Re: [qubes-users] Advantage of connecting through a mobile router in public?

2017-01-31 Thread Franz 
On Wed, Feb 1, 2017 at 2:13 AM, Chris Laprise 
wrote:

> On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:
>
>> I keep reading examples where people are using something like mobile
>> routers between thier phone/computer and public wifi spots, example like
>> the blackholecloud device or apparently
>> Mike Perry of the tor project told arstechnica <
>> https://arstechnica.com/security/2016/11/tor-phone-prototyp
>> e-google-hostility-android-open-source/>that "He suggests leaving the
>> prototype in airplane mode and connecting to the Internet through a second,
>> less-trusted phone, or a cheap Wi-Fi cell router."
>>
>
> This is pretty dubious advice. What is to stop an attacker from breaking
> into the mobile router and using that as an attack platform to break into
> your main device? A few minutes...?
>
>
But doesn't a firewall add some additional security? Otherwise which is the
purpose of having a firewall?


>
>> Are Qubes separate firewall and net (and whonix gw) VMs serving the same
>> purpose? If not how is what blackholecloud and what MP are doing improving
>> thier priv/sec?
>>
>
> Basically, yes. But the NIC is isolated in sys-net and there is no where
> else (internally) for anti-NIC attacks to go (except to other machines on
> the LAN).
>
>
> Chris
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/ms
> gid/qubes-users/050bca64-e23a-ea17-181c-617549d40470%40openmailbox.org.
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qDb89VnavEsWAyofX207DE%3DQZRcGWJ4gYKakuKhhYjxhQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Advantage of connecting through a mobile router in public?

2017-01-31 Thread Chris Laprise 

On 01/31/2017 10:47 PM, Gaiko Kyofusho wrote:
I keep reading examples where people are using something like mobile 
routers between thier phone/computer and public wifi spots, example 
like the blackholecloud device or 
apparently Mike Perry of the tor project told arstechnica 
that 
"He suggests leaving the prototype in airplane mode and connecting to 
the Internet through a second, less-trusted phone, or a cheap Wi-Fi 
cell router."


This is pretty dubious advice. What is to stop an attacker from breaking 
into the mobile router and using that as an attack platform to break 
into your main device? A few minutes...?




Are Qubes separate firewall and net (and whonix gw) VMs serving the 
same purpose? If not how is what blackholecloud and what MP are doing 
improving thier priv/sec?


Basically, yes. But the NIC is isolated in sys-net and there is no where 
else (internally) for anti-NIC attacks to go (except to other machines 
on the LAN).



Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/050bca64-e23a-ea17-181c-617549d40470%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] disk utility in dom0

2017-01-31 Thread Chris Laprise 

On 01/31/2017 11:25 PM, Ted Brenner wrote:
Fortunately I was able to accomplish this using fdisk without having 
to install anything new. One thing I haven't been able to figure out 
though, when I attach it to one of my appVMs, I don't know where to 
find it. This page 
 mentions 
/run/media/user/ but I don't see /run/media directory. Is there 
somewhere else I should be looking?


Thanks!



Attached volumes get named /dev/xvdi[1,2,3,...] /dev/xvdj[1,2,3,...]  etc.

Those are block devices. If they don't automatically show up in the 
sidebar of Files/nautilus, you need to mount them with a command like:

$ sudo mount /dev/xvdi1 /mnt/myvolume

Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/721b5104-5d6c-7a2c-942a-23e95e7bcf1c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] disk utility in dom0

2017-01-31 Thread Ted Brenner 
Fortunately I was able to accomplish this using fdisk without having to
install anything new. One thing I haven't been able to figure out though,
when I attach it to one of my appVMs, I don't know where to find it. This
page  mentions
/run/media/user/ but I don't see /run/media directory. Is there somewhere
else I should be looking?

Thanks!

On Mon, Jan 30, 2017 at 9:34 PM, Ted Brenner  wrote:

> Thanks all for your help. I assume fdisk can do all this right? And that
> does appear to be in dom0.
>
> On Mon, Jan 30, 2017 at 1:58 PM,  wrote:
>
>> On Monday, January 30, 2017 at 1:26:01 AM UTC+1, Ángel wrote:
>> > Ted Brenner wrote:
>> > > What is the best way to add and partition disks in dom0? I just added
>> > > some hard drives that I'd like to format and partition and then pass
>> > > those to a guest VM for storing my person files. With xfce, I don't
>> > > see any GUI based disk utility. Does this have to be done via the
>> > > command line?
>> > >
>> > >
>> > > Thanks!
>> > >
>> > I would recommend you to simply attach the disks to be formatted into a
>> > VM and format them there. What's the point of exposing dom0 to them?
>> > You can later attach them to the same or different VM for usage.
>>
>> Is it reliable though? For example will the result always be exactly the
>> same as if the drive was managed in Dom0? Does the used file-system matter
>> if applied through a VM or are any possible factors completely unaffected?
>> For example is there a difference to manage BTRFS, ZFS, NTFS, EXT4, random
>> exotic FS, RAID of any build kind, HDD/SSD, old or new cutting edge drive
>> technologies, or any other possible factor, through a VM compared to a bare
>> metal OS?
>> Anything at all to look out for if undertaking changes on a drive through
>> a VM?
>>
>> Does it pose a risk change in the rate of bit errors? For example from
>> file system or drive error odds with an 1 in 10^15, to 1 in 10^7 risk
>> increase?
>> It is after all better to be proactive to prevent possible issues, than
>> it is to leave it unknown, when it comes to precious irreplaceable
>> important data.
>>
>> Best practice in terms of security, yes sure, but is it also best
>> practice in terms of data integrity? Is there any possible trade-offs here
>> to be aware of?
>>
>> There may be no difference at all, or there may be. But the point is, for
>> those not in the knowing, which one is it? It would be great to be
>> reasonably certain when using new technology where important data is
>> involved, where common sense may need an update, rather than being among
>> the first victims due to outdated assumptions, relics of an old age in an
>> ever faster changing world.
>>
>> So taking all that into account, all possible factors included, is it
>> really just as reliable to manage drives in VM's as when done in Dom0?
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to qubes-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to qubes-users@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/qubes-users/139be9c2-aa22-44ce-bea1-105be40e1f60%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Sent from my Desktop
>



-- 
Sent from my Desktop

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CANKZutybwCRWhU1EO4reXGRKV9BCMx453N7gWi5Kf%3DCFb40tKg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: HCL - Asus ROG GL752VW-GS71-HID6

2017-01-31 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-31 10:46, Grzesiek Chodzicki wrote:
> W dniu wtorek, 31 stycznia 2017 17:09:15 UTC+1 użytkownik Ronald Duncan 
> napisał:
>> I tried reinstalling on the ssd, and it was a bit of nightmare.
>>
>> I kept getting an error trying to start the sys-net VM with my PCI network 
>> card 
>>
>> Internel error:
>> Unable to reset PCI device :03:00.1:
>> internal error: Active :03:00.0 devices on bus with :03:00.1
>> not doing bus reset 
>>
>> https://github.com/QubesOS/qubes-issues/issues/1393
>> Tried sending echo -n "1" > /sys/bus/pci/devices/:03:00.1/remove 
>> but vm would not start up
>>
>> https://groups.google.com/d/msg/qubes-users/o8eahbAg3q0/v1Ztl8aU-UkJ
>> Then removed the item via the gui which worked but means I can not use the 
>> ethernet card.
>>
>> It shows as the same card in the above link.
>>
>> The strange thing is that the first install onto the hard drive had no 
>> problems with the ethernet card???
>>
>> Must have tried reinstalling about 10 times and got the error every time.
>>
>> The wifi card works in both cases.
>>
>> Regards
>> Ronald
>>
>> On Wednesday, 7 December 2016 14:34:55 UTC, Ronald Duncan  wrote:
>>> HCL-ASUSTeK_COMPUTER_INC_-GL752VW-20161207-142440
>>>
>>> Needs nouveau.modeset=0 to run!!
>>>
>>>
>>> Looks like everything is working
>>>
>>> Ethernet
>>>
>>> Wifi
>>>
>>> usb
>>>
>>>
>>>
>>> Issues during install I tried putting usb in a vm, (checking this and 
>>> running under the net vm which hung the install.
>>>
>>>
>>>
>>> Installing the default ticked vm's worked.
>>>
>>>
>>>
>>> On installing from USB you need to do the following
>>>
>>>
>>>
>>> just after installation - before reboot - go to tty2 (ctl+alt+F2) and edit
>>>
>>> /mnt/sysroot/boot/efi/EFI/qubes/xen.cfg and add nouveau.modeset=0 to the 
>>> end of the Kernel= line
>>>
>>> (not sure if its mounted at exactly /mnt/sysroot - see `mount` output to
>>>
>>> be sure).
>>>
>>>
>>>
>>> Big thanks to Marek!!
>>>
>>> Regards
>>>
>>> Ronald
> 
> Check whether the network shares a controller with another device (such as 
> the card reader). If it does, assign the second device to the sys-net.
> If that fails run (in dom0) qvm-prefs -s sys-net pci_strictreset false
> 

Echoing Grzesiek's suggestion, but make sure you understand the security
implications of disabling pci_strictreset:

https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned-usb-controllers-to-it-now-the-usbvm-wont-boot

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYkV9QAAoJENtN07w5UDAwX6sP/jWNLWmLJxaZTA4RkBRK9uGC
f/HFt/mDpfmHaANJyMNkI9wzKMosD9DUJS6I2nW2MizOrfWCobgAKSJktM/ceH4o
cgPIHuFFuq3f9AHt/Cl5eO+N403grW6pWVjOBmI+SXKgLqwm67RPOGNmXo7Ik5J5
XxkWGy9K8oiELsUtJgOXbPZ8jET2pZqfj/gvzRdfb7MqjhgRKJyoCxyxkoVGuE9A
c2iaJ9ofCY5gxgp3sVPCkrElboB6THMIL8RU32VGSLK+6MN/gWOaRJ87bn7dVUiP
uopCrTP8ZftwbfY8bofFikSnzLTLDiCkMunRgf7Tr+xipOA7SETudJQ8P2k19noK
KiDixax1z0hbYA6gkgJQjcjNzqurHQdOUm3o9YAJHoY+SV4vEnzWLLR3JBh9jb3A
b4UGkdYMsgcoYFS42ymP5iqBZDo2TzjWjcDLkmaVPhX0RNFWVtMtmXvEmuM/ArE3
bzqLtJgElQIdbvqJbjCsthzrg846VWPst3qWAcHfycS/aCFMAkBEbxVy74H4pyZa
78ESx/i521J1m8ZnchkoUIDwGPw72ImEQqE+Nf5vSH9OqvE/dVzzPH9NLqOXpHMo
90nUjOa6Q+seruKDJeHP9HrDd5RrkzVgQGdoXevzihedzbrxXdON819t6eytQoDy
7z2U/u4D4RnvFJWhEHAA
=7y/v
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5f084fba-8730-7520-30f4-910acf0af087%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Advantage of connecting through a mobile router in public?

