[qubes-users] Re: guid.conf for disposable VMs
On Saturday, December 2, 2017 at 9:26:36 AM UTC-8, tech...@tutanota.com wrote:
> Hi,
>
> I understand generally how to customize guid options via the
> /etc/qubes/guid.conf file in Dom0 as per
> https://www.qubes-os.org/doc/full-screen-mode
>
> My question is, if I want this to effect disposable vms only, not globally,
> what do use for the VM name in the VM: {} block in the file?
>
> Thanks.
You should be able to get full screen regardless with ALT+F11
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5a303512-1aa9-4555-9faa-12280ab5db08%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows 10 on Qubes (freeRDP)
How well does it work just installing in a standalone hvm? can you pass usb devices? if not the qubes filtered "filesystem only" etc flavor, then raw usb pass through? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a4677f24-514f-4f35-b065-4c5070e7d480%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: new Desktop build recommendation
On Thursday, December 7, 2017 at 12:23:18 PM UTC-8, Wael Nasreddine wrote: > Hello, > > I'm looking to build a new Desktop specifically for Qubes OS, so my most > important requirement is compatibility. I currently have 64GB (4 x 16GB) > 288-Pin DDR4 SDRAM DDR4 3400 (PC4 27200)[0] that I'd like to use, and I'm > looking for a recommendation for the motherboard and CPU. Preferably a 6+ > cores CPU. What do you guys use? > > I'm aware of the HCL page, but I'm mostly interested in knowing your personal > experience with your current hardware. im using a super micro c7z170sq, which mostly works, but ive never gotten the ps2 ports to work, so no sys-usb. the cpu is a 4 core skylake. > [0]: https://www.newegg.com/Product/Product.aspx?Item=N82E16820232264 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f38f9f56-0b7c-4d6d-8e82-0d21ed27a712%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installing Virtualbox within Qubes
Heres one way to run vagrant on qubes. https://gist.github.com/xahare/0f2078fc8c52e7ddece1e5ba70c6d5fc But this is slow. You could also make a vagrant server and use that, or even share it with your co workers. heres a convenience script for that, https://gist.github.com/xahare/1db2970b7b684c0d54c0c15cc32afb98 If your going the virtualbox route, and you want gui desktop access, you can enable vrde in your vagrantfile. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eb8f846b-b252-4107-a72a-06dfc2843094%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] specter, meltdown, and dom0
Since someone has to start this thread, Does dom0 matter here, or would patching xen fix this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bde033de-dcc0-4f24-bada-19c9f6baa4a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes app menu keeps old templatevm entries.
The app menu, top left, keeps entries for old template VMs. is there a way to get rid of them? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c5aacdf-98b1-4ccd-83db-aa77ccba1bc5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes app menu keeps old template vm entries
The qubes app menu (top left of screen by default) keeps entries for template vms. is there a way to get rid of them? running 3.2 with the default xfce -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b13b9e5-1dec-48f7-a5e0-f03b5d2eb57c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)
what about the cpu microcode? can a package be backported for it? or does that have to be done through xen? fedora 26 has some (theoretical?) protection against meltdown, maybe qubes-4 should update dom0 to that in the rc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e166d5cb-5635-4647-8bbf-bebb463120fd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Lenovo ThinkPad, won't boot
On Monday, January 15, 2018 at 3:23:55 PM UTC-8, demio...@gmail.com wrote: > My Lenovo ThinkPad fails to boot after installing Qubes. I had to boot the > USB drive via legacy boot for Qubes to install at all, but the EFI setup > doesn't happen. what model? If its new, you'll probably have more luck with 4.x. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc3c0e95-d24e-4849-adf7-06ad3dc9018b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Another "Best Hardware" 4 VMs setup question.
On Saturday, January 20, 2018 at 10:51:54 AM UTC-8, Stumpy wrote: > I have been reading through the forum about the various recommendations > for hardware. The general consensus seems to be "more mem and ssd > drive". I am running 3.2, have 16gb mem, and a Samsung ssd drive and it > still takes 10 sec (timed it) to put up a terminal in a new vm. While I i have much faster hardware, takes 11 seconds to start an appvm, and a new terminal in it. 16 gigs is the sweet spot for most average uses. 8 gigs is tight. > can tolerate that I'm really wanting to explore options that can give me > a faster start up for apps (and appvms). Its been awhile since I bought > my CPU so I can't remember what it is beyond a i5, if the /proc/cpuinfo > is right (its a bit confusing for me as I don't understand if its > showing the nfo for the proc or a virtual proc?) then I have a Intel > Core i5-4570 CPU @ 3.20GHz and it displays for processor 0 and processor > 1 so I will go out on a limb and assume its a dual core? its a 4 core,4 thread. https://ark.intel.com/products/75043/Intel-Core-i5-4570-Processor-6M-Cache-up-to-3_60-GHz this shows in /proc/cpuinfo in dom0 (qubes 4). appvms default to 2 virtual cpus. thats what your seeing. > > Considering my current setup, and the fact that I wholly plan on > upgrading to qubes v4 once its stable, and that I am willing to fork out > for a new system (though with a pretty limited budget ~500) could anyone > make suggestions on the most logical route to take? (hopefully not "grin > and bear it"). > Cheers wait till this speculative execution mess (meltdown, specter etc) is cleared up before choosing or buying new hardware. > PS I have 30 VMs BUT don't usually run more than 10 at a time (due to > mem i guess) but would probably run about 15 regularly if I could. 16 gigs of ram should be ok for that, but id go for 32. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/23d4d86b-1ad5-4be0-960d-cc4027d0b4b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes 4.0, fedora-26 template, intermittent trouble opening an appvms file manager
qubes 4.0 rc3 fedora-26 template running the file manager from a menu will always start an appvm if its not running. but it wont always run the file manager. running terminal, or any other apps always works. running nautilus from terminal always works too. just not the file manager. but, sometimes, the file manager will work from the menu. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68257294-7626-46d0-9920-232cc8cc78a6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] help, trying to make custom launchers
qubes 4.0rc3 Id like to make custom launchers for two purposes 1. easily run apps from custom dispvms. using shell scripts for now. 2. make alternate launchers with different icons. for example, the twitter bird icon in a twitter app-vm. tried making desktop files in ~/.local/share/applications, but they dont show up in menus. what else does one need to do? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3dd5f9d3-0a95-41db-853a-b75092983596%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes 4.0 hvm crashes on boot after probing EDD
starting a standalone hvm with qvm-start myhvm --cdrom=myappvm:/home/user/Downloads/linux.iso the bootscreen quits just after Probing EDD (edd=off to disable)... ok -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/caa2c6a1-d6d7-4a10-90d0-cfe48af776b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] which linux works well as a standalone hvm in qubes-4.0?
has anyone gotten a linux desktop with more than 800x600 in hvm in qubes-4? ive tried the linux-HVM-tips. with ubuntu, X -configure usually crashes weather or not its run from console. even then, modding the file and putting it in /etc/X11 seems to have no effect. the installer for ubuntu 17.10.1 runs in 1280x720, but goes back to 800x600 after installation. Fedora27s installer wont boot. before i got trying a million distros, has anyone else gotten this to work? my goal is to run virt-manager for windows displays on a remote vagrant-libvirt box. vmm wont run in an appvm due to conflicting xen libraries with a fedora-26 or debian-9 template, though this did work with debian-9 and qubes-3.2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bf86d7bd-89df-45de-be4d-7bd6c9ece1db%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: which linux works well as a standalone hvm in qubes-4.0?
On Wednesday, January 24, 2018 at 7:25:50 PM UTC-8, pixel fairy wrote: > has anyone gotten a linux desktop with more than 800x600 in hvm in qubes-4? For anyone looking, fedora-26 works with a few resolutions.couldnt get the fedora-27 installer to boot, but you can update from 26 just fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ff7dced-e17d-4d4f-b530-82c801cbf4a3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes OS 4.0-rc4 has been released!
