Re: [qubes-users] XScreenSaver for dom0 pops up
On Thu, Nov 3, 2016 at 12:50 AM, Andrew David Wongwrote: > So, the fact that you're allowed to see your screen content from yesterday > doesn't constitute any violation of the security model. You're still the same > trusted user as you were yesterday. (If I've misunderstood your concern, > please let me know.) This is concerning from the perspective of one who expects a lock screen to protect the confidentiality of your activities from untrusted people who may temporarily have limited access to your machine while it is locked. But perhaps more seriously, if I understand the report correctly, this also suggests to me the potential existence of some code path which renders stale content from untrusted appvms in a full-screen undecorated context? If that is true, and if it is reliably triggerable from an appvm, then this would be a useful tool for one attempting to trick a user with fake UI. This is purely theoretical, and standard mitigations apply as normal (e.g. trusted window-manager actions to differentiate true windows) but this still does cause some concern. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_Bnez%3DCfW78d%2BDpASduCNQ3APrXP-b_D%2BMVii42tSUOfA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Your Battery is syping on you...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-02 15:46, Marek Marczykowski-Górecki wrote: > On Wed, Nov 02, 2016 at 02:49:23PM -0700, '109384'019834'09128'340932189 > wrote: >> Hello, > >> in Q the Firefox battery fingerprinting is enabled. > >> https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ > >> Manual you might disable it: > >> 1. start Firefox >> 2. open the URL about:config >> 3. scroll down to dom.battery.enabled and disable this feature > >> It would be nice if the DispVM has running a Firefox, which don't support >> the fingerprinting (or even better, a real secure-browser...) > > Whatever Firefox provides there, it has no access to actual (hardware) > battery information. > Furthermore, you should *not* expect privacy when using vanilla Firefox, even in a DispVM. For that, you should use Whonix. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYGsLrAAoJENtN07w5UDAw2t0QAMBA3lgsCzRlMaCjXIE2b6wN kVG5ILojLp82bRMTf54PL5608CutuZ09EWkZJRx2H74Q46xj3U2SaOK3DXPqVH1w YYBdkw7pE9wvzi8ixONO3iS44IX/MR6s8e9IQZ7YvQHNXz+KSHgt4QqUVzpy9Mj5 P7Lqkk1tk020DGFee/rwZHxUQFbMmlWh2QvwOTdKdDHjBxe4MQRC42RGj2FuF1u+ V9kKE2Tt61/roCNbRJVQigb1/wW8fl5DXr12MPZb5ov3i1HG6AMXGOh7GaXWmb/J 5BmiWmjsY0ysq2+1hVeKXN5OWrrHCOCF5fxjBsuiSbQNLJBc2vuEj+L/b3FkZYm2 6uWe8WXZ14PzqygfiOS2p+REhx9KT6YT2fbME09P7PWuWaxZfxLeU+iEi3/N3tnc RlyEoOfogP/bOQGYTnK/+MAvuNbqbRUd23lrGiVtNE1oHiVddj+BrT1NRl2JVWEs icJorJjMCVkeKnIyaA1SJ2o636Mvxo9bqBTsgUvXRMLfRQH2MgWo/ebnLX7EVLvV /9JsHuM/pdj3XLR6zew3AZbq85r0S8ICwwgLAok8zFMbT9+eT2vAHmQUDRwkyjCP KzWLSN/VZ4g5Yo+1iJMupfX0Qnydc1CR25nRqEv229JBEO/EOTqWcZVemnfsuNRw In2pOaLu1M7M7u62n0P3 =LPBb -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7aab3e6e-516f-bf54-97f0-298cf894e7e7%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] XScreenSaver for dom0 pops up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-11-02 08:56, John Maher wrote: > On Thursday, October 27, 2016 at 12:42:18 AM UTC-4, Andrew David Wong wrote: > On 2016-10-26 15:53, Gaijin wrote: On 2016-10-26 13:38, John Maher wrote: > On Wednesday, October 26, 2016 at 9:05:48 AM UTC-4, Gaijin wrote: >> On 2016-10-26 12:43, John Maher wrote: >>> I'm getting the strangest thing on my screen. I'll be working and the >>> XScreenSaver dialog pops up (indicating the screen is locked) and the >>> screen goes black. However, the screen is not locked. I have to move a >>> window around to redraw my screen. This has always happened since I >>> started using Qubes about 3 weeks ago. There appears to be no pattern >>> that prompts this response. Bizarre! Any thoughts? >>> >>> Thanks. >>> >>> John >> >> Yeah. I had the same thing happen when I upgraded to R3.2 as well. I >> asked the same thing but nobody replied. >> https://groups.google.com/forum/#!topic/qubes-users/xjHi2TcYBAQ >> >> It still happens from time to time. Seems to happen less if I have a lot >> of free memory. Closing down some memory hungry AppVMs seems to lessen >> it, but I haven't been able to specifically replicate it. > > Interesting, because I think I have more than enough memory (32 GB). > Thanks. I've got 16GB myself. It's not that the memory is full, but it seems to happen more when I have a lot of VMs open in one desktop. That may just be a coincidence though. I'm glad to see it wasn't just me though. I never had this happen with earlier versions of Qubes on the same hardware. Not sure if it might be the XFCE or a video driver issue. (I've never installed the nVidia drivers.) > > Thank you both for reporting this. Gaijin, I'm sorry I missed your thread. > > Just to confirm: Are you both using Xfce4? > > Tracking the issue here: > > https://github.com/QubesOS/qubes-issues/issues/2399 > > > Sorry for the delay in responding. I used the default install for 