[qubes-users] disabling qubes-network and qubes-firewall serivces not supported with debian 9?

2017-12-21 Thread joonas . lehtonen 
Hi,

I'm in the progress to migrate a custom fedora-based proxyVM to a debian 9 
template,
because debian's longer support cycles.

On my fedora proxyVM I simply disabled
qubes-network and
qubes-firewall
to be in full control of the firewall rules and forwarding.

When I disable these services on the debian template it does not have 
the same effect (i.e. /proc/sys/net/ipv4/ip_forward remains 1).

Is this feature 
qvm-service proxyvm1 -d qubes-network
qvm-service proxyvm1 -d qubes-firewall
 not supported on debian 9 templates or is it currently broken?

I'm on R3.2.

thanks,
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171221155109.C7F654FD6FD%40mta-1.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Unable to start VM after renaming in Qubes Manager

2017-12-16 Thread joonas . lehtonen 
> The data is stored in the private.img file in that folder.
> 
> You can either create a new qube, and then attach the file:
> qvm-block -A  dom0:/var/lib/qubes/appvms/oldname /private.img
> then mount /dev/xvdi in , and extract the data from
> /mnt/home/user
> OR: mount the private.img file in dom0 and qvm-copy the data files to some 
> qube.
> OR: create a new qube, and copy the private.img file to 
> /var/lib/qubes/appvms/new

Thank you I used the last option and it worked just fine.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171216080902.8BAA54EB275%40mta-1.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Unable to start VM after renaming in Qubes Manager

2017-12-14 Thread joonas . lehtonen 
Hello,

it looks like I got hit by a severe problem that prevents me from starting an 
appvm


I searched the bugtracker and it looks like:

https://github.com/QubesOS/qubes-issues/issues/2054

I also renamed a VM and it no longer starts.

The folder under 
/var/lib/qubes/appvms/oldname 
is still present.

What is the easiest way to get access to the data stored in that VM?

thanks!
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171214205906.22D684E772C%40mta-1.openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] feedback for todays kernel-qubes-vm update (4.4.55-11)

2017-04-19 Thread Joonas Lehtonen 


Marek Marczykowski-Górecki:
> On Tue, Apr 18, 2017 at 10:54:00AM +0000, Joonas Lehtonen wrote:
> 
> 
>> Joonas Lehtonen:
>>> Hi,
>>>
>>> just a quick notice about todays kernel update.
>>>
>>> After upgrading, the new kernel 4.4.55 became the new default for all
>>> VMs that previously used the default kernel, but
>>> VMs would no longer boot because they claim that an old kernel the one
>>> that got removed during the upgrade (4.4.11?) is no longer present even
>>> though the VM was configured to boot the default (4.4.55).
> 
>> This was mainly an UI thing. qvm-ls -k displayed it correctly. These
>> affected VMs used to have the now-removed kernel version 4.4.14-11.
>> Qubes Manager just can not display not installed kernels.
> 
> So, Qubes Manager shows still old kernel? Have you tried restarting it
> (Qubes Manager)?

Qubes Manager showed the new kernel (4.4.55-11) while qvm-ls -k showed
the old (removed) kernel.

Qubes Manager got restarted automatically during updating dom0.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7eb3e765-5848-8a3a-e6d0-32df1879deb9%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] qvm-ls says: "WARNING: VM has corrupted files!

2017-04-18 Thread Joonas Lehtonen 


Joonas Lehtonen:
> Hi,
> 
> do I need to worry about that warning? (VMs work fine)
> How can I fix it?

This was related to the recent dom0 kernel update for VMs and fixed with:

qvm-prefs -s  kernel default

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fd9e87d7-0fc7-3a15-2763-6c96aa6892eb%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] feedback for todays kernel-qubes-vm update (4.4.55-11)

2017-04-18 Thread Joonas Lehtonen 
Hi,

just a quick notice about todays kernel update.

