[qubes-users] Re: Windows 7 virtual graphics card
Yo find out about virtual graphics cards, perform research into Qubes + VNC -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f226281b-5036-4a49-b604-6fe7b235ef06%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 7 virtual graphics card
On Thursday, 2 June 2016 21:24:02 UTC+10, Achim Patzner wrote: > > Is there a way to provide a virtual graphics card that will support > 3840*2160 pixels? I'm having serious problem to see anything using a > Windows 7 HVM at 257 dpi... > > Either install the tools and go Seamless, OR alter the settings to have the text and all larger. Use the Themes for Windows. Then you won't have an issue seeing things. Or else just use a lower resolution. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3667946f-c821-4477-94c3-ddb81e04c19c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes on a Shoestring in a Hurry
On Sunday, 5 June 2016 19:20:43 UTC+10, unc...@sigaint.org wrote: > > On Sat, June 4, 2016 13:58, unc...@sigaint.org wrote: > > > On Sat, June 4, 2016 12:35, "Holger Levsen" > wrote: > > > >> did you try XFCE instead of KDE? XFCE is much more ressource friendly. > > > > > > Thanks for the tip! I must try a full install; unfortunately that will > > take me offline for some hours, for obvious reasons... > > I manually configured a 4GiB encrypted swap partition on an old hard disk, > and separately an encrypted LVM for Qubes, plus /boot and biosboot. > > The good news is that Qubes R3.1 starts, and LXDE is smooth. > > The bad news is that Qubes doesn't use the swap, and important things fail > due to out-of-memory. > Firstly, I would recommend setting Dom to use only 1 GB of RAM. This is best set after initial install and tell it to NOT create ANY of the VMs.. That way you can define everything after first boot. Set each VM to have 256 MB RAM. IF you have Memory Balancing on, then set Maximum to 356 for NetVM and ProxyVM So install Qubes, but don't create any VMs, create them yourself AFTER you have configured Dom0 using the live DVD /USB after the install. You say you have 2 GB RAM, so have 512 for Dom0, but better for 1 GB. Then you have 1 GB to share among the other VMs. You can go as low as 50 MB for a NetVM. I've got mine running at that. Min 256 for a ProxyVM (depending on how many firewall rules it will have to handle.) So then you have 700MB (rough)) for all other VMs. > I think the rest is best explained in chronological order. > > In the Qubes installer, I elected to configure all the default qubes plus > the option to route all system/update traffic through Whonix > ("experimental"). During the final stage when it shows a progress bar and > configures various qubes, I received the following modal dialog while it > was configuring networking: > > --- begin dialog box > [title bar: "[Dom0]"] > > Setting up networking failure! > > ['/usr/sbin/service', 'qubes-netvm', 'start'] failed: > Redirecting to /bin/systemctl start qubes-netvm.service > Job for qubes-netvm.service failed. See 'systemctl > status qubes-netvm.service' and 'journalctl -xn' for > details. > > [Close] > --- end dialog box > > When I hit "Close", the installer immediately finished. I do not know > whether it just bailed, and left important configuration undone, or if it > really finished. Thence to the Qubes login screen. > > Running "systemctl status -l qubes-netvm.service", the pertinent lines > read in pertinent part (sorry, all of this is manually copied and > retyped): > > --- begin quote > ERROR: ERROR: insufficient memory to start VM 'sys-firewall' > qubes-netvm.service: main process exited, code=exited, status=1/FAILURE > --- end quote > > On startup, exactly two qubes are running: dom0 and sys-net. top(1) > (which I grit my teeth running in dom0; is it part of the TCB?) shows less > than 30M free memory, and... 0 swap! > > Specific questions: > > (a) How do I not only add my swap partition, but make Qubes automatically > unlock and use it at boot? I think this start config issue is probably a > Qubes-specific question, because Qubes is not really like other Linux > distributions in these under-the-hood system things. ;-) > > (b) Related to (a), how do I make sure in the Qubes startup configuration > that it unlocks both the LVM partition and the swap partition with the > same LUKS passphrase? It is not good to type the passphrase multiple > times, e.g. in public with shoulder surfers and possibly security cameras > around. (Or better yet, swap with a one-time ephemeral key.) > > (c) If I can get sufficient qubes started, how do I verify that all > network traffic (including update traffic) is routed through sys-whonix? > IOW in which qube do I fire up tcpdump(1) or check the logs, and really > get a global view of which packets are coming in/out? I am accustomed to > watching traffic (through pf and on physical interfaces). I just need to > know where in the Qubes intranet to get a global view, *without* risking > compromise to dom0 or another important qube with a tcpdump(1) or > libpcap(3) bug. > > Thanks in advance! > > Almost no longer, > > "Uncubed" (un-uncubed?) > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0d3f5bb-a8b7-41f0-a9ec-c949c040a21c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
On 06/08/2016 04:15 PM, asdfg...@sigaint.org wrote: Hello I read the guide on whonix site about how setup a VPN in workstation but it is old and my VPN is a little different, it has a GUI interface but also a setup for Open VPN (to work i have to use GUI). Do I setup like a normal VPN in debian (network connection, import configuration, certificate etc...) and change firewall? Thank you Mixing a VPN in the same VM as other tunnels or proxies is a more complex affair. Qubes proxy VMs allow us to do this kind of thing more cleanly. So I recommend using a debian proxy VM. The doc Andrew linked to contains a firewall script I created with Whonix (and other apps) in mind. Its designed to fail closed (block traffic) if openvpn stops working, and to stop all leaks. The only thing in or out is tunneled traffic and related ICMP. Its designed for simple VPNs that tunnel all traffic upstream (i.e. no special subnet selections), so it'll work with most services. There is a fancier version that creates systemd service and has a more explicit firewall setup, though its about the same protection: https://github.com/ttasket/Qubes-vpn-support What's more, you don't have to alter any template beyond installing openvpn to get this working. OTOH, if you're looking for a solution for Network Manager, the doc shows you how but its without a firewall. I am looking into a way to make the firewall script work with NM. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5758DB48.1070408%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to install clean template?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 10:46, Albin Otterhäll wrote: > How should I go about to install a clean template? When setting up > a template for a specific domain, e.g. software development, it > could be useful to have a clean slate. > You can simply clone one of the default templates. If you've already modified the default template you want to use, you can clone it, then reinstall it from the repo. Here are the instructions for reinstalling the Whonix templates, but the same general procedure should apply to all templates: https://www.qubes-os.org/doc/whonix/reinstall/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWLYEAAoJENtN07w5UDAwrZ4P/36NNgpos/AHcDC7PxY/03LZ EBy9s/XVtQaMMoIIgdhlXVR5LnPYc555nS6mJ9aiLynUxbvJ8G2H/BHZgM4a1Buu qOVKsiXftyziyR7DIiXFPRq9MirNnKKEMZFp3SRnCuFU1LBotmssbV4OTeglOQcY MWmyoNWW8/uDocOVurGWTxWOUM9BQ4DqzH3GhGZhP9kKRPcsmR3wfx2I3Zn1tKIg M5IpSgmeJYN/3P+ENfNZVwLym+KaCSkMEn1VpeCwD119gMrsrijE5f+Ve7fQye94 lHkwnoMOaRtxsj9F6asak9ArH0OInvZy92bshKlW0PUq2en7/OqUelcwUqCLztag A8Ewz6mKwm/E5JGi7gt82dYYbd8eHVMtcbKlp6ODuLZjdQhMkhMTtTOpfEtlsrXS KFoktUbL7m9U8vj+Yl8gmU5V9Igr0o1Q4JxxNk3Bw223GRcYBhYnFjer46aQp48e MunlaZMk83y9HVgaOPxnXAJ+UZeINz0Ll1aj3ItgrQuG/5jfG4Pt9ywsNyj4v+VN 9dUuZof1EuST1k0iT0PmXgqQVu8j6Ibyp1HUtvKQlw632cgu6SEskXrVohNEX9dB Ia2GeDp9Pnro9QDfQOI0m2m+jA/Rx1KPRZAqyjYECnPxW1ogj2pdmfw238H1clP6 oQYOZQz8rYtb0EXUNknV =z7Wh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18729d7b-ca3f-b721-32d8-7b2f95aeeddd%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: qubes user guide instructed me to brick my qubes disk
On Thursday, 9 June 2016 08:22:44 UTC+10, boromi...@sigaint.org wrote: > > > I followed the user guide here for creating a usb VM because for some > reason qubes will otherwise automatically connect a possibly malicious USB > to DOM0 for some unknown reason. My qubes is installed onto a USB so i > dont know what good any of that would do. > > --- > > https://www.qubes-os.org/doc/usb/ > > Alternatively, you can create a USB qube manually as follows: > > In a dom0 terminal, type lsusb to check if you have a USB controller > free of input devices or programmable devices. If you find such free > controller, note its name and proceed to step 2. > Create a new qube. Give it an appropriate name and color label > (recommended: sys-usb, red). > In the qube’s settings, go to the “Devices” tab. Find your USB > controller in the “Available” list. Move it to the “Selected” list. > Click “OK.” Restart the qube. > Recommended: Check the box on the “Basic” tab which says “Start VM > automatically on boot.” (This will help to mitigate attacks in which > someone forces your system to reboot, then plugs in a malicious USB > device.) > > -- > > > LSUSB shows a list of devices and my usb connected to it, i could see my > controllers listed and my qubes usb, it did not specify which controller > its connected to, which even if it did would be of no help, as the devices > tab of the USB vm i created uses different names for the controllers. > > I selected both controllers figuring there is no fault in protected all > usb ports. Then i selected 'start vm automatically' to protect against > some obscure attack. What the instructions failed to document is that a > usb VM will put your USB's into read-only mode which immediately began to > brick my qubes usb. I restarted hoping to fix the problem, but having set > it to start automatically as instructed forced the system to brick itself. > > Im severely disappointed in the failure of the qubes development team to > forsee this simple problem and its failure to document the read-only > property of a usb vm. If it cannot even ascertain that its instructions > will lead to a fatal outcome how can anyone possibly believe they can > secure an entire operating system. > > > > Your subject is kind of false. The guide didn't instruct you to brick your install disk. Unfortunately you did that by not following the instructions. It specifically says: "*type lsusb to check if you have a USB controller * *free of input devices or programmable devices. If you find such free controller, note its name and proceed*" Considering the operation is forwarding the USB controller to the usb-vm... Forwarding both your controllers (one of which includes your install disk) doesn't seem like a smart thing to do. Sorry, just my opinion. If you weren't sure about the instructions, perhaps it would have been best to ask somewhere for assistance? I have had amazing response times to queries in this group and when reporting a non-bug. Hope you give it another go. M. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9da92b3c-6df0-4c8e-b013-cd6fbb3e6f89%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] choosing 1 upgrade of the month
the ram may be cheaper than you expect if you're willing to accept used. I recently bought 6x4g ddr3 ecc on ebay for ~$45 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f8133178-3c8c-42b5-b628-cba932ac75b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New initramfs won't stick
Thanks for the very quick reply! Yes I think you are correct. I will give it a go, passing the correct path for efi. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86c0aec9-a478-4ca5-bef9-fb3b713662f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 08, 2016 at 08:44:11AM -0700, Andrew David Wong wrote: > On 2016-06-08 08:36, Andrew David Wong wrote: > > On 2016-06-08 08:21, Franz wrote: > >> Hello, > > > >> I noted that when I insert a SD card into the corresponding slot > >> of my Lenovo x230, it is automatically attached to Dom0 rather > >> then sys-usb (default configuration). Well I use the SD card only > >> for my Nikon camera and I have no reason to trust Nikon less then > >> Lenovo, so no problem for me, but wonder if this is expected > >> behaviour. > > > >> Best Fran > > > > > > It's probably that the associated hardware device is not assigned > > to any domU (e.g., your USB qube, if you use one). On my ThinkPad, > > the device is labeled "PCI Express Card Reader." Assigning it to my > > USB qube results in any inserted SD card showing up in the USB > > qube. > > > > Issue for implementing an option to have this performed for the user > when the USB qube is first created: > > https://github.com/QubesOS/qubes-issues/issues/2055 Indeed may be a good idea. On the other hand, I remember that for some Realtek devices it is impossible to attach the card reader to a different VM than the (somehow bundled?) network card. I guess it doesn't apply to your model, could you provide more details? Also worth collecting info on problematic models to set appropriate default depending on the hardware. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXWJ1KAAoJENuP0xzK19csPYcH/3jbEvJoLE8Rnc61sAmslpol DIfXZzTfNt4Ag6bDyOS6zRCzSGiaeCRO+c6K+PLllhq8/dVGhlMIVMute/BfFUDh 6i/N4kSkefG/53Xm/Q7DhGaJTvMlkBmOF4yLI1MTe/RMdRzGscn2nDhaX+7tJejD vClwZJumFyxPDylvEb42guAtdzJH2l9IcuGeHZGZgjJlwwxOeLi76OBnF4/lryMe B8Tf42MDyPoyico7TUfg3jN2fSDxjRm4i/+C1LFA58zW5iziOtjTP2U/so//m4Ed 4+XPov7amb3fmXUUst9+zTAL1e00293hOaabtPyoftRV+MwLDAF0fOXM1VFQ9TA= =pSCz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160608223346.GV1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM available space
