Re: [qubes-users] The VPN avalibel in Qubes
Hello Chris, Chris Laprise schrieb am Di., 13. Aug. 2019, 23:10: > (...) > The easiest & most comprehensive/secure VPN config for Qubes is here: > > https://github.com/tasket/Qubes-vpn-support > > You can also try your luck with the VPN instructions on the Qubes > website, but its more manual work (even if you use Network Manager) for > less results. > I just tried your script and installation was straightforward. Very nice work, thanks for sharing. Should be included in Qubes by default or at least be highlighted in bold in the Qubes docs: https://www.qubes-os.org/doc/vpn/ I'll also take a look into your other scripts ;-) [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vcgi5OXtr_WY9t1N%2BbMgoDfB0njkX-sfv4ARhHbn6zdw%40mail.gmail.com.
Re: [qubes-users] using static dispVM for sys-net
On 8/10/19 5:12 AM, 799 wrote: Hello, Jon deps mailto:yreb...@riseup.net>> schrieb am Mi., 3. Juli 2019, 22:30: am curious if anyone actually does this , and how or would it make any sense instead to use a static sys-firewall , if I just have the default sys-firewall (which might be easier because there would not be a need for the PCI setup ?each time) What would be the better choice regarding attack surface: disposable netvm+firewallvm vs. mirage-firewall? If I understand it right the mirage firewall has no/less option to be compromised. I am using the mirage fw and are only using a fedora-30-minimal based sys-firewall to get dom0-updates, which can't be done via the mirage firewall. But I'll also change this firewall to a static disposable FW. Question: Afaik the problem when using a static disposable sys-net VM is, that I need to enter my Wifi Credentials each time, as the VM will be unable to remember them. Is there any way tweaking this behaviour? To get a similar result, adding Qubes-VM-hardening to your template would sanitize sys-net on each boot while retaining your wifi connection passwords. After installing, all you have to do is enable 'vm-boot-protect-root' Qubes service for the sys-net VM. By default, the contents of /home are retained, but you can change that by also enabling 'vm-boot-tag-qhome' which sets up a quarantine on /home. (You can also use it to do minor per-vm customizations at startup, which allows more re-use of a template instead of having to make clones.) The result isn't quite as secure as using a DispVM, because the Ext4 filesystem itself could (theoretically) be exploited. But I think it raises the bar quite a bit. https://github.com/tasket/Qubes-VM-hardening -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5fc9440a-5d09-c043-26a5-6290befe7729%40posteo.net.
[qubes-users] Re: using static dispVM for sys-net
On 8/9/19 11:12 PM, 799 wrote: > Hello, > > Jon deps schrieb am Mi., 3. > Juli 2019, 22:30: > >> am curious if anyone actually does this , and how or would it make any >> sense instead to use a static sys-firewall , if I >> just have the default sys-firewall (which might be easier because >> there would not be a need for the PCI setup ?each time) > > > What would be the better choice regarding attack surface: > disposable netvm+firewallvm vs. mirage-firewall? > If I understand it right the mirage firewall has no/less option to be > compromised. > I am using the mirage fw and are only using a fedora-30-minimal based > sys-firewall to get dom0-updates, which can't be done via the mirage > firewall. > > But I'll also change this firewall to a static disposable FW. > > Question: > Afaik the problem when using a static disposable sys-net VM is, that I need > to enter my Wifi Credentials each time, as the VM will be unable to > remember them. > Is there any way tweaking this behaviour? > > 799 > 799, do you have mirageOS upstream of sys-net2 (disposable) working. I built and have mirage as sys-firewall, but I built it before I created sys-net2 (disposable) and the mirage firewall works upstream of sys-net but not sys-net2 I'm thinking during the build process it must be looking for sys-net and not a sys-net2 , esp if it's not there ? I could rebuild not that I have a sys-net2 , but not too confident about that best regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92d1f0ca-24bb-88a7-976b-a71309b361b9%40riseup.net.
