Re: [qubes-users] Re: [qubes-devel] Window border colors

2016-07-27 Thread Manuel Amador (Rudd-O)
On 07/26/2016 10:11 PM, Andrew David Wong wrote: > On 2016-07-26 14:52, Manuel Amador (Rudd-O) wrote: > > Hello. I just did an update, rebooted, and now my window borders do > not > > have the VM's colors. The prefix on the window title is correct tho. > > > > W

Re: [qubes-users] Re: [qubes-devel] Window border colors

2016-07-27 Thread Manuel Amador (Rudd-O)
On 07/26/2016 11:29 PM, Marek Marczykowski-Górecki wrote: > On Tue, Jul 26, 2016 at 03:11:33PM -0700, Andrew David Wong wrote: > > On 2016-07-26 14:52, Manuel Amador (Rudd-O) wrote: > >> Hello. I just did an update, rebooted, and now my window borders > do not >

Re: [qubes-users] Re: [qubes-devel] Window border colors

2016-07-27 Thread Manuel Amador (Rudd-O)
On 07/27/2016 04:53 AM, Marek Marczykowski-Górecki wrote: > > Go to system settings -> Application Style -> Window Decorations. It > should be set to "Breeze". If it is set to "Plastik", it may be the > cause of the problems. Shit yo, for some reason my thing was set to Plastik, and I set it to

Re: [qubes-users] Qubes Security Bulletin #24 (Critical bug)

2016-07-27 Thread Manuel Amador (Rudd-O)
On 07/26/2016 11:34 PM, Marek Marczykowski-Górecki wrote: > On Tue, Jul 26, 2016 at 04:25:41PM -0700, raahe...@gmail.com wrote: > > "Of course, to be compatible with Qubes OS, the BIOS must properly > expose all the VT-x, VT-d, and SLAT functionality that the underlying > hardware offers (and

Re: [qubes-users] Re: Qubes Security Bulletin #24 (Critical bug)

2016-07-27 Thread Manuel Amador (Rudd-O)
On 07/27/2016 02:22 AM, Drew White wrote: > On Tuesday, 26 July 2016 22:06:25 UTC+10, Joanna Rutkowska wrote: >> We have just released a new Qubes Security Bulletin (QSB #24) for a critical >> bug >> in the Xen hypervisor: >> >>

[qubes-users] Qubes server?

2016-07-30 Thread Manuel Amador (Rudd-O)
Hello! I want to roll my own Qubes server — software-defined networking, remote VM management, all the goodies that come with Qubes like volatile VMs and VM templates — but I have had real trouble writing code to "undo" some of the features of Qubes that make routing and firewalling essentially

Re: [qubes-users] Re: What do you think about the idea of a FileVM?

2016-07-30 Thread Manuel Amador (Rudd-O)
On 07/30/2016 12:12 AM, arthur.summ...@gmail.com wrote: > I agree with the idea of having an option for a storage VM, but my agreement > goes a little deeper (and forks a bit). I know that the primary goal of Qubes > is security, but there are a lot of different use cases for it. I use it >

Re: [qubes-users] [code] Testers wanted: Bluetooth dead man's switch

2016-07-31 Thread Manuel Amador (Rudd-O)
On 07/24/2016 02:29 AM, Andrew wrote: > Hello, > > I have made proper RPMs out of the dead man's switch code posted to the > list a few years back. The code can be found here: > https://github.com/kbrn/qubes-app-dms. Pre-built RPMs are attached. > These packages have already been tested on my

Re: [qubes-users] Re: Is a legacy BIOS preferable to UEFI for a secure system?

2016-08-02 Thread Manuel Amador (Rudd-O)
On 08/02/2016 06:10 PM, grzegorz.chodzi...@gmail.com wrote: > > Easier troubleshooting/updating/diagnostics. Modern UEFI installed on e.g > gaming motherboards can update itself over Ethernet connection, reinstall > itself from scratch and sometimes contains a built-in mini-linux. If you do >

Re: [qubes-users] Re: Qubes server?

2016-08-10 Thread Manuel Amador (Rudd-O)
On 08/08/2016 08:57 PM, Andrew wrote: > Iestyn Best: >> Hi, >> >> I have been interested in an idea like that as I could see it beneficial for >> many organisations but currently I have had no actual driving need for it at >> this time. >> >> I would be interested in hearing of something like

Re: [qubes-users] Re: Qubes 3.1 crashing, no warning, no error message (Lenovo X230)

2016-07-16 Thread Manuel Amador (Rudd-O)
On 07/07/2016 03:41 AM, Drew White wrote: > On Thursday, 7 July 2016 03:28:10 UTC+10, Andreas Rasmussen wrote: >> Hi! >> >> I bought a Lenovo x230 and installed Qubes 3.1 early may. It has worked >> like a charm, but in the last two or three weeks the computer has been >> shutting down without

