Re: [qubes-users] The VPN avalibel in Qubes

[Chris Laprise]

On 8/12/19 5:51 PM, 27casanov...@gmail.com wrote:

This is indipendent of Tor. I just relised that some kind of vpn can be sett up 
when making a new VM.

I guse it uses whonix gateway indipendent of Tor?



The easiest & most comprehensive/secure VPN config for Qubes is here:

https://github.com/tasket/Qubes-vpn-support

You can also try your luck with the VPN instructions on the Qubes 
website, but its more manual work (even if you use Network Manager) for 
less results.


All of these involve setting up a dedicated VM for the VPN. You can 
chain such a VPN either before or after sys-whonix.


OTOH, Whonix has some instructions on configuring a VPN inside 
sys-whonix. I'm not familiar with it, so I'll leave it there.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/95e20cdc-68c1-d9d0-a2b9-08d2087ff7b1%40posteo.net.

[qubes-users] USB keyboard won't work in app VM in spite of being attached and recognised.

[Eternal Questioner]

Hi All,

I was wondering whether anyone might have had a similar issue.

Background:


   - sys-usb sys VM is installed and functional.
   - Hewlett Packard keyboard can be seen in the results of qvm-usb.
   - Keyboard has been attached to the app VM with qvm-usb.
   - Keyboard can be seen as device 002 on bus 002 in the app VM:

[user@testvm ~]$ lsusb
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 002: ID 03f0:2b4a Hewlett-Packard
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
[user@testvm ~]$

Typing on the keyboard produces no output though.  The keyboard works in
other computers.  I tried changing the virt_type from PVM to HVM with no
change in results.

All constructive ideas welcome.


Thanks.

EQ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAKUdvAhRZnESRiLvRCR_qz6iYDZRr3OfMazqUkDOVGKBLaBp4g%40mail.gmail.com.

Re: [qubes-users] best and less expensive Lenovo think pad

[Steve Coleman]

On 8/13/19 6:28 AM, 799 wrote:

Hello

<27casanov...@gmail.com > schrieb am Di., 



https://github.com/one7two99/my-qubes/blob/master/docs/coreboot/README.md

Let me know if you need any help.


I do have a few questions for anyone experienced with the x230

Q1: Does the ThinkPad x230 have a separate USB controller available for 
use as a sys-usb?


Q2: Also, how would a docking station work with this setup, given that 
the keyboard would likely be connected via some internal docking station 
USB interface?


The PrivacyBeast info claims there is both USB3 and USB2 connector but 
it does not specifically mention any sys-usb capability, nor does the 
Qubes certified hardware announcement. The Lenovo documentation does not 
give any level of detail with respect to Qubes, obviously. When pricing 
out a new x230 with the needed memory/SSD upgrades, it isn't too much 
cheaper that PB, but rolling my own I would at least get more room for 
hosting VM's. But then I would still be stuck with the Intel ME problem. 
I would think that moving the pre-installed PB OS configuration to a new 
SSD could be problematic, given its claimed bios/heads and 
per-partitioned disk configuration, and so I might as well just start 
with a clean slate and roll my own with coreboot, if I were to proceed 
down this path.


Having a laptop at home with Qubes would certainly be nice, but if so, I 
hope to be able to run some third party software that requires direct 
control of some CNC/gcode hardware via a USB serial interface, plus a 
USB camera for layout and coordinate registration. I'm not sure if this 
is possible, but I am thinking it might be if the USB controller can be 
assigned to that particular VM. Right now I am stuck with Windows, which 
I would be happy to trade in for Qubes if it can work. Either way just 
having a mobile machine as a backup in case my home office machine goes 
down would be great.


thanks,

Steve.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/89767608-2b27-2218-7d3f-5f64f21c5ec0%40jhuapl.edu.

Re: [qubes-users] best and less expensive Lenovo think pad

[799]

Hello Steve,

Steve Coleman  schrieb am Di., 13. Aug. 2019,
20:07:

>
> I do have a few questions for anyone experienced with the x230
>
> Q1: Does the ThinkPad x230 have a separate USB controller available for
> use as a sys-usb?
>

I have documented the Layout of the USB controllers here:

https://github.com/one7two99/my-qubes/blob/master/docs/qubes-x230.md

It shows which USB Controllers connects to which external USB Port and
which internal USB Devices like Camera / Bluetooth / LTE-Card belongs to
which USB Controller.

