Re: [qubes-users] Port Forward in qubes-OS.
On Mon, Dec 24, 2018 at 06:08:27AM -0800, menoldst...@gmail.com wrote: > Hello. Qubes-users. I installed Kali linux and now I need to make it so that > apache2 would work not only on the local network, but also on the Internet. I > need to do port forwarding ?? If so, can anyone tell me how to do this? > Have you looked at the docs? https://www.qubes-os.org/doc/firewall/#port-forwarding-to-a-qube-from-the-outside-world -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20181225022601.feprsilz6n6ctrhq%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Split gpg is just too cool.
Just tried this feature. This is one of the coolest things I've seen in a while. Will try U2F proxy next. I have to say, getting used to Qubes and absorbing the enormous amount of material available starting from essentially zero on security in general, how Qubes works, Whonix with Qubes, getting everything installed and configured, has been both interesting and frustrating because I can only absorb so much at a time and I've only just scratched the surface. I have nothing that needs the degree of protection Qubes affords, so this has been more or less an exercise in curiosity for me. The lights are starting to come on. The time spent is beginning to pay off. Qubes is an amazing environment filled with capabilities found no where else that I know of. It really reveals how pale and thin monolithic operating systems like Windows, OSX, and Linux really are when it comes to security. I hope it catches fire and becomes a mainstream environment. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e71eedd4-ea0c-4913-a9e1-5c8c27dd0b48%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hit a bug in 4.0.1-rc2 I haven't been able to reproduce (yet)
Posting here in case anyone else has seen this: I started a fedora-29-dvm instance to test keepass (as opposed to the outdated keepassx that comes installed with the fedora-29 template), installed it, launched it from xterm, and poked at it for a bit. Part of the poking included clicking the link to their site in the Help menu and then I opened some new tabs from there, so I had the parent dvm running xterm, a GUI keepass (v2) child, and a Firefox grandchild. When I was finished, I terminated the parent dvm expecting that the child and grandchild would be removed along with it. Instead I was left with two windows (the keepass window and the Firefox window) that would not close. The dvm instance was gone, but two dead windows were left behind. I was writing up the qubes-issues bug report when I found that repeating the steps I just described worked as you would expect (all children of the parent dvm were removed when the parent was terminated). I ended up having to reboot the host to get rid of the dead windows. Anyone else run into anything like this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/11bf0c14-07b7-4e6e-a63a-b315c2ecdd66%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Lenovo T480
On Sunday, December 23, 2018 at 3:47:57 PM UTC-8, Laszlo Zrubecz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi, > > Just installed the 4.0.1-rc > > hit by the UEFI issues described here: > https://www.qubes-os.org/doc/uefi-troubleshooting/ > > Use the workarounds, or Disable Secure Boot. > Moreover: probably more better to go with the Legacy mode only - to > skip the troubles. > > > Affected by the suspend bugs: > #3689 > #3705 > > Sou you need to enable Thunderbolt BIOS Assist and/or disable the > whole Thunderbolt support in general. > > - - TPM 2.0 not recognized, > - - Fingerprint reader is a Windows only junk -> Disable it. > > > And now I can feel the hi-DPI pain, as it has a FHD panel in 14" size. > So everything