Re: [qubes-users] Qubes 3.1 crashing, no warning, no error message (Logitech Unifying receiver and mouse)

2016-07-16 Thread Manuel Amador (Rudd-O)
On 07/07/2016 01:31 PM, Chris Laprise wrote: > On 07/07/2016 06:49 AM, Andreas Rasmussen wrote: >> [logitech mouse crash] >>> >> Where do I read more on this? Thanks for the input! >> > > https://github.com/QubesOS/qubes-issues/issues/1689 > > Chris > I installed the kernel package that was

Re: [qubes-users] Minimal VM requirements for Salt configuration are not documented

2017-01-22 Thread Manuel Amador (Rudd-O)
On 01/20/2017 08:58 AM, qu...@posteo.de wrote: > Hi, > > I am trying to setup all VMs with Salt since the switch to Fedora 24. > > I usually took the minimal template and create the others on base of > this with more packages. > > The problem is that the Qubes salt documentation does not document

Re: [qubes-users] NetVM without firewall, no PING from outside?

2017-02-17 Thread Manuel Amador (Rudd-O)
Qubes-network-server takes care of this for you. On February 14, 2017 2:02:18 AM PST, Jarle Thorsen wrote: >> Unman: >> > I suggest you read the docs: >> > www.qubes-os.org/doc/firewall has a section on allowing traffic in >to >> > qubes. >> >> Thank you for the link.

Re: [qubes-users] Resize dom0

2017-02-18 Thread Manuel Amador (Rudd-O)
It is the standard procedure to enlarge any root partition on any Linux — enlarge encrypted volume, enlarge LVM physical volume, enlarge enlarge LVM logical volume, enlarge root file system. You will have to do this from a rescue initramfs or another Linux system you booted from. On February

Re: [qubes-users] qubes partitioning questsion

2017-02-18 Thread Manuel Amador (Rudd-O)
Separate /usr is not supported. There is no point in sub mount points under /var/lib/qubes. /var/lib/Qubes is enough as a single mountpoint. There is no point in /var/lib/* sub mount points. Or /var/log for that matter. You don't have to have /home under a mountpoint. Dom0 /home should be

Re: [qubes-users] MP3 support but SMB issues on DebVM or SMB support with MP3 issues on FedVM?

2017-02-18 Thread Manuel Amador (Rudd-O)
Create a mount unit in your template of the Deb VM, which does the mount. Have it WantedBy=multi-user.target. Enable it. Add a ConditionPathExists=/var/run/qubes-service/mediamount to the unit. Power off the template and the Deb VM. Thru Qubes Manager, add a Qubes service to the DebVM,

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-02-27 Thread Manuel Amador (Rudd-O)
On 02/27/2017 12:51 PM, Chris Laprise wrote: > > In some backup systems, each backup appears complete to the system, > even though it was created with incremental deltas. A benefit of this > is you can delete any backup in the set to reclaim space, without > affecting any of the remaining

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-02-27 Thread Manuel Amador (Rudd-O)
On 02/27/2017 01:53 PM, Manuel Amador (Rudd-O) wrote: > > I am terrified that Qubes 4.0 will force me to use LVM, because LVM is > frankly a disaster for data recovery and for data integrity as well. I > would be willing to write an adapter to use ZFS zvols instead. That > wou

Re: [qubes-users] Feedback request: Incremental file-based backup PoC

2017-02-27 Thread Manuel Amador (Rudd-O)
On 02/26/2017 10:07 PM, Vít Šesták wrote: > Q: Can I backup VM that is running? > A: If you have LVM-based private.img, you can. (See README for details.) If > you have standard file-based private.img, you cannot. I don't plan to > implement this feature for file-based private.img, because Qubes

Re: [qubes-users] Switch of DMA altogether..?

2016-10-08 Thread Manuel Amador (Rudd-O)
On 10/08/2016 04:36 PM, neilhard...@gmail.com wrote: > I've been going through some of the networking modules on my Qubes system. > [...] > Let's start from the beginning. Can you explain to us how a DMA attack works? -- Rudd-O http://rudd-o.com/ -- You received this message because

Re: [qubes-users] Switch of DMA altogether..?

2016-10-08 Thread Manuel Amador (Rudd-O)
On 10/08/2016 07:05 PM, Ilpo Järvinen wrote: > On Sat, 8 Oct 2016, neilhard...@gmail.com wrote: > >> DMA allows network card to read/write RAM. >> >> DMA attack allows one already-compromised VM to read the RAM of another >> VM, thus breaching Qubes isolation... unless you use VT-D, although >>

Re: [qubes-users] Switch of DMA altogether..?

