[qubes-users] Using Mullvad VPN in Qubes

['Micah Lee' via qubes-users]

In case anyone is interested, I just wrote a blog post about how I
configure Mullvad in Qubes, using NetworkManager, a script to
auto-connect, and the Qubes firewall.

https://micahflee.com/2019/11/using-mullvad-in-qubes/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/776b732b-89ac-a13f-aa9c-8e7cd3f928bd%40micahflee.com.

Re: [qubes-users] With 4K monitor, if screen goes blank, mouse clicks don't work in VMs

['Micah Lee' via qubes-users]

On 2019-09-24 18:21, Michael Siepmann wrote:
> I've read and followed the instructions on
> https://www.qubes-os.org/doc/gui-configuration/ but the problem I'm
> having is different. Here's what happens:
> 
> 1. I'm using VMs on a 4K monitor successfully, via DisplayPort.
> 
> 2a. I have Dom0 screensaver set to Blank Screen Only and it blanks after
> the configured number of minutes
> 
> OR 2b. I switch to using the laptop screen, then back to the 4K monitor
> 
> OR 2c. The computer wakes from sleep while the 4K monitor is in power
> saving mode.
> 
> 3. I can no longer click the mouse in my VMs (though it seems as if
> maybe all clicks register in a very small area at the top left). The
> mouse works normally in dom0.
> 
> 4. If I switch to the laptop internal screen it works fine there, but if
> I switch back to the 4K monitor it still doesn't work there. The only
> way to get mouse clicking working in the VMs again is to shut down the
> VM and restart it while using the 4K monitor.
> 
> The same thing happens if the computer goes to sleep and when I wake it
> up the monitor is in power saving mode. My current workaround is to
> disable the screensaver, and remember to wake the monitor before waking
> the computer,
> 
> Is this a bug I should report? Has anyone else encountered this behavior?

I've encountered this bug (or a similar one) as well on a 4K monitor. It
appears that the mouse clicks only register if they're within the top
left width and height of the laptop resolution.

A workaround I've discovered is just restarting your VMs while your 4K
monitor is plugged in. If you start a VM with the monitor plugged in, it
lets you click anyone on the monitor within that VM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/26c69851-cbe4-a353-1b7f-203bf0b695c3%40micahflee.com.


signature.asc
Description: OpenPGP digital signature

[qubes-users] /dev/mapper/qubes_dom0-root does not exist

[Micah Lee]

I recently installed Qubes 4.0 on a laptop, installed updates in dom0 
and my templates, restored a backup, and did a bunch of custom 
configuration. And then when I rebooted, Qubes wouldn't boot up due to a 
partitioning error. (It looks like it's the same problem described here 
[1]). During boot, I get a hundreds of lines that says:


dracut-initqueue[343]: Warning: dracut-initqueue timeout - starting 
timeout scripts


Followed by:

dracut-initqueue[343]: Warning: Could not boot.
dracut-initqueue[343]: Warning: /dev/mapper/qubes_dom0-root does not 
exist

dracut-initqueue[343]: Warning: /dev/qubes_dom0/root does not exist
 Starting Dracut Emergency Shell...

Then it drops me into an emergency shell.

When I run lv_scan, I can see:

Scanning devices dm-0 for LVM logical volumes qubes_dom0/root 
qubes_dom/swap

inactive '/dev/qubes_dom0/pool00' [444.64 GiB] inherit
inactive '/dev/qubes_dom0/root' [444.64 GiB] inherit
ACTIVE '/dev/qubes_dom0/swap' [15.29 GiB] inherit
inactive '/dev/qubes_dom0/vm-sys-net-private [2 GiB] inherit

And it continues to list another inactive line for each private or root 
partition for each of my VMs. Only swap is active.


I spent a little time trying to troubleshoot this, but ultimately 
decided that it wasn't worth the time, since I have a fresh backup. So I 
formatted my disk again, reinstalled Qubes, restored my backup, etc. 
After installing more updates and rebooting, I just ran into this exact 
same problem *again*. I think this could be a Qubes bug.


Any idea on how I can fix this situation? The dracut emergency shell 
doesn't seem to come with many LVM tools. There's lvm, lvm_scan, 
thin_check, thun_dump, thin_repair, and thin_restore. I could boot to 
the Qubes USB and drop into a troubleshooting shell to have access to 
more tools.


