[qubes-users] Re: U2F on Gmail not working (using Chrome on Personal AppVM)

[john]

On 05/15/18 18:09, qubesque-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

On Saturday, May 12, 2018 at 12:03:11 PM UTC, 
qube...-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:

Hello there, I was wondering if there is a workaround to make this work.
I have a Yubikey with U2F, which has the dual purpose of being a normal Yubikey 
as well as being able to do U2F when the webbrowser requests it.

I am on the latest stable Qubes 4.0.
This is so far what I have been doing:

1) I go to gmail.com and enter my user and password.
2) I plug the yubikey to the laptop, sys-usb recognizes it
3) I "attach" the usb to "personal" from the sys-usb

And nothing happens, the yubikey is not blinking, the light stays steadily on.
It doesn't react in any way by touching on it, it neither generating yubikeys 
nor the u2f.

Does anyone have a solution to this?
Regards


I've read that there are ways to connect the usb as a passthrough straight to 
the AppVM, but I find it ironic that to log-in securely to the email we have to 
lower the security of the OS. I also have an Yubikey NEO and the sys-usb 
attached to the personal VM doesn't allow the use of the U2F. Is this by design 
or it is an issue to be fixed?

If anyone effectively solved this issue please let me know.



that goes for all 3 of my expensive Yubikeys, since 4.0, I can't use, 
am falling back to SMS 2FA  , which I am not happy about,   in my case 
its for 2FA for pw manager ,  HOTP or OTP  not even sure .have given up


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a7640a2-d212-e4db-6b49-862b8d686a6e%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm

[deusestveritasinsempiternum]

> I mean a Fedora or Debian live image, just to create the USB by using DD
> directly instead of Rufus. Might fix your installation issue.

Ah, Yes. 
 
> If you're booting UEFI, you need to edit a different place. See the first
> entry in https://www.qubes-os.org/doc/uefi-troubleshooting/. (But I don't
> think this will help with the issue you're having.)

Booted UEFI and Legacy with exact same conclusion. Installing Qubes 3.2 and the 
attempted installation of Qubes 4.0 have the same results when UEFI or Legacy 
is used.


THANK YOU 
BEST 
ERIN D.


 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3dd1b7c9-09d4-49ab-8f05-3b011c49ae31%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ram Limit

[Drew White]

On Wednesday, 16 May 2018 13:02:19 UTC+10, awokd  wrote:
> On Tue, May 15, 2018 10:04 pm, taii...@gmx.com wrote:
> > On 05/15/2018 11:07 AM, Thomas Druilhe wrote:
> >
> >> Hi,
> >>
> >> We are using Qube-os 3.2 and sometimes we got a problem with RAM usage.
> > Corporate user?
> >> We set up minimum limit at 400Mo but sometimes RAM drop to 320 Mo
> >> causing crash of the application.
> >>
> >> How the amount of RAM can be under the limit fixed in the settings of
> >> the VM ?
> > Well you can have as much as you please via the pre-allocate option
> > disabling memory scaling.
> >
> > If you are using memory balancing the issue is probably not having
> > enough on the host thus you are memory starved.
> >
> > I suggest pre-allocation for critical applications VMs, such as if one
> > was using xen (not qubes ofc) for a domain controller, DNS, etc.
> 
> I think Thomas is saying he's setting a minimum of 400MB but sees the VM
> dropping to 320MB and crashing. Your solution of setting a fixed memory
> size and disabling memory balancing on the VM should also work in that
> case!

I have a minimum of 256 MB.
My NetVM and ProxyVM have 256 MB RAM assigned.

Hard assignment.
I generally have everything hard assigned if they are for low RAM usage.
High usage I set for 2/3 GB RAM.
The rest I have set as min 400 and max 4000.
I have never experienced the issue you are referring to.
Unless you are using Firefox or similar because that can happen because FF is 
badly programmed.
I would also recommend not using the Qubes Manager, as it is resource hungry.

I have Dom0 set at 2048 MB RAM.
If I use Qubes Manager I need to have an extra 1 GB of RAM available AT LEAST.

So I would recommend you look at your global settings and the setting of your 
computer too.

Setting manual sizes is good, but for a few, instead of 4000 MB, set it to 4 GB 
(4096 MB)
Try and always keep it to the right multiples.
This will help in many things.
1,2,4,8,16,32,64,128,256,512,... etc..
If you keep everything in multiples of 256 for RAM, then I find everything 
works smoothly with Dom0 using 2048 MB RAM.

I can have it as 1024, but then the virtual system has no turn around space in 
Dom0. So I would recommend 2048 MB RAM for Dom0 as a minimum. (Until a better, 
less resource hungry system is used for Dom0, like Slackware [personal opinion])

The Minimum Allocation for RAM is only the minimum for what you assign in the 
manager. Not the minimum that things will use or allocate to use.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b430ef3f-9e06-49dc-99b0-49669aad80af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

[[799]]

Hello Eivind,

On 05/15 09:24, Eivind K. Dovik wrote:
> [...]
> Through Qubes VM Manager, I've added the following firewall rule:
> 
> - Deny network access except ...
> - IP address of my email server
> 
> This works fine.

please keep in mind that most email providers will use load-balancers for 
incoming requests.
As such you might need to add more than one IP to the firewall.
If you're using the Qubes GUI to add firewall rules:
If you enter a FQDN it will be translated to an IP-address when you enter the 
rule.
As such it might not work next time, if the load balancers route you to another 
IP.

regards

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180516054302.gxex6eovvbetxp65%40my-privmail.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Bug?] whonix-ws clock out of synch after suspend (R4.0)

[[799]]

Hello,

On 05/15 10:57, Dimitri wrote:
> Hi,
> I noticed that the clock in whonix-ws based VMs is not synchronized after 
> sleep mode. If I have my computer in sleep mode for 2h then the VMs clock is 
> 2h in the past.
> To me this looks like a bug. 
> Large clock skews can potentially harm anonymity.

I have the same problem.

I have set the time manually using the following command in sys-whonix and my 
anon-whonix AppVM:

   user@host:~$ sudo date +%T -s "22:18:00"


which sets the time to my current local time (germany).

Strangely I still get an error message when running whonixcheck.
Why is there a message "NTP synchronized: no" ?

Shouldn't the time always be synchronized as we're running virtual machines?


user@host:~$ whonixcheck
[INFO] [whonixcheck] sys-whonix | Whonix-Gateway | whonix-gw Template-Based 
ProxyVM | Tue May 15 22:29:23 UTC 2018
dmesg: read kernel buffer failed: Operation not permitted
[INFO] [whonixcheck] Connected to Tor.
[ERROR] [whonixcheck] Systemd Clock Check Result:
Unexpected results by timedatectl.
timedatectl_output_pretty:
  Local time: Tue 2018-05-15 22:29:25 UTC
  Universal time: Tue 2018-05-15 22:29:25 UTC
RTC time: n/a
   Time zone: Etc/UTC (UTC, +)
 NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
  DST active: n/a
It is generally recommended to keep the default as per Whonix Design. [1]
If you did not change timezone related settings, please report this Whonix bug.
If you know what you are doing and changed this on purpose, feel free to
disable this check. [2]

[1] https://www.whonix.org/wiki/Dev/Design-Shared#timezone
[2] Create a file /etc/whonix.d/50_whonixcheck_user and add:
whonixcheck_skip_functions+=" check_systemd_clock "


[799]


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180515203810.tpgltwx3v5sqemhk%40my-privmail.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 won't boot via coreboot grub rescue

[[799]]

Hello awokd,

On 05/16 03:08, awokd wrote:
> > On 05/14/2018 06:25 PM, awokd wrote:
> >
> >> On Mon, May 14, 2018 8:58 pm, taii...@gmx.com wrote:
> >>> I try the usual syslinux_configfile but I get an "out of memory" error
> >>> how am I to do this? ideas?
> > [...]
> >
> > I wish to install qubes 4.0 via the coreboot grub payload.
> >
> > So I try to boot qubes 4.0 DVD via the grub coreboot payload which
> > provides one with a grub-rescue console, normally the command
> > "syslinux_configfile (ahci1)/isolinux/isolinux.cfg" or what not will
> > launch the iso as normal but instead I receive an out of memory error
> > and for some reason the grub.cfg included in the isolinux folder doesn't
> > work either.

I don't know which device you're using but I have flashed Coreboot with SeaBIOS 
on my X230 and have also documented how to do so. I was 
also thinking about using GRUB but there were many side effects which someone 
mentioned in a Qubes posting. I think one of them was 
related to updating dom0 and thereof I choose simplicity over security. Using 
SeaBIOS was good enough for me, the only nice thing about 
using Coreboot + Grub is (as far as I understand) that we can run an encrypted 
boot, which might offer a better protection against evil 
maid attacks.

My idea against Evil Maid attacks was to run somthing like AIDE (file 
fingerprinting) on /boot and to verify.
I think this is also the idea of the Anti Evil Maid approach in Qubes.

But to be honest, the risk that someone attacks me via evil maid is not very 
high for me or in other words "reasonable unlikely" :-)

If you get Coreboot+GRUB on qubes fixed I am interesting in hearing how this 
works during daily use.

