Re: [qubes-users] vif in user ProxyVM?

2016-08-22 Thread johnyjukya
> On 08/22/2016 10:47 AM, johnyju...@sigaint.org wrote:
>> I'm trying to create a ProxyVM of my own, to replace sys-firewall.
>>
>> I'm on 3.2rc2-testing.
>>
>> When I create a ProxyVM in either fedora23 or debian-8, eth0 shows up,
>> but
>> no vif interface appears.
>>
>
> vif interfaces appear when you connect downstream vms to the proxyvm.

Well, how about that!  Right you are, there it is...

Thanks.  :)

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a89b85336364ee982c4483064a30776.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] /rw/config/rc.local on debian-8

2016-08-22 Thread johnyjukya
> On 2016-08-22 07:52, johnyju...@sigaint.org wrote:
>> /rw/config/rc.local doesn't seem to be run on startup in debian-8
>> (3.2-testing).
>>
>> What is supposed to launch this?  systemd, another startup script, or
>> something dom0-related?
>>
>> I added "/rw/config/rc.local" to "/etc/rc.local" and it works, but was
>> wondering what might be the official way to do this, and if this is a
>> bug.
>>
>> Thanks.
>>
>> JJ
>>
>
> Did you make it executable?
>
> # chmod +x /rw/config/rc.local

Yes, I did.

And it seems to be working.  I must have been confused at some point with
too many windows open in different VM's.  :)

Apologies for the mistaken report.

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc28d56b8823423ab20448878bedd5dd.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Problem on port forwarding to a VM from the outside world

2016-08-22 Thread nishiwaka46
Le lundi 22 août 2016 17:43:35 UTC+2, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On the contrary, we care greatly about translating the documentation into
> other languages. We're working with Transifex right now to have the
> documentation translated:
> 
> https://github.com/QubesOS/qubes-issues/issues/1452
> 
Ok my bad, I didn't knew about this projet. Then it is fine, it would help a 
lot people not used to read english.
>
> We welcome your participation! Michael (CCed) is the main contact with
> Transifex. He may have a better idea about how members of the Qubes community
> like yourself can get involved.
> 
Ok thank you, he can contact me on this email if you want me to help to traduce 
some pages, no problem. I don't type very fast and I'm not that young, but if 
you lack people to help traduce in their native langage, I can help.
>
> I didn't mean to suggest that it's immune to criticism. On the contrary,
> constructive criticism is always welcome.
>
Sure, I was just a bit on nerves yesterday, sorry about that.
>
> However, you said, "I don't get why documentation don't address..." I was
> simply explaining why. The documentation is lacking such things because no one
> has contributed them.
>
> I think it's fair to beseech documentation contributors to consider these
> things. But, in the end, it's up to them what knowledge (if any) they will
> contribute.
>  
Good point, I have thought about your answer yesterday more rested and just 
begun a course today about TCP/IP networks, OSI model in 7 layers to understand 
better how routing works, how packets travel from layer 7 to your own switch / 
bridge ! This is quite interesting, but my attention scattered to another one 
on how to convert decimals numbers into hexadecimals or binary numbers ^^
>
I don't know if it's going to be useful, but yes, it was interesting to realize 
an IPv4 adress is coded on 32 bits, which is 4 octets, and that 1 octet reach 
255 maximum in decimal form because it is coded on 8 bits, which is 2^8=256, 
and as you start from 0, you get this number. And that we're going to switch to 
IPv6 because you have only 2^32 numbers available (4,2 billions) and we are 
already 7,3 billions here on Earth ! That's also why I want to host my website 
on my own cpu bc you need energy to make a server work, Earth is dying, who 
cares my beginner site being unavailable 8-12 hours a day, as long as I warn 
folk when it opens lol. You can also think about Qubes in an ecological point 
of view as it centralizes different OS and allows you to avoid having more 
computers to preserve data : you save energy.
>
Those numbers make you wonder how unreal in less than 50 years we went from 1 
bit (0-1), to this very simple potential electric difference coding 2 values, 
to a world wide web page full of data ^^ I guess we invented aliens to 
communicate with we didn't found (yet) so far :D Because if you think about one 
typo here, like my little D surrounded by 2 symbols (lol), if you think about 
all characters options available in all languages over the whole world for 
those 2 symbols, I wouldn't be surprise this beast gets so huge that it can't 
hold in 1 octet/1byte/256 options haha (btw in french you add e to "bit", you 
get a D :D). I hope you enjoy my delicate poetry on digits man lol ~
>
P.S. : If quoting you fails again, please excuse me, I don't get how to do it 
properly inside your message :(
>
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXux2fAAoJENtN07w5UDAw4wUP/j0uDCgbx80Cm714mi6vDB/Z
> 8NBXlMLV6hzA8HtVW3Z2Rfo7pY/Fe8uQLskJ+h8SluWDw2srUHXSsv2ETIBsUzC9
> 0m9HaSLJU+UxO7Vc8VFi2FTiUlFKxhBnhFYWGwSqir0QI+OZP6Mx1id/MgtvGkYk
> TDWtljt7hvgjR6hnX1GqU6u0Bg3O1KZHSNhcC98RQZjy9LWOgIkAPKWpK98FheYi
> N5QMRTJwfrUEFIEumCf6xzG3jiolJlmGEPkKDfk9+GaKxd0koHbENMWqfvlz2Zbo
> pq9gBzkW44K88pcWpS4CLkvonMDdXienRWzy7ut5kQsEfNuw4MVGMkqy9YUGkhlJ
> 9mbZx8AB1yPs0LRdQpCk9noh4g4QWr9XREHQC2+FgazYQD1P4rcZDXt8r0JJdH2W
> E5GJbqWWwQj+Rn0VbI4TbuXZJlw8gOeiUXRSKu821EhXu37dtiNI+XKszx8iPfXA
> 9EbAd9O4hulVq3866eWX86Sc/MKnNE/Frw0M8ObHvvXnweI2VwUNMeZCJ2VKO5KG
> vWQkTi83YAkHqvk8YOFCV7+oOQAyGymHZzjCUWvOWvDjBX/wtSgcmEt3rMq8MklX
> G3ZFzGdkC2h2VeEqwojhMNZ1UWHNvwv+KV6ySJf5p3ZrGqZKO6olIlbZZNnT2HDe
> OW2eq0Sr3P3Qtdn9iXao
> =6qZC
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0b4dfff0-4c9a-42ac-9356-8fedd7bd4306%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] QUBES Windows Tools won't install

2016-08-22 Thread Foppe de Haan
I installed w7x64 in a HVM today, and while the tools installation took about 1 
hour of the installer seemingly not doing anything, and a few of the reboots 
"failing", it seems to be working fine now, including network access. (R3.2rc2.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/50db401f-084a-473b-b693-df83f5dc3008%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] How to record screen activity on qubes?