Can you clarify which specter variants will be mitigated and how? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f9d0226-8d12-4789-bbf6-51daf2dcdea6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: dd command to creat an .iso from the win7 cdrom please
you need the device entry of the cdrom, usually /dev/sr0 or /dev/cdrom. if you mount the cdrom, and type "mount" you should it in the first column. its been a long time since doing this. you can also download the windows 7 installer from microsoft here, https://www.microsoft.com/en-us/software-download/windows7 the first command below makes the iso file, with sudo meaning "so this as root" (kinda like administrator in windows) and the second gives the iso back to you, cause otherwise its owned by root. sudo dd if=/dev/cdrom of=windows7.iso sudo chown user.user windows7.iso -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe69c271-7036-42e0-a15a-91dc7b53a00f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] noscript xss warning on qubes os site
noscript, the firefox extention, pops up the following about the qubes site, NoScript detected a potential Cross-Site Scripting attack from [...] to https://www.qubes-os.org. Suspicious data: window.name -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/799216a9-386d-45e2-a05f-17b045a4645d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] noscript xss warning on qubes os site
On Thursday, February 1, 2018 at 3:31:45 AM UTC-8, awokd wrote: > Not seeing this in Tor Browser 7.5 with Noscript 5.1.8.4 when I browse to > https://www.qubes-os.org. Where are you seeing it? firefox on fedora-26. install noscript, look at the qubes site. go to other sites. maybe restart the browser, and you get that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cce8b631-04df-4560-bb62-301ae04df78a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] performance hit with 4.0rc4
reinstalled over 4.0rc3 and vms take much longer to start now. it usually takes a few seconds before getting the notification that an app vm is starting. firefox performs fine, including youtube in full screen (1080p) chrome is a bit jumpy in most use, but plays video fine as long as it not full screen blender is noticeably slower, but still usable for small scenes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e4aee63-30bb-4329-a45d-5a7ab232a67c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: performance hit with 4.0rc4
On Wednesday, February 7, 2018 at 6:54:32 PM UTC-8, pixel fairy wrote: > reinstalled over 4.0rc3 and vms take much longer to start now. it usually > takes a few seconds before getting the notification that an app vm is > starting. > > firefox performs fine, including youtube in full screen (1080p) > > chrome is a bit jumpy in most use, but plays video fine as long as it not > full screen > > blender is noticeably slower, but still usable for small scenes. If theres any strait forward way to debug this id love to. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1757531-2f67-4c9e-bc10-f687cd03d4ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start
[user@dom0 ~]$ time qvm-start personal real0m23.517s user0m0.182s sys 0m0.065s [user@dom0 ~]$ time qvm-start alpha real0m23.801s user0m0.191s sys 0m0.056s [user@dom0 ~]$ time qvm-start alphax real0m32.831s user0m0.193s sys 0m0.059s starting with debug turned on takes 46 seconds. it shows a console window with SeaBIOS Machine UUID Booting from ROM... Probing EDD... 15 seconds for the console window to come up, with the first 3 lines 8 seconds later for Probing EDD to come up 23 seconds after that for the VM to start and the console window to go blank. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a49c3481-a3c1-4147-8efe-47277079974e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start
Fedora. just tried debian. 44.286s seconds. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a025ca67-8aa1-4097-a096-372ec3e41fe3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start
On Wednesday, February 14, 2018 at 4:58:06 PM UTC-8, pixel fairy wrote: > Fedora. just tried debian. 44.286s seconds. Forgot the hardware. i7-6700, 64gigs ddr4, supermicro c7z170-sq, onboard intel graphics. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7cc90ae0-f905-4f99-beef-90c3fc4dbc09%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start
pvh. the hvm ones took even longer. looked at a couple systemd-analyze, one of them had 10s for dkms and 40 for qubes-update-check, even though that one only took 25s to boot, at least according to dom0. could whatever tells dom0 a guest is up have run before that? will play with this more and get back to you. turns out the qvm-pref debug doesnt matter in boot time. its hvm that takes around 40 seconds, and pvh that takes around 25. a standalone hvm with no os installed took 16 seconds to "start" this started happening after installing 4.0rc4 over 4.0rc3. had to qvm-prefs the restored vms to pvh. at first i thought it was just the performance hit from mitigating speculation vulnerabilities, but others were reporting better performance in rc4 than rc3. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e15ed300-e888-4cbc-99a7-5ecc82323d8a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start
On Friday, February 16, 2018 at 4:07:10 PM UTC-8, Marek Marczykowski-Górecki wrote: > Yes, there is "xpti=false" option for Xen command line (xen.gz option in > grub, or options= line in xen.cfg for UEFI). tried that by editing the multiboot /xen-4.8.3.gz line while booting. no change. maybe its a different change between rc3 and rc4. seems like a stretch, but one that only affects supermicro c7z motherboards? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f3f5438-a930-4abb-9435-06adf92359e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: DispVM Firefox through TOR
On Wednesday, February 21, 2018 at 2:15:56 PM UTC-8, klausd...@mail2tor.com wrote: > Is it possible to root a Firefox instance of a DispVM trough Tor? > > Were can i change the netsys to sys-whonix for Disp´VM? > > Thank you very much :) just set the network vm in the vm settings basic tab. in qubes 3.2, this is in the qubes manager. in 4.0 its in the Q menu on the top left. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a6756b0-6572-49dd-851f-aa689160ce7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: DispVM Firefox through TOR
On Wednesday, February 21, 2018 at 3:18:34 PM UTC-8, pixel fairy wrote: > On Wednesday, February 21, 2018 at 2:15:56 PM UTC-8, klausd...@mail2tor.com > wrote: > > Is it possible to root a Firefox instance of a DispVM trough Tor? > > > > Were can i change the netsys to sys-whonix for Disp´VM? > > > > Thank you very much :) > > just set the network vm in the vm settings basic tab. in qubes 3.2, this is > in the qubes manager. in 4.0 its in the Q menu on the top left. correction, when using disposable VMs in qubes-4, you have to use the "Q" menu on the top RIGHT, not left. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16c20591-23e1-4a53-b313-a95d1adfa792%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is Template concept unique to Qubes?
On Sunday, March 25, 2018 at 8:08:19 PM UTC-7, franc...@tutamail.com wrote: > Security considerations aside, it's so convenient having shared root > filesystems that can be updated once for multiple child-VMs. Is this feature > unique to Qubes or is something like this often replicated when using other > hypervisor systems? > > Specifically, I want to run a **not**-secure bleeding edge testbox that has > gpu acceleration in dom0. (Example: archlinux + KVM). I know > thin-provisioning (COW?) will allow one copy of OS on the filesystem to be > re-used but is it possible to base multiple VM's on a single template like > Qubes? Thanks for reading. docker and vagrant come to mind. you could also do this yourself the same way qubes does it with a root template and machine specific home disk, or some shared storage if that doesnt work. vagrant has a way to update and rebox existing vagrant boxes so you dont have to rebuild it every time you want to update. so theres that, or scripting it yourself with virsh or one of its bindings. heres some notes on using kvmgt with libvirt, https://github.com/TobleMiner/KVMGT if you do this, dont forget to make a usb canary, and maybe use the iommu to wall of other scary ports. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c5337ef-1020-4d99-9549-e07785ca3524%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] clarification on usb qubes
Still shopping for a good laptop. >From reading this, https://www.qubes-os.org/doc/usb/ I gather you can make a usb qube, attach your mouse to it, then use it from dom0, though it would be possible for the usb qubes to spy on or mess with your mouse if its infected. So, if you only have one usb qube, would the process look like this? 1. unplug mouse 2. restart usb qube 3. run your app relying on your laptops touch pad 4. restart usb qube again 5. plug your mouse back in 6. reassign mouse back to dom0 I dont mind doing this, Its similar to how i already use the usb vm on my current laptop. Just want to make sure the process is right because it affects laptop selection. Is it possible to have multiple usb qubes, one for each controller? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2bd48ed4-eb45-4d85-b345-a7041953d41a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] clarification on usb qubes
On Saturday, June 4, 2016 at 7:02:19 PM UTC-7, Marek Marczykowski-Górecki wrote: > > > > Is it possible to have multiple usb qubes, one > > for each controller? > > Yes, if you have multiple USB controllers. Which is quite rare > nowadays... > > Thats why im holding on to my current laptop and shopping around. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/144e2854-cc8c-41eb-a079-c8ae831b58a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Qubes install on EFI MacBook Pro
On Monday, January 2, 2017 at 11:51:08 AM UTC-8, xxdea...@gmail.com wrote: > Starting a new thread, as the previous seems to be mislabeled at this point > (Empty Xen.cfg after install). > > Booting from the install media for Qubes 3.2 works 100%, and so far, I've > used the automatic partitioning to do all of the work for me. Anaconda uses > a trick for EFI Macs (ie. Macs that can no longer boot into "legacy" BIOS > mode) that creates an HFS+ ESP partition, ostensibly to boot the final > product. This tricks the Mac into thinking that there is a bootable OS X > installation on the which macs have you tried this on? ive been playing with this on an 11,3 and had to install to an external and update to qubes-unstable to get it boot (maybe some efi incantations could allow qubes-stable, ill try that later) just tried it an hour ago and it lasted about 7 min before freezing. also, have you had problems with filevault? every time i boot qubes, i have to reset the filevault key. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/45570423-9bf7-4067-8136-c32b4c3932d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] lemur7 Unable to reset PCI device
used a working desktop to install and update to qubes-unstable. this time the
lemur was able to boot, but sys-net could not run. heres an hcl-report followed
by a typescript session showing pci devices and the error. adding pci devices
to sys-net in the qubes-manager gave the same result.