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20180516052829.lmjakhb2hamb365w%40my-privmail.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Yubico FIDO U2F Security Key and Qubes

[qubesque]

On Wednesday, February 21, 2018 at 5:30:14 PM UTC, William Bormann wrote:
> On Tuesday, February 20, 2018 at 2:58:18 PM UTC-5, Yuraeitha wrote:
> > 
> > wait hold on, just to be sure we're on the same page here. 
> > Why would you bring up sys-usb? Putting a USB controller in sys-usb is 
> > normally for the purpose to use qvm-usb/widget to virtually pass it to 
> > multiple of other VM's, or just a place to hold it for keyboard/mouse. 
> > Since the Yubi key didn't work for me by passing it away from the sys-usb, 
> > but worked in the sys-usb itself.
> > 
> > If you have a controller to spare, you'd want to put it directly into the 
> > AppVM. It's less secure than a sys-usb, but nonetheless, if you really need 
> > an USB application working, which doesn't work in the widget/qvm-USB, then 
> > you need to pass the USB controller directly into the very VM where you 
> > need the Yubi key. This can also cause problems if you need to switch the 
> > controller from one VM to another, for example you can't run both VM's at 
> > the same time if they both try to claim the controller, and if the USB 
> > controller has no pci-reset functionality, then you need to restart the 
> > whole computer to be able to move it to a new VM.
> > 
> > Just to be sure we're on the same page here?
> 
> We are.  I identified two approaches:  direct assignment of the hub to a 
> particular VM, or, bring up sys-usb so I could easily assign the U2F key to 
> any VM.  The latter seemed more flexible, but also more of a heavyweight 
> solution.
> 
> In the end, I decided to simply assign the spare hub to the VM I would be 
> using for most U2F logins.  If it turns out that I frequently need to use U2F 
> on other VMs I'll revisit the sys-usb solution, especially since I know both 
> work.

Could you detail the steps to make it work? I am using the sys-usb in the way 
it came by default in QubeOS R4.0 , and attaching it to the needed AppVM 
doesn't do anything for me.
I am using a Yubikey NEO btw.

Normal storage USBs such as pendrives and such I have no problems in assigning 
a AppVM from the sys-usb. I am only having problems with the Yubikey NEO.

Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cdcbb4c1-79be-4397-89da-de2d008ff2fb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes R4.0 - no internet working in appVM

[Sergio Matta]

> I know PV is not recommended, but thought it was still supported under
> R4.0 and Xen? If so, networking should work too, but you're right- it
> won't be a priority.

PV is still supported by Xen. It will works fine after he create the routes. I 
agree there is not enough people using PV to be prioritized.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4bdf8f60-e8f5-4564-99e4-a4331b2a169f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: U2F on Gmail not working (using Chrome on Personal AppVM)

[qubesque]

On Saturday, May 12, 2018 at 12:03:11 PM UTC, qube...@gmail.com wrote:
> Hello there, I was wondering if there is a workaround to make this work.
> I have a Yubikey with U2F, which has the dual purpose of being a normal 
> Yubikey as well as being able to do U2F when the webbrowser requests it.
> 
> I am on the latest stable Qubes 4.0.
> This is so far what I have been doing:
> 
> 1) I go to gmail.com and enter my user and password.
> 2) I plug the yubikey to the laptop, sys-usb recognizes it
> 3) I "attach" the usb to "personal" from the sys-usb
> 
> And nothing happens, the yubikey is not blinking, the light stays steadily on.
> It doesn't react in any way by touching on it, it neither generating yubikeys 
> nor the u2f.
> 
> Does anyone have a solution to this?
> Regards

I've read that there are ways to connect the usb as a passthrough straight to 
the AppVM, but I find it ironic that to log-in securely to the email we have to 
lower the security of the OS. I also have an Yubikey NEO and the sys-usb 
attached to the personal VM doesn't allow the use of the U2F. Is this by design 
or it is an issue to be fixed?

If anyone effectively solved this issue please let me know.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4f5c77d-892a-4e31-b258-707c48cd5f8e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm

[awokd]

On Wed, May 16, 2018 3:49 am, deusestveritasinsempiter...@gmail.com wrote:
>>Not necessarily; maybe Rufus is doing something strange. Suggest booting
>> a
>>live image and creating your R4.0 installer USB directly with DD.
>
> If Live USB worked that isn't a really a solution to "using" Qubes 4.0, is
> it? Would that help to eventually achieving installing it?

I mean a Fedora or Debian live image, just to create the USB by using DD
directly instead of Rufus. Might fix your installation issue.


>> It's something like nouveau.modeset=0, check the Nvidia troubleshooting
>> doc. Probably won't help if you're getting that far with the install.
>
> Tried that at the boot and also in Qubes 3.2 terminal with it rejecting
> it. Also Tried all the [Grub] and every linux command for changing display
> size to no end.

If you're booting UEFI, you need to edit a different place. See the first
entry in https://www.qubes-os.org/doc/uefi-troubleshooting/. (But I don't
think this will help with the issue you're having.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0f7e89cf9c134ec529635b541bffa23c%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm

[deusestveritasinsempiternum]

>Not necessarily; maybe Rufus is doing something strange. Suggest booting a 
>live image and creating your R4.0 installer USB directly with DD.

If Live USB worked that isn't a really a solution to "using" Qubes 4.0, is it? 
Would that help to eventually achieving installing it?

> Yes. :) I think that will break more things than it helps.

Yeah, figured. 

How to disable NVIDIA and would that help?
 
> It's something like nouveau.modeset=0, check the Nvidia troubleshooting
> doc. Probably won't help if you're getting that far with the install.
 
Tried that at the boot and also in Qubes 3.2 terminal with it rejecting it. 
Also Tried all the [Grub] and every linux command for changing display size to 
no end. 


THANK YOU
BEST 
ERIN D.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/15158910-9bba-47db-b24e-d0452945b1f6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Q4.0 Fedora-26 -> Fedora-28 python3.6 errors

[john]

On 05/15/18 17:10, john wrote:

Hello Qubes Group.

I happened to notice  the instruction now available, while wondering why 
my VM Manager Fedora-26  green arrow wouldn't disappear.  and have 
proceeded to go from 26->28


https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/#qubes-40-instructions 



I did *note the  caveat

---
To work around this error:

     Upgrade while excluding the problematic packages by using -x 
python2-xcffib -x qubes-gui-vm -x qubes-gui-agent.
     Upgrade python2-xcffib using sudo dnf swap python-xcffib 
python2-xcffib. (This should automatically upgrade the other excluded 
packages too.)

---


which I assume means
---
sudo dnf --releasever=28 distro-sync --best --allowerasing -x 
python2-xcffib -x qubes-gui-vm -x qubes-gui-agent    ??

---

seeing they were python errors, I assumed it might be this and did do:
--
sudo dnf swap python-xcffib python2-xcffib
--

However, then I see:
--
The downloaded packages were saved in cache until the next successful 
transaction.

You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
   Curl error (7): Couldn't connect to server for 
https://mirrors.fedoraproject.org/metalink?repo=fedora-28&arch=x86_64 
[Failed to connect to 127.0.0.1 port 8082: Connection refused]

--

*Then examine the initial error closer I note that these seem to be 
different python errors



  I get these errors:

---
Traceback (most recent call last):
   File "/bin/dnf", line 58, in 
     main.user_main(sys.argv[1:], exit_code=True)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 179, in 
user_main

     errcode = main(args)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 64, in 
main

     return _main(base, args, cli_class, option_parser_class)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 99, in 
_main

     return cli_run(cli, base)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 123, in 
cli_run

     ret = resolving(cli, base)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 154, in 
resolving

     base.do_transaction(display=displays)
   File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 238, in 
do_transaction

     display = [output.CliTransactionDisplay()] + list(display)
   File "/usr/lib/python3.6/site-packages/dnf/base.py", line 784, in 
do_transaction

     return ret
   File "/usr/lib/python3.6/site-packages/dnf/plugin.py", line 96, in fn
     dnf.util.mapall(operator.methodcaller(method), self.plugins)
   File "/usr/lib/python3.6/site-packages/dnf/util.py", line 223, in mapall
     return wrapper
   File "/usr/lib/python3.6/site-packages/dnf-plugins/qubes-hooks.py", 
line 45, in transaction

     if config.getboolean('main', 'notify-updates'):
   File "/usr/lib/python3.6/site-packages/iniparse/compat.py", line 146, 
in getboolean

     v = self.get(section, option)
   File "/usr/lib/python3.6/site-packages/iniparse/compat.py", line 219, 
in get

     raise NoSectionError(section)
-

so  am I too try :

sudo dnf --releasever=28 distro-sync --best --allowerasing -x dnf -x 
iniparse




I'd rather not guess, and  have a  broken template to build on ,  or 
create some kind of  holes  , etc



cheers




actually if I base an AppVM on the Fedora-28  Template  the  qvm-start 
won't start  and  killing it  I get various  python errors 
so   guess need to resolve the upgrade  errors .