[1] 
https://groups.google.com/forum/#!searchin/qubes-users/dracut-initqueue$20could$20not$20boot|sort:date/qubes-users/PR3-ZbZXo_0/G8DA86zhCAAJ


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ad0c4e025404fa1b9eb5eb3d39ac3f62%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Talk about HOPE about Qubes

[Micah Lee]

Hello, I just discovered the recording of my HOPE talk showing off many
cool things about Qubes. Check it out if you're interested:
https://livestream.com/internetsociety2/hope/videos/178431606

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8b1b1752-082e-7708-50de-0d2673c6d38c%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] UpdateVM pref not sticking

[Micah Lee]

‐‐‐ Original Message ‐‐‐

On March 24, 2018 2:28 PM, Micah Lee <mi...@micahflee.com> wrote:

> When I installed Qubes 4.0 I chose to install all of my updates over Tor. 
> Since then, I've opened Qubes Global Settings and changed UpdateVM to 
> sys-firewall.
> 
> When I install dom0 updates, this seems to work fine. It says `Using 
> sys-firewall as UpdateVM to download updates for Dom0`.
> 
> But when I try installing updates in my templates, such fedora-26, it still 
> uses sys-whonix as the UpdateVM. I'm sure because as soon as I try installing 
> updates, sys-whonix starts, and if I shut it down in the middle of updates, 
> the updates fail. (And also the downloads are very slow.)
> 
> I'd like to be able to control which UpdateVM my templates use to update. Any 
> idea how I can troubleshoot what's going on?


Looking at another thread going on right now, I found this useful:
https://groups.google.com/forum/#!searchin/qubes-users/Whonix%7Csort:date/qubes-users/gLqORddxb-Y/mDxXDi3cAwAJ

I can edit /etc/qubes-rpc/policy/qubes.UpdatesProxy, and change 
target=sys-whonix to target=sys-net. After I do that, my template seems to use 
sys-net as the UpdateVM.

This seems like a bug though. Shouldn't this file change when I change Qubes 
Global Settings?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1I6fw0aN1qNu1ceuqUMupRoDL38Dn-aLhox9wTOkwIAxAcG54APubk62trf1eCqDEwcOuTZ6lvMzs19oKlBJchss00dA7snHdK3CRLwb5OM%3D%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] UpdateVM pref not sticking

[Micah Lee]

When I installed Qubes 4.0 I chose to install all of my updates over Tor. Since 
then, I've opened Qubes Global Settings and changed UpdateVM to sys-firewall.

When I install dom0 updates, this seems to work fine. It says `Using 
sys-firewall as UpdateVM to download updates for Dom0`.

But when I try installing updates in my templates, such fedora-26, it still 
uses sys-whonix as the UpdateVM. I'm sure because as soon as I try installing 
updates, sys-whonix starts, and if I shut it down in the middle of updates, the 
updates fail. (And also the downloads are very slow.)

I'd like to be able to control which UpdateVM my templates use to update. Any 
idea how I can troubleshoot what's going on?
​

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/uTNNgSLwOQzmGANQ505H44OTCoTO4VrUtXQBeFdyzCB3bOdGS-8pqN9JM0oncUOViqEc0YBFJxghkP1Vx9mV_o78UvjAI2LiyQsp3FJDB5o%3D%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

[Micah Lee]

‐‐‐ Original Message ‐‐‐

On March 8, 2018 11:26 AM, Chris Laprise  wrote:

> ​​
> 
> >>>\> \[1\] https://dnsprivacy.org/wiki/
> 
> > > > > \[2\] https://www.qubes-os.org/doc/networking/
> 
> Micah,
> 
> If you have any specific instructions on how to setup the forwarder
> 
> you're using, I'd be happy to try it myself and post a solution for use
> 
> with qubes-firewall.
> 
> I found the dnsprivacy wiki to be a bit scattered and not very specific.
> 
> Their video "tutorial" is really a lecture on the concept.

Thanks, yes I'd love to share instructions. I haven't gotten it working yet -- 
I'm traveling right now and haven't spent a lot of time on it, and might not 
for the next week or two. But once I figure it out I'd like to write a blog 
post or something with instructions. But maybe I should sent it to this list 
first for people to test and give feedback.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/pPIWHaxl0Lwz4sF1qRHn34jz0i4_oDljtkWk8CQMPNnOtFFKBsOS7gaUGQqLXC9ZFprlaPHpcPW_4IX_LKKwm9no1c-DO7byugnObo8aXzY%3D%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] DNS propagation in Qubes

[Micah Lee]

Qubes 4.0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/X1juIg1dY5HqEdgRRiliD8belJfZZE8Zt-UAwN3VNsQETPt6oVLAVSRCgd8H0Zq_LvFJz6fWTeYPMKPGjolws8qqCHF8RsbhrtuNz1FpOVc%3D%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] DNS propagation in Qubes

[Micah Lee]

I'm trying to make all DNS requests in Qubes go over TLS (more information 
about this [1]).

I've got this successfully working in sys-net by running a local DNS server on 
udp 53 that forwards DNS requests to a remote DNS server over TLS, and then 
setting my only nameserver in /etc/resolv.conf to 127.0.0.1. I've confirmed 
that this works great in sys-net -- all of my DNS requests are encrypted to my 
remote DNS server, and none are plaintext.

