I am surprised that there is no way to disable ipv6 on Debian template.
I reinstalled first the template using documentation https://www.qubes-os.org/doc/reinstall-template/
Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I did reboot the Template but it didn't change the outcome, I still had ipv6 ports opened using "netstat -antp"
I even added "sudo ip6tables -P INPUT DROP" in "/rw/config/rc.local", but I still got those distant servers listening when I check using commands like "sudo lsof -i6" or "netstat -antp" on my Debian Template.
What is rpcbind, avahi-dae and why you got this ipv6 bound to systemd on PID 1 ? Looks suspicious, I thought Ipv6 was disabled by default on Qubes.
Regards
Thank you guys for your help, but unfortunately I don't think there is a way to get rid of this process listening on tcp6 on init (systemd... d standing here for distant...). It is listed as 1 on PID, I don't think you can't remove it, it is a main process. So I am not interested in using Qubes anymore because I disapprove those bad policies on respect of privacy.
I don't want data to travel from my main template to Qubes servers without my consent and I don't like the fact someone might monitor what I am doing with my Debian template through ipv6. Really disappointing.
Tbh at first I liked the fact that Qubes doesn't allow to be installed inside another OS, it looked like a nice security feature, but now that I can't clear completely my hard disk from Qubes hard drive protection, this is really annoying as I can't reinstall another OS
on my hard drive.
Any help on how to uninstall completely Qubes by removing the hard drive protection would be appreciated. I didn't find a way to do it in documentation.
Regards
On Sunday, September 25, 2016 at 1:46:13 PM UTC, nishi...@gmail.com wrote:
> I am surprised that there is no way to disable ipv6 on Debian template.
I'm not going to download the Debian template to prove a point but I'm fairly confident you can disable IPv6. I have disabled IPv6 on both Whonix-Gateway and Whonix-Workstation, which are both based on Debian 8.
On Monday, September 26, 2016 at 8:21:54 PM UTC, nishi...@gmail.com wrote:
> Thank you guys for your help, but unfortunately I don't think there is a way to get rid of this process listening on tcp6 on init (systemd... d standing here for distant...). It is listed as 1 on PID, I don't think you can't remove it, it is a main process.
I don't know what process you're referring to. I don't see this process on either of my Whonix Templates or my Fedora-minimal template. Maybe a Debian user can comment? (AFAIK the "d" in systemd refers to daemon.)
>So I am not interested in using Qubes anymore because I disapprove those bad policies on respect of privacy.
> I don't want data to travel from my main template to Qubes servers without my consent and I don't like the fact someone might monitor what I am doing with my Debian template through ipv6. Really disappointing.
What traffic is going to Qubes servers? Are you running pcap? You can disable the Qubes repository if you're referring to updates.
> Tbh at first I liked the fact that Qubes doesn't allow to be installed inside another OS, it looked like a nice security feature, but now that I can't clear completely my hard disk from Qubes hard drive protection, this is really annoying as I can't reinstall another OS
> on my hard drive.
>
> Any help on how to uninstall completely Qubes by removing the hard drive protection would be appreciated. I didn't find a way to do it in documentation.
>
> Regards
What hard drive protection are you referring to? There's nothing Qubes can do to stop you from overwriting the partition tables. Any OS installer will gladly write all over a Qubes installation.
Really ? No one to find also suspicious a wild init/1 tcp6 port listening on your templateVM, right out of the box ? This got to be real.
I am still interested in your solutions to quit Qubes OS and have another OS being able to run on my USB key and be installed, if you don't mind.
I am answering you on my phone just because it seems my old Qubes deleted partition doesn't like very much my USB key to runs over it, for some reason. And this is pissing me off.
So let me rephrase : how do you completely remove Qubes OS from your hard drive so that eventually it might still accept another OS install ? Fuck this shit.
Btw on any decent OS you can clear your own partitions on installation window and refresh your own disk without installing the OS. On Qubes you can't. You are supposed to run the install to do so. And it seems the install fucks your hardware next -.-
But if you want to talk about what Qubes provides, I have my opinion on the subject : Qubes greatest innovation is kinda making business of privacy rights, you can either consider it as a very offensive hacking tool platform, a Kali Linux best ally, a weapon which imo can do more harm than good, either a noob trap. That's obviously not the way I want the Internet to evolve, if you don't mind. As if posting here with this very friendly PRISM data collection provided by Google would make Qubes community trustworthy. What a joke.
If M. Snowden would have used Qubes instead of Tails to make his revelations to everyone about global surveillance, he would probably be in jail right now. I guess vast majority of folks shocked about what his revelations showed would be really unhappy about that.
So for people really considering privacy rights in an opened and a good manner way, you have Tails, and when it's time to discuss about security by default on a fresh new system, you have OpenBSD. Rest is just business and making profits under a license you currently don't own. Richard Stallman would be proud.
Also when you can read on the Whonix FAQ https://www.whonix.org/wiki/FAQ#Why_aren.27t_you_using_OpenBSD.2C_it.27s_the_most_secure_OS_ever.21.21.211.21 this very arrogant statement "There is now Qubes OS, OpenBSD lacks such innovative security improvements, which claims.", you got another big joke right there.
What makes the Internet still a little bit secured right now is coming directly from MIT and Unixmen that developed OpenSSH. I guess showing more respect for an OS that has been compromised like 2 times in 20 years and which policies are what the Internet world needs might help. But yeah, you can think of the Internet as a battleground, I don't really mind, it's not the way I see it.
You have people concerned about building inoffensive fortresses or shields, to make sure Internet stays what it was at the very beginning (a space to provide educational content, to share ideas in a peaceful way) and you have people that use it as if it was a weapon. What a shame. So long Qubes.