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e5dd2356-aec6-4096-669c-04f5950df1e8%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes R4.0 - no internet working in appVM

[awokd]

On Wed, May 16, 2018 3:15 am, Sergio Matta wrote:
> Em terça-feira, 15 de maio de 2018 23:39:20 UTC-3, awokd  escreveu:

>>
>> Sergio, are you saying if you change sys-net and sys-firewall to PV
>> mode,
>> it breaks the network configuration so you have to set up manually? That
>> doesn't sound intentional, I wonder if there's a bug (but R4.0 really
>> requires the ability to run HVM/PVH mode to be safest).
>
> Yes. I don't think it as a bug. Qubes V4 demands iommu. Without it you can
> use only PV or HVM. So PV was abandoned, PVH is programmed.
> The little I read about Xen says Xen creates virtual connections, when
> needed. With "ifconfig -a" he can see the correct vif and create the
> route. Some programming can be done, but I think is better change the
> motherboard. :-)

I know PV is not recommended, but thought it was still supported under
R4.0 and Xen? If so, networking should work too, but you're right- it
won't be a priority.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e827cfb5f20a9d16707fe1e9cf5e988c%40elude.in.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Q4.0 Fedora-26 -> Fedora-28 python3.6 errors

[john]

On 05/15/18 17:10, john wrote:

Hello Qubes Group.

I happened to notice  the instruction now available, while wondering why 
my VM Manager Fedora-26  green arrow wouldn't disappear.  and have 
proceeded to go from 26->28


https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/#qubes-40-instructions 



I did *note the  caveat

---
To work around this error:

     Upgrade while excluding the problematic packages by using -x 
python2-xcffib -x qubes-gui-vm -x qubes-gui-agent.
     Upgrade python2-xcffib using sudo dnf swap python-xcffib 
python2-xcffib. (This should automatically upgrade the other excluded 
packages too.)

---


which I assume means
---
sudo dnf --releasever=28 distro-sync --best --allowerasing -x 
python2-xcffib -x qubes-gui-vm -x qubes-gui-agent    ??

---

seeing they were python errors, I assumed it might be this and did do:
--
sudo dnf swap python-xcffib python2-xcffib
--

However, then I see:
--
The downloaded packages were saved in cache until the next successful 
transaction.

You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
   Curl error (7): Couldn't connect to server for 
https://mirrors.fedoraproject.org/metalink?repo=fedora-28&arch=x86_64 
[Failed to connect to 127.0.0.1 port 8082: Connection refused]

--

*Then examine the initial error closer I note that these seem to be 
different python errors



  I get these errors:

---
Traceback (most recent call last):
   File "/bin/dnf", line 58, in 
     main.user_main(sys.argv[1:], exit_code=True)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 179, in 
user_main

     errcode = main(args)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 64, in 
main

     return _main(base, args, cli_class, option_parser_class)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 99, in 
_main

     return cli_run(cli, base)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 123, in 
cli_run

     ret = resolving(cli, base)
   File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 154, in 
resolving

     base.do_transaction(display=displays)
   File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 238, in 
do_transaction

     display = [output.CliTransactionDisplay()] + list(display)
   File "/usr/lib/python3.6/site-packages/dnf/base.py", line 784, in 
do_transaction

     return ret
   File "/usr/lib/python3.6/site-packages/dnf/plugin.py", line 96, in fn
     dnf.util.mapall(operator.methodcaller(method), self.plugins)
   File "/usr/lib/python3.6/site-packages/dnf/util.py", line 223, in mapall
     return wrapper
   File "/usr/lib/python3.6/site-packages/dnf-plugins/qubes-hooks.py", 
line 45, in transaction

     if config.getboolean('main', 'notify-updates'):
   File "/usr/lib/python3.6/site-packages/iniparse/compat.py", line 146, 
in getboolean

     v = self.get(section, option)
   File "/usr/lib/python3.6/site-packages/iniparse/compat.py", line 219, 
in get

     raise NoSectionError(section)
-

so  am I too try :

sudo dnf --releasever=28 distro-sync --best --allowerasing -x dnf -x 
iniparse




I'd rather not guess, and  have a  broken template to build on ,  or 
create some kind of  holes  , etc



cheers




I should add as an addendum, that the install seems to have otherwise 
finished successfully, so maybe I just ignore  the  errors  that 
appeared after the 2000 packages were verified and continue ?





--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e49e7c8f-e4e0-a106-134e-665c6c1deb49%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes R4.0 - no internet working in appVM

[Sergio Matta]

Em terça-feira, 15 de maio de 2018 23:39:20 UTC-3, awokd  escreveu:
> On Mon, May 14, 2018 7:43 pm, Sergio Matta wrote:
> > Em segunda-feira, 14 de maio de 2018 13:55:51 UTC-3, niepo...@gmail.com
> > escreveu:
> 
> >> appVM's are not restored. All is default except I changed to pv mode
> >> netVM and firewallVM (in hvm and pvh do not started).
> >>
> >> Looks like i will back to R3.2 as R4.0 is useless for me with no
> >> internet in appVM's.
> >
> > sorry about write qvm-ls, is qvm-prefs, I was sleeping. Now you need to:
> > 1-keep them PV;
> > 2-chmod +x /rw/config/rc.local in sys-firewall and sys-net;
> > 3-In sys-net /rw/config/rc.local insert:
> > ip link set vif3.0 up
> > ip addr add [sys-net ip, something like 10.137.0.5]/255.255.255.255 dev
> > vif3.0
> > ip route add [sys-firewall ip, something like 10.137.0.6]/255.255.255.255
> > dev vif3.0
> > 4-In sys-firewall /rw/config/rc.local insert:
> > ip link set vif4.0 up
> > ip addr add [sys-firewall ip, something like 10.137.0.6]/255.255.255.255
> > dev vif4.0
> > ip route add [vm to route ip, something like 10.137.0.9]/255.255.255.255
> > dev vif4.0
> > you should repeat the item 4 increasing the vif and changing the ip to
> > support other vms.
> > It will run, not easy. You may consider buy a iommu motherboard.
> 
> Sergio, are you saying if you change sys-net and sys-firewall to PV mode,
> it breaks the network configuration so you have to set up manually? That
> doesn't sound intentional, I wonder if there's a bug (but R4.0 really
> requires the ability to run HVM/PVH mode to be safest).

Yes. I don't think it as a bug. Qubes V4 demands iommu. Without it you can use 
only PV or HVM. So PV was abandoned, PVH is programmed.
The little I read about Xen says Xen creates virtual connections, when needed. 
With "ifconfig -a" he can see the correct vif and create the route. Some 
programming can be done, but I think is better change the motherboard. :-)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8613c7fe-ef8f-4fcb-872c-7a4d16fbb59b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Q4.0 Fedora-26 -> Fedora-28 python3.6 errors

[john]

Hello Qubes Group.

I happened to notice  the instruction now available, while wondering why 
my VM Manager Fedora-26  green arrow wouldn't disappear.  and have 
proceeded to go from 26->28


https://www.qubes-os.org/doc/template/fedora/upgrade-27-to-28/#qubes-40-instructions

I did *note the  caveat

---
To work around this error:

Upgrade while excluding the problematic packages by using -x 
python2-xcffib -x qubes-gui-vm -x qubes-gui-agent.
Upgrade python2-xcffib using sudo dnf swap python-xcffib 
python2-xcffib. (This should automatically upgrade the other excluded 
packages too.)

---


which I assume means
---
sudo dnf --releasever=28 distro-sync --best --allowerasing -x 
python2-xcffib -x qubes-gui-vm -x qubes-gui-agent??

---

seeing they were python errors, I assumed it might be this and did do:
--
sudo dnf swap python-xcffib python2-xcffib
--

However, then I see:
--
The downloaded packages were saved in cache until the next successful 
transaction.

You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
  Curl error (7): Couldn't connect to server for 
https://mirrors.fedoraproject.org/metalink?repo=fedora-28&arch=x86_64 
[Failed to connect to 127.0.0.1 port 8082: Connection refused]

--

*Then examine the initial error closer I note that these seem to be 
different python errors



 I get these errors:

---
Traceback (most recent call last):
  File "/bin/dnf", line 58, in 
main.user_main(sys.argv[1:], exit_code=True)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 179, in 
user_main

errcode = main(args)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 64, in main
return _main(base, args, cli_class, option_parser_class)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 99, in 
_main

return cli_run(cli, base)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 123, in 
cli_run

ret = resolving(cli, base)
  File "/usr/lib/python3.6/site-packages/dnf/cli/main.py", line 154, in 
resolving

base.do_transaction(display=displays)
  File "/usr/lib/python3.6/site-packages/dnf/cli/cli.py", line 238, in 
do_transaction

display = [output.CliTransactionDisplay()] + list(display)
  File "/usr/lib/python3.6/site-packages/dnf/base.py", line 784, in 
do_transaction

return ret
  File "/usr/lib/python3.6/site-packages/dnf/plugin.py", line 96, in fn
dnf.util.mapall(operator.methodcaller(method), self.plugins)
  File "/usr/lib/python3.6/site-packages/dnf/util.py", line 223, in mapall
return wrapper
  File "/usr/lib/python3.6/site-packages/dnf-plugins/qubes-hooks.py", 
line 45, in transaction

if config.getboolean('main', 'notify-updates'):
  File "/usr/lib/python3.6/site-packages/iniparse/compat.py", line 146, 
in getboolean

v = self.get(section, option)
  File "/usr/lib/python3.6/site-packages/iniparse/compat.py", line 219, 
in get

raise NoSectionError(section)
-

so  am I too try :

sudo dnf --releasever=28 distro-sync --best --allowerasing -x dnf -x 
iniparse




I'd rather not guess, and  have a  broken template to build on ,  or 
create some kind of  holes  , etc



cheers


--
john 

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a9a1c3a6-9223-fc0a-60ec-15318b3de7cf%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 won't boot via coreboot grub rescue

