[qubes-users] Re: Unikernels and Qubes

[dangmadzyu]

On Friday, November 6, 2015 at 6:26:57 AM UTC-8, Andrew wrote:
> The idea of unikernels in Qubes is not entirely new; it's come up on the
> lists a few times.  This doesn't seem to have been posted to the list
> yet, though: https://northox.github.io/qubes-rumprun/
> 
> The above blog post makes some arguments for integrating some unikernels
> into Qubes for various things: TCP/IP stack vulnerability mitigation,
> in-line filters on communication channels between VMs (I always imagined
> using a MirageOS TLS wrap/unrwap unikernel to avoid OpenSSL exploits),
> secure file conversion, and generally promoting increased disaggregation
> and finer-grained isolation.
> 
> This post asks for feedback and poses a few questions to be answered.
> 
> > Now, I'm looking for constructive feedback from Qubes' community and
> > will try to answer a few questions: What exactly would need to be
> > modified on Qubes' side to be part of the default installation?
> > What's the effort? What's the best course of action? Is it viable in
> > practice? Does it make sense?
> 
> I don't have the answers to these questions, but maybe others can chime
> in to help answer them.
> 
> Andrew


Has anyone got a Mirage-VPN ProxyVM running?

I use very many different VPN connections simultaneously. I am constantly 
running out of RAM to open any more VMs. 

I am already maxed out at 16GB, so I need to find ways to cut back on RAM. (And 
disk space).


Is it possible to run OpenVPN? (Sorry for necro)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f1d8482e-9a4e-40aa-a32a-4ac691d7c11c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: R4.0 with fedora 28 template sys-net fails to sync time

[Marcus Linsner]

On Saturday, September 15, 2018 at 9:45:34 PM UTC+2, Alex wrote:
> Hi all,
> I happen to have run into the problem as per the subject. What happened
> is this:
> 
> * I recently installed a fully clean R4.0 system, with default templates
> and sys-* qubes (this means fedora 26)
> * I upgraded the default template, after cloning it, to fedora 28
> * This means that now I have a fedora-28 based sys-net
> * The system fails to sync the time to NTP servers
> 
> What I debugged until now:
> * in sys-net, the service systemd-timesyncd should start and update the
> time - it's enabled by default
> * it does not, because it fails to start due to some inaccessible
> directory that is not detailed in the logs
> * googling around I found that it looks like one of the usual
> surprise-ridden features of systemd, namely DynamicUser, that seems to
> have problems with FUSE mounts and the custom-namespace-based isolation
> (https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdTimesyncdFailure?showcomments).
> I'm thinking this issue is manifesting itself with some of the Qubes
> infrastructure.
> 
> Does anybody have a recommended way of fixing this, that avoids just
> waiting for the systemd guys to fix this? I don't like the idea of
> editing systemd's "packaged" unit files, nor am I willing to go set
> weird permission / mount options for qubes' directory mounts. What I'd
> like to have is a way of having dom0's time set from a network (NTP)
> source without necessarily having to successfully set the time in my
> sys-net.
> 
> What I'm thinking of doing is having a separate clock vm, with a more
> standard ntpd, but I'm not sure of the network "position" inside qubes -
> will it be enough to give it "sys-net" as the network vm?
> 
> Thanks in advance for any guidance...
> 
> -- 
> Alex

Please see this[1] for a fix.

[1] https://github.com/QubesOS/qubes-issues/issues/3983

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/06b36685-5cad-4f75-889b-e5aff51d5041%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

['casiu' via qubes-users]

You are confusing security with privacy. Im using protonmail, because its one 
of the very few Email-provider where one is able to register an account without 
providing any personal data. I dont have the need nor time nor skill to setup / 
maintain a emailserver.
Simply because i distrust everything except my own laptop.

But your right, Gmail for sure is the better choice.

For security (not privacy) you might wanna look into pgp, here you go.

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

Your welcome.