2017-01-31 Thread Gaiko Kyofusho 
I keep reading examples where people are using something like mobile
routers between thier phone/computer and public wifi spots, example like
the blackholecloud device or apparently Mike
Perry of the tor project told arstechnica
that
"He suggests leaving the prototype in airplane mode and connecting to the
Internet through a second, less-trusted phone, or a cheap Wi-Fi cell
router."

Are Qubes separate firewall and net (and whonix gw) VMs serving the same
purpose? If not how is what blackholecloud and what MP are doing improving
thier priv/sec?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGpWZxP-mPQEU_%2BdggUq%2ByYK9CefnSORx27kYAvyE-T%3DmK8LnA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can't get Qubes 3.2 to install on a Lenovo E560 Thinkpad [novice user]

2017-01-31 Thread mindflowerstudio 
oops here is the link that possibly describes my problem although I don't 
understand how to implement the repair. 
https://www.qubes-os.org/doc/uefi-troubleshooting/#f1

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5d30fca9-71c7-4e1e-b7d7-60eac37e1005%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: can't get Qubes 3.2 to install on a Lenovo E560 Thinkpad [novice user]

2017-01-31 Thread mindflowerstudio 
On Tuesday, January 31, 2017 at 10:33:59 PM UTC-5, mindflow...@gmail.com wrote:
> Hello. I am trying to install Qubes, I burned and verified it on a DVD. The 
> problem I am having is the install disk boots up, but while installing it 
> reboots during initrd.img loading. I followed this link 
> https://www.qubes-os.org/doc/uefi-troubleshooting/#f1 which describes my 
> problem, but the installer does not have the options to edit the bootcode 
> that is described in this work around as far as I can figure. Any help 
> appreciated, thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/46a12098-1961-4bcd-84a3-691f738a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] can't get Qubes 3.2 to install on a Lenovo E560 Thinkpad [novice user]

2017-01-31 Thread mindflowerstudio 
Hello. I am trying to install Qubes, I burned and verified it on a DVD. The 
problem I am having is the install disk boots up, but while installing it 
reboots during initrd.img loading. I followed this link which describes my 
problem, but the installer does not have the options to edit the bootcode that 
is described in this work around as far as I can figure. Any help appreciated, 
thanks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/13fe5ec2-2cac-46c7-aab8-c26432d112dc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Memory and network problems

2017-01-31 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-30 11:28, Chris Willard wrote:
> Hello All,
> 
> I  have  installed  Qubes  3.2  and am having problems with memory
> and networking.
> 
> Firstly, Qubes only sees 4GB RAM but I actually have 32GB RAM!
> 

If you're basing this conclusion on the dom0 RAM indicator in Qubes VM
Manager, then there's no need to worry. That shows only the amount of
RAM that is allocated to dom0, not the total amount of RAM that Qubes
sees and uses. Qubes automatically and dynamically reallocates your
total RAM to all running VMs (including dom0).

> Secondly,  networking  keeps  stopping.  I  can  initially  ping
> (e.g. 4.2.2.1) but then I just get "Destination Host Unreachable"
> from the DHCP IP given by my router.
> 

- From which VM are you issuing these pings?

Also, are you sure that it's not a problem with your router?

> I  am  installing  on  a  Dell  PowerEdge  T710  and  have  added
> "-- efi=attr=uc" to the boot command.
> 
> Any help with these problems would be much appreciated as I would
> like to use Qubes as my main operating system.
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYkVYjAAoJENtN07w5UDAwCcAP/0wc/UdxnB5sBNNCn7z3MFic
banf6CK7xI7RtKWt74H7ho2T7NlzPaK0WU5lMkfuNo8M4e/3WLC290TZqZU5PVR/
AksMIbl23X1YzfPxiW6D2Sbe8PSfxeMkiRkMFxJb5+cvz33Zr3cXqWscEovgZBg6
v2fAJXkowR1ndYCqx2+ffm1lCTUf0fXUt6a/4FFTOdlj1+RjNHUn2AtYqzDScNqQ
Rm0sQRrWLnA2EwQRU948kL4UKT6c//Ucp502KpSgxrTZBOSisO5A1xDOnAFyTItM
e3ZVoWaTfi1LJuL+p3IrFfpzaj+RrmY15vyYlkjYxto2huby/oOIjRqmHapOkXNh
oqXJ4nNG0r3x+a6ysvXHK0LYgAGg6jydZxMVhkXMitsS2hmw3ddueNpEaV61Gb2H
ytX1wkPGIhuDLhMFDY9NNSprW6Nb3KDvcl3oA39IMywucJC3qJsLfux+bRiYu3cx
O96VSNdTqhaoaUBP6EB1BAXOaCn7YNgFnpSY9E40lGUCahBlJADmmrwhBC74w6Gu
DydIUCzrr+GrAUGrgE+CMHjE0Nc9K1Hg0xBu041SjMCt+DoQ4mbBZsC6YshOVmSF
edxUMN0xCN8DvG0+oH/CUwKOX8Rcgdj9NM+xLSw64Zds8K0PL4IEOwhw8ijlO1kt
Rk1Am6TwgToV7WkClZxh
=kHbL
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0937758-2209-bf23-f1f1-db4cafa01c05%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Lenovo X201t Thinkpad Report

2017-01-31 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-30 10:31, Loren Rogers wrote:
> Figured I'd send along a report for my Thinkpad as well.
> (Attached.) Everything seems to be working fine with this setup,
> but it does tend to overheat occasionally. Pretty annoying, but for
> everyday workloads it seems to be fine.
> 
> Loren
> 

Thank you for your report. However, you should resubmit it with a
properly-formatted subject line in order to increase the probability
that it will be noticed by Zrubi, our volunteer HCL maintainer.

The correct subject line format is:

HCL - 

Thank you for your understanding. You can read more about the HCL
submission procedure here:

https://www.qubes-os.org/doc/hcl/#generating-and-submitting-new-reports

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYkVT6AAoJENtN07w5UDAwNAwQAIsBve15n7ngA6yVnXZfnK8R
/PjgoGEYYx0kMx7cyimiFQI5vqkuefmmIoDeiJLErtkZ2R/zujLtBbnfBFVCcfL5
QWrSMPsyEJXFybz0Vi8pjt6TVz6SUBkPSzSD0GQFqU6RLUf7YIX6doLJmsLTc6Ah
aa6pG92T1bD1HXwjR+QJ60tNyjpPZAvPHzpcdiOJiPaN7rd+oVHlwiS6+ZeeM2U9
o8Vyc8S65Oy7QcbznfZvaEv7xNSjdd1Xy1WudJcN9teDMIIJPLn6geDQd8h0+/zW
uqD3m7CJMXAtJSvl0cLn0Ego3jOTzFqf7/27/B5PbwxIugGpM2/txxznXtZaUaHX
YpmbarTYcpbo+JggcVYS91Tyl+lBKDeVr9BhIbcQ1t2LyriIeODQBMaWw6QOjkcf
E1JdtW6lYdAY/n0SyaQx06QWjziEu3Smndaq99Jpj6N7LKXlw4rvuDW4uvEonyV/
PXuOHm9/Y3OKI7r2Q7iIfpjzJIOtmleVT8qG4ZCaBnClL4WslGPu3Eb8ZgbZ30cz
3WD8j8yvAJsLaC3/+v0kQj/luaTonuzKCuFPgTIczUbMbTX17tIBUwIXLWnQwSsS
h+fKbpyLfqiSfnuPLF0AmGsOuHAXsN+BFsfJ6tos9j4SxqV8ZFrIm+lNrgZ/X5La
Tu5/AeIp4O1jtxSo/FrJ
=LI3B
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ca85fe85-4efa-a908-4a56-352b4be5f0a9%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Hardware report

2017-01-31 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-01-30 10:27, Loren Rogers wrote:
> Hi all,
> 
> I've attached a hardware report for an Asus G750JW. I can say that
> Qubes appears to run just fine overall, but with a few limitations.
> The most important is the wifi -- the Broadcom unit installed isn't
> supported, so no wifi out of the box. Somewhat annoying, but
> workable, is the monitor - the display brightness doesn't work, so
> it's stuck at 100%. This is a known issue with the kernel, and may
> be fixed in future releases. Could be worse, but still annoying.
> Also, the keyboard functions don't work out of the box. Things like
> the keyboard backlight brightness, wireless on/off, enable/disable
> touchpad, all don't work. However, the volume buttons do work,
> along with the monitor-off button. I didn't really try any of the
> other functions or the webcam/mic.
> 
> 
> Loren
> 

Thank you for your report. However, you should resubmit it with a
properly-formatted subject line in order to increase the probability
that it will be noticed by Zrubi, our volunteer HCL maintainer.

