[qubes-users] Use different DVM templates from same AppVM
Hey, it is so nice to have different DVM-templates now! But: Is it possible to start a non-default DVM from within an AppVM? I have different DVMs for web browsing, intranet browsing and printing. It would be comfortable If I would not have to change default-dvm setting in order to start a DVM form a different template. Thank You -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4a28e5b3-0d3f-c644-6af8-386c46a1e99c%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes 4.0.1 and Ryzen APU - How to update kernel?
I tried to install Qubes 4.0.1 on a different system and update it, but its still 4.14-XXX kernel and not booting with Ryzen 2200G APU. Even sudo qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel kernel-qubes-vm does not install a newer Kernel, probably because it tries to find an update in the fedora 25 repository. What can Ryzen APU user do? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f2f1c187f61b91be31bccaf5300e1bcd%40www.infininet.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Proxy/firewall VM with template fedora-26-minimal non-functional
I downloaded the fedora-2*6*-minimal to replace the fedora-2*5*-minimal. replacing my sys-firewall equivalent the connected AppVMs can no longer connect to the internet. If I return to the fedora-25-minimal template, everything is working fine again. Is there an issue with the fedora-26-minimal template that you provide? There was no issue migrating from 24-minimal to 25-minimal and according to https://www.qubes-os.org/doc/templates/fedora-minimal/ the minimal template can be used as a sys-firewall without any changes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/88df86b3-be06-9089-0c1d-75ed50f7b81c%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Reboot a VM that is connected as net/proxy VM
Well, I experience this issue several times a week. On 09/14/2017 10:29 PM, Adrian Rocha wrote: > Hi, > > Yes, I agree > > It isn't a critical issue, but is too annoying to restore the VMs connections > after this type of situations > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/188bf5ba-d275-8538-4ccb-6b615d12c20a%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Reboot a VM that is connected as net/proxy VM
The problem is getting more and more nasty. Since a few weeks ago, the wlan-NetVMs fails to boot very often. I always have to disconnect the ProxyVM, restart and reconnect. as I cannot believe that nobody else has this kind of problem?! Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fea97b9c-da45-43d4-b067-43dfc4c543f4%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Reboot a VM that is connected as net/proxy VM
Hi there, from time to time a net or proxy vm crashes - connected App/Proxy-VMs are obviously no longer able to connect to an (external) network. In Qubes 3.2, the user has to disconnect connected VMs manually before the user is allowed to reboot the crashed VM. Suggestion: Qubes could and I think even should do this (disconnect, reboot, reconnect) automatically. However, there should be a warning telling the user which VMs (s)he is about to disconnect. What do you thin? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9400caa3-087f-fd76-2a2d-1a3a186db699%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] qvm-run problem with strings containing & ?
Hello Qubes users. I use qvm-run to start a firefox in a disp-vm. The command is /usr/bin/qvm-run --dispvm firefox "$url" or /usr/bin/qvm-run --dispvm "firefox "$url"" This works fine, as long as there is no & in the url. If there is an &, this letter and all following symbols are removed. If I use firefox "$url" the correct url is opened up in the current VM as expected Is this a bug in qvm-run or is there an error in the command? Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9bbe3cd-9fff-d1f9-28ce-e7f47ad43453%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] fedora-24 update error: nothing provides ostree-libs(x86-64) >= 2016.14 needed by flatpak-0.8.3-3.fc24.x86_64
Hello fellow Qubes users, If I execute update of the fedora-24 template via the Qubes VM manager, it aborts with the error nothing provides ostree-libs(x86-64) >= 2016.14 needed by flatpak-0.8.3-3.fc24.x86_64 If I use sudo dnf upgrade from the terminal within fedora-24 the command is executed, but later executions list the problem with flatpack (broken dependencies) of course I can remove flatpack, but I don't know whether I may need it?! thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bbde8e53-0765-68a0-b0f9-6ec3fab749c9%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Minimal Template - Nautilus cannot copy to other VM
Hey there, I want to use nautilus for qvm-copy-to-cm in a minimal template. The bash command works, however using the context menu of nautilus causes an error (stderr: (nautilus:1602): dconf-WARNING **: failed to commit changes to dconf: The connection is closed Traceback (most recent call last): File "/usr/bin/qvm-mru-entry", line 24, in import gtk File "/usr/lib64/python2.7/site-packages/gtk-2.0/gtk/__init__.py", line 40, in from gtk import _gtk ImportError: No module named cairo ) I installed pycairo, but that does not solve the problem. Any ideas? thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dc4eddd7-5ee7-7d8c-e1f3-1dc8370df009%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] VPN-ProxyVM: "Leakproof VPN" by Rudd-O vs. "more involved" method in Qubes Wiki
Hello fellow Qubes users, I am aware of two ways o achive a "leakproof" VPN-ProxyVM. The sollution by Rudd-O https://github.com/Rudd-O/qubes-vpn and the "more involved" method in the Qubes wiki https://www.qubes-os.org/doc/vpn/ both with anti-leak preventive measures and both based on OpenVPN. Questions: - are the different or is Rudd-Os tool "just" a user-friendly interface for the same method? - If not, which method do you prefer and why? thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/235945b3-5993-93b4-7d85-a372f368f335%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] DispVM does not work anymore
> I suspect you too may be suffering
> https://github.com/QubesOS/qubes-issues/issues/2182
>
> Look at /var/log/libvirt/libxl/libxl-driver.log and see if there is a
> line like
> xc: error: X86_PV_VCPU_MSRS record truncated: length 8, min 9: Internal
> error
>
> The reason that directly booting the dvn works is that the problem lies
> in restoring the savefile (and the buggy creation of it).
