Re: [qubes-users] How to safely use Wireshark in Qubes?

On 02/14/2017 09:41 PM, raahe...@gmail.com wrote: isn't tcpdump just as vulnerable though if not more? I run things like that in sys-net since i consider it extremely untrusted, but if you have the resources or want only specific streams, sure a separate template or seperate vm i would

Re: [qubes-users] AEM questions

On 02/14/2017 05:50 PM, j...@vfemail.net wrote: hi. since i will be traveling for a bit, my threadmodell changed and i want aem. when reading the documentation, a few questions came up: (in any case, i will use a passphrase for aem.) 1) is there a difference between using an usb drive or

Re: [qubes-users] What? Can I access a windows USB drive?

On 02/07/2017 03:54 PM, elsiebuck...@gmail.com wrote: What? Can I access a windows USB drive? I really didn't want to add a windows vm, just wanted to get some of my stuff off from it. I found how to "add block devices", but after that I'm guessing it won't read windows file system... I'm

Re: [qubes-users] I have a bank vm, how do you restrict

On 02/07/2017 04:47 AM, Oleg Artemiev wrote: On Tue, Feb 7, 2017 at 11:57 AM, '0xDEADBEEF00' via qubes-users wrote: I have a bank vm, how do you restrict the browser from being able to go else where? Do you add the iprules in the vm or do you create a proxyvm and

Re: [qubes-users] Can somebody explain me how install flux on Qubes OS 3.2 in a fedora Template ?

On 02/04/2017 08:08 AM, codeur4l...@gmail.com wrote: Le vendredi 3 février 2017 19:08:54 UTC+1, Chris Laprise a écrit : On 02/03/2017 05:52 AM, codeur4l...@gmail.com wrote: Can somebody explain me the procédure for installing f.lux or fluxgui on Qubes OS 3.2 in a fedora Template ? You could

Re: [qubes-users] Monitor won't wake up after temporary hdmi switchover

On 02/03/2017 12:57 PM, Patrick Bouldin wrote: Just would like to add to my last post that I found some code related to the bugzilla, here: https://bugzilla.xfce.org/attachment.cgi?id=6590 So would I somehow install that and how? Or, download a tar file and install (and how?) Thanks,

Re: [qubes-users] Long boot time for "Initialize and mount /rw and /home" unit

On 02/03/2017 10:30 AM, Alex wrote: On 02/01/2017 04:09 AM, Chris Laprise wrote: On 01/31/2017 03:55 PM, Alex wrote: What I don't understand is... is this thing really comparing ~50GiB of disk on every boot with a stream of 50 billion zeros just to see if a filesystem exists? It's weird

Re: [qubes-users] Advantage of connecting through a mobile router in public?

On 02/01/2017 02:59 PM, Franz wrote: On Wed, Feb 1, 2017 at 2:34 PM, Chris Laprise <tas...@openmailbox.org <mailto:tas...@openmailbox.org>> wrote: On 02/01/2017 01:16 AM, Franz wrote: On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise <tas...@openmailbox.

Re: [qubes-users] Number of cores and other CPU characteristics

On 02/02/2017 04:50 AM, Vít Šesták wrote: Choosing the right CPU is about choosing the right tradeoff. The tradeoff is not only between price, power consumption and performance. We can also balance single-core performance to multi-core performance, or we might want some enhancements for some

Re: [qubes-users] Devilspie2 integration

On 02/02/2017 09:09 AM, Hack wrote: Hi, Could it be possible to provide Qubes OS with Devilspie2 at first install? Like this, we could have, by default? some virtual desktops attributed to some task. For example: * Desktop 1 = administration tasks (sys-firewall, sys-net, etc…) *

Re: [qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

On 02/01/2017 08:06 AM, Connor Page wrote: relying on the main routing table that can be messed up. This point tends to be overstated. I haven't seen an example of the blocking commands in the routing table getting "messed up". The commands get refreshed each and every time qubes-firewall

Re: [qubes-users] Advantage of connecting through a mobile router in public?

On 02/01/2017 01:16 AM, Franz wrote: On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise <tas...@openmailbox.org <mailto:tas...@openmailbox.org>> wrote: On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote: I keep reading examples where people are using something like mo

Re: [qubes-users] disk utility in dom0

On 01/31/2017 11:25 PM, Ted Brenner wrote: Fortunately I was able to accomplish this using fdisk without having to install anything new. One thing I haven't been able to figure out though, when I attach it to one of my appVMs, I don't know where to find it. This page

Re: [qubes-users] Re: Installation of DNSSEC-Trigger on Qubes ??

