[qubes-users] How to share data between 2 Qubes installations via USB in a sensible way?

2016-06-17 Thread David Hobach
Dear users, I wonder whether there's any sensible (= relatively secure) way of sharing data between 2 Qubes installations via a single USB pen drive or hard disk? What are you using or do you have any thoughts? Of course I assume that both installations have multiple VMs for which you want

Re: [qubes-users] How to share data between 2 Qubes installations via USB in a sensible way?

2016-06-27 Thread David Hobach
On 06/19/2016 01:12 PM, Chris Laprise wrote: On 06/19/2016 05:25 AM, David Hobach wrote: I wonder whether there's any sensible (= relatively secure) way of sharing data between 2 Qubes installations via a single USB pen drive or hard disk? What are you using or do you have any thoughts

Re: [qubes-users] Re: AppVMs using ProxyVM having DNS problems some days

2016-08-01 Thread David Hobach
On 07/31/2016 10:05 AM, Markus Kilås wrote: On 02/28/2016 04:13 PM, Markus Kilås wrote: Hi, I am experiencing an issue with DNS queries in my AppVMs in R3.0. Sometimes after booting up, the AppVMS that are connected to sys-firewall are unable to do DNS lookups: user@untrusted ~]$ dig

Re: [qubes-users] usb 3.0

2016-07-31 Thread David Hobach
On 07/30/2016 12:23 PM, Nicola Schwendener wrote: Hello all, sorry if I bother you but I haven't understood if USB 3.0 (I've a lot of external disks with usb 3.0) is supported or not. I want to migrate from my actual windows 8.1 OS to Qubes (I've to do a Windows HVW for some applications)

[qubes-users] HCL: HP Elitebook 850 G3

2016-08-17 Thread David Hobach
3.2rc2: Everything appears to work, incl. assigning the wifi controller to the netvm and the USB 3 controller & sd card reader to the usb VM. TPM wasn't tested so far. Booting from USB flash drive requires some workarounds (manually select the EFI file to boot from in the BIOS - eventually

Re: [qubes-users] How to share data between 2 Qubes installations via USB in a sensible way?

2016-09-04 Thread David Hobach
On 06/27/2016 07:22 PM, David Hobach wrote: On 06/19/2016 01:12 PM, Chris Laprise wrote: On 06/19/2016 05:25 AM, David Hobach wrote: I wonder whether there's any sensible (= relatively secure) way of sharing data between 2 Qubes installations via a single USB pen drive or hard disk? What

Re: [qubes-users] [3.2rc2] Pulseaudio 100% CPU load at dom0

2016-09-03 Thread David Hobach
On 09/02/2016 07:10 PM, entr0py wrote: David Hobach: On 08/31/2016 08:14 PM, entr0py wrote: Eva Star: 3.2rc2 - clean install (on 3.2rc1 with updates I do not have this problem) At dom0 pulseaudio proccess always eat 100% of CPU. If I kill it, then it starts again! Please, help. Hot to fix

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-10 Thread David Hobach
On 11/09/2016 01:51 PM, SEC Tester wrote: Im trying to setup a VPN ProxyVM on Qubes R3.2 == Here's what works: == Ive got AirVPN GUI setup and working on Fedora-23-minimal My AppVM can proxy through VPN ProxyVM whatismyip.com shows the VPN IP

[qubes-users] [3.2] qvm-block -A doesn't work reliably anymore?!

2016-10-23 Thread David Hobach
Dear all, after upgrading to 3.2 (in-place) I noticed the following issue: qvm-block -A fooVM dom0:/var/lib/qubes/appvms/blaVM/private.img Traceback (most recent call last): File "/usr/bin/qvm-block", line 151, in main() File "/usr/bin/qvm-block", line 105, in main

Re: [qubes-users] [3.2] qvm-block -A doesn't work reliably anymore?!

2016-10-23 Thread David Hobach
On 10/23/2016 04:15 PM, David Hobach wrote: Dear all, after upgrading to 3.2 (in-place) I noticed the following issue: qvm-block -A fooVM dom0:/var/lib/qubes/appvms/blaVM/private.img Traceback (most recent call last): File "/usr/bin/qvm-block", line 151, in main() File

Re: [qubes-users] swappiness, caches

2016-10-19 Thread David Hobach
On 10/19/2016 05:54 PM, johnyju...@sigaint.org wrote: It always seemed a bit "off" to me that there should be any swap usage or significant buffers/caches inside VM's. dom0 already caches the virtual .img files, so having the kernel inside each VM also buffering/caching files and metadata is

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-11 Thread David Hobach
On 11/10/2016 10:07 PM, Chris Laprise wrote: > On 11/10/2016 01:28 PM, David Hobach wrote: >> I'd recommend to avoid any tools employing iptables which were not >> written explicitly for Qubes as well. > > This. Or at least don't use them without careful inspection. Might

Re: [qubes-users] Access all vm data from a backup-vm?