[qubes-users] Re: How do I make sure that kernel-headers can be found at /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or /lib/modules/4.19.56-1.pvops.qubes.x86_64/source
Answer is much more simple than I thought -- you install the kernel-devel packages for the version of the kernel that you are using. Looks like that's in qubes-dom0-current-testing. Seeing some strange here that looks like the update VM downloading the package but then not passing the package back to dom0. Any idea of what's going on here? sudo qubes-dom0-update kernel-devel-4.19.56-1.pvops.qubes.x86_64 Using sys-firewall as UpdateVM to download updates for Dom0; this may take some time... Fedora 25 - x86_64 - Updates3.3 MB/s | 24 MB 00:07 Fedora 25 - x86_64 3.8 MB/s | 50 MB 00:13 Qubes Dom0 Repository (updates) 3.4 MB/s | 12 MB 00:03 Qubes Dom0 Repository (updates-testing) 11 MB/s | 23 MB 00:02 determining the fastest mirror (15 hosts).. done.-- B/s | 0 B --:-- ETA Qubes Templates repository 2.3 kB/s | 12 kB 00:05 Dependencies resolved. Package Arch VersionRepository Size Installing: kernel-devel x86_64 1000:4.19.56-1.pvops.qubes qubes-dom0-current-testing 13 M Transaction Summary Install 1 Package Total download size: 13 M Installed size: 52 M DNF will only download packages for the transaction. Downloading Packages: kernel-devel-4.19.56-1.pvops.qubes.x86_64.rpm 3.1 MB/s | 13 MB 00:04 Total 2.4 MB/s | 13 MB 00:05 Complete! The downloaded packages were saved in cache until the next successful transaction. You can remove cached packages by executing 'dnf clean packages'. Qubes OS Repository for Dom0 131 MB/s | 138 kB 00:00 No package kernel-devel-4.19.56-1.pvops.qubes.x86_64 available. Error: Unable to find a match. Sent with [ProtonMail](https://protonmail.com) Secure Email. ‐‐‐ Original Message ‐‐‐ On Friday, August 16, 2019 2:13 PM, jmxy wrote: > Hi, > I'm trying to get Displaylink drivers working on my P52s ThinkPad so I can > use a USB-C docking station (needs Displaylink to use monitors through USB-C > dock). I've had a few hiccups which I've detailed > [here](https://www.reddit.com/r/Qubes/comments/crapm4/how_to_install_displaylink_drivers_on_qubes/) > trying to get this package working: > https://github.com/displaylink-rpm/displaylink-rpm/releases. > > It looks like the rpm uses a post install script to start the Displaylink > service. > > ``` > $ rpm -qip --scripts displaylink.rpm > postinstall scriptlet (using /bin/sh): > # The displaylink service may crash as dkms rebuilds the module > /usr/bin/systemctl -q is-active displaylink.service && /usr/bin/systemctl > stop displaylink.service > /usr/bin/systemctl daemon-reload > /usr/bin/systemctl -q is-enabled dkms.service || /usr/bin/systemctl enable > dkms.service > /sbin/dkms install evdi/1.6.2 >> /var/log/displaylink/displaylink.log 2>&1 > /usr/bin/systemctl start displaylink.service > ``` > For me it fails because it can't find my kernel headers: > > ``` > $ less /var/log/displaylink/displaylink.log > Creating symlink /var/lib/dkms/evdi/1.6.2/source -> > /usr/src/evdi-1.6.2 > > DKMS: add completed. > Error! echo > Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at > /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or > /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. > Warning: I do not know how to handle 4.19.56-1.pvops.qubes.x86_64. > Error! echo > Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at > /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or > /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. > > -- > Deleting module version: 1.6.2 > completely from the DKMS tree. > -- > Done. > > Creating symlink /var/lib/dkms/evdi/1.6.2/source -> > /usr/src/evdi-1.6.2 > > DKMS: add completed. > Error! echo > Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at > /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or > /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. > Warning: I do not know how to handle 4.19.56-1.pvops.qubes.x86_64. > Error! echo > Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at > /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or > /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. > ``` > Any thoughts on how I can ensure that this package can find the right > kernel-headers? > > Cheers! > jm > > Sent with [ProtonMail](https://protonmail.com) Secure
[qubes-users] How do I make sure that kernel-headers can be found at /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or /lib/modules/4.19.56-1.pvops.qubes.x86_64/source