---
layout:
'hcl'
type:
'notebook'
hvm:
'yes'
iommu:
'yes'
slat:
'yes'
tpm:
'unknown'
brand: |
System76, Inc
model: |
Lemur
bios: |
5.12
cpu: |
Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
cpu-short: |
FIXME
chipset: |
Intel Corporation Device [8086:5904] (rev 02)
chipset-short: |
FIXME
gpu: |
Intel Corporation Device [8086:5916] (rev 02) (prog-if 00 [VGA controller])
gpu-short: |
FIXME
network: |
Intel Corporation Wireless 8260 (rev 3a)
Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit
Ethernet Controller (rev 12)
memory: |
32655
scsi: |
Samsung SSD 850 Rev: 1B6Q
CT750MX300SSD1 Rev: 0100
versions:
- works:
'FIXME:yes|no|partial'
qubes: |
R3.2
xen: |
4.6.3
kernel: |
4.8.12-12
remark: |
FIXME
credit: |
FIXAUTHOR
link: |
FIXLINK
---
Script started on Mon 02 Jan 2017 09:33:34 PM PST
]0;user@dom0:~ [user@dom0 ~]$ lspci
00:00.0 Host bridge: Intel Corporation Device 5904 (rev 02)
00:02.0 VGA compatible controller: Intel Corporation Device 5916 (rev 02)
00:08.0 System peripheral: Intel Corporation Skylake Gaussian Mixture Model
00:14.0 USB controller: Intel Corporation Sunrise Point-LP USB 3.0 xHCI
Controller (rev 21)
00:14.2 Signal processing controller: Intel Corporation Sunrise Point-LP
Thermal subsystem (rev 21)
00:16.0 Communication controller: Intel Corporation Sunrise Point-LP CSME HECI
#1 (rev 21)
00:17.0 SATA controller: Intel Corporation Sunrise Point-LP SATA Controller
[AHCI mode] (rev 21)
00:1c.0 PCI bridge: Intel Corporation Device 9d10 (rev f1)
00:1c.2 PCI bridge: Intel Corporation Device 9d12 (rev f1)
00:1c.5 PCI bridge: Intel Corporation Sunrise Point-LP PCI Express Root Port #6
(rev f1)
00:1f.0 ISA bridge: Intel Corporation Device 9d58 (rev 21)
00:1f.2 Memory controller: Intel Corporation Sunrise Point-LP PMC (rev 21)
00:1f.3 Audio device: Intel Corporation Device 9d71 (rev 21)
00:1f.4 SMBus: Intel Corporation Sunrise Point-LP SMBus (rev 21)
02:00.0 Network controller: Intel Corporation Wireless 8260 (rev 3a)
03:00.0 Unassigned class [ff00]: Realtek Semiconductor Co., Ltd. RTL8411B PCI
Express Card Reader (rev 01)
03:00.1 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411
PCI Express Gigabit Ethernet Controller (rev 12)
]0;user@dom0:~ [user@dom0 ~]$ qvm-start sys-net
--> Creating volatile image: /var/lib/qubes/servicevms/sys-net/volatile.img...
--> Loading the VM (type = NetVM)...
Traceback (most recent call last):
File "/usr/bin/qvm-start", line 136, in
main()
File "/usr/bin/qvm-start", line 120, in main
xid = vm.start(verbose=options.verbose,
preparing_dvm=options.preparing_dvm, start_guid=not options.noguid,
notify_function=tray_notify_generic if options.tray else None)
File "/usr/lib64/python2.7/site-packages/qubes/modules/005QubesNetVm.py",
line 122, in start
xid=super(QubesNetVm, self).start(**kwargs)
File "/usr/lib64/python2.7/site-packages/qubes/modules/000QubesVm.py", line
1966, in start
self.libvirt_domain.createWithFlags(libvirt.VIR_DOMAIN_START_PAUSED)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1059, in
createWithFlags
if ret == -1: raise libvirtError ('virDomainCreateWithFlags() failed',
dom=self)
libvirt.libvirtError: internal error: Unable to reset PCI device :03:00.1:
internal error: Active :03:00.0 devices on bus with :03:00.1, not doing
bus reset
]0;user@dom0:~ [user@dom0 ~]$ ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group
default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
]0;user@dom0:~ [user@dom0 ~]$ ip l
1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
]0;user@dom0:~ [user@dom0 ~]$ exit
exit
Script done on Mon 02 Jan 2017 09:34:09 PM PST
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/ca885a11-4f1c-43ff-b1a0-ec15f631ea17%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Qubes-HCL-System76__Inc-Lemur-20170102-213650.yml
Description: Binary data
typescript.lemur7
Description: Binary data
[qubes-users] strange bug: qubes-os booted from external device forces filevault reset.
when booting qubes-os on a mac (hardware 11,3) filevault stops accepting the passphrase and you have to use the reset key to make a new one. ive only done this with an external drive. for some reason, qubes is either writing to the internal drive, or the mac firmware is rewriting it, or filevault keeps those keys elsewhere and qubes is somehow tripping that. either way, its pretty strange stuff. this happens with qubes-3.2 though it doesnt actaully boot. you only get "." on the screen. qubes-3.2-unstable does boot, and even run for a few minutes, and also trips filevault. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/685f4302-96fc-441e-8fbb-e716336b918b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: lemur7 Unable to reset PCI device
On Tuesday, January 3, 2017 at 11:36:23 PM UTC-8, Sean wrote: > For Wifi, in sys-net keep 02:00.0, but remove (03:00.0 and) 03:00.1. > > If you need Ethernet, good luck. I have been unable to get the Realtek > Ethernet devices to function reliably -- barely at all -- on my Lemur, but > Wifi works great. that worked. first machine ive had to manually assign the net device too. mine also didnt work when both devices were assigned to it. ill revisit this at the next stable release. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/535b4f1b-c2b7-4245-bacf-11c2b6f77160%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] are skylake / kaby lake laptops just screwed?
https://www.scmagazine.com/debugging-mechanism-in-intel-cpus-allows-seizing-control-via-usb-port/article/630480/ in part of the talk he said to disable dci in the bios, but in q&a he seemed to say that doesnt help. i have a 7th gen and found no option to disable it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6370ebf2-62c4-4ecf-8f51-69006d3e3e34%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Detection - Best Way
On Tuesday, January 17, 2017 at 11:17:07 PM UTC-8, Sae wrote: > On 18/01/2017 06:27, Asterysk wrote: > > It struck me that Qubes could be very useful for Detection of "malware" by > > placing a monitoring capability . My question is in two parts: > > I would create a proxyVM that dumps your traffic with tcpdump, and > insert it before sys-firewall when I want to sniff the traffic. > And then open the pcap with wireshark in a non networked VM for inspection. you can also use xen to inspect the vm itself, https://drakvuf.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9bc1d900-97a1-402c-9515-d88b1ebfb69f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Chipping/Crackling noise on HDMI
On Monday, January 23, 2017 at 10:54:31 AM UTC-8, raah...@gmail.com wrote: > On Sunday, January 22, 2017 at 6:03:16 AM UTC-5, FWM wrote: > > Im running a HDMI cable from my GPU to my home theater system, and have set > > the VM to use that Audio output. > > > > Unfortunately im getting a chipping/crackling noise. I never used to get > > this noise using the same setup but running windows, so i dont think its > > the hardware or cable. > > > > Any suggestions? had a similar problem, also with radeon hdmi. in sound settings theres a checkbox labeled DTS. no clue what it is, but that fixed it. still had some sound sync issues when playing videos on youtube. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/97c21997-33fb-4930-8231-137771b85d73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...
On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote: > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь > e5f3c2ea89...@tutanota.com написал: > > ... It makes you feel significantly less safe when using anything other > > than Qubes :] > > Haha you are a master of clickbait titles :] lets make it real then. - picky about hardware. probably the biggest issue now. - no 3d acceleration. xengt / kvmgt might fix that, but last i checked, that was a huge attack surface which no one at itl wants go over. - some hardware will have performance issues even just watching videos as a result of the above. - no nested virtualization. again, big, complex attack surface. two common use cases are vagrant and android development. - only a few border colors to choose for appvms, so its easy to end up re using colors. - for some reason, dom0 borders are blue, one of the appvm colors. - you can copy / paste, but not copy / autotype into a vm. the support seems to be in the gui protocol, just no interface to do it. tried to script it with xdotool, but couldnt get window ids. thats all i can think of as real disadvantages. i would like to see qubes on wayland. i think it greatly reduce attack surface and probably benefit performance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b2d67ab-a5ca-4589-848b-d7cbdee7895a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...
On Tuesday, January 24, 2017 at 1:50:56 AM UTC-8, pixel fairy wrote: > On Sunday, January 22, 2017 at 2:04:43 AM UTC-8, qmast...@gmail.com wrote: > > суббота, 21 января 2017 г., 22:12:10 UTC+3 пользователь > > e5f3c2ea89...@tutanota.com написал: > > > ... It makes you feel significantly less safe when using anything other > > > than Qubes :] > > > > Haha you are a master of clickbait titles :] > > lets make it real then. > also, no support for ipv6, though i think thats slated for qubes 4.x -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5f8b49d-2e2c-44d2-a222-fff62735e6c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...
