[qubes-users] Re: email fetching /reading
I gave up on trying to make email secure...just too many variables. Some ideas that help make it more secure include: 1) Go thru thunderbird and adjust setting (no image preview, plain text, etc...) 2) Get a few email addresses, one for shopping, one for friendamies, 1 for business, 1 for friends, 1 for shady sites (e.g. Linkedin) 3) In your email VM, white list the email providers IPs so the VM can only reach the email provider 4) Use a non connected -dvm for the email VM 5) Use whonix-gw as the network VM 6) Use an IMAP as you state and turn off network connections after the new emails have downloaded Not sure this answers your question but I too am open to other email hardening tips and tricks... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f0568c71-d373-47da-bde1-8a7cd4c7b8c1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Adding a Firefox add-on error to -dvm ?
I used to be able to add "add-ons" to my -dvm's (e.g. HHTPS Everywhere, No Script, etc...). I would periodically update these add-ons in the -dvm. Recently I noticed an add-on needed update and when I went to update it, it says it was no longer compatible? I knew enough to start the -dvm using gnome->terminal->firefox in -dvm however this time it didn't allow me to update the add-on? Not sure this is a security enhancement with a recent update but any feedback would be appreciated...I hate running scripts on random webpages... Thx rip22... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d24e8d16-7e45-412f-af45-2630de4c7c92%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Icons on my desktop security question?
Rookie question: 1) Why I didn't discover this before I don't know, simply drag the program from the Qubes drop down menu onto the desktop i.e. drag "Fedora-dvm-Firefox" or any other app program onto the desktop for easy access. Does this impact my Qubes security? It asked if I want to execute this program the first time I use the icon, clicked "Yes"... Pretty slick feature... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/39db010e-5ca7-4bd8-b817-6f198368edb9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Qubes Tor onion services are available again!
Nice one Unman...thanks for this and your ongoing help! You rock... (Kudus to Andrew and the Qubes team as well!) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9bf5e92b-269e-4b92-b9b4-178765dd2a4d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix-ws kill switch?
I did your quick test...stopped fine. Good stuff... Good Whonix-Qubes Links: https://www.qubes-os.org/doc/whonix/ https://www.whonix.org/ Thanks all, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd3f15a9-3503-425b-8166-ee6af5ce1d7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix-ws kill switch?
I appreciate the follow up...I have that setup. My concern is I have to trust the VPN provider... I used to use Torbirdy in my Whonix-gw Thunderbird a while ago (Installed by default) but it seems it "...is incompatible with Thunderbird 60.6.1...", at least that is the message I get when I look into Tools -> Add-ons in Thunderbird. I am trying to find the best solution that balances usability with security for my email client in what I assume is the most secure in Qubes (Whonix-gw/Thunderbird). My understanding is Torbirdy would "Force" Thunderbird thru Tor only. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24150330-60da-49f9-9e83-d052f710af93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix-ws kill switch?
If I am using Whonix-gw and Whonix-ws on Qubes is there in a sense a Tor kill switch in place by default? i.e. would Whonix-ws, if always connected to whonix-gw, ONLY transmit data thru Tor? or if the Tor circuit breaks is the data transferred thru clear-net... Thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0353f610-ab46-403b-9355-41005506998c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Tails
I totally get the cert.issue, not sure any military wants to simply trust DigiCert or any body else but they do provide keys to verify the .iso. I got TENS running(surf the web) on Qubes but struggled to get USB, Ctrl+Shift+C, etc... to work. I suspect Tails would be similar. Depending on your threat model, I am intrigued by TENS...they didn't get back to me though:) Do the Australian's have a version, maybe they are more responsive? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35f2196a-9e60-4afa-b784-3e6de44032dd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Qubes OS 3.2 has reached EOL
Thank you 3.2! You were a good OS... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fee69204-d1bb-42e5-a082-9b0b0d1a2c94%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Tails
I haven't tried Tails on my Qubes but the default "-DVM" is close to TAILS but the DVM does apparently keep some information... Interesting, but I tried TENS once (Open source OS similar to TAILS developed by the US Air Force Research Labratory): www.spi.dod.mil/index.htm There tech support was not very good:) and since it is a .mil domain the https certificates are not trusted on their website... I haven't used it in a while but I have copied my old notes below, in case it helps: Create TENS: Create App VM(No network access) → Download TENs OS → Verify signatures Create Template-HVM In Advance → Increase memory to +2000 check add additional drives Choose HVMiso template for Backend domain → Pick TENS.iso file in Path -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c145bb4-4ff3-42ba-a34a-fbcd4c6fc669%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: packages for conversion of pdfs to trusted pdfs
I am not sure of why this is happening in your case but have you tried creating a new -dvm again? Does the issue persist? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f582d77-d2c8-4f65-b040-519155666a71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement: Qubes Tor onion services will no longer be maintained
I just donated a small amount...not much but all I can right now. I would encourage others if you can...both Qubes and Whonix do good work! Maybe someone can clarify and help. I have been using Qubes for a while favoring Whonix when I can. My understanding is: The -gw and -ws templates, -dvm, appvm, etc and functionality will remain...correct? The Qubes-os.org onion site is going away...right? I have been keeping pretty good track of my changes from default install(dom0 and templates) over the past few year when I originally installed 4.0, but "...have been relying on (e.g., for package repos..." might have been something I did a while ago. How would one check this? Thanks again... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/554e393c-b18f-4f9f-8990-23d5fe00ee6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Installing software..
PS...thanks for the correcting me! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4efaf472-68d8-44b2-bec1-ed54b948c86a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Installing software..