Thank you Marek. I guess the setting should be greyed out same as root image size. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/209d800b-268f-4a6f-b501-5c0f6cb3d0c2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes user guide instructed me to brick my qubes disk
I followed the user guide here for creating a usb VM because for some reason qubes will otherwise automatically connect a possibly malicious USB to DOM0 for some unknown reason. My qubes is installed onto a USB so i dont know what good any of that would do. --- https://www.qubes-os.org/doc/usb/ Alternatively, you can create a USB qube manually as follows: In a dom0 terminal, type lsusb to check if you have a USB controller free of input devices or programmable devices. If you find such free controller, note its name and proceed to step 2. Create a new qube. Give it an appropriate name and color label (recommended: sys-usb, red). In the qube’s settings, go to the “Devices” tab. Find your USB controller in the “Available” list. Move it to the “Selected” list. Click “OK.” Restart the qube. Recommended: Check the box on the “Basic” tab which says “Start VM automatically on boot.” (This will help to mitigate attacks in which someone forces your system to reboot, then plugs in a malicious USB device.) -- LSUSB shows a list of devices and my usb connected to it, i could see my controllers listed and my qubes usb, it did not specify which controller its connected to, which even if it did would be of no help, as the devices tab of the USB vm i created uses different names for the controllers. I selected both controllers figuring there is no fault in protected all usb ports. Then i selected 'start vm automatically' to protect against some obscure attack. What the instructions failed to document is that a usb VM will put your USB's into read-only mode which immediately began to brick my qubes usb. I restarted hoping to fix the problem, but having set it to start automatically as instructed forced the system to brick itself. Im severely disappointed in the failure of the qubes development team to forsee this simple problem and its failure to document the read-only property of a usb vm. If it cannot even ascertain that its instructions will lead to a fatal outcome how can anyone possibly believe they can secure an entire operating system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c997e649d4fad0fea83afb5090ec297.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] [Fwd: qubes wont start anymore]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 14:40, boromirsbe...@sigaint.org wrote: > > I havent done much with my new qubes install so far, ive maybe > loaded it a few times to test it, now ive gone back on to > configure bridges and it gives this error right after the boot menu > and hangs: > > usb 2-5: device descriptor read/64, error -71 usb 2-5: device not > accepting address 6, error -71 > > > Nothing changed on my system since i last used it. > > > - > > > I've found the bug causing this, qubes starts up into its timed > autoselect bootup menu under the assumption your disks will be > fast enough to load the background processes before its timer runs > up and it starts. By cancelling the timer and waiting a few more > seconds this will allow usb based qubes to load properly. Not that > anyone cares since no ones bothered to respond to this in the > first place. > Thank you for following up to report the solution. FWIW, I think it was probably that no one knew the answer, not that no one cared. I, for one, would never have guessed that this was the solution. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWJnFAAoJENtN07w5UDAwYogP/1sWVoMzL1d2fz6Q4gphQ0mr Jpr+7UH46YHQr5lMLWVZ47/IumTOF6406lOp+VsbqSdmRNdXdhfp0m8dOyX+emT3 G589XbR7en/Rr8HS4zeRp4MC6nVPQdc7s8GVaa9FsLru1PH1OpmpAM0HwYXj3RDF lLVKqUV6RftY+GeC9zEtj0Wr5n0/at4IsNJJd52IRbVoy4Pg3X7sS+Bqh4ovDgTe C4SoZ66xzSKH1H6syMezgVzHCRcmnQ4GR1i3aK5Bd9rh+MF6BQ6a4IV7mEvod6nz VG6T1BR/NxYsMC8Smi6Fdk8pgpGHDLVaeaRrLmaFlLfhqL1kEMDkYsHdFhaE7wQc SkBAw62szIovsSVuq2VyxutYyZxZrAcHzQSVxkpEsDUpNuIFAEWkpNoPhj1OPjrW Bn2CrX9EmyYLqNhRj2pS9jgCzVRaSDNiePVrvoOJhbeY0a+nOAwguHv8WJIemOzA wAOLLb3pAXcEr/zVjxAglkUKZiXbjPV4devjBliCTuMkb/GCBouggrxi7gfD1/nj iqifuO9Lnm6n2A0jteZLR0PlkVL2XyHWiSI33qH80m4eCbXNgIjZtLyD5IMtBRaT KY8XVAYvtCiVqVJyWFfP0AhxaC97B+T9FW5+Ccxcwh9vc/28fXB9uLi4W7D6xxhD EUrnHRvbgknfXDX/3Xfc =WKzI -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/376ea662-518f-dbc6-524a-6e9083ac7c0c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Install VPN in anon-whonix
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 13:15, asdfg...@sigaint.org wrote: > Hello I read the guide on whonix site about how setup a VPN in > workstation but it is old and my VPN is a little different, it has > a GUI interface but also a setup for Open VPN (to work i have to > use GUI). Do I setup like a normal VPN in debian (network > connection, import configuration, certificate etc...) and change > firewall? > > Thank you > Take a look at our VPN documentation if you haven't already. It was recently updated: https://www.qubes-os.org/doc/vpn/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWJk8AAoJENtN07w5UDAwOR8P/2/P8q03qeL4xmx3tkN8VOOT jeJJaAKQOkPjNADQ+uFrAsqA/qTpD4KqESAcX8zJmMTAu3TGSA9U57yXggzSQBdG rmOMgs5s7u3LRoMyoYqDYDG/nUn8wFvTyGp/yyunsx5oJ2WQgSaSCuUJRCKputAg UIDMeD0+6Ci+uc0KG6zzMiPa9WfhsnGjcIZ7vEmUeP+xi0IGOOhQkRQgWKL3PAp3 wB63FJHMW9qOBYsjQrqOLh7dupqgekh98nDY+IOs9UclBN3/IQOeuKWe9GFEAzA5 ywhR6BWP1lxmTXRKw6Cm8oFvw9+axxnX2E0Nq2DIpQ2F5GGAQPkgqiN7d++ji1Cu W6TmMeXXM15FZuE8QneZFA+J6eLiJ2GzOE+gam1ZmVU4Hgn56yPIhDto0vTyNvFn Cf5tDllC4jHaus9zx2ombkH3Fd2vWj9Lq5x2uKjc6bRxuvG6GTuqMHJMnEu62D+M jKrwnZMydrsGjHNyeBA8ktac3jtSxYgXMNV/DQBC8xBGdtJ8VsvJ9Jy1su8cIFBS 6jXsd1Kb6mf2w59WD3gGLrsCm/TtfxfzXJbxtSjJ/EsdPhCfEZKBtumTqyx9XMO9 vNTwZK/HKkN9AQvVulnj8yChkxTPXNi5O35msCzWISQqBFn2MYRoN3/HoEoGOrj/ 2iW2tUnlxhbm3Te1AEC+ =B9Ij -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20ec2d6a-60d1-1c3d-9bc8-fce7644bee59%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: VM CPU mapping - countermeasurements against covert channels via cpu caches?