[awokd]

On Tue, May 15, 2018 11:34 pm, taii...@gmx.com wrote:
> On 05/14/2018 06:25 PM, awokd wrote:
>
>> On Mon, May 14, 2018 8:58 pm, taii...@gmx.com wrote:
>>> I try the usual syslinux_configfile but I get an "out of memory" error
>>> how am I to do this? ideas?
>> Can you step through what you are trying to do and where the error
>> appears? Not sure I'm following.
> Sure :D
>
> I wish to install qubes 4.0 via the coreboot grub payload.
>
> So I try to boot qubes 4.0 DVD via the grub coreboot payload which
> provides one with a grub-rescue console, normally the command
> "syslinux_configfile (ahci1)/isolinux/isolinux.cfg" or what not will
> launch the iso as normal but instead I receive an out of memory error
> and for some reason the grub.cfg included in the isolinux folder doesn't
> work either.

Thanks, following now! I thought someone had replied to
https://www.mail-archive.com/qubes-users@googlegroups.com/msg20818.html
with a way to do it, but that thread appears to be broken. If you're in a
hurry, suggest trying Seabios to get it to install then switching to grub.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1b25012632dc238d627000b12b4148bd%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ram Limit

[awokd]

On Tue, May 15, 2018 10:04 pm, taii...@gmx.com wrote:
> On 05/15/2018 11:07 AM, Thomas Druilhe wrote:
>
>> Hi,
>>
>> We are using Qube-os 3.2 and sometimes we got a problem with RAM usage.
> Corporate user?
>> We set up minimum limit at 400Mo but sometimes RAM drop to 320 Mo
>> causing crash of the application.
>>
>> How the amount of RAM can be under the limit fixed in the settings of
>> the VM ?
> Well you can have as much as you please via the pre-allocate option
> disabling memory scaling.
>
> If you are using memory balancing the issue is probably not having
> enough on the host thus you are memory starved.
>
> I suggest pre-allocation for critical applications VMs, such as if one
> was using xen (not qubes ofc) for a domain controller, DNS, etc.

I think Thomas is saying he's setting a minimum of 400MB but sees the VM
dropping to 320MB and crashing. Your solution of setting a fixed memory
size and disabling memory balancing on the VM should also work in that
case!


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0ec156df4459f7e6ef1564c2128c5a2f%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm

[awokd]

On Tue, May 15, 2018 9:12 pm, deusestveritasinsempiter...@gmail.com wrote:


> Installing Qubes 4.0 (UEFI and Legacy) all goes well, (same as Qubes 3.2)
> get to GUI installer and start installation on the 1TB Hard Drive- gets to
> [qubes-mgmt-salt-base-topd-] [786/1018] (sometimes 781/1018 788/1018
> 794/1018 but always this title [qubes-mgmt-salt-base-topd]) and does not
> progress. Left it for hours, still no movement. You can hear the Hard
> Drive stop writing when it reaches that point.

> Yes, fedora 23/24 is the best for writing DD
> images, but since Qubes 3.2 worked and Qubes 4.0 works until the 786/1018
> file, a different DD writer will not help. Right?

Not necessarily; maybe Rufus is doing something strange. Suggest booting a
live image and creating your R4.0 installer USB directly with DD.

> **NOTE** Never was there an error or a explanation of the stopping at
> [qubes-mgmt-salt-base-topd] [786/1018] it just stopped.
>
> Can do a complete HRL using Qubes 3.2 but only if absolutely necessary.
>
> Questions:
>
> What does [qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm] draw
> from/correlate to? (Kernel, Graphics ect)?
>
> Is it crazy think to try to replace
> [qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm] with
> [qubes-mgmt-salt-base-topd-3.2.1-1.fc23.noarch.rpm]?

Yes. :) I think that will break more things than it helps.

> How to disable NVIDIA and would that help?

It's something like nouveau.modeset=0, check the Nvidia troubleshooting
doc. Probably won't help if you're getting that far with the install.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0aed864523e91fe52c31764d25bb6b2e%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Q3] Last dom0 update error: create transaction lock. Resource temporarily unavailable

[awokd]

On Mon, May 14, 2018 9:15 pm, 'Evastar' via qubes-users wrote:
> Hello,
> Thanks for new updates!
> I got some error with last dom0 update
> https://i.imgur.com/yWQD1lp.png
>
> After ~10 minutes of waiting ( I through that update freeze) this:
> https://i.imgur.com/diAOG8V.png
>
> How to fix? What to do next?

Reboot and try to run it again?


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ecf64117431f2fc7658a935ef4e8ae3a%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Lenovo G505S Coreboot

[awokd]

On Sat, May 12, 2018 7:58 pm, matthewwbradl...@gmail.com wrote:
> On Saturday, May 12, 2018 at 3:38:31 PM UTC-4, mattheww...@gmail.com

>> Does anybody know where I can find an up-to-date copy of the microcode
>> for this laptop? The latest microcode images I've been able to find
>> *anywhere* are
>> https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode
>> which according to the logs date back to 2016 and therefore can't
>> possibly contain spectre mitigations for an A10-5750M CPU.
>>
>> Supposedly AMD has/will release mitigating microcode for family 15h but
>> I don't think AMD has an equivalent to:
>> https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File
>>
>> Does AMD even announce when they release microcode for a particular
>> family/CPU? Ideally they'd have a list of CPU->microcode.tar.gz but one
>> can only dream I guess...
>>
>> The next step of course will be figuring out how to build coreboot to
>> load the microcode image, but, one step at a time.
>
> EDIT:
> https://web.archive.org/web/20160726141516/http://www.amd64.org:80/microcode.html
> doesn't seem to have been up since 2016

See below. There seems to be a way to do it if you edit the patch file
directly into microcode_amd_fam15h.bin (but we might be getting off-topic
for Qubes here).

https://www.mail-archive.com/coreboot@coreboot.org/msg51496.html





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ae712ae15304863b9cb47190d8db7f13%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] qvm-usb: Device Attach Failed [No Reason Given]

[awokd]

On Sun, May 13, 2018 8:21 pm, Jone wrote:
> On Sunday, May 13, 2018 at 3:38:03 PM UTC-4, awokd wrote:
>
>> Are you using those quotes in the actual command? Try: qvm-usb attach
>> test
>> sys-usb:3-1
>
> The error remains the same. [For anyone looking at this post in the
> future, the quotes did succeed with as expected with an AppVM based on the
> debian-9 template.]

Make sure you have qubes-usb-proxy installed in all templates, and
qubes-input-proxy-sender in your sys-usb's template.
Check journalctl and VM specific logs for additional error information.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71f61b8d6792327695e9f95e775a173c%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Qubes R4.0 - no internet working in appVM

[awokd]

On Mon, May 14, 2018 7:43 pm, Sergio Matta wrote:
> Em segunda-feira, 14 de maio de 2018 13:55:51 UTC-3, niepo...@gmail.com
> escreveu:

>> appVM's are not restored. All is default except I changed to pv mode
>> netVM and firewallVM (in hvm and pvh do not started).
>>
>> Looks like i will back to R3.2 as R4.0 is useless for me with no
>> internet in appVM's.
>
> sorry about write qvm-ls, is qvm-prefs, I was sleeping. Now you need to:
> 1-keep them PV;
> 2-chmod +x /rw/config/rc.local in sys-firewall and sys-net;
> 3-In sys-net /rw/config/rc.local insert:
> ip link set vif3.0 up
> ip addr add [sys-net ip, something like 10.137.0.5]/255.255.255.255 dev
> vif3.0
> ip route add [sys-firewall ip, something like 10.137.0.6]/255.255.255.255
> dev vif3.0
> 4-In sys-firewall /rw/config/rc.local insert:
> ip link set vif4.0 up
> ip addr add [sys-firewall ip, something like 10.137.0.6]/255.255.255.255
> dev vif4.0
> ip route add [vm to route ip, something like 10.137.0.9]/255.255.255.255
> dev vif4.0
> you should repeat the item 4 increasing the vif and changing the ip to
> support other vms.
> It will run, not easy. You may consider buy a iommu motherboard.