The correct subject line format is:

HCL - 

Thank you for your understanding. You can read more about the HCL
submission procedure here:

https://www.qubes-os.org/doc/hcl/#generating-and-submitting-new-reports

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYkVTgAAoJENtN07w5UDAwZk4P/iYmBHbXe4k7yMa2Bc8dJS67
4bFQOQVRtuYZhNrujvuwQdN+x1O3PWi2+tpKMiMm0PP45PrCQFpnTKss1arZSzeN
g8/SapRonXfTQo7iQINlwJkLGKvgSsKE3FqSygz4Mq6Uz+vpXRndL6t5ez7IVgAB
xjNxyImMISq6HdL/WvVdtuDivkiuuvQ25yifl5HKSzoy3x3v8cPEIGNt8m8ovFzH
HSmgDuQmRF9eMXdNp7h1FG7xtTBLOxha/aY7s0Wc0p2B1kzQDoKKSBH1AtF+5Bkf
p444iigownIKojntBBxwvop5du1SPU7lmzgFZp7k1Om2xhQRX9b7kDvPg1qdZWcz
PisCFcIJynqjPXkypXu4MpE4qMXsJ0Jts68bGEepaBhhGjplHqbfX6Rb6OuvMgCK
C256XWruSbJ943ODQOQeGA4pcd+mOG611wl9CnE4R7v6KELdiqH+A4JMEMkVG06Q
+mmzvaKe2CwvMJRXaqdaZF7ykVBwRSfGKZ+nLJSRl6rovAODzhOLarNAbX7Bwc9G
oCbK4Co3J29ucDnoq6xV4bqSOUoSAKKq3kCQOvxxzzEJ2D15LKZ0R80uVSlMAy6p
f85iR+3qK/pdz9FKzi9WXXBWaFrlvlG1IAfOVePLRkatZjkOddMObycCPyfgmFAM
v5i9We1PqwlNlDd0sDeW
=Vzyw
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/39253fe2-686b-fc23-9bfd-2d43e0ebf61d%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: [qubes-devel] NetVM very slow at starting up (or not starting up at all!)

2017-01-31 Thread Andrew David Wong 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

(Replying on qubes-users, which is the appropriate list for threads
like this one. Please see: https://www.qubes-os.org/mailing-lists/)

On 2017-01-31 06:39, Dario Faggioli wrote:
> Hello,
> 
> I've been here a couple of times already, trying out Qubes. :-)
> 
> So, here's the thing. I download ISO and install Qubes 3.2. Boot
> into it and everything works. I do some customization, mostly in
> the form of installing new packages in templates, and all still
> looks fine. Then I reboot, and for some reason the NetVM has become
> either very very slow, or impossible to startup it properly.

This sounds like it could be a hardware-specific problem. Have you
tried Qubes on any other hardware?

> The specific cause seems a bit random too. One time, it was
> qubes-db which was not starting inside it (neither automatically,
> nor if I tried manually). Another time I got a libvirt error saying
> that the PCI ids of the network card was already assigned to
> sys-net! :-O

That's strange. When you said "the NetVM" above, I thought you were
referring to sys-net (the default NetVM). Are we talking about more
than one VM here?

> And yet another one, it seemed like VM build was crashing very
> very early (and I did not find any log containing the latest
> startup attempt).
> 
> I'm reinstalling, right now (I'm a little bit on a hurry to get it
> running :-P), so I can't provide much logs (and even if I still had
> the system, it'd be hard to get the logs out without _any_
> networking!).

USB flash drive?

> Note that I've already tried re-installing and starting from
> scratch a couple of times. At every attempt, all is ok until I
> touch something withing the default fedora-23 template. :-(

This suggests that you might be doing something wrong when you
manipulate the template. Perhaps you could provide a precise list of
the steps you perform that affect the template?

> I do Xen development as my daily job, so I should be able to look
> into and debug things, if you give me an hint

CCing Marek, Master of Hints. :)

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYkVJpAAoJENtN07w5UDAwiTUP/0J0QZDE78MWHo26VYkvrKaX
ffnmfgI3FRl6twwquqpfCBrT2FY1CGVW8EIpWw/zU0AduyO0JpB5uWIp7bTFh5Dt
cO9jgpEVRBEBTz/oQUpo+fC1eWrbfdimG86Cz7TUI9YQg7d7HXSRgBl/AhrfBN1g
mMOE33H2uvj3WGAVJI/3ctr3er2canY8QC8quLX0TzdPq3IAM9+BiHhIZzUhj3ty
MYmOO4VVAY4ENIawpQm0ksxQHRwnPB4v0HAHJOA0wtbq3jqtT59HT7r20QaCz/Uh
jTsJrRuj7yN0SgBdqp7fXJXhk76EplHsjpaLsODPLP9tsz/TDpIG9Q9cQd5uKq7g
UhY11mU7rsXyfDEGHelwLWp4HmNxQWIkDxx/njFgmiXB7DA8OxuRRvzLkuT784LJ
iVHnIr7neLSXMuv98bfesNkluQ14TusRUvqPhx30cHIA0f5k4e8Rjvo75c5tK1mB
IsScT5dMw/fBkOea6585Uc7bQODwMBFkFG00esdD2Yj8dYyuaw9Zre7kOiEdjKzL
YC2TzqqY3IMPXqMYOtR0CS4onXHZS/0jClXocbr+1uUBLEFOFj+4UIJTMt3DiecZ
Gq2r2u6/Bu/fQn8zTKM7Dqaeh8Ro0H4HdnOeNLk58uk0tWu+FV5hIB98N+el38/h
G9yaMLtCSskrMDL5iAK9
=Mit7
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/76a0e843-b658-b322-1d93-5b02c283ac3a%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Long boot time for "Initialize and mount /rw and /home" unit

2017-01-31 Thread Chris Laprise 

On 01/31/2017 03:55 PM, Alex wrote:

What I don't understand is... is this thing really comparing ~50GiB of
disk on every boot with a stream of 50 billion zeros just to see if a
filesystem exists? It's weird, because if this was the case I would have
to wait a long time on every boot, while this does not happen; on 1 in 3
boots, the VM starts up in ~20 seconds instead of the usual 5 minutes.


I have VMs with even larger /rw filesystems, and they start in about 7 
sec. under Debian 9. I don't think I have ever experienced this issue 
with Fedora 23/24 either.


My guess about the dd|diff comparison in 'setup-rwdev.sh' is that diff 
is closing its connection with dd as soon as it sees non-zero data. This 
should cause both dd and diff to terminate immediately.




Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4ea8ff49-f1d7-7e2d-c3e0-7d99d906b40e%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Fedora 25

2017-01-31 Thread a . mcwheel 
Yes, I have the same issue.
I'm not sure it could be resolved till next  Qubes OS release...

On January 30, 2017 7:39:43 PM AEDT, Connor Page  wrote:
>I've been using only f25 for about a month now. the upgrade was smooth.
>just needed to tweak qt5 styles and scaling.
>looks like now there is a version conflict. qubes-gui-vm requires
>pulseaudio 9 but I guess f25 has moved on to version 10.
>
>-- 
>You received this message because you are subscribed to the Google
>Groups "qubes-users" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to qubes-users+unsubscr...@googlegroups.com.
>To post to this group, send email to qubes-users@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/qubes-users/c51a2258-2153-453c-a14b-800c4a3d5c13%40googlegroups.com.
>For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/DB0AFBC3-A572-47D5-958A-3259A4C44EB7%40yandex.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Just realized one of the major disadvantages of Qubes OS...

2017-01-31 Thread RSS 

> > no support for ipv6  
> 
> not really a problem. it is 2017 and I still haven't encountered any
> situation where IPv6 is actually being used, despite working a lot
> with computers and routers (IPv6 is there but nobody is using it...
> Never ever had to use those ridiculous IPv6 addresses, yet)

Actually, I run IPv6-enabled mail servers, and I am (at least some
times) getting IPv6 connections with Google's mail servers. This is
fairly recent behavior. A good chunk of Amazon AWS has recently enabled
IPv6. 

I rent (very cheap) two servers that have no public IPv4 IP addresses,
only IPv6.

IPv6 is coming, count on it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170128171003.39aae383%40armor-mail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I attach two virtualized NICs to one HVM?

2017-01-31 Thread charles . l . scoville 
On Tuesday, January 31, 2017 at 3:11:33 PM UTC-8, Unman wrote:
> Hi Charlie,
> 

Hello hello.

> I was going to say that I didn't understand your problem, but I think I
> do - you want to use the HVM as a netVM, and attach qubes downstream to
> it.

Not quite sure what you mean by this. Are you thinking I want to use OPNsense 
as a replacement for Qubes' own firewall VM? If so, that's not what I was 
thinking, though I'm not opposed to doing it that way. Actually, that almost 
sounds better.

No, close though. I'm actually trying to run the HVM parallel to the other 
VM's. That is, have my isolated OPNsense HVM act as NAT/firewall between two 
NIC's, say eth0(WAN) and eth1(LAN), but also give any other VMs concurrent 
access to eth0(WAN). With this config, OPNsense would only be intended to serve 
an isolated subnet my captive portal for a WiFi hotspot. 

I'm *TOTALLY NOT* fixing to sell WiFi to my neighbors, BTW, as that would 
likely violate my ISP's ToS... (¬‿¬)

hummm ...I should make a diagram for what I'm doing or something, as the above 
isn't much better of an explanation. Or maybe I can explain it better if I come 
at it from a different direction.

...

OK, let's assume I had three NIC's and two PC's. 

The first PC runs Qubes OS, has some AP VMs, and only has one NIC for its WAN. 
For simplification, we are going to ignore virtualized machines and treat this 
as one OS.

The second PC is running OPNsense OS, and has two NIC's. The first NIC is 
connected to the WAN, the second connected to an internal LAN.

Now imagine I merged these two PCs together into one. 

I now have two OS's running side by side in one PC with three NICs. Two of 
those NICs would really be doing the same thing, connecting to the WAN. So I 
could also merge the two WAN NICs.

Now I have two OS's in one PC with just two NICs. The Qubes OS with one NIC as 
its WAN, and the OPNsense OS with the same WAN NIC, and another as a LAN NIC.

This is about what I'm trying to do on Qubes. Does that make sense?



