[qubes-users] Benefits of running Windows VM in QubesOS
I have come across many mails regarding running Windows 7 VM in QubesOS. So far it is not clear to me what are the advantages of running Win7 on QubesOS. Can someone quickly summarise the advantages as opposed to running Win7 (or Win10) normally as sn OS on the system, whether alone or in dual boot? Just to be clear, I understand the advantages of running Linux OS's as VMs on Qubes. Do the same advantages apply or are there any other benefits? -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_qcWzG%3DEJjPCdAtruFrSTdfv3RxizqaFHri97eEBuk%3Dg%40mail.gmail.com.
Re: [qubes-users] New Qubes User here: Need guidance in safely & securely installing to DomUs/Fedora TemplateVM
That really should be your assumption of all software unless you have > written or audited and compiled it yourself. And even then ... why do > you trust your compiler? It's not like that hasn't been done yet. > > One of the many things I appreciate in the Qubes philosophy is that > you dramatically minimize the things you have to trust implicitly: the > XEN hypervisor, the HW virtualization and the Qubes team. > > You should setup your qubes thinking that you are already thoroughly > compromised. How would you minimize damage then? A really sound and honest advice for those who are really badly targeted is: Just don’t bother. Privacy and security are no longer for you. Learn to live without them completely. Regards, Anil Eklavya -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8-u-%2BHHaxvD4XNopZbb1HSxVn07zykPPtE7Ng2Jh9Hbw%40mail.gmail.com.
Re: [qubes-users] Can I have Windows & Qubes on the same laptop?
> I bought it from the folk at Third Eye Security - you could mail > supp...@3isec.com to see what they have available. > They provide customised Thinkpads to order - my x230 had custom switches, > coreboot, 16GB RAM, 500MB SSD, Qubes installed, for 499GBP. Do they have a website? Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8dv_PAzNOu_DeL%2BMa%3DMGvVr4JQ2jq-nJyfSt6yDEYa7Q%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
I just shutdown the mullvad vpn vm and restarted it and it got connected. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8GkhOEXKZSmQ3r22OJowoLif-YmRG6R8qMURxuPp01WQ%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
> Right now, I am getting to Tor. Just trying to connect to the clearnet > via mullvad, but mullvad not connecting to any VPS server, it seems. I am able to connect to clearnet through sys-net, but sys-net -> mullvad is not connecting. -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_HBLVsoRAnA%3DXVq4fbWJ5L7tWccytiG8YLfZffLT_hZg%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
> Anil, do you try to connect through Tor or directly? If directly, it > should be quite straightforward. I also fought with it, but now direct > connection with mullvad works well. Right now, I am getting to Tor. Just trying to connect to the clearnet via mullvad, but mullvad not connecting to any VPS server, it seems. -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_RFZYZfLsnLJ_5%3DwzxmGtujjN2JX7yP4EjCgYmrVLEjw%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
> Now it is working, after changing back the password to > m. Since today morning it is again not connecting to Mullvad VPN. I setup another ProxyVM using NordVPN. It seems to go alright, but nothing gets resolved. I tried using the NordVPN VM in another AppVM, but it doesn’t connect to anything. I do have frequent problems DNS. Can this be also due DNS? How can I check if the VPN is going through DNS correctly? NetVM is connected to clearnet through the Mullvad DNS. > > -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8q_wB5wOgH1rrRcoXxUft%3DEYME6C%3D0_%2B%2Bo8%3DUMFwbjDg%40mail.gmail.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
> APOLOGIES FOR GOING OFF TOPIC SOMEWHAT. SHOULD WE MOVE THIS DISCUSSION TO A > DIFFERENT THREAD? Perhaps we should, but this seems to be as good a forum as any other. > privacy. But for me, and probably many others, this rates fairly low in my > mind. What is more important, is security: security that your > communications have not undergone tampering, security that your money isn't > being stolen, security that no-one is fiddling with your online > accounts, etc. Privacy is also important, but only as a part of the overall > aim of achieving security. It depends on the place where you live and the conditions with regard to surveillance etc. there. If the government/corporation don't see you as a risk (which you can only guess, because you are not told or supposed to be told), then security from petty criminals is the major concern. If they do see as a risk (for whatever reason or some red flag raised by some algorithm or whatever else that is possible today), then it's a different matter and privacy is as important as security, if not more. In my opinion, privacy by itself is a basic right, like human rights. Even with human rights, what I said above applies. As long as your behaviour or profile or record or even credit rating (think of China, for example) doesn't make the powers that be unhappy, human rights don't matter. Otherwise they do. One always has the option to make oneself compatible with what the powers that be want one to be. Then there isn't much risk, in a way, except from petty criminals, because the definition of risk has been narrowed down. > these forums are dedicated to a particular piece of technology, and because > most subscribers are likely technology specialists. It's good to have > lateral experience of different domains, and also to bring-in people who > aren't technology specialists, so that their creative input can add extra > value to the discussions. I am from the technology domain by education and by profession/job, just not in the OS or Linux or network security domain. > One thought I've had is that changing business models, from closed-source, to > open-source, can sometimes be an effective security solution: if > you find people are stealing your software, just give it away for free, and > charge for customisation and support? That seems to be the best way, although as of today it is that successful. It goes back to politics etc. > Here in the UK, we have a pretty effective democracy where different groups > (including the general public) can lobby the government. As such, > the general public can lobby the government in order to get the government to > provide more effective cyber-security resources for the general > public. Not sure about America or India (India is perhaps where you are > based?). America are strong democracy advocates and India has the > largest democracy, but I don't know whether their democracies are in reality > broken systems I don't want to say much on this, but enough information is available online. All I can say is that, India, like in almost everything, is in a class by itself. It is also one of the most affected by the repeated states of exception, some global, some local, in the sense of Surveillance Capitalism, very closely tied to the state, across the political spectrum. In theory, privacy has recently been declared a fundamental right by the courts, but theory is just theory. Sometimes it furthers in practice the exact opposite of what it says, because you can always point to the theory and say everything is alright and the concerns are unwarranted etc. Now there is another unprecedented state of exception and the signs of what is to come are already there. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_H5D2zmTMEddoDL2H%3DU-XXLiQTAascf1s%2BUYvqnyzV%2Bw%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
It turned out that the password was set to something other than the m that Mullvad used. I definitely didn't change it. I remember from earlier when I had read discussion on this list about Mullvad that the password is m, which not easy to forget. Even after I added two more countries today, I had set the password as m. So, I guess, there isn't much hope for security or privacy on this particular laptop at least. Either I use it for some purpose and accept the risks or I use something more like to be secure/private. They keyboard problem has started again. Perhaps I should learn a bit or astrology. On Wed, 6 May 2020 at 13:42, Anil wrote: > > Today I am not able to connect to VPN at all. I tried configurations for > three countries, have set the DNS to Mullvad DNS. Connects to Internet, but > does connect to VPN. Even for normal Internet, I had to change the DNS. This > DNS thing also has become a regular problem. Every I have to change DNS > several times and hope it will work. > > On Wed, 6 May 2020 at 12:29 AM, Anil wrote: >> >> > did you try asking the internet about this problem? >> > like, reading the first google hit for >> > "dell xps 9370 keyboard problems"? >> >> 25 years ago the first thing I would have done would have been to look >> for answers in books, computer magazines etc. >> 10 years ago, I would have googled it. Even 2 years ago I would have googled >> it. >> >> For the last two years, there have been such an avalanche of problems >> that I have to think of other possibilities beyond those discussed on >> the thread. >> >> See, the keyboard has been working perfectly for months. It was >> working perfectly yesterday and again whole day after reinstall. >> Problems pop up suddenly and then they often go away for no reason, >> even without changing BIOS etc. >> >> If it was about just one device, I would still google it. As a matter >> of fact (don't put that in quotes in the reply) I still do daily for >> various problems. That's how I installed Mullvad, the first time I >> have installed it. For the last two years (or somewhat more), the same >> kind of problems appear on all devices that I use: feature phone, >> Android smartphone, iPhone, iPad, Macbook, Windows laptop, Linux >> laptop, Qubes OS laptop. Different hardwares, different OS's. >> >> > seems like that hardware just might be subfunctional by design >> > in general, no "compromise" required. >> > >> > so for the keyboard to work, unplug _all_ cables (data, dock, power) >> > _and_ pick a bios version that matches your current astrological >> > alignment. if you are lucky, then it might work. >> > changes in room temperature might require a different bios version. >> > >> >> It is (in)glorious. Perhaps the message is just "Remove" (hardware?), >> as you suggested. It's a pretty bleak scenario, if you look at it in >> general, not as a developer or niche user. >> >> Room temperature is a whole different story by itself. There are many >> stories linked to it. >> >> Regards, >> >> अनिल एकलव्य >> (Anil Eklavya) > > -- > अनिल एकलव्य > (Anil Eklavya) -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-LM0%2BsvHqn7cBpAywE5u_vKMDfvZqwcW_8Aws7wUVeYQ%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