2016-08-22 Thread Desobediente
I was about to ask this in the list.

Tried recordmydesktop on an AppVM and it blacked out the whole screen.

-- 
iuri.neocities.org

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAF0bz4Q5C7MPoWkcwS9wksJER3aP7UhR5uO_CAnEun4%3Dv-j4AA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora 23 template not updating - with a blank screen

2016-08-22 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-22 09:02, 48kc5j+2yh9dxa25wb0o via qubes-users wrote:
>> Probably just a temporary thing. I was able to update everything a short 
>> while ago with no issues.
> 
> Unfortunately it doesn't seem to be temporarily, the updade for the 
> fedora23 template is still hanging. I honest don't think this is normal or
>  due to some problems with the yum repos. Any idea what I can do to solve 
> this huge latency?
> 

Are you downloading updates over Tor (sys-whonix) or clearnet?

Persistent slow/hanging downloads over Tor could be due to a bad entry guard(s).

> 
>> That doesn't look like normal output from qubes-dom0-update. There
>> should be no message about sending application list and icons to dom0,
>> since that occurs in TemplateVMs, not dom0. (It would make no sense for
>> dom0 to "send" something to itself.) On the other hand, that message is a
>> normal part of a TemplateVM upgrade.
> 
> Apparently that was caused since I run the upgrade of dom0 while I was 
> upgrading the fedora23 template at the same time. Dunno if this is the 
> cause, but could possibly affect it. If this isn't the normal behavior, how
> can this be corrected then?
> 

That would explain it. If you were running with --pass-io, then there would be
text from both.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXuy/dAAoJENtN07w5UDAwcZUP/RC0AjhE8FhbGewNEVeHfir9
UDWuykf/EnHY9Wh0bFYfTsh8ho/5Lm5UohI+uz22kZNwYOVwTFzI/WGaWwT4+pYu
cgbqSPhcWqL3p8WxucFhCmiGhAu9PLTNKngqYPnjrjUR2wlnyJaw1w7dhn55Q4IT
Mne/6OYBHPitAXd1DsbPUcmuV3gGF8+L5ELPYY+uJvvJG/w2Po6Pz3V5OIcJhNe5
hU24UFMC8Fo6+rs41rEICzcGwTDnhN8HhGBIvqxAIWjvC7HJIWHwcqtbMc4EO9gG
OHtIJ+2+M6HuPpfz4heo+lyl158Bjf9j+A3e13jqI9KIMFL7n7vldNwNDbwgRXLc
dnMIGt/hnnotnwTraISuduq5VRU8yCHbOpEE6ChTkybI12eP2Nj7/g0XApYuD/ZN
p35v5zauUyjvSKE00jcPR6Squ4eVn9+rQ0Ulgbo6jBok3CAlPXefv0QDm5nOO47s
r7ucvihnJ4mwHJEPHvnQIJQjAghe1bXl9kIwtjnHn0//2o2Ql8GMX1yE112qZpdQ
6qyng37Bv+vArdfk9mFHwCPmCoJ91rnv5NTvk1qnyWD0/TP0cA//hR/PrMI1wIwm
z52HcAAfnT/A8npn5AdgTeIJAg+R8Bor6PumNIPsU7GPo81mqyaUn0Olh24+pqQS
Z8gY2AuQYgxlFe4AKZwi
=WB/Q
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/226f881d-229d-ffc8-5ee4-b91259f70683%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] vif in user ProxyVM?

2016-08-22 Thread Chris Laprise

On 08/22/2016 10:47 AM, johnyju...@sigaint.org wrote:

I'm trying to create a ProxyVM of my own, to replace sys-firewall.

I'm on 3.2rc2-testing.

When I create a ProxyVM in either fedora23 or debian-8, eth0 shows up, but
no vif interface appears.



vif interfaces appear when you connect downstream vms to the proxyvm.

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aa8fa248-385b-ee7f-098c-70a3d2163a21%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Screen corruption on nvidia

2016-08-22 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-22 08:19, johnyju...@sigaint.org wrote:
>> Added testing repos to (clones of) debian-23 and debian-8 templates (as 
>> well as whonix-gw/whonix-ws), did upgrades/dist-updates, restarted, 
>> loaded up a bunch of AppVM's, and have been pounding on things awhile.
>> 
>> No sign of screen garbage yet!  :)
>> 
>> Looks promising.
> 
> Day 3 of banging on r3.2-testing, and zero sign of any screen corruption.
> 
> I think it's safe to mark this one as fixed.
> 
> JJ
> 
> 

Thanks for testing and letting us know! :)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXux/gAAoJENtN07w5UDAwzX0P/1imJfQfBAPIbzo/padV2GqD
mgojWck235Hp7ojArkT8YO1c6FsLsbdgUfTYH2GbUcOTpYnpg5LC4MK/KtB3NNUh
r8VRS9AvjAO8jaFu9j/C3+14+PXG96/YvTzviiT9dSx24QuXW8QTWutz9WANQnqZ
p0HhcBAf2Pfpv4H99Qu4i89p53YM8lgHcyYwhYiV7EuZu1aehRLvz5g7i9/IJ3Wi
EwvGpMsFBD8r317R/xzbrzhJXfdTt676pb7mQZDIHQUA9zSD2HjuBjo0dWa0vYd0
BsWUmOHnU70et4D3JJ7QSXEky0j5bhUipXL8F93paLes0M1wOJXr/UUIDPIX0K7M
j5l0JTLkF/5ygnm0Bym8fqLKnarlkrpE4zSgZB4RzQ4NqpWvQ4et0deZy8TuW3Eu
cqs3yNFun+U5wvC72QF5oc+taEh9+cDz1zNvgcL+TzfeSQX/wdjjI8an26DDPKXC
wS4a/cVYyzMgD3zXdDkBifl/IJtoIZ+T5zY+vus0NiCnKtLVXfeBrkH4gtIuN3jU
M4UPsHIXI6g47CYIrhSneAZJNS4bJNBBARqjl2cr6in7sSgT/aaH0sPh/9HBHoeN
aanh3oeoXke1xK+3c8rVcr4sMo3lMJQ4P2MTiGyQ/fxvF1plW2ZH2DymdfAcW/Kq
7q8Ryxs4QzxEeeAVdN24
=xHjg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e3b20335-d54b-a123-319f-d515961a83cc%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora 23 template not updating - with a blank screen

2016-08-22 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-22 05:53, 48juya+35xih7kuzgagg via qubes-users wrote:
> It seems that the updates on dom0 are also affected:
> 
> sudo qubes-dom0-update Using sys-firewall as UpdateVM to download updates
> for Dom0; this may take some time... Running command on VM:
> 'sys-firewall'... Checking for dom0 updates... Last metadata expiration
> check: 1 day, 16:07:48 ago on Sat Aug 20 22:40:37 2016. Dependencies
> resolved. Nothing to do. Sending application list and icons to dom0 
> Complete!