2016-11-20 Thread David Hobach
On 11/20/2016 12:35 PM, Franz wrote: On Sun, Nov 20, 2016 at 7:21 AM, Stickstoff wrote: Hello dear new qubes family, I am having trouble designing a backup concept for my qubes workstation. My goal is to have a (daily) copy of the entire workstation on a trusted remote

Re: [qubes-users] Leak Problems with VPN ProxyVM + AirVPN & Network lock

2016-11-12 Thread David Hobach
> I would also advise users *not* to > rely on firewall settings in Qubes Manager/VM Settings as the options > are too limited to stop compromised VMs that are supposed to be confined > to the VPN tunnel from leaking data to clearnet (e.g. a hostile access > point or other upstream node)

Re: [qubes-users] Re: Bug or Feature? DispVM inherits settings from calling VM

2016-10-13 Thread David Hobach
On 10/13/2016 12:45 PM, Robert Mittendorf wrote: Am 10/13/2016 um 04:50 AM schrieb raahe...@gmail.com: feature. I use to make menu shortcuts to launch programs in dispvms inheriting firewall rules. But xfce only lets you edit already existing rules, not create new ones :( editing a

Re: [qubes-users] Re: Bug or Feature? DispVM inherits settings from calling VM

2016-10-17 Thread David Hobach
On 10/17/2016 09:42 AM, Robert Mittendorf wrote: Currently your easiest option is not to click on the links, but to copy-paste them to an open dispVM. Small sacrifice for a major security gain. Well, the "easiest" option is to use a net-vm directly. What is the security gain? Its a dispVM

Re: [qubes-users] [Security] Anti-evil-maid didn't notice Xen update ?

2016-11-30 Thread David Hobach
On 11/30/2016 08:09 AM, Swâmi Petaramesh wrote: Hello, I use Qubes 3.2 (recent, default installation) with anti-evil-maid on HP ProBook 6470b. Anti-evil-maid is installed to HD /boot per instructions, TPM is protected by a password, and I use a "secret" image instead of text. So far

[qubes-users] netvm sometimes doesn't start

2016-12-04 Thread David Hobach
Dear users, sometimes my debian-8 netvm / sys-net doesn't start. I then have to remove the Intel ethernet device from it, start & stop the netvm, add it again and then it'll start correctly. Is there anyone out there who had the same issue and managed to solve it? lspci -vv 00:00.0 Ethernet

Re: [qubes-users] Automation of USB passthrough

2017-04-20 Thread David Hobach
On 04/20/2017 10:54 AM, Johannes Graumann wrote: Hi, Has anyone figured out a setup for qubes-usb-proxy-based USB- passthrough that will allow for automatic (and active) monitoring of sys-usb connections and VMs? I'm envisioning a situation where I tell the proxy setup that 1) if device X shows

Re: [qubes-users] Focus Stealing, how to stop it?

2017-04-22 Thread David Hobach
On 04/22/2017 05:42 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-04-21 20:18, Jean-Philippe Ouellet wrote: On Fri, Apr 21, 2017 at 10:00 PM, Andrew David Wong wrote: On 2017-04-20 21:56, Jean-Philippe Ouellet wrote: On Thu, Apr

Re: [qubes-users] After Windows 10 Install, Qubes don´t Start/Boot

2017-07-29 Thread David Hobach
On 07/29/2017 04:40 AM, Franz wrote: On Fri, Jul 28, 2017 at 8:53 PM, wrote: First i installed Qubes OS than Win 10, now is the Problem that Win starts but i cant start qubes os. Can anyone help me please? Your Qubes partitions might still be there... At least the

[qubes-users] Feedback: Qubes 4rc1 on coreboot

2017-08-05 Thread David Hobach
Dear users, so I tested the new 4.0rc1 on a T530 with coreboot & SeaBios as payload: It installed perfectly fine, then on first boot I ran into the issue from https://groups.google.com/forum/#!topic/qubes-users/jfQovXpzCq8 : After installation Grub is loaded, I selected an entry, the screen

Re: [qubes-users] X230 2325-YBN + Coreboot

2017-08-17 Thread David Hobach
On 08/16/2017 06:09 PM, Rusty Bird wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Finsh: are there by chance any known Problems with the X230 2325-YBN + Coreboot with cubes os? If it's R3.2 and you're using SeaBIOS, check out the last paragraph of

[qubes-users] awesome wm: Focus steal hardened rc.lua

2017-05-01 Thread David Hobach
Dear users, I was annoyed by some unwanted focus changes whilst using awesome and thus created the attached config that should prevent most of them. Maybe it'll be useful to some of you (I noticed some threads on this mailing list about focus steal stuff after all). The code should be

[qubes-users] Disposable service VMs in 4.0rc1

2017-10-13 Thread David Hobach
Hi all, did anyone test disposable VMs for sys-net, sys-firewall and sys-usb in 4.0rc1 yet? Especially since the installed defaults appear to be non-disposable if I recall correctly. According to [1] this is meant to be working though for at least sys-net & sys-usb. It doesn't say

