[qubes-users] How to set up Internet Connection Sharing over USB..?
Is there any way to set up Internet Connection Sharing using USB..? For example, with an Android phone, you can share its connection with a computer using so-called "tethering". But I want to "tether" the Whonix VM's internet connection to another computer, using USB. The purpose is to use Qubes as a dedicated Tor router, to take advantage of the VT-D protection, but then to use a separate computer to do web browsing, seeing as web browsers are so vulnerable, and I don't want Qubes to be hacked due to a web browser flaw. All I want to run on Qubes is Whonix VM and some kind of Internet sharing over USB. How do I do this..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67657be0-a884-4b0e-8cc9-9ccc8ee7f5c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is there any way to mount a Qubes volume from an external drive..?
I'm not trying to mount the external HDD itself. I'm trying to mount the Qubes installation it. The encrypted Qubes OS that I have installed on the drive. I want to somehow decrypt and read the data from that itself. It's not a VM backup format. It's the actual hard drive for Qubes itself on an external HDD. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18e995c3-fd41-49c8-b2b9-99076e8aa774%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to set up Internet Connection Sharing over USB..?
Alternatively, I could do this with Ethernet. I know that you can right-click the network icon, click "edit connections", go to IPV4 settings, and edit it as network sharing for the WIRED connection. However, this is only going to share the overall connection. I am looking to explicitly share the Whonix/Tor connection only. thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d825c8f-a563-4bfd-8785-b0f5731117fd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to attach Ethernet to a VM other than sys-net..?
If I type "ifconfig" in "sys-net", it's clear that Ethernet is attached to the "sys-net" VM. I would like to attach the Ethernet to the Whonix VM, so that I can use it as a Tor router to route the Tor connection into a 2nd laptop. How do you attach Ethernet to a particular VM..? Does anyone know..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15d9a451-e007-4f87-86bb-91f634488dc2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How to attach Ethernet to a VM other than sys-net..?
Alright. I came to the conclusion that this is all a waste of time. A hacker (especially nation state) would hack your main home router. Then hack your endpoint laptop. Then they can see that both are connected to a dedicated Tor router in the middle, through its MAC address or other identifier, such as device name. So they can see that both are connected to the same dedicated Tor router, and thus, they can see who you are that way. So unless you are confident that you can secure your main home router, then this idea of a dedicated Tor router is hopeless. You would be better off using a QUBES live disc and ONLY use Tor from the very start. As the internal NSA Snowden documents say, "one page request" is all it takes to hack you.. but note, they can only do this page request if you are actually connecting via your real IP address. Therefore, use a QUBES live disc, use TOR ONLY (never mix it up with clearnet), and make sure your BIOS is freshly installed, and then just cross your fingers and hope you don't get hacked while using Tor browser. By all means, use NoScript etc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/37ad9472-69d0-46fa-9502-73c4d3f9c8b8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] WHERE is VT-D implemented..?
Quick question. WHERE is VT-D protection against DMA attacks implemented..? Is it implemented at a particular VM, such as "sys-net" or "sys-firewall" Or is this just built-in to the entire Qubes system regardless of which VM you are using..? If I were to run something like wget google.com within "sys-net" terminal Would that be protected by VT-D..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28354a3a-a7bc-4d91-8d21-76f4201f30e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How do you install external USB WiFi adapters..?
I plug in a USB WiFi adapter. I go to sys-usb, and run "lsusb". It shows up there as, "Bus 002 Device 028: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter" What happens next..? How do I get this to the point where it can be used..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d824fe21-3423-449c-8dd4-57ad18fc24d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How do you install external USB WiFi adapters..?
When you say "restart", do you mean the entire OS, or just restart sys-net..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85586023-cabe-4e6b-87b5-f8aaecb6faa0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
I may need to change "sys-net" from the Fedora template VM, to the Debian template VM. If I did this, would it break anything..? Or does it simply have to be Fedora..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a2414f8-a548-419d-92bf-2a7c4bcdcc39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can TeamViewer or similar work with Qubes..?
I am working on a project with someone. And they want to remote into Qubes with TeamViewer. Will this work at all... or is there any alternative software..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ebd7725-5155-48b2-8539-9ae40f5e4986%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
Can I also ask Is it true to say "enp0s1" is the sys-net equivalent of "eth0" and "wlp0s0" is the sys-net equivalent of "wlan0" Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec853dd6-b6fa-4d6d-8b8f-b06134cbb8b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can TeamViewer or similar work with Qubes..?