That doesn't look like normal output from qubes-dom0-update. There should be
no message about sending application list and icons to dom0, since that occurs
in TemplateVMs, not dom0. (It would make no sense for dom0 to "send" something
to itself.) On the other hand, that message is a normal part of a TemplateVM
upgrade.

> Yum command has been deprecated, redirecting to '/usr/bin/dnf
> check-update'. See 'man dnf' and 'man yum2dnf' for more information. To
> transfer transaction metadata from yum to DNF, run: 'dnf install
> python-dnf-plugins-extras-migrate && dnf-2 migrate'
> 
> Qubes OS Repository for Dom0
> 68 MB/s | 151 kB 00:00 Yum command has been deprecated, redirecting to
> '/usr/bin/dnf -q check-update'. See 'man dnf' and 'man yum2dnf' for more
> information. To transfer transaction metadata from yum to DNF, run: 'dnf
> install python-dnf-plugins-extras-migrate && dnf-2 migrate'
> 

A message stating that dnf would complain about yum being deprecated -- and
that this would be safe to ignore -- should also have been printed in the dom0
terminal in which you issued qubes-dom0-update.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXux7jAAoJENtN07w5UDAwM7EP/1phXy5qRJzhFv74Wo51HvWE
O/FOut8E0kcnGmbXR0PiYdLeBByUR/Rj5YXQoI6N5Eyo3vubPsc3lp2SQnuBzdL8
jFy09xwGwZzWgVGO671MF1OMJHiX2ESvjga0hZJsDeVJdDTty+rnaxL0Ps8yQt16
EpiAATNr7xaOdrRcax6jzUrkpJrY+c7CYEmalDsGG+DaqEFJRBT0OudM0GHUsd6o
qAZ3AWunA2ufweyoUdm+MoF0ydcacVHQ+QTx/Wk/KNPAez+3sfNbV0ZvRJFaHQS2
weSpxvJKfNYmlC9S6P7amAA4L8wKDUR2cNOR7qwtRXjtYzPKGaMgAIG2XzUrvn37
GvBtsjQ5d2RCJvmHdDs5kEyJKd+EiBEC8K0NxEl0nYSgwr9zMAdZzHnNMIFWVAqk
e+1OjRF8U3VWZmngJr6oGWKa7AO8IOyPbsYOmTJdrJ4OE/fXTRhnaAibLMMsIyeo
Z2pQSO2koNrH7h4T9iIJZA46rZ/c0twQkP1RWk77yellncl+8SKXc764KVQFG8Rd
IflnZRnz8R5s+b91ksYibFZTsjC6ZOStZq1b0TQuIY/ajAnqZyvgJ5gWnrFIibQz
gcZWZVe8vyi0QAy1owMtJ2pbbeMkYYq4+9TJ9krMj3H7lG/fBeX+WOnTBlyidctE
604xIMgkN5ZDNfHx+pRO
=nJDt
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f205f3cd-f882-835d-3f38-c3d5fa36aa8f%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora 23 template not updating - with a blank screen

2016-08-22 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-22 05:25, Jeremy Rand wrote:
> 48juya+35xih7kuzgagg via qubes-users:
>> It seems that doing a 'dnf update --refresh' it provides some output but
>> updating the repositories is taking forever:
>> 
>> [root@fedora-23 ~]# dnf update --refresh RPM Fusion for Fedora 23 -
>> Nonfree
>> 1.1 MB/s | 156 kB 00:00 RPM Fusion for Fedora 23 - Free
>> 3.8 kB/s | 457 kB 02:00 Qubes OS Repository for VM (updates)
>> 1.0 MB/s | 286 kB 00:00 Fedora 23 - x86_64 - Updates
>> 199 kB/s |  24 MB 02:03
>> 
>> 
>> Its hanging for more than 15m now, any ideas how to solve this?
> 
> Coincdentally, this occurred to me about 20 minutes ago.  Restarting the 
> fedora-23 TemplateVM and trying to update again fixed it for me.  Might 
> have been a server issue on Fedora's end.
> 
> -Jeremy Rand
> 

Probably just a temporary thing. I was able to update everything a short while
ago with no issues.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXux4jAAoJENtN07w5UDAwK3UQAKts/voKw2CTc9i+PHI8V2Ie
/reVt8GcK08O5mLp2vhhyHfEAVu1qewQ1yEcGGVnYGxhus4T+gJCo4EeMbyRDsJj
qxZ+lV08OkHJ2KhnDe7BVGzbX3evUKmIc4+Ibd0iC/jX4zHACvP/QZiOgM7i/wEx
3PWaM1V1yXAG8vYUsOOIJdW0F4PQs3LMHaaa//IHI6x+5HUGdsuA4tW/PSx9TIuc
pCrNCFCXfuuH7Aj4Fhs7c9eNs5hCerS/O8Ps2lBlFs0d5lsqofD2uBJcnAOzyS/v
xEzzh46t62Pw91HF0Zw97ysI695Fdc7EEfSvlB7Eeg/61ngDMqdOyUA3b3FeN39N
fmmr6H6AZj87e2EqM7TU48/X/2N2k8eyYeV0/gqouvomu2960XBLW5LPWbBbH8DV
Sy70INxL2LzgpPHCOHr2BFe/BBpj/ZMCOsHye3sVZFkg7mhy6ffqs36QRC2S2G0N
1cPaNcVpb57T8/sdAPACFCUGCgrHbupT/v0UVcyJtSkX1th18dXPLemtUAcQ/au+
UD8F3IyBOXnwrEAIrtx2guprlKDamfvZIXv6RhWedCyaCglLVWup6vGannvpFQj8
S+tFYvf3LuTV3UFf5WQfOKHqsdgyAuKKyMs9lQF61u/DyiQ8lElT3E6JPi9b+cy4
PVRmDGyPTo96tuTFU1gP
=U1OP
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/054d8c19-0c60-3c63-827c-e9a2cebc8b58%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Problem on port forwarding to a VM from the outside world

2016-08-22 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-08-22 02:47, nishiwak...@gmail.com wrote:
> I would love as well to be able to host a website to share my interest for 
> Qubes OS with the world, or at least with people of my country sharing my
> own language if you don't mind, because Qubes OS documentation looks like
> imo being written mostly by native english users that don't seem to care
> much for non-native english users being lost.

On the contrary, we care greatly about translating the documentation into
other languages. We're working with Transifex right now to have the
documentation translated:

https://github.com/QubesOS/qubes-issues/issues/1452

> I would this way really like to participate to some translation effort, as
> I don't necessarily think you can enter easily those quite complicated
> notions with your non-native language.

We welcome your participation! Michael (CCed) is the main contact with
Transifex. He may have a better idea about how members of the Qubes community
like yourself can get involved.

