[qubes-users] Grub with encrypted boot
Hello all, I am wondering if anyone knows how I might install grub for use with an encrypted boot partition, or no boot partition at all. I have recently decided to use btrfs, and I have grub working fine. The grub2-efi config from the qubes-dom0-unstable repo is working fine, but it's very complex. Reading about grub on the arch-wiki, it says you can enable this feature in grub just by adding ENABLE_CRYPTODISK=y in /etc/default/grub then running grub2-install. I need to know if that will actually work with Qubes, and how to generate a proper grub.cfg for use with the feature. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8nKpro73CUMwiWxvDa8MG66duIRyyFEAmKHsaXIN8GIy-QCbgbQ5CuOk_ztuDxLmelZFdWo80L0JGXmkkpfKuKNThV3IsZC0fULQpP0sK2g%3D%40protonmail.com.
[qubes-users] Salt worm
Qubes uses Salt, and there's something nasty going around: https://saltexploit.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200506055615.GA1083%40danwin1210.me.
Re: [qubes-users] Kernel development on a qube
Is it documented anywhere? That works well for the Linux kernel I assume. Is there a way to run qemu at all? ‐‐‐ Original Message ‐‐‐ On Tuesday, May 5, 2020 6:16 PM, Ilpo Järvinen wrote: > On Tue, 5 May 2020, 'kvb4eu' via qubes-users wrote: > > > Hi everybody. I am becoming interested in Linux kernel development. > > I have read tutorials on using qemu. On a Fedora qube I could not install > > qemu due to broken packages during the installation; the template was > > vanilla. > > Is it possible and how to install qemu or do kernel development using > > QubesOS? > > You can create a new template for kernel testing and install the test > kernels there. Then set the kernel of the appvm used for the tests to > pvgrub2-pvh (you need to install grub2-xen-pvh package into dom0 to do be > able to do that). > > -- > > i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/tO3FJz_tixBc8Bq8vqEMDYLBB3gy9_aexH-3wqjMlf3Clb1UJfRLGeYRmmHcVfJEBQhT6KWv_CyoRuDsKCq7Vh5Hms9AhK0qQ9dEk61B3cA%3D%40protonmail.com.
Re: [qubes-users] Kernel development on a qube
On Tue, 5 May 2020, 'kvb4eu' via qubes-users wrote: > Hi everybody. I am becoming interested in Linux kernel development. > I have read tutorials on using qemu. On a Fedora qube I could not install > qemu due to broken packages during the installation; the template was > vanilla. > Is it possible and how to install qemu or do kernel development using > QubesOS? You can create a new template for kernel testing and install the test kernels there. Then set the kernel of the appvm used for the tests to pvgrub2-pvh (you need to install grub2-xen-pvh package into dom0 to do be able to do that). -- i. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/alpine.DEB.2.20.2005060111330.23426%40whs-18.cs.helsinki.fi.
[qubes-users] Kernel development on a qube
Hi everybody. I am becoming interested in Linux kernel development. I have read tutorials on using qemu. On a Fedora qube I could not install qemu due to broken packages during the installation; the template was vanilla. Is it possible and how to install qemu or do kernel development using QubesOS? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/OKuU9AWVrUDbHxNIZkStz0i92Io_JCCrRYoJBgXSZb0kBPOBDsbNpRnMcXXd8E5_QjbzZG07qfXAz8cbFho3v_dBAYwKO03CqqrOAe17kZ4%3D%40protonmail.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
> I think it's important to think about these things in the context of 'threat > models'. In my non-business related activities, I often just don't care > >whether people are spying on me, and also whether they steal intellectual > property from me. Sometimes, such illicit activities may even work to >my > favour (in a round-about way). Matching security to such a threat model, can > mean that you only need very low security. On the other hand, >for my > business activities, especially in respect of legal requirements, security is > very important, both for my business, and my clients. IMHO, there are not two, but three things: security, privacy and comfort/convenience. Security is a highly ambiguous term.It can take very different meanings.Privacy and convenience, however, are much less ambiguous. In usage, the words security and privacy are often assumed to be synonymous. This is wrong by a wide margin. They are, in fact, quite often in direct opposition to each other, depending on what kind of security you are talking about. Privacy often becomes the victim of security and it is very easy to justify that when it happens. Technology affects all three, but perhaps it affects convenience the most, as in surveillance capitalism. For security and privacy, technologies has a very mixed bag of effects to offer, which are not like each other at all. It