce. :-( Works for me. After recent updates on dom0 & buster, problems disappeared. Cheers, Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/205d9d7c-0477-5d4b-e49b-083a739646d3%40web.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: wasabi in qubes
ehag...@gmail.com: > Ok, first thanks for the links. > > what is a template > > Its mor fundamental than the vm right > > how is it done > Please review the Qubes documentation in https://www.qubes-os.org/doc/. It covers the basics and then some. You might want to think twice about storing coins in Wasabi on Qubes+Whonix until you have a solid understanding of everything involved. It can be easy to lose access to a wallet if you do not. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd059d6f-0676-62fe-66fe-a7be0b12d1e6%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Pass Capita with Tor
This takes som explanation. With capita I mean that box that comes up when preforming a registration or setting up a new account at a webbpage. In order to confirm thar youre not a robot and so on. I tried this with my Tor browser and just dont work out. I tried it a number of times an eventually realized that the browser is the problem. Why is that and can be don about it Thanks for youre time and suport -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b400fab9-0fb8-4aa1-8815-2efe86a4d011%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: wasabi in qubes
I did down load wasabi, extracted and selected destination folder for the files. Then I used dolphin to try and find them in order to compleat the instalation. but they wasent visibel in the selected folder. How come souldent dolphin be used like that the fil finder in the non whonix wm works fine -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/891a9491-09ea-40e9-a2bd-f6559a82ccd9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: wasabi in qubes
I just have no ider hoe stuff acturly works so im some what cautious. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/264af340-5ae7-49e7-ad62-3c69a45552c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: wasabi in qubes
why would wasabi some how compromise alla whonix gatways The are all seperated right like individual computers if a program can do that then whole qubes consept would be useles sorry dident realy get the qustions I was asked. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca1d0fd0-2519-49e6-afad-4aea01438b57%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: wasabi in qubes
Ok, first thanks for the links. what is a template Its mor fundamental than the vm right how is it done -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad2e37d4-365f-4c22-8f49-afdb7294cd9d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes - Critique (long)
Thanks for your input Brendan, David, Chris. Having switched to KDE, the laptop is now completely stable, and in my opinion far more usable than XFCE. I'm also running Trisquel on a Thinkpad X200 flashed with Libreboot, which feels more secure although requires more care over choosing what to install. I would be keen to see a laptop that supports Libreboot and is powerful enough to run Qubes. What are your thoughts on LXD? Lightweight enough to run on an X200/T400, although of course not offering the same compartmentalization as XEN, sharing the same kernel etc [and yes something can 'feel' more secure, insight deeper into the stack results in more trust] Marc Griffiths marc.d.griffi...@gmail.com On Mon, 20 May 2019 at 20:58, wrote: > On Friday, May 10, 2019 at 2:09:09 PM UTC-4, Chris Laprise wrote: > > On 5/10/19 12:16 PM, Marc Griffiths wrote: > > > Next step for me is ordering a T400, which doesn't have Intel > Management > > > Engine, supports Libreboot, and has proven itself as an uncrashable > > > workhorse. I used to run Windows and SUSE on this laptop back in > > > 2008-2011, it never crashed, despite running a complex J2EE dev > > > environment. I will miss having 16GB RAM, but the i7 I can happily > part > > > with. > > > > I doubt that Qubes will install or run on a T400. Qubes was initially > > developed on Sandy Bridge-era hardware, and the requisite virtualization > > features in chipsets was still maturing up to that point. > > > > I feel obliged to mention that if you want to avoid management engines > > and a raft of other processor vulns, you should look to the AMD 15h > > generation of chips (circa 2013). In the form of a Lenovo G505s A10, > > installing Qubes first requires re-flashing the firmware with > > Coreboot... an exercise that I'm about to try. :) > > As much as is really quantifiable...what percent of the real-world risk of > the Intel ME to end-user is related to the fact that the > manufacturer-whitelisted networking chipsets are directly usable by the > firmware, primarily in support of the AMT feature set (and anything > remotely hijacking via AMT, potentially without local compromise)? > > Which is to say: isn't one important mitigation of remote pwnage the > disabling and/or removing (as appropriate) of the manufacturer-supplied > network connections? Without a custom firmware, one can always use a > USB-based wifi/ethernet connection..and with custom firmware (when > possible) you can bypass the hardware whitelist and supply your own > third-party wifi/bt card that the local AMT portion of the firmware has not > been designed to talk to. > > Brendan > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/d84a4fe5-1dcf-4c77-b86a-663672532fcd%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPsYiwpVzO%3DN1Siver%2BYrKhsULLTTbVZmw59vm9utBxO%2BcLp-A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] debian-dvm
On Tue, Jun 25, 2019 at 05:10:16PM +0100, unman wrote:
> On Tue, Jun 25, 2019 at 12:34:50PM +1000, haaber wrote:
> > > On Mon, Jun 24, 2019 at 09:51:27AM +1000, haaber wrote:
> > > > Hello, I have a funny (and slightly annoying) behaviour when running a
> > > > debian-dvm (based on buster): trying to start it via
> > > > debian-dvm->terminal will make the dvm start and immediately shutdown.
