Re: [qubes-users] Re: Are Qubes/Xen vulnerable to new DRAMA attack?
On 11/11/2016 10:37 PM, Sec Tester wrote: Perhaps another reason why VM's shouldn't have default root access? "taskset 0x2 sudo ./measure -p 0.7 -s 16." This really needs root to work?! This could be important... these rowhammer vulns have become BAD. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a0b3d88a-e244-25a5-ddca-ce6fa145%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
> You might get more interest if you explained which features of the AirVPN GUI > are worth having. The Github README is blank. > > I think most openvpn users are content to use the official client since it's > simpler and better audited. The current fail-close solution has also been > reviewed by some intelligent (and paranoid) people. Once the VPN is up, the > GUI is hidden behind your work so I'm not sure what advantage it has. Primary reason, the AirVPN GUI makes it very fast to change between the 172 servers AirVPN has https://airvpn.org/status/ GUI shows the stats for each server load, latency. Handy when picking which one to connect to. Also handy to see current uplaod/download speeds. Shows current IP address. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a99b2fa2-fc0d-44b8-aa99-03a7f78724a0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Thoughts on Qubes OS Security... Could be improved.
So Im still new to Qubes, but after going through a bit of a learning curve, building & customizing VM's to suit my security needs, I have a few thoughts on its security. Firstly I really love the direction Qubes has taken the future of operating systems, and its has definitely become my OS of choice. HOWEVER, i feel that Qubes OS relies HEAVILY on ONE security mechanism > Isolation. There are 2 ways we can improve security 1. But adding layers of protection. 2. By reducing the attack surface area. Layers of protection In regards to layers of protection, IMO Qubes only has one. By isolating VM's if a system is infected, it has to breach that VM & gain access to dom0, where it then has total control of the system. The problem is in the current configuration, there is nothing to stop a hacker or malicious software from running, manipulating VM system files, or downloading additional hack tools/scripts to attempt to breach into dom0. To basic extra layers of protection missing from Qubes that usually hardens Linux security are; Password protected root access on VM's SELinux or AppArmor. I have read Qubes excuse for NOT requiring a password for root access in VM's https://www.qubes-os.org/doc/vm-sudo/ I frankly think saying "its highly unlikely if that person (who could breach a VM to dom0) couldn't also find a user-to-root escalation in VM" as a very LAZY justification. They have basically said, Elite hackers can gain root, so lets just not even bother with this foundational layer of security. So we have VM's where any script kiddies code can run riot. This to me is over confidence in VM isolation, and a lax attitude because, hey if your infected you can just reboot & VM is clean again right? Except the infected files sitting in the home directory, just waiting to be opened again and run with root permissions. And in the example of a server VM, that system may rarely be rebooted very often? Infecting the system to infect others that connect to that server. NOT GOOD. >From what i've read SELinux isn't running do to some compatibility errors, and >because there is no point when the whole system has root access. Well lets >lock down default VM root access, and lets find a way to make SELinux work in >Qubes VMs & even dom0, or possibly AppArmor. Or maybe we need a totally new >piece of software that is Qubes specific. The more layers of security in the system the better. Reducing the attack surface area Qubes OS through the use of dom0 has reduced the attack surface area of the kernel, which is good. However, where i think Qubes could improve right out of the box, is having dedicated minimized templates for sys-net & sys-firewall. I spent time setting up fedora-23-minimal templates specifically for sys-net, sys-VPN, banking, email & browsing. I plan to make another for sys-firewall soon. VM's that have the minimal amount of programs on as possible, reduce the attack surface, and possible exploits. Again SELinux not only adds a layer of protection, it also reduces the attack surface area vulnerable in the system. = Finial suggestion = I would like to see the option to setup a decoy OS in the installation procedure, similar to true crypt/Veracrypt. These days many countries airport security can force you to turn on your laptop to be inspected, and while i imagine airport security being very confused by Qubes haha, It would be nice to not have to show them any secure files. Another approach could be decoy VM's (as opposed to another entire decoy Qubes OS), that boot into different encrypted VM's depending on the password. == I do think the Qubes OS team are doing a great job. And i hope they maintain a security based focus, and not depend solely on isolation. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e10d2a7c-bfd1-424f-afc1-b8e3eb9c1d5b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