Re: [qubes-users] Disposable service VMs in 4.0rc1

2017-10-13 Thread David Hobach
On 10/13/2017 02:24 PM, David Hobach wrote: Hi all, did anyone test disposable VMs for sys-net, sys-firewall and sys-usb in 4.0rc1 yet? Especially since the installed defaults appear to be non-disposable if I recall correctly. According to [1] this is meant to be working though

Re: [qubes-users] AW: Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-15 Thread David Hobach
Hi, I think you have some misconceptions here - the main one being why people tend to use Qubes OS: Segregation of data to application-specific domains, i.e. impact of a domain compromise is limited. Your idea however makes your Qubes installation vulnerable to: - Any attacks originating

Re: AW: Re: [qubes-users] AW: Idea for (resonable secure) cloud-storage usage with Qubes

2017-10-16 Thread David Hobach
Hi again, On 10/15/2017 08:37 PM, '[799]' via qubes-users wrote: I think you have some misconceptions here - the main one being why people tend to use Qubes OS: Segregation of data to application- specific domains, i.e. impact of a domain compromise is limited. You are right, regarding why

Re: [qubes-users] iommu=no-igfx

2017-10-17 Thread David Hobach
i have dell xps 9360 ( kaby lake i7 intel 620 ) when i installed qubes after installation the qubes didnt succeeded to start . work around that worked was to remove from grub the iommu=no-igfx and after this everything went well . is there an issue to add this option ? No, it should even

Re: [qubes-users] Disposable service VMs in 4.0rc1

2017-10-13 Thread David Hobach
On 10/13/2017 03:27 PM, Marek Marczykowski-Górecki wrote: On Fri, Oct 13, 2017 at 02:48:59PM +0200, David Hobach wrote: On 10/13/2017 02:24 PM, David Hobach wrote: The second instance will not start. The point is in Qubes 4.0 you can create DisposableVM, which have no persistent data (like

Re: [qubes-users] Options for securing /boot

2017-08-29 Thread David Hobach
On 08/29/2017 06:32 PM, cooloutac wrote: On Tuesday, August 29, 2017 at 12:25:51 PM UTC-4, cooloutac wrote: On Tuesday, August 29, 2017 at 11:38:59 AM UTC-4, Patrik Hagara wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/29/2017 04:50 PM, cyberian@national.shitposting.agency

Re: [qubes-users] qvm-block doesn't list/expose dom0 loop devices

2017-09-10 Thread David Hobach
On 09/10/2017 05:44 PM, nicholas roveda wrote: `qvm-block` lists all vms loop device, but no the dom0 ones. I've checked with `udevadm info -q all` and I've noticed loop devices don't have the 'QUBES_EXPOSED' property. Can you try to reproduce my situation and show me your `udevadm` output

[qubes-users] 4.0rc1 X Server Restarts during idle times

2017-09-26 Thread David Hobach
Hi all, does anyone else have the issue in 4.0rc1 that the X server restarts after X screensaver locks when you go away from your laptop? This is rather annoying as it kills the screensaver and restarts some other services which I'd usually not prefer to have restarted... Unfortunately I

Re: [qubes-users] /var/log excessive filesystem usage

2017-09-26 Thread David Hobach
On 09/26/2017 09:56 AM, Alex wrote: On 09/26/2017 09:44 AM, taii...@gmx.com wrote: Update: deleting the contents of /var/log, /tmp and /var/tmp caused my system to be unbootable which is silly as these are not meant to be permanent locations I received errors about qmemmman not being able to

Re: [qubes-users] Is VT-D active?

2017-10-01 Thread David Hobach
On 10/01/2017 03:48 PM, Marco Silva wrote: HVM: Active I/O MMU: Active IOMMU = VTd (AMD) - (Intel) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] qvm-block doesn't list/expose dom0 loop devices

2017-09-01 Thread David Hobach
On 09/01/2017 05:13 PM, Unman wrote: On Tue, Aug 29, 2017 at 04:08:38PM -0700, nicholas roveda wrote: I'm using R4.0 rc1. I wanted to install a Linux distro inside a disk image located in dom0 home, using QEMU in an AppVM. I've created a new disk image in dom0, set it up (dos partition

Re: [qubes-users] Re: Qubes 4.0-rc1 installer won't boot

2017-09-04 Thread David Hobach
On 09/04/2017 05:35 AM, Jason Holt wrote: Rebooting in legacy mode allowed me to install, but then it wouldn't boot. Tried the standard fixes listed in the docs, but didn't see how they were supposed to work with 4.0, gave up. Optimistic for the future of qubes, anyway. Try modifying

Re: [qubes-users] Turn off quiet boot?

2017-10-12 Thread David Hobach
On 10/12/2017 08:37 AM, Patrik Hagara wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 10/12/2017 01:42 AM, Ron Hunter-Duvar wrote: Does anyone know how to turn off QubesOs' quiet boot (splash screen instead of kernel messages)? I like to see the messages during boot (and

Re: [qubes-users] Qubes R4 RC1 GUI backup tool doesn't exist yet?