1093284'109438'019438'0914328'0913284'0913: > Hi Andrew, > > could it be that with some real-time OS features, it will possible to splitt > the Cores of an CPU in two clean domains? > > This would lead to a better latency performance for real time communication, > like skype and for some "air-gapped engines" inside Q. > > Kind Regards > I'm confused what you're trying to achieve: static scheduling of some VMs on some cores, or the elimination of caches as potential inter-VM covert channels. Can you explain exactly what your goal is? I have an idea: go read up on the relevant literature (which I am sure exists in substantial volume), reformulate your goal if necessary, and tell us what you learn. Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a04e1cd0-b9b6-8446-23d3-3022a782ffcf%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM available space
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 08, 2016 at 12:37:39PM -0700, Connor Page wrote: > I've noticed that there is no private image mounted in /rw in disposable vms. > 1. What is the point of private image size setting in Qubes Manager then? No point at all... > 2. Is there an easy way to expand dvm storage without affecting it's template? > 3. Am I missing something? > > I need to load large files in dvm, check them and then move to another vm. > There is not enough RAM to use ramdisk. > Any quick hints will be appreciated. One idea is to add additional block device, even file based[*], optionally encrypt it with ephemeral key and mount in that DispVM. Not very convenient, but effective. [*] In dom0: truncate -s 10G /var/tmp/some-file.img qvm-block --attach-file dispN dom0:/var/tmp/some-file.img rm /var/tmp/some-file.img The actual space will be automatically released as soon as you shutdown the DispVM. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXWJLuAAoJENuP0xzK19csR20H/jtymqHwp17SxTMCH9CULXq0 7af38ycxEAUq2XgNqPDYXWAcMZPKHUChT/EoVnIK4w+4HIG7Xiw428xKMlg6fxZH 5oATPU/BTU270dp3JMPzy9dqkIRPX0WiwPieGVF1rDsQOkFzQmuU2hbG61mIDCjQ +FW6ujdiywO9vmbJlTZqBiI4OtsXVw1KATUOY+B6HLlMUlUCftWMtS1XT+Ehb8F2 nKxCze/oM63d2eHTbIy6Pm43OWW9tUTEhk1IO4WjfCnKN8NQLK5Pa51d/qNMuXC1 KSOLV2wemGr/Nkzh7niltbX/jjGbZupVXSyI3heKBFieOuF2X4mYESbBa02wyjY= =h7BW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160608214933.GU1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] [Fwd: qubes wont start anymore]
Original Message Subject: qubes wont start anymore From:boromirsbe...@sigaint.org Date:Mon, June 6, 2016 4:08 pm To: qubes-users@googlegroups.com -- I havent done much with my new qubes install so far, ive maybe loaded it a few times to test it, now ive gone back on to configure bridges and it gives this error right after the boot menu and hangs: usb 2-5: device descriptor read/64, error -71 usb 2-5: device not accepting address 6, error -71 Nothing changed on my system since i last used it. - I've found the bug causing this, qubes starts up into its timed autoselect bootup menu under the assumption your disks will be fast enough to load the background processes before its timer runs up and it starts. By cancelling the timer and waiting a few more seconds this will allow usb based qubes to load properly. Not that anyone cares since no ones bothered to respond to this in the first place. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca0b513b235c6836faf5e3c754f66877.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Should there be a Qubes OS forum?
Hi Andrew, the prob is, if you talk seriously about security, will be anonymity... >From the usability effect, I was happy with the thebrain forum, because it is >quite friendly and helpful and has a pre-structuring, which helps to keep this >many topics together. http://forums.thebrain.com/ And for future features they have additional the very kind UserVoice, which has the focus to weight the community ideas, so that continuously new functions and features get implemented... https://thebrain.uservoice.com/forums/4597-thebrain-feature-suggestions But I don't know, which framework is needed for some similar look & feel. Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9ad7e588-f3e8-4c77-988b-47b49320b89d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: VM CPU mapping - countermeasurements against covert channels via cpu caches?
