[qubes-users] Where can I find the .cfg file for my VMs in qubes?
I found /var/lib/qubes/appvms has folders for each VM, but inside each folder there's only firewall.xml and icon.png where can I find the .cfg file that xen uses? And how can I start these VMs using this .cfg? I want to do some xen tests -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/361d61bb-2b84-4bd9-a61a-91189b9bec0c%40googlegroups.com.
VS: [qubes-users] KDE Plasma in dom0 under R4.0.3
This is true, I have one of the first P51 models and it used to have threewi options in the BIOS 1) integrated, 2) hybrid and 3) discrete.With integrated mode everything worked like a dream, also the HDMI output.But after I got some serious problems after an year with the internal display (when powered up the display got distorted after few minutes), lenovo service changed the motherboard and after that there was only two options left in the BIOS (hybrid and discrete). Also the HDMI connector does not work anymore :( Lähetetty Jolla Sailfish -älypuhelimestani.Lähettäjä: brendan.h...@gmail.comLähetetty: sunnuntaina 12. huhtikuuta 2020 1.53Päättymisaika: qubes-usersAihe: Re: [qubes-users] KDE Plasma in dom0 under R4.0.3On Saturday, April 11, 2020 at 7:10:18 PM UTC, Sven Semmler wrote:On Sat, Apr 11, 2020 at 02:48:17PM -0400, Chris Laprise wrote: > I've never had a problem with KDE in dom0 as long as the display manager is > switched to sddm and BIOS is set to integrated graphics. "Discrete graphics" > usually means Nvidia, which is poorly supported in open source operating > systems. Funny enough, motivated by your comment I went and switched back to "hybrid" (aka integrated) graphics ... and all my issues came back! So while I am sure your statement is correct in general, on my particular setup switching to the discrete graphics makes everything work. Every rule has an exception I guess. Hybrid graphics routing for nvidia optimus has changed over the years. On older laptop models, one could select among integrated, hybrid and discrete. For many of us, selecting integrated graphics was the most stable option.On more recent optimus laptops, integrated is no longer an option, you can only select between hybrid and discrete. I believe this limitation is due to how the signal routing now requires some level of firmware support in the discrete chipset to get video out. In any case, hybrid has always (nearly?) impossible to get working under Xen/Qubes...so the next best option has been making discrete work.Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea9af9e6-3584-4779-b0b2-1399c19b71d8%40googlegroups.com. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200412043045.4644925.76304.18465%40gmail.com.
Re: [qubes-users] KDE Plasma in dom0 under R4.0.3
On Saturday, April 11, 2020 at 7:10:18 PM UTC, Sven Semmler wrote: > > On Sat, Apr 11, 2020 at 02:48:17PM -0400, Chris Laprise wrote: > > I've never had a problem with KDE in dom0 as long as the display manager > is > > switched to sddm and BIOS is set to integrated graphics. "Discrete > graphics" > > usually means Nvidia, which is poorly supported in open source operating > > systems. > > Funny enough, motivated by your comment I went and switched back to > "hybrid" (aka integrated) graphics ... and all my issues came back! > > So while I am sure your statement is correct in general, on my > particular setup switching to the discrete graphics makes everything > work. Every rule has an exception I guess. > Hybrid graphics routing for nvidia optimus has changed over the years. On older laptop models, one could select among integrated, hybrid and discrete. For many of us, selecting integrated graphics was the most stable option. On more recent optimus laptops, integrated is no longer an option, you can only select between hybrid and discrete. I believe this limitation is due to how the signal routing now requires some level of firmware support in the discrete chipset to get video out. In any case, hybrid has always (nearly?) impossible to get working under Xen/Qubes...so the next best option has been making discrete work. Brendan -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea9af9e6-3584-4779-b0b2-1399c19b71d8%40googlegroups.com.