Hi, I'm trying to get Displaylink drivers working on my P52s ThinkPad so I can use a USB-C docking station (needs Displaylink to use monitors through USB-C dock). I've had a few hiccups which I've detailed [here](https://www.reddit.com/r/Qubes/comments/crapm4/how_to_install_displaylink_drivers_on_qubes/) trying to get this package working: https://github.com/displaylink-rpm/displaylink-rpm/releases. It looks like the rpm uses a post install script to start the Displaylink service. ``` $ rpm -qip --scripts displaylink.rpm postinstall scriptlet (using /bin/sh): # The displaylink service may crash as dkms rebuilds the module /usr/bin/systemctl -q is-active displaylink.service && /usr/bin/systemctl stop displaylink.service /usr/bin/systemctl daemon-reload /usr/bin/systemctl -q is-enabled dkms.service || /usr/bin/systemctl enable dkms.service /sbin/dkms install evdi/1.6.2 >> /var/log/displaylink/displaylink.log 2>&1 /usr/bin/systemctl start displaylink.service ``` For me it fails because it can't find my kernel headers: ``` $ less /var/log/displaylink/displaylink.log Creating symlink /var/lib/dkms/evdi/1.6.2/source -> /usr/src/evdi-1.6.2 DKMS: add completed. Error! echo Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. Warning: I do not know how to handle 4.19.56-1.pvops.qubes.x86_64. Error! echo Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. -- Deleting module version: 1.6.2 completely from the DKMS tree. -- Done. Creating symlink /var/lib/dkms/evdi/1.6.2/source -> /usr/src/evdi-1.6.2 DKMS: add completed. Error! echo Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. Warning: I do not know how to handle 4.19.56-1.pvops.qubes.x86_64. Error! echo Your kernel headers for kernel 4.19.56-1.pvops.qubes.x86_64 cannot be found at /lib/modules/4.19.56-1.pvops.qubes.x86_64/build or /lib/modules/4.19.56-1.pvops.qubes.x86_64/source. ``` Any thoughts on how I can ensure that this package can find the right kernel-headers? Cheers! jm Sent with [ProtonMail](https://protonmail.com) Secure Email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/phimvYJ7bnWzKrNJ3gXFh14R5OtMIY9sU6btxmDeRlAoMx7jHyI0bPUvgFMcF6csbtRiGwr4sIp2tqsxSJDk7EPfGtAfkV-YbEcuVeWrnAc%3D%40protonmail.com.
Re: [qubes-users] Problem with NextCloud-Client App-VM (unable to login on 2nd boot)
*long day, missed the part where I blasted my old keyrings if step 3 fails: sudo rm -rf /home/user/.local/share/keyrings I had no saved passwords/keys but it was still an issue somehow, so this forced the new first-time keyring password prompt on AppVM reboot that I left blank. So apparently libgnome-keyring is a dependency. No idea what the Nextcloud forum are referenced with libgnome-keyring0. On Friday, August 16, 2019 at 4:58:08 PM UTC-4, sourcexorapprentice wrote: > > libgnome-keyring, not just gnome-keyring. > > Various forums suggest an issue (is there though?) in Fedora where PAM and > the gnome keyring do not play nice together and an additional theory that > the Fedora keyring is just not making Nextcloud entries due to some bug. > > My current solution: > 1. Boot your template Fedora VM and then install the gnome keyring: > dnf install -y libgnome-keyring > sudo shutdown -h now > 2. Restart your qubes AppVM and login to your Nextcloud client with your > password, restart > 3. Nextcloud starts and is good to go without password > > If 3 fails (did for me), then you may want to blast your keyrings > (warning: you're deleting your keyrings, so other saved password...), so in > the AppVM just run "sudo dnf -y remove gnome-keyring && sudo dnf -y install > gnome-keyring" reboot and enter a null password on boot, then repeat step 2. > > I'm still anxious about this because my keyring uses as...NULL password! > My understanding is that this is an acceptable risk and has the same logic > as the null root password. Someone who is local on the AppVM is going to be > able to escalate to root anyway, and therefore will own the keyring so > you're pwned anyway so just make the keyring null so it's less annoying. Is > this horribly wrong? > > Example of suggested solutions: > https://github.com/nextcloud/desktop/issues/427 > > On Friday, August 16, 2019 at 4:19:22 PM UTC-4, 799 wrote: >> >> Hello, >> >> On Fri, 16 Aug 2019 at 11:22, Stefan Leibfarth >> wrote: >> >>> [...] >>> I'd guess it's not directly Qubes related, maybe this problem: >>> >>> https://help.nextcloud.com/t/nextcloud-client-asks-for-password-every-time-it-starts/28591/3 >>> >> >> I tried nearly everything from this forum post, I also tried to use other >> templates fedora-29, fedora-30, still the same problem. >> I also tried to install gnome-keyring but it doesn't make a difference. >> >> Anyelse has a Nextcloud CLIENT (not server) running in Qubes and give me >> a hint, why I need to re-enter my credentials after boot and even after the >> nextcloud client is not pocking up the sync again. >> >> [799] >> >> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80c109d6-3894-4a69-85b3-265e517db57e%40googlegroups.com.