Sec Tester: > On Saturday, 12 November 2016 04:22:37 UTC+10, Chris Laprise wrote: >>> >> >> A tip for stopping DNS leaks with the GUI: You have to run a script like >> 'qubes-setup-dnat-to-ns' (in Qubes) or 'qubes-vpn-handler.sh' (in the >> VPN doc) after the client connects or else DNS packets won't get >> forwarded through the tunnel. Looking at the airvpn program, you could >> probably symlink its 'update-resolv-conf' to point to >> 'qubes-vpn-handler.sh' and it should work. Just don't click on the >> 'Activate Network Lock' as that will overwrite the firewall rules. >> >> Chris > > Im interested in building a script to work around AirVPN GUI, as opposed to > OpenVPN. I would really have to research and understand exactly what each > line of the current script is doing to manipulated it to work with AirVPN. > > This is currently out of my ability. I would welcome collaboration on this > task. If i do eventually get something working, i will be sure to post it > back here > You might get more interest if you explained which features of the AirVPN GUI are worth having. The Github README is blank. I think most openvpn users are content to use the official client since it's simpler and better audited. The current fail-close solution has also been reviewed by some intelligent (and paranoid) people. Once the VPN is up, the GUI is hidden behind your work so I'm not sure what advantage it has. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eb6d225f-9b81-a707-07e7-12bce457338b%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] .odt files and LibreOffice
On Fri, Nov 11, 2016 at 12:36:39PM +, Unman wrote: > On Fri, Nov 11, 2016 at 06:09:36AM -0500, 'IntersolarMN' via qubes-users > wrote: > > > Hello, > > > > > > > > > > Thank you for your work on Qubes. Note: I haven't used Linux in more than > > > a decade. I have installed Qubes and there's a couple of things I haven't > > > learned yet. Despite installing multiple word processors, none of my .odt > > > files will open via Qubes. I think I need step by step command lines to > > > run in terminal to install LibreOffice onto every Domain, Template, and > > > Workspace and in their respective Shortcut list. Also, LibreOffice is no > > > longer listed in Software when I attempt to reinstall it via GUI. > > > > > > > > > > Also, when opening a Word Processing application, I can never browse or > > > even see a USB drive, even after mounting it. I would like the system, > > > including my Domain: work Web Browser, to always see and browse the thumb > > > drive if possible. > > > > > > > > Qubes Version 3.2 R3.2 > > > > Intel core i3 2.4GHz > > > > 4096MB SDRAM DDR3 > > > > 120GB SSD > > > > > > > > Thank you. > > Hello IntersolarMN, > > Welcome to Qubes. > > I'm not quite clear on what your problem is, but let's start with the > basics. > > LibreOffice - you should install this in a template, and then it will be > available in each qube based on that template. > Assuming that you have the standard templates installed, it's just a > matter of opening Software for the fedora-23 template and installing it > there. > When you restart your work qube you should find that LibreOffice is > available. If not, please provide more details of changes you have made > to the defaults and the templates you are using. > > On the USB question, the critical point is what you mean by "after > mounting it". > Assuming that you installed with a sys-usb, when you insert a USB drive > it will be attached to the sys-usb qube. You need to then attach the > device to the qube you want to work in: you can do this using the > manager or the command line, qvm-block tool. > Once you have attached the device to your "work" qube, it will be present > as /dev/xvdi, and you should then mount the device in that qube. Once > you have done so you will find that you can see the USB contents > available in the "work" qube. > > I hope this is clear. If you have done all this and it isn't working, > please provide a more detailed account of what you have done and what > templates you are using, and exactly what errors you see. > > Sometimes it takes time to get used to a new OS, and the security > structure of Qubes adds a few extra wrinkles, but stick with it, and > everything will become second nature. > > unman On Fri, Nov 11, 2016 at 08:12:18PM -0500, IntersolarMN wrote: > Thank you for the tips. I'm still struggling with this, however. > > In order to obtain a copy of the LibreOffice install file onto the > Template: fedora23 domain, I'll need some new steps. > > I can launch the Web Browser from the Template: fedora23 domain, but > it will not go to any website, including the LibreOffice website or > Google. SERVER NOT FOUND error occurs. > > I have launched a Web Browser from both an [untrusted] and [work] > domain, and was able to download copies of the > LibreOffice_5.1.6_Linux_x86-64_rpm.tar.gz file to both of these > domains' Download folders. > > I cannot, however, copy either version of the install file to the > Fedora23 domain, even when using CTRL/SHIFT/C followed by > CTRL/SHIFT/V. Perhaps it could be done in Terminal, but I would need > to ask someone for the commands and directories to do this. > > If I attempt to launch Software from within Fedora23, there are no > office or word processor options launching, and not even searching for > Libre will help. > > Can someone provide the directory/directories I could go to in > Terminal and what commands to run to move the install file into the > Fedora23 and run it? You could help yourself by reading the docs. The templates are not able to access the internet - this is a security feature. They can access the upstream proxy and can download software using that route. You can change this setting, but it introduces risks. Open Software from Fedora-23 template and search for office. That works for me. Alternatively, open a terminal and use fedora tools: sudo dnf install libreoffice There is no need to download packages and copy them to the template. If you DO want to do this then read the docs- https://www.qubes-os.org/copying-files -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit
Re: [qubes-users] Re: Android-x86 on Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 11, 2016 at 07:20:55PM -0200, Torsten Grote wrote: > On 11/11/2016 06:01 PM, entr0py wrote: > > Thanks! With that, some progress... Deleting ` > bus='xen'/>` from the config file results in usbtablet being replaced > > with ps/2 mouse device. > > Awesome, thanks Marek! > > Is there any way to make this permanent so we don't need to start the VM > with qvm-start each time? There is a hacky way to change "conf_file" entry in qubes.xml. It may have unknown side effects... > > Now, the pointer tracks mouse movements > > automatically instead of requiring manual dragging. However, the > > mouse acceleration doesn't match and the two pointers become > > de-synced. > > It was de-synced before already I think, but it would of course be nice > if that could be adjusted as well. AFAIR this was the main reason to use tablet device instead of mouse there. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYJlrbAAoJENuP0xzK19csFpwH/in3kCJGW7SEYyUH/fxgeTnM MwlgcTO66UxBO4rd+idSIyMLa6KiYsQLi7Z9yO90kEyNKCzD90pnTuTDMLXsH2A5 Ve2LliuXZED7I7AewOvtMC7EEXIVhFTJNK7YYeiO1ji4eTMxOcJ3s6yOMfMtI+q/ z1zBlgiwaMmqU7xX3veZMuAqPeCZep8v6aa9j/3Z/VZjQNPuJbW5Hqu0PIhBX3M5 Io3VPj+tp4+nK1jYUunRpZPlrn3T/XYqaaLg7H7WjcZIUQ8WDNTnW+idSQa46ovJ cWjhL5wHueG5oVVEvOmm3TcvrbT1szXjO1It/js/LhJ+LnfWAa1KBRGkcumLSPI= =pCqM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016235717.GK7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] input proxy: incompatible remote protocol version
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 11, 2016 at 05:01:47PM +0100, to...@vmail.me wrote: > user@dom0]$ qvm-run -u root --pass-io --localcmd="input-proxy-receiver > --mouse" sys-usb "input-proxy-sender /dev/input/by-id/*event*" > Incompatible remote protocol version: 1600085855 > > qubes-input-proxy-1.0.7-1.fc23.x86_64 > qubes-input-proxy-sender-1.0.7-1.fc23.x86_64 Do you have the same version in sys-usb? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYJlWZAAoJENuP0xzK19cs3/UH/RJXVud8Lzhd2DbZThqHZRVS 2Iw+yGoj9DnUZuxlGDuRstEymTi2CzFQgt+WXkSpOIOhrCxMoSAllTqVEgeaW9bV L6ZsFoEaB+mGmvhUFtAZOtHJwHPRqft2aQVklXIbMCe5RDwm80YQ1yuDwqOXKF7u kIMdLnIlqIm+yFr7FwtetR0yfc6HrC8ZGQihaziOHI/aUV2ktk/jTdY4ACRK/sQ9 42jR6//daPoSAxwctmZmo7rZHdd2nLyNUPT5fgO4bM+hE0uYoJlfrsw4fS/n8ogM IPbJVsG4cVK9wszShZj6Xza1PnAi5Xd5pr8i37NGRYQtqz1CgBJDMKgYd4FpCzk= =9wnj -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016233450.GJ7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Improvement: check disk space before copy to VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote: > On Fri, Nov 11, 2016 at 11:57:07PM +0100, Marek Marczykowski-Górecki wrote: >> On Fri, Nov 11, 2016 at 02:34:16PM -0800, Andrew David Wong wrote: >>> On 2016-11-10 08:16, Robert Mittendorf wrote: I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. The file transfer started until the private storage was full. It would be better to check the free disk space size before executing the copy command. regards, Robert >>> >>> Good suggestion. Thank you! >>> >>> https://github.com/QubesOS/qubes-issues/issues/2429 > >> Actually I don't think it is a good idea. File copy protocol is >> intentionally very simple, including being unidirectional. We don't want >> to add any non-essential features there, to keep it as simple as >> possible. > > BTW None of file copying tools I know do that (cp, rsync, scp, ...). > Oh, ok! Fair enough! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYJlNnAAoJENtN07w5UDAwx9wP/jRPsCXbukFCL77N57hQ4jiP 4VK8zEiVKtFeHl7NGp8QNBLecDHN+wHmw1PD2uKWiMJRRpqkrPHZS1NCcwFii+IA 0AowwU5OkpAM/48TeSgB0+ss9R9bV8/G8B/zrmaMQuE0EEA/xVFnKN3sCqPZL1aU 9kbLfgvITfbdrwl1V0frxZR18e1I5j+eNyvwjC3QFmc3aMrU486VsVwKD/0KBKgu hUj2tXsgXGBaIJ2KJflt0qHQCuYljjFa7KElVZ/O9Gq1Md9+4roP2iMSqunQcdpH fX0w8iHGU+zGPssCv2NZ7CJ1kfdhv6RI9YzuGF+DoKYICXS46imOS8aQGDnMMYIu SoaxLRJklN4TwbV2GXn9TmzAb+Svv2IFj0f/zPhMjQAhLmKpvkmEJpzQvj54eR2g Fsx8OA7ESpPEalw/cR5fBpmWWHVWwd00GI2JC1cU4xqRVgOIqTWei0TQuT1NRPUA /7Bd7/9BVwNcTWOFBmn8XVBJvG0LtYAnwVPb8RAHYazE4GH89fNoNFzPJbYO6+yw KDSv6I3YguwXCP3pv8jPYV/zr7HXKRnL80Xmq4hFs9pOwlioQZpq1Lp8EWzUkYLG m18lxXicsKS/HMLL9g54l94zhYVC9SzTXBkK9KmoLRxkGumzLCeXFmngHNnDh0Cs 0zLdR1MVNLtf6kPge6oy =6pmL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/151c6d79-09bf-6885-cdd5-0dcc415f9d6d%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Improvement: check disk space before copy to VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 11, 2016 at 11:57:07PM +0100, Marek Marczykowski-Górecki wrote: > On Fri, Nov 11, 2016 at 02:34:16PM -0800, Andrew David Wong wrote: > > On 2016-11-10 08:16, Robert Mittendorf wrote: > > > I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. > > > The file transfer started until the private storage was full. > > > It would be better to check the free disk space size before executing > > > the copy command. > > > > > > regards, > > > Robert > > > > > > > Good suggestion. Thank you! > > > > https://github.com/QubesOS/qubes-issues/issues/2429 > > Actually I don't think it is a good idea. File copy protocol is > intentionally very simple, including being unidirectional. We don't want > to add any non-essential features there, to keep it as simple as > possible. BTW None of file copying tools I know do that (cp, rsync, scp, ...). - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYJk0cAAoJENuP0xzK19cs83gH/iV9H3AeWAWm9QUaRA/Q2pME f04xhnqz5h54JGIQHvRfYy3XqkGsomC1QzFpSUMnIVAeAXNFfENfVzy5sHSEh/b6 V24tNY2RGl5sNeZMCyVvz3LW10n+nuBdpQ/8lrsYaRSqMAkcI4UyCkl8+Ve5MO/z sOqyFP/T6UbG75JLvlDmAthtNrxQ55D3jYbJ01ZpCKqYfEBKtY2iMCGzJOZLLnA1 IdCqArR0RiQxll/qLuOnscyj5q6wy3KnQsEHulVjjEGP5rYngkfBgwWu3j2W6app Gkl8BunTL6JK9HC2N/D8HpJygCTbI1DmAq5vh0AEEWgy8pGCUxEufvCB/i6j9iM= =Fh8Q -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016225837.GI7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Improvement: check disk space before copy to VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Nov 11, 2016 at 02:34:16PM -0800, Andrew David Wong wrote: > On 2016-11-10 08:16, Robert Mittendorf wrote: > > I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. > > The file transfer started until the private storage was full. > > It would be better to check the free disk space size before executing > > the copy command. > > > > regards, > > Robert > > > > Good suggestion. Thank you! > > https://github.com/QubesOS/qubes-issues/issues/2429 Actually I don't think it is a good idea. File copy protocol is intentionally very simple, including being unidirectional. We don't want to add any non-essential features there, to keep it as simple as possible. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYJkzCAAoJENuP0xzK19cs8Z8H/iWhG46WGSl/i2G6pzpyuUg5 dgAvz+UqgEWwQQVlYFA4tLqWcKbNaBhZB5n+MX8zFPU2MnBS6DCcbxx5DgpPc2Dn SDGx/snbf+6GMBRFPXLtUdfgYTCK8l57NsKYY7nc+5P0IUBn2VV5swRe1WQ7rzMP n5C9uLSVYpWfZs4FE65hRDCGLU/POCCnZvUkLXc0Mmk2VHHlOwkdCADECnSzpqTa F2l0BsaIWYcIY+MCckj1oDZMLVsRa6MPs5O6mZ7nqzCs7dzEjJnRAR15T21u9BHh SJWLW3o2ON+wsmRVi0EftfgOMJObPEIKTXtADRDN/u2wFC2EVH6THWJgXPWt+lM= =8CN/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016225707.GH7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Improvement: check disk space before copy to VM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-10 08:16, Robert Mittendorf wrote: > I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. > The file transfer started until the private storage was full. > It would be better to check the free disk space size before executing > the copy command. > > regards, > Robert > Good suggestion. Thank you! https://github.com/QubesOS/qubes-issues/issues/2429 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYJkdmAAoJENtN07w5UDAwjrIQAKcmYvgJB/pWzbrE008+SejT mSJd1r3lUE8cXnXbP0iP3iw0Lt8VuItmmoIF22TGtiN6Yyu0GU/d752E9dBEY22w W5Buvni0gU3We/s+2jvdkT8WcugZoYxH8V8hQ3qE/pyNoTADZNj5jEF+YRN29NVb BFWzOZqqYxnzzgJxxM0RWht1CC67D79jq2BpQbQbyZdyquhPA7pHGUglvP31JEFO Dp36VI+npJyTA/jvBP9VQ2dG5OVZnhrxcShUAPBJ8rbw92w7AfzeXqjChNIcmqwX RxVkSygfvotkHvh5dii84MYbF1f0rc7tdX95bN5f4qDu1JtSU/hRvLGSYMUezeNN nBJK+5vmW8YPptYZni3gX0P+R1D+TTBaxBhEgKefw2yWENELwVWkeIbaN8PEGqN2 dQMgOhU5L9YYqxT92hSI7U/iHbQi3GfPn4oVE/rFRIgbzqvuFGpj1smHxb5NMHR8 f0Fo6OAE57cqZImad9ItvQCtpefs4mBFQqsLWxMaAd4Iv2VjjJ2TC1Qsb5yDk5kJ zMMfGU6Xd7Yr863ujsy3j1wFKNGtScTmzAUKoBZbhOW1RkkyHe2RtJRDtLETThHC C0IweUjRwGJdoKwWRT4B2JlH6GiwTj7oVfpO8Tkmpe97BPvmKE6N0aH/PleAztYC kKyJ5acIovRGQfMvIZs0 =KY90 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/093a989c-be84-e17b-8baa-e586ef7d877a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes R3.2 on Thinkpad X250: cannot install Windows 7 (hangs on "Starting Windows" at install)