Steven, I am going to assume you have created an AppVM i.e. a Qube based on a Template (vs a Stand alone VM). In this scenario you would install any software into the template. Instructions: 1) I would suggest you clone your Fedora-29 template so you have a clean template. This is key as installing any 3rd party software is a security/privacy risk, if you screw up you can delete the clone and make a new one from the original trusted/clean template. You do this via a GUI by going to Qubes icon on the top left -> System tools -> Qubes Manager -> Highlight Template in Qubes Manager -> Right click on template -> Clone Qube 2) You will need to temporarily allow access to this template to the net. In Qubes Manager highlight cloned template -> right click -> Qubes Settings -> Basic tab -> Networking drop down -> Allow access to your Firewall Qube (Make very sure to return it to "None" when you have finished installing your software 3) Install your software into the clone. Qubes icon on the top left -> Go to your cloned template -> Terminal -> enter the install terminal commands, the commands to install libreoffice are: sudo dnf install libreoffice 4) Shutdown template, change network setting back to "None" on the template, then create your AppVM. You should now see your new software. Debian and whonix have slightly different commands in the terminal but the logic is the same. Some additional best practices include: * Never install anything into Dom0 * Check the keys to make sure your software is verified * Minimize the software you install, make multiple cloned templates and install only the essential software you need. i.e. I have some templates that include libreoffice, Nano, VPN stuff and 1 template that has all * Not sure but I don't think your software will update in the template, you might have to periodically re-create the template/software. Totally open to feedback and criticism if this direction is wrong or needs clarification... Good luck and welocme to Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f2e8802-7894-4c92-bf9e-11619cf6487b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Best practices?
...always forget something right after hitting "Post": Similar to Stuart to avoid a borked update which happens(although rarely these days) I: 1) Back up my data prior to an update 2) I only update my original templates after updating the clones, if the clones update OK I then update my original template -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/74c2ff54-4b3e-4fbb-ab9c-4561c6096e3e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Best practices?
To answer the OP question you would use the clone for AppVMs, for example: 1) Original Fedora Template = I avoid using it 2) Clone of "Original Fedora Template" = Vault AppVM 3) Cloned Template with Libre Office installed = Personal VM & for another disposable VM for printing and opening email attachments (multiple disposable VMs available in 4.0) 4) Cloned Template configured for VPN = VPN AppVMs If one screws up due to my doing, borked update, suspicion of malware I delete the clone and rebuild it from my Original Template. I highly recommend backing up your data VMs prior to updates (I can't stress this enough!). When I first started I screwed up a lot and was constantly reinstalling Qubes. Similar cloning for Debian...I tend to use Debian where I can. The logic is the more software you install in a template the more vulnerable the template becomes... I use the GUI but also picked up some commands for the terminal. I didn't know Linux but figured I would start with Qubes as I needed the security ASAP(I didn't have a choice). Here are some basic commands I might use in a terminal: Debian - To install Nautilus su apt-get install nautilus Debian - To install OpenVPN su apt-get install openvpn Debian - To install GNOME (Including Libre Office): sudo tasksel select GNOME (with space bar) Fedora (Install Libre Office): Sudo dnf install libreoffice Update Dom0 in terminal: sudo qubes-dom0-update I again thank all on this mailing list who have helped me directly and indirectly. I also recommend to donate if you can to keep Qubes going...its good stuff! Kudos to the development team and all those writing code...thank you! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b9d29d9-ec79-47c6-bd5a-5618affe2556%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best practices?
Important maintenece best practice: ...back up your data prior to updating dom) and your templates. I got burned on that a while ago. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d4cdc17-9f25-4118-8fa6-eb4a9b0c18ba%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Best practices?
A clean install...you'll never feel more secure:) A couple of best practices I would suggest include: 1) Clone your templates(maybe multiple cloned templates) and never install or use your original templates (This will help keep them secure and if you screw up on a clone you can always delete it and start a new clone from the original template) 2) Think about how you want to divide your different digital lifestyle/compartments e.g. email, banking, personal, work, passwords, etc... 3) What software do you need to install(if any)? Depending on your needs and uses e.g. LibreOffice, plugins, other Linux software? Install those on your cloned templates Maintanence: 1) Keep your templates updated (and Dom0 updated)...this should be done right after an install 2) Backup your data and system weekly/daily (depending on your need) Other security setups: Set up a VPN Explore minimal templates Review BIOs TPM Look at your firewall and restrict IPs based on the Appvms use Customize your DVM (disposable VMs) Welcome and good luck! I never used Linux and I fumble thru fine after a little practice. Don't be scared to post a question after searching if you get stuck. Keep your plugins, if any updated -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cd73f3ab-b5cf-4200-a2b8-b345ae3208b4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix Yes or No
I still trust Whonix...but the aussies, well you still got to watch them regardless! :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/207f3eea-eca8-48b7-88f4-b7df268bd945%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix update error??
Mus be the Australian government and the five eyes! I tried it on a clone and it update no issues...tried it on my main templates as-is/no change to http(fromhttps) and they happened to work fine. Next time I will consider the option of waiting... Xaver rock! Thx... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5676e005-48f1-4c20-a562-8e080aab6f77%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix update error??
Thx... That did it but if I just waited would it correct itself? Seems not so secure to update via http? Is one generally better off waiting for it to maybe correct itself vs updates via http? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8fcc7e21-3d81-4b4a-bf98-183ec7b4f30e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How secure is google-authenticator as 2FA?
As I see it Namem...no expert but I would say: 1)Yubikey most secure (I have seen other similar devices that might be more secure) 2)Google Authenticator (also similar type apps that are non google are also available 3) Text message (almost useless in my opinion but better then nothing) In my experience all of these are not really effective if the OS, browser (or the connection) is compromised. I also suspect the OS, browser or connection are more suseptable to an attack then the 2 step used. Some other "secure" email options: Protonmail (authenticator only) FastMail can use a Yubikey (but Australian) Tutanato (authenticator only...however they recently added a recovery key in case you get locked out vs an email recovery option) Google/Gmail (pretty secure but I just don't trust google...US company) If you find something better (besides hosting your own email) I am all ears...maybe use an air gapped ipod and use that for your authentication apps? Not sure I answered your question, nor is this a Qubes specific question but hope this helps... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa784db0-ae48-4e9f-9fc7-2153a1d3da9a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix update error??