After upgrading, the new kernel 4.4.55 became the new default for all
VMs that previously used the default kernel, but
VMs would no longer boot because they claim that an old kernel the one
that got removed during the upgrade (4.4.11?) is no longer present even
though the VM was configured to boot the default (4.4.55).

Easy workaround:
configure the VM to boot 4.4.38 and save.
reopen the preferences and configure it to boot the latest default
-> boot the vm

regards,
Joonas





Installed: 1000:kernel-qubes-vm-4.4.55-11.pvops.qubes.x86_64
Updated: qubes-gui-dom0-3.2.10-1.fc23.x86_64
Installed: 1000:kernel-4.4.55-11.pvops.qubes.x86_64
Updated: qubes-mgmt-salt-dom0-qvm-3.2.1-1.fc23.noarch
[..]
Updated: qubes-manager-3.2.11-1.fc23.x86_64

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a98e3ee3-5808-ce2e-f231-42b5d8b1b83d%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: debian 9 kernel (needed for wifi driver) but failing to build u2mfn against 4.9.0

2017-04-18 Thread Joonas Lehtonen 


Reg Tiangha:
> On 04/17/2017 03:45 PM, Joonas Lehtonen wrote:
>> Hi,
>>
>> I need debian's kernel because the Qubes kernel does not provide the
>> needed network driver.
>>
>> I'm following the steps here to install the in-VM kernel, instead of the
>> one provided by dom0:
>>
>> https://www.qubes-os.org/doc/managing-vm-kernel/
>>
>> The debian 9 template boots fine with pvgrub but qrexec does not work
>> because the Qubes kernel module u2mfn fails to build on debian 9's
>> kernel (4.9.0).
>>
>> Has anyone u2mfn running on debian 9's kernel (4.9.0)?
>>
>> thanks,
>> Joonas  
> 
> 
> Update your Debian 9 template; version 3.2.4 of qubes-kernel-vm-support
> was just pushed out to stable today and that should allow compiling
> kernels higher than 4.8 to work.

thanks, that worked.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/856b2a78-0b73-f991-5644-8439b2bd1042%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] debian 9 kernel (needed for wifi driver) but failing to build u2mfn against 4.9.0

2017-04-17 Thread Joonas Lehtonen 
Hi,

I need debian's kernel because the Qubes kernel does not provide the
needed network driver.

I'm following the steps here to install the in-VM kernel, instead of the
one provided by dom0:

https://www.qubes-os.org/doc/managing-vm-kernel/

The debian 9 template boots fine with pvgrub but qrexec does not work
because the Qubes kernel module u2mfn fails to build on debian 9's
kernel (4.9.0).

Has anyone u2mfn running on debian 9's kernel (4.9.0)?

thanks,
Joonas

>From the log file /var/lib/dkms/u2mfn/3.2.3/build/make.log :

DKMS make.log for u2mfn-3.2.3 for kernel 4.9.0-2-amd64 (x86_64)
make: Entering directory '/usr/src/linux-headers-4.9.0-2-amd64'
  LD  /var/lib/dkms/u2mfn/3.2.3/build/built-in.o
  CC [M]  /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.o
/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c: In function ?u2mfn_ioctl?:
/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:80:23: error: passing argument 5
of ?get_user_pages? from incompatible pointer type
[-Werror=incompatible-pointer-types]
   (data, 1, 1, 0, _page, 0);
   ^
In file included from /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:26:0:
/usr/src/linux-headers-4.9.0-2-common/include/linux/mm.h:1302:6: note:
expected ?struct vm_area_struct **? but argument is of type ?struct page **?
 long get_user_pages(unsigned long start, unsigned long nr_pages,
  ^~
/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:79:9: error: too many arguments
to function ?get_user_pages?
   ret = get_user_pages
 ^~
In file included from /var/lib/dkms/u2mfn/3.2.3/build/u2mfn.c:26:0:
/usr/src/linux-headers-4.9.0-2-common/include/linux/mm.h:1302:6: note:
declared here
 long get_user_pages(unsigned long start, unsigned long nr_pages,
  ^~
cc1: some warnings being treated as errors
/usr/src/linux-headers-4.9.0-2-common/scripts/Makefile.build:304: recipe
for target '/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.o' failed
make[3]: *** [/var/lib/dkms/u2mfn/3.2.3/build/u2mfn.o] Error 1
/usr/src/linux-headers-4.9.0-2-common/Makefile:1507: recipe for target
'_module_/var/lib/dkms/u2mfn/3.2.3/build' failed
make[2]: *** [_module_/var/lib/dkms/u2mfn/3.2.3/build] Error 2
Makefile:150: recipe for target 'sub-make' failed
make[1]: *** [sub-make] Error 2
Makefile:8: recipe for target 'all' failed
make: *** [all] Error 2

