available to the AppVM, and that is
something I would like to try to avoid.
On Friday, November 22, 2019 at 3:27:07 AM UTC+8, awokd wrote:
>
> Sphere:
>
> > However, a ram stick just died on me this week and I badly need all the
> RAM
> > that I could get. Even right
Well, I do have a problem with AppVMs completely hanging out on me on
situations where firefox demands a large amount of ram and these are such
cases:
1. Running a resource-intensive web application i.e. node.js web editors
like Wix and Weebly
2. Downloading large files from mega.nz (I think
Minikube is related to kubernetes, which isn't exactly virtualization but
rather, containerization. Those two things are different.
And you *don't* do VM in a VM, only very special circumstances allow for
such a thing
Qubes isn't exactly the best option for what you're looking for. If you're
https://discussions.citrix.com/topic/354913-error-increasing-dom0-memory-in-61/
So I am looking to reduce the max set on dom0_mem because a considerable
amount of ram is being wasted (roughly 1500 MB) and I want to use it on my
RAM heavy appvms instead
I've been searching all over the place
I see, I hope that really solves your problem cause so far on my side I was
able to try a separate qube for updating Templates and dom0
So far so good there were no problems given the fact that I ensured that the
qube responsible for being updates proxy to the Templates were resolving DNS
I'm not particularly knowledgeable about the verification process being done by
dnf on the signature of packages so the question still lies on me:
Is downloading packages from plaintext http susceptible to MITM?
Even if that is not the case, I believe we can't be for sure that there's no
I suggest giving Rufus a shot as well instead of Etcher.
Also, you may want to try running Linux mint, openSUSE, or Nitrux OS first to
see how tame your system is for Linux.
"Gaming" hardware are quite notorious for almost always having trouble running
Linux
Lastly, I highly suggest for you
If it doesn't start any applications try to change the template of sys-net
Alternatively, you can try to add more memory/ram using sys-net preferences and
see if it helps
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this
You're welcome and good luck!
In any case, I was reminded that any sort of communication between
non-interconnected qubes are not allowed. So even if both of your AppVM qubes
and sys-dns qube are connected to sys-firewall then they won't be able to
communicate with each other by default.
is bloody insecure thanks to being just plaintext and
susceptible to MITM attacks. This can be changed by modifying
/etc/yum.repos.d/fedora.repo and fedora-updates.repo
If you're interested in doing this then you can search up a thread I made about
this here in qubes-users. Just put "S
On Tuesday, July 2, 2019 at 5:37:58 AM UTC, Philip Pians wrote:
> On Tuesday, July 2, 2019 at 4:36:22 AM UTC, Chris Laprise wrote:
> > On 7/1/19 11:18 PM, Philip Pians wrote:
> > > On Tuesday, July 2, 2019 at 3:13:56 AM UTC, Philip Pians wrote:
> > >> Using instructions to create VPN appvm (with
With my experience of using DNSCrypt I actually think that Qubes' has some
unique way of handling DNS queries given how the nameservers automatically put
into /etc/resolv.conf are on a different subnet.
I actually think there must be some sort of bind or unbound being ran in there
that
About corruption and reliability of data being stored, regardless of whether or
not it is sensitive data or day to day files, is not entirely the
responsibility of the Qubes OS itself. There are many factors to consider, the
software being used, the filesystem being used, the components of the
On Thursday, June 27, 2019 at 11:44:51 AM UTC, unman wrote:
> On Wed, Jun 26, 2019 at 10:12:40PM -0700, Sphere wrote:
> > @unman: thanks for that
> > I also noticed that qubes-updates-proxy.service fails by default on startup
> > and I'm unsure if that is a minimal templa
The general idea is correct
If dom0 gets pwned then everything else can be pwned and stolen, including your
data
pwning dom0 properly and successfully however, is not trivial because dom0 has
no direct access to network hardware to communicate in the first place and
malicious actors would need
On Wednesday, June 26, 2019 at 4:34:11 PM UTC, cubit wrote:
> I am not sure if this is related to recent updates but after updating today
> and doing a reboot, my sys-firewall and other appVMs are not getting DNS
> resolving working.