>
> There are some patches fixing it, but you would need to recompile xen :/
/var/log/libvirt/libxl
(dom0) contains only 2 empty folders ("dump" and "save")
raahelps suggestion to recreate the dvm worked
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/44233a6b-dadc-8766-8916-63cc9da62ba3%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Use an remote PULSE Audio server
Am 01/12/2017 um 11:50 PM schrieb Marek Marczykowski-Górecki: > > 3) Is it a bug that a restart of pulseaudio does remove/not reconnect to > > Qubes VSINK? > > Depends on what you want to accomplish ;) > Well, I just want to restart pulseaudio. Bu I guess then i have to use the script that you mentioned instead of pulseaudio --start It seems like the sink was the missing link. Now I set the sink in qubes-default.qa and I can use the tunnel - well its quite buggy even though its a wired network, but I guess that is the best I can get. For example I have to restart pulseaudio when I restart the audio server. thanks for your help! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d333e18c-af24-b839-f920-eb143a209f8c%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] DispVM does not work anymore
Hey there, today I noticed that my dispVM is no longer working (not in Dom0 and not in AppVMs). There is the notification that the DispVM starts, but nothing shows up. If I start the internal fedora-23-dvm I boots up without any problems and also allows me to start tools (e.g. Firefox) any idea what is wrong? Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b05594d-f20f-e818-1827-ed2f378f9d37%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Use an remote PULSE Audio server
Am 01/12/2017 um 02:25 PM schrieb Torsten Grote: > On 01/12/2017 08:37 AM, Robert Mittendorf wrote: >> Now I have the tunnel enabled when I start the AppVM - but it is still >> not working (the "current volume" bar right above the greyed-out >> "Advanced" is missing for the tunnel as well.. > That's strange it is working for me. > > This is what I have in my rc.local: > > echo "load-module module-tunnel-sink-new server=192.168.1.2 > sink_name=Test sink=bluez_sink.XX_XX_XX_XX_XX_XX" >> > /etc/pulse/qubes-default.pa > > However, the issue I have is that this sink disappears from time to time > which might be related to the fact that this Bluetooth speaker is not > always on. Suggestions on how to automatically re-add the sink in that > case are welcome. > > Kind Regards, > Torsten > I do not define the sink parameter, maybe that is the problem? I expect that "sink" is the local name of the sink at the server? how is thet defined in /etc/oulse/default.pa on server side? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f2a89bb2-a7f0-4cdc-791a-10f48cb08b28%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Use an remote PULSE Audio server
The second and third post were send as a new mail (not a reply). Why do these mails appears as answers here? The first post was send as a reply to the mailing list, changing the topic and expecting to create a new thread, my bad. Sorry. But I do not understand why the other mails end up in this other thread as well, as they were created using a new mail just c the body of the old mail. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/057f72c8-8c6a-3c9b-889e-5ec64071be31%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Use an remote PULSE Audio server
Hey fellow Qubes-Users, I want to use an remote PULSE audio server to playback sound output. The server side is up & running. The connecting AppVM is based on the debian-8 template Standard auto-discover does not work, probably because the AppVM tries to locate the remote server in the virtual internal networks of my Qubes OS. I tried to use a tunnel in /etc/pulse/default.pa: load-module module-tunnel-sink-new server=%SERVER_IP% sink_name=Remote channels=2 rate=44100 I noticed that Qubes itself uses PULSE audio. When I boot a VM, there is a Qubes VSINK device, but no tunnel. If I restart PULSE audio pulseaudio -k pulseaudio --start that device is gone, but the tunnel is shown. Even though the tunnel is shown, I cannot playback sound using it. I would like to have both devices (Qubes VSINK and the remote PULSE server) to choose from in pavucontrol Questions 1) What does Qubes do in order to show/connect to the VSINK? Is there a different config file which is loaded when an AppVM boots? 2) Is a tunnel the right/best option to connect to the remote PULSE audio server? 3) Is it a bug that a restart of pulseaudio does remove/not reconnect to Qubes VSINK? Thanks for reading and a happy new year :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7d6705a-7b9b-39bf-63f4-8fe9cf8a606f%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[Solved, Bugfix] Re: [qubes-users] fedora-24-minimal and WiFi: Shows network, but does not connect
I solved the problem using dnf install notification-daemon gnome-keyring without this it is not possible to store credentials for a new network or change existing ones. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa238679-eae8-2052-2c40-a1e0f8edf658%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] fedora-24-minimal and WiFi: Shows network, but does not connect
Am 12/01/2016 um 11:07 PM schrieb Andrew David Wong: > Are you sure it's a missing package? I pretty sure I installed only those > packages and haven't run into that issue. > > Does it work correctly if you try switching to the full template? > > As said before using the full template in the same VM works. Further testing showed that WPA Enterprise seems to be supported (not my network, but i am asked for authentication details) but not unknown WPA with a pre-shared key. An already configured WP2 PSK works and open networks are working, too. nm-applet Stderror revals that libnotify cannot connect to a proxy -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b2609bf-c51b-b33a-1c6d-fce90a231a8a%40digitrace.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