On Wednesday, January 25, 2017 at 7:12:56 PM UTC-8, jkitt wrote: > On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com wrote: > > > I was sad when installed VirtualBox, tried launching it and it said that > > something like "not supported on Xen hosts" > > But why would you want to do that? You already have virtual machines at your > disposal.. for development purposes, you might want other kinds. for example, vagrant is a big sticking point. its how we share and collaborate across platforms, so if you want to work on those projects, you better be able to run its vagrantfile. its also used as codified description of processes, sometimes across machines. so you can have a vagrantfile for your a web project that includes a vm for the back end database. more on that here, https://www.vagrantup.com/ another reason you might want it is nested virtualization for its own sake. for example, developing hypervisor management software. for both cases, i just made a vagrant server to use remotely. but that has obvious limitations. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9d9aba2e-0e6e-4e77-b549-3d30c12ea788%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...
On Thursday, January 26, 2017 at 2:13:09 AM UTC-8, qmast...@gmail.com wrote: > четверг, 26 января 2017 г., 6:12:56 UTC+3 пользователь jkitt написал: > > On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com wrote: > > > > > I was sad when installed VirtualBox, tried launching it and it said that > > > something like "not supported on Xen hosts" > > > > But why would you want to do that? You already have virtual machines at > > your disposal.. > > I need to use one app which is Mac OS X only and is not a cross platform > (doesn't have a version for Linux or Windows). So I wanted to install a > Hackintosh, but - while there are plenty of instructions about how to do it > at VirtualBox and VMWare, there are no instructions for Xen. And I doubt that > it could be done for Xen, because at their instructions for VirtualBox and > VMWare they are setting up virtual machine's UEFI to make it be acceptable by > Mac OS X, meanwhile - Xen does not have its own UEFI so I guess it cant be > done there > (one person tried some time ago, but without success - > http://wiki.osx86project.org/wiki/index.php/Snow_Leopard_Server_on_Xen ) its theorectically possible. https://groups.google.com/d/msg/qubes-users/RiVntUzgJmY/it7OEQI-AgAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5a130251-5a1a-4af3-8989-fbe5c869c05d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...
On Thursday, January 26, 2017 at 12:16:17 PM UTC-8, Oleg Artemiev wrote: > what about using linux containers as vagrant provider or attempt to > use Xen same way? See thread 'Slow performance of Docker containers in > AppVMs' . lxc or xen would work for developers only on linux. one of the benefits of vagrant is that you can share work with developers on other platforms. with lxc, theres also os limitations. at work we have linux and windows in our vagrant runs. xen could get around this, though the xen back end is pretty limited. i think the best solution would be a qrexec vagrant back end, syntactically compatible with the more common backends (virtualbox,vmware etc),something i plan on looking into when get qubes running again. too many of the alt back ends (lxc, xen) have syntax thats not easily worked around, so they're really only good for that backend. an obvious drawback is the lack of nesting, but few need that. of course this would also need packer and/or vagrant mutate support. maybe qubes-lite is the better solution. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2b8bf97-a323-4597-a2d4-78189d397cce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: wacom pressure?
On Saturday, January 28, 2017 at 9:37:40 AM UTC-8, pibot...@gmail.com wrote: > Em quarta-feira, 31 de agosto de 2016 10:39:29 UTC+1, pixel fairy escreveu: > > is there a way to turn on tilt or pressure sensitivity for pens? > > > > using qubes 3.2rc2 with xfce (test box, not production) > > Are you able to use wacom tablets at all? yes, it otherwise worked nicely. but, that hardware finally flaked out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4b94516-3ffe-4a2f-8658-d43028eeada5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ios in Qubes
another option, if you must, are cloud services. here are the first 3 from google. https://www.macincloud.com/ https://xcloud.me/ https://www.hostmyapple.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b0cc2d16-794c-452e-bc52-60ca9893756d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: traveling - best practice
On Tuesday, February 7, 2017 at 5:09:45 AM UTC-8, haaber wrote: > Hello, I wonder how you behave when traveling, for example in places > with cameras all around. I feel uncomfortable to enter my passwords in > such situations. Of course I can simply not turn my computer on. But most "security" cameras cant see much. but the cloud of cell phones and any cameras worn by those looking to do this will have little trouble seeing and hearing your passphrases. you could use a yubikey to type your passphrase in, though be careful of pick pockets. you could also velcro some cloth around the lid like this, https://goo.gl/photos/py8qdxRPtoz3PGL19 if you do, make sure theres some going around the front too. then use it with your back to two corners. someone could still pick up your typing with a good directional mic, but then you have a different threat model. in this case, you could have your laptop unlocked and suspended, with a qrexec service to shut it down should it leave, for example, the vicinity of your cell phone or NFC implant. > sometimes you have several hours in an airport .. I thought about 3 > options. > > 0) Change all (disk / user) pwd before & after traveling (how do I > change the disk pwd?). everything you ever wanted to know about luks, https://gitlab.com/cryptsetup/cryptsetup > 1) Pull out my tails usbkey and surf with that? yes. or, better yet, tails on a dummy netbook or chromebook. > > 2) maybe it woud be nice to have an additional "single cube" > usr/password : when using this user name, one would get a single > disposable untrusted VM, no dom0 acces, no USB, and so forth. Is that > feasable / reasonable? this goes back some earlier discussions. easiest way is to dual boot your laptop. > > how do you cope with that? Thank you, Bernhard leave it off, walk around, see the local art. sample the chocolate and coffee. try not to work. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f778e42-ae04-4d12-ac5e-ae60e41c675f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] off topic, made a group/list for general mobile privacy / security discussions
discussion about mobile privacy not specific to qubes-os come up often here, so i made a separate group for that. i like the web interface, and google is good at spam filtering. that said, i fully realize the irony of using google groups for this, and am open to moving the forum. you have to ask to join, but ill accept everyone whos posted in a qubes list or probably anyone whos email doesnt look like a spammer or criminal. id like to open this other langauges, but i only speak english, so i cant moderate other languages. please open other lists / forums for those. https://groups.google.com/forum/#!forum/mobileprivacy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/125cdd68-c0f2-460f-8f1d-441a34386f37%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: what about usb to jtag interface?
On Thursday, February 9, 2017 at 3:54:03 AM UTC-8, Oleg Artemiev wrote: > I've heared that new intel mother boards will have (or already have) > ability to access jtag interface via USB. yes, skylake and kabylake processors. heres the ccc talk on it. https://www.youtube.com/watch?v=2JCUrG7ERIE > Does this mean that USB qube is now useless as a security border on > such a mother board? only if the manufacturer has it enabled. the only vendor who got back to me (and knew what i was talking about) when i asked was system76 to confirm that it is disabled on their lemur series. puri.sm was aware, but doesnt have any hardware out using those chips. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4638e95e-c1b8-4203-87dc-bfdcaaee68a7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: traveling - best practice
On Friday, February 10, 2017 at 3:02:23 AM UTC-8, john.david.r.smith wrote: > On 10/02/17 11:53, '0xDEADBEEF00' via qubes-users wrote: ... > > This also serves as a decoy, if I'm forced to boot my laptop when passing > > borders or so. > > > > Best, > > > > 0xdeadbeef > > dual booting opens a whole new attack surface. > is there a way to deal with this? > the other os may not be able to read/modify qubes due to encryption, but it > can write something malicious on the disk (e.g. some loader running before > qubes) thats what AEM is for, but then, on most laptops, you lose iommu protection. the lemur7 from system76 has a pci bridged sd card reader, but you cant boot from it! if 0xdeadbeef is running on the dummy partition most of the time, this probably is not a problem, unless it runs into a badusb that can compromise bios or firmware. some laptops can have multiple internal drives, but since sometime after 2010, they stopped letting you disable devices in bios. havent found any modern ones that let you do this. maybe something can be done with coreboot if bootguard is disabled. but then you dont have bootguard protecting your bios. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc2fc2ca-145b-4970-8239-9791a24afd1d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Shouldn't this be specially noted in Qubes HCL? (was: what about usb to jtag interface?)