[qubes-users] Audio Intel PCH card 0 disappeared in DOM0
Hi everyone, I have an audio issue in DOM0 since last Wednesday (04/08/2020), and I'm unable to fix it... Any help or advise is welcomed!! (as a non English native, please excuse my English) Issue Explanation: Intel PCH Audio card 0 is no more present in pulseaudio GUI, only the NVIDIA HDMI audio card 1 is present. Although hardware is OK (verified with my previous debian hard drive today). Commands, configuration and things that may help: Kernel version: 4.14 (latest versions cause issue on laptop screen power off/on with Nvidia card...) Qubes release 4.0-8 *lspici : OK* 00:1b.0 Audio device: Intel Corporation 8 Series/C220 Series Chipset High Definition Audio Controller (rev 04) Subsystem: Hewlett-Packard Company ZBook 15 Flags: bus master, fast devsel, latency 0, IRQ 22 Memory at d033 (64-bit, non-prefetchable) [size=16K] Capabilities: Kernel driver in use: pciback -- 01:00.1 Audio device: NVIDIA Corporation GK106 HDMI Audio Controller (rev a1) Subsystem: Hewlett-Packard Company Device 197b Flags: bus master, fast devsel, latency 0, IRQ 17 Memory at d000 (32-bit, non-prefetchable) [size=16K] Capabilities: Kernel driver in use: snd_hda_intel */var/lib/alsa/asound.state*:OK This file has the two cards definitions well configured (PCH & NVidia). *journalctl parsing *since January: Only one error on alsa, alsactl kernel crash on Apr08 upon shutdown command (another but beg March so, ignored) Apr 08 17:54:53 dom0 systemd[1]: Stopping Manage Sound Card State (restore and store)... Apr 08 17:54:53 dom0 kernel: audit: type=1131 audit(1586361293.216:308): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=xen-init-dom0 comm="systemd" exe="/usr/lib/systemd/systemd" host Apr 08 17:54:53 dom0 kernel: audit: type=1113 audit(1586361293.216:309): pid=4353 uid=0 auid=1000 ses=2 msg='op=logout id=1000 exe="/usr/sbin/lightdm" hostname=dom0 addr=? terminal=/dev/tty1 Apr 08 17:54:53 dom0 kernel: alsactl[1989]: segfault at 28 ip 5f6263fbc806 sp 7ffcff227110 error 4 in alsactl[5f6263fab000+17000] Apr 08 17:54:53 dom0 kernel: audit: type=1701 audit(1586361293.222:310): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1989 comm="alsactl" exe="/usr/sbin/alsactl" sig=11 res=1 Apr 08 17:54:53 dom0 audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=xen-init-dom0 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res= Apr 08 17:54:53 dom0 audit[4353]: USER_LOGOUT pid=4353 uid=0 auid=1000 ses=2 msg='op=logout id=1000 exe="/usr/sbin/lightdm" hostname=dom0 addr=? terminal=/dev/tty1 res=success' Apr 08 17:54:53 dom0 audit[1989]: ANOM_ABEND auid=4294967295 uid=0 gid=0 ses=4294967295 pid=1989 comm="alsactl" exe="/usr/sbin/alsactl" sig=11 res=1 * From alsa-info.sh:* Loaded ALSA modules : snd_hda_intel Soundcards recognised by ALSA : 1 [NVidia ]: HDA-Intel - HDA NVidia (HDA-Intel HDA Intel PCH not present) Amixer output only sees Card hw:1 'Nvidia' Alsactl output only presents NVidia card 1 controls, not the PCH card 0 ones !!ALSA/HDA dmesg !!-- [ 33.223400] Already setup the GSI :17 [ 33.223410] snd_hda_intel :01:00.1: Disabling MSI [ 33.223414] snd_hda_intel :01:00.1: Handle vga_switcheroo audio client [ 33.241080] snd_hda_codec_idt hdaudioC0D0: autoconfig for 92HD91BXX: line_outs=1 (0xa/0x0/0x0/0x0/0x0) type:line [ 33.241082] snd_hda_codec_idt hdaudioC0D0: speaker_outs=1 (0xd/0x0/0x0/0x0/0x0) [ 33.241084] snd_hda_codec_idt hdaudioC0D0: hp_outs=1 (0xb/0x0/0x0/0x0/0x0) [ 33.241085] snd_hda_codec_idt hdaudioC0D0: mono: mono_out=0x0 [ 33.241086] snd_hda_codec_idt hdaudioC0D0: inputs: [ 33.241088] snd_hda_codec_idt hdaudioC0D0: Mic=0xc [ 33.241089] snd_hda_codec_idt hdaudioC0D0: Internal Mic=0x11 [ 33.241091] snd_hda_codec_idt hdaudioC0D0: Line=0xf [ 33.480372] input: HDA NVidia HDMI/DP,pcm=3 as /devices/pci:00/:00:01.0/:01:00.1/sound/card1/input20 [ 33.480458] input: HDA NVidia HDMI/DP,pcm=7 as /devices/pci:00/:00:01.0/:01:00.1/sound/card1/input21 [ 33.480526] input: HDA NVidia HDMI/DP,pcm=8 as /devices/pci:00/:00:01.0/:01:00.1/sound/card1/input22 [ 33.588662] Adding 11931644k swap on /dev/mapper/qubes_dom0-swap. Priority:-2 extents:1 across:11931644k SSFS * [ 34.289114] input: HDA Intel PCH Mic as /devices/pci:00/:00:1b.0/sound/card0/input16** ** [ 34.289373] input: HDA