may be obvious, but the answers to the questions about these three lie only partially in technology. Regardless of technology, the critical parts of the answers lie outside the domain of technology. On forums like this, we tend to ignore them, because there is little we can do about them. Here, at least. Ultimately, the answers are going to depend on such external factors - Law - Enforcement of law - Censorship - Cultural ideas - Ethical standards - Regulations - Ideas about individuality and solidarity or about freedom and rights/duties - Political inclinations of the powerful people as well as of the general population, whether we are living in a state of exception - Human expectations and aspirations etc. - Acceptable compromises to the powerful and the majority (fortunately or unfortunately) One more thing. Businesses and governments will usually find the solutions they want because they can afford them, whether they are right or wrong. It is individuals who need solutions from places likes this forum and from developers of open software/hardware. But then, as things stand, the sustainability of solutions depends on use by businesses and governments, who will then like to get their wishes enforced on the technological implementation. Or even inhibit certain kinds of innovations or repurpose them. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_5Z8RviHf-4jFMCwV9cXeV%2BM7ipr%2B8CWU-xZysgX-uiA%40mail.gmail.com.
Re: [qubes-users] Re: Password not working a day after reinstall
> did you try asking the internet about this problem? > like, reading the first google hit for > "dell xps 9370 keyboard problems"? 25 years ago the first thing I would have done would have been to look for answers in books, computer magazines etc. 10 years ago, I would have googled it. Even 2 years ago I would have googled it. For the last two years, there have been such an avalanche of problems that I have to think of other possibilities beyond those discussed on the thread. See, the keyboard has been working perfectly for months. It was working perfectly yesterday and again whole day after reinstall. Problems pop up suddenly and then they often go away for no reason, even without changing BIOS etc. If it was about just one device, I would still google it. As a matter of fact (don't put that in quotes in the reply) I still do daily for various problems. That's how I installed Mullvad, the first time I have installed it. For the last two years (or somewhat more), the same kind of problems appear on all devices that I use: feature phone, Android smartphone, iPhone, iPad, Macbook, Windows laptop, Linux laptop, Qubes OS laptop. Different hardwares, different OS's. > seems like that hardware just might be subfunctional by design > in general, no "compromise" required. > > so for the keyboard to work, unplug _all_ cables (data, dock, power) > _and_ pick a bios version that matches your current astrological > alignment. if you are lucky, then it might work. > changes in room temperature might require a different bios version. > It is (in)glorious. Perhaps the message is just "Remove" (hardware?), as you suggested. It's a pretty bleak scenario, if you look at it in general, not as a developer or niche user. Room temperature is a whole different story by itself. There are many stories linked to it. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu8jaW9GApxHqrE7Q%2BS0Ei%2B_Ba_O55G9wQWy1%2BTQ5Dn4oA%40mail.gmail.com.
Re: [qubes-users] Password not working a day after reinstall
> that is not a "of course" qubes thing but your choice / configuration. > you can use a USB keyboard with qubes if you want to, including > for entering luks passphrase. Since I am not yet into the internals of Qubes OS or much customization, I use basically the default setting, where USB keyboard, as far as I know, does not work without doing some extra work. Since this problem is recurring, I will have to do that perhaps. > if you assume a hardware/firmware level compromise, there is no > real way to reuse any of the hardware in a safe way. > == you have to replace _all_ hardware involved. That was the advice given last time and it is correct, but hardware costs money and this one was particularly costly with upgrades. I know I should get rid of it, but there are practical constraints. > you can set multiple passphrases and perhaps add a keyfile or two. > make a backup of your LUKS header and store it separate from the system. > if the system doesnt accept the passphrase again, check if the > luks header got changed. This I must do. Thanks for pointing this out. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu9be4BFK0JHxm2g--uH54_7Xgq_vT-1NJeZ5F%2BZ1zEBHw%40mail.gmail.com.
Re: [qubes-users] Removing Template VMs?