> > > > If I ask for other apps, like "files", "thunderbird" or whatsoever, I
> > > > does start normally. Does someone how this / Have a cure? cheers,
> > > > Bernhard
> > > >
> > >
> > > This is known issue: the desktop file in buster references debian-xterm.
> > > The cure is to change the exec line in the menu from "xterm" to
> > > "debian-xterm".
> > > A fix is in the pipeline.
> > >
> >
> > Hi unman, now, after recent buster updates, debian-dvm will just fail
> > all the time, even when first starting debian-dvm with "files" and then
> > in dom0: qvm-run dispxxx xterm : it will crash the disp-system ("failed
> > withcode:1 "), while "qvm-run dispxxx debian-xterm" yields "command
> > failed code 127". Finally "qvm-run nome-terminal" gives a silent death,
> > and the qubes-widget kills it as well. Finally, regular debian-VM's
> > don't show this behaviour ... Bernhard
> >
>
> That's very strange.
> I dont see this behaviour.
> I'll take a look in the mornng.
>
I'm afraid I cant reproduce. :-(
Works for me.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20190627114903.iu7h5jxpol56wn4b%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] TemplateVM updates almost instantly fail when target is VPN qube but dom0 updates run just fine
On Wed, Jun 26, 2019 at 10:12:40PM -0700, Sphere wrote: > @unman: thanks for that > I also noticed that qubes-updates-proxy.service fails by default on startup > and I'm unsure if that is a minimal template-only problem but I was able to > fix it thanks to it indicating that the problem is a missing folder: > /var/run/qubes-service/qubes-updates-proxy > > Pretty much the same problem that I get with clocksync service thankfully so > I was able to confirm that this service was running as intended > > systemctl status qubes-updates-proxy: > qubes-updates-proxy.service - Qubes updates proxy (tinyproxy) >Loaded: loaded (/usr/lib/systemd/system/qubes-updates-proxy.service; > enabled; > vendor preset: enabled) >Active: active (running) since Thu 2019-06-27 12:06:14 +08; 2s ago > Process: 1603 ExecStartPre=/usr/lib/qubes/iptables-updates-proxy start > (code=e > xited, status=0/SUCCESS) > Main PID: 1608 (tinyproxy) > Tasks: 3 (limit: 414) >Memory: 4.1M >CGroup: /system.slice/qubes-updates-proxy.service >??1608 /usr/bin/tinyproxy -d -c > /etc/tinyproxy/tinyproxy-updates.conf >??1609 /usr/bin/tinyproxy -d -c > /etc/tinyproxy/tinyproxy-updates.conf >??1610 /usr/bin/tinyproxy -d -c > /etc/tinyproxy/tinyproxy-updates.conf > > Jun 27 12:06:14 redacted systemd[1]: Starting Qubes updates proxy > (tinyproxy)... > Jun 27 12:06:14 redacted systemd[1]: Started Qubes updates proxy (tinyproxy). > Jun 27 12:06:14 redacted tinyproxy-wrapper[1608]: Found tinyproxy at > /usr/bin/tinyproxy > > Despite this however, the problem still persists and still behaves the same > even after trying dnf update for 5 times > > I think is right about the fact that there is a bug about this > > @Chris I think you may be right about the fact that this is a bug and I guess > it's time to escalate it into an issue in github. I'm willing to lend a > helping hand in making the issue as needed. > > My setup is all fully dependent on variations of fedora-30-minimal template > that I have tailored depending on use-case of the AppVM that would be using > it. > Like Chris, I use a separate qube for updates. Unlike you and Chris I don't see the behaviour you report. Let's try to dig in before raising a bug report. I've tested this with 30-minimal template 201905071541 and 201906241949, from stable and testing. I've tested against dom0 stable and dom0 testing: both fully updated. Test boxes are an old x230 and a custom rig with X-series CPU and 32G RAM. In all cases, the proxy is started as appropriate, and the update process (from fedora 29 and 30-minimal) waits until proxy is up and then proceeds. What hardware are you, Sphere and Chris, running? Sphere - if you create a dedicated update qube using the 30-minimal with qubes-core-agent-networking installed, enable the qubes-updates-proxy service, route it through sys-firewall, and edit the policy file appropriately, do you see the same behaviour? (Almost instant fail) What if you start the new update proxy before attempting a 'dnf update'? unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190627114448.mlnylqqpnf727ni4%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Quick question please, need help!