On 01/31/2017 10:33 AM, ThierryIT wrote: Nobody ? Le dimanche 29 janvier 2017 09:10:49 UTC+2, ThierryIT a écrit : Hi, I do prefer to ask before doing something wrong on my working Qubes. Where to install DNSSEC-Trigger ? Is 'sys-net' the right answer ? Do you have for Qubes env any

Re: [qubes-users] Spoofing MAC

On 01/27/2017 06:03 AM, pl1...@sigaint.org wrote: Then if I use other internet connections and spoof MAC, they never know my real MAC,right? If you're using Network Manager MAC randomization described in the doc, then yes---it will use a different random address with each "connection"

Re: [qubes-users] Default UpdateVM and Issues while updating VM

On 01/22/2017 12:13 AM, adonis28...@gmail.com wrote: Hi mate, I finally had some time for testing, and still not working, although I got some more info. So I checked and the 01qubes-proxy is in there in the template I'm trying to create for Kali. After that, I checked the sys-firewall VM and

Re: [qubes-users] AEM and TPM no longer working

On 01/21/2017 06:16 AM, Rusty Bird wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 qubenix: All tpm related tools believe tpm in disabled, and the prcs file is always empty with TXT or without. I am 100% sure that the chip is active in BIOS. Any other ideas? Not really, sorry. Maybe

Re: [qubes-users] Default UpdateVM and Issues while updating VM

On 01/19/2017 05:46 PM, Unman wrote: On Thu, Jan 19, 2017 at 10:02:38AM -0800, adonis28...@gmail.com wrote: On Thursday, January 19, 2017 at 12:22:35 PM UTC-5, Chris Laprise wrote: On 01/18/2017 09:32 PM, wrote: Hi guys, I'm having a hard time trying to figure out this. When I installed

Re: [qubes-users] Default UpdateVM and Issues while updating VM

On 01/18/2017 09:32 PM, adonis28...@gmail.com wrote: Hi guys, I'm having a hard time trying to figure out this. When I installed Qubes OS I think I chose Whonix as the default to update VMs, but eventually I ended up changing it after a couple of days and set the UpdateVM to "sys-firewall".

Re: [qubes-users] Salt / qubesctl errors when configuring USB

On 01/15/2017 08:25 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jan 15, 2017 at 08:02:17PM -0500, Chris Laprise wrote: On 01/15/2017 05:02 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jan 15

Re: [qubes-users] Salt / qubesctl errors when configuring USB

On 01/15/2017 05:02 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Jan 15, 2017 at 04:10:49PM -0500, Chris Laprise wrote: The salt failure occurs with any type of VM. This may be due to some aspect of my dom0 configuration that changed, because

Re: [qubes-users] Salt / qubesctl errors when configuring USB

The salt failure occurs with any type of VM. This may be due to some aspect of my dom0 configuration that changed, because when sys-usb was initially setup the qubesctl commands worked. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To

Re: [qubes-users] Re: IPv6 connectivity and qubes proxy VM

On 01/13/2017 04:34 PM, raahe...@gmail.com wrote: On Thursday, January 12, 2017 at 1:30:07 PM UTC-5, daltong defourne wrote: On Thursday, January 12, 2017 at 6:47:00 PM UTC+3, daltong defourne wrote: Hi! I've created a VPN proxyvm (debian-8 based) according to existing documentation (more or

Re: [qubes-users] DVM savefile creation failed

On 01/14/2017 10:13 AM, haaber wrote: Hello, I get the error message in the title when trying to open a DispVM. It is my firt try to play with disposable VMs in and out-of-the-box install. Where do I find log files on that? Thank you,Bernhard You can try manually generating the savefile

[qubes-users] Salt / qubesctl errors when configuring USB

Per my post on Qubes Issues... |$ sudo qubesctl top.enable qvm.f24-clone [ERROR ] An un-handled exception was caught by salt's global exception handler: SaltRenderError: Could not find relpath for qvm.f24-clone.top Traceback (most recent call last): File "/bin/qubesctl", line 91, in

