[qubes-users] Doing all DNS calls using DoH over Tor

2020-08-02 Thread Kushal Das 
Hi,

I wrote a blog post [0] explaining the steps required to move all the DNS calls
to any secure DoH server using Tor (to keep the calls anonymized). Here I am
modifying sys-firewall as the primary netwvm for the other AppVMs.

[0] https://kushaldas.in/posts/use-doh-over-tor-for-your-qubes-system.html

Kushal
-- 
Public Interest Technologist, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbyvn997oDoR%2BYEBoi8Le_qPhtBnjpWYUHs-GJY67GgjcA%40mail.gmail.com.

Re: [qubes-users] Any appetite for tiny tweaks to make initial usability better?

2019-07-24 Thread Kushal Das 
On Tue, Jul 23, 2019 at 3:16 PM Martin Gladdish  wrote:
>
> New Qubes user here, with less than a week's experience.
>
> Having fumbled my way through the initial install I'm now encountering a few 
> tiny niggles that should be simple to fix.
>
> The first one that springs to mind is the default keyboard shortcuts in 
> Terminal for Copy and Paste, which are Ctrl-Shift-C and Ctrl-Shift-V. But 
> these clash with the inter-qube copy and paste shortcuts.
>
> Changing the default modifier in the Terminal app to use Alt instead of Ctrl 
> would seem to make sense? So Alt-Shift-C and Alt-Shift-V.
>
> Smoothing these wrinkles, although each of them is tiny, could make a big 
> difference IMHO.

I personally use Super+C and Super+V

Kushal
-- 
Public Interest Technologist, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbyhPHoLdPxZxPOD4H%3DpHieaQ6H0iErcR-NHU-mS8FAVgw%40mail.gmail.com.

Re: [qubes-users] Using Salt to update TemplateVMs

2019-07-17 Thread Kushal Das 
On Thu, Jul 18, 2019 at 12:44 AM Johannes Graumann
 wrote:
>
> On Wed, 2019-07-17 at 18:56 +0530, Kushal Das wrote:
> > On Tue, Jul 16, 2019 at 11:26 PM  wrote:
> > > On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote:
> > > > I really do recommend using qubesctl for almost all system
> > > > configuration. If only because it makes recovery so much easier.
> > > > I see people saying "keep a list of packages you've installed" -
> > > > if you
> > > > keep state and use salt you can rebuild your system (almost)
> > > > completely
> > > > automatically.
> > >
> > > Do you happen to have some example "personalized" salt scripts you
> > > use (or a pointer to where someone has posted some)?
> > >
> > > I was planning to put together some bash scripts to push
> > > configuration into my templates (90% repo adjustments and specific
> > > packages to download), but your comment above is intriguing.
> > >
> > There is also https://qubes-ansible.readthedocs.io/en/latest/ if you
> > like Ansible.
> What's the relationship/comparison to
> https://github.com/Rudd-O/ansible-qubes?

https://qubes-ansible.readthedocs.io/en/latest/ is a pure Python implementation
and does not use Salt anywhere. Also, the plugin is already merged in upstream
Ansible project.

Kushal
-- 
Public Interest Technologist, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzFbov7Fr3GQ3xW0%3DYx9v7WZuuOE5O-uJhyUNHbnyya2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Using Salt to update TemplateVMs

2019-07-17 Thread Kushal Das 
On Tue, Jul 16, 2019 at 11:26 PM  wrote:
>
> On Tuesday, July 16, 2019 at 10:35:11 AM UTC-4, unman wrote:
> > I really do recommend using qubesctl for almost all system
> > configuration. If only because it makes recovery so much easier.
> > I see people saying "keep a list of packages you've installed" - if you
> > keep state and use salt you can rebuild your system (almost) completely
> > automatically.
>
> Do you happen to have some example "personalized" salt scripts you use (or a 
> pointer to where someone has posted some)?
>
> I was planning to put together some bash scripts to push configuration into 
> my templates (90% repo adjustments and specific packages to download), but 
> your comment above is intriguing.
>
There is also https://qubes-ansible.readthedocs.io/en/latest/ if you
like Ansible.

Kushal
-- 
Public Interest Technologist, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMby2OBN8%2BeqnNXxZkeDug19K%2BH78oL9mN_dvRNhreKCskg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Thoughts on Salt in Qubes in practice?