> Qubes documentation being largely a volonteer effort doesn't make it
> immune to the critics,

I didn't mean to suggest that it's immune to criticism. On the contrary,
constructive criticism is always welcome.

However, you said, "I don't get why documentation don't address..." I was
simply explaining why. The documentation is lacking such things because no one
has contributed them.

> and mine is that people spending this valuable time to share their
> knowledge to make people enter quite long and complicated procedures should
> consider that : 1) Explaining how to do port forwarding without adressing
> or refering to basic knowledge upon this concept leads to frustration, as
> you necessarily need to understand a bit what's going on in order to adapt
> the procedures. 2) Even if I think people mostly appreciate and are
> thankful to the Qubes community developpment for the incredible security
> improvement Qubes OS brings to everyone and that makes Qubes OS probably
> the best OS I know so far, when security isolation somehow puts you in cage
> where you encounter difficulties to communicate with rest of the world,
> well that's not the goal per se :p
> 

I think it's fair to beseech documentation contributors to consider these
things. But, in the end, it's up to them what knowledge (if any) they will
contribute.

> But no problem, thank you for your help. I hope someone might give me some 
> advices on this problem, but I am already trying to learn on iptables, as
> it looks like you can't unblock ports using only Qubes firewall, you have
> to understand these iptables scripts ^^
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXux2fAAoJENtN07w5UDAw4wUP/j0uDCgbx80Cm714mi6vDB/Z
8NBXlMLV6hzA8HtVW3Z2Rfo7pY/Fe8uQLskJ+h8SluWDw2srUHXSsv2ETIBsUzC9
0m9HaSLJU+UxO7Vc8VFi2FTiUlFKxhBnhFYWGwSqir0QI+OZP6Mx1id/MgtvGkYk
TDWtljt7hvgjR6hnX1GqU6u0Bg3O1KZHSNhcC98RQZjy9LWOgIkAPKWpK98FheYi
N5QMRTJwfrUEFIEumCf6xzG3jiolJlmGEPkKDfk9+GaKxd0koHbENMWqfvlz2Zbo
pq9gBzkW44K88pcWpS4CLkvonMDdXienRWzy7ut5kQsEfNuw4MVGMkqy9YUGkhlJ
9mbZx8AB1yPs0LRdQpCk9noh4g4QWr9XREHQC2+FgazYQD1P4rcZDXt8r0JJdH2W
E5GJbqWWwQj+Rn0VbI4TbuXZJlw8gOeiUXRSKu821EhXu37dtiNI+XKszx8iPfXA
9EbAd9O4hulVq3866eWX86Sc/MKnNE/Frw0M8ObHvvXnweI2VwUNMeZCJ2VKO5KG
vWQkTi83YAkHqvk8YOFCV7+oOQAyGymHZzjCUWvOWvDjBX/wtSgcmEt3rMq8MklX
G3ZFzGdkC2h2VeEqwojhMNZ1UWHNvwv+KV6ySJf5p3ZrGqZKO6olIlbZZNnT2HDe
OW2eq0Sr3P3Qtdn9iXao
=6qZC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4a7efd74-de1c-d72a-a345-f5c39f32d5d3%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] timesync on by default in debian-8 template (3.2-testing)

2016-08-22 Thread johnyjukya
I notice in the debian-8 template that network time synchronization seems
to be on by default in systemd.

systemd-timesyncd.service  loaded active running   Network Time
Synchronization
time-sync.target   loaded active activeSystem Time Synchronized

It's disabled in fedora-23 by default, and rightly so, as I believe it's
unnecessary given the dom0 driven /etc/qubes-rpc/qubes.SetDateTime
mechanism, and it's kind of "leaky" sending requests unnecessarily to the
Internet.

Paranoidly yours,

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9f04934f4dc333b3afc24e995a77fc3.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] qvm-usb does not detect all devices, crashes

2016-08-22 Thread Raphael Susewind
Dear all,

I am unable to use qvm-usb and hope you might help me find the problem.
My system is based on qubes 3.2, with qubes-usb-proxy 1.0.5 in a
standard fedora-23 VM to which I assigned all my USB controllers.

Whenever I start qvm-usb in a dom0 terminal, though, in order to attach
my webcam to another VM, I get the following error:

---

[raphael@dom0 Desktop]$ qvm-usb
Invalid 2-1_6 device desc in VM 'sys-net-usb'
sys-net-usb:2-1.5   8087:07da 8087_07da

---

The first line actually looks garbled to me - at least I could not
reconstruct how it comes about by looking at the qvm-usb sourcecode.
Also, the exambles in the website documentation use a simple vm:a-b
string to identify devices, while my system throws up vm:a-b.c (that's
how it is written in /sys/...) or vm:a-b_c (how it is written by
qvm-usb, apparently). Perhaps the problem's root is to be found here?

When I run lsusb in the sys-net-usb VM, I get:

---

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 005: ID 2232:1024 Silicon Motion
Bus 002 Device 004: ID 8087:07da Intel Corp.
Bus 002 Device 008: ID 0bf8:101e Fujitsu Siemens Computers
Bus 002 Device 007: ID 046d:c077 Logitech, Inc. M105 Optical Mouse
Bus 002 Device 006: ID 1852:7022 GYROCOM C Co., LTD
Bus 002 Device 003: ID 2109:2812 VIA Labs, Inc. VL812 Hub
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching   Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

---

Any advice on how to proceed would be much appreciated,

Thanks,
Raphael

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/42613342-4f82-c49f-d732-682975a75e45%40raphael-susewind.de.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Oddness in sys-net's VIF startup

2016-08-22 Thread johnyjukya
> In trying to figure out why my ProxyVM has no VIF (on Qubes 3.2-testing) I
> was looking at the dmesg's of the servicevm's, and noticed something that
> looked a bit odd (running rapidly through vif interface #'s) in sys-net
> (fedora23 template).
> Similarly, iptables-save shows duplicate rules for the vif's:
>
> -A PR-QBS -d 10.137.1.1/32 -p udp -m udp --dport 53 -j DNAT
> --to-destination x.x.x.x
> -A PR-QBS -d 10.137.1.1/32 -p tcp -m tcp --dport 53 -j DNAT
> --to-destination x.x.x.x
> -A PR-QBS -d 10.137.1.254/32 -p udp -m udp --dport 53 -j DNAT
> --to-destination y.y.y.y
> -A PR-QBS -d 10.137.1.254/32 -p tcp -m tcp --dport 53 -j DNAT
> --to-destination y.y.y.y

Whoops, there's one each for tcp and udp, so the iptables rules are cool. 
But the duplicate interfaces still seem weird.

