Re: [qubes-users] Intel ME and AEM/HEADS
Le mercredi 30 janvier 2019 à 13:07 +0630, Frank Beuth a écrit : > Apologies if this is getting offtopic, but: one author suggested that > modern > versions of Coreboot could (in absence of Intel ME or AEM) reduce > Evil Maid > attacks to physical attacks requiring the attacker to open the laptop > and > physically reflash the SPI flash. > > Does this sound correct? When flashing Coreboot for the first time, you usually need an SPI flash cable with physical access to hardware. On some low-end boards, you may flash directly without physical access. Once Coreboot is installed, you can reflash your bios within GNU/Linux using flashbios utility. In this case, Coreboot offers no bios protection. Coreboot developers have beend asked for a password protection, but they think it is useless and will not develop such a feature. The advantage of Coreboot is that it claims to be able to disable or limit Intel ME backdoor. In recent versions, Coreboot embeds Intel blobs, so installing a limited version of Intel ME might not be sufficient to completely disable it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f0b9fbb3c131a97ea71fed7b88660adcc181de4.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME and AEM/HEADS
On Wed, Jan 30, 2019 at 09:02:57AM +0100, Alexandre Belgrand wrote: Once Coreboot is installed, you can reflash your bios within GNU/Linux using flashbios utility. In this case, Coreboot offers no bios protection. Coreboot developers have beend asked for a password protection, but they think it is useless and will not develop such a feature. Apologies again if this is offtopic, but it sounds like there is a way to disable software reflashing of Coreboot entirely? Or am I misinformed? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190130085029.iksfkydj6nzc3eed%40web.local. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME and AEM/HEADS
Le mercredi 30 janvier 2019 à 15:50 +0700, Frank Beuth a écrit : > Apologies again if this is offtopic, but it sounds like there is a > way to > disable software reflashing of Coreboot entirely? Or am I > misinformed? https://doc.coreboot.org/flash_tutorial/index.html Quoting : "Updating the firmware is possible using the internal method, where the updates happen from a running system, or using the external method, where the system is in a shut down state and an external programmer is attached to write into the flash IC." After flashing coreboot, your bios is wide open for reflashing. Personally, this is what stops me from adopting Coreboot. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5908b07983d70cca378c7bd343069fdb8e2ad49d.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME and AEM/HEADS
Only if you configure it that way.Also, even if you do, you wanna make sure it only accepts updates signed by your personal key. cheers On 1/30/19 11:00 AM, Alexandre Belgrand wrote: > Le mercredi 30 janvier 2019 à 15:50 +0700, Frank Beuth a écrit : >> Apologies again if this is offtopic, but it sounds like there is a >> way to >> disable software reflashing of Coreboot entirely? Or am I >> misinformed? > https://doc.coreboot.org/flash_tutorial/index.html > > Quoting : "Updating the firmware is possible using the internal method, > where the updates happen from a running system, or using the external > method, where the system is in a shut down state and an external > programmer is attached to write into the flash IC." > > After flashing coreboot, your bios is wide open for reflashing. > Personally, this is what stops me from adopting Coreboot. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ea95105-d502-58e4-cfe9-99737097098f%40cryptogs.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: automatic start dropbox in VM
On Sunday, September 21, 2014 at 1:49:05 PM UTC-5, Jos den Bekker wrote: > I would like to have dropbox start automatically when I start my work VM. How > best do I do that? Install a new service? Or is there a startup script to > which I can add the appropriate command? > Thanks for any feedback. I simply put a symbolic link to dropbox.desktop in ~/.config/autostart Works perfectly. I also have links to slack.desktop and thunderbird.desktop. The .desktop files are located in /usr/share/applications/ Cheers, John -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/46faf3fa-572d-48e9-b745-f1963a68c276%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fedora Modular 29??
