[qubes-users] Re: Qube Manager no longer starts
On Tuesday, September 18, 2018 at 11:43:37 AM UTC-7, dangm...@gmail.com wrote: > [anonymous@dom0 ~]$ qubes-qube-manager > Traceback (most recent call last): > File "/usr/bin/qubes-qube-manager", line 9, in > load_entry_point('qubesmanager==4.0.20', 'console_scripts', > 'qubes-qube-manager')() > File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line > 542, in load_entry_point > return get_distribution(dist).load_entry_point(group, name) > File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line > 2575, in load_entry_point > return ep.load() > File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line > 2235, in load > return self.resolve() > File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line > 2241, in resolve > module = __import__(self.module_name, fromlist=['__name__'], level=0) > File "/usr/lib/python3.5/site-packages/qubesmanager/qube_manager.py", line > 32, in > import quamash > ImportError: No module named 'quamash' nevermind sudo qubes-dom0-update installed python-quamash, and other updates Fixed the problem. Thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0b25955f-26c7-4d64-bc0a-2ec1481a083a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qube Manager no longer starts
[anonymous@dom0 ~]$ qubes-qube-manager Traceback (most recent call last): File "/usr/bin/qubes-qube-manager", line 9, in load_entry_point('qubesmanager==4.0.20', 'console_scripts', 'qubes-qube-manager')() File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 542, in load_entry_point return get_distribution(dist).load_entry_point(group, name) File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2575, in load_entry_point return ep.load() File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2235, in load return self.resolve() File "/usr/lib/python3.5/site-packages/pkg_resources/__init__.py", line 2241, in resolve module = __import__(self.module_name, fromlist=['__name__'], level=0) File "/usr/lib/python3.5/site-packages/qubesmanager/qube_manager.py", line 32, in import quamash ImportError: No module named 'quamash' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/73d4b003-63f2-42cc-b4f7-486b90863023%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Unikernels and Qubes
On Friday, November 6, 2015 at 6:26:57 AM UTC-8, Andrew wrote: > The idea of unikernels in Qubes is not entirely new; it's come up on the > lists a few times. This doesn't seem to have been posted to the list > yet, though: https://northox.github.io/qubes-rumprun/ > > The above blog post makes some arguments for integrating some unikernels > into Qubes for various things: TCP/IP stack vulnerability mitigation, > in-line filters on communication channels between VMs (I always imagined > using a MirageOS TLS wrap/unrwap unikernel to avoid OpenSSL exploits), > secure file conversion, and generally promoting increased disaggregation > and finer-grained isolation. > > This post asks for feedback and poses a few questions to be answered. > > > Now, I'm looking for constructive feedback from Qubes' community and > > will try to answer a few questions: What exactly would need to be > > modified on Qubes' side to be part of the default installation? > > What's the effort? What's the best course of action? Is it viable in > > practice? Does it make sense? > > I don't have the answers to these questions, but maybe others can chime > in to help answer them. > > Andrew Has anyone got a Mirage-VPN ProxyVM running? I use very many different VPN connections simultaneously. I am constantly running out of RAM to open any more VMs. I am already maxed out at 16GB, so I need to find ways to cut back on RAM. (And disk space). Is it possible to run OpenVPN? (Sorry for necro) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f1d8482e-9a4e-40aa-a32a-4ac691d7c11c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Time for Laptop Upgrade
I am running a T530 that I have maxed on in every possible way, from CPU, to RAM, to SSD + HDD, to 1080 Screen. . . But it is stuck with 16GB Max RAM, and now I am constantly juggling Qubes, trying to figure out which ones I can shut down in order to open new ones that I need. A lot of this has to do with a plethora of VPN ProxyVMs, Whonix Gateways, Debian Testing + Stretch Templates, etc etc When it is updates time, I have a dozen or more templates, and so I need to update a few at a time, shut them down, and then update a few more. Anyway, I need something that can handle more open Qubes. What are my options if privacy and security are of the utmost importance? I am looking for something with a high end Quad Core or better. I'm going to need about 32GB of RAM. Right now I am using a 500GB SSD + 2TB HDD in my Optical Bay. I would like for more storage so I can better maintain a Multi-Media Qubes with Kodi and local media. I also needs lots of HDD space for a plethora of blockchains (Bitcoin, Monero, Ethereum, etc) With all this crypto, I also want to make sure it has all available security features for AEM, and SEDs (must have BIOS HDD password). What are my options for HARDWARE encrypted drives? Any help with this project would be appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6490e5a3-852a-4849-bcf7-061b07d10fe0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL - Purism Librem 13 v2