3.2. > > I also just noticed that it appears that memory is not being purged when apps > are closed. Today when I "woke up" the screen from one of these odd screen > saver like issues, it very briefly displayed a browser window with a site I > was on yesterday. I looked carefully and confirmed that I did not actually > have that window open on my system. It's as if something from yesterday's > memory was sent to the screen and then closed. Rather disconcerting. > > John > I don't think that should necessarily be disconcerting. The Qubes security model does not include or rely upon purging memory at any particular time interval. It assumes that you, the authentic single user, should be the only one with access to dom0's screen content. So, the fact that you're allowed to see your screen content from yesterday doesn't constitute any violation of the security model. You're still the same trusted user as you were yesterday. (If I've misunderstood your concern, please let me know.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYGsH3AAoJENtN07w5UDAwKtIP/2vblyc4Rf9uwU3M+WGv2K7V T7VoTDfGjB8XWyX6LZW/TrtameFmAj/Rb0bINOrIWpkrP9RdNUm+0/BR10NkcLul FqaxMOcl2u2Tk775VjYtC+Z7y1ycJDQjaMvtqrdDQkeGhMumzcDOHD9RufTFSIRm 8ke7GxfMQBH7R0DJ5E26B7HZJg73k1RKFT5BbpmKrfHxBBEaJTUALeNFZnp2ekl+ HrRV4u8+T/Tbwzha5e/iTvJEVTMcMxzD4uziaN+TfiK2Iwp40w0W8IdmRjPzdkLI +PDhAfjpQCEcZIPT/V+u6GsMhUDJo5ABPs/as17YY4b8VMwm9F7/J2Oo6nfwl/Rh gOnwVLFQKUtq3iaNbORDzAjBSEny6wYKlfvpL3IWGAHhH0mbP5j1ivSJoF+navuD qPMvMyAuhFh7hSsTPJ0CTMrDZYTGVlSryLrvXUwl5Lf6zplXRxO6uGu3ruUnepxR 9izVXApPBv/Cc41G3wrCUGN3deE1OpzNSxhQS+NK4B3kJSGAm4+Zi/F/B8yiR6Lt L/DiLI04X1LZ/XW+ZrKKiQbqVKAzeDqkDPW1D4POEckQnEfPqMcc32LzQVf6ORvX Xzjn+UhUcdTzINAuISwYeBdvBTk6Wk80T80nChZJdnSdWi6klvbcof96UNdD3sja swBLAb3aU4hobRxFAcL7 =Fv0E -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c29437d-e257-e0a1-7c24-13fb8e5f5dac%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Lenovo x260
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d7227afc-3a56-492d-bce8-01f9fdf1d643%40googlegroups.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-20F6CTO1WW-20161102-203013.yml Description: Binary data
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
On 11/02/2016 01:38 PM, mara.kuens...@gmail.com wrote: And that's why you can use many appVMs in the first place. You share the But that is not the point. First of all, unless your life depends on it, it will be very unlikely that you are actually paying enough attention to where you use which identity. On this point, the fact that you are entering your username+password on the website (because the "wrong" VM you're using doesn't have that cookie/ID on file) should be a strong cue that you may be in the wrong VM. Plus, Qubes is constantly displaying the VM name at the top of the window... you should be checking it whenever you start a new activity. OTOH, robust whitelisting (taking third-party sites into account) in general would be a nice feature to have. But I'm thinking this needs to be a browser-level feature, not OS-level, because the problem is mostly specific to web browsing. Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/18bae3eb-1839-0454-5c44-cc83a8bfced7%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Your Battery is syping on you...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 02, 2016 at 02:49:23PM -0700, '109384'019834'09128'340932189 wrote: > Hello, > > in Q the Firefox battery fingerprinting is enabled. > > https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ > > Manual you might disable it: > > 1. start Firefox > 2. open the URL about:config > 3. scroll down to dom.battery.enabled and disable this feature > > It would be nice if the DispVM has running a Firefox, which don't support the > fingerprinting (or even better, a real secure-browser...) Whatever Firefox provides there, it has no access to actual (hardware) battery information. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYGmzEAAoJENuP0xzK19csDN4H+QG4jQFTZ5wYQR1o0Cx3mQOl ffntx7o5ak4to29M476mLz3OxK8cNmtb9S9ZjfPN8lQ8XY5f5wILdFXkTCmoyJND hPAjCLhARdCHtJ4Q5a0ulSkzZ1k0X/89Mmbk8YgVl11PDod/Q3D0whDu2Mqlofgj ++m40KV+ju2E+LmHkwtR4abC5G9kPq8+8nvnxCsD0PdPhTdBCeb0cpRNZCg9LYCR FTLIAeZYZhBrlmuk7DKK9TbMeaZEBUmbJlBg87EHSFlkd7G+LhXoBxBruRHeMaVI Og9ecbny7w8nkZBfgI7qY+mbZlrjEaUols7/xyvm+XIB1LBEiEyi7Bvp7FJXQnw= =MfmD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161102224625.GT7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Your Battery is syping on you...
Hello, in Q the Firefox battery fingerprinting is enabled. https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/ Manual you might disable it: 1. start Firefox 2. open the URL about:config 3. scroll down to dom.battery.enabled and disable this feature It would be nice if the DispVM has running a Firefox, which don't support the fingerprinting (or even better, a real secure-browser...) Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3fd3757b-10bc-4d50-aa83-eedf1f95c2ee%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine start program via nautilus/filemanager?