> 
> You obviously know how to attach NICs to the HVM, and you've discovered
> that you cant set up an HVM as a netVM.

umm, maybe, maybe not. (^_^)

I can attach NIC's to the HVM by PCI passthrough, then install it on the HVM's 
OS. If I do that though, the NIC is no longer accessible to the rest of the 
Qubes system. That would be fine for the LAN NIC, I suppose, but that's not 
going to work for the WAN NIC since Qubes still needs WAN access.

Just typing this out is starting to give me new ideas though. 

I'm thinking maybe I could pass the LAN NIC up to the HVM with PCI passthrough, 
but then use the Qubes firewall vif for the WAN NIC.

> What you could try is to set the networking by hand (or script it) using
> xen tools.
> To attach qube1, set the netVM to none, and then try using xl:
> something like 
> "xl network-attach qube1 script=/etc/xen/scripts/vif-route-qubes
> backend=HVM" should do it.
> You'll have to configure the interfaces by hand, but that shouldn't be
> an issue.
> 
> unman

Cool, thanks. I'm checking out the xl man page now. There's a lot there, looks 
like just the info I need if nothing else works though. Particularly the 
virtual interface stuff, as you alluded to. I'll post back whatever I figure 
out.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bd9b5393-233e-4aab-8740-31a911078775%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Is it possible to run browser and other "chatty" applications as dedicated users in appvm?

2017-01-31 Thread Unman 
On Mon, Jan 30, 2017 at 11:36:37AM -0800, Jane Jok wrote:
> On Monday, January 30, 2017 at 10:25:48 PM UTC+3, Garrett Robinson wrote:
> > On 01/30/2017 11:21 AM, Jane Jok wrote:
> > 
> > > I know that Qubes security model doesn't rely on users system for 
> > > security, but combined with iptables, this could prevent traffic leaks 
> > > when running certain "wonky" VPN configs (for instance, ipsec based VPNs 
> > > where a tun device is absent) by straight up disallowing a certain user 
> > > from communicating over anything other than the VPN link.
> > Hm, this sound like you're running a VPN in your AppVM. Are you? If so,
> > a better solution (that can easily achieve your goal of preventing
> > leaks, albeit for an entire VM instead of a specific user of a VM) is to
> > use a ProxyVM, as documented here: https://www.qubes-os.org/doc/vpn/.
> 
> -
> I already have a bunch of proxyvms running different VPNs for... different 
> reasons.
> 
> Unless I get a box with more ram or someone much smarter than me does one of 
> those super-fancy <100MB RAM unikernel VM things, but for ipsec tunnels, this 
> is the best option.
> 
> Besides, it's not a "high risk" VM or anything like that.
> 

Yes, you can do this, exactly as you envisage, and it's relatively
straightforward. Standard caveats apply, and you'll need to get
permissions right and grant access to the X server, but otherwise there's
nothing Qubes specific here.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170131235558.GD9109%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USB wifi adapter

2017-01-31 Thread Unman 
On Tue, Jan 31, 2017 at 05:33:33PM +, goi...@hushmail.com wrote:
> Hello
> How can I install a wifi adapter in Qubes? I have some drivers but
> don't now where and how to install them. When I insert the usb, Qubes
> doesn't detect it  and I haven't found doc on the site that can help
> me.
> 
> Best Regards

If you have a sys-usb then it has captured the wifi adapter. If not,
then you should have one.

What you can do is to switch the relevant USB controller to your
sys-net.
In the template backing sys-net install the drivers for the wifi
adapter.
Reboot.(Easiest way after reallocating the controller to new qube)
The adapter should show up in sys-net and you can use it from there.
Look in a terminal in sys-net to see what's happening, but if you have
right drivers it should work.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170131233742.GC9109%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread Unman 
On Tue, Jan 31, 2017 at 11:41:27AM -0800, vincent.maximus.c...@gmail.com wrote:
> On Tuesday, January 31, 2017 at 7:44:35 PM UTC+1, 01v3g4n10 wrote:
> > On Tuesday, January 31, 2017 at 12:38:03 PM UTC-6, ulabunga wrote:
> > > My Setup
> > > 
> > > proxy vm + airvpn in network manager ,TCP-53
> > >  -> appvm x
> > > 
> > > importing airvpn VPN configuration files (TCP-53) in my proxy vm network 
> > > manager
> > > and select this 'AirVpn' proxyvm in my netvm settings 
> > > for all my fedora/debain appvm's.
> > > 
> > > 
> > > Is there any better more secure way (not tor)
> > > to setup my internet security?
> > > 
> > > I noticed having DNS leaks the first 5 seconds after Im connected to a 
> > > new server..
> > 
> > Follow Set up a ProxyVM as a VPN gateway using iptables and CLI scripts
> > https://www.qubes-os.org/doc/vpn/
> 
> 
> 
> that sounds REALLY complicated...
> is there an easy fix to DNS leaks ?
> 
> 
> in the proxyvm you have the options in the firewall rules 
>  to disable
> 
> allow ICMP traffic
> allow dns queries
> 
> should the box be white or black ?
> (check or uncheck?)

Whatever anyone tries to tell you security IS complicated, and
there isn't an easy way to achieve it in a hostile environment.

There IS a somewhat easier way than described in those docs, but you
will have to change your set-up.
Put a firewall inline between proxy and sys-net, and use it to block all
traffic from the proxy except whatever is required to run your vpn. That
is, Deny all EXCEPT VPN protocol and port. If you have a single provider
specify that, or a number of IP addresses.
Don't allow ICMP or DNS traffic.

If I remember, the original VPN thread included folk who had real
opposition to this method, but it would work fine. It just adds another
Qubes networking layer in to the mix.
You are, of course, using a standard port for DNS, so there would still
be the possibility of some DNS traffic passing through with this
configuration, at least the request. If you were to change to some other
port this wouldn't be an issue.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170131233051.GB9109%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: USB wifi adapter

2017-01-31 Thread goic19 
It's a tp-link TL-WN823N

On 1/31/2017 at 6:42 PM, "01v3g4n10"  wrote:On Tuesday, January 31,
2017 at 11:33:35 AM UTC-6, goi...@hushmail.com wrote:
> Hello
> How can I install a wifi adapter in Qubes? I have some drivers but
don't now where and how to install them. When I insert the usb, Qubes
doesn't detect it  and I haven't found doc on the site that can help
me.
> 
> Best Regards

Kind of hard to help when you don't provide any information about the
wifi adapter. Brand, model, etc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170131231707.A14B4C05B9%40smtp.hushmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How do I attach two virtualized NICs to one HVM?

2017-01-31 Thread Unman 
On Tue, Jan 31, 2017 at 01:24:21PM -0800, Charlie wrote:
> Hi.
> 
> I'm wanting to run OPNsense on Qubes along with some other VMs. I have a 
> working OPNsense HVM, but to actually be useful OPNsense needs two NIC's (a 
> LAN and WAN). I can't figure out a comfortable way to do such on Qubes though.
> 
> Extra info:
> OPNsense is, itself, a firewall, so I don't think I'll need the Qubes 
> provided firewall VM. I would, however, like to have the netcode isolation 
> that a net VM provides. If that proves impossible, then I'd like to know how 
> to attach the two NICs to the OPNsense HVM without making them inaccessible 
> from the rest of Qubes OS. I'm mostly trying to do this for the captive 
> portal feature set OPNsense provides, so if anyone has an easier way to do 
> that on Qubes, I would accept that as an answer too.
> 
> Thanks
> -Charlie
> 
Hi Charlie,

I was going to say that I didn't understand your problem, but I think I
do - you want to use the HVM as a netVM, and attach qubes downstream to
it.

You obviously know how to attach NICs to the HVM, and you've discovered
that you cant set up an HVM as a netVM.
What you could try is to set the networking by hand (or script it) using
xen tools.
To attach qube1, set the netVM to none, and then try using xl:
something like 
"xl network-attach qube1 script=/etc/xen/scripts/vif-route-qubes
backend=HVM" should do it.
You'll have to configure the interfaces by hand, but that shouldn't be
an issue.

unman


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170131231132.GA9109%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Wine/PlayOnLinux Best Practices

2017-01-31 Thread Franz 
On Tue, Jan 31, 2017 at 7:16 PM, mojosam 
wrote:

> > As for security, imagine my surprise when my Linux desktop started
> popping up malware ads, which ran quite happily in Wine.
>
> Precisely my concern!
>
> I will probably eventually create a Windows HVM and just run necessary
> stuff in there.  I didn't want to run an entire instance of Windows just to
> run the Kindle app.
>
> As for my experience yesterday attempting to set all of this up, it was
> not pleasant.  It took me many hours.  Maybe half of that was learning
> where and how Qubes deals with installed software.  That really does
> complicate things.  Beyond that, I encountered numerous bugs and many
> crashes with PlayOnLinux and Kindle.  I don't know how people can think POL
> (and presumably Wine) is a viable option.
>
> What this has (re)taught me is the evils of DRM.  There are a lot of books
> that are Kindle only.  If I don't want the dead tree version, I'm stuck
> with Kindle.  I live in a country (USA) that is very hostile to fair use.
> I'm now investigating DRM removal techniques.  If that works out, I'm
> purging this disaster that is POL and Kindle app.
>
>
yes I have a userVM that is devoted only to taking DRM out of kindle books
that I buy on Amazon. For that to work have POL installed in a cloned
template from which that userVM depends. Any risk is limited to those two
VMs.
Best
Fran

--
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/f449c819-592c-4eaf-95fb-de31cdf32741%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAPzH-qAZKC-TGzO5J38C3bhtvVzjUuUi4-g8ujuzqcsnVUkbVA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Wine/PlayOnLinux Best Practices

2017-01-31 Thread bassmeister3000 
> I will probably eventually create a Windows HVM and just run necessary stuff 
> in there.  I didn't want to run an entire instance of Windows just to run the 
> Kindle app.

There's a good chance you don't need to just for Kindle.  I've run many 
applications in bare Wine, until I found good replacements for them.  
 
