[qubes-users] Use different DVM templates from same AppVM

2019-07-15 Thread mittendorf
Hey, it is so nice to have different DVM-templates now! But: Is it possible to start a non-default DVM from within an AppVM? I have different DVMs for web browsing, intranet browsing and printing. It would be comfortable If I would not have to change default-dvm setting in order to start a DVM

[qubes-users] Qubes 4.0.1 and Ryzen APU - How to update kernel?

2019-03-19 Thread mittendorf
I tried to install Qubes 4.0.1 on a different system and update it, but its still 4.14-XXX kernel and not booting with Ryzen 2200G APU. Even sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm does not install a newer Kernel, probably because it tries to find an

[qubes-users] Proxy/firewall VM with template fedora-26-minimal non-functional

2018-02-21 Thread mittendorf
I downloaded the fedora-2*6*-minimal to replace the fedora-2*5*-minimal. replacing my sys-firewall equivalent the connected AppVMs can no longer connect to the internet. If I return to the fedora-25-minimal template, everything is working fine again. Is there an issue with the fedora-26-minimal

Re: [qubes-users] Reboot a VM that is connected as net/proxy VM

2017-09-18 Thread mittendorf
Well, I experience this issue several times a week. On 09/14/2017 10:29 PM, Adrian Rocha wrote: > Hi, > > Yes, I agree > > It isn't a critical issue, but is too annoying to restore the VMs connections > after this type of situations > -- You received this message because you are subscribed

Re: [qubes-users] Reboot a VM that is connected as net/proxy VM

2017-09-13 Thread mittendorf
The problem is getting more and more nasty. Since a few weeks ago, the wlan-NetVMs fails to boot very often. I always have to disconnect the ProxyVM, restart and reconnect. as I cannot believe that nobody else has this kind of problem?! Thank you -- You received this message because you are

[qubes-users] Reboot a VM that is connected as net/proxy VM

2017-08-14 Thread mittendorf
Hi there, from time to time a net or proxy vm crashes - connected App/Proxy-VMs are obviously no longer able to connect to an (external) network. In Qubes 3.2, the user has to disconnect connected VMs manually before the user is allowed to reboot the crashed VM. Suggestion: Qubes could and I

[qubes-users] qvm-run problem with strings containing & ?

2017-07-25 Thread mittendorf
Hello Qubes users. I use qvm-run to start a firefox in a disp-vm. The command is /usr/bin/qvm-run --dispvm firefox "$url" or /usr/bin/qvm-run --dispvm "firefox "$url"" This works fine, as long as there is no & in the url. If there is an &, this letter and all following symbols are removed. If

[qubes-users] fedora-24 update error: nothing provides ostree-libs(x86-64) >= 2016.14 needed by flatpak-0.8.3-3.fc24.x86_64

2017-03-03 Thread mittendorf
Hello fellow Qubes users, If I execute update of the fedora-24 template via the Qubes VM manager, it aborts with the error nothing provides ostree-libs(x86-64) >= 2016.14 needed by flatpak-0.8.3-3.fc24.x86_64 If I use sudo dnf upgrade from the terminal within fedora-24 the command is executed,

[qubes-users] Minimal Template - Nautilus cannot copy to other VM

2017-02-01 Thread mittendorf
Hey there, I want to use nautilus for qvm-copy-to-cm in a minimal template. The bash command works, however using the context menu of nautilus causes an error (stderr: (nautilus:1602): dconf-WARNING **: failed to commit changes to dconf: The connection is closed Traceback (most recent call

[qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki

2017-02-01 Thread mittendorf
Hello fellow Qubes users, I am aware of two ways o achive a "leakproof" VPN-ProxyVM. The sollution by Rudd-O https://github.com/Rudd-O/qubes-vpn and the "more involved" method in the Qubes wiki https://www.qubes-os.org/doc/vpn/ both with anti-leak preventive measures and both based on

Re: [qubes-users] DispVM does not work anymore

2017-01-17 Thread Robert Mittendorf
> I suspect you too may be suffering > https://github.com/QubesOS/qubes-issues/issues/2182 > > Look at /var/log/libvirt/libxl/libxl-driver.log and see if there is a > line like > xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal > error > > The reason that directly booting