Re: [qubes-users] Domain win10 failed to start (after 60 seconds using it): cannot connect to qrexec agent for 60 seconds
On Friday, April 10, 2020 at 5:48:39 PM UTC-3, awokd wrote: > > Guerlan: > > > > > > My Qubes is closing my windows 10 VMs which are based on my Win10 > template > > after 60 seconds, even though they are ok. It says > > > > > > Domain win10 failed to start: cannot connect to qrexec agent for 60 > seconds > > > > > > even though it already had started and I was using it. > > > > > > It happened after I installed qubes-windows-tools > > > Sounds like they didn't install right. In dom0 terminal, check: > qvm-features win10 > "Qrexec" is probably set to 1. Try removing with: > qvm-features win10 qrexec '' > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > Ok so I did qvm-features win10 qrexec 0 and then qvm-features win10 and it shows 0 but it still quits with the same error after 60 seconds -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/82fa4f68-5016-497b-9b3e-74ba9ec99e2e%40googlegroups.com.
Re: [qubes-users] Which version of Xen does Qubes uses? Shouldn't it support OVMF already (HVM EFI boot)?
On Friday, April 10, 2020 at 5:40:10 PM UTC-3, awokd wrote: > > Guerlan: > > Xen 4.4 has support for OVMF. Which version of Xen does Qubes uses? > > Shouldn't it already have this option? > > > "xl info" in dom0 will tell you exactly. Mine says 4.8.5-14. Xen might > be able to support it (although looks like it's not in the default > build), but not the Qubes or QEMU/stubdomain tooling on top of Xen. > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > Can you tell me more about what is QEMU/stubdomain? Do you know of any reasons for them to not compile xen with efi boot support? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fd4f68a4-4702-4ba2-8242-5c08b961074a%40googlegroups.com.
Re: [qubes-users] Domain win10 failed to start (after 60 seconds using it): cannot connect to qrexec agent for 60 seconds
On Friday, April 10, 2020 at 5:48:39 PM UTC-3, awokd wrote: > > Guerlan: > > > > > > My Qubes is closing my windows 10 VMs which are based on my Win10 > template > > after 60 seconds, even though they are ok. It says > > > > > > Domain win10 failed to start: cannot connect to qrexec agent for 60 > seconds > > > > > > even though it already had started and I was using it. > > > > > > It happened after I installed qubes-windows-tools > > > Sounds like they didn't install right. In dom0 terminal, check: > qvm-features win10 > "Qrexec" is probably set to 1. Try removing with: > qvm-features win10 qrexec '' > > -- > - don't top post > Mailing list etiquette: > - trim quoted reply to only relevant portions > - when possible, copy and paste text instead of screenshots > this command of yours don't set it to 0, simply echoes the value 1 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0c8c5b5f-b3ac-4038-91f2-76a10d40ca46%40googlegroups.com.
Re: [qubes-users] How to get application icons in KDE panel?
This seems to be a known issue: https://github.com/QubesOS/qubes-issues/issues/1495 /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411205114.GA1319%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] How to block all non tor traffic
Although it would seem to be a sniffer, I am embarrassed that the sniffer standing sys-firewall shows that the traffic comes from sys-firewall (not sys-whonix). And the sniffer from sys-net doesn't catch the ping connection to the site. In general, I'll deal with iptabals with if there are any more questions I write. -- This mail was sent by Confidesk AG`s secure mail service. Check it on http://www.confidesk.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E1jNMz0-0004f1-Bw%40chwww1.confidesk.com.