> 
> I don't know how people can think POL (and presumably Wine) is a viable 
> option.

As I mentioned above, they aren't actually 1:1 in terms of working or not 
working.  Wine works, the caveat is that you have to make it work with your 
app, which can be a real PITA.

> 
> What this has (re)taught me is the evils of DRM.  There are a lot of books 
> that are Kindle only. 

I believe for a while I was able to use Chrome and the Kindle store to read 
kindle books?  Perhaps that's an option.

As for DRM, well that's why I still buy physical books.  The ones who really 
suffer are the authors, since DRM forces so many people who would have paid for 
the content to find an alternative that works.

I used to use a lot of commercial software on Windows, but after two years the 
validation servers would cease to exist and my apps went *p00f*.  Thousands of 
dollars of unusable software. I've since happily spent money for apps and media 
that don't require DRM.  I won't buy anything with DRM.  Vote with your wallet. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/839df4c7-cc98-4098-a652-4d3a32a93287%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Wine/PlayOnLinux Best Practices

2017-01-31 Thread john.david.r.smith 

On 31/01/17 22:24, mojosam wrote:

it does protect you from user errors. e.g.:
you have some malicious pdf in a vm.
if you have noting to open the pdf, you can't accidentally open it and corrupt 
your vm.


Isn't that the concept behind "attack surface"?  If the code is there, 
something malicious might have the ability to call it.  I think there was malware that 
was recently discovered that could exploit the floppy disk controller in either VMware or 
VirtualBox.


but if there is something malicious able to call it, the malicious piece of 
code could download play on linux and then exploit the error.
the case is:
- there is something malicious
- it can execute code
hence it can install everything it wants to and exploit it (but that is not 
even necessary, since it only needs remote code execution to do anything it 
wants to do)

in this case we already executed something and caused the malicious code to 
become active (e.g. opened it with a program)

the case i mentioned was:
- there is something containing malicious code (e.g. a pdf)
- the code can't activate, since no piece of software parses this code

the attack surface is created by the code you execute rather the code that is 
on the system.
this is the case, because you only need remote code execution to own a qubes 
vm. (instead of remote code execution + privacy escalation)
the only advantage of not installing software is: you can't be able to 
accidentally execute it and activate some malicious code (but here your action 
would extend the attack surface)

at least this is my understanding of the situation.


The bigger practical concern is that PlayOnLinux expanded my template by 800 
MB.  Is all of that cruft duplicated on the hard drive for every VM, or is it 
just accessed from the template as needed when the VM is activated?


this depends on the location that stuff is stored at.
if it is somewhere on /rw (e.g. /home/user) each cloned vm will have a 
duplicate.

if play on linux downloads the stuff after its first execution, you can simply 
only execute it in vms using play on linux.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/98fffab0-8e22-061c-ddb5-e10afa59de4c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Wine/PlayOnLinux Best Practices

2017-01-31 Thread mojosam 
> As for security, imagine my surprise when my Linux desktop started popping up 
> malware ads, which ran quite happily in Wine.

Precisely my concern!

I will probably eventually create a Windows HVM and just run necessary stuff in 
there.  I didn't want to run an entire instance of Windows just to run the 
Kindle app.

As for my experience yesterday attempting to set all of this up, it was not 
pleasant.  It took me many hours.  Maybe half of that was learning where and 
how Qubes deals with installed software.  That really does complicate things.  
Beyond that, I encountered numerous bugs and many crashes with PlayOnLinux and 
Kindle.  I don't know how people can think POL (and presumably Wine) is a 
viable option.

What this has (re)taught me is the evils of DRM.  There are a lot of books that 
are Kindle only.  If I don't want the dead tree version, I'm stuck with Kindle. 
 I live in a country (USA) that is very hostile to fair use.  I'm now 
investigating DRM removal techniques.  If that works out, I'm purging this 
disaster that is POL and Kindle app.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f449c819-592c-4eaf-95fb-de31cdf32741%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Wine/PlayOnLinux Best Practices

2017-01-31 Thread bassmeister3000 
> I was rather shocked to see that PlayOnLinux hogs 800 MB on my hard drive.  I 
> guess there's support in there for just about every freaking service that any 
> Windows application might want.  I had just assumed that that stuff would be 
> installed on an as-needed basis (Maybe standalone Wine does this?).
> 

It's been a while since I used wine (I prefer just using an HVM for this) and 
PlayOnLinux, but here's the gist:

wine and wine dependencies are relatively light, but will create a "windows" 
simulated directory under ~/.wine which holds all the actual app executables.  

Wine would go in TemplateVM and run in an AppVM.  It WILL eat up space in the 
AppVM.  

PlayOnLinux creates (Last time I used it) MULTIPLE windows directories (one for 
each app?) on the AppVM, which eats a ton of space. You probably only need 
PlayOnLinux if you are actually running a DirectX game etc. PlayOnLinux 
includes EVERY addon to Wine (Wine->OSS->PulseAudio) with patches to make 
specific applications work. 

If you can get it running in just Wine, you can select which extensions get 
installed.

As for security, imagine my surprise when my Linux desktop started popping up 
malware ads, which ran quite happily in Wine.  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4b0e506c-760f-4528-9430-179c6d9a7f34%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: ios in Qubes

2017-01-31 Thread Patrick Bouldin 
On Tuesday, January 31, 2017 at 3:57:35 PM UTC-5, Patrick Bouldin wrote:
> Hi, I'm not seeing that as an option, is that correct?
> 
> I thought maybe I could avoid buying an Apple in order to do some mobile app 
> development if I could load the OS into a VM.
> 
> Thanks,
> Patrick

Ok, thanks much to you both. Yuk.
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8470854d-a140-4098-8e3e-85f8cc45b433%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Wine/PlayOnLinux Best Practices

2017-01-31 Thread Reg Tiangha 
On 01/31/2017 02:24 PM, mojosam wrote:
>> it does protect you from user errors. e.g.:
>> you have some malicious pdf in a vm.
>> if you have noting to open the pdf, you can't accidentally open it and 
>> corrupt your vm.
> Isn't that the concept behind "attack surface"?  If the code is there, 
> something malicious might have the ability to call it.  I think there was 
> malware that was recently discovered that could exploit the floppy disk 
> controller in either VMware or VirtualBox.
>
> The bigger practical concern is that PlayOnLinux expanded my template by 800 
> MB.  Is all of that cruft duplicated on the hard drive for every VM, or is it 
> just accessed from the template as needed when the VM is activated?
>
Accessed from the TemplateVM from the AppVM if needed, assuming all of
your AppVMs are based on the same TemplateVM and PlayOnLinux installed
it in the root partition. Clearly, it needs to do so when you first
install the package, but all of your programs that you install in Wine
including different Wine versions, libraries, etc once you start the
PlayOnLinux client all get stored in /home/user/.PlayOnLinux and those
are only accessible through the AppVM that you launched it from. A
different AppVM based on the same TemplateVM wouldn't be able to access
those apps unless you were to reinstall them on the new AppVM as well.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/o6r071%24a45%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ios in Qubes

2017-01-31 Thread Grzesiek Chodzicki 
W dniu wtorek, 31 stycznia 2017 22:07:07 UTC+1 użytkownik Alex napisał:
> On 01/31/2017 09:57 PM, Patrick Bouldin wrote:
> > Hi, I'm not seeing that as an option, is that correct?
> >
> > I thought maybe I could avoid buying an Apple in order to do some
> > mobile app development if I could load the OS into a VM.
> >
> > Thanks, Patrick
> >
> I don't think that would be an option: iOS exists only for ARM devices,
> so you would need a full-fledged emulator, and not just some VM/PVM
> magic. iOS devices are very specific, and you would need to emulate
> swipes and gestures that are hard to perform with a keyboard and a
> mouse, let alone pass them through to an X11 application...
> 
> Heck, even Apple itself does *not* offer an iOS VM for development, but
> only a "simulator" that has its documented
> (https://developer.apple.com/library/content/documentation/IDEs/Conceptual/iOS_Simulator_Guide/TestingontheiOSSimulator/TestingontheiOSSimulator.html)
> limitations. In the end, iOS development needs actual hardware. And if
> you plan to publish your applications, you will need something that can
> run the XCode IDE, and that would be an OSX system.
> 
> What you could try to achieve, albeit with a steep mountain of problems
> to overcome, is to run OSX in a Xen domU, and then in a Qubes HVM
> Good luck :D
> 
> -- 
> Alex

Apple License prohibits running OSX on hardware not manufactured by Apple (even 
in a VM) so OSX support in Qubes is probably in notgonnahappenland as legally, 
only people running Qubes on Macs would be able to install it.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/307c2bc6-9e9f-4ce7-849e-9ca6874e0932%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Wine/PlayOnLinux Best Practices

2017-01-31 Thread mojosam 
> it does protect you from user errors. e.g.:
> you have some malicious pdf in a vm.
> if you have noting to open the pdf, you can't accidentally open it and 
> corrupt your vm.

Isn't that the concept behind "attack surface"?  If the code is there, 
something malicious might have the ability to call it.  I think there was 
malware that was recently discovered that could exploit the floppy disk 
controller in either VMware or VirtualBox.

The bigger practical concern is that PlayOnLinux expanded my template by 800 
MB.  Is all of that cruft duplicated on the hard drive for every VM, or is it 
just accessed from the template as needed when the VM is activated?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f4d36d7-ed84-40f2-b3aa-7b767e1334b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How do I attach two virtualized NICs to one HVM?

2017-01-31 Thread Charlie 
Hi.

I'm wanting to run OPNsense on Qubes along with some other VMs. I have a 
working OPNsense HVM, but to actually be useful OPNsense needs two NIC's (a LAN 
and WAN). I can't figure out a comfortable way to do such on Qubes though.

Extra info:
OPNsense is, itself, a firewall, so I don't think I'll need the Qubes provided 
firewall VM. I would, however, like to have the netcode isolation that a net VM 
provides. If that proves impossible, then I'd like to know how to attach the 
two NICs to the OPNsense HVM without making them inaccessible from the rest of 
Qubes OS. I'm mostly trying to do this for the captive portal feature set 
OPNsense provides, so if anyone has an easier way to do that on Qubes, I would 
accept that as an answer too.