Re: [qubes-users] Use an remote PULSE Audio server

2017-01-13 Thread mittendorf
Am 01/12/2017 um 11:50 PM schrieb Marek Marczykowski-Górecki: > > 3) Is it a bug that a restart of pulseaudio does remove/not reconnect to > > Qubes VSINK? > > Depends on what you want to accomplish ;) > Well, I just want to restart pulseaudio. Bu I guess then i have to use the script that you

[qubes-users] DispVM does not work anymore

2017-01-12 Thread mittendorf
Hey there, today I noticed that my dispVM is no longer working (not in Dom0 and not in AppVMs). There is the notification that the DispVM starts, but nothing shows up. If I start the internal fedora-23-dvm I boots up without any problems and also allows me to start tools (e.g. Firefox) any idea

Re: [qubes-users] Use an remote PULSE Audio server

2017-01-12 Thread Robert Mittendorf
Am 01/12/2017 um 02:25 PM schrieb Torsten Grote: > On 01/12/2017 08:37 AM, Robert Mittendorf wrote: >> Now I have the tunnel enabled when I start the AppVM - but it is still >> not working (the "current volume" bar right above the greyed-out >> "Advance

[qubes-users] Use an remote PULSE Audio server

2017-01-09 Thread Robert Mittendorf
The second and third post were send as a new mail (not a reply). Why do these mails appears as answers here? The first post was send as a reply to the mailing list, changing the topic and expecting to create a new thread, my bad. Sorry. But I do not understand why the other mails end up in this

[qubes-users] Use an remote PULSE Audio server

2017-01-06 Thread Robert Mittendorf
Hey fellow Qubes-Users, I want to use an remote PULSE audio server to playback sound output. The server side is up & running. The connecting AppVM is based on the debian-8 template Standard auto-discover does not work, probably because the AppVM tries to locate the remote server in the virtual

[Solved, Bugfix] Re: [qubes-users] fedora-24-minimal and WiFi: Shows network, but does not connect

2016-12-06 Thread Robert Mittendorf
I solved the problem using dnf install notification-daemon gnome-keyring without this it is not possible to store credentials for a new network or change existing ones. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this

Re: [qubes-users] fedora-24-minimal and WiFi: Shows network, but does not connect

2016-12-02 Thread Robert Mittendorf
Am 12/01/2016 um 11:07 PM schrieb Andrew David Wong: > Are you sure it's a missing package? I pretty sure I installed only those > packages and haven't run into that issue. > > Does it work correctly if you try switching to the full template? > > As said before using the full template in the same

[qubes-users] fedora-24-minimal and WiFi: Shows network, but does not connect

2016-12-01 Thread Robert Mittendorf
As mentioned here: https://www.qubes-os.org/doc/templates/fedora-minimal/ I installed: NetworkManager NetworkManager-wifi network-manager-applet wireless-tools dbus-x11 dejavu-sans-fonts tinyproxy to the minimal template to use it for a NetVM (WiFi) The NetworkManager icon appears and lists

Re: [qubes-users] Massive performance improvement after disabling power management in the BIOS

2016-11-17 Thread Robert Mittendorf
Am 11/17/2016 um 01:18 PM schrieb kotot...@gmail.com: > Is there a bug somewhere in the kernel, in Xen or Qubes which prevent them to > properly use this BIOS power management system correctly? > > Have other users experience something similar? Thanks for sharing. Maybe power management does

Re: [qubes-users] Re: HCL - Lenovo T450s

2016-11-14 Thread Robert Mittendorf
Am 11/14/2016 um 04:31 PM schrieb xxthatnavygu...@gmail.com: > On Monday, December 21, 2015 at 10:30:49 PM UTC-6, Alex Guzman wrote: >> Installed Qubes with no (noticable) issues. >> >> Attempted EFI boot fails -- I disabled the quiet flags and it seems to hang >> after loading Linux (the last

