Re: [qubes-users] Re: Unmounting USB Devices at VM shutdown

On Fri, Jul 15, 2016 at 1:13 AM, Ben Wika wrote: > On Thursday, 14 July 2016 13:33:47 UTC+10, raah...@gmail.com wrote: > > On Wednesday, July 13, 2016 at 9:29:33 PM UTC-4, Ben Wika wrote: > > > I imagine there's another thread for this but I couldn't find it. > > > > > >

[qubes-users] Re: Unmounting USB Devices at VM shutdown

On Friday, July 15, 2016 at 12:24:40 AM UTC-4, raah...@gmail.com wrote: > On Friday, July 15, 2016 at 12:13:10 AM UTC-4, Ben Wika wrote: > > On Thursday, 14 July 2016 13:33:47 UTC+10, raah...@gmail.com wrote: > > > On Wednesday, July 13, 2016 at 9:29:33 PM UTC-4, Ben Wika wrote: > > > > I imagine

[qubes-users] Re: Question on DMA attacks

I can't find any poc for sound card. I imagine it would be possible though, maybe it depends on the card like probably a plugged in one. But i'm talking out my ass and have no idea what I'm talking about. Maybe in future qubes will be isolating the sound controller as well lol. -- You

[qubes-users] Re: Question on DMA attacks

On Friday, July 15, 2016 at 12:00:57 AM UTC-4, neilh...@gmail.com wrote: > Oh OK. I see you have now updated with a new answer. > > "The main benefit would be to try and prevent dma attacks from the network > card and the netvm, which receives all the packets from the internet" maybe just a

[qubes-users] Re: Question on DMA attacks

So essentially, this is isolating the network card/Wifi from dom0.. Just like you create a USB qube, to isolate USB from dom0 But still.. no one has ever shown a proof of concept for this... You see plenty of videos of people exploiting browsers with Metasploit... but no videos of anyone doing

[qubes-users] Re: Unmounting USB Devices at VM shutdown

On Thursday, 14 July 2016 13:33:47 UTC+10, raah...@gmail.com wrote: > On Wednesday, July 13, 2016 at 9:29:33 PM UTC-4, Ben Wika wrote: > > I imagine there's another thread for this but I couldn't find it. > > > > I'm curious whether the following is expected behavior... > > > > If we shutdown a

[qubes-users] Re: Question on DMA attacks

On Friday, July 15, 2016 at 12:00:11 AM UTC-4, raah...@gmail.com wrote: > On Thursday, July 14, 2016 at 11:57:48 PM UTC-4, neilh...@gmail.com wrote: > > But it's still not clear how these malicious packets can be sent to the > > network card can these be sent after compromising an App VM (via

[qubes-users] Re: Question on DMA attacks

Oh OK. I see you have now updated with a new answer. "The main benefit would be to try and prevent dma attacks from the network card and the netvm, which receives all the packets from the internet" -- You received this message because you are subscribed to the Google Groups "qubes-users"

[qubes-users] Re: Question on DMA attacks

On Thursday, July 14, 2016 at 11:57:48 PM UTC-4, neilh...@gmail.com wrote: > But it's still not clear how these malicious packets can be sent to the > network card can these be sent after compromising an App VM (via > something like a browser exploit)...?? > > Or can they be sent just

[qubes-users] Re: Question on DMA attacks

But it's still not clear how these malicious packets can be sent to the network card can these be sent after compromising an App VM (via something like a browser exploit)...?? Or can they be sent just purely over the internet itself to any device connected to the web...? Directly send

[qubes-users] Re: Question on DMA attacks

On Thursday, July 14, 2016 at 10:22:28 PM UTC-4, neilh...@gmail.com wrote: > From the user FAQ: > > https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d > > "an attacker could always use a simple DMA attack to go from the NetVM to > Dom0" > > So what does this

[qubes-users] Re: Question on DMA attacks

On Thursday, July 14, 2016 at 10:22:28 PM UTC-4, neilh...@gmail.com wrote: > From the user FAQ: > > https://www.qubes-os.org/doc/user-faq/#can-i-install-qubes-on-a-system-without-vt-d > > "an attacker could always use a simple DMA attack to go from the NetVM to > Dom0" > > So what does this