Thanks
-Charlie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/467f6c07-07c7-4c10-84ab-a0afd0a0c1d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] ios in Qubes

2017-01-31 Thread Alex 
On 01/31/2017 09:57 PM, Patrick Bouldin wrote:
> Hi, I'm not seeing that as an option, is that correct?
>
> I thought maybe I could avoid buying an Apple in order to do some
> mobile app development if I could load the OS into a VM.
>
> Thanks, Patrick
>
I don't think that would be an option: iOS exists only for ARM devices,
so you would need a full-fledged emulator, and not just some VM/PVM
magic. iOS devices are very specific, and you would need to emulate
swipes and gestures that are hard to perform with a keyboard and a
mouse, let alone pass them through to an X11 application...

Heck, even Apple itself does *not* offer an iOS VM for development, but
only a "simulator" that has its documented
(https://developer.apple.com/library/content/documentation/IDEs/Conceptual/iOS_Simulator_Guide/TestingontheiOSSimulator/TestingontheiOSSimulator.html)
limitations. In the end, iOS development needs actual hardware. And if
you plan to publish your applications, you will need something that can
run the XCode IDE, and that would be an OSX system.

What you could try to achieve, albeit with a steep mountain of problems
to overcome, is to run OSX in a Xen domU, and then in a Qubes HVM
Good luck :D

-- 
Alex


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fccce6e-f8b1-85f0-d76c-f375894d3a21%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] ios in Qubes

2017-01-31 Thread Patrick Bouldin 
Hi, I'm not seeing that as an option, is that correct?

I thought maybe I could avoid buying an Apple in order to do some mobile app 
development if I could load the OS into a VM.

Thanks,
Patrick

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/44c4540e-47ec-41d9-bdd0-3a4b81349365%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Long boot time for "Initialize and mount /rw and /home" unit

2017-01-31 Thread Alex 
Hi,
I've been having some issues in the past few weeks with a Fedora 25
AppVM (template updated from f24), sometimes the
qubes-mount-dirs.service unit takes ~5 minutes to complete and I'm stuck
waiting for it to finish.

The private.img of this AppVM is ~48GiB, but I have another 20GiB AppVm
that is working just fine.

Since I had some spare time, I've been looking at what is this unit
doing and... I'm quite puzzled.

Please note that I'm not a /bin/sh master, so I may have mis-interpreted
what happens here.

The unit file calls /usr/lib/qubes/init/mount-dirs.sh, which in turn
calls /usr/lib/qubes/init/setup-rwdev.sh.

And in this file, I may be mistaken here, but what I see is:
- the script checks if /dev/xvdb exists
- if it does, it gets the size into $private_size_512
- it then asks dd to produce that many 512-byte-sized blocks, and asks
diff to compare them to /dev/xvdb
- if they match, a filesystem is created

What I don't understand is... is this thing really comparing ~50GiB of
disk on every boot with a stream of 50 billion zeros just to see if a
filesystem exists? It's weird, because if this was the case I would have
to wait a long time on every boot, while this does not happen; on 1 in 3
boots, the VM starts up in ~20 seconds instead of the usual 5 minutes.

Checking in journalctl, I see that this check seems to last less than a
second when a boot succeeds. I'll add some more log lines in the
template and will try to catch the log for a long boot.

Other questions arise. Is it really necessary for the AppVM to try to
perform those steps (one being the zero-check, the other being the
resize2fs that immediately follows in the same script) on every boot?
why not something like /usr/sbin/blkid or /usr/bin/file, i.e. why the
specific all-zero check? And why not place some dot-file in the root of
the filesystem, like /.resize to signal a resize2fs to be done, instead
of having it run on every boot?

Thank you for your time,

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7e052233-f24b-4fc6-fd9c-e51211523189%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] Re: Graphics card problem with Intel HD Graphics 530

2017-01-31 Thread Opal Raava 
On Monday, January 30, 2017 at 11:54:15 PM UTC+1, Opal Raava wrote:
> Hi all,
> 
> I've been running QUbes OS for a while, an I built a new PC with an intel 
> i5-6500 cpu and intel hd graphics 530 card. When I just install fedora25 
> workstation on it, the graphics look cool, 3d is fast enouhg. When I boot 
> from the disk of my old computer the screen gets black at the point the gray 
> screen with progress bar should be. I checked grub and it does give the 
> i915.whatever=1 to the linux commandline.
> 
> Any ideas? should I perhaps buy some old compatible graphics card and just 
> use that?

Oh sorry, I didn't mean that i installed a HVM with Fedora25. 

I'm installing Qubes on a new machine, an i5-6500. it has an SSD (on which i 
want to install Qubes :) and a HDD that boots me into Fedora25, which works 
with my graphics card. If I however run the setup of Qubes R3.2 I get a black 
screen right when the graphical installer should run. 

But since it works for you, I'm gonna try to change some settings in my bios.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f74e9708-cd32-4cd7-8086-801d6f31a57f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Installation of DNSSEC-Trigger on Qubes ??

2017-01-31 Thread Chris Laprise 

On 01/31/2017 10:33 AM, ThierryIT wrote:

Nobody ?


Le dimanche 29 janvier 2017 09:10:49 UTC+2, ThierryIT a écrit :

Hi,

I do prefer to ask before doing something wrong on  my working Qubes.
Where to install DNSSEC-Trigger ? Is 'sys-net' the right answer ?
Do you have  for Qubes env any documentation on how to do it properly ?

Thx


According to the Qubes threat model (or security model, depending on how 
you see it), sys-net is probably the wrong place to run software that 
establishes some kind of trust relationship with another computer. I 
suggest using a ProxyVM.


Chris

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/51955aa2-9824-4de1-81b4-ca6cda7d970d%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread '01v3g4n10' via qubes-users 
On Tuesday, January 31, 2017 at 1:41:27 PM UTC-6, vincent.ma...@gmail.com wrote:
> On Tuesday, January 31, 2017 at 7:44:35 PM UTC+1, 01v3g4n10 wrote:
> > On Tuesday, January 31, 2017 at 12:38:03 PM UTC-6, ulabunga wrote:
> > > My Setup
> > > 
> > > proxy vm + airvpn in network manager ,TCP-53
> > >  -> appvm x
> > > 
> > > importing airvpn VPN configuration files (TCP-53) in my proxy vm network 
> > > manager
> > > and select this 'AirVpn' proxyvm in my netvm settings 
> > > for all my fedora/debain appvm's.
> > > 
> > > 
> > > Is there any better more secure way (not tor)
> > > to setup my internet security?
> > > 
> > > I noticed having DNS leaks the first 5 seconds after Im connected to a 
> > > new server..
> > 
> > Follow Set up a ProxyVM as a VPN gateway using iptables and CLI scripts
> > https://www.qubes-os.org/doc/vpn/
> 
> 
> 
> that sounds REALLY complicated...
> is there an easy fix to DNS leaks ?
> 
> 
> in the proxyvm you have the options in the firewall rules 
>  to disable
> 
> allow ICMP traffic
> allow dns queries
> 
> should the box be white or black ?
> (check or uncheck?)

There are some changes that you can make to your browser

In Firefox, type in "about: config" in the URL bar. When the page comes up, 
enter "media.peerconnection.enabled" into the search bar. When it appears, set 
that entry to "false" (this can be done by double clicking it, or by right 
clicking and selecting "Toggle").

In Google Chrome a free extension has been made available for installation that 
patches the issues. It can be downloaded here 
https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia?hl=en-US

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b140188d-b254-48bf-b541-7b3825cdfeb2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread john.david.r.smith 

On 31/01/17 19:38, ulabunga wrote:

My Setup

proxy vm + airvpn in network manager ,TCP-53
 -> appvm x

importing airvpn VPN configuration files (TCP-53) in my proxy vm network manager
and select this 'AirVpn' proxyvm in my netvm settings
for all my fedora/debain appvm's.


Is there any better more secure way (not tor)
to setup my internet security?

I noticed having DNS leaks the first 5 seconds after Im connected to a new 
server..



that is a known problem.
you can add some iptables rules to fix that.
there is a guide in the doc:
https://www.qubes-os.org/doc/vpn/#set-up-a-proxyvm-as-a-vpn-gateway-using-iptables-and-cli-scripts

look at the iptables section

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b8c08d11-21f7-b0d9-55e7-04ae85bc162a%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread vincent . maximus . coco 
On Tuesday, January 31, 2017 at 7:44:35 PM UTC+1, 01v3g4n10 wrote:
> On Tuesday, January 31, 2017 at 12:38:03 PM UTC-6, ulabunga wrote:
> > My Setup
> > 
> > proxy vm + airvpn in network manager ,TCP-53
> >  -> appvm x
> > 
> > importing airvpn VPN configuration files (TCP-53) in my proxy vm network 
> > manager
> > and select this 'AirVpn' proxyvm in my netvm settings 
> > for all my fedora/debain appvm's.
> > 
> > 
> > Is there any better more secure way (not tor)
> > to setup my internet security?
> > 
> > I noticed having DNS leaks the first 5 seconds after Im connected to a new 
> > server..
> 
> Follow Set up a ProxyVM as a VPN gateway using iptables and CLI scripts
> https://www.qubes-os.org/doc/vpn/



that sounds REALLY complicated...
is there an easy fix to DNS leaks ?


in the proxyvm you have the options in the firewall rules 
 to disable

allow ICMP traffic
allow dns queries

should the box be white or black ?
(check or uncheck?)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3cc1e496-723e-41f4-89ec-956e802ae970%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread vincent . maximus . coco 
On Tuesday, January 31, 2017 at 7:44:35 PM UTC+1, 01v3g4n10 wrote:
> On Tuesday, January 31, 2017 at 12:38:03 PM UTC-6, ulabunga wrote:
> > My Setup
> > 
> > proxy vm + airvpn in network manager ,TCP-53
> >  -> appvm x
> > 
> > importing airvpn VPN configuration files (TCP-53) in my proxy vm network 
> > manager
> > and select this 'AirVpn' proxyvm in my netvm settings 
> > for all my fedora/debain appvm's.
> > 
> > 
> > Is there any better more secure way (not tor)
> > to setup my internet security?
> > 
> > I noticed having DNS leaks the first 5 seconds after Im connected to a new 
> > server..
> 
> Follow Set up a ProxyVM as a VPN gateway using iptables and CLI scripts
> https://www.qubes-os.org/doc/vpn/




in the proxyvm you have the options in the firewall rules 
 to disable 

allow ICMP traffic
allow dns queries

should the box be white or black ?
(check or uncheck?)