2016-10-08 Thread Manuel Amador (Rudd-O)
On 10/07/2016 11:25 PM, neilhard...@gmail.com wrote: > OK. This is getting confusing. > > So you are now saying that you can't do a DMA attack over the web..? > > If I had one computer connected to another via Ethernet crossover, could one > computer infect the other via DMA by sending the DMA

[qubes-users] ANN: git-remote-qubes: Inter-VM Git for Qubes OS

2016-10-27 Thread Manuel Amador (Rudd-O)
It gives me great pleasure to announce the inter-VM Git bridge for Qubes OS, which allows you to git push and git pull from VMs stored in other repos, with no networking involved whatsoever, and observing full compliance with Qubes OS qrexec policy. This should usher in a new era of software

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-27 Thread Manuel Amador (Rudd-O)
On 10/27/2016 09:15 AM, cyrinux wrote: > > Hi Rudd-o, just for say I use Qubes VPN since 2 weeks, with mullad, and no > problem, this seems perfect ;) Thank you very, very much. You are very kind for taking the time to give public appreciation for my work :-) This is the stuff I live for.

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-27 Thread Manuel Amador (Rudd-O)
On 10/27/2016 12:03 PM, Robert Mittendorf wrote: > Just saw the Qubes VPN project right now. > > Quick-reading the tutorial I have to questions: > > 1) why does the VPN-VM need to be allowed to do DNS, The VPN VM does not need to be allowed to do DNS. You can set an IP in its configuration and

Re: [qubes-users] How to destroy files without leaving any traces ?

2016-10-27 Thread Manuel Amador (Rudd-O)
On 10/27/2016 04:34 AM, Andrew David Wong wrote: > > > Building on what Chris said, here are your general options, from best > to worst: > > [...] > 2. Make sure the data is encrypted before it ever touches the storage > medium (then wipe the encryption headers, if any, or keep the key secret).

Re: [qubes-users] How to destroy files without leaving any traces ?

2016-10-27 Thread Manuel Amador (Rudd-O)
On 10/26/2016 04:46 PM, maritnez wrote: > you have a file that contains sensitive banking data and would like to delete > it without leaving any traces on your system. > > you can 'move it to trash' > which moves it to the trash > > you can then press the delete button in your trash container but

Re: Negative test result for fedora 24... Was: Re: Request for test: Re: [qubes-users] Fedora 24?

2016-10-27 Thread Manuel Amador (Rudd-O)
On 09/16/2016 04:41 AM, J. Eppler wrote: > Is it a good idea to spend time on fedora 24? Fedora 25 should be released in > November/December and will use Wayland per default. Would it not be better to > skip Fedora 24 and focus on resources and efforts on Fedora 25? > We will not get to Fedora

[qubes-users] Re: ANN: Qubes network server

2016-11-06 Thread Manuel Amador (Rudd-O)
On 11/05/2016 03:54 PM, Max wrote: > > Thanks for the response! > > I ran this and also ran 'sudo dnf install go' when I came across the > following error: 'go is needed by qubes-network-server-0.0.4-1.fc23.noarch'. A commit is now out which eliminates this dependency. > I then did the cd into

Re: [qubes-users] Your Battery is syping on you...

2016-11-04 Thread Manuel Amador (Rudd-O)
On 11/04/2016 08:32 PM, 198730178489710317470139 wrote: > Hello, > > good to know that Firefox and other mainstream-browser's spy-features don't > work inside the Q-VMs. > > But here are many ways to find out, who is sitting in front of the screen, > without get logged in, e.g. also

Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?

2016-11-04 Thread Manuel Amador (Rudd-O)
On 11/02/2016 06:28 PM, Marek Marczykowski-Górecki wrote: > > > @Marek: > > Do you have any idea what to look for in order to be able to calibrate > > my screen under Qubes? > > I have no idea how such software works... Especially at which stage > calibration is applied. Is it something that

Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?

2016-11-04 Thread Manuel Amador (Rudd-O)
On 11/03/2016 06:51 PM, Marek Marczykowski-Górecki wrote: > On Thu, Nov 03, 2016 at 12:01:08PM +0100, Zrubi wrote: > > On 11/02/2016 07:28 PM, Marek Marczykowski-Górecki wrote: > > >> I have no idea how such software works... Especially at which stage > >> calibration is applied. > > > The gonme

Re: [qubes-users] Your Battery is syping on you...

2016-11-04 Thread Manuel Amador (Rudd-O)
On 11/02/2016 09:49 PM, '109384'019834'09128'340932189 wrote: > Hello, > > in Q the Firefox battery fingerprinting is enabled. > > https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ > > Manual you might disable it: > > 1. start Firefox > 2. open the URL about:config > 3.