Today I am not able to connect to VPN at all. I tried configurations for three countries, have set the DNS to Mullvad DNS. Connects to Internet, but does connect to VPN. Even for normal Internet, I had to change the DNS. This DNS thing also has become a regular problem. Every I have to change DNS several times and hope it will work. On Wed, 6 May 2020 at 12:29 AM, Anil wrote: > > did you try asking the internet about this problem? > > like, reading the first google hit for > > "dell xps 9370 keyboard problems"? > > 25 years ago the first thing I would have done would have been to look > for answers in books, computer magazines etc. > 10 years ago, I would have googled it. Even 2 years ago I would have > googled it. > > For the last two years, there have been such an avalanche of problems > that I have to think of other possibilities beyond those discussed on > the thread. > > See, the keyboard has been working perfectly for months. It was > working perfectly yesterday and again whole day after reinstall. > Problems pop up suddenly and then they often go away for no reason, > even without changing BIOS etc. > > If it was about just one device, I would still google it. As a matter > of fact (don't put that in quotes in the reply) I still do daily for > various problems. That's how I installed Mullvad, the first time I > have installed it. For the last two years (or somewhat more), the same > kind of problems appear on all devices that I use: feature phone, > Android smartphone, iPhone, iPad, Macbook, Windows laptop, Linux > laptop, Qubes OS laptop. Different hardwares, different OS's. > > > seems like that hardware just might be subfunctional by design > > in general, no "compromise" required. > > > > so for the keyboard to work, unplug _all_ cables (data, dock, power) > > _and_ pick a bios version that matches your current astrological > > alignment. if you are lucky, then it might work. > > changes in room temperature might require a different bios version. > > > > It is (in)glorious. Perhaps the message is just "Remove" (hardware?), > as you suggested. It's a pretty bleak scenario, if you look at it in > general, not as a developer or niche user. > > Room temperature is a whole different story by itself. There are many > stories linked to it. > > Regards, > > अनिल एकलव्य > (Anil Eklavya) > -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu9aZeeq9Hh%3D8NkPf5hgNAvL1ZzNj5LkaHx5jeTQJrKFWA%40mail.gmail.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
> I think it's important to think about these things in the context of 'threat > models'. In my non-business related activities, I often just don't care > >whether people are spying on me, and also whether they steal intellectual > property from me. Sometimes, such illicit activities may even work to >my > favour (in a round-about way). Matching security to such a threat model, can > mean that you only need very low security. On the other hand, >for my > business activities, especially in respect of legal requirements, security is > very important, both for my business, and my clients. IMHO, there are not two, but three things: security, privacy and comfort/convenience. Security is a highly ambiguous term.It can take very different meanings.Privacy and convenience, however, are much less ambiguous. In usage, the words security and privacy are often assumed to be synonymous. This is wrong by a wide margin. They are, in fact, quite often in direct opposition to each other, depending on what kind of security you are talking about. Privacy often becomes the victim of security and it is very easy to justify that when it happens. Technology affects all three, but perhaps it affects convenience the most, as in surveillance capitalism. For security and privacy, technologies has a very mixed bag of effects to offer, which are not like each other at all. It may be obvious, but the answers to the questions about these three lie only partially in technology. Regardless of technology, the critical parts of the answers lie outside the domain of technology. On forums like this, we tend to ignore them, because there is little we can do about them. Here, at least. Ultimately, the answers are going to depend on such external factors - Law - Enforcement of law - Censorship - Cultural ideas - Ethical standards - Regulations - Ideas about individuality and solidarity or about freedom and rights/duties - Political inclinations of the powerful people as well as of the general population, whether we are living in a state of exception - Human expectations and aspirations etc. - Acceptable compromises to the powerful and the majority (fortunately or unfortunately) One more thing. Businesses and governments will usually find the solutions they want because they can afford them, whether they are right or wrong. It is individuals who need solutions from places likes this forum and from developers of open software/hardware. But then, as things stand, the sustainability of solutions depends on use by businesses and governments, who will then like to get their wishes enforced on the technological implementation. Or even inhibit certain kinds of innovations or repurpose them. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_5Z8RviHf-4jFMCwV9cXeV%2BM7ipr%2B8CWU-xZysgX-uiA%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
> did you try asking the internet about this problem? > like, reading the first google hit for > "dell xps 9370 keyboard problems"? 25 years ago the first thing I would have done would have been to look for answers in books, computer magazines etc. 10 years ago, I would have googled it. Even 2 years ago I would have googled it. For the last two years, there have been such an avalanche of problems that I have to think of other possibilities beyond those discussed on the thread. See, the keyboard has been working perfectly for months. It was working perfectly yesterday and again whole day after reinstall. Problems pop up suddenly and then they often go away for no reason, even without changing BIOS etc. If it was about just one device, I would still google it. As a matter of fact (don't put that in quotes in the reply) I still do daily for various problems. That's how I installed Mullvad, the first time I have installed it. For the last two years (or somewhat more), the same kind of problems appear on all devices that I use: feature phone, Android smartphone, iPhone, iPad, Macbook, Windows laptop, Linux laptop, Qubes OS laptop. Different hardwares, different OS's. > seems like that hardware just might be subfunctional by design > in general, no "compromise" required. > > so for the keyboard to work, unplug _all_ cables (data, dock, power) > _and_ pick a bios version that matches your current astrological > alignment. if you are lucky, then it might work. > changes in room temperature might require a different bios version. > It is (in)glorious. Perhaps the message is just "Remove" (hardware?), as you suggested. It's a pretty bleak scenario, if you look at it in general, not as a developer or niche user. Room temperature is a whole different story by itself. There are many stories linked to it. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8jaW9GApxHqrE7Q%2BS0Ei%2B_Ba_O55G9wQWy1%2BTQ5Dn4oA%40mail.gmail.com.
Re: [qubes-users] Password not working a day after reinstall
> that is not a "of course" qubes thing but your choice / configuration. > you can use a USB keyboard with qubes if you want to, including > for entering luks passphrase. Since I am not yet into the internals of Qubes OS or much customization, I use basically the default setting, where USB keyboard, as far as I know, does not work without doing some extra work. Since this problem is recurring, I will have to do that perhaps. > if you assume a hardware/firmware level compromise, there is no > real way to reuse any of the hardware in a safe way. > == you have to replace _all_ hardware involved. That was the advice given last time and it is correct, but hardware costs money and this one was particularly costly with upgrades. I know I should get rid of it, but there are practical constraints. > you can set multiple passphrases and perhaps add a keyfile or two. > make a backup of your LUKS header and store it separate from the system. > if the system doesnt accept the passphrase again, check if the > luks header got changed. This I must do. Thanks for pointing this out. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu9be4BFK0JHxm2g--uH54_7Xgq_vT-1NJeZ5F%2BZ1zEBHw%40mail.gmail.com.
[qubes-users] Re: Password not working a day after reinstall
Also, I have been trying to update the templates, but except for one, updates are failing with long messages about "Error downloading packages" and "tried all mirrors". Most probably a network problem, but could there be any other reason that I could check, keeping in mind the extra VPN layer. By the way, as I write this mail, the keyboarding is again acting up: sometimes eating up space, sometimes emitting two for one key press. It was working well the whole day. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_e91QkKp2zf0TjSm8dCQxuLYc4oG89KcBD86YO%2B7ye_g%40mail.gmail.com.