Hi Andrew, could it be that with some real-time OS features, it will possible to splitt the Cores of an CPU in two clean domains? This would lead to a better latency performance for real time communication, like skype and for some "air-gapped engines" inside Q. Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3309d04f-5f31-4e93-8a41-d63a5e53285c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 11:55, entr0py wrote: > Andrew David Wong: >> On 2016-06-08 00:14, Albin Otterhäll wrote: >>> I'm assuming that if you connect to Tor using the same Whonix >>> gateway (e.g. "sys-whonix"), you get the same "identity" (IP, >>> etc.) on both your workstations. Is this correct? >> >> >> Not entirely. By default, stream isolation applies to different >> workstations and to any supported apps in those workstations. >> This means that every VM connected to sys-whonix will (and every >> supported app in those VMs) will use a different circuit through >> the Tor network, hence a different exit node, hence have a >> different IP address. >> >> However, there are still side-channel attacks that can be used to >> correlate multiple workstations running on the same host >> (stressing hardware and observing the effects in all >> workstations, clock skew, network timings, etc.). >> >> Details: https://www.whonix.org/wiki/Multiple_Whonix-Workstations >> https://www.whonix.org/wiki/Stream_Isolation >> >> > > What Andrew said. Some nitpicking: > > There is no guarantee that you will have a different exit node (or > even a different circuit). It's random so you might wind up with > the same but not intentionally. > Thanks for clarifying that. I had guessed that it was random and thus the same exit node or even circuit could be selected by coincidence, but wasn't sure. IIUC, this should be pretty unlikely in the case of exit nodes, since there are many, and nigh-improbable in the case of circuits, since there are vastly more possible combinations of nodes, even taking into account that many nodes can only occupy certain positions in the circuit (guard, relay, exit). > Also, Tor Browser has stream isolation features of its own, such > as separate circuits per tab and new circuits after a set time > interval. > > Finally, non-stream-isolated (meaning non-tor-proxified) apps in > the *same* workstation will share the same circuit since they will > route through Whonix-Gateway's Transparent Proxy Port (TransPort). > The TransPort can be disabled to prevent this. (Instructions in > Andrew's links). > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWIQdAAoJENtN07w5UDAwaQAP/ik320nIeqfea6V43gp5eLaI l6kadNNL5jrw9DeHCAbYpRxcEz/a386B4f0VscGHBf9DCbVwmAFyqkXUKEY17NOr CaZDJUjmVrdT8S0YHN9qoFnO8nY63Pu3DxL3fx5yVbBLWdPNhG2tnHF2klavz8sQ ckvjPsENLLWdyQFmNvlW6SQMttrCSWmG8EiuRTnhXi8UuboaRXUV8o6dQ/OzX2Ip lZPj9YFbS45DtAcKLa0QEhkaz7104LQIq85vohVHaYFon5FqdKpq6beqlaBtLrUj UyNk1FYnbDwQaMvWUuU5/OEaK59SzSG3qUG+5FFJWT2SIrGgpi7yoIkXv4TNR6NF +uvTuOzNTdcKKJDmB9K9fqwsoniz5AgdGVHkMh4oBTFRZE2FpTz+iJyoPeIxdHhx vpiXLhkLjFO9jojdd1tN6i9RtWQzs8kAkzkiprkEB9V0+xeUyqio6YBMDblebS0P MVbsMFush6YISymoJNVimDez01XD1UqQR6rlusvbt2Fo83hEwwt+gNolOGVcObeN LtoNKv5XBfGMnyJqMpKbV+ek1fC8XCcL4ibYnTrlBozVDefmk6YHumCVfnpI8As0 DYzcOfT8PDhjXe1Xc0I8txcSi2xgjpIZuuAtH24s3FhUD2qbiRNRW06ZwvKW8Ixv 2OZfQEoNf4obLKwD43jn =reTt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c6080b0d-c3ea-6c85-f135-6d7072d6ba2c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Install VPN in anon-whonix
Hello I read the guide on whonix site about how setup a VPN in workstation but it is old and my VPN is a little different, it has a GUI interface but also a setup for Open VPN (to work i have to use GUI). Do I setup like a normal VPN in debian (network connection, import configuration, certificate etc...) and change firewall? Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/805c58e82d9138233a75b828588c6eed.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DispVM available space
I've noticed that there is no private image mounted in /rw in disposable vms. 1. What is the point of private image size setting in Qubes Manager then? 2. Is there an easy way to expand dvm storage without affecting it's template? 3. Am I missing something? I need to load large files in dvm, check them and then move to another vm. There is not enough RAM to use ramdisk. Any quick hints will be appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a931885-00e6-47fa-b946-9fd0cd821ff2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] inter-vm traffic cant ping windows 10 hvm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 08:22, moritzbrunner2...@gmail.com wrote: > Hello, I tried to connect my windows 10 hvm, which firewall is > disabled, with my fedora appvm, but I can't connect/ping it.I tried > the same with 2 fedora vm's and it worked properly... Thank you for > helping in advance > Take a look at this section if you haven't already: https://www.qubes-os.org/doc/qubes-firewall/#tocAnchor-1-1-4 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWHGVAAoJENtN07w5UDAwRtIP/j36ZkMOkqI/FQekuxkkANdB wpLTrf4mcYCQ8qkmm67CQuYrOQXsneQeVtlWHVFm3zJJBWpGvp0agaX6t7sD5SeL dWZv90JiR3d6uOQvF50nphAtTG0F9oFxKfZRL8iavM1sOYZOwUQpLLQo/Mltb8pV 5bF32ksTGz0vGaI4SVWaGrg1kOboe6CFMBgayIlBDoUHUAgB95ZcsJEkgeDvU75v LIUkpvtFFwckluNWPOIQxiMzqtdPHrxbW9TyAZ6lzVp/B1RTuqMzA4YGX9VxDzUV ciTqJSa4ZHFY+fDrQPAwt6PqnJhtt8X+ByLvZOUHXkVKDOFMDIZtbXUQLYOvNlIo EHo748XR0AtI2ykBhUZCEHUuRRnRIZHLWnclTNzJiZCLH+2ISzS11/4Z4GLUc9pz X2I76RtdwOZy1S3enzcfnyXszxJQ9kalLQtrYJjyxFahdDDCVYlyb3e9qW3e3XwF COiH1BRpsG+17/lrYhsdq9wEdtKl0nukXiGdZUGgMkIxLqzpt7S5ohFmGe44Ox+4 qlTEgLi17dDM7Wyq+3dNN6pTEygqSxkgpVYJXZl/gISZWXFAXRVNAT0Ux86IbkYT OL+F8b8rYLHhXgHqNj2FF9b8FlBdtcKQWVyrWek6OaFpy528uEmsyjJcrMebGobm icGn7kWr6cs7xILhktjn =gjN+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a7b5088e-bbea-d23b-322f-2358aa858eaf%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?
