Re: [qubes-users] Can't access flash drive
On Mon, Jan 18, 2021 at 11:42 AM 'awokd' via qubes-users < qubes-users@googlegroups.com> wrote: > Shawn Creighton: > > > > I have a Sandisk Cruzer 8GB flash drive I've had for a few years, when I > > plug it in to Qubes it shows up in the available devices but when I > connect > > it to any appvm it's not rshowing up in the file manager. Other newer > flash > > drives work fine. Any ideas? > > > NTFS format vs. ExFAT possibly. > I stumbled into the ExFAT issue a few years ago and had simply dismissed my own problem as not important until this thread showed up. I thought I might be able to help with this SanDisk thread so I pulled my Sandisk back out to take another closer look. But that old ExFAT problem certainly is not the case here with my SanDisk Ultra_Fit because it turns out they are not even formatted with a Windows file system. I have three of four SanDisk in front of me, and none of them work with my fedora-32 based sys-usb, but all work perfectly fine with dom0 (fedora-25). They don't show up in GParted in sys-usb but by inspecting them with GParted in dom0 I can see that two of them are iso9660 (Qubes 4.0.1 and 4.0.4) Install iso's that were DD'ed directly to the device and both had been successfully booted and used to install my current Qubes system. I just keep them around in case of an emergency. The third SanDisk is formatted ext4 and at the moment is completely blank, because *I can't see it* to even use it through my normal sys-usb. I have lots of other USB thumb drives that all work just fine but there is something different about these SanDisk drives. I also have a fourth SanDisk that I used without issue on a tails system but it simply could not be read by sys-usb and there is no way I'm even plugging that one into dom0. I ultimately used tails to re-transfer the files to yet another USB stick so I could finally transfer those files over and RE the binaries. Bottom line, all four SanDisk Ultra_Fit 64gb are pretty much useless on a fedora-32 templated AppVM. Now I'm really curious to see what happens when using a different template for my sys-usb. For the moment I'm blaming the template or some missing driver, but I can't really say for sure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDniDJoxEC8_deXPdhfbOT3iaNb00JxEKYrXRrEnw6UJWNA%40mail.gmail.com.
Re: [qubes-users] Re: wireguard anti leak
On 1/17/21 11:38 PM, evado...@gmail.com wrote: Seems it works with rules below. Is it enough to prevent all leaks? Openvpn has more rules or other rules only drop traffic from proxyvm? Should I worry about this traffic? Is it the way to block it like openvpn solution from docs do for wireguard? Thanks iptables -I FORWARD -o eth0 -j DROP iptables -I FORWARD -i eth0 -j DROP ip6tables -I FORWARD -o eth0 -j DROP ip6tables -I FORWARD -i eth0 -j DROP воскресенье, 17 января 2021 г. в 21:48:37 UTC, evado...@gmail.com: I'm successfully run wireguard now with new Fedora kernel. But have the trouble with leak. Previous openvpn solution use specific qvpn group to prevent leaks. What is about wireguard? How to setup everything to prevent leaks if tunnel will down? Thanks Simply put a firewall VM in front of your VPN VM and only allow the target VPN servers via qvm-firewall. Note that the GUI allows DNS and ICMP by default IIRC, i.e. you'll have to use qvm-firewall directly to implement your rules. This way you'll avoid messing with the Qubes firewall internals. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b2205cb-47b8-ff4d-1026-68b8941caf11%40hobach.de. smime.p7s Description: S/MIME Cryptographic Signature
Re: [qubes-users] Can't access flash drive
Shawn Creighton: I have a Sandisk Cruzer 8GB flash drive I've had for a few years, when I plug it in to Qubes it shows up in the available devices but when I connect it to any appvm it's not rshowing up in the file manager. Other newer flash drives work fine. Any ideas? NTFS format vs. ExFAT possibly. -- - don't top post Mailing list etiquette: - trim quoted reply to only relevant portions - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9305c9c3-86b2-aed5-2dd2-9e80bb6a7f0c%40danwin1210.me.
[qubes-users] Re: HCL - Asus All Series
I might add that at first after installing it gave me a black screen with a blinking prompt. to fix this issue I had to go in the BIOS and change the UEFI settings which had a choice between "windows systems" and "others" De : Stat Pow Envoyé : 18 janvier 2021 08:41 À : qubes-users@googlegroups.com Objet : HCL - Asus All Series Got interested about Qubes and decided to try it on my 9 year old computer. to my surprise it worked flawlessly!!! Not a single error so far, browsed tor/installed templates/packages and played around with most settings and everything seems to be working fine. Only bug I have had so far is Xscreensaver related. I typed my password but the GUI was stuck on xscreensaver and the screen would only update where my mouse cursor was. I had to do a reboot. TPM is a definite no, I saw no options for it in BIOS and neither do I have a card and I have not spotted a 14pin slot on the motherboard. BIOS had no reference of IOMMU but it seems to be working fine, the installer did not throw me an error telling me I did not have IOMMU and all cubes reset without a problem. Good performances no hiccups -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YQBPR0101MB2257585F7FDC289A01B6649ACCA40%40YQBPR0101MB2257.CANPRD01.PROD.OUTLOOK.COM.
[qubes-users] HCL - Asus All Series
Got interested about Qubes and decided to try it on my 9 year old computer. to my surprise it worked flawlessly!!! Not a single error so far, browsed tor/installed templates/packages and played around with most settings and everything seems to be working fine. Only bug I have had so far is Xscreensaver related. I typed my password but the GUI was stuck on xscreensaver and the screen would only update where my mouse cursor was. I had to do a reboot. TPM is a definite no, I saw no options for it in BIOS and neither do I have a card and I have not spotted a 14pin slot on the motherboard. BIOS had no reference of IOMMU but it seems to be working fine, the installer did not throw me an error telling me I did not have IOMMU and all cubes reset without a problem. Good performances no hiccups -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YQBPR0101MB22574C1C4EE94D760DE1254FCCA40%40YQBPR0101MB2257.CANPRD01.PROD.OUTLOOK.COM. Qubes-HCL-ASUS-All_Series-20210118-082645.yml Description: Qubes-HCL-ASUS-All_Series-20210118-082645.yml Qubes-HCL-ASUS-All_Series-20210118-083409.cpio.gz Description: Qubes-HCL-ASUS-All_Series-20210118-083409.cpio.gz
Re: [qubes-users] Re: High dom0 CPU usage by qubesd
BTW, I've started the reimplementation of qubes-i3status as a Python wrapper around i3status. I am trying to be quite conservative – in the default settings, there should be no visible difference except CPU load, periodic freezes and bug fixes (battery status). * Some indicators (battery, load and time) are already present, they just need some adjustments of the format in order to be a drop-in replacement. * Disk status was easy to implement. I just need to verify that it can properly handle the change of default pool. * Running qubes: I need to study the events deeper… * NetVM status – currently, it is disabled and discouraged. I might decide to reimplement this, but I am not 100% sure right now. Regards, Vít Šesták 'v6ak' On Friday, January 15, 2021 at 5:40:38 PM UTC+1 David Hobach wrote: > Hi Vit, > > > * I have many VMs in my computer. > > * I use i3 with qubes-i3status > > * The script qubes-i3status calls command qvm-ls --no-spinner --raw-data > > --fields NAME,FLAGS quite frequently. > > * The command qvm-ls --no-spinner --raw-data --fields NAME,FLAGS seems to > > cause high CPU load. Unfortunately, the process that shows the high CPU > > usage is qubesd, not qvm-ls. > > > > What can be improved: > > > > a. Don't use qubes-i3status. Problem solved. > > b. Optimize qvm-ls. Not sure how hard it is. > > This issue is really old (back from at least 3.2) and caused by each > qvm-ls line relating to one request to qubesd. Actually it was even worse > with 3.2. > > It should improve with 4.1 though, see [1]. > > [1] https://github.com/QubesOS/qubes-issues/issues/3293 > > > c. Optimize qubes-i3status. I am not sure about the ideal way of doing > > that, but clearly running qvm-ls --no-spinner --raw-data --fields > > NAME,FLAGS just to compute the number of running qubes is far from > optimal. > > One could add --running. And maybe it could have been written without > > flags. The script just ignores VMs with the first flag being “0” (maybe > in > > order to ignore dom0) and the second flag being “r” (probably not needed > > with --running). > > Filtering might work in the meantime, yes. > > BR > David > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42dba1a7-e551-46fa-98e1-d8d59d5356f7n%40googlegroups.com.
Intrusion detection (was: Re: [qubes-users] Q: Installing additional software)
unman schrieb am Samstag, den 16.01.2021 um 01:39: ... > Many attacks rely on chaining exploits and loopholes in an assortment of > applications and libraries. > You see this very often in "capture the flag" contests, and in real > world attacks. ... > Are there risks? Of course. Sorry for stealing this thread and jumping to a related topic: If someone is going to attack my digital life I would like to know about it. What do you think about HIDS (host-based intrusion detection systems)? For example https://www.la-samhna.de/samhain/index.html is such a system. While your point about broadening the attack surface will certainly also apply to such additional software it might on the other hand help to get hints that you or more specific a certain qube of yours is currently being attacked. Best regards (oder in Deutsch: Liebe Grüße), Peter Funk -- Peter Funk ✉:Oldenburger Str.86, 2 Ganderkesee, Germany; :+49-179-640-8878 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210118122742.GB32586%40pfmaster-P170EM. signature.asc Description: Digital signature