On Saturday, September 15, 2018 at 8:32:23 AM UTC-7, casiu wrote: > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Saturday, September 15, 2018 10:30 AM, wrote: > > > Hi, during my email conversation with the Todd Weaver in the > > pre-IME-disabled time, he told me they will fully disable the IME and AMT > > within next week. After about a week they announced they did just that. Are > > this links a lie? > > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/ > > > > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/ > > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/ > > > > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/ > > > > Talking about alternatives: how the Qubes 4.0 stand with RYF certified > > X200? Like for example this one:https://tehnoetic.com/laptops/tet-x200s > > https://tehnoetic.com/laptops/tet-x200s and others like T400 and T500, > > which can be found there as well. Working well? Any issues known? > > Thank you > > > > Sep 15, 2018, 1:00 AM by taii...@gmx.com: > > > > > Everyone please be aware that purism's marketing is dishonest. > > > Their products do not have open source firmware[1] and the ME is not > > > disabled (the kernel still runs along with mask roms and the me hw init > > > code) > > > Intel chips or any new x86 for that matter do NOT respect your privacy! > > > [1]Their coreboot is simply a shim loader layer for Intel's FSP binary > > > blob that performs the hardware initiation - these days coreboot doesn't > > > necessarily mean open source firmware. > > > In terms of laptops it is much better to purchase for instance an owner > > > controlled pre-PSP AMD G505S[2] which has open cpu/ram init via coreboot > > > or one of the ivy/sandy thinkpads which while not owner controlled are > > > significantly more free than puri.crap as they have open cpu/ram/gpu > > > init via coreboot and their ME can be nerfed down to the BUP layer which > > > while is not at all equivilant to not having an ME at all such as on > > > non-x86 arches or pre-PSP AMD it is still much better. > > > All of my laptop recommendations here work great with Qubes 4.0 and > > > there is a nice little qubes g505s community. > > > [2](for the best user experience make sure to get the highest end quad > > > core A10 model if you buy one - although the less expensive A6 quad core > > > models are still quite usable) > > > I do not have an issue with purism selling non-free laptops - I have an > > > issue with them being dishonest. > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "qubes-users" group. > > > To unsubscribe from this group and stop receiving emails from it, send an > > > email to > qubes-users+unsubscr...@googlegroups.com > > > mailto:qubes-users+unsubscr...@googlegroups.com> . > > > To post to this group, send email to > qubes-users@googlegroups.com > > > mailto:qubes-users@googlegroups.com> . > > > To view this discussion on the web visit > > > > https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com > > > > > > https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com> > > > . > > > For more options, visit > https://groups.google.com/d/optout > > > https://groups.google.com/d/optout> . > > > > -- > > > > You received this message because you are subscribed to the Google Groups > > "qubes-users" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to qubes-users+unsubscr...@googlegroups.com. > > To post to this group, send email to qubes-users@googlegroups.com. > > To view this discussion on the web visit > > https://groups.google.com/d/msgid/qubes-users/LMRlztC--3-1%40tutanota.com. > > For more options, visit https://groups.google.com/d/optout. This made me laugh out loud. All your ranting and raving about security and dishonesty, and you sent the message using PROTON MAIL. Good lord. Talk about dishonesty and pseudo-security. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9839f63-3a6a-4892-ba5b-6e3de3583e93%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