Re: [qubes-users] Installing Older Kernels

On Thursday, July 14, 2016 at 6:49:17 PM UTC-4, Drew White wrote: > On Friday, 15 July 2016 08:38:08 UTC+10, Andrew David Wong wrote: > > I'm not sure what you mean. Normally, you can update any version of Qubes by > > running qubes-dom0-update. That should work on "old" versions just the same. >

Re: [qubes-users] Re: Networking

On Thursday, July 14, 2016 at 6:15:39 PM UTC-4, Drew White wrote: > On Friday, 15 July 2016 00:27:25 UTC+10, raah...@gmail.com wrote: > > So only a problem for windows vms in 3.1 but not 3.2? weird. Maybe > > you've done some configuration changes in 3.1 that messed things up. Maybe > >

Re: [qubes-users] Installing Older Kernels

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-14 15:49, Drew White wrote: > On Friday, 15 July 2016 08:38:08 UTC+10, Andrew David Wong wrote: >> I'm not sure what you mean. Normally, you can update any version of Qubes >> by running qubes-dom0-update. That should work on "old"

Re: [qubes-users] HELP! URGENT! Error starting VM

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-14 16:09, Drew White wrote: > Also, that link is "Error starting VM: (0, 'Error')" not "Error starting VM > 'GUEST NAME': (2, 'No such file or directory')" > There are two links. Look at the first one. - -- Andrew David Wong (Axon)

[qubes-users] Re: installer 3.2 bugs

@Marek please correct me if I am wrong but I believe that all standard templates (ie. fedora, debian and whonix) are installed even if you select the option "do not configure anything", it just should not create any appVMs. -- You received this message because you are subscribed to the Google

Re: [qubes-users] installer 3.2 bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 14, 2016 at 04:28:45PM -0700, Drew White wrote: > On Friday, 15 July 2016 09:22:03 UTC+10, Marek Marczykowski-Górecki wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Thu, Jul 14, 2016 at 03:56:32PM -0700, Drew

[qubes-users] Re: Qubes, Windows7 and Domain join

That should work fine as the Qubes Windows Tools work with Win7. You can create a HVM and install it with windows then install the QWT which will help with the network config of the VM. Once done, and as long as you are connected to a network with access to the domain, you should be able to

[qubes-users] Re: why oh why oh why... Monitors...

Hi Drew, This has been answered previously. The "kscreen" app was missed when they made the ISO and they have said that it will be put in the next release candidate. If you want your screen settings options to be available, you can use the following command to install "kscreen". >From console

Re: [qubes-users] installer 3.2 bugs

On Friday, 15 July 2016 09:22:03 UTC+10, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Jul 14, 2016 at 03:56:32PM -0700, Drew White wrote: > > installer bug.. picture > > If you don't want to configure anything, select "do not configure >

Re: [qubes-users] installer 3.2 bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 14, 2016 at 03:56:32PM -0700, Drew White wrote: > installer bug.. picture If you don't want to configure anything, select "do not configure anything". - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it

Re: [qubes-users] HELP! URGENT! Error starting VM

Also, that link is "Error starting VM: (0, 'Error')" not "Error starting VM 'GUEST NAME': (2, 'No such file or directory')" -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an

[qubes-users] Re: Changing swap. /etc/fstab cant be edited

El jueves, 14 de julio de 2016, 19:51:50 (UTC-3), Facundo Curti escribió: > El jueves, 14 de julio de 2016, 18:43:26 (UTC-3), Facundo Curti escribió: > > Hi list. > > > > > > I'm having troubles to start qubes. When I start it says that a partition > > is being used by a process. > > > > >

Re: [qubes-users] HELP! URGENT! Error starting VM

Also, there are some guests I've had working for several months, and never changed the settings since day 1. Then one day after a few months they just have that issue, can't find file or folder.. and nothing has changed. The NetVM is usually having an issue like not being able to see the

