Re: [qubes-users] How does Qubes DNS resolving work?

Feb 14, 2019, 3:42 PM by un...@thirdeyesecurity.org: > On Thu, Feb 14, 2019 at 03:13:00PM +0100, > ashleybrown...@tutanota.com > > wrote: > >> >> >> Hopefully one day they revert it back to how it was in 3.2. A very common >> use-case for the firewall is

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 14/02/2019 1.27 PM, Vít Šesták wrote: > On February 14, 2019 6:18:47 PM GMT+01:00, "Marek Marczykowski-Górecki" wrote: >> On Thu, Feb 14, 2019 at 05:58:09PM +0100, Vít Šesták wrote: >>> When I update dom0 and then Debian/Whonix without restarting

[qubes-users] HCL - Purism Librem 13 v4

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Purism Librem 13 v4 HCL attached. All devices functions fully working (full IOMMU w/VT-d, etc), factory shipped firmware (coreboot 4.8.1-Purism-4) cheers, Matt -BEGIN PGP SIGNATURE- Version: OpenPGP.js v2.5.11 Comment:

Re: [qubes-users] Some VMs on an external disk (unavailable at boot)

On 2/12/19 7:37 PM, preill...@gmail.com wrote: > There was a page called this that I referred to.  > https://www.qubes-os.org/secondary-storage My mistake.  It's here: https://www.qubes-os.org/doc/secondary-storage/ -- You received this message because you are subscribed to the Google

[qubes-users] How secure is google-authenticator as 2FA?

Hi Qubes fellows,On reading content on 2FA, something comfuse me, so I'd like to understand better by posting here:one type of OTP,a TOTP like google authenticator, bases on a shared secret key, since keycan be seen in mail box, it's not quite safe, is it saved in mail box as well?(does it also

Re: [qubes-users] Some VMs on an external disk (unavailable at boot)

On 2/4/19 4:42 PM, Chris Laprise wrote: > On 2/4/19 4:12 PM, Stuart Perkins wrote: >> >> >> On Mon, 4 Feb 2019 21:27:44 +0100 >> Stefan Schlott wrote: >> >>> On 2/4/19 5:59 PM, Stuart Perkins wrote: >>> I do not know the official stance or method, but I symbolically link from the

Re: [qubes-users] Effectiveness of the VM compartimentation

On 2/14/19 10:02 PM, nosugarmaxta...@gmail.com wrote: Hi all, Right now I use Qubes for a bit of fun - setting up VPN's - chaining them, trying to get HVM's up and running, just messing about. I do plan to totally phase out my other OS's for it, but theres one thing that keeps going through

[qubes-users] Re: Qubes 4.0, app: Error creating VM

On Friday, February 15, 2019 at 12:12:30 PM UTC+11, Borris Johnsnob wrote: > When upgrading the Fedora 26 -> 28 template for Qubes 4.0 using the following > links: > > > A. https://www.qubes-os.org/doc/template/fedora/upgrade-28-to-29/ > > B. 

[qubes-users] Effectiveness of the VM compartimentation

Hi all, Right now I use Qubes for a bit of fun - setting up VPN's - chaining them, trying to get HVM's up and running, just messing about. I do plan to totally phase out my other OS's for it, but theres one thing that keeps going through my mind.. how isolated are the VM's from each other

[qubes-users] Re: Is it safe to install Qubes4 on laptop used windows10 before?

When you format a HDD, whatever OS was on there previously is gone. Be it Windows, Qubes, or whatever. None of the windows phone home features will survive the format and you can happily install Qubes on the formated HDD. I really don't believe Microsoft is able to track your hardware, UUID,

[qubes-users] Re: Valid Concerns Regarding Integrity of Whonix Project

'This law was only recently introduced and is already being used to great effect according to recent reports.' Great effect? Where are your sources? I can't take you seriously without proper sources. Gut feelings, suspicions, it all means nothing without evidence. Should we all bust out the

