[qubes-users] QVM-Create --HVM-Template Errors... Docs appear out of date...
I am trying to create a Windows 7 template for cloning into app VMs... I am following this doc here: https://www.qubes-os.org/doc/windows-tools/ The command to create a TEMPLATE simply won't work. $ qvm-create --hvm-template win7-x64-template -l green The following error pops: unrecognized arguments: --hvm-template. So, how do I proceed with the creation of the template? It just won't create it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df4cc415-2a83-4727-bb72-ea954c4a84d7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes Os 4.0 - problem with performance
Ad swap: on my laptop i did not created any swap to limit amount of writes on SSD. On desktop i have created resonable swap, so this is rather not realted to this problem. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190412060510.GA12102%40hackerspace.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Linux Mint gets lost when I connect lan cable (also issues with Windows 10 VM)
Thanks!
בתאריך יום ו׳, 12 באפר׳ 2019, 3:05, מאת unman :
> On Thu, Apr 11, 2019 at 09:39:04AM +0300, Claudio Chinicz wrote:
> > On 11/04/2019 3:24, unman wrote:
> > > On Wed, Apr 10, 2019 at 09:21:07AM +0300, Claudio Chinicz wrote:
> > > > On 09/04/2019 19:27, 'qmirfw' via qubes-users wrote:
> > > > > On Monday, April 8, 2019 2:44 PM, Claudio Chinicz <
> cchin...@gmail.com> wrote:
> > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > My Linux Mint VM works ok when the notebook is connected to wifi
> only.
> > > > > > When I connect the lan cable I see the icon in the upper right
> corner
> > > > > > indicating both wifi and wired connections are available and
> this VM
> > > > > > looses internet connection. In the VM, Linux still sees it is
> connected
> > > > > > ("wired" is the default - eth) but without internet connection.
> > > > > >
> > > > > > If I disconnect the lan cable the VM sees internet connection as
> before.
> > > > > >
> > > > > > By the way, my Windows 10 VM sees both but if I'm using wifi and
> connect
> > > > > > the cable or vice versa, I have to shut it down (and everything
> else
> > > > > > that uses sys-firewall) and restart sys-net.
> > > > > >
> > > > > > I need to connect through lan cable in order to access corporate
> AD
> > > > > > resources.. otherwise I'd use only wifi and forget about this
> issue.
> > > > > >
> > > > > > Thanks in advance for any insight from the community,
> > > > > >
> > > > > > Claudio
> > > > >
> > > > > My solution: split sys-net to sys-net-wifi and sys-net-eth and
> assign the respective controllers to them. Also split sys-firewall.
> > > > >
> > > > > This way you will have two completely independent networks and
> firewalls, and you can switch AppVMs between them as you wish, even while
> they are running.
> > > > >
> > > > > When you are not phisically at work, you can shut down sys-net-eth
> and sys-fw-eth to save ram.
> > > > >
> > > > >
> > > >
> > > > Hi, Thanks again for your answer.
> > > >
> > > > I've cloned sys-net as sys-net-wifi-only and started it, but when I
> click on
> > > > the icon no networks display. I've restarted Qubes but still this
> second net
> > > > VM does not display any networks.
> > > >
> > > > Any ideas?
> > > >
> > > > Regards,
> > > >
> > > > Claudio
> > > >
> > > You did allocate your wifi card to sys-net-wifi and ensure that it is
> > > loaded correctly there?
> > >
> >
> > Yes, I've done it. On dom0 I've issued command "qvm-pci attach
> --persistent
> > disp-sys-net :" and afterwards my new sys-net-wifi did not
> > start because the device is in use (I suppose by sys-net).
> >
> > Any ideas?
> >
> > Thanks,
> >
> > Claudio
> >
>
> Depending on how you configured sys-net you may have to reboot after
> removing the wifi from sys-net before it becomes available to use in
> your new sys-net-wifi.
>
> Shutdown sys-net - remove the wifi adapter - reboot - start sys-net -
> start sys-net-wifi
>
> --
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to qubes-users@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/qubes-users/20190412000523.yh7pefhk2hthqf63%40thirdeyesecurity.org
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAOu9i0gHaU77eGxAVfoU2xaMEiD3Feiw9ejcjOuScK41YQAbmw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix-ws kill switch?
