Re: [qubes-users] What's the best way to run a VPN app on Qubes?

2020-10-29 Thread Chris Laprise
then 'systemctl restart' the service to switch. Its possible to setup Network Manager in a dedicated VPN VM including added anti-leak firewall rules. See the Qubes vpn doc for details. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A

Re: [qubes-users] [unofficial] Qubes security advisory

2020-10-26 Thread Chris Laprise
oking for plausible explanations and attack vectors, you should look at side-channels first (I don't think exploiting a side-channel against Qubes would count as a 0-day). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3

Re: [qubes-users] AMD Ryzen 7 PRO compatibility

2020-10-20 Thread Chris Laprise
, Dell, HP). Here is a relevant thread: https://qubes-os.discourse.group/t/qubes-support-on-amd-4000-series-lenovo-x13-t14/202/1 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received

Re: [qubes-users] VPN issue

2020-10-17 Thread Chris Laprise
what errors openvpn is reporting. Instead of NM, I've used ProtonVPN with my own VPN support project without issues: https://github.com/tasket/Qubes-vpn-support This setup also tends to function better than NM in my experience. -- Chris Laprise, tas...@posteo.net https://github.com/tasket

Re: [qubes-users] change priority of running vms

2020-10-10 Thread Chris Laprise
. I'd like to reduce their CPU priority without shuting them down and decrease amount of vcpus. Thanks in advance, P. To do this directly in Xen I think you have to use 'xl sched-credit2' command. See 'man xl' for details. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https

Re: [qubes-users] Witch one is the best?

2020-09-21 Thread Chris Laprise
On 9/21/20 8:17 AM, Stumpy wrote: On 2020-09-20 14:24, Chris Laprise wrote: On 9/20/20 2:08 PM, Chris Laprise wrote: On 9/19/20 11:16 PM, Jarrah wrote: My question is, would some of the newer/faster AMD CPUs and chipsets work with Qubes? I can speak for the 2000 series working. I believe

Re: [qubes-users] Witch one is the best?

2020-09-20 Thread Chris Laprise
On 9/20/20 2:08 PM, Chris Laprise wrote: On 9/19/20 11:16 PM, Jarrah wrote: My question is, would some of the newer/faster AMD CPUs and chipsets work with Qubes? I can speak for the 2000 series working. I believe some people have working 3000 series, but 4000 has been a serious issue

Re: [qubes-users] Witch one is the best?

2020-09-20 Thread Chris Laprise
laptop. https://qubes-os.discourse.group/t/qubes-support-on-amd-4000-series-lenovo-x13-t14/202/1 Based on the patches that have to be applied to get Qubes 4.1 working on Ryzen 4000, I'd say its a Qubes-vs-CPU compatibility issue and not about the computers' other specifics. -- Chris Laprise

Re: [qubes-users] Adding new kernels to iso?

2020-09-18 Thread Chris Laprise
, Chris Laprise wrote: > > On 9/17/20 5:00 PM, Ondřej Fiala wrote: > > Hello, > > > > first a little bit of background: I am trying to install Qubes 4.0.3 on a system with Ryzen 3600 & GTX1650. After some tweaks, I have managed to get it to display the boot menu. However,

Re: [qubes-users] Adding new kernels to iso?

2020-09-17 Thread Chris Laprise
. There was some discussion about that I think in the above thread. IIRC altering a 4.0 iso was a manageable task but using above Xen version with it appeared unlikely... while altering a 4.1 iso seems much harder. I think I just finished building my first Ryzen 4000-ready iso and I'm about to test

Re: [qubes-users] Special template to isolate less trusted software?

