Re: [qubes-users] Per-VM stream isolation in Whonix

[Claudia]

tetrahedra via qubes-users:

On Mon, Sep 30, 2019 at 08:05:44AM +, Claudia wrote:
Glad to hear it's working. I guess I should have asked at the 
beginning... What brought you to the conclusion they were using the 
same circuits? I assumed you were using check.torproject.org or 
another "what is my IP" site, but if looking at tcpdump or something, 
there are plenty of reasons they might connect to the same IP. 
Although, I think you would only see the local connection to 
sys-whonix, so I'm still not exactly sure what's going on here.


I am using the Onion Circuits GUI app to display all outgoing circuits
and their destination IPs.



Okay, it makes more sense now.

To make sure IsolateClientAddr is working (as opposed to 
IsolateSOCKSAuth), you can run


 curl.anondist-orig https://check.torproject.org

in two different whonix-ws VMs at the same time, and make sure they 
output different addresses. You should also see check.torproject.org:443 
pop up in Onion Circuits under different circuits. If they show up under 
the same circuit, or output the same address, then IsolateClientAddr is 
indeed broken.


Bonus points: try running that command twice in the **same** VM, and it 
should (usually) output the same address both times.


(Note: You need to use `curl.anondist-orig` because otherwise curl will 
be transparently wrapped by torsocks and will use SOCKS isolation 
anyway. 
https://www.whonix.org/wiki/Stream_Isolation#Deactivate_uwt_Stream_Isolation_Wrapper 
)


If you're still seeing something that doesn't look right, please post a 
screenshot if possible :)


-
This free account was provided by VFEmail.net - report spam to ab...@vfemail.net

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f9c9c078-6330-c638-46c8-284be1baa6a4%40vfemail.net.

Re: [qubes-users] With 4K monitor, if screen goes blank, mouse clicks don't work in VMs

[Michael Siepmann]

On 2019-09-30 05:44, David Hobach wrote:
> On 9/29/19 7:12 PM, 'Micah Lee' via qubes-users wrote:
>> On 2019-09-24 18:21, Michael Siepmann wrote:
>>> I've read and followed the instructions on
>>> https://www.qubes-os.org/doc/gui-configuration/ but the problem I'm
>>> having is different. Here's what happens:
>>>
>>> 1. I'm using VMs on a 4K monitor successfully, via DisplayPort.
>>>
>>> 2a. I have Dom0 screensaver set to Blank Screen Only and it blanks
>>> after
>>> the configured number of minutes
>>>
>>> OR 2b. I switch to using the laptop screen, then back to the 4K monitor
>>>
>>> OR 2c. The computer wakes from sleep while the 4K monitor is in power
>>> saving mode.
>>>
>>> 3. I can no longer click the mouse in my VMs (though it seems as if
>>> maybe all clicks register in a very small area at the top left). The
>>> mouse works normally in dom0.
>>>
>>> 4. If I switch to the laptop internal screen it works fine there,
>>> but if
>>> I switch back to the 4K monitor it still doesn't work there. The only
>>> way to get mouse clicking working in the VMs again is to shut down the
>>> VM and restart it while using the 4K monitor.
>>>
>>> The same thing happens if the computer goes to sleep and when I wake it
>>> up the monitor is in power saving mode. My current workaround is to
>>> disable the screensaver, and remember to wake the monitor before waking
>>> the computer,
>>>
>>> Is this a bug I should report? Has anyone else encountered this
>>> behavior?
>>
>> I've encountered this bug (or a similar one) as well on a 4K monitor. It
>> appears that the mouse clicks only register if they're within the top
>> left width and height of the laptop resolution.
>>
>> A workaround I've discovered is just restarting your VMs while your 4K
>> monitor is plugged in. If you start a VM with the monitor plugged in, it
>> lets you click anyone on the monitor within that VM.
>
> You can also try to switch to a tty (e.g. Alt+Ctl+F2), wait a few
> seconds and then go back (Alt+Ctl+F1). Works for me whenever I have
> issues with external monitors.
>
Thank you! I will try that next time it happens. When I tried to
replicate the problem just now, it didn't happen.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bf6c25b4-00dd-0a07-e21d-bc954ec81424%40TechDesignPsych.com.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] With 4K monitor, if screen goes blank, mouse clicks don't work in VMs

[Michael Siepmann]