Re: [qubes-users] HELP! URGENT! Error starting VM

On Friday, 15 July 2016 08:48:04 UTC+10, Andrew David Wong wrote: > Is that a VM with more than 35 firewall rules? I put " NetVM " in there so that it would not be misunderstood. Anyway, I have guests on my other machine with many more firewall rules than 35 and no issues. -- You received

[qubes-users] Re: Changing swap. /etc/fstab cant be edited

El jueves, 14 de julio de 2016, 18:43:26 (UTC-3), Facundo Curti escribió: > Hi list. > > > I'm having troubles to start qubes. When I start it says that a partition is > being used by a process. > > > As I was reading: >

Re: [qubes-users] Installing Older Kernels

On Friday, 15 July 2016 08:38:08 UTC+10, Andrew David Wong wrote: > I'm not sure what you mean. Normally, you can update any version of Qubes by > running qubes-dom0-update. That should work on "old" versions just the same. > > Are you talking about upgrading from one version to the next, e.g.,

[qubes-users] HELP! URGENT! Error starting VM

" Error starting VM 'NetVM': (2, 'no such file or directory') " Why is this happening? The directory exists, the files exist, the XML has the correct path and filenames, the file and folder permissions is correct What is causing this? It happened in 3.1, and now 3.2. The VM was running,

Re: [qubes-users] Installing Older Kernels

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-14 15:35, Drew White wrote: > On Friday, 15 July 2016 08:14:05 UTC+10, Andrew David Wong wrote: >> You can try based on what's described here, combining "How to downgrade a >> specific package" with "Kernel Upgrade," but I don't know

Re: [qubes-users] Installing Older Kernels

On Friday, 15 July 2016 08:14:05 UTC+10, Andrew David Wong wrote: > You can try based on what's described here, combining "How to downgrade a > specific package" with "Kernel Upgrade," but I don't know whether it'll work: > > https://www.qubes-os.org/doc/software-update-dom0/#tocAnchor-1-1-3

Re: [qubes-users] Re: Qubes Network Setup Service

> Is there any log related to this service in the windows event log? Have you checked the Windows Qubes Logs? If you have Qubes Tools installed, they would be wherever you set the logs to be put. Typically that is on the private.img drive. If you don't have them installed, you won't have those

Re: [qubes-users] Changing swap. /etc/fstab cant be edited

On 07/14/2016 05:43 PM, Facundo Curti wrote: Hi list. I'm having troubles to start qubes. When I start it says that a partition is being used by a process. As I was reading: https://forums.opensuse.org/showthread.php/503587-Slow-boot-What-is-quot-A-start-job-is-running-for-dev-disk-by-quot

Re: [qubes-users] [newbie] Automatically mount Windows partition on boot/appvm startup

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-14 14:19, Gustavo Lapido Loureiro wrote: > Hi all, > > Is it possible to automatically mount a Windows partition on appvm > startup? > > I'm currently using Qubes OS as my main OS, but I need access to the > Windows partition, which is

Re: [qubes-users] Installing Older Kernels

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-14 05:12, Drew White wrote: > Hi folks, > > How do I install older kernels? I want them to be installed for he older > templates I have, but installed under a later version of Qubes, just for > Fedora 23 for example. > > How can I do

[qubes-users] Re: Qubes Network Setup Service

On Thursday, 14 July 2016 23:46:56 UTC+10, Adam wrote: > I understand the global view of networking in QubesOS, I have a net VM, a > firewall VM, a proxy VM and a standard app VM all working nicely and my app > VM can surf the web securely. I have Windows AppVMs working happily doing what I

[qubes-users] Changing swap. /etc/fstab cant be edited

Hi list. I'm having troubles to start qubes. When I start it says that a partition is being used by a process. As I was reading: https://forums.opensuse.org/showthread.php/503587-Slow-boot-What-is-quot-A-start-job-is-running-for-dev-disk-by-quot https://bbs.archlinux.org/viewtopic.php?id=161814