On Friday, February 10, 2017 at 2:56:15 PM UTC-8, Oleg Artemiev wrote: > On Thu, Feb 9, 2017 at 6:38 PM, pixel fairy wrote: > > On Thursday, February 9, 2017 at 3:54:03 AM UTC-8, Oleg Artemiev wrote: > >> Does this mean that USB qube is now useless as a security border on > >> such a mother board? > > only if the manufacturer has it enabled. the only vendor who got back to me > > (and knew what i was talking about) when i asked was system76 to confirm > > that it is disabled on their lemur series. > > puri.sm was aware, but doesnt have any hardware out using those chips. > So finally it is a question of trusting the vendor (and their public > relations personnel who may think that those capabilities are not > really disabled. yes, or a cheap data cable if you already have the hardware. unfortunately, its easy for a vendor to say they're good and then say "oops" if they're not, and called out on it. we need better competition in security conscious hardware. > Shouldn't these CPUs and motherboards be specially noted as dangerous > in qubes HCL? agreed, but i think its up to Andrew David Wong (i hope that triggers a mention notice so he sees this) > -- > Bye.Olli. > gpg --search-keys grey_olli , use key w/ fingerprint below: > Key fingerprint = 9901 6808 768C 8B89 544C 9BE0 49F9 5A46 2B98 147E > Blog keys (the blog is mostly in Russian): > http://grey-olli.livejournal.com/tag/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49b07bad-1fb0-46d5-bdb3-19e639662436%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Nested virtualization
On Friday, February 10, 2017 at 5:40:36 PM UTC-8, adoni...@gmail.com wrote: > Hi guys, > > Is it possible to install let's say Virtual Box inside a Qube? I've done some > reading and all people seem to say is that it should be possible, but nothing > conclusive. this should be a faq somewhere, it keeps getting brought up. xen supports nested virtualization, see here: https://wiki.xenproject.org/wiki/Nested_Virtualization_in_Xen but, this is disabled in qubes because of the large attack surface it introduces. containers, like docker and lxc, are possible, as is emulation like running qemu without kvm extensions or virtualbox with 32bit guests with acceleration turned off. you could make your own qubes build with it on. look for marmarek in qubes-devel for threads on that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c62e6814-7a52-4d66-9f5b-c5fbd6fe467d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Nested virtualization
On Friday, February 10, 2017 at 9:03:47 PM UTC-8, adoni...@gmail.com wrote: > Hi guys, thanks for the responses, I will have a look at it. > > What I need in this case in particular requires VBox, it is Genymotion, an > Android emulator. this might help. https://groups.google.com/d/msg/qubes-devel/5thjxcHcMFw/YQfiTZ4qDwAJ heres a quick guide to stand alone vms, https://www.qubes-os.org/doc/hvm/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1a2aea13-0c01-4898-9b92-289df92c6ea9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: no tpm, what now
On Monday, February 20, 2017 at 8:08:47 AM UTC-8, jo...@vfemail.net wrote: > hi. > > since my laptop seems to have no tpm i can't install aem. > > how con i try to protect my laptop now? work with what you have and be aware of limitations. > there is an option im my efi to require a password on each boot (instead of > only requiring it when i access my efi). > > does this offer any real protection? no. its arguably worse, because it will force you to expose your efi password every time you boot. > > is there something else i can do? try to make the hardware tamper evident. for example, glittery nail polish over screw holes, and take a picture. someone messing with it will have to remove it, or otherwise make it obvious. don't use stickers, all it takes is a syringe with acetone to temporarily disable those. use a usb qube. depending your threat model, you could put the boot partition on a removable drive that you always keep with you. if your travelling, this might extend to a plastic bag in the shower. it might be tricky to combine this with having a usb qube. in theory, pivot root should allow for it. thats just off the top of my head, im sure others will have interesting suggestions. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ff2d50b-c795-450f-a53a-c4a94839ce9e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installing Qubes on MacBook Air
On Monday, February 27, 2017 at 12:00:18 AM UTC-8, peten...@gmail.com wrote: > I posted this on GitHub earlier and was advised to post here. > > Basically I am attempting to install Qubes on a MacBook Air and I have had > little success following the instructions for putting the Broadcom wireless > device into PCI passtrough so I'm going to try the other option of removing > it from the Mac altogether to get the install to work. just curious, have you tried an external usb wifi as a workaround or temporary solution? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6722e9c3-6e7a-4688-9bf2-0cdc0d73c06b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: do I really need these packages in dom0 :?
i also noticed glusterfs in dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f24d5bd-92fe-4bfb-b998-edbe9d6ac37d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes i3 Tips & Tricks
On Tuesday, March 7, 2017 at 4:21:07 PM UTC-8, Eva Star wrote: > Can somebody share screenshots of i3&Qubes ? Thanks https://sietse.no/i3-wm-in-qubes-os only image i could find. hope someone here posts one. im curious too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a1c23e0d-043f-4ab1-9d4d-a7fca8b8e78d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: GPU passthrough: 2000 USD bounty
On Friday, April 21, 2017 at 12:55:07 PM UTC-7, Stickstoff wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hello everyone, > > I would like to be able to do a little gaming on my regular computer > from time to time, for sanity reasons. I use Qubes OS on a dual GPU > notebook. I don't want to compromise security with unsafe code in DOM0 > nor dual booting. My budget towards this is up to 2000 USD. > havent tried this yet, but you can stream from ps4 to windows (or mac), the requirements are pretty light and imply no need for accelerated graphics on the client end. please mention me if you try this and post back to the group. i have a ps4, but still working on getting qubes running. if your willing to get a separate system for games, the nintendo switch looks pretty nice on paper. havent seen one in person yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6150e141-d9c2-4172-9268-bb7133cc1f5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: question about further updates of some peace of software
On Saturday, April 22, 2017 at 6:33:25 PM UTC-7, Eva Star wrote: > Hello, > > 1) How to stop all further updates of firefox on some template? > 2) How to **correctly** move from current firefox on fedora template to > firefox developer edition? There is no other firefox editions on fedora > repositories. :( you can make a new template with the changes you want, such as pinning a particular version of firefox, but you dont you have to. you can run firefox from your home folder. https://support.mozilla.org/en-US/kb/install-firefox-linux > > -- > Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0ef2f959-7c95-4993-a2c3-9f421b1f4d7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QSB #30: Critical Xen bugs related to PV memory virtualization (XSA-213, XSA-214)
On a more immediate or practical level, i was going to ask about a qubes 3.2.1 release for all the things that have been building up, or perhaps a 3.3 release, with the significant change of moving to hvm by default. that way, theres less incentive to rush the 4.x releases. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/631de1e9-83ab-4f26-ad94-7248d6841b51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Tuesday, June 6, 2017 at 11:27:17 PM UTC-7, Alex wrote: > If anybody could find/link/remember the reasons why IPv6 was explicitly > discarded in a first moment I'd like to re-read that... heres the last thread i know of on the subject, https://groups.google.com/forum/?hl=en#!topic/qubes-devel/9WtBiQXvCOY i believe the current plan is to nat ipv6, probably in v4. you could probably do the same today from a proxyvm, which should work similarly to using one for a vpn. you would also have to set your ipv6 firewall rules in this, or another proxyvm chained to that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b5c2033e-4ef9-4b6f-b52a-e9e52de7b24c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wednesday, June 7, 2017 at 4:53:09 AM UTC-7, pixel fairy wrote: > i believe the current plan is to nat ipv6, probably in v4. i should clarify, i meant the current plan being to nat ipv6 in qubes-os 4.x, not to make some 4 to 6 translation bridge. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c66d7b83-472a-4277-b4af-e2d9ed8d4485%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
On Wednesday, June 7, 2017 at 5:39:31 AM UTC-7, Francesco wrote: > > Thanks. That is interesting. Once I set up a proxyvm for vpn and it was > working, but I was following some instructions. What I would need is to leave > an appVM open without nat, without firewall, just as it would be with a > standard non-Qubes linux distribution with IPv6 working. Any idea how to do > that? just run the tunnel client in that appvm. if you need to install it to the templatevm, clone the templatevm to something like fedora24-ipv6, add the tunnel client to the new templatevm, then set that as the template of the appvm that needs it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3d7e3d9c-90dc-421f-9f56-9e5acb590c0a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Cannot get IPv6 working on Qubes
https://ipv6.he.net/certification/faq.php it should work if the nat supports ip protocol 41, which most do. worst case you would have to make a layer 2 vpn to some outside host and do it from there. openvpn can do this. but remember youd have to run that vpn in the appvm. thats another rabbit hole. this is probably another hole, but you only have to figure it out once. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c37e74f1-575e-4c2c-b15f-b5d5e9e48d72%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Suitability for an application testing scenario