Andrew David Wong: > On 2016-06-08 00:14, Albin Otterhäll wrote: >> I'm assuming that if you connect to Tor using the same Whonix >> gateway (e.g. "sys-whonix"), you get the same "identity" (IP, etc.) >> on both your workstations. Is this correct? > > > Not entirely. By default, stream isolation applies to different > workstations and to any supported apps in those workstations. This > means that every VM connected to sys-whonix will (and every supported > app in those VMs) will use a different circuit through the Tor > network, hence a different exit node, hence have a different IP address. > > However, there are still side-channel attacks that can be used to > correlate multiple workstations running on the same host (stressing > hardware and observing the effects in all workstations, clock skew, > network timings, etc.). > > Details: > https://www.whonix.org/wiki/Multiple_Whonix-Workstations > https://www.whonix.org/wiki/Stream_Isolation > > What Andrew said. Some nitpicking: There is no guarantee that you will have a different exit node (or even a different circuit). It's random so you might wind up with the same but not intentionally. Also, Tor Browser has stream isolation features of its own, such as separate circuits per tab and new circuits after a set time interval. Finally, non-stream-isolated (meaning non-tor-proxified) apps in the *same* workstation will share the same circuit since they will route through Whonix-Gateway's Transparent Proxy Port (TransPort). The TransPort can be disabled to prevent this. (Instructions in Andrew's links). - ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57586A08.1050606%40vfemail.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to install clean template?
How should I go about to install a clean template? When setting up a template for a specific domain, e.g. software development, it could be useful to have a clean slate. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nj9lmj%24lag%241%40ger.gmane.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Proxify VM
Yes, sys-firewall could be a problemI can use JonDo in another dedicated proxyVM above sys-firewallnetVM-->sys-firewall-->proxyVM1(withJondo)-->proxyVM2(vpn)From: Chris LapriseSent: Tue, 07 Jun 2016 01:35:24To: Jeremy Lator , Andrew David Wong , qubes-users@googlegroups.comSubject: Re: [qubes-users] Proxify VMOn 06/06/2016 06:11 AM, Jeremy Lator wrote:> Shortly> I have JonDo in the first VM and a VPN in the second VM. I want that> the VPN detect socks of JonDo during the connection> MyISP --> JonDo --> Firewall --> VPN--> internet> \ / \ / \/ \ /> | | | |> sys-net sys-firewall proxyVM appVM>>>So "internet" is really an appvm with your browser?Then your diagram implies that you want to use vpn software (i.e.openvpn) through jondo. That would mean configuring openvpn to access asocks proxy. I think jondo was created to have the browser (and otherapps) access the socks proxy, but if you really want it this way openvpncan support socks proxies. Check this out:https://www.comparitech.com/blog/vpn-privacy/hide-openvpn-traffic-with-ssh-tunnel/Having sys-firewall there might be a problem. That's because you have toput the address of the jondo vm (seen as the 'gateway' address in thedownstream vm) in the openvpn config.Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1465243524.S.3691.8849.f5-147-124.1465408561.9082%40webmail.rediffmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes OS' mailing lists now available via Gmane!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 09:14, J. Eppler wrote: > Hello, > > that is nice, but do you have the links to the page? > > Best regards J. Eppler > http://dir.gmane.org/gmane.os.qubes.user http://dir.gmane.org/gmane.os.qubes.devel - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWEXHAAoJENtN07w5UDAwutUP/0V9wNUyjcwtNjsGhi9EzL9l 1EebuWu00U8ESwf00R0tBOc/pVQ71U04YrBTq5j9iqZtBVtyib8buexqhXhyu8CI iORTl8N9kja3ZkZCNNrghFZxRkk+uk5lRo+bOWaWt79uJo4cu8nqTuRd50odqTCf 0WrCvtLVmrJVKE2GzT05fiWwWNdSbg2+I+i9MRj5LOOvC0hkx9xIIW5zFhNhXDgU xozY2tve39N5GL4FqIVMJso8ovihdrkEQL3T9NgESAVsb0j9w2lNOHl1+1XV3ZbH B0HyaDT5gT87pXxM7lUyJ4ogCnVg8BvnnQuqOJQHC54n3AWw0mNnJ7mIZfoqumWy +4ImnFtLOsC8sHGQpi96Ywu5598DZJT7Ok2H9IhfHJOYHeKPsilQxZAmETJCQL8U rM8cTq2SDMzPUFOavTLu/AaDx14ek9vAKP1KCq/AfFbWc9lnrWg/gDeU36a840Vs llExJ2YmrRsRfAf3UoOGP28aTXf28RXe4EjEBqVjF9y2xNpoLgHkpr2E0tSHfl9a hg994uQqaPJe/u8Ic5iTQd4R3YFX58zGm9rKyTp6oiziptxCT3Cu9jTUQgt0A+dS QhTO2oKt3xXh/ztH853mcbyV1xOus+Nnm+cj4DCZh285PC15e2RBs88tIbrHcs4p LfxzFYhC2HAU5BE6d485 =lIiY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f170adc-ba7b-b3cc-5aaa-a2f00fbf9918%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Should there be a Qubes OS forum?
Hello Andrew, I think it would be nice to have a easy to search forum for user questions. I don't think the qubes-devel list needs a forum. Best regards J. Eppler -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab28f130-2406-416f-805d-519ef8461df4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS' mailing lists now available via Gmane!