Re: [qubes-users] How to block all non tor traffic
This is understandable, but traffic connected to sys-firewall and sys-net bypass tor. On the whonix forum I was told that this is impossible) If I translated his answer correctly. https://forums.whonix.org/t/how-to-block-all-non-tor-traffic/9308 Basically, I figured out that sys-net needs to cut off all traffic that doesn't come from sys-firewall, but I can't figure out what to do with sys-firewall yet. On 2020-04-11, tas...@posteo.net wrote: On 4/11/20 8:32 AM, hsfcyxr hsfcyxr wrote: There’s a second computer to access the Clinet. How do I completely block traffic bypassing sys-whonix? I don’t know much English, so I couldn’t find it myself, I read qubes and whonix documentation. (I marked dom0 updates via tor during installation, prescribed “sudo systemctl restart qubes-whonix-torified-updates-proxy-check”, installed everything in Qube Manager except sys-firewall, sys-whonix, sys-net and Tamplate VM on sys-whonix, Qubes global settings - Dom0 UpdateVM - sys-whonix Qubes global settings - ClockV - sys-whonix Qubes global settings - Default netVM - sys-whonix Qubes global settings - Default template - fedora-30 Qubes global settings - Default DisposableVM Template - fedora-30-dvm ) Maybe there are some guides to setting qubes to anonymity so that the browser can’t recognize my time zone (so that it is different on different AppVMs). And how to add a different language to the keyboard, again, so that it would be visible only on the AppVMs I need. img: qubes-os[.]org/attachment/wiki/posts/admin-api.png *I will formulate a more specific question, as in the diagram above, to block all connections to sys-net except sys-whonix-sys-firewall-sys-net.* Its best to ask about Whonix specifics on the whonix.org forums. However, I'm pretty sure that sys-whonix is already configured not to allow any non-Tor traffic; That is the point of having a Tor VM in the first place, to enforce network containment as strongly as possible. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- This mail was sent by Confidesk AG`s secure mail service. Check it on http://www.confidesk.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E1jNMmx-0004UZ-5W%40chwww1.confidesk.com.
Re: [qubes-users] How to get application icons in KDE panel?
On Sat, Apr 11, 2020 at 03:27:31PM -0500, Sven Semmler wrote: > This happens actually in both XFCE and KDE ... when I run applications > in various qubes their icon shows up as a lock in the panel. Some like > KDE Konsole show up correctly. Also: when I launch a new application the icon briefly shows correctly shaded in the color of the qube and then becomes a lock. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411202910.GB1514%40app-email-private. signature.asc Description: PGP signature
[qubes-users] How to get application icons in KDE panel?
This happens actually in both XFCE and KDE ... when I run applications in various qubes their icon shows up as a lock in the panel. Some like KDE Konsole show up correctly. I also think I have seen many screenshots and posts where the application icons show up correctly. Any pointer would be appriciated. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411202731.GA1514%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] Build USB install with kernel 5+
> Den 28. mar. 2020 kl. 19.38 skrev Ilpo Järvinen > : > > On Sat, 28 Mar 2020, max via qubes-users wrote: > >> Hi everyone, >> >> Any help appreciated. >> >> I managed to install a Qubes 4.0.3 on an Intel NUC10FNK. No VM's can start >> due to an error like: Internal error: Unable to reset PCI device >> :00:1f:6:no FLR, PM rset or bus reset available. > > Test setting permissive mode for that PCI device. Hi Ilpo, I tried your recommendation, and now it starts the vm, but it still has no network, since the driver propably only resides in newer kernels which dom0 does not have. (it says sys-net has no network cards) I can actually put in an older wireless usb in the machine, and it sees it with lsusb in dom0, but I Dont know how To enable it in vm I tried readlink /sys/bus/usb/devices/usb1 It gave :00:14.0/usb1 Tried qvm-pci It showed usb controller on that? When runming qvm-pci a sys-net-clone-1 dom0:00_14.0 it failed with got empty response from qubesd and hung Any ideas, maybe on getting kernel 5 on qubes? Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/C6333494-4A9C-4197-A70D-093A0ECAA72A%40militant.dk.