Re: [qubes-users] Improvement: check disk space before copy to VM

2016-11-14 Thread Robert Mittendorf
On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote: > > >> Actually I don't think it is a good idea. File copy protocol is > >> intentionally very simple, including being unidirectional. We don't > want > >> to add any non-essential features there, to keep it as simple as > >> possible. > > >

[qubes-users] Improvement: check disk space before copy to VM

2016-11-11 Thread Robert Mittendorf
I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. The file transfer started until the private storage was full. It would be better to check the free disk space size before executing the copy command. regards, Robert -- You received this message because you are subscribed to the

Re: [qubes-users] Windows HVM doesn't get updates

2016-10-28 Thread Robert Mittendorf
Try to install KB3020369 first and then KB3020369 (May 2016 Rollup Update). That worked for us. Searching for updates is reasonably fast now on our Qubes Win HVMs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group

[qubes-users] Internal networking: How are IPs chosen, why class C subnet.

2016-10-28 Thread Robert Mittendorf
Hey, yesterday I noticed that even if VMs share a class C network, all trafic is routed through the gateway and by default the gateway does not allow a connection to other VMs in the same subnet. This makes a lot of sense from a security perspective, but the shown information is missleading.

Re: [qubes-users] windows7 hangs on installation

2016-10-28 Thread Robert Mittendorf
How long did you wait? btw: "installed windows tools" is missleading. I guess you downloaded the QWT to dom0, as you did not even install windows before step 1. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group

Re: [qubes-users] How to destroy files without leaving any traces ?

2016-10-27 Thread Robert Mittendorf
Am 10/27/2016 um 02:28 PM schrieb Manuel Amador (Rudd-O): On 10/27/2016 04:34 AM, Andrew David Wong wrote: Building on what Chris said, here are your general options, from best to worst: [...] 2. Make sure the data is encrypted before it ever touches the storage medium (then wipe the

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-27 Thread Robert Mittendorf
Just saw the Qubes VPN project right now. Quick-reading the tutorial I have to questions: 1) why does the VPN-VM need to be allowed to do DNS, if DNS requests are routed through the VPN. Is it just in case the VPN server it wants to connect to is defined by hostname instead of IP? 2) why is

Re: [qubes-users] Windows is NOT starting after windows-tools installation... help

2016-10-27 Thread Robert Mittendorf
Windows problems may have a lot of reasons. Sometimes after a failed boot windows wants to start "boot help" (or whatever its called in English) and defaults to use it. As you do not see this selection in Qubes (only if you enable debug mode) it boots into that mode and Qubes is tuck at yellow

Re: [qubes-users] Re: How to view Youtube in Fullscreen ? (for dummies)

2016-10-27 Thread Robert Mittendorf
You can enable full screen mode, in that mode browser fullscreen works. The video tends to be flickering, I think because of missing hardware acceleration. However other applications like RDP cause problems in fullscreen mode. In that case you cannot switch to another window without

Re: [qubes-users] Re: Qubes Windows Tools 3.2.2-3 released

2016-10-26 Thread Robert Mittendorf
After updating Qubes tool, basically all relavant devices have issues. Qubes Video, Xen Interface, Xen PV Storage, Xen PV Network. Config in registry incomplete or broken (Code 19) The repair option of the QWT uninstaller does not solve the issue as well. Any idea? Otherwise I think I'm stuck

Re: [qubes-users] detecting malicious usb devices

2016-10-25 Thread Robert Mittendorf
Am 10/25/2016 um 04:15 PM schrieb Vít Šesták: I don't think that a USB drive can directly record keystrokes. The communication goes in the opposite direction that the USB drive would need. A malicious USB drive can also listen the data going to other USB devices on the same controller. You

Re: [qubes-users] Remnder: Ubuntu-template anyone?