Re: [qubes-users] Problem with NextCloud-Client App-VM (unable to login on 2nd boot)
libgnome-keyring, not just gnome-keyring. Various forums suggest an issue (is there though?) in Fedora where PAM and the gnome keyring do not play nice together and an additional theory that the Fedora keyring is just not making Nextcloud entries due to some bug. My current solution: 1. Boot your template Fedora VM and then install the gnome keyring: dnf install -y libgnome-keyring sudo shutdown -h now 2. Restart your qubes AppVM and login to your Nextcloud client with your password, restart 3. Nextcloud starts and is good to go without password If 3 fails (did for me), then you may want to blast your keyrings (warning: you're deleting your keyrings, so other saved password...), so in the AppVM just run "sudo dnf -y remove gnome-keyring && sudo dnf -y install gnome-keyring" reboot and enter a null password on boot, then repeat step 2. I'm still anxious about this because my keyring uses as...NULL password! My understanding is that this is an acceptable risk and has the same logic as the null root password. Someone who is local on the AppVM is going to be able to escalate to root anyway, and therefore will own the keyring so you're pwned anyway so just make the keyring null so it's less annoying. Is this horribly wrong? Example of suggested solutions: https://github.com/nextcloud/desktop/issues/427 On Friday, August 16, 2019 at 4:19:22 PM UTC-4, 799 wrote: > > Hello, > > On Fri, 16 Aug 2019 at 11:22, Stefan Leibfarth > wrote: > >> [...] >> I'd guess it's not directly Qubes related, maybe this problem: >> >> https://help.nextcloud.com/t/nextcloud-client-asks-for-password-every-time-it-starts/28591/3 >> > > I tried nearly everything from this forum post, I also tried to use other > templates fedora-29, fedora-30, still the same problem. > I also tried to install gnome-keyring but it doesn't make a difference. > > Anyelse has a Nextcloud CLIENT (not server) running in Qubes and give me a > hint, why I need to re-enter my credentials after boot and even after the > nextcloud client is not pocking up the sync again. > > [799] > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0655f4f-e862-495d-8339-890294d6ccf2%40googlegroups.com.
[qubes-users] Re: best and less expensive Lenovo think pad
I lose track of the difference between Ideapads and Thinkpads but I have installed Qubes successfully on 4GB RAM Lenovos that cost less than $300 new, without issue. Nice to upgrade memory to 8 GB though. On Monday, August 12, 2019 at 12:26:15 AM UTC-7, 27casa...@gmail.com wrote: > > What is the best and less expensive Lenovo think pad for new Qube? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8db243b6-bcd3-401d-8706-e47e430b2b45%40googlegroups.com.
Re: [qubes-users] best and less expensive Lenovo think pad
Is it really so bad just to use the standard EFI with fastboot and secure boot disabled? I use that with a password but maybe coreboot is important too. No one has physical access afaik unless the landlord is letting Russian spies into my apartment. On Monday, August 12, 2019 at 3:51:35 AM UTC-7, awokd wrote: > > 27casa...@gmail.com : > > What is the best and less expensive Lenovo think pad for new Qube? > > > G505s if you're prepared to Coreboot it yourself. PrivacyBeast if not. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fdb6ab29-7daf-49a3-850f-74668ed16b2e%40googlegroups.com.