Also FYI, /proc/net/dev:

Inter-|   Receive|  Transmit
 face |bytespackets errs drop fifo frame compressed multicast|bytes   
packets errs drop fifo colls carrier compressed
lo:6788  73000 0  0 0 6788
 73000 0   0  0
enp0s0: 229463366  16497200   70 0  0 0
19397772   61227000 0   0  0
vif104.0: 3336560   22909000 0  0 0
83284242   57902000 0   0  0
vif107.0:  3094491216000 0  0 0  
1332291840000 0   0  0

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c72427d3b153c2163d08e799f6ac165c.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Screen corruption on nvidia

2016-08-22 Thread johnyjukya
> Added testing repos to (clones of) debian-23 and debian-8 templates (as
> well as whonix-gw/whonix-ws), did upgrades/dist-updates, restarted, loaded
> up a bunch of AppVM's, and have been pounding on things awhile.
>
> No sign of screen garbage yet!  :)
>
> Looks promising.

Day 3 of banging on r3.2-testing, and zero sign of any screen corruption.

I think it's safe to mark this one as fixed.

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1be991f810cc2019d7e056e5749c0504.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Network Access dom0

2016-08-22 Thread zackptg5
On Friday, August 19, 2016 at 2:11:32 PM UTC-4, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-08-17 15:06, Desobediente wrote:
> > The bumblebee docs tell you to use yum/dnf without gpg.
> > 
> > I haven't found their keys also. Normally it sits on a
> > keyserver.example.com or keys.example.com
> > 
> > Giving the circumstances, I'd guess there aren't any.
> > 
> > There is a "just works" way to do it, but I'm not the one telling how to
> > do that. Just ask them to generate gpg keys.
> > 
> 
> Is the "just works" method adding "gpgcheck = 0" to the repo file? If so, then
> I can understand why you wouldn't want to tell anyone how to do that, since
> it'd render them vulnerable to a potential MitM attack.
> 
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXt0vNAAoJENtN07w5UDAwQl8QALRLtl7E/d3LLADwDnmD53a0
> kq1yxZsHzxYxV/tp6SKaScjk8GJa0p80gX27QEWLx+1/iasEmGFJrNGNY7/KyFUi
> yKcs04DJSVi9O3zc/tmFcPAXrC13lhP9ONuBeP5PbJ9R/jbIGzxgxv85lj6kfNy2
> bVq1W9YbmzPgORXIZqGNeYXmEcHrou8Qb4xgP9fh1GFuXUy6YiNb0C/ECkqGewHk
> 8hjoEm5/QjD5BitdqDr32n2GmOpXjs9/15Ae0JTBGGHSGNAD+A/HQ6gk/9aPt1q/
> KRJW0ZW118hPLltjuNo99eBD2BTpeaNE1JZ0xic/RV4HhYL28Ivu+qCfpaLHxENG
> zF/gNk5PkdbKJhjXoOizXj9q8YwPP60IKYrteN0+TPHSzayscVTn2s4oSi2YlxbE
> xHfWSbp+Xqo14f2E+0rSTor44UdRFcOg2UHB+2roCbgN2+Ta+SQRtlEXO+7ehrpN
> 60LFS7HPTK7GNaVYvmFvSZxDHpLaZymxvYHRpGwiP/x2T75Ceg9XoUnl4iGdMiIO
> jo/C+8sXF1Oa8PNHtA+d5bpqh4duELsDGNjV9R9EKNRBUlrVdMdGhjuhhzk3JSsa
> TL/u47RoSd4nQYdOPdUgBHZlLVqchBKqrM0lPoYTebRRTxi5Ns9kMFHvrzssLJxy
> a25Kb7ATBBPJ8HsEoxNI
> =XUBP
> -END PGP SIGNATURE-

Didn't change anything. Still getting a failed to synchronize cache for repo 
error

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/25a37fda-824d-4564-8257-595d26bb8eb3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] vif in user ProxyVM?

2016-08-22 Thread johnyjukya
I'm trying to create a ProxyVM of my own, to replace sys-firewall.

I'm on 3.2rc2-testing.

When I create a ProxyVM in either fedora23 or debian-8, eth0 shows up, but
no vif interface appears.

There are iptables entries for 10.137.4.*, so the firewall mechanism seems
to be doing (part of) it's thing, but with no vif device itself.

/proc/net/dev on my ProxyVM shows only eth0 and lo, whereas on the
sys-firewall it shows eth0, lo, and a vif interface.

dmesg (on debian-8) shows:

[1.257473] xenbus_probe_frontend: Device with no driver: device/vif/0
[1.257661]   Magic number: 1:252:3141
...

But no further reference to vif.  Whereas on sys-firewall, dmesg shows:

[1.277519] xenbus_probe_frontend: Device with no driver: device/vif/0
[1.277687]   Magic number: 1:252:3141
...
[   33.337886] IPv6: ADDRCONF(NETDEV_UP): vif105.0: link is not ready
[   43.258766] vif vif-105-0 vif105.0: Guest Rx ready
[   43.258813] IPv6: ADDRCONF(NETDEV_CHANGE): vif105.0: link becomes ready
--

What am I missing?  Is there something in dom0 or in the ProxyVM's start
scripts I need to configure the vif interface, so I can do some Proxyin'?

I thought I recalled creating my own ProxyVM in 3.1 to check it out, and I
*thought* the vif appeared automatically, but I could be mistaken about
that.

I did some Googling and reading of xen networking pages, but am quite lost
as to why this interface isn't showing up (other than the mentio nof
device/vif/0 in dmesg).

The Qubes networking page wasn't particularly helpful:

> Firewall and Proxy VMs
>
> TODO

:)

Thanks.

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/37ab7e172cc0de1fe99d859f7c0bad8c.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] /rw/config/rc.local on debian-8

2016-08-22 Thread johnyjukya
/rw/config/rc.local doesn't seem to be run on startup in debian-8
(3.2-testing).

What is supposed to launch this?  systemd, another startup script, or
something dom0-related?

I added "/rw/config/rc.local" to "/etc/rc.local" and it works, but was
wondering what might be the official way to do this, and if this is a bug.

Thanks.