2018-10-17 Thread Kushal Das 
On Wed, Oct 17, 2018 at 3:28 AM Johannes Graumann
 wrote:
>
>
> Great to see work on this! While I haven't had time (yet) to play
> around with some of the salt introductions given in this thread,
> actually sticking with ansible would be my preferred solution ...
>
> Can you summarize where your approach differs from
> https://github.com/Rudd-O/ansible-qubes ?
>
I am not using Salt anywhere and using the standard qubesadmin
API to create/delete and other instructions on the vm.


> Will it be possible to have an admin domU running ansible, that also
> updates/configures dom0
I personally don't know how to do that from an admin domU, can you please
tell me the steps?

Kushal

Kushal

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbwpFqnnoRAUVMNvoP5Tg_QhQG%3DO-H%2BVwO5%2BQaDzj4GhLA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Thoughts on Salt in Qubes in practice?

2018-10-15 Thread Kushal Das 
On Mon, Jul 2, 2018 at 12:13 PM Marek Marczykowski-Górecki
 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Mon, Jul 02, 2018 at 05:17:31PM +0200, Johannes Graumann wrote:
> > Would there be possibilities to bring a in my experience much more
> > approachable ansible option closer to the core and integrate it into
> > the code base overseen by Invisible Things? Maybe by contracting Rudd-
> > O?
>
> I think yes. But someone would need to implement it. Having Ansible as
> first-class citizen in Qubes requires:
>
> 1. Direct integration with Admin API / qvm-* commands / qubesadmin python
> module, instead of converting ansible -> salt -> qvm-* commands.
> Generally make managing VMs with Ansible independent of Salt. Admin API
> allows to do all that from selected VM, instead of dom0 (as it was
> before Qubes 4.0).
>
> 2. Make VM management more isolated - namely do not parse complex data
> returned from managed VM. Displaying success/fail info and a text
> message should be ok, but an interactive protocol is not.
> Salt (namely: salt-ssh) provides a method to package all the
> required configuration into a single tarball, which then can be send
> and executed - this was AFAIR one of main reasons why we've chosen Salt.
> But later it turned out making that tarball needs some input from "remote"
> system ("grains" - things like what OS is there, various tools versions etc), 
> so
> we've added an intermediate DispVM which gets all salt configuration,
> ask target VMs for "grains", then create a tarball and sends it there.
> Each target VM have own DispVM for that created on demand.
> This way if anything compromise the code parsing "grains" (or any
> related structure), it will not gets an access to neither dom0, nor
> other VMs. See relevant ticket[1] for design discussion about this.
> We need something with similar properties for Ansible. If there is a
> mode with uni-directional communication with target VM, it should be
> enough, otherwise a similar scheme as for Salt needs to be done.
>
> Manuel, would you be interested in working on this?
>
Over the weekend I actually thought over the problem, and wanted to have
something as close as possible to the upstream Ansible for the same.

The result is is availble at [1]. This has three major things.

1. One *qubes* connection plugin for Ansible
   This allows dom0 and any domU (with proper policy) to do things
 inside of a VM. Means installing packages, copy/fetch files etc.

I have also opened a PR to the upstream Ansible to add this in the
core.

2. To make 1 happen, I added a small qrexec service *qubes.Ansible*.
To do things from dom0, we only need that service in the target AppVMs
or templates. There is also a command line tool (basically service
name changed from
qvm-run-vm command) *qvm-ansible* which will be used by domU VMs to connect
and do things inside of other VMs.

3. A pure Python Ansible module (named: qubesos) to
create/destroy/manage state of the
VMs.

Now, for now I have tested point 3 only from dom0. Point was tested
from both dom0 and domU VMs.

The Python module will require a lot of other things to make it 100%
compatible with
standard qvm*/qubes-* tools.

I have added examples in the repo. I managed to ran random playbooks
(which I use
in other places) using this. I would love to have feedback on this.

Note: This does not use Salt anywhere.

[1] https://github.com/kushaldas/qubes_ansible


Kushal
--
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzH5Z%2BQY_J%3DVRoxHCCP1yGR9QV_tSVAV66w6JFni%3DE4dQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to deal with Yubikey ?