Re: [qubes-users] Problem with NextCloud-Client App-VM (unable to login on 2nd boot)
Hello, On Fri, 16 Aug 2019 at 11:22, Stefan Leibfarth wrote: > [...] > I'd guess it's not directly Qubes related, maybe this problem: > > https://help.nextcloud.com/t/nextcloud-client-asks-for-password-every-time-it-starts/28591/3 > I tried nearly everything from this forum post, I also tried to use other templates fedora-29, fedora-30, still the same problem. I also tried to install gnome-keyring but it doesn't make a difference. Anyelse has a Nextcloud CLIENT (not server) running in Qubes and give me a hint, why I need to re-enter my credentials after boot and even after the nextcloud client is not pocking up the sync again. [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tTGtifnYKCRbq0sFa2EhmWEk%2BQb2h6mPxJ-fdAhWJwHQ%40mail.gmail.com.
[qubes-users] What is the SHA-256 checksum of the Qubes-R4.0.1-x86_64 ISO?
I've downloaded the iso and gotten the sha-256 of the file from the MD5/SHA utility. I just need to figure out how to verify that number with the actual checksum. I cannot for the life of me figure out the GPG, PGP, PCP or whatever else it is. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f33fc641-8658-484c-a35b-fd91892d1817%40googlegroups.com.
[qubes-users] What is the SHA-256 checksum of the Qubes-R4.0.1-x86_64.iso?
I've downloaded the iso and gotten the sea-256 of the file from a utility. I just need to figure out how to verify that number with the actual checksum. I cannot for the life of me figure out the GPG, PGP, PCP or whatever else it is. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b1cd55d-3382-474d-8b1e-ca07ccc6d8bf%40googlegroups.com.
Re: [qubes-users] Which qube is most secure for internet use?
No, I will only be using the computer on public networks, not a private one so router, phone, etc is not an issue. I'm talking about if someone were to become a target because, let's say, he was in China speaking out against the gov't - the gov't could identify what network and computer that traffic was coming from, hack into his computer and they're off to the races. Obviously China, N. Korea, etc can probably get into any computer, server, etc. they want (N. Koreans hacked into Universal studios or whatever studio that was), and they certainly won't be after me, but I'm talking from a security standpoint. On Friday, August 16, 2019 at 12:54:45 PM UTC-4, 799 wrote: > > > > O K > schrieb am Fr., 16. Aug. 2019, 18:17: > >> Well I'm not as concerned about people monitoring/intercepting the >> content of my communications, just about identifying information about the >> hardware of my computer being accessible. >> > > Why? If someone can't identify you, why should he make the effort to find > a way into your Qubes machine to get the hardware info? If it is an attack > which you're not the specific target, there are easier options, like > hacking your router or maybe one of your "smart" home devices. > > I know it's not easy to acquire info about someone's computer from the >> internet, and if the computer's running Qubes I would imagine it's harder, >> but I think it can be done (definitely Mac address but possibly more info). >> > > Yes. Using Qubes will increase your security to a reasonable secure level > (if you use it correctly). > > [799] > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/581b826b-edd4-499a-a0fe-de8979388384%40googlegroups.com.
Re: [qubes-users] Which qube is most secure for internet use?
O K schrieb am Fr., 16. Aug. 2019, 18:17: > Well I'm not as concerned about people monitoring/intercepting the content > of my communications, just about identifying information about the hardware > of my computer being accessible. > Why? If someone can't identify you, why should he make the effort to find a way into your Qubes machine to get the hardware info? If it is an attack which you're not the specific target, there are easier options, like hacking your router or maybe one of your "smart" home devices. I know it's not easy to acquire info about someone's computer from the > internet, and if the computer's running Qubes I would imagine it's harder, > but I think it can be done (definitely Mac address but possibly more info). > Yes. Using Qubes will increase your security to a reasonable secure level (if you use it correctly). [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2tjrAjUO3YZ6Caj1Fid2LRZykD%2BOs%2BB64D4Z418vhuXHA%40mail.gmail.com.
Re: [qubes-users] Which qube is most secure for internet use?