On Saturday, May 12, 2018 at 11:10:27 AM UTC-7, get wrote: > среда, 18 апреля 2018 г., 0:13:29 UTC+3 пользователь Chris Laprise написал: > > Hello fellow Qubes users: > > > > Per issue 3503 the Qubes project would like to incorporate VPN features > > from Qubes-vpn-support -- which a number of you are already using -- > > into the Qubes 4.1 release. > > > > I've set up a new project "qubes-tunnel" to act as a staging area for > > testing and eventual forking into Qubes. It is nearly the same as > > Qubes-vpn-support except some names & paths are different... and install > > to template is required for obvious reasons :) . > > > > > > Project Link... https://github.com/tasket/qubes-tunnel > > > > > > Everyone with an available VPN service is welcome to try this out and > > report here on your results! > > > > - > > > > PS - Some of you will wonder if installing qubes-tunnel into an existing > > template already used for Qubes-vpn-support will cause a conflict; They > > will not conflict as long as the two services aren't enabled for the > > same ProxyVM(s). > > > > -- > > > > Chris Laprise, tas...@posteo.net > > https://github.com/tasket > > https://twitter.com/ttaskett > > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 > > Hi. script not working more on debian-9/fedora-26. Please fix it. > > Tested vpn's : mullvad, privateinternetaccess, expressvpn and multiple random > openvpn. > > Guides: > https://github.com/tasket/Qubes-vpn-support > https://github.com/tasket/qubes-doc/blob/tunnel/configuration/vpn.md#set-up-a-proxyvm-as-a-vpn-gateway-using-the-qubes-tunnel-service > https://github.com/tasket/qubes-tunnel Instructions also make no sense. 1. Copy to template 2. Copy to template VM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/154a7f83-12be-4486-a59b-7b63506330e3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Testing new VPN code for Qubes
On Tuesday, April 17, 2018 at 2:13:29 PM UTC-7, Chris Laprise wrote: > Hello fellow Qubes users: > > Per issue 3503 the Qubes project would like to incorporate VPN features > from Qubes-vpn-support -- which a number of you are already using -- > into the Qubes 4.1 release. > > I've set up a new project "qubes-tunnel" to act as a staging area for > testing and eventual forking into Qubes. It is nearly the same as > Qubes-vpn-support except some names & paths are different... and install > to template is required for obvious reasons :) . > > > Project Link... https://github.com/tasket/qubes-tunnel > > > Everyone with an available VPN service is welcome to try this out and > report here on your results! > > - > > PS - Some of you will wonder if installing qubes-tunnel into an existing > template already used for Qubes-vpn-support will cause a conflict; They > will not conflict as long as the two services aren't enabled for the > same ProxyVM(s). > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 I can get my browser to connect in the ProxyVM only after I manually change /etc/resolv.conf to NordVPN DNS servers. But nothing that uses the ProxyVM as a NetVM can access the internet in any way. Cannot ping 8.8.8.8. Can't do anything. Doesn't matter what I do to /etc/resolv.conf in the AppVM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/77cdc124-5304-49fd-9476-5522a53ffa73%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Cannot Update TemplateVMs
On Wednesday, May 9, 2018 at 5:42:58 PM UTC-7, dangm...@gmail.com wrote: > user@deb-stretch:~$ sudo apt update && sudo apt dist-upgrade -yt > stretch-backports > Ign:1 http://deb.debian.org/debian stretch InRelease > Ign:2 http://security.debian.org stretch/updates InRelease > Ign:3 https://updates.signal.org/desktop/apt xenial InRelease > Ign:4 http://deb.qubes-os.org/r4.0/vm stretch InRelease > Ign:5 http://deb.debian.org/debian stretch-backports InRelease > > Err:6 http://security.debian.org stretch/updates Release > > 500 Unable to connect > Ign:7 http://deb.qubes-os.org/r4.0/vm stretch-testing InRelease > Err:8 https://updates.signal.org/desktop/apt xenial Release > Received HTTP code 500 from proxy after CONNECT > Err:9 http://deb.debian.org/debian stretch Release > 500 Unable to connect > Ign:10 http://deb.qubes-os.org/r4.0/vm stretch-securitytesting InRelease > Err:11 http://deb.debian.org/debian stretch-backports Release > 500 Unable to connect > Err:12 http://deb.qubes-os.org/r4.0/vm stretch Release > 500 Unable to connect > Err:13 http://deb.qubes-os.org/r4.0/vm stretch-testing Release > 500 Unable to connect > Err:14 http://deb.qubes-os.org/r4.0/vm stretch-securitytesting Release > 500 Unable to connect > Reading package lists... Done > E: The repository 'http://security.debian.org stretch/updates Release' does > no longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > E: The repository 'https://updates.signal.org/desktop/apt xenial Release' > does no longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > E: The repository 'http://deb.debian.org/debian stretch Release' does no > longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > E: The repository 'http://deb.debian.org/debian stretch-backports Release' > does no longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch Release' does no > longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch-testing Release' > does no longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch-securitytesting > Release' does no longer