Re: [qubes-users] RFC: adding qubes images to the (qubes) repo

On 12/28/2016 07:39 AM, john.david.r.smith wrote: currently when i have qubes and need a new image (e.g. to reinstall/install on a new machine), i need to download the image from qubes-os.org and then check the signature. this may be a source of errors for some users, or even insecure (mitm +

Re: [qubes-users] Tip: Multimedia buttons under i3

On 12/29/2016 03:57 PM, Jon Solworth wrote: I'm at Chaos Computer Congress, and Qubes has a table. I got some help from them with the multimedia buttons for i3. Specifically, I configured the brightness and sound controls, but not the multimedia player controls because the player is not in

Re: [qubes-users] Fedora 23 EOL December 20; Update Your Templates!

On 12/22/2016 01:11 AM, Andrew David Wong wrote: Thanks. Just reclaimed 125 GB in a three-year-old StandaloneVM. ^_^ For others, the command I used (in the StandaloneVM): $ sudo fstrim -v -a You use big drives. :) The 'discard' option can also be added in /etc/fstab so that root

Re: [qubes-users] Can I speed up the loading of an APP?

On 12/21/2016 03:02 PM, Patrick Bouldin wrote: On Wednesday, December 21, 2016 at 2:03:15 PM UTC-5, Chris Laprise wrote: On 12/20/2016 08:53 PM, Patrick Bouldin wrote: Hi, compared to running a certain app in windows (Anki), installing it in the Fedora template in Qubes means the first time

Re: [qubes-users] Fedora 23 EOL December 20; Update Your Templates!

On 12/19/2016 12:33 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-18 17:27, iamthech...@gmail.com wrote: Is there a guide to update an existing VM to Fedora 24 while preserving it's contents? I upgraded the template per the instructions [1], but can't

Re: [qubes-users] Can I speed up the loading of an APP?

On 12/20/2016 08:53 PM, Patrick Bouldin wrote: Hi, compared to running a certain app in windows (Anki), installing it in the Fedora template in Qubes means the first time to run is very slow to launch. Maybe up to a minute. To install it to the template I just said "sudo yum install anki"

Re: [qubes-users] Re: Screensavers : Qubes Questions!

On 12/20/2016 06:57 PM, Mike Mez wrote: "Search for "VFIO NVIDIA Error 43" on your favorite search engine. Pretty much it just shuts off 3D mode and gives you Error 43 in device manager if it detects some hardware virt features, there is a way around it but I wasted hours until I figured out

Re: [qubes-users] Re: Screensavers : Qubes Questions!

On 12/20/2016 06:57 PM, Mike Mez wrote: This is/immensely/ helpful. To reiterate... to make sure I understand, with "windows problems" easy is easy and impossible is basically impossible (which I can say with experience is fairly on the money of my experience as well). With Linux, the

Re: [qubes-users] Qubes Security Bulletin #28

Regarding the "Alternate Patching Method" using normal apt update: Its possible the template was attacked via updates even before the bug was announced, or sometime between the Debian announcement and now. The "check InRelease" only helps if the attack occurs only during the next update and

Re: [qubes-users] Re: Screensavers : Qubes Questions!

On 12/18/2016 11:49 PM, Andrew David Wong wrote: *2. *You mentioned during the interview that you came to Qubes as a lifelong widows user. I am in the situation when it comes to this as a lifelong windows user. What would you say is the learning curve for using Qubes is? How easy would

Re: [qubes-users] How to search, reinstall or remove qubes-templates installed via rpm?

On 12/19/2016 02:31 PM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-19 07:31, J. Eppler wrote: Hello, 1. How can I search for qubes-templates in dom0 rpm repository? The qubes-dom0-update tool excludes all templates from a search. $ sudo

Re: [qubes-users] Debian 9 installation problem

On 12/19/2016 01:46 PM, pl1...@sigaint.org wrote: Hello In the middle of the installation of the packages with apt-get dist-upgrade, the terminal suddenly disappears and near debian template the "state" become yellow. I reboot it but the "state" remain yellow and when try to open an application,

Re: [qubes-users] Qubes refuses to boot

On 12/18/2016 05:15 PM, iReallyWantQubesToWork wrote: I burned the Qubes ISO to a USB (using Rufus) and completed the installation without any problems, except that Qubes refuses to boot on the installed drive. I installed it onto my external HDD and have also installed it onto a 32 GB USB,