[qubes-users] Password not working a day after reinstall
I have Qubes OS on Dell XPS 9370. It seemed to have been compromised, so I reinstalled it yesterday, after updating the BIOS (though not updated IME). Everything went smoothly and I had setup it up and even copied back the data. A new password was set. I changed the BIOS admin and system passwords too. I wrote down the passwords and since it was only yesterday, I remember them alright. One extra thing I did was to setup Mullvad VPN (following the Micah Lee instructions) and made it the network provider for sys-whonix. Today morning when I started the laptop, the disk password was not working. I tried several times, carefully. It didn't work. I tried to use a USB keyboard, but of course that won't work in Qubes. Then I booted from a live pen drive. The keyboard was behaving oddly. Wrong letter were appearing apparently arbitrarily, though not always. Then I used the USB keyboard with the live linux and tried to mount the LVM volume. This keyboard is perfectly new and works perfectly. Still the password was not working, even after typing carefully, letter by letter, several times. I have repeated the installation process today and setup the laptop again, including the VPN. I am writing the mail from it. The last time I had setup a VPN (NordVPN), there was a hell of a trouble on all devices. Some people consider using VPN very suspicious here. I know this is not directly a Qubes OS related question, but could it be due to an IME exploit or something like that? There is no question of forgetting the password. It was a memorable story telling password, and in any case I had it written down, as I do sometimes forget passwords. The thing is, every night these days, I keep the laptop in the best Faraday bag available and the bag I keep inside a locked cupboard, with key in my pocket (and I live alone), so it seems unlikely to have happened during the night. Perhaps after I brought it out from the bag today morning? This kind of thing has happened before. Once the boot password was not working, even though that too was written down. I had to call Dell customer care and they gave me a code which cleared the boot password. The last time there was major problem, which I had mentioned on this list, I had again called Dell and they have asked for remote access from Windows, which I had given. But there is no Windows or any other OS on the system now. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-cB%3Df%3Dg8bNkaN1b8zx-U%3DupS98uaSg7z-%3DczVsSVrg1g%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
I did contact them, but they have their own arguments and according to them the FSF-RYF certification is more than sufficient. They say as it is compatible with coreboot version 4.11 and Qubes OS works as expected, there is nothing more to be done in that direction. I don't have a technical answer to that. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_GWgfiF37zT8GmO616Q6N57SPfmweLN%2BNqRZWBRH2W%2BQ%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
> Maybe they would be willing to give back to the community? If you do not have > funds but some time to spend, showing your interest to them of this kind of > partnership would mean the world me, pointing here, and have a total > different impact then if I was the one contacting them. Potential customers > have a lot more impact then they think they have. Show that you want > something and rust thing will exist. Wait for it to happen or do it on your > own and it might go instinct just like it did and never get revived. I will contact them and hope they take it up. > I'll take this public space since I don't do it enough. Watch my > presentation, but most importantly, read the slides 45+ attached to the talk: > https://fosdem.org/2020/schedule/speaker/thierry_laurion/ I will go through this. > But if everybody showed their interest for it, it.would happen. See? Yes. I know it from a different, but coding related context. Since this mail is on the mailing list, perhaps many others can do the same. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8onawVOUQ9yEK%3DfN8%3DUjnTstc1_xtAHtpTzZnDLZ%2BTNw%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
> Nope I can't. You would have to search around for parts following this doc, > do some soldering to adapt spi chip, buy it, reprogram it with firmware built > from source, buy compatible RAM and fastest CPU, case, power supply and ssd. > Information is scattered around. When I said adventurous, I meant adventurous. OK. That means I will have to first spend some time learning more about this. I can do the soldering, if I know exactly (or find out) what has to be soldered to what. > > Port and upstreamed doc > https://www.raptorengineering.com/coreboot/kgpe-d16-status.php > > https://libreboot.org/docs/hardware/kgpe-d16.html > > Build instructions are valid: > http://osresearch.net/Building > > Status report on heads. No TPM support as of now. But rom can be remotely > attested by libremkey if really really adventurous without a TPM. Less secure > since no internal root of trust. TPM is desired. > https://github.com/osresearch/heads/issues/134 This will certainly help. Thanks. > > It needs adventurous developers or funding to get mainstreamed. Since the > board got dropped by coreboot, I lost a bit of interest pushing for that last > blob free platform in this lonely path. There is developers ready to do the > needed work to bring it back. But funders refused the grant application. > Skilled developers are willing to do required work to bring it back but I > hesitate to completely self fund the whole project right now since priorities > changed, but would be willing for joint partnership. > > Anyone interested in bringing back that beast to life contact me at insurgo > at riseup dot net. This is last RYF x86 platform ever for sure. I strongly hope some people do that. People working on laptops/desktops and phones, but not seemingly on servers. It may not be for a data centre, but at least some personal website. > >Or even just as a desktop, will the setup be nearly as secure as > >PrivacyBeast? > > TPM support lacking under coreboot 4.8.1, present under 4.11. Would love to > see that beast fully supported and would even sell it myself under insurgo > umbrella. But I wont do it all alone this time. Partners welcome. If I am able to get the hardware and set it up, I can do some routine part of the work that is not too technical in the sense of knowing the internal details of TPM or OS kernel etc., with some help, if that can reduce the effort required. > Have funds? Not really. At most I can buy one. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8%2BYx1LwadkO3fe56v%3DOHkxs1zwU-Dm56T93uR87pcxXg%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
> Kgpe-d16 is supported under heads, is blobless and supported by coreboot 4.11 > and heads under coreboot 4.8.1 as of right now with plans of Can you give an approximate price (right now no one is shipping, so they are not showing the price either)? Any particular processor that is more suitable? The Asus page says it works with Opteron 6000 series processors. Also the price of the processor. > Using it as a server personally. With a qubesos supported video card and > jumper set to deactivate onboard integrated graphic (which offers really poor > graphics) that could be an awesome project, but adventurous. Someone wrote that Qubes OS is meant to be used as a laptop/desktop OS. How much effort is required to set it up as a server? As I understand, the compartmentalization provided by Qubes OS can be useful in some contexts. Or even just as a desktop, will the setup be nearly as secure as PrivacyBeast? Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-1tkeUOwrwJJSmazsDV8LeyRsJM04jpR9Xwk_nL74usQ%40mail.gmail.com.
[qubes-users] Qubes Certified Desktop
I know there is at least one Qubes Certified Laptop. Is there an analogous setup for Desktop? Or at least some desktop hardware that can be setup in the same way as ThinkPad x230, with ME neutered etc. and which is considered as suitable as x230? It could be an assembled system perhaps? Or better, some older version of NUC or other mini PC? I know Purism is selling a mini PC, but other than that. Regards, Anil Eklavya -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu9BizQzXh53yf0%2BjJDF9HM_sA0cLJ6YH_M9T-qABokbaQ%40mail.gmail.com.
Re: [qubes-users] Tor on Whonix: A couple of questions
> the location, as far as I can understand. And they try to guess the > location using all the tools and data at their disposal, including > machine learning, constrained perhaps by my privacy setting > (hopefully). If you are signed in, it will work in one way. If you are > not signed in (like in Tor Browser), it will work differently. I am sure Qubes OS and Tor developers know this.That is why Tor starts with a particular window size and at random location on the screen and it warns against changing the window size, particular to full screen. Regards, Anil Kumar Singh -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-0%3DbdLT%3DBiEg4Nui5uaRxygexLCYT4dH2RCdtwgM18RA%40mail.gmail.com.
Re: [qubes-users] Tor on Whonix: A couple of questions
> I have attached the screenshots about the second question, of > corrupted context menu. The first screenshot is when I detach the tab from the window where all the other tabs are, and second is when the tab is in the original window. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_U%3DX-_c-vBPp1QEt8wsfsNr2poNeqv60f9V8fnQtXgdQ%40mail.gmail.com.
Re: [qubes-users] Tor on Whonix: A couple of questions
> > It is not true that if I type news.google.com, I would always > everywhere be getting the US news in English. For example, if I use a > VPN and the server is locate in Canada, then Google will redirect me > to news.google.ca. > > So the first question is settled, but the second remains: about the > freezing, crashing, the corrupted context menu: Only in Tor Browser on > Whonix. I use Unstrusted VM whole day today and didn't fact that > problem. Sorry for top posting last time. Well, actually, even the first question is not settled in the light of what I said about VPN. Even without VPN, if I type google.com sitting in India, I get redirected to Google India. I have tried many times over VPN and I always type news.google.com and I get redirected to whatever setting the *exit node’s* browser has, not my browser. You can reproduce it too by using a VPN and selecting a server in some other non-English speaking country. Why is that one always gets the impression that world means the US or perhaps Europe also? You don’t know what it is in India, for example. And on Tor, I was always redirected in this way, which I had noticed, but had forgotten as it was long ago. On Tor over Whonix in Qubes OS, I am always getting the US news in English, whereas I should be getting redirected as per the settings of exit node’s Tor Browser. This used to happen earlier without Qubes OS. But I don’t think it has anything to do (directly) with Qubes OS or Whonix or Tor Browser. It most probably shows that data-based machine learning (AI) is happening to de-anonymise Tor traffic, whether at Google’s end or service provider’s end I don’t know. What I do know, as I said earlier about active research going on in this area. I work in AI and Natural Language Processing and I know that it is easy to to it with some degree of accuracy. Even I could do it if I had the dataset. And second question still remains: the freezings, the crashes and the corrupted context menu. > > -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu9HjApB%2B7kfOOYRTDEd%3DDtYre8taVPENfMtp%3Dc9Yi%2BJ5Q%40mail.gmail.com.
