it running
before I try :)
Have you tried manually installing sddm?
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
&q
rting a second or third
time.
--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To uns
hain is OK:
appVM -> VPNVM -> sys-net
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from thi
g on links in
emails; if you copy-paste first you can review the actual domain name of
the link. And email clients like Thunderbird try to detect phishing scams.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received
oned above).
Kind regards,
Simon
Hi Simon,
Without VT-d the computer is vulnerable to DMA attacks via vulnerable
interfaces such as network and USB. A lot of Qubes users consider this
protection to be important.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20
On 10/12/2017 06:42 AM, Foppe de Haan wrote:
On Wednesday, October 11, 2017 at 10:08:18 PM UTC+2, Chris Laprise wrote:
On 10/11/2017 04:05 PM, Chris Laprise wrote:
I can explain the steps. You may wish to backup your appVM before
continuing.
1. Start a dispVM (I'll call it disp1). Your
On 10/11/2017 04:05 PM, Chris Laprise wrote:
On 10/11/2017 11:00 AM, Franz wrote:
On Tue, Oct 10, 2017 at 2:18 PM, Chris Laprise <mailto:tas...@posteo.net>> wrote:
On 10/10/2017 02:31 AM, Franz wrote:
On Mon, Oct 9, 2017 at 9:36 PM, Chris Laprise
m
On 10/11/2017 11:00 AM, Franz wrote:
On Tue, Oct 10, 2017 at 2:18 PM, Chris Laprise <mailto:tas...@posteo.net>> wrote:
On 10/10/2017 02:31 AM, Franz wrote:
On Mon, Oct 9, 2017 at 9:36 PM, Chris Laprise
mailto:tas...@posteo.net>
<mailto:ta
On 10/10/2017 02:31 AM, Franz wrote:
On Mon, Oct 9, 2017 at 9:36 PM, Chris Laprise <mailto:tas...@posteo.net>> wrote:
On 10/09/2017 08:48 AM, Franz wrote:
Hello,
Trying to save a long document I got an error.
So tried to open a new document to copy
icrosoft.com/en-us/library/cc770943(v=ws.11).aspx
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe
there a fix other than rebooting?
Best
Fran
It probably means there is a logical inconsistency (corruption) in that
filesystem, or it filled-up. You can avoid the latter by expanding the
Private storage max size in the VM's settings.
--
Chris Laprise, tas...@posteo.net
https://twitte
On 10/08/2017 05:34 AM, Sean Hunter wrote:
On Fri, Oct 06, 2017 at 11:55:04PM -0400, Chris Laprise wrote:
On 10/06/2017 11:26 PM, Person wrote:
Cloning VMs is quite troublesome right now, so it is hard to update Fedora and
Debian in order to use NetworkManager.
You can easily install the
tion in this problem
when I upgraded to the latest 4.9 kernels; currently using 4.9.45-21 and
the problem isn't reappearing.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you ar
-template-fedora-25
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving e
address changes.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emai
s?
Qubes: R3.2
Kernel: Supports the one in unstable (4.8.12-12), and in fact requires
it for proper screen resolution support
Remark: What I wrote above, including all relevant links
Hi Tao,
Could you post the report's yml file? Thanks...
--
Chris Laprise, tas...@posteo.net
https://twitter.
On 08/20/2017 11:31 AM, cyrinux wrote:
It is a dock in thunderbolt*
Hi cyrinux,
If you'd like this computer to be listed on the HCL page, could you
attach a yml file from the qubes-hcl-report script?
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5
I've copied my appvms back to /var/lib/qubes/appvms/, but they don't show
up in the VM Manager.
Can anyone tell me how to get these appvms useable again?
Thanks,
Ron
Try using `qvm-add-appvm vmname templatename`.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2
so that at least a few of my AppVMs can access the lan?
There have been a couple discussions about this in the past. In general,
the best way to handle this securely is to connect your LAN-using AppVMs
to a non-VPN proxyVM (sys-firewall for example) instead of the VPN VM.