Re: [qubes-users] KDE Plasma in dom0 under R4.0.3
On Sat, Apr 11, 2020 at 02:48:17PM -0400, Chris Laprise wrote: > I've never had a problem with KDE in dom0 as long as the display manager is > switched to sddm and BIOS is set to integrated graphics. "Discrete graphics" > usually means Nvidia, which is poorly supported in open source operating > systems. Funny enough, motivated by your comment I went and switched back to "hybrid" (aka integrated) graphics ... and all my issues came back! So while I am sure your statement is correct in general, on my particular setup switching to the discrete graphics makes everything work. Every rule has an exception I guess. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411191011.GA1304%40app-email-private. signature.asc Description: PGP signature
[qubes-users] Re: KDE Plasma in dom0 under R4.0.3
On Sat, Apr 11, 2020 at 12:12:30PM -0500, Sven Semmler wrote: > Now running qubes-dom0-update @kde-desktop-qubes again. Will report back > shortly if that changes anything. I apologize for the noise. I must have messed my previous dom0 up before installing KDE. I had to fight all kinds of dependency issues. On a fresh R4.0.3 install everything works out of the box. The notification icons look a bit goofy on HiDPI but the rest of KDE is very nice. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411185152.GA1320%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] KDE Plasma in dom0 under R4.0.3
On 4/11/20 1:12 PM, Sven Semmler wrote: On Sat, Apr 11, 2020 at 03:01:39PM +0100, unman wrote: If you want to open a separate topic, perhaps we could troubleshoot your problems? By all means. I have a fresh install of dom0 (all qubes restored from backup) and have switched the graphics in the BIOS from 'hybrid' to discrete on my Thinkpad P51. Now running qubes-dom0-update @kde-desktop-qubes again. Will report back shortly if that changes anything. I've never had a problem with KDE in dom0 as long as the display manager is switched to sddm and BIOS is set to integrated graphics. "Discrete graphics" usually means Nvidia, which is poorly supported in open source operating systems. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/36ac57e4-d92b-590d-ffcb-c27f0a80543d%40posteo.net.
Re: [qubes-users] How to block all non tor traffic
On 4/11/20 8:32 AM, hsfcyxr hsfcyxr wrote: There’s a second computer to access the Clinet. How do I completely block traffic bypassing sys-whonix? I don’t know much English, so I couldn’t find it myself, I read qubes and whonix documentation. (I marked dom0 updates via tor during installation, prescribed “sudo systemctl restart qubes-whonix-torified-updates-proxy-check”, installed everything in Qube Manager except sys-firewall, sys-whonix, sys-net and Tamplate VM on sys-whonix, Qubes global settings -> Dom0 UpdateVM -> sys-whonix Qubes global settings -> ClockV -> sys-whonix Qubes global settings -> Default netVM -> sys-whonix Qubes global settings -> Default template -> fedora-30 Qubes global settings -> Default DisposableVM Template -> fedora-30-dvm ) Maybe there are some guides to setting qubes to anonymity so that the browser can’t recognize my time zone (so that it is different on different AppVMs). And how to add a different language to the keyboard, again, so that it would be visible only on the AppVMs I need. img: qubes-os[.]org/attachment/wiki/posts/admin-api.png *I will formulate a more specific question, as in the diagram above, to block all connections to sys-net except sys-whonix->sys-firewall->sys-net.* Its best to ask about Whonix specifics on the whonix.org forums. However, I'm pretty sure that sys-whonix is already configured not to allow any non-Tor traffic; That is the point of having a Tor VM in the first place, to enforce network containment as strongly as possible. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fe6dae00-ff23-a600-539d-38e6cdc92793%40posteo.net.