The general idea is correct If dom0 gets pwned then everything else can be pwned and stolen, including your data pwning dom0 properly and successfully however, is not trivial because dom0 has no direct access to network hardware to communicate in the first place and malicious actors would need malware to communicate directly to the C2 server for commands. What's great about qubes is the fact that with proper hardening, it becomes very resilient thanks to the fact that it follows a 0-trust model. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ce9472f-8c36-44c8-b513-424c591f2b63%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Unable to get network adapter working
Jon deps: On 6/27/19 1:10 AM, Chris wrote: I tried the Debian template but it still doesn't work. Same symptoms https://www.qubes-os.org/doc/pci-devices/#pci-passthrough-issues attach options. I need some help here. Couldn't find the configuration file mentioned (/var/lib/qubes/servicevms/ is empty) to insert pci_permissive=1. I am not very good with Linux. You fooled me with the cogent problem description and troubleshooting approach. There's no config. file. Look below "Additional Attach Options" in the link I sent. Use qvm-pci options when you re-attach your NIC to sys-net. However: I'd find new hardware if it was me. With the additional info you provided in your other reply of the NIC repeatedly resetting even without sys-net running, I second this. Single port NICs are cheap. If you still want to troubleshoot further, check journalctl and xl dmesg in a dom0 terminal to hopefully see why it's resetting. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86cc5112-1307-e930-73a1-f666ff5fc42a%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: no DNS resolving being passed to sys-firewall or other appVMs after updates?
On Wednesday, June 26, 2019 at 4:34:11 PM UTC, cubit wrote: > I am not sure if this is related to recent updates but after updating today > and doing a reboot, my sys-firewall and other appVMs are not getting DNS > resolving working. > > > > - sys-net (fedora30) starts up with out an issue, can resolve and connect to > the internet > > - sys-firewall starts up and gets an IP address, it can ping sys-net and > hosts on the internet by IP but can not by name. > > - appVMs are the same as sys-firewall > > > > on sys-firewall and appVMs I have two entries in /etc/resolv.conf 10.139.1.1 > and .2 I am not sure what these IPs are as they do not show up in qubes > manager and I can not ping them. > > > > IPs all start at 10.139.0.5 which is sys-net > > > > The only way I can get to the internet is to use Tor or VPN which don't rely > on the system DNS. > > > > Is anyone else experiencing this, does anyone know what 1.1 and 1.2 hosts > are or how I can get DNS up and running again? > > > > cubit Well I don't have much of a solution to solving your DNS problem other than checking if your DNS queries are resolving in your sys-net vm through the use of nslookup command. An alternative would be using DNSCrypt https://github.com/jedisct1/dnscrypt-proxy/releases Using this properly needs to have you change the contents of your /etc/resolv.conf to the following: nameserver 127.0.0.1 options edns0 single-request-reopen -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dda05552-344a-4baa-a2f0-8da76693f6bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