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Saturday, September 15, 2018 5:17 PM,  wrote:

> On Saturday, September 15, 2018 at 8:32:23 AM UTC-7, casiu wrote:
>
> > Sent with ProtonMail Secure Email.
> > ‐‐‐ Original Message ‐‐‐
> > On Saturday, September 15, 2018 10:30 AM, qubes-...@tutanota.com wrote:
> >
> > > Hi, during my email conversation with the Todd Weaver in the 
> > > pre-IME-disabled time, he told me they will fully disable the IME and AMT 
> > > within next week. After about a week they announced they did just that. 
> > > Are this links a lie?
> > > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/
> > >  
> > > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/
> > > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
> > >  
> > > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
> > > Talking about alternatives: how the Qubes 4.0 stand with RYF certified 
> > > X200? Like for example this one:https://tehnoetic.com/laptops/tet-x200s 
> > > https://tehnoetic.com/laptops/tet-x200s and others like T400 and T500, 
> > > which can be found there as well. Working well? Any issues known?
> > > Thank you
> > > Sep 15, 2018, 1:00 AM by taii...@gmx.com:
> > >
> > > > Everyone please be aware that purism's marketing is dishonest.
> > > > Their products do not have open source firmware[1] and the ME is not
> > > > disabled (the kernel still runs along with mask roms and the me hw init
> > > > code)
> > > > Intel chips or any new x86 for that matter do NOT respect your privacy!
> > > > [1]Their coreboot is simply a shim loader layer for Intel's FSP binary
> > > > blob that performs the hardware initiation - these days coreboot doesn't
> > > > necessarily mean open source firmware.
> > > > In terms of laptops it is much better to purchase for instance an owner
> > > > controlled pre-PSP AMD G505S[2] which has open cpu/ram init via coreboot
> > > > or one of the ivy/sandy thinkpads which while not owner controlled are
> > > > significantly more free than puri.crap as they have open cpu/ram/gpu
> > > > init via coreboot and their ME can be nerfed down to the BUP layer which
> > > > while is not at all equivilant to not having an ME at all such as on
> > > > non-x86 arches or pre-PSP AMD it is still much better.
> > > > All of my laptop recommendations here work great with Qubes 4.0 and
> > > > there is a nice little qubes g505s community.
> > > > [2](for the best user experience make sure to get the highest end quad
> > > > core A10 model if you buy one - although the less expensive A6 quad core
> > > > models are still quite usable)
> > > > I do not have an issue with purism selling non-free laptops - I have an
> > > > issue with them being dishonest.
> > > >
> > > > -
> > > >
> > > > You received this message because you are subscribed to the Google 
> > > > Groups "qubes-users" group.
> > > > To unsubscribe from this group and stop receiving emails from it, send 
> > > > an email to > 

[qubes-users] Re: XSA-273 - security impact on Qubes?

[Rob Fisher]

Thanks for your feedback, and especially thanks to the Qubes Security 
Team for getting this turned around so quickly and comprehensively.
I particularly like the design decision to disable SMT (HT) in Xen 
irrespective of BIOS config. As BIOSs can be buggy on some HW, or simply 
not provide the user with a choice to disable certain features like SMT.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a8fd5a89289a34f777c80556f60ac87%40posteo.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] R4.0 with fedora 28 template sys-net fails to sync time

[Alex]

Hi all,
I happen to have run into the problem as per the subject. What happened
is this:

* I recently installed a fully clean R4.0 system, with default templates
and sys-* qubes (this means fedora 26)
* I upgraded the default template, after cloning it, to fedora 28
* This means that now I have a fedora-28 based sys-net
* The system fails to sync the time to NTP servers

What I debugged until now:
* in sys-net, the service systemd-timesyncd should start and update the
time - it's enabled by default
* it does not, because it fails to start due to some inaccessible
directory that is not detailed in the logs
* googling around I found that it looks like one of the usual
surprise-ridden features of systemd, namely DynamicUser, that seems to
have problems with FUSE mounts and the custom-namespace-based isolation
(https://utcc.utoronto.ca/~cks/space/blog/linux/SystemdTimesyncdFailure?showcomments).
I'm thinking this issue is manifesting itself with some of the Qubes
infrastructure.