Well I'm not as concerned about people monitoring/intercepting the content of my communications, just about identifying information about the hardware of my computer being accessible. I know it's not easy to acquire info about someone's computer from the internet, and if the computer's running Qubes I would imagine it's harder, but I think it can be done (definitely Mac address but possibly more info). On Friday, August 16, 2019 at 11:57:19 AM UTC-4, 799 wrote: > > > On Fri, 16 Aug 2019 at 16:52, O K > wrote: > > Which qube is most secure when it comes to keeping any identifying info > about my computer > > invisible from anyone on the internet (or if not completely, which qube > does this the best)? Thanks. > > I would say that the safest way to assume, that there is no invisibility. > But using a Whonix DVM -> whonix-dvm-ws-14-dvm will likely be a good > option. > You might want to learn about this here: > https://www.whonix.org/wiki/Qubes/DisposableVM > > Addtionally you might want to ask yourself: What are the threads your > protecting against? > And then try to figure out what is the weakest part in your setup. > > [799] > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f22e5e9f-5b21-4d6a-88d8-d14d128a89dc%40googlegroups.com.
Re: [qubes-users] best and less expensive Lenovo think pad
On Fri, 16 Aug 2019 at 15:42, wrote: > Can coreboot be installed on T580, have you ever heard of such? > The following coreboot page will answer your question: https://coreboot.org/status/board-status.html additionally you might want to look into the FAQ: https://www.coreboot.org/FAQ#Will_coreboot_work_on_my_machine.3F [799] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sQQhwq-%2BqOtgEUbyM_9-FHeNe0h9KxBoKq6v%2B0mrdfOg%40mail.gmail.com.
Re: [qubes-users] best and less expensive Lenovo think pad
It workt! Again thanks for sharing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2d36e4c-0eda-4271-9911-09fcf6c0b8df%40googlegroups.com.
[qubes-users] Which qube is most secure for internet use?
Which qube is most secure when it comes to keeping any identifying info about my computer invisible from anyone on the internet (or if not completely, which qube does this the best)? Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b573e46d-b88a-4802-b847-612b9dfddcf6%40googlegroups.com.
[qubes-users] How do I create a Qubes USB Installer within Qubes OS (if it's possible)?
Mint lets you do it, but not sure about Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a1d5f227-9292-4da3-9741-11fa1e7775df%40googlegroups.com.
Re: [qubes-users] best and less expensive Lenovo think pad
Can coreboot be installed on T580, have you ever heard of such? On Monday, August 12, 2019 at 11:33:46 PM UTC+7, 799 wrote: > > Hello, > > <27casa...@gmail.com > schrieb am Mo., 12. Aug. 2019, 09:26: > >> What is the best and less expensive Lenovo think pad for new Qube? >> > > As always ... It depends. The G505s is not a bad choice but it is not from > the Thinkpad line but a consumer laptop. > I would say the Lenovo X230 or T430 as you can install Coreboot on them, > you get USB3 and LTE. And you can add some cool things like illuminates > keyboards, an additional battery pack (Slice battery) which gives you lots > of battery runtime. > Additionally you can get a docking station (not sure if this is available > for a G505s) which gives you additional Display options. > > I would go with the x230, 16GB RAM and a new SSD, then add Coreboot (I > have a specific howto covering this). > > But as they are all so cheap: buy them all and test them, then sell the > ones you don't like to keep ;-) > > 799 > >> -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0fd1ddc-b280-4c0e-9ade-a1e626ca1478%40googlegroups.com.
[qubes-users] Behaviour of qvm-open-in-(d)vm
Hi, today I worked with the command line tool 'qvm-open-in-vm' and realised that its behaviour is quite similar to qvm-open/qvm-copy. The way I understand it is: There used to be qvm-copy-to-vm/qvm-move-to-vm which would take the name of the destination vm as first parameter and a file path as the second parameter. At some point (I believe it was with the release of Qubes 4.0) these tools have been deprecated in favour of qvm-move/qvm-copy, which now take only one parameter and interactively ask the user for the destination VM. qvm-open-in-vm still works like the older tools, that is, it takes two parameters (VM name + file name or URL to be opened), but then still shows the GUI prompt where the user needs to pick the destination VM. I am not overly familiar with Qubes inter-VM communication but from my point of view, qvm-open-in-vm should be deprecated as well and replaced by a similarly working qvm-open tool. What do you think? Please let me know if this mail should rather be addressed to qubes-devel. Regards, Phil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6df43db9-8c7d-7458-1f1b-41c2d885b597%40digitrace.de. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] best and less expensive Lenovo think pad
On Thu, Aug 15, 2019 at 01:18:51PM -0700, 27casanov...@gmail.com wrote: > Hi 799, when I tride to instal I run in to mesage saying that Qubes wouldent > funktion becous hardware whas mising. > > The I proceeded withe installation. And later during setup I got this > message: > > sys firewall failed > > And then: > > Start faild... Could not find capabilites for arch=x86_64 > > The later is refering to missing hardware i gues. That means you havent got VT-x enabled. Check in your BIOS that you have enabled VT-x and VT-D, virtulization, some entry like that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190816112629.GA19321%40thirdeyesecurity.org.