OK, that's pretty useless, because I want someone to connect to my PV, not to a win7 HVM. Are there any other options at all..? I guess I could let someone SSH into my VM..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e58efa9-0465-4811-8e34-bf914db566ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to install DHCP in "sys-net"
I am doing a project with someone. I need to install DHCP in "sys-net". I did: sudo dnf install dhcp and sudo dnf install dhcpcd --- After this, I was asked to look for this file: /usr/lib/dhcpcd/dhcpcd-hooks/70-ipv4-nat --- But it just hadn't been created. I don't understand how to install DHCP in sys-net -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/927f22bd-e0f2-4246-a478-7e2143c68e59%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
OK, now, I had real problems trying to switch to debian8. I shut down sys-net and sys-firewall Switched them both over to debian8 First thing, it said "Internet disconnected" in network manager, and simply wouldn't show any WiFi networks at all. Second thing, it wouldn't even open the terminal for "sys-net". So, this really did not work for me. Chris Laprise, what did you do, other than shutting down VMs and changing to debian..? Did you have to shut down sys-usb as well..? Or do I have to do a bunch of other VMs or other stuff..? This certainly didn't work smoothly for me at all. I've switched back over to Fedora just to type this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bacb435-a9d7-466e-a4f3-30c21f7ee570%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
Yeah, what actually happened to me, is that Ethernet DOES work just fine. But WiFi doesn't. So this is actually I think related to this issue: https://github.com/QubesOS/qubes-issues/issues/1526 Wifi no longer recognised in Debian-based sys-net VM after 3.0 -> 3.1 upgrade I have an Intel 3165 WiFi chip. There is something where Debian in Qubes no longer works with WiFi or something. They say to downgrade to a lower kernel.. Errgh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ccb14b4a-149c-4f72-92ba-1119f9fb04a3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Can't get WiFi driver to work in Debian 8
I am on Qubes 3.2 rc2. I have an Intel 3165 WiFi driver. It simply does not work. It works fine in Fedora, but not Debian. According to this: https://github.com/QubesOS/qubes-issues/issues/1526 There is something where Debian no longer recognises WiFi in Qubes Net VMs..? Is this true..? If so, it says to downgrade to 3.18 kernel. So I follow these instructions: https://www.qubes-os.org/doc/managing-vm-kernel/ But then I try going to dom0, and running: "sudo qubes-dom0-update grub2-xen" and it returns: "Cannot download rpm/grub2-xen-2.02beta2-3.fc23.x86_64.rpm: All mirrors were tried" So I just don't get it. Do I need to downgrade the kernel or not..? Does anyone have WiFi drivers working in a Debian8 Net VM..?? And if I do, why is this failing in dom0..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86779166-8c7b-4f76-b87b-554c5a34dbb8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can't get WiFi driver to work in Debian 8
OK. I solved it. The solution is to get the jessie-backports .deb file and install it in the "debian-8" template VM: Go here https://packages.debian.org/jessie-backports/firmware-iwlwifi Then here https://packages.debian.org/jessie-backports/all/firmware-iwlwifi/download Copy the file to debian-8 run dpkg -i firmware-iwlwifi_20160110-1-bpo8+1_all.deb Solved -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07a73682-4b96-4d45-9532-f4d523aea9c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Can't get WiFi driver to work in Debian 8
Obviously restart the Template VM and Net VM afterwards. All solved. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4fb56b1-52c2-4c46-a883-76e19be13746%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] If you change "sys-net" from Fedora to Debian template, will it break anything..?
OK. You need to install the jessie-backports verison of the Intel driver in order for it to work in Debian 8. See my post here where I solved it: https://groups.google.com/forum/#!topic/qubes-users/BJRnCNcDtoo -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88c5921d-c26f-4b8f-a8d5-82226611bd18%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Is it possible to have 2 Net VMs - one for Ethernet, another for WiFi..?
I want to have 2 Net VMs running at the same time. One would hold Ethernet in "Devices" The other would hold WiFi in "Devices" Is this possible? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1825a2b3-2e29-4df1-89e5-20c57c37595b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to add a "sys-firewall" to a NetVM..?
I created a new NetVM to use debian8, rather than fedora-23 It all works fine. But I noticed that the original "sys-net" has a "sys-firewall" tied to it. Do I need to add something like this for my new Net VM, and if so, how do I do it..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88743796-2866-4900-8ec6-3ced381fc0fc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why are Ethernet and WiFi in sys-net..?
Simple question: Why are Ethernet and WiFi in sys-net..? Is it (A) Just for easy access to the same network for all App VMs..? (B) Because this is isolating Ethernet and WiFi from the rest of the system, to stop DMA attacks..? It's not clear to me whether the VT-D protection is occurring because you are putting these devices in sys-net. Or whether the VT-D is implemented regardless of which VM the Wifi/Ethernet are in. I ask this because I want to run some programs in sys-net, and wonder whether a DMA attack could screw up these programs. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b37e397-f889-48fa-8a1d-cbe201e4acdf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] What is the purpose of sys-firewall..?
What is the purpose of sys-firewall..? I noticed that every App VM has its own "Firewall Rules" inside of VM Settings. So therefore, what is the purpose of sys-firewall..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3709cdc5-4d09-47e0-b59b-40a188c3908f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] "Carrying forward" a DMA attack..?
Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet. The Qubes machine is sharing its Internet connection. Let's say the Qubes machine gets hit with a DMA attack. The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for DMA protection. Can the DMA attack be "carried forward" to the 2nd laptop... or is it killed for good by the Qubes machine..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec267260-3504-4533-bb2a-057c30bf653c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK, it's the original poster here. The consensus so far is that anything I run inside sys-net should be vulnerable, and that it is advised not to run programs in sys-net. So, in this case, how am I supposed to run my Ethernet Tor hotspot..? I had somebody write me a script that lets Qubes connect by WiFi to my home router, and then serve out an Ethernet hotspot that runs everything through Tor. The program works fine, but yes, it does run within sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/62d3ca97-2e26-41a8-90e3-4b50f28be1d6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK.. here we go This is my question with a DIAGRAM to help you visualise it: http://imgur.com/a/CTbLk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e5651253-3453-4fa4-8795-1639d599e62f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
NET VM -- -- - WiFi device- -- - Ethernet device- -- - Tor ethernet hotspot script- -- -- - - -Ethernet crossover cable - - LAPTOP 2- --- - - - - - - - Web browser, apps etc - - - - - - - - - --- Question: Could a DMA attack on WiFi device or Ethernet device then take over the entire Net VM, modify my Tor script, and then do whatever, like, leak my real IP, pass all data to the hacker, etc? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c53c0456-5878-43d3-93cf-3fc692cd5ea8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
In terms of "hotspot" terminology, what it does is, quote from author of the script: "it bridges the two interfaces but uses NAT to achieve it" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b5e42ea-e2dc-420d-933a-3c591b75639d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK, but I have already built the script. I have it running in Net VM. It works. I am NOT asking you to make an alternative system. I am simply asking whether an attack on the WiFi/Ethernet in the Net VM could also end up messing up my Tor script. Look at the question again: http://imgur.com/a/CTbLk -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eab8a1ac-0a6f-43c5-b4e4-b905609d1189%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
You said: " Now, if the compromised sys-net can somehow otherwise breach other AppVM's or dom0, you're screwed. " -- Yeah... and surely this is exactly what can happen, no..? We had 2 Xen exploits in the last 1 year. Surely a compromised sys-net can just run a Xen exploit, and can then breach into any other VM, including dom0. This is the whole reason why I decided to use 2 laptops.. because Xen is not secure. So, I think the solution is to simply use a WiFi and Ethernet that do NOT have any bugs in the first place. As far as I can tell, networking firmware in Linux is actually implemented in Linux, and not installed on the actual device itself. Therefore, so long as the driver was open source, then surely it can be audited for any DMA bugs. Here is a comparison of open source wireless drivers https://en.wikipedia.org/wiki/Comparison_of_open-source_wireless_drivers Are there any particular WiFi chips on this list that anyone recommends..? Are certain ones known to be more secure than others..? Because to me, this is where this thread has now ended up. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f9b3201-8fc7-49aa-a457-88afe789596f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
OK, so the main takeaway from your answer: "The card doesn't have a host CPU and so it doesn't require a firmware source" that seems like the most interesting the driver would still need to be bug-free though who knows whether any of these have even been audited thanks for your replies though... very detailed and very useful -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91ed9119-b5dd-49bd-9152-f141d126c3ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
I guess the only other thing I would add is. With Firefox, you have a page "Security Advisories", which lists the history of Firefox exploits. I wonder if such a thing exists for WiFi drivers + firmware. Or even a list of any major audits of WiFi drivers + firmware. If there is some really easy way to see which WiFi devices are the most secure. Something like "security advisories", but for WiFi devices. But I guess if no eyeballs are even looking at the code, then no one will find any bugs. Ultimately, what's needed is a Truecrypt-style major audit. If we could crowd-fund an audit of a major WiFi chip(s), that may be the key. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6848617d-b373-48f5-b103-eb3b634dde65%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
You should realise, I don't actually care if the 2nd laptop is hacked. I'm only trying to protect WHO I am, and not WHAT I'm doing. So I don't care about DMA attacks on the 2nd laptop. I only aim to protect the Tor hotspot thing that is set up in the Qubes system. And for this, I think the solution is to use a safe WiFi/Ethernet device, if these things even exist. Of course, this means that I don't even really need Qubes at all, which you pointed out in an earlier post. I originally thought I needed Qubes for this system but in fact, VT-D simply doesn't do what I originally thought it did. I originally thought VT-D isolated the networking devices themselves. But in fact, VT-D simply allows networking devices to be inside the Net VM. The Net VM still relies on Xen to separate itself from the rest of the Qubes system. Hence, it all comes back to Xen. Maybe Qubes 4.0 and SLAT will make Xen secure. But for now, I think using 2 laptops is more secure, so long as we can be sure there are no bugs in the networking drivers. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b38d7e7-090b-4935-a9ab-4766ef475134%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
Well, entr0py, you are correct. It does indeed come down, to either Xen, or my networking stack. Let me ask... what is the security like for Ethernet..? Let's say I connected to my home router via Ethernet, and also served out the Tor connection to a 2nd laptop, over Ethernet. In this setup, there is no WiFi at all. Would that make things more secure..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7fc44baf-ea60-485d-93c9-faa06fb04bde%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
And yes, by all means, I will use Whonix's system rather than my own custom script. I originally created my own, because I saw that Whonix didn't have VT-D. But then I learned that VT-D is nowhere near as good as I thought. I originally thought VT-D isolates the devices from the Net VM itself. But in fact, VT-D only keeps the devices inside of Net VM... and the security of Net VM itself is still dependent on Xen. So... yes I will definitely look into using Whonix for this rather than my own script. But just to re-iterate my previous question.. do you think Ethernet is any more secure than WiFi. In your answer, you explicitly say to get rid of WiFi, due to security problems... But how about Ethernet..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9774f4fb-2cfd-4848-887e-1a8dcce18c62%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
Very useful info, but what I meant is whether the Ethernet drivers/firmware etc are more secure than the WiFi ones. I wasn't really talking things like RF leakage etc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ecbd7136-a6f1-4bcf-b7c5-8a830ee3c7fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?
Wow. Not even 4 GB of compiled drivers for the WiFi. You are saying it's 4 GB of raw plaintext source code..? WOW That's INSANELY complex. A bit like how people have said phone basebands are incredibly complex, not to mention, closed source. All this wireless stuff in general seems to be super super complex, and thus, prone to security problems. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32cf14ad-eeb5-4557-b9c6-a26460eef5e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Anything else to wipe other than HDD and BIOS..?