2020-09-03 Thread Chris Laprise
the current VM name exist. Its a good way to specialize appVMs without creating new templates. Should also mention that snaps and flatpaks may be a better fit for adding apps at boot-time, since there is a chance you can do it quicker using little more than 'mv'. -- Chris Laprise, tas...@posteo.net

Re: [qubes-users] KDE high dom0 CPU usage

2020-08-19 Thread Chris Laprise
On 8/20/20 12:29 AM, 54th Parallel wrote: On Thursday, 20 August 2020 at 06:58:35 UTC+8 Chris Laprise wrote: Not an issue with dom0 KDE here. But I did have this problem with k/ubuntu on my new AMD Ryzen Thinkpad... graphics driver was not working and defaulted to a non

Re: [qubes-users] KDE high dom0 CPU usage

2020-08-19 Thread Chris Laprise
'configuration: driver=' if its working or the 'driver' part will be absent if its not working. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

Re: [qubes-users] Re: Black Screen when installing 4.0.3 & 4.1 on AMD Ryzen 4750U

2020-08-19 Thread Chris Laprise
hort list is: 1. Secure copy+paste 2. Auto snap-back (like read-only) for guest root 3. Isolated NICs via passthrough 4. Split GPG Probably a good place to get tips for these would be Whonix forum, since they also use non-Qubes virtualization. -- Chris Laprise, tas...@posteo.net https://github.c

Re: [EXT] Re: [qubes-users] Google requiring login to access qubes-users

2020-08-16 Thread Chris Laprise
as we can read messages in our email clients. But Google knows the many 'casual' list users who are not subscribed are not 'casual' users of the entire web, and they are likely to sign in just to get at a handful of messages that could solve their problem. -- Chris Laprise, tas...@posteo

Re: [qubes-users] Re: Running Qubes 4.1 under VirtualBox as migration strategy

2020-08-16 Thread Chris Laprise
with BIOS and also with one of the EFI options. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users&q

Re: [qubes-users] Re: Black Screen when installing 4.0.3 & 4.1 on AMD Ryzen 4750U

2020-08-16 Thread Chris Laprise
itted by now? On Monday, August 10, 2020 at 8:21:05 PM UTC+10 Chris Laprise wrote: I've experimented a bit with Ubuntu and some different kernels. I was not able to get 5.7.0 kernel graphics to work at all (not even vga/framebuffer), while 5.8.0 and 5.8.1 work beautifully and 'lshw' confirms the a

[qubes-users] Running Qubes 4.1 under VirtualBox as migration strategy

2020-08-15 Thread Chris Laprise
. But there is no network available and I'm not sure what to do here. The PV VMs also do not start cleanly from qvm-run and apps only run in the VMs when the VM is already running. I'm looking for pointers on getting networking running and for general overall smooth operation... -- Chris Laprise, tas

Re: [qubes-users] How would you remotely infiltrate a default Qubes OS?

2020-08-15 Thread Chris Laprise
Groups look On Friday, 14 August 2020 at 00:06:42 UTC+8 Chris Laprise wrote: -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Gr

Re: [qubes-users] How would you remotely infiltrate a default Qubes OS?

2020-08-13 Thread Chris Laprise
with javascript from websites. OTOH, a state actor wishing to attack a Qubes system might have better luck with the RPM MITM against Fedora that we discussed in another thread. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A

Re: [qubes-users] Why Fedora?

2020-08-11 Thread Chris Laprise
n software' environment. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

Re: [qubes-users] Why Fedora?

2020-08-10 Thread Chris Laprise
On 8/10/20 5:22 PM, Toptin wrote: Chris Laprise: On 8/10/20 12:30 PM, Toptin wrote: Jeff Kayser: Here is one reason to use Fedora. https://www.fossmint.com/which-linux-distribution-does-linus-torvalds-use/ Ah, see... Mr Torvalds is your God. That isn't a reason at all. But thanks you put

Re: [qubes-users] Why Fedora?