2017-10-09 Thread David Hobach
On 10/09/2017 01:04 PM, Patrick Schleizer wrote: I guess a GUI backup tool doesn't exist as of Qubes R4 RC1 (plus all stable upgrades)? I didn't notice one so far. qvm-backup & restore seem to be fully functional on command-line though. The progress in 'Qubes Manager Decomposition for

Re: [qubes-users] iommu=no-igfx

2017-10-18 Thread David Hobach
On 10/17/2017 08:08 PM, Roy Bernat wrote: On Tuesday, 17 October 2017 11:01:04 UTC-4, David Hobach wrote: i have dell xps 9360 ( kaby lake i7 intel 620 ) when i installed qubes after installation the qubes didnt succeeded to start . work around that worked was to remove from grub the iommu

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread David Hobach
On 11/27/2017 07:47 AM, Wael Nasreddine wrote: I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got two hard reboots in the last few hours, often around the time I start a VM. I do not see anything in the log. P.S: I've been running Citrix XenServer for two years on this machine with no

Re: [qubes-users] Random sudden reboots

2017-11-27 Thread David Hobach
On 11/27/2017 07:57 PM, David Hobach wrote: On 11/27/2017 07:47 AM, Wael Nasreddine wrote: I'm running 4.0-RC2 on Asrock Z170 pro4/i7-6700k and I got two hard reboots in the last few hours, often around the time I start a VM. I do not see anything in the log. P.S: I've been running Citrix

Re: [qubes-users] sys-usb won't start under Qubes 4.0rc2 / pci strict reset for RC2

2017-11-27 Thread David Hobach
On 11/27/2017 09:01 PM, '[799]' via qubes-users wrote: Hello, After having lots of problems to install Qubes 4rc2 on my X230 replaced my Coreboot BIOS with the stock/factory ROM and reinstalled from scratch. Luckily I can now start AppVMs and also create new VMs. The only thing which is not

Re: [qubes-users] Q4rc3 debian-9 template fails to update.

2017-12-18 Thread David Hobach
On 12/18/2017 03:58 PM, Chris Laprise wrote: On 12/16/2017 07:49 AM, Yuraeitha wrote: On Saturday, December 16, 2017 at 10:51:30 AM UTC, Chris Laprise wrote: On 12/16/2017 04:21 AM, haaber wrote: I freshly installed debian-9 ; when installing packages, apt-get hangs for days(!) with 81%

Re: [qubes-users] Re: 4.0 rc1 firewall failed stderr cannot execute qrexec-daeomn

2017-11-11 Thread David Hobach
On 11/11/2017 12:52 AM, Stumpy wrote: On 10.11.2017 17:45, David Hobach wrote: On 11/10/2017 05:41 PM, David Hobach wrote: Your point about sys-net not working might very well be part of it as it seems to start sometimes and not others, though the firewall isn't starting 100% of the time

Re: [qubes-users] Re: 4.0 rc1 firewall failed stderr cannot execute qrexec-daeomn

2017-11-10 Thread David Hobach
Your point about sys-net not working might very well be part of it as it seems to start sometimes and not others, though the firewall isn't starting 100% of the time. There's a few issues wrt the qubes firewall open on github. The funny/bad thing about it being that if it doesn't start,

Re: [qubes-users] Re: 4.0 rc1 firewall failed stderr cannot execute qrexec-daeomn

2017-11-10 Thread David Hobach
On 11/10/2017 05:41 PM, David Hobach wrote: Your point about sys-net not working might very well be part of it as it seems to start sometimes and not others, though the firewall isn't starting 100% of the time. There's a few issues wrt the qubes firewall open on github. The funny/bad

Re: [qubes-users] IP Redirection to localhost in AppVM

2017-11-10 Thread David Hobach
On 11/10/2017 10:40 PM, Michael Strasser wrote: Hi! I have an AppVM (Standalone) in which I would like to redirect all (TCP) traffic going to a specific IP address to localhost. I'm using the AppVM for Malware Analysis, so I usually have no NetVM connected. I've tried a few iptables commands

Re: [qubes-users] Why is there no qubes manager in V4.0?

2017-10-29 Thread David Hobach
There is many of those requests ready. The running vms you can see using xfce bar with generic monitor (ls --fields ip,name,state). Look these pictures. conky can be used to obtain similar results. -- You received this message because you are subscribed to the Google Groups "qubes-users"

Re: [qubes-users] Re: Properly setup a qube dns cache server

2017-10-29 Thread David Hobach
On 10/28/2017 06:36 PM, nicholas roveda wrote: Up to now, I've thought of 2 possible solutions: [...] I really need some help, maybe from the developers, to understand better these mechanisms, to be able to implement a solution as more general as possible, that users can adopt without

Re: [qubes-users] Why is there no qubes manager in V4.0?

2017-10-30 Thread David Hobach
On 10/30/2017 12:40 AM, Ray Joseph wrote: On Sunday, October 29, 2017 at 1:52:53 PM UTC-5, David Hobach wrote: On 10/29/2017 03:36 PM, Sergio da Matta wrote: Dear David, Thank you for your information. I did not know conky. I liked it but I did not find the repo. Did you installed on dom0

Re: [qubes-users] Re: Qubes OS 4.0 second candidate (rc2) has been released!