By updating Fedora 29 template I learned that after sudo dnf update I get also some Fedora Modular 29 downloads. Never spotted that before. Is it a normal behavior? - I have the /etc/yum.repos.d/qubes-r4.repo set to the stable only. - I have onionized the updates - I accidentally installed the dom0 testing repo before and duno yet how to return it to the non-testing, stable-only status. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LXUGVt7--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: diff files across appvms
On Tuesday, January 22, 2019 at 3:23:54 PM UTC-6, john.e...@gmail.com wrote: > Is it possible to compare (diff) files across appvms. Or (and), is it > possible to pass arguments to an appvm through a dom0 terminal. > > Basically, I want to check if a Keepassxc file in my vault is different than > a Keepassxc file in my appvm. > > Thanks for any ideas. > > John Would it not be simpler, and safer, to create the hash in your vault VM and then copy it to the global clipboard. Then switch to your appVM, open gedit (or editor of your choice) and paste the hash there. Finally create the hash in your appVM and compare the two. That is the basic method I have been using to compare things across VMs. In particular, generate whatever you need in the more secure VM and pass the result to the less secure VM for the comparison step. I avoid doing anything except VM management in dom0. I think that is the way one is supposed to use Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f075ffbf-85fd-4546-a3ff-b77dfda67abe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: diff files across appvms
On Wednesday, January 30, 2019 at 11:06:19 AM UTC-5, John Goold wrote: > On Tuesday, January 22, 2019 at 3:23:54 PM UTC-6, john.e...@gmail.com wrote: > > Is it possible to compare (diff) files across appvms. Or (and), is it > > possible to pass arguments to an appvm through a dom0 terminal. > > > > Basically, I want to check if a Keepassxc file in my vault is different > > than a Keepassxc file in my appvm. > > > > Thanks for any ideas. > > > > John > > Would it not be simpler, and safer, to create the hash in your vault VM and > then copy it to the global clipboard. Then switch to your appVM, open gedit > (or editor of your choice) and paste the hash there. > > Finally create the hash in your appVM and compare the two. > > That is the basic method I have been using to compare things across VMs. In > particular, generate whatever you need in the more secure VM and pass the > result to the less secure VM for the comparison step. Good advice, John. Thanks. > > I avoid doing anything except VM management in dom0. I think that is the way > one is supposed to use Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/eaf1d479-d1c6-4ece-b6c1-6792c58a57fe%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME and AEM/HEADS
Le mercredi 30 janvier 2019 à 12:38 +0100, Maillist a écrit : > Only if you configure it that way.Also, even if you do, you wanna > make > sure it only accepts updates signed by your personal key. Interesting. Could you point out the documentation explaining how. Thanks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8a1202447372be643cfeac7cec08507207c5025.camel%40mailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qube Window Manager; unable to list all open windows
On Sun, Jan 27, 2019 at 1:16 PM Chris Laprise wrote: > On 01/27/2019 09:32 AM, Franz wrote: > > Command `wmctrl -l` gives the following error > > > > |Cannot get client list properties. (_NET_CLIENT_LIST or > _WIN_CLIENT_LIST)| > > This works for me with KDE. > > > > > > But when I use |wmctrl| to display info about the window manager, Qubes > > is indeed found: > > [user@personal ~]$ wmctrl -m > > Name: Qubes > > Class: N/A > > PID: N/A > > Window manager's "showing the desktop" mode: N/A > > > > What I am trying to do is to gracefully close firefox, but I get the > > same error: > > > > [user@personal ~]$ wmctrl -c firefox > > Cannot get client list properties. > > (_NET_CLIENT_LIST or _WIN_CLIENT_LIST) > > You could try using 'xdotool' instead: > xdotool search --name Firefox > > See my 'halt-vm-by-window' script from 'Qubes-scripts' project for > examples. You could go through the list of matching windows, find the VM > name with 'xprop', then issue a command like "qvm-run $vmname 'pkill > firefox'" which should send a normal TERM signal to Firefox. I tried most of the 60 signals that can be associated to pkill and none is able to close firefox gracefully. The closer one is number 3, SIGQUIT that at least waits a little bit before closing firefox. I suppose the way kill and pkill work is just to crash the program you want to close. Well perhaps it may not be as bad as it seems. I wonder why wmctrl does not work with xfce. Is that a bug? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qB6Hv4WMR5q-32VF-yAA47WY%3D9msb-6xn4dOun1qskR5Q%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: passhprase or os boot doesn't prompt from gui anymore?