I did your quick test...stopped fine. Good stuff... Good Whonix-Qubes Links: https://www.qubes-os.org/doc/whonix/ https://www.whonix.org/ Thanks all, -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd3f15a9-3503-425b-8166-ee6af5ce1d7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Linux Mint gets lost when I connect lan cable (also issues with Windows 10 VM)
On Thu, Apr 11, 2019 at 09:39:04AM +0300, Claudio Chinicz wrote:
> On 11/04/2019 3:24, unman wrote:
> > On Wed, Apr 10, 2019 at 09:21:07AM +0300, Claudio Chinicz wrote:
> > > On 09/04/2019 19:27, 'qmirfw' via qubes-users wrote:
> > > > On Monday, April 8, 2019 2:44 PM, Claudio Chinicz
> > > > wrote:
> > > >
> > > > > Hi All,
> > > > >
> > > > > My Linux Mint VM works ok when the notebook is connected to wifi only.
> > > > > When I connect the lan cable I see the icon in the upper right corner
> > > > > indicating both wifi and wired connections are available and this VM
> > > > > looses internet connection. In the VM, Linux still sees it is
> > > > > connected
> > > > > ("wired" is the default - eth) but without internet connection.
> > > > >
> > > > > If I disconnect the lan cable the VM sees internet connection as
> > > > > before.
> > > > >
> > > > > By the way, my Windows 10 VM sees both but if I'm using wifi and
> > > > > connect
> > > > > the cable or vice versa, I have to shut it down (and everything else
> > > > > that uses sys-firewall) and restart sys-net.
> > > > >
> > > > > I need to connect through lan cable in order to access corporate AD
> > > > > resources.. otherwise I'd use only wifi and forget about this issue.
> > > > >
> > > > > Thanks in advance for any insight from the community,
> > > > >
> > > > > Claudio
> > > >
> > > > My solution: split sys-net to sys-net-wifi and sys-net-eth and assign
> > > > the respective controllers to them. Also split sys-firewall.
> > > >
> > > > This way you will have two completely independent networks and
> > > > firewalls, and you can switch AppVMs between them as you wish, even
> > > > while they are running.
> > > >
> > > > When you are not phisically at work, you can shut down sys-net-eth and
> > > > sys-fw-eth to save ram.
> > > >
> > > >
> > >
> > > Hi, Thanks again for your answer.
> > >
> > > I've cloned sys-net as sys-net-wifi-only and started it, but when I click
> > > on
> > > the icon no networks display. I've restarted Qubes but still this second
> > > net
> > > VM does not display any networks.
> > >
> > > Any ideas?
> > >
> > > Regards,
> > >
> > > Claudio
> > >
> > You did allocate your wifi card to sys-net-wifi and ensure that it is
> > loaded correctly there?
> >
>
> Yes, I've done it. On dom0 I've issued command "qvm-pci attach --persistent
> disp-sys-net :" and afterwards my new sys-net-wifi did not
> start because the device is in use (I suppose by sys-net).
>
> Any ideas?
>
> Thanks,
>
> Claudio
>
Depending on how you configured sys-net you may have to reboot after
removing the wifi from sys-net before it becomes available to use in
your new sys-net-wifi.
Shutdown sys-net - remove the wifi adapter - reboot - start sys-net -
start sys-net-wifi
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20190412000523.yh7pefhk2hthqf63%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Whonix-ws kill switch?