is tiny now. > > > DPI scaling helps in dom0, but every AppVM should need to use that > settings... > > > - -- > Zrubi > -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlwgHqAACgkQVjGlenYH > FQ2Szg//X+M49jix1zg9G8MB7Jud/12g7e84UA2VqLP002dzGDaMw2O8mJg/7XhW > vRkt4weVtn31zPgV8Z//3xyFFNmPjo7mk+NJ82xl/t+mHXNRjdBRHJmFtCnVnVot > eL5Jx+3ZHoHr6LXYNYP74y2n7Z9vv9d1F6P9ZdUiOAHOJGDqrY2u17oa/DRil+fP > GHaRbRYCMMOGQMSs52GyF8n7ogmTgZcGoWql80s/t7HjkJ3nHOsGmEEL8HAb03J1 > OvIi6pzipqfEAIWKCISkQrLVMHWpnyypdp600SRuuhlw0pxSh1a+JYTQxpLaR3ds > Pkd6P6XyydkXP0c4b8hS3KenZeX0ODnMI+N1HyODnBdQJ9CdLXrEy7PYv3/zdXNT > s9TepZEdfplTX0zCRD8u7WDZj+tEhsTTjNquWRCM4/o1owS3xcuwyU2QIubYiZOd > HPKchjqJBeBvqIDtC2jh8ukdpgKwaqWngPCL8XeKWg0YbEQiNHXaKkER1RE9Iuwq > WbmvdCRoZs9Au0JCYZcWeMEVgRp9qYguNeyw3jpXvW4OZzaAAdTvQiCmsU6SFJ3k > 4cnIel0gIJ3mbMQ6quDYDcthJy2wge7YYYyg4v1mGBRzajwoL49FLunDNVwF/Doa > XYii6A9rDmzbZ9LR13AGPaYI3lh5mAoR5sOWaKtjxTnkCV4B3Oo= > =hTrQ > -END PGP SIGNATURE- I've got the T480 as well and have had a generally pain-free experience with 4.0.1-rc2 so far. I mentioned it in a previous post (Color Me Impressed) and even went so far as to connect a TB3 Hub and move all of the wires (Ethernet, external monitor, and power) to it. I really only did it to see what would happen. Given the security issues presented by TB3, I stopped using it and just connect everything directly to the laptop. Small print on the screen is easily solved by an external monitor. Good to see someone else is using the same hardware I am. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82412390-8618-4d3d-8e64-b4746be8c328%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Newb Help with Installation
On Sunday, December 23, 2018 at 10:06:26 PM UTC-8, will.w77 wrote: > Hello, > > > > So I'm attempting to install qubes to a usb stick. I've copied the iso onto > the usb by using the dd command specified in the user documentation in ubuntu > virtualbox (host os windows 10). I'm wondering if the fact I used a virtual > machine to copy the iso versus a native linux os makes any difference? I > attempted to boot into the bios on my lenova t430 and nothing happens when I > go to boot. The boot menu comes up I select the usb and hit enter and the > screen simply refreshes with the boot menu again. Again I've used linux > before and can run basic command line but am a novice compared to most in > this group I'm sure. Any ideas? Thanks Copying ISO images to USB sticks with dd in a virt can certainly be done, but there are things that could have gone awry. If the reason you're using a virt is to get an isolated environment, there are any number of live Linux distros that you can boot into and then create your Qubes Boot USB. Of course, you'll still have to create a USB from an ISO to make the live Linux USB. :) Are you sure you ran sync after dd and let it finish? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77c851a3-d35e-450a-bb5b-49bb9880f126%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: 4.0.1-RC2 Boot loop after install
On Monday, 24 December 2018 15:52:28 UTC-3:30, John Goold wrote: > On Sunday, 23 December 2018 01:39:36 UTC-3:30, awokd wrote: > > John Goold: > > > > > Well, I guess I am out of my depth with LVM or the install did not create > > > the LVM group/volumes/ correctly. :( > > > > > > > Those LVM commands don't look quite right. Try the ones mentioned here: > > https://unix.stackexchange.com/questions/232905/lvm-mount-rescue-mode > > for example. If you do get root to mount, look at /var/log/boot.log in > > there, and maybe /var/log/xen/console/hypervisor.log. > > I tried those, they only repeat the same results I was already getting. > > What bothers me is that all the discussions I have found so far about LVM > discuss physical drives (PV - Physical Volume), Volume Groups (VG) and > Logical Volumes (LV). An example is > https://www.digitalocean.com/community/tutorials/an-introduction-to-lvm-concepts-terminology-and-operations > > However, they do not discuss "Pools". My output from the lvs command has a > column I do not see in any of the discussions labelled "Pool": > > root@JRGsHPSpectre:~# lvs > LV VG Attr LSize Pool > pool00 qubes_dom0 twi---tz-- <1.80t > > root qubes_dom0 Vwi---tz-- <1.80t pool00 > > swap qubes_dom0 -wi-a- 7.48g > > root@JRGsHPSpectre:~# > > I deleted the remaining column labels as there was nothing listed under them. > Notice that the two Logical Volumes that are not mounted automatically (and > which I am having problems with) each have an attribute that "swap" (the LV > that is mounted automatically) does not have: "pool00" has the "t" attribute > and "root" has the "V" attribute. Also, those two LVs have exactly the same > size. > > I am guessing that "pool00" is some higher level of management and that > "root" is allocated in "pool00" — but it is purely a guess. > > So far I have not encountered information about "pools" with regard to LVM. > It looks like I need to understand these in order to mount the "root" LV (or > at least find the necessary commands to work with pools). === I may have found something, "thin Provisioned Volumes": https://www.linuxtechi.com/thin-provisioned-logical-volumes-centos-7-rhel-7/ I have only skimmed the article. I need to go through it carefully. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1081f815-fac1-47cf-bed4-31fc4bf510ec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: 4.0.1-RC2 Boot loop after install
On Sunday, 23 December 2018 01:39:36 UTC-3:30, awokd wrote: > John Goold: > > > Well, I guess I am out of my depth with LVM or the install did not create > > the LVM group/volumes/ correctly. :( > > > > Those LVM commands don't look quite right. Try the ones mentioned here: > https://unix.stackexchange.com/questions/232905/lvm-mount-rescue-mode > for example. If you do get root to mount, look at /var/log/boot.log in > there, and maybe /var/log/xen/console/hypervisor.log. I tried those, they only repeat the same results I was already getting. What bothers me is that all the discussions I have found so far about LVM discuss physical drives (PV - Physical Volume), Volume Groups (VG) and Logical Volumes (LV). An example is https://www.digitalocean.com/community/tutorials/an-introduction-to-lvm-concepts-terminology-and-operations However, they do not discuss "Pools". My output from the lvs command has a column I do not see in any of the discussions labelled "Pool": root@JRGsHPSpectre:~# lvs LV VG Attr LSize Pool pool00 qubes_dom0 twi---tz-- <1.80t root qubes_dom0 Vwi---tz-- <1.80t pool00 swap qubes_dom0 -wi-a- 7.48g root@JRGsHPSpectre:~# I deleted the remaining column labels as there was nothing listed under them. Notice that the two Logical Volumes that are not mounted automatically (and which I am having problems with) each have an attribute that "swap" (the LV that is mounted automatically) does not have: "pool00" has the "t" attribute and "root" has the "V" attribute. Also, those two LVs have exactly the same size. I am guessing that "pool00" is some higher level of management and that "root" is allocated in "pool00" — but it is purely a guess. So far I have not encountered information about "pools" with regard to LVM. It looks like I need to understand these in order to mount the "root" LV (or at least find the necessary commands to work with pools). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/257c16f5-b61c-4795-8ece-a2479b4c4155%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Port Forward in qubes-OS.