Does anybody have a recommended way of fixing this, that avoids just
waiting for the systemd guys to fix this? I don't like the idea of
editing systemd's "packaged" unit files, nor am I willing to go set
weird permission / mount options for qubes' directory mounts. What I'd
like to have is a way of having dom0's time set from a network (NTP)
source without necessarily having to successfully set the time in my
sys-net.

What I'm thinking of doing is having a separate clock vm, with a more
standard ntpd, but I'm not sure of the network "position" inside qubes -
will it be enough to give it "sys-net" as the network vm?

Thanks in advance for any guidance...

-- 
Alex

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/04fdedfe-9502-e89b-2827-e09f00d73901%40gmx.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

[qubes-users] how can i patch xen?

[qubenix]

Hello all.

I'm attempting to build a custom Qubes with one patch added to Xen. Is
it enough to simply add the patch with the others in
qubes-builder/qubes-src/vmm-xen/, add a line for it in
qubes-builder/qubes-src/vmm-xen/xen.spec.in, and then build?

-- 
qubenix
PGP: 96096E4CA0870F1C5BAF7DD909D159E1241F9C54
OTR: qube...@chat.freenode.net
OTR: 3AAF6650 F818BDBE 267C7866 E4A0C614 DBD5EEAD

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e64bfe4b-5072-bc5d-c5c8-77bb486d007a%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Time for Laptop Upgrade

[dangmadzyu]

I am running a T530 that I have maxed on in every possible way, from CPU, to 
RAM, to SSD + HDD, to 1080 Screen. . . 


But it is stuck with 16GB Max RAM, and now I am constantly juggling Qubes, 
trying to figure out which ones I can shut down in order to open new ones that 
I need.


A lot of this has to do with a plethora of VPN ProxyVMs, Whonix Gateways, 
Debian Testing + Stretch Templates, etc etc


When it is updates time, I have a dozen or more templates, and so I need to 
update a few at a time, shut them down, and then update a few more.



Anyway, I need something that can handle more open Qubes.


What are my options if privacy and security are of the utmost importance?


I am looking for something with a high end Quad Core or better. 


I'm going to need about 32GB of RAM.


Right now I am using a 500GB SSD + 2TB HDD in my Optical Bay. I would like for 
more storage so I can better maintain a Multi-Media Qubes with Kodi and local 
media.


I also needs lots of HDD space for a plethora of blockchains (Bitcoin, Monero, 
Ethereum, etc)



With all this crypto, I also want to make sure it has all available security 
features for AEM, and SEDs (must have BIOS HDD password). 



What are my options for HARDWARE encrypted drives?



Any help with this project would be appreciated.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6490e5a3-852a-4849-bcf7-061b07d10fe0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] The time in the cube 4.0 rushes for 10 minutes.

[Djon Snow]

The time in the cube 4.0 rushes for 10 minutes. What is the reason for this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78eba955-b1a9-4031-a6fe-4fd649a5c438%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

[dangmadzyu]