On Saturday, May 20, 2017 at 11:02:52 PM UTC-7, David Seaward wrote: > Hi, > > Previously I've used type II VMs like VirtualBox for application > testing: install application on the base OS, test features (including > GUI features, shell integration and system integration), discard > changes. Additional steps might include: pause/resume the VM, save > different states of the VM. > > Are Qubes OS VMs suitable for the same purpose? Specifically, is it > possible to switch from a dom0 view to a VM-only view, rather than VM > windows appearing in dom0? The tool made for this is vagrant. https://www.vagrantup.com/ most vagrant boxes are command line only. for gui desktops, theres boxcutter/ubuntu1604-desktop and mwrock/Windows2012R2 not that you cant make hvm templates in qubes and go with that, but you wont be able to share or port your development environment as easily. qubes is awsome in other ways, and once you try it, you wont want to go back. but, nested virtualization is disabled in qubes for security reasons. so you wont get to use vagrant in its default form. theres an lxc plugin for vagrant, linux only, and you could use the libvirt plugin with qemu, which would be in emulation, which is really slow. virtualbox 32bit might also work, but would also be slow (emulation) if it did. if it matters, another limitation is the lack of graphics acceleration, but its still fast enough for most 2d tasks and watching movies in full screen on most laptops. if you have a reliable connection to something you can use as a vagrant server, id use qubes as a terminal to that (which we do at work). if not, and if you want to be able to easily share your development environment, id use linux or whatever desktop your comfortable with, vagrant, and virtualbox or kvm if you need nesting in your environments (if your testing hypervisors for example) if the dev environment is trivial or sharing it doesnt matter so much, then you might as well benefit from qubes. > P.S. If this is possible, Qubes OS also seems like a more flexible > alternative to dual-booting? dual booting would break the security model. if you do want to dual boot, look into AEM to make sure the other os doesnt compromise the boot loader for qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/938d973a-e21b-4d6c-900a-7d1cbc2925d4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Cannot Install R3.2 on MacBookPro11,1
On Sunday, February 26, 2017 at 10:57:05 AM UTC-8, Chris wrote: > Hi, > > I've attempted to install R3.2 via USB pen onto my MacBookPro11,1. i have a macbook 11,3. got qubes running by installing it on an external disk on another machine (phenom2), then updating to unstable, then booting that disk on the mac. by now, a simple upgrade may be enough without having to switch to unstable. havent tried in months. waiting for the 4.x or at least the 3.2.1 release before trying again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5e595c3-16aa-486e-a8a9-d1c1f29aa5c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Containing Twitter sessions
On Thursday, June 22, 2017 at 8:40:50 AM UTC-7, Ryan Tate wrote: > (Has anyone figured out a better approach?) keep your twitter passphrase in vault, use a dispvm. if your low on resources and want to make a dedicated vm that will be used for twitter and other things, you could use firejail --home, and maybe --x11 as well for isolation. for this to be effective, you'll also need to add "-nolisten local" to your templates qubes-run-xorg.sh https://firejail.wordpress.com another isolation you can use is firefox containers, which are not enforced sandboxes, but more of a privacy and organizational separation. this feature is in testing. https://testpilot.firefox.com/experiments/containers/ the two work fine together if you want to use them both. if have the resources, i think its better to use a dispvm or dedicated twittervm. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/893a9518-2404-4017-b6e8-ec956da2c91b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Containing Twitter sessions
> if your low on resources and want to make a dedicated vm that will be used > for twitter and other things, you could use firejail --home, and maybe --x11 > as well for isolation. for this to be effective, you'll also need to add > "-nolisten local" to your templates qubes-run-xorg.sh > https://firejail.wordpress.com to clarify, "-nolisten local" should go in the last line, so it should read exec su -l user -c "/usr/bin/xinit $XSESSION -- $XORG :0 -nolisten local -nolisten tcp vt07 -wr -config xorg-qubes.conf > ~/.xsession-errors 2>&1" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8c041ea-8c26-430a-986d-f6b75ff42803%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] what does qubes do to protect sys-usb?
what does qubes-os do to protect sys-usb from dma or other attacks? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8b5ada26-5a81-4777-8ac8-c4208f64cbf5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: what does qubes do to protect sys-usb?
On Monday, June 26, 2017 at 1:02:44 AM UTC-7, pixel fairy wrote: > what does qubes-os do to protect sys-usb from dma or other attacks? im fully aware of how sys-usb protects the rest of system from malicious devices. what id like to know is how sys-usb protects itself. for example, could a dma attack compromise sys-usb, and cause it to install malicious firmware on a usb device that then gets passed to dom0 or an appvm. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e73279d-0b94-4d8e-9e8a-3b49c4eace78%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: what does qubes do to protect sys-usb?
On Monday, June 26, 2017 at 5:41:19 PM UTC-7, Unman wrote: > > Yes, sys-usb can be compromised, and it would be possible for malware to > be spread to other devices attached to sys-usb. I'm not clear how you > think that compromise could be passed to dom0 or an appVM though, > unless you have in mind some flaw in pciback or the Qubes tools? the compromised device is then passed to dom0 or the appvm and infects those when its attached. for example, a bash bunny might have a payload to infect an already plugged in mouse, or wait for the next device that gets plugged in. some mice are fancy enough to have firmware settings, so i wouldnt be surprised if these could more easily be compromised. one possibility, which may already be in effect (i dont have a working laptop to look) is to make sys-usb filter out anything "not mouse" on a "mouse" device etc, or manage it in a similar manner to block devices. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5d9bd23-c2b3-4ee9-a23c-e972abd132aa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: what does qubes do to protect sys-usb?
On Monday, June 26, 2017 at 6:15:58 PM UTC-7, Unman wrote: > intended to also handle not-mouse devices. Perhaps it could be done by > monitoring every insertion? I dont know. filter out anything that is not an HID mouse event packet. as i understand it, the usb device is attached over a userspace socket so sys-usb is constantly sending the usb data to the target. this is where said data can be filtered. in my faded memory (qubes 3.2 until last november), connecting mice and keyboards were recognized as such in the pop-up, and keyboards with built in pointing devices would have separate pop ups for those. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9a3759e9-bb03-4c2a-882f-02a46cedb961%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: what does qubes do to protect sys-usb?
On Monday, June 26, 2017 at 7:25:23 PM UTC-7, cooloutac wrote: > anyone know whats the safest model kb's to use? if your using a laptop, then your laptops pointing input devices are probably safest. next would be usb keyboards or ps2 keyboard through a usb converter. qubes does have special support for mouse and keyboard specifically for dom0, so this should protect the host from those input devices doing other things. havent read that code yet. i hope that keyboards and mice are not easily flashed with firmware, especially from the host its plugged into. but, this is possible with at least some flash drives, because thats how badusb works. theres a counter project called goodusb which might be good for sys-usb. https://github.com/daveti/GoodUSB its from 2 years ago -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49c1e8fc-2b26-42ce-983a-92707c818ef2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Best Laptop For Qubes
On Tuesday, July 4, 2017 at 2:23:56 PM UTC-7, J. Eppler wrote: > However, the initial question was what is the best or rephrase the question: > "what laptops work well with Qubes OS"? ThinkPad was mentioned a couple of > times and Purism. Are there any other brands or options which have not been > mentioned until now and are working well with Qubes 3.2 and will work > properly with Qubes 4.0? many of dell xps and lattitude models work well. their sales droid told me the inspiron 15 would also work, just make sure you get it with an i5. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74b0e933-d1f3-4b05-aa5d-927e447f918e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] almost HCL?
finally got lemur7 working in qubes, but had to install it from a desktop, then put the drive in. also, suspend crashes it. should this go on the HCL? maybe as a warning to anyone thinking of buying this for qubes? its nice hardware for ubuntu, but not so much for qubes. i suspect a newer dom0, fedora 25 maybe, would be able to suspend as that works on bare metal. so, my plan was to wait for qubes-4 first. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2229f72-84a7-4008-8c00-e886e85f32c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
reported here, https://github.com/QubesOS/qubes-issues/issues/2907 wanted to give users without AEM or sed a heads up to fix their grub file or add a boot password if this concerns them. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c613b32-1e25-425b-afc8-8d38bdcf60cd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On Wednesday, July 12, 2017 at 7:32:07 PM UTC-7, pixel fairy wrote: > reported here, https://github.com/QubesOS/qubes-issues/issues/2907 > > wanted to give users without AEM or sed a heads up to fix their grub file or > add a boot password if this concerns them. to fix it with grub, (adapted from https://www.qubes-os.org/doc/usb/) 1. Open the file /etc/default/grub in dom0. 2. Find the line that begins with GRUB_CMDLINE_LINUX. 3. Add rd.shell=0 to that line. 4. Save and close the file. 5. Run the command grub2-mkconfig -o /boot/grub2/grub.cfg in dom0. 6. Reboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/554a51e8-ae5d-41c3-9aa7-43e79edf5457%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Announcement: Toward a Reasonably Secure Laptop