>
>
>
> - sys-net (fedora30) starts up with out an issue,
@unman: thanks for that
I also noticed that qubes-updates-proxy.service fails by default on startup and
I'm unsure if that is a minimal template-only problem but I was able to fix it
thanks to it indicating that the problem is a missing folder:
/var/run/qubes-service/qubes-updates-proxy
Pretty
By all means hold your horses on asking if Qubes is vulnerable to every single
one of those lol
I used to be paranoid about Computer Security but if you ain't even gonna
bother to delve deep down from how computers work up to the way computer
applications/programs work then you should just
@unman The dom0 updates setting is set correctly and working as intended
through the VPN qube, I haven't tried browsing from the VPN qube itself but I
can definitely browse from an AppVM connected to it and I can confirm that all
the browsing being done there is tunneled through the VPN.
I'm
/etc/qubes-rpc/policy/qubes-UpdatesProxy
$type:TemplateVM $default allow,target=VPN
As soon as I execute a sudo dnf update to my template VM, it takes a little
less than a second for it to go
"Failed to synchronize cache for repo 'updates'"
"Error: Failed to synchronize cache for repo 'updates'"
Welp I guess it really won't work since there's really nothing but README.md
left within the folders for deprecated Fedora release versions. Thanks for your
reply unman!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this
I apologize for not clearing that out. Uhh, it's that just my machine in
particular or maybe at least on the internet that my machine is using, it
prefers to use the ftp.riken.jp mirror and it doesn't seem to dynamically
change.
So far so good, everything has been working nicely on my cloned
Tried things on an AppVM
turned fedora.repo and fedora-updates.repo on /etc/yum.repos.d/ into just the
following content:
[fedora]
name=Fedora
baseurl=https://download-ib01.fedoraproject.org/pub/fedora-secondary
It did execute update well somehow just that IDK why it's still probing Fedora
Hi, I checked DNS queries being made as I was updating templateVMs today and I
noticed that there is an extreme bias preference of using ftp.riken.jp which
didn't sit well with me since that would mean that it was downloading updates
in plaintext and thus, unprotected against MITM attacks.
Well for starters, Outline doesn't really use VPN but is just using proxy
technology, specifically Shadowsocks.
So using it with Qubes VPN is kinda well, just partial security? It only
affects TCP connections but not everything else so it's not really a "VPN".
--
You received this message
My bad for not indicating that. The problem is that it only downloads it and
stops exactly after that and doesn't even start installing the updates.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop
This has annoyed me for the second time and IDK what to do about it anymore.
Got a workaround for this before with sudo dnf reinstall suggested by someone
on a thread I created back then but yeah it's back after I just did a
sudo qubes-dom0-update --clean
Seems the workaround doesn't work for
I'll mark this as complete later in hopes of maybe getting a solution to the
"DNF will only download packages for the transaction".
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from
Interesting, this is the first time I am told about that
It downloaded newly released versions of kernel-qubes-vm and kernel but sadly
it's yet another annoying "DNF will only download packages for the transaction."
I got this problem too before and was worked-around with a sudo dnf reinstall
I haven't personally tried this but I am highly confident that Qubes will
definitely work on an ASRock X370 Taichi
https://www.asrock.com/mb/AMD/X370%20Taichi/
It's the motherboard out there that has aced being able to do GPU Passthrough
on a Windows Guest VM on a Linux Host so all in all it's
This one shouldn't be a problem so long as dom0 is not compromised.
Also nice that we can just block 103.206.123[.]13 and 103.206.122[.]245
Also, this thing doesn't even survive a reformat so yeah nothing much to worry
about (not unless they also aim to persist in your routers and other network
That's not a bootloop, it's simply that you are stuck at the phase where you
have to unlock the drive's encryption
If you can't get past that then maybe there's a problem with your keyboard?
Reinstall qubes and put an easy/short encryption pass first then maybe the
problem resides with your
On Tuesday, June 4, 2019 at 12:44:46 AM UTC+8, ronpunz wrote:
> On 6/3/19 12:10 PM, unman wrote:
> > On Mon, Jun 03, 2019 at 09:28:01AM +, ronpunz wrote:
> >> On 6/3/19 12:54 AM, unman wrote:
> >>> On Sun, Jun 02, 2019 at 06:24:33PM +, ronpunz wrote:
> On 6/2/19 3:11 PM, unman wrote:
Hi, I have no idea why I'm experiencing the same old problem with the new
fedora-30 templates. I was able to successfully install fedora-29-minimal when
I had the first instance of this problem so I thought that the problem may be
residing on the repositories but with this happening then maybe
Thank you very much for the timely wonderful update qubes team!