[qubes-users] KDE Plasma in dom0 under R4.0.3
On Sat, Apr 11, 2020 at 03:01:39PM +0100, unman wrote: > If you want to open a separate topic, perhaps we could troubleshoot your > problems? By all means. I have a fresh install of dom0 (all qubes restored from backup) and have switched the graphics in the BIOS from 'hybrid' to discrete on my Thinkpad P51. Now running qubes-dom0-update @kde-desktop-qubes again. Will report back shortly if that changes anything. /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411171230.GB1349%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] Re: "Qubes Architecture Next Steps: The GUI Domain" by Marek Marczykowski-Górecki & Marta Marczykowska-Górecka
On Sat, Apr 11, 2020 at 12:03:42AM -0700, Foppe de Haan wrote: > I'm running Qubes 4.1. My experience with the KDE version (and display > stack) included with Qubes 4.0 /fedora 25 wasn't that great either. :) I see. Thanks! /Sven -- public key: https://www.svensemmler.org/0x8F541FB6.asc fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411170904.GA1349%40app-email-private. signature.asc Description: PGP signature
Re: [qubes-users] Re: "Qubes Architecture Next Steps: The GUI Domain" by Marek Marczykowski-G??recki & Marta Marczykowska-G??recka
On Saturday, April 11, 2020 at 2:01:46 PM UTC, unman wrote: > > On Sat, Apr 11, 2020 at 12:03:42AM -0700, Foppe de Haan wrote: > > > > > > On Saturday, April 11, 2020 at 2:01:05 AM UTC, Sven Semmler wrote: > > > > > > On Fri, Apr 10, 2020 at 02:54:01AM -0700, Foppe de Haan wrote: > > > > I may prefer my meagerly hardware accelerated KDE 5.17/18 in dom0 > until > > > > it's clear under which circumstances GPU virtualization works > properly. > > > > > > Forgive me from taking this off-topic from the original thread. I have > > > tried and failed to make KDE work in dom0. > > > > > > sudo qubes-dom0-update @kde-desktop-qubes > > > > > > While I can login to KDE, there are clearly issues. The Launcher > freezes > > > frequently and search doesn't work. There are weired delays all over > the > > > place (GUI reacts much later or not at all). > > > > > > I have no such issues with XFCE or i3. Have you done anything beyond > the > > > above command to get KDE running well on your machine? > > > > > > /Sven > > > > > > > > I'm running Qubes 4.1. My experience with the KDE version (and display > > stack) included with Qubes 4.0 /fedora 25 wasn't that great either. :) > > > > Interesting. My experience is the opposite. I run KDE in 4.0, and find > it greatly enhances the Qubes experience. > Menus are easily customisable, it's simple to force separation of qubes > in different domains on to separate Activities, ease of creating custom > launcher shortcuts, etc etc. Far better than Xfce for Qubes, and in my > experience it just works. And this is on x220 and x230 machines of > relatively low spec. > If you want to open a separate topic, perhaps we could troubleshoot your > problems? > > is this in response to sven? I quite like KDE 5.17 in Q4.1, for the reasons you mention. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/887e8f5b-6ef6-4572-b9e5-239a334d848f%40googlegroups.com.
Re: [qubes-users] How to block all non tor traffic
On Sat, Apr 11, 2020 at 12:32:34PM +, hsfcyxr hsfcyxr wrote: > There???s a second computer to access the Clinet. > How do I completely block traffic bypassing sys-whonix? I don???t know > much English, so I couldn???t find it myself, I read qubes and whonix > documentation. > (I marked dom0 updates via tor during installation, prescribed ???sudo > systemctl restart qubes-whonix-torified-updates-proxy-check???, installed > everything in Qube Manager except sys-firewall, sys-whonix, sys-net and > Tamplate VM on sys-whonix, > Qubes global settings - Dom0 UpdateVM - sys-whonix > Qubes global settings - ClockV - sys-whonix > Qubes global settings - Default netVM - sys-whonix > Qubes global settings - Default template - fedora-30 > Qubes global settings - Default DisposableVM Template - > fedora-30-dvm > ) > Maybe there are some guides to setting qubes to anonymity so that the > browser can???t recognize my time zone (so that it is different on different > AppVMs). And how to add a different language to the keyboard, again, so > that it would be visible only on the AppVMs I need. img: > qubes-os[.]org/attachment/wiki/posts/admin-api.png > I will formulate a more specific question, as in the diagram above, to block > all connections to sys-net except sys-whonix-sys-firewall-sys-net. > I cant help with Whonix issues, but you should block outgoing traffic originating from sys-net and sys-firewall. Restrict traffic which is forwarded through sys-firewall to anything originating from the vif and MAC of sys-whonix. Then you're trusting Whonix to deliver what it promises. Strange that you are using standard templates for default and DisposableVM, when you are concerned with anonymity. Have you customised that fedora-30 template? If not, you may be shooting yourself in the foot. Personally I don't use clock updates at all, and set time to UTC across the board. You can install language options in the templates and trigger changes on an individual qube, which allows you to access different layout per qube. If I understand your post, that's what you want? Check the "keyboard " option in Qube Manager. unman -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411142656.GB27666%40thirdeyesecurity.org.