Re: [qubes-users] OpenVPN and debian-8

On 12/17/2016 01:27 PM, johnyju...@sigaint.org wrote: I've finished my conversion of all VM's to debian-8 (and isolating USB, the sound card, etc.). (Next is dom0, and maybe the replacing the hypervisor, but that's another story. :) ) The last hiccup was getting OpenVPN working in debian-8

Re: [qubes-users] Re: debian-9 sys-net, random MAC buggy

On 12/16/2016 12:21 PM, qubenix wrote: Ah, that was my mistake/commit. I apologize, I did not see this documented before. Thank you for helping me to realize this confusing situation. The worst part, really, is that the only place in the man pages where random vs. stable is documented is in

Re: [qubes-users] Re: debian-9 sys-net, random MAC buggy

On 12/15/2016 01:58 PM, Reg Tiangha wrote: On 12/15/2016 11:50 AM, qubenix wrote: I've used the docs[1] to randomize my MAC on sys-net with debian-9 as it's template. At first everything was working normal, but I've noticed now that my MAC is only randomized until I connect to a network. At

[qubes-users] Debian 9 updates to x11 makes template unusable

New updates to x11 in Debian 9 have made otherwise well-running template unable to boot properly. The status dot stays yellow and sys-net NM icon doesn't appear, so this appears to affect the GUI daemon. I had to revert it to get stuff done, so I'll post details later. Chris -- You received

Re: [qubes-users] Re: Question to Mirage OS firewall users

On 12/10/2016 12:36 PM, rtian...@gmail.com wrote: On Saturday, December 10, 2016 at 6:03:17 AM UTC-7, jkitt wrote: What's it like to update - is it relatively simple? Would you say it's more secure than Debian or Fedora? It's easy. Shut down your Mirage OS Firewall VMs, copy over the new

Re: [qubes-users] FYI: Experimental Qubes coldkernel support now available

On 12/10/2016 03:36 PM, Reg Tiangha wrote: I haven't tried it myself yet, but it looks like the coldkernel crew pushed out experimental support for Debian templates to one of their test branches yesterday: https://github.com/coldhakca/coldkernel/tree/0.9a Has anyone out there tried it yet?

Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal

On 12/09/2016 05:56 PM, Eva Star wrote: On 12/07/2016 07:48 AM, Andrew David Wong wrote: FWIW, `systemctl restart qubes-firewall` fixed it for me last time. Today one my VM losses network 2 times. Every time I tried `systemctl restart qubes-firewall` and it not fix the issue. It's looks like

Re: [qubes-users] Installing on macOS Macbook

On 12/09/2016 12:11 AM, Jean-Philippe Ouellet wrote: On Thu, Dec 8, 2016 at 6:37 AM, Andrew David Wong wrote: Qubes isn't supported on VirtualBox or on Macbooks This is the first I've heard of MacBooks being "not supported". I know at least one person personally who is

Re: [qubes-users] How do I get Qubes 4.0 pre-release/dev build?

On 12/01/2016 09:19 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Dec 01, 2016 at 02:06:16PM +, C. L. Martinez wrote: On Thu 1.Dec'16 at 14:50:59 +0100, Marek Marczykowski-Górecki wrote: On Thu, Dec 01, 2016 at 04:26:38PM +0300, Eva Star

Re: [qubes-users] Broken dependencies in plasma desktop dom0 - qubes 3.2

On 12/08/2016 10:15 AM, Adrian Rocha wrote: Hi, I updated dom0. I see that there is updated the plasma desktop, but the update process reports many packages with broken dependencies: I'm having a similar problem, despite dom0 dnf saying that qt5-qtbase-5.6.1-3 is installed: Last metadata

Re: [qubes-users] What is the best way to use i2p in Qubes? Wouldntit be great if we had native i2p support?

On 12/08/2016 07:55 AM, 5g0zhi+3ukwtmyaqkdinfnkhq8q589xl3kkxqmyv3sq4li...@guerrillamail.com wrote: I think it would be best to set up i2p in a place like /rw/config or /home, in either a proxyVM or appVM (not a netVM). Otherwise, you could consider using a Tails HVM which would have it

Re: [qubes-users] What is the best way to use i2p in Qubes? Wouldn't it be great if we had native i2p support?