I am not sure what the issue is but I am struggling to update my whonix templates via the GUI, update icon(star icon) or manually?? I get an error similar to this: Ign:1 http://ftp.us.debian.org/debian stretch InRelease Hit:2 http://deb.qubes-os.org/r4.0/vm stretch InRelease ... Err:12 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release Connection failed Reading package lists... Done E: The repository 'tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. Done. I copied this from this link(https://www.whonix.org/wiki/Qubes/Update) but my error is very similar...sometimes the error is: Err:7 Err:8 The link(https://www.whonix.org/wiki/Qubes/Update) states this is likely a Whonix error but I am unsure...I tried to update this yesterday and got the same error. Is there anything else I should do? Should I just wait another day? My Qubes manager is stating the template needs to be updated (Green arrow). Other notes: * I open tor-control-panel and it shows I am using TOR(Green) * I look in the tor-control-panel log and the only flag is the following: Feb 17 23:13... [warn] Socks version 71 not recognized. (This port is not an HTTP proxy; did you want to use HTTPTunnelPort?) However it still appears to reconnect *I do a whonix check when connecting via an Appvm and it states: ! "Could not check for software updates" this seems like a common error that I have seen before, however it never seemed to inhibit the template update Any help would be appreciated... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6485d1dd-81e4-444e-b320-c0bba69c2bbe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Anyone using protonmail-bridge
Would appreciate any thoughts on your set-up but try the following: In the appvm that houses your thunderbird and protonmail bridge add protonmails IP(= 185.70.40.151) in the firewall settings. I have managed to get it working by further limiting it to port 443 only. As I understand the workings of protonmail bridge and Qubes, since the bridge is in the same appvm as your thunderbird, 127.0.0.1 is all done within the appvm so it never crosses the firefall. I am not sure of your setup but as I have used it as follows: Thunderbird/protonmail bridge Appvm (firewall limited to 185.70.40.151) -> Firewall -> NetVM or Thunderbird/protonmail bridge Appvm (firewall limited to 185.70.40.151) -> Whonix-GW -> Firewall -> NetVM I might submit a seperate question but how do you update the bridge in your current Appvm? Protonmail just updated bridge, in the past I have rebuilt my appvm but there must be an easier way to upgrade the bridge? I hope that helps... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/301ceb43-f861-447d-993b-435cdbcb3284%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] vault color (black?) & window decorations
If you go to: Qubes Icon -> System Tools -> Windows Manager -> Style Tab -> Theme There you can pick different themes for your windows...I use "TGC" which shows the icons pretty good(although not with black). "Sassandra" looks pretty good with black... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f9398a5-a1d5-4923-8721-74445b77f2bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Firefox Account SyncVM
I am sure there are different opinions out there, but my thoughts would be: 1) Using a "cloud" account to sync is not as secure (somebody can get access, change URLs in your book mark account and your potentially owned) 2) Using other 3rd parties is less secure (Personally I don't trust LastPass, I also don't think it is open source) 3) Using the 'cloud" to circumvent Qubes isolation is less secure (i.e. Password plugin with my passwords in a cloud) I really like the convenience of a plugin for my passwords but unfortunately I don't want to compromise my security even if it is slightly less...I am open for another opinion! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e75d7dec-e203-42ac-8d52-1760713d68d3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Qubes Update" icon (Sun Looking icon on top right)
Worked like a charm! Opened up "Konsole" in my whonix-14-gw and -ws templates Ran this command: sudo apt install python-concurrent.futures I can now use the Sun/update icon to update my templates. It seemes the benefits are: Starts and stops each template automically, one at at a time Can run the updates in the back ground with out manual intervention Not sure there are other benefits but thanks again!! Keep doing what you folks do! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0449efa0-22aa-49d5-9b60-1a60a2b757ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Qubes Update" icon (Sun Looking icon on top right)
Just used this feature again...Debian-9, Fedora-29 and Dom0 updates(or lack of) went fine i.e. My Fedora templates seemed to update and no updates were needed for Dom0 or my Debian templates. My Whonix-14-GW and -WS however did deliver an error that might be related to what you refer to Marek. The sun icon gives me the following error(abbreviated): File "/var/tmp/.root_62a99a_saltimport salt.modules.cmdmod File "/var/tmp/.root_62a99a_saltimport salt.util.http File "/var/tmp/.root_62a99a_saltimport salt.util.events ... ImportError: No module named concurrent...CancelledError stdout: I manually updated the whonix-gw and -ws using the Qubes Manager OK. Any chance some one can share the commands to allow me to update using the "sun icon"? Its nice to check all templates for updates and have them run in the back ground one-by-one. I thought this would crash my system but worked pretty slick appart from the whonix-gw and -ws error I got... Again thanks to all for the help! Marek you do good work!! awokd/799 thanks for your engagement... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc02c036-7b82-4f9d-aea5-47fb7f3a9aa8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-28 upgrade to fedora-29 messes up the wireless network icon
I have never "upgraded" my templates...new template installs only, however over time I too have seen distorted icons including: * Looks like 2 icons on top of themselves * Very "Red" icon for sys-net that also is a little difficult to see signal strength... Just thought I would add my insight... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e0548e34-4323-4442-bafd-be938c74e7e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Qubes Update" icon (Sun Looking icon on top right)
Just played around again with the sun icon, this time starting my whonix-gw template used for template updates prior, a couple of observations: Seems to work fine when updating Debian and Fedora 29 templates, at least the messages I get in the details appear positive, listing the updates/changes, green check marks, etc However when I try to update my whonix14 templates (both -ws and -gw) I get what appears to be errors. I still don't know how to copy errors from Dom0 to an appvm but the errors end with: File"/var...salt...futures import cancelledError ImportError: No module named concurrent.futures ... A little back ground on my Qubes...I started using Qubes out of an immediate need for security and have been backing in to how to use it over the last few years. I consider myself pretty good but I am still missing what appears to be basic skills. How do I check: /etc/qubes-rpc/policy/qubes.UpdatesProxy Sorry to ask but can you explain in more detail? Thanks again Qubes and all those contributing...I really appreciate it! I'll document what I can using this feature... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/733c7790-bf7f-4a95-a862-9332e8a2684c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] "Qubes Update" icon (Sun Looking icon on top right)
I just had another Dom0 update today...just tried the "sun icon" again and the behaviour was a little different in that it launched my sys-whonix vm this time for an update. Notes: 1) Prior to my dom0 update today, the "sun icon" had always given me a "nothing to do" with out ever starting sys-whonix (I don't start this VM with start-ups of Qubes) 2) I played with the sun icon again after the Dom0 update today and noticed that it just clocked after starting sys-whonix. When I update using the Qubes Manager I start my sys-whonix manually before I click on "update qubes" on my templates. I tried starting sys-whonix before I clicked on the "sun icon" process and it appeared to update my template..at least the down arrow in the state column of my qubes manager disappeared (fedora template was being updated) When you say "settings point to sys-whonix" the only setting that point there are in Qubes Manager->System->Global Settings->Dom0). I believe I also changed to update my templates using sys-whonix when I installed whonix-14(quite sure this is the case as sys-whonix is launched when I update my templates). Are there other settings I should point to sys-whonix...I'd like to keep all critical updates via sys-whonix? I'll try the "sun icon" update process more and see if the behaviour changes...again the update to Dom0 today might have changed things... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/45d97c4c-f3c4-4125-a11c-3a75388c2cbc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fed29 templates/upgrade