Hello, yes it works, I must just install nautilus: sudo apt-get update sudo apt-get install nautilus-open-terminal nautilus I can move to .wine/Program Files and execute the *.exe via the right Mouse context menu. Can I show the Windows Icons on the Q-Desktop, so I can launch the Windows Apps more seamlessly like on a windows desktop? Great would be, if all the windows icons are collected inside one of the 4 Linux Dektop Screens (so the Linux don't looks to much messed up). Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d182ba06-581e-4af5-abb6-72f10e45589c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Wine start program via nautilus/filemanager?
Hello, yes it works, I must just install nautilus: sudo apt-get update sudo apt-get install nautilus-open-terminal nautilus I can move to .wine/Program Files and execute the *.exe via the right Mouse context menu. Can I show the Windows Icons on the Q-Desktop, so I can launch the Windows Apps more seamlessly like on a windows desktop? Great would be, if all the windows icons are collected inside one of the 4 Linux Dektop Screens (so the Linux don't looks to much messed up). Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8be8d841-94d5-4339-a40c-572a01d3f544%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] D8 Wine Kleopatra?
On 11/02/2016 07:03 PM, 08173'204918'023948'1092438098 wrote: > I could install Kleopatra, but it will not start. `sudo dnf install kleopatra` should work without wine. Kind Regards, Torsten -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/df24294c-267a-0ad2-8f55-2d832d59647d%40grobox.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] D8 Wine Kleopatra?
Hello, to generate some certificates Kleopatra (e.g. a Frontend for GPG, S/MIME certificates) has a much better usability than the OpenSSL command line toolkit. Under Knoppix Kleopatra is running fine... How can I install and run Kleopatra with Wine inside a D8 VM? https://www.gpg4win.org/get-gpg4win.html I could install Kleopatra, but it will not start. What must I do? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f11cfd51-8fcc-43a4-99f7-a34e2701e418%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Mouse Wheel crashes the Screens...
Looks similar ... https://groups.google.com/forum/#!topic/qubes-users/X8olk-wSlxM -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f5c6e171-ff74-4803-91f7-d90ba1ad30c8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Mouse Wheel crashes the Screens...
Hello, I have 2 HD TFT under Q32 and if I touch the mouse-wheel many parts of the screen turn black. Sometimes it looks like the logon-screen, if Q is in the sleep modus. If I move the wheel on different black parts of the screen, that the screens wake up again. And I always must do it on both screens. The mouse is just a very old wired one, nothing high tech... How I can switch off this disturbing feature? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e3e25398-c2c5-4202-9702-ee5e8e76ec02%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Wine start program via nautilus/filemanager?
Hello, I installed wine in a D8 VM... sudo dpkg --add-architecture i386 sudo apt-get update sudo apt-get install wine32 dom0 sudo qvm-sync-appmenus vmname cd /notetab I can start NotTab7 via: wine NoteTab.exe Here with this Wine-Tutorial it is shown that normally I can start some *.exe just via a right mouse click, start with wine, inside nautilus. https://www.linux.com/learn/how-install-and-use-wine-run-windows-applications-linux What I must do, that it works also inside a QVM? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d0d9827-02bb-45c9-8361-792d4da76cfd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
> Does your proposal really harden agains a real threat, or is it > something that should be done only because it could be done? > > Btw, thank you for taking the time to write us your proposal and > replying to our e-mails. Well honestly "proposal" is probably too much credit for the time I spent on it so far and I mainly wanted to probe for the idea more. I think I am going to write a true proposal that can actually be reviewed and your input definitely helps to guide that effort, which is also why I asked that question in the first place. And I am not actually sure I will address a threat model, since it doesn't really do more than you can do manually. It is really more about regaining the convenience while maximizing the additional privacy and security Qubes OS technically provides, you see... But I agree that it is required to be much more specific and clear but I can't do that so quickly in a mail, so I will take this conversation and address the issues raised in a more structured manner ^^. Thanks & Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c300108-99c2-46db-b68d-981ce97cea1b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
On 11/02/2016 06:38 PM, mara.kuens...@gmail.com wrote: > [...] >> to one another (i.e. amazon does not ask facebook for your info, >> nor does this happen the other way around) > > Um, that is a bold statement, do you have any data to back that up? > Maybe Amazon indeed doesn't talk to Facebook (yet), but no one is > stopping them either. Facebook definitely has an interest to read > your Amazon visits because this way they can link your true identity > to your fake profile... for instance. And that's exactly why they spam their single-sign-on solution everywhere, and that's why I don't like to use it. Otherwise, beyond compromising each and every client computer, I don't see how a big-ass-company could pose the threat you try to shield against. > [..let's skip the branded identity thing..] >> TL;DR: first, do you really actually need to separate each and >> every identity you use? second, once you realize that many >> identities can co-exist (and indeed, sometimes you would like this >> to happen) do you > > What do you mean by "co-exist"? If I use them at the same time in the > same browser/VM I might as well just use one single identity because > there is no way to know if either of them wasn't compromised or > linked in ways I didn't want. I don't see how identities can co-exist > (I am also not talking about sign-in data, I am talking about fake > "me"'s, fake people so to speak who consume services to protect the > real identity; I simply see no use case of why you ever want to share > identities within the same AppVM or browser/site). Still, your threat model has not been fully described. Let me clarify: you are saying "there may exist a site which, compromising my AppVM, gains intelligence on my identity on other sites". Which is a nice assumption, and as me and Simon said, is exactly the meaning of AppVMs: isolating failure. If I'm using a "dangerous" site or clicking a "dangerous" link, I'd better use a different AppVM to make sure that any malware infections I may encounter don't steal any sensitive data. But then you propose to go full-nuclear on this threat model, arguing that "every appvm is compromised" and "every website is malicious", which I