The problem is when I do this, DNS in other downstream VMs all fail. The Qubes 
networking docs [2] explain how DNS works in Qubes, but I'm confused about how 
to make this set up work. Any ideas? Thanks!

[1] https://dnsprivacy.org/wiki/
[2] https://www.qubes-os.org/doc/networking/

​​


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9XVz-7viQEqd-6MPx8NvR4Fnk502VgBDJUYogFE056xaFr-k76ApY7WmEbi3oH6yQZQ7MEHbuqYbwCZInJ8LE9lysw_e3w8Dw93FrISL2hU%3D%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qrexec policies broken after QSB #38 update

[Micah Lee]

On 02/20/18 11:25, Chris Laprise wrote:
> Since several people are reporting this, I decided to try some simple
> qvm-copy tests and have been unable to reproduce the problem on R4.0-rc4.
> 
> I updated with qubes*testing and then restarted per the QSB.

I realized that I had enabled the testing repo in dom0 but not in my
templates. After enabled the testing repo in my templates and installing
updates, I no longer have this problem.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/638b7bac-4cd8-6d92-3a81-236892923da8%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qrexec policies broken after QSB #38 update

[Micah Lee]

I just installed updates in dom0 (current-testing) after QSB #38, and
now my qrexec policies are semi-broken.

To demonstrate, I just made two new AppVMs, testvm1 and testvm2. I want
to copy a file from testvm1 to testvm2:

[user@testvm1 ~]$ echo test > test.txt
[user@testvm1 ~]$ qvm-copy test.txt
Request refused
[user@testvm1 ~]$

It immediately fails with "Request refused" and doesn't pop up a dom0
window asking where I want to copy it to. This is true when I run
`qvm-copy` in any VM, it is immediately denied without prompting me.

I'm running into the same problem with other qrexec services too, like:

[user@testvm1 ~]$ qvm-open-in-dvm https://www.eff.org/
Request refused
[user@testvm1 ~]$

My /etc/qubes-rpc/policy/qubes.Filecopy has only one line:

$anyvm $anyvm ask

However, if I edit it and add this line to the beginning:

testvm1 testvm2 allow

It works, but only if I use the deprecated `qvm-copy-to-vm`:

[user@testvm1 ~]$ qvm-copy test.txt
Request refused
[user@testvm1 ~]$ qvm-copy-to-vm testvm2 test.txt
qvm-copy-to-vm/qvm-move-to-vm tools are deprecated,
use qvm-copy/qvm-move to avoid typing target qube name twice
sent 0/1 KB
[user@testvm1 ~]$

And likewise, my qubes.Gpg policy works for the VMs where I explicitly
allow it.

I read the QSB, and it says that the '$' character is being deprecated
and replaced with the '@' character, but changing my qrexec policy to
this doesn't work:

@anyvm @anyvm ask

Is anyone else running into this problem? Any solutions?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a5155c72-f7dd-f0f2-a595-9b172b4cc681%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Supercookies / Zombie cookies / Web Tracking — how effective are Qubes security domains against this

[Micah Lee]

Qubes security domains don't necessarily help solve this problem because
really the problem is how your web browsers are configured.

So a tracking company can't link your browsing activity between Qubes
domains -- your "personal" traffic and "work" traffic might look like
two separate people -- but within one of those domains, they can still
track you, and do all of those tricks.

If you want web privacy, you'll have to configure your browser within
Qubes the same way you have to outside of Qubes. Or, you can do all of
your browser in DisposableVMs. Or use Tor Browser, which has taken many
steps to prevent browser tracker as a design goal.


On 09/18/2017 09:43 AM, jes...@gmail.com wrote:
> In the past I have used a Firefox plugin called "Better Privacy" to try to 
> push back against multi-front user fingerprinting and analysis mechanisms 
> such as the kind used by large advertising and user demographics companies 
> which include the abuse of Flash LSOs, HTML5 local storage, Silverlight, et 
> al to confirm that the same user is browsing along a website or a distributed 
> ad network even when they "clear private data" or use incognito mode, even 
> when they switch to different browsers installed on the same machine, even if 
> they're using coffee shop wifi or VPNs so that they appear from different IP 
> addresses, etc.
> 
> The take home being that it only takes one (1) fingerprint hit through one 
> (1) of the avenues available to tracking organizations to confirm that they 
> are dealing with the same end-user (or household unit, or something close 
> enough to pad their toxic dossier with) and thus to link every cookie 
> fingerprint that they know for this user across both domains under the same 
> umbrella.
> 
> A pretty thorough look at all of the strategies that I am at least aware of 
> can be had at this url: 
> https://www.chromium.org/Home/chromium-security/client-identification-mechanisms
> 
> So I am curious to what extent Qubes security domains may be sufficiently 
> complete as to defeat potentially all of these mechanisms simultaneously? 
> Especially if end-user configures one or more domains to pipe all network 
> traffic over a VPN or tor to additionally differentiate their IP address?
> 
> I am especially interested to hear about how Qubes security domains interact 
> with Flash LSOs, and .. whatever-it-is that Silverlight and other 
> multi-browser plugins do, and whether *that* data leaks between domains. :/
> 
> Thank you for any insight you guys may have on this matter, as it sounds like 
> it speaks directly to Qubes primary mission goals of security by 
> compartmentalization. :D
> 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e9cdccf-488c-fa1e-2bf0-b70c835108c5%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Network setup - TORVM-VPNVM