2020-08-10 Thread Chris Laprise
Message- From: qubes-users@googlegroups.com On Behalf Of Chris Laprise Sent: Monday, August 10, 2020 9:18 AM To: qubes-users@googlegroups.com Subject: Re: [qubes-users] Why Fedora? This email originated from outside the organization On 8/10/20 12:05 PM, Toptin wrote: Dear Qubes Users, I'm

Re: [qubes-users] Global Dark Theme For Qt (KDE) Based Applications

2020-08-10 Thread Chris Laprise
to be Debian template, install KDE with 'tasksel' command, then run 'systemsettings5' to select the KDE theme or color scheme. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message

Re: [qubes-users] Why Fedora?

2020-08-10 Thread Chris Laprise
Fedora in dom0 with something else. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To u

Re: [qubes-users] Re: Black Screen when installing 4.0.3 & 4.1 on AMD Ryzen 4750U

2020-08-10 Thread Chris Laprise
O Master to replace the Qubes 4.0.3 installer ISO kernel with the Ubuntu 5.8.0 kernel but due to my ignorance about the format I couldn't get it to initiate the boot process. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4

Re: [qubes-users] Qubes dom0-update-guard script

2020-08-09 Thread Chris Laprise
if Qubes devs would agree to a standard format going forward to make it easier + reliable. A concern: I've noticed that a lot of Qubes mirrors are often offline. Would this create vulnerabilities? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP

Re: [qubes-users] Qubes dom0-update-guard script

2020-08-07 Thread Chris Laprise
ile having the cooperation of the certificate authority. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qub

Re: [EXT] Re: [qubes-users] Update templates in parallel

2020-08-06 Thread Chris Laprise
On 8/6/20 12:23 PM, fiftyfourthparal...@gmail.com wrote: On Friday, 7 August 2020 00:13:52 UTC+8, Chris Laprise wrote: IIRC that setting refers to checking packages, not the repomd.xml files. That's why an attacker can't replace packages with their own versions; they have

Re: [EXT] Re: [qubes-users] Update templates in parallel

2020-08-06 Thread Chris Laprise
; they have to manipulate the metadata to hold back packages from receiving updates. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed

Re: [EXT] Re: [qubes-users] Update templates in parallel

2020-08-06 Thread Chris Laprise
security. The best advice I can give is to avoid using Fedora templates and pay attention to Qubes Security Bulletins when they mention which dom0 components will be updated (and pay close attention when running qubes-dom0-update to look for the mentioned components). -- Chris Laprise, tas

Re: [qubes-users] Re: Whonix-gw: trouble after disabling passwordless root access

2020-08-06 Thread Chris Laprise
of normal security and Qubes security should yield extra benefits, which I think Qubes-VM-hardening does. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

Re: [qubes-users] Re: Black Screen when installing 4.0.3 & 4.1 on AMD Ryzen 4750U

2020-08-05 Thread Chris Laprise
On 8/5/20 7:56 AM, Chris Laprise wrote: On 8/5/20 6:54 AM, Dylanger Daly wrote: On Wednesday, August 5, 2020 at 4:04:32 PM UTC+10 dylang...@gmail.com wrote:     When trying to install Qubes 4.0.3 or 4.1 (Test ISO) into a Ryzen     4750U based laptop, I see xen output, it relinquishes vga

Re: [qubes-users] Re: Black Screen when installing 4.0.3 & 4.1 on AMD Ryzen 4750U

2020-08-05 Thread Chris Laprise
e anything / the framebuffer isn't passed from Xen to dom0. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups &q

Re: [qubes-users] Can my pc be compromised and if so can I just create a new net-vm and firewall-vm and if so how when I can’t clone them ?

2020-08-05 Thread Chris Laprise
On 8/5/20 7:40 AM, Chris Laprise wrote: On 8/5/20 3:46 AM, anneeyr...@gmail.com wrote: Can I just delete the firewall-vm and the net-vm and create new ones afterwards and shall I just create them in the same way when creating new app-vm’s or standalone-vm’s or how shall I create them when I

Re: [qubes-users] Can my pc be compromised and if so can I just create a new net-vm and firewall-vm and if so how when I can’t clone them ?