On Wednesday, November 9, 2016 at 5:03:12 AM UTC-8, Pablo Di Noto wrote: > Hello, > > Never had much use for a Windows7 HVM so far. > > Months ago, I installed W7 on Qubes just for the sake of testing. Got to the > point of installing qubes-windows-tools and had some success with it, but > never used it much (in fact, never activated a license on the resulting W7 > install). > > Now I want to start from scratch, but cannot make a HVM to go further than > "Starting Windows" screen on the install phase. > > Only changes I recognize on my setup are: > - R3.2 final installed (which included several Xen updates, 4.6 to 4.6.3 IIRC) > - Got a "storage pool" enabled, to use the machine SHDD together with the > boot SSD. > > So far, tried all this: > - several W7 ISO versions (including the ones I successfully used before). > - creating the HVM with 2, 3 and 4gb of memory. > - creating the HVM on my "big storage" pool, the local SHDD, using -P option > in the qvm-create command > - creating the HVM on the original storage pool, the local boot > qubes-dom0-root volume, using the GUI to create the machine. > - using debug options on all the attempts, but logs show absolutely nothing > that I can recognize as error. > > Any pointers on what to try next, or how to debug? > > Thanks in advance! > ///Pablo I don't have any answers, but a data point that might be useful. I've installed windows HVMs on Qubes 3.2 on both Lenovo T460 and x260 recently, and had no issues. The x250 should be similar. One variable I see is that you have a storage pool whereas mine both had a single drive. Don't know if that makes a difference. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e4f843c6-ad15-4299-a111-30f121a2a6a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Please help, can't get into Qubes
I made a change to the PCI devices for the sys-net VM and now Qubes hangs on boot when starting this vm. I've tried using the installation image to get to system rescue via the troubleshooting link in the installer. I can get into my system this way but I'm unsure what to change as removing the pci device from the sys-net XML file doesn't seem to make this change persist -- something keeps generating a new one with the bad PCI device XML node. How can I disable sys-net from starting when connected via a rescue shell? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8460e4b6-0d13-d18c-37e5-ac5d272b5b26%40gmsl.co.uk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Improvement: check disk space before copy to VM
I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. The file transfer started until the private storage was full. It would be better to check the free disk space size before executing the copy command. regards, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19c2764c-2055-eabe-a946-36a8254aeeae%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] input proxy: incompatible remote protocol version
user@dom0]$ qvm-run -u root --pass-io --localcmd="input-proxy-receiver --mouse" sys-usb "input-proxy-sender /dev/input/by-id/*event*" Incompatible remote protocol version: 1600085855 qubes-input-proxy-1.0.7-1.fc23.x86_64 qubes-input-proxy-sender-1.0.7-1.fc23.x86_64 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff0423c39af4772f173eed036c724f94%40vmail.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Clean install Windows 7 HVM fails after installing qubes-windows-tools 3.2.2-3
pooosi...@vfemail.net: > 1) Create new HVM with 20Gb disk space and 2Gb RAM, Install Win7. You'll need closer to 40GB if you plan to fully update the OS. > 7) Manually start machine. Machine boots fine, but... nothing happens. > Seamless mode is disabled, but I cant see machine's window (screen). Looks > like GUI start fail. Always run VM in debug mode until it's stable. You'll get lots of BSODs and the only way to know is if you have debug mode on. > 11) Ok so i try to: "qvm-start --debug win7" and machine runs great! It's > work! But still looks like it's dont load Videodriver? Because I cant switch > to Aero theme. No VM under Qubes has hardware graphics acceleration. HVM has no sound support. Qubes' primary focus is not compatibility with all OS. If you require a near-native virtualized Windows, your best bets are Hyper-V, VMWare, VirtualBox. I run Office in a non-networked Win7 because I'm too lazy/old to switch to LibreOffice. Qubes is great for this because you don't have to expose your buggy, leaky Windows to the world. But you'll probably run into trouble with anything more intense. For example, Photoshop will struggle with anything but trivial images. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82dd7a80-710b-9216-bac0-f7230f76aaa7%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Display Calibration
On 11/10/2016 06:51 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 09, 2016 at 02:08:46PM +0100, Zrubi wrote: Applying the color profile is half of the job, next part is to provide the same profile for AppVMs. Here I'm stuck a bit because I would need to make the DUMMY display (provided by Qubes) as a color managed device. Then I would be able to "apply" the same profile. Here the apply only would means that colord can provide that profile to the colord aware applications. (Firefox, Eog, Darktable in my case) @Marek: Any idea how to achieve this? Maybe our dummy X driver should provide some properties/capabilities for this? Adding some placeholder functions shouldn't be a problem (if that would be enough) - as soon as someone would find which one. Without this I still getting better colors