[qubes-users] fedora-24-minimal and WiFi: Shows network, but does not connect
As mentioned here: https://www.qubes-os.org/doc/templates/fedora-minimal/ I installed: NetworkManager NetworkManager-wifi network-manager-applet wireless-tools dbus-x11 dejavu-sans-fonts tinyproxy to the minimal template to use it for a NetVM (WiFi) The NetworkManager icon appears and lists available networks. If I double-click in order to connect nothing happens. If I use fedora-24 or fedora-23 template for the same VM, everything is fine. Does somebody know which package is missing? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/38ae90c2-feed-0234-8d48-ae086a75b6fd%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Massive performance improvement after disabling power management in the BIOS
Am 11/17/2016 um 01:18 PM schrieb kotot...@gmail.com: > Is there a bug somewhere in the kernel, in Xen or Qubes which prevent them to > properly use this BIOS power management system correctly? > > Have other users experience something similar? Thanks for sharing. Maybe power management does only consider dom0 activity ? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4f95f254-89f7-0d23-fac3-ef47eb786d81%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Lenovo T450s
Am 11/14/2016 um 04:31 PM schrieb xxthatnavygu...@gmail.com: > On Monday, December 21, 2015 at 10:30:49 PM UTC-6, Alex Guzman wrote: >> Installed Qubes with no (noticable) issues. >> >> Attempted EFI boot fails -- I disabled the quiet flags and it seems to hang >> after loading Linux (the last line displayed is something relating to EFI >> variables, iirc) >> >> Legacy boot works fine. Tested various VMs, seems to be working well. >> Networking works OOB, audio works, etc. >> >> >> TPM is installed on the board and I was able to use it successfully. Tested >> AEM, seems to work thus far. >> >> >> >> Only real annoyance is that the RF kill key doesn't seem to work (at least >> when using XFCE, haven't tried KDE). > How do I disable quiet flags? I am having a similar issue with my acer Aspire > E15 Touch. Four penguins, something about EFI and mapping and it just freezes > there for eternity while my exhaust fan goes nuts. > If you use APU graphics, try to increase graphics memory to 512 MB -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e6464248-823b-a2e2-7cdb-f2cf1f06b913%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Improvement: check disk space before copy to VM
On 2016-11-11 14:58, Marek Marczykowski-Górecki wrote: > > >> Actually I don't think it is a good idea. File copy protocol is > >> intentionally very simple, including being unidirectional. We don't > want > >> to add any non-essential features there, to keep it as simple as > >> possible. > > > BTW None of file copying tools I know do that (cp, rsync, scp, ...). Well, I somewhat understand the first argument, but not the second. To have a bad usability and waste poeple's time just because other tools do is not a good argument I think. Obviously it is not unidirectional, otherwise the source would not know "out of disk space". This does not have to be an interactive feature, though. Why not give the "out of disk space" error before accepting the transfer? The communication from sink to source would be the same, but less time would be wasted. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c750d45f-d9bd-0fe4-7a3f-f4682ff78c24%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Improvement: check disk space before copy to VM
I just copied a file from dom0 to a AppVM via qvm-copy-to-vm. The file transfer started until the private storage was full. It would be better to check the free disk space size before executing the copy command. regards, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19c2764c-2055-eabe-a946-36a8254aeeae%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows HVM doesn't get updates
Try to install KB3020369 first and then KB3020369 (May 2016 Rollup Update). That worked for us. Searching for updates is reasonably fast now on our Qubes Win HVMs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9350c8c-ddc1-504c-a2f7-8c8d3140a662%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Internal networking: How are IPs chosen, why class C subnet.
Hey, yesterday I noticed that even if VMs share a class C network, all trafic is routed through the gateway and by default the gateway does not allow a connection to other VMs in the same subnet. This makes a lot of sense from a security perspective, but the shown information is missleading. With IP 10.137.x.y and class C subnet (255.255.255.0) one would expect to be able to communicate with IP 10.137.x.z directly. I guess this is just the preconfiguration of the templates and user-build template would be able to communicate directly when they are in the same network?! How are IPs chosen anyway? A class C-subnet "behind" every ProxyVM or NetVM? regards, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2fc5670-9d25-9f27-54fd-6171aa6a%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] windows7 hangs on installation
How long did you wait? btw: "installed windows tools" is missleading. I guess you downloaded the QWT to dom0, as you did not even install windows before step 1. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82966e85-ad96-ce84-fa67-660ac12e93f4%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to destroy files without leaving any traces ?