Hello, that is nice, but do you have the links to the page? Best regards J. Eppler -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c694226e-4137-4c35-b89e-d68fd19ce7e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 08:36, Andrew David Wong wrote: > On 2016-06-08 08:21, Franz wrote: >> Hello, > >> I noted that when I insert a SD card into the corresponding slot >> of my Lenovo x230, it is automatically attached to Dom0 rather >> then sys-usb (default configuration). Well I use the SD card only >> for my Nikon camera and I have no reason to trust Nikon less then >> Lenovo, so no problem for me, but wonder if this is expected >> behaviour. > >> Best Fran > > > It's probably that the associated hardware device is not assigned > to any domU (e.g., your USB qube, if you use one). On my ThinkPad, > the device is labeled "PCI Express Card Reader." Assigning it to my > USB qube results in any inserted SD card showing up in the USB > qube. > Issue for implementing an option to have this performed for the user when the USB qube is first created: https://github.com/QubesOS/qubes-issues/issues/2055 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWD1JAAoJENtN07w5UDAwa0YP/Rdb0qlMttyudH+VjExiibgX wf1RsNHeqeO2gG2lne18ejXE1E+KvIWFKROJYoKwLxspLH12VAkUVhgpcV2j0z4b LYF8T/AFBSOryFiI6Yv2s63pFocNrOesAfG3PRwXttBHbouH5RZ0EIxPfkwwvpFd XTYvPL2k9oDrWeXVOxBQOtkzgjZMQjoI96p6wJBFh8SQYbxI2L5YFklkl12wb3ng 8/6a6pIAMdOgQvtOv8GqF4u2f1yjaZRiCvzpBA8/ihbt9rlZFMxk8hr0yMYxboSQ ROQDshLfHGvc4A7xJh8MEQawP4Fh8P0nWHfesTch/p16QJW5d3yfQbU/Svh/PwfN tcQYTsBXgSVGMVUYNUZrV2jUCkFV7mkcxgkOO+PBxh212zYdrbrsH352XRzcfG6z 2DI3fFtyfAQSR5Fvlv6/g+dzI5sGipqktikMfW7wnEnXEbKHIf7P+Wsm1naHw6Ii 8LQ4sRkEb0VKcnWdcMuiXO2eRAvd88PSHF//dtBFNoUXcqNlhvQJiXE0JSS6OUGT B6dm8fk7OsUhvBXuPPzLEXeNqv42M2UETlWEMW6r26LxX9souA7bcqEEr8q/2xaF IIS1OZvxcEUUCFUQQTFOZpXKcwDFNcRCuHKPiO1JmlL6huRfvRhc43JLdro7TyN4 bmMcIM90BXvFI9VDCAbN =5x7p -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b862716-1559-7f63-2b69-121bb193f63d%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] SD card goes attached to Dom0 rather than sys-usb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 08:21, Franz wrote: > Hello, > > I noted that when I insert a SD card into the corresponding slot of > my Lenovo x230, it is automatically attached to Dom0 rather then > sys-usb (default configuration). Well I use the SD card only for my > Nikon camera and I have no reason to trust Nikon less then Lenovo, > so no problem for me, but wonder if this is expected behaviour. > > Best Fran > It's probably that the associated hardware device is not assigned to any domU (e.g., your USB qube, if you use one). On my ThinkPad, the device is labeled "PCI Express Card Reader." Assigning it to my USB qube results in any inserted SD card showing up in the USB qube. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWDuJAAoJENtN07w5UDAwWvgP/1E9KJAJnMDxBvzqt1qekVSm srxBKOiP3oa14BQ58cW+w9DQq13XliumXfv/CdEHUM8+aVsQ52xKAn7u5VUFHk8V SWB3+z/p+cVWL3hg6SpzT6r/SVCF6bYXAI921tQkK2//BajFahv8A/uKgkyBnu5+ gHSefo+8qHd9RSzDffDz1Z7/PA9TNbnV1JS5QBhwiDTtFU20vNMe1m3zpJT3c6mu aMlmQPb3u6wim1Udmua061MmnYxHrc8xHSLibOI6UMlpcMDuGLA04XDJMClt6yOy d8oIP3Sl/+OQeiUlpwE/aubifXMNUdOYgXg/oA1j8aoD3gX3wSRiivfmQBX4Wt+c De0EW7eNhDnBBkoam0Jwfpx3t/Uw5z2x/qIJUvywaG2fKU5ZyvS+UL2FzAcoQVtU aLBkevWF29nros2xDm6KGIGJ1zRtCFpgBr0PGkorM0g6YaLEbYH44QdQw0Y/4oZx CWbjc3PbsZnc//BIBK7VifT2HUWGR687uRSjOGSi9yH6XIiPzAbBkwri+0B9EC9d omGHkPC/8Z6h1zJRQaNh1X3WHJa+wmnaHD947hBgIo1uLuiwZo9tsHbO/JmXsmx6 +Uv0hf+x4q2fAmWdv27hqRfvpVXegh5askjEOwALoJtSj2cUBAGzzrw03MJkbMse DSy00c7n0GplC34sJrrV =gX2g -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f972c59-d398-0088-fdcd-ffe7204e25d0%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] inter-vm traffic cant ping windows 10 hvm
Hello, I tried to connect my windows 10 hvm, which firewall is disabled, with my fedora appvm, but I can't connect/ping it.I tried the same with 2 fedora vm's and it worked properly... Thank you for helping in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bb9e638-bb15-4f1f-a417-b92a2eb0ad19%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] SD card goes attached to Dom0 rather than sys-usb
Hello, I noted that when I insert a SD card into the corresponding slot of my Lenovo x230, it is automatically attached to Dom0 rather then sys-usb (default configuration). Well I use the SD card only for my Nikon camera and I have no reason to trust Nikon less then Lenovo, so no problem for me, but wonder if this is expected behaviour. Best Fran -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qCFJDQO_%3D8f7MGE5WUgvk%2BK-giqezNGC8xqxeusv0WE0w%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-06-08 00:14, Albin Otterhäll wrote: > I'm assuming that if you connect to Tor using the same Whonix > gateway (e.g. "sys-whonix"), you get the same "identity" (IP, etc.) > on both your workstations. Is this correct? > Not entirely. By default, stream isolation applies to different workstations and to any supported apps in those workstations. This means that every VM connected to sys-whonix will (and every supported app in those VMs) will use a different circuit through the Tor network, hence a different exit node, hence have a different IP address. However, there are still side-channel attacks that can be used to correlate multiple workstations running on the same host (stressing hardware and observing the effects in all workstations, clock skew, network timings, etc.). Details: https://www.whonix.org/wiki/Multiple_Whonix-Workstations https://www.whonix.org/wiki/Stream_Isolation - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXWDTtAAoJENtN07w5UDAwkIMQAIsKMKDrWfy6JnVW0TZGFTgj xk8QqTVg8sCwC0TqNBbpNccexb6AWB2IjS63k7CYfe9/mfPih92w+Qx+JzUiAiBo Uyx+iTQ7MI9oNK/Aaqw0KEahTN/BiB4T+MhrebOyUEZNL0E0C4ax3SiZboMbNo+9 7wUlJ2DHrFNALYiYlQ40UKTtcaqpQB+aZ7RMi6fI+XU0Dpi35lSqTNEpqdxRaCot M9oXap6tXn4PltF8JU+GR6lg43svdVMqrM/w+y0M/pi2Q0L83wxtc1W3FQJWsNOs /dZazPoQsiongnjmxzUmW3L/ebgwZneVzb3Gzf2D3jTfKNNBtxvM2grX7Q6Z+H/t S3lUaxkSH7dMDAyFoC0gBT08wZqlwiljjCUigDkuPdxiPOmefe5KftfhAWJHYjrK RbjdYkzq0C0an3coT6cXCePIoIPA9cY7+j3tP42UkaW/lR/te5EvoywMrvPEDV+O quuYBoajZgBP8K6Xp1yp4ykxJJjEm42LYY14WCdtZhYep6y9IUazsdxUeRSQnGM2 SSCdBW97S2gI1mzJlDaCz8szFK4mwNK7H5iUk7kqQ8LGFlB3DbTyfSIuy1ZetqE4 COUMWM8Ho/8jUVh9Ex8fTqsztdtSOAXDBNhn+4+y6XKcTVdYOYYUltHY30mQPEg8 iiYBUAdh/VIb8loHlBPS =nJMD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f416ee32-8df3-b154-66a7-573f3b26a886%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] choosing 1 upgrade of the month