2016-10-25 Thread Robert Mittendorf
What would be the advantage of a Ubuntu-template compared to the Debian template? (No offense, I'm just curious) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] detecting malicious usb devices

2016-10-25 Thread Robert Mittendorf
Am 10/25/2016 um 09:05 AM schrieb Andrew David Wong: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-24 23:48, pixel fairy wrote: can the a usbvm be used to detect malicious usb devices? has anyone tried this? Sure, you can run whatever kind of detection software you like in a USB

[qubes-users] GUI Issues: Active window on top, scroolbar without scrooling buttons

2016-10-24 Thread Robert Mittendorf
Hello fellow Qubes users, today I have a few questions about the GUI handling in Qubes. I use Qubes 3.2 with Xfce desktop dom0. 1) If a window that already exists is set to active, it is not shown on top. Example: I open up a programm that is alrady running and that starts only a single

Re: [qubes-users] Re: Bug or Feature? DispVM inherits settings from calling VM

2016-10-17 Thread Robert Mittendorf
The data copied to that VM (i.e. the pdf file or whatever you opened) must be considered leaked if the VM gets compromised via e.g. drive-by exploits. Agreed, it's limited to that data, but nevertheless an unexpected potential impact. And depending on your data it can be critical. Well, that

Re: [qubes-users] Group/Hide VMs (e.g. mark arbitrary VM as "internal")

2016-10-17 Thread Robert Mittendorf
Am 10/11/2016 um 08:05 PM schrieb Unman: qvm-prefs -s internal True Simple as that ? - thank you! I checked the config files and did not find the "internal" switch -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group

Re: [qubes-users] Re: QUBES 3.2 won't install... EFI_MEMMAP is not enabled... ESRT header is not in the memory map

2016-10-17 Thread Robert Mittendorf
Am 10/16/2016 um 12:59 AM schrieb raahe...@gmail.com: On Saturday, October 15, 2016 at 6:05:39 PM UTC-4, aldenj...@gmail.com wrote: I have the same issue! see if you can select legacy boot mode in your bios and then install qubes. I had a similar issue with Qubes 3.2 but not 3.1. For me the

Re: [qubes-users] How to solve ProxyVM (sys-firewall) becomming non-functional at runtime

2016-10-17 Thread Robert Mittendorf
Am 10/13/2016 um 04:12 PM schrieb Manuel Amador (Rudd-O): On 10/11/2016 09:42 AM, Robert Mittendorf wrote: Hey folks, sometimes the sys-firewall (more likely a service within it) crashes and does no longer allow connected VMs to resolve DNS. The ProxyVM must be the responsible entity, because

Re: [qubes-users] Thoughts about installed software

2016-10-17 Thread Robert Mittendorf
However I would not use the "move to VM" command like this, as I experienced those requests getting lost One time files were actually deleted, since that time I always use copy instead of move. Sounds troubling. Do you remember the last Qubes release version where you experienced this kind of

Re: [qubes-users] Re: Bug or Feature? DispVM inherits settings from calling VM

2016-10-17 Thread Robert Mittendorf
Currently your easiest option is not to click on the links, but to copy-paste them to an open dispVM. Small sacrifice for a major security gain. Well, the "easiest" option is to use a net-vm directly. What is the security gain? Its a dispVM after all. -- You received this message because

Re: [qubes-users] Thoughts about installed software

2016-10-12 Thread Robert Mittendorf
Am 10/12/2016 um 04:00 PM schrieb 7v5w7go9ub0o: On 10/11/2016 09:30 AM, Robert Mittendorf wrote: Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might cause additional threat (e.G. RDP- VNC-, SSH-Clients

[qubes-users] Bug or Feature? DispVM inherits settings from calling VM

2016-10-12 Thread Robert Mittendorf
though normal DispVMs are red. Also the firewall rules (intranet only) are inherited from the work VM. mit freundlichem Gruß, Robert Mittendorf -- M. Sc. Informatik Robert Mittendorf DigiTrace GmbH - Kompetenz in IT-Forensik Geschäftsführer: Alexander Sigel, Martin Wundram Registergericht Köln

Re: [qubes-users] Re: Thoughts about installed software

2016-10-12 Thread Robert Mittendorf
Well, the discussion leaves the focus I intended it to have. It is surely worth thinking about what a minimum templates needs to have. Nevertheless I think Qubes is about "I know I can get exploited, so just protect the other parts of the system". Afaik a normal Qubes template has only the root