Am 10/27/2016 um 02:28 PM schrieb Manuel Amador (Rudd-O): On 10/27/2016 04:34 AM, Andrew David Wong wrote: Building on what Chris said, here are your general options, from best to worst: [...] 2. Make sure the data is encrypted before it ever touches the storage medium (then wipe the encryption headers, if any, or keep the key secret). This method is no longer 100% effective since the advent of flash, hybrid drives, and hidden storage areas on rotating disks that store unused sectors for when used sectors begin to fail. so what is the matter? If the data on the drive is stored only encrypted (SSD, HDD or SSHD), those "hidden sectors" (for performance, wear leveling or reserve) and the caches do only contain encrypted data as well. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ecae9e5f-3c30-5499-eeb7-7e17c394efd3%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ANN: Leakproof Qubes VPN
Just saw the Qubes VPN project right now. Quick-reading the tutorial I have to questions: 1) why does the VPN-VM need to be allowed to do DNS, if DNS requests are routed through the VPN. Is it just in case the VPN server it wants to connect to is defined by hostname instead of IP? 2) why is the recommendation to allow all hosts for the VPN server (and not only the VPN servers IP)? thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b4c85024-1da2-f674-5082-801720fde365%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Windows is NOT starting after windows-tools installation... help
Windows problems may have a lot of reasons. Sometimes after a failed boot windows wants to start "boot help" (or whatever its called in English) and defaults to use it. As you do not see this selection in Qubes (only if you enable debug mode) it boots into that mode and Qubes is tuck at yellow for that VM. Try debug mode and non-seamless. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8b3deff-2029-251c-a0a5-40ef14f07d8c%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: How to view Youtube in Fullscreen ? (for dummies)
You can enable full screen mode, in that mode browser fullscreen works. The video tends to be flickering, I think because of missing hardware acceleration. However other applications like RDP cause problems in fullscreen mode. In that case you cannot switch to another window without disconnecting. If you try, the RDP viwer looses context of at least the keyboard, sometimes of the mouse as well. Your only chane then is to pull the plug to make FreeRDP disconnect after a timeout. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/50ee485b-1502-7160-641b-5e9348f742a4%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes Windows Tools 3.2.2-3 released
After updating Qubes tool, basically all relavant devices have issues. Qubes Video, Xen Interface, Xen PV Storage, Xen PV Network. Config in registry incomplete or broken (Code 19) The repair option of the QWT uninstaller does not solve the issue as well. Any idea? Otherwise I think I'm stuck with QWT 3.2.1.2. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/65031a9f-11e3-e8b2-c0cb-6b2e881b62e9%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] detecting malicious usb devices
Am 10/25/2016 um 04:15 PM schrieb Vít Šesták: I don't think that a USB drive can directly record keystrokes. The communication goes in the opposite direction that the USB drive would need. A malicious USB drive can also listen the data going to other USB devices on the same controller. You cannot detect this. Well, your second point is exactly that. As USB is a Bus, all devices should be able to record the other devices messages - and thereby the keystrokes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/384f7071-da9e-90e2-c8e8-026194f11e19%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Remnder: Ubuntu-template anyone?
What would be the advantage of a Ubuntu-template compared to the Debian template? (No offense, I'm just curious) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/60a48ab0-18a1-13f8-4815-54f9c780fe05%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] detecting malicious usb devices
Am 10/25/2016 um 09:05 AM schrieb Andrew David Wong: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-24 23:48, pixel fairy wrote: can the a usbvm be used to detect malicious usb devices? has anyone tried this? Sure, you can run whatever kind of detection software you like in a USB VM. However, not all malicious USB devices are detectable (whether you're in a USB VM or somewhere else). I haven't tried it. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYDwQmAAoJENtN07w5UDAw5usP/0Yo9zrkgsEceiz38oRG6Kj0 ulBYSAnUOwGHEo9EIiFWHAVyu9uo6Eq+CptgF2CtQmkes8tHAXW3qEfbkL2+mgke guaqeMxd6L2OLVNg7CBCSeyciqrmGMw2IB8l7/p5p+1daVhj1Gx//cfOc3UJay+G R8w+pL3vYo916xP/PtkfOYV13IB+hTQR/WZKUWhigrxALBsLUb7s/fAHRrqxaCHb 30JSacKlH8ztY7PkZWEtzVUsvp71hE42TP1IGvJ/JuudIBsbXRxCFzfo1XHC61mH ZIQ8Yxez85rlHD3uA0I5NxBRIA0iAYCmPPiYN5D/kRa+IaByQpONoReTTBgYWq7G lBye2K09GJ3fKAxp1aLAxaw5BtxLFtzPY15VdL2yrhpfFH0329kk/q3Zxv+93OJn Gldi237a8WL17CigQbJPBOkTC77+luF4QRq6dbUmRRNNqxQiUqSnETk3wZBqyZVJ AeemmqHW2Clg0gemQ+nTLj8X5cgCUOM5flfE55LyYs8ai6kE2ASmBvhdpsV2qEVS z20FOYOk1i25KVCcRtzXq/OlmBuHRmftAugS1ZnPGMmOwx/NGEBzkycYZqXVzb72 8WCYhpUZ9LkksHJpUQHZ6EngU2nnJryFkaritDYagLD8G/WucM2oTjm9Of7EQzW2 R6eMshcuf8F9N53qwos6 =pO8v -END PGP SIGNATURE- Example: A thumb drive that claims to be a keyboard to record your key strokes. How would you detect that? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d2c56a35-4bd8-baa9-ba75-538289a5e0d1%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] GUI Issues: Active window on top, scroolbar without scrooling buttons
Hello fellow Qubes users,
today I have a few questions about the GUI handling in Qubes. I use
Qubes 3.2 with Xfce desktop dom0.