2017-10-24 Thread David Hobach
On 10/24/2017 02:43 PM, Johannes Graumann wrote: On Tue, 2017-10-24 at 05:36 -0700, Roy Bernat wrote: On Tuesday, 24 October 2017 04:21:48 UTC-4, Marek Marczykowski- Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, We have just released Qubes 4.0-rc2:

Re: [qubes-users] Why is there no qubes manager in V4.0?

2017-10-29 Thread David Hobach
On 10/29/2017 03:36 PM, Sergio da Matta wrote: Dear David, Thank you for your information. I did not know conky. I liked it but I did not find the repo. Did you installed on dom0? Yes, sudo qubes-dom0-update conky does it. I attached my config for your convenience. KR David -- You received

Re: [qubes-users] Any way to attach a USB drive to a VM by label?

2018-05-19 Thread David Hobach
On 05/19/2018 01:04 AM, Qubes Guy wrote: On Friday, May 18, 2018 at 5:59:09 PM UTC-4, David Hobach wrote: On 05/18/2018 08:19 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, May 17, 2018 at 05:57:09PM -0700, Qubes Guy wrote: I've successfully

Re: [qubes-users] Any way to attach a USB drive to a VM by label?

2018-05-18 Thread David Hobach
On 05/18/2018 08:19 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, May 17, 2018 at 05:57:09PM -0700, Qubes Guy wrote: I've successfully used qvm-block (in Dom0) to attach USB drives to different VMs (persistently), but I've noticed that Qubes (or

Re: [qubes-users] Pass I/O option from qvm-run - In Depth Knowlege?

2018-05-18 Thread David Hobach
On 05/16/2018 05:51 PM, cr33dc0...@gmail.com wrote: Hello All, Often used the -p or -pass-io option in the past and wanted to get some deeper knowlege how this actually works, if or what xen based techniques are behind it and so on. Sadly the only thing i found was: "Pass stdin/stdout/stderr

Re: [qubes-users] Re: Qubes OS 4.0 second candidate (rc2) has been released!

2017-10-27 Thread David Hobach
2. Upgrade your templates to rc2 (make sure to keep some AppVMs running in case you need them), then do an offline re-partitioning of your template VMs (a 5-10 line script with losetup, fdisk & dd should suffice) either in dom0 or in a running AppVM, if you don't want your template VMs' file

Re: [qubes-users] Re: QSB #37: Information leaks due to processor speculative execution bugs (XSA-254, Meltdown & Sepctre)

2018-01-18 Thread David Hobach
On 01/18/2018 04:04 PM, cooloutac wrote: SO it doesn't look like 4th or 5th generation boards are going to get a bios patch. IS the bios patch nescessary? Meltdown can be patched on Kernel and/or Hypervisor level with a performance loss by doing in the Kernel what should be done by the CPU.

Re: [qubes-users] Qubes 3.2: Temporarily allowing full access does not revoke it after the time runs out

2018-02-03 Thread David Hobach
- open in dom0: /usr/lib/systemd/system/qubes-reload-firewall@.timer and add "OnUnitActiveSec=1m" on the end of file. - Reload systemd config -> "systemctl daemon-reload" and try to test again. Doesn't changing the config and reloading all services with changed config just reload the

Re: [qubes-users] Qubes 3.2: Temporarily allowing full access does not revoke it after the time runs out

2018-02-04 Thread David Hobach
On 02/03/2018 01:31 PM, donoban wrote: On 02/03/2018 01:10 PM, David Hobach wrote: When you add temporary access for a AppVM, a service and a timer are created for that VM: - qubes-reload-firewall@(VM-Name).timer - qubes-reload-firewall@(VM-Name).service then the timer is enabled. 1min later

Re: [qubes-users] Qubes 3.2: Temporarily allowing full access does not revoke it after the time runs out

2018-02-04 Thread David Hobach
I also just noticed that the feature seems to exist in the 4.0 GUI. Maybe I'll test that as well... I just tested it in 4.0 and that's affected by the bug as well... I managed to re-produce it 2/2 times with 2m and proxy and sys-net as netvm. What is interesting: qvm-firewall in dom0 lists a

[qubes-users] firefox addons in offline template VMs

2018-02-06 Thread David Hobach
Dear all, does anyone have a good solution for offline firefox addon installation & regular updates to template VMs? If so, I'd be delighted if you shared your idea or code. Otherwise I'd probably write a few lines to download the addons in a separate VM, pass it to the offline template via

[qubes-users] Re: [qubes-devel] Qubes OS 4.0-rc4 has been released!