If I think a computer has been infected, is there anything else I should wipe/re-install other than 1. Hard Drive / Operating System 2. BIOS Is there anything else that a hacker could possibly infect that needs to be wiped/re-installed..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43647750-ce02-45db-b745-865ffee84df3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
How about Google Chromebooks which have a system to auto-restore the OS if it thinks it's been tampered with..? Or what about a read-only BIOS in the first place..? Is there any reason BIOS can't be read-only..? I basically want a computer which is most easy to wipe/reinstall and then it's truly wiped. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a98dee7a-e27e-4ef9-8036-877f536fa7c9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?
Yeah, Joanna is seriously epic. How about Raspberry Pi..? That seems to have very few components. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b628b960-618f-41da-b0ae-3b15282af050%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Physical isolation using Whonix and Qubes..?
I am looking to use Qubes/Whonix as a dedicated Tor router. And then route a laptop through my Qubes/Whonix system. Main router => Qubes/Whonix computer that acts as a Tor-only router => My laptop for browsing web I want to know how to share the connection of Whonix/Tor in Qubes, with a laptop that connects into the machine physically. I tried asking this question on Whonix forums, but they told me to ask on qubes-users instead, because it is "unsupported". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6be60815-54a4-47de-90b7-fa92052597f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to get NetworkManager in anon-whonix..?
I would like to get NetworkManager to open up for anon-whonix. How do I achieve this..? I am trying to share an Internet connection that is Tor-only. Thus, I need to open the NetworkManager system tray applet thing in Whonix. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dbe2f93d-79c1-4197-b4c0-13e290bb2aa7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Set different NetVM for dom0
How do I change the NetVM used by dom0..? I have sys-firewall as does everyone. But I actually set up a new NetVM a while back, and sys-firewall no longer works for me. Call it "NetVM2". So I want to set the NetVM used by dom0 to "NetVM2", or whatever replace "NetVM2" with the name of the NetVM. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c474d179-f406-41be-9ac6-1c6524a5b84b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sys-firewall no longer works after creating new Net VM
I created a new Net VM, in order to use Debian, and it works fine. But now I want to revert back to sys-net. The problem is that my sys-firewall no longer works. How do I get sys-firewall to work again? It starts up fine, but simply doesn't work. Other App VMs are not getting data through it. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5f2dfb2a-597a-4fc8-81e9-76dec90187dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Failed to add USB controller to App VM
I am using Qubes 3.2 rc2 I need to use an external USB WiFI device. I was told in a previous thread that I need to attach the entire USB controller, rather than just using qvm-usb -a https://groups.google.com/forum/#!msg/qubes-users/o8zUPDdA0Vs/8LkwfalPCAAJ;context-place=topic/qubes-users/o8zUPDdA0Vs However, when I do this, I get the following error message: " Error starting VM 'anon-whonix': internal error: Unable to reset PCI device :00:14.0: no FLR, PM reset or bus reset available " What is the solution here..? I'm adding a USB controller to anon-whonix. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b520cc8f-3d7f-4707-b8f8-9636c3712ce0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Failed to add USB controller to App VM
OK, this seems to be what I need. One further question... https://www.qubes-os.org/doc/dom0-tools/qvm-prefs/ " pci_strictreset Accepted values: True, False Control whether prevent assigning to VM a device which does not support any reset method. Generally such devices should not be assigned to any VM, because there will be no way to reset device state after VM shutdown, so the device could attack next VM to which it will be assigned. But in some cases it could make sense - for example when the VM to which it is assigned is trusted one, or is running all the time. " --- So... if you were to shut down and restart your entire computer (not just VMs), would the device state be reset to a safe state...? Or is this just going to make it unsafe forever..? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11078d82-5423-4e52-96ce-a7cc5b766490%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Failed to add USB controller to App VM
OK this works. For anyone reading this in the future.. yes, it works. You'll notice that sys-usb has False as its setting for this, hence how sys-usb is able to boot without this error message. So yes, set it to False and now USB WiFi networking devices work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13b0f61e-650c-4795-ac1e-db4cc73f17e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] A computer with read-only firmware..?
Does anyone know of any computer that has read-only firmware..? I'm talking, just about anything that could have a virus written to it. Stuff like 1. BIOS 2. GPU 3. Ethernet 4. Mouse 5. Keyboard etc I want this system because then if it is infected, then all I need to do is wipe the HDD and then it's clean again. Ideally the system should only have HDD as persistently writable. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10d3da1d-030b-4230-9c07-e08c3a12f114%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Would USB Ethernet be more secure than WiFi..?
There is talk that Ethernet is more secure than WiFi, due to the complexity of WiFi. So, my laptop only has WiFi. If I were to remove the WiFi chip, and use a USB Ethernet adapter, do you think that would be more secure..? Something like this: https://www.amazon.co.uk/Network-Adapter-TechRise-Ethernet-Supporting/dp/B01JS7U3GQ/ref=cm_cr_arp_d_product_top?ie=UTF8 Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5ec8c014-c00b-4cf8-98da-05415037f466%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Detach a USB mic from sys-usb into dom0
I remember, before I had Qubes with the USB qube, my USB mic seemed to be in dom0. To the point where I could see the USB mic as an option in "Volume Control"/ pavucontrol in dom0. In the volume control mixer, I would be able to select the VM from there, and choose the USB mic as the input device for a particular VM. But now, because I have sys-usb, the USB mic is in sys-usb, and thus, I cannot select it from the dom0 volume mixer. How do I get the USB mic to detach from sys-usb and go back into dom0...? Or is there some way to direct a mic to a certain VM using sys-usb instead? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e486d232-1713-4c80-817c-0e8bda112aad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Detach a USB mic from sys-usb into dom0
OK, here is the solution. I solved it myself. You install "pavucontrol" in the internal VM. Then ,if you look at it, you will see that the USB mic is actually detected automatically. So in fact, no need to detach anything, or disable any USB qube. You just simply install "pavucontrol" inside the App VM. The USB mic doesn't show up in dom0's pavucontrol But it does show up in pavucontrol of the internal VM Solved. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dab90fec-8bbb-4738-a6c4-ed009977d21a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Switch of DMA altogether..?