Thanks 799...I learned something! Similar to 799 but less hardcore...I always download a fresh template(vs upgrade). In my case I ran with a full/fresh Fedora-29 after the Fedora-28 hplip issues, and added any new software from fresh: https://www.qubes-os.org/doc/templates/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/35179791-efe0-4634-90aa-af5f8b4d799f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: sys-firewall command failed with code : 1
In case the above links dont work: > > Dom0 error: https://groups.google.com/forum/#!topic/qubes-users/NSVB-s1zHCI > > Fedora 28 error: https://groups.google.com/forum/#!topic/qubes-users/gKxaTiQ3iZg -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8bf1d811-d1f6-4953-a943-a40ed748338e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Questions
Just to dovetail Hugo, here was a similar discussion that included a few alternatives: https://groups.google.com/forum/#!searchin/qubes-users/librem%7Csort:date/qubes-users/bu2jW28UJAY/Te-Z2y5GCAAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8096fd53-35b5-4872-bf8f-c8b9665fe2c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: sys-firewall command failed with code : 1
Not sure this explains your particular issues but: Dom0 error: https://groups.google.com/forum/#!searchin/qubes-users/22rip%7Csort:date/qubes-users/NSVB-s1zHCI/U-HCRz5uFAAJ Fedora 28 error: https://groups.google.com/forum/#!searchin/qubes-users/fedora$2028$20error$20update%7Csort:date/qubes-users/gKxaTiQ3iZg/t9b38WvuDgAJ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2219225c-c80d-4e2c-b504-3f4f675e4067%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] "Qubes Update" icon (Sun Looking icon on top right)
After a recent update to Dom0 an icon appeared on the top right. Been playing with it for a few weeks and I am struggling with the following: 1) It check for updates via sys-net even though I use sys-whonix for updates? I read some where there is a way to change this so it uses whonix which is more secure?? 2) Most recent I used it to check my templates and it informed me "nothing to do", yet when I used the Qubes Manager to check/update I needed to update some templates? Not sure I can trust it to give accurate info... Any thoughts or suggestions on how to use/configure this feature? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e69c51ff-70ea-409c-97dc-22d890819703%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: dom0 update: sys-whonix: command failed with code: 1
Same thing here...no answers/solutions but your not alone! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad07bc93-6e3c-4626-87a8-300474bd9c6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: default-mgmt-dvm no longer hidden
I read the original link again, seems the update to Dom0 patches the issue, I also changed my default DVM (Qubes Manager->Systems->Global Settings->Deafault DispVM) to my more secure dvm, changed my "default-mgmt-dvm" template to a more secure template, changed appvm disposable DVMs as needed... All good...thanks! Happy new year Qubes and to those that make this OS happen...really appreciate it! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b73d898-42cf-47bd-bff2-1d9a6fc12213%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Using fedora-29-minimal as template for sys-net / sys-firewall / sys-usb
I just moved to fedora-29(due to update issues with 28), full version and everything seems to be working fine. A while back I had issues with wifi connecting and used the following command in my fedora template: sudo apt install firmware-iwlwifi sudo apt update && sudo apt upgrade My wifi then worked... CAUTION: I am by no means an expert, more of a hack so do some research before trying! Good luck... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58bb7b6a-029c-4f6a-a3ed-e433f4f40e2c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: default-mgmt-dvm no longer hidden
Strange but I just noticed default-mgmt-dvm for the first time? After noticing this I noticed that one of my less trusted templates was being used as the template for default-mgmt-dvm. In this less trusted template I had browser add-ons, libre office, print drivers in addition to other less trusted software. I changed the template to one I trust more... I found another article after a search: https://www.qubes-os.org/doc/salt/ I haven't used salt for any configurations (I believe when I installed whonix-14 it was prior to "default-mgmt-dvm" being visible), however I have done numerous updates on my templates and Dom0. What are the implications? What mistakes did I make? Thank you to any one with insight they are willing to share... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3048b179-e6b2-4e2b-a563-1eaf5c7e21ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Manual update Fedora, Debian and Whonix?
Sorry for the basic question, but was wondering if some folks could help me out with some housekeeping and best practices: My understanding is you would enter the following commands into the template terminal: Debian: sudo apt-get update && sudo apt-get dist-upgrade Fedora: sudo dnf clean all && sudo dnf upgrade Sometimes with Fedora, in a pinch: sudo dnf upgrade --best --allowerasing Whonix (GW & WS): sudo apt-get update && sudo apt-get dist-upgrade Is this right? Are their some manual housekeeping commands I should run to keep the templates optimized? Thank you all and thank you for Qubes...happy holidays Qubes developers, you folks rock!! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e8107c51-45af-439f-a134-83e52471d975%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
Some typos corrected and clarification added: John, I'll take a shot at helping but would defer to Unman who has helped me out a lot, both directly and indirectly on this forum. Some notes: Been using 3.2 and 4.0 only...haven't tried 4.0.1 Not an expert but have having been using Qubes as my primary for over a year. I loaded 4.0, however during the setup I did not add the default whonix template(v13 I think) to my system as the default whonix needs to be removed in order to upgrade to whonix-14. This option is chosen when loading Qubes for the first time. I immediately update Dom0 using a VPN connection thru my network After installing Qubes 4.0, I immediately install the whonix-14 template following these instructions: https://www.whonix.org/wiki/Qubes/Install All updates going forward are done thru sys-whonix-14-GW. When you say upgrading Firefox are you just updating Firefox or the whole template...I don't just upgrade Firefox, I update the whole template i.e. I update the Debian template and the Fedora template and this updates Firefox in the template and the appvm's associated with the templates. Make sure you are aware of the template/appvm relationship...you don't update the appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the source for the appvm(sys-whonix). Other best practices I follow: *Fresh templates seems to be the advice(vs upgrading) *Whonix-gw template is a key template to update as all my updates are done thru this template/appvms * Get a VPN appvm setup as a priority * Clone your templates and experiment on the clones, this way you can resort back to your clean template WHEN you F%$# it up (Not IF...you will at some point mess one up) Good luck, hope this helps... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c48d2951-3a73-4e17-a537-bb19ddd08ef7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Upgrade guide from 4.0 to latest recommended build
John, I'll take a shot at helping but would defer to Unman who has helped me out a lot, both directly and indirectly on this forum. Some notes: Been using 3.2 and 4.0 only...haven't tried 4.0.1 No an expert but have having been hacking my way thru Qubes to make it my primary I loaded 4.0, however during the setup I did not add the default whonix template(v13 I think) to my system as the default whonix needs to be removed in order to upgrade to 14. This option is chosen when loading Qubes for the first time. I immediately update Dom0 using a VPN connection thru my network After installing Qubes 4.0, I immediately install whonix-14 following these instructions: https://www.whonix.org/wiki/Qubes/Install All updates going forward are done thru whonix-14-GW. When you say upgrading Firefox are you just updating Firefox or the whole template...I don't just upgrade Firefox, I update the whole template i.e. I update Debian and Fedora and this updates Firefox in the template and the appvm's associated with the template. Make sure you are aware of the template/appvm relationship...you don't update the appvm(e.g. sys-whonix), you update the template(whonix-gw) which is the source for the appvm(sys-whonix). Other best practices I follow: *Fresh templates seems to be the advice(vs upgrading) *Whonix-gw is a key template to update as all my updates are done thru this template/appvms * Get a VPN appvm setup as a priority * Clone you templates and experiment on the clones, this way you can resort back to your clean template WHEN you F%$# it up (Not IF...you will at some point mess one up) Good luck, hope this helps... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1497de65-baf6-41cb-9813-1b7a05062330%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Thunderbird + Whonix ---Time wrong when emails are received?