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/83c68759-1f6a-44e7-a4e2-8178e6bad319%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Can't install QUBES 3.2

2017-01-31 Thread codeur4life 
Ok now it's working fine.
I have restart installation but with a password without number.
It may due to a difference between FR keybord and US keybord configuration.

So now I am using the CPU chipset Graphic.
I just hope the next version of Qubes will support GTX 1060.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a84009f6-db84-4ee3-914e-e9004e49bc82%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Asus ROG GL752VW-GS71-HID6

2017-01-31 Thread Grzesiek Chodzicki 
W dniu wtorek, 31 stycznia 2017 17:09:15 UTC+1 użytkownik Ronald Duncan napisał:
> I tried reinstalling on the ssd, and it was a bit of nightmare.
> 
> I kept getting an error trying to start the sys-net VM with my PCI network 
> card 
> 
> Internel error:
> Unable to reset PCI device :03:00.1:
> internal error: Active :03:00.0 devices on bus with :03:00.1
> not doing bus reset 
> 
> https://github.com/QubesOS/qubes-issues/issues/1393
> Tried sending echo -n "1" > /sys/bus/pci/devices/:03:00.1/remove 
> but vm would not start up
> 
> https://groups.google.com/d/msg/qubes-users/o8eahbAg3q0/v1Ztl8aU-UkJ
> Then removed the item via the gui which worked but means I can not use the 
> ethernet card.
> 
> It shows as the same card in the above link.
> 
> The strange thing is that the first install onto the hard drive had no 
> problems with the ethernet card???
> 
> Must have tried reinstalling about 10 times and got the error every time.
> 
> The wifi card works in both cases.
> 
> Regards
> Ronald
> 
> On Wednesday, 7 December 2016 14:34:55 UTC, Ronald Duncan  wrote:
> > HCL-ASUSTeK_COMPUTER_INC_-GL752VW-20161207-142440
> > 
> > Needs nouveau.modeset=0 to run!!
> > 
> > 
> > Looks like everything is working
> > 
> > Ethernet
> > 
> > Wifi
> > 
> > usb
> > 
> > 
> > 
> > Issues during install I tried putting usb in a vm, (checking this and 
> > running under the net vm which hung the install.
> > 
> > 
> > 
> > Installing the default ticked vm's worked.
> > 
> > 
> > 
> > On installing from USB you need to do the following
> > 
> > 
> > 
> > just after installation - before reboot - go to tty2 (ctl+alt+F2) and edit
> > 
> > /mnt/sysroot/boot/efi/EFI/qubes/xen.cfg and add nouveau.modeset=0 to the 
> > end of the Kernel= line
> > 
> > (not sure if its mounted at exactly /mnt/sysroot - see `mount` output to
> > 
> > be sure).
> > 
> > 
> > 
> > Big thanks to Marek!!
> > 
> > Regards
> > 
> > Ronald

Check whether the network shares a controller with another device (such as the 
card reader). If it does, assign the second device to the sys-net.
If that fails run (in dom0) qvm-prefs -s sys-net pci_strictreset false

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fbe75925-09e8-4af4-876e-0e97e2d13c37%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread '01v3g4n10' via qubes-users 
On Tuesday, January 31, 2017 at 12:38:03 PM UTC-6, ulabunga wrote:
> My Setup
> 
> proxy vm + airvpn in network manager ,TCP-53
>  -> appvm x
> 
> importing airvpn VPN configuration files (TCP-53) in my proxy vm network 
> manager
> and select this 'AirVpn' proxyvm in my netvm settings 
> for all my fedora/debain appvm's.
> 
> 
> Is there any better more secure way (not tor)
> to setup my internet security?
> 
> I noticed having DNS leaks the first 5 seconds after Im connected to a new 
> server..

Follow Set up a ProxyVM as a VPN gateway using iptables and CLI scripts
https://www.qubes-os.org/doc/vpn/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fba22e02-412b-46e4-ba01-a782addc8c9b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: USB wifi adapter

2017-01-31 Thread '01v3g4n10' via qubes-users 
On Tuesday, January 31, 2017 at 11:33:35 AM UTC-6, goi...@hushmail.com wrote:
> Hello
> How can I install a wifi adapter in Qubes? I have some drivers but don't now 
> where and how to install them. When I insert the usb, Qubes doesn't detect it 
>  and I haven't found doc on the site that can help me.
> 
> Best Regards

Kind of hard to help when you don't provide any information about the wifi 
adapter. Brand, model, etc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4f753000-0f08-47ce-9f27-58eff42f4142%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Right Way to Setup your VPN to prevent Leaks ?

2017-01-31 Thread ulabunga 
My Setup

proxy vm + airvpn in network manager ,TCP-53
 -> appvm x

importing airvpn VPN configuration files (TCP-53) in my proxy vm network manager
and select this 'AirVpn' proxyvm in my netvm settings 
for all my fedora/debain appvm's.


Is there any better more secure way (not tor)
to setup my internet security?

I noticed having DNS leaks the first 5 seconds after Im connected to a new 
server..

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6aa30ab2-72e9-4f12-acb0-35694aa55667%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Running qvm-create-default-dvm against fedora-24-minimal hangs

2017-01-31 Thread qubes 

Hi,

I have tried to to create my own disposable vm based on the minimal 
Fedora 24 template and it always hangs during "Waiting for DVM 
fedora-24-minimal-dvm ...". The only difference to the original rpm 
template is sudo and the salt vm package.


If I use the regular fedora-24 template it works fine.

So which package or service am I missing?

Thx in advance

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/221b83eba562ec29bf3d776974b4f605%40posteo.de.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] USB wifi adapter

2017-01-31 Thread goic19 
Hello
How can I install a wifi adapter in Qubes? I have some drivers but
don't now where and how to install them. When I insert the usb, Qubes
doesn't detect it  and I haven't found doc on the site that can help
me.

Best Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2017013117.7305B200EC%40smtp.hushmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Weird DHCP Problems in sys-net (Qubes 3.2)

2017-01-31 Thread n...@riseup.net 
Hello,

a friend of mine updated recently from Q3.1 to Q3.2. Since then he has weird
issues with connecting to the internet. It looks like sys-net is not able to
get an IP-address via DHCP. If he sets up a manual connection with fixed
IP-addresses it works. We unsuccessfully tried to hunt down the problems
source.
- He tried to change the template on which sys-net is based from Fedora
23 to
  Fedora 24 (from the official Qubes repository)
- He tried out to use different kernels: 4.4.11-11 and 4.4.38-11
- It works on the same machine with a xubuntu-live-system.
- Here is a log from a DHCP attempt:

[user@sys-net Documents]$ cat NM_log.txt
-- Logs begin at Mon 2017-01-30 13:53:38 CET. --
Jan 31 00:09:03 sys-net dhclient[1181]: DHCPDISCOVER on wlp0s1 to
255.255.255.255 port 67 interval 20 (xid=0x40ab3d7d)
Jan 31 00:09:07 sys-net dhclient[1181]: receive_packet failed on wlp0s1:
Network is down
Jan 31 00:09:07 sys-net NetworkManager[540]:   WiFi hardware radio
set disabled
Jan 31 00:09:07 sys-net NetworkManager[540]:   (wlp0s1): device
state change: IP-config -> unavailable (reason 'none') [70 20 0]
Jan 31 00:09:07 sys-net NetworkManager[540]:   (wlp0s1): canceled
DHCP transaction, DHCP client pid 1181
Jan 31 00:09:07 sys-net NetworkManager[540]:   (wlp0s1): DHCPv4
state changed unknown -> done
Jan 31 00:09:07 sys-net NetworkManager[540]:   NetworkManager
state is now DISCONNECTED
Jan 31 00:09:07 sys-net NetworkManager[540]:   WiFi now disabled
by radio killswitch
Jan 31 00:09:07 sys-net NetworkManager[540]:   Failed to
GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not
connected: disconnect.
Jan 31 00:09:07 sys-net NetworkManager[540]:   Failed to
GDBus.Error:fi.w1.wpa_supplicant1.NotConnected: This interface is not
connected: disconnect.
Jan 31 00:09:29 sys-net NetworkManager[540]:   WiFi hardware radio
set enabled
Jan 31 00:09:30 sys-net NetworkManager[540]:   WiFi now enabled by
radio killswitch
Jan 31 00:09:30 sys-net NetworkManager[540]:   (wlp0s1) supports 5
scan SSIDs
Jan 31 00:09:30 sys-net NetworkManager[540]:   (wlp0s1):
supplicant interface state: starting -> ready
Jan 31 00:09:30 sys-net NetworkManager[540]:   (wlp0s1): device
state change: unavailable -> disconnected (reason
'supplicant-available') [20 30 42]
Jan 31 00:09:32 sys-net NetworkManager[540]:   (wlp0s1):
supplicant interface state: ready -> inactive
Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
Activation: starting connection 'Hide&Seek'
(8d633039-62bf-4625-8639-b23b318c13ff)
Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1): device
state change: disconnected -> prepare (reason 'none') [30 40 0]
Jan 31 00:09:39 sys-net NetworkManager[540]:   NetworkManager
state is now CONNECTING
Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1): device
state change: prepare -> config (reason 'none') [40 50 0]
Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
Activation: (wifi) connection 'Hide&Seek' has security, and secrets
exist.  No new secrets needed.
Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added
'ssid' value 'Hide&Seek'
Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added
'scan_ssid' value '1'
Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added
'key_mgmt' value 'WPA-PSK'
Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: added 'psk'
value ''
Jan 31 00:09:39 sys-net NetworkManager[540]:   Config: set
interface ap_scan to 1
Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
supplicant interface state: inactive -> associating
Jan 31 00:09:39 sys-net NetworkManager[540]:   (wlp0s1):
supplicant interface state: associating -> associated
Jan 31 00:09:40 sys-net NetworkManager[540]:   (wlp0s1):
supplicant interface state: associated -> completed
Jan 31 00:09:40 sys-net NetworkManager[540]:   (wlp0s1):
Activation: (wifi) Stage 2 of 5 (Device Configure) successful.
Connected to wireless network 'Hide&Seek'.
Jan 31 00:09:40 sys-net NetworkManager[540]:   (wlp0s1): device
state change: config -> IP-config (reason 'none') [50 70 0]
Jan 31 00:09:40 sys-net NetworkManager[540]:   Activation (wlp0s1)
Beginning DHCPv4 transaction (timeout in 45 seconds)
Jan 31 00:09:40 sys-net NetworkManager[540]:   dhclient started
with pid 1503
Jan 31 00:09:40 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
255.255.255.255 port 67 interval 6 (xid=0xf3604a3b)
Jan 31 00:09:46 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
255.255.255.255 port 67 interval 12 (xid=0xf3604a3b)
Jan 31 00:09:58 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
255.255.255.255 port 67 interval 16 (xid=0xf3604a3b)
Jan 31 00:10:14 sys-net dhclient[1503]: DHCPDISCOVER on wlp0s1 to
255.255.255.255 port 67 interval 19 (xid=0xf3604a3b)
Jan 31 00:10:25 sys-net NetworkManager[540]:   (wlp0s1): DHCPv4
request timed out.
Jan 31 00:10:25 sys-net NetworkManager[540]:   (wlp0s1): DHCPv4
state changed unknown -> timeout
Jan 31 00:10:25 sys-net