Re: [qubes-users] Firewall rules

On 07/14/2016 04:51 PM, katerim...@sigaint.org wrote: On 07/14/2016 10:39 AM, katerim...@sigaint.org wrote: Good day I'm using a VPN in sys-net and would setup firewall rules to stop internet connection if VPN crash. In sys-net isn't possible to insert ip addresses, then I did it in

Re: [qubes-users] shared clipboard is inconsistent

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 14, 2016 at 01:57:23PM -0700, jkitt wrote: > Sometimes it works; sometimes it doesn't. Has anyone else noticed this? Check log of gui daemon when it doesn't. For example when you try to copy from VM "work" and it doesn't work, check

[qubes-users] [newbie] Automatically mount Windows partition on boot/appvm startup

Hi all, Is it possible to automatically mount a Windows partition on appvm startup? I'm currently using Qubes OS as my main OS, but I need access to the Windows partition, which is the official OS in the organization where I work, unfortunatelly. I would like to avoid the manual two-step

[qubes-users] Re: HCL Lenovo ThinkCentre E73z

On Wednesday, July 13, 2016 at 3:47:18 PM UTC-3, Gustavo Lapido Loureiro wrote: > On Tuesday, July 12, 2016 at 2:39:02 PM UTC-3, Gustavo Lapido Loureiro wrote: > > I've just installed it, updated Personal vm, opened Firefox Personal, so > > far so good. > > > > On first boot after installation,

[qubes-users] shared clipboard is inconsistent

Sometimes it works; sometimes it doesn't. Has anyone else noticed this? v3.1 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: SUCCESS: GPU passthrough on Qubes 3.1 (Xen 4.6.1) / Radeon 6950 / Win 7 & Win 8.1 (TUTORIAL + HCL)

Some more experimentation with GTX980: - Tried Core2Duo CPUID from KVM VM - Ported NoSnoop patch from KVM Sadly, neither of these would help with BSODs / Code 43 errors. I posted the results (with patches and more detailed information) on Xen-devel

Re: [qubes-users] Firewall rules

On 07/14/2016 10:39 AM, katerim...@sigaint.org wrote: Good day I'm using a VPN in sys-net and would setup firewall rules to stop internet connection if VPN crash. In sys-net isn't possible to insert ip addresses, then I did it in sys-firewall. With some tests I saw that if VPN disconnect

[qubes-users] Firewall rules

Good day I'm using a VPN in sys-net and would setup firewall rules to stop internet connection if VPN crash. In sys-net isn't possible to insert ip addresses, then I did it in sys-firewall. With some tests I saw that if VPN disconnect suddenly, sys-net finds my wifi network and doesn't break the

Re: [qubes-users] Re: Networking

On Thursday, July 14, 2016 at 1:28:22 AM UTC-4, Drew White wrote: > On Thursday, 14 July 2016 06:46:19 UTC+10, raah...@gmail.com wrote: > > Is it only windows vm's that have this problem? > > Perhaps you missed what I said earlier, it's both, at least in Qubes 3.1 it > is. > > Just put 3.2 on

Re: [qubes-users] Re: Qubes Network Setup Service

On 07/14/2016 03:46 PM, Adam wrote: > Hi Alex and Drew > > I understand the global view of networking in QubesOS, I have a net > VM, a firewall VM, a proxy VM and a standard app VM all working > nicely and my app VM can surf the web securely. > > I never said dom0 and win7 communicated via

[qubes-users] Re: Qubes Network Setup Service

Hi Alex and Drew I understand the global view of networking in QubesOS, I have a net VM, a firewall VM, a proxy VM and a standard app VM all working nicely and my app VM can surf the web securely. I never said dom0 and win7 communicated via network, had had assumed, maybe incorrectly, that

[qubes-users] Re: Qubes Network Setup Service

> I don't even get a ip so assigning a new dns server won't help. Look in the Qubes Manager, that's the one you give it. > I think its a communication problem between windows and dom0, but i don't > know enough to diagnose it further. -- You received this message because you are subscribed