On 12/08/2016 04:14 AM, 5fxfc1+2ch7pcmy34te01rpv5qj0zj3h115fu90fwr3h7yl5u via qubes-users wrote: Hi everyone! I wanted to ask: What is the best way to use i2p in Qubes? Should I setup a NetVM or install i2p in a TemplateVM? Also since Java is not the most secure environment, I'm planning on

Re: [qubes-users] Re: Creating an OpenWrt netvm

On 12/06/2016 07:58 PM, jonathanri...@gmail.com wrote: Hi, I'd just like an update on this, as I am looking to do the same. OpenWRT seems the best for NetVM as it has all that I could think of. Also multiple instances for VPNs should not use too much ram. So if you got it running, could you post

Re: [qubes-users] Qubes VM snapshots using git / SVN

On 12/05/2016 09:06 PM, Patrick Schleizer wrote: Why I used git: * I found it simpler and quicker to type to manage the whole /var/lib/qubes/vm-templates/vm-name including all files using git rather than manually that folder. Using LVM or Btrfs snapshots would accomplish this far more quickly

Re: [qubes-users] AEM boot doesn't load serviceVM's since Xen 4.6.3

On 12/04/2016 10:49 AM, Lorenzo Lamas wrote: Since upgrading to Xen 4.6.3-21 from Xen 4.6.1-20, booting with AEM fails to start serviceVM's(netVM, usbVM, firewallVM). When the boot process finally completes, trying to manually launch the VMs through VM Manager doesn't work either. When I

Re: [qubes-users] Yubikeys in Qubes

What is an acceptable / secure way to obtain a Yubikey fob? Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To

Re: [qubes-users] TemplateVM Best-Practices?

On 12/01/2016 03:48 AM, Zrubi wrote: On 11/30/2016 02:59 PM, Loren Rogers wrote: Hi all, Are there any recommended strategies for creating and managing TemplateVMs for regular users? I'm having those templates: netVMs, Proxym Firewall, VPN: fedora minimal based regular AppVMs: Fedora,

Re: [qubes-users] Re: TemplateVM Best-Practices?

On 11/30/2016 07:02 PM, Loren Rogers wrote: On 11/30/2016 09:14 AM, Daniel Moerner wrote: On Wednesday, November 30, 2016 at 8:59:58 AM UTC-5, Loren Rogers wrote: Hi all, Are there any recommended strategies for creating and managing TemplateVMs for regular users? Speaking personally, I use

Re: [qubes-users] PAM errors after disabling password-less root

Would it have anything to do with upgrading to kernel 4.8 (both dom0 and domU)? Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] PAM errors after disabling password-less root

On 11/30/2016 03:55 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 30, 2016 at 02:44:17PM -0500, Chris Laprise wrote: On 11/28/2016 05:27 PM, Patrick Schleizer wrote: Probably related issues: - https://github.com/QubesOS/qubes-doc/pull/176

Re: [qubes-users] PAM errors after disabling password-less root

On 11/28/2016 05:27 PM, Patrick Schleizer wrote: Probably related issues: - https://github.com/QubesOS/qubes-doc/pull/176 - https://github.com/QubesOS/qubes-doc/pull/228 Which lead to some changes to https://www.qubes-os.org/doc/vm-sudo/ [which was reported to work now] (and the qubes-whonix

Re: [qubes-users] ANN: Split Browser (disposable Tor Browser, persistent bookmarks/logins)

On 11/30/2016 12:12 PM, Rusty Bird wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 "Everyone loves the Whonix approach of running Tor Browser and the tor daemon in two separate Qubes VMs, e.g. anon-whonix and sys-whonix. Let's take it a step further and run Tor Browser (or other

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

On 11/30/2016 02:09 AM, Swâmi Petaramesh wrote: Hello, I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP ProBook 6470b. Anti-evil-maid is installed to HD /boot per instructions, TPM is protected by a password, and I use a "secret" image instead of text. So far

Re: [qubes-users] 2/3 of VMs randomly lose network access; sys-net, sys-firewall, and others normal

On 11/26/2016 12:42 PM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 A strange networking problem just started in the past day or so: Every few hours, around 2/3 of my VMs will suddenly lose network access. I can still ping websites from sys-net and sys-firewall,

Re: [qubes-users] Qubes Security Bulletin #27

On 11/22/2016 07:44 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Qubes users, We have just released a new Qubes Security Bulletin (QSB #27): https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qsb-027-2016.txt - -- Updates not visible

Re: [qubes-users] Re: Is Qubes for the Asus X205ta ?