2018-01-22 Thread Kushal Das 
On Tue, Jan 23, 2018 at 12:17 PM, ThierryIT  wrote:
> Hello,
>
> I have today to deal with two problems:
>
> 1) I am using Yubikey to be authentified on some web site like Github ...
> 2) I am using Yubikey to stock my PGP keys and to use them with mainly my 
> emails (Thinderbird+Enigmail)
>
> What to do under Qubes to make this possible ?
> I have already sys-usb running.

On Qubes 4.0rc3, I just attach it to the vm as required, and use it.
No configuratino is required.

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzxJ%2B_c-gGf-cXgzXQB41qnKfQOV5b88CyEF8GYAVRYCA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HOWTO restore old qubes-backup in Q4.0-rc3 using qvm-backup-restore?

2017-12-29 Thread Kushal Das 
On Fri, Dec 29, 2017 at 10:31 PM, cooloutac  wrote:

> seems marmarek posted an update,  he suggest to update the fedora.
>
> But it seems passthrough for usb3 is still not supported yet,  only block 
> device.
>
> I'm glad for these posts before I attempted to try 4.0 and restore my old 
> backups.  I think I might wait a while.
>
It seems I missunderstood the comment from marmarek. I just now updated the
Fedora 26 template as suggested and I can attach and mount external
USB3 storage device.


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbw0RzrZGNQzmkeFd%2BfjSOu9h2Or5h9BSb3_C0tkvJCYyQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HOWTO restore old qubes-backup in Q4.0-rc3 using qvm-backup-restore?

2017-12-29 Thread Kushal Das 
On Sat, Dec 23, 2017 at 1:28 AM, 'awokd' via qubes-users
 wrote:
> On Fri, December 22, 2017 6:12 pm, Josefa Hays wrote:
>
>
>> I recently installed Q4.0-rc3. I have an old qubes-backup (from 2016) on
>> a LUKS encrypted external HDD. How do I restore my backup in 4.0 using
>> qvm-backup-restore? I guess I don't want to mount the drive directly in
>> Dom0, so, how do I do? Create a designated "backup-vm" and then exactly
>> how do I proceed?
>>
>> What would be the step-by-step guide for restoring an old qubes-backup
>> using the commandline interface? Until the backup-GUI gets up and running
>> in 4.0 I guess many users will have the same question.
>
> Attach external drive to sys-usb
> "qvm-block" to list partitions
> "qvm-block a backup-vm sys-usb:sda1" (whichever is your LUKS partition)
> mount and unlock inside backup-vm
> "qvm-backup-restore -d backup-vm /path/to/backupfileinbackupvm oldvm1
> oldvm2 oldvm3" to selectively restore certain vms
> unmount inside backup-vm
> "qvm-block d backup-vm sys-usb:sda1"
> Detach drive
Does this mean USB3 based storage devices started working in 4.0?

No update in the following bug on the same.

https://github.com/QubesOS/qubes-issues/issues/3351

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbw0_07KZ%2B%3D270AQWjrhi4ZyFUvqF9v53A486U_-SHk-2g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Another common error I kept seeing while starting domains

2017-12-28 Thread Kushal Das 
Hi,

This is another common error I found (many times) over the weeks on
4.0rc3 (and with every update after that). I am wondering if anyone
else saw this error and if there is any issue already opened for it?


$ qvm-start netvpn
Got empty response from qubesd. See journalctl in dom0 for details.


In the journalctl:

Dec 29 09:54:07 dom0 qubesd[8089]: unhandled exception while calling
src=b'dom0' meth=b'admin.vm.Start' dest=b'netvpn' arg=b''
len(untrusted_payload)=0
Dec 29 09:54:07 dom0 qubesd[8089]: Traceback (most recent call last):
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/api/__init__.py", line 262, in
respond
Dec 29 09:54:07 dom0 qubesd[8089]: untrusted_payload=untrusted_payload)
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib64/python3.5/asyncio/futures.py", line 381, in __iter__
Dec 29 09:54:07 dom0 qubesd[8089]: yield self  # This tells Task
to wait for completion.
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib64/python3.5/asyncio/tasks.py", line 310, in _wakeup
Dec 29 09:54:07 dom0 qubesd[8089]: future.result()
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib64/python3.5/asyncio/futures.py", line 294, in result
Dec 29 09:54:07 dom0 qubesd[8089]: raise self._exception
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib64/python3.5/asyncio/tasks.py", line 240, in _step
Dec 29 09:54:07 dom0 qubesd[8089]: result = coro.send(None)
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/api/admin.py", line 772, in
vm_start
Dec 29 09:54:07 dom0 qubesd[8089]: yield from self.dest.start()
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/vm/qubesvm.py", line 921, in
start
Dec 29 09:54:07 dom0 qubesd[8089]: self.create_qdb_entries()
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/vm/qubesvm.py", line 1861, in
create_qdb_entries
Dec 29 09:54:07 dom0 qubesd[8089]: self.fire_event('domain-qdb-create')
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/events.py", line 196, in
fire_event
Dec 29 09:54:07 dom0 qubesd[8089]: pre_event=pre_event)
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/events.py", line 164, in
_fire_event
Dec 29 09:54:07 dom0 qubesd[8089]: effect = func(self, event, **kwargs)
Dec 29 09:54:07 dom0 qubesd[8089]:   File
"/usr/lib/python3.5/site-packages/qubes/ext/services.py", line 40, in
on_domain_qdb_create
Dec 29 09:54:07 dom0 qubesd[8089]: str(int(bool(value
Dec 29 09:54:07 dom0 qubesd[8089]: qubesdb.Error: (0, 'Error')

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbyrcEPZZz2aBAKGgxfe74L00KweG6hN6aQdq_6oeFGNqA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

2017-12-26 Thread Kushal Das 
On Tue, Dec 26, 2017 at 8:18 PM, cooloutac  wrote:
>
> wonder if your system runs low on ram?  Could also try using system without 
> iommu and see if it still happens.
>
I have 32GB here on a T470. I hope that is okay :)

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbxejFzUDSswmTA4mXGtKEuMztFV%3DayYVrZ3Okg_9e601A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Anyway to boot into only dom0 (4.0rc3)/sys-firewall stuck at boot

2017-12-24 Thread Kushal Das 
On Sun, Dec 24, 2017 at 3:14 PM, awokd  wrote:
>
> It's not very elegant but this should work:
>
> Boot from your Qubes install media
> Troubleshooting
> Rescue a Qubes system
> 1
> Enter
> chroot /mnt/sysimage
> nano /var/lib/qubes/qubes.xml
> look for the line with name="sys-net", it will probably start with QubesNetVm
> change name="sys-net" to name="sys-net2"
> ctrl-x, y to save changes, Enter
> exit
> reboot
> remove Qubes install media
> boot into Qubes normally
Did the same by just changing the sys-firewall vm name in qubes.xml to
sys-firewall2, which
caused qubesd failure. That helped to boot into dom0 super fast. After
that had to keep
trying different combinatin to get qubesd service to start again, and
later removed and recreated
the sys-firewall vm. Thanks a lot for the tips.

I am not exactly sure why I am getting into this pain again and again :(
For now, I updated dom0 with the packages from latest testing. Let us
see how well those work.

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbxFMq7Jck-Wi9eVW-PCOdK%2BMJQYn6--L3-kvBBMZ5ZKJw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Anyway to boot into only dom0 (4.0rc3)/sys-firewall stuck at boot

2017-12-24 Thread Kushal Das 
Hi,

My sys-firwall is stuck at the boot time (with no limit) 4.0rc3
(updated). Is there anyway to boot
into dom0 without starting any other vm? Then I can remove and create
the sys-firewall vm again (or if there is any easy way to recreate the
vm). My primary Qubes laptop is not usable state thanks to this issue.
Any tips to solve this will be a big help.


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzUuJtGmS7RokDypOA3WJhU9UgqpDDgbSH6oLLH0w227g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

2017-12-24 Thread Kushal Das 
On Fri, Dec 22, 2017 at 4:18 PM, Holger Levsen  wrote:
> On Fri, Dec 22, 2017 at 02:34:41AM -0800, Reynir Björnsson wrote:
>> It may be a coincidence, but when it happened to me I got sys-net running by 
>> shutting down sys-whonix first. I've since disabled sys-whonix and haven't 
>> had the issue again, although I haven't been rebooting much since.
>
> I believe it's coincidence. I've had this several times, where I couldnt
> restart sys-net (after it crashed) and then after shutting down some
> random VMs I could start sys-net again...
>
On Friday sys-firewall showed the same error when I tried to restart
the vm. After that I tried to restart the system, and now it gets
stuck in the boot screen trying to start sys-firewall :(
Any tips on how to get out of this mess?