think are a little stretched tinfoil-hat assumptions. While your proposal can technically be done, this does not automatically create neither a threat model that fits the defense nor a compelling reason to implement that. Somebody, earlier this year, suggested to encrypt the image file of the virtual hard disks of any AppVM; while this can technically be done, he failed to provide a sound threat model this proposal would shield against, because dom0 cannot be "telepiloted" into doing anything, lacking networking, and having a standalone agent that does that many things, with all the possible variables, is really really hard (and then you have the cheaper thermorectal cryptanalysis). He did not account for increased slowdown, which can already be felt with many AppVMs open without single-machine encryption, and ultimately his proposal did not gain traction. I'd like you to reconsider your submission, better describing the threat model you have in mind, so we (casual readers) can better understand why we should sponsor your proposal. Last, reading your answer to Simon's e-mail, I feel that a reasonable incarnation for your threat model could be aggressive online advertising; and I'm sorry to inform you that your proposal would not protect against that, unless one uses a different TOR circuit for each "dom0 browser tab", since big ad networks already track users without any assumptions on the client, but by approximate ip geolocation, time fingerprinting (both latency and time-of-day), and other techniques that don't necessarily rely on client cooperation. Does your proposal really harden agains a real threat, or is it something that should be done only because it could be done? Btw, thank you for taking the time to write us your proposal and replying to our e-mails. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5398b074-1ad6-f7da-636c-c6510b2a132c%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 02, 2016 at 05:55:37PM +0100, Zrubi wrote: > On 10/28/2016 01:19 PM, Zrubi wrote: > > On 09/03/2016 12:49 AM, Connor Page wrote: > >> I have calibrated my yellow screen using argyllcms. > >> I don't attach usb devices to dom0 so installed it in sys-usb as well. > >> used > >> https://encrypted.pcode.nl/blog/2013/11/24/display-color-profiling-on-linux/ > >> as a rough guide. > >> to get the calibration done you just need to run dispcal and then transfer > >> the calibration file to dom0. > >> then test it with "dispwin xxx.cal" in dom0. if happy, create an autostart > >> item with that command (probably, > >> using the full path to the calibration file) and you're done. > > > > I just started to experiment with display color correction things. > > > > I wonder how it is workig in Qubes because as far as i know: > > > > - the display profile is used only the programs are aware of icc profiles. > > > > - the X server runs in dom0, the apps are in AppVMs - but no > > communication about display prifiles (colord) because of the qubes gui > > protocol. > > > > @Marek: > Do you have any idea what to look for in order to be able to calibrate > my screen under Qubes? I have no idea how such software works... Especially at which stage calibration is applied. Is it something that application does "internally", or adjust display driver options? > What I already tried: > > - the standard gnome color management tools runned in (sys-usb) > But it is complaining that there is no display to calibrate. > > running the same calibration software directly complains about there is > no colord available (masked) Try unmasking colord (systemctl unmask should do). > (gcm-calibrate:1459): Gcm-WARNING **: failed to connect to colord: Error > calling StartServiceByName for org.freedesktop.ColorManager: > GDBus.Error:org.freedesktop.systemd1.UnitMasked: Unit colord.service is > masked. > > > > - diplayCal is happy with the dummy display seen by the AppVM, and do > not depend on colord - but it fails on some X calls(?) > > Debug: window wxComboBox(0x561c58c3a230, ) lost focus even though it > didn't have it > X Error of failed request: BadMatch (invalid parameter attributes) > Major opcode of failed request: 42 (X_SetInputFocus) Strange... > Or I should connect the calibration device to dom0 and start the > calibration from dom0? > (Also noted that there is no colord running, so I may have to apply the > profile viea diplaycal cli) > > > Thanks. > > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYGjA2AAoJENuP0xzK19csta0H/3gzSmBCwRg/XRsUl+R0LDLU 0BA9pOHVDYzVL4pcSeqkmV3fr1WghRaBM6x6qQ/YjNDD3UJTCqg0RlKgBg6Rb1Z2 8GKQIb8ydwH6CbFOaHjzESx7ltE3yQ/E6X2v9EgZj4XDIDA0qLRFl4M+h7TWk/Kh e5wup2M6R7o3jPofMlZJi2F8uIp5W3wMGZWBE+4ImLWKjmXrTNNh1u4/eOOHfi3K j3rkvqyzPmXs1j9LttHoizm2rDljKOYFe5Yj976WmXwA441ZdJFb57APWnruLRh1 Z1dJ/fKuwcmUW/Ch1cZqgIA57bv7dkcrByUUk/1bcvWBRM8OzNRx4WISQ//NyVw= =8E8F -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161102182803.GQ7073%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
Hi Simon, > several AppVMs, each one dedicated to a different activity, or as I > prefer to refer it myself: to different sensitivity levels. See my reply to Alex, maybe that explains why this is exactly what I was talking about ;). > - You may have a dedicated Firefox instance still having the infamous > Flash plugin installed when you need to access some websites requiring Yes but this could and would be all included in this dom0 browser interface. > - Use (X)KeePass in a separated, isolated and dedicated AppVM. I suggest > you to create a "Web" or "Firefox" group, and then create a different I am using UNIX pass, but it has the same flaw. If you copy passwords this way they won't automatically get purged from the AppVM, which under the assumption that any AppVM is completely compromised at all times, is not much of a big deal, but still it would be nicer if the password was cleared or even better never copied to the clipboard... Which is why my idea would be to host Mozilla Sync Service in each AppVM and the let the dom0 browser fill this Sync Server with the passwords belonging to the corresponding identity... > website: you will *not* open this link in the same AppVM but instead > copy/paste it in your "Random surf" AppVM. Would this site be malicious Yes but people WILL click the link. It's not a sane assumption to make. Besides it is incredibly annoying to operate this way. I am not some prime target of the NSA ^^, and I doubt many of the people using qubes will be... So you want to be safe, but you still want the convenience... The right way is to block the link, unless it refers to a white-listed domain for this identity. Or even better, pipe it back to dom0 and open it in a new tab & AppVM under the right identity... (this kind of integration is what I am proposing) > password database is to first hack the forum, and use it as a pivot to > then be able to hack your computer and get access to your file system. How he does it is basically immaterial to me as I assume that all AppVMs are evil all the time. The point is to separate them properly so only one