--
Chris La
having to
manually re-connect many connected appVMs can be daunting. I wonder if
this is already a feature request?
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to
r. Next, link the chosen file to openvpn-client.ovpn.
You could start this script automatically from rc.local using
'systemd-run xterm ' etc.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received thi
es the anti-leak features and is simpler to
install:
https://github.com/tasket/Qubes-vpn-support
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
hing that log, are more processes, more
attack surface.
to add to extremely unlikely, ive only known of one ssh client exploit in the
wild, and i think it was over 10 years ago.
FWIW, AppArmor does work with Qubes VMs and doesn't revolve around a
special launcher.
[1] https://github.com/
m last after a connection is made (probably from
/rw/config/qubes-firewall-user-script).
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"q
of configuration.
Another option: Simply run the Anyconnect client in the appVM (no
proxyVM for the VPN client). This may be the simplest route.
--
Chris Laprise, tas...@posteo.net
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message
es-setup-dnat-to-ns to enable DNS forwarding over the VPN.
Another setting to check is /proc/sys/net/ipv4/ip_forward which should
contain a value of '1'. Also, the iptables 'POSTROUTING' chain should
have a masquerade target:
$ cat /proc/sys/net/ipv4/ip_forward
$ sudo iptabl
l and put the
rpm in the /rw folder of the appVM.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To u
On 07/31/2017 07:54 PM, 'Essax' via qubes-users wrote:
AUTH: Received control message:
AUTH_FAILED
This sounds like an issue with the provider. If they ask for more detail
you can set '--verb 5' for more verbosity from openvpn.
--
Chris Laprise, tas...@openmailbox.or
boot.
Running 'mount' command by itself will tell you if / was mounted as
read-only. If so, you can try re-mounting it with the '-o remount,rw'
options.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1
eems mose usable because you don't have to be
vigilant about escaping different characters... just escaping the extra
quotes should do it.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this mess
d, have you tried escaping the character
with a backslash like this: \&
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&
https://github.com/tasket/Qubes-vpn-support/
I just released it as 'beta' but operation is smooth so far.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribe
On 07/18/2017 06:02 PM, Gaiko wrote:
> On Tuesday, July 18, 2017 at 11:27:00 AM UTC-4, Chris Laprise wrote:
>> On 07/17/2017 07:37 PM, Gaiko wrote:
>>> On Sunday, July 16, 2017 at 9:41:53 PM UTC-4, Chris Laprise wrote:
>>>> On 07/16/2017 09:23 PM, Gaiko Kyofusho wrot
e disregarded.
I'm using Debian 9 appVMs. Issue #2170 doesn't appear to be the same as
this problem.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to th
On 07/17/2017 07:37 PM, Gaiko wrote:
On Sunday, July 16, 2017 at 9:41:53 PM UTC-4, Chris Laprise wrote:
On 07/16/2017 09:23 PM, Gaiko Kyofusho wrote:
Sun Jul 16 21:16:22 2017 us=614593 RESOLVE: Cannot resolve host address:
vpnprovidermod'dname.com <http://dname.com/>: No address
On 07/16/2017 09:23 PM, Gaiko Kyofusho wrote:
Sun Jul 16 21:16:22 2017 us=614593 RESOLVE: Cannot resolve host address:
vpnprovidermod'dname.com <http://dname.com/>: No address associated with
hostname
Hmmm, looks like a malformed address to me.
--
Chris Laprise, tas...@openmailbo
journalctl'.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emai
eally*_ be appreciated.
Have you looked at the openvpn log messages?
Do you see a popup saying the link is up?
Can you ping IP addresses from an appVM?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received th
id
mode but not for regular restore. My guess is the latter is being overly
strict and that this could be a bug...