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post
I think what unman means is for you to provide the logs in text and not just
provide images to help diagnose this problem
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
On Monday, May 6, 2019 at 11:38:19 PM UTC+8, Sergio Matta wrote:
> > Does anyone know which specific packages need to be installed
>
> Try this info:
>
> https://forums.fedoraforum.org/showthread.php?317721-fedora-28-and-firefox-video(h264-youtube-gstreamer1)
Thank you very much for that
On Monday, May 6, 2019 at 12:24:12 PM UTC+8, Sphere wrote:
> I've been trying to figure this out for days but to no avail, I couldn't
> really make it work. I do my checking by visiting https://youtube.com/html5
>
> Did all sorts of searching and stuff. Some suggested in
I've been trying to figure this out for days but to no avail, I couldn't really
make it work. I do my checking by visiting https://youtube.com/html5
Did all sorts of searching and stuff. Some suggested installing vlc but
apparently it doesn't seem to exist on the repositories of qubes fedora
On Thursday, April 11, 2019 at 8:02:33 PM UTC+8, Thomas Leonard wrote:
> On Thursday, April 11, 2019 at 4:16:17 AM UTC+1, Sphere wrote:
> > @unman Thanks for the clarification. I suppose I misunderstood it wrong
> > since I thought you have to set it directly using some sort
I have been briefly reminded that technology is not some magic bullet where you
just fire and forget.
Thank you for this
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
@unman Thanks for the clarification. I suppose I misunderstood it wrong since I
thought you have to set it directly using some sort of text editor and be done
with it. So I'll have to recompile it I see, welp guess I have no choice but go
through with that haha
On Thursday, April 11, 2019 at
So I have now also boarded the mirage-firewall VM hype to replace sys-firewall
in order to take advantage of the very nice small memory consumption of just 32
MB
After searching around I literally failed to find anything that could help me
know how I'm gonna edit rules.ml in the
on-torified one) if you remove
> > the line manually?
>
> It is indeed part of updates-proxy, which I assume you have enabled in
> sys-net.
> Sphere reports the rule allowing "coming from anywhere" - if this is o
> then they must override the default - as haaber repor
So I have briefly read README.md about this and does this thing really have to
run as a PV VM and cannot be a PVH VM?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an
@haaber thank you for your response and information provided to my inquiry
Unfortunately I have already performed a full update of VMs before I discovered
this but I will check up on this through an update/install whenever I'm free
from my work in order to provide an update about this
--
You
So I was doing some security checks on a whim in my Qubes machine until I
stumbled upon discovery that my the INPUT chain of iptables in my net VM has a
rule of accepting all tcp connections to port 8082 coming from anywhere
I checked my other VMs and discovered that they didn't have this rule
@cooloutac: I'm using Qubes 4.0 right now
@American Qubist 001: I'm sorry but I beg your pardon, could you please be more
specific? An example at least of what you mean by using different syntax
Could you also specify which repos you used?
--
You received this message because you are
Thank you very much for this advisory and the hard work
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this
I also did what Chris suggested as well as the dnf clean all and the result is
all the same.
No problem with my dns for sure because I'm using dnscrypt on a pool of 19 dns
servers and I've never had problems resolving everything so far
--
You received this message because you are subscribed to
Thanks for this unman
I tried the commands you suggested and it still ended up with the very same
"Error: Unable to find a match"
I'll track that issue you raised to know when it gets fixed (Y)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To
Oh and I must say, Nvidia is a sucker for Open source
Really a huge pain to have their GPU and want to use the KDE desktop RE
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it,
On Monday, March 4, 2019 at 10:14:18 AM UTC+8, Aaron wrote:
> On Sun, Mar 3, 2019 at 3:41 PM Chris Laprise wrote:
>
> On 3/3/19 2:56 AM, Aaron wrote:
>
> > Unfortunately I don't have that option in BIOS. There is no way I can
>
> > disable Nvidia chip.
>
> >
>
> > An average user won't
I believe this is because of a vast difference of manpower and popularity
between Ubuntu and Qubes. Also taking into consideration the use-case of Qubes
when it comes to popularity.