Re: [qubes-users] Problem with NextCloud-Client App-VM (unable to login on 2nd boot)
Hello, Am 15.08.2019 um 00:03 schrieb one7two99: > I want to use a dedicated AppVM to sync data to a private NextCloud-Server. [...] > Can someone explain why I the login/sync fails after rebooting the AppVM? > > This are the steps to build a NextCloud-Client-Template and an AppVM > based on this template. > > All steps have to be run from dom0: > > > start > > Template=fedora-30-minimal > TemplateName=t-fedora-30-storage [...] > can be done in another AppVM) > # Hint: Add an App-Password/Token > > - end Seems fine to me. I'd guess it's not directly Qubes related, maybe this problem: https://help.nextcloud.com/t/nextcloud-client-asks-for-password-every-time-it-starts/28591/3 Try to start the client from the command line and see if there are any errors. If that doesn't help try to install the client in an AppVM based on the default Fedora-Template. If that's running fine you might miss some required packages (see link above). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/398a76cc-699c-f8f8-9e71-7c8134080a4e%40leibfarth.org.
[qubes-users] error: when upating dom0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I am getting following error when sudo qube-dom0-update: error: could not delete old database at /var/lib/qubes/dom0-updates/home/user/.rpmdbold.3822 The update than finishes without any issue. But the error is persistent throughout every update. I am seing this error for sometime, but it gets annoying a bit now. Is there any workaround to get rid of it? Thank you! -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEExlmPb5HoPUTt+CQT44JZDAWK6UwFAl1WXQ9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEM2 NTk4RjZGOTFFODNENDRFREY4MjQxM0UzODI1OTBDMDU4QUU5NEMACgkQ44JZDAWK 6UynHhAAwfU+apZBR9r1wNwzV299m6LvbtKwo12cwl/jOlQu0rhtMi+XC+4J7f89 ctcNaXjC1f/uljP06xzT7YmgnplghUCU39A3rCmhlvEX9FE2xo0K/raiYruWaNxU uAN9TeATAtvf9eL19K/f9TwatJzHVTyhi0sT1//AuQdvCdW47jqcKLPH/fStNYlO 2nZ11mltyGJCFTB8hSgtTTDlZMZDevhtuk7vQP+DzxHc6g1gf7ZX63KGuL/Q8Vb4 bFe/JaECn7uFUh/bbppmibYfYSOGnFP++ostScsBeGEuYTUy30BL26mzREabV4P0 kGxDgHPUOfXRVcu/Q2+qRnjqfx+5nyZ7+ZFEBLzUZIQPZq7RmCm5vPML9yAs6DK9 I3eIBHARkXYFkvziZPVxbs5YOpqCAreBgo1j3G4kEChMwRBHDocvOWsVU3k3/FWw jmL91QyKopoiGvH+ZXMBIuRb8rOl6P1XvzHI5x18I8j7ueuVukQ+p1TrErPP6P+U c06h/MvDkB8zCVDYYFHri2fOrA40Hd4EB+JPlHWlArT7gqgjOms2Rhe1eGUPyczA Rfdnkr18cpLCko0bJFOcJ86Txhck2w8qMwWxjoZ0W7slrxzLBudGq5lO9l+L+mEz cjo8ePjkT+MMIR9WO1CNP75tIPaGYhpXU1R6l7qe8f6N87pYJfc= =rxWx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c75d4f12-2898-15fd-9909-cf8a63bb588c%40cock.li. 0xC1F4E83AF470A4ED.asc Description: application/pgp-keys