[qubes-users] Re: Suggestions for RBAC for grsecurity-enabled kernel?
On Wednesday, January 25, 2017 at 6:22:14 PM UTC+1, raah...@gmail.com wrote: > On Tuesday, January 24, 2017 at 9:15:10 AM UTC-5, Kopimi Security wrote: > > On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote: > > > Yeah, I tried it myself leaving my laptop turned on and on learning mode > > > for three weeks straight, but it didn't catch everything and certain > > > things still failed so there's definitely some manual massaging that > > > needs to be done. > > > > Thank you for your input! > > > > Would you think a sniffing approach, or a tripwire approach, to be better*? > > > > * On a RAM-limited system > > what do you mean by sniffing approach? Sorry for being unclear, I'm not a native speaker. By "sniffing", I meant to refer to active monitoring of known attack types, a pro-active approach as opposed to a more after-the-fact intrusion detection system. Kind of like watchdogs for memory, and snort for ports. Google recently wrote up some advice for hardening KVMs: https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html Their number one advice is using a pro-active approach. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/02fa0201-0f4f-43c4-a786-164a6147d35d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Suggestions for RBAC for grsecurity-enabled kernel?
On Monday, January 23, 2017 at 8:38:56 PM UTC+1, Reg Tiangha wrote: > Yeah, I tried it myself leaving my laptop turned on and on learning mode > for three weeks straight, but it didn't catch everything and certain > things still failed so there's definitely some manual massaging that > needs to be done. Thank you for your input! Would you think a sniffing approach, or a tripwire approach, to be better*? * On a RAM-limited system -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e1b6a948-ec60-4dbc-a40f-8ca410a3ef9f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: question about setting up VPN proxy vm
On Monday, January 23, 2017 at 11:20:26 PM UTC+1, Brian LoBue wrote: > Hi All, > > I'm attempting to follow the docs here: https://www.qubes-os.org/doc/vpn/ > > and setup a proxyVM so I can tunnel traffic to a vpn for other appvms. > I would recommend just using the command-line scripts, such as openvpn . Please give it a try, I will help you after you have tried yourself. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/55232520-7b48-4067-8f1e-24652bcfc136%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Linux HVM Cursor lag
On Monday, January 23, 2017 at 1:38:31 PM UTC+1, tech...@tutanota.com wrote: > I wanted to ask everyone using linux HVM's - or even booting a linux live CD > - do you get cursor lag? So far I have seen that in Kali. In fact, the cursor is not only slow, but the entire window moves about when I move the cursor. This has the main effect of moving away things I need to click on when moving the mouse, and the (bonus, I guess) side-effect of driving me crazy. Haven't bothered testing more yet, but will look into it in future. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3f9a6e8e-8c23-4d55-9d45-de7646cce99d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Suggestions for RBAC for grsecurity-enabled kernel?