have a Release file. > N: Updating from such a repository can't be done securely, and is therefore > disabled by default. > N: See apt-secure(8) manpage for repository creation and user configuration > details. > > > > user@host:~$ sudo apt update && sudo apt dist-upgrade -yt stretch-backports > && sudo apt-get autoremove && sudo poweroff > Ign:1 http://ftp.us.debian.org/debian stretch InRelease > > Ign:2 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease > > Ign:3 http://deb.qubes-os.org/r4.0/vm stretch InRelease > > Err:4 http://ftp.us.debian.org/debian stretch Release > > 500 Unable to connect > Err:5 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release > > 500 Unable to connect > Ign:6 http://deb.qubes-os.org/r4.0/vm stretch-testing InRelease > > Ign:7 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease > > Ign:8 http://security.debian.org stretch/updates InRelease > > Ign:9 > tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion > stretch-testers InRelease > Err:10 http://security.debian.org stretch/updates Release >
[qubes-users] Cannot Update TemplateVMs
user@deb-stretch:~$ sudo apt update && sudo apt dist-upgrade -yt stretch-backports Ign:1 http://deb.debian.org/debian stretch InRelease Ign:2 http://security.debian.org stretch/updates InRelease Ign:3 https://updates.signal.org/desktop/apt xenial InRelease Ign:4 http://deb.qubes-os.org/r4.0/vm stretch InRelease Ign:5 http://deb.debian.org/debian stretch-backports InRelease Err:6 http://security.debian.org stretch/updates Release 500 Unable to connect Ign:7 http://deb.qubes-os.org/r4.0/vm stretch-testing InRelease Err:8 https://updates.signal.org/desktop/apt xenial Release Received HTTP code 500 from proxy after CONNECT Err:9 http://deb.debian.org/debian stretch Release 500 Unable to connect Ign:10 http://deb.qubes-os.org/r4.0/vm stretch-securitytesting InRelease Err:11 http://deb.debian.org/debian stretch-backports Release 500 Unable to connect Err:12 http://deb.qubes-os.org/r4.0/vm stretch Release 500 Unable to connect Err:13 http://deb.qubes-os.org/r4.0/vm stretch-testing Release 500 Unable to connect Err:14 http://deb.qubes-os.org/r4.0/vm stretch-securitytesting Release 500 Unable to connect Reading package lists... Done E: The repository 'http://security.debian.org stretch/updates Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'https://updates.signal.org/desktop/apt xenial Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'http://deb.debian.org/debian stretch Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'http://deb.debian.org/debian stretch-backports Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch-testing Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. E: The repository 'http://deb.qubes-os.org/r4.0/vm stretch-securitytesting Release' does no longer have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details. user@host:~$ sudo apt update && sudo apt dist-upgrade -yt stretch-backports && sudo apt-get autoremove && sudo poweroff Ign:1 http://ftp.us.debian.org/debian stretch InRelease Ign:2 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates InRelease Ign:3 http://deb.qubes-os.org/r4.0/vm stretch InRelease Err:4 http://ftp.us.debian.org/debian stretch Release 500 Unable to connect Err:5 tor+http://sgvtcaew4bxjd7ln.onion stretch/updates Release 500 Unable to connect Ign:6 http://deb.qubes-os.org/r4.0/vm stretch-testing InRelease Ign:7 tor+http://vwakviie2ienjx6t.onion/debian stretch InRelease Ign:8 http://security.debian.org stretch/updates InRelease Ign:9 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch-testers InRelease Err:10 http://security.debian.org stretch/updates Release 500 Unable to connect Ign:11 https://updates.signal.org/desktop/apt xenial InRelease Err:12 tor+http://deb.dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion stretch-testers Release 500 Unable to connect Ign:
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On Wednesday, January 10, 2018 at 2:02:36 PM UTC-8, awokd wrote: > On Wed, January 10, 2018 8:35 pm, dangmad...@gmail.com wrote: > > On Sunday, January 7, 2018 at 10:14:26 AM UTC-8, haaber wrote: > > > > That Red Pill is a bitter one, isn't it? > > I don't trust ME either and run me_cleaner but that link is just some > unsubstantiated text. If he'd really been working at Intel 15 years he > should have been able to get copies of internal documentation at least. A > blacked out W-2 form doesn't cut it either. Do you find that sticking your head in the sand to be a productive form of security? I'm sorry that this information upset you so much, but by denying it you're only putting others in harms way. Maybe you'd like for others to have security vulnerabilities? Perhaps you are exposing your agenda too much? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0bd0d196-4a11-4257-9e2f-3acaba7af63f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Kali Template?
