Re: [qubes-users] Slow performance of Docker containers in AppVMs

[Ángel]

Garrett Robinson wrote:
> I am working on transitioning my day-to-day software development work to
> Qubes. The primary challenge that I face is widespread use of Vagrant
> for provisioning development environments. I am aware of the challenges
> and concerns around hacking Qubes to achieve nested virtualization, so I
> am trying to avoid going down that road.

Supposedly, you could make vagrant use xen with
https://github.com/jonludlam/vagrant-xenserver at which point there
would be no double virtualization. I don't know how would it interact
with Qubes way, or if it would be breaking some security fence, but
seems worth investigating.


Best

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485297583.1492.8.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes r3.2 bricked

[Ángel]

Bernhard wrote:
> Hello, I bricked my system a bit. Yesterady I decided  to follow the
> ..onion update procedure. For dom0 all went well (after reading that I
> must change to whonix-net),but I had to modify the debian-8 and
> fedora-24 repo-files "by hand". No big deal. I could update f24 (this
> morning), but debian bugged a bit. Suddenly I thought that maybe I had
> to put netVM to whonix for the templateVM's as well. With a doubt on it
> I looked up what I did with f24 .. and there, by accident I let the
> dropdown box on "sys-net" instead on sys-firewall (or whonix-net).

I would expect that this would make you lose the firewall protection...


> Immediately sys-net derailed and lost network. 
...not sys-net to die.


Is any of your /var/lib/qubes/*/*/firewall.xml files 0-bytes?
(if so, delete it -so it gets replaced with default settings- and
restart)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485297015.1492.5.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Truncating a non linux HVM?

[Ángel]

Drew White wrote:
> What is the easiest way to truncate a non-linux HVM filesystem so that it can 
> be smaller and take up less space?
> 

1. Resize the filesystem from inside the HVM in a supported way (maybe
with a Live CD?)
2. Actually truncate the backing file

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1485296642.1492.1.camel%4016bits.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Workaround for building Ubuntu xenial+desktop with qubes-builder

[Foppe de Haan]

On Tuesday, January 24, 2017 at 8:00:01 AM UTC+1, anoa wrote:
> Hey all,
> 
> Today I was trying to build the Ubuntu 16.04 Xenial+Desktop template
> using qubes-builder with help from these instructions:
> 
> https://github.com/QubesOS/qubes-builder
> 
> Everything was alright until the `make qubes-vm` step where it would
> fail on the following:
> 
> > dpkg-source: error: can't build with source format '3.0 (quilt)': no 
> > upstream tarball found at ../xen_4.6.3.orig.tar.{bz2,gz,lzma,xz}
> > dpkg-buildpackage: error: dpkg-source -b debian-vm gave error exit status 
> > 255
> > /home/user/qubes-builder/qubes-src/builder-debian/Makefile.qubuntu:196: 
> > recipe for target 'dist-package' failed
> 
> The build was looking for xen_4.6.3 when in fact xen_4.6.4 is in the
> folder. As a workaround, simply copying the xen_4.6.4 to be named
> xen.4.6.3 allowed the build to continue and eventually complete
> successfully:
> 
> > cd /path/to/qubes-builder/chroot-xenial/home/user/qubes-src/vmm-xen; sudo 
> > cp -pr ./xen_4.6.4.orig.tar.gz ./xen_4.6.3.orig.tar.gz
> 
> Hope this helps someone while the script is being updated.

Thanks for the workaround + prod. :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/76e5cef5-1b2a-434a-ae63-c4d01bad2bca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Redshift in dom0?

[Jimmy Axenhus]

Den 2017-01-24 kl. 18:34, skrev ms.amne...@donotusemy.info:
> On Monday, January 23, 2017 at 4:22:56 PM UTC+1, Kopimi Security wrote:
> 
> The only "tweak" I still need is the mouse pointer, as it is unaffected by 
> redshift on my Qubes.
> 
> Anyone any ideas about that?
> 


You need to disable the hardware cursor. It's a known limitation. [1]

I got this in /etc/X11/xorg.conf and it's doing the job nicely.

Section "Device"
Identifier "Device0"
Driver "radeon"   # Replace with your driver
Option "SWCursor" "on"
EndSection


[1]: http://jonls.dk/redshift/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5990689-cb20-04b2-98e5-cb4732e75a01%40axenhus.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Redshift in dom0?