1) If a window that already exists is set to active, it is not shown on
top. Example: I open up a programm that is alrady running and that
starts only a single instance (per Qube/VM) - is there a fix?
2) The scroolingbar of Thunderbird is a little weird. There are no
scrooling buttons (up/down) and when I click somewhere in the range of
the scroolbar the windows content will directly jump to that very
position, instead of just moving one screen towards that direction.
I created the
~/.config/gtk-3.0/gtk.css as follows:
.scrollbar {
-GtkScrollbar-has-backward-stepper: true;
-GtkScrollbar-has-forward-stepper: true;
}
Now the terminal has scroolbar buttons, but Thunderbird still doesnt.
Even if I use a new thunderbird profile..
I have tried solving the second issue for about 3 hours now.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/cb4cb89b-d7f3-17e6-b34d-695253b28c67%40digitrace.de.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Bug or Feature? DispVM inherits settings from calling VM
The data copied to that VM (i.e. the pdf file or whatever you opened) must be considered leaked if the VM gets compromised via e.g. drive-by exploits. Agreed, it's limited to that data, but nevertheless an unexpected potential impact. And depending on your data it can be critical. Well, that is why it is a distinct DispVM. If I open a legit PDF from my mail client in a DispVM (say dispvm1) and I open a non-legit URL in a DispVM, this will not be the same dispVM and thereby not leak the PDFs data. If the PDF itself is malicious, I most likely will not care about the leak. Only exception: A legit PDF gets infected and is then mailed to me. Usually that would allow the attacker to leak the PDF from the system it was send from in the first place. From a usability point of view you'll also get annoyed if you cannot print in dispVMs just because your firewall rules allowing connectivity to your printer aren't inherited, but those to allowing connectivity to the internet suddenly are in place. agreed, basically. Btw inheriting netVMs makes a lot of sense if you imagine one Tor proxy VM and one directly connected one. So a dispVM from a Tor connected VM would spawn a direct internet connection in your case... Currently it fortunately does not. agreed. Well, I was actually suprised that there is more than 1 DispVM. Do the child-DispVMs use the fedora-23-dvm template as well? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8dfee0a-0107-64f1-7ed2-8ae82809b638%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Group/Hide VMs (e.g. mark arbitrary VM as "internal")
Am 10/11/2016 um 08:05 PM schrieb Unman: qvm-prefs -s internal True Simple as that ? - thank you! I checked the config files and did not find the "internal" switch -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f7e7c1a-6dfd-61da-2ce8-2cfbd9c02dd8%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to solve ProxyVM (sys-firewall) becomming non-functional at runtime
Am 10/13/2016 um 04:12 PM schrieb Manuel Amador (Rudd-O): On 10/11/2016 09:42 AM, Robert Mittendorf wrote: Hey folks, sometimes the sys-firewall (more likely a service within it) crashes and does no longer allow connected VMs to resolve DNS. The ProxyVM must be the responsible entity, because the connection will be fine again If I restart the sys-firewall. You're onto it. I think I fixed this yesterday: https://github.com/QubesOS/qubes-core-agent-linux/pull/20 Quick-reading you link I dont think that this is the issue. My obervation is that it happens after several hours/days of a flawlessly working ProxyVM, not at boot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1fd7dc8-e572-897c-7ef8-215cd6a04479%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Thoughts about installed software
However I would not use the "move to VM" command like this, as I experienced those requests getting lost One time files were actually deleted, since that time I always use copy instead of move. Sounds troubling. Do you remember the last Qubes release version where you experienced this kind of data loss? [...][...] qvm-move-to-vm *should* be safe since R3.1 (unless the destination VM was debian-7 based, which had an old glibc without syncfs() support). Rusty 3.1 - but I dont remember src & dest types My thoughts are more about continuing the attack to other QubesVMs or even other systems by means of installed Software like a VNC client. But I only ever allow the ports I require to be used at that time. I do have one area that is set up as a complete, but they can only talk to each other, nothing else. So if you configure Qubes correctly, including the VMs, it will be very difficult to actually attack other VMs in the way I think you may be thinking it's easy? Good point, Drew. The problem is reduced significantly if you reduce the firewall exceptions to a minimum. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/17c46299-307c-4f0e-e04a-d62e6baee4d7%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Thoughts about installed software