On Saturday, September 15, 2018 at 8:32:23 AM UTC-7, casiu wrote:
> Sent with ProtonMail Secure Email.
> 
> ‐‐‐ Original Message ‐‐‐
> On Saturday, September 15, 2018 10:30 AM,  wrote:
> 
> > Hi, during my email conversation with the Todd Weaver in the 
> > pre-IME-disabled time, he told me they will fully disable the IME and AMT 
> > within next week. After about a week they announced they did just that. Are 
> > this links a lie?
> > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/
> >  
> > https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/
> > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
> >  
> > https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
> >
> > Talking about alternatives: how the Qubes 4.0 stand with RYF certified 
> > X200? Like for example this one:https://tehnoetic.com/laptops/tet-x200s 
> > https://tehnoetic.com/laptops/tet-x200s and others like T400 and T500, 
> > which can be found there as well. Working well? Any issues known?
> > Thank you
> >
> > Sep 15, 2018, 1:00 AM by taii...@gmx.com:
> >
> > > Everyone please be aware that purism's marketing is dishonest.
> > > Their products do not have open source firmware[1] and the ME is not
> > > disabled (the kernel still runs along with mask roms and the me hw init
> > > code)
> > > Intel chips or any new x86 for that matter do NOT respect your privacy!
> > > [1]Their coreboot is simply a shim loader layer for Intel's FSP binary
> > > blob that performs the hardware initiation - these days coreboot doesn't
> > > necessarily mean open source firmware.
> > > In terms of laptops it is much better to purchase for instance an owner
> > > controlled pre-PSP AMD G505S[2] which has open cpu/ram init via coreboot
> > > or one of the ivy/sandy thinkpads which while not owner controlled are
> > > significantly more free than puri.crap as they have open cpu/ram/gpu
> > > init via coreboot and their ME can be nerfed down to the BUP layer which
> > > while is not at all equivilant to not having an ME at all such as on
> > > non-x86 arches or pre-PSP AMD it is still much better.
> > > All of my laptop recommendations here work great with Qubes 4.0 and
> > > there is a nice little qubes g505s community.
> > > [2](for the best user experience make sure to get the highest end quad
> > > core A10 model if you buy one - although the less expensive A6 quad core
> > > models are still quite usable)
> > > I do not have an issue with purism selling non-free laptops - I have an
> > > issue with them being dishonest.
> > > --
> > > You received this message because you are subscribed to the Google Groups 
> > > "qubes-users" group.
> > > To unsubscribe from this group and stop receiving emails from it, send an 
> > > email to > qubes-users+unsubscr...@googlegroups.com 
> > > mailto:qubes-users+unsubscr...@googlegroups.com> .
> > > To post to this group, send email to > qubes-users@googlegroups.com 
> > > mailto:qubes-users@googlegroups.com> .
> > > To view this discussion on the web visit > 
> > > https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com
> > >  
> > > https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com>
> > >  .
> > > For more options, visit > https://groups.google.com/d/optout 
> > > https://groups.google.com/d/optout> .
> >
> > --
> >
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to qubes-users+unsubscr...@googlegroups.com.
> > To post to this group, send email to qubes-users@googlegroups.com.
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/qubes-users/LMRlztC--3-1%40tutanota.com.
> > For more options, visit https://groups.google.com/d/optout.



This made me laugh out loud. All your ranting and raving about security and 
dishonesty, and you sent the message using PROTON MAIL. Good lord. Talk about 
dishonesty and pseudo-security.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b9839f63-3a6a-4892-ba5b-6e3de3583e93%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] HCL - Purism Librem 13 v2

['casiu' via qubes-users]

Unfortunately,yes, those links are definitely a lie.
I not going to even comment their dishonest advertising-language, but in short: 
there is a huge difference between removing something for good ore verifying 
that there most likely hasnt been changed anything.
Also, the intel ME thing is from what i have been told totally over the top, 
the really issues with Purism products lay elsewhere.

I recently got interested in this thematic and almost bought a Purism, but 
luckily asked first in the coreboot irc. Id really recommend to do some 
research.
There are plenty of sites who show the  technically reasons  wy one should 
never buy Purism stuff.
That being said, purism current approach using HEADS is a lot better then the 
stuff they sold in the beginning, one could argue that their current laptops 
actually might actually improve your security a little bit.
If its worth the extra money is a personal choice, i myself feel like its just 
way to much money for a device which STILL runs almost entirely on properitary 
software.
If you are serious about your security, id recommend an G505s(i dont have one 
tough) or an x230, i do have one, and it rocks.

There will be no blobs whatsoever present except the EC-blob (probably 
liberated soon) and the bub-module.
 Also, they are highly modular.(someone custom build mine with fhd display, 
classic style keyboard, external antenna etc etc, and i fucking love it ;).