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscrib
d service. New version will
have a simplified installer, which I will be posting in the next day or so:
https://github.com/tasket/Qubes-vpn-support
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this me
usb as a source; you can
specify any VM that contains the volume.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users&qu
On 07/10/2017 03:15 PM, yreb-qusw wrote:
On 07/09/2017 11:56 PM, Chris Laprise wrote:
On 07/09/2017 11:48 PM, yreb-qusw wrote:
at the end of the VPN CLI setup it says :
==
If you want to be able to use the Qubes firewall, create a new
FirewallVM (as a ProxyVM) and set it to use the VPN VM as
ly all one device
masquerading as multiple devices.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubsc
ld be lauded for creating this process and standing by it; It
guards against the erroneous perceptions people have about "PC hardware"
being a uniform blank canvas for creating an OS.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764
On 07/10/2017 09:28 AM, Gaijin wrote:
On 2017-07-10 02:40, Chris Laprise wrote:
On 07/09/2017 05:35 PM, Gaijin wrote:
I've been trying to setup my VPN using the instructions here: Set up a
ProxyVM as a VPN gateway using iptables and CLI scripts
https://www.qubes-os.org/doc/vpn/
I can ge
/github.com/tasket/Qubes-vpn-support/blob/new-1/rw/config/vpn/qubes-vpn-ns
...then add this to the end of "qubes-firewall-user-script":
/rw/config/vpn/qubes-vpn-ns fwupdate
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4
save button is greyed out and I can only click cancel.
I suggest checking the Devices tab of your netVM to make sure your
network interfaces are available to that VM.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
s a bit without negatively affecting the leak
protection for connected appVMs.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qu
etworking interfaces that you need? For example, if you have
an external USB Wifi dongle, can you add the USB controller(s) to
sys-net and then use the dongle?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You r
not so much for qubes.
i suspect a newer dom0, fedora 25 maybe, would be able to suspend as that works
on bare metal. so, my plan was to wait for qubes-4 first.
Its up to you if you want to run the script and submit a yml file.
Negative reports can be valuable, too.
--
Chris Laprise, tas
my "new net
VM" doesn't have Linux firmware installed.
If this helps.
Thank you a lot.
(Posting back to qubes-users.)
It sounds like you almost got it: The conf file is saved in the
template, not the netVM. After you do that, shutdown both the template
and the netVM,
nities, as they regularly
deal with such protection measures.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" g
Thank you, Bernhard
I'm getting consistent time in my Debian 9 VMs. Do you have your
'ClockVM' setting populated in your Qubes Manager Global Settings? Its
normally set to sys-net.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A
Mitch
Hi Mitch,
If you are not yet to the point of submitting an HCL report (from the
qubes-hcl-report script), it would be best to repost your issues to
qubes-users separately without the 'HCL' subject. This will get more
attention from the other users.
--
Chris Laprise, tas...
number for this laptop?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
One way to address this is to use 'sudo tasksel'
after the upgrade completes; selecting a Gnome desktop will bring in
most of the usual apps.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received thi
te in dom0:
sudo qubes-dom0-update qubes-template-debian-8
Then upgrade:
https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/
I personally prefer Debian because it has more software and its update
process is more secure than Fedora.
Hope that helps!
--
Chris Laprise, tas...@openmailbo
On 07/03/2017 01:51 PM, Chris Laprise wrote:
On 07/03/2017 11:11 AM, ausafrashid...@gmail.com wrote:
I did this exactly and it worked. The Mac address was changed. But can
you confirm it is the right way/most Anonymous way of anonymizing mac
address, because there are some different and very
9 or Fedora 25 will do)
2) check Network Manager version
3) create a settings file in /etc/NetworkManager/conf.d folder.
The "Configuring Qubes with macchanger" section is a separate method
that often fails; it should be disregarded.