Sergio, are you saying if you change sys-net and sys-firewall to PV mode,
it breaks the network configuration so you have to set up manually? That
doesn't sound intentional, I wonder if there's a bug (but R4.0 really
requires the ability to run HVM/PVH mode to be safest).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/41c58939e1c52569b8edc246e1a2d844%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] [Bug?] whonix-ws clock out of synch after suspend (R4.0)

[awokd]

On Tue, May 15, 2018 8:47 pm, 799 wrote:
> Hello,
>
> On 05/15 10:57, Dimitri wrote:
>> Hi,
>> I noticed that the clock in whonix-ws based VMs is not synchronized
>> after
> sleep mode. If I have my computer in sleep mode for 2h then the VMs clock
> is 2h in the past.
>> To me this looks like a bug.
>> Large clock skews can potentially harm anonymity.
>
> I have the same problem.
>
> I have set the time manually using the following command in sys-whonix and
> my anon-whonix AppVM:
>
>user@host:~$ sudo date +%T -s "22:18:00"
>
>
> which sets the time to my current local time (germany).
>
> Strangely I still get an error message when running whonixcheck.
> Why is there a message "NTP synchronized: no" ?
>
> Shouldn't the time always be synchronized as we're running virtual
> machines?

I think this may have been addressed in Whonix 14. On Whonix 13 on R3.2
with DispVMs, I worked around the issue by disabling sdwdate
(https://phabricator.whonix.org/T695). I'm not sure that's the safest
approach or if it will help on a normal suspend. So try Whonix 14 first,
then disabling sdwdate if it still isn't working.

NTP is disabled in Whonix templates. https://www.whonix.org/wiki/Time_Attacks


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/166a8e7971fb9fb83088d19853723c22%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

And 2th question: 

Do you know how to restore all connections after proxyvm reboot. Yes, it's not 
possible to reboot it from qubes manager, but I can reboot it with terminal. 
Then, maybe, some simple steps exists to reconnect all AppVMs? This would help 
me a lot. It's my simpler to reboot only proxyVM vs all vms.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/QFQDJEd0CvCSlo2cOa4AVTQ6Xf_rWDM1wCppqiwr6DEjDhVLWt6UUvePvnXmqJ_Kd4qPtt0NtAUMjW41K4Yxgz8WG9LIWQvGvUTxHgsokLg%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

> If the vif interfaces are going down, that suggests a bug either in

Today it happens again and now I open terminal at ethervpn and write "route". 
It freeze, not totally freeze, but it print line by line output of this command 
and every line took ~10 seconds to print. Maybe it's because I use imported 
ethervpn from 3.2. backup? Something happens :(

> tun and tap interfaces look similar in the sense that they're all

I don't know how to check this. 

And other question. You are advanced user and you must know.

I'm trying to use this script to get correct gatewayIP to setup routes.

IP="$(ip addr | grep 'vpn_vpn' -A0 | tail -n1 | awk '{print $2}' | cut -f1 
-d'/')"

(vpn_vpn is "dhclient vpn_vpn" ) 

"ip addr" print output: 192.168.30.10/24, this command give me 192.168.30.10, 
but I need to find somehow and add to variable 192.168.30.1 then I want to use 
it with this command: 
ip route add default via $IP

So sure, I don't know why it's report .10/24 and not .1/24 

Maybe you know where/how to get correct IP? My regular setup works with 
hard-coded 192.168.30.1, but I want to parse it on the fly. 

Thanks


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/HTlVwRs8u9P0GHcgtUIv-oNlwY66jKSRP-vTI1Ssb8ucHEfeGXToihmXJzEHh-7gP7YqZEAFVYPje0msKhlSZGgYsnwPcEor_xrhAkMsMao%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes 4.0 won't boot via coreboot grub rescue

[taii...@gmx.com]

On 05/14/2018 06:25 PM, awokd wrote:

> On Mon, May 14, 2018 8:58 pm, taii...@gmx.com wrote:
>> I try the usual syslinux_configfile but I get an "out of memory" error
>> how am I to do this? ideas?
> Can you step through what you are trying to do and where the error
> appears? Not sure I'm following.
Sure :D

I wish to install qubes 4.0 via the coreboot grub payload.

So I try to boot qubes 4.0 DVD via the grub coreboot payload which
provides one with a grub-rescue console, normally the command
"syslinux_configfile (ahci1)/isolinux/isolinux.cfg" or what not will
launch the iso as normal but instead I receive an out of memory error
and for some reason the grub.cfg included in the isolinux folder doesn't
work either.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3b4edbd7-01ce-a683-b0be-82d5e4d4d4be%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys

Re: [qubes-users] Re: Install/Import KeePass and the Database

[jsnow]

Black Beard:
> Hey, 
> 
> i install KeepassX successfully. 
> 
> On my external HDD i have the database on it. Now i played a little bit with 
> the AppVm. 
> 
> On "Q" Service:sys-usb he find my external hdd.
> 
> On "Q" Domain:Vault i install KeePassX before. When i try to put my database 
> in the file directory home-user-Downlads and try opened with Keepassx he cant 
> find the file(The file home lay on my Desktop).On this AppVm i become a 
> warning message if i try to put my USB on it.
> 
> On "Q" Service:sys-usb i install KeepassX again try to bind the database on 
> it and it works, perfectly. 
> 
> I understand now how that works, but i dont know is it the correct way???
> 
> I hope i good write the probleme/question?! :)
> 
> regards

Hi,

Did you copy the file from your usb vm to the vault vm? In qubes there's
a special way to copy files from one vm to another (the vms are kept
separate for security reasons).

Open the file manager in your usb vm, right click on the database file,
and select copy to another vm, and put in the name of the vm you want to
copy it to.

Once the file's been copied it'll be in the QubesIncoming folder in the
destination vm's home folder.

See this doc page:

https://www.qubes-os.org/doc/copying-files/

There's also a video on the qubes website that shows how to use alot of
qubes features:

https://www.qubes-os.org/video-tours/

It's for an older version but it's still really helpful.

-- 
Jackie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/08da1cc1-d090-9d82-ac16-d8c27367d3ed%40bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Ram Limit

[taii...@gmx.com]

On 05/15/2018 11:07 AM, Thomas Druilhe wrote:

> Hi,
>
> We are using Qube-os 3.2 and sometimes we got a problem with RAM usage.
Corporate user?
> We set up minimum limit at 400Mo but sometimes RAM drop to 320 Mo causing 
> crash of the application.
>
> How the amount of RAM can be under the limit fixed in the settings of the VM ?
Well you can have as much as you please via the pre-allocate option
disabling memory scaling.

If you are using memory balancing the issue is probably not having
enough on the host thus you are memory starved.

I suggest pre-allocation for critical applications VMs, such as if one
was using xen (not qubes ofc) for a domain controller, DNS, etc.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f40b1ba2-3c51-3a45-3624-2f337a9f2fa6%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


0xDF372A17.asc
Description: application/pgp-keys

Re: [qubes-users] Uninstall windows and install qubes

[jsnow]

cangen...@gmail.com:
> Hi, I completed my tests on USB Qubes. Now I wonder, while installing Qubes, 
> will it give an option "replace Windows with Qubes" as in the case of Ubuntu?
> My other relevant (real) question is, I have to fully format my PC (format 
> C:) (I want to get rid off someone I know who has been hacking me for 8 
> years!). Then I believe first I need to install Windows so that I can install 
> the drivers, and then replace Windows with Qubes. Because installing all the 
> drivers via Qubes seem to be troublesome.
> Thank you

Hi,

It's been awhile since i installed qubes, and i'm not sure how much
different the 4.0 installer is from 3.2, but if you choose to delete
your existing partitions during the install and replace them with the
qubes partition, then windows will be wiped out.

Also any drivers installed in windows won't be there when you install
qubes because the whole windows partition was deleted. But qubes comes
with the drivers that most people would need, and for things like
special printer drivers or other kinds of devices there are usually
drivers available for linux.

-- 
Jackie

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d784709f-5d65-17f4-f5cb-4120acbeb2cf%40bitmessage.ch.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm

[deusestveritasinsempiternum]

**Laptop still in this configuration 
[https://us.msi.com/pdf/nb/GL63%208RD-067.pdf] **

Installed Qubes 3.2 (UEFI and Legacy) all went great besides the display would 
not change from 800x600, and yes every terminal command was attempted to change 
it and also disable NVIDIA with no success.

Installing Qubes 4.0 (UEFI and Legacy) all goes well, (same as Qubes 3.2) get 
to GUI installer and start installation on the 1TB Hard Drive- gets to 
[qubes-mgmt-salt-base-topd-] [786/1018] (sometimes 781/1018 788/1018 794/1018 
but always this title [qubes-mgmt-salt-base-topd]) and does not progress. Left 
it for hours, still no movement. You can hear the Hard Drive stop writing when 
it reaches that point. 

Tried many different ISO editors to replace the 
[qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm] with 
[qubes-mgmt-salt-base-topd-3.2.1-1.fc23.noarch.rpm] crazy? Oh Yeah. Thought 
that if the Qubes 3.2 [qubes-mgmt-salt-base-topd] worked then it would work 
with Qubes 4.0. Nope. Well actually haven't been able to write using Rufus 2.18 
in Windows 8.1, it says "The current image doesn't match the boot option 
selected" even though it is still technically a ISO file, albeit a modified 
one. Yes, fedora 23/24 is the best for writing DD images, but since Qubes 3.2 
worked and Qubes 4.0 works until the 786/1018 file, a different DD writer will 
not help. Right? 