I have been using Qubes 3.2 and 4.0 for a while now. When I installed Qubes I needed to put the time on my BIOs 6 hours ahead in order for the clock on my desktop to be accurate. Worked fine for the past few years...TOR worked, time on emails looked inline using Debian9 thunderbird... I recently tried using thunderbird in whonix and now the time is showing 6 hours ahead and I am having more time sync issues with TOR and my emails are showing received 6 hours ahead??? Any suggestions on how to fix this? Not sure if this is due to my BIO time being ahead or if thunderbird in whonix shows UTC time only(which happens to be 6 hours ahead of my time??) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1735e653-b59e-401c-8913-f1a1558c40b9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] whonix + Protonmail Bridge + TorryBirdy?
Has anybody set this up with Whonix in Qubes 4.0? Are you willing to share instructions and opinions? I have managed to get this setup with a debian template/appvm but wanted to explore doing this within a Whonix template/appvm? The bridge is only in "beta" today and they email the instructions and attachments which seems not as secure. I also get an email when an updated version is available. My questions are: - How should the bridge be updated? Is this automatic with a template update? - I have noticed Torybirdy is dated? It seems Torbirdy is "..incompatable with Thunderbird 60.3.0" according to the message in the current Whonix-14 Thunderbird template? - I know whonix is a debian derivative but what would be the specific commands? - I was able to get this working using a Debian template + Appvm + whonix-14-gw but it seems whonix would be a more secure solution? Is this true? Any thoughts, help or ideas? Thx (I understand protonmail is not perfect but I am not prepared to host my own email, nor do I trust google/gsuite as an alternative...) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e32477f-7a43-4c67-ad73-36431840b874%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Change update Template from sys-whonix to sys-whonix-New
Thank you Ahmed that worked greatreally appreciate the help!! Unman as always thank you... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fca39248-3e5a-4875-a927-7b9c67e8d75b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Reinstall Qubes-Whonix TemplateVMs documentation revamped
Thank you Patrick! Really appreciate the work you do... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ae43c1c4-3bef-42a7-a19e-5ce906e8ad08%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Change update Template from sys-whonix to sys-whonix-New
At the risk of revealing my skills could I ask how to do that more specifically? In dom0 terminal: sudo then what? Thank you for any one willing to share the basicseditting a file comes up a lot and don't know how to do it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9f53b22-09b2-4789-9802-c2ce3cfbebe0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes: Unable to connect to VPN
Thanks...I am away from my Qubes but will try! Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/84169442-5ee0-4f7b-9148-905ca3e0f1ed%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: QUESTION - QUBES OS - HARDWARE
Adam, Here is a list of hardware that has been tried with Qubes, try to pick a computer with greens for 4.0(most recent Qubes OS): https://www.qubes-os.org/hcl/ Not sure you have read this link but this was a note from the list above...its close to yours. Not usre of the difference between the GL753VD and your GL753VE. https://groups.google.com/forum/#!msg/qubes-users/ylHfuhQxmhE/ihkoVxFjBAAJ Pick your hardware carefully, its important... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dd1635e7-8e76-416c-ba89-f56cac626a3d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes: Unable to connect to VPN
Interesting Otto...can you elaborate on the files you changed? I had this working at one time but then broke...I never managed to get it working. What files did you change? The config files? Any specifics for a newbie would be appreciated and likely appreciated by others. Thanks, 22Rip -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f04d11c-827b-4ebe-b678-90f4218d60f1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Change update Template from sys-whonix to sys-whonix-New
Thanks for the response but I did manage to change the "Dom0 UpdateVM" via the GUI (System->Global Settings->"Dom0 UpdateVM"), however my understanding is this only updates Dom0. I am trying to change the UpdateVM for all my templates...they are currently using the old sys-whonix. I want to change that to sys-whonix-New -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea685a84-2abd-43c1-8ee2-c6ce20aaa9ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Change update Template from sys-whonix to sys-whonix-New
I recreated a new Appvm for my templates to use for updates. I currently use sys-whonix...the new template is sys-whonix-New. How would I do this? I have Qubes 4.0 and have been using Whonix 14... Thanks again to all for any help, 22Rip -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b444d79b-2ff7-4056-ace5-3eb2f625e034%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Manjaro Spitfire laptop with Qubes 4.x?