Am 10/12/2016 um 04:00 PM schrieb 7v5w7go9ub0o: On 10/11/2016 09:30 AM, Robert Mittendorf wrote: Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might cause additional threat (e.G. RDP- VNC-, SSH-Clients) So you better do not install non-universal software* in a template VM. *software that is not needed in every VM which is based on that template So where to put non-universal software? - user-space: allows malware to persist easily, because of persistent write rights. And does not allow usage of standard repositories - other (cloned) TemplateVM: You need to make sure that you keep all templates up-to-date for security reasons, you need much more storage space and cause more ssd aging Interesting!! Since r2.x, I've run each of my user apps in individual, dedicated, dynamically-configured DispVMs; using scripts that: start up a new DispVM, copies the application-specific files from the vault into the DispVM; runs the application, copies any updated data (data only) back from the DVM to the folder in the vault; discards the DVM. Of course the vault remains offline, and programs are never invoked within the vault; it is used exclusively to store data that is accessed safely in dispvms. If a DVM becomes compromised or corrupted I simply dispose of the DispVM and start anew. No worries about quiet infections of appvm user files, as only updated data (in most cases txt files) is retained from the DispVM back to the vault. After your OP, it dawns on me that one could devise similar scripts to start up a "barebones" DVM, dynamically modify it to be a dedicated application DVM by copying both the application files AND the necessary system (app) files into that DVM. Run the app; copy any updated data (data only) back into the vault, and discard the DVM. (This is trivial with some apps; e.g. keepassx; but could be involved with big complicated apps) This would keep the DispVMs smaller, and as you point out, with fewer attack surfaces. This would require two AppVMs: a "barebones" DVM (As per Rudd-O's "minimal" point, I'll likely use the Qubes default with Firefox system and FF "user" files installed), and a second AppVM containing and maintaining the system and user application files - it would be brought online only for the purpose of package manager updating. I plan on testing/configuring this way with r4.x. Thank You for the OP. Interesting idea. However I would not use the "move to VM" command like this, as I experienced those requests getting lost One time files were actually deleted, since that time I always use copy instead of move. This is a problem with Linux (package based setup, dependency hell) - in Windows you can run most Tools from their folder which you can place anywhere you like. They may create files in other places (like the registry), but they mostly run on a system they are copied to. Depending on how you copy malware still might be able to persist. I think about a browser extension, for example. Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d5a4c26b-0d78-dbbd-3a2e-6b26d0ee97fa%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Bug or Feature? DispVM inherits settings from calling VM
If I use /usr/bin/qvm-run to open an application in an disposible VM, the dispVM inherits some setings from the calling VM example: I use /usr/bin/qvm-run --dispvm firefox In work-VM. My work-VM is configured to allow intranet IPs only. The starting dispVM is blue like the work VM, even though normal DispVMs are red. Also the firewall rules (intranet only) are inherited from the work VM. mit freundlichem Gruß, Robert Mittendorf -- M. Sc. Informatik Robert Mittendorf DigiTrace GmbH - Kompetenz in IT-Forensik Geschäftsführer: Alexander Sigel, Martin Wundram Registergericht Köln, HR B 72919 USt-IdNr: DE278529699 Zollstockgürtel 59, 50969 Köln Telefon: 0221-6 77 86 95-2 Website: www.DigiTrace.de E-Mail: i...@digitrace.de Haben Sie schon den DigiTrace-Newsletter abonniert? http://www.digitrace.de/de/service/newsletter DigiTrace ist Partner der Allianz für Cyber-Sicherheit sowie Mitglied im nrw.units Netzwerk für IT-Sicherheit: https://www.allianz-fuer-cybersicherheit.de http://www.nrw-units.de/netzwerk/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9cd098fc-3e92-999c-40a0-0449b5612e0e%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Thoughts about installed software
Well, the discussion leaves the focus I intended it to have. It is surely worth thinking about what a minimum templates needs to have. Nevertheless I think Qubes is about "I know I can get exploited, so just protect the other parts of the system". Afaik a normal Qubes template has only the root user, so after an exploit the attacker is root in that VM right? My thoughts are more about continuing the attack to other QubesVMs or even other systems by means of installed Software like a VNC client. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/246d640e-fa12-6a6e-62fd-3c95f30caa63%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How to solve ProxyVM (sys-firewall) becomming non-functional at runtime