Re: [qubes-users] Tor on Whonix: A couple of questions
Well, I asked someone who knows better and he settled this matter. Apparently, Google News uses the settings of the browser, which in this case (Tor Browser) is set en-US. So it won't be random. It is not true that if I type news.google.com, I would always everywhere be getting the US news in English. For example, if I use a VPN and the server is locate in Canada, then Google will redirect me to news.google.ca. So the first question is settled, but the second remains: about the freezing, crashing, the corrupted context menu: Only in Tor Browser on Whonix. I use Unstrusted VM whole day today and didn't fact that problem. On Sun, 22 Mar 2020 at 02:18, Sven Semmler wrote: > > On Sat, Mar 21, 2020 at 12:33:58AM +0530, Anil wrote: > > What I have observed on my computer (any computer, including those on > > which Intel ME is neutered) is that Google News almost always (>99% of > > the time) open with the US news. > > That has nothing to do with your computer or Tor. It's you ;-) > > If you type news.google.com ... Google assumes you want US news > > news.google.de --> German news > news.google.co.uk --> British news > news.google.fr --> French news > > ... I think you get the idea. > > /Sven > > -- > public key: https://www.svensemmler.org/0x8F541FB6.asc > fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 > -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-z1Vxphii5YQ1nigY6AaCc4rPHBdNwpuNU159sn8_jMg%40mail.gmail.com.
[qubes-users] Tor on Whonix: A couple of questions
I have been using Qubes OS for more than an year now. I use Tor Browser in Whonix DVM (earler anon-whonix, but now in Whonix DVM). I mostly use it for reading Google News, because in these times of targeted servicing (i.e., personalization), I do not want to be reading new that is specially assembled for me by an algorithm relying on my personal data. The news is not about me, it should have nothing to do with me, not even how the news items are put together. (By the way, the same applies to any recommendation system). I want to decide, without someone biasing my selection, what news to read and what not to read. (I know using Google News already introduces some bias, but I don't solely use Google News for getting my news. I also happen to be involved with some research related to published news.) What I have observed on my computer (any computer, including those on which Intel ME is neutered) is that Google News almost always (>99% of the time) open with the US news. I don't think that is how it should be working. If there is true anonymity, the page should open randomly to any country and any language. That does not happen, at least not for me. I tried creating a new Whonix DVM template and checking whether it still happens. It does (that is, both of the problems mentioned above). I do know for sure that there is plenty of research on de-anonymization of tor traffic. It can be easily searched for on Google Scholar. I am not sure whether this it is Qubes specific or a problem related to Tor in general. I personally think the latter is more likely, due to de-anonymization. Another related question is about a problem I am facing, even in newly installed (but updated) Qubes OS Tor Browser on Whonix (even DVM), is that when it starts, everything seems to be working. After some time, either the browser crashes, or it freezes or it works intermittently. Now, for the last few weeks, the context menu (on right click) becomes corrupted (there are two items visible, the rest are invisible, although I can still use them by using keyboard arrows and pressing enter). I use two of these invisible options to bookmark all the pages. I tried creating a new Whonix DVM template and checking whether it still happens. It does (that is, both of the problems mentioned above). The second one I have not yet seen on the computer with neutered Intel ME, but that may be because I have not really started using it so far (I only got it recently). I don't take all the precautions that some Qubes users suggest, but I do take a lot of precautions (increasingly more, including changing habits). Can anyone suggest what could be the problem (particularly for the second question, as the first one may be due to other reasons)? Is it a bug or is it specific to my network? Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_rrZDi34xebc7PGaAMFR8Uq8%2Bbvfz00xB9gTgu61avTA%40mail.gmail.com.
Re: [qubes-users] Obtaining genuine Qubos installer
> What is your threat model? My threat model (to the extent it may be practical to address) is that I can't assume any kind of physical security (of devices in particular) and I can't rely on passwords or passphrases or software based 2FA. More than that I can't reveal. > What do you trust? Practically speaking, I have to trust a solution that address the above threat model, although theoretically I can't be sure it can solve the problems completely (even without involving aliens etc.), but I am willing to be content with that. -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_bni0vqnp_2eXXH6qwSCYkavtUB6%3D%3D66ogpVbjKGXTiQ%40mail.gmail.com.
Re: [qubes-users] Obtaining genuine Qubos installer
> devices you refer to) for. You can't plan for all that (borrowing your > words) and you can't have definitive and totally confident answers for > all (even banally) possible problems. I feel strange making this > suggestion to someone who seems to be a Qubes OS developer, because > Qubes OS is based on a philosophy that is very similar to what I am > saying here. > Even the biggest Linux (or OS) loophole that Qubes OS addresses, and the main attraction of Qubes OS is so very banal: GUI isolation. And when people (yes, like me) raised questions about the security of Linux, they received answers in tones very similar to yours and with similar reasoning. That's one of the biggest (banal) mysteries to me: How could so many people for such a long time overlook such a huge loophole in an OS that was Open Source and based on the Linus's Law? The partial answer is, and I know this personally, that many people (too many) actually knew of this loophole, but didn't disclose or acknowledge it. There were students writing keyloggers based on this loophole, but there was an informal code (Omertà like: not the Hindi film, but the original one). Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu95MJFPU_ycAUey91CswctcQDPeBt4GS3RsumeDoaom8A%40mail.gmail.com.
Re: [qubes-users] Obtaining genuine Qubos installer
> i trust a randomly-bought chromebook more than any overpriced device > that has "we are so secure/paranoid we walk funny" as its main selling > point. > The details of what you have been saying over the course of these emails (most of them) make sense to me in certain (perhaps most) contexts, but everything has context and you don't know everything and their contexts. Since you reply anonymously to people who are not anonymous, there is an asymmetry. For example, when I raise some issue or ask some question on this forum, I give at least some part of the context (because I have to), but you don't tell (can't tell, because of the need for anonymity, which may be very valid), so I don't know where you are coming from. You know only partially where I am coming from and what is my context, but seem to be assuming a lot more. But your impression seems to be that your suggestions are universally valid. I could argue that they are not, but then I will have to give more context than I can or should. Such a situation results in vitriolic debates and comments without necessarily understanding the other person's context and perspective. It doesn't become clear what it is your main point or lesson for the user (in general or to a specific user). Side comments: - What's with the phrases/acronyms that sound like homophobic slurs? There are languages where 'breaking the knees' is a metaphoric and literal threat that has historically been carried out quite frequently (and literally, mostly against marginalized people). And people whose knees have been broken (for some banal whistleblowing or breaking of some funny rule), usually 'walk funny' - 'Ed Snowden' is not the only kind of extreme case of the need for security. Again, I could give more context and specific contexts ... Very banal ones. Solution: Only partial one is possible. Don't assume you know all possible contexts (without involving aliens or picometric perversions and the like) about what the Qubes OS users may be using it (or those devices you refer to) for. You can't plan for all that (borrowing your words) and you can't have definitive and totally confident answers for all (even banally) possible problems. I feel strange making this suggestion to someone who seems to be a Qubes OS developer, because Qubes OS is based on a philosophy that is very similar to what I am saying here. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-O784qz4iTeoM7avy5UBEjG11ZXBh0MyQ1ZbO5m5YU%2Bw%40mail.gmail.com.
Re: [qubes-users] What happened to "paranoid mode"?