On Thursday, July 13, 2017 at 5:07:25 PM UTC-7, tai...@gmx.com wrote: > I don't think purism should ever be considered an approved product. > https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/\ > Disclaimer or not people will treat an endorsement from the developer > team as vouching for the security/privacy of a device. > > Potential honest vendors: > Thinkpenguin > System76 ive discussed this with system76. they're aware of qubes, but not interested in supporting it. i do believe them to be an honest vendor, and upfront about the limitations of their hardware. i have a lemur7, and had to install qubes on another machine and move the drive into it to get it working. the qubes-4 initial pre release did install on it, but goes into a reboot loop when you try to run it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9d46c16a-5f1d-4fb5-991d-da17c37e3d27%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Chromium complains about certificate transparency
On Monday, July 10, 2017 at 8:11:50 AM UTC-7, Unman wrote: > On Mon, Jul 10, 2017 at 04:50:34PM +0200, Rune Philosof wrote: > > On Mon, Jul 10, 2017 at 4:20 PM, Unman wrote: > > > > Maybe your upgrade instruction 'sudo qubes-dom0-update > > qubes-template-fedora-24' should be included on > > https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ with some > > explanation about why one would choose one method over the other. fedora-24 is also out of support. install fedora-25. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/682fffa5-4cf5-4ff8-8df5-4a5bb4f301a2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On Thursday, July 13, 2017 at 10:36:25 PM UTC-7, qubester wrote: > So, to exploit this, someone would need physical access to the computer > at risk? physical or any network available OOB. heres an example of what can go wrong https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689 on a simpler level, you dont want someone compromising that plain text part of your drive, maybe your workstation at the office. this way, they really would need physical access to remove your drive and compromise that boot sector. or, if you have a laptop, you can use other means, like glittery nail polish to see if anyone physically entered your laptop. of course, there may be other vulns, so its still good to have anti aem, or sed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/618d1f42-bf20-4b3e-babd-5a94da00dd6b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On Saturday, July 15, 2017 at 10:11:47 PM UTC-7, yreb-qusw wrote: > On 07/14/2017 05:40 PM, pixel fairy wrote: > > any network available OOB > > sorry what would be an example of this ? "out of band" ? yes. ipmi, idrac etc. these usually have a vnc interface to the "console" you'd normally have from the attached keyboard, mouse, and monitor. so this exploit would work on those. usually these interfaces exist on bussiness class hardware, like vpro on some laptops. you may be able to disable it in bios. this is not the intel M.E. (management engine), though its functionally related. > > I'm not clear what SED is , :) self encrypting drive https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption > I don't really see any docs on ?initializing AEM , I do see that it > says to : > > --- > In Dom0 install anti-evil-maid: > > sudo qubes-dom0-update anti-evil-maid > --- > > I personally have no USB-VM , would my Bios need to be configured > some particular way, beyond what it already is with 3.2 booting and stable yes, you would need the iommu enabled. for intel, this is called vt-d > I have about zero concern on malware from USB drives, maybe I > shouldn't , but seems far -fetched in my case. So, maybe I don't need sometimes its the firmware, sometimes its the devices themselves. for example, you wouldn't want a web cam, gps, or microscope available to just any appvm. for block devices qubes already filters usb to use those those safely, but i suspect sys-usb is safer than dom0 doing it. dont know exactly how that works. then theres the malicious hub devices like rubber ducky, bash bunny etc. dont know the likelyhood of you running into that. > AEM depending on what "network OOB" would mean . sys-usb is easy enough that anyone with an iommu should use it, unless you only have like 4 gigs of ram. AEM is more work, and has its trade offs. > regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8bcdb8d-9b79-4609-b6fc-64d11db7b704%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On Sunday, July 16, 2017 at 9:55:55 AM UTC-7, yreb-qusw wrote: > On 07/16/2017 01:27 AM, pixel fairy wrote: > > --- > > In Dom0 install anti-evil-maid: > > > > sudo qubes-dom0-update anti-evil-maid > > --- > Doesn't sound like 'more work' just doing the above, perhaps there is > more to it, I thought, it mentioned it's better to install via a USB Drive? https://github.com/QubesOS/qubes-antievilmaid/blob/master/anti-evil-maid/README as you can see, its a lot of steps, and only some laptops are compatible. there are even new laptops, like the system76 lemur7 (i7 skylake), that cant do AEM. ideally you can boot from a non usb external device, such as an sd card in your purse or wallet. if you do use usb, then you have to disable hiding the usb controller for a bit, which gives your attacker a window of opportunity for the kinds of things AEM is meant to detect. this is a small windows of opportunity, but there is the theoretical case that a clueless attacker with only a short time boots from their own device, the attack fails because usb is locked (and they may not even know this) and your laptop is ok. whereas if AEM needed that usb controller enabled to function, the attack would succeed, or at least succeed enough to trip AEM. > What would be the "trade off" and/or How would I disable it , if it > somehow messes up my Qubes install? the most obvious trade off is needing your boot device to boot your laptop. so, you must protect this device. you'll probably want more than one of them in case one is lost or damaged, so you have to protect multiple devices. this is fine for cyborgs with implanted, bootable usb devices. but, for the rest of us, its something you must consider carefully in your threat model. a more thorough discussion of all this in the background blog post, https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html if it doesnt work, you wont be able to boot. youd have to reinstall qubes and start over. if you want to disable it, you might be able to make a new passphrase for luks that doesnt need the keyfile on your aem device. there may be other steps required, but i havent tried it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e60c38d-2430-455f-8cef-e1d360b7f28c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: heads up, qubes 3.2 still vuln to cve-2016-4484 (minor severity)
On Tuesday, July 18, 2017 at 10:52:05 PM UTC-7, yreb-qusw wrote: > So, If I haven't already, I should have secure boot enabled? ; I saw > after I posted that, all the steps, I'd probably end up breaking the > machine or locking myself out of it . you should definitely put a password on your bios and make a usb qube. i would only do AEM if your comfortable with installation, backup and recovery, or dont have anything important on that machine yet. preferably set aside a couple days to work out any kinks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b6d46bb6-26b3-48a6-949a-0c67cd6fffcf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] how to run vagrant on qubes (very slowly)
libvirt plugin, qemu driver. this, of course, means emulation, not
virtualization. thus its slow. if you can, your better off making a vagrant
server and sshing to it. you can run virt-manager on a debian-9 template for
any remote, or local desktop vagrant boxes.
TODO: try lxc, and virtualbox 32bit, which should also work in emulation. any
interest in a qrexec provider? make an easy script for this. do a real write up
somewhere on the interwebs thats easier to find.
the test vagrant run is a single instance of fedora-26 cloud with no
customization, extra networking, or provisioning. also, no other plugins
installed. my lapotp is a kaby lake i7. vagrant up took 2 minutes and 41
seconds. on a real linux box, fedora 25 with a skylake i7, the same run took 37
seconds.
start with a debian-9 template, and either customize that, or clone it for a
vagrant running template, which may not be a bad idea while messing with this.
fedora 24 might also work, but its out of support. debian-8 cant install some
of the dependencies. fedora-25 cant either, because of a conflict with qubes
version of xen.
first, get libvirt and qemu working
apt install qemu-kvm libvirt-clients libvirt-daemon-system
adduser user libvirt
adduser user libvirt-qemu
you'll also need this your ~/.bashrc
export LIBVIRT_DEFAULT_URI="qemu:///system"
as mentioned above, virt-manager is also useful. libvirt should work now, at
least for qemu.
installing the dependencies for vagrant-libvirt took a little more work,
because the src packages for the debian-9 template were broken, at least for
me. so, instead of apt installing build-dep the first line installs the
packages build-dep would install. ill bug the debian people later if this issue
is still there in a couple days.
apt-get install bash-completion debhelper gem2deb libvirt-dev pkg-config rake
libvirt-daemon
apt-get install qemu libvirt-bin ebtables dnsmasq
apt-get install libxslt-dev libxml2-dev libvirt-dev zlib1g-dev ruby-dev
then
vagrant plugin install vagrant-libvirt
which is also make a ~/.vagrant.d
to override kvm acceleration make a ~/.vagrant.d/Vagrantfile like this,
Vagrant.configure("2") do |config|
config.vm.provider "libvirt" do |libvirt|
libvirt.driver = "qemu"
libvirt.cpu_mode = "custom"
libvirt.cpu_model = "qemu64"
end
end
and heres the example Vagrantfile i tried
Vagrant.configure("2") do |config|
config.vm.define :test_vm do |test_vm|
test_vm.vm.box = "fedora/26-cloud-base"
end
end
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/3fe92a9d-06ca-487a-959b-5d8f658bf39e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: how to run vagrant on qubes (very slowly)
you'll also want this in your ~/.bashrc export VAGRANT_DEFAULT_PROVIDER=libvirt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c0478336-cd9e-46d0-bd3a-c083e60a3193%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Setup sys-vpn?