Thanks for your feedback. Am Montag, 4. Mai 2020 22:25:13 UTC+2 schrieb dhorf-hfr...@hashmail.org: > > On Mon, May 04, 2020 at 12:28:27PM -0700, viktor@gmail.com > wrote: > > If I'd like to remove any old & **unused** Template VMs (e.g. Debian 9, > > Fedora 29, etc.) all I have to do is to start the Qubes Manager, select > the > > template I'd like to remove - and - select 'Delete qube' ... > > this should not work for templates that were installed by rpm. > you will have to use "rpm -e qubes-template-fedora-23" (or similar). I'm a new user of Qubes OS. - I started to use it only with R4.0. *Does any of the above concern me?* this will also require you clean up anything depending on these > templates first, like switching all VMs using them to something else, > removing related dvm templates ... > I'm aware/ took care of that/ already. - This is why I referred to 'remove old & unused *** Template VMs'. i recommend to keep your one-generation-outdated mainline-template > around (even if it is EOL) if you can spare the diskspace. > if you manage to wreck your new mainline template some way, it is > easier to recover from that with an outdated than with no template. > This advice of yours I don't fully understand - but - I'll defer it to another message. With kind regards, VR -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f75ad8e-df0e-4432-aabb-d25cfd470ad8%40googlegroups.com.
Re: [qubes-users] Re: Password not working a day after reinstall
On Tue, May 05, 2020 at 11:36:27PM +0530, Anil wrote: > By the way, as I write this mail, the keyboarding is again acting up: > sometimes eating up space, sometimes emitting two for one key press. > It was working well the whole day. did you try asking the internet about this problem? like, reading the first google hit for "dell xps 9370 keyboard problems"? https://www.dell.com/community/XPS/XPS-13-9370-Keyboard-skips-button-presses/td-p/5835431 seems like that hardware just might be subfunctional by design in general, no "compromise" required. so for the keyboard to work, unplug _all_ cables (data, dock, power) _and_ pick a bios version that matches your current astrological alignment. if you are lucky, then it might work. changes in room temperature might require a different bios version. (that thread is pretty glorious...) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200505183129.GJ987%40priv-mua.
Re: [qubes-users] Password not working a day after reinstall
On Tue, May 05, 2020 at 11:25:53PM +0530, Anil wrote: > I tried to use a USB keyboard, but of course that won't work in Qubes. that is not a "of course" qubes thing but your choice / configuration. you can use a USB keyboard with qubes if you want to, including for entering luks passphrase. > I know this is not directly a Qubes OS related question, but could it > be due to an IME exploit or something like that? There is no question if you assume a hardware/firmware level compromise, there is no real way to reuse any of the hardware in a safe way. == you have to replace _all_ hardware involved. > This kind of thing has happened before. Once the boot password was not > working, even though that too was written down. I had to call Dell you can set multiple passphrases and perhaps add a keyfile or two. make a backup of your LUKS header and store it separate from the system. if the system doesnt accept the passphrase again, check if the luks header got changed. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200505181509.GI987%40priv-mua.
[qubes-users] Re: Password not working a day after reinstall
Also, I have been trying to update the templates, but except for one, updates are failing with long messages about "Error downloading packages" and "tried all mirrors". Most probably a network problem, but could there be any other reason that I could check, keeping in mind the extra VPN layer. By the way, as I write this mail, the keyboarding is again acting up: sometimes eating up space, sometimes emitting two for one key press. It was working well the whole day. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_e91QkKp2zf0TjSm8dCQxuLYc4oG89KcBD86YO%2B7ye_g%40mail.gmail.com.