[qubes-users] Qubes 4.0, app: Error creating VM

When upgrading the Fedora 26 -> 28 template for Qubes 4.0 using the following links: A. https://www.qubes-os.org/doc/template/fedora/upgrade-28-to-29/ B. https://www.qubes-os.org/doc/templates/#how-to-switch-templates-40 When I got to step 8 in the detailed instructions of link 'A' I went on to

Re: [qubes-users] Re: Anyone using protonmail-bridge

On 2/14/19 11:55 AM, 22...@tutamail.com wrote: > Would appreciate any thoughts on your set-up but try the following: > > In the appvm that houses your thunderbird and protonmail bridge add > protonmails IP(= 185.70.40.151) in the firewall settings. I have managed to > get it working by further

[qubes-users] Re: Anyone using protonmail-bridge

Would appreciate any thoughts on your set-up but try the following: In the appvm that houses your thunderbird and protonmail bridge add protonmails IP(= 185.70.40.151) in the firewall settings. I have managed to get it working by further limiting it to port 443 only. As I understand the

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

On February 14, 2019 6:18:47 PM GMT+01:00, "Marek Marczykowski-Górecki" wrote: >On Thu, Feb 14, 2019 at 05:58:09PM +0100, Vít Šesták wrote: >> When I update dom0 and then Debian/Whonix without restarting the Qube >Manager or Update “widget”*, is it enough? Or I need to restart the >updater app (or

[qubes-users] Anyone using protonmail-bridge

For anyone using protonmail-bridge with thunderbird: What kind of settings are you using to allow sending/receiving through the firewall? I've allowed protonmail.com and 127.0.0.1 (which is the address the bridge uses), but when the firewall is activated, I can't send or receive anything. Turning

Re: [qubes-users] Qubes: Unable to connect to VPN

Just reviving a thread of mine from a few months ago with a related follow-up question. When trying to connect to a VPN using openvpn from a Debian-9 AppVM within Qubes, I could connect but instantly lost DNS resolution which rendered the connection unusable. Installing he package

Re: [qubes-users] Is it safe to install Qubes4 on laptop used windows10 before?

On Thu, 14 Feb 2019 16:12:36 + unman wrote: >On Wed, Feb 13, 2019 at 08:55:01PM +, zxcvw...@scryptmail.com wrote: >> Hello All,I have a laptop from family that is rarely used,but with windows10 >> installed on it,arguably the most infamous windows version.If I install >> Qubse4.0 on

Re: [qubes-users] Re: QSB #46: APT update mechanism vulnerability

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Feb 13, 2019 at 04:12:27AM -0800, Vít Šesták wrote: > Since Qubes 4.0.1 was released [1] before your message and before the DSA > [2], I assume it is not a good idea to install Debian and Whonix from the > 4.0.1 installation media, is it?

Re: [qubes-users] Is it safe to install Qubes4 on laptop used windows10 before?

On Wed, Feb 13, 2019 at 08:55:01PM +, zxcvw...@scryptmail.com wrote: > Hello All,I have a laptop from family that is rarely used,but with windows10 > installed on it,arguably the most infamous windows version.If I install > Qubse4.0 on this laptop, would qubes completely wipe windows10 away? 

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

On Thursday, February 14, 2019 at 3:35:27 PM UTC, unman wrote: > On Thu, Feb 14, 2019 at 03:13:50PM +0100, ashleybrown...@tutanota.com wrote: > > Hopefully one day they revert it back to how it was in 3.2. A very common > > use-case for the firewall is likely to ensure things like DNS requests do

Re: [qubes-users] qvm-copy-to-vm question

On 2/14/19 7:12 AM, unman wrote: > On Wed, Feb 13, 2019 at 08:12:42PM -0800, Todd Lasman wrote: >> On 2/13/19 3:18 PM, 'awokd' via qubes-users wrote: >>> Todd Lasman wrote on 2/13/19 1:58 AM: I'm not sure if I'm doing this correctly. O qvm-copy-to-vm destination_qube_name FILE

Re: [qubes-users] How does Qubes DNS resolving work?