identity gets compromised. I want to add that it is generally unlikely that a disposable AppVM with the right configuration will actually be compromised, but it helps to assume them to be to get a better picture of the impact it would have and to minimize that impact. > (https://addons.mozilla.org/en-US/firefox/addon/secure-login/) so > Firefox does not dumbly automatically fill any password field without Yes this looks good. > like uMatrix or NoScript which allow to better control third-party Thanks for uMatrix, I didn't know that one. But yes this is pretty much what I imagined also to happen, just in dom0 (which is more trustworthy to me), not in an AppVM. > It *may* be possible to implement a way to handle different AppVM in > different tabs instead of different windows, but I'm not sure to see any > real advantage of this. The advantage is the same as going back to IE6 times when each tab was its own window and having windows with several tabs in addition to this madness. I don't see how you can not see the advantage of having all browser tabs over all AppVMs organized in a dom0 browser interface as tabs in comparison to having tons of floating windows with sub-tabs each ;). > instance, personally I set it to not display reduced windows in the > Alt-Tab menu, so I can focus on the window I am currently working with. I don't think any of those suggestions really helps with the problem. All in all I think Qubes OS in general lacks a good UI for what it is doing, but I also understand that you have to start somewhere. But in the end the way Qubes does AppVM and identity management at the moment is truly terrible, but it works. All I want to do is to come up with a plan to improve it ^^. > be useful to have them volatile on a day-to-day basis, and turn them > non-volatile only to update Firefox's modules or save a change in its I think the Mozilla Sync Server could be of help here... > To be honest I did never investigated this, I'm not sure what the > concrete threats there are. Are you so sure that your AppVM doesn't have an unique fingerprint that potentially could be exposed via a malicious website, browser extension or the browser? In that case, even using the same base template for disposable VMs could be a privacy disaster (I am not sure Qubes OS has taken any steps, like maybe "Tails", to actually mitigate fingerprinting in disposable VMs) On top of that have you ever tried to use Panopticlick? Even tails gets more or less uniquely fingerprinted primarily via the non-standard browser window size when it is maximized and also because it seems to apply some uncommon browser settings that maybe only tail users have... > UUID you really should just use the same UUID as a lot of other people That requires you to know the UUID, also UUID was more a token for
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
> And that's why you can use many appVMs in the first place. You share the But that is not the point. First of all, unless your life depends on it, it will be very unlikely that you are actually paying enough attention to where you use which identity. A click on the wrong link can already screw it up because then site X read the tracking data placed on site Y and site X shouldn't know about what you were doing with Y... So you need some sort of white-listing to technically prevent those mistakes. Yes this can be done in different AppVMs and that is exactly what I am proposing here. It's about making what you describe much more convenient without a single drawback in security. > There's little actual reason to use a hard-separate identity for each > and every web service you visit; first because they don't usually talk > to one another (i.e. amazon does not ask facebook for your info, nor > does this happen the other way around) Um, that is a bold statement, do you have any data to back that up? Maybe Amazon indeed doesn't talk to Facebook (yet), but no one is stopping them either. Facebook definitely has an interest to read your Amazon visits because this way they can link your true identity to your fake profile... for instance. > are, in fact, the very same entity (fb and whatsapp, gmail and youtube). True, and for those you will want to use the same identity (it get's complicated quite quickly which is why I am proposing to aid the user with this chore). > Third because you usually want to present a "brand" identity of yourself > around the web. Think of your personal blog or github account presented > on your linkedin profile: this is a reinforcement of your "brand" > identity, so you would like to share the connection between your github > and your linkedin identities. Maybe, but here we have the same issue again. I have other things in my head than trying to remember which sites shares what data with whom and which idenity I have to use where and which AppVM to start for it, it's just insane... This needs to be much simpler. > And that's actually the point why I'm replying to your e-mail; this is > an idea as bad as it gets. The main reason why dom0 does not have > networking, and should not have, is to prevent exposing data on *all* of > the VM at once. As a side effect of this, the less software there is on > dom0 the better. I think you entirely misunderstand my proposal or maybe I wasn't clear enough. My proposed "dom0" browser has no network at all. In fact, it can't do anything you couldn't do manually already. The point is to automate it. This dom0 browser frontend will know which identity belongs to which domain and which AppVM should be used for each identity and what your passwords & cookies were. It also feeds this data to each AppVm on startup so they can completely be disposable... The "real" browsers still run in AppVMs. > TL;DR: first, do you really actually need to separate each and every > identity you use? second, once you realize that many identities can > co-exist (and indeed, sometimes you would like this to happen) do you What do you mean by "co-exist"? If I use them at the same time in the same browser/VM I might as well just use one single identity because there is no way to know if either of them wasn't compromised or linked in ways I didn't want. I don't see how identities can co-exist (I am also not talking about sign-in data, I am talking about fake "me"'s, fake people so to speak who consume services to protect the real identity; I simply see no use case of why you ever want to share identities within the same AppVM or browser/site). > really need that many isolated VMs? third, why would you need to move > this complexity in dom0? Because dom0 is the only place where this can meaningfully exist. Think of it as a different way of organizing the AppVM windows (not in the XCFE panel's, but instead as real tabs in a dom0 browser) and a lot of infrastructure code to help you with identity management. Cheers -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1f43fe6b-39dc-4898-ba5b-b066c4e1be84%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Display Calibration and Audio Equalizer for Dom0 ?