[qubes-users] Password not working a day after reinstall
I have Qubes OS on Dell XPS 9370. It seemed to have been compromised, so I reinstalled it yesterday, after updating the BIOS (though not updated IME). Everything went smoothly and I had setup it up and even copied back the data. A new password was set. I changed the BIOS admin and system passwords too. I wrote down the passwords and since it was only yesterday, I remember them alright. One extra thing I did was to setup Mullvad VPN (following the Micah Lee instructions) and made it the network provider for sys-whonix. Today morning when I started the laptop, the disk password was not working. I tried several times, carefully. It didn't work. I tried to use a USB keyboard, but of course that won't work in Qubes. Then I booted from a live pen drive. The keyboard was behaving oddly. Wrong letter were appearing apparently arbitrarily, though not always. Then I used the USB keyboard with the live linux and tried to mount the LVM volume. This keyboard is perfectly new and works perfectly. Still the password was not working, even after typing carefully, letter by letter, several times. I have repeated the installation process today and setup the laptop again, including the VPN. I am writing the mail from it. The last time I had setup a VPN (NordVPN), there was a hell of a trouble on all devices. Some people consider using VPN very suspicious here. I know this is not directly a Qubes OS related question, but could it be due to an IME exploit or something like that? There is no question of forgetting the password. It was a memorable story telling password, and in any case I had it written down, as I do sometimes forget passwords. The thing is, every night these days, I keep the laptop in the best Faraday bag available and the bag I keep inside a locked cupboard, with key in my pocket (and I live alone), so it seems unlikely to have happened during the night. Perhaps after I brought it out from the bag today morning? This kind of thing has happened before. Once the boot password was not working, even though that too was written down. I had to call Dell customer care and they gave me a code which cleared the boot password. The last time there was major problem, which I had mentioned on this list, I had again called Dell and they have asked for remote access from Windows, which I had given. But there is no Windows or any other OS on the system now. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu-cB%3Df%3Dg8bNkaN1b8zx-U%3DupS98uaSg7z-%3DczVsSVrg1g%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
I did contact them, but they have their own arguments and according to them the FSF-RYF certification is more than sufficient. They say as it is compatible with coreboot version 4.11 and Qubes OS works as expected, there is nothing more to be done in that direction. I don't have a technical answer to that. Regards, अनिल एकलव्य (Anil Eklavya) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAPfsu_GWgfiF37zT8GmO616Q6N57SPfmweLN%2BNqRZWBRH2W%2BQ%40mail.gmail.com.
Re: [qubes-users] Qubes Certified Desktop
On Friday, May 1, 2020 at 4:41:16 AM UTC-4, Anil wrote: > > > Nope I can't. You would have to search around for parts following this > doc, do some soldering to adapt spi chip, buy it, reprogram it with > firmware built from source, buy compatible RAM and fastest CPU, case, power > supply and ssd. Information is scattered around. When I said adventurous, I > meant adventurous. > > OK. That means I will have to first spend some time learning more > about this. I can do the soldering, if I know exactly (or find out) > what has to be soldered to what. > > https://github.com/osresearch/heads/issues/712 > > > > > Port and upstreamed doc > > https://www.raptorengineering.com/coreboot/kgpe-d16-status.php > > > > https://libreboot.org/docs/hardware/kgpe-d16.html > > > > Build instructions are valid: > > http://osresearch.net/Building > > > > Status report on heads. No TPM support as of now. But rom can be > remotely attested by libremkey if really really adventurous without a TPM. > Less secure since no internal root of trust. TPM is desired. > > https://github.com/osresearch/heads/issues/134 > > This will certainly help. Thanks. > > > > > It needs adventurous developers or funding to get mainstreamed. Since > the board got dropped by coreboot, I lost a bit of interest pushing for > that last blob free platform in this lonely path. There is developers ready > to do the needed work to bring it back. But funders refused the grant > application. Skilled developers are willing to do required work to bring it > back but I hesitate to completely self fund the whole project right now > since priorities changed, but would be willing for joint partnership. > > > > Anyone interested in bringing back that beast to life contact me at > insurgo at riseup dot net. This is last RYF x86 platform ever for sure. > > I strongly hope some people do that. People working on > laptops/desktops and phones, but not seemingly on servers. It may not > be for a data centre, but at least some personal website. > > > >Or even just as a desktop, will the setup be nearly as secure as > > >PrivacyBeast? > > > > TPM support lacking under coreboot 4.8.1, present under 4.11. Would love > to see that beast fully supported and would even sell it myself under > insurgo umbrella. But I wont do it all alone this time. Partners welcome. > > If I am able to get the hardware and set it up, I can do some routine > part of the work that is not too technical in the sense of knowing the > internal details of TPM or OS kernel etc., with some help, if that can > reduce the effort required. > > > Have funds? > > Not really. At most I can buy one. > > Regards, > > अनिल एकलव्य > (Anil Eklavya) > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b120d949-a977-4082-8d94-927c6cf7974a%40googlegroups.com.
Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube
*Quoted quoted reply: Ulrich Windl (on Mon, May 04, 2020 at 09:50:31PM +0200)Quoted reply: Sven Semmler (on May 04 06:37PM -0500)* ... > I severely doubt you can convince the typical Windows user to use QubesOS > for daily work. "Security" is not a product you can buy, and "security" is > the "is the opposite of "comfort". > Security and comfort are more like two opposing poles of a continuum. Personally I do think Qubes does a rather excellent job of > demonstrating "reasonable security". ... The terms 'security' and 'comfort' (IMHO) are not so closely related as you both imply. You can have high security whilst at the same time maintaining comfort, especially when security runs in the background without the user having much involvement. It should be noted that even Windows (supposedly designed for 'stupid people') does have a certain level of security. Whilst QubesOS may never be widely adopted, the research artefacts produced in the development of QubesOS may end-up being incorporated in other popular operating systems (including Windows). From this perspective, QubesOS may be a very worthwhile endeavour. > > People want comfort not security. Why else would they use Alexa or > Google assistant or Siri, dubious password managers, etc.? > ... People also want security. In fact, they want security in respect of real security needs. It just depends on how much security is acceptable. I think it's important to think about these things in the context of 'threat models'. In my non-business related activities, I often just don't care whether people are spying on me, and also whether they steal intellectual property from me. Sometimes, such illicit activities may even work to my favour (in a round-about way). Matching security to such a threat model, can mean that you only need very low security. On the other hand, for my business activities, especially in respect of legal requirements, security is very important, both for my business, and my clients. > ... Qubes for private use without the user recognizing the need is unrealistic. ... > > Qubes for private use without the user recognising the need may still be realistic. Users are often completely oblivious to the functionality of OEM software. Manufacturers may choose to pre-install QubesOS regardless of whether users recognise the need for security. Kind regards, Mark Fernandes -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9948f2e-9b65-424e-9209-868d541ebd83%40googlegroups.com.
Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN
Chris Laprise: > On 5/2/20 6:54 AM, unman wrote: >> On Sat, May 02, 2020 at 08:22:57AM +, taran1s wrote: >>> >>> >>> unman: On Fri, May 01, 2020 at 11:54:27AM +, taran1s wrote: > > > taran1s: >> >> > Chris, I tried now to connect to the kraken.com, which seems to be tor > unfriendly through me->tor->VPN->kraken.com but it returns error on > the > site "Disabled". > > I learned now that despite I use the above connection model, using VPN > as an exit, I still exit from the tor exit not and not from the VPN. I > am not sure what broke. > If I understand your model: me->tor->VPN->kraken.com you are running Tor *through* your VPN - this means that your service provider sees your connection to the VPN, and your VPN provider sees your connection to the first Tor hop. Naturally, when you exit the VPN and set up the TOR circuit, it's a Tor exit node that connects to kraken. The VPN is NOT an exit in this model. Nothing has broken. >>> >>> I am actually using mullvad VPN. The idea is to have the possibility to >>> access websites or services (like kraken.com) that are not tor-friendly. >>> I would like to connect first to Tor through sys-whonix than connect to >>> the VPN through VPN AppVM and from that VPN to connect to the clearnet. >>> >>> I set the AppVMs networking following way: anon-whonix networking set >>> to -> sys-whonix networking set to -> VPN-AppVM proxy that connects to >>> the clearnet. Is that right for my model? >>> >> No. >> Think about it. >> anon-whonix creates a request. >> sys-whonix takes that request, and builds a circuit. >> VPN-AppVM sees the traffic to the first hop, and sends it down the VPN. >> The VPN provider gets the Tor traffic, and sends it on to the first >> hop. >> Then it goes via Tor to the exit node and then to the target. >> Your ISP sees traffic to the VPN; the VPN provider sees traffic from you >> going to Tor; the target sees traffic coming from Tor network. >> >> *Always* use check.torproject.org to confirm your exit IP in this sort of >> case (always) so that actual matches expectations. >> >> What you have built (in packet terms) is: >> me - Tor - VPN - target. >> >> What you seem to want is: >> me - VPN - Tor - target >> >> To do that you need to build the VPN traffic and send it down a Tor >> circuit. >> Your Qubes network configuration should be: >> client - VPN qube - Tor qube - sys-firewall - sys-net > > A good rule of thumb is that whichever proxyVM is directly attached to > your appVM will be the type of network that the remote service sees. > >> >> I have no idea if Whonix will let you do this. > > This should work for most VPNs, as Patrick and I and others have tested > it (though I haven't tested Whonix specifically with Mullvad). The only > constraint is that the VPN use TCP instead of UDP. > Thank you for the hint with ProxyVM logic. I tried both configurations from Mullvad with UDP and TCP 443, but didn't get it work. The VPN-ProxyVM cycles at ready to start link but never goes to the Link Up. Mullvad's options are Default (UDP), UDP 53, TCP 80 and TCP 443. Chris, if you have any chance to try the setup, would be very much appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5d657f35-0639-6467-851b-7cedb6f9f9ef%40mailbox.org. 0xA664B90BD3BE59B3.asc Description: application/pgp-keys
Re: [qubes-users] Qubes with limited user authority
On 27/04/2020 20.50, mark.russ...@net-c.com wrote: > I'm trying to get my head around possible use of Qubes in small/medium > enterprise environments, where the system is maintained by an admin > and the user freedom is limited by the company policies. I understand > that the current Qubes design does not account for any threat coming > for dom0's user, By design, a user already has root in the machine where Qubes is installed. If you want to grant users, say, locked remote access to certain AppVMs, you will have to do so remotely by installing something like Qubes network server, and making some of those AppVMs available through encrypted VNC. Then, by default, they will not be able to copy things between qubes on the same machine. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e9bc173-37c6-8f91-eb6d-7f38479985d0%40rudd-o.com.
Re: [qubes-users] external CD writer
On 02/05/2020 01.23, Olaf Klinke wrote: > (Apologies for pestering this list with another newbie question.) > > So I have this external DVD-RW drive (Asus SDRW-08U7M-U to be > specific). On my Debian stretch laptop, plugging in the USB drive > creates /dev/sr0 as well as several symlinks to it, e.g. /dev/cdrw, > /dev/dvd etc. > > Plugging the drive into my Qubes desktop, I get notified of the > availability of this drive and can attach /dev/sr0 to a Debian buster > AppVM qube as /dev/xvdi. I can mount /dev/xvdi and read data from a CD > allright. > > However, in contrast to my Debian laptop, brasero does not recognize > the drive as a writer, not even when I create the same /dev/cdrw > symlink. In addition to that, both commands > dvd+rw-mediainfo /dev/xvdi > cd-info -C /dev/xvdi > exit with an error (details below). Thus it seems that some crucial bit > did not get forwarded to/is not installed in the AppVM. Probably I'm > just lacking the knowledge how different writing to a CD is from > reading from CD, on the hardware level. Is there more to burning a CD > than a single block special device? > > Any hints welcome. > Olaf You must attach your drive via USB to the target VM, rather than as a block device. When attached as a block device, the Xen block device driver does /not/ make your drive visible /as a DVD/RW drive/. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2ceff03b-d4b4-2cb8-f305-fbd612fc1d22%40rudd-o.com.
[qubes-users] Re: disp vm template not working in fedora 31
Anyone? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9975c86d-e1ff-438f-a78d-5a550eaa28c2%40googlegroups.com.
Re: [EXT] Re: [qubes-users] Constant firefox crashes because of Qubes shared memory
On Monday, May 4, 2020 at 10:00:02 PM UTC+2, Ulrich Windl wrote: > > >>> Zbigniew Lukasiak > schrieb am > 04.05.2020 um 14:34 in > Nachricht > <25184_1588595663_5EB00BCE_25184_83_1_CAGL_UUtUxkCeqF2xj8Fud5Fwj7dfT5GanOYhxmRx6 > > > sonb...@mail.gmail.com >: > > marmarek advised me on irc to add more shared memory: > > > > mount /dev/shm -o remount,size=10G > > > > and it seems to work. 10G is close to half of that VM's RAM. Qubes was > > assigning only 1G previously. > > Personally I think once your browser uses more than 1GB of memory, it's > time > to restart it or to restrict scripts from collecting so much information > in > RAM. > > > > > Cheers, > > Zbigniew > that sounds nice, but it would mean restarting my browser as soon as I've opened it. :p -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e113615-4f34-403e-a84c-9e504a1df51f%40googlegroups.com.