You see, Operating systems don't really work "magically" on hardware
These operating systems need to have drivers
On Friday, March 1, 2019 at 8:38:07 PM UTC+8, unman wrote:
> On Thu, Feb 28, 2019 at 10:09:38PM -0500, Chris Laprise wrote:
> > On 2/28/19 8:30 PM, Sphere wrote:
> > > I was sure I double checked the line of code I used in dom0 terminal to
> > > get a new template which
I was sure I double checked the line of code I used in dom0 terminal to get a
new template which was
"sudo qubes-dom0-update qubes-template-debian-9"
Not sure why running this returns with the "Error: Unable to find a match"
while just changing 9 to 8 actually works
The same case happens when
On Friday, March 1, 2019 at 3:54:12 AM UTC+8, awokd wrote:
> Sphere:
> > On Thursday, February 28, 2019 at 11:57:22 AM UTC+8, awokd wrote:
> >> Sphere:
> >>
> >>> Making it seem like my sys-net has been set as the updateVM for my
> >>> fedora-
On Thursday, February 28, 2019 at 11:57:22 AM UTC+8, awokd wrote:
> Sphere:
>
> > Making it seem like my sys-net has been set as the updateVM for my
> > fedora-29 template
> >
> > I haven't tried updating my other templates yet but performing a
> >
On Wednesday, February 27, 2019 at 8:30:53 PM UTC+8, unman wrote:
> On Tue, Feb 26, 2019 at 06:54:15PM -0800, Sphere wrote:
> > It started happening just today
> > Executing sudo dnf update command on my fedora-29 template forcefully makes
> > my sys-net start
> >
>
It started happening just today
Executing sudo dnf update command on my fedora-29 template forcefully makes my
sys-net start
But thing is, I'm no longer using sys-net template as my net vm and this caused
me to triple check my settings and my update VM is showed correctly as I had
intended = a
On Monday, February 11, 2019 at 5:13:40 AM UTC+8, Marek Marczykowski-Górecki
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Sun, Feb 10, 2019 at 07:33:21PM +0100, Dupéron Georges wrote:
> > I have the same issue. I thought there weren't any new updates, but it's
> > been like
It's like this but without the errors:
https://pastebin.com/YVUFtid6
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To
I have no idea what's up with my dom0
It downloads the packages through sudo qubes-dom0-update but by Transaction
Summary after showing Total Size and Installed Size it doesn't even ask me
whether or not to continue the transaction but just says
"DNF will only download packages for the
On Tuesday, February 5, 2019 at 8:35:28 AM UTC+8, unman wrote:
> On Sun, Feb 03, 2019 at 10:16:55PM -0800, Sphere wrote:
> > So I got a new Fedora-29 template but the problem is that after assigning
> > it to sys-net/sys-firewall all it shows is something similar to what you
>
> It is not an option - it can't be disabled!
By Option I mean, an option whether or not to ride along with PSP despite the
known horror it brings.
If only I could establish my own CPU production company I would definitely
support libre hardware/libreboot/coreboot and such but sadly we are in a
On Thursday, December 13, 2018 at 9:59:27 AM UTC+8, tai...@gmx.com wrote:
> On 12/12/2018 03:56 PM wrote:
> > New to Qubes with basic Linux knowledge i installed successfully a desktop
> > system with follwing configuration:
> >
> > Qubes 4.0, CPU Ryzen 5 2400G, MB ASRock B450 Pro4, GPU Radeon
I apologize for the late reply everyone. Thank you for your all your thoughts
about this matter. I had read the responses days ago but I ended up forgetting
to respond and marking this as complete.
Your responses have added to my knowledge and ease with the Qubes OS. I am
grateful for all
Please refer to the Hardware Compatibility List if you're in no situation to go
blind or full YOLO on some hardware.
https://www.qubes-os.org/hcl/
Anything in the list that has all green(yes) on columns from HVM column to
Kernel column should be good. Disregard "unknown" of TPM Column as it
https://threatpost.com/x-org-flaw-allows-privilege-escalation-in-linux-systems/138624/
It is said that leveraging the vulnerability is possible from a remote SSH
session. Say an attacker was able to successfully gain a remote SSH session in
an untrusted VM, do you think it would be possible to
I've only been a minor part of the Qubes community and I am truly grateful that
this kind of Operating System became a reality and am proud to say that I am
using it as my daily driver. Thank you for all your contributions to the Qubes
OS and I hope you well on your new journey :)
--
You
On Wednesday, August 15, 2018 at 8:50:28 PM UTC+8, Rusty Bird wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Sphere:
> > https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/
> &
Surely you have checked that your boot sequence really starts at the HDD where
you installed qubes right? I got a case where my bios completely could not
recognize the drive where I installed my Qubes as bootable and had to do sum
stuff in the Boot sector to make it work. The same may apply to
CVE-2018-3646 in particular is alarming:
"The third flaw, CVE-2018-3646, has a CVSS Base Score of 7.1 and enables bad
actors to attack virtual machines (VM), via virtualization software and Virtual
Machine Monitors (VMMs) running on Intel processors. A malicious guest VM could
infer the values
On Wednesday, August 15, 2018 at 10:33:09 AM UTC+8, Sphere wrote:
> https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/
>
> There are other vulnerabilities disclosed along with this today and if
> possible,
https://www.bleepingcomputer.com/news/security/researchers-disclose-new-foreshadow-l1tf-vulnerabilities-affecting-intel-cpus/
There are other vulnerabilities disclosed along with this today and if
possible, I would like to confirm that as well.