Qubes uses VT-D and a Net VM to attempt to isolate buggy WiFi adapters from the rest of the Qubes system. But this isolation still depends on Xen not having bugs... And we know that Xen has bugs, and will likely continue to have more going forward. So, instead of VT-D, why not just switch off DMA altogether..? In Debian, you can edit "/etc/hdparms.conf", and do stuff like this: /dev/hdc { dma = on } Why not just do this for WiFi and Ethernet chips in Qubes, and thus, not have to rely on Xen for isolation? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7da00a1d-df99-46fd-8f22-efb638d4f463%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Switch of DMA altogether..?
Presumably through the CPU. We know this option exists for hard drives for a facts. So I see no reason you couldn't get Ethernet + WiFi chips without DMA. Not all devices support switching off DMA, so I can see why Qubes decided to use VT-D + Xen instead. But certainly, I think there are devices out there without DMA. I think you just need to search the market for a Ethernet/WiFi that supports non-DMA. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1dfba313-0f8f-4ddd-83fe-1e61c684ccd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Switch of DMA altogether..?
So are you saying that VT-D does not actually depend on Xen...? With a Xen bug, couldn't a hacked WiFi device just break out of sys-net..? Or not..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0e9712cf-5c52-41d4-92bd-7a5853add4c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
On Friday, 7 October 2016 19:37:50 UTC+1, Achim Patzner wrote: > I think I’ve still got a bunch of NE2000 and early RealTekNICs somewhere in > the cellar – how much do you want to offer? Are you saying that these devices are non-DMA...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e30f1d83-efa0-468d-a1a0-6032f70d7f0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
" The original cards, the NE1000 (8-bit ISA; announced as "E-Net adapter" in February 1987 for 495 USD) and NE2000 (16-bit ISA), and the corresponding use of limited 8-bit and later 16-bit DMA in the NE2000 " That seems to say that DMA is in fact used in the NE2000. By the way, will these cards support modern Ethernet cables, like cat5e...? Do they support Ethernet crossover? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4eb75f1-3a78-48f5-addf-063e014f79fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
Another question... Are DMA attacks on Ethernet are even plausible? WiFi seems much more vulnerable than Ethernet, due to more complexity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/999d2ee0-f6aa-4617-80de-9264d87be87e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK. This is getting confusing. So you are now saying that you can't do a DMA attack over the web..? If I had one computer connected to another via Ethernet crossover, could one computer infect the other via DMA by sending the DMA attack over the crossover cable..? Or can a computer only launch a DMA attack on itself? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a7e0a00-72a4-4939-804b-0687e08bad4f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK, so we've gone from not do-able remotely, to "may or may not be possible", and "this is hard" Are there any proven such attacks on Ethernet? Any proof of concepts? Also, would USB Ethernet make this attack any easier..? Something like a USB Ethernet dongle? http://i.imgur.com/l5ntqFe.jpg -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c874d29-01ff-462b-8dde-6d37dec9cbda%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK, so we've gone from not do-able remotely, to "may or may not be possible", and "this is hard" Are there any proven such attacks on Ethernet? Any proof of concepts? Also, would USB Ethernet make this attack any easier..? Something like a USB Ethernet dongle? http://i.imgur.com/l5ntqFe.jpg -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bcdf1789-0d36-4fd7-bc1c-4dbfb930beb4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
This paper suggests it is definitely possible to attack a network card remotely This is written by the French intelligence agency, "ANSSI - French Network and Information Security Agency" http://www.ssi.gouv.fr/uploads/IMG/pdf/paper.pdf " In [8], we demonstrated how it is possible for an attacker to take full control of a computer by exploiting a vulnerability in the network adapter. This proof of concept shows how it is possible for an attacker to take full control of the adapter and to add a backdoor in the OS kernel using DMA accesses. The vulnerability was unconditionally exploitable when the ASF function was enabled on the network card to any attacker that would be able to send UDP packets to the victim. " -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6da0988-1749-4b72-adb7-2e87f6df68ea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
I've been going through some of the networking modules on my Qubes system. Some of them would indicate that DMA can be switched off entirely, and PIO used instead. For example: b43.ko modinfo -F parm /lib/modules/4.4.14-11.pvops.qubes.x86_64/kernel/drivers/net/wireless/b43/b43.ko pio:Use PIO accesses by default: 0=DMA, 1=PIO (int) --- so.. PIO here would suggest that it's possible to use non-DMA. --- I guess my real question is... would switching off DMA make you safer anyway..? For example, PIO is just going to transfer it to the CPU. At this point, couldn't the CPU just infect your device rather than DMA..? So I'm not even entirely convinced that uaing PIO would make you safer anyway. What do people think..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d79b94e-2180-4ff5-95e7-6f01ecec14ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
DMA allows network card to read/write RAM. DMA attack allows one already-compromised VM to read the RAM of another VM, thus breaching Qubes isolation... unless you use VT-D, although flaws in VT-D have been shown. Remote DMA attack allows packets sent to the network card directly over the web, not even having to compromise your VM first... as demonstrated in the paper by the French intel agency. That is what I understand so far. Hence, why I am asking if using PIO rather than DMA would prevent such attacks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d3ffc8d-8658-4a32-b3aa-7c486b653e15%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Switch of DMA altogether..?
