Re: [qubes-users] I have a question please.
ljul8...@gmail.com wrote: I have a question but I found nothing online regarding this. Let’s say I used my own connection to check if Qubes in my new laptop works and then I only ever used it with public wifi. Let’s say someone infects my laptop and finds out everything about it, will he/she be able to know that I had once used the laptop with Qubes with my own connection? Assuming you used DHCP, there could be log entries in sys-net with home networking info. Also, NetworkManager saves SSID connection data in sys-net. If you want to delete it, create a new sys-net and delete the old. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd62338f-5a56-4ecd-87ac-7bf80c3d02ea%40danwin1210.me. For more options, visit https://groups.google.com/d/optout.
[qubes-users] I have a question please.
I have a question but I found nothing online regarding this. Let’s say I used my own connection to check if Qubes in my new laptop works and then I only ever used it with public wifi. Let’s say someone infects my laptop and finds out everything about it, will he/she be able to know that I had once used the laptop with Qubes with my own connection? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/07316939-b2ed-4521-91f6-371b2c72f97c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Surface Pro 3 (i5-4300U 4Gb)
Thanks for info and your time. Question: Should I go with Surface Pro 6? Intel Core i5-8250U Intel UHD Graphics 620 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1b429000-efe8-4d58-80f1-c9aa12c75fb2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes - Critique (long)
On 5/10/19 12:16 PM, Marc Griffiths wrote: Hi everyone. Nice critique John. To throw in my perspective as an experienced Linux user switching to Qubes as sole laptop OS a few months back. Primary usecase for me is #1 increased security when using crypto exchanges and #2 the feeling of spinning up an environment that I have confidence in being private, for the writing of personal notes and reflections. The concept is awesome, perfectly designed for protection against malicious applications, websites and devices. Although it offers no protection against Intel Management Engine. There is much more to low-level vulnerabilities than IME: PortSmash, Foreshadow, Rowhammer, etc. Overall, AMD processors appear to be less vulnerable than Intel. My experience of installing on a Lenovo Yoga 720 was seamless, everything worked including the touch screen. However, I experienced a lot of random browser crashing. Chromium dead birds on a fairly regular basis. Vivaldi, Chromium, and Firefox browser windows disappearing without error, on both Fedora and Debian. Upgrading to Fedora 29, and upgrading dom0 didn't resolve the problem. A few times the desktop became unresponsive, and while I was able to ctrl+alt+F2 to dom0, it wasn't clear how I could view processes running on a particular VM. Sorry to hear about the stability issues. You might try updating your UEFI firmware to see if that helps.. the precise way that it configures advanced hardware features (seldom used by other operating systems) does have an impact on both compatibility and stability. This is also a good reason to stick with business-oriented computers because vendors take more care to get advanced features working correctly on them; its one of the reasons why Thinkpads are so popular among Qubes users. I'd be interested in knowing what audience Qubes is aimed at. With the rapidly increasing public awareness on cyber-security and privacy, Qubes could very easily find itself in high demand. At present though it's only going to appeal to experienced Linux users, which is a shame, because it wouldn't be that much work to make it far more accessible. If the Qubes team is interested in a larger audience, I would suggest: * Include Ubuntu based VM as default, or at least make the process of adding a Ubuntu template significantly easier * Include a brief getting started guide that covers essentials such as cross VM copy/paste, accessing devices, upgrading software etc * If we're limited to XFCE, then include guides on customising to be more like other environments. Most critical for me was adding shortcuts for switching desktops and moving windows between desktops: System tools > Window Manager > Keyboard * A guide on the limitations: what does Qubes protect you from, what does it not protect you from, what are the next steps to improve security. Having a colour-coded grid to communicate this would be excellent. You're not limited to XFCE, and in my experience KDE works better. Next step for me is ordering a T400, which doesn't have Intel Management Engine, supports Libreboot, and has proven itself as an uncrashable workhorse. I used to run Windows and SUSE on this laptop back in 2008-2011, it never crashed, despite running a complex J2EE dev environment. I will miss having 16GB RAM, but the i7 I can happily part with. I doubt that Qubes will install or run on a T400. Qubes was initially developed on Sandy Bridge-era hardware, and the requisite virtualization features in chipsets was still maturing up to that point. I feel obliged to mention that if you want to avoid management engines and a raft of other processor vulns, you should look to the AMD 15h generation of chips (circa 2013). In the form of a Lenovo G505s A10, installing Qubes first requires re-flashing the firmware with Coreboot... an exercise that I'm about to try. :) -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1025b4f-2c6d-84a9-47cb-fcfacb88ecdb%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: how to use app-shutdown-idle
On 5/10/19 11:30 AM, 'qubeslover' via qubes-users wrote: > > > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Sunday, May 5, 2019 2:17 PM, wrote: > >> On 5/4/19 12:13 PM, 'qubeslover' via qubes-users wrote: >> >>> Sent with ProtonMail Secure Email. >>> ‐‐‐ Original Message ‐‐‐ >>> On Friday, May 3, 2019 8:27 PM, >>> liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2...@public.gmane.org wrote: >>> On 5/2/19 10:55 AM, 'qubeslover' via qubes-users wrote: > ‐‐‐ Original Message ‐‐‐ > On Wednesday, May 1, 2019 11:19 AM, > liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2ibg-xmd5yjdbdmrexy1tmh2...@public.gmane.org > wrote: > >> On 5/1/19 4:38 AM, Thierry Laurion wrote: >> >>> On Mon, Apr 29, 2019, 04:36 , >>> >> >>> mailto:liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2ibg-xmd5yjdbdmrexy1tmh2...@public.gmane.org> >>> wrote: >>> >>> Hi! >>> >>> According to https://github.com/QubesOS/updates-status/issues/782 >>> the script "app-shutdown-idle" is included in the latest stable >>> templates. >>> How to enable/use it? Unfortunately, I couldn't find any >>> documentation in https://github.com/QubesOS/qubes-app-shutdown-idle to >>> use it. >>> >>> >>> "The mechanism is opt-in - enable |shutdown-idle| service in qube >>> settings to use it." >>> Which litterally means what it says. >> >> [dom0]$ qvm-service --enable AppVmName shutdown-idle >> did not the trick. The vms stay running even if all windows are closed. >> Additionally, I couldn't find anywhere the setting >> 'qubesidle.idleness_monitor' mentioned in the second link to adjust the >> timeout. >> Any help how to do and where to enable it is appreciated. > > Hi, > (more or less) same problem here. On my laptop shutdown-idle only works > with Fedora-based VMs. It has never worked with Debian/Whonix-based VMs. Could you describe please in a bit more detail how you enable this service. For me the commandline above does not work even for Fedora templates. The questions are as following: 1. which commandline do you use to enable it? 2. Does the service setting apply to a running AppVm or do I have to restart it to be enabled? 3. where can I find the timeout property 'qubesidle.idleness_monitor'? 4. Is the service setting a persistent setting or do I need an autostart script in dom0 for that? >>> >>> Hi, >>> >>> 1. In a fedora-29 template type "sudo dnf install qubes-idle" >>> >>> 2. Create a fedora-29 based VM (let's call it "shutdown", it is just a >>> test) >>> >>> 3. Shutdown's "Qubes Setting" -> Services -> Type shutdown-idle in the bar >>> and click on + >>> >>> 4. Open a terminal in the Qube we called 'shutdown' and close it. >>> >>> >>> 4b. If you want to check that qubes-idle-watcher is running type in the >>> terminal ps aux | grep qubes-idle-watcher : you should see something like >>> this running: >>> user 764 0.3 1.6 243856 25340 ? S 13:07 0:00 /usr/bin/python3 >>> /usr/bin/qubes-idle-watcher >>> >>> 5. Close the terminal in the qubes. >>> >>> 6. After 15 minutes (without any windows open) the qubes 'shutdown' should >>> automatically shutdown :-) >>> >>> >>> This works just perfectly in fedora-based VMs but it is not working in >>> Debian/Whomix-based VMs. >>> Cheers >> >> Qubeslover, thank you very much for the detailled explanation. I managed it >> to enable! Now, I'm a qubeslover-lover. :) >> > > Glad it has been helpful. I have a question. Have you managed to run > shutdown-idle in a Fedora-based VM? Or in a Debian-based one? In this latter, > if I type 'ps aux | grep qubes' I notice the the process 'qubes-idle-watcher' > is not running (and even if I launch it manually it does not work). > > Cheers > It runs for Fedora-based VMs like a charm. In Debian I encounter the same like described by you: this process is not running. I haven't tried the testing packages as proposed by unman. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7809aa00-85e7-2e3a-229b-50f874db93a1%40gmx.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes - Critique (long)
Hi everyone. Nice critique John. To throw in my perspective as an experienced Linux user switching to Qubes as sole laptop OS a few months back. Primary usecase for me is #1 increased security when using crypto exchanges and #2 the feeling of spinning up an environment that I have confidence in being private, for the writing of personal notes and reflections. The concept is awesome, perfectly designed for protection against malicious applications, websites and devices. Although it offers no protection against Intel Management Engine. My experience of installing on a Lenovo Yoga 720 was seamless, everything worked including the touch screen. However, I experienced a lot of random browser crashing. Chromium dead birds on a fairly regular basis. Vivaldi, Chromium, and Firefox browser windows disappearing without error, on both Fedora and Debian. Upgrading to Fedora 29, and upgrading dom0 didn't resolve the problem. A few times the desktop became unresponsive, and while I was able to ctrl+alt+F2 to dom0, it wasn't clear how I could view processes running on a particular VM. I'd be interested in knowing what audience Qubes is aimed at. With the rapidly increasing public awareness on cyber-security and privacy, Qubes could very easily find itself in high demand. At present though it's only going to appeal to experienced Linux users, which is a shame, because it wouldn't be that much work to make it far more accessible. If the Qubes team is interested in a larger audience, I would suggest: - Include Ubuntu based VM as default, or at least make the process of adding a Ubuntu template significantly easier - Include a brief getting started guide that covers essentials such as cross VM copy/paste, accessing devices, upgrading software etc - If we're limited to XFCE, then include guides on customising to be more like other environments. Most critical for me was adding shortcuts for switching desktops and moving windows between desktops: System tools > Window Manager > Keyboard - A guide on the limitations: what does Qubes protect you from, what does it not protect you from, what are the next steps to improve security. Having a colour-coded grid to communicate this would be excellent. Next step for me is ordering a T400, which doesn't have Intel Management Engine, supports Libreboot, and has proven itself as an uncrashable workhorse. I used to run Windows and SUSE on this laptop back in 2008-2011, it never crashed, despite running a complex J2EE dev environment. I will miss having 16GB RAM, but the i7 I can happily part with. Marc Griffiths marc.d.griffi...@gmail.com On Sun, 31 Mar 2019 at 11:18, wrote: > Chris mentioned: > > "The current Firefox ESR does have a tendency to freeze temporarily when > memory gets low. I'm considering switching to the non-ESR 'firefox' > package in Debian to see if the newer versions are better in this respect." > > My computer (Intel NUC7i7) has 32 GB RAM, so I doubt I am having low > memory issues -- but I suppose with my tendency to open a lot of tabs, it > could happen. > > I finally got around to trashing the ESR version of Firefox and installing > the latest "regular" release. It is too early to tell (less than a day), > but I have not run into a problem yet (I had been running into the problem > at least once or twice a day). > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/9fbf11f4-2ca3-45f5-ba11-b708b405ba3a%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPsYiwrunua7mm-4vES16ocftMzAbEnKRMevN5Nqoyeb_OpxDQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] created disposable from AppVM and "lost" the AppVM
Hi, I had a "personal" VM based on Debian. I've run "qvm-prefs personal template_for_dispvm True" and "qvm-features personal appmenus-dispvm 1" and now when I open start I see "Disposable: personal" but "personal" itself disappeared. When I open Qubes Manager I see personal. Luckily, I had created an icon with applications from personal (files and chrome) and through these icons I can start the original personal as a regular AppVM and not as a disposable VM. I want to revert back personal to its original AppVM state, then I'll clone it and create the dispVM from the clone. This way I should see perosnal on start with all the applications under it and also Disposable: personal-clone. Any ideas how can revert personal back to a regular AppVM? I tried "qvm-prefs personal template_for_dispvm False" but it did not work. Thanks, Claudio -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/52759ae5-fae4-4f53-a3ea-1b43ad6c099d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: how to use app-shutdown-idle
Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Sunday, May 5, 2019 2:17 PM, wrote: > On 5/4/19 12:13 PM, 'qubeslover' via qubes-users wrote: > > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > > On Friday, May 3, 2019 8:27 PM, liked2-mmb7mzph...@public.gmane.org wrote: > > > > > On 5/2/19 10:55 AM, 'qubeslover' via qubes-users wrote: > > > > > > > ‐‐‐ Original Message ‐‐‐ > > > > On Wednesday, May 1, 2019 11:19 AM, > > > > liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2...@public.gmane.org wrote: > > > > > > > > > On 5/1/19 4:38 AM, Thierry Laurion wrote: > > > > > > > > > > > On Mon, Apr 29, 2019, 04:36 , > > > > > > > > > > > mailto:liked2-mmb7mzphnfy-xmd5yjdbdmrexy1tmh2...@public.gmane.org> > > > > > > wrote: > > > > > > > > > > > > Hi! > > > > > > > > > > > > According to > > > > > > https://github.com/QubesOS/updates-status/issues/782 the script > > > > > > "app-shutdown-idle" is included in the latest stable templates. > > > > > > How to enable/use it? Unfortunately, I couldn't find any > > > > > > documentation in https://github.com/QubesOS/qubes-app-shutdown-idle > > > > > > to use it. > > > > > > > > > > > > > > > > > > "The mechanism is opt-in - enable |shutdown-idle| service in qube > > > > > > settings to use it." > > > > > > Which litterally means what it says. > > > > > > > > > > [dom0]$ qvm-service --enable AppVmName shutdown-idle > > > > > did not the trick. The vms stay running even if all windows are > > > > > closed. Additionally, I couldn't find anywhere the setting > > > > > 'qubesidle.idleness_monitor' mentioned in the second link to adjust > > > > > the timeout. > > > > > Any help how to do and where to enable it is appreciated. > > > > > > > > Hi, > > > > (more or less) same problem here. On my laptop shutdown-idle only works > > > > with Fedora-based VMs. It has never worked with Debian/Whonix-based VMs. > > > > > > Could you describe please in a bit more detail how you enable this > > > service. For me the commandline above does not work even for Fedora > > > templates. The questions are as following: > > > > > > 1. which commandline do you use to enable it? > > > 2. Does the service setting apply to a running AppVm or do I have to > > > restart it to be enabled? > > > 3. where can I find the timeout property 'qubesidle.idleness_monitor'? > > > 4. Is the service setting a persistent setting or do I need an autostart > > > script in dom0 for that? > > > > Hi, > > > > 1. In a fedora-29 template type "sudo dnf install qubes-idle" > > > > 2. Create a fedora-29 based VM (let's call it "shutdown", it is just a > > test) > > > > 3. Shutdown's "Qubes Setting" -> Services -> Type shutdown-idle in the bar > > and click on + > > > > 4. Open a terminal in the Qube we called 'shutdown' and close it. > > > > > > 4b. If you want to check that qubes-idle-watcher is running type in the > > terminal ps aux | grep qubes-idle-watcher : you should see something like > > this running: > > user 764 0.3 1.6 243856 25340 ? S 13:07 0:00 /usr/bin/python3 > > /usr/bin/qubes-idle-watcher > > > > 5. Close the terminal in the qubes. > > > > 6. After 15 minutes (without any windows open) the qubes 'shutdown' should > > automatically shutdown :-) > > > > > > This works just perfectly in fedora-based VMs but it is not working in > > Debian/Whomix-based VMs. > > Cheers > > Qubeslover, thank you very much for the detailled explanation. I managed it > to enable! Now, I'm a qubeslover-lover. :) > Glad it has been helpful. I have a question. Have you managed to run shutdown-idle in a Fedora-based VM? Or in a Debian-based one? In this latter, if I type 'ps aux | grep qubes' I notice the the process 'qubes-idle-watcher' is not running (and even if I launch it manually it does not work). Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/55RgUZ2AsdaNth8qQJr8u0XMmYc2elEp2UbMhVIolKmHfb1lOuwH9d2HSk3A653O2vaI272hkAuSuZXQ_Vqbl5SjtxyH9Je6CXebyoRmsrI%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout.