2020-08-05 Thread Chris Laprise
and use. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this grou

Re: [qubes-users] Update templates in parallel

2020-08-03 Thread Chris Laprise
'kernel-latest-qubes-vm' from dom0 to get a 5.x kernel for VMs (the 5.x kernels have wg module included), then install the wireguard-tools package without dependencies in your template. I'll be switching to wireguard in the next few weeks so I'll be updating the wiki then. -- Chris Laprise

Re: [qubes-users] Update templates in parallel

2020-08-03 Thread Chris Laprise
On 8/3/20 10:18 AM, fiftyfourthparal...@gmail.com wrote: On Monday, 3 August 2020 18:36:28 UTC+8, Chris Laprise wrote: 'curl' would only be used in a Whonix template. This is to signal Qubes' proxy to start the Tor-based updateVM as soon as possible. It should not try to run

Re: [qubes-users] Update templates in parallel

2020-08-03 Thread Chris Laprise
ould even try adding the .desktop file to /home using rc.local. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Update templates in parallel

2020-08-03 Thread Chris Laprise
On 8/3/20 4:11 AM, fiftyfourthparal...@gmail.com wrote: On Sunday, 2 August 2020 22:42:31 UTC+8, Chris Laprise wrote: You can check out my github for some interesting stuff. The 'Qubes-scripts' project has a (serial) template updater that lets you select by certain criteria

Re: [qubes-users] Update templates in parallel

2020-08-02 Thread Chris Laprise
ity. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop rec

Re: [qubes-users] External Fully Encrypted SSD Drive. What do you think?

2020-07-28 Thread Chris Laprise
y much get the attraction of OS X, but in 2020 the only real appeal of Mac hardware is the exterior design and 16:10 screen. OTOH, a business model from HP, Lenovo or Dell should net you the best Qubes compatibility and you can get a top-performing 8-core system for less than what an MBP costs.

Re: [qubes-users] QSB #058: Insufficient cache write-back under VT-d (XSA-321)

2020-07-07 Thread Chris Laprise
On 7/7/20 9:57 AM, Andrew David Wong wrote: Only Intel systems are affected. AMD systems are not affected. Per usual! -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received

Re: [qubes-users] Qubes better dove tailed for Journalists, and Human Rights Workers.

2020-05-14 Thread Chris Laprise
rpose well in my view. It'll likely not be a gaming box, a screaming video or CAD rendering beast or even support bleeding-edge hardware. Qubes is a serious tool in the very serious and uncompromising world where the bar for what is considered dangerous information is lowered on a daily basis.

Re: [qubes-users] Qubes better dove tailed for Journalists, and Human Rights Workers.

2020-05-14 Thread Chris Laprise
e do not think like Journalists of Human Rights Workers, nor vice versa. Perhaps not, but very likely we are trainable. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-05-04 Thread Chris Laprise
hat the remote service sees. I have no idea if Whonix will let you do this. This should work for most VPNs, as Patrick and I and others have tested it (though I haven't tested Whonix specifically with Mullvad). The only constraint is that the VPN use TCP instead of UDP. -- Chris Laprise, ta

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-22 Thread Chris Laprise
g sudo cp any_country_I_need.ovpn vpn-client.conf right? Yes, that will work. To change without restarting the VPN VM, you can do: sudo service qubes-vpn-handler stop sudo cp some_location.ovpn vpn-client.conf sudo service qubes-vpn-handler start -- Chris Laprise, tas...@posteo.net https://g

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-21 Thread Chris Laprise
On 4/21/20 7:03 AM, taran1s wrote: Chris Laprise: The 'No such file' error is the one to correct. As I said earlier, you will need to move the files out of the "mullvad_config_linux" subdirectory into the vpn dir. It can't find the .crt file because its in the subdirectory. So it