OK, so how about using PIO purely..? A device which can do PIO and PIO only. Would this then be more secure..? Or would the attack just be carried out by the CPU rather than RAM..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3e9f6d8d-901f-42dc-9571-58f832f23a33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Restart sound card "state"..?
When I first installed Qubes, my webcam/mic was plugged in. I have since removed the webcam/mic physically. Since doing this, the sound no longer works on Qubes. I tried booting Ubuntu live disc, and sound works. So it's not a physical problem. I feel like Qubes initially detected a certain "state" or some kind of hardware detection. And now, it's different hardware, so it doesn't play sound anymore. Speakers, headphone sockets.. Simply no sound. How do I re-detect the sound hardware.. or restart the state.. or something along these lines..? Something like what Qubes would do when first installing.. Detecting the hardware..? Something like that. How do I do this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/265bd410-a892-46bf-9b14-811dde0ecc55%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Restart sound card "state"..?
OK. Solved. It was muted in "output devices". -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfc78921-8b88-45e5-8b14-11d28051b864%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] A list of computers that do not "hold state"..?
Does anyone have a list of computers with no writable firmware..? If you get hacked, hackers can deeply infect the BIOS, GPU, WiFi and other components that "hold state". Then, even if you wipe your hard drive after getting infected, you can still just get re-infected again, due to the deep firmware infections. The Raspberry Pi is an example of a device that does not "hold state". Every component on the Raspberry Pi has its firmware and drivers loaded in from an SD card. Thus, if you wipe the SD card, you have truly wiped the device, and can be sure that it is totally clean. Does anyone have a list of similar devices to the Pi, that do not "hold state" on ANY of the components...? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f00af64b-c89e-4451-bec5-8667bc52a5ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Screen recorder for Qubes..?
I see that dom0 has a screenshot tool, but how about a screen recorder tool..? I.e. one that would record video. Sound is not needed, but I certainly need to record many screenshots per second.. Many frames per second. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57173cf7-8ad4-4d6a-aa35-6bed93d77aaf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Screen recorder for Qubes..?
None of this makes any sense to me. There is already a screenshot tool This would just be multiple screenshots per second. I don't see why it isn't possible -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f43a994-6238-4a04-9336-0193cec44d2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Screen recorder for Qubes..?
On Tuesday, 8 November 2016 12:49:53 UTC, Eva Star wrote: > It's not hard to integrate video capturing to my qubes screenshot tool What is the command name for your screenshot tool...? Can it be run on the command line..? Because I'd be willing to just write a script to run it multiple times per second, and then view the JPG / PNG images individually I'd be willing to write that script myself right now and not even integrate it into Qubes or anything... To just do it for myself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a87c04b2-6e0e-46d3-9162-243b78a4795c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QUBES 3.2 won't install... EFI_MEMMAP is not enabled... ESRT header is not in the memory map
I am trying to install QUBES 3.2-rc1 I get onto the screen with penguins, and it says efi: EFI_MEMMAP is not enabled esrt: ESRT header is not in the memory map --- And then it just stays there and doesn't do anything. Is this normal..? Am I just supposed to wait..? Or is there something wrong here...? --- I am able to install QUBES 3.0 just perfectly but not 3.2-rc1 I was also getting stuck on this penguin screen when trying to install QUBES 3.1 as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e7014836-319c-4a9e-89fb-72772aea7145%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 3.0 won't install... "No bootable device"
I wrote the QUBES 3.0 ISO to an external HDD. Then I ran the installation, to install QUBES to the local internal HDD. Works fine. Tells me all done and restart. Yet, it then says "no bootable device", and press ENTER to go back to BIOS boot selection. Previously, I tried installing QUBES 3.1, and I think I may have messed up the steps here https://www.qubes-os.org/doc/uefi-troubleshooting/ I messed up steps 6 to 10, so that may be the problem. In any event... it's at the point where it just will not boot. I don't know what to do. I have a Windows recovery disc, so I am able to re-install Windows 8.1 whenever I want. But I'm really trying to get rid of Windows 8.1 and install QUBES I had no problems installing to an external HDD to test it out.. but now I want it on my main system... and it just won't boot. What do I do...?? How do I get QUBES to boot?? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8c0da20b-3fe9-4ae3-be92-a49cae6eebd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
My EUFI is disabled and i still get the message "bootable device was not found" What do i do? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e27c504f-f075-4db7-97ac-ee338f320fb3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
It was all disabled from the start. It simply will not work. As I say, it can install to an external HDD just fine. Just not the local drive. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d3305aa9-e981-4297-916c-369e0ebeebd0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
In the installer, it shows the USB external HDD, and the local HDD. I am currently in a Ubuntu live disc, and in the partition manager, it shows partition -- file system -- size -- used -- flags /dev/sda1 -- ext4 -- 500MB -- 155.12MB -- boot /dev/sda2 -- crypt-luks -- 698.15GB -- N/A -- N/A -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6eb0265c-03bf-4860-b78b-fc6b4d0d3be0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
One thing I notice is that I used to be able to press F12, and get the HDD as a boot option. Now it's just missing altogether. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd06b03a-d493-416b-9b6d-b0fd599c456c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