[Micah Lee]

On 08/18/2017 03:43 PM, james.buttler1...@gmail.com wrote:
> Ah right ok. So I am working the wrong way around when I look at the chain? 

Think of the ProxyVMs (like sys-whonix, sys-vpn, sys-firewall, sys-net)
as being liking a router that you connect a VM to as a gateway to get
internet access.

sys-net connects to the internet through wifi or ethernet.
sys-firewall gets it's internet from sys-net.

And in your specific example:

sys-whonix gets its internet from sys-firewall.
sys-vpn gets its internet from sys-whonix.

So you might want to make an AppVM called "personal" and set sys-vpn as
its netvm. When you use the internet in that VM, all internet traffic
will come from the VPN.

You might want to make an AppVM called "captive-portal" and set
sys-firewall to be its netvm. When you use the internet there, your IP
will be your real IP address without any proxies.

For each AppVM, you get to choose which ProxyVM it gets its internet from.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/70b270e2-6096-b619-26a0-c4d4c08d2189%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Network setup - TORVM-VPNVM

[Micah Lee]

On 08/17/2017 04:32 PM, james.buttler1...@gmail.com wrote:
> I'm just starting to use qubes os and I'm trying to understand how it all 
> works.
> 
> If I wanted to setup the system to route all my traffic through tor and then 
> that tor traffic through a vpn 
> 
> Would I simply setup a TORVM with Its netVM being the vpnvm ?
> 
> Or can a netVM not have its own netVM? 
> 
> Thanks for the help

Qubes comes with sys-whonix, which is a ProxyVM that routes traffic
through Tor. If you want to connect to Tor first, and then the VPN
second, you would make a new ProxyVM for your VPN (I'll call it sys-vpn)
and set its netvm to be sys-whonix. Then you'd create AppVMs and set
their netvm to be sys-vpn.

This way, all of the internet traffic in those AppVMs would be coming
from your VPN's IP address, but you'll be connecting to your VPN
anonymously over Tor.

If you want all your traffic to go over this VPN, then in the VM Manager
you can open Global Settings and set the default netvm to sys-vpn. (You
can of course have specific AppVMs that use sys-whonix or sys-firewall
as their netvm as well, like if you want to just use Tor, or if you want
to click through captive portals on wifi networks.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0d6bb719-3e2c-d442-8a6d-105fa3115a72%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] latest qubes update cause network problems

[Micah Lee]

On 08/17/2017 03:56 AM, Kolja Weber wrote:
> Hello,
> 
> at first: thanks for the great work on qubes, it is amazing.
> 
> i discover since the last update on 3.2 problems with my network in case
> i suspend my T550 to ram. All VMs wake up fine including the network VM
> but it doesent reconize any wlan (no networks show up), lan not tested yet.
> 
> Vm restart doesent solve it, only way to get it back is a full reboot.
> Any changes in the xen kernel related to wlan driver?
> 
> Kolja

I appear to have this same problem as well. Ethernet works, but after
suspend wifi breaks. It looks like it's this issue:
https://github.com/QubesOS/qubes-issues/issues/3008

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa2d4421-787a-ff45-071b-2b71a268d647%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!

[Micah Lee]

On 08/08/2017 03:59 PM, taii...@gmx.com wrote:
> FYI: Having different VM's using the same template doesn't really matter
> as they all have the same browser fingerprint.

If your primary concern is browser fingerprinting, you should just use
Tor Browser. Other browsers don't attempt to hide your browser
fingerprint, especially the most fingerprintable part, your IP address.

But browser fingerprinting isn't many people's primary concern, I think.
I use browsers in separate AppVMs for compartmentalization. So if one
browser gets compromised (or if a website uses css tricks to guess my
browser history, etc.), the attacker won't be able to obtain any
information about what's going on in browsers in other AppVMs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0b802c4-a6d6-4781-f9f6-ec2328778f3b%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!

[Micah Lee]

I've finally got Qubes 4.0-rc1 booted! I've got a couple questions.