22...@tutamail.com: If I am using Whonix-gw and Whonix-ws on Qubes is there in a sense a Tor kill switch in place by default? i.e. would Whonix-ws, if always connected to whonix-gw, ONLY transmit data thru Tor? or if the Tor circuit breaks is the data transferred thru clear-net... Yes, that is one of Whonix's goals. You could test it by starting a whonix-ws session, then stopping the Tor process in whonix-gw, and seeing if you can get anywhere outside it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b5842db-d07f-51a4-dfc3-3090dca61c4c%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
jrsmi...@gmail.com: On Wednesday, April 10, 2019 at 1:35:38 PM UTC-7, neovalis wrote: Low latency game streaming is fantastic and doesn't need a GPU on the client to work well. Moonlight Stream https://moonlight-stream.org/ is a great open source project that allows near zero latency game streaming over lan and internet (internet streaming requires a vpn and reducing video quality but is still very functional). If I would have known this I wouldn't have wasted so much time working on video pci passthrough setup. Hopefully this post will help more people have their cake and eat it too as I have. Thanks, -Neovalis I guess I'm missing a major point. Why would one want to game on Qubes? Nice writeup, Neovalis! Jrsmiley, he's not gaming "on" Qubes exactly. He's using a separate PC running Windows to act as a game server, then remote controlling/streaming it from his Qubes PC. This allows someone to keep only one good set of monitors & peripherals. It's also a good way to separate the PCs for security purposes. On the other hand, some people like to have the ability to game on a Windows HVM on Qubes so that Windows intentionally does not have direct hardware access except to passed-through devices. This is also for security purposes, and/or can be less expensive than purchasing two separate systems. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3dd8f55c-eb92-e2ee-765b-892929d34883%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
On Thu, 11 Apr 2019, jrsmi...@gmail.com wrote:
> On Wednesday, April 10, 2019 at 3:25:34 AM UTC-7, unman wrote:
> > On Tue, Apr 09, 2019 at 11:45:02AM -0700, jrsmi...@gmail.com wrote:
> > > If there is no signal on PS/2 ground or I can eliminate it, is this the
> > > more secure route or is it worth doing the USB shuffle? I have 4 USB
> > > controllers available.
> > >
> >
> > If you really have 4 USB controllers I would allocate one to dom0 and 3
> > to sys-usb (or more than one sys-usb).
> > Depending on your level of paranoia you might want to permanently attach
> > the devices to the usb port in dom0 - I mean physically.
>
> I see now why you phrased it the way you did ("If you really have 4 USB
> controllers..."). After running `sudo lspci -vv | grep -i usb` and getting
> back only two hits as dom0 I began digging. After all, my mobo docs and box
> says:
>
> Chipset+Intel ® Thunderbolt TM 3 Controller:
> - 2 x USB Type-C TM ports on the back panel, with USB 3.1 Gen 2 support
> Chipset+ASMedia ® USB 3.1 Gen 2 Controller:
> - 1 x USB Type-C TM port with USB 3.1 Gen 2 support, available through the
> internal USB header
> Chipset+Realtek ® USB 3.1 Gen 1 Hub:
> - 4 x USB 3.1 Gen 1 ports on the back panel
> Chipset:
> - 4 x USB 3.1 Gen 1 ports available through the internal USB headers
> - 6 x USB 2.0/1.1 ports (2 ports on the back panel, 4 ports available through
> the internal USB headers)
>
> so *obviously* there are four USB controllers, right? I can account for one
> of them not showing up, that's the controller in the Tunderbolt chipset.
> This shows up in Ubuntu as one of three USB controllers seen by lspci, but
> Qubes doesn't see it. The fourth could be the USB 3.1 Gen 2 front panel
> controller, which I haven't populated yet.
>
> Some of the docs I ran across describing lsusb looked promising, but
> then they would say something like, "you can see from the output above
> that there are two controllers", but it wasn't clear to me which were
> controllers vs hubs. I did learn that some controllers have multiple
> hubs (say USB 2.0 and USB 3.0), but it's much less straightforward to
> clearly identify the USB controllers than I thought it would be. I'm no
> longer sure that even that is the correct way to look at it since there
> could be multiple controllers on the same PCIe bus and the level of
> granularity we have to work with in Qubes is at the PCIe level.
You could see if your bios allows disabling USB3/XHCI for the chipset
USB controllers. There are some USB combining tricks on some MBs that
might eat away (two) ehci controllers (and output only one xhci
controller).
