I do not know how to help you.  I have taken a picture without removing the
geotag (authentic picture /w geotag in my own living room.  the picture
(one of many) is in my iphone but my own finger is hiding MY OWN
PASSPHRASE... I could see it 20/20..  I still have everything I used (my
own laptop), my 8gb usbstick (installer) & a 32gb usbstick.  I have removed
the tag with exiftool -gps:all -xmp:all crazy.JPG ... as I intended to
provide proof without everyone seeing where I am living .. but it shows my
finger on my passphrase... :(

1)Now my laptop (the one I have used to copy from one usb with installer to
the other) is still there "intact" ..
2) The usb installer I used I have reformated it to reinstall (because of
this bug) .. but it tested fine.  (so any media that tested fine should be
ok)
3) The usbstick that I intended to install it on (the 32gb) is still there
...

What do you need me to do ? I do not expect my authentic/original (with my
finger) in front of my password would convince you ...
Should I need to focus on recreating the same condition that produce the
bug (my own) in the first place and take an original picture without my
finger to hide this problem (using another password like what?
Than I am sure with all you superior computer skills you could authenticate
my picture as unaltered ... However, are you able to create ANY
installation ERROR ?? This would validate with your OWN EYES what I have
seen! (100% to authenticate for you)

2nd option :  I believe someone with any strong programming skills should
look carefully at the part in Qubes 4.0 rc3 where ANY ERROR in the
installation of Qubes 4.0 rc3 and the lines that created this splash screen
('report bug').  This would in my opinion be a far more SUPERIOR way to
confirm what I have seen ... (unless you are able to create your own
installation error and see it 1ST OPTION)

I could be lying as anyone could be lying. The only way for you to know for
sure is to investigate this! I cannot do this myself because I have stopped
programming a couple of years ago and my skills are too "limited" to review
the code...


3rd option : (try recreating my bug on your/any system to see it for
yourself)
As far as my intuition goes.. the bug happened several times (still the
same report to Qubes where I could see my drive PASSWORD ) .. my 8gb tested
100%
my system is a dell laptop (but that should not have created the problem)
I try to install from my 8gb 100%tested media to my 32gb usbstick (sandisk
32gb).  My 32gb sandisk was full.  I have numerous pictures because I
intended to create a step by step guide to help my friend install Qubes.

3rd option (my technical date) I can see on another picture Local Standard
Data : 28.64gb SanDisk Ultra Fit sdb / 0 B free
I have another picture with the content of this usb stick (partition) :
Unknown Iso9660 sdb

I tried to automatically configure partitioning.
I do not have a picture of this but I remember there was a problem.  So, I
switched to "I will configure partitioning" (this is where I have a picture
of this Iso9660 which I do not even know what it is .. :(

Then I remember and have a picture of trying to press the "-" button after
clicking on this strange partition on my Sandisk 32gb usbstick

I know I had problem because I have a picture of showing "Click here to
create them automatically"  but it never worked
then this splash screen appeared to report this unknown error.  ( I have a
picture but my finger is hiding the proof itself!)

I do not know a lot about computer but I have a 20/20 vision.  I tried to
read everything so I could understand howto fix it ... then I saw my own
PASSWORD after the autopart --encrypted --passphrase (as described)

You would need to provide me guidance .. however, this is the best I can
do.  Are you able to create a "full usbstick" like mine with this type of
partition (Iso9660) ?? Perhaps if you try to do as I did, you will have the
same result and this would be 100% proof.

Sorry, my computer skills themselves are too low to be able to know where
in the code is hidden the report bug of the install in the code itself..
However, with the information I have provided .. I can tell you that I do
not have the skills to even know how the programmers themselves programmed
this report !

If you provide me with simple step and simple questions to try to recreate
what I did, I will answer them as well as I can but there is no way to
check the code for myself because even if I were to see it I would not know
what I would be looking at .. Sorry :(

I hope this is enough so you can try to "FORCE" a error and see this
MEGA-HUGE flaw with your own eyes.  This way, you would believe it without
having to rely on "untrusted" data on a qubes-users google group.

Have a nice day.  I need to get some sleep but I try to answer you if you
have any question (please explain everything if you need something too
technical from me to make your own experiment!)

p-s my sata was disabled on my laptop so I could only see my usbstick (I do
not know if this will help you or not)










On Tue, Nov 28, 2017 at 7:48 PM, [799] <one7tw...@protonmail.com> wrote:

> Hello,
>
> -------- Original-Nachricht --------
> An 29. Nov. 2017, 00:48, schrieb:
> Sorry but I almost fainted ! (I even took a picture ! I could not believe
> this MEGA-HUGE security flaw right in front of my eyes )
> (...)
> Sorry, you are supposed to be good and security expert but you are asking
> me (THE dumb USER) to report MY OWN PASSPHRASE AS A STRING to help you??
> (...)
> ----------
>
> Honestly I can't believe that this is true, until you prove this, which
> might be hard, as even a picture can be simple "ASCII Art".
>
> If you are correct, this would of course mean that Qubes OS can't be
> trusted.
> There should never be the option that a passphrase will be shown
> unencrypted.
>
> Even worse including this passphrase in an error report which gets saved
> or transferred to a 3rd party (even if it the Qubes Team) is an absolute
> no-go.
>
> As mentioned, I don't believe this.
>
> Can you provide more guidance what you have done and what hardware you are
> using, so that someone can verify this problem, if it is reproducable?
>
> Please also include all hardware specs, so that can also take this in
> account.
>
> If you are right and if Qubes is Open Source the source code should be
> analyzed to find this "hidden feature".
>
> But as mentioned, I think this is BS.
>
> [799]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CADH6qjwH9C_NCAwGJxLdGWEYqB1m8eJb1CxGeGtn55M1dZ0QrQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to