On Thu, Feb 14, 2019 at 03:05:20PM +0100, ashleybrown...@tutanota.com wrote: > > The magic is in NAT rules (but I had to research this too.) See > > https://www.qubes-os.org/doc/networking > > , and "sudo iptables -t nat -L" > > in sys-firewall and

Re: [qubes-users] How does Qubes DNS resolving work?

On Thu, Feb 14, 2019 at 03:13:00PM +0100, ashleybrown...@tutanota.com wrote: > > > Hopefully one day they revert it back to how it was in 3.2. A very common > use-case for the firewall is likely to ensure things like DNS requests do not > happen through the normal means (and instead go over

Re: [qubes-users] Valid Concerns Regarding Integrity of Whonix Project

On Thu, Feb 14, 2019 at 04:29:45PM +1100, haaber wrote: > Are canaries now "illegal" in Aussi law as well ??? > > On 2/14/19 3:26 PM, teresardavida...@gmail.com wrote: > > Summary: I have reason to believe the possibility that Mig5 (the new > > SysAdmin on Whonix project) could be compelled

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

On Thu, Feb 14, 2019 at 03:13:50PM +0100, ashleybrown...@tutanota.com wrote: > Hopefully one day they revert it back to how it was in 3.2. A very common > use-case for the firewall is likely to ensure things like DNS requests do not > happen through the normal means (and instead go over

Re: [qubes-users] qvm-copy-to-vm question

On Wed, Feb 13, 2019 at 08:12:42PM -0800, Todd Lasman wrote: > > On 2/13/19 3:18 PM, 'awokd' via qubes-users wrote: > > Todd Lasman wrote on 2/13/19 1:58 AM: > > > I'm not sure if I'm doing this correctly. > > > > > > According to the usage, the syntax is: > > > qvm-copy-to-vm

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

Hopefully one day they revert it back to how it was in 3.2. A very common use-case for the firewall is likely to ensure things like DNS requests do not happen through the normal means (and instead go over something like Tor or a VPN). Unfortunately, the current config does not make it very

Re: [qubes-users] How does Qubes DNS resolving work?

Hopefully one day they revert it back to how it was in 3.2. A very common use-case for the firewall is likely to ensure things like DNS requests do not happen through the normal means (and instead go over something like Tor or a VPN). Unfortunately, the current config does not make it very

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

There is an issue that talks about the change: https://github.com/QubesOS/qubes-issues/issues/4141 They are willing to port it back to how it should be if someone does the interface to re-add those options. -- Securely sent with

Re: [qubes-users] How does Qubes DNS resolving work?

> The magic is in NAT rules (but I had to research this too.) See > https://www.qubes-os.org/doc/networking > , and "sudo iptables -t nat -L" in > sys-firewall and sys-net. I previously looked at IP tables and honestly I really do not understand it.

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

On Thursday, February 14, 2019 at 11:54:28 AM UTC, simon@gmail.com wrote: > On Thursday, February 14, 2019 at 3:54:04 AM UTC, Marek Marczykowski-Górecki > wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Wed, Feb 13, 2019 at 08:42:10AM -0800, simon.new...@gmail.com

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

On Thursday, February 14, 2019 at 3:54:04 AM UTC, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Feb 13, 2019 at 08:42:10AM -0800, simon.new...@gmail.com wrote: > > In 3, if i clicked on "block connections" in the Qubes manager firewall > >

Re: [qubes-users] How does Qubes DNS resolving work?

ashleybrown...@tutanota.com wrote on 2/14/19 6:28 AM: When I look at /etc/resolv.conf in the following VMs it says different things: 1) Normal AppVM: nameserver 10.139.1.1 nameserver 10.139.1.2 2) Sys-firewall VM: nameserver 10.139.1.1 nameserver 10.139.1.2 3) Sys-net VM: [actual

Re: [qubes-users] qvm-copy-to-vm question

Todd Lasman wrote on 2/14/19 4:12 AM: On 2/13/19 3:18 PM, 'awokd' via qubes-users wrote: From a terminal session inside the source qube, use "qvm-copy [filename]". It will then prompt for the destination qube. Ok. Thanks for the explanation. Still doesn't seem right to me, though. I think