Without the VM Manager, is there a GUI way to delete VMs? I know you can
run "qvm-remove" from a dom0 terminal.

Is there a GUI way to start VMs without actually opening an application
in them? (I often configure stuff to autostart when the VM is started.)

I'm also noticing some strange USB VM stuff. On this computer I've opted
to make sys-net both my netvm and usbvm, and I've confirmed that sys-net
has my USB controller PCI devices attached.

By default, my sys-net uses memory balancing, even though it has the
warning message, "Dynamic memory balancing can result in some devices
not working!" Should I turn off memory balancing?

The devices systray applet thing for me lists these devices:

sys-firewall:1-1 QEMU_QEMU_USB_Tablet_42
sys-net:2-7 8087_07dc
sys-net:2-8 SunplusIT_INC._Integrated_Camera
dom0:mic Microphone

What is this qemu thing in sys-firewall? When I run lsusb in
sys-firewall I see two devices, "Adomax Technology Co., Ltd" and "Linux
Foundation 1.1 root hub". I confirm that sys-firewall doesn't have any
USB controller PCI devices. But even weirder, when I boot a different
AppVM, like personal, lsusb shows me the same USB devices, but it
doesn't appear in the Qubes devices systray applet.

And finally, when I plug in a USB device, the systray applet doesn't
seem to see it. I plugged in a Yubikey, and when I run qvm-usb in dom0
it displays:

sys-net:2-1 Yubico_Yubikey_4_OTP+U2F+CCID

And running lsusb in sys-net displays it as well. But the devices
dropdown doesn't list this.

Also, I noticed that qrexec clients now require an extra step. If I run
"qvm-copy-to-vm work example.txt" in my personal AppVM, the dom0 window
that pops up asks me to select the target ("work", in this case) before
clicking OK to allow it. This seems fine to me, and in fact I like how
clear it's being, but "work" isn't pre-filled in, so I have to manually
select it, or type it, each time, instead of just pressing enter.


Finally, pro tip: In xfce, and especially in Qubes, I find pressing
Alt-F3 and typing the name of a program much quicker than using the
start menu. If I want to open Firefox in the personal AppVM, I type
"personal:" and it shows me all the menu entries for personal, and
"personal: f" is enough to select Firefox by pressing enter.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2dee2c30-c593-2824-5cc1-7b0b26a854da%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!

[Micah Lee]

On 07/31/2017 03:22 PM, Rusty Bird wrote:
> Micah Lee:
>> I just installed Qubes 4.0-rc1 on a Lenovo ThinkPad T440 which runs
>> Qubes 3.2 without a problem. After installing it, when I boot up, grub
>> works, but then as soon as Qubes starts to boot the computer reboots,
>> and I end up back in grub.
> 
> I ran into the same behavior on a T420. Removing iommu=no-igfx from
> the Xen command line fixed it. [1]

Thank you, this fixed it!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b3640e1a-81fe-a02c-0bb8-131503751a4a%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes OS 4.0 first release candidate (rc1) has been released!

[Micah Lee]

On 07/31/2017 04:43 AM, Marek Marczykowski-Górecki wrote:
> Hello,
> 
> We have just released Qubes 4.0-rc1:
> 
> https://www.qubes-os.org/news/2017/07/31/qubes-40-rc1/

I just installed Qubes 4.0-rc1 on a Lenovo ThinkPad T440 which runs
Qubes 3.2 without a problem. After installing it, when I boot up, grub
works, but then as soon as Qubes starts to boot the computer reboots,
and I end up back in grub.

Any ideas on how to start troubleshooting?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37f90321-b62b-a74c-1f01-a6590a7f75a6%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Soft U2F in Qubes?

[Micah Lee]

GitHub has released an interesting piece of Mac software called Soft
U2F: https://githubengineering.com/soft-u2f/

It's basically a virtual security key, and it stores its secret in the
macOS keyring. When you login to a website with 2FA, instead of using a
physical USB security key, you just click an "approve" button that pops up.

Their blog about it says: "Authenticators are normally USB devices that
communicate over the HID protocol. By emulating a HID device, Soft U2F
is able to communicate with your U2F-enabled browser, and by extension,
any websites implementing U2F."

As it stands, U2F is a pain in Qubes because you have to deal with USB
passthrough, and exposing your VMs to sys-usb.

How hard would it be to build a Qubes version of Soft U2F that stores
the secret in a separate VM, similar to split gpg? This could make using
U2F much more usable and secure inside of Qubes, I think.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/518a8fa7-05f3-f1ea-247a-bff614acbdc6%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Those using a Kali vm. Which download iso do you have that is working on qubes?