Hardened kernel with Grsecurity is coming along nicely - and there is yet more to come, as this medium-post shows https://medium.com/@securitystreak/living-with-qubes-os-r3-2-rc3-for-a-week-1a37e04c799e Here's the background, I just sent this mail to coldhak.ca: --- Referring to https://coldhak.ca/coldkernel/ 1. Please add that error-messages from "sudo update-grub2" can safely be ignored. As also stated in https://www.qubes-os.org/doc/managing-vm-kernel/ , "Installing PV GRUB2". 2. Also please add that one needs to change the kernel in appvms to pvgrub2 3. And related, that one should also install paxtest and run it to confirm that grsecurity is running As mentioned at https://micahflee.com/2016/01/debian-grsecurity/ 4. And that there is the option to add further to securing the appvm, by using gradm2 in learning mode as explained at https://en.wikibooks.org/wiki/Grsecurity/The_Administration_Utility#Full_System_Learning --- And so I'd like to hear if you have any suggestions for RBAC given the opportunities for compartmentalization that Qubes OS provides. Cheers, C-c & C-v -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0dfeb459-3b7f-438f-b028-e8d8a32848c8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
On Saturday, December 3, 2016 at 12:13:35 AM UTC+1, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 12/02/16 11:17, Kopimi Security wrote: > > On Thursday, December 1, 2016 at 12:56:11 AM UTC+1, Andrew David Wong wrote: > >> Unfortunately, the financial necessity of shifting our priorities to > >> commercial > >> clients will mean that we have less time to work on features that benefit > >> the > >> wider, security-minded open source community, which has been our focus for > >> the > >> past seven years. This deeply saddens us. (We all use Qubes on our > >> personal > >> computers too!) However, the reality is that ITL can't afford to sustain > >> the > >> open source development of Qubes for much longer. We're running out of > >> time. > >> > >> In an attempt to keep the open source development of Qubes going, we've > >> teamed > >> up with Open Collective [07], which makes it easier to donate to the Qubes > >> project. Now, in addition to our Bitcoin fund [08], we can also accept > >> donations via credit card. ITL will not benefit from of any of the money > >> donated > >> through Open Collective. Instead, the funds will be paid directly to > >> individual > >> developers who have been hired to work on the open source edition of Qubes. > > > > I'm excited about this, and wish to support Qubes. > > My first thoughts are "How can Qubes reach a broader community", and "Can > > the HOWTO's be made more approachable?". > > For example, the section 'assigning-devices' on the /doc/, didn't get into > > how to actually use a mouse with a sys-usb qube, before at the very end. > > And there, the way it was written gave the impression of giving the answer > > almost as an afterthought, as if it should have been obvious to everybody. > > As such, it reads as it was written by somebody "too close to the problem". > > Somebody being so familiar with the system that outsiders' inability to > > grasp the "obvious", escapes him. Or her. > > This is not a unique issue for ITL though, the same problem pops up > > everywhere when highly technical minded people try to convey something to > > people who just wants to be *users*! > > > > So that's what I'm thinking, maybe it would be good for the > > "evangelization" of Qubes to make some very simple, brief, and to-the-point > > videos and howto's? > > > > Yes, certainly. Would you be willing to help us with that? :) > Absolutely! Would it be okay if I started with some of the /doc/-articles? I've noticed that some of them could benefit from an update, as an example the one on Kali (https://www.qubes-os.org/doc/pentesting/kali/). Please let me know if this is something that I could help out with. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cc29f7a9-af14-460b-94d1-de12c1bec0eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
On Thursday, December 1, 2016 at 12:56:11 AM UTC+1, Andrew David Wong wrote: > Unfortunately, the financial necessity of shifting our priorities to > commercial > clients will mean that we have less time to work on features that benefit the > wider, security-minded open source community, which has been our focus for the > past seven years. This deeply saddens us. (We all use Qubes on our personal > computers too!) However, the reality is that ITL can't afford to sustain the > open source development of Qubes for much longer. We're running out of time. > > In an attempt to keep the open source development of Qubes going, we've teamed > up with Open Collective [07], which makes it easier to donate to the Qubes > project. Now, in addition to our Bitcoin fund [08], we can also accept > donations via credit card. ITL will not benefit from of any of the money > donated > through Open Collective. Instead, the funds will be paid directly to > individual > developers who have been hired to work on the open source edition of Qubes. I'm excited about this, and wish to support Qubes. My first thoughts are "How can Qubes reach a broader community", and "Can the HOWTO's be made more approachable?". For example, the section 'assigning-devices' on the /doc/, didn't get into how to actually use a mouse with a sys-usb qube, before at the very end. And there, the way it was written gave the impression of giving the answer almost as an afterthought, as if it should have been obvious to everybody. As such, it reads as it was written by somebody "too close to the problem". Somebody being so familiar with the system that outsiders' inability to grasp the "obvious", escapes him. Or her. This is not a unique issue for ITL though, the same problem pops up everywhere when highly technical minded people try to convey something to people who just wants to be *users*! So that's what I'm thinking, maybe it would be good for the "evangelization" of Qubes to make some very simple, brief, and to-the-point videos and howto's? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bae42017-164b-4bf3-93b4-373a6ea4c00f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