At that time I didn't notice, but what in the world is TOFU? I even looked it up on Google, in Urban Dictionary, but still couldn't decide in which sense it was being used and for what. I have been exploring the backup options suggested by you and others. Once reason 'those people' (I will still call them common people, although they will actually be power users at least, if they have come to this point in using OSs) may think twice about something like borg, is that, in Qubes, they will be wary of installing (or putting) something in dom0: something that can be executed. Perhaps that is being overcautious, but borg, for example, requires installation of several other dependencies. There aren't just two kinds of people: Developers/power-users and those who don't know how to delete a file without using a mouse. Unless I am extremely wrong, most Linux users will fall in somewhere between these two extremes and may of them won't even be power users. Linux is actually being used now and you can manage to do quite a lot with the GUI, so becoming more and more like Windows in that sense. I am sure you, of all people, know that, but my long term peeve (expressed before on this forum) has been that this large section of people in the middle is largely ignored. Even the documentation, as I pointed out earlier, is either too technical or too noob-friedly, although I understand that there aren't enough people to do documentation and this is open source and free software. They - we - have to go to something like reddit for finding clues. That aside, if one does decide to install bog, it seems to be a pretty good option. On Sat, 4 Jan 2020 at 18:50, wrote: > > On Sat, Jan 04, 2020 at 05:05:01PM +0530, Anil Eklavya wrote: > > (please dont TOFU) > > > I wasn’t aware of these options. Thanks for pointing out. I will > > certainly try them out. > > this is all "some assembly required" stuff, but i will try to describe > a working borg setup with some variations and try to explain some of > the thinking behind it. > > there are some example scripts here: > https://github.com/xaki23/rzqubes/tree/master/borg > > most of these are not commented, userfriendly or have proper > separation of "code" and "config", but otoh we are talking > about something you set up just once for each system. > > the complex parts there are bsnap.sh (which is the hourly > cronjob that does the actual borg-snapping) and bsync.sh > (which is optionally called at the end of bsnap and does > the syncing of backup to external target(s), if desired). > the *wraps are just thin wrappers as crude ways to use > remote-capable tooling (here: borg and rsync) over qubes-rpc. > > bsnap.sh has a bit of config at the beginning (lines 3-5), > storing a password like that is certainly not ideal, but otoh > doesnt matter (to me) since the script is inside dom0 which > already has access to all my data and if it is compromised > its pretty much gameover anyways. > > lines 7-13 are leftover from qubes3 days (or for people using > qubes pools of type "file" with q4). > > lines 15+16 are a sample of how to use the remote-wrapped variant. > basicly that means your dom0 still does all the reading, chunking, > encryption, but the actual storage backend process is running > on a remote host (or in a qubes appvm). this can be very useful > if you are backing up a stationary desktop to a bulk storage > host on the same lan. > > lines 20-30 are three "backup groups". private volumes at rest, > unsynchronized private volumes of running vms, and dom0 as "files". > the FLP/FLS parts (lines 20+24) select which VMs are backed up > in that way, you can play around with the ls+grep on the commandline > until it matches whatever you want to back up. the examples there > are of the "everything, except what the grep throws away". > > lines 21+25+29 delete old backup snapshots that are outside the > specified keep-range. 30/30/30/30 is _a_ _lot_ ... > > lines 34-43 are the call to sync out the backup to external > storage, with crude locking. the locking (even when less crude) > is mainly a policy question. if you dont use locking for the sync, > and your sync takes longer than your backup frequency, you might > end up with the sync always just doing half a sync, never completing. > that can be very bad. > otoh, if you do locking, and the (locked) sync stalls out and you > dont have stale-lock detection or a timed hard limit, that stalled > sync job will block all newer sync attempts forever. > thats also very bad. > > the called-under-lock bsync.sh tries to level the field (lines 4-8) > by killing/removing anything that might be leftover from older > syncs, creates a lvm snapshot of the local lvm backup v
[qubes-users] Setting up Yubikey with Qubes OS
I am using Qubes 4.0.3. I would feel a little bit more secure if I was able to setup Yubikey with Qubes. I had tried that, following the instructions given on the Qubes website, but it didn't work, probably because of the way passphrase is saved in the configuration files. If someone can help me set it up, that would be something I badly need. I am using Yubikey with various online accounts and with the Windows laptop. [Starting a new thread because it's an unrelated matter and I do need help]. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-PT-VWoEKziHjie8PeUAhbO89cw9B%3DsaU4UNR2Q0nKGg%40mail.gmail.com.
Re: [qubes-users] Re: Tor not connecting over DSL
Tor in sys-whonix doesn't know or care what kind of Internet connection > sys-net is using. If you use some other computer not running Qubes, can > Tor connect over that same DSL? You might be getting blocked upstream. > Looking at the logs, it seems to be related to swdate, although the date command output is correct and the correct date is displayed on the taskbar. Sometimes there is an error about time synchronization. It could also be related to the DSL modem settings, as the same connection with an older modem was working on the same computer with the same Qubes installation. I tried various things in the DSL modem settings, but since I don't know what kind of problems occur with DSLmodem, I don't really have an idea about what to change. The new modem anyway has very settings, whereas the older modem had a lot of settings which could be changed. That was a probably used modem given to me and it was pre-configured. I don't have another computer with Qubes installed. The new modem does not show the correct date when I select automatic time update in the settings, but when I deselect it, it doesn't show any date or time. This is why I think it may be related to time settings. > >> By the way, even with other internet connections, when I try to connect > to > >> connect to Tor with the Connection Wizard, it always says Unknown > Bootstrap > >> Tag and please report it. Does that indicate some problem? > > Not sure which wizard you mean, but I don't see that on mine. > The Anon Connection Wizard in sys-whonix. It was there by default on my every installation. -- अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8ebeKWNeK44AVHLOBMMdA8WNmhpL6gghD8spuLVwp5Sg%40mail.gmail.com.
[qubes-users] Re: Tor not connecting over DSL
On Wed, 12 Feb 2020 at 22:53, Anil wrote: > I have setup a DSL modem (D-Link ASL DSL-520B) with Qubes 4 latest release > on Dell XPS 13. I am able to connect to the Internet, but the Tor > connection does not complete. I have tried with the two default bridges > also. One time that it connected without any bridge, it took a long time to > connect, but Internet over Tor doesn't work. > > By the way, even with other internet connections, when I try to connect to > connect to Tor with the Connection Wizard, it always says Unknown Bootstrap > Tag and please report it. Does that indicate some problem? > > Regards, > > अनिल एकलव्य > (Anil Eklavya) > I have tried changing the DNS servers also, but that doesn't change the status. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8umv1mn1O-QWVMt7hJfVfPS0%3Dzn3bTK%2BwaYXHS6%3DpWrA%40mail.gmail.com.
[qubes-users] Tor not connecting over DSL
I have setup a DSL modem (D-Link ASL DSL-520B) with Qubes 4 latest release on Dell XPS 13. I am able to connect to the Internet, but the Tor connection does not complete. I have tried with the two default bridges also. One time that it connected without any bridge, it took a long time to connect, but Internet over Tor doesn't work. By the way, even with other internet connections, when I try to connect to connect to Tor with the Connection Wizard, it always says Unknown Bootstrap Tag and please report it. Does that indicate some problem? Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu9kYhRjEQWn9Q9xgQAedrvrtJSRtX52fn31C%3Dgur7tk-w%40mail.gmail.com.
Re: [qubes-users] What happened to "paranoid mode"?
I wasn’t aware of these options. Thanks for pointing out. I will certainly try them out. I agree with all your points about backup being practical and usable. The password is the weak link here’ as everywhere’ just like private keys. Perhaps something like YubiKey plus KeePass can solve this problem. Or someone may have a better suggestion. I had once tried setting up YubiKey on Qubes, but there was some problem. I will get around to solve them as YubiKey is known to work with Qubes. I made the mistake of trying it out on MacOS Catalina, but all hell broke lose. I do use it on Windows, Google etc. Regards, Anil > On 04-Jan-2020, at 4:41 PM, dhorf-hfref.4a288...@hashmail.org wrote: > > On Sat, Jan 04, 2020 at 03:56:49PM +0530, Anil Eklavya wrote: >> A better way to backup and restore will make Qubes much more usable, >> preferably at some point using something like rsync, as they have >> already been considering. This is one crucial feature that makes it >> difficult for common users to use this OS as a default. > > idgi, why dont these people use whatever backup solution they prefer? > > i have been using "borgbackup" to make automated, hourly, incremental > backups of my qubes machines since qubes3, even did the move > from qubes3 to qubes4 by "reinstall, restore" or use "backup on machine > x, restore on machine y" to move appvms or even templates around. > > "restic" looks to have a very similar featureset and i heard good things > about it, might have used it if i had found it before borg. > > in comparison, "qubes-backup" is about as useful as considering "tar" > to be the actual default backup solution of a plain linux. > dont get me wrong, i am not uninstalling tar or qubes-backup, but > i cant remember the last time i was desperate enough to actualy > use either for a backup. > > three important points wrt backups in the real world: > - backups have to be automated + background, or they wont happen. > - backups have to be incremental, or they wont happen frequently. > - and unless you have a restore process you are familiar with and > use at least sometimes ... > ... you dont have a (real) backup you should rely on. > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9FA0DE1A-7AD3-45C2-965D-CD3DD9758271%40gmail.com.
Re: [qubes-users] What happened to "paranoid mode"?
A better way to backup and restore will make Qubes much more usable, preferably at some point using something like rsync, as they have already been considering. This is one crucial feature that makes it difficult for common users to use this OS as a default. > On 04-Jan-2020, at 3:08 PM, 'awokd' via qubes-users > wrote: > > tetrahedra via qubes-users: >> From back in the 3.2 era: >> >> https://www.qubes-os.org/news/2017/04/26/qubes-compromise-recovery/ >> $ qvm-backup-restore --paranoid-mode >> >> On my 4.0 install this option does not appear. Is it no longer >> considered necessary? >> > Looks like it is coming back: > https://github.com/QubesOS/qubes-issues/issues/5310. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/8255dbcc-7e09-eb18-cce3-17aa54dcfa82%40danwin1210.me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8AC436C7-D3C0-435C-9AF2-A9DB6D3441BA%40gmail.com.