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/57e825bb-9d96-bac1-8b0c-e8f00e8a72d3%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations

2017-04-13 Thread Joonas Lehtonen 
https://nvd.nist.gov/vuln/detail/CVE-2016-10229
> udp.c in the Linux kernel before 4.5 allows remote attackers to
> execute arbitrary code via UDP traffic [...]

fixed in [1] (2015-12-30)

It never affected Fedora according to:
https://bugzilla.redhat.com/show_bug.cgi?id=1439740#c2
> This fix was committed upstream in the 4.5 kernel merge window (Dec
> 2015). It has never impacted any of the currently supported versions of
> Fedora.

In Debian it got fixed on 2016-01-5
https://www.debian.org/security/2016/dsa-3434
3.16.7-ckt20-1+deb8u2
https://security-tracker.debian.org/tracker/CVE-2016-10229

Since Qubes VMs depend on dom0 for kernel updates, Qubes user do not get
kernel updates from upstream distros.

- Qubes currently ships kernel 4.4.38 for VMs
Kernel 4.4.38 has been released on 2016-12-10 so I assume it contains
the fix?

- Have Qubes VM kernels (provided by dom0) ever been affected (in the
past of R3.2)?

Since Qubes does not frequently release VM kernel updates*:
Do you recommend to switch to pvgrub and in-VM kernels to be able to
take advantage of regular distro kernel updates?

The upcoming/planed binary packages of coldkernel probably address this
topic as well.

thanks!
Joonas


*) I know, that in-VM security is/should not be relevant for the
isolation between VMs but if someone can compromise all networked VMs
via vulnerabilities in the UDP/TCP/IP stack it is probably as bad as
having no isolation.


[1]
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/639daa54-56a6-abba-4e78-3fdd18a25518%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-10 Thread Joonas Lehtonen 
>> Once your MAC address is randomized you might also want to prevent the
>> disclosure of your netvm's hostname to the network, since "sys-net"
>> might be a unique hostname (that links all your random MAC addresses and
>> the fact that you likely use qubes).
> 
>> To prevent the hostname leak via DHCP option (12):
>> - start the debian 9 template
>> - open the file /etc/dhcpd/dhclient.conf

sorry there is a typo in the file path:
correct file:
/etc/dhcp/dhclient.conf

>> - in line number 15 you should see "send host-name = gethostname();"
>> - comment (add "#" at the beginning) or remove that line and store the file
>> - reboot your netvm
> 
>> I tested the change via inspecting dhcp requests and can confirm that
>> the hostname is no longer included in dhcp requests.
> 
> 
> Thanks. Added as a comment:
> 
> https://github.com/QubesOS/qubes-issues/issues/938#issuecomment-292843628

thank you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da8baa69-eefc-674a-e7d6-e44c4163dabc%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-09 Thread Joonas Lehtonen 
Hi,

if you setup MAC randomization via network manager in a debian 9
template as described here:
https://www.qubes-os.org/doc/anonymizing-your-mac-address/
you still leak your hostname.

Once your MAC address is randomized you might also want to prevent the
disclosure of your netvm's hostname to the network, since "sys-net"
might be a unique hostname (that links all your random MAC addresses and
the fact that you likely use qubes).