--
i.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.1904112156280.13646%40whs-18.cs.helsinki.fi.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Linux Mint gets lost when I connect lan cable (also issues with Windows 10 VM)
On 11/04/2019 3:24, unman wrote:
On Wed, Apr 10, 2019 at 09:21:07AM +0300, Claudio Chinicz wrote:
On 09/04/2019 19:27, 'qmirfw' via qubes-users wrote:
On Monday, April 8, 2019 2:44 PM, Claudio Chinicz wrote:
Hi All,
My Linux Mint VM works ok when the notebook is connected to wifi only.
When I connect the lan cable I see the icon in the upper right corner
indicating both wifi and wired connections are available and this VM
looses internet connection. In the VM, Linux still sees it is connected
("wired" is the default - eth) but without internet connection.
If I disconnect the lan cable the VM sees internet connection as before.
By the way, my Windows 10 VM sees both but if I'm using wifi and connect
the cable or vice versa, I have to shut it down (and everything else
that uses sys-firewall) and restart sys-net.
I need to connect through lan cable in order to access corporate AD
resources.. otherwise I'd use only wifi and forget about this issue.
Thanks in advance for any insight from the community,
Claudio
My solution: split sys-net to sys-net-wifi and sys-net-eth and assign the
respective controllers to them. Also split sys-firewall.
This way you will have two completely independent networks and firewalls, and
you can switch AppVMs between them as you wish, even while they are running.
When you are not phisically at work, you can shut down sys-net-eth and
sys-fw-eth to save ram.
Hi, Thanks again for your answer.
I've cloned sys-net as sys-net-wifi-only and started it, but when I click on
the icon no networks display. I've restarted Qubes but still this second net
VM does not display any networks.
Any ideas?
Regards,
Claudio
You did allocate your wifi card to sys-net-wifi and ensure that it is
loaded correctly there?
Yes, I've done it. On dom0 I've issued command "qvm-pci attach
--persistent disp-sys-net :" and afterwards my new
sys-net-wifi did not start because the device is in use (I suppose by
sys-net).
Any ideas?
Thanks,
Claudio
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/q8mne8%241vbu%241%40blaine.gmane.org.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
On Thursday, April 11, 2019 at 9:21:22 PM UTC+2, jrsm...@gmail.com wrote: > That makes sense. I was thinking along the lines of 3K-4K with all of the > eye candy dialed to Ultra. You could with a higher end video card. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9915ccd8-6041-4f6b-b79a-8c567665ddd8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
On Thursday, April 11, 2019 at 11:44:48 AM UTC-7, John Mitchell wrote: > On Thursday, April 11, 2019 at 7:31:49 PM UTC+2, jrsm...@gmail.com wrote: > > So do I. I just boot Windows for that though. I’m a very curious sort and > > genuinely don’t understand if you’re playing AAA games at high rez and > > frame rates. You’ll never get the performance for this use case out of a > > virtualized environment that you get with native Windows. > > The performance loss depends on the system. Some only lose 5%, I think I > lose a little more however I still have average 50 FPS at 1080p on a RX590 > and expect that will improve when the QEMU patches in the pipeline are > applied. That makes sense. I was thinking along the lines of 3K-4K with all of the eye candy dialed to Ultra. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d318825c-a2fb-4686-901b-e7fb11f1809f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
On Wednesday, April 10, 2019 at 3:25:34 AM UTC-7, unman wrote:
> On Tue, Apr 09, 2019 at 11:45:02AM -0700, jrsmi...@gmail.com wrote:
> > If there is no signal on PS/2 ground or I can eliminate it, is this the
> > more secure route or is it worth doing the USB shuffle? I have 4 USB
> > controllers available.
> >
>
> If you really have 4 USB controllers I would allocate one to dom0 and 3
> to sys-usb (or more than one sys-usb).
> Depending on your level of paranoia you might want to permanently attach
> the devices to the usb port in dom0 - I mean physically.