[ms . amnesia]

On Monday, January 23, 2017 at 4:22:56 PM UTC+1, Kopimi Security wrote:
> sudo qubes-dom0-update redshift
>
(...)
> Some say that redshift is too "red" in colour, you may want to experiment 
> with the settings.
>
> Please let's know how it turns out!

The "redness" can easily be tweaked! (And also brightness, which is a must for 
me).

I normally prefer to use it (through a script) as follows:
redshift -l  -t 6500:2700 -b 1.0:0.6 
which I like to add to my crontab on other systems as:
@reboot "/redshift.sh" 2>&1
Unfortunately doesn't work on qubes (other systems seem to suffer from the 
@reboot bug too?).

The -t option sets the colour temperature (normal:redshifted), while the -b 
sets brightness (normal:redshifted). I found the values by experimentation and 
comparing it with values from f.lux (on *cough* windows *cough*).
Don't forget to kill the process first after you've changed the values or the 
two processes might fight over dominance...

For me this is the ideal setting on all my linuxes most of the time. I do tend 
to switch to something between the two temperatures/brightnesses when I'm 
getting more photosensitive and still need to 'work'.

On Tuesday, January 24, 2017 at 6:17:02 PM UTC+1, Loren Rogers wrote:
> Thanks for the info - this worked for me! I managed to get it to start at 
> login by creating a new item in System Tools > Session and Startup >  
> Application Autostart.

I went down this route too on Qubes (and one other linux) at least, as the 
@reboot didn't work.

The only "tweak" I still need is the mouse pointer, as it is unaffected by 
redshift on my Qubes.

Anyone any ideas about that?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc649c20-d071-4b43-b6ca-e5d5c05584fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Redshift in dom0?

[Loren Rogers]

Sent with [ProtonMail](https://protonmail.com) Secure Email.


 Original Message 
Subject: Re: Redshift in dom0?
Local Time: January 23, 2017 10:22 AM
UTC Time: January 23, 2017 3:22 PM
From: kopimi.sekur...@gmail.com
To: qubes-users 
lo...@lorentrogers.com

On Monday, January 23, 2017 at 3:37:23 PM UTC+1, Loren Rogers wrote:
> What's the best way to install something like Redshift in dom0?

sudo qubes-dom0-update redshift

Then you can do: redshift -l lat:lon &
Then just to quickly test, maybe adjust the system time, and see how it turns 
down the intensity of the screen.
Or a command-line switch to redshift.
Some say that redshift is too "red" in colour, you may want to experiment with 
the settings.

Please let's know how it turns out!

Thanks for the info - this worked for me! I managed to get it to start at login 
by creating a new item in System Tools > Session and Startup > Application 
Autostart.

How secure is this considered? I assume that I'm trusting Redshift 100%, 
because it's running in dom0. Is there any way to have this run in a 
non-trusted way? (Redshift is pretty OK for now, but there may be other 
services like this that I'd like to add later.)

Thanks again!
Loren

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/X0hitvvuCp2Fvj9uJy_YmP-ZpO69OTGl4WGdBjOFi5lIRK0F3b158fx6GJ3nZVD30nfhiOQTTaqc5pLbI5yXhcTaLPMqo9GaM6p9TMN3o6U%3D%40lorentrogers.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Fedora 24 on Qubes 3.1 support, uninstallable packages

[mvermaes]

Hi, I recently installed the fedora-24-minimal template per [1] and configured 
all my AppVMs to use a new template based on it. All seems to be working well, 
except that I am unable to install the following packages:

- ImageMagick
- pycairo

Both are skipped as follows:

~$ sudo dnf install ImageMagick pycairo
...
Package qubes-template-minimal-stub-1.1-1.fc23.noarch is already installed, 
skipping.
Package pycairo-1.10.0-4.fc24.x86_64 is already installed, skipping.
Package qubes-template-minimal-stub-1.1-1.fc23.noarch is already installed, 
skipping.
Dependencies resolved.
Nothing to do.
Sending application list and icons to dom0
Complete!
~$

[2] seems to suggest it should be possible to install these packages, but I 
also saw a thread [3] that indicates that Fedora 24 may not be supported on 
Qubes R3.1, and maybe this could be causing the issue. The 
qubes-template-minimal-stub rpm is the only fc23 package that is installed in 
the template.

I am planning to reinstall the host with R3.2 at some point anyway, but I 
wanted to get Thunderbird and Firefox updated to the newer versions in F24 
sooner than that, hence installing the newer template first.