To prevent the hostname leak via DHCP option (12):
- start the debian 9 template
- open the file /etc/dhcpd/dhclient.conf
- in line number 15 you should see "send host-name = gethostname();"
- comment (add "#" at the beginning) or remove that line and store the file
- reboot your netvm

I tested the change via inspecting dhcp requests and can confirm that
the hostname is no longer included in dhcp requests.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/69a68b76-9f83-771f-da84-9448790cd4a9%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] ANN: Qubes network server

2017-04-01 Thread Joonas Lehtonen 
Hi,

before trying it:
Is it still maintained? (working with Qubes 3.2)

If so: There are a few formatting errors in the readme that make it hard
to read
https://github.com/Rudd-O/qubes-network-server/blob/master/README.md

thanks,
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eabf2a07-4471-51d6-b13c-a4c77085ebf8%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] debian 9: guid/qrexec crashes (fixed by enabling stretch-testing repo+updating)

2017-03-31 Thread Joonas Lehtonen 
Hi,

just in case others are having similar problems:

I'm running Qubes 3.2.

I created a fresh debian 9 by upgrading from debian 8.

Today the terminal in debian 9 started crashing (closing).

In the logs I saw:

U2MFN_GET_MFN_FOR_PAG: get_user_pages failed, ret=0x2
(or similar - I didn't count the 'f's)

/var/log/qubes/guid.debian9.log contains:
ErrorHandler: BadAccess (attempt to access private resource denied)

used versions in VM:
qubes-core-agent 3.2.16-1+deb
qubes-gui-agent 3.2.11-1+deb
(not sure if the version is truncated since it comes from 'xl console')


Now I modified /etc/apt/sources.list.d/qubes-r3.list
to enable the 'stretch-testing' repo, after upgrading my versions are now:

qubes-core-agent 3.2.16-1+deb9u1 (not truncated anymore)
qubes-gui-agent  3.2.15-1+deb9u1

It no longer appears to crash now.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/792a9840-7201-7aa7-e919-7ba8648a8118%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Qubes-Whonix DisposableVM documentation created

2017-03-26 Thread Joonas Lehtonen 
Are there any optimizations planed?
whonix-ws-dvm takes >50 seconds to start
fedora-24-dvm takes <10 seconds to start

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29b9c740-ee69-ff50-9c64-ea47aa5e0905%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] show NetworkManager for AppVM? (aka AppVM with WiFi device in Hotspot Mode)

2017-03-25 Thread Joonas Lehtonen 
thank you unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e39ae5c9-5219-f23a-e9bf-a9bb87a42d6f%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] show NetworkManager for AppVM? (aka AppVM with WiFi device in Hotspot Mode)

2017-03-21 Thread Joonas Lehtonen 
Hi,

I'd like to use the WiFi adapter in my laptop in hotspot mode.

Target setup:

wired-netvm <->proxyvm <-> hotspotVM (has the wifi device assigned)

(hotspotVM acts as an access point to other devices)


Creating a NetVM with gets the WiFi adapter assigned and using
NetworkManager to create a hotspot is easy and works fine, but in that
case the hotspot has no "uplink" connectivity.

On the other side creating an AppVM and assigning the WiFi device to it
would solve the "uplink" problem, but in that case the NetworkManager
does not show up next to the clock.

Is there an easy way to tell the hotspotVM to show/expose the
NetworkManager icon next to the clock?

thanks!
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d5ba1ef-0f87-c0fe-fa7d-d2aff4aaae7e%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Re: Why doesn't whonix-gw run the latest 0.2.8.x tor?

2017-01-29 Thread Joonas Lehtonen 


cezg...@gmail.com:
> My guess is lack of time and funding. Qubes definitely could need
> better funding. The Qubes team are doing a great job, but they might
> be limited on what they can manage to get done because there are so
> many things on the to-do list.
> 
> Maybe this will change with the new upcoming funding plans, it would
> be very positive change if so.
> 
> For the time being, I suppose you can install your own updated
> Whonix?