On Tuesday, January 29, 2019 at 6:31:02 PM UTC-5, cooloutac wrote: > Just want to make sure this is normal behavior. I noticed a couple weeks ago > the passphrase asks me type in from boot prompt and doesn't ask me to type in > passphrase from gui screen anymore. Is this normal? > > Thanks, > Rich. Do you have kernel-next installed? If so that's a known bug; see https://github.com/QubesOS/qubes-issues/issues/3849. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea9efd78-cb5b-4b88-a879-b143c8af1238%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Script Error
On Tuesday, January 29, 2019 at 4:15:26 PM UTC-5, R A F wrote: > chrome://global/content/bindings/notification.xml:35 You need to provide the complete message, which this isn't. What else does it say? I assume you're using Firefox? Try Safe Mode. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4b69195a-f2be-4776-8e52-64038a206d37%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Reversing dom0 testing repo installation
On Wednesday, January 30, 2019 at 9:28:20 AM UTC-5, qube...@tutanota.com wrote: > Just a humble reminder for my question. I tried to research the topic, but > didn't move anywhere. Can anyone advice me please? I don't know the answer to your question offhand, but if you aren't encountering any serious problems you can probably just wait. Eventually stable will catch up to what's currently in testing and you'll be on a stable system again. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ca8d10f5-57be-4e89-9b04-bc9ac90ca29e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HCL - Dell Latitude E6500
On Tuesday, January 9, 2018 at 2:12:24 AM UTC-5, Robert Dunham wrote: > I was unable to get the built-in WiFi Dell DW1397 (Broadcom BCM94312HMG) > adapter working. The neither the official broadcom driver nor the open-source > variant would install correctly. I swapped it for an Intel card that worked > out of the box. > > I'm unable to create HVM domains despite having virtualization enabled in > BIOS. I receive the following error: > > libvirt.libvirtError: invalid argument: could not find capabilities for > arch=x86_64 > > Sleep works, but the keyboard does not work after waking. The touchpad is not > affected. > > Session saving does not work. Did you ever figure out how to run Qubes from the E6500? I'm way in over my head! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5eabc061-1dc6-4107-ad9e-2ca34a230dda%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] why mail-list?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 1/31/19 12:32 AM, marmot-te wrote: > So, the real question is : There is someone who takes care about it > and optionally, Qubes_dev? There is an unofficial, PoC Qubes User Forum project: https://qubes-os.info/ - -- Zrubi -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEmAe1Y2qfQjTIsHwdVjGlenYHFQ0FAlxSpdsACgkQVjGlenYH FQ1lzw/+Jg9sumBWj7tng3XkTWjZ44C+a7rRC2IGuTPMh/yacqMajAmoWmpWHiUy Lhlei/L3LCfFhOiChCLaIKuQGFLWswGPO2xj+DPTDiP+eCCwub4lAf2W2+IFVRvv NGg+zI6sZkXiLFeGrfR3fzCviACqarT12/U3YECwcUHJM+4v9WGSI/th0sEaadCV hGHRUbkL+FTxz9jnzdXbXoiihpgr0e+/YZgFOVc4pCGhuCJDQsqAwwot1eWI0FfQ ZnJ4FkaJTQJJBlyk34MnF1ZUaOW6kwfvOKfa/qcnxWAbw4A4e1bBuzyHLuvIVimV iANaZIe4SdSnX91Dx7hKFtV8IjJU7qeKz5Q2ox7vNbKKvJI/uUFr19buL69IRLLQ UCLodTW+r7KmZZMOFKLb0h6It/zcMgwm3HQM1YkO4uXCuugmaqE0IaecS9FPLEUB TEFU4QCkUiWdpFod7Rijt3A5yk+bFQvV3wKC1dCJpmY+tc+VgroFgjGIgZ7brY4m f6XVO2JxI7tm/7vqfLSr3sd5bhEOstDinGFj/Ve3GAStsorBRYqF1O1jjk+K4w05 L1CsskGEliC1au7D+WRrkID+IzqR1/BLwuaczi8CXH5HjhqNd3fGXXNVVdQehRF+ Tdn9SL2/XBiA+5BW3aXj4TIFDqNOh3Cubeny0rioS3xJ4dHP8z0= =XbJS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e2fca00-a0e5-8004-a706-4e8e358047b9%40zrubi.hu. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: automatic start dropbox in VM
On 30/01/2019 15.53, John Goold wrote: > > I simply put a symbolic link to dropbox.desktop in ~/.config/autostart > > Works perfectly. I also have links to slack.desktop and thunderbird.desktop. > > The .desktop files are located in /usr/share/applications/ This is the cleaner solution and I highly recommend it. It's the best way to get apps autostarted with the *right* environment variables for your desktop environments, something that `sudo` in the context of `rc.local` will *not* give you. -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/321bfc4a-b130-cee7-4c12-a6896aca467f%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] why mail-list?