Re: [qubes-users] Re: "Qubes Architecture Next Steps: The GUI Domain" by Marek Marczykowski-G??recki & Marta Marczykowska-G??recka
On Sat, Apr 11, 2020 at 12:03:42AM -0700, Foppe de Haan wrote: > > > On Saturday, April 11, 2020 at 2:01:05 AM UTC, Sven Semmler wrote: > > > > On Fri, Apr 10, 2020 at 02:54:01AM -0700, Foppe de Haan wrote: > > > I may prefer my meagerly hardware accelerated KDE 5.17/18 in dom0 until > > > it's clear under which circumstances GPU virtualization works properly. > > > > Forgive me from taking this off-topic from the original thread. I have > > tried and failed to make KDE work in dom0. > > > > sudo qubes-dom0-update @kde-desktop-qubes > > > > While I can login to KDE, there are clearly issues. The Launcher freezes > > frequently and search doesn't work. There are weired delays all over the > > place (GUI reacts much later or not at all). > > > > I have no such issues with XFCE or i3. Have you done anything beyond the > > above command to get KDE running well on your machine? > > > > /Sven > > > > > I'm running Qubes 4.1. My experience with the KDE version (and display > stack) included with Qubes 4.0 /fedora 25 wasn't that great either. :) > Interesting. My experience is the opposite. I run KDE in 4.0, and find it greatly enhances the Qubes experience. Menus are easily customisable, it's simple to force separation of qubes in different domains on to separate Activities, ease of creating custom launcher shortcuts, etc etc. Far better than Xfce for Qubes, and in my experience it just works. And this is on x220 and x230 machines of relatively low spec. If you want to open a separate topic, perhaps we could troubleshoot your problems? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200411140139.GA27666%40thirdeyesecurity.org.
[qubes-users] How to block all non tor traffic
There’s a second computer to access the Clinet. How do I completely block traffic bypassing sys-whonix? I don’t know much English, so I couldn’t find it myself, I read qubes and whonix documentation. (I marked dom0 updates via tor during installation, prescribed “sudo systemctl restart qubes-whonix-torified-updates-proxy-check”, installed everything in Qube Manager except sys-firewall, sys-whonix, sys-net and Tamplate VM on sys-whonix, Qubes global settings - Dom0 UpdateVM - sys-whonix Qubes global settings - ClockV - sys-whonix Qubes global settings - Default netVM - sys-whonix Qubes global settings - Default template - fedora-30 Qubes global settings - Default DisposableVM Template - fedora-30-dvm ) Maybe there are some guides to setting qubes to anonymity so that the browser can’t recognize my time zone (so that it is different on different AppVMs). And how to add a different language to the keyboard, again, so that it would be visible only on the AppVMs I need. img: qubes-os[.]org/attachment/wiki/posts/admin-api.png I will formulate a more specific question, as in the diagram above, to block all connections to sys-net except sys-whonix-sys-firewall-sys-net. -- This mail was sent by Confidesk AG`s secure mail service. Check it on http://www.confidesk.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E1jNFJK-0001An-E3%40chwww1.confidesk.com.
Re: [qubes-users] Re: "Qubes Architecture Next Steps: The GUI Domain" by Marek Marczykowski-Górecki & Marta Marczykowska-Górecka
On Saturday, April 11, 2020 at 2:01:05 AM UTC, Sven Semmler wrote: > > On Fri, Apr 10, 2020 at 02:54:01AM -0700, Foppe de Haan wrote: > > I may prefer my meagerly hardware accelerated KDE 5.17/18 in dom0 until > > it's clear under which circumstances GPU virtualization works properly. > > Forgive me from taking this off-topic from the original thread. I have > tried and failed to make KDE work in dom0. > > sudo qubes-dom0-update @kde-desktop-qubes > > While I can login to KDE, there are clearly issues. The Launcher freezes > frequently and search doesn't work. There are weired delays all over the > place (GUI reacts much later or not at all). > > I have no such issues with XFCE or i3. Have you done anything beyond the > above command to get KDE running well on your machine? > > /Sven > > I'm running Qubes 4.1. My experience with the KDE version (and display stack) included with Qubes 4.0 /fedora 25 wasn't that great either. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b394875d-eee8-4e7f-ad94-6908765dc0ba%40googlegroups.com.