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 06:02 PM, balooney wrote: > the basic network is sys-net which is connected to sys-firewall > > if you connect your AppVm 'personal' with it you ll > use your original IP adress. > sys-net < sys-firewall < personal > > > > thats why I created a ProxyVM named 'vpn' > > my AppVm

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 04:05 PM, Alex wrote: > On 10/12/2016 06:04 PM, Manuel Amador (Rudd-O) wrote: >> On 10/12/2016 01:38 PM, Marek Marczykowski-Górecki wrote: >>> >>> AFAIR this particular problem was fixed (not sure if in xen 4.6 or >>> 4.7). >>> >&g

[qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Manuel Amador (Rudd-O)
It gives me great pleasure to release the first iteration of the leakproof Qubes VPN. https://github.com/Rudd-O/qubes-vpn This package allows you to set up a leakproof OpenVPN VM on your Qubes OS system. All VMs attached to the VPN VM are automatically and transparently routed through the VPN.

ANN: leakproof Qubes VPN (was Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?)

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 06:02 PM, balooney wrote: > how can I force my appvm to not connect to the internet of my sys-firewall > and only with the vpn ? As promised: https://github.com/Rudd-O/qubes-vpn This package allows you to set up a leakproof OpenVPN VM on your Qubes OS system. All VMs attached to

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 07:58 PM, Chris Laprise wrote: > > This requirement is already satisfied in the Qubes VPN doc: > > https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts > > > The scripts will stop non-VPN traffic and make sure that DNS operates > through

Re: [qubes-users] Re: Why it's so big secret?

2016-10-14 Thread Manuel Amador (Rudd-O)
On 10/13/2016 02:12 AM, nezna...@xy9ce.tk wrote: >> Then set up the Repos. > Pls tell me how you did it? Usually you can do this with a chrooted yum. Mock is the right tool to use. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google

Re: [qubes-users] TVM ASLR-exploit-proof?

2016-10-14 Thread Manuel Amador (Rudd-O)
On 10/14/2016 01:26 PM, 917832409173409178324097 wrote: > Hello, > > can ASLR tech help to build a hard template VM for Qubes? > > https://securityetalii.es/2013/02/03/how-effective-is-aslr-on-linux-systems/ > > checksec.sh: > How important it is that all libs and executables are PIE-compiled? >

Re: [qubes-users] Most Secure way to encrypt your usb stick ?

2016-10-22 Thread Manuel Amador (Rudd-O)
On 10/22/2016 12:09 PM, lakschmi wrote: > have sensitive data on your usb stick? > > whats the best way to encrypt/decrypt it? > > > > normally I use whonix-ws pgp and encrypt every file but Id rather have a > different method > > > > is there a way to install the tails os ecryption system in

[qubes-users] Privacy issue in DisposableVMs

2016-10-22 Thread Manuel Amador (Rudd-O)
DisposableVMs have Firefox cookies for Google and other websites in them, unless you have customized the homedir of the DVM as per the instructions in the documentation pages. To read the details, please refer to: https://github.com/QubesOS/qubes-issues/issues/2390 To mitigate: I recommend

Re: [qubes-users] Qubes R3.2, cannot find redshift{-gtk} packages on dom0

2016-10-20 Thread Manuel Amador (Rudd-O)
On 10/20/2016 01:47 AM, Pablo Di Noto wrote: > Hello all, > > I have reinstalled R3.2 and want to install Redshift (and its GUI) on dom0 > again. > I do not recall how I did it on R3.1, and successive updates. > > I see on a Fedora 23 VM that redshift and redshift-gtk are available in the >

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-20 Thread Manuel Amador (Rudd-O)
On 10/20/2016 05:12 PM, pleom...@gmail.com wrote: > @Jeremy Rand > > realy sorry about that,i didnt think that someone get some emails. THOUSANDS of us get "some emails" from you. > But this thing of system security is important. > The fact that security — which you do not seem to understand

Re: [qubes-users] SMB mount point location

2016-10-20 Thread Manuel Amador (Rudd-O)
On 10/18/2016 07:25 PM, John Maher wrote: > > Manuel, this is awesome! Thank you for the extensive explanation. My pleasure. > > Regarding option 3, are you referring to a Qubes service or some other type > of utility? Being new to Qubes, your mentioning of services above is my > introduction

Re: [qubes-users] Re: Attaching USB 3g modem to sys-net.

2016-10-20 Thread Manuel Amador (Rudd-O)
On 10/20/2016 05:03 PM, f03gu9h3u9fh3...@gmail.com wrote: > Is there no software route i can take? Is is not possible to virtualize a > specific device and then attach that to the VM or something alike? > > I could just get 2 PS/2 adaptors for my keyboard and mouse and set up a > dedicated USBVM

Re: [qubes-users] desktop sharing, capturing and screenshoting

2016-11-19 Thread Manuel Amador (Rudd-O)
On 11/19/2016 09:30 AM, Ray Brainer wrote: > I am having hard time to make desktop sharing in Qubes. > Within VM I see white screen. X server in VM does not allow screengrabs at all. Security measure. > Installing software on dom0 and using it in broadcast is denied. > What should I do? > dom0

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-17 Thread Manuel Amador (Rudd-O)
On 11/12/2016 08:58 PM, Chris Laprise wrote: > > That was my first reaction, too. But years later, I am so, s glad > ITL de-emphasized kernel-based security. > > If they had kept it as a supported security layer, the > "security-in-depth" mindset would have dominated most of our > discussions

Re: [qubes-users] Re: Does the Standard Firewall-VM Actaully do anything?