This is about the whonix repo (deb.whonix.org) not Qubes repos and the
Whonix repo is managed by Whonix (Patrick).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4c81f910-28f5-93ff-2e62-8075a5affe1c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Why doesn't whonix-gw run the latest 0.2.8.x tor?

2017-01-29 Thread Joonas Lehtonen 
Hi,

whonix-gw apparently uses tor 0.2.8.10, the latest 0.2.8.x version being
0.2.8.12 (released 2016-12-19).

Why is it not updated?
I guess there is very little risk in upgrading from 0.2.8.10 to 0.2.8.12.

I'm using a default whonix-gw template with
deb http://deb.whonix.org jessie main

>From the tor 0.2.8.12 changelog:

>   o Major bugfixes (parsing, security, backported from 0.2.9.8):
> - Fix a bug in parsing that could cause clients to read a single
>   byte past the end of an allocated region. This bug could be used
>   to cause hardened clients (built with --enable-expensive-hardening)
>   to crash if they tried to visit a hostile hidden service. Non-
>   hardened clients are only affected depending on the details of
>   their platform's memory allocator. Fixes bug 21018; bugfix on
>   0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
>   2016-12-002 and as CVE-2016-1254.



https://deb.whonix.org/dists/jessie/main/binary-amd64/Packages:

> 
> Package: tor
> Version: 0.2.8.10-1~d80.jessie+1
> Architecture: amd64
> Maintainer: Peter Palfrader 
> Installed-Size: 3935
[...]
> Priority: optional
> Section: net
> Filename: pool/main/t/tor/tor_0.2.8.10-1~d80.jessie+1_amd64.deb
> Size: 1422520
> SHA256: b36f5e8fc4590f6fa8431e7114fb187ce9f892f406b9bc55cdf28ef611320f89
> SHA1: afb6720c65df114b772d02554f563fdbb385b7b7
> MD5sum: 7a9c9fd5616f51eec6420d3254273ee3



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c79649b-0b96-1696-f94c-08203fdce167%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] qvm-create-default-dvm modifying initial memory value?

2016-12-15 Thread Joonas Lehtonen 
 When I look at whonix-ws-dvm "initial memory" it says: ~2800MB
>>>
 I changed that to 1000MB and everything works again.
>>>
>>> Why that high? 
> 
>> since its preset value was over 2800 I didn't want to reduce it to much
>> but I just found out that something changes that value. (I did set it to
>> 1000 it is now at >1500MB).
> 
>> Is this a bug? Or can I disable this auto-adjustment?
> 
> Ah, I forgot it's adjusted at qvm-create-default-dvm call time. Based on
> memory usage inside of VM. It looks something use that much memory in
> Whonix-ws based DVM... Try running 'top' there (switch to sorting by
> memory with '>' key).

OK I played around some more and when setting initial memory to 400MB it
gets only increased to >420MB, that should be fine.

When starting a xterm-dvm 'top' says only 315MB memory are used.

I consider this as solved and I will reset it to 400MB from time to time.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/dfb65df7-990a-b340-901a-b58efa31ff09%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] qvm-create-default-dvm modifying initial memory value?

2016-12-15 Thread Joonas Lehtonen 


Andrew David Wong:
> I don't understand. Isn't the target TemplateVM shut down when
> qvm-create-default-dvm is called? How could it be using any memory
> while it's shut down?

This is not about the initial memory of the used templateVM (in this
case whonix-ws) but about whonix-ws-dvm. (qubes manger -> show interal VMs)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5b4d6550-be8c-25ab-c39c-906ef6519539%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] qvm-create-default-dvm running out of space

2016-12-15 Thread Joonas Lehtonen 
>> I haven't encountered this before, but it sounds like the Tor Browser
>> update might've pushed you over the default 2 GB size limit. Maybe try
>> increasing the size of your DVM template?
> 
> Storing savefile in /dev/shm (tmpfs - stored in RAM only) is an
> optimization to load it faster. Normally this file takes about
> 300-400MB, so should be well below 2GB limit... It's size depends on
> memory amount used in DispVM. 
> 
> First I'd check what other files you have there and in /tmp - maybe some
> old unused stuff. 