hi here, I understand that list mail is pretty useful, but ... come on, this is not really common user-friendly example 1 : I cannot know what it be said before I subscribe to it example 2 : I know some users of Qubes than who don't give a chance to that mail list, cause it is a new level of complexity (use of a good mailing software) for people who already have already some troubles with the very! useful man pages. I understand that is pretty more useful than an obscure forum in many cases BUT another example, there is common questions like WhatStuffICanUseWithQubes who a new user want to know at the instant s.he test it and s.he maybe never will ask the question nor know the good answer. I am (maybe?) not saying than Qubes need a forum, but, come on, there is another solutions, which can complete this one, and will (maybe!) not rely in google. So, the real question is : There is someone who takes care about it and optionally, Qubes_dev? Thanks for reading my broken gramar -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cbdc13f7-6fcd-ebbf-d74d-977d9b821bc6%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] why mail-list?
On Wed, 30 Jan 2019 18:32:00 -0500, marmot-te wrote: hi here, I understand that list mail is pretty useful, but ... come on, this is not really common user-friendly example 1 : I cannot know what it be said before I subscribe to it Just realized google strips the sig. I'm using opera 12.16 to read the mailing lists, which like other mail programs does show the sig, so my apologies for implying it should have been obvious. While I do use gmail due to it's convenience for what I do, I don't use it's web interface except to control the settings. I use pop3 to download all messages to my computer and smtp for replies. I have other email accounts for things I don't want google to be able to see, and use gpg where appropriate for end to end encryption. Regards, Dave Hodgins -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/op.zwgf1wrqn7mcit%40hodgins.homeip.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Broadcom wireless driver issue.
Τη Τρίτη, 29 Ιανουαρίου 2019 - 4:58:18 μ.μ. UTC+2, ο χρήστης qma ster έγραψε: > Broadcom hardware/software is a proprietary piece of crap that doesn't work > well at the opensource operating systems. It could be easier to just replace > your Broadcom MiniPCIe card with something from Atheros ath9k family which > has opensource drivers / opensource firmware and work perfectly almost > everywhere. Just make sure that either your BIOS doesn't have a wifi > whitelist or you know how to remove it / where to obtain a hacked BIOS with > it removed (e.g. bios-mods site). E.g. check AR9462 miniPCIe card: > 2.4GHz+5.0GHz 300 Mbps 802.11n Wifi, costs just 8 dollars at aliexpress with > free shipping from china --> and problem solved Τη Τρίτη, 29 Ιανουαρίου 2019 - 4:58:18 μ.μ. UTC+2, ο χρήστης qma ster έγραψε: > Broadcom hardware/software is a proprietary piece of crap that doesn't work > well at the opensource operating systems. It could be easier to just replace > your Broadcom MiniPCIe card with something from Atheros ath9k family which > has opensource drivers / opensource firmware and work perfectly almost > everywhere. Just make sure that either your BIOS doesn't have a wifi > whitelist or you know how to remove it / where to obtain a hacked BIOS with > it removed (e.g. bios-mods site). E.g. check AR9462 miniPCIe card: > 2.4GHz+5.0GHz 300 Mbps 802.11n Wifi, costs just 8 dollars at aliexpress with > free shipping from china --> and problem solved Τη Τρίτη, 29 Ιανουαρίου 2019 - 4:58:18 μ.