[Micah Lee]

On 06/30/2017 04:51 AM, jakis2...@gmail.com wrote:
> I'm not getting anything properly up. I've seen the errors on here that some 
> people have and never a solution really. I've also seen the errors talked 
> about in other places but no solution works on qubes
> 
> As of now I can login and just get the small space at the bottom visible. 
> 
> On windows running virtual box there is no problems whatsoever 

I've had this same problem with different distros in HVMs running GNOME,
including with Kali. I never solved it, but I did discover that XFCE
doesn't have the same problem.

So if you want to run something closer to vanilla Kali, you can download
and install the "Kali 64 bit Xfce"[1] iso to an HVM, and this will work.

Although, you won't get Qubes tools, which means you won't be able to
fully maximize the window, share the clipboard, copy files between VMs,
etc. I find that Kali is more usable in Qubes to do it in the way Noor
suggested and use Debian with katoolin instead.

[1] https://www.kali.org/downloads/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b0cab82-2759-74db-e3ea-7c3add2e4599%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Display issues with Kali HVM

[Micah Lee]

When I install Kali in an HVM it has this terrible display issue [1].
When I move the mouse to the top-left of the window, I can see the
cursor navigate over the Application menu in the bottom left. Does
anyone know how to fix this?

This screen resolution trick [2] doesn't do it. If I set a custom
xorg.conf with these changes, GNOME fails to load when I try logging in,
and I get spit back out at the login screen.

I know that I can follow instructions here [3] and use katoolin to make
a Debian template full of Kali tools, but I'm hoping to actually run
Kali itself, with GNOME configured exactly as it is.

[1] https://i.imgur.com/pLWGnmw.png
[2] https://www.qubes-os.org/doc/linux-hvm-tips/#screen-resolution
[3] https://www.qubes-os.org/doc/pentesting/kali/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/32f4ec03-555d-0cf4-1f5f-eb7bd5e69f85%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Breaking the Security Model of Subgraph OS

[Micah Lee]

I met up with Joanna at the recent Tor meeting in Amsterdam, and we
tried to see if we could hack Subgraph OS, which I was running on my
travel computer. We succeeded, and I've written up all the details here:

https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/

And also made a video of the exploit here:

https://www.youtube.com/watch?v=SVsllZ7g7-I

The analysis compares how Qubes would handle such an attack.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8638f35-6c0c-2d9a-e321-5b951facc8e3%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Chainloading to the Qubes bootloader

[Micah Lee]

On 12/06/2016 12:31 PM, justin.h.holg...@gmail.com wrote:
> On Tuesday, December 6, 2016 at 12:24:08 PM UTC-8, Micah Lee wrote:
>> On 12/06/2016 12:18 PM, justin.h.holg...@gmail.com wrote:
>>> TL/DR: what can I put in /etc/grub.d/40_custom to chainload the Qubes /boot 
>>> partition at /dev/sda7?
>>
>> It's kind of old at this point, but I wrote a blog post awhile ago about
>> dual-booting Ubuntu and Qubes, including the chainloading details:
>>
>> https://micahflee.com/2014/04/dual-booting-qubes-and-ubuntu-with-encrypted-disks/
> 
> Right! I came across that and I was hoping to basically do the reverse, where 
> the Ubuntu bootloader comes first and has an option for Qubes. Unfortunately, 
> I couldn't get it to work.

You could set chainloading to Ubuntu's grub as the default option in the
Qubes grub. You'll boot to Qubes grub, wait 3 seconds, boot to Ubuntu
grub, wait 3 seconds, boot to Ubuntu.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ef8461d-5377-db0e-5da4-510b715a4df8%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Chainloading to the Qubes bootloader

[Micah Lee]

On 12/06/2016 12:18 PM, justin.h.holg...@gmail.com wrote:
> TL/DR: what can I put in /etc/grub.d/40_custom to chainload the Qubes /boot 
> partition at /dev/sda7?

It's kind of old at this point, but I wrote a blog post awhile ago about
dual-booting Ubuntu and Qubes, including the chainloading details:

https://micahflee.com/2014/04/dual-booting-qubes-and-ubuntu-with-encrypted-disks/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b0c20d2-d221-575c-49fe-f8063173c159%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Yubikeys in Qubes

[Micah Lee]

On 12/02/2016 06:50 PM, Leeteqxv wrote:
> Is it not possible to configure this to having the Yubikey require the
> person to press the key button manually/physically?
> If not, such a limitation would lie in the software rather than in the
> Yubikey, I assume, since the Yubikey support Challenge-Response and such
> already? If possible, it is definetely preferable to work around
> potential PIN theft and subsequent hidden (mis)use by requiring a
> manual/physical action.

The problem here is that products that can be used as OpenPGP smart
cards, like the Yubikey, can't just make arbitrary features like
challenge-response for secret key operations. They need to implement the
OpenPGP specification so that all software that works with them (GnuPG,
OpenKeychain, others) can implement the same spec, and everything can just.