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-20 Thread Chris Laprise
On 4/20/20 3:01 PM, taran1s wrote: Chris Laprise: You'll need to put the files in the vpn directory, not a subdirectory like "mullvad_config_linux". Is there any particular comand, instead of unzip, to not create the sub-directory but unzip it in the vpn director

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-20 Thread Chris Laprise
On 4/20/20 9:31 AM, taran1s wrote: Chris Laprise: On 4/20/20 8:12 AM, taran1s wrote: Chris Laprise: On 4/17/20 7:12 AM, taran1s wrote: Chris Laprise: On 4/15/20 6:35 AM, taran1s wrote: In the point 3 of https://github.com/tasket/Qubes-vpn-support/ guide there is the cd Qubes-vpn

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-20 Thread Chris Laprise
On 4/20/20 8:12 AM, taran1s wrote: Chris Laprise: On 4/17/20 7:12 AM, taran1s wrote: Chris Laprise: On 4/15/20 6:35 AM, taran1s wrote: In the point 3 of https://github.com/tasket/Qubes-vpn-support/ guide there is the cd Qubes-vpn-support command as the first one. This assumes

Re: [qubes-users] KDE Plasma in dom0 under R4.0.3

2020-04-18 Thread Chris Laprise
On 4/11/20 3:10 PM, Sven Semmler wrote: On Sat, Apr 11, 2020 at 02:48:17PM -0400, Chris Laprise wrote: I've never had a problem with KDE in dom0 as long as the display manager is switched to sddm and BIOS is set to integrated graphics. "Discrete graphics" usually means Nvidia, which

Re: [qubes-users] Qubes-vpn-support Tor Browser not working

2020-04-18 Thread Chris Laprise
olate' set to True, 'privacy.resistFingerprinting' set to True, in addition to using the User-Agent Switcher extension. I think these are a good idea whether or not you use a tunnel or proxy. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-17 Thread Chris Laprise
On 4/17/20 7:12 AM, taran1s wrote: Chris Laprise: On 4/15/20 6:35 AM, taran1s wrote: In the point 3 of https://github.com/tasket/Qubes-vpn-support/ guide there is the cd Qubes-vpn-support command as the first one. This assumes that the file is unzipped already, right? So I unzip

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-17 Thread Chris Laprise
ror: --ca fails with 'mull> Apr 15 12:22:12 ovpn qubes-vpn-setup[788]: Options error: Please correct these > Hmmm. Its not showing the full "Options error" lines. Try redirecting the output to a text file instead: sudo journalctl -u qubes-vpn-handler >log.txt -- Chris Lapr

Re: [qubes-users] Help with qubes-vpn-support

2020-04-17 Thread Chris Laprise
inside the VPN VM is permitted (note this is how the Qubes vpn doc now does it as well, with Marek's approval). This doesn't affect the fail-safes for traffic initiated from either side of the VPN VM (e.g. nothing can go 'around' the VPN link). -- Chris Laprise, tas...@posteo.net https

Re: [qubes-users] Is a StandaloneVM equally secure as a AppVM that is created on it's own TemplateVM, and what is the difference between a StandaloneVM and a AppVM ?

2020-04-13 Thread Chris Laprise
curity benefit you just described. Perhaps I ought to clone Debian 10 Template, install what I want, and then make an AppVM based on that? That's reasonable and I think its what Qubes users do in most situations. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/tt

Re: [qubes-users] KDE Plasma in dom0 under R4.0.3

2020-04-11 Thread Chris Laprise
. "Discrete graphics" usually means Nvidia, which is poorly supported in open source operating systems. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message b

Re: [qubes-users] How to block all non tor traffic

2020-04-11 Thread Chris Laprise
the first place, to enforce network containment as strongly as possible. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-09 Thread Chris Laprise
On 4/9/20 3:34 AM, taran1s wrote: Chris Laprise: On 4/8/20 6:25 AM, taran1s wrote: I try to set the VPN in my laest qubes with your guide on https://github.com/tasket/Qubes-vpn-support. I use the version 1.4.3. and followed the guide. My setting from mullvad is UDP (default) for Linux

Re: [qubes-users] Is a StandaloneVM equally secure as a AppVM that is created on it's own TemplateVM, and what is the difference between a StandaloneVM and a AppVM ?