Hey folks, sometimes the sys-firewall (more likely a service within it) crashes and does no longer allow connected VMs to resolve DNS. The ProxyVM must be the responsible entity, because the connection will be fine again If I restart the sys-firewall. Restarting the ProxyVM is tedious, as you cannot simple restart it when running (App)VMs are attached. You have to change the NetVM setting of every running connected AppVM (or shut them down) in order to restart the sys-firewall. This does not happen very often, just once, twice a month - but is there a less tedious way to fix this? like a shell command to restart the corresponding service in the sys-firewall? One could use an intermediate proxy, so you have to change only the NetVM of a single connected "App"VM - but what if the same problem occurs with that additional ProxyVM What is the problem with restarting a connected ProxyVM anyway? Yes, there should be a warning - but it should be possible to bypass this warning I think. thanks for reading, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a706c75b-1aa9-18a3-9c35-6187c1087544%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Thoughts about installed software
Software that you don't need is a security risk as it imposes additional attack surface - we all know that. Besides exploits those tools might cause additional threat (e.G. RDP- VNC-, SSH-Clients) So you better do not install non-universal software* in a template VM. *software that is not needed in every VM which is based on that template So where to put non-universal software? - user-space: allows malware to persist easily, because of persistent write rights. And does not allow usage of standard repositories - other (cloned) TemplateVM: You need to make sure that you keep all templates up-to-date for security reasons, you need much more storage space and cause more ssd aging So what about a multi-level template system. That way you can keep at least most software up-to-date with a single update process. This would need a delta-filesystem instead of the current image=directory approach i think. I don't know whether Xen has such capabilities?! Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c7962f0f-9a05-2f81-9390-ce3a7bfb87ee%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HVM Windows
pen usb - is it a thumb drive or a tool for drawing? if thumb drive how do you attach? (block device or usb device?) are you using the usb-vm? afaik Windows Qubes tools do not yet support USB-passthrough. The file will usually be in documents folder. You did install the Windows Qubes Tools, didn't you? Robert Am 10/06/2016 um 08:38 PM schrieb asdfg...@sigaint.org: On Thursday, 6 October 2016 10:30:19 UTC+1, asdf...@sigaint.org wrote: Hello When I send a file from a appVM to windows HVM, where does it go? I'm searching but I don't find it Thank you Check your user folder, should be in there or in documents. will be in a folder call QubesIncoming. Unfortunately there isn't no folder with this name Another issue is when I attach a pen usb, there isn't no folder where I can see the file inside Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/977b77ac-3152-7325-4319-1cc77ba099a8%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Unable to install 3.2-rc1 on Thinkpad T450s
I think I found the solution to your problem - at least my issues with booting Kernel 4.4 and Qubes 3.2 are solved now. I increased the total graphics memory from 256 MB to 512 MB - and boom, here you go! Am 10/04/2016 um 06:02 PM schrieb habib.bhatti...@gmail.com: I have a T450s and I followed instructions exactly I am using a USB device which I used Rufus to instal the ISO image in DD mode and then I went into xen.cfg and did exactly as instructions stated but it keeps herring stuck in boot loop Someone please help Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/71e1f8ec-455b-4515-87ae-3446c50f88e6%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Remarks for Firewall Rules, combine Firewall rules and own iptables rules
Hello fellow Qubes-Users, I'd like to suggest to have an additional (optional) field in firewall rules to store remarks for specific rules (like "needed for xyz" "IP of www.MyHomepage.de" and others) Is it possible to use Qubes firewall rules and own iptables-rules together, or will the firewall rules overwrite any own iptables config? Thank you, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b72ece35-1556-4207-15c0-028acad68a7c%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Minor problems switching from KDE4 to Xfce
Hey there. We have some issues using the new Xfce interface compared to KDE4. But most of us would actually prefer using Xfce for its simplicity. 1) "System Tools" includes some in-AppVM applications (I have a lot of shortcuts there, other coworkers also have such entries, but only a few of them) 2) How can volume be controlled on a per-VM/Qube level as in KDE? 3) Is it possible to color the background of taskbar-items with the AppVM's color? 4) Can taskbar-items be grouped by AppVM ? Most probably somebody already found out how to solve this, as Xfce is the new default DE?! regards, Robert Mittendorf -- M. Sc. Informatik Robert Mittendorf DigiTrace GmbH - Kompetenz in IT-Forensik Geschäftsführer: Alexander Sigel, Martin Wundram Registergericht Köln, HR B 72919 USt-IdNr: DE278529699 Zollstockgürtel 59, 50969 Köln Telefon: 0221-6 77 86 95-2 Website:www.DigiTrace.de E-Mail:i...@digitrace.de Haben Sie schon den DigiTrace-Newsletter abonniert? http://www.digitrace.de/de/service/newsletter DigiTrace ist Partner der Allianz für Cyber-Sicherheit sowie Mitglied im nrw.units Netzwerk für IT-Sicherheit: https://www.allianz-fuer-cybersicherheit.de http://www.nrw-units.de/netzwerk/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/44065963-7a83-fc59-4e43-f7d4194946ba%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS 3.2 has been released!