Have tried many different USB's high and low memory. Also multiple downloads of 
Qubes 4.0 and also tried Qubes 4.0 [rc1] [rc3] [rc5] first two never made it to 
the GUI installer screen [ACPI Error AE_NOT_FOUND] then [Installer cannot 
continue Press Enter to reboot]. Qubes 4.0-Rc5 made it to the same point as the 
final release of 4.0 then stopped. 

**NOTE** Never was there an error or a explanation of the stopping at 
[qubes-mgmt-salt-base-topd] [786/1018] it just stopped. 

Can do a complete HRL using Qubes 3.2 but only if absolutely necessary.

Questions: 

What does [qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm] draw 
from/correlate to? (Kernel, Graphics ect)? 

Is it crazy think to try to replace 
[qubes-mgmt-salt-base-topd-4.0.0-1.fc25.noarch.rpm] with 
[qubes-mgmt-salt-base-topd-3.2.1-1.fc23.noarch.rpm]? 

How to disable NVIDIA and would that help?

Is there a way to get past the ACPI Error? That would enable Qubes 4.0-rc1 to 
try and see if it also fails at [786/1018].
 Already tried ACPI=off. This pretty well describes 
it.[https://groups.google.com/forum/#!searchin/qubes-users/qubes$20acpi%7Csort:date/qubes-users/ILXEZAD4TLA/cWqj76zAAQAJ]
 

No Computer Science degree, so Beginner/Intermediate Level. 

Very resourceful. If you can Explain 13% of the questions asked that would be 
enough. 


THANK YOU 
BEST
ERIN D.

Ps. Stock Market. Will give you very valuable suggestions if what you say ends 
up working at all. Along with your message include [‡] at the end if you want 
to want this provided to you.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/93d9b38f-65a8-4c09-8b2b-3cd63c209506%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

[799]

Hello,

On 15 May 2018 at 09:24, Eivind K. Dovik  wrote:

> On Mon, 14 May 2018, john wrote:
>
> On 05/14/18 14:58, Ángel wrote:
>>
>>>   [...]
>>>
>>
>> can you give an example to the steps to   make such a fw rule,   if it's
>> that simple  please ?
>>
>>
> Through Qubes VM Manager, I've added the following firewall rule:
>
> - Deny network access except ...
> - IP address of my email server
> This works fine.


I prefer adding my rules to my AppVM. This is how do it:

1st you can check the connections which are request by running this command
in your Email AppVM.

watch -n 1 'sudo netstat -tap'

It will show you if your email app connects to a server

But as most mail providers use more than one IP for load balancing you need
to add more IPs (see my posting a few hours ago in this thread how do find
the IPs your mail provider is using).

This are the rules I am currently applying to my Email AppVM.
You can put them into a script which loads on AppVM startup or copy & paste
them into a terminal.
You need use sudo for the commands or switch to root via sudo -i (if you
have sudo installed).
If you don't have sudo you can request a root terminal via qvm-run --auto
--user root  gnome-terminal

- - - - 8< - - - - snip - - - - 8< - - - -

#show default policy
iptables -L -v | grep policy

# delete all rules
iptables -t filter -F

# change default policy to drop
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

# allow DNS to gateway 10.137.1.1 (this is the sys-firewall)
iptables -A OUTPUT -p udp -d 10.139.1.1 --dport 53 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT  -p udp -s 10.139.1.1 --sport 53 -m conntrack --ctstate
ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d 10.139.1.1 --dport 53 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 10.139.1.1 --sport 53 -m conntrack --ctstate
ESTABLISHED -j ACCEPT

# Allow outgoing ping/echo (only for troubleshooting / can be removed
afterwards)
iptables -A OUTPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED
-j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -m state --state
ESTABLISHED,RELATED -j ACCEPT

### allow IMAP (valid for germany, use other IPs you're from somewhere else)
# Gmail IMAP
iptables -A OUTPUT -p tcp -d 108.177.96.0/19 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 108.177.96.0/19 --sport 993 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 74.125.0.0/16 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 74.125.0.0/16 --sport 993 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 64.233.160.0/19 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 64.233.160.0/19 --sport 993 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 108.177.8.0/21 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 108.177.8.0/21 --sport 993 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 173.194.0.0/16 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 173.194.0.0/16 --sport 993 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 66.102.0.0/20 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 66.102.0.0/20 --sport 993 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
# Outlook IMAP
iptables -A OUTPUT -p tcp -d 40.96.0.0/13 --dport 993 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 40.96.0.0/13 --sport 993 -m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT

### allow SMTP
#Gmail SMTP
iptables -A OUTPUT -p tcp -d 74.125.0.0/16 --dport 587 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 74.125.0.0/16 --sport 587 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 108.177.8.0/21 --dport 587 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 108.177.8.0/21 --sport 587 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p tcp -d 108.177.96.0/19 --dport 587 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 108.177.96.0/19 --sport 587 -m conntrack
--ctstate ESTABLISHED,RELATED -j ACCEPT
#Outlook SMTP
iptables -A OUTPUT -p tcp -d 40.96.0.0/13 --dport 587 -m conntrack
--ctstate NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 40.96.0.0/13 --sport 587 -m conntrack --ctstate
ESTABLISHED,RELATED -j ACCEPT

# allow everything for localhost
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

- - - - 8< - - - -

[799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.c

Re: [qubes-users] [Bug?] whonix-ws clock out of synch after suspend (R4.0)

[799]

Hello,

On 05/15 10:57, Dimitri wrote:
> Hi,
> I noticed that the clock in whonix-ws based VMs is not synchronized after
sleep mode. If I have my computer in sleep mode for 2h then the VMs clock
is 2h in the past.
> To me this looks like a bug.
> Large clock skews can potentially harm anonymity.

I have the same problem.

I have set the time manually using the following command in sys-whonix and
my anon-whonix AppVM:

   user@host:~$ sudo date +%T -s "22:18:00"


which sets the time to my current local time (germany).

Strangely I still get an error message when running whonixcheck.
Why is there a message "NTP synchronized: no" ?

Shouldn't the time always be synchronized as we're running virtual machines?


user@host:~$ whonixcheck
[INFO] [whonixcheck] sys-whonix | Whonix-Gateway | whonix-gw Template-Based
ProxyVM | Tue May 15 22:29:23 UTC 2018
dmesg: read kernel buffer failed: Operation not permitted
[INFO] [whonixcheck] Connected to Tor.
[ERROR] [whonixcheck] Systemd Clock Check Result:
Unexpected results by timedatectl.
timedatectl_output_pretty:
  Local time: Tue 2018-05-15 22:29:25 UTC
  Universal time: Tue 2018-05-15 22:29:25 UTC
RTC time: n/a
   Time zone: Etc/UTC (UTC, +)
 NTP enabled: yes
NTP synchronized: no
 RTC in local TZ: no
  DST active: n/a
It is generally recommended to keep the default as per Whonix Design. [1]
If you did not change timezone related settings, please report this Whonix
bug.
If you know what you are doing and changed this on purpose, feel free to
disable this check. [2]

[1] https://www.whonix.org/wiki/Dev/Design-Shared#timezone
[2] Create a file /etc/whonix.d/50_whonixcheck_user and add:
whonixcheck_skip_functions+=" check_systemd_clock "


[799]



On 15 May 2018 at 19:57, Dimitri  wrote:

> Hi,
> I noticed that the clock in whonix-ws based VMs is not synchronized after
> sleep mode. If I have my computer in sleep mode for 2h then the VMs clock
> is 2h in the past.
>
> To me this looks like a bug.
>
> Large clock skews can potentially harm anonymity.
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/qubes-users/1a102f3c-da72-4987-b688-edde6f9ebe75%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAJ3yz2vQb0ywD_V3HsvYppG6-c-jxL6pQLfZULmBxQgN0Zz3Lw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] [Bug?] whonix-ws clock out of synch after suspend (R4.0)

[Dimitri]

Hi,
I noticed that the clock in whonix-ws based VMs is not synchronized after sleep 
mode. If I have my computer in sleep mode for 2h then the VMs clock is 2h in 
the past.

To me this looks like a bug.

Large clock skews can potentially harm anonymity.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a102f3c-da72-4987-b688-edde6f9ebe75%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Encrypted Message

[charly LEMMINKÄINEN]

maybe we should encrypt this whole channel ^^no? But then we should discuss how 
to do it to have a universal protocol to do it.

Obtenez Outlook pour iOS

From: qubes-users@googlegroups.com  on behalf of 
Quentin Le Guennec 
Sent: Tuesday, May 15, 2018 6:57:02 PM
To: qubes-users@googlegroups.com
Subject: [qubes-users] Encrypted Message


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/AM5P190MB0337334032A25CD5D8843862AB930%40AM5P190MB0337.EURP190.PROD.OUTLOOK.COM.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Encrypted Message

[Quentin Le Guennec]

binzzTshTauCe.bin
Description: PGP/MIME version identification


encrypted.asc
Description: OpenPGP encrypted message

[qubes-users] Re: Install/Import KeePass and the Database

[Black Beard]

Hey, 

i install KeepassX successfully. 