[qubes-users] Re: Remove menu entries in XFCE on Qubes

2017-01-31 Thread '01v3g4n10' via qubes-users 
On Tuesday, January 31, 2017 at 9:36:03 AM UTC-6, b...@students.ptcollege.edu 
wrote:
> I'm trying to remove an entry in the applications menu for fedora 23 that's 
> still there from when I updated to 24. How can I do this?

https://www.qubes-os.org/doc/remove-vm-manually/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a29715bf-9256-44cf-ae72-55afabb41bc3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: HCL - Asus ROG GL752VW-GS71-HID6

2017-01-31 Thread Ronald Duncan 
I tried reinstalling on the ssd, and it was a bit of nightmare.

I kept getting an error trying to start the sys-net VM with my PCI network card 

Internel error:
Unable to reset PCI device :03:00.1:
internal error: Active :03:00.0 devices on bus with :03:00.1
not doing bus reset 

https://github.com/QubesOS/qubes-issues/issues/1393
Tried sending echo -n "1" > /sys/bus/pci/devices/:03:00.1/remove 
but vm would not start up

https://groups.google.com/d/msg/qubes-users/o8eahbAg3q0/v1Ztl8aU-UkJ
Then removed the item via the gui which worked but means I can not use the 
ethernet card.

It shows as the same card in the above link.

The strange thing is that the first install onto the hard drive had no problems 
with the ethernet card???

Must have tried reinstalling about 10 times and got the error every time.

The wifi card works in both cases.

Regards
Ronald

On Wednesday, 7 December 2016 14:34:55 UTC, Ronald Duncan  wrote:
> HCL-ASUSTeK_COMPUTER_INC_-GL752VW-20161207-142440
> 
> Needs nouveau.modeset=0 to run!!
> 
> 
> Looks like everything is working
> 
> Ethernet
> 
> Wifi
> 
> usb
> 
> 
> 
> Issues during install I tried putting usb in a vm, (checking this and running 
> under the net vm which hung the install.
> 
> 
> 
> Installing the default ticked vm's worked.
> 
> 
> 
> On installing from USB you need to do the following
> 
> 
> 
> just after installation - before reboot - go to tty2 (ctl+alt+F2) and edit
> 
> /mnt/sysroot/boot/efi/EFI/qubes/xen.cfg and add nouveau.modeset=0 to the end 
> of the Kernel= line
> 
> (not sure if its mounted at exactly /mnt/sysroot - see `mount` output to
> 
> be sure).
> 
> 
> 
> Big thanks to Marek!!
> 
> Regards
> 
> Ronald

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6cd1978d-deaa-4fa5-8f66-08309c6978e8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Wine/PlayOnLinux Best Practices

2017-01-31 Thread john.david.r.smith 



Since this is in my regular Fedora 24 template, won't this codebase be included 
in every app VM I run, whether I'm running PlayOnLinux in that app VM or not?


yes


Presumably none of that code would be running,


so there should be no problem (at least i can't see any problems)


but it would still be accessible to malware that wanted to call it.


for this the malware does need remote code execution.
if it has remote code execution it simply can call
sudo dnf install -y playonlinux
it also could download anything and simply execute it as root.
(root has no password)

so not having something installed does not protect you if you would not call it 
anyways.

it does protect you from user errors. e.g.:
you have some malicious pdf in a vm.
if you have noting to open the pdf, you can't accidentally open it and corrupt 
your vm.

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af70957f-600e-8bbc-dd72-c240d3972e4b%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Remove menu entries in XFCE on Qubes

2017-01-31 Thread bl7 
I'm trying to remove an entry in the applications menu for fedora 23 that's 
still there from when I updated to 24. How can I do this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/116fac37-e564-4e78-9ef1-8a754abb6dc1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Installation of DNSSEC-Trigger on Qubes ??

2017-01-31 Thread ThierryIT 
Nobody ?


Le dimanche 29 janvier 2017 09:10:49 UTC+2, ThierryIT a écrit :
> Hi,
> 
> I do prefer to ask before doing something wrong on  my working Qubes.
> Where to install DNSSEC-Trigger ? Is 'sys-net' the right answer ?
> Do you have  for Qubes env any documentation on how to do it properly ?
> 
> Thx

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f0b6c90b-998c-4cf0-9797-2e08d93ca4c1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: AEM boot doesn't load serviceVM's since Xen 4.6.3

2017-01-31 Thread Lorenzo Lamas 
I just updated Dom0 to the updates in current-testing, this upgraded both 
Xen(to 4.6.4-25) and AEM(to 3.0.5-1) but nothing has changed.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc76de22-002d-43d0-b06e-93e95d156ae1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to view Youtube in Fullscreen ? (for dummies)

2017-01-31 Thread '01v3g4n10' via qubes-users 
On Tuesday, January 31, 2017 at 1:35:00 AM UTC-6, justin.h...@gmail.com wrote:
> On Monday, January 23, 2017 at 1:01:41 AM UTC-8, daltong defourne wrote:
> > On Thursday, October 27, 2016 at 12:15:53 AM UTC+3, jamie wrote:
> > > does not matter if I use fedora, debian or whonix ... whenever I press 
> > > fullscreen on any youtube video the brower freezes..
> > > 
> > > it also does not matter which browser I use firefox, chromium,...
> > > all of them freeze.
> > > 
> > > 
> > > how to watch youtube videos 'for dummies' in fullscreen ? 
> > > how to enable fullscreen mode 'for dummies' in my fedora appVM ?
> > 
> > Right click on window border, choose fullscreen
> > The browser window goes fullscreen
> > 
> > NOW press the video's fullscreen button
> > The video will now go into fullscreen on a fullscreen window and all will 
> > be right with the world.
> > 
> > P.S.:
> > If you're running on intel IGFX, it may require some annoying tuning to get 
> > youtube working "just right" (without tearing, etc)
> 
> I'm pretty interested in doing some of that "annoying tuning." Do you have 
> any suggestions? Anywhere I should be looking?

I've created /etc/X11/xorg.conf.d/20-intel.conf in dom0 and placed the below 
lines in it. Solved the tearing for me, but ymmv.

Section "Device"
   Identifier  "Intel Graphics"
   Driver  "intel"
   Option  "TearFree" "true"
EndSection

https://wiki.archlinux.org/index.php/Intel_Graphics

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4002bbcb-7516-409a-ae64-e0d63f409ede%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: How to view Youtube in Fullscreen ? (for dummies)

2017-01-31 Thread 4mbwarmane 
On Tuesday, January 31, 2017 at 8:35:00 AM UTC+1, justin.h...@gmail.com wrote:
> On Monday, January 23, 2017 at 1:01:41 AM UTC-8, daltong defourne wrote:
> > On Thursday, October 27, 2016 at 12:15:53 AM UTC+3, jamie wrote:
> > > does not matter if I use fedora, debian or whonix ... whenever I press 
> > > fullscreen on any youtube video the brower freezes..
> > > 
> > > it also does not matter which browser I use firefox, chromium,...
> > > all of them freeze.
> > > 
> > > 
> > > how to watch youtube videos 'for dummies' in fullscreen ? 
> > > how to enable fullscreen mode 'for dummies' in my fedora appVM ?
> > 
> > Right click on window border, choose fullscreen
> > The browser window goes fullscreen
> > 
> > NOW press the video's fullscreen button
> > The video will now go into fullscreen on a fullscreen window and all will 
> > be right with the world.
> > 
> > P.S.:
> > If you're running on intel IGFX, it may require some annoying tuning to get 
> > youtube working "just right" (without tearing, etc)
> 
> I'm pretty interested in doing some of that "annoying tuning." Do you have 
> any suggestions? Anywhere I should be looking?

I Don't know anything about tuning the Intel graphics, but for me updating to 
firefox 51 cut my cpu usage in half (and runs much better than chrome which I 
used before). I think they improved software rendering dramaticaly in this 
update which is only available for fedora 24 I think.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/64b32d34-29b8-4faa-831e-70a6ae4f2355%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.