I agree it is good to see the smaller manufacturers making efforts...the market is clearly for Gaming. I would love to see a security centric offering though. I tried sending a note to Majora, they have a Forum and a Feedback link. I sent them a note on the feedback link but it just clocks...I didn't want to sign up for the forum so didn't ask there. Maybe they will respond here? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6357ee90-2377-48dc-80cc-11d14d28d503%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: update broke whonix, can't reinstall
I had problems trying to upgrade as well...I ended up doing a fresh install, during the install I selected Whonix NOT to be installed. After the install I then added Whonix-14 (I didn't have to delete the old). Did this a while ago and have updated a few times with no issues... Bit of a sledge hammer solution...hope it helps. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82b283b1-e9c1-424e-8570-2e5baea6aa58%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: install problem
Bernhard...keep in mind I am no expert but I have managed to get 3.2 and 4.0 working(Not on a DELL) but here are some thoughts: 1) Look thru your BIOS settings I found I had to tweek them to get my system installed. 2) Did you run 3.2 on this machine and are now upgrading to 4.0. If not I would again look at your BIOS. 3) When you do the reinstall are you able to wipe the old install? During the install process you can wipe out the old install. I have had to do this a few time. You are prompted during install...take your time and look at all options during install. Thats the best I can offer...good luck. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8ae69d2d-a799-47ab-b016-ddfa334be16d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL - Purism Librem 13 v2
Unman your posts have been extremely helpful to me and I can't thank you enough for the help(I am sure many others would agree). However I think your "..Pretty easy to maintain.." would be hell for me. Librem(and maybe the Majora line) have huge appeal for me as they take care of the BIOS flashing. I checked out the x230 and you are right they are available and cheap. I would still be interested in finding some company/individual who I can trust to take care of the BIOS flashing for me as a service(I would think others would also want this service as well...). The problem is who? Thanks... ("-boxy is the new black." Good one and couldn't agree more...very funny!) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/26f75d86-0349-4533-8f3a-66fe2e37c1b3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Manjaro Spitfire laptop with Qubes 4.x?
Interesting and very coolEuro laptop! Seems intriguing but I could not find some of the questions I was wondering: 1) Are the BIOS proprietary? Same as Librem.. 2) Has the manufacturer said it is compatible with Qubes? Seems they would want to test this themselves. Have you reached out to them? Was tempted to do it myself... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/29109e79-c81b-4004-91e5-93abb5965037%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Updated Debian template-Recieved "Configuring grub-pc" message??
Thank you both for the comments... In the message I remember a statement: "..This menu allows you to select...automatic run for, if any...running grub-install automatically is recommended". I believe it also said something to the effect: "...will use the previous selection..." Considering I already completed the update and everything is working should I be concerned? Would anything bad already have happened? Next time I'll pick try the "/dev/xvda" file and see what happens but does it default to the same selection as prior to the upgrade when nothing is selected? Thanks again... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c85709b9-d21e-4d68-b01c-85eefa3d8749%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Updated Debian template-Recieved "Configuring grub-pc" message??
I just updated my Debian template and received a "Configuring grub-pc" window in my terminal, through trial and error I discovered that I was able to select "OK", and select configurations using the curser arrows and the space bar (->, <-, etc...). I haven't seen this on a Debian update before but I had the option to select what I think are devices for grub-install...maybe 4 choices. I used the space bar and selected all of them but then received error messages. I then selected none of the options(devices?) and the update continued. The update appeared to just continue finishing with "Press enter to shutdown...", no obvious error messages like past template updates. Everything appears to be working despite what appeared to be scary warnings in the terminal. Restarted the computer...no issues. Sorry to not have more info I wish I had taken screen shots. Was I supposed to select something? Any way to check? What was the window? I am using 4.0... Thanks again, 22rip -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ebb5b16e-6f08-48ef-9ad7-efcac0e87bf4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL - Purism Librem 13 v2
Tough questions and discussion but in the spirit of finding the "best" we can get laptop for Qubes 4.0 (Best being defined as: available to purchase, priced right, most open, most "reasonably" secure and"reasonably simple" to maintain), for me I see the following as my best options, ranked: Lenovo Carbon 5G X1 Available Good RAM Little pricey Easy install/maintain? Not sure if I can flash these BIOS... Lenova 400 series Available Affordable Limited RAM? Little boxy Easier to install/maintain Librem 'what ever" model Available NOT Affordable Limited RAM? Reasonably easy to install/maintain! G505 NOT as Available Affordable Limited RAM? Very boxy? Tough to install/maintain (Flash BIOS?? Out of my scope...) 200 series NOT as Available? Affordable Limited RAM? Very boxy? Tough to install/maintain! (Flash BIOS?? Out of my scope...) Dell/HP/Other? I don't know, but I suspect Qubes was developeded on Lenovo's yet select models work Desk Tops I need a laptop... Keep in mind I might weigh some of the "Easy to install/maintain" perspective more heavily but I see my best options as: 1)Carbon X1 being the ultimate winner (if I want to invest the $1k) 2)T400+ series for the budget concerned 3)Librem if you want to get the best you can with out the "fuss" and pay some $$ 4)G505/200 if you have the technical know-how/experience What I am struggling to weigh is the security/privacy/trust compromises and implications I have made/would make? I know G505/200 type products are most secure but how can I get one pre-installed and done (Easy) yet still balance trust, security, afford-ability, etcI fear the open source BIOS are out of my technical scope to install and maintain. I find Librem intriguing with the easiest "most" open source option for the "reasonable" layman(person)...sure not Intel/AMD/government secure but at least non chip maker collusion secure? Lets assume Librem screwed up initially with their claimsare they clear now? Is their product a good option? Decisions, Decisions... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d53fd873-90fb-4426-b960-efd57aafbadd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Updating Whonix 14 errors?
Thanks vonder...good resources. I carefully did nothing...tried again today and no issues. No issues and no updated needed... Thanks again, Vonder, Qubes team and Whonix team! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/286f9500-eed7-45df-beb9-71c94dc1dc42%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Updating Whonix 14 errors?