You have to change kernel parameters a diff way I believe. try this method from whonix instructions. https://www.whonix.org/wiki/Qubes/Install
to list the parameters use qvm-prefs -l debian-8 kernelopts
To change them do qvm-prefs -s debian-8 kernelopts "nopat ipv6.disable=1"
Then restart template and vms.
I pointed out how to change the parameters. You do the command from dom0 for the template you want ipv6 disabled. Basically The same method whonix instructs on how to install apparmor on debian template. This is how I disable ipv6.
you can verify this from a terminal in one of the proxies or vms based on that template with lsof or netstat and see no more ipv6 connections.
Could a Qubes developer pay attention on this ticket, please ?
I can't reinstall any other OS than Qubes on my HDD. When I put in a USB key, it doesn't boot on it, it switches directly to the GRUB menu.
I am sure at 100% it comes from some sort of disk protection that Qubes put on my disk. I am also sure that those USB keys would work on any other HDDs, as they are properly burnt.
I tried to reinstall Qubes without disk encryption. It didn't change the outcome.
How do I remove this disk block so I can use USB keys to install another OS than Qubes ?
If you wanna make hostages, then say it on your web page because right now my disk is unusable and it's Qubes responsibility at 100%.
I'll wait here until someone tells me how to completely erase Qubes from my disk (USB PROTECTION INCLUDED) so that EVENTUALLY I could switch to another OS and FUCKING MOVE ON, FOR GOD'S SAKE.
I thought you were asking how to disable ipv6. I don't know much about usb keys, I doubt qubes locked your pc, check in bios maybe? Maybe someone else can chime in.
I won't wait another week with my HDD disabled by this OS.
Come on, please, why would someone doubt on something that is so obvious ? I used 3 different USB keys and different iso images. Every USB keys fails on booting while isos have been properly burnt to USBs on a fresh new install. Can't install any other OS, my hard drive is locked. This is so disgusting.
Some explanations on how to completely erase Qubes OS and his disk USB protection out of your hard disk would be really helpful, as I can't use currently my computer..
How are you ? Thank you for your time, I appreciate your help. I don't know if I went full paranoid mode but I just wanted to apologize having been so aggressive. It's not the way I behave myself in real, I am really the opposite kind, being sensitive and trying to stay polite with people. I clearly failed there so I just wanted to let you know that I truly respect Qubes development team and that I am sorry having letting myself ending up being nasty...
What bothers me is that I really love the American culture and I don't understand why on the political part NSA is making a war nowadays on the entire world on privacy rights. Well, as anyone I have been really shocked by 9/11 terrorist attacks. Even though I understand the US politics reacted because they have been hurt on a power symbol, I really want these paranoid policies by NSA against every privacy rights of citizen to end. Human dignity is based on privacy respect. I can tell you about it, I lost a huge part of my dignity in psychiatry, going there for wrong reasons (got fascists perverts in my family).
And I mean, who doesn't love the US ? If I had to move to a desert island and only take 5 of my favorite movies ever, I would probably take 3 American one's : "Mulholland Drive", "Forrest Gump" and "Changeling". What's fascinating is that all those 3 outstanding movies express in a very different way the same universal feeling : love. I feel so grateful to the US when I watch them because actually my life sucks, got no friends, no family left. I feel like receiving a bit of love I missed. Well, all that being said, thank you for your support. I'll try your solutions when I'll wake up :)
I thought I was betrayed. I have been betrayed a lot by relatives but that doesn't mean I'm supposed to react like a dumbass and think of conspiracy if I got one port listening... Sadly my imagination went crazy mode. I guess you can call it a defense mechanism, but nevertheless, I am sorry about that.
My boot problem is in fact related to "sudo dd if=/file.iso of=/dev/sdX" ends up burning a UDF partition that refuses to boot. I tried your advices except the ArchLinux one, but I guess I just have to keep trying. Also I read somewhere I need to enter "bs=512" to burn more little fragments than the original size to avoid boot problem with UDF. This might fix my issue, I will try tomorrow.
Fun part is that I want to go back to Windows only very briefly, to install my mouse drivers and fix its sensitivity being too fast, as Linux drivers are really painful to install for this model (I did it on Debian, it took me a lot of efforts to make it work).
Then I think I will probably join back in the future Qubes, as indeed it is a very innovative OS. It's just I am interested on trying BSD systems. I found a great guide to learn Korn shell scripting, watched all videos https://m.youtube.com/playlist?list=PLCAFDE9B81B30388E
It was very interesting and very well made, allows you to understand better how command line work and the logics behind programs !
In fact I just want to learn to use a different Unix-based system than Linux and try there what I have learnt on this great tutorial. It's easier when your mouse isn't on steroids ^^
fedora is the default man. but its easy to disable on debian and all the other processes. I understand your assumption though, its common sense.
I personally use fedora as my default sys-net and firewall still for those reasons as well.
But right now as I don't want either to go back to my old crappy mouse, either to continue with this high DPI uncontrollable skating mouse, unfortunately I am completely locked. Since ~10 days :(
This is really strange I never encountered problems on Qubes by the past to use the "dd" command to burn an iso. I tried to add "bs=512" but I still can't boot on my USB, so that I could install those mouse drivers to lower down DPI, then uninstall Windows and continue on my way to try a BSD Unix system..
I don't understand what you mean. Did you try the system settings, and mouse settings from the start menu?
Problem is driver from manufacturer to Linux users is really bad as ofc they don't sell it for that usage. So unless someone would know how to properly burn a udf USB iso, I guess I'll have to reinstall baremetal Debian and take an afternoon to compile sources and make it work, once again...
if it works in a baremetal debian, it should work in a debian based sys-usb.