The missing packages are not a big deal, but it would be great to confirm the 
correct process for next time (looking forward to Qubes 4.0!) Is it supported 
to update to a newer Fedora template and then upgrade the Qubes release on the 
host, or should the host always be reinstalled/upgraded to the new version 
first?

Thanks very much for your advice.

Michael

[1] https://www.qubes-os.org/doc/templates/fedora-minimal/
[2] https://github.com/QubesOS/qubes-issues/issues/2380
[3] https://groups.google.com/d/topic/qubes-users/uwnPpxhJaZY/discussion

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c39f34e2-8378-4196-992a-16e564a1782c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Suggestions for RBAC for grsecurity-enabled kernel?

[Reg Tiangha]

On 2017-01-24 7:15 AM, Kopimi Security wrote:
> On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote:
>> Yeah, I tried it myself leaving my laptop turned on and on learning mode
>> for three weeks straight, but it didn't catch everything and certain
>> things still failed so there's definitely some manual massaging that
>> needs to be done.
> 
> Thank you for your input!
> 
> Would you think a sniffing approach, or a tripwire approach, to be better*?
> 
> * On a RAM-limited system
> 

That could help with the networking stuff. When I said stuff failed for
me, I meant more along the lines of certain services or processes that
were getting killed by the kernel that may or may not be integral to the
way Qubes does things.

For example, I have both a FirewallVM and an caching UpdateVM running
squid. The only real difference between the two is squid; otherwise, the
UpdateVM is just a glorified FirewallVM. Therefore, one would expect
that the final RBAC ruleset after training between the two would only
differ with the squid bits.

After my training and applying the custom rulesets for each VM, for
whatever reason, no AppVM could connect to the UpdateVM once it was
active (and therefore, the AppVM wouldn't start), but they had no
problems connecting to the FirewallVM. So obviously, something was
missed when training the UpdateVM, but I don't know what it was.
Furthermore, since I don't know how Qubes is archetectured and what
binaries and libraries are responsible for certain functions (or even
where they live!), I don't know what to whitelist. And I don't want to
whitelist entire directories that have or need access for Qubes or Xen
bits like /usr/bin or /var because I'd be whitelisting a bunch of other
things I wouldn't want to be doing either.

That's just one example, though. There were some other things I
encountered as well, but I also concede that some measure of manual
massaging of rules is probably going to be inevitable in the end.

Could I figure out exactly what was failing with enough time by tracing
logs and whatnot? Sure, I suppose. But I've sunk in a lot of hours into
this project already so I don't have as much time to troubleshoot as I
did over the holidays. So I'm hoping someone smarter than me can figure
out next steps, at least when it comes to the RBAC stuff. Or at least
give some hints on what may need to be white listed.

When it comes to the unexpected behaviors that I encountered, I'm still
leaning towards certain things in the Qubes/Xen chain for various use
cases that are getting killed without warning that the training didn't
catch to add to its whitelist. The Grsecurity documentation says that a
process or library needs to be triggered at least four times during the
training in order for it to be a bit more lax when it comes time to
analyze the training log and whitelist more things related to that
binary or library rather than just whitelisting the binary or library on
its own, and so maybe certain processes that are needed for Qubes to
operate just weren't being called enough even after having three weeks
worth of training.

For example, stuff being called during start up and shut down would
never trigger that four time threshold, and it'd be hard to record since
an AppVM's root file system would be nuked every time (in fact, if
you're not careful with your training or how you invoke it, your VM may
not start because none of the Qubes startup processes would be captured
with the training; I worked around it by adding a line to rc.local to
start the training right away, which helped with start up, but I was
never able to find a way to capture what Qubes processes were
responsible when shutting down so I ended up having to kill all my VMs
to turn them off since RBAC would kill whatever processes were
responsible for shut down because it never caught them in its training).

Perhaps the training log could be made to be persistent by placing it
within /home, but I was under the impression that the system couldn't be
shut down in the middle of training. I could be mistaken, though, but I
never tried it regardless. I suppose one could write a shutdown script
that flushed the training log, the question would be when in the
shutdown process would it be called. It would need to be one of the last
things in the sequence, otherwise you would risk not catching everything
possible.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o67s01%24cd5%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Suggestions for RBAC for grsecurity-enabled kernel?

[Kopimi Security]

On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote:
> Yeah, I tried it myself leaving my laptop turned on and on learning mode
> for three weeks straight, but it didn't catch everything and certain
> things still failed so there's definitely some manual massaging that
> needs to be done.