OK... This is what I get ubuntu@ubuntu:~$ sudo mount /dev/sda1 /mnt ubuntu@ubuntu:~$ sudo mount /dev/sda2 /mnt mount: block device /dev/sda2 is write-protected, mounting read-only NTFS signature is missing. Failed to mount '/dev/sda2': Invalid argument The device '/dev/sda2' doesn't seem to have a valid NTFS. Maybe the wrong device is used? Or the whole disk instead of a partition (e.g. /dev/sda, not /dev/sda1)? Or the other way around? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3c3c6c4f-2ce1-4173-aa33-a9dc6a95aa33%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
It may be possible that I'm following the EUFI guidelines incorrectly. Replace existing Qubes entry with modified one. Replace with entry number from previous step, /dev/sda with your disk name and -p 1 with /boot/efi partition number): With this for example.. how am I supposed to know the /boot/efi partition number...? What would the number usually be? I have no clue.. errgh. Just my guess... I think I'll leave this one to the experts I am very confused. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/513000c6-f95f-4344-bb88-42f543f3b018%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
OK... I have found a solution. Just use QUBES 3.2 I followed the instructions on the "EUFI Troubleshooting" page for QUBES 3.2. I simply couldn't understand the instructions for 3.1. So instead, the instructions are much easier for 3.2. https://www.qubes-os.org/doc/uefi-troubleshooting/ In GRUB menu1 press e. At the end of chainloader line add /mapbs /noexitboot. Perform installation normally, but not reboot system at the end yet. Go to tty2 (Ctrl-Alt-F2). Edit /mnt/sysimage/boot/efi/EFI/qubes/xen.cfg (you can use vi editor) and add to every kernel section: mapbs=1 noexitboot=1 Note: You must add these parameters on two separate new lines (one paramater on each line) at the end of each section that includes a kernel line (i.e., all sections except the first one, since it doesn’t have a kernel line). Now you can reboot the system by issuing reboot command. --- That's it. Problem solved. It was nothing to do with EUFI or legacy boot or anything like that. As I said, I had already done all the BIOS stuff. Thanks for the help anyway. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f80985e-2c82-4138-a029-deff5dde281d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 3.0 won't install... "No bootable device"
I have to say from a user experience... figuring that all out was hell. When you look at what I did.. I essentially added 2 main bits to the code mapbs=1 noexitboot=1 I really just wonder.. if there's any reason QUBES developers couldn't just add these 2 lines themselves, so that the user doesn't have to do it. I'm not an expert at all, so I could be totally wrong but I really wonder Do any devs know the answer to this..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d992b417-7e2b-4742-a374-13e52df9e018%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question about the SECURITY of backing up QUBES.
I have a question about the security of backing up QUBES. I see that the VM backup procedure lets you back up both template VMs and App VMs, as well as dom0. The question is... let's say that we find out about another Xen escape, like the one from October 2015. At this point, surely we now the consider that the entire system was compromised. So let's then say that we download an entirely new version of QUBES, and upgrade to the latest Xen before doing anything else. What is then the backup procedure for templates and App VMs..? Surely this means that it's not safe to restore the backed up VMs.. seeing as they were present on the old compromised machine? Or what..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6e2f5a0-d6aa-49da-80b7-c90a89d7b2ae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question about the SECURITY of backing up QUBES.
Is it possible that someone who compromised QUBES, could re-write the AppVM in a way that whenever it is loaded up, it re-infects the entire system all over again...? In that case, the only safe thing would be to manually back up the files within the AppVM with some sort of Fedora backup tool. Or is that not an issue... and it's safe to just back up the entire AppVM using the QUBES tool...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4d8500bf-e231-4bd6-bb7d-e70791d65e2e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question on SECURITY of WHONIX VM
I have a question about the security of Whonix, which is used as the Tor VM in QUBES 3.2. My question is... we know that the Tor Browser can be hacked, mainly based on Firefox exploits. So it's very possible that when I'm using Whonix, the Tor Firefox browser gets hacked. So when this happens, and I restart the Whonix VM... is the hack now gone, or is it persistent..? In other words, does the App VM load the browser itself from the Whonix template...? Or, does the browser itself reside in the App VM..? Presumably, if the browser is in the App VM, then the hack is persistent, and I would have to create the App VM all over again in order to clean it up. But if it's in the template VM, then it's wiped clean whenever you restart the App VM. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/98ccf160-e3a8-4300-9fd1-299ac51ac05a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Buying new laptop.. What check should I do in-store..?
I have QUBES running now, but my processor only has VT-X, and not VT-D. So I'm thinking about buying a new laptop just to get VT-D. I want to go into a physical store and try out the live USB for 3.1.. just to make sure that everything is working before I buy the laptop. My question is... what checks should I do in-store..? What do you consider a full list of things that I should check for QUBES compatibility...? Obviously, check VT-X and VT-D. Check whether Wifi works, sound works. etc etc I just wonder what you consider a full list of things to check. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbe1cf8b-d21a-470e-92a9-50f8b66ee3a9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Buying new laptop.. What check should I do in-store..?
Is it worth checking for a BIOS compatible with coreboot or libreboot, or some kind of open source BIOS..? Is it true that if I have a Intel ME processor, but a motherboard that isn't compatible.. that at least this prevents network access to Intel ME...? For example, in my current laptop, there is no mention of Intel ME in the BIOS at all.. etc etc So yeah, just looking for as many different compatibility checks as possible. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bc575262-6754-4f7c-ab91-edf812fb20ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Attaching USB bus/device to VM.. What happens next?