overall - but the real color management is only achievable if the apps are using the same profile. I think this assertion should be verified before using time and resources on this. At best, it seems like a requirement for a rarely-needed feature. Display calibration is a hardware driver issue and I'm using it just fine with KDE in dom0. When I print, the color gamut and cast matches what I see in the appVM window quite well. I also think we should avoid pushing details that identify hardware into domUs. No doubt, calibration for /printers/ is something to be handled in domUs, but that's because printer drivers operate there. Chris For now I can configure apps (at least Darktable for sure) to use my color profile manually. (BTW: I'm about to create a "color management in Qubes" documentation soon) - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYJF9LAAoJENuP0xzK19csNSwH/1hCT2HWWznuFE1iWWyuGnBZ mHBfjhG9qCl4PKAJcQRePIO+hvqMuzwLsra7MwUrApaAJFBbTC+iAdSUbTqjKdcn oO9Dy6rOvPwNeIbdvpcJ4KU/2rM/lZIUXH5TGRfc76prNaNywmAIDQWIJDkpdfhG 7Cf5GRd/3hP4sh1xasWaEuVc0MJ4bIvL/8hPr1bbv4XdH/Xl3wy5fWVTo4cdiCt2 KurTAlQ7pYc1iUbMYnY1Ot4y+qVGBbQtH1B+bOSeiQzjDHGf4/y2e+i4LheAK+aU 7SkowKbgwO8AGewXlZHmVE8bcQjyqA9xaehYSBabea03Ox1CiSj+X6U/kTxo/ao= =zNH6 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e85510b5-04ed-9d16-774c-93d7d80ad013%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Android-x86 on Qubes
Marek Marczykowski-Górecki: > On Tue, Nov 08, 2016 at 11:09:37PM -0200, Torsten Grote wrote: >> On 11/07/2016 08:54 PM, 3n7r0...@gmail.com wrote: >>> AFAICT, it's an issue with how QEMU is implemented in Xen. The input >>> device in question is passed via `-usbdevice tablet` instead of being >>> left to the default PS/2 emulation. There doesn't seem to be any easy >>> way to disable that parameter from within Xen? > >> I would also be very interested in that! Marek, do you know? > > It is possible to modify config in /var/lib/qubes/appvms/, but for that > you need to copy it first, then pass its new location to qvm-start > --custom-config=... > Thanks! With that, some progress... Deleting `` from the config file results in usbtablet being replaced with ps/2 mouse device. Now, the pointer tracks mouse movements automatically instead of requiring manual dragging. However, the mouse acceleration doesn't match and the two pointers become de-synced. The mouse problem is not a Xen/Qubes issue. Android-x86-4.4-r5 (KitKat) works perfectly on Qubes. Input handling has changed somehow in Lollipop/Marshamallow. I would be perfectly content to use KitKat but (of course), that version doesn't emulate OpenGL (under Qubes) which breaks many Android apps - even non-3D things like Gallery, Maps, Chrome... @Torsten: Did you see my last comment on the issue tracker? Other than that, make sure partition is bootable and use a compatible vga mode. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/99c29989-f671-2444-3bd2-87666dbafb94%40gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
On 11/11/2016 01:24 PM, David Hobach wrote: On 11/10/2016 10:07 PM, Chris Laprise wrote: > On 11/10/2016 01:28 PM, David Hobach wrote: >> I'd recommend to avoid any tools employing iptables which were not >> written explicitly for Qubes as well. > > This. Or at least don't use them without careful inspection. Might be worth to put some warning on the wiki page for less experienced users... > I would also advise users *not* to > rely on firewall settings in Qubes Manager/VM Settings as the options > are too limited to stop compromised VMs that are supposed to be confined > to the VPN tunnel from leaking data to clearnet (e.g. a hostile access > point or other upstream node) regardless of which address/port you specify. Can you please explain that in a more detailed way? Currently I disagree as I don't see a way to leak anything if the user employs the Qubes Firewall for the proxy VM to only allow access to his VPN gateway IPs (preferably not hostnames) and disallows everything else (incl. DNS); in particular nothing is leaked when the VPN is down. This approach might not work for all VPN providers as some e.g. do load balancing via DNS or other tricks, but for some it does. For the others, yes, Qubes Firewall might be too limited. People often use VPNs to safely access the Internet through Wifi access points and routers and ISPs that are hostile. If the VPN-connected appVM is compromised it could search for the VPN IP address in order to send cleartext to the router. All of the known VPN addresses in the world could very easily be programmed into the malware, as this search space is tiny compared to the number of IPv4 addresses. So we have a way of blocking anything at all that might be forwarded to the upstream network interface. This is much better than filtering by IP. Users can employ whatever addressing scheme, and we don't have to instruct them to hard-code IP addresses into scripts, config files and VM settings... the address preconfigured in a downloaded config file will work automatically and be completely protected. Side note: I recently ran into https://github.com/QubesOS/qubes-issues/issues/1183 - I'm still not 100% sure whether it's absolutely impossible to get some unexpected DNS leaks from that bug. That's causing a whitelist operation to fail, so the DNS packets would be blocked instead of leaked. I believe that's why the issue was flagged as minor. Also if Linux netfilter had decided to route them in a leaky way (send to eth0) they would be blocked by the forward-blocking commands from the VPN doc anyway. Chris @Sec Tester: I also checked for leaks using your "google method", but didn't observe any except for the local IP which is a browser issue. Glad to hear you got it done as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19d8efbc-337e-dffa-834e-f2e3fe529afe%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Display Calibration
the filename of the colour profile .icc-file is stored in the X atom _ICC_PROFILE. perhaps, if that is available then the correct profile can be selected by gnome settings manager which currently says there are no colour managed devices in vms. I think colord service would need to be enabled as well. darktable should work then out of box. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ac07ec85-322b-452b-8bc6-ae347dfa4346%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
On 11/10/2016 10:07 PM, Chris Laprise wrote: > On 11/10/2016 01:28 PM, David Hobach wrote: >> I'd recommend to avoid any tools employing iptables which were not >> written explicitly for Qubes as well. > > This. Or at least don't use them without careful inspection. Might be worth to put some warning on the wiki page for less experienced users... > I would also advise users *not* to > rely on firewall settings in Qubes Manager/VM Settings as the options > are too limited to stop compromised VMs that are supposed to be confined > to the VPN tunnel from leaking data to clearnet (e.g. a hostile access > point or other upstream node) regardless of which address/port you specify. Can you please explain that in a more detailed way? Currently I disagree as I don't see a way to leak anything if the user employs the Qubes Firewall for the proxy VM to only allow access to his VPN gateway IPs (preferably not hostnames) and disallows everything else (incl. DNS); in particular nothing is leaked when the VPN is down. This approach might not work for all VPN providers as some e.g. do load balancing via DNS or other tricks, but for some it does. For the others, yes, Qubes Firewall might be too limited. Side note: I recently ran into https://github.com/QubesOS/qubes-issues/issues/1183 - I'm still not 100% sure whether it's absolutely impossible to get some unexpected DNS leaks from that bug. @Sec Tester: I also checked for leaks using your "google method", but didn't observe any except for the local IP which is a browser issue. Glad to hear you got it done as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4bada5fb-b4d1-2669-d4af-d5b770636864%40hackingthe.net. For more options, visit https://groups.google.com/d/optout. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
On 11/11/2016 07:20 AM, Sec Tester wrote: I have successfully applied the setup and scripting in https://www.qubes-os.org/doc/vpn/ No more DNS leaks. This means i can atleast use my vpn, until i find a way to make things work with the AirVPN GUI. A tip for stopping DNS leaks with the GUI: You have to run a script like 'qubes-setup-dnat-to-ns' (in Qubes) or 'qubes-vpn-handler.sh' (in the VPN doc) after the client connects or else DNS packets won't get forwarded through the tunnel. Looking at the airvpn program, you could probably symlink its 'update-resolv-conf' to point to 'qubes-vpn-handler.sh' and it should work. Just don't click on the 'Activate Network Lock' as that will overwrite the firewall rules. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a1a77e4-2dbb-3797-2d06-7e063bf983d7%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Android-x86 on Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Nov 08, 2016 at 11:09:37PM -0200, Torsten Grote wrote: > On 11/07/2016 08:54 PM, 3n7r0...@gmail.com wrote: > > AFAICT, it's an issue with how QEMU is implemented in Xen. The input > > device in question is passed via `-usbdevice tablet` instead of being > > left to the default PS/2 emulation. There doesn't seem to be any easy > > way to disable that parameter from within Xen? > > I would also be very interested in that! Marek, do you know? It is possible to modify config in /var/lib/qubes/appvms/, but for that you need to copy it first, then pass its new location to qvm-start - --custom-config=... - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYJeKnAAoJENuP0xzK19csvpUH/iXmt08lhwbJZMdGGW649TGc cJXRE0m+yMqXBWsSL/vgW3vsMijmQiqqEa3IHBUPgAWIlz6KY0dgEG3RXf3XBRuz t1hrFUwcMYOp/qiDPC630O6Ipcp25c4KI0xYCopkQZo+4j5J3QFXZ8aAAyxBcM2S x3juYgY8JVMsTeRAm8shRm5m6jgD+yiLW33DrG7TyGesdoSHriuxwZs30pRg7L8S ewPFK03McKXS4JEQzlj0kYUzDAQ65H++K3VA4ULn3zdsRmTqea+sd2Q37e+s2Enc yCMwF7sNZb4LycdgP/Qhw7O3c4UD5yzY7OCyYOSOIcbRgLeeF8opSC6VDJcC1Jw= =x4/C -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016152425.GF7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] some trouble installing qubes on a macbook air. please help