Nice! Btw: You did not update the "Download & Install" Button on the main page. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1482c13b-1e5d-5865-93c0-4a7644ee4c88%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"
It seems like this issue was fixed in current 3.2 testing build. I can open more than 1 url at a time from Thunderbird now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46459847-65d5-c576-f20b-eaa912de2ba1%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Outdated documentation
Hey Qubes-Team, https://www.qubes-os.org/doc/hvm/ states that "shared templates for HVM domains" are not supported. This is an outdated information, isn't it? Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/831a6112-86c2-3b4e-2bbf-6b16079ddd27%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"
Hey Clark, the article which you referenced to is about opening (and converting) PDF documents. My idea is about opening URLs (Links) in a DispVM. I think that is not related in any way, is it? Robert btw: did you notice, that googlegroups blocks email having a subject starting with a quote (single ' or double ") ? I - I sent this email 4 times over several days. Am 09/24/2016 um 11:02 PM schrieb Clark Venable: Have you seen this? https://micahflee.com/2016/07/how-qubes-makes-handling-pdfs-way-safer/ Clark -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/664b1604-dc80-0f91-772c-4d3ba8deb325%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often
Am 09/20/2016 um 10:29 PM schrieb Chris Laprise: This is a good candidate for filing an issue, but mainly for this situation -- "A warning if an upstream VM does not implement the firewall rules", which should include connecting to netvms. IIRC, Qubes Manager used to grey-out the firewall tab for any vm that was connected to a netvm. That doesn't appear to be the case now in R3.2. As for idea 'b', I'd disagree with that. Chained proxyvms are probably more common than you think. Chris Hey Chris, sorry for my first answer directly to you - I expected a mailing list to set/replace the "answer to" field I still use 3.1! firewall rules are disabled for NetVMs, but not dynamically for VMs that are not connected to a proxy VM. I'm curious - do you have an example for a usefull local proxy(VM) chain? Am 09/21/2016 um 12:07 PM schrieb Andrew David Wong Normally, it wouldn't make sense to try to enforce firewall rules for a FirewallVM. That's why the default sys-firewall and sys-net work the way they do. However, if you have a need for this, you're free to create your own FirewallVMs and chain them together. I agree - that is why my idea was to disable firewall rules for proxy VMs. 2) I can configure firewall rules for a AppVM, which will not be active if that VM is connected Assuming you meant "unconnected," that's right. Actually I meant connected to a NetVM and thereby the internet. Sorry. And: What happens if a ProxyVM does not implement the firewall service, or if the firewall service crashes in the ProxyVM ? I cannot find more information about the firewall mechanism than "centrally managed in Dom0 and exposed to each Proxy VM through Xen store" from http://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html Take a look at these pages: https://www.qubes-os.org/doc/qubes-firewall/ https://www.qubes-os.org/doc/networking/ I looked at the firewall page. The networking pages seems to miss exactly the information I'm looking for in the "Firewall and Proxy VMs" section - like how the information from xen store is loaded within the proxyVM and what happens, if something failes (e.g. Is there a risk that proxying works, but firewall rules are ignored ?) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c649166-b766-0f73-d452-b1fbec914f36%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Usability: "Firewall rules" setting will likely be missunderstood often
Hey, Firewall rules are set for a specific VM/Qube. From common understanding people would probably think that those rules are active no matter what happens outside of that very VM/Qube, but in fact it seems like those rules are active if and only if there is an ProxyVM connected to that VM/Qube. Examples: 1) I can configure firewall rules for a ProxyVM, but they are not actived, if that ProxyVM is connected to a NetVM (if I connect another ProxyVM in between, this might probably work?!) 2) I can configure firewall rules for a AppVM, which will not be active if that VM is connected And: What happens if a ProxyVM does not implement the firewall service, or if the firewall service crashes in the ProxyVM ? I cannot find more information about the firewall mechanism than "centrally managed in Dom0 and exposed to each Proxy VM through Xen store" from http://theinvisiblethings.blogspot.de/2011/09/playing-with-qubes-networking-for-fun.html Ideas: a) A warning if an AppVM is (about to be) connected to a NetVM (instead of a ProxyVM). b) Do not allow "firewall rules" being set for ProxyVMs (I think Proxy-Chains are rather unlikely being used?!) c) A warning about DNS-Names in firewall rules [c) A warning if a connected ProxyVM does not activate the firewall rules] thank you, Robert Mittendorf -- M. Sc. Informatik Robert Mittendorf DigiTrace GmbH - Kompetenz in IT-Forensik Geschäftsführer: Alexander Sigel, Martin Wundram Registergericht Köln, HR B 72919 USt-IdNr: DE278529699 Zollstockgürtel 59, 50969 Köln Telefon: 0221-6 77 86 95-2 Website: www.DigiTrace.de E-Mail: i...@digitrace.de Haben Sie schon den DigiTrace-Newsletter abonniert? http://www.digitrace.de/de/service/newsletter DigiTrace ist Partner der Allianz für Cyber-Sicherheit sowie Mitglied im nrw.units Netzwerk für IT-Sicherheit: https://www.allianz-fuer-cybersicherheit.de http://www.nrw-units.de/netzwerk/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9e5aebdb-199d-b25c-daf7-d38dd5fdf2b0%40digitrace.de. For more options, visit https://groups.google.com/d/optout.