2018-02-06 Thread David Hobach
On 02/01/2018 03:44 AM, Andrew David Wong wrote: We're pleased to announce the fourth release candidate for Qubes 4.0! A big thanks for that! So far it seems more stable than the previous RCs and PVH doesn't only provide the mentioned security gain, but also provides much better performance

[qubes-users] Re: firefox addons in offline template VMs

2018-02-15 Thread David Hobach
On 02/06/2018 07:24 PM, David Hobach wrote: Dear all, does anyone have a good solution for offline firefox addon installation & regular updates to template VMs? If so, I'd be delighted if you shared your idea or code. Otherwise I'd probably write a few lines to download the ad

Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-14 Thread David Hobach
On 02/15/2018 02:00 AM, pixel fairy wrote: On Wednesday, February 14, 2018 at 4:58:06 PM UTC-8, pixel fairy wrote: Fedora. just tried debian. 44.286s seconds. Forgot the hardware. i7-6700, 64gigs ddr4, supermicro c7z170-sq, onboard intel graphics. Got 13s with pvh on a laptop last built in

Re: [qubes-users] q4rc4 very slow. VMs take 23 - 33 seconds to start

2018-02-17 Thread David Hobach
On 02/17/2018 05:26 AM, WillyPillow wrote: I did some timing, and for PVH, my Fedora 26 VMs take about 30s, while Debian 9 takes about 45s. For HVM, qrexec usually times out (did not bother to adjust the timeout). P.S.: I recall I had similar issues with HVM in 4.0rc1, cf.

Re: [qubes-users] Re: POWER9

2018-02-26 Thread David Hobach
On 02/26/2018 04:29 PM, 'awokd' via qubes-users wrote: On Sun, February 25, 2018 11:33 pm, taii...@gmx.com wrote: Yeah unfortunately Xen doesn't support POWER and they have rebuffed advances from IBM and Raptor offering assistance to support it. Is there a link somewhere to this? I've

Re: [qubes-users] QSB #42: Linux netback driver OOB access in hash handling (XSA-270)

2018-08-26 Thread David Hobach
On 08/14/2018 09:12 PM, Andrew David Wong wrote: Patching = The Xen Project has provided patches to fix this issue. The specific packages that resolve the problems discussed in this bulletin are as follows: [..] For Qubes 4.0: - kernel packages, version 4.14.57-2 -

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread David Hobach
On 03/11/2018 11:21 AM, Chris Laprise wrote: ...and for now omitted the '-d' destination part in iptables. Then if I issue: sudo iptables -t nat -F PR-QBS sudo iptables -t nat -A PR-QBS  -i vif+ -p udp --dport 53 -j DNAT --to $eth0_address sudo iptables -t nat -A PR-QBS  -i vif+ -p tcp

Re: [qubes-users] DNS propagation in Qubes

2018-03-11 Thread David Hobach
On 03/11/2018 03:03 PM, David Hobach wrote: So yes, if one is aware of that issue, one can certainly use it the way you described. If you rely on the qubes-firewall to work as expected, you shouldn't use it. P.S.: An alternative might be to setup the local DNS service in a VM closer

Re: [qubes-users] DNS propagation in Qubes

2018-03-12 Thread David Hobach
On 03/11/2018 03:15 PM, David Hobach wrote: An alternative might be to setup the local DNS service in a VM closer to the Internet, i.e. not in the proxy VM which also implements the qubes firewall. Something like Internet <-- sys-net <-- sys-firewall <-- DNS server VM <-- proxy VM

Re: [qubes-users] DNS propagation in Qubes

2018-03-13 Thread David Hobach
On 03/13/2018 07:14 AM, Alex Dubois wrote: On 12 Mar 2018, at 18:40, David Hobach <trip...@hackingthe.net> wrote: On 03/11/2018 03:15 PM, David Hobach wrote: An alternative might be to setup the local DNS service in a VM closer to the Internet, i.e. not in the proxy VM which also impl

Re: [qubes-users] DNS propagation in Qubes

2018-03-08 Thread David Hobach
On 03/07/2018 06:40 PM, Unman wrote: On Wed, Mar 07, 2018 at 11:58:21AM -0500, Micah Lee wrote: I'm trying to make all DNS requests in Qubes go over TLS (more information about this [1]). I've got this successfully working in sys-net by running a local DNS server on udp 53 that forwards DNS

[qubes-users] Tester needed: AMD CPU Microcode update

2018-04-20 Thread David Hobach
Dear users, the project currently requires a tester for https://github.com/QubesOS/qubes-issues/issues/3703 (see the comment by marmarek https://github.com/QubesOS/qubes-issues/issues/3703#issuecomment-381369180) It would be really nice if someone could help out. Thanks & KR David -- You

Re: [qubes-users] Re: Lenovo G505S Coreboot

2018-04-20 Thread David Hobach
On 04/20/2018 12:21 PM, River~~ wrote: correction where I said My assumption is that the time is explained by the fact that it is not only booting the physical machine but also the various CMs that are tagged to be started at bootup. I meant VMs, not CMs correction where I said

Re: [qubes-users] My farewell to Qubes OS!