I recently installed Whonix 14 following these instructions: https://www.whonix.org/wiki/Qubes/Install Everything went well and to the best of my knowledge I was able to update the whonix -ws and -gw using the GUI. This was last week...since then I have updated Dom0, Fedora and Debian templates. Everything was working well Today I tried to update Whonix 14 -ws and -gw and I am receiving similar errors for both templates: Hit:1...tor+http://deb etc, etc, etc.onion stretch InRelease Hit:2..seemed OK Hit:3..seemed OK " " " Ign:11 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease Err:12 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release Connection failed E: The repository 'tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release" does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefor disabled by default N: See apt-secure(8) manpage for repsitory creation and user configuration details Press Enter to shutdown 1) I tried a manual update: sudo apt-get update && sudo apt-get dist-upgrade -same error 2) I did a "Whonix chek" and it states: INFO(Green): Whonix APT Repository Enabled WARNING: Debian Package Update Check Result: Could not check for updates 3) If my memory serves me correctly, sometimes this error happens with Hit:13. 4) I tried searching for similar errors but couldn't find any solutions... Any thoughts or suggestions to correct this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f15bda65-ad46-4682-97ef-ebd95019e0c5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Thanks Chris...I understand now. I just tried it again and below are my logs, while I don't get the "Operation not permitted (code=1)" error I still get the TLS error Fri Sep 14 16:55:06 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08 Enter Auth Username: My username Enter Auth Password: ** Fri Sep 14 16:55:35 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]208.X.x.x ; port xx Fri Sep 14 16:55:35 2018 Socket Buffers: R=[212992->212992] S=[212992->212992] Fri Sep 14 16:55:35 2018 UDP link local: (not bound) Fri Sep 14 16:55:35 2018 UDP link remote: [AF_INET]208.x.x.x: port xx Fri Sep 14 16:56:36 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri Sep 14 16:56:36 2018 TLS Error: TLS handshake failed Fri Sep 14 16:56:36 2018 SIGUSR1[soft,tls-error] received, process restarting Fri Sep 14 16:56:36 2018 Restart pause, 5 second(s) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/227e07f2-09a9-4608-8910-4c678cdf6e0b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Thank you Anac and Chris, appreciate your suggestions: You said that Tor was running. When combining Tor with VPN, the VPN's connection type should be TCP, not UDP. Did you check that? I did check this...opened the connection to Any/Any but this didn't seem to be the issue. I also eliminated TOR for testing and connected directly to the sys-net(to also eliminate any sys-firewall potential issues) Before you go through the trouble of a whole reinstall, you could try setting your VPN VM to use Fedora 28 instead to see if it works. You can also perform a reinstall of the Debian template. I tried with fedora-28 but also had the same TLS connection error. I ran the tests in step 3 as suggested and recieved the following errors with both the Debian and Fedora setup: Fri Sep 14 10:30:53 2018 OpenVPN 2.4.0 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 18 2017 Fri Sep 14 10:30:53 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08 Enter Auth Username: My user name Enter Auth Password: ** Fri Sep 14 10:32:34 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]208.167.254.76:1198 Fri Sep 14 10:32:34 2018 Socket Buffers: R=[212992->212992] S=[212992->212992] Fri Sep 14 10:32:34 2018 UDP link local: (not bound) Fri Sep 14 10:32:34 2018 UDP link remote: [AF_INET]208.x.x.x:port xx Fri Sep 14 10:32:34 2018 write UDP: Operation not permitted (code=1) Fri Sep 14 10:32:36 2018 write UDP: Operation not permitted (code=1) Fri Sep 14 10:32:40 2018 write UDP: Operation not permitted (code=1) Fri Sep 14 10:32:48 2018 write UDP: Operation not permitted (code=1) Fri Sep 14 10:33:04 2018 write UDP: Operation not permitted (code=1) Fri Sep 14 10:33:34 2018 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Fri Sep 14 10:33:34 2018 TLS Error: TLS handshake failed Fri Sep 14 10:33:34 2018 SIGUSR1[soft,tls-error] received, process restarting Fri Sep 14 10:33:34 2018 Restart pause, 5 second(s) Definitely strange considering it was working great for a few months...the good news is the kill switch functionality with this solution worked. Any insight with the errors I recieved? If not I think a reinstall is my best course... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/12b288bb-8b29-415f-8aa4-560661cfbba1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Thanks again for the help Chris...see my notes below: IIRC you only need to specify the IP address of a regular system interface, which in this case is eth0. So do a 'sudo ip addr' and look up the eth0 'inet' address and put 'local ' in the config. There's a chance this might work. - Unfortunately this didn't work, I entered the following: local 10.137.5.3 I was also able to find the IP in the Qubes Manager as an FYI, however I also ran the command in a terminal. If it doesn't work, and you know of no custom firewall rules or net settings that you can check or remove, then I'd consider the following possibilities: 1. Your VPN provider has changed their TLS certificate or other connection parameters. In this case their special client software (e.g. installed on other devices?) would automatically refresh the config files while your Qubes config would remain stale and unable to complete TLS verification of the remote. Remedy for this is to download your provider's current openvpn configs and put them in /rw/config/qtunnel (making sure that qtunnel.conf points to a new config file). - It doesn't look like my VPN changed their TLS cert, downloaded a new config file and tried again fresh. 2. Some residual network property of your VPN VM has triggered a bug that prevents it from working correctly. Simple remedy would be to create and setup a new proxyVM and use that instead. - I built a new VPN template with a new AppVM, I get the notification pop up but no connection. 3. Unlikely: Interference from malware, possibly residing in sys-net. - I built a new sys-net (by creating a new Qube, provide network access, attached my Network controller/wirelessnot sure more is needed to setup a sys-net) but this didn't fix it. Whats strange is that the connection is showing up as allowed in my firewall log, which makes me think everything is working with the Tasket solution. I did notice a strange connection to port 137 (NetBIOS) in my firewall which could be related or the cause. I also recently saw an ssh attempt from within Qubes. Unfortunately I have been under constant attack and a target and the only solution I see is a fresh rebuild or new computer unless you have another idea? Thanks again Chris and Qubes for what you are doing... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/40c4f041-5a78-41ae-b1f2-3b2e29714343%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Thank you both for your responses...fair question John but I am the OP, lost access to my old tutamail. Yes my VPN was working fine for a few months however with a recent update it broke?? Its a little concerning because I did both a Debian and Dom0 update. When trying to update Dom0 I was not able to update it via Tor or VPN via Qubes?? I managed to confirm my VPN is spawning out in an attempt to connect but the TLS is still not working...I tried it on 3 different networks. I know you can modify the DNS resolver by adding the following to the OpenVPN configuration: setenv tunnel_dns '8.8.8.8' But what would I add to "Specifying 'local'" in the OpenVPN configuration? Thanks again for any help... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/02cb633d-75a3-42fb-9f9e-2994dd774172%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
