r approach?)
I do two things:
* Refrain from clicking links; copy to untrusted VM browser instead
* Turn on https everywhere addon in https-only mode
The latter means that even if I click on a link, the site visited will
at least have some verification (or else it won't load).
--
Chris La
On 05/24/2017 03:51 PM, Chris Laprise wrote:
4.9 is working OK so far. I was using 4.8 prior to this.
Additional note: 4.9 seems to resolve a zombie process issue I was
having with 4.8 (domU), and the 4.9.33-18 security update is working
well so far.
--
Chris Laprise, tas
'. This has the benefit of preventing non-priv-escalation
malware from persisting at startup, and prevents alias shims from
stealing passwords, etc.
The next version can also compare file hashes and deactivate root-level
malware at startup before /rw is brought online.
--
Chris Laprise, tas
to find sums for (same
versions of) those files at fedora's site.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&q
On 06/18/2017 10:01 AM, qubenix wrote:
'Vincent Adultman' via qubes-users:
This happens to me sometimes on the current Xen/Linux versions. When I
look at top in the offending VM its "kswapd" that has gone berserk.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
was blowing and that's when I noticed the
problem.
This happens to me sometimes on the current Xen/Linux versions. When I
look at top in the offending VM its 'kswapd' that has gone berserk.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB
iso.
My hardware might be compromised. Is there a way to confirm without a doubt?
What happens when you grab a console from dom0...
$ sudo xl console vmname
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You
://theinvisiblethings.blogspot.com/2013/08/thoughts-on-intels-upcoming-software.html
Note, this is a desktop PC-focused list so is not the best place to ask
about the dynamics of server/cloud security.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB
On 06/15/2017 11:02 PM, Chris Laprise wrote:
On 06/15/2017 08:15 PM, Steven Walker wrote:
Can anyone give me any feedback on how to setup privateinternetaccess
on qubes. I wrote to pia, and they didn't really give me much help on
how to set this up.
Any help greatly appreciated.
Thanks
to update only from the security repository making the update
frequency even sparser.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
/sources-list.d/qubes-r3.list.
Sometimes updating the Qubes packages can help with issues like this.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google
is directly related to
environment variables. So, maybe either some load or delay in rc.local causes
the race condition to be won.
Regards,
Vít Šesták 'v6ak'
BTW, have you tried enabling 'jessie-testing' and updating to see if
that helps?
--
Chris Laprise, tas...@openmailbox.org
https
.
Debian 9 has been more stable and its what I've been using for 98% of my
computing needs for the past year.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed
he min_ram parameter... at this stage I
don't know if the newer tboot is the factor that allows my system to
boot with AEM.
An additional issue which I'm still experiencing with AEM is sleep/wake
not working.
My other versions are Xen 4.6.5 and Linux 4.9.28-16 (from qubes*testing).
--
Chris Laprise, ta
. But if you can turn off NVIDIA in BIOS (switch
to Intel HD graphics) there is a better chance Qubes will work.
A Qubes Live DVD/USB distro is available for download and booting it
will give you an indication of compatibility with your system.
--
Chris Laprise, tas...@openmailbox.org
https
...
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails fro
Thanks for the notes! Looks like UEFI (which I don't use) adds an extra
wrinkle to the issue.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google
.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, sen
-in.
https://geti2p.net
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
u'll see that some people
replaced their broadcom cards to get wireless working:
https://www.qubes-os.org/hcl/
Here is a person who had success with a BCM4360:
https://groups.google.com/forum/#!msg/qubes-users/VVwWqvz5dX4/Xbum_4MaCgAJ
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com
On 06/01/2017 08:58 AM, schulzebodo via qubes-users wrote:
Thanks for all the context, Chris. Not sure I'm getting all of this. After
trying to wrap my head around dracut, I went with the following approach:
1. Removed the subvol option from fstab
2. Set the subvolume default of btrfs
3. Run
s. Its more secure and openvpn will try to connect
whenever the proxyVM has access. A slightly fancier version that can be
controlled as a systemd service is here:
https://github.com/tasket/Qubes-vpn-support
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5
. The macchanger scripts are unreliable.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from
to download the config files and use the Qubes-specific
instructions.
As for Turris Omnia router setup, it depends on how much you trust the
security of that router -- generally, openvpn is safer in Qubes than in
router hardware (even the 'impressive' ones).
--
Chris Laprise, tas
-shot commands won't work properly. The
best option is to use Network Manager 1.4.2 or later and turn on address
randomization.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you
4.9 is working OK so far. I was using 4.8 prior to this.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&q
On 05/21/2017 06:11 PM, yreb-bird wrote:
Chris Laprise:
Commenting-out the "persist tun" line causes openvpn to remove and
recreate the tun device for each connection; this works for me.