The spec currently supports requiring a PIN to do secret key operations,
with rate limiting that makes too many invalid PIN guesses locks the
card. In order to support challenge-response as well I think the OpenPGP
smart card spec would need to get updated, which is a much longer
process that just writing some new software.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7b55411b-5d84-6919-3e6e-1be2b8e429a7%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Yubikeys in Qubes

[Micah Lee]

On 12/01/2016 04:37 PM, Marek Marczykowski-Górecki wrote:
> The tool run by qvm-usb does support alternative device identification
> - using product and vendor ID. Also to specify which device to attach. 
> This isn't exposed by qvm-usb tool, because it may be ambiguous, but may
> be useful here. See README for more details:
> https://github.com/QubesOS/qubes-app-linux-usb-proxy
> I acknowledge that your solution is better in some aspect: it exists and
> works :)

It seems, from my brief testing, that all Yubikeys of the same version
have the same product and vendor ids. That still might be preferable to
grepping for "Yubikey" though.

> Is communication with YubiKey encrypted, or at least somehow
> authenticated? Otherwise malicious USB VM could easily perform some kind
> of man in the middle attack and for example sign document you really
> didn't want to sign. Or decrypt arbitrary data. It's possible even when
> physical confirmation (button) is required - by simply waiting until you
> perform *some* operation.

It is authenticated, but unfortunately I don't think in a secure way.
When you use any OpenPGP smart card you have to set a PIN to use it, and
you have to authenticate with the smart card using the PIN. In the case
of Yubikeys, you type the PIN using the gpg pinentry program (some smart
card readers have physical keypads to type the PIN, so software
keyloggers on the computer can't steal the PIN). But I'm pretty sure
that the PIN you type in, in plaintext, gets sent to the Yubikey, so
your usbvm could probably log the PIN the very first time you use your
smart card, and then use it as much as it wants after that without you
knowing.

Also, I'm pretty sure none of the communication is encrypted. To decrypt
a message on a smart card, you send the ciphertext (and a PIN, if it
isn't cached) to the smart card, and it decrypts it responds with the
plaintext. So likely, the usbvm could spy on the plaintext of decrypted
messages.

Unfortunately Yubikeys don't support pressing the physical button for
secret key operations. Those are preserved for 2FA and static passwords.

> This is general problem with USB devices, which are hard to solve with
> the current USB infrastructure (USB VM can do anything with any device
> connected to it). Without some fundamental USB rework - probably at
> hardware layer, I think the only alternative is protecting the data at
> individual device protocol level (like you do with encrypted USB sticks
> for example).

Sad, but reality.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c322b41-e60f-d577-d15d-6cf7884ee8cf%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Yubikeys in Qubes

[Micah Lee]

On 12/01/2016 05:14 PM, Chris Laprise wrote:
> What is an acceptable / secure way to obtain a Yubikey fob?

Unfortunately it's kind of hard to find Yubikeys in retail stores. You
might check here to see if you can find one close to you:
https://www.yubico.com/store/resellers/

Otherwise, you kind of have to order them online. It might make sense to
have one person do a single bulk order and pay for the fastest shipping
(to reduce the window for interdiction), and then distribute them to in
person to friends who want them. But of course it's not perfect.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2cda7f76-87c2-a192-c59c-dcd3f68a8837%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Yubikeys in Qubes

[Micah Lee]

I just wrote a quick blog post about using Yubikeys in Qubes.
Specifically, I wanted to share a script that will use qvm-usb to attach
your Yubikey to your gpgvm no matter what USB port you plug it into.

https://micahflee.com/2016/12/qubes-tip-making-yubikey-openpgp-smart-cards-slightly-more-usable/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5e442acf-1d2f-c37a-b69c-65b1a57e45dd%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking between Linux and Windows VMs

[Micah Lee]

On 09/05/2016 02:44 PM, Connor Page wrote:
> they should be connected to the same firewallvm, not netvm. iptables in 
> netvms are set up differently.

They are connected to the same firewallvm. And I've successfully gotten
networking working between two Linux VMs using this firewallvm. It's
just not working with one of the VMs being a Windows HVM.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5eddbdaf-ca4e-cf63-b739-1229acc0f052%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Networking between Linux and Windows VMs

[Micah Lee]

I've installed Windows 10 in an HVM (called dev-win10), and I'd like to
be able to connect to its RDP service from a Linux VM (called dev).

The documentation [1] says both VMs need the same netvm, and in that
netvm I need to enable an iptables rule to let dev communicate with
dev-win10:

iptables -I FORWARD 2 -s $DEV -d $DEV_WIN10 -j ACCEPT

Then in the VM that will hosting the service, dev-win10 in this case, I
need to allow incoming connections from the source IP:

iptables -I INPUT -s $DEV -j ACCEPT

This seems to work fine if the VM hosting the service is Linux. Since
it's Windows I obviously just need to allow access using the Windows
Firewall instead of with iptables.