On 11/21/2016 03:51 PM, Eric Shelton wrote: Third, it looks like there are problems getting Linux running on these, which does not bode well for getting Qubes to boot: https://wiki.debian.org/InstallingDebianOn/Asus/X205TA You are going to run into these types of issues with these inexpensive

Re: [qubes-users] HCL - Lenovo X230

On 11/19/2016 06:15 PM, Aaron Jefferson wrote: Hadn't turned it on. On Sat, Nov 19, 2016 at 6:08 PM, Aaron Jefferson <ajefferson1...@gmail.com <mailto:ajefferson1...@gmail.com>> wrote: Thanks, I'll check it out. On Sat, Nov 19, 2016, 18:06 Chris Laprise <tas...@

Re: [qubes-users] HCL - Lenovo X230

On 11/19/2016 02:02 PM, Aaron Jefferson wrote: First boot wlan didn't work, second boot worked fine. Most X230s with that CPU have Vt-d capability, but the report says 'no'. You may want to check your BIOS to make sure its switched on. This affects the security and operation of wlan,

Re: [qubes-users] PAM errors after disabling password-less root

On 11/18/2016 02:03 AM, entr0py wrote: Andrew: I think not without modifying the Qubes RPC code itself, which is probably a non-starter. Anyway you would be relying on untrusted self-reported information in the trusted Dom0 prompt, so maybe not a good idea. If you just want to investigate,

Re: [qubes-users] isolated workflows - image converter - trusted jpg

What is the command to do the trusted image conversion? Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post

Re: [qubes-users] Incremental / continuous backups?

On 11/16/2016 03:27 PM, Jean-Philippe Ouellet wrote: This is a known problem area. See discussions in: - https://github.com/QubesOS/qubes-issues/issues/971 - https://github.com/QubesOS/qubes-issues/issues/858 I think the easiest, most efficient route currently available is to have your VMs

Re: [qubes-users] PAM errors after disabling password-less root

On 11/16/2016 01:26 PM, Andrew wrote: 3n7r0...@gmail.com: On Wednesday, November 16, 2016 at 1:22:43 PM UTC, Chris Laprise wrote: On 11/15/2016 04:04 PM, Unman wrote: On Tue, Nov 15, 2016 at 02:26:12PM -0500, Chris Laprise wrote: On 11/15/2016 07:20 AM, Unman wrote: On Tue, Nov 15, 2016

Re: [qubes-users] PAM errors after disabling password-less root

On 11/15/2016 04:04 PM, Unman wrote: On Tue, Nov 15, 2016 at 02:26:12PM -0500, Chris Laprise wrote: On 11/15/2016 07:20 AM, Unman wrote: On Tue, Nov 15, 2016 at 11:55:13AM +, Unman wrote: On Tue, Nov 15, 2016 at 05:53:56AM -0500, Chris Laprise wrote: Following the instructions

[qubes-users] PAM errors after disabling password-less root

Following the instructions for the 'vm-sudo' doc, I get the following error in Debian 9: /usr/lib/qubes/qrexec-client-vm failed: exit code 1 sudo: PAM authentication error: System error Also, in the Debian 8 template the instructions don't match, as there appears to be no file

Re: [qubes-users] Re: mounting a disk image or volume in app-vm, fast backups

On 11/14/2016 05:20 PM, pixel fairy wrote: On Monday, November 14, 2016 at 5:09:41 PM UTC-5, Chris Laprise wrote: Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0 pool) could enable the advantages being sought here. Using either snapshots or reflinks, you can create

Re: [qubes-users] Re: mounting a disk image or volume in app-vm, fast backups

Using btrfs as the dom0 filesystem (or a btrfs volume added to a dom0 pool) could enable the advantages being sought here. Using either snapshots or reflinks, you can create an offline copy of the VM's private.img, and then attach that to the backup vm. This eliminates the first rsync step.