Re: [qubes-users] Re: Recommended laptop?
Thanks for putting all this information in one place. I was earlier looking to buy Insurgio Privacy Beast, but it was not clear whether it could be shipped to India. I then ordered Librem 13. Is there any comparison available between these two, based on privacy and security considerations? Regards, Anil Kumar Singh > On 01-Jan-2020, at 2:15 AM, Thierry Laurion wrote: > > > >> On Wed, Dec 25, 2019 at 6:03 PM wrote: >> Insurgo is providing a service. >> >> If one can do the steps themselves, that’s fine. >> >> If I were advising a somewhat less technical journalist or a potentially >> targeted human-rights worker or politically targeted activist who just >> wanted to get stuff done and had the resources, I’d point them to Insurgo. >> >> Brendan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "qubes-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to qubes-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/7a7741f2-6b80-40be-a5a0-0f56b658f9fc%40googlegroups.com. > > > Hello there, Thierry Laurion from Insurgo Open Technologies. > > Thanks Brendan. > > I feel the need to clarify things a bit once in a while. This reply is one of > those. This QubesOS community is large, and even if replies were done on > Reddit and other posts here in the past, the same questions arises with the > same scattered answers. Here is a combination of those answers. > Insurgo made grant applications so that actual best trustworthy unmaintained > hardware becomes mainstreamed under coreboot, and added under Heads (extend > Heads measured boot support of latest coreboot VBOOT+measured boot on > Sandy/Ivy bridge xx30 and xx20 platforms: t530, t430, x220. Thanks to > obtained NlNet grant for Accessible Security project). > Insurgo is attempting to gather developers, device manufacturers > (RaptorEngineering) and funders around Power9-Power10 hardware based X86 > alternative platform (PPC64le QubesOS platform support which has a bounty > offer already but needs commited developers). Let's remember that their > Blackbird/Talos II platforms recently got RYF certification. > The last x86 platform having met RYF criteria is the X200, thanks to the > Libreboot project, which removed Intel ME. > Since then, the x86 platforms have blobs we have to accept/deal with to make > it trustworthier: > Sandy Bridge/Ivy bridge : EC firmware, Intel ME BUP ROMP modules. Coreboot > doesnt rely on FSP blobs for initialization. ME is actually neutered (no > kernel nor syslibs as opposed to newer platforms, just BUP and ROMP) and > deactivated (AltMeDisable bit, not HAP bit). > More recent hardware requires ME with its kernel and syslibs binary blobs > present, while ME is asked to be deactivated through HAP bit, requires Intel > FSP and other binary blobs for hardware initialization. > Insurgo works to bridge the gap to broader QubesOS accessibility, so that > users in need of remote support can have secured remote administration from > trusted third parties (new revenue? AccessNow? Other third parties?) over > hidden tor onion service from additional GUI (NlNet grant for Accessible > Security project). > Insurgo tries its best to support Heads community through GitHub opened > issues while promoting collaboration. > Insurgo tries its best to mainstream CI build systems to produce reproducible > builds artifacts (this is broken for months and is still not resolved). > Insurgo tries to raise awareness of researchers and developers on the current > state of "Open Source Firmware" (currently requiring FSP, ME or > equivalent,not having completely neutered Intel ME while claiming it is > deactivated, while system libraries and kernel is still there but latent...) > This implies going to conferences, doing talks, confronting the status quo, > researching, developing so we have alternatives in the futurewhile also > doing the required clerical work. > Insurgo made QubesOS preinstallable for the first time on the PrivacyBeast > X230, thanks to its reownership wizard which takes care of GPG key > generation, internal ROM reflashing, TPM ownership and sealing of > measurements, signing boot configuration, while enforcing diceware > passphrases in the provisioning phase. The goal is to generalize it to other > platforms. Ideally through collaboration... > Insurgo made the PrivacyBeast X230 certified by QubesOS, with a lot of work > done on Heads that is unfortunately not upstreamed yet. Will go back at this, > while branch is a
Re: [qubes-users] Anyone tried Qubes on HP Paviliion x360 14cd
The mail got sent halfway mistakenly. I installed the rc2 version on HP Pavillion x360. It only got installed in legacy mode. Doesn’t boot in UEFI or with secure boot. Also I have moved network-manager to sys-net. I can attach the USB-ethernet adapter to sys-net, but I am not sure how to get ethernet working in sys-net after that. I tried the method given in documentation about PCI devices, but it says sys-usb doesn’t expose the device (which readlink says is for ethernet). Regards, Anil > On 19-Nov-2019, at 9:58 PM, Anil Eklavya wrote: > > I installed the rc2 version on HP Pavillion x360. It only got installed in > legacy mode. Doesn’t boot in UEFI or with secure boot. > > Also I have moved network-manager to sys-net. I can attach the USB-ethernet > adapter to sys-net, but > > Regards, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4FB27F9D-B45F-4E23-A714-D72C61701708%40gmail.com.
Re: [qubes-users] Anyone tried Qubes on HP Paviliion x360 14cd
I installed the rc2 version on HP Pavillion x360. It only got installed in legacy mode. Doesn’t boot in UEFI or with secure boot. Also I have moved network-manager to sys-net. I can attach the USB-ethernet adapter to sys-net, but Regards, Anil > On 20-Oct-2019, at 4:06 AM, Anil Eklavya wrote: > > I tried again and it did get installed. I have just installed it and so far > it’s working fine. > > There was probably a mistake in the dd command. > > Right now I am using the stable version, as this model or anything similar > was not listed in the HCL list. I have separate sys-usb and sys-net. > > It would have been good if Coreboot or Heads Linux was available for this > model. > > Can you point me to directions to change the whole disk passphrase. I had > done it earlier, but I seem to have forgotten the exact way. Mainly, I am not > sure whether I have to use cryptsetup on the disk device or the boot > partition device. I have not played around with command line encryption much. > > Regards, > > Anil > >> On 17-Oct-2019, at 11:21 PM, awokd wrote: >> >> Anil Eklavya: >>> I am trying to install Qubes on HP Pavillion x360 14 inch (cd0056TX). I >>> have tried both in UEFI mode and legacy boot mode. It either doesn’t >>> recognise the bootable drive (says not bootable drive), or it stops at one >>> point during booting from the installation pen drive and just stops at one >>> point and doesn’t proceed further, no matter how long I wait. >>> >>> Has anyone tried on this model and can anyone any hint as to what could be >>> the problem. >>> >>> I tried both with MBR and GPT for the pen drive. I had searched for the >>> line at which stopping, but did not find any solution that works. >> >> Make sure to use dd mode to create the install pen drive. Try UEFI >> first, and refer to https://www.qubes-os.org/doc/uefi-troubleshooting/ >> if you still have trouble. If that doesn't help, update here! >> >> -- >> - don't top post >> Mailing list etiquette: >> - trim quoted reply to only relevant portions >> - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/C519E4ED-8DB1-434B-8F93-861E449803CE%40gmail.com.
Re: [qubes-users] Anyone tried Qubes on HP Paviliion x360 14cd
I tried again and it did get installed. I have just installed it and so far it’s working fine. There was probably a mistake in the dd command. Right now I am using the stable version, as this model or anything similar was not listed in the HCL list. I have separate sys-usb and sys-net. It would have been good if Coreboot or Heads Linux was available for this model. Can you point me to directions to change the whole disk passphrase. I had done it earlier, but I seem to have forgotten the exact way. Mainly, I am not sure whether I have to use cryptsetup on the disk device or the boot partition device. I have not played around with command line encryption much. Regards, Anil > On 17-Oct-2019, at 11:21 PM, awokd wrote: > > Anil Eklavya: >> I am trying to install Qubes on HP Pavillion x360 14 inch (cd0056TX). I have >> tried both in UEFI mode and legacy boot mode. It either doesn’t recognise >> the bootable drive (says not bootable drive), or it stops at one point >> during booting from the installation pen drive and just stops at one point >> and doesn’t proceed further, no matter how long I wait. >> >> Has anyone tried on this model and can anyone any hint as to what could be >> the problem. >> >> I tried both with MBR and GPT for the pen drive. I had searched for the line >> at which stopping, but did not find any solution that works. > > Make sure to use dd mode to create the install pen drive. Try UEFI > first, and refer to https://www.qubes-os.org/doc/uefi-troubleshooting/ > if you still have trouble. If that doesn't help, update here! > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6DE89F6B-2E96-4C88-86BE-C65B3F8DDFA2%40gmail.com.