Depending on which USB Controller you attach to a VM, you pass along all
attached internal USB Devices.
Therefore I am a using a sys-usb Qube ;-)

Regarding the other questions, I'll try to answer this later.

799

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2uHZsdFaytm7X%3DHu1zo-E5Ap8a_k9KewcOexRWkERK_Tg%40mail.gmail.com.

Re: [qubes-users] Disk usage warning

[Chris Laprise]

On 8/13/19 5:19 AM, Brendan Hoar wrote:
On Tue, Aug 13, 2019 at 4:52 AM Franz <169...@gmail.com 
> wrote:


@brendan, @Chris Many thanks

Also: dom0 VM usage as well as all combined domU VMs usage is
allocated from the same shared thinpool pool00 in a default setup.


Now I understand.  Considering that Qubes-settings on Qubes Manager
allows to set the System storage max size for each VM, I imagined
that the alerts where connected to that, that is to a problem of a
single VM. But now I understand that the alerts are connected to a
general pool hosting all VMs. So it is not a problem of a single VM,
rather of the pool.

This way it is much simpler.  Qubes disk space monitor shows that
71% of the space is already used, and when I do and verify a backup
it uses much more space to extract the backup, so this is the reason
of the alerts.

Many thanks brothers


Ok, that makes sense.

However now I am concerned that qubes backup verification can easily 
lead to a pool full situation, which can be a fatal condition* for the 
pool and the qubes install.


:(

B

* for typical users to resolve


Indeed. There is an old issue with qubes-backup that asks for leaner 
operation.


Wyng backup (name changed from 'sparsebak') treats volume data like a 
stream, so no extra copies are stored... using it avoids the problem in 
addition to other large reductions in time/resource use.


--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2d909a77-4e21-6e0f-6b0f-459281ca3144%40posteo.net.

[qubes-users] Got new hardware coming

[Stuart Perkins]

I have commissioned the creation of a coreboot Lenovo W520.

It is already running Qubes 4.x, but I will likely do a reinstall just for the 
experience and to put it together with my GUI of choice etc...

I will have a 240+GB SSD for the main OS and certain VM's.

I will move my 2TB hdd over and set it up for the data areas which are just 
plain too big for the SSD, much like I have my current setup.

It has the Nvidia graphics which loses the ability to run the VGA port without 
a blob I don't want to include in it, so external monitors will have to be USB 
driven.

It will be equipped with 16GB of RAM as well initially, then I will up it to 24 
in order to save 8 for this machine, which I will commission as a backup server 
for my home network (not running qubes, but it is is still core booted...and I 
will be running Debian with VirtualBox VM's for various things...like I did 
before Qubes and like I do now of my current home "server".

I will finally get off of Qubes 3.2...  ;)

I have not been actually reading the 4.0 messages here, but I have been 
downloading them and will read through them for any issues I have before 
bugging folks here...other than an up front question:

Is there any known issues with a corebooted W520 and Qubes 4.x?

Stuart


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20190813184241.4435992e%40gmail.com.

[qubes-users] Re: Are used laptops safe to use?

[qtpie]

'awokd' via qubes-users:
> ljul8...@gmail.com:
>> Hello everyone, does anybody know if used laptops are safe to use for Qubes 
>> or not since they might have malware (that could take over dom0) in them 
>> already?
>>
> Format the hard drive and you'll wipe most third party malware. The odds
> of you finding a used laptop with one of the exceptions that survives a
> format is slim. There is also a chance a new laptop could come
> compromised. Up to you to determine what is "safe" for you.
> 

Common malware: no difference between new and used. There are regular
reports about malware-like software on newly bought laptops, installed
by the manufacturer. So you should always wipe the harddrive regardless
of whether the laptop is new or used.

Targeted attack by an adversary who intercepts the laptop before you buy
it: at least one security oriented manufacturer now offers a proces that
supposedly mitigates this, so this would supposedly be safer. But their
products are expensive and not avalaible everywhere.

If you need an affordable qubes-capable laptop a refurbished Dell
Latitude Lenovo thinkpad or similar 'bussiness' laptop is a good option.
Look on a secondhand site for refurbished + model number and you will
find them offered by bulk buying companies.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/qippn3%2411kv%241%40blaine.gmane.org.