[qubes-users] Re: Qubes Network Setup Service

On Thursday, July 14, 2016 at 8:24:41 PM UTC+8, Drew White wrote: > On Thursday, 14 July 2016 22:09:21 UTC+10, Adam wrote: > > Hi > > > > I have successfully install Qubes 3.2-r1 on a lenovo x220 > > I have player around with templates and AppVMs and thought i would try > > Windows 7. > > > >

[qubes-users] Re: Qubes Network Setup Service

On Thursday, 14 July 2016 22:09:21 UTC+10, Adam wrote: > Hi > > I have successfully install Qubes 3.2-r1 on a lenovo x220 > I have player around with templates and AppVMs and thought i would try > Windows 7. > > I successfully install windows in a HVM Template and then installled Qubes >

[qubes-users] Installing Older Kernels

Hi folks, How do I install older kernels? I want them to be installed for he older templates I have, but installed under a later version of Qubes, just for Fedora 23 for example. How can I do this please? -- You received this message because you are subscribed to the Google Groups

[qubes-users] Qubes Network Setup Service

Hi I have successfully install Qubes 3.2-r1 on a lenovo x220 I have player around with templates and AppVMs and thought i would try Windows 7. I successfully install windows in a HVM Template and then installled Qubes Windows Tools which again appears to be successful. I am don't get any

Re: [qubes-users] Multi-drive computers installation

On Thursday, 14 July 2016 21:15:19 UTC+10, Gorka Alonso wrote: > I think you were missing the term 'volume' in contrast with drive. Thanks for > the explanation, wanted to make sure I understood it right. A volume isn't a drive. A drive is a drive. You can have multiple volumes on 1 drive.

Re: [qubes-users] Multi-drive computers installation

El jueves, 14 de julio de 2016, 12:48:14 (UTC+2), Drew White escribió: > On Thursday, 14 July 2016 20:26:03 UTC+10, Gorka Alonso wrote: > > What do you call 'multi-drive PC'? A computer with 2 physical drives (for > > example a SDD and a HDD)? > > Yes, Multi-Drive. It doesn't mean anything

Re: [qubes-users] Multi-drive computers installation

On Thursday, 14 July 2016 20:26:03 UTC+10, Gorka Alonso wrote: > What do you call 'multi-drive PC'? A computer with 2 physical drives (for > example a SDD and a HDD)? Yes, Multi-Drive. It doesn't mean anything else. To read it as anything other than what it says just means that someone is

[qubes-users] why oh why oh why... Monitors...

Why is there no more configuration for monitors from version 3.1 to 3.2? I have to download Arandr or similar to get it done, and then it's not configured properly, and I have to re-configure every time I start the PC... I know I can set the script to be on boot, but if the secondary monitor

Re: [qubes-users]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-14 01:04, cubit wrote: > 14. Jul 2016 04:19 by qubenewb...@sigaint.org: > > >> I have signed up for the mailing list, but I havent "received" the thread >> Id like to reply to. >> > > > > > Hi Qube Newb, you will not easili be

Re: [qubes-users] Newbie-ish question about networking and firewalls

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-13 20:54, qubenewb...@sigaint.org wrote: > It seems pretty dangerous to not have any firewall for sys-net. > In the Qubes security model, sys-net is always assumed to be untrusted (i.e., already compromised). From that perspective, it's

Re: [qubes-users] AppVMs not starting whenever USB channels are assigned

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-13 15:03, Cannon wrote: > On 07/12/2016 11:16 PM, Andrew David Wong wrote: >> Please see this FAQ entry: >> >> https://www.qubes-os.org/doc/user-faq/#i-created-a-usbvm-and-assigned- >> usb-controllers-to-it-now-the-usbvm-wont-boot >> >

Re: [qubes-users] Re: Debian minimal template?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-07-13 19:39, Iestyn Best wrote: > I am interested to see if someone can provide a guide since there is no > template available. > FWIW, there may be a debian-8-minimal template available in 3.2:

Re: [qubes-users]

14. Jul 2016 04:19 by qubenewb...@sigaint.org: > I have signed up for the mailing list, but I havent "received" the thread > Id like to reply to. > Hi Qube Newb,  you will not easili be able to reply to any email threads that happened before you signed up, as as you noted you will not have