Thank you for your input!

Would you think a sniffing approach, or a tripwire approach, to be better*?

* On a RAM-limited system

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e1b6a948-ec60-4dbc-a40f-8ca410a3ef9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: question about setting up VPN proxy vm

['01v3g4n10' via qubes-users]

On Monday, January 23, 2017 at 4:20:26 PM UTC-6, Brian LoBue wrote:

> I've setup the proxyVM and added the network-manager service in the vm's 
> configuration.
> 
> The docs next say to:
> 
> "3. Setup your VPN as described in the NetworkManager documentation 
> linked above."
> 
> When I try and configure a VPN in the icon in the window manager tray I 
> think it's setting up the vpn for sys-net. Is there a way to start the 
> NetworkManager service for the proxyVM? Do I start the 
> NetworkConnections app? I think this is a user error issue but I can't 
> seem to get the proxyVM's networking setup.

internetz.me has put together two very good video tutorials of setting up a vpn 
using both methods in the docs

https://www.youtube.com/watch?v=wYEmDZebow4
https://www.youtube.com/watch?v=K1_zqT7_N7k

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10c07fd1-b20f-4158-a5ad-8b746dc048cb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: question about setting up VPN proxy vm

[Matt P]

I also just went through following that guide.  I did not have luck with the 
network manager service and ended up using the iptables scripts.  At the very 
least I suggest trying to start openvpn in a terminal in your proxyvm to make 
sure it's connecting ok.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/72b4c507-3ddd-461f-a0aa-6b508e8bdb60%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[qmastery16]

вторник, 24 января 2017 г., 12:50:56 UTC+3 пользователь pixel fairy написал:
> On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote:
> > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
> > e5f3c2ea89...@tutanota.com написал:
> > > ... It makes you feel significantly less safe when using anything other 
> > > than Qubes :]
> > 
> > Haha you are a master of clickbait titles :]
> 
> lets make it real then.
> 
> - picky about hardware. probably the biggest issue now.
> 
> - no 3d acceleration. xengt / kvmgt might fix that, but last i checked, that 
> was a huge attack surface which no one at itl wants go over.
> 
> - some hardware will have performance issues even just watching videos as a 
> result of the above.
> 
> - no nested virtualization. again, big, complex attack surface. two common 
> use cases are vagrant and android development.
> 
> - only a few border colors to choose for appvms, so its easy to end up re 
> using colors.
> 
> - for some reason, dom0 borders are blue, one of the appvm colors. 
> 
> - you can copy / paste, but not copy / autotype into a vm. the support seems 
> to be in the gui protocol, just no interface to do it. tried to script it 
> with xdotool, but couldnt get window ids. 
> 
> thats all i can think of as real disadvantages. i would like to see qubes on 
> wayland. i think it greatly reduce attack surface and probably benefit 
> performance.
>
> also, no support for ipv6, though i think thats slated for qubes 4.x
>

> no 3d acceleration

There is 3D acceleration but its only for dom0 (on Qubes R3.2 it is through 
Mesa 11.1.0 which gives OpenGL)

> no nested virtualization

I was sad when installed VirtualBox, tried launching it and it said that 
something like "not supported on Xen hosts" :P At other Linux distros it is 
possible to nest virtualizations one inside another, but only for 32 bit OS for 
inside VMs (last time I checked)

> no support for ipv6

not really a problem. it is 2017 and I still haven't encountered any situation 
where IPv6 is actually being used, despite working a lot with computers and 
routers (IPv6 is there but nobody is using it... Never ever had to use those 
ridiculous IPv6 addresses, yet)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/00befe3c-b949-48e2-a668-c2adaaa8031d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: NVIDIA DRIVER and OPTIMUS

[neznaika]

> - Install both rpm files in dom0
sudo dnf -y -nogpgcheck install 

sudo: dnf: command not found
i have no idea what to do

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57bd2c61-04a1-40b5-90b5-494906ee282b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Network Manager (Wifi) settings get lost upon reboot

[sboresch]

Hi,

I just installed qubes 3.2 with some trouble on a Lenovo T560, with my
main installation (fresh install shortly after 3.2 was released) on my
venerable X220.

On my X220 Networkmanager (via sys-net) works as expected (aside from the
known issue of the invisible "icon" in the panel under KDE/Fedora 24). Wifi 
connections are stored in /rw/config/NM-system-connections in sys-net,
and correctly remembered.