On a side note, I have long disabled
On Wednesday, August 8, 2018 at 9:37:53 PM UTC+8, rex mat wrote:
> After the manual install, I can boot, but ethernet can only be configured
> from the terminal. That is still work in progress.
> You need to have an android-x86 build and check out the 7.1.2 version to
> build a cd. I found the
On Thursday, August 9, 2018 at 1:30:49 AM UTC+8, 3mp...@gmail.com wrote:
> Hi everyone,
>
> actually I'm a happy Qubes 3.2 user on Intel platform for more than a year
> now !
>
> I'm looking to upgrade my actual Skylake build with an AMD one with the new
> Ryzen Pinnacle Ridge CPU (R7 2700)
On Thursday, August 9, 2018 at 1:30:49 AM UTC+8, 3mp...@gmail.com wrote:
> Hi everyone,
>
> actually I'm a happy Qubes 3.2 user on Intel platform for more than a year
> now !
>
> I'm looking to upgrade my actual Skylake build with an AMD one with the new
> Ryzen Pinnacle Ridge CPU (R7 2700)
On Tuesday, August 14, 2018 at 4:17:31 AM UTC+8, Patrick Bouldin wrote:
> I have a goal to buy a new laptop, preconfigured with Windows, and then
> within Windows I will reallocate disk space in order to install Qubes4.0.
>
> In the past with prior versions of Qubes that has sometimes been
On Saturday, August 11, 2018 at 3:02:31 AM UTC+8, Kelly Dean wrote:
> Has anybody else used both Qubes 3.2 and 4.0 on a system with a HD, not SSD?
> Have you noticed the disk thrashing to be far worse under 4.0? I suspect it
> might have something to do with the new use of LVM combining
On Tuesday, August 14, 2018 at 7:44:18 AM UTC+8, jonbrown...@gmail.com wrote:
> New CPU backdoor has been found with code available here:
> https://github.com/xoreaxeaxeax/rosenbridge
>
> Anyone mind checking if Thinkpad 230 is affected?
Wow... things sure are going rough in the
On Tuesday, July 17, 2018 at 2:37:05 AM UTC+8, Will Dizon wrote:
> qvm-prefs fedora-281 installed_by_rpm false
>
> This worked perfectly. Was even able to remove it from the existing qube
> manager instance without reinstallation. Thanks so much!
Thank you very much for this!
--
You
On Wednesday, August 8, 2018 at 1:17:23 AM UTC+8, Patrick Schleizer wrote:
> Sphere:
> > So upon installation of Qubes I have set updating of TemplateVMs through
> > Whonix but now I'm actually stuck with it and I want to change it to
> > updating through just another
Sorry for the late reply
I installed a fresh template and what happens when I assign it to Service VMs
is that some terminal opens that's similar to what I see whenever I make a new
Standalone VM that requires a CD-ROM/ISO to install an OS.
I recently have done upgrading fedora-26 to 27 and it
So I just installed a new fedora-28 template in hopes of using it as the
template for my sys-net and sys-firewall VMs but apparently seems there's still
alot of manual configuration to do in the template before it becomes ready for
that.
Could anyone provide me with a guide to do this?
Thanks
On Saturday, August 4, 2018 at 3:01:09 PM UTC-4, John wrote:
> Just reading this. It appears Speck is a module and can be excluded, so
> hopefully nothing to worry about.
>
> https://itsfoss.com/nsas-encryption-algorithm-in-linux-kernel-is-creating-unease-in-the-community/
what a pain in the
So upon installation of Qubes I have set updating of TemplateVMs through Whonix
but now I'm actually stuck with it and I want to change it to updating through
just another AppVM.
Could anyone guide me to what commands I need to use in order to fix this? (I
actually wish this was an option in
87 matches
Mail list logo