2020-04-08 Thread Chris Laprise
k succeeds with a privilege escalation, then the whole OS in the standalone may be compromised permanently. OTOH, an appVM's OS would bounce back to a good state when restarting it. Also, after some time standalone VMs will use more disk space when you have multiple instances. -- Chris Laprise, tas...@

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-04-08 Thread Chris Laprise
a more detailed log you should use 'journalctl -u qubes-vpn-handler'. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] No Match for argument qubes-template-whonix-ws-15-4.0.1-201910102356.noarch ?

2020-03-30 Thread Chris Laprise
to download [nate@dom0 ~]$ You can ignore the warnings when removing. To fix the above, use 'qubes-template-whonix-ws-15' for the package name. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-03-30 Thread Chris Laprise
On 3/29/20 5:16 AM, scurge1tl wrote: Chris Laprise: On 3/27/20 5:02 AM, scurge1tl wrote: Hello all, I would like to ask about proper setting of AppVM flow if using Mullvad VPN. I would like to connect to the clearnet following way: Me - -> Tor -> VPN -> clearnet. When setting u

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-03-27 Thread Chris Laprise
automate the setup and improve the connection handling of Openvpn so re-connection doesn't take 5 minutes. It also checks the firewall to make sure leak prevention is in place before initiating connections. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP:

Re: [qubes-users] Increase the size of disk image and root file system

2020-03-24 Thread Chris Laprise
    Boot    Start      End  Sectors  Size Id Type /dev/xvda1          2048 18946047 18944000 *9G* 83 Linux /dev/xvda2      18946048 20969471  2023424  988M 82 Linux swap / Solaris Have you tried the 'resize2fs' command? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com

Re: [qubes-users] No Match for argument qubes-template-whonix-ws-15-4.0.1-201910102356.noarch ?

2020-03-24 Thread Chris Laprise
On 3/23/20 7:23 AM, Stumpy wrote: On 2020-03-22 13:24, Chris Laprise wrote: On 3/20/20 10:08 PM, Stumpy wrote: I'm trying to reinstall the whonix ws template but while seems to find it it then says there is no match? [zack@dom0 ~]$ sudo qubes-dom0-update --action=reinstall qubes-template

Re: [qubes-users] How can I recover my Qube'sVM if I cannot boot anymore ?

2020-03-24 Thread Chris Laprise
On 3/23/20 10:13 AM, Peter Funk wrote: Dear Chris, Chris Laprise schrieb am Sonntag, den 22.03.2020 um 13:17: ... The perceived "mess" is actually rather organized, and has nothing to do with LVM thin pools. ... I beg your pardon for stealing this discussion thread to ask a somewh

Re: [qubes-users] No Match for argument qubes-template-whonix-ws-15-4.0.1-201910102356.noarch ?

2020-03-22 Thread Chris Laprise
servers, so it can't be reinstalled as the same version. When that happens, you can use '--action=upgrade' instead and it should grab the latest available version. https://www.qubes-os.org/doc/reinstall-template/ -- Chris Laprise, tas...@posteo.net https://github.com/tasket https

Re: [qubes-users] How can I recover my Qube'sVM if I cannot boot anymore ?

2020-03-22 Thread Chris Laprise
'Applications' are trivial. Finally... It should be possible to write a recovery script for this situation, which presents the user with a list of VMs to recover and optionally allows you to recover the contents of /var/lib/qubes. -- Chris Laprise, tas...@posteo.net https://github.com/tasket htt

Re: [qubes-users] How can I recover my Qube'sVM if I cannot boot anymore ?