On 10/28/2016 01:19 PM, Zrubi wrote: > On 09/03/2016 12:49 AM, Connor Page wrote: >> I have calibrated my yellow screen using argyllcms. >> I don't attach usb devices to dom0 so installed it in sys-usb as well. >> used >> https://encrypted.pcode.nl/blog/2013/11/24/display-color-profiling-on-linux/ >> as a rough guide. >> to get the calibration done you just need to run dispcal and then transfer >> the calibration file to dom0. >> then test it with "dispwin xxx.cal" in dom0. if happy, create an autostart >> item with that command (probably, >> using the full path to the calibration file) and you're done. > > I just started to experiment with display color correction things. > > I wonder how it is workig in Qubes because as far as i know: > > - the display profile is used only the programs are aware of icc profiles. > > - the X server runs in dom0, the apps are in AppVMs - but no > communication about display prifiles (colord) because of the qubes gui > protocol. > @Marek: Do you have any idea what to look for in order to be able to calibrate my screen under Qubes? What I already tried: - the standard gnome color management tools runned in (sys-usb) But it is complaining that there is no display to calibrate. running the same calibration software directly complains about there is no colord available (masked) (gcm-calibrate:1459): Gcm-WARNING **: failed to connect to colord: Error calling StartServiceByName for org.freedesktop.ColorManager: GDBus.Error:org.freedesktop.systemd1.UnitMasked: Unit colord.service is masked. - diplayCal is happy with the dummy display seen by the AppVM, and do not depend on colord - but it fails on some X calls(?) Debug: window wxComboBox(0x561c58c3a230, ) lost focus even though it didn't have it X Error of failed request: BadMatch (invalid parameter attributes) Major opcode of failed request: 42 (X_SetInputFocus) Or I should connect the calibration device to dom0 and start the calibration from dom0? (Also noted that there is no colord running, so I may have to apply the profile viea diplaycal cli) Thanks. -- Zrubi -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9c23f28-57a0-e380-2a71-781795825e8c%40zrubi.hu. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] XScreenSaver for dom0 pops up
On Thursday, October 27, 2016 at 12:42:18 AM UTC-4, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-10-26 15:53, Gaijin wrote: > > On 2016-10-26 13:38, John Maher wrote: > >> On Wednesday, October 26, 2016 at 9:05:48 AM UTC-4, Gaijin wrote: > >>> On 2016-10-26 12:43, John Maher wrote: > >>> > I'm getting the strangest thing on my screen. I'll be working and the > >>> > XScreenSaver dialog pops up (indicating the screen is locked) and the > >>> > screen goes black. However, the screen is not locked. I have to move a > >>> > window around to redraw my screen. This has always happened since I > >>> > started using Qubes about 3 weeks ago. There appears to be no pattern > >>> > that prompts this response. Bizarre! Any thoughts? > >>> > > >>> > Thanks. > >>> > > >>> > John > >>> > >>> Yeah. I had the same thing happen when I upgraded to R3.2 as well. I > >>> asked the same thing but nobody replied. > >>> https://groups.google.com/forum/#!topic/qubes-users/xjHi2TcYBAQ > >>> > >>> It still happens from time to time. Seems to happen less if I have a lot > >>> of free memory. Closing down some memory hungry AppVMs seems to lessen > >>> it, but I haven't been able to specifically replicate it. > >> > >> Interesting, because I think I have more than enough memory (32 GB). > >> Thanks. > > > > I've got 16GB myself. It's not that the memory is full, but it seems to > > happen more when I have a lot of VMs open in one desktop. That may just be > > a coincidence though. > > > > I'm glad to see it wasn't just me though. I never had this happen with > > earlier versions of Qubes on the same hardware. Not sure if it might be the > > XFCE or a video driver issue. (I've never installed the nVidia drivers.) > > > > Thank you both for reporting this. Gaijin, I'm sorry I missed your thread. > > Just to confirm: Are you both using Xfce4? > > Tracking the issue here: > > https://github.com/QubesOS/qubes-issues/issues/2399 > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJYEYWaAAoJENtN07w5UDAwvq8P/1hFm/owsEasSXroxzK9JnTn > DSBZ9udjO+TWQypb4Hh4RO48MtJnQhKfdgJJWWJwf9dTp62LUBkVWskKDtvOfyo+ > aoVFGRBexb7yzRT90kBsjHiVPeysA4bTBftQZEZzTQBz/UzRzMkcBWj7/vbYrTkL > zeG42ZCuM75jzOv2dhrG2TeP+OlTfdnFIyFQFmdaRJyHTOBtf7Mjauuj4gFEiKNr > ztMO4jE/kn+/E79cGu33VfrxITmiH7Z5tqZQuAS0Mud9YnBuCDumIugPuSleV3IL > xARHjYjui+yPOzB66yZiDlQhTMRaEhEEQVR6UWMU+SC/nec+dTpWq/b7EgktXdud > NpJr+jIDfaoNdVBtDFIXRBo6vbR05dtWQFfLIeewGIhIC9VwLJSwEW2TvCTWFOcO > kXWV4xsg1xAJNbNBm9V42yZ6M1P+ClXlAcJYPVqrk+xisLtlWAweqT4yKw3zq5HW > rlgkLYoNAjU3ZvTHYa/2JtyQZKbUUw+ck8nRRuLUp0jqM/2TlZfQ7tmfsfb5z1HS > mzNe6UHhg5ZtoV0HKbyMIWa5ePVZaMJCkhNOMAuAQ9QBpJgqE7dWZx28S5eqnAno > WTFQI9nT6JCQz7YvmIkrxQDCUmG5JQqZlqIXArRS0WNjAzNMraKBsWeHTOqha4he > HiI1LB04rOraNysdPTpj > =MANy > -END PGP SIGNATURE- Sorry for the delay in responding. I used the default install for 3.2. I also just noticed that it appears that memory is not being purged when apps are closed. Today when I "woke up" the screen from one of these odd screen saver like issues, it very briefly displayed a browser window with a site I was on yesterday. I looked carefully and confirmed that I did not actually have that window open on my system. It's as if something from yesterday's memory was sent to the screen and then closed. Rather disconcerting. John -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/196229af-8c96-463f-9918-bae76a454d57%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Trying to do an in-place upgrade from 3.1.17 to 3.2