On the T560, nothing gets stored in /rw/config/NM-system-connections; instead
the information (for Wifi connections) gets stored in 
/etc/sysconfig/network-scripts, named ifcfg-wifiname. Obviously, upon a reboot 
net-sys looses all the information. NB: /rw/config is there and write/readable, 
as I needed to add some modules to the suspend_blacklist file.

I am a bit at a loss why the two machines behave so differently.

(i) The X220 mainly is used via KDE, which isn't even installed on the T560 yet
(xfce only), but I doubt that this can be the reason. On the other hand,
the configuration filenames  /etc/sysconfig/network-scripts/ifcfg-wifiname
look odd (wifiname is a placeholder for the actual wifi hotspot I am connecting
to)

(ii) Further, the t560 was installed by removing the SSD, installing the OS on
 different machine, and putting the SSD back in. This led to some initial
problems with various sys-xxx VMs having wrong (non-existing) PCI devices
assigned to them (from the install machine), but I believe that these issues
are sorted out. Maybe there are some other config files that have subtly wrong
information because of the "unusual install". However, I have no
clue where to start looking. The symbolic link 
/etc/NetworkManager/system-connections points to the correct location.

Any hints/suggestions welcome -- thanks

Stefan



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b54153b5-178e-448f-8526-2ebd3ceb9a31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

[pixel fairy]

On Tuesday, January 24, 2017 at 1:50:56 AM UTC-8, pixel fairy wrote:
> On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote:
> > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь 
> > e5f3c2ea89...@tutanota.com написал:
> > > ... It makes you feel significantly less safe when using anything other 
> > > than Qubes :]
> > 
> > Haha you are a master of clickbait titles :]
> 
> lets make it real then.
> 

also, no support for ipv6, though i think thats slated for qubes 4.x

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b5f8b49d-2e2c-44d2-a222-fff62735e6c4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Chipping/Crackling noise on HDMI

[pixel fairy]

On Monday, January 23, 2017 at 10:54:31 AM UTC-8, raah...@gmail.com wrote:
> On Sunday, January 22, 2017 at 6:03:16 AM UTC-5, FWM wrote:
> > Im running a HDMI cable from my GPU to my home theater system, and have set 
> > the VM to use that Audio output.
> > 
> > Unfortunately im getting a chipping/crackling noise. I never used to get 
> > this noise using the same setup but running windows, so i dont think its 
> > the hardware or cable.
> > 
> > Any suggestions?

had a similar problem, also with radeon hdmi. in sound settings theres a 
checkbox labeled DTS. no clue what it is, but that fixed it. still had some 
sound sync issues when playing videos on youtube.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/97c21997-33fb-4930-8231-137771b85d73%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes r3.2 bricked

[Bernhard]

Hello, I bricked my system a bit. Yesterady I decided  to follow the
.onion update procedure. For dom0 all went well (after reading that I
must change to whonix-net),but I had to modify the debian-8 and
fedora-24 repo-files "by hand". No big deal. I could update f24 (this
morning), but debian bugged a bit. Suddenly I thought that maybe I had
to put netVM to whonix for the templateVM's as well. With a doubt on it
I looked up what I did with f24 .. and there, by accident I let the
dropdown box on "sys-net" instead on sys-firewall (or whonix-net).
Immediately sys-net derailed and lost network. When I tried to switch
the templateVM setting back to sys-firewall, I just got a error box
saying "16". I decided to solve this with a clean reboot. This allowed
to switch back the templateVM's back to net-firewall for both, debian
and f24. But net-usb, net-sys and net-firewall (they all depend on f24)
did not come up again. I thought that this will resolve with a second
clean reboot. But nope. So, the state is that I cannot start any appVM
(they close immediately), and I have no network. Worse: I have no idea
how to fix it, so I ask you for help.

Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/668039ad-66f2-f575-6ecd-7154de5c701d%40web.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: question about setting up VPN proxy vm

[Kopimi Security]

On Monday, January 23, 2017 at 11:20:26 PM UTC+1, Brian LoBue wrote:
> Hi All,
> 
> I'm attempting to follow the docs here: https://www.qubes-os.org/doc/vpn/
> 
> and setup a proxyVM so I can tunnel traffic to a vpn for other appvms.
> 

I would recommend just using the command-line scripts, such as openvpn 
.

Please give it a try, I will help you after you have tried yourself.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/55232520-7b48-4067-8f1e-24652bcfc136%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.