On Friday, July 21, 2017 at 3:35:23 AM UTC-7, jaki...@gmail.com wrote: > any instructions on setting up a netvm on openvpn? > > Rather then installing the vpn on the OS itself. > > I have a work VM. I have one site I use for work and it blocks the packets > from tor/whonix. What I would prefer to do is set that before and access the > site via vpn there for the browser access thru that VM only. https://www.qubes-os.org/doc/vpn/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc6aa1d6-c37c-4c03-b15e-1f84f4abd563%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Suggestions for video card
On Thursday, July 20, 2017 at 11:08:36 PM UTC-7, Fun Zork wrote: > I installed Qubes on my laptop and I love it, but now I want to install it on > my desktop, but my desktop has a GTX 1080 video card and a CPU without Intel > graphics. Apparently nobody has actually gotten Qubes to work on recent > nVidia cards (but let me know if you have the secret!). So, I am trying to > figure out if there is any video card out there that works with Qubes that > supports 4k resolutions. The official documentation appears to only suggest > Intel integrated graphics and some ancient Radeon cards. Does anybody have a > suggestion for a standalone card that supports 4k that works with Qubes? > Thanks! have you tried the 4.0 alpha? thats based on fedora 25, which should be able to use the 1080. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6dc6c293-6282-431b-b830-dcf6da1a3ec9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Dell 7567
You should update your template vms. fedora 23 is out of support. fedora 25 will be in support for 6 months. in dom0, $ sudo qubes-dom0-update qubes-template-fedora-25 debian 8 will be in support for another year. you can upgrade to 9 if you want, https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9c1d3a9-bd28-432d-a89a-f815f0150a05%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] mic in linux hvm
maybe i missed it in the docs, but how do you get sound working in an hvm? id like to record audio in a linux hvm while recording the desktop. dont need audio, but that would be nice too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3af6462b-37b8-4754-9165-ccfa5511418d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] mic in linux hvm
maybe i missed it in the docs, but how do you get sound working in an hvm? id like to record audio in a linux hvm while recording the desktop. dont need audio out, but that would be nice too. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cb28ae43-8b7a-4749-a104-efd1e65bcd4f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] got vagrant running on qubes
https://gist.github.com/xahare/0f2078fc8c52e7ddece1e5ba70c6d5fc tl;dr qemu with the libvirt provider. emulation, not virtualization, so its slow. but, it works. use the debian-9 template. debian-8 and fedora-25 have conflicting xen libraries. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b437a2d2-e94d-4fc9-8ea9-05062f5a0823%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Running Vagrant (Virtualbox) inside of a Qubes AppVm
On Monday, March 10, 2014 at 7:05:52 PM UTC-7, David Schissler wrote: > I'm interested in running Vagrant from within an AppVM. All of the ... > > Does anyone do something similar? https://gist.github.com/xahare/0f2078fc8c52e7ddece1e5ba70c6d5fc in short, yes, this works fine with the libvirt provider if your willing to take a performance hit from using qemu without kvm. vagrant-mutate can convert virtualbox based vagrant boxes to libvirt ones. i've done virtualbox in an hvm using software emulation. it also works, but only for 32bit boxes. since most are 64 bit, your better off with libvirt. had to use an hvm for virtualbox because the kernel module wont compile otherwise. maybe an older version in the package repo could work. lxc is fast, but i havent done more than a vagrant up on a base box with it. while i have this setup, and it works well, i mostly ssh to a box i built just for running vagrant. its also libvirt. if you want to co exist with virtualbox, i suggest nesting that in vmware. one should concider the vagrant server untrusted anyway. an advantage of this approach is you can use virt-manager and tmux and have vagrant sessions, graphical or not, that you can detach from, share access with others etc. another approach you could take is running mac/windows/linux and using packer and ansible to make and control VMs to do all your work, and also run vagrant either in that host, or in a vm if that vm is vmware, or possibly kvm. havent tried virtualbox in kvm in a while. of course, if your used to vagrant, you probably already have all or many of your project in vagrant environments anyway. if you take this approach, and your host is not linux (where you have other options) you can get basic protection against malicious usb devices by using virtualboxes usbfilter and putting a hold on all devices except, specifically your mouse and/or keyboard. but, if an adversary knows the id of those, they can clone them in their malicious versions. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4260390a-ecce-4103-99bf-b41a62a10ca3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] entropy for gpg
just tried to make a gpg key to use with split-gpg and didnt have enough entropy. the keygen dialog timed out. any suggestions on getting entropy into an appvm. is there a service that can be enabled? a little game or something good at generating entropy? in the past i would play doom until there was enough, but id like to keep this appvm as pristine as possible. the appvm was based on debian-9 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/298d9921-b706-4f12-aa3a-bbbd5438c9a1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: entropy for gpg
On Sunday, July 30, 2017 at 5:18:10 AM UTC-7, pixel fairy wrote: > just tried to make a gpg key to use with split-gpg and didnt have enough > entropy. the keygen dialog timed out. any suggestions on getting entropy into > an appvm. is there a service that can be enabled? a little game or something > good at generating entropy? in the past i would play doom until there was > enough, but id like to keep this appvm as pristine as possible. > > the appvm was based on debian-9 seems all it needed was wiggling the mouse for a while. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8fffd9c-7164-4b86-8c89-906bef03aedf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anyone tried Anbox ('Android in a box') under Qubes
Just tried on ubuntu 17.04. it installed, but kept crashing, as it warned would happen. Dont think this is ready for end users yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/174eb9f3-31c6-4c43-8ace-99363a7eb46d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] entropy for gpg
On Sunday, July 30, 2017 at 6:10:26 AM UTC-7, Sandy Harris wrote: > pixel fairy wrote: > > Debian has haveged(8) which might solve your problem. yes, and its installed in the template by default. wiggling the mouse worked for a while, then stopped adding entropy. maxwell looks interesting. now im glad i posted this. > I wrote a small program to solve this problem & the PDF doc discusses > other solutions including havege. > https://github.com/sandy-harris/maxwell -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/01b58fbf-134d-4657-bb12-26ca6ff94acf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qubes-gpg-import-key safe?
looking here, it doesnt seem to verify the input, or does qubes.GpgImportKey do that? (a search on https://github.com/QubesOS/qubes-app-linux-split-gpg/blob/master/gpg-import-key if not, how would you check a key for invalid data before import? im thinking copy to dispvm, run any checks, then copy to key holder either by file or clipboard. or is the only real answer to this subkeys? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3b5ab52a-60c9-478c-b248-5fc287f5ea1c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: NAUTILUS MISSING FOLLOWING UPDATE TO DEBIAN 9
On Friday, August 18, 2017 at 3:56:38 AM UTC-7, higgin...@gmail.com wrote: > Thanks Foppe de Haan. > > The sudo apt-get install nautilus was all I needed. > > All fine now. > > Cheers @Andrew David Wong , maybe this should be a step in https://www.qubes-os.org/doc/template/debian/upgrade-8-to-9/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e401c40-29b1-4a1a-8ee9-890d70579047%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Build a power efficent and silent desktopsystem for Qubes-OS
I built a totally silent machine. havent measured its noise output, but no one putting their ear up to it has been able to hear it yet. its in a coolermaster half case, 40 x 43 cm (15.5 x 17 inches) with the two front fans replaced with noctuas. dont remember the cpu fan, but its on a quad core i7 and doing fine. there are no cards on the motherboard since the onboard video is just fine for qubes. 16 gigs seems to be plenty for most uses of qubes. i was able to mostly work on 8 gigs, but it was tight. ive worked with 32 gigs, and of course, it was fine, but i doubt it would have been any worse in 16. unless, of course, your doing something that needs lots of ram. i would go with a 1tb ssd and 32 gigs of ram, given that the prices isnt much more than 16. note that much of my work is text editing, occasional compiling, and otherwise over ssh to other machines, or in a web browser. throwing in office docs, and image editing would probably be the simlar memory wise, though photoshop could easily push that to 32 gigs. most things i can think of which would need more ram cant be done on qubes anyway, due to the lack of color calibration, 3d acceleration, hypervisor nesting etc. in those cases id have a dedicated offline work station and use qubes for everything else. since its a desktop, you can also do a removable drive tray for other OSes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d766c0c-d700-4f93-9e65-63c9dcf8320c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Build a power efficent and silent desktopsystem for Qubes-OS
On Friday, August 18, 2017 at 4:25:59 PM UTC-7, pixel fairy wrote: > I built a totally silent machine. > > havent measured its noise output, but no one putting their ear up to it has > been able to hear it yet. its in a coolermaster half case, 40 x 43 cm (15.5 x > 17 inches) with the two front fans replaced with noctuas. dont remember the > cpu fan, but its on a quad core i7 and doing fine. there are no cards on the > motherboard since the onboard video is just fine for qubes. > > 16 gigs seems to be plenty for most uses of qubes. i was able to mostly work > on 8 gigs, but it was tight. ive worked with 32 gigs, and of course, it was > fine, but i doubt it would have been any worse in 16. unless, of course, your > doing something that needs lots of ram. i would go with a 1tb ssd and 32 gigs > of ram, given that the prices isnt much more than 16. > > note that much of my work is text editing, occasional compiling, and > otherwise over ssh to other machines, or in a web browser. throwing in office > docs, and image editing would probably be the simlar memory wise, though > photoshop could easily push that to 32 gigs. most things i can think of which > would need more ram cant be done on qubes anyway, due to the lack of color > calibration, 3d acceleration, hypervisor nesting etc. in those cases id have > a dedicated offline work station and use qubes for everything else. > > since its a desktop, you can also do a removable drive tray for other OSes. for the cuda and gaming stuff, put windows on a removable drive tray and tell qubes to ignore the nvidia card. within qubes, you should be able to pass the card to an hvm to use cuda without it trying to use the display, but ive never tried this. the case i was talking about is the coolermaster haf xb evo which has two removable drive trays. it goes for 90usd -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/13d9a8d6-bfa5-44b1-bfd2-43af5fa2d7c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] usb qube with one of two usb buses?
im on a desktop with 2 usb buses. is it possible to make a usb qube with one of those controllers and leave the other one in dom0 for the keyboard and mouse? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7784db99-c5d0-4bb6-a72f-4f69b154f718%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