Hello. Qubes-users. I installed Kali linux and now I need to make it so that apache2 would work not only on the local network, but also on the Internet. I need to do port forwarding ?? If so, can anyone tell me how to do this? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d391c686-20d7-48c6-a390-7787b6e35af5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Questions
On Wednesday, 19 December 2018 21:56:09 UTC, John Smiley wrote: > If one were to invest in a new laptop today for Qubes use exclusively and > price wasn't a major factor, which one(s) make the top of the list? Assume > you want the best security possible and are willing to invest the time to > learn and configure Qubes/Whonix to get it. Also assume you want something > that will take advantage of features that are planned for near-term > Qubes/Whonix release. > > Are there laptops that haven't hit the market yet that would be worth waiting > for (i.e. better than any in the list from above)? > > Assume you want Anti-Evil-Maid and therefore need a TPM chip. Does that > change which laptops are at the top of the list and why? Is it worth giving > up the TPM chip if you aren't all that concerned about Evil Maid? Pretty > much every laptop has them these days, so a follow up question to this one > would be how the TPM is implemented (discrete, integrated, firmware, > software)? Should the BIOS be set to use 1.2 or 2.0 for Qubes? > > More on the BIOS - should UEFI be turned off? Thunderbolt? Secure boot > should be disabled, I know. What about power management? Anything else (ex: > if the laptop is Intel, ME should be disabled, correct)? > > Do the keyboard and mouse/trackpad on a laptop use the USB interface? If so, > what is the best way to address that (buy an external PS/2 keyboard and > mouse)? If not, are the "safe" in the sense that only dom0 has control of > them and no other qubes can snoop as would be the case for USB? > > Are there things that can be done with a home router/firewall (such as a > dedicated pfSense box) that improve security when using Qubes/Whonix and if > so, what would they be? > > Lot's of other questions, but this is is probably more than enough for one > thread. https://www.qubes-os.org/doc/certified-hardware/ and the HCL is the place to look. But right now, there is no new laptop that checks all the boxes. The one privacy advocates usually turn to as a "step in the right direction" is obviously Purism's lineup, which I advise you to check out. Regarding network security, Qubes already has a firewall template, but there are alternatives. There are some open source alternatives regarding routers, both regarding software and the hardware it runs on. I'd like to point you towards this website https://infosec-handbook.eu/as-hns/, they have written a bunch on home network security. I'd argue it's a bit useless, assuming you use any type of VPN service. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbe4d271-00b4-4b63-a064-e2c9703d78be%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
On Sunday, 23 December 2018 20:34:48 UTC, Demi M. Obenour wrote: > Someone I know is interested in using QubesOS. However, they are also a > gamer: if they could not have a Windows VM with access to a dedicated > graphics card for use by games, then QubesOS is not an option for them. > > How risky is GPU pass-through? My understanding is that on most > laptops, the primary (internal) display is connected to the integrated > GPU. Therefore, it appears to me that the risks are no more than > pass-through of the USB, Ethernet, or wireless controllers, all of which > QubesOS does by default. Best option would be to dual boot. Unless that person is always switching from game to desktop, this solution could probably be an acceptable compromise. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/544d1f67-8cba-45d5-8c6f-ac3748b5d316%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: How risky is GPU pass-through?
On Sunday, December 23, 2018 at 9:34:48 PM UTC+1, Demi M. Obenour wrote: > Someone I know is interested in using QubesOS. However, they are also a > gamer: if they could not have a Windows VM with access to a dedicated > graphics card for use by games, then QubesOS is not an option for them. > > How risky is GPU pass-through? My understanding is that on most > laptops, the primary (internal) display is connected to the integrated > GPU. Therefore, it appears to me that the risks are no more than > pass-through of the USB, Ethernet, or wireless controllers, all of which > QubesOS does by default. Laptops are not going to work well with PCI-passthrough. My laptop has almost every device in it's own IOMMU group. However, sadly it only has one GPU. Solutions that have worked for others, look here. https://forum.level1techs.com/t/play-games-in-windows-on-linux-pci-passthrough-quick-guide/108981 Also watch the youtube videos and read the forums from this group. There is much information to glean. unRAID.net may also be a consideration with lower security though. Again many videos that have information that can be gleaned. Search youtube for spaceinvader one. I am considering a Proxmox server for my personal needs since qubes doesn't have support for GPU pass-through. With all of that said I really wish qubes would allow the user to determine how much security they want in their system build and just support GPU pass-through so qubes would be an option. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10f7864f-935c-431d-9445-cb1e63495271%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.