2016-11-17 Thread Manuel Amador (Rudd-O)
On 11/17/2016 04:20 AM, Sec Tester wrote: > It also raises the question, > > Is there any benefit running a VPN-Proxy-VM through sys-firewall? > > Or maybe save the overhead and just connect VPN-Proxy-VM directly to sys-Net? > Either works. With the firewall in between, you can limit the

Re: [qubes-users] Re: ANN: Qubes network server

2016-11-17 Thread Manuel Amador (Rudd-O)
On 11/07/2016 02:29 PM, Max wrote: > > This worked first time! > > I pinged from the Debian AppVM to a new Fedora AppVM. I checked that the > pinging did not work first and then went through the steps to change the > Fedora AppVM to connect to the proxy server NetVM, assign a static IP, >

Re: [qubes-users] How to rotate VPNs?

2016-11-17 Thread Manuel Amador (Rudd-O)
On 10/29/2016 03:09 AM, Gaiko Kyofusho wrote: > Is it possible to set up a VpnVM to automatically/randomly switch > between vpn servers? At the moment I have to manually replace > openvpn-client.opvn file with another file (with other server info) > every time I want to change, would be great if I

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-11-17 Thread Manuel Amador (Rudd-O)
On 11/09/2016 01:38 PM, SEC Tester wrote: > Hey Rudd-O, > > Thanks for your effort and great contribution to the Qubes community. Not > sure why Chris was critical, especially without specifically showing evidence > of any problems. Maybe just a troll? > > I haven't tried your program out yet,

Re: [qubes-users] Thoughts on Qubes OS Security... Could be improved.

2016-11-13 Thread Manuel Amador (Rudd-O)
On 11/12/2016 03:21 AM, Sec Tester wrote: > SELinux or AppArmor. SELinux would be absofuckinglutely great. Confined apps like Firefox would run much more securely. I got one DispVM owned by an attacker at Defcon in 2014. Isolation was nice to have because the machine didn't get owned, but the

Re: [qubes-users] Qubes 3 MacOSX

2016-10-30 Thread Manuel Amador (Rudd-O)
On 06/17/2016 04:11 AM, Drew White wrote: > > > On Sunday, 15 May 2016 14:05:50 UTC+10, Jeremy Rand wrote: > > FWIW, I think a legal argument could be made that such license > agreements are anti-competitive and therefore unenforceable. > However, > I am unaware of any specific

Re: [qubes-users] Re: ANN: Qubes network server

2016-11-03 Thread Manuel Amador (Rudd-O)
On 11/02/2016 07:03 AM, Max wrote: > On Thursday, 13 October 2016 01:31:01 UTC+8, Manuel Amador (Rudd-O) wrote: >> Update: >> >> I have dramatically enhanced the documentation of the project: >> >> * https://github.com/Rudd-O/qubes-network-server >> * >

Re: Request for test: Re: [qubes-users] Fedora 24?

2016-10-27 Thread Manuel Amador (Rudd-O)
On 09/06/2016 11:10 AM, Achim Patzner wrote: > Some key bindings might have changed; ctrl-"+" in a terminal window > increases the font size but the terminal window does not grow with it > anymore. Finally! The GNOME people finally unfucked Ctrl++! -- Rudd-O http://rudd-o.com/ -- You

Re: [qubes-users] Re: ANN: git-remote-qubes: Inter-VM Git for Qubes OS

2016-10-27 Thread Manuel Amador (Rudd-O)
On 10/27/2016 11:37 PM, Drew White wrote: > On Thursday, 27 October 2016 22:47:14 UTC+11, Manuel Amador (Rudd-O) wrote: >> It gives me great pleasure to announce the inter-VM Git bridge for Qubes >> OS, which allows you to git push and git pull from VMs stored in

Re: [qubes-users] Networking between two vms?

2016-10-28 Thread Manuel Amador (Rudd-O)
On 04/08/2016 02:17 PM, edev.u...@gmail.com wrote: > On Sunday, February 1, 2015 at 11:45:05 PM UTC-5, Marek Marczykowski-Górecki > wrote: > >> By default firewallvm blocks all the inter-vm traffic. But you can add a >> rule to allow that. Take a look here: >>

Re: [qubes-users] Windows HVM doesn't get updates

2016-10-28 Thread Manuel Amador (Rudd-O)
On 04/10/2016 11:34 PM, Salmiakki wrote: > Well, maybe. I haven't looked at traffic yet. Is there a simple way to > do that with qubes? sudo tcpdump -i eth0 -nn in the ProxyVM that your Windows VM is attached to. -- Rudd-O http://rudd-o.com/ -- You received this message because you

Re: Request for test: Re: [qubes-users] Fedora 24?

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/28/2016 01:56 AM, Marek Marczykowski-Górecki wrote: > On Thu, Oct 27, 2016 at 03:31:46PM +0200, Marek Marczykowski-Górecki > wrote: > > On Thu, Oct 27, 2016 at 09:50:56AM +0200, Zrubi wrote: > >> On 09/06/2016 01:24 AM, Marek Marczykowski-Górecki wrote: > >> > >>> I've just tried this and

[qubes-users] Re: ANN: git-remote-qubes: Inter-VM Git for Qubes OS

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/28/2016 10:51 AM, cyrinux wrote: > Le jeudi 27 octobre 2016 13:47:14 UTC+2, Manuel Amador (Rudd-O) a écrit : >> It gives me great pleasure to announce the inter-VM Git bridge for Qubes >> OS, which allows you to git push and git pull from VMs stored in other >> repo

Re: [qubes-users] Crashplan?

2016-10-28 Thread Manuel Amador (Rudd-O)
On 06/26/2016 03:40 PM, Andrew David Wong wrote: > On 2016-06-26 04:27, Niels Kobschaetzki wrote: > > Hi, > > > does anyone have experiences with running Crashplan in Qubes? If > > yes, how did you install it? > > > Niels > > > I installed it in a StandaloneVM with the installer's default options.

Re: [qubes-users] "Start Button" and "Task Bar" are Missing

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/27/2016 02:00 PM, Scott Bourne wrote: > On Wed, Oct 26, 2016 at 9:22 PM, Andrew David Wong > wrote: > > On 2016-10-26 09:25, scot...@gmail.com wrote: > > I installed R3.2 yesterday and everything looked and worked

Re: Request for test: Re: [qubes-users] Fedora 24?

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/28/2016 09:40 AM, Marek Marczykowski-Górecki wrote: > > Actually yes, we may hook qubes-gui-agent.service into graphical.target > and call it "display manager", preventing others from running. This is > good idea, but something I'd like to avoid as a stable update - so, for > Qubes 4.0.

Re: [qubes-users] How to destroy files without leaving any traces ?

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/27/2016 01:31 PM, 7v5w7go9ub0o wrote: > > > On 10/27/2016 12:14 PM, Manuel Amador (Rudd-O) wrote: >> On 10/26/2016 04:46 PM, maritnez wrote: >>> you have a file that contains sensitive banking data and would like >>> to delete it without leaving any trace

Re: [qubes-users] Re: Introducing the qubes-announce read-only mailing list

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/28/2016 05:02 AM, Achim Patzner wrote: > Am 28.10.2016 um 02:00 schrieb Drew White: >> On Friday, 28 October 2016 10:57:03 UTC+11, Andrew David Wong wrote: >> We've just introduced a new mailing list: qubes-announce >>> So it's a forum, not a mailing list > > No, darling. It's a mailing

Re: [qubes-users] Internal networking: How are IPs chosen, why class C subnet.

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/28/2016 08:51 AM, Robert Mittendorf wrote: > Hey, > > yesterday I noticed that even if VMs share a class C network, all > trafic is routed through the gateway and by default the gateway does > not allow a connection to other VMs in the same subnet. > This makes a lot of sense from a security

Re: [qubes-users] Re: How to view Youtube in Fullscreen ? (for dummies)

2016-10-28 Thread Manuel Amador (Rudd-O)
On 10/27/2016 01:31 AM, raahe...@gmail.com wrote: > On Wednesday, October 26, 2016 at 5:15:53 PM UTC-4, jamie wrote: >> does not matter if I use fedora, debian or whonix ... whenever I press >> fullscreen on any youtube video the brower freezes.. >> >> it also does not matter which browser I use

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-26 Thread Manuel Amador (Rudd-O)
Apologies for the reply to self, but I have received great news. The first piece of great news is that a user of Qubes VPN found a bug that made it impossible for Qubes VPN to work with tun-style VPN providers. We have fixed that bug thanks to his cooperation, and you can see the result of our

[qubes-users] ANN: Qubes network server

2016-10-11 Thread Manuel Amador (Rudd-O)
Folks, it gives me great pleasure to announce the product of over two years of work (primarily because I never paid enough attention to this project to bring it to completion): Qubes network server. The traditional Qubes OS networking model contemplates a client-only use case. User VMs (AppVMs or

Re: [qubes-users] Re: Thoughts about installed software

2016-10-11 Thread Manuel Amador (Rudd-O)
On 10/12/2016 12:26 AM, Drew White wrote: > Hi Robert, > Do you think you could build a template that would be that which you would > consider secure? > > Personally, I've been asking what packages are REQUIRED for full integration, > and never gotten an answer that provides the information I