I know SSD is recommded running up front and I have a good one on a pretty decent xeon dell with 8gig ram..the processor doesn't show overload ever, the ram doesn't get hit hard..but with 2 maybe 3 qubes running and taking into consideration it shares one router to the modem with 2 other machines...I'm beginning to think that any slow downs are happening because one or the other machines is clogging up the router...and while the qubes arch keeps this separated when these machines are all plugged into the same router it's like they are in there having a secrets telling party... well, i was going to get a solid wd black, or max out on the ssd (these are going in the workstation as qubes is being worked on in the laptop...they have the same specs just the workstation is got more juice..i mean basically the same).. the question is..do I complete the endless goal of [ a. getting the 2nd (and which one) NIC and cause the workstation to arbitrate as THE router and keeping things separated correctly maybe by pfsense and friends..almost get how that is to be implemented and am priviting OPNsense to get involved more..they asked me what I wanted them to do all I had said was give me an .iso so I can make the VM... and is that probably why my Qubes which is coming along joanna gonna get a nobel medal... or, am I wrong in that and so A) max the ram from 8 to 16 (it's costly as I would want to keep up the ECC), or B) go ahead now and get what I will need eventually too expensive a 4GB WD black as I have to match another 4GB drive and raid may happen sometime.. or C) get I have plenty of HDD, 8gig ram seems like it's not the problem..and so all in on the SSD for the workstation ..the pro samsung 3d one is robust but my budget is the shits.. So, isolate these computers as bog downs seem to break through when I kill a process even though its not even in the Qubes machine..and if so how to properly do that...It may be as simple as correctly setting up the Dlink to qos or whatever to stop that interference. one day I swear I thought one computer was playing music that another one should have been although it was faded etc... Or, for this month, get the ram maxed, or 1 of the 2 drives both I will need eventually... Remember, this is because I can't find a good explanation for why I get really bogged except it seems to be because of competition for router..and failures in other computers which share the router... I need to get this right as it's ready and getting more ready (qubes that is) and I want it to have a proper platform. thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/trinity-a79b0248-499c-4896-b24c-00fff101ed52-1465396065881%403capp-mailcom-bs15. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] New initramfs won't stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Jun 08, 2016 at 04:39:47AM -0700, mpatton...@gmail.com wrote: > Hi there, > > My USB keyboard requires a kernel module that isn't contained within > initramfs by default (hid-logitech-hidpp). > > I have added a new file to the dracut modules conf directory which contains: Just to make sure: it should be in /etc/dracut.conf.d > add_drivers+=" hid-logitech-hidpp " > > After creating a new initramfs, I have checked the contents with lsinitrd and > the kernel module is there. > > However after I reboot, the keyboard still doesn't work at the LUKS decrypt > prompt. > > When I check the initramfs again, the kernel module isn't there? > > Do I have to do something else to make the change stick? Do you boot in UEFI mode? In such a case, initramfs is on ESP, not /boot directly. The path is /boot/efi/EFI/qubes/initramfs-KERNELVERSION, so you need to pass this path to dracut when generating it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXWByyAAoJENuP0xzK19csg8AH/1VEAuufzi1Rvotaqu5tUSqz iwoR0yLK293p0OkhNO8MBU9ZVuZB1vuBvf4NctlqpvNV0/fUyrN6CszlXyYYhSLV S1qzjdoxqJUiHOwnCsG4oQF2DOrNpcLTWn3nYoZw+1V5jDcI0nmCqdSnsF4C4kUX Jt2koYIMlR8xODP2kZ75Q49MfKfXTm30nD3jkaKHLmGYoa+ax4d7shx5YtkVKwDF sP9oyO26Si3XhPoW7ng4IFpj3zpdgorGarhuOoVf5FGxaVYcfHY82P1s57I/s11r K8/+H2/WBhlozVCOh6UO0p+QpM3Fd+B5TXDrv+py6+nXh0L6RIBPuqQzAGLkncs= =E/cV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160608132505.GQ1593%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] New initramfs won't stick
Hi there, My USB keyboard requires a kernel module that isn't contained within initramfs by default (hid-logitech-hidpp). I have added a new file to the dracut modules conf directory which contains: add_drivers+=" hid-logitech-hidpp " After creating a new initramfs, I have checked the contents with lsinitrd and the kernel module is there. However after I reboot, the keyboard still doesn't work at the LUKS decrypt prompt. When I check the initramfs again, the kernel module isn't there? Do I have to do something else to make the change stick? M. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/025cca06-e3bf-42bf-8451-bbda40d6e7ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Everything is Tiny and Buggy in Display
Welcome. I also have the same experience with graphic artifacts and low graphic performance on GUI. I'm waiting for new Qubes 3.2 with new Fedora and Kernel. Hope new kernel 4.6+ will support my new graphic card. So, we are at the same boat. I think RC of Qubes 3.2 will be available on next week... > This graphic problem is literally the only issue preventing me from using > Qubes because it makes it unusable and after reading other threads, it > seems many other people are put off from Qubes due to graphic issues as well > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/386bc5b8-71f7-4716-913f-ab82564add39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] If using the same Whonix GW, does all Wonix WS get the same "identity"?
I'm assuming that if you connect to Tor using the same Whonix gateway (e.g. "sys-whonix"), you get the same "identity" (IP, etc.) on both your workstations. Is this correct? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nj8gkg%24a21%241%40ger.gmane.org. For more options, visit https://groups.google.com/d/optout.