2020-03-21 Thread Chris Laprise
could use it to try the storage pool technique without having to do an install. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-06 Thread Chris Laprise
On 3/5/20 1:45 PM, Mark Fernandes wrote: On Thu, 5 Mar 2020 at 18:21, Chris Laprise <mailto:tas...@posteo.net>> wrote: On 3/5/20 7:31 AM, Mark Fernandes wrote: > I want to get a genuine copy of Qubos, from here in the UK (United Kingdom). > > The

Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-03-06 Thread Chris Laprise
On 2/25/20 3:02 PM, Chris Laprise wrote: Hello Qubers, 'Wyng' is a backup program I've been working on for a while that can quickly backup "thin LVM" storage, the kind Qubes uses by default: Version v0.2beta5 has been released! It includes minor bug fixes and an option to

Re: [qubes-users] Obtaining genuine Qubos installer

2020-03-05 Thread Chris Laprise
service that can flash a known good/uncompromised firmware suite onto one of your machines, or find a system vendor like Insurgo or NitroKey that sell re-flashed systems and uses anti-interception measures (like tamper-evident packaging and signatures) in addition to offering Qubes pre-installed.

Re: [qubes-users] How Qubes / and /home/user mounting as different disks works?

2020-03-04 Thread Chris Laprise
management functions. You could use LVM thin pools with KVM, but IIRC you would have to automate snapshot handling yourself or find an additional package to do it (if such exists). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A

Re: [qubes-users] How Qubes / and /home/user mounting as different disks works?

2020-03-04 Thread Chris Laprise
eeds to write some new blocks in a different location and replace some pointers in the snapshot's metadata to point to the new location. This all can save a lot of time and disk space. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A

Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-03-03 Thread Chris Laprise
useful to everybody. But that could change, maybe even this year. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-03-03 Thread Chris Laprise
A gist for extracting volumes with a shell script was just posted here: https://gist.github.com/tasket/48b30124990e1c78c80c8716f819430a Its about 80 lines. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106

Re: [qubes-users] Manual VPN installation issues

2020-03-03 Thread Chris Laprise
On 3/3/20 7:36 AM, tetrahe...@danwin1210.me wrote: On Sun, Feb 16, 2020 at 10:50:55AM -0500, Chris Laprise wrote: If the process seems too complicated, you can try my VPN support tool, which automates most of the steps (you would download the config files from the second link to use

Re: [qubes-users] ParrotOS template

2020-03-01 Thread Chris Laprise
there at the moment. I'll fix that. The tools work fine as it is. Interesting... As an aside, is there any work being done to enable Debian's default AppArmor setting "out of the box"? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2

Re: [qubes-users] What happened to "paranoid mode"?

2020-03-01 Thread Chris Laprise
ibly-fast-LVM-backups-with-Wyng -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To un

Re: [qubes-users] MAC Address Anonymization and NetworkManager Compatibility

2020-02-28 Thread Chris Laprise
ded 2. Double-checks the firewall at startup 3. Improves the re-connection behavior of openvpn (doesn't wait very long periods after a connection is lost) What is the problem you were having? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE

Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-02-27 Thread Chris Laprise
/wiki/Making-incredibly-fast-LVM-backups-with-Wyng The link to the general wiki is here: https://github.com/tasket/wyng-backup/wiki -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received

Re: [qubes-users] Re: Relative comparison of Qubes OS, and its multiple VM's versus Boxes.

2020-02-26 Thread Chris Laprise
I should have also linked this, which is a guide for devices: https://www.qubes-os.org/doc/device-handling-security/#usb-security Finally, reading the ITL blog from 2010 onward provides a lot of Qubes insight: https://blog.invisiblethings.org/ -- Chris Laprise, tas...@posteo.net https

Re: [qubes-users] Re: Relative comparison of Qubes OS, and its multiple VM's versus Boxes.