[qubes-users] Anyone tried Qubes on HP Paviliion x360 14cd
I am trying to install Qubes on HP Pavillion x360 14 inch (cd0056TX). I have tried both in UEFI mode and legacy boot mode. It either doesn’t recognise the bootable drive (says not bootable drive), or it stops at one point during booting from the installation pen drive and just stops at one point and doesn’t proceed further, no matter how long I wait. Has anyone tried on this model and can anyone any hint as to what could be the problem. I tried both with MBR and GPT for the pen drive. I had searched for the line at which stopping, but did not find any solution that works. Regards, Anil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3CF456FC-7064-4215-9E6B-70885A814114%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
> Dropping Qubes mailing list since it's not a Qubes issue any more. > Recommend calling Dell again and telling them the above paragraph. > Sounds like a hardware problem with the laptop to me. Get them to > replace it. I understand it no longer seems to be directly a Qubes issue, but I am updating because it may indirectly be of interest to Qubes users and developers. I will be contacting Dell on Monday. They are unlikely to replace it, but if they think it’s a hardware issue, they may repair it. Right after my last post, during the last attempt, there was a notification from Quick Heal about a suspicious file. I tried today when I booted up the laptop again, it worked without any problem for several hours. I updated all the drivers and checked that the Windows updates were up to date. Everything went well. Finally when I started to proceed with changing login options, it froze again. And then it started freezing repeatedly. The part which may be relevant to the Qubes community is about the fact that today it started freezing when I restarted the NordVPN app, which I had to disable earlier, because the network just won’t work properly. Earlier also I think the problems started after I logged in to NordVPN. But again, it may be a problem specific to NordVPN. About two years ago, I had subscribed to IPVanish and I had to give up using it with a few weeks as it just won’t get connected to the Internet. Years earlier, when the Tor Project was relatively new and I tried to use it, it also just won’t connect to the Internet. However, later on it started working. Still, my problems on laptops might have something to do with the use of Tor or VPNs. In the university where I work, the users who use a VPN have their internet access disabled. Since Qubes and Tor are about privacy and that is what I have been arguing for for years openly, even in official settings, I think the problems might have something to do with trying to maintain privacy online. Besides laptop, there are other reasons why I think this may be one of the causes. I mention it here so that Qubes users and developers may be aware of this possibility, in case they are not (I think many already are). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3C705D48-2CAB-43DD-ABD0-A3FD3B06E2B7%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
> So, I am not sure whether it is a problem related to Qubes, or the graphics > card or with BIOS. My hunch is still that it is with BIOS, unless the > hardware itself is compromised. At this point (that is since I reinstalled Windows 10), I have don’t have any Qubes on my system, but the laptop is still freezing. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/A96651C8-4F47-4F89-AB52-1A3650B49A13%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
>> Your system intermittently freezing sounds like it could be >> https://github.com/QubesOS/qubes-issues/issues/5272 too. > > It does seem like it, but one difference is that this time I haven’t even > updated dom0 yet. I have not connected to internet at all, as I was first > trying to connect through ethernet. Since at that time USB-C seemed to be the problem, I decided it was not possible to use Qubes with Dell XPS 9370. So I reintalled Windows 10. Before that I updated the latest BIOS driver from pen drive. Everything went well till the installation was finished and Windows activated and some other applications installed. I was trying to update drivers and Windows, when the system started freezing in the same way: after a flicker. At one point I must have rebooted at least 20 times within 1 hour or so. I finally decided to call Dell Customer Service, as the laptop is still under warranty. After several attempts (as the calls also sort of froze in the middle of my telling what was wrong), I was able to get through to someone at Dell India. There was a long session that involved running diagnostics at bootup, then checking that the graphics driver was installed or not. The graphics driver had to be downloaded and installed. Strangely, the system didn’t freeze once during the more than one hour session with the Dell representative. Since it seemed to be working well, I thought the problem was related to graphics driver. Several online forums also mentioned Dell XPS 9370 freezes due to graphics card driver problem, but in my case freeze often happens even during the bootup, before the OS starts. Still, I updated the drivers suggested by Dell Update tool and also updated Windows. All seem to be going well when the freezing started again. This time it was even worse. It once froze during typing the boot password, which I have had setup for several months now. There were many freezes and restarts, but one was particularly strange. The system restarted automatically in the middle of my typing the boot password (I had typed only part of the password) and then it rebooted without asking me for boot password. On this occasion, every key press was accompanied by a flicker. I was able to reboot again several times (the boot password is not deleted, as the system is asking for it, but it flickers at every key press while typing the boot password). I did Dell bootup diagnostics again and it said everything was fine. Still, the system is freezing so frequently now that it is again practically unusable. So, I am not sure whether it is a problem related to Qubes, or the graphics card or with BIOS. My hunch is still that it is with BIOS, unless the hardware itself is compromised. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/AA91ACCB-E3B9-4683-ABF8-BCA94E4AA920%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
> Your system intermittently freezing sounds like it could be > https://github.com/QubesOS/qubes-issues/issues/5272 too. It does seem like it, but one difference is that this time I haven’t even updated dom0 yet. I have not connected to internet at all, as I was first trying to connect through ethernet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/F8B6DD60-035A-48BC-BA65-25073AB0D3CE%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
> In dom0, do qvm-pci. Check the USED BY column to make sure the > appropriate devices are in the appropriate qubes. > I tried that. There is no PCI device used by a VM, except wireless adapter (sys-net) and USB controller (sys-usb). > Next, ISTR others saying USB-C devices are twitchy in Qubes. Try > powering everything off, then attaching the Realtek to the hub, hub to > laptop, and only then powering on the laptop. I did that. The device apparently gets attached to sys-net, but it is still not listed by lsusb in sys-net and network still doesn’t connect by ethernet. There may be a problem with USB-C devices in Qubes. (I don’t really know what you mean exactly by doing ISTR to other: ISTR seems to stand for It Stands To Reason. Do I have to send a separate mail at some other forum?). I haven’t tried Qubes so far on any other laptop without using USB-C ports. Is it normal to sometimes get GUI textbox for device passphrase and sometimes command line prompt? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/52734941-1D56-446E-9EF4-B56DFC406497%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
>> >> The freezing might have been caused by the PCI device changes you made. >> Try to undo them, so your USB controllers (only) are in sys-usb, and >> wifi controller (only) is in sys-net. >> >> Then, verify the Realtek is listed in dom0 under qvm-usb. You _may_ then >> be able to map it to sys-net with qvm-usb a sys-net [Realtek]. >> > > I will try that out. But how will I undo the changes when the changes (actually only one attempt) did not succeed? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/A4B506BD-91FA-41F2-B71C-9029125597CD%40gmail.com.
Re: [qubes-users] Re: Unsure about network device attachment to VMs
> On 15-Sep-2019, at 5:32 PM, awokd wrote: > > Anil Eklavya: >>> Can you diagram what you are trying to do? E.g. I think it's: >>> >>> Ethernet---Realtek---USB3 hub---sys-usb---sys-net(for networking) ? > I am simply trying to connect the ethernet adapter to sys-net, instead of > having network directly in sys-usb (which seems to be against the design of > Qubes, I think). I tried with qvm-sub, but it didn’t work, so I tried with > qvm-pci, but that also doesn’t work (it is not even supposed to, I think, if > the adapter is listed as a USB device). > > So, yes, the above diagram is basically correct, except that it is USB 3.1 > (type C) hub. The laptop has no ethernet port. > > About freezing, it also coincided with upgrading to a larger nvme drive from > a different company. That is why I had asked earlier if the drive can cause > the freezing, or perhaps the firmware in the drive is not reliable. Should I > go back to previous drive and see it freezing still happens. I don’t know > exactly what is happening, but given the fact that I have been using > computers of various kinds with different OS’s since 1994 as a power user (at > least), my instinctive response is that it is something malicious. At what > level it is occurring, that I don’t know. > > This is a costly laptop (with costly upgrades) and I can’t afford to buy > another laptop right now and to dispose of this one. I would like to try to > make it work if it can be made to work with Qubes. > > It was working (without freezing) earlier, but with legacy boot and with a > different drive, but I am not sure if it was compromised even then. More > importantly, it was working with sys-usb and sys-net combined. > > As an aside, the pen drive (HP class 10) I had use earlier after upgrading to > this larger nvme to update the BIOS, got bricked apparently for no reason, > without being attached to anything else. I noticed that only when I tried to > use it again for updating the BIOS again. >> I am simply trying to connect the ethernet adapter to sys-net, instead of >> having network directly in sys-usb (which seems to be against the design of >> Qubes, I think). I tried with qvm-sub, but it didn’t work, so I tried with >> qvm-pci, but that also doesn’t work (it is not even supposed to, I think, if >> the adapter is listed as a USB device). >> >> So, yes, the above diagram is basically correct, except that it is USB 3.1 >> (type C) hub. The laptop has no ethernet port. > > The freezing might have been caused by the PCI device changes you made. > Try to undo them, so your USB controllers (only) are in sys-usb, and > wifi controller (only) is in sys-net. > > Then, verify the Realtek is listed in dom0 under qvm-usb. You _may_ then > be able to map it to sys-net with qvm-usb a sys-net [Realtek]. > I will try that out. >> About freezing, it also coincided with upgrading to a larger nvme drive from >> a different company. That is why I had asked earlier if the drive can cause >> the freezing, or perhaps the firmware in the drive is not reliable. Should I >> go back to previous drive and see it freezing still happens. I don’t know >> exactly what is happening, but given the fact that I have been using >> computers of various kinds with different OS’s since 1994 as a power user >> (at least), my instinctive response is that it is something malicious. At >> what level it is occurring, that I don’t know. > > You shouldn't have to go back to the previous drive. > > PS Did you mean to drop the list from your reply? No, I just replied in the mail client and forgot to include to list mail id. I have added the missing part in the quote above for reference. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47B17116-21E9-4A24-BC53-AE719F39F149%40gmail.com.