On Sunday, October 30, 2016 at 12:00:08 PM UTC-5, Richard wrote: > I'm trying to upgrade my Qubes 3.1.17 to 3.2 I've followed the steps > outlined here: https://www.qubes-os.org/doc/upgrade-to-r3.2/ However, when I > run... > >sudo qubes-dom0-update --releasever=3.2 qubes-release > > I receive: > Loaded plugins: yum-qubes-hooks > Nothing to do > No packages downloaded > file:///var/lib/qubes/updates/repodata/repomd.xml: [Errno 14] > curl#37 - "Couldn't open file /var/lib/qubes/updates/repodata/repomd.xml" > Trying other mirror. > Nothing to do > > So of course running... sudo qubes-dom0-update --clean also provides a > similar error: > > Errno 14] curl#7 - "Failed to connect to pubmirror1.math.uh.edu port > 443: No route to host" > Trying other mirror. > No new updates available > No updates avaliable > > Is anybody able to advise me what I need to do to be able to do an in-place > upgrade to 3.2? > > Thanks, > Richard Just wondering if anyone has any ideas as I would really like to do an in-place upgrade to 3.2. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4599dae8-a2a4-460a-a09d-9a9b0ec1a132%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
mara.kuens...@gmail.com wrote: Not only do you have to assume that all sites you visit within the same VM knows everything you did in there, but also you have to assume they know all the passwords for all the other sites you visit there and basically have full control over that VM [...] I think what would solve this dilemma is a custom dom0 browser layer. The way this can work is as follows: Hi Mara, While I agree with you on your assumptions, I completely disagree on your conclusion. What should actually solve this dilemma is to use several AppVMs, each one dedicated to a different activity, or as I prefer to refer it myself: to different sensitivity levels. This way indeed, you can consider that a website at some sensitivity level may have access to full information belonging to this same sensitivity level, but if you design this correctly this should not be a major issue. So, first make a list of your different on-line activities and the sensitivity of information stored / transmitted in each cases (if you need some ideas, there was a very interesting article from Joanna describing the process: you should quickly find and recognize it thanks to the spaghetti-like diagram it contains ;) ). Then, you may want to apply different setups to Firefox depending on the needs and the trust level. For instance: - You may want to apply maximum paranoia on your random surf AppVM, - You may want to be a bit more permissive in your shopping AppVM so NoScript will not break a payment process right in the middle, leaving you uncertain about how many times you will be charged. - You may have a dedicated Firefox instance still having the infamous Flash plugin installed when you need to access some websites requiring it. - Etc. Decide how you may want to store your logins and passwords. Here are two possible solutions, but there are other ones of course: - Use (X)KeePass in a separated, isolated and dedicated AppVM. I suggest you to create a "Web" or "Firefox" group, and then create a different sub-group for each of you AppVM so everything stays clean and organized. - Use Firefox integrated password management. Before you scream, do not forget that all activity in this Firefox will be limited to the same sensitivity level. For instance, you are in your "Public forums" AppVM, someone posts a link to a third-party website: you will *not* open this link in the same AppVM but instead copy/paste it in your "Random surf" AppVM. Would this site be malicious and steal your password database, it would miserably fail (without mentioning Firefox "paranoid" settings in this AppVM). The only way for someone to actually gets its hand on your Firefox password database is to first hack the forum, and use it as a pivot to then be able to hack your computer and get access to your file system. At this point, installing a keylogger or a malicious Firefox extension becomes just trivial, so avoiding to use Firefox password store will be of no help and if you design your AppVMs correctly then all the efforts deployed by the attacker will be done quite in vain since he will not actually gain any new valuable information. If you use Firefox password management, I would however still recommend you to use the Secure Login extension (https://addons.mozilla.org/en-US/firefox/addon/secure-login/) so Firefox does not dumbly automatically fill any password field without requiring any human intervention (I find it a shame it still acts this way by default): this prevents you against online stealing of your password store content and require the attacker to either exploit the browser or get his hands on your file system. The two are not exclusive. Actually, if you use Firefox password store (and I find it really more convenient than doing a dozen Ctrl-Shift thing each morning just to identify myself on random public websites, but YMMV), I would strongly recommend to keep at least a backup of these passwords in some password safe like (X)KeePass. There are still a some other points you mention in your bullets I did not addressed until now: * Trying to visit a non-white-listed website Basically, you are responsible of what you do with your own computer. There are several Firefox modules (plus Qubes' firewall) which should help you to ensure that you do not use an AppVM from a certain sensitivity level to access websites belonging to other ones. Modules like uMatrix or NoScript which allow to better control third-party requests seem like a must here. * You always use a new VM for each tab It *may* be possible to implement a way to handle different AppVM in different tabs instead of different windows, but I'm not sure to see any real advantage of this. If you have too many windows opened (which indeed happens very quickly with Qubes), do not hesitate to use your windows manager feature to handle them: - Assign specific activities to your workspaces (or
Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!