/tmp is basically empty (avail: 2GB)

I also tried to increase it to 3GB via
mount /tmp -o remount,size=3G

but that did not help.

When I look at whonix-ws-dvm "initial memory" it says: ~2800MB

I changed that to 1000MB and everything works again.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e7220893-513a-b8e6-0890-1ea52b73669f%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] qvm-create-default-dvm running out of space

2016-12-15 Thread Joonas Lehtonen 
Hi,

when trying to recreate  the dvm after the latest torbrowser update I get:

qvm-create-default-dvm whonix-ws

[...]
DVM savefile created successfully.
cp: error writing '/dev/shm/qubes/current-savefile': No space left on device


And DVM starting fails after that obviously.

Do I have to resize /tmp to work around that problem? (2GB by default)

thanks,
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ef15b350-f4ca-96cf-f66f-92f8f108564c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: "What does "supported" mean"? was: Re: [qubes-users] Fedora 24 Template for Qubes 3.1?

2016-11-22 Thread Joonas Lehtonen 


Marek Marczykowski-Górecki:
> So, expect Fedora 24 template being supported in R3.1 soon too :)

Thank you!
Looking forward to the announcement.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cc4ed7bf-7a05-ee23-6730-5bbe9094c584%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Fedora 24 Template for Qubes 3.1?

2016-11-20 Thread Joonas Lehtonen 
Hi,

since Qubes 3.1 is supported until 2017-03-29
according to
https://www.qubes-os.org/doc/supported-versions/

does that mean we will see a Fedora 24 template for R3.1 before Fedora
23 reaches EOL?

thanks,
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca965017-c5c4-52a4-4d35-0211c994ca40%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Trying to do an in-place upgrade from 3.1.17 to 3.2

2016-11-05 Thread Joonas Lehtonen 


Richard:
> I'm trying to upgrade my Qubes 3.1.17 to 3.2  I've followed the steps 
> outlined here: https://www.qubes-os.org/doc/upgrade-to-r3.2/  However, when I 
> run...
> 
>sudo qubes-dom0-update --releasever=3.2 qubes-release
> 
>   I receive:
>   Nothing to do
> 



I'm also following steps in
https://www.qubes-os.org/doc/upgrade-to-r3.2/

but having the same problem ("Nothing to do.").

Maybe because there are simply no packages in
http://yum.qubes-os.org/r3.2/current/dom0/fc20/rpm/
?

There is a package here
http://yum.qubes-os.org/r3.2/current-testing/dom0/fc20/rpm/
(as mentioned by Holger)

(just in http://yum.qubes-os.org/r3.2/current/dom0/fc23/rpm/)

What are the recommended steps?
Will the package in r3.2/current-testing move one day into r3.2/current?

thanks,
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/72241e73-947a-6d13-b4c6-894a86a71be7%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Security announcement mailing list? [and others]

2016-10-23 Thread Joonas Lehtonen 
>> I'm not sure if it worth it. There is not much such announcements. On
>> the other hand, this may be exactly the reason for having a separate
>> mailing list for this. 

I would also love to see a QSB-announce mailing (especially because
qubes-users is quite active, and only subscribing to qubes-users to
filter for "[qubes-users] Announcing QSB #" is not the best way to
handle the current lack of QSB-announce).

I guess it is not a big effort for you to create one more list and send
the QSB's to one more recipient.

Looking forward to be able to subscribe to QSB-announce :)


> For now, we have already some non-email channels
>> for announcements:
>>  - @QubesOS on twitter - every security and release announcement is
>>duplicated there
>>  - https://www.qubes-os.org/news/, with its RSS/Atom feed; but we don't
>>link security announcements there - maybe we should start?
> 
>> If you think additional ML channel would be useful, then sure, we can
>> create one.

Thanks for considering it!
Joonas

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/66816335-e97f-c4f4-b289-03386692d149%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature