Re: [qubes-users] 3.2 RC2: Network Manager notification on system resume from suspend won't go away
Correct on both counts, yes. Just a minor glitch/very slight annoyance. On Aug 13, 2016 1:35 AM, "Andrew David Wong" wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-12 08:07, arthur.summ...@gmail.com wrote: > > This is not a huge "bug" but just a superficial flaw. After I suspend my > > system, upon resume, I get a notification from Network Manager that the > > network connection has been disconnected. This notification won't go away > > unless I click to close it. There is a bug that was reported back in 2011 > > that seems to precisely describe the behavior that I'm experiencing, but > > I'm having trouble finding where and how it was patched (related bugs > > indicate that it is Ubuntu-specific, Gnome 3 specific, etc): > > > > https://bugs.launchpad.net/ubuntu/+source/xfce4-notifyd/+bug/835972 > > > > Let me know if you need any further information from me! > > > > Thanks for the report. Just to confirm: The network *does* automatically > reconnect. It's simply the disconnection notification that (incorrectly) > persists. Correct? > > Also, I assume you're using Xfce4. Is that correct? > > Tracking here: > > https://github.com/QubesOS/qubes-issues/issues/2244 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXrr/CAAoJENtN07w5UDAw91sP/0rmx1zSXwfUepeOnwuJxHm4 > 22hKjeE+NJWg7wOe21gEd/nQWHRk6mZAVzgBM/MPgWQ1f9qeLn9zleq27sAWDN7G > HUGDBXmEq0/R64MgwITij76OhutJJxRbEMQId7VRhqeQzFnQWhrmg0VqUqRtLs0v > +zez1eBwEL7xhkMOt8UJ7EnbPEapTZG2xe5oduifK+9zk9j53cPNqDNSkUHmB77S > xuCPAjYeZ9ml4YIj63BU0fT/QqGFX0G/nGZ1uMDWw9WNJWhblz3VB7QHtIS+4CV5 > lX+vUx5B1xp80Xo4L51jb1hwcPtIVSKTHanFq82J5jJgOUJoQB14jU2uIF1z2e0k > n4UR7DiZNC4dvktze7L7IgxdJLhDmPyIfmqUMi0onawY/L6YHPjmi3ACgPGy3Q+y > CCjB64Uf0nlpr5ftK0/rIgshyOliGUo5M2qyVQC6dskKvlxxFUI9K3JxH4T5VQXX > 4tREJbTB1Dt89lyUUrwUAn26u0zq/Hr/sS6ojPK6pR7fliJjoBvABlW+1phPLsyn > ZCEwxg3nN60hSMQxYDPoCJv2zi08gMY7SfIEjBHidFmRP5lDg2ioFOP0/Bvp3BxF > 7TcoTDvDDM6X2fJOJx5ZBFLbTUPWEiOQNTSnlXZdPh2SE10uTw8vocR7KL13QmLJ > 6KhxT0KiUFdv9NiS4I8Z > =8MRR > -END PGP SIGNATURE- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAP0YRgYYbHV4jtKW9OeuPBPtVrbAdHQHgwo6GpgXram0ej3T-A%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2(R2) USB Connecting to DOM0 by Default
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-12 11:27, johnroberts19...@gmail.com wrote: > On Thursday, August 11, 2016 at 8:50:53 PM UTC+2, Andrew David Wong wrote: > On 2016-08-11 05:08, amad...@riseup.net wrote: My understanding is that by default Qubes Dom0 is protected from USB attacks by disallowing access to USB's. To the contrary,on my system, USB's have direct access to Dom0 - I plug in a usb -popup shows it's connected to dom0 - i have direct access via dom0 to the files on the usb. Is it just me? or it it a system failure? > > Pleas read this page: > > https://www.qubes-os.org/doc/usb/ > > Without a USB qube, the USB controllers are left in dom0, which sounds like > your situation. Depending on the version of Qubes you're using and whether > you're using a USB keyboard and/or mouse, you should have been prompted > during installation to create a USB qube. However, you can also create one > yourself by following the instructions on that page. > > > So i use R 3.1 and have a usb mouse and keyboard but nothing about usb > mention while the installation. i wonder the same as the author after i > insert usb stick to my system and it's at dom0. > IIRC, the R3.1 installer will not prompt you to create a USB qube if you're using a USB *keyboard*, since this would risk preventing you from typing anythign in dom0. If you'd like to use your USB keyboard concurrently with a USB qube, please follow these instructions (but carefully read the warning first!): https://www.qubes-os.org/doc/usb/#tocAnchor-1-1-4 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXrsRMAAoJENtN07w5UDAw5JYP+gLk3gHnTZtVVoQKTIbFDZmG BmHL2M6azwSuM0djSAxLwOTHVudhBdlGPwWd1K72ThysSwBPZWLr4bfOGFHuRgEz mVX3gQXfFYmztokK/Y9UCAQhNvs82lRCalzhAswwmj/qLV7dwv59r9wlgX6IZ+JQ zp97hzpVWZHu5z6wwqbaPfbQOGlLylFS9HSQHFWKTl8u7NLGEnSfcKQsYRMnY/x3 qBsm8NlddkukWbTLW55jhOhFD9UnXuLb7j0pKaziOzDg61ootQcRgcj0dRYlCakA 4s8/gT0t3LGkrhfbr2lvG3esJ0T/qyUVddl5GVcws4/uSQ7OwR3eBHNXQO4tMOYc Qkunc0SpbaX+S3bEbIMFttIS3/GsPt3Z2qhUkf4o1aD9iJO+TIrzZj2W5lCBb6UL xgU7TrGoHBVsZUiJi2pQt714Cifc/lkdz3Lgr49PabwGFzFCkgW8j3BK8XoaE29N i7mMSjAwj0ISA+GUpOyhefBROFy3Rph/geV1tdDL0QaHQlwvc5CorHksqkpKOVy+ QperqfKEspkfCQqWYH5S9CdDiNMAL59FVBu1qAgXLf4NsBnY6DwnhIpEqUHDYbdH 6wwQJWQCbiA0rJPgb2YjXfJ0z3ZYFU/4nl/PgVnDuKfmOAWKeoE/SLbhc2jnEtWY nIy/PbwRlU/EPIbwl7zg =BGxk -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d363d56-0108-4929-5572-560497d967d5%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Unable to install R3.1 / media check failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-12 11:24, Gabriele Bini wrote: > Hello, I have exactly the same problem. This is what I did: 1. I downloaded > the Qubes-R3.1-x86_64.iso ISO from the Torrent. 2. I checked the signature > and the hash values in the DIGEST file (I checked just the hash values in a > second PC) and everything was fine. 3. I used dd to copy the ISO in a USB > flash drive (Sony 8Gb) 4. When I booted from the USB I tried the “Verify > and Install” option but, exactly at 4,8% (as for Cory Nelson) the check > failed. There was a message of this type (copied by hand): Failed to start > media check on /dev/sdc See 'systemctl status checkisomd5@-dev-sdc.service' > and 'journal.ctl-xn' for details 5. I couldn't check anything because the > system was halted > > What can I do? Thank you in advance! > Did you use Rufus or Unix dd? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIbBAEBCgAGBQJXrsJsAAoJENtN07w5UDAwvrsP+OhECR1mnbk5xO+b35beNxJV RpuPrSYZ3PSEjwPgvIVJCee6s2MwzUTjQnjVuGx8yLsPC7VdnAwcUceNyySAL9ST HXyJZErgEXkFnR9QK5VNl0RFqHPuiUmTmOPkfpZm7rgE1xVDFQk5E3ZCI60493i6 8yL3xz2eqhG4UfuvN665LDEwqvg7KSRUzbq0fQlrqLVLN8qucUKAijTTa31ea6Rk 8ea+KncQtN8RL6jMFG6guN+lpQnx2klHyU//bbNrjUnFQ/XzPV0N8C6HZbWpAItP RYdCZABDzrtYBgPGg/K0cxWfX4gvOPVA027fb8jJT7WgRVNaqwA0mdq3Vdzk3Xek 0SPMAfGlWGamrlpGqFrx1R7v+qHlYTfedrREgwp8pzP1Ey47Pt/XRt3PZScIwd1t G+vj83+X8Ochk8KDfVY5JrIo4vcK208xOXfkkRcCuZrR8PlGECdLjJFqPqXPr3mr DghrWdO0kTEKYI6slkt6EosG4OeCCKAj3+EbFOz1hPdohZZpGts4nuEpOqquhiIC YmbYhwT/JjefB4/EugdYH0pTBIqkgWXNKs+SMJ/s7Md8vFqhIdZJrh4Gp83DY1nv XKAiWOyBAv6O+Y2oYtzco9IpzB+3Ua+06/gx/UkDdamfZkt2nfJVcOwt1/2mPLKJ s7B1nmIeoCvuab4sHcU= =jY+z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a61a079b-a6d8-6c93-b262-53bff0ef96dc%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.1 - Fedora update check disabled but still check
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-12 11:19, johnroberts19...@gmail.com wrote: > Hello > > i disable all the option auto update options but qubes still pop the > update icon in my qubes vm manager. > > qubes vm manager "System - Global Settings" Disable dom0 and VM updates What is the output of "qubes-set-updates status" (in dom0)? Also, check the "Services" tab of the affected TemplateVMs. There should a service called "qubes-update-check", and its box should *not* have a check mark. > Fedorar 23 Template VM disable firewall rule "Allow connections to Updates > Proxy" > This setting doesn't affect update checks. The update checks are done by AppVMs based on the TemplateVMs. The updates proxy setting just controls whether the TemplateVM itself is able to communicate with remote repos when you actually try to update it. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXrsILAAoJENtN07w5UDAwUBkP/0X9bqL1W7vhKbXSt5KCnoPr KRMJLrJeammSyWpDRy3hdbVTfGv7pEnaAe90Ta89R4u7EH8Af7QdbyrqZY4i7yur BYKTmRF2owkindF8ivhB5yPwDENhZvVkUkYz6FOo4fJqqyI3ct5/Xhog4INSXA/t NFQPpR4MMwdIyeUQ7ZaijGHaBaBx3gvVjZpVvBCxNpJTa/QuFtB5cKM1/GILoLGB 4NmUsBQ0RI+R1cRdrVj7Tdupot5to2F6VnLPhdzMXD4LgOQV7BwsEOLkvqbyWNai mlJpv88egxRpuA8H8lbaoWgopjL2mnSJXIkM6xMNHhXuZN+EVl6Z6LY2brU3oc1H Idjrw/0LubKXA8+QqSaZ+7ja4D8SoFCKRfoJmwf38ki6c9vXWrRmCs+F7DL1DXVD qcA7zchO6FjsHVCxXxW0KRdRNZxgCV4SDRRxFl5OFogu4aovurcFSrdy60IQ4zbN DpWji4g19sFg4ZF3cRW7sYSJX1gst8ggMzkb5/olHC/cYkSGxQ4j/b/tlt6Qyyl3 xwwLzbVoLV7WTzZorDUz4n2FhxUWsqzVmEXwrkqQcaA+S+oTFt7X3WizD3mHm14k 1MBJfZJfRl8/ycGkOT7VE3+2lSmwILPmc4FYxcW9aCxmu0TCG4RqzkakjhoUUL/S AUSmk7pbJ6oG6nODAjUl =JVi6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/29cb9b32-b0b4-0830-ce78-782ec320e775%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 3.2 RC2: Network Manager notification on system resume from suspend won't go away
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-12 08:07, arthur.summ...@gmail.com wrote: > This is not a huge "bug" but just a superficial flaw. After I suspend my > system, upon resume, I get a notification from Network Manager that the > network connection has been disconnected. This notification won't go away > unless I click to close it. There is a bug that was reported back in 2011 > that seems to precisely describe the behavior that I'm experiencing, but > I'm having trouble finding where and how it was patched (related bugs > indicate that it is Ubuntu-specific, Gnome 3 specific, etc): > > https://bugs.launchpad.net/ubuntu/+source/xfce4-notifyd/+bug/835972 > > Let me know if you need any further information from me! > Thanks for the report. Just to confirm: The network *does* automatically reconnect. It's simply the disconnection notification that (incorrectly) persists. Correct? Also, I assume you're using Xfce4. Is that correct? Tracking here: https://github.com/QubesOS/qubes-issues/issues/2244 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXrr/CAAoJENtN07w5UDAw91sP/0rmx1zSXwfUepeOnwuJxHm4 22hKjeE+NJWg7wOe21gEd/nQWHRk6mZAVzgBM/MPgWQ1f9qeLn9zleq27sAWDN7G HUGDBXmEq0/R64MgwITij76OhutJJxRbEMQId7VRhqeQzFnQWhrmg0VqUqRtLs0v +zez1eBwEL7xhkMOt8UJ7EnbPEapTZG2xe5oduifK+9zk9j53cPNqDNSkUHmB77S xuCPAjYeZ9ml4YIj63BU0fT/QqGFX0G/nGZ1uMDWw9WNJWhblz3VB7QHtIS+4CV5 lX+vUx5B1xp80Xo4L51jb1hwcPtIVSKTHanFq82J5jJgOUJoQB14jU2uIF1z2e0k n4UR7DiZNC4dvktze7L7IgxdJLhDmPyIfmqUMi0onawY/L6YHPjmi3ACgPGy3Q+y CCjB64Uf0nlpr5ftK0/rIgshyOliGUo5M2qyVQC6dskKvlxxFUI9K3JxH4T5VQXX 4tREJbTB1Dt89lyUUrwUAn26u0zq/Hr/sS6ojPK6pR7fliJjoBvABlW+1phPLsyn ZCEwxg3nN60hSMQxYDPoCJv2zi08gMY7SfIEjBHidFmRP5lDg2ioFOP0/Bvp3BxF 7TcoTDvDDM6X2fJOJx5ZBFLbTUPWEiOQNTSnlXZdPh2SE10uTw8vocR7KL13QmLJ 6KhxT0KiUFdv9NiS4I8Z =8MRR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/93823f5d-1556-3b74-2a8c-260ca54460f4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Anybody implemented auto-transfer to vault and auto cloud-backup?
I'm thinking transferring for example all *.PDF-files (I allways print out interesting pages to PDF, in addition to bookmarking them sometimes) from personal/private/pseudonymous/anonymous VMs (having increasing anonymity, privacy and security), and then just kicking them off to tarsnap. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b9a1c8d-581b-411e-93ce-4e147d9ff8b5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] [HOWTO] Give win7 HVM an IP but no net access
Just thought I'd leave this here. Maybe it works for you, maybe it does not. 1. Shutdown whatever VMs are needed, and the sys-firewall 2. Open terminal in dom0, qvm-clone the sys-firewall 3. Set it to deny all traffic except to the IP that you want to https://xpra.org/ into your win7 HVM from. VNC is insecure by design which is why Subgraph OS doesn't use it; correct me if I am talking shit 4. Remove the sys-net from your cloned sys-firewall Profit. You now have a win7 instance with an internal IP that can communicate with other VMs, but no access to the inet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c69b7d1-343a-499c-a341-14553f5dd0ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] grub2-mkconfig not found
Hi all, I'm a new qubes user and have been following the guides to get trim enabled for the dom0. Everything seems to have gone smoothly until the grub steps. I can't find a grub.cfg file anywhere. The only abnormality to my installation is that it's UEFI. So the closest thing I did find to this was /boot/efi/EFI/qubes/xen.cfg which had the kernel line referenced in the trim guide. However, when I attempt to run grub2-mkconfig -o /boot/efi/EFI/qubes/xen.cfg I get "grub2-mkconfig: command not found" All that is present in the /boot/grub2 folder is a themes folder. I am using the main dom0 terminal for all of this. Considering that everything boots fine, I'm hesitant to reinstall grub2 (I assume it would need to be grub2-efi in this case). Any clue as to what's going on? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7ac23634-8b0e-41b4-9000-e2a740c54d62%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Manual https://www.qubes-os.org/doc/templates/archlinux/ does not work.
On Fri, 12 Aug 2016 07:56:23 -0700 (PDT) lol lol wrote: > Hi guys, it doesn't work on a step 9 after compiling. > > /home/user/qubes-src/vmm-xenPKGBUILD: line 49: autoreconf: command > not found ==> ERROR: A failure occurred in build(). > Aborting... > /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: > recipe for target 'dist-package' failed make[2]:***[dist-package] > Error 2 Makefile.generic:139: recipe for target 'packages' failed > make[1]: *** [packages] Error 1 > Makefile:208: recipe for targert 'vmm-xen-vm' failed > make: *** [vmm-xen-vm] Error 1 > > -- > > So, i can't install archlinux template step by step :( Script doesn't > work. Please fix it. Step 9 from where? I also am stuck on an Arch build, I wonder if it might be the same root cause? $ make get-sources --> Downloading additional sources for vmm-xen... Makefile:77: recipe for target 'xen-4.6.1.tar.gz' failed make[1]: *** [xen-4.6.1.tar.gz] Error 4 Makefile:188: recipe for target 'vmm-xen.get-sources-extra' failed make: *** [vmm-xen.get-sources-extra] Error 2 And then again: $ make get-sources-extra --> Downloading additional sources for vmm-xen... Wrong signature on xen-4.6.1.tar.gz.UNTRUSTED! Makefile:77: recipe for target 'xen-4.6.1.tar.gz' failed make[1]: *** [xen-4.6.1.tar.gz] Error 1 Makefile:188: recipe for target 'vmm-xen.get-sources-extra' failed make: *** [vmm-xen.get-sources-extra] Error 2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160813090448.3cf8717b%40armor-mail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] USB Root Drive Corruption
I realize USB drives (or USB *anything*) is a stupid, stupid idea when it comes to being security conscious, but while trying out Qubes, I do have my root drive on an external USB HD. (And there's something to be said for taking your drive with you.) It works great in general, is fast enough, and seems very reliable. Until shutdown time. Things seem to shut down okay, but on the following boot, I see complaints about the disk errors on the journal; it does a FSCK but fails and goes into Read-Only mode, which prevents proper system startup, so most of the system just sits there doing nothing, presumably waiting for the root drive to go rw, which it never does. Doing an fsck from a console terminal on the ro partition notes the journal repair required, does its work, and says everything is ducky. Then I reboot, and get the same problem. If I reboot into Tails, do the cryptsetup, lvmchange, fsck to tidy up the drive, and *then* reboot, the system will start up okay. So every time I reboot the system, I need to first boot into Tails to repair the drive, to get back into Qubes. More than a minor inconvenience, and booting other OS's always adds to the risk of compromise. I'll try moving the drive onto the SATA bus and see if the problem goes away, just to verify that it's a USB-only thing. It's also a bit weird that it gives a disk error (IO Buffer error I think). I've badblocks scanned the drive repeatedly, and its healthy and fine, not a bad sector to be found. But something in the Qubes shutdown/startup is making Qubes think there's some bad sectors (maybe a problem the luks or lvm level? The ext4/lvm/luks/usb layering might not be shutting down elegantly.) (At boot, things fly by pretty quickly, and where the system crashes, I don't have the logs stored in a file, but it almost appears to me that more than one fack gets run [perhaps stepping on each other]. That's just a hunch though, I'll try to narrow it down more. The fact the journal needs recovering at all after a normal shutdown still remains a problem.) System is an AMD64 with 4G memory, JMicron SATA->USB Controller on a 2.5" 500G Samsung drive. JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ec3b77ca1c05033fa0d73792eff9b7c.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Updates Proxy a security Risk?
Greetings, Qubers. Say you have a VM (e.g. "Banking only"), which has a NetVM of sys-firewall, but for which you have disallowed or greatly restricted networking, turned off DNS and ICMP, but left on "allow connection to updates proxy." As I understand it, this creates rules in sys-firewall to enforce that policy, and allow forwards to the tinyproxy living in sys-net on port 8082. -A FORWARD -s 10.137.2.25/32 -d 10.137.255.254/32 -p tcp -m tcp --dport 8082 -j ACCEPT -A FORWARD -s 10.137.2.25/32 -j REJECT --reject-with icmp-host-prohibited Good 'nuff. However, there is nothing stopping such an AppVM (say, for example, it were compromised) to making any connections it wants through that 10.137.255.254:8082 proxy, to call home, download malware, whatever. (So my otherwise properly-configured "Banking Only" vm, that is configured to only allow connectons to my bank, can actually contact that hacker site in russia if some bad javascript or other compromise happened.) I set such a VM, networking disabled or restricted to one or two sites, no ICMP, no DNS, but updates allowed, and pointed Iceweasel's proxy to 10.137.255.254:8082 and was able to browse to my heart's content, even totally bypassing sys-firewall, so it was potentially even *more* open than if "allow network access except" were checked. This seems like a bit of a potential security risk. In general, I would recommend that updates *only* be allowed for Template VM's. And even then a compromised template can call home freely during the (hopefully brief) time it's running. (Also, I would generally recommend turning off all other Networking for a Template, unless you do need some non-update network configuration for an app, such as adding a browser plugin; but that should generally be rare.) (Also, Temporary OS updates are indeed handy in the AppVM's for testing or one-off app runs, but leaving this checkbox on is just like turning networking full-on for the AppVM. The user should at least be aware of this fact. I wasn't.) At the very least, the GUI should educate the user about this fact, and maybe pop up a warning/confirmation page if the user tries to enable update access for an AppVM. While it's easy to work around by leaving that option off except on Templates, it's a simple way for new users to unwittingly leave an AppVM wide open. I'm thinking the update server access process might need to be re-considered a bit. I also think more visibility of the overall firewall setup/layout and potential packet paths (as well as actual traffic) needs to be done somehow. Perhaps sys-firewall needs something more akin to Shorewall. (Checking for leaks, and running iptraf in sys-net was rather depressing; more on that in another post.) Thoughts? (I worry a bit that the attitude of the Qubes developers is "oh well, if you're compromised, you're screwed anyway, no sense adding more security." See no-password sudo, for example. I disagree with that approach, and think any reasonable and clean security measures that could be added, should be added. If you completely give up on the machine to one level of compromise, you might as well write your sensitive documents with rock on cave walls, deep underground, lit by torchlight. Although the way I've been aggressively hacked for years, it might just come to that :P "Pass the red berries, I need to highlight a sentence.") By the way, I intend all my comments as constructive or for discussion. It's an awesome system, kudos to Joanna and the team. It's been my main platform for a couple of weeks now, and I'm loving it, despite a few glitches and some confusing bits. I hope to be able to contribute something back to the process. (Is that Debian Template manager a paid position? :) ) JJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9761e8463602d1ec139e4f413f2fe5fa.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.2(R2) USB Connecting to DOM0 by Default
On 08/12/2016 01:27 PM, johnroberts19...@gmail.com wrote: > On Thursday, August 11, 2016 at 8:50:53 PM UTC+2, Andrew David Wong wrote: > On 2016-08-11 05:08, amad...@riseup.net wrote: My understanding is that by default Qubes Dom0 is protected from USB attacks by disallowing access to USB's. To the contrary,on my system, USB's have direct access to Dom0 - I plug in a usb -popup shows it's connected to dom0 - i have direct access via dom0 to the files on the usb. Is it just me? or it it a system failure? > > Pleas read this page: > > https://www.qubes-os.org/doc/usb/ > > Without a USB qube, the USB controllers are left in dom0, which sounds like > your situation. Depending on the version of Qubes you're using and whether > you're using a USB keyboard and/or mouse, you should have been prompted during > installation to create a USB qube. However, you can also create one yourself > by following the instructions on that page. > > > So i use R 3.1 and have a usb mouse and keyboard but nothing about usb > mention while the installation. i wonder the same as the author after i > insert usb stick to my system and it's at dom0. > Do you have a USB Qube? If not, you need to make on following Axon's instructions above. Otherwise, I would check your USB Qube's attached devices with Qubes VM Manager (the Devices tab in the USB Qube's settings) and make sure your USB Controllers are selected. -- kulinacs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/799e56e8-8afc-1bdb-08a6-4cbfe66b688f%40kulinacs.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Qubes 3.2(R2) USB Connecting to DOM0 by Default
On Thursday, August 11, 2016 at 8:50:53 PM UTC+2, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-11 05:08, amad...@riseup.net wrote: > > My understanding is that by default Qubes Dom0 is protected from USB > > attacks by disallowing access to USB's. To the contrary,on my system, USB's > > have direct access to Dom0 - I plug in a usb -popup shows it's connected to > > dom0 - i have direct access via dom0 to the files on the usb. > > > > Is it just me? or it it a system failure? > > > > Pleas read this page: > > https://www.qubes-os.org/doc/usb/ > > Without a USB qube, the USB controllers are left in dom0, which sounds like > your situation. Depending on the version of Qubes you're using and whether > you're using a USB keyboard and/or mouse, you should have been prompted during > installation to create a USB qube. However, you can also create one yourself > by following the instructions on that page. > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXrMkGAAoJENtN07w5UDAw2SkQAKE230GVdVVTj6ds7dH2m7ua > LJfdrLATMfXiCc8ua0GCPB/LFlBHua39LJDowL0okeX7UZfh6mPS+iQ51wEDVHU1 > Mox/PaEqkKpv7QnIj/6XSV3sIhwYqTIL+5HFBhd3IE8Psj2NCb30fYFJgoOdcpR6 > /8Y2huXCxCIvlsuTnxaa9/xvwZXKaN7eB00OMrk2pzRBfNOTedMIONzy5pPOvF2Q > X0cOln+U7s2iu0s+WmZWtcgX82qKpTWa07r96WcTU262e8+TXvH8umZZtIlJLwLU > eJxucUJFaNOGYGUL9dx6zaFiQ5WmOpCQ37Awh/3m/iVgL6FrpUlX+z66ZCpC6UZG > pwjHKcv3jRyxNIXTu6ROwjPzjjuHx8xuKAP1cIhU/EsQi+k6goWXeIalwO2lmDy1 > +lZwm3oHN1w2BEtPBthB+GDEsVjCzlUKnZSPZzj9rSMNW5CkYuw/KLXtKKhm2jcy > 7sSAk8zZ320NA0OeLcMR485QFaQ3HPtVoWdaA2aHjV/bTtMQMR72rgUZGXI3jntB > kFnQfa255+IQN8+WH6goHypuunSz3od3HH1ChlSnO2slzykMRiy51bHvLGnyNILN > TuKSTBTzqHxeV242NoqJye+zVTm5Ka1V43MTjIO6vhLCFz5HN6ezViT3GX/Eehah > nrDdi2shrGFOzLwP7Zea > =ZISO > -END PGP SIGNATURE- So i use R 3.1 and have a usb mouse and keyboard but nothing about usb mention while the installation. i wonder the same as the author after i insert usb stick to my system and it's at dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/505ef430-be83-4168-a013-79a1d208bf3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unable to install R3.1 / media check failure
Hello, I have exactly the same problem. This is what I did: 1. I downloaded the Qubes-R3.1-x86_64.iso ISO from the Torrent. 2. I checked the signature and the hash values in the DIGEST file (I checked just the hash values in a second PC) and everything was fine. 3. I used dd to copy the ISO in a USB flash drive (Sony 8Gb) 4. When I booted from the USB I tried the “Verify and Install” option but, exactly at 4,8% (as for Cory Nelson) the check failed. There was a message of this type (copied by hand): Failed to start media check on /dev/sdc See 'systemctl status checkisomd5@-dev-sdc.service' and 'journal.ctl-xn' for details 5. I couldn't check anything because the system was halted What can I do? Thank you in advance! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cf64646-8d0e-4339-ada4-ef26e0ebfe47%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.1 - Fedora update check disabled but still check
Hello i disable all the option auto update options but qubes still pop the update icon in my qubes vm manager. qubes vm manager "System - Global Settings" Disable dom0 and VM updates Fedorar 23 Template VM disable firewall rule "Allow connections to Updates Proxy" and even then from time to time it says new updates. i want to control back about when i check for updates. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/29f2f02b-fa8f-4357-ae3e-bcc9ece93b76%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to remove KDE from dom0?
Hi all, I installed Qubes 3.2 with KDE and XFCE with the intention of continuing to use KDE as I did before. However, there were so many problems and bugs that I decided to use XFCE in the hope of having less of those. Although, it is not bug free, it works a lot better, so I would like to remove KDE from dom0 now. I already tried removing the @kde-desktop-qubes group, but that wants to remove all sorts of other rather essential packages. Kind Regards, Torsten -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d33cc7f-8870-be38-4735-65b82b17b031%40grobox.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] 3.2 RC2: Network Manager notification on system resume from suspend won't go away
This is not a huge "bug" but just a superficial flaw. After I suspend my system, upon resume, I get a notification from Network Manager that the network connection has been disconnected. This notification won't go away unless I click to close it. There is a bug that was reported back in 2011 that seems to precisely describe the behavior that I'm experiencing, but I'm having trouble finding where and how it was patched (related bugs indicate that it is Ubuntu-specific, Gnome 3 specific, etc): https://bugs.launchpad.net/ubuntu/+source/xfce4-notifyd/+bug/835972 Let me know if you need any further information from me! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ae6584a-a172-47dd-8144-ce06d9236f0d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tool to record Whonix / Tor browsing history..?
On 08/12/2016 01:39 PM, neilhard...@gmail.com wrote: > I would like to be able to do something like: > > 1. Use Whonix/Tor as a disposable VM > > 2. Record browsing history using an external software > > One of the reasons I don't use Tor that much (other than slow speed, captchas > etc) is because I actually want to have a record of the websites I have > visited. > > We know that it could be risky to have the Tor browser itself record history, > if it gets hacked. > > But to have some tool running outside of the VM would be useful.. For the same reason that attackers outside the VM can't see what you're visiting, you yourself won't be able to see it either. What you want is not doable. If you want to have a record of sites you visit, then tell the Tor Browser to record your browsing history, and hope that works for you. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08b6dcb5-7ae2-ae0a-36eb-e384cfd8fc64%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Manual https://www.qubes-os.org/doc/templates/archlinux/ does not work.