Does anyone have any experience converting a Debian Template to a Kali Template, with TemplateBasedVMs? I would also be interested in playing with a debian template converted to Linux Mint Debian Edition or BunsenLabs (CrunchBang). Or possibly an Ubuntu converted to Linux Mint. (But ubuntu is kinda gross, so low priority) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da2d7c80-a264-4f0e-9199-c2ccd23eeedb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME Backdoor, called Odin's Eye
On Sunday, January 7, 2018 at 10:14:26 AM UTC-8, haaber wrote: > > https://i.redditmedia.com/5mA7LrMiwgmmhrwfYF8Jks0WEng66fxWoCcGw33dhCA.jpg?w=597&s=339d919645f1de31a42913c748d1d7fb > I personally consider > this troll post. That Red Pill is a bitter one, isn't it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2120b2aa-34b3-4576-95c7-8d33be43c7d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] GPG-Split + KDEWallet in Whonix
Is it possible to force KDEWallet (Whonix) to use GPG Split? KDEWallet stores system passwords in a GPG protected file. Needs pre-generated private keys. Attempting to save my password for my cloud storage WebDav in Dolphin, but would like my password stored as securely as possible. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c282c2a-3599-4ad1-8c36-680f53aaa165%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Intel ME Backdoor, called Odin's Eye
https://i.redditmedia.com/5mA7LrMiwgmmhrwfYF8Jks0WEng66fxWoCcGw33dhCA.jpg?w=597&s=339d919645f1de31a42913c748d1d7fb Summary: Intel Whistleblower leaks details about his role in backdooring all IME chips on behalf of Intelligence Agencies. Posted 3/22/2017. Codename: Odin's Eye -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c18ceec2-bb84-4ec4-97cb-a10e97091d6f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.
On Wednesday, December 27, 2017 at 4:55:39 PM UTC-8, dangm...@gmail.com wrote: > Seems to be working, as I am now halfway done with the download with only 2 > more hours to go. After several hours of downloading, the connection was dropped (24hr captive portal), and now I have to start all over again. keepcache doesn't seem to have any effect in dnf.conf or yum.conf. Perhaps it's a server issue, but it will not resume the transfer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f6690f4e-7256-420d-a922-cd0a638c6fec%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.
On Tuesday, December 26, 2017 at 6:02:57 PM UTC-8, dangm...@gmail.com wrote: > Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my > debian template by removing qubes-gui-agent and pulseaudio. > > Was unable to find way to undo damage. > > Opted to reinstall template, but I cannot download it without my connection > dropping, and thus timing me out. dnf does not resume the download, despite > it claiming to be saving the download to cache. > > I have put keepcache=true in dnf.conf, with no results. > > > cannot wget from dom0. Should I wget from some other VM? Hm. I wasn't notified of these responses. I appreciate everyone's input. I ended up editing yum.conf, under [main], and adding minrate=1, and timeout=2000. (I also edited keepcache to 1) Now yum/dnf doesn't timeout after periods of slow transfer speeds. Seems to be working, as I am now halfway done with the download with only 2 more hours to go. A apologize, this seems to be a yum issue and not a qubes issue. I just wasn't sure what was going on behind the scenes and was under the impression that yum had no problems with resuming downloads. I thought maybe qubes-dom0-update was breaking that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/92ca946b-4fe8-4707-936e-ac83c90bb366%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Weak connection. Cannot reinstall borked template, download will not resume.
On Tuesday, December 26, 2017 at 6:02:57 PM UTC-8, dangm...@gmail.com wrote: > Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my > debian template by removing qubes-gui-agent and pulseaudio. > > Was unable to find way to undo damage. > > Opted to reinstall template, but I cannot download it without my connection > dropping, and thus timing me out. dnf does not resume the download, despite > it claiming to be saving the download to cache. > > I have put keepcache=true in dnf.conf, with no results. > > > cannot wget from dom0. Should I wget from some other VM? Qubes 3.2 qubes-dom0-update --action=reinstall qubes-template-debian-8 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/748506e5-9c7f-431e-8a5d-8d0c35826868%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Weak connection. Cannot reinstall borked template, download will not resume.