JJ

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6b6f56508f5e9769cf1c77eac80bffbf.webmail%40localhost.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora 23 template not updating - with a blank screen

2016-08-22 Thread 48juya+35xih7kuzgagg via qubes-users
It seems that the updates on dom0 are also affected:

sudo qubes-dom0-update 
Using sys-firewall as UpdateVM to download updates for Dom0; this may take some 
time...
Running command on VM: 'sys-firewall'...
Checking for dom0 updates...
Last metadata expiration check: 1 day, 16:07:48 ago on Sat Aug 20 22:40:37 2016.
Dependencies resolved.
Nothing to do.
Sending application list and icons to dom0
Complete!
Yum command has been deprecated, redirecting to '/usr/bin/dnf check-update'.
See 'man dnf' and 'man yum2dnf' for more information.
To transfer transaction metadata from yum to DNF, run:
'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate'

Qubes OS Repository for Dom0

 68 MB/s | 151 kB 00:00
Yum command has been deprecated, redirecting to '/usr/bin/dnf -q check-update'.
See 'man dnf' and 'man yum2dnf' for more information.
To transfer transaction metadata from yum to DNF, run:
'dnf install python-dnf-plugins-extras-migrate && dnf-2 migrate'






Sent using GuerrillaMail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/38a37ad523cdc9f2e77b5b17de8d6fea6976%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Re: Fedora 23 template not updating - with a blank screen

2016-08-22 Thread 48juya+35xih7kuzgagg via qubes-users
I managed to complete the updates after 45m, I followed your suggestion and 
bounced the template VM and rerun the 'dnf update --refresh' command, however 
the issue persists - the same painful slowness while fetching the repositories:

[root@fedora-23 ~]# dnf update --refresh
RPM Fusion for Fedora 23 - Free 
   1.8 MB/s | 457 
kB 00:00
RPM Fusion for Fedora 23 - Nonfree - Updates
   546 kB/s |  57 
kB 00:00
RPM Fusion for Fedora 23 - Free - Updates 0% [  
 ] ---  B/s |   0  
B --:-- ETA






Sent using GuerrillaMail.com
Block or report abuse: 
https://www.guerrillamail.com/abuse/?a=UFR2AB5NVqcQmh2U93EQdRjCStifx8dDiadNcQ%3D%3D



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/80487c11d0b3debe63a24fc63c362acef463%40guerrillamail.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Fedora 23 template not updating - with a blank screen

2016-08-22 Thread Jeremy Rand
48juya+35xih7kuzgagg via qubes-users:
> It seems that doing a 'dnf update --refresh' it provides some output but 
> updating the repositories is taking forever:
> 
> [root@fedora-23 ~]# dnf update --refresh
> RPM Fusion for Fedora 23 - Nonfree
>  1.1 MB/s | 
> 156 kB 00:00
> RPM Fusion for Fedora 23 - Free   
>  3.8 kB/s | 
> 457 kB 02:00
> Qubes OS Repository for VM (updates)  
>  1.0 MB/s | 
> 286 kB 00:00
> Fedora 23 - x86_64 - Updates  
>  199 kB/s |  
> 24 MB 02:03
> 
> 
> Its hanging for more than 15m now, any ideas how to solve this?

Coincdentally, this occurred to me about 20 minutes ago.  Restarting the
fedora-23 TemplateVM and trying to update again fixed it for me.  Might
have been a server issue on Fedora's end.

-Jeremy Rand

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e39a5b17-d83a-977e-a760-2125c24d2d3b%40airmail.cc.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature


Re: [qubes-users] Re: Problem on port forwarding to a VM from the outside world

2016-08-22 Thread nishiwaka46
Le lundi 22 août 2016 03:18:07 UTC+2, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-08-21 16:43, nishiwak...@gmail.com wrote:
> > Le dimanche 21 août 2016 21:28:13 UTC+2, Andrew David Wong a écrit : On 
> > 2016-08-21 04:02, nishiwak...@gmail.com wrote:
>  Any help to configure sys-firewall would be also really appreciated.
>  I got this annoying pop-up when I click on "Firewall rules" tab under
>  the sys-firewall proxyVM settings :
>  
>  "The 'sys-firewall' AppVM is not network connected to a FirewallVM!
>  
>  You may edit the 'sys-firewall' VM firewall rules, but these will
>  not take any effect until you connect it to a working Firewall VM."
>  
>  Only subject related to this problem I found is this message from
>  Unman on Qubes-users group :
>  
>  "When you configure the firewall rules for a vm those rules are
>  applied ON THE FIREWALL to which the vm is attached. So the error
>  message you get is entirely accurate - your firewall is not attached
>  to a firewall and so the rules cannot be applied. Of course you COULD
>  configure a firewall between the fw and the netvm but the same
>  consideration would apply to THAT fw. There's no reason why you cant
>  configure the fw iptables by hand if you want to: you can use 
>  /rw/config/qubes-firewall-user-script to have these rules applied 
>  automatically."
>  
>  Ok so here's what I understand from this message : this proxyVM 
>  Firewall is probably working but rules don't apply because it is 
>  attached to a NetVM, which don't have any firewall policies by 
>  default.
>  
>  https://www.qubes-os.org/doc/qubes-firewall/ Official documentation 
>  says : "Every VM in Qubes is connected to the network via a
>  FirewallVM, which is used to enforce network-level policies. By
>  default there is one default Firewall VM, but the user is free to
>  create more, if needed."
>  
>  And then you got explanations on how to edit rules in a specific VM
>  for a given domain.
>  
>  So I understand you have to edit rules on a AppVM to open up ports 
>  there, but I mean not everyone running Qubes OS is highly graduated
>  in IT and network routing.
>  
>  I find quite disappointing that the official documentation don't 
>  mention more clearly how to set up the default sys-firewall proxyVM, 
>  like if you are supposed to check either "Deny network access
>  except" or "Allow network access except" button or if that doesn't
>  matter, if those policies won't apply anyway because of this
>  pop-up...
>  
> > 
> > Just ignore the "Firewall rules" tab of sys-firewall. Pretend it's not even
> >  there.
> > 
> > Suppose you have an AppVM in which you want to enforce specific firewall 
> > rules. You should go into the VM settings for *that VM*, then the "Firewall
> >  rules" tab, then configure your firewall rules there. These firewall
> > rules are then *enforced by* sys-firewall under the hood. Enforcing these
> > rules for other VMs is sys-firewall's raison d'être.
> > 
> > By default, there is only one VM with this job: sys-firewall. Therefore, 
> > there is no other VM that can perform this job *for* sys-firewall. But
> > that's not a problem, because there's usually no reason to specify firewall
> > rules for sys-firewall itself anyway. (Besides, you're free to create as
> > many ProxyVMs as you like an chain them together.)
> > 
> > 
> > Ok, thank you very much for your help. Unfortunately I still have great 
> > difficulties to open up port 443 or 80 on an AppVM.
> > 
> > I have read this comment on another thread from Alex Dubois saying :
> > 
> > "A diagram in the wiki would help people understand.
> > 
> > For now: A packet comming from the outside has a sourceIP of the
> > workstation on the LAN that issued it or the router that routed the packet
> > into your LAN and a destinationIP of your netVM externalIP (probably
> > 192.168.0.x). The NetVM iptables rules are going to transform it to a
> > packet with a destinationIP of your firewallVM (10.137.1.5). The firewallVM
> > iptables rule are going to transform it to a packet with a desktinationIP
> > of your AppVM (10.137.2.16)."
> > 
> > I completely agree with him, a diagram would really help. I don't get why 
> > documentation don't address the routing basics stuff that isn't really
> > basic for newbies, for random people.
> 
> The documentation is largely a volunteer effort. I'm afraid we simply don't
> have the workforce to make all necessary and desirable improvements to the
> documentation. We would love it if someone would submit a pull request adding
> such a diagram or, in general, improving that page.
> 
> > I like a lot Qubes, this is an awesome OS, but far too complicated for
> > mister everyone. I am at the point right now where frustration becomes
> > 

Re: [qubes-users] Re: Problem on port forwarding to a VM from the outside world

2016-08-22 Thread nishiwaka46
Le lundi 22 août 2016 03:18:07 UTC+2, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> The documentation is largely a volunteer effort. I'm afraid we simply don't
> have the workforce to make all necessary and desirable improvements to the
> documentation. We would love it if someone would submit a pull request adding
> such a diagram or, in general, improving that page.

I would love as well to be able to host a website to share my interest for 
Qubes OS with the world, or at least, with people of my country sharing my own 
language, if you don't mind, because Qubes documentation looks like imo being 
written mostly by native english users that don't seem to care much for 
non-native english users being lost. I would this way really like to 
participate to some translation effort, as I don't necessarily think you can 
enter easily those quite complicated notions with your non-native language.
Qubes documentation being largely a volonteer effort doesn't make it immune to 
the critics, and mine is that people spending this valuable time to share their 
knowledge to make people enter quite long and complicated procedures should 
consider that :
1) Explaining how to do port forwarding without adressing or refering to basic 
knowledge upon this concept leads to frustration, as you necessarily need to 
understand a bit what's going on in order to adapt the procedures.
2) Even if I think people mostly appreciate and are thankful to the Qubes 
community developpment for the incredible security improvement Qubes OS brings 
to everyone and that makes Qubes OS probably the best OS I know so far, when 
security isolation somehow puts you in cage where you encounter difficulties to 
communicate with rest of the world, well that's not the goal per se :p

> Sorry, this is beyond my knowledge. My own use of Qubes (as a regular user)
> has never occasioned the need to port forward to a VM from the outside world.
> Perhaps it's worth appreciating that what you're attempting to do is somewhat
> advanced, and therefore you should not expect it to be extremely simple. In
> any case, I hope someone knowledgeable about networking will chime in to help
> you with this.

No problem, thank you for your help. I hope someone might give me some advices 
on this problem, but I am already trying to learn on iptables, as it looks like 
you can't unblock ports using only Qubes firewall, you have to understand these 
iptables scripts ^^
  
> - -- 
> Andrew David Wong (Axon)
> Community Manager, Qubes OS
> https://www.qubes-os.org
> -BEGIN PGP SIGNATURE-
> 
> iQIcBAEBCgAGBQJXulK8AAoJENtN07w5UDAwKRgP/3qtwhSLXRCI03DqA76JMo2o
> 2d24pqwjw9f/rX3ep36qHN1Y4iSSP/la/ze9dgoWPnyXakrB8R7olqasV2o4Z9+v
> ZyLqSOKF6R2KPUSyl1vE6Tc4F6l068wOcQnNphq+tmZEHX8VFprYgkzchXCMj9fp
> sVsU7Xk0prNXs/FWqxzPTJzbC7lPRuJ0OBTHdj8uvatJ6eeb6QxRI3hKWu2nXpCM
> 7ugxLc8Lvy5Ntjp40DoQOMidSDU2WmNyUBAfrlUGjIXVxu7mzk45P67cPG5Zuvo9
> KchQgu44N4bgm2tdkHg248iyB/GzolsObs3BQCzadMz7E2jv8YVU8u0rAD41OGON
> rDTqnDp5VEdo72iNijyZkXh+in/cmtAG9FY1JisTgeZhxTXJmMlzduDIaB2+QjBH
> UBeU9DxeeXtthmYIlmoq40gbLUnEW4KkMfyky99vWZcUHnCzdVd9l12+PDJkIAF5
> N2la7fqnAh5ElsdT3nBzECb7C5CYtW3zFB/oEDrmsObinIF5E0ohPdwWnXn++jCF
> kwurhgtReWPCxfd+JeIJTi3bQxE24pnPkTT4KYPcOloE9RHwGd5EsAIxkvbPb/po
> aUn1edDzVtnoyrXa/FVODd0IxW9TjFq1RGk8d9mXPSb01fKrKIOUQXnhyfwiY5gK
> sW6MaE08rTguFWY2Ng9q
> =E9Mf
> -END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b4d805e9-e81a-422b-a8a2-67a5b2578091%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Problem on port forwarding to a VM from the outside world