It sure seems like I'm allowing all inbound connections to the Remote
Desktop service in the Windows Firewall [2], however when I try
connecting to it from dev it times out.

I've also tried running a simple http server using python3:

python3 -m http.server

And I allowed python.exe through the Windows firewall, but I can't
connect to that service either. When I try the same experiment in a
Linux VM, I can connect to it fine from dev.

Any idea what I'm missing?

[1] https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4
[2] https://i.imgur.com/PyrKLAm.png

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1615c334-65bc-5cd3-348a-c935e4392abf%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] 3.2-rc1, xfce4 volume control

[Micah Lee]

On 07/13/2016 03:07 PM, Marek Marczykowski-Górecki wrote:
> Wasn't that installed by default? It should be...

It wasn't for me. I installed xfce by installing the @xfce-desktop-qubes
package in dom0, rather than using the installer.

> Install xfce4-volumed. It will be installed by default in next release
> candidate.

Thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1781d433-c7a3-4615-efb1-90a654c2dbd2%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] 3.2-rc1, xfce4 volume control

[Micah Lee]

One thing I've noticed is that there's no volume control on my panel,
and my laptop's volume up and down keys don't work to adjust the volume.

I discovered that I can adjust the volume by manually running alsamixer
in dom0. I also discovered that I can install the xfce4-mixer package,
and then run xfce4-mixer, to get a GUI granular volume control. That
package also include a mixer panel applet, which requires a bit of
configuration to work properly.

I still haven't made my volume up and down keys work.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1301705c-129f-97f1-24bd-ec9a05b66cdd%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Installing XFCE

[Micah Lee]

I've installed Qubes 3.2-rc1 with only KDE. How do I install XFCE now as
well? The docs [1] about this look super outdated. A couple things that
I tried but didn't work:

sudo qubes-dom0-update xfce4
sudo qubes-dom0-update @XFCE
sudo qubes-dom0-update @xfce-desktop-environment

[1] https://www.qubes-os.org/doc/xfce/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/adab2276-029f-2acb-3302-5497813cd944%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Opening links in your preferred AppVM

[Micah Lee]

I published a quick blog post explaining how I do this:

https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8b44135-64fc-fe4c-1e46-c28800215a0b%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HVM Win7 libxenlight error?

[Micah Lee]

On 06/20/2016 12:03 PM, Andrew David Wong wrote:
> Thanks. Tracking here:
> 
> https://github.com/QubesOS/qubes-issues/issues/2096

Excellent. Just to be thorough, the problem was that I hadn't installed
the qubes-windows-tools package in dom0. Since that package isn't yet
available in R3.2 RC1, I installed it from the testing repos:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing
qubes-windows-tools

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8376ec93-4058-b400-b70e-c9c08e6fb434%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [R3.2 RC1] USB passthrough

[Micah Lee]

I'm trying to test out USB passthrough in Qubes R3.2 RC1 by following
these docs [1]. It says to install the qubes-usb-proxy package in my
usbvm's template (in my case, fedora-23), however after installing it I
still don't have a qvm-usb in my path.

Am I missing something?

[user@fedora-23 ~]$ sudo dnf install qubes-usb-proxy
Last metadata expiration check: 2:48:42 ago on Sun Jun 19 10:30:21 2016.
Package qubes-usb-proxy-0.1-1.fc23.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Sending application list and icons to dom0
Complete!
[user@fedora-23 ~]$ which qvm-usb
/usr/bin/which: no qvm-usb in
(/usr/lib64/qt-3.3/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/user/.local/bin:/home/user/bin)
[user@fedora-23 ~]$

[1] https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-5

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/33b7cfd8-ea17-e18f-27e9-28773ba43fc7%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [R3.2] Settings for displays missing

[Micah Lee]

On 06/19/2016 07:50 AM, Albin Otterhäll wrote:

I've just installed R3.2-RC1 and I can't find the settings for displays
in Plasma (KDE). /System Settings --> Display and Monitor/ doesn't
contain any settings for monitors, just the compositor.

I'm using a Thinkpad T430 (laptop) and trying to connect my external
monitors.


It appears that there are some missing packages in dom0. I solved this 
by installing kscreen:


$ sudo qubes-dom0-update kscreen

This made KDE recognize my external monitor, but I still couldn't find 
the configuration tool in System Settings. However I figured out that I 
could open it like this:


$ kcmshell5 kscreen

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/58f517aa-f2f0-2ce1-4077-cc5e18d40aa6%40micahflee.com.
For more options, visit https://groups.google.com/d/optout.