Re: [qubes-users] best and less expensive Lenovo think pad

[27casanova27]

Im paranoid. And dont cut corners on this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f54bc245-f98a-4a5d-8744-b744960b0ee9%40googlegroups.com.

Re: [qubes-users] best and less expensive Lenovo think pad

[27casanova27]

Im paranoid. And dont like to cut corners on this :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3823742b-dbf7-4c83-b78d-196c3908384e%40googlegroups.com.

Re: [qubes-users] Disk usage warning

[Franz]

@brendan, @Chris Many thanks


> Also: dom0 VM usage as well as all combined domU VMs usage is allocated
> from the same shared thinpool pool00 in a default setup.
>

Now I understand.  Considering that Qubes-settings on Qubes Manager allows
to set the System storage max size for each VM, I imagined that the alerts
where connected to that, that is to a problem of a single VM. But now I
understand that the alerts are connected to a general pool hosting all VMs.
So it is not a problem of a single VM, rather of the pool.

This way it is much simpler.  Qubes disk space monitor shows that 71% of
the space is already used, and when I do and verify a backup it uses much
more space to extract the backup, so this is the reason of the alerts.

Many thanks brothers

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAS8KXgqau9gjt2Z_jg1WM3xsTqXpiRFFWKbhhuZoh%3D%3DA%40mail.gmail.com.

Re: [qubes-users] best and less expensive Lenovo think pad

[27casanova27]

I geting the X230. Thanks for the advice (a time saver). And the info on core 
boot as well! 

A advantage with this modele aside from being portable. Is that a regular big 
SSD drive fits ib there. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c9e2a12-3d3e-416e-a30c-2032ed69bfef%40googlegroups.com.

Re: [qubes-users] best and less expensive Lenovo think pad

[27casanova27]

https://github.com/one7two99/my-qubes/blob/master/docs/coreboot/howto-coreboot_copy.md

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e8efba71-3fc6-495d-87fc-2b546e84a4f3%40googlegroups.com.

Re: [qubes-users] best and less expensive Lenovo think pad

[27casanova27]

799 text on core boot 

https://github.com/one7two99/my-qubes/blob/master/docs/coreboot/howto-coreboot_copy.md

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fe7236a7-a7f9-4792-932e-e533ac3e3032%40googlegroups.com.

Re: [qubes-users] Disk usage warning

[Brendan Hoar]

On Tue, Aug 13, 2019 at 4:52 AM Franz <169...@gmail.com> wrote:

> @brendan, @Chris Many thanks
>
>
>> Also: dom0 VM usage as well as all combined domU VMs usage is allocated
>> from the same shared thinpool pool00 in a default setup.
>>
>
> Now I understand.  Considering that Qubes-settings on Qubes Manager allows
> to set the System storage max size for each VM, I imagined that the alerts
> where connected to that, that is to a problem of a single VM. But now I
> understand that the alerts are connected to a general pool hosting all VMs.
> So it is not a problem of a single VM, rather of the pool.
>
> This way it is much simpler.  Qubes disk space monitor shows that 71% of
> the space is already used, and when I do and verify a backup it uses much
> more space to extract the backup, so this is the reason of the alerts.
>
> Many thanks brothers
>

Ok, that makes sense.

However now I am concerned that qubes backup verification can easily lead
to a pool full situation, which can be a fatal condition* for the pool and
the qubes install.

:(

B

* for typical users to resolve

>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAOajFeeOAUhCvkR7FqhJOUOND9rh8364njHp%2BxqSYjU4O%3DQCcg%40mail.gmail.com.

Re: [qubes-users] best and less expensive Lenovo think pad

[799]

Hello

<27casanov...@gmail.com> schrieb am Di., 13. Aug. 2019, 10:53:

>
> https://github.com/one7two99/my-qubes/blob/master/docs/coreboot/howto-coreboot_copy.md


Wrong link, I cleaned up the docs a few days ago, the correct link is now:

https://github.com/one7two99/my-qubes/blob/master/docs/coreboot/README.md

Let me know if you need any help.

799






>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2sbkJ16QyhXAsoC8Eg-Mg9S6jhAfXwULiPtu%2B3gT3qhjQ%40mail.gmail.com.