2020-02-26 Thread Chris Laprise
l. Without a threat model, a general checklist would be impossible to provide. Yes. Although the security faq linked above and additional security guides exist here: https://www.qubes-os.org/doc/#security-guides -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/tt

Re: [qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-02-26 Thread Chris Laprise
ge (i.e. attach a sys-usb partition to dom0, then in dom0 format/use it as a LUKS volume). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google

Re: [qubes-users] MAC Address Anonymization and NetworkManager Compatibility

2020-02-26 Thread Chris Laprise
86_64 is already installed. Dependencies resolved. Nothing to do. Complete! Nothing wrong there. 1.16 is a much later version than the minimum 1.4.2 listed in the doc. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB

Re: [qubes-users] Error attemtping to reinstall Debian 10 templateVM

2020-02-25 Thread Chris Laprise
dom0: sudo qubes-dom0-update --action="clean all" Then re-run your template install: sudo qubes-dom0-update qubes-template-debian-10 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1

[qubes-users] ANN: Wyng beta, a fast incremental backup tool

2020-02-25 Thread Chris Laprise
Wyng's capabilities, command line examples and the current beta testing status. If you have questions, feel free to post here. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You rec

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

2020-02-18 Thread Chris Laprise
you to select KDE. Select KDE Log in. Yes, that doc page should also mention something about choosing KDE or removing XFCE. Now I remember I setup /etc/sddm.conf with the following which takes me directly to KDE: [Autologin] User=user Session=plasma.desktop -- Chris Laprise, tas...@posteo.

Re: [qubes-users] Wireguard on Debian 10 from Qubes-vpn-support

2020-02-17 Thread Chris Laprise
the 'wireguard-tools' package (from testing) in Debian 10. Otherwise, there may be a conflict between the built-in and DKMS modules. 3. Given the above, it may now be possible to skip using HVM mode altogether. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

2020-02-16 Thread Chris Laprise
On 2/16/20 10:32 AM, A E wrote: søn. 16. feb. 2020 kl. 16.18 skrev Chris Laprise <mailto:tas...@posteo.net>>: On 2/15/20 10:20 AM, A E wrote: > If it isn’t possible to change the settings of the screensaver that > Qubes OS is actually using, then I would like to

Re: [qubes-users] Reattaching firewall vm to untrusted vm without killing the untrusted vm.

2020-02-16 Thread Chris Laprise
-connect. The Qubes-VPN-support tool sets a max openvpn timeout of 40 seconds; on average it will re-connect in about 20 sec. after losing the old connection: https://github.com/tasket/Qubes-vpn-support -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP:

Re: [qubes-users] Disk image backup - dd / partclone / clonezilla?

2020-02-16 Thread Chris Laprise
reinstalling Qubes). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this grou

Re: [qubes-users] Manual VPN installation issues

2020-02-16 Thread Chris Laprise
et/Qubes-vpn-support -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe fr

Re: [qubes-users] How to set the screensaver to either show keyboard language or not to lock screen ?

2020-02-16 Thread Chris Laprise
a number of GUI problems for me. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To u

Re: [qubes-users] Scary Systemd Security Report

2020-02-13 Thread Chris Laprise
akes out 2 other exim packages. Bernhard should look into that; it would be great if this discussion prompted the detection and removal of an actual malware. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106

Re: [qubes-users] Scary Systemd Security Report

2020-02-13 Thread Chris Laprise
ed verification tool or something doing little more than toss data blocks from one port to another deserve the same steep (even hyperbolic) grade scale that, say, CUPS or something even more complex and less security-minded gets? -- Chris Laprise, tas...@posteo.net https://github.com/tasket

Re: [qubes-users] Encrypt disk after installation

2020-02-13 Thread Chris Laprise
complicated so I suggest re-installing instead. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To u

Re: [qubes-users] Disk image backup - dd / partclone / clonezilla?

2020-02-11 Thread Chris Laprise
ned partitions, which will probably make it into a future release). -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qub

  1   2   3   4   5   6   7   8   9   10   >