basically i've been trying to install qubes on a macbook air (11-inch, early 2014). i've installed rEFInd and have partitioned my disk to allow space. when i boot my usb install stick, the installer comes up with "no drives detected" i've googled about everything (or maybe my search terms suck) but nothing useful comes up. please help if you know whats going on. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97564538-c6dc-4ab8-b14c-981145c9891b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] .odt files and LibreOffice
On Fri, Nov 11, 2016 at 06:09:36AM -0500, 'IntersolarMN' via qubes-users wrote: > > Hello, > > > > > > Thank you for your work on Qubes. Note: I haven't used Linux in more than a > > decade. I have installed Qubes and there's a couple of things I haven't > > learned yet. Despite installing multiple word processors, none of my .odt > > files will open via Qubes. I think I need step by step command lines to run > > in terminal to install LibreOffice onto every Domain, Template, and > > Workspace and in their respective Shortcut list. Also, LibreOffice is no > > longer listed in Software when I attempt to reinstall it via GUI. > > > > > > Also, when opening a Word Processing application, I can never browse or > > even see a USB drive, even after mounting it. I would like the system, > > including my Domain: work Web Browser, to always see and browse the thumb > > drive if possible. > > > > Qubes Version 3.2 R3.2 > > Intel core i3 2.4GHz > > 4096MB SDRAM DDR3 > > 120GB SSD > > > > Thank you. Hello IntersolarMN, Welcome to Qubes. I'm not quite clear on what your problem is, but let's start with the basics. LibreOffice - you should install this in a template, and then it will be available in each qube based on that template. Assuming that you have the standard templates installed, it's just a matter of opening Software for the fedora-23 template and installing it there. When you restart your work qube you should find that LibreOffice is available. If not, please provide more details of changes you have made to the defaults and the templates you are using. On the USB question, the critical point is what you mean by "after mounting it". Assuming that you installed with a sys-usb, when you insert a USB drive it will be attached to the sys-usb qube. You need to then attach the device to the qube you want to work in: you can do this using the manager or the command line, qvm-block tool. Once you have attached the device to your "work" qube, it will be present as /dev/xvdi, and you should then mount the device in that qube. Once you have done so you will find that you can see the USB contents available in the "work" qube. I hope this is clear. If you have done all this and it isn't working, please provide a more detailed account of what you have done and what templates you are using, and exactly what errors you see. Sometimes it takes time to get used to a new OS, and the security structure of Qubes adds a few extra wrinkles, but stick with it, and everything will become second nature. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2016123639.GA13563%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
I have successfully applied the setup and scripting in https://www.qubes-os.org/doc/vpn/ No more DNS leaks. This means i can atleast use my vpn, until i find a way to make things work with the AirVPN GUI. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f9baf4a-df69-4894-b495-12c91e94d40c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] .odt files and LibreOffice
> Hello, > > Thank you for your work on Qubes. Note: I haven't used Linux in more than a > decade. I have installed Qubes and there's a couple of things I haven't > learned yet. Despite installing multiple word processors, none of my .odt > files will open via Qubes. I think I need step by step command lines to run > in terminal to install LibreOffice onto every Domain, Template, and Workspace > and in their respective Shortcut list. Also, LibreOffice is no longer listed > in Software when I attempt to reinstall it via GUI. > > Also, when opening a Word Processing application, I can never browse or even > see a USB drive, even after mounting it. I would like the system, including > my Domain: work Web Browser, to always see and browse the thumb drive if > possible. Qubes Version 3.2 R3.2 Intel core i3 2.4GHz 4096MB SDRAM DDR3 120GB SSD Thank you. https://www.qubes-os.org/mailing-lists/ https://groups.google.com/forum/#!forum/qubes-users -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/838FApaibsGQJUshQAWumtOPXQ3yPzH97-NE9MMS27AXOgW4L3h-Ho3ONWIovu_3sQwelfjgT0rEAQfoPptaDnfjtfepgTW0gDyYMVKl1d8%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock
After further testing, more specifically its a DNS IP leak with the AirVPN GUI with network lock off. I also leak DNS when running OpenVPN in the VPN-Proxy-VM, Havent yet applied Qubes scripts to stop leaks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dce9ec66-3fe9-43e5-8dbf-00e2b85a4a6f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