--
Chris Laprise, tas...@openmailbox.org
https://twitt
download i would be very gratefull.
cheers
The '3' at the beginning of '3667U' indicates its a third-generation
Core processor. So the module would be 3rd_gen_i5_i7_SINIT_67.BIN.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A
On 07/03/2017 02:09 AM, taii...@gmx.com wrote:
On 07/02/2017 09:18 PM, Chris Laprise wrote:
It may have an IOMMU, but does Xen 4.6 work properly with it? Someone
had reported that a different AMD desktop configuration appeared on
the surface to be IOMMU compatible in Qubes, but in actually it
ly with it? Someone
had reported that a different AMD desktop configuration appeared on the
surface to be IOMMU compatible in Qubes, but in actually it wasn't being
enabled at startup.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4
in pavucontrol.
Anyone have any idea on what may be causing this?
Andrew Morgan
I would guess its a pulse audio setting in your home folder. Easy way
out may be to simply copy your data files over to a new appVM.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5
On 07/01/2017 01:33 PM, motech man wrote:
On Saturday, July 1, 2017 at 5:37:53 AM UTC-5, Chris Laprise wrote:
On 06/29/2017 01:13 PM, motech man wrote:
I updated the fedora 23 template with changes to the hosts /etc/file,
and I noticed that all other VMs that used that template had the
update
ws that the
VM's template has been changed in some way. Shutting down the template
and re-starting the derivative VM is how you make the update take effect
in the VM.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
dom0-update to see if the particular packages are
available to dom0.
It should also be possible to dnf download the packages in a Fedora 23
template, then transfer them to dom0 (which is also Fedora 23) for
installation.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP:
qvm-copy code for a utility that
works in a dom0-initiated mode.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" g
e /16. But you have to consider if there are many (addressable
to you) hosts on that VPN net and if their effective host addresses
range beyond 16 bits; there probably aren't but if so then this solution
may not work.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
your HD which leads to re-sealing with
the new config.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To u
On 06/29/2017 09:09 AM, wordswithn...@gmail.com wrote:
On Wednesday, June 28, 2017 at 4:21:36 PM UTC-4, Chris Laprise wrote:
On 06/28/2017 12:19 PM, wordswithn...@gmail.com wrote:
Thanks, and point taken on not focusing on security implications.
I found a thread from last year where some
f kernel VM 4.4 - but not in case of VM kernel 4.9
I noticed this, too. So reverting a dispVM's template back to 4.4 should
fix it?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this mes
achines like so:
qvm-run -p sys-net "tar -cf - /etc/NetworkManager/system-connections" |
qvm-run -p sys-net-profiles "tar -xf -"
This entails a small amount of risk to the profiles VM (because tar file
is parsed there), but not to dom0.
--
Chris Laprise, tas...@openmailbox.o
sys-net, sys-firewall and VPN.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this grou
ospective
users' expectations carefully as you are working with the compatibility
quirks of Linux multiplied-by Xen (both projects which focus on server
hardware).
Urging attendees to bring machines from more compatible product lines
can help keep the experience a positive one.
--
Ch
used and full of undocumented shortcuts and bugs that greatly
impact non-Windows systems.)
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"
raised with
Qubes, esp when discussing compatibility. There is no strictly
compatible system for Qubes and this makes me think the project should
eventually get into the business of detailed hardware specification...
what ideal Qubes hardware looks like.
--
Chris Laprise, tas...@openmailbox.org
htt
2000 ) ?
I'd guess that the PCI order/ID of your devices changed when you removed
the Radeon card, causing the NIC to no longer be recognized by its old
ID. If you go into Devices tab for your sys-net and remove/re-add the
NIC (then restart) it may work.
--
Chris Laprise, tas...@openmailbox.
ian 8.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving email
ack vectors (as DOM0 is only being used as an input source to
another AppVM which does the heavywork encoding and streaming the data).
This looks interesting... Thanks!
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
r approach?)
I do two things:
* Refrain from clicking links; copy to untrusted VM browser instead
* Turn on https everywhere addon in https-only mode
The latter means that even if I click on a link, the site visited will
at least have some verification (or else it won't load).
--
Chr
h to use current releases you could
try Debian 9 instead; I have been using it for about a year without such
issues.