[qubes-users] Re: Unsure about network device attachment to VMs
On 15-Sep-2019, at 4:31 PM, Anil Eklavya wrote: > The system froze again after I attached the ethernet usb device through > qvm-usb, even though network did not connect and the adapter was not listed > in sys-net by lsusb. > > On rebooting, it froze twice while typing the disk passphrase. Third time it > froze while typing the user passphrase. Each time the freezing occurs with a > flash of the screen, the kind that occurs when we take a screenshot. > > Also, I don’t know whether it is relevant here, but I get the error “Failed > to start load kernel modules” while booting up, just am mentioned on a Qubes > github forum. I should have mentioned that this time I have installed with UEFI, not with legacy mode. Also, on this installation, I get a command line prompt for typing the disk passphrase and not the GUI textbox. Before that, there is a lot of what seems to be Xen related output (things that happen while booting up). These were not visible earlier when things were working fine. Even the last time, the system started freezing after this change occurred: the visible Xen output. I don’t know whether it is relevant, but ever since it started happening, the arbitrary freezing also started occurring. I should emphasize that freezing is total. It doesn’t go away after any length of time. I simply have to physically restart the laptop. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/AD2C51DB-BBBF-4735-855D-BE0795FD85AC%40gmail.com.
[qubes-users] Re: Unsure about network device attachment to VMs
> I have already tried attaching with qvm-usb as the Realtek adapter is listed > by this command. It apparently gets attached with sys-net, but lsusb in > sys-net doesn’t show it. Ifconfig also doesn’t list it. The system froze again after I attached the ethernet usb device through qvm-usb, even though network did not connect and the adapter was not listed in sys-net by lsusb. On rebooting, it froze twice while typing the disk passphrase. Third time it froze while typing the user passphrase. Each time the freezing occurs with a flash of the screen, the kind that occurs when we take a screenshot. Also, I don’t know whether it is relevant here, but I get the error “Failed to start load kernel modules” while booting up, just am mentioned on a Qubes github forum. Regards, Anil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36CA9258-EEEA-4DA4-9A86-437E82653F24%40gmail.com.
[qubes-users] Re: Unsure about network device attachment to VMs
> On 15-Sep-2019, at 3:36 PM, Anil Eklavya wrote: > Following the documentation USB and PCI devices, I tried the following: > > - lsusb in sys-usb to list USB devices > > The ethernet device is listed as Bus 003 Device 002, but there is another > device as Bus 003 Device 001 (Linux Foundation root hub) > > - I then used the readlink for usb3 > > This gave the BDF as 00:06.0 > > - From dom0 terminal, I then tried: > > qvm-pci attach sys-net sys-usb:00:06.0 —persistent > > I get an error message saying sys-usb doesn’t expose the device 00:06.0 I have already tried attaching with qvm-usb as the Realtek adapter is listed by this command. It apparently gets attached with sys-net, but lsusb in sys-net doesn’t show it. Ifconfig also doesn’t list it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/FD7F0099-7996-426B-931D-B68F18476092%40gmail.com.
[qubes-users] Re: Unsure about network device attachment to VMs
> On 14-Sep-2019, at 11:21 PM, Anil Eklavya wrote: > > The ethernet link is down in sys-net. I tried using ip and ifconfig and ifup > commands to bring it up, but it is still down. On finally giving for now and > pulling out the ethernet adapter, the system froze completely again, like it > was doing before I reinstalled. Following the documentation USB and PCI devices, I tried the following: - lsusb in sys-usb to list USB devices The ethernet device is listed as Bus 003 Device 002, but there is another device as Bus 003 Device 001 (Linux Foundation root hub) - I then used the readlink for usb3 This gave the BDF as 00:06.0 - From dom0 terminal, I then tried: qvm-pci attach sys-net sys-usb:00:06.0 —persistent I get an error message saying sys-usb doesn’t expose the device 00:06.0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2BAAA2E4-557E-4568-AE8D-B8BFF96976F9%40gmail.com.
[qubes-users] Re: Unsure about network device attachment to VMs
The ethernet link is down in sys-net. I tried using ip and ifconfig and ifup commands to bring it up, but it is still down. On finally giving for now and pulling out the ethernet adapter, the system froze completely again, like it was doing before I reinstalled. Regards, Anil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/89BE667B-79B1-49FA-B09F-D239D06B4D72%40gmail.com.
[qubes-users] Re: Unsure about network device attachment to VMs
> Can someone help with this problem, right now just for getting my Qubes > installation started, keeping ethernet and other USB devices separate, and > with VPN installed somewhere. Detailed documentation can come later. Right now, I have the wireless device connected to sys-net, but I am trying to get ethernet through sys-usb. On installation, the list of services in sys-usb included network-manager, which was causing ethernet based networking to be connected directly in sys-usb and that was being used in sys-net (as far as I can understand). Now I have removed network-manager service from sys-usb and put it in sys-net. I then manually attach the LAN device to sys-net. However, this doesn’t seem to allow me to connect to network through ethernet. Running lsusb doesn’t show the LAN device in sys-net even after attaching. I am missing something basic here, it seems. When I try to create an ethernet connection in sys-net, there is no ethernet device to be connected to. Regards, Anil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/945C39B4-2A71-46B3-ABC5-7EC995468980%40gmail.com.
[qubes-users] Unsure about network device attachment to VMs
I am reinstalling Qubes, but I am not sure how to which devices to attach to sys-usb and which to sys-net. Earlier the network devices were directly attached to sys-usb and sys-usb was providing the network. This is the setting my new install started with. I am trying to avoid getting network directly from sys-usb. There seems to be some trivial thing that I am missing. For context, my laptop (Dell XPS 13 9370) has two thunderbolt USB-C ports and one normal USB-C port. It is the third port which is practically the only port I can use as things are setup, since it seems to be unadvisable to attach thunderbolt devices to Qubes. So I mostly use a USB-C hub, which has the ethernet port as well other ports. The laptop is not in the HCL list, but it seems to work fine with some issues. The documentation for Qubes is pretty good, but one problem is that it is better for those who either have no technical knowledge or have deep technical knowledge of how Linux and OS work, along with networking. I fall somewhere in the middle, so both kinds of advised are not very useful. I think, given that the online threats come from network, there should be a more detailed, technically middle-grounded documentation for setting up network on Qubes, including where should VPN go (various options and their pros and cons). Can someone help with this problem, right now just for getting my Qubes installation started, keeping ethernet and other USB devices separate, and with VPN installed somewhere. Detailed documentation can come later. Regards, Anil -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/D9D6B664-465E-4C2A-A8B9-A25D52628917%40gmail.com.
[qubes-users] What does Qubes backup save?
Can someone clarify exactly what all does Qubes Backup save and restore? To me this is important because I am fairly sure my Qubes installation has been compromised, if not at dom0, then certainly for some VMs, including sys-net (which includes sys-usb). Most probable reason is Evil Maid Attack as I found one screw on my laptop missing, which was earlier there. I know this attack could be accomplished even without opening the laptop up, but someone might have tampered with the laptop and may also have used the USB. In such a case, if I backup and restore to a new installation, will the VMs still be compromised because they will be restored completely, or will they be fresh in the sense that only my data will be restored, along with a few basics like the specification of VM? Will it be preferable to use something like rsync for taking separate backups of the data on VMs? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e92546ea-ad65-4eb3-9963-cd66a8976c87%40googlegroups.com.