On 11/01/2016 11:02 PM, mara.kuens...@gmail.com wrote: > Hi, > > I am using Qubes daily for a while now. One thing I think is really > missing is some sort of identity management. This is most visible > when browsing. You shop something on Amazon, then go to check some > Facebook updates and look at WhatsApp. Then you browse Hacker News > click on this link and that link, end up on Wikileaks by accident > then look at which club to visit in the evening... Yes this is shit. > And that's why you can use many appVMs in the first place. You share the same identity on the same AppVM, and then you can create another in another AppVM. If the identity can be discarded safely, then you can use a DispVM. There's little actual reason to use a hard-separate identity for each and every web service you visit; first because they don't usually talk to one another (i.e. amazon does not ask facebook for your info, nor does this happen the other way around) and second because many of them are, in fact, the very same entity (fb and whatsapp, gmail and youtube). Third because you usually want to present a "brand" identity of yourself around the web. Think of your personal blog or github account presented on your linkedin profile: this is a reinforcement of your "brand" identity, so you would like to share the connection between your github and your linkedin identities. > But convenience often wins over security/privacy. Not only do you > have to assume that all sites you visit within the same VM knows > everything you did in there, but also you have to assume they know > all the passwords for all the other sites you visit there and > basically have full control over that VM. If you don't assume that, > then why are you using Qubes in the first place... And that's why you should disable keeping passwords in-browser and use something like keepassx. Using it moves the security bar from 2 to 3 on a scale to 10... It's better than nothing, and you can have a separate keepassx AppVM for extremely sensitive passwords (and extremely frustrating user experience, but still..). > > I think what would solve this dilemma is a custom dom0 browser layer. > The way this can work is as follows: And that's actually the point why I'm replying to your e-mail; this is an idea as bad as it gets. The main reason why dom0 does not have networking, and should not have, is to prevent exposing data on *all* of the VM at once. As a side effect of this, the less software there is on dom0 the better. Your proposal flies straight in the face of this architectural principle. While I agree that your proposal makes sense from a user-experience point of view, I solved my multiple-identity problem simply with many appVM, that share some identities that can be shared together - say, the 5 e-mail accounts I have to use for work. TL;DR: first, do you really actually need to separate each and every identity you use? second, once you realize that many identities can co-exist (and indeed, sometimes you would like this to happen) do you really need that many isolated VMs? third, why would you need to move this complexity in dom0? -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/60dabd54-6ffa-ca65-256f-a1e1a7c44a33%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Qubes network server
On Thursday, 13 October 2016 01:31:01 UTC+8, Manuel Amador (Rudd-O) wrote: > Update: > > I have dramatically enhanced the documentation of the project: > > * https://github.com/Rudd-O/qubes-network-server > * > https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20your%20first%20server.md > * > https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20an%20SSH%20server.md > > This project is now ready and documented enough to be useful to users of > Ansible Qubes who want to remotely manage clusters of Qubes OS machines: > > * > https://github.com/Rudd-O/ansible-qubes/blob/master/doc/Remote%20management%20of%20Qubes%20OS%20servers.md > * > https://github.com/Rudd-O/ansible-qubes/blob/master/doc/Enhance%20your%20Ansible%20with%20Ansible%20Qubes.md > > I strongly welcome anyone who tries this and shares their experiences. > It is my goal to get this to be a key part of the Qubes OS strategy. > > -- > > Rudd-O > http://rudd-o.com/ For the "make rpm" command you refer to the local directory of your clone, is there a tutorial you recommend I should follow for doing this? Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/273b72c4-0da2-4215-a28a-2325149a8294%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: ANN: Qubes network server
On Thursday, 13 October 2016 01:31:01 UTC+8, Manuel Amador (Rudd-O) wrote: > Update: > > I have dramatically enhanced the documentation of the project: > > * https://github.com/Rudd-O/qubes-network-server > * > https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20your%20first%20server.md > * > https://github.com/Rudd-O/qubes-network-server/blob/master/doc/Setting%20up%20an%20SSH%20server.md > > This project is now ready and documented enough to be useful to users of > Ansible Qubes who want to remotely manage clusters of Qubes OS machines: > > * > https://github.com/Rudd-O/ansible-qubes/blob/master/doc/Remote%20management%20of%20Qubes%20OS%20servers.md > * > https://github.com/Rudd-O/ansible-qubes/blob/master/doc/Enhance%20your%20Ansible%20with%20Ansible%20Qubes.md > > I strongly welcome anyone who tries this and shares their experiences. > It is my goal to get this to be a key part of the Qubes OS strategy. > > -- > > Rudd-O > http://rudd-o.com/ For the "make rpm" command you refer to the local directory of your clone, is there a tutorial you recommend I should follow for doing this? Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e2ca70bd-ee20-40fc-9f65-298e58c3718d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.