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbxhaMOMiFK3ZDcxi%3D4C9q3hfL%3DO-gN5KXvpgVQiy50ETw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Qubes GUI for v4

2017-12-19 Thread Kushal Das 
On Wed, Dec 20, 2017 at 12:55 PM, Matteo  wrote:
>
> Thanks so much, it's a thing that i miss a lot.
> i come from windows with virtual box and found the qubes manager similar
> to virtual box gui (both useful and well done).
>
> but before you code it you should talk to joanna to be sure it will be
> accepted and used.
>
The beauty of Free Software projects is that you don't need any tool to be
something official. The tool can be packaged in Fedora, and can be installed by
the users if they want. if in the future the application become super popular
among the users, the Qubes upstream may include it as an official package.


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzkHK19JoVbhRS1LqHF2KWEBvTCszC-JzL6gBjUpoY_WQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Duplicate MAC address error

2017-12-19 Thread Kushal Das 
On Tue, Dec 19, 2017 at 8:29 PM, Roy Bernat  wrote:

> Its happen to me also .
>
> you should restart the computer and try again .
>
> if not copy the appvm .
I kept rebooting from last Thursday :) I finaly solved the issue by
recreating the vm. I wrote
a post about the same at [1]. I hope this will help someone in future.

[1] https://kushaldas.in/posts/duplicate-mac-address-error-in-qubes-vms.html

Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbyRXDorTvMDZjmLJcXV%3DQQq-Oy8fPN%3D-cQ75ZwPH8pZ8g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Duplicate MAC address error

2017-12-19 Thread Kushal Das 
Hi,

My Qubes 4.0rc3 (updated) is showing error for sys-net vm saying it
has a duplicate mac address for the NIC. This error message came
before (on the fresh install), and was fixed in a few reboots. But,
now I could not make it work for the last few days :(

Any tips how to solve this? I could not find any duplicate NIC value
in the /var/lib/qubes/qubes.xml file.


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbysDtTkH6QM3ZwFYW3PBxPTn09AC2S90_gATCW7SawQVg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Tips for running Tails in 4.0rc3 along with virtual USB storage

2017-12-15 Thread Kushal Das 
Hi,

I am tryig to run Tails under 4.0rc3 along with virtual USB storage. I
need the storage
so that I can install Tails on it, and then do some work using the
Persistence volume  (for development). Any tops if this can be done?


Kushal
-- 
Staff, Freedom of the Press Foundation
CPython Core Developer
Director, Python Software Foundation
https://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbzgdxX%3D_y9NJ0mofOcETRCb-qy7PsirLmA9MkWEpHzgzA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Additional VPN destinations via CLI config?

2017-09-13 Thread Kushal Das 
On Mon, Sep 11, 2017 at 11:07 PM,   wrote:
> I followed the tutorial here, specifically "Set up a ProxyVM as a VPN gateway 
> using iptables and CLI scripts"
>
> https://www.qubes-os.org/doc/vpn/
>
> I like having the iptables anti-leak rules. However, it's connecting 
> automatically to my VPN providers destination that I downloaded their .ovpn 
> for.
>
> Is it possible to compile multiple locations and be able to select which one?
>
> OR perhaps I'm going about this the wrong way? Should I instead use the GUI 
> way via NetworkManager? Can I configure that for multiple destination choices 
> then perhaps still add the iptables anti-leak rules?
>
> What's the best way?

I wrote a blog post [1] about how I am trying to do the similar thing.

[1] 
https://kushaldas.in/posts/network-isolation-using-netvms-and-vpn-in-qubes.html

Kushal
-- 
Fedora Cloud Engineer
CPython Core Developer
http://kushaldas.in

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAAzeMbwCSH38kV-kgsKkBKKJCsMOPPfuWqBDR99LyqqxC2xx-g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.