2016-08-22 Thread nishiwaka46
Le lundi 22 août 2016 03:18:07 UTC+2, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-08-21 16:43, nishiwak...@gmail.com wrote:
> > Le dimanche 21 août 2016 21:28:13 UTC+2, Andrew David Wong a écrit : On 
> > 2016-08-21 04:02, nishiwak...@gmail.com wrote:
>  Any help to configure sys-firewall would be also really appreciated.
>  I got this annoying pop-up when I click on "Firewall rules" tab under
>  the sys-firewall proxyVM settings :
>  
>  "The 'sys-firewall' AppVM is not network connected to a FirewallVM!
>  
>  You may edit the 'sys-firewall' VM firewall rules, but these will
>  not take any effect until you connect it to a working Firewall VM."
>  
>  Only subject related to this problem I found is this message from
>  Unman on Qubes-users group :
>  
>  "When you configure the firewall rules for a vm those rules are
>  applied ON THE FIREWALL to which the vm is attached. So the error
>  message you get is entirely accurate - your firewall is not attached
>  to a firewall and so the rules cannot be applied. Of course you COULD
>  configure a firewall between the fw and the netvm but the same
>  consideration would apply to THAT fw. There's no reason why you cant
>  configure the fw iptables by hand if you want to: you can use 
>  /rw/config/qubes-firewall-user-script to have these rules applied 
>  automatically."
>  
>  Ok so here's what I understand from this message : this proxyVM 
>  Firewall is probably working but rules don't apply because it is 
>  attached to a NetVM, which don't have any firewall policies by 
>  default.
>  
>  https://www.qubes-os.org/doc/qubes-firewall/ Official documentation 
>  says : "Every VM in Qubes is connected to the network via a
>  FirewallVM, which is used to enforce network-level policies. By
>  default there is one default Firewall VM, but the user is free to
>  create more, if needed."
>  
>  And then you got explanations on how to edit rules in a specific VM
>  for a given domain.
>  
>  So I understand you have to edit rules on a AppVM to open up ports 
>  there, but I mean not everyone running Qubes OS is highly graduated
>  in IT and network routing.
>  
>  I find quite disappointing that the official documentation don't 
>  mention more clearly how to set up the default sys-firewall proxyVM, 
>  like if you are supposed to check either "Deny network access
>  except" or "Allow network access except" button or if that doesn't
>  matter, if those policies won't apply anyway because of this
>  pop-up...
>  
> > 
> > Just ignore the "Firewall rules" tab of sys-firewall. Pretend it's not even
> >  there.
> > 
> > Suppose you have an AppVM in which you want to enforce specific firewall 
> > rules. You should go into the VM settings for *that VM*, then the "Firewall
> >  rules" tab, then configure your firewall rules there. These firewall
> > rules are then *enforced by* sys-firewall under the hood. Enforcing these
> > rules for other VMs is sys-firewall's raison d'être.
> > 
> > By default, there is only one VM with this job: sys-firewall. Therefore, 
> > there is no other VM that can perform this job *for* sys-firewall. But
> > that's not a problem, because there's usually no reason to specify firewall
> > rules for sys-firewall itself anyway. (Besides, you're free to create as
> > many ProxyVMs as you like an chain them together.)
> > 
> > 
> > Ok, thank you very much for your help. Unfortunately I still have great 
> > difficulties to open up port 443 or 80 on an AppVM.
> > 
> > I have read this comment on another thread from Alex Dubois saying :
> > 
> > "A diagram in the wiki would help people understand.
> > 
> > For now: A packet comming from the outside has a sourceIP of the
> > workstation on the LAN that issued it or the router that routed the packet
> > into your LAN and a destinationIP of your netVM externalIP (probably
> > 192.168.0.x). The NetVM iptables rules are going to transform it to a
> > packet with a destinationIP of your firewallVM (10.137.1.5). The firewallVM
> > iptables rule are going to transform it to a packet with a desktinationIP
> > of your AppVM (10.137.2.16)."
> > 
> > I completely agree with him, a diagram would really help. I don't get why 
> > documentation don't address the routing basics stuff that isn't really
> > basic for newbies, for random people.
> 
> The documentation is largely a volunteer effort. I'm afraid we simply don't
> have the workforce to make all necessary and desirable improvements to the
> documentation. We would love it if someone would submit a pull request adding
> such a diagram or, in general, improving that page.
> 
> > I like a lot Qubes, this is an awesome OS, but far too complicated for
> > mister everyone. I am at the point right now where frustration becomes
> > 

Re: [qubes-users] Re: Problem on port forwarding to a VM from the outside world

2016-08-22 Thread nishiwaka46
Le lundi 22 août 2016 03:18:07 UTC+2, Andrew David Wong a écrit :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2016-08-21 16:43, nishiwak...@gmail.com wrote:
> > Le dimanche 21 août 2016 21:28:13 UTC+2, Andrew David Wong a écrit : On 
> > 2016-08-21 04:02, nishiwak...@gmail.com wrote:
>  Any help to configure sys-firewall would be also really appreciated.
>  I got this annoying pop-up when I click on "Firewall rules" tab under
>  the sys-firewall proxyVM settings :
>  
>  "The 'sys-firewall' AppVM is not network connected to a FirewallVM!
>  
>  You may edit the 'sys-firewall' VM firewall rules, but these will
>  not take any effect until you connect it to a working Firewall VM."
>  
>  Only subject related to this problem I found is this message from
>  Unman on Qubes-users group :
>  
>  "When you configure the firewall rules for a vm those rules are
>  applied ON THE FIREWALL to which the vm is attached. So the error
>  message you get is entirely accurate - your firewall is not attached
>  to a firewall and so the rules cannot be applied. Of course you COULD
>  configure a firewall between the fw and the netvm but the same
>  consideration would apply to THAT fw. There's no reason why you cant
>  configure the fw iptables by hand if you want to: you can use 
>  /rw/config/qubes-firewall-user-script to have these rules applied 
>  automatically."
>  
>  Ok so here's what I understand from this message : this proxyVM 
>  Firewall is probably working but rules don't apply because it is 
>  attached to a NetVM, which don't have any firewall policies by 
>  default.
>  
>  https://www.qubes-os.org/doc/qubes-firewall/ Official documentation 
>  says : "Every VM in Qubes is connected to the network via a
>  FirewallVM, which is used to enforce network-level policies. By
>  default there is one default Firewall VM, but the user is free to
>  create more, if needed."
>  
>  And then you got explanations on how to edit rules in a specific VM
>  for a given domain.
>  
>  So I understand you have to edit rules on a AppVM to open up ports 
>  there, but I mean not everyone running Qubes OS is highly graduated
>  in IT and network routing.
>  
>  I find quite disappointing that the official documentation don't 
>  mention more clearly how to set up the default sys-firewall proxyVM, 
>  like if you are supposed to check either "Deny network access
>  except" or "Allow network access except" button or if that doesn't
>  matter, if those policies won't apply anyway because of this
>  pop-up...
>  
> > 
> > Just ignore the "Firewall rules" tab of sys-firewall. Pretend it's not even
> >  there.
> > 
> > Suppose you have an AppVM in which you want to enforce specific firewall 
> > rules. You should go into the VM settings for *that VM*, then the "Firewall
> >  rules" tab, then configure your firewall rules there. These firewall
> > rules are then *enforced by* sys-firewall under the hood. Enforcing these
> > rules for other VMs is sys-firewall's raison d'être.
> > 
> > By default, there is only one VM with this job: sys-firewall. Therefore, 
> > there is no other VM that can perform this job *for* sys-firewall. But
> > that's not a problem, because there's usually no reason to specify firewall
> > rules for sys-firewall itself anyway. (Besides, you're free to create as
> > many ProxyVMs as you like an chain them together.)
> > 
> > 
> > Ok, thank you very much for your help. Unfortunately I still have great 
> > difficulties to open up port 443 or 80 on an AppVM.
> > 
> > I have read this comment on another thread from Alex Dubois saying :
> > 
> > "A diagram in the wiki would help people understand.
> > 
> > For now: A packet comming from the outside has a sourceIP of the
> > workstation on the LAN that issued it or the router that routed the packet
> > into your LAN and a destinationIP of your netVM externalIP (probably
> > 192.168.0.x). The NetVM iptables rules are going to transform it to a
> > packet with a destinationIP of your firewallVM (10.137.1.5). The firewallVM
> > iptables rule are going to transform it to a packet with a desktinationIP
> > of your AppVM (10.137.2.16)."
> > 
> > I completely agree with him, a diagram would really help. I don't get why 
> > documentation don't address the routing basics stuff that isn't really
> > basic for newbies, for random people.
> 
> The documentation is largely a volunteer effort. I'm afraid we simply don't
> have the workforce to make all necessary and desirable improvements to the
> documentation. We would love it if someone would submit a pull request adding
> such a diagram or, in general, improving that page.
>

I would love as well to be able to host a website to share my interest for 
Qubes OS with the world, or at least, with people of my country sharing my own