On my external HDD i have the database on it. Now i played a little bit with 
the AppVm. 

On "Q" Service:sys-usb he find my external hdd.

On "Q" Domain:Vault i install KeePassX before. When i try to put my database in 
the file directory home-user-Downlads and try opened with Keepassx he cant find 
the file(The file home lay on my Desktop).On this AppVm i become a warning 
message if i try to put my USB on it.

On "Q" Service:sys-usb i install KeepassX again try to bind the database on it 
and it works, perfectly. 

I understand now how that works, but i dont know is it the correct way???

I hope i good write the probleme/question?! :)

regards





-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0318cde-6b31-4cb4-bd64-a0102bb79ab2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Ram Limit

[Thomas Druilhe]

Hi,

We are using Qube-os 3.2 and sometimes we got a problem with RAM usage.
We set up minimum limit at 400Mo but sometimes RAM drop to 320 Mo causing crash 
of the application.

How the amount of RAM can be under the limit fixed in the settings of the VM ?

Best Regards

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/93340239-cf3b-44b1-96a5-fa5d3429e19f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Uninstall windows and install qubes

[cangent05]

Hi, I completed my tests on USB Qubes. Now I wonder, while installing Qubes, 
will it give an option "replace Windows with Qubes" as in the case of Ubuntu?
My other relevant (real) question is, I have to fully format my PC (format C:) 
(I want to get rid off someone I know who has been hacking me for 8 years!). 
Then I believe first I need to install Windows so that I can install the 
drivers, and then replace Windows with Qubes. Because installing all the 
drivers via Qubes seem to be troublesome.
Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1d8ab69d-3ae7-457e-b8f2-08142014aa20%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Qubes R4.0 - no internet working in appVM

[Qubes Guy]

On Tuesday, May 15, 2018 at 12:11:50 AM UTC-4, john wrote:
> On 05/12/18 19:46, Qubes Guy wrote:
> > On Saturday, May 12, 2018 at 4:28:56 AM UTC-4, 
> > niepo...-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:
> >> On Friday, May 11, 2018 at 3:17:05 PM UTC-4, Qubes Guy wrote:
> >>> On Friday, May 11, 2018 at 1:17:24 PM UTC, 
> >>> niepo...-re5jqeeqqe8avxtiumw...@public.gmane.org wrote:
>  Fresh install of Qubes R4.0 and there is no internet connection in appVM 
>  - firefox just not load websites.
> 
>  Internet connection actually is ok as I'm able to make update for 
>  template VM.
> 
>  What can be reason of this not working internet in app VM and how 
>  resolve this?
> >>>
> >>> Is this still a problem?  Did you give your AppVM access to the net VM 
> >>> (set "Networking" to sys-firewall (preferably) or sys-net in the settings 
> >>> dialog for the AppVM)?
> >>
> >> Yes, problem still exist.
> >>
> >> There was sys-firewall connected to appVM as well sys-net and no 
> >> connection.
> >> I have also tried changing template from fedora to debian -internet not 
> >> working.
> >> I have also install chromium browser and connection not working.
> >>
> >> Very frustrating situation...
> > 
> > One thing I forgot to mention: Do NOT set the "Networking" setting in your 
> > template VMs (set it to "None"). Giving network access to your templates is 
> > considered a major security threat (since all AppVMs you base on them 
> > inherit any malware/corruption). If you put "qubes-updates-proxy" in the 
> > services tab of sys-net, you won't need to do this. If you absolutely need 
> > to do this anyway, turn it off as soon as possible...
> > 
> 
> When I look at the qubes settings -> services in  sys-net  I see nothing 
> , would adding qubes-updates-proxy   allow me to install  manually 
> software I want to be AppVM-wide , in the Fedora Template?
> 
> or exactly how is one Supposed to ever add software to a Template if 
> there is no networking  except for updates ?
> 
> Or lets say I add the  qubes-updates-proxy  to sys-net , then in the 
> Template  can I just  sudo dnf installor there more to it ?

I couldn't get any template VMs to update (or be able to install software in 
them) until I put qubes-updates-proxy in sys-net. Apparently, that's how 
template VMs gain network access securely. The documentation implies says that 
this is already enabled by default (meaning I shouldn't have had to add it 
myself), but that wasn't the case, at least for me. The minute I put it in, the 
floodgates opened and I've been able to use Qubes ever since. The only downside 
to this is that this doesn't work for Firefox unless you install it through the 
standard repository. I couldn't get Quantum that way, so I had to manually 
install it in the template. And every time Firefox auto-updates itself, it's in 
the AppVM and the update disappears every time I restart the AppVM. So I'm 
currently enabling network access in the template VM only long enough to allow 
Firefox to update itself. I shouldn't, but I am. I understand that Mozilla is 
now calling Quantum "Firefox ESR" now (Extended Support Release). ESR version 
52 was the only version in the Debian repository at the time, so I didn't want 
it. But if the Debian folks put Quantum in the repository, I'll switch over. If 
you can get Quantum from Fedora's repository (or however), then just ignore all 
that :)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/9a829f9e-0746-4908-b63a-d484b0c84192%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] What is the best recommended way to setup a bulletproof vpn on Qubes 4 ?

[Chris Laprise]

On 05/13/2018 12:21 PM, awokd wrote:

On Sun, May 13, 2018 3:34 pm, jhsdxs...@gmail.com wrote:

I'm new to Qubes and would like to have the traffic for all my Virtual
Machines go through a VPN. I am really not sure how to do this. I've tried
following the official Qubes Documentation page about VPNs but I haven't
had any luck. I'm on Qubes 4.0. Thanks


You can try tasket's updated documentation at
https://github.com/tasket/qubes-doc/blob/a19ddb67ba3820733986978676bcfd33e4743867/configuration/vpn.md.




The code that goes with the doc is here:
https://github.com/tasket/qubes-tunnel

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/203bfbc6-3768-3d17-081c-a475957644ca%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

[Chris Laprise]

On 05/15/2018 03:37 AM, 'Evastar' via qubes-users wrote:




Posting back to qubes-users...


Sorry for direct message. Now, I use web-based mail it set direct answer by 
default :(

A little more information. When it goes to "no network state" then I seeing at my ethervpn with "ip 
route list" (as I remember) that all vif+ interfaces show as "down". It is the problem. I do not know 
how to reconnect them and remove "down" mark.



Finally, if you find the solution involves restarting the ethervpn
client, you may want to run it with 'systemd-run --unit' to give you
better control over the process. You could even try running it with
qubes-tunnel using a drop-in file for the service (see 00_example.conf
and manpages for systemd.unit "overriding vendor settings").



Thanks. I will check this manpages. Maybe this will help.


If the vif interfaces are going down, that suggests a bug either in 
Qubes or in ethervpn. Since other Qubes users don't seem to be reporting 
this symptom, I'd guess that ethervpn is mistakenly including the vif 
interfaces with tun/tap whenever a link goes down or restarts. (The vif, 
tun and tap interfaces look similar in the sense that they're all 
virtual.) Its probably worth reporting this behavior on the ethervpn 
forum/list.


You might also try writing a small script to bring the vif interfaces up.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c4c6d117-e112-f398-30c7-f58bb79b5f40%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] About a security of installation.... is this a right .signature and signing key? Please help me.

[nikola91okbs]

In that order.

-BEGIN PGP SIGNATURE-

iQIzBAABCAAdFiEEWBekOyg95akYGlIuGEh5L54nlekFAlq7DHgACgkQGEh5L54n
lemsUg/9EurKAGmDNKQgYky3Ae26h62jG66s0jnX9AeVtl1vW6E8pbGwqLMcH26j
rQy4QgQ/Gvw0GexpRl2djkO43s3hWgb0+CSlS2+NF+oHPpHdmsUdSH8yu/d2aaNX
4pTyOservvww3GB8YagVIFaFWmoowEFutwMG13QUNEMfPTSOvgnhCKaWKTCq8UMO
LMmM+hSCISyV5Bn9MBg3Ne/H67WbNCdA/ZDF6WnRPXqeXRwOm/nL3ItEaV2heKx2
s2tjGLud8PQ8yZdhbjAzXV8wU4NuOShHDdCQgf+Kz24mZ3tUj0rakB6diG8gnuSk
Ye7mDRNmWKxuF1dt8Vv70nzHUOZYnCfAoEJTP3KwPEeAk+/gWrNgEjtP1VsnUjZD
dTCzaupICRZce8arHkCHcxeZixZsimi3QDlKB1+QKd4xx9TirgkH8AJi4Fut+9v/
0mnIv1q9EQ5TYExjXomKs8/wilXN9okgj+7AJqU0tuDQ8aJltlOrMLkRbq06rP6R
fleFyz5XnPwD2YQJpIQ1bjV5eTmuOuVMnW0U5yIxN2IadGZJ0sReVw7IJOkvtkZ8
ug2UbdSbK/iOkoEDbjwg2qYSw32YF8TFJjtIfzdK9/TO5E5zjOk8uryhHLWuedmT
mepVcBic94DS8JQSRMaWDQN2FzF/jNGa73c20l+NQUDW6ttdl4o=
=3dKO
-END PGP SIGNATURE-