I see now why you phrased it the way you did ("If you really have 4 USB
controllers..."). After running `sudo lspci -vv | grep -i usb` and getting
back only two hits as dom0 I began digging. After all, my mobo docs and box
says:
Chipset+Intel ® Thunderbolt TM 3 Controller:
- 2 x USB Type-C TM ports on the back panel, with USB 3.1 Gen 2 support
Chipset+ASMedia ® USB 3.1 Gen 2 Controller:
- 1 x USB Type-C TM port with USB 3.1 Gen 2 support, available through the
internal USB header
Chipset+Realtek ® USB 3.1 Gen 1 Hub:
- 4 x USB 3.1 Gen 1 ports on the back panel
Chipset:
- 4 x USB 3.1 Gen 1 ports available through the internal USB headers
- 6 x USB 2.0/1.1 ports (2 ports on the back panel, 4 ports available through
the internal USB headers)
so *obviously* there are four USB controllers, right? I can account for one of
them not showing up, that's the controller in the Tunderbolt chipset. This
shows up in Ubuntu as one of three USB controllers seen by lspci, but Qubes
doesn't see it. The fourth could be the USB 3.1 Gen 2 front panel controller,
which I haven't populated yet.
Some of the docs I ran across describing lsusb looked promising, but then they
would say something like, "you can see from the output above that there are two
controllers", but it wasn't clear to me which were controllers vs hubs. I did
learn that some controllers have multiple hubs (say USB 2.0 and USB 3.0), but
it's much less straightforward to clearly identify the USB controllers than I
thought it would be. I'm no longer sure that even that is the correct way to
look at it since there could be multiple controllers on the same PCIe bus and
the level of granularity we have to work with in Qubes is at the PCIe level.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/a8cc1083-a65a-415c-893e-69be0dc50656%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix-ws kill switch?
I appreciate the follow up...I have that setup. My concern is I have to trust the VPN provider... I used to use Torbirdy in my Whonix-gw Thunderbird a while ago (Installed by default) but it seems it "...is incompatible with Thunderbird 60.6.1...", at least that is the message I get when I look into Tools -> Add-ons in Thunderbird. I am trying to find the best solution that balances usability with security for my email client in what I assume is the most secure in Qubes (Whonix-gw/Thunderbird). My understanding is Torbirdy would "Force" Thunderbird thru Tor only. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/24150330-60da-49f9-9e83-d052f710af93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
On Thursday, April 11, 2019 at 7:31:49 PM UTC+2, jrsm...@gmail.com wrote: > So do I. I just boot Windows for that though. I’m a very curious sort and > genuinely don’t understand if you’re playing AAA games at high rez and frame > rates. You’ll never get the performance for this use case out of a > virtualized environment that you get with native Windows. The performance loss depends on the system. Some only lose 5%, I think I lose a little more however I still have average 50 FPS at 1080p on a RX590 and expect that will improve when the QEMU patches in the pipeline are applied. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/661c74c9-2487-46e5-8aeb-4156341eec32%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix-ws kill switch?
On Thursday, April 11, 2019 at 10:12:55 AM UTC-7, 22...@tutamail.com wrote: > If I am using Whonix-gw and Whonix-ws on Qubes is there in a sense a Tor kill > switch in place by default? i.e. would Whonix-ws, if always connected to > whonix-gw, ONLY transmit data thru Tor? or if the Tor circuit breaks is the > data transferred thru clear-net... > > Thx This doesn't really answer the question you asked, but have you considered using a VPN that has a kill switch feature? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4428baf-0d48-445d-9289-73b02e1dd181%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
So do I. I just boot Windows for that though. I’m a very curious sort and genuinely don’t understand if you’re playing AAA games at high rez and frame rates. You’ll never get the performance for this use case out of a virtualized environment that you get with native Windows. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f117f79-cae7-4f72-bf7b-00154c30c6d0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix-ws kill switch?