It appears as if I am getting a TLS error? Why would this suddenly start? Wed Sep 5 17:23:39 2018 TLS Error: TLS handshake failed Wed Sep 5 17:23:39 2018 SIGUSR1[soft,tls-error] received, process restarting Wed Sep 5 17:23:39 2018 Restart pause, 5 second(s) Wed Sep 5 17:23:44 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xx:port xxx I have restarted the computer, I am using Qubes 4.0 and leveraging a Debian 9 template. The other devices are using OpenVPN... Any ideas? John, Not sure what " script in an appvm/qube instead of the "tunnel" version ?" is...I had tried to set up the "iptables and CLI scripts" https://www.qubes-os.org/doc/vpn/ but really struggled. I found the Tasket solution easier to set up for a relative novice in desperate need of VPN security. I am also able to setup a few configurations so I can use different destinations. Is this the version you are using? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6a910daf-5a4f-48f4-a9bd-6da33fedb0d0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Correctionmy TOR is working. Any ideas how to trouble shoot? Everything has been working fine, however recently my VPN tunnel is failing? I ran: sudo journalctl -u qubes-tunnel and I get: Sep 05 10:17:48 VPN-Mid qtunnel-setup[1138]: Wed Sep 5 10:17:48 2018 All connections have been connect-retry-max (7) times unsuccessful, e Sep 05 10:17:48 VPN-Mid qtunnel-setup[1138]: Wed Sep 5 10:17:48 2018 Exiting due to fatal error Sep 05 10:17:48 VPN-Mid systemd[1]: qubes-tunnel.service: Main process exited, code=exited, status=1/FAILURE Sep 05 10:17:48 VPN-Mid qtunnel-setup[1149]: STOP-ing network forwarding! Sep 05 10:17:48 VPN-Mid systemd[1]: qubes-tunnel.service: Unit entered failed state. Sep 05 10:17:48 VPN-Mid systemd[1]: qubes-tunnel.service: Failed with result 'exit-code'. Some additional notes: My connection works on other devices I am able to get Internet access via non-VPN connection I did update Dom0 and my templates but it worked shortly afterwards Any ideas how to trouble shoot this? Thanks for any help... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6840579d-ba3b-4e96-9676-96dcd1c63a2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
Everything has been working fine, however recently my VPN tunnel is failing? I ran: sudo journalctl -u qubes-tunnel and I get: Sep 05 10:17:48 VPN-Mid qtunnel-setup[1138]: Wed Sep 5 10:17:48 2018 All connections have been connect-retry-max (7) times unsuccessful, e Sep 05 10:17:48 VPN-Mid qtunnel-setup[1138]: Wed Sep 5 10:17:48 2018 Exiting due to fatal error Sep 05 10:17:48 VPN-Mid systemd[1]: qubes-tunnel.service: Main process exited, code=exited, status=1/FAILURE Sep 05 10:17:48 VPN-Mid qtunnel-setup[1149]: STOP-ing network forwarding! Sep 05 10:17:48 VPN-Mid systemd[1]: qubes-tunnel.service: Unit entered failed state. Sep 05 10:17:48 VPN-Mid systemd[1]: qubes-tunnel.service: Failed with result 'exit-code'. Some additional notes: My connection works on other devices My TOR is not connecting I am able to get Internet access via non-VPN connection I did update Dom0 and my templates but it worked shortly afterwards Any ideas how to trouble shoot this? Thanks for any help... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f60640f-f0e9-4dae-af42-0085ff595344%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: paranoid vault domain
My thoughts would be: 1) You might want to create a specific AppVM for your passwords/keepass only. Don't store any other documents in this AppVM. 2) Use a minimal template for the above AppVM, Fedora has a minimal template available for download and the stock Debian template is already pretty minimal. 3) Try to use 2 step where possible, taking this point even further maybe get an iPod which is air gapped. I don't trust 2step via SMS but an authenticator app on an air gapped device is pretty good. 4) Make sure to have a password on your KeePass app 5) I am not sure what version of Qubes you are using but a PVH is recommended vs a HVM 6) I am not sure I can verify this, others might differ in their opinion but based on my research Debian is more secure then Fedora due primarily to how updates are done. Fedora is managed by Redhat. I use both in my Qubes setup as an FYI as Fedora seems to work better in some scenarios. 7) I can't speak to the Thinkpad fingerprint-gui but I think you are referring to the finger print reader on some thinkpads. Again I can't verify this functionality but I never trusted this feature/function. I have read some have taken efforts to set up Yubikey with some effort and success. 8) General security practices are still recommended (long passwords, 2 step, etc...). I too have trust issues...maybe consider writing down the passwords to recovery emails on paper and storing them is not a bad idea(if you can remember a 17+ password even better!) 9) I think there are some things you can do to harden your template/configuration (e.g. Apparmor, turning services off) In my opinion using Qubes as it stands is better then most/all OSes, I am sure you can harden things more but how much effort? How much complexity? How much benefit? At some point this adds more risk. While a healthy dose of paranoia is good, if you aren't sleeping that is no good! Stay safe my friend you are not alone!! Good luck... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/49040c8f-5ae7-4951-bc5d-4fba70d2f6ad%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Verification
I too was a rookie with minimal experience...still consider myself a rookie in this group! PGP is incredibly complex and I have to admit I still struggle. The gist of what your are trying to do is compare "numbers and letters" from 2 files, which verifies "authenticity and integrity" of your downloaded ISO. I use the "How to Verify Qubes ISO Digests" file to compare my downloaded Qubes ISO(half way down this page: https://www.qubes-os.org/security/verifying-signatures/), e.g. 1) Download Qubes ISO image from https://www.qubes-os.org/downloads/ 2) Using a Mac terminal, verify sha256 by typing the following in the Mac terminal: shasum -a 256 "then drag and drop ISO file into terminal" - Then hit enter - Remember space after 256 - A long list of numbers/letters is spit out in the terminal Are they the same as the SHA256 charactors from the "Digests" (line 6), found right next to the ISO download? e.g. since I use in this example SHA256, the charactors are on line 6 eb93b60b4be097fd618dbdd625f70ee64a6a77d502e50b39d2c259df9ccb8f53 *Qubes-R4.0-x86_64.iso If they are then you are "reasonably" good to go in making your bootable thumbdrive! As the Qubes team advise I check these digest numbers from different computers, networks, etc... I also try to do this on as clean of a Mac as I can get...generally I'll reformat my Mac at the Apple store so I know I have a "reasonably" clean machine Open to being corrected if I am wrong or doing this incorrectly... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9df7ed4e-c909-41b2-ae0b-d038575026f8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.