2018-10-28 Thread David Hobach
On 10/27/18 7:26 PM, taii...@gmx.com wrote: No!! comp-sci angel D: you are IMO the best computer security person on the planet and now you leave us :'[ I wasn't too happy neither to see the presumably main Qubes visionary leave. Anyway I look forward to hear about new interesting

Re: [qubes-users] Re: Replacement for Lenovo x230 (coreboot'able + high res)

2018-10-28 Thread David Hobach
On 10/27/18 12:42 PM, superriku11 wrote: All of the **30 series ThinkPads were supported by Coreboot, last I checked. The T430 has a 14-inch screen, but not FHD resolution like you would like. There is a screen replacement that some people have done to upgrade it to 1920 x 1080.

Re: [qubes-users] nftables vs iptables

2018-10-10 Thread David Hobach
On 10/10/18 3:33 PM, unman wrote: On Wed, Oct 10, 2018 at 03:17:47PM +0200, Illidan Pornrage wrote: On 10/10/18 3:14 PM, unman wrote: On Tue, Oct 09, 2018 at 09:18:22PM +0300, Ivan Mitev wrote: On 10/9/18 7:44 PM, mfreemon wrote: On 10/8/18 10:56 AM, mfreemon wrote: On 10/2/18 2:25 AM,

Re: [qubes-users] Error when trying to add a lot of firewall rules

2019-01-01 Thread David Hobach
On 1/2/19 4:34 AM, qubes-users-list - wrote: Ah! I reread the docs, and it mentions a size limit 3k/~35-39 rules. So I suspect that I'm hitting this limit. I was getting the error right in that range. Thank you for pointing me at that. The docs point out rightly that I can just put rules in

Re: [qubes-users] Re: dom0 error

2018-12-18 Thread David Hobach
On 12/18/18 7:28 PM, cooloutac wrote: On Sunday, December 16, 2018 at 8:13:52 AM UTC-5, Roy Bernat wrote: while trying to update dom0 getting error sys-firewall command failed with code 1 Roy I'm getting the same thing. Updates go through but just wondering why the error and if it should

Re: [qubes-users] Re: R4.0: sys-net, sys-firewall and other network VM(s) forced to always be on

2018-12-15 Thread David Hobach
On 12/13/18 8:10 PM, mike wrote: On Thursday, December 13, 2018 at 2:52:06 AM UTC+2, reby wrote: IIRC sys-net sometimes can be stubborn if one is not patient enough so use qvm-kill if in a hurry . personally I don't see a downside of it autostarting, though I guess one might have reasons

Re: [qubes-users] old version of xscreensaver

2019-01-04 Thread David Hobach
On 1/4/19 9:24 AM, Frédéric Pierret wrote: On 1/4/19 1:51 AM, unman wrote: On Fri, Jan 04, 2019 at 12:03:49AM +0100, Frédéric Pierret wrote: We built the upstream package of xscreensaver in current-testing for both Qubes 3.2 and 4.0. Welcome back to XFCE Chris :D ! On 1/3/19 11:56 PM, Chris

[qubes-users] ANN: blib - a bash library

2019-01-12 Thread David Hobach
Dear all, I recently released blib [1], a bash library which also aims to be useful for Qubes OS bash developers. The documentation can be found at [2], the Qubes specific part at [3]. A short example of what it can do: --- #!/bin/bash source blib b_import

Re: [qubes-users] Re: 0.1 BTC bugfix bounty

2018-09-12 Thread David Hobach
On 09/12/2018 04:51 PM, Stickstoff wrote: On 09/11/2018 03:52 PM, Thomas Papenkort wrote: I have run into the same problem for backups when switching to qubes 4.0 and found this workaround: # a file cannot be attached if it is in directory /var/lib/qubes/appvms, so create a link first

Re: [qubes-users] Re: ThinkPad X270 USB C/Thunderbolt USB C type and docking station Qubes 4.0

2019-03-21 Thread David Hobach
You're doing all this, BTW, because rather than supporting Thunderbolt and PCIe hotplug (which are usually protected by that device authorization you have to disable), Qubes is trying to protect users with FireWire and ExpressCard that are fundamentally insecure. I hope those extra 4 times a

Re: [qubes-users] where/how does dom0 gets its icons?

2019-03-02 Thread David Hobach
On 3/1/19 8:54 PM, Daniel Allcock wrote: Hello, I would like to understand what to do to customize the icons that appear in the Q menu for template and app vms. The only way I have found that works is to overwrite icon files in /usr/share/icons/Adwaita/* in the template vm. In dom0 it is easy:

Re: [qubes-users] Logging Drop Packets

2019-03-09 Thread David Hobach
On 3/9/19 2:58 AM, unman wrote: On Fri, Mar 08, 2019 at 08:07:46PM +0100, Zrubi wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 3/8/19 3:28 PM, cmsch...@gmail.com wrote: I'm trying to setup an appvm like this: appvm -> appvm_firewall -> vpn -> vpn_firewall -> sys-net I want to

Re: [qubes-users] ThinkPad X270 USB C/Thunderbolt USB C type and docking station Qubes 4.0

2019-03-20 Thread David Hobach
On 3/20/19 1:33 PM, aaq via qubes-users wrote: Hello qubes users! I currently acquired this dock (https://www.dell.com/en-us/shop/dell-business-thunderbolt-dock-tb16-with-240w-adapter/apd/452-bcnu/pc-accessories), and tried to connect it with my laptop, but it does not seem to work. I have

Re: [qubes-users] [warn] last whonix-gw update, ipv6 and possible VPN leak!