#this I can handle, works for me too, thankyou
Glad I could help!
--
Chris La
:
https://groups.google.com/d/msg/qubes-users/hKvV7ajyIZ8/Jlvt0OXwBQAJ
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&qu
On 05/19/2017 06:35 PM, pchils...@gmail.com wrote:
On Friday, May 19, 2017 at 4:08:16 PM UTC-4, Chris Laprise wrote:
On 05/19/2017 03:22 PM, pchils...@gmail.com wrote:
Hi,
New user of Qubes. I have a Lenovo W520 specifically for Qubes - got
it installed and running.
The weird thing is I
overlooking something obvious.
Thank you very much for any help, P.
This sounds like the problem David Craig recently posted about:
https://groups.google.com/d/msgid/qubes-users/20170518024816.GA26986%40dlcz.home
Assuming your wifi is Intel, is the iwlwifi module loading?
--
Chris Laprise
n to take place.
perhaps you may have more than one hard disk in your desktop and you may
have installed Qubes on the hard disk that does not boot
Who hasn't done this? :)
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106
On 05/16/2017 10:06 AM, Chris Laprise wrote:
On 05/15/2017 06:46 PM, Sam Hentschel wrote:
Hey All,
Another question, why is it that the qvm-convert-pdf function returns a
file that is slgihtly fuzzy?
I keep lots of copies of important documents that I want to convert to
secure pdfs since
-client.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving e
.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails fro
never connects.
The qrexec.log is empty.
Is there any way get this to boot, or to extract a few files from within it to
dom0?
Have you tried mounting an external drive and then running qvm-backup?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A
On 05/10/2017 01:07 PM, atlahua wrote:
On 2017-05-10 00:22, Chris Laprise wrote:
On 05/09/2017 10:09 AM, atlahua wrote:
Hi there!
I need to be able to start DVM's from different templates
simultaneously. This feature is not available as far as I know.
For this reason I am trying the next best
you to third parties, etc.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this grou
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails fro
there at the moment.
Regards,
Vít Šesták 'v6ak'
Interesting. Thanks!
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&q
and the reports usually center around nautilus
(Files) because that it the most prone to the behavior.
See https://github.com/QubesOS/qubes-issues/issues/2449
I believe its caused by gnome expecting some session-related daemon to
be already running when it tries to start a program.
--
Chris
(see
https://wiki.xen.org/wiki/Fedora_Host_Installation ), so it should work.
Wish I noticed this earlier... There is a newer kernel v4.8.12 in
"unstable" repo and it works very well.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A
ou can try (because I'm recalling my early
experiences with openvpn) is to comment-out the "persist tun" line in
your ovpn file. Openvpn can experience problems trying to re-use tun
devices, and that can cause it to quit when trying to re-connect. This
is the simplest remedy.
-
On 05/05/2017 09:55 PM, Chris Laprise wrote:
$ sudo pkill openvpn
$ sudo /rw/config/rc.local
I meant to say the first command stops openvpn, and the second starts it.
Of course, sys-net also has to make its connection after wake from sleep
before openvpn can re-connect. So check first
can easily see the status, stop it, etc.
OTOH, if you used instructions that include a systemd service like this:
https://github.com/tasket/Qubes-vpn-support
...then you can simply use 'systemctl' functions like stop/start/status
to control openvpn.
--
Chris Laprise, tas...@openmailbox.org
start to drag a file from nautilus
onto another app the dragged icon may freeze in transit along with
nautilus. Sometimes it can stay frozen for 30 sec. or more.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You
g scripts (and bind-dirs), BTW. Another thing is that it can
'clean' (replace) any file in /rw, /home or otherwise if you add the
path+file to the /etc/defaults/vms folder in the template.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4A
On 05/01/2017 03:43 PM, cooloutac wrote:
Does Qubes ever plan on selling iso sticks?
I would like to know. And I've suggested this in the past, but with
DVD-Rs which I think are preferable to USB sticks (even the ones with
hardware write-protect switches).
--
Chris Laprise, tas
ompromised machine enough? I
imagine that would be dangerous.
Thanks for any suggestions.
Since you will probably want to start with Qubes on a non-compromised
machine, I suggest to download and verify using that.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2
of the
PowerPC CPUs (G5) which is a different RISC-type architecture.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&q
2.4 but you're using 2.3 (which doesn't have an ipv6 option).
You could try editing the ovpn to remove the ipv6 option, or upgrade the
templateVM to a version that uses openvpn 2.4 -- instructions for Debian
9, https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/
--
Chris Laprise, ta
t and only wifi in macspoof. Then both
netVMs would be able to run simultaneously.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
&q
way to do this is copy
/rw/config/rc.local to your home dir and remove the --daemon option.
Then 'sudo ./rc.local' will start it and you can watch the messages.
You could also test your VPN config files in a fresh proxyVM (without
scripts) to see if the problem has anything to do with the scripts.
ory exists!
Okay, disregard this. I got it to work.
But on step 4 in the guide you linked, Chris, what do they mean by "Restart the
client and test the connection again... this time from an AppVM!"?
Do they mean restart the VPN Client? IF so, how do I do that? Just restart the
ProxyVM and
oing wrong?
Sincerely appreciate help!
From the appVM, can you ping a known IP address? Then try to ping a
domain name.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are
ipt to use
it instead.
I will submit changes to the doc to clarify the language.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qub
in Step 4 you can add this additional line:
setenv vpn_dns "10.8.0.1 10.114.0.1"
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
some data
formats after a restore.
In the FAQ, it seems like AEM could be mentioned as firmware protection.
IIUC, AEM should be especially effective against remote attacks (against
BIOS/firmware) and I think remote is what most of the document is
addressing.
--
Chris Laprise, tas...@openmailbox
t;
to see -- graphically -- what I mean. ;)
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from
-setup-dnat-to-ns' from a shell gives me
the same errors you posted.
Perhaps the cause is simpler: You may have inadvertently set the netVM
for that appVM to 'none' or enabled blocking in the firewall settings.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2
scripts that create /var/run/qubes/qubes-ns are:
setup-ip
network-proxy-setup.sh
If you have a snapshot of your Debian 8 template, you could diff those
files to see if they changed (acquired a bug).
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A
KDE has a settings tab under 'Window behavior' devoted to activation and
focus, along with a specific focus-stealing prevention setting.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message
On 04/10/2017 11:43 AM, Chris Laprise wrote:
Here is a small script for Linux templates that protects files executed
on startup by...
bash
sh
Gnome
KDE
Xfce
X11
Together with enabling sudo authentication, this is a simple way to make
template-based VMs less hospitable to malware.
Testing
, as they say.)
unman
Yet another option: If the app is easy to install, you can store the
package in /home or /rw and do the install each time you use it.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You
r can be added for TCP as well.
A more automated workaround would be to use `iptables-save | sed` as in
the issue comments (seems like this could be done from the vpn-handler
script).
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4A
it to the VPN VM. (Using
qvm-copy like this to make downloads/uploads indirect can reduce risk.)
I'm not sure what you need with qubes-builder; if your goal is just to
setup a VPN VM that seems totally unnecessary.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP:
On 04/10/2017 05:54 PM, Unman wrote:
On Mon, Apr 10, 2017 at 03:39:26PM -0400, Chris Laprise wrote:
On 04/10/2017 03:17 PM, Chris Laprise wrote:
On 04/10/2017 02:55 PM, Reg Tiangha wrote:
I think I'll try an /etc/rc.local script that deletes /rw/usrlocal and
re-creates just the top dir. Also
On 04/11/2017 12:14 PM, cooloutac wrote:
On Monday, April 10, 2017 at 11:43:55 AM UTC-4, Chris Laprise wrote:
Here is a small script for Linux templates that protects files executed
on startup by...
bash
sh
Gnome
KDE
Xfce
X11
Together with enabling sudo authentication, this is a simple way
On 04/10/2017 03:17 PM, Chris Laprise wrote:
On 04/10/2017 02:55 PM, Reg Tiangha wrote:
I think I'll try an /etc/rc.local script that deletes /rw/usrlocal and
re-creates just the top dir. Also /rw/config and /rw/bind-dirs. Pretty
much the only persistent thing left would be contents of /rw/home
On 04/10/2017 02:55 PM, Reg Tiangha wrote:
On 04/10/2017 12:41 PM, Chris Laprise wrote:
Changing something in /usr/local/bin (or I assume /rw/usrlocal/bin)
requires privilege escalation. If sudo has no auth process, then there
is no challenge for the attacker... they can change /rw/usrlocal
On 04/10/2017 02:04 PM, Reg Tiangha wrote:
On 04/10/2017 11:51 AM, Chris Laprise wrote:
Given the default Qubes security model, its not supposed to matter if
malware can persist. Even the read-only nature of root on
template-based VMs is supposed to be only a beneficial footnote.
OTOH, I'd say
the ability to turn off
execution of /rw contents in templates?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&q
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails fro
/pdf/1703.02874v1.pdf
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
'install' and 'upgrade' actions support (reinstall not)
This sounds like you're using Debian as your updatevm. This is one of
the few reasons I keep Fedora around.
Hope your upgrade works!
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4
against a malicious HDD,
but not currently. Even an AEM-enabled Qubes could be vulnerable to a
DMA attack.
2.Is Debian 9 safer than Debian 8, or Fedora 24 more safer than Fedora 23?
Thanks|
The first three are receiving security updates, but the fourth is not
because its at end-of-life.
Chris
dnf reinstall
kernel-qubes-vm-4.8.12-12'.
If not, try 'sudo qubes-dom0-update kernel-qubes-vm-4.8.12-12
--enablerepo=qubes-dom0-unstable --action=reinstall'
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You
supported protocols along with a
description of their interactivity and flow.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qube
be possible to disable HDMI ports in favor of simpler ones like
VGA. I'm not sure how much input DVI and Displayport allow, but I think
there's a chance that DVI is similar to VGA in this regard.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3
On 03/31/2017 04:21 PM, Chris Laprise wrote:
On 03/30/2017 05:32 PM, J. Eppler wrote:
Hello,
I upgraded my Debian 8 "Jessie" template from Debian Qubes r3.1 to
Qubes r3.2. Now, I have problems with the audio output. When I try to
play audio files I do not hear anything and music pl
de the template from dom0 to
get the template package meant for 3.2.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&qu
I get the feeling when you talk about people contributing, you mean
/other/ people. That's fine, but in my estimation what you're proposing
would take under 30 lines of bash code.
You should write it yourself as a way to learn about Linux and Qubes.
--
Chris Laprise, tas...@openmailbox.org
On 03/30/2017 10:34 AM, Jean-Philippe Ouellet wrote:
On Thu, Mar 30, 2017 at 5:31 AM, Chris Laprise <tas...@openmailbox.org> wrote:
xdotool also lets you inject keystrokes into windows.
With a shortcut-key assignment this can be easily scripted by the user (you
said this was for power
, not templates.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiv
y service is enabled /only/ for the downstream proxyVM.
Once you have it working with default settings, you can try re-adding
your other rules one-by-one while testing them.
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106
not
initiated by the VPN client (i.e. OpenVPN, etc) so restricting by port
number may not be adding anything to link security.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you
oup that has access when using the
doc iptables configuration.
Also keep in mind the Fedora-minimal template has a small problem with
tinyproxy; Installation is normally blocked for some reason. That can
make it seem like the updates proxy refuses to work.
--
Chris Laprise, tas...@openmailbox.org
reading and helping me :)
When you right-click on each VM and view the logs, do you see errors?
Also, have you checked the HCL to see if your model of computer has
compatibility problems with Qubes?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E
t created.
Finally, go into the Global Settings and set the Update VM
(sys-firewall), Clock VM (sys-net) and default netVM (sys-firewall).
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this
he other 7 are wiped out?
Likely the filesystem (FAT?) on the destination cannot handle files over
a certain size. You may want to reformat it with a native Linux fs like
Ext4.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106
(this is found in qubes-dom0-unstable repository).
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubs
Hello All,
Does anyone use an alternate net-vm and have any notes on setting it
up as I am having problems with internet connection? I am going to try
getting it going but wondered if there was an alternative!
Regards,
Chris
--
You received this message because you are subscribed
the other way--using only +i and not root ownership--should work
but I was trying to be thorough. In practice user will probably modify
script as root after using 'sudo chattr' so convenience-wise it doesn't
matter.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You
On 03/14/2017 07:18 PM, Chris Laprise wrote:
# Protect sh and bash init files
chfiles="/home/user/.bashrc /home/user/.bash_profile /home/user \
/.bash_login /home/user/.bash_logout /home/user/.profile"
touch $chfiles
chown -f root:root $chfiles
chattr +i $chfiles
The
Which packages were updated? You can use 'sudo dnf history info '
to find out.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this grou
-keyboard.conf
I think that fixing these before running dracut can rectify layout
issues that begin at boot time (YMMV, this is from years ago).
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"
starting an app. But at least it defaults to double-click instead
of single-click.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
ign a repo
file, therefore an attacker can hold back individual packages withing
what appears to the user as a stream of normal update cycles.
Note: Qubes project is interested in getting Debian into dom0. In the
meantime, its fairly easy to use Debian for templates.
--
Chris Laprise, tas...
dea of a trusted doc format, if such a thing is possible.
But I think that's outside of Qubes' scope at least for now.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
ghosts??
Noisy log files?
I noticed recently that dom0 was holding onto huge amount of logs.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from
On 03/14/2017 12:57 PM, cooloutac wrote:
yes I agree having to click yes in a dom0 popup will not be cumbersome for
most. But is it that easy for the devs to implement?
Its already there, for a long time now. The vm-sudo doc describes how to
enable it.
--
Chris Laprise, tas
801 - 900 of 1196 matches
Mail list logo