On 2019-09-29 11:12, 'Micah Lee' via qubes-users wrote:
> On 2019-09-24 18:21, Michael Siepmann wrote:
>> I've read and followed the instructions on
>> https://www.qubes-os.org/doc/gui-configuration/ but the problem I'm
>> having is different. Here's what happens:
>>
>> 1. I'm using VMs on a 4K monitor successfully, via DisplayPort.
>>
>> 2a. I have Dom0 screensaver set to Blank Screen Only and it blanks after
>> the configured number of minutes
>>
>> OR 2b. I switch to using the laptop screen, then back to the 4K monitor
>>
>> OR 2c. The computer wakes from sleep while the 4K monitor is in power
>> saving mode.
>>
>> 3. I can no longer click the mouse in my VMs (though it seems as if
>> maybe all clicks register in a very small area at the top left). The
>> mouse works normally in dom0.
>>
>> 4. If I switch to the laptop internal screen it works fine there, but if
>> I switch back to the 4K monitor it still doesn't work there. The only
>> way to get mouse clicking working in the VMs again is to shut down the
>> VM and restart it while using the 4K monitor.
>>
>> The same thing happens if the computer goes to sleep and when I wake it
>> up the monitor is in power saving mode. My current workaround is to
>> disable the screensaver, and remember to wake the monitor before waking
>> the computer,
>>
>> Is this a bug I should report? Has anyone else encountered this behavior?
> I've encountered this bug (or a similar one) as well on a 4K monitor. It
> appears that the mouse clicks only register if they're within the top
> left width and height of the laptop resolution.
>
> A workaround I've discovered is just restarting your VMs while your 4K
> monitor is plugged in. If you start a VM with the monitor plugged in, it
> lets you click anyone on the monitor within that VM.
Thank you! There is related discussion here
 and here
 but the problem
I've been having is that after starting a VM with the monitor plugged
in, it will only continue to work as long as the monitor never goes
blank, even from the screen saver, or from switching temporarily to just
using the laptop screen, or from going into suspend mode and then waking
up before the monitor has been woken from its power saving mode.
However, today when I tried to replicate the problem it didn't happen.
Hopefully that will continue!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8946547f-3cd8-355c-0191-3f31be1a7647%40MSiep.com.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] installation help

['awokd' via qubes-users]

thomas.lynch via qubes-users:
> Where may i ask question for help with installation (or is it here)?

Here's good.

> 5.  got a progress bar, various messages concerning templates etc.  then it 
> said something
> about configuring networking.  That took a little while, then the screen 
> went black with 
> a solid underline cursor in the upper left.  The light on the drive stopped 
> blinking.  
> 
> I.e. it crashed.
> 
> Any suggestions?
> 
Often this is due to the wifi card. Try temporarily disabling it in UEFI
config before install, then re-enable and add to sys-net after
everything is up.

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9b7259f5-426f-a4fa-8848-2c32d862d00c%40danwin1210.me.

Re: [qubes-users] How to mount qubes partition to recover files [urgent]

['awokd' via qubes-users]

cacaosu...@tutanota.com:
> Hello ! 
> 
> I broke my qubes, and no appVM start. I'll fix that later, for the moment I 
> need to urgently recover files that are stored on my appVM. 
> 
> I have booted on a lubuntu live usb and try to mount my partition ( located 
> on sda ), but didn't succeded. 
> After decrypting my sda3 partition with
>  `cryptsetup open /dev/sda3 qubes` 
> I have mounted the new created map 
> `mount /dev/mapper/qubes /mnt/q`
> But only the qubes_dom0-swap seems to be mounted.
> 
> Is they some kind of anti-evil maid security going on here ? What am I doing 
> wrong ?
> 
Qubes uses LVM so you need to scan for volumes after your cryptsetup
open. From memory, it is "vgchange -ay".

-- 
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d0c5ea2f-50e0-c63c-efdd-4d004001e36e%40danwin1210.me.

Re: [qubes-users] using two whonix-gw instances

[Sven Semmler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 10/1/19 2:59 AM, tetrahe...@danwin1210.me wrote:
> 
> A 2nd sys-whonix gateway for this situation would seem to reduce the
> vulnerability. Or maybe I am just being paranoid?

I agree and decided to go with two gateways for the following reason: running 
two gateways is like having two PC's on the local network each running Tor ... 
in this way Virtualization/Qubes is responsible so an accidental 
misconfiguration / bug in Whonix is less likely to result in a compromise

I'll still have it on my todo list to read through both the Whonix and the TOR 
design. But until then, I'll go ahead with the two gateways.

/Sven
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl2TjlsACgkQ2m4We49U
H7ZVHhAAo4lVq0o0wYkmfrcLUlOIQMb9Yaxg9RwKswy17aSDOqmsxBIT/+1leQQJ
thxC/mlxzuzi7zTcqEJmQEU0iV+YWMzUdT55Wr2KV+6mTD+CGmus4Qx9uEYBLEvl
iP/F0ABgvfgQGLGryOSfSd/jWeOdSEgiBOkf0Y7xIrN/A3jp2zaxZV4TdY91YAJQ
/qnYqoq88z0xiQg8UT3NdIA2XvLDtDZ3aZX4UEyhAFgihBTpDQKybtgJhlM0Rqjd
Abbn9YXj0Odcl8oBDv2Yk03jKPcD9z18upkLuZzpi+cPVfhARSa0CljiFvwAzbkf
HzJTYM/uE6hnvLFMws4PAZYwawQ/MoSfuLuN2G4MkUJm0h2+GsMLQ0+2fdPufWZg
mjX4vIQZPaK+eV/SxslmMgzzpkOXTcKhz9MAF6lU1d2QYKcAFQq30NNacAT65q7H
KRNz7nNH8640lie0oQWZrUJ7HzSIFodVHS9P37V7DIGsQX5VPD30N5ezObsyowi/
piL4GEVtwUA0/kCxtW4kR8as08g06/tMXxxDF6vXFL7tAqmog14tr+vWxSii0eN8
LGSpwMDzGnLgrhnUwJOmX1uYenOkRYLjaH2DRVajZE4jKtQmUW31MG4jDPePF2HO
QEofFXZ7WyH1rFeFhdGZbQIVl71mevw039xJXjHShi6Wx8ILQVA=
=zW2c
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b7807df8-e1c4-eee9-cfc1-b51176e88566%40svensemmler.org.

[qubes-users] installation help

[thomas.lynch via qubes-users]

Where may i ask question for help with installation (or is it here)?

I've done a few installs before debian, fedora, and some others.  I've 
installed three flavors of linux on this machine at various times.  An ASUS 
laptop.

Just in following the steps:

1. dd'ed the iso to a 32G USB stick, Qubes-R4.0.2-rc1-x86_64.iso
2. set the bios to allow virtualization and to boot from the stick.
3. booted, the install seemed to go well.  Targeted an empty external hard 
drive, on USB3.1,  500GB
4. rebooted, was asked to configure Qubes,  I accepted the defaults

5.  got a progress bar, various messages concerning templates etc.  then it 
said something
about configuring networking.  That took a little while, then the screen 
went black with 
a solid underline cursor in the upper left.  The light on the drive stopped 
blinking.  

I.e. it crashed.

Any suggestions?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9c11a063-1a90-492b-a38c-7f1ae3c5aa60%40googlegroups.com.

[qubes-users] sys-usb in trouble

[haaber]

after recent updates my buster based sys-usb is in trouble. I can still
attach a device (say, a camera, usb stick), but first it will be
attached as /dev/sda and no longer /dev/xvd[i-z] and worse, it will be
removed immediately. Someone had / solved this problem already? Cheers,

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94b97bdf-22e3-3136-39ec-c7c299695c62%40web.de.

[qubes-users] How to mount qubes partition to recover files [urgent]

[cacaosucre]

Hello ! 

I broke my qubes, and no appVM start. I'll fix that later, for the moment I 
need to urgently recover files that are stored on my appVM. 

I have booted on a lubuntu live usb and try to mount my partition ( located on 
sda ), but didn't succeded. 
After decrypting my sda3 partition with
 `cryptsetup open /dev/sda3 qubes` 
I have mounted the new created map 
`mount /dev/mapper/qubes /mnt/q`
But only the qubes_dom0-swap seems to be mounted.

Is they some kind of anti-evil maid security going on here ? What am I doing 
wrong ?

-- 
 Securely sent with Tutanota. Get your own encrypted, ad-free mailbox: 
 https://tutanota.com

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/Lq5VqyX--3-1%40tutanota.com.