If I am using Whonix-gw and Whonix-ws on Qubes is there in a sense a Tor kill switch in place by default? i.e. would Whonix-ws, if always connected to whonix-gw, ONLY transmit data thru Tor? or if the Tor circuit breaks is the data transferred thru clear-net... Thx -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0353f610-ab46-403b-9355-41005506998c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
On Thursday, April 11, 2019 at 6:19:22 AM UTC+2, jrsm...@gmail.com wrote: > > I guess I'm missing a major point. Why would one want to game on Qubes? Some of us like to have fun! ;) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e36a3878-9552-47b5-a815-80fe19e031da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Looking to edit rules.ml of my mirage-firewall VM but since I cannot run shell, IDK what to do
On Thursday, April 11, 2019 at 4:16:17 AM UTC+1, Sphere wrote:
> @unman Thanks for the clarification. I suppose I misunderstood it wrong since
> I thought you have to set it directly using some sort of text editor and be
> done with it. So I'll have to recompile it I see, welp guess I have no choice
> but go through with that haha
>
> On Thursday, April 11, 2019 at 3:16:32 AM UTC+8, 799 wrote:
> > Hello,
> >
> >
> >
> > Thomas Leonard schrieb am Mi., 10. Apr. 2019, 20:42:
> > (...)
> >
> > To change the rules, you edit rules.ml, rebuild and redeploy (this should
> > only take a couple of seconds after the first build).
> >
> >
> > (...)
> >
> >
> >
> > Can you or someone from the mirage fw for Qubes team give some examples how
> > to write rules for mirage?
> >
> >
> > Examples:
> >
> >
> > 1) can access via ssh
> > 2) can reach using via TCP
> > 3) Block access from to
> >
> > I think some example rules will make it easier to understand how to write
> > rules.
I've added some examples at
https://github.com/mirage/qubes-mirage-firewall/pull/54 (see the changes to
rules.ml).
Actually, matching on individual machines was a bit ugly, so I also made some
changes to let you name all the machines you want to refer at the start of the
rules file. You'll need those changes too for the new examples to work.
> > Regarding rebuilding and redployment:
> > Maybe we can write a small script that will do the following:
> >
> >
> > - launch mirage build VM
> > - apply changes to rules.ml
> > - rebuild
> > - copy new kernel files back to dom0
> > - shutdown mirage build VM
> > - restart mirage firewall proxyVM
See:
https://github.com/mirage/qubes-mirage-firewall/#easy-deployment-for-developers
e.g. I build and deploy the firewall from my dev VM with:
[dev]$ make && test-mirage qubes_firewall.xen mirage-firewall
It does what you describe, and also tails the log file so you can see it from
the build VM. The process is triggered from the build VM rather than from dom0
because working in dom0 is risky. There is a policy so that only the builder VM
can push the kernel, and only the mirage-firewall kernel can be updated.
Note that the instructions for test-mirage show how to set up a "mirage-test"
unikernel. You'll need to use "mirage-firewall" as the name instead.
> I second this idea. I'm having a hard time myself trying to absorb the very
> raw instructions of making rules in the rules.ml
>
> While the added convenience expands the surface of attack by a bit, I think
> this can be very useful in environments where you have to frequently interact
> with firewall rules.
>
> Also got questions about makings rules in rules.ml
>
> let from_client = function
> | { dst = (`External _ | `NetVM) } -> `NAT
> | { dst = `Client_gateway; proto = `UDP { dport = 53 } } -> `NAT_to
> (`NetVM, 53)
> | { dst = (`Client_gateway | `Firewall_uplink) } -> `Drop "packet addressed
> to firewall itself"
> | { dst = `Client _ } -> `Drop "prevent communication between client VMs"
>
> Does `NAT_to (`NetVM, 53) mean that NAT will be applied to the outgoing
> packet then NetVM itself will process the DNS Query within its own VM
> context? If this is right, then configuring a wrong DNS server within NetVM
> would essentially mean DNS resolutions will fail right?
Yes. Client AppVMs are by default configured to use the firewall as their DNS
(check your /etc/resolv.conf). The firewall then just forwards these requests
to sys-net.
> Or is this because the rule { dst = `Client_gateway; proto = `UDP { dport =
> 53 } } -> `NAT_to (`NetVM, 53) is intended for internal DNS resolutions?
> (From my own understanding, that seems to be the case but I'd like to be
> corrected if this rule really is for internet DNS resolutions)
>
> Moving forward, if I have no lapses in understanding the guidelines in making
> rules, then this must be the ruleset for allowing only outgoing traffic
> towards port 25, 110, and 143:
>
> let from_client = function
> | { dst = (`External _ | `NetVM); proto = `TCP { dport = 25, 110, 143 } }
> -> `NAT
Nearly: dport = (25 | 110 | 143)
> | { dst = (`Client_gateway | `Firewall_uplink) } -> `Drop "packet addressed
> to firewall itself"
> | { dst = `Client _ } -> `Drop "prevent communication between client VMs"
>
> I also want to know why there is an underscore in front of `External and
> `Client
That space contains information about which client or external machine it is.
"_" matches anything.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/37a88678-4afc-4ea8-aa8c-b7fc6515c538%40googlegroups.com.
For more options, visit https:/
Re: [qubes-users] Re: Qubes Os 4.0 - problem with performance
On Wed, Apr 10, 2019 at 10:00:47PM +, john s. wrote: > sorry, after I posted I read your full post , you have an AMD system > > so maybe you don't have "intel speedstep" , as it's apparently just intel > > on AMD it's called "cool n quiet" if you have that try turning it off > > > problem is it will make your cpu run hotter, hence monitoring cpu > temp and /or increasing fan speed to compensate > > g'luck I will look for that option. How this feature can hurt performance? I do not see how this can cause problems... Especially that qubes os 3.2 was working fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2019045047.GA3569%40hackerspace.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Corebooted G505s Suspend/Resume Fails
> Xen is difficult to debug without a classic onboard serial port for
> console output. Has to be some bug in that function.
Could Xen print messages to a screen? If yes, then it is possible to
find this function and insert the bunch of printf("1/2/3/etc") //
sleep(1) ( sleep is necessary to ensure that, before some action that
freezes the system, your just-printed message will be displayed on a
screen - without sleep, if it freezes too fast, may be not enough time
to display)
Although I have FT232H USB debug dongle, which could be used to get
the console output from USB 2.0 port (e.g. coreboot cbmem log) - I
don't know if it could be useful for Xen messages as well (and if any
extra configuration is required to make Xen output to this dongle),
and so many projects I don't have enough time to figure this out. So,
if you have some free time, you may try this printf / sleep approach
above.
Or, alternatively, please open a bug at Xen about this regression,
maybe they know an easy way of how to disable this check for AMD or at
least could provide some debugging ideas... It is in our best
interests that some solution for this problem gets upstreamed.
Best regards,
Mike Banon
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/CAK7947nLKz59r0qV-q0LFesufBUe3dm_KsJgkniguECBxGknVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: all new kernels are unusable with amdgpu - Sapphire Nitro + RX590
CooSee wrote on 4/6/19 8:07 PM: however, i assume the combination with very old dom0 + xen + fedora 25 is not really possible to use on newer hardware. You might be interested in Qubes 4.1 which will run Fedora 29 in dom0. It's not ready for release yet, but you could keep an eye out or possibly help develop it. Debian has a way better Package Manager and is much smarter then DNF - why not using dom0 with Debian? See https://github.com/QubesOS/qubes-issues/issues/1919. On Qubes the user has no real control of the system, e.g. the Kernel with so much compiled in modules no one needs or will never use. there should be a possibility to create your own Kernel on Qubes. Qubes can be built by following https://www.qubes-os.org/doc/qubes-iso-building/. You can tweak the kernel to your liking at the appropriate step. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0a2b97e6-dac4-ec88-6fc0-12bac722f651%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Corebooted G505s Suspend/Resume Fails
For the patching, I modified the xen.spec(.in) file adding the patch to the already existing set of patches (eg. as Patch628). This way the patch is applied even after make clean, when the xen sources are gunzipped again. I also compiled xen-4.12.0 with the patch, and there were no compilation errors. I cannot test this yet on dev:Qubes 4.1, FC29 dom0, because I'm having trouble setting up a working fc29 dom0. Interestingly, suspend-by-lid-closing works for the first time after a clean boot, but then better to use the menu. Maybe some ACPI functions get broken after first suspend/resume. (but this is rather a CB and not Qubes topic...). About debugging: yes, it would be great to have serial debugging on g505s (without an addon card), and I think it is not entirely impossible through the EC debug port (JP3), or EHCI...But this is rather a topic for CB and @Mike... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ffc013dc-b25e-4e5f-a739-f627f3b344d3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