[qubes-users] How to solve ProxyVM (sys-firewall) becomming non-functional at runtime

2016-10-11 Thread Robert Mittendorf
Hey folks, sometimes the sys-firewall (more likely a service within it) crashes and does no longer allow connected VMs to resolve DNS. The ProxyVM must be the responsible entity, because the connection will be fine again If I restart the sys-firewall. Restarting the ProxyVM is tedious, as you

[qubes-users] Thoughts about installed software

2016-10-11 Thread Robert Mittendorf
Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might cause additional threat (e.G. RDP- VNC-, SSH-Clients) So you better do not install non-universal software* in a template VM. *software that is not

Re: [qubes-users] Re: HVM Windows

2016-10-11 Thread Robert Mittendorf
pen usb - is it a thumb drive or a tool for drawing? if thumb drive how do you attach? (block device or usb device?) are you using the usb-vm? afaik Windows Qubes tools do not yet support USB-passthrough. The file will usually be in documents folder. You did install the Windows Qubes Tools,

Re: [qubes-users] Re: Unable to install 3.2-rc1 on Thinkpad T450s

2016-10-10 Thread Robert Mittendorf
I think I found the solution to your problem - at least my issues with booting Kernel 4.4 and Qubes 3.2 are solved now. I increased the total graphics memory from 256 MB to 512 MB - and boom, here you go! Am 10/04/2016 um 06:02 PM schrieb habib.bhatti...@gmail.com: I have a T450s and I

[qubes-users] Remarks for Firewall Rules, combine Firewall rules and own iptables rules

2016-10-05 Thread Robert Mittendorf
Hello fellow Qubes-Users, I'd like to suggest to have an additional (optional) field in firewall rules to store remarks for specific rules (like "needed for xyz" "IP of www.MyHomepage.de" and others) Is it possible to use Qubes firewall rules and own iptables-rules together, or will the

[qubes-users] Minor problems switching from KDE4 to Xfce

2016-09-29 Thread Robert Mittendorf
default DE?! regards, Robert Mittendorf -- M. Sc. Informatik Robert Mittendorf DigiTrace GmbH - Kompetenz in IT-Forensik Geschäftsführer: Alexander Sigel, Martin Wundram Registergericht Köln, HR B 72919 USt-IdNr: DE278529699 Zollstockgürtel 59, 50969 Köln Telefon: 0221-6

Re: [qubes-users] Qubes OS 3.2 has been released!

2016-09-29 Thread Robert Mittendorf
Nice! Btw: You did not update the "Download & Install" Button on the main page. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"

2016-09-29 Thread Robert Mittendorf
It seems like this issue was fixed in current 3.2 testing build. I can open more than 1 url at a time from Thunderbird now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it,

[qubes-users] Outdated documentation

2016-09-27 Thread Robert Mittendorf
Hey Qubes-Team, https://www.qubes-os.org/doc/hvm/ states that "shared templates for HVM domains" are not supported. This is an outdated information, isn't it? Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from

Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"

2016-09-26 Thread Robert Mittendorf
Hey Clark, the article which you referenced to is about opening (and converting) PDF documents. My idea is about opening URLs (Links) in a DispVM. I think that is not related in any way, is it? Robert btw: did you notice, that googlegroups blocks email having a subject starting with a

Re: [qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often

2016-09-21 Thread Robert Mittendorf
Am 09/20/2016 um 10:29 PM schrieb Chris Laprise: This is a good candidate for filing an issue, but mainly for this situation -- "A warning if an upstream VM does not implement the firewall rules", which should include connecting to netvms. IIRC, Qubes Manager used to grey-out the firewall

[qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often

2016-09-20 Thread mittendorf
ed?!) c) A warning about DNS-Names in firewall rules [c) A warning if a connected ProxyVM does not activate the firewall rules] thank you, Robert Mittendorf -- M. Sc. Informatik Robert Mittendorf DigiTrace GmbH - Kompetenz in IT-Forensik Geschäftsführer: Alexander Sigel, Martin Wundram Regist