Attempting to upgrade KeePassX to KeePassX 2.0, using backports, borked my debian template by removing qubes-gui-agent and pulseaudio. Was unable to find way to undo damage. Opted to reinstall template, but I cannot download it without my connection dropping, and thus timing me out. dnf does not resume the download, despite it claiming to be saving the download to cache. I have put keepcache=true in dnf.conf, with no results. cannot wget from dom0. Should I wget from some other VM? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3908f022-5c27-4336-a53c-7977e226e5bc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] ZeroShell Firewall/Proxy VM
https://ZeroShell.org Zeroshell is a Linux distribution for servers and embedded devices aimed at providing the main network services a LAN requires. It is available in the form of Live CD or Compact Flash image and you can configure and administer it using your web browser. The main features of this Linux distribution for Network Appliances are listed below: Load Balancing and Failover of multiple Internet connections; UMTS/HSDPA connections by using 3G modems; RADIUS server for providing secure authentication and automatic management of the encryption keys to the Wireless 802.11b, 802.11g and 802.11a networks supporting the 802.1x protocol in the EAP-TLS, EAP-TTLS and PEAP form or the less secure authentication of the client MAC Address; WPA with TKIP and WPA2 with CCMP (802.11i complaint) are supported too; the RADIUS server may also, depending on the username, group or MAC Address of the supplicant, allow the access on a preset 802.1Q VLAN; Captive Portal to support the web login on wireless and wired networks. Zeroshell acts as gateway for the networks on which the Captive Portal is active and on which the IP addresses (usually belonging to private subnets) are dynamically assigned by the DHCP. A client that accesses this private network must authenticate itself through a web browser using Kerberos 5 username and password before the Zeroshell's firewall allows it to access the public LAN. The Captive Portal gateways are often used to provide authenticated Internet access in the HotSpots in alternative to the 802.1X authentication protocol too complicated to configure for the users. Zeroshell implements the functionality of Captive Portal in native way, without using other specific software as NoCat or Chillispot; QoS (Quality of Service) management and traffic shaping to control traffic over a congested network. You will be able to guarantee the minimum bandwidth, limit the max bandwidth and assign a priority to a traffic class (useful in latency-sensitive network applications like VoIP). The previous tuning can be applied on Ethernet Interfaces, VPNs, bridges and VPN bondings. It is possible to classify the traffic by using the Layer 7 filters that allow the Deep Packet Inspection (DPI) which can be useful to shape VoIP and P2P applications; HTTP Proxy server which is able to block the web pages containing virus. This feature is implemented using the ClamAV antivirus and HAVP proxy server. The proxy server works in transparent proxy mode, in which, you don't need to configure the web browsers of the users to use it, but the http requests will be automatically redirected to the proxy; Wireless Access Point mode with Multiple SSID and VLAN support by using WiFi network cards based on the Atheros chipsets. In other words, a Zeroshell box with one of such WiFi cards could become a IEEE 802.11a/b/g Access Point providing reliable authentication and dynamic keys exchange by 802.1X and WPA protocols. Of course, the authentication takes place using EAP-TLS and PEAP over the integrated RADIUS server; Host-to-lan VPN with L2TP/IPsec in which L2TP (Layer 2 Tunneling Protocol) authenticated with Kerberos v5 username and password is encapsulated within IPsec authenticated with IKE that uses X.509 certificates; Lan-to-lan VPN with encapsulation of Ethernet datagrams in SSL/TLS tunnel, with support for 802.1Q VLAN and configurable in bonding for load balancing (band increase) or fault tolerance (reliability increase); Router with static and dynamic routes (RIPv2 with MD5 or plain text authentication and Split Horizon and Poisoned Reverse algorithms); 802.1d bridge with Spanning Tree protocol to avoid loops even in the presence of redundant paths; 802.1Q Virtual LAN (tagged VLAN); Firewall Packet Filter and Stateful Packet Inspection (SPI) with filters applicable in both routing and bridging on all type of interfaces including VPN and VLAN; It is possible to reject or shape P2P File Sharing traffic by using IPP2P iptables module in the Firewall and QoS Classifier; NAT to use private class LAN addresses hidden on the WAN with public addresses; TCP/UDP port forwarding (PAT) to create Virtual Servers. This means that real server cluster will be seen with only one IP address (the IP of the virtual server) and each request will be distributed with Round Robin algorithm to the real servers; Multizone DNS server with automatic management of the Reverse Resolution in-addr.arpa; Multi subnet DHCP server with the possibility to fix IP depending on client's MAC address; PPPoE client for connection to the WAN via ADSL, DSL and cable lines (requires a suitable MODEM); Dynamic DNS client used to easily reach the host on WAN even when the IP is dynamic; NTP (Network Time Protocol) client and server for keeping host clocks synchronized; Syslog server for receiving and cataloging the system l