-BEGIN PGP PUBLIC KEY BLOCK-

mQINBFi9Xv4BEADTkOlBTDmO6DsFJi754ilTFqsluGWleeProuz8Q+bHFlx0Mqtk
uOUcxIjEWwxhn1qN98dIPYds+mD9Bohamdh+bJYxB/YYj9B2xvURhCpxVlWzzkzt
i1lPYhj/MR637N9JqIdILmJSBFDxmnuWfQxfsbIsi4lUx5oq6HzIAYXzUzA+0/0a
c/j0zAm9oBq+pXPad/xkH8ebkNAL0+HbHArBNFzrhVKmi1VskpxurPIYZEcQ0dUu
n447TM/37y+dzmNYxvSuK2zBPFa9upXsKZEoVaJqksXDdX2YuMsZFiesdieL85w7
sD1iI6Eqmp5EIZXa8t0/MHTaDrm1tDKJdSu/5zrh0RFh+J73qxJH8lDJqcTVggCe
Xoasoi1LNg0CIgzVM+zLEDbpNd6mILdXQNHzsU4CP2UFpMxOUUDMEPYSE3WBExWX
0dBO8QgvTOzqvRWq7TL2jKaprsB/ZXiZief5hOK2QFL6HFEOuFuWLf3tb2+tpJoZ
LXbXYW+6M+WNRHr9mDg3o6SuZmSwUCOa1FV/i51gqiUHmXEfIGH3iE5WWq2bvUG1
dhjkzDGPL9fXbCWS6+QARakXRbxslsc4RgMrQR6nLEAuOL7GDaG3c7ldqgfotkal
5KDB5/1AxYW1TC0JfoKWalYrfXlUJlbHcvDFqHdyljOnoeJ8WVqLNE9hUQARAQAB
tB5RdWJlcyBPUyBSZWxlYXNlIDQgU2lnbmluZyBLZXmJAjcEEwEIACEFAli9Xv4C
GwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQGEh5L54nlem9QRAAkaDEfYey
FoldssIDE/gliYYb7RSYBjs+QrYJQjBxFGXXPgHS5kGMZfMkqVVBc8EtHh41q7gU
mUIHVbjnKIcYaKLaVl/qb9Jkx+6/NxEYWjNVEMMwPk820QgI1alWrweH7ZuxxGlz
CzOQsyKZLH3TESEf46CUjv9FHW2nKPAp5qVMzLRlgtquQAdfh7SWau7Kd+WPQOiB
9cj+j3/yswsrpLmvqJP8trS/aKAhsn2jGrxwSAbdGCzQorJjUy5HLZ6xVIk9yD0T
+o9cbK4SQSuOHUiA9Z5gA7vuxwOuloDhIm74k2PBWMaUEvx19nIh4XmgGEKNzI6V
SbR+s+d9ciQ/aC/bXdeeZOpCDaty54D8sKzMi2y15Urycxwpz508LwE6I3Zm0Won
xMEf5gGR30szgQdh6sJKIqZ2nVDLBg4H1mc4CULhsgViN/vM3Rrj2t4kOwUM30AU
M49o4JPzY4wvhsAmhIQGl38C8wDkSqPwntRsszpbLgzI3Lsxb00xiPcLR6Y/pviH
AfHxh/1uYymjD1Fq9u9ylgR6+15qqEYY/uEHr2EQyVvXQ08R1iKkT+v8fufMFUWa
rJxyB+5v/RPRKvRRi9Xb1HkoiFo3E/bEPYKlGA2colp5iqFYpTUBJYJXyMosgjI+
mqH0I+V+LuMtlE521YHKg0tsB9GVlfWBS12JAhwEEAECAAYFAljAUaEACgkQ3foa
PjaHlJR8xw/5AYj/vJNbpnFNYV1jK7AwaEScpGpuDwh+izdGB6eCajynoZMmHSs5
S3ToygNDo6Tlnh4/Tk7g6nG+eRWdAGghrrz2TXZd0sQX2KJ+m2omT5TZMrwPzM0v
HcUSAZhW1+nK8miMdvxeOAtY91OaDXwjddii/f420m+9tXwCVKbD+EC83wPpr76r
sokeOrp5H53CZQ++SbbG7qRmj4uc+VuyXNbAYNDa999Dpm5CW95LgMJ8/YpZbQ9S
Gk8xlo2DTdBig84yO8Dp9L40KxhIbtpOfLZSWR7OwfMchb2wdt/rRcFsAUPjW7of
/ZO7lQIPfkdl6cvssoZEjEGZnaxjRzR1b6GtPmlrq8MwUHOZqVizlo9vskuAczYl
VECk2+D5ZH52GsSbX+C/2DpLUI+o8hLmNDkyBHkz7eOV69lMOzKKsXVyOyrsaLY1
xNY6JPhMwJVuX8zNW2upETvWs8kr+ZOSvalinvmD6BAQp602PQRnUYDgRxG7GXw+
z9D/6ea14TjGpQWW+wvRUUpqgs7WKCzjAAPDiqTpLvz5xtSTToW/qQJJn4LO7w3H
Qo9G00Mruapdmy4nV5lHqsjm817M1vChTq1Q5+4ZPLMBoAndNM6vZAVJzfhhR+zG
ZFp6oNCNJuSPFd+xN4tczA+aNZgUDDYhcvelFevUubLSjAR3ulfwxns=
=d8U3
-END PGP PUBLIC KEY BLOCK-

Y/N?

Thanks in advance! (and to admin too, for this great group)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/da6cad16-af50-4a7f-affd-459a8f30f237%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes4.0 rc3 install error

[joeh9617]

On Monday, December 4, 2017 at 9:59:33 PM UTC+8, awokd wrote:
> On Mon, December 4, 2017 3:57 am, Shashank wrote:
> 
> > At least 3MB more required for /boot/efi
> 
> If there is nothing on the drive you need to keep, choose the "I need to
> recover space" option in the installer. Mark the top level of the tree so
> EVERYTHING on the drive will be deleted. Let the Qubes/Xen installer
> Auto-partition your space.

A bit late maybe, but then I just installed Qubes R4.0 on my laptop (Lenovo 
P70) with Windows 10 pre-installed.
Previously I had Qubes R3.2 installed and now the 200 MB EFI partition that was 
to be mounted on /boot/efi was too small. I followed  ahint of somebody (maybe 
even in this thread?).
In Anaconda, for the Qubes R4.0 install, there were two entries for one 200 MB 
partition mounted to /boot/efi. One under 'unknown', one under 'SYSTEM' in the 
new to install Linux. I removed that one and created a new one, 300 MB big, 
probably unnecessarily big because I guess it will only contain the UEFI keys 
for this one instance of Qubes, but anyway, it worked.
Qubes installed, with a freeze however while configuring Qubes, but the second 
time configuration completed, Qubes works, and Windows still works.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3f42f4c7-e2a7-42e3-8cf6-21b4c49f8230%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Networking freezing and impossible to restore without reboot

['Evastar' via qubes-users]

> Posting back to qubes-users...

Sorry for direct message. Now, I use web-based mail it set direct answer by 
default :(

A little more information. When it goes to "no network state" then I seeing at 
my ethervpn with "ip route list" (as I remember) that all vif+ interfaces show 
as "down". It is the problem. I do not know how to reconnect them and remove 
"down" mark.

> 
> Finally, if you find the solution involves restarting the ethervpn
> client, you may want to run it with 'systemd-run --unit' to give you
> better control over the process. You could even try running it with
> qubes-tunnel using a drop-in file for the service (see 00_example.conf
> and manpages for systemd.unit "overriding vendor settings").
> 

Thanks. I will check this manpages. Maybe this will help.


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/YCUzduQV9CXfO6j2sPXWBSOHVVmckwlknosrl9qpADcFFmW3CPXw99y3VmZVitGI-CPZtBzJLWEoubizQLBZs4Bol9R9yPAlZ9hhPILm9GQ%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

[Eivind K. Dovik]

On Mon, 14 May 2018, john wrote:


On 05/14/18 14:58, Ángel wrote:

 This paper is most interesting for the discovery of multiple ways email
 client leak information on visualization.
 (not clearly stated in the paper: some of them are already fixed, while
 in other cases the developers are still working on providing them)

 Luckily, with Qubes it is easy to set a firewall rule so that your email
 AppVM can only contact with your email server.
 NB that some of these leaks are dns-based, so ideally you would not
 allow it to perform any dns query, either.

 Best regards

can you give an example to the steps to   make such a fw rule,   if it's that 
simple  please ?




Through Qubes VM Manager, I've added the following firewall rule:

- Deny network access except ...
- IP address of my email server

This works fine.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an 
email to qubes-users+unsubscr...@googlegroups.com.

To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cd72c1d8-8293-0143-b6e8-70da0da12a95%40riseup.net.

For more options, visit https://groups.google.com/d/optout.




--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/alpine.LFD.2.20.1805150921140.1177%40localhost.
For more options, visit https://groups.google.com/d/optout.