Hi guys, it doesn't work on a step 9 after compiling. :: Running post-transaction hooks... (1/2) Updating manpage index... mandb: can't set the locale; make sure $LC_* and $LANG are correct -- bsdtar: Failed to set default locale ==>Starting build() /home/user/qubes-src/vmm-xenPKGBUILD: line 49: autoreconf: command not found ==> ERROR: A failure occurred in build(). Aborting... /home/user/qubes-builder/qubes-src/builder-archlinux/Makefile.archlinux:120: recipe for target 'dist-package' failed make[2]:***[dist-package] Error 2 Makefile.generic:139: recipe for target 'packages' failed make[1]: *** [packages] Error 1 Makefile:208: recipe for targert 'vmm-xen-vm' failed make: *** [vmm-xen-vm] Error 1 -- So, i can't install archlinux template step by step :( Script doesn't work. Please fix it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f08ab15f-09c8-443c-aa1a-be3993e0f2fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Tool to record Whonix / Tor browsing history..?
I would like to be able to do something like: 1. Use Whonix/Tor as a disposable VM 2. Record browsing history using an external software One of the reasons I don't use Tor that much (other than slow speed, captchas etc) is because I actually want to have a record of the websites I have visited. We know that it could be risky to have the Tor browser itself record history, if it gets hacked. But to have some tool running outside of the VM would be useful.. Is that possible..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/72cae3bb-8359-49b3-91db-12e3b9e12c2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to install "tl-wn823n" wlan mini usb stick in qubes ?
this is the instructions in the driver files from the tl-wn823n website. I have no success so far how to do it with qubes ? want to attach the usb wifi stick to my sys net. this device does not even get recognized by qubes but lsusb shows there is a device plugged in. 1. Development Environment System version: Ubuntu 14.04.1 Kernel version: 3.16.0-30-generic Gcc version:4.8.2 2. Compile the Driver 2.1. Compilation tool and kernel sources Before you compile the driver, please make sure you have the correct compile tool and kernel sources. We can install compile tool gcc by command “apt-get install gcc” Note : We recommend you use a suitable compile tool to compile our driver. For example: According to the command “cat /proc/version”, we could see your linux system is compiled by gcc4.8.2. So we recommend you use gcc4.8.2 to compile our driver if possible. 2.2. Compile and install the Driver 1. Access the directory of driver. 2. Before compile, make sure the parameters in “makefile.c” is suitable for your compile environment of your Linux system. ifeq ($(CONFIG_PLATFORM_I386_PC), y) EXTRA_CFLAGS += -DCONFIG_LITTLE_ENDIAN SUBARCH := $(shell uname -m | sed -e s/i.86/i386/) ARCH ?= $(SUBARCH) CROSS_COMPILE ?= KVER := $(shell uname -r) KSRC := /lib/modules/$(KVER)/build MODDESTDIR := /lib/modules/$(KVER)/kernel/drivers/net/wireless/ INSTALL_PREFIX := endif Explanation: · KSRC is used to specify the kernel source path for driver compilation. · CROSS_COMPILE is used to specify the toolchain. · ARCH is used to specify the target platform's CPU architectures such as arm, mips, i386 and so on. 1If your Linux kernel does not support 802.11, please annotate macro “CONFIG_IOCTL_CFG80211” in “makefile.c”. CONFIG_IOCTL_CFG80211=n ifeq ($(strip &(CONFIG_IOCTL_CFG80211)),y) EXTRA_CFLAGS + = -DCONFIG_IOCTL_CFG80211 = 1 EXTRA_CFLAGS + = -DRTW_USE_CFG80211_STA_EVENT = 1 endif 3. Type “sudo make” to compile the driver file. 4. Type “sudo make install” to install the driver file. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a58f6a29-b0be-4e99-b5cc-9fbf33e38047%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.1, Debian Stretch VM: audio not working
On Fri, 12 Aug 2016 00:37:59 -0700 Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-10 04:32, RSS wrote: > > Everything should be update, with Qubes stretch "testing" sources > > turned on. > > > > This has been broken for a while, is it a known problem? If I try > > to start it manually with debug turned on, there seems to be zero > > useful information: > > > > $ pulseaudio --start --log-level=debug -n > > --file=/etc/pulse/qubes-default.pa > > > > D: [pulseaudio] conf-parser.c: Parsing configuration file > > '/etc/pulse/client.conf' > > > > D: [pulseaudio] conf-parser.c: /etc/pulse/client.conf.d does not > > exist, ignoring. > > > > E: [pulseaudio] main.c: Daemon startup failed. > > > > Yes, this is being tracked here: > > https://github.com/QubesOS/qubes-issues/issues/1927 Cool, and the workaround mentioned there sudo ln -s /usr/lib/pulse-8.0/modules/module-vchan-sink.so /usr/lib/pulse-9.0/modules/module-vchan-sink.so still works like a charm. Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160812170542.7e88e230%40armor-mail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Routing network traffic in sys-usb using multiple devices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > Hi, > > I have two network devices and one only USB controller, so both devices are > in the same VM (sys-usb). I want to route some app-VMs by one network and the > rest by the other network, for that I have created two firewall VMs but both > are connected to the same network VMs because, as I commented, I can not > divide the network devices in different VMs. > By default all the traffic is going by only one network device. This is the > configuration in my sys-usb: > > [user@sys-usb ~]$ ip route list > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > 10.137.4.8 dev vif2.0 scope link metric 32750 > 10.137.4.29 dev vif9.0 scope link metric 32743 > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src 172.20.2.255 > metric 100 > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src 192.168.8.100 > metric 100 > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > I know how to route a traffic to an specific IP using "ip route add" to a > determined device network, but How can I route the complete traffic from one > firewall VM by one device network and the traffic from other firewall VM by > the other device network? Source based-routing is tricky in Linux in general. You can search for some guides on the internet. But alternatively, on Qubes R3.2, you can assign one of those USB devices to different VM - some separate netvm, or even one of those firewallvms directly (and do not attach this firewallvm to any netvm). It may work slightly slower, but should be much easier. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXrYojAAoJENuP0xzK19csd1AH/0xLELbOxgJSEbwImKU7OrYM JVLl1hqGNx1iAy/6BGiV3IK0/CawomzVtoUcLli20WxTSjMqrrkoet5bRxWmZdYb LWg2eHAjbFSL4hi20Rg6VPeYcFSy3BQH42YpfQnU2xlPjSXCCAJHfIbRsQpNJ8i3 HPXcHfr3Gb1LqljgHjW/wrHzqc7T4uu4wGu28bPwow1EcSuVX8Ag7NZBeeqC1eDa TjUOcmRXuY6BB7ofp2qzJQQBPHSMHdGM7G7QEEdxx1xy9E3knfs2i1HWKf2haR2s uVfrCqsSjaTaoHFD3QSNk7gM6M6J1Eku9LUA4xosbbvN+H++O1jPfzXw98eXbxE= =nMKF -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160812083443.GK5701%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.1, Debian Stretch VM: audio not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-10 04:32, RSS wrote: > Everything should be update, with Qubes stretch "testing" sources turned > on. > > This has been broken for a while, is it a known problem? If I try to start > it manually with debug turned on, there seems to be zero useful > information: > > $ pulseaudio --start --log-level=debug -n > --file=/etc/pulse/qubes-default.pa > > D: [pulseaudio] conf-parser.c: Parsing configuration file > '/etc/pulse/client.conf' > > D: [pulseaudio] conf-parser.c: /etc/pulse/client.conf.d does not exist, > ignoring. > > E: [pulseaudio] main.c: Daemon startup failed. > Yes, this is being tracked here: https://github.com/QubesOS/qubes-issues/issues/1927 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXrXzWAAoJENtN07w5UDAwt9kQALjc8h6iUtBS5jcOOCeNzNFI di+7WisW/kVCmT+30RVmNWFe8ihGtOHYwj89w1I8eqQ5RzfFihN/pf2dsiTrPqkC zKQVILl/Hk6vdN5sqOd7aKGXteKgnFxE6NHNKzWUgMm/RXx+0aJiozhe5XKeWEq7 WgGgEjl3+7DyYMsYTWcqaPI7yuXeAm1mwQs0FWL1rdnnaFOPDNJG59m6OMzYB61E 8e9ONA/Kgogvwe77DUR/uX5G+tB4Rc3cDMThv14ZO+zAdGsb1PnuCG+r+CI0N7La gE5dzVIkhHjLJMO5jaV+ElI6zgHbQxGzds0tz+Zgvxtu2nrUNvLjaDouU5OefaOT PBwq160nnOQDlkasvVM9kWYOkPexY8QXsC8dvhm2yGjoGpBx2TpfBnZbGZxgmTAz /dYzHcPraGP0u+/0v1oZHipsfqgsSkQ9ly9uWRmj4RpD8Bj5ULRADsGQ8PhftNGo DD9FkRBsw7QIYApUjAfaSZg+gdCzriwciCTDymM5CpC6gupJTReQ9wKX7lZG7F26 R9KZZ5rplr8GPZUVSjokapMTsV4yEniLkgteqvOYp3e7b193eI0mO83oAtv20IGf Uj6APrsfrbALGKw87UIkOOV0e+dp/ZE8oWu3qvCUm9P/OgIVPhPGeqlwbq5HuGrz 0FVryJCrBg7DND3T2pq6 =ffqN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/08dcae45-f5b8-c14c-489c-5f2ee32b12bb%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.1, Debian Stretch VM: audio not working
Everything should be update, with Qubes stretch "testing" sources turned on. This has been broken for a while, is it a known problem? If I try to start it manually with debug turned on, there seems to be zero useful information: $ pulseaudio --start --log-level=debug -n --file=/etc/pulse/qubes-default.pa D: [pulseaudio] conf-parser.c: Parsing configuration file '/etc/pulse/client.conf' D: [pulseaudio] conf-parser.c: /etc/pulse/client.conf.d does not exist, ignoring. E: [pulseaudio] main.c: Daemon startup failed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160810193236.410a600b%40armor-mail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: usb 3.0
Andrew, THANK YOU very much. I really really appreciate your work, your answers. wish there are more people like you that helps other people getting a clearer idea how to do jobs correct. thank you again and again Nick -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/637778f5-9240-4f3f-a247-d0b8c1ad1584%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