So, let's say I follow the steps to attach my USB bus to a VM. I go into VM Settings and see that it's attached. What next..? Where do I actually find the attached USB devices..? Let's say that I have a USB disk plugged in. Where would I actually now find this device in the VM...? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c24348ed-5363-477d-ba4b-4f990cf8de7f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Attaching USB bus/device to VM.. What happens next?
Am I supposed to attach this Device before or after the VM has started..? The problem is... when I assign it, I get this error message: "Error starting VM. Requested operation is not valid. PCI device :00:1a.0 is in use by driver xenlight", domain test" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e0acfe8-ec35-4631-b74b-d3c05d984011%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Question on DMA attacks
>From the user FAQ: https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d "an attacker could always use a simple DMA attack to go from the NetVM to Dom0" So what does this mean though..? Can they launch this DMA attack from a compromised App VM..? Could they simply do a browser exploit in an App VM, and then do a DMA attack from there to go to dom0..? Or is it a lot harder than that..? I'm just trying to work out whether it's really worth buying a new laptop just to get VT-D I currently have VT-X, but not VT-D. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9077f947-8e42-47c6-a034-fbd089100460%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Question on DMA attacks
But it's still not clear how these malicious packets can be sent to the network card can these be sent after compromising an App VM (via something like a browser exploit)...?? Or can they be sent just purely over the internet itself to any device connected to the web...? Directly send packets just over the web? Or does it require attacking the Net VM, and not just the App VM... however that would be done...? I'm just trying to figure out FROM WHERE the network card could be attacked. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24ed289e-dec9-4d6e-86b8-14763a5bcf37%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Question on DMA attacks
Oh OK. I see you have now updated with a new answer. "The main benefit would be to try and prevent dma attacks from the network card and the netvm, which receives all the packets from the internet" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c59266e7-0738-4ed0-af25-90996a5d1322%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Question on DMA attacks
So essentially, this is isolating the network card/Wifi from dom0.. Just like you create a USB qube, to isolate USB from dom0 But still.. no one has ever shown a proof of concept for this... You see plenty of videos of people exploiting browsers with Metasploit... but no videos of anyone doing DMA attacks Still, I take Joanna's word for it that it's a real thing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3488f64-b5da-4581-a77f-972225ad7bd2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Question on DMA attacks
Wow.. Thanks Marek... That was a very clear explanation of DMA attacks... The best that I've ever seen. Perhaps this should even be posted somewhere on the QUBES website. I think that's convinced me that I definitely need to get VT-D. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0d29dbd-cd47-4191-9048-c4ce0699ce23%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] MP3 support
What is the definitive guide for MP3 support in QUBES..? I just want a list of command to type in the fedora-23 template VM. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b10fc725-6fe3-408b-988f-c2f0424688dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] MP3 support
Yeah. I have a major problem with VLC though. Whenever I close VLC, it causes all the windows for App VM to disappear from the task bar. Then when I open another app, they all come back. It also disables all future VLC playback. Once I close VLC once, it never works again after, until I restart the App VM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/85f0a062-f608-4f99-bc83-9be4e94a265f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] MP3 support
I have to say.. out of everything posted here... the only thing that worked was: sudo dnf install xmms sudo dnf install xmms-mp3 XMMS was the only media player that actually worked for me. At least I got it working though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6786c4c9-6f79-400a-94e8-520b14a3b427%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] QUBES 3.2 taskbar icons are useless - they only show padlock icon
In QUBES 3.2, the taskbar icons don't show the application icon. They only show a padlock, coloured in the colour of the VM. Google Chrome doesn't show the Chrome logo. It just shows a padlock. This makes it very hard to actually open a window, because I have to go through loads of them to even find the right window. Is there any solution to this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cb635b92-128e-4726-b57f-bd95121477ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QUBES 3.2 taskbar icons are useless - they only show padlock icon
How about just being able to group windows by VM..? Is there any way to do that? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46233098-93dd-47b3-804a-aaa65d78602c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QUBES 3.2 taskbar icons are useless - they only show padlock icon
OK, but this only groups the programs next to each other, which means I have to go through each one one-by-one to find which program it is. Is there any way to group them in a stacked way, like there was in QUBES 3.0..? Where there would only be one menu per VM, and then you click it and it opens all the open windows in that VM.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/41d8cd69-43b1-4ea6-badc-72accd1b4890%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] MP3 support
My logs look like this: invalid PResizeInc for 0x540142c (0/0) invalid PBaseSize for 0x540142c (0/0) invalid PMinSize for 0x540142c (0/0) invalid PMaxSize for 0x540007a (2/2) invalid PMaxSize for 0x54010a3 (2147483647/2147483647) It's just loads of errors with the following 4 errors invalid PResizeInc invalid PBaseSize invalid PMinSize invalid PMaxSize -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24d8edc7-e443-4fac-a3aa-1e6f347782b7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Nautilus is broken
Nautilus is broken for me on the fedora-23 template "nautilus: error while loading shared libraries: libicui18n.so.54: cannot open shared object file: No such file or directory" I tried installing libicuil8n.so.54 in the template VM. but it still has the same error message. I did this after manually removing some packages, so this is definitely a screw up on my part, and NOT a QUBES screw-up. How can I get nautilus working again? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25154dbb-b5d3-4e58-b4e5-ed094c8f649f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.