Only catch is you currently have to follow the Qubes doc for upgrading a
Debian 8 template to 9.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C
On 05/24/2017 03:51 PM, Chris Laprise wrote:
4.9 is working OK so far. I was using 4.8 prior to this.
Additional note: 4.9 seems to resolve a zombie process issue I was
having with 4.8 (domU), and the 4.9.33-18 security update is working
well so far.
--
Chris Laprise, tas
;immutable'. This has the benefit of preventing non-priv-escalation
malware from persisting at startup, and prevents alias shims from
stealing passwords, etc.
The next version can also compare file hashes and deactivate root-level
malware at startup before /rw is brought online.
--
Chr
nd
related xenlight libs. You should be able to find sums for (same
versions of) those files at fedora's site.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscr
On 06/18/2017 10:01 AM, qubenix wrote:
'Vincent Adultman' via qubes-users:
This happens to me sometimes on the current Xen/Linux versions. When I
look at top in the offending VM its "kswapd" that has gone berserk.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.co
ed that the fan was blowing and that's when I noticed the
problem.
This happens to me sometimes on the current Xen/Linux versions. When I
look at top in the offending VM its 'kswapd' that has gone berserk.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
iso.
My hardware might be compromised. Is there a way to confirm without a doubt?
What happens when you grab a console from dom0...
$ sudo xl console vmname
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You
d change that:
http://theinvisiblethings.blogspot.com/2013/08/thoughts-on-intels-upcoming-software.html
Note, this is a desktop PC-focused list so is not the best place to ask
about the dynamics of server/cloud security.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2
On 06/15/2017 11:02 PM, Chris Laprise wrote:
On 06/15/2017 08:15 PM, Steven Walker wrote:
Can anyone give me any feedback on how to setup privateinternetaccess
on qubes. I wrote to pia, and they didn't really give me much help on
how to set this up.
Any help greatly appreciated.
T
-as-a-vpn-gateway-using-iptables-and-cli-scripts
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscr
On 06/13/2017 04:39 PM, LEVIS Cyril wrote:
So :(
I updated tboot in 1.9.5, and same problem.
Try to update to last 1.28 bios, same thing.
So Sad
Did you also specify the parameter min_ram=0x200 ?
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E
partition.
To get a verified copy, its probably easier to download the current
version (1.9.5) from here:
https://sourceforge.net/projects/tboot/files/?source=navbar
...then do normal GPG verification, and use 'make' to compile it and
replace the two files mentioned above.
--
Chr
gular user in there. If that's the case you can disregard the warning.
OTOH, if you wish to satisfy the warning you can set privs like this:
chmod 600 /rw/config/vpn/filename.txt
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D
ore reasonable, and you can
choose to update only from the security repository making the update
frequency even sparser.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you
essie-testing in /etc/apt/sources-list.d/qubes-r3.list.
Sometimes updating the Qubes packages can help with issues like this.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are
), none of them is directly related to
environment variables. So, maybe either some load or delay in rc.local causes
the race condition to be won.
Regards,
Vít Šesták 'v6ak'
BTW, have you tried enabling 'jessie-testing' and updating to see if
that helps?
--
Chris La
in Debian 8 is rather fragile.
Debian 9 has been more stable and its what I've been using for 98% of my
computing needs for the past year.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this messag
parameter... at this stage I
don't know if the newer tboot is the factor that allows my system to
boot with AEM.
An additional issue which I'm still experiencing with AEM is sleep/wake
not working.
My other versions are Xen 4.6.5 and Linux 4.9.28-16 (from qubes*testing).
--
Chris L
ly OK. But if you can turn off NVIDIA in BIOS (switch
to Intel HD graphics) there is a better chance Qubes will work.
A Qubes Live DVD/USB distro is available for download and booting it
will give you an indication of compatibility with your system.
--
Chris Laprise, tas...@openmailbox.org
ition...
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails f
701 - 800 of 1261 matches
Mail list logo