Re: [qubes-users] One step foerward, two steps back on Macbook 11,1 - can't boot into Qubes

On 11/14/2016 04:47 PM, dumbcyber wrote: >From the beginning I have to ask for forgiveness - I am new to Qubes and have no knowledge of changing boot managers beyond trial and error. My hardware is a Macbook 11,1. In fact I don't have any other machines at home. I want to create a bootable

Re: [qubes-users] Re: Intel TXT advice

On 11/13/2016 08:36 PM, Eric wrote: On Sunday, November 13, 2016 at 5:01:59 PM UTC-8, entr0py wrote: Eric: Just bought a laptop with a Skylake processor for running Qubes, and from looking around on Intel's website it appears that no Skylake Core-branded processors support Intel TXT. Any

Re: [qubes-users] Re: Installing VPN in Qubes Versus VPN on a Router

On 11/13/2016 04:38 AM, Sec Tester wrote: I guess the main benefit to having VPN on router is it takes that overhead off the PCs CPU & memory. But the paper is right, a lot of network hardware is backdoored. Especially the cisco stuff. And im suspicious of the Chinese stuff too. We should

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

On 11/12/2016 05:47 PM, hed...@tutanota.com wrote: I guess the question still stands: is the latest version materially superior to the March 2015 version? (And enough to want to re-create over a dozen proxyVMs?) Yes, the VPN doc method is better in the sense that it separates packets

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

On 11/12/2016 07:48 PM, Sec Tester wrote: Hi Marek, On Sunday, 13 November 2016 03:33:50 UTC+10, Marek Marczykowski-Górecki wrote: They have basically said, Elite hackers can gain root, so lets just not even bother with this foundational layer of security. The point is _if_ someone is able

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

On 11/11/2016 10:21 PM, Sec Tester wrote: So Im still new to Qubes, but after going through a bit of a learning curve, building & customizing VM's to suit my security needs, I have a few thoughts on its security. Firstly I really love the direction Qubes has taken the future of operating

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

On 11/12/2016 06:26 AM, David Hobach wrote: > I would also advise users *not* to > rely on firewall settings in Qubes Manager/VM Settings as the options > are too limited to stop compromised VMs that are supposed to be confined > to the VPN tunnel from leaking data to clearnet (e.g. a hostile

Re: [qubes-users] Re: Are Qubes/Xen vulnerable to new DRAMA attack?

On 11/11/2016 10:37 PM, Sec Tester wrote: Perhaps another reason why VM's shouldn't have default root access? "taskset 0x2 sudo ./measure -p 0.7 -s 16." This really needs root to work?! This could be important... these rowhammer vulns have become BAD. Chris -- You received this message

Re: [qubes-users] Display Calibration

On 11/10/2016 06:51 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 09, 2016 at 02:08:46PM +0100, Zrubi wrote: Applying the color profile is half of the job, next part is to provide the same profile for AppVMs. Here I'm stuck a bit because I

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

On 11/11/2016 01:24 PM, David Hobach wrote: On 11/10/2016 10:07 PM, Chris Laprise wrote: > On 11/10/2016 01:28 PM, David Hobach wrote: >> I'd recommend to avoid any tools employing iptables which were not >> written explicitly for Qubes as well. > > This. Or at least d

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

On 11/11/2016 07:20 AM, Sec Tester wrote: I have successfully applied the setup and scripting in https://www.qubes-os.org/doc/vpn/ No more DNS leaks. This means i can atleast use my vpn, until i find a way to make things work with the AirVPN GUI. A tip for stopping DNS leaks with the GUI:

Re: [qubes-users] Re: Are Qubes/Xen vulnerable to new DRAMA attack?

On 11/10/2016 12:50 PM, Chris Laprise wrote: On 11/10/2016 12:41 PM, raahe...@gmail.com wrote: On Thursday, November 10, 2016 at 12:38:58 PM UTC-5, raah...@gmail.com wrote: On Thursday, November 10, 2016 at 6:28:33 AM UTC-5, Eva Star wrote: Subj https://github.com/IAIK/drama All systems

Re: [qubes-users] Converting Win7 StandaloneHVM to TemplateHVM

On 11/10/2016 08:40 AM, John R. Shannon wrote: Is it possible to convert a Windows StandaloneHVM to a TemplateHVM without re-installing Windows? I think so. To start the conversion, I would try uninstalling Qubes Tools from the standalone first. Then create an empty template HVM and copy

Re: [qubes-users] Re: Leak Problems with VPN ProxyVM + AirVPN & Network lock

On 11/09/2016 08:46 AM, SEC Tester wrote: I've considered leaving network lock off, and building my own custom IP Tables, or firewall rules to stop the leaks. But this is currently beyond my skill set, so would need some hand holding to learn what to do. I have looked at the section here on

Re: [qubes-users] Re: Screen recorder for Qubes..?