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Saturday, September 15, 2018 10:30 AM,  wrote:

> Hi, during my email conversation with the Todd Weaver in the pre-IME-disabled 
> time, he told me they will fully disable the IME and AMT within next week. 
> After about a week they announced they did just that. Are this links a lie?
> https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/
>  
> https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/
> https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
>  
> https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
>
> Talking about alternatives: how the Qubes 4.0 stand with RYF certified X200? 
> Like for example this one:https://tehnoetic.com/laptops/tet-x200s 
> https://tehnoetic.com/laptops/tet-x200s and others like T400 and T500, which 
> can be found there as well. Working well? Any issues known?
> Thank you
>
> Sep 15, 2018, 1:00 AM by taii...@gmx.com:
>
> > Everyone please be aware that purism's marketing is dishonest.
> > Their products do not have open source firmware[1] and the ME is not
> > disabled (the kernel still runs along with mask roms and the me hw init
> > code)
> > Intel chips or any new x86 for that matter do NOT respect your privacy!
> > [1]Their coreboot is simply a shim loader layer for Intel's FSP binary
> > blob that performs the hardware initiation - these days coreboot doesn't
> > necessarily mean open source firmware.
> > In terms of laptops it is much better to purchase for instance an owner
> > controlled pre-PSP AMD G505S[2] which has open cpu/ram init via coreboot
> > or one of the ivy/sandy thinkpads which while not owner controlled are
> > significantly more free than puri.crap as they have open cpu/ram/gpu
> > init via coreboot and their ME can be nerfed down to the BUP layer which
> > while is not at all equivilant to not having an ME at all such as on
> > non-x86 arches or pre-PSP AMD it is still much better.
> > All of my laptop recommendations here work great with Qubes 4.0 and
> > there is a nice little qubes g505s community.
> > [2](for the best user experience make sure to get the highest end quad
> > core A10 model if you buy one - although the less expensive A6 quad core
> > models are still quite usable)
> > I do not have an issue with purism selling non-free laptops - I have an
> > issue with them being dishonest.
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to > qubes-users+unsubscr...@googlegroups.com 
> > mailto:qubes-users+unsubscr...@googlegroups.com> .
> > To post to this group, send email to > qubes-users@googlegroups.com 
> > mailto:qubes-users@googlegroups.com> .
> > To view this discussion on the web visit > 
> > https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com
> >  
> > https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com>
> >  .
> > For more options, visit > https://groups.google.com/d/optout 
> > https://groups.google.com/d/optout> .
>
> --
>
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to 

Re: [qubes-users] HCL - Purism Librem 13 v2

[qubes-fan]

Hi, during my email conversation with the Todd Weaver in the pre-IME-disabled 
time, he told me they will fully disable the IME and AMT within next week. 
After about a week they announced they did just that. Are this links a lie?
 https://puri.sm/posts/measuring-the-intel-me-to-create-a-more-secure-computer/ 

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/
 


Talking about alternatives: how the Qubes 4.0 stand with RYF certified X200? 
Like for example this one: https://tehnoetic.com/laptops/tet-x200s 
 and others like T400 and T500, which 
can be found there as well. Working well? Any issues known?
Thank you


Sep 15, 2018, 1:00 AM by taii...@gmx.com:

> Everyone please be aware that purism's marketing is dishonest.
>
> Their products do not have open source firmware[1] and the ME is not
> disabled (the kernel still runs along with mask roms and the me hw init
> code)
>
> Intel chips or any new x86 for that matter do NOT respect your privacy!
>
> [1]Their coreboot is simply a shim loader layer for Intel's FSP binary
> blob that performs the hardware initiation - these days coreboot doesn't
> necessarily mean open source firmware.
>
> In terms of laptops it is much better to purchase for instance an owner
> controlled pre-PSP AMD G505S[2] which has open cpu/ram init via coreboot
> or one of the ivy/sandy thinkpads which while not owner controlled are
> significantly more free than puri.crap as they have open cpu/ram/gpu
> init via coreboot and their ME can be nerfed down to the BUP layer which
> while is not at all equivilant to not having an ME at all such as on
> non-x86 arches or pre-PSP AMD it is still much better.
>
> All of my laptop recommendations here work great with Qubes 4.0 and
> there is a nice little qubes g505s community.
>
> [2](for the best user experience make sure to get the highest end quad
> core A10 model if you buy one - although the less expensive A6 quad core
> models are still quite usable)
>
>
> I do not have an issue with purism selling non-free laptops - I have an
> issue with them being dishonest.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > qubes-users+unsubscr...@googlegroups.com 
> > .
> To post to this group, send email to > qubes-users@googlegroups.com 
> > .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-users/b706b02b-6461-3461-7a6b-19b8ebdb9a8f%40gmx.com
>  
> >
>  .
> For more options, visit > https://groups.google.com/d/optout 
> > .
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMRlztC--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Open in Qube 3.0 beta released!

[Yethal]

W dniu piątek, 14 września 2018 20:31:24 UTC+2 użytkownik John S.Recdep napisał:
> On 09/14/2018 07:02 AM, 'Raffaele Florio' via qubes-users wrote:
> > Dear Qubes community,
> > I've released a new version of "Open in Qube" (aka qubes-url-redirector) 
> > [v3.0_beta]. The repository is at [repo].
> > This is a browser extension inspired by [gsoc idea] and it's written using 
> > standard WebExtension APIs. Each customization is done via the browser 
> > because it's highly integrated in it.
> > 
> > ### What does it do
> > The extension allows you to choose which URLs are whitelisted in the 
> > browser, with a lot of flexibility. Indeed you can specify allowed URLs 
> > also with regular expression. Non whitelisted URLs are treated in a custom 
> > way: you can choose to block them only, or to block and redirect them to a 
> > specific/disposable qube. In this way unwanted/malicious URLs will not be 
> > opened in the current browser, so in the current qube.
> > Furthermore there are three context menu entry ([menu issue]) through which 
> > you can choose how to handle specific link. Then there is the toolbar's 
> > popup that allows you to whitelist a **specific** resource currently 
> > blocked in the **active** tab. In the popup is indicated the URL and the 
> > type (i.e. image, stylesheet, script, xhr and so on..) of each resource.
> > In the repo there are some screenshot and other infos. Furthermore after 
> > the first installation the browser will open a welcome page whose will 
> > guide you.
> > 
> > ### Installation
> > Installation is really easy and it's covered in the [repo]. As you can see 
> > in [contrib issue] its integration in Qubes OS is scheduled for the 4.1 
> > release.
> > 
> > I hope that it will be useful to a lot of us and for whatever issue don't 
> > hesitate to contact me! :D
> > 
> > [v3.0_beta] = 
> > https://github.com/raffaeleflorio/qubes-url-redirector/releases/tag/v3.0_beta
> > [gsoc idea] = 
> > https://www.qubes-os.org/gsoc/#thunderbird-firefox-and-chrome-extensions
> > [menu issue] = https://github.com/QubesOS/qubes-issues/issues/4105
> > [contrib_issue] = https://github.com/QubesOS/qubes-issues/issues/3152
> > [repo] = https://github.com/raffaeleflorio/qubes-url-redirector/
> > 
> > Best Regards,
> > Raffaele.
> > 
> > 
> 
> Nice.
> 
> Can't quite understand how or why this would be used, though..?  am
> sure it makes sense to the smart folks :)
> 
> 
> here's my vote for whatever "gsoc idea" is , 'cause:
> 
> I wish I could click on a URL in ThunderbirdVM  and have it open a
> whonix-dvm  by default  .  afaik there is no current way to do that.

No, but there is a way to do that in chrome or firefox now

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/337f72c6-b331-4924-bd30-88285db74137%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.