2019-02-16 Thread David Hobach
On 2/15/19 10:14 PM, 'Evastar' via qubes-users wrote: Seems after last whonix update my old VPN VM begin leaking traffic. After investigation I found that it's because ipv6 primary connection to whonix-gw. I guess that whonix-gw now supporting ipv6. It leak traffic through ipv6 connection to

Re: [qubes-users] Spontaneous rebooting

2019-04-18 Thread David Hobach
On 4/18/19 12:52 AM, Michael Siepmann wrote: I dont see this on any machine, including long running desktops. Is it possible that you are suffering from over-heating? That would account for symptoms. I'm now monitoring temperatures with the "sensors" command in a dom0 terminal and although the

Re: [qubes-users] Spontaneous rebooting

2019-04-13 Thread David Hobach
On 4/12/19 5:24 PM, Michael Siepmann wrote: On 8/10/18 12:37 PM, Kelly Dean wrote: Am I the only one having a problem with Qubes spontaneously rebooting on Intel hardware? Only other reports I see are about AMD problems, but I'm using an Intel Core i3. Happens every few weeks. Sometimes

Re: [qubes-users] Spontaneous rebooting

2019-04-13 Thread David Hobach
On 4/13/19 8:29 PM, brendan.h...@gmail.com wrote: There are some discussions in qubes-issues on github about torbrowser causing 100% cpu while idle, yet appearing to mostly work ok. Running a couple VMs with that bug might cause an overheat reboot on some systems... No Intel AMT

Re: [qubes-users] How to automate cloud backups of trusted vault files?

2019-05-27 Thread David Hobach
On 5/27/19 12:52 PM, 'Side Realiq' via qubes-users wrote: How to automate backups of files from a very trusted vault to the cloud? What are some best practices for that? My current issue is that the files in the trusted vault do not have internet connection, so the cloud backup software

Re: [qubes-users] How to tag a VM?

2019-05-27 Thread David Hobach
On 5/27/19 2:24 PM, 'Side Realiq' via qubes-users wrote: According to the RPC Policy https://www.qubes-os.org/doc/rpc-policy/ VMs can be "tagged". How? I cannot find tags in the Qube Manager. Please check `man qvm-tags` in dom0. -- You received this message because you are subscribed to

Re: [qubes-users] How to automate cloud backups of trusted vault files?

2019-05-28 Thread David Hobach
On 5/27/19 3:05 PM, David Hobach wrote: On 5/27/19 12:52 PM, 'Side Realiq' via qubes-users wrote: How to automate backups of files from a very trusted vault to the cloud? What are some best practices for that? My current issue is that the files in the trusted vault do not have internet

Re: [qubes-users] How to sync files from a file as block device attached to another qube?

2019-06-03 Thread David Hobach
On 6/2/19 6:03 PM, 'SideRealiq' via qubes-users wrote: If I create a loopback device in vm1 and attach it to vm2, any changes in vm1 device are not reflected in the attached vm2 device. Why is that and how can they be reflected/synced? Here is my test code: # in vm1 sudo losetup -f --show

[qubes-users] Convenient untrusted storage for Qubes OS: qcrypt & qcryptd

2019-06-20 Thread David Hobach
Dear all, Qubes OS has always provided the basic tools to accomplish encrypted storage devices, namely qvm-block [1] and cryptsetup [2]. However the combination is neither self-explanatory nor convenient for users who come from Operating Systems which provide "plug & play" for most devices.

Re: [qubes-users] Convenient untrusted storage for Qubes OS: qcrypt & qcryptd

2019-06-21 Thread David Hobach
On 6/20/19 8:12 PM, Chris Laprise wrote: This could be an improvement over the scripts I use to mount backup volumes in dom0. One hope that popped into my mind as soon as I saw this post is for some kind of automatic teardown to address this: > but shutting down the mediator-vm during the

Re: [qubes-users] Re: Qubes - Critique (long)

2019-05-11 Thread David Hobach
On 5/10/19 8:09 PM, Chris Laprise wrote: On 5/10/19 12:16 PM, Marc Griffiths wrote: My experience of installing on a Lenovo Yoga 720 was seamless, everything worked including the touch screen. However, I experienced a lot of random browser crashing. Chromium dead birds on a fairly regular

Re: [qubes-users] Qubes OS 4.0.2-rc1 has been released!

2019-07-11 Thread David Hobach
On 7/10/19 3:52 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Dear Qubes Community, We're pleased to announce the first release candidate for Qubes 4.0.2! Features:   - All 4.0 dom0 updates to date   - Fedora 30 TemplateVM   - Debian 10 TemplateVM   - Whonix 15

  1   2   >