On 11/07/2016 07:32 PM, Jean-Philippe Ouellet wrote: On Mon, Nov 7, 2016 at 2:29 PM, Chris Laprise <tas...@openmailbox.org> wrote: The framebuffer is being handled by the trusted dom0 graphics stack, so is actually a trusted input. Perhaps we have run into trusted != trustworthy termi

Re: [qubes-users] Re: Android-x86 on Qubes

On 11/07/2016 04:02 PM, 3n7r0...@gmail.com wrote: On Monday, November 7, 2016 at 8:57:16 PM UTC, 3n7r...@gmail.com wrote: Using stock android-x86_64-6.0-r1.iso from android-x86.org (cm not tested) Issues: 1. no boot 2. mouse support 3. wake from sleep 4. private storage 5. secure clipboard 1.

Re: [qubes-users] Re: Screen recorder for Qubes..?

On 11/07/2016 02:11 PM, Jean-Philippe Ouellet wrote: On Mon, Nov 7, 2016 at 2:02 PM, Grzesiek Chodzicki wrote: In order to capture the whole screen such tool would need to run in dom0 which is really, really not a good idea. I think it is important to understand

Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!

On 11/02/2016 01:38 PM, mara.kuens...@gmail.com wrote: And that's why you can use many appVMs in the first place. You share the But that is not the point. First of all, unless your life depends on it, it will be very unlikely that you are actually paying enough attention to where you use

Re: [qubes-users] How to rotate VPNs?

On 10/28/2016 11:09 PM, Gaiko Kyofusho wrote: Is it possible to set up a VpnVM to automatically/randomly switch between vpn servers? At the moment I have to manually replace openvpn-client.opvn file with another file (with other server info) every time I want to change, would be great if I

Re: [qubes-users] How to destroy files without leaving any traces ?

On 10/26/2016 12:46 PM, maritnez wrote: you have a file that contains sensitive banking data and would like to delete it without leaving any traces on your system. you can 'move it to trash' which moves it to the trash you can then press the delete button in your trash container but is this

Re: [qubes-users] Update to xen-4.6.3 doesn't appear in /boot

On 10/25/2016 03:07 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Oct 25, 2016 at 02:27:23PM -0400, Chris Laprise wrote: I'm trying to install the xen-4.6.3 package from current-testing, but there is no xen*.gz added to /boot. This file is part

[qubes-users] Update to xen-4.6.3 doesn't appear in /boot

I'm trying to install the xen-4.6.3 package from current-testing, but there is no xen*.gz added to /boot. How can I get this installed properly to test on my system? Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

Re: [qubes-users] swappiness, caches

On 10/19/2016 11:54 AM, johnyju...@sigaint.org wrote: It always seemed a bit "off" to me that there should be any swap usage or significant buffers/caches inside VM's. dom0 already caches the virtual .img files, so having the kernel inside each VM also buffering/caching files and metadata is

Re: [qubes-users] Anonymize MAC address

On 10/18/2016 04:26 AM, pl1...@sigaint.org wrote: On 10/16/2016 02:02 PM, pl1...@sigaint.org wrote: On 10/15/2016 08:59 AM, pl1...@sigaint.org wrote: Anyone? Instructions for MAC anonymization have just been updated: https://www.qubes-os.org/doc/anonymizing-your-mac-address/ Chris Ok, is

Re: [qubes-users] Re: Unable to uptade templates affer forced all traffic trhough VPN

On 10/16/2016 08:50 AM, 4lpt9o+3m11o9qubb38o via qubes-users wrote: You don't need to manually add the iptables rules. When enable the 'qubes-yum-proxy' on the VPNVM the rule to iptables is automatically added: Chain PR-QBS-SERVICES (1 references) pkts bytes target prot opt in out

Re: [qubes-users] Anonymize MAC address

On 10/16/2016 02:02 PM, pl1...@sigaint.org wrote: On 10/15/2016 08:59 AM, pl1...@sigaint.org wrote: Anyone? Instructions for MAC anonymization have just been updated: https://www.qubes-os.org/doc/anonymizing-your-mac-address/ Chris Ok, is recommend to use debian as sys-net My question is

<    5   6   7   8   9   10   11   12   >