Re: [qubes-users] rc.local iptables persistence on reboot

2016-10-11 Thread Manuel Amador (Rudd-O)
On 09/18/2016 12:14 AM, nishiwak...@gmail.com wrote: > iptables -F > iptables -P INPUT DROP > iptables -P OUTPUT ACCEPT > iptables -P FORWARD DROP > iptables -A INPUT -i lo -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/13/2016 02:14 PM, Chris Laprise wrote: > > So this is dependent on OpenVPN's features, again. Yes, I make no secret of the fact that my software depends on OpenVPN. I accept contributions to make it work with other VPN solutions. > > And is forcing your routing schema on an unknown VPN

Re: [qubes-users] Installed Qubes on "reasonably" secure, portable and fast USB drive

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/13/2016 11:36 PM, Toni S wrote: > Only annoyance with the stick so far has been that it locks itself > automatically right after it loses power, and for some reason there is a > short power break in booting the Qubes, just before the graphical loading > screen and crypto unlock. Then you

Re: [qubes-users] Networking issue with bittorrent client Q3.2

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/13/2016 09:56 PM, Desobediente wrote: > Assuming that Manuel described your case, you would have to set a > static port, not random, and forward the port in the firewall VM and > also in every device in the middle of the way (routers, etc.) That is right. You want to set a static port on

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/14/2016 12:32 AM, Chris Laprise wrote: > On 10/13/2016 11:39 AM, Manuel Amador (Rudd-O) wrote: >>>>> * Interdependent packet marking, detection and routing rules are >>>>> needlessly complex >>>> FWMARK was the only way to get blackholing to

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 09/09/2016 12:44 AM, Dima Puntus wrote: > Hi, > > After testing Qubes for a few weeks (3.1, 3.2-rc1,2&3), here's my 2 cents: > > It's a great OS in many aspects but still unusable outside of the > small group of the "terminal only" ppl. Reason # 1 is graphics. In > this day and age it's

Re: [qubes-users] Re: Thoughts about installed software

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 05:25 AM, Drew White wrote: > > So what do those packages require as dependancies though? > The dependancies are also required for full integration. > Just saying, there is more than just "qubes-*" to be thinking about. Are you trolling me with this question? Installing those

Re: [qubes-users] Re: Thoughts about installed software

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/13/2016 12:31 AM, Drew White wrote: > On Thursday, 13 October 2016 00:39:04 UTC+11, Manuel Amador (Rudd-O) wrote: >> On 10/12/2016 05:25 AM, Drew White wrote: >>> So what do those packages require as dependancies though? >>> The dependancies are also required for

Re: [qubes-users] How to send wake on lan from qubes?

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/13/2016 12:28 PM, galt...@gmail.com wrote: > I'm trying to remotely wake a computer from qubes with these commands: > > sudo ether-wake -b MAC > sudo ether-wake MAC These commands only work from a NetVM by default because they require knowledge of the target machine's MAC address, and that

Re: [qubes-users] USB over IP (Network Gateway)

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/13/2016 12:16 AM, equi...@icloud.com wrote: > Very interested to know if any reason why a USB network gateway software > would not work in Qubes? > > For anyone interested, a USB network gateway provides USB functionality to a > client over IP. USB network gate by Eltima has Linux,

Re: [qubes-users] Networking issue with bittorrent client Q3.2

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/11/2016 11:18 PM, yorp wrote: > For some reason using a bittorrent client in an AppVM will not connect to > internet. It's usually the case that they listen to ports locally and expect remote ends to connect to those ports, which they open using UPNP. UPNP firewall port opening is not

Re: [qubes-users] How to solve ProxyVM (sys-firewall) becomming non-functional at runtime

2016-10-13 Thread Manuel Amador (Rudd-O)
On 10/11/2016 09:42 AM, Robert Mittendorf wrote: > Hey folks, > > sometimes the sys-firewall (more likely a service within it) crashes > and does no longer allow connected VMs to resolve DNS. > The ProxyVM must be the responsible entity, because the connection > will be fine again If I restart the

Re: [qubes-users] Re: How to send wake on lan from qubes?

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/15/2016 03:12 AM, pleom...@gmail.com wrote: > Rudd-O > might be you so nice and explain why it dosent work > > > https://groups.google.com/forum/#!topic/qubes-users/E2NBXnYazUk Please do not crosspost this problem to other threads. Keep it to the other thread. Please also comply with my

Re: [qubes-users] Re: Unable to uptade templates affer forced all traffic trhough VPN

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/15/2016 04:56 PM, 4lgaqp+cqeepdnbinsts via qubes-users wrote: > Hi Chris, > > Thanks for the suggestion. > Just to clarify, the VPN tunnel was created within the sys-firewall, I believe the VPN set up by the instructions in the official docs interfere with the updates proxy functionality.

Re: [qubes-users] Re: Unable to uptade templates affer forced all traffic trhough VPN

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/15/2016 04:56 PM, 4lgaqp+cqeepdnbinsts via qubes-users wrote: > Hi Chris, > > Thanks for the suggestion. > Just to clarify, the VPN tunnel was created within the sys-firewall, and > currently that's the only proxyVM that I'm using (apart from the sys-whonix), > hence all traffic from the

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/16/2016 12:16 AM, pleom...@gmail.com wrote: > look guys if someone compromize sys-net then go route trafic by fake dns and > sites.You paste your credit card or something and all data goes to the hacker. If someone compromises the network card of your AppArmor-enabled Ubuntu instance, the

Re: [qubes-users] Re: ANN: Leakproof Qubes VPN

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/16/2016 01:03 AM, pleom...@gmail.com wrote: > my vpn connection is good bcs its connect > openvpn --config qubes-vpn.conf That's not what I asked for. Please give me the information required by the Troubleshooting section of the README.md file in the project Otherwise I cannot debug the

Re: [qubes-users] SMB mount point location

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/13/2016 02:25 PM, John Maher wrote: > On Wednesday, October 12, 2016 at 12:06:15 PM UTC-4, Manuel Amador (Rudd-O) > wrote: >> On 10/12/2016 12:55 PM, John Maher wrote: >>> Hello, >>> >>> I'm trying to access file on the command line through an SMB moun

Re: [qubes-users] Qubes on a dedicated server

2016-10-12 Thread Manuel Amador (Rudd-O)
On 09/30/2016 01:05 PM, Patrick Schleizer wrote: > Does anyone ever try this? > > Did it work? Any experiences? > I wrote software for this purpose: https://github.com/Rudd-O/qubes-network-server Enjoy! -- Rudd-O http://rudd-o.com/ -- You received this message because you are

Re: [qubes-users] Re: Thoughts about installed software

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 08:50 AM, Robert Mittendorf wrote: > Well, the discussion leaves the focus I intended it to have. > It is surely worth thinking about what a minimum templates needs to have. > Nevertheless I think Qubes is about "I know I can get exploited, so > just protect the other parts of the

[qubes-users] Re: ANN: Qubes network server

2016-10-12 Thread Manuel Amador (Rudd-O)
Update: I have dramatically enhanced the documentation of the project: * https://github.com/Rudd-O/qubes-network-server * https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20your%20first%20server.md *

Re: [qubes-users] Qubes for running virtual servers

2016-10-12 Thread Manuel Amador (Rudd-O)
On 08/23/2016 04:07 PM, darren...@redskiesgroup.com wrote: > How does Qubes perform as the host OS in a virtualised server environment? > > I'm thinking of a configuration where the host OS is Qubes with VM's running > for things like a virtualised email server, IDS server, perhaps a Tor relay >

Re: [qubes-users] Qubes server?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 07/31/2016 12:04 AM, Manuel Amador (Rudd-O) wrote: > Hello! > > I want to roll my own Qubes server — software-defined networking, remote > VM management, all the goodies that come with Qubes like volatile VMs > and VM templates — but I have had real trouble writing code t

Re: [qubes-users] Re: Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 09/13/2016 05:52 AM, Vít Šesták wrote: > Well, the points you have mentioned are also dubious for mainstream Linux > environment, not only for Qubes, because they suppose a malicious app already > installed in the system. They do not presuppose that. They merely presuppose an app has been

Re: [qubes-users] SMB mount point location

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 12:55 PM, John Maher wrote: > Hello, > > I'm trying to access file on the command line through an SMB mount point that > is created in the GUI. I'm using a debian-8 AppVM and connecting to an SMB > share in a Files window, but I cannot find a mount point for the share. I > would

Re: [qubes-users] Is there any hope for Wayland?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 01:38 PM, Marek Marczykowski-Górecki wrote: > > > AFAIR this particular problem was fixed (not sure if in xen 4.6 or 4.7). > Is there support for upgrading dom0 to Fedora 24? -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the

Re: [qubes-users] How to force AppVm to only use Proxy-VPN connection ?

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/13/2016 04:03 AM, Chris Laprise wrote: > On 10/12/2016 10:58 PM, entr0py wrote: >> Manuel Amador (Rudd-O): >>> On 10/12/2016 07:58 PM, Chris Laprise wrote: >>>> This requirement is already satisfied in the Qubes VPN doc: >>>> >>>> https

Re: [qubes-users] ANN: Leakproof Qubes VPN

2016-10-12 Thread Manuel Amador (Rudd-O)
On 10/12/2016 10:18 PM, Marek Marczykowski-Górecki wrote: > On Wed, Oct 12, 2016 at 09:35:45PM +0000, Manuel Amador (Rudd-O) wrote: > > It gives me great pleasure to release the first iteration of the > > leakproof Qubes VPN. > > > https://github.com/Rudd-O/qubes-vpn >

  1   2   >