μ. UTC+2, ο χρήστης qma ster έγραψε: > Broadcom hardware/software is a proprietary piece of crap that doesn't work > well at the opensource operating systems. It could be easier to just replace > your Broadcom MiniPCIe card with something from Atheros ath9k family which > has opensource drivers / opensource firmware and work perfectly almost > everywhere. Just make sure that either your BIOS doesn't have a wifi > whitelist or you know how to remove it / where to obtain a hacked BIOS with > it removed (e.g. bios-mods site). E.g. check AR9462 miniPCIe card: > 2.4GHz+5.0GHz 300 Mbps 802.11n Wifi, costs just 8 dollars at aliexpress with > free shipping from china --> and problem solved Yeah I've read tons of horror stories about getting Broadcom properly working on Fedora and Debian. Replacing the network card is something I'm also considering doing in case I completely lose my patience. Also I have no idea why it was so easy to set it up on a clean Fedora 29 WS installation. All it took was literally 3 commands + reboot and then I had WiFi. In Qubes Fedora Template VM I cannot get past building the module. And it's such a pity because other than that the OS is great and it really meets my needs. All I need now is not having to use a USB WiFi adapter for Internet connection. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/67b55161-d0a1-4077-acd6-6e36f6f5863c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] why mail-list?
On Wed, 30 Jan 2019 18:32:00 -0500, marmot-te wrote: hi here, I understand that list mail is pretty useful, but ... come on, this is not really common user-friendly example 1 : I cannot know what it be said before I subscribe to it As per the signature auto-appended to each message. See https://groups.google.com/forum/#!forum/qubes-users example 2 : I know some users of Qubes than who don't give a chance to that mail list, cause it is a new level of complexity (use of a good mailing software) for people who already have already some troubles with the very! useful man pages. While forums are useful, mailing lists do not require using a web browser. For a security oriented distribution, mailing lists are easier to control in a secure way. I understand that is pretty more useful than an obscure forum in many cases BUT another example, there is common questions like WhatStuffICanUseWithQubes who a new user want to know at the instant s.he test it and s.he maybe never will ask the question nor know the good answer. That's what the faq is for. https://www.qubes-os.org/faq/ I am (maybe?) not saying than Qubes need a forum, but, come on, there is another solutions, which can complete this one, and will (maybe!) not rely in google. Why use google? Learn how to use an email program, such as thunderbird to read and post to the lists. So, the real question is : There is someone who takes care about it and optionally, Qubes_dev? Thanks for reading my broken gramar I'm just an occasional user of qubes, but as a participant in the creation of another distribution (Mageia), I know that if there are things in the way a distro is doing things that you would like to see changed, and can't convince the current team to implement those changes, join the team and work towards getting those changes implemented. Regards, Dave Hodgins -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/op.zwgfkdfan7mcit%40hodgins.homeip.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Intel ME and AEM/HEADS
On Tue, Jan 29, 2019 at 10:09:23PM -0500, Chris Laprise wrote: On 1/29/19 8:59 PM, Frank Beuth wrote: Can someone explain the interaction between Anti Evil Maid/HEADS and the Intel Management Engine to me? I read an article which stated that disabling Intel ME also prevents installing AEM (and related technologies), but I am not sure why (or if this is really true). Is ME needed to access the TPM? Someone correct me if I'm wrong... IIRC the ME processor is needed to operate the TXT feature which verifies code present at boot. TXT utilizes a TPM but is separate. https://en.wikipedia.org/wiki/Trusted_Execution_Technology Newer systems also have the TPM built into the CPU and I believe these That makes sense, thank you. Apologies if this is getting offtopic, but: one author suggested that modern versions of Coreboot could (in absence of Intel ME or AEM) reduce Evil Maid attacks to physical attacks requiring the attacker to open the laptop and physically reflash the SPI flash. Does this sound correct? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20190130033349.vvskj53hqta7pxek%40web.local. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Broadcom wireless driver issue.
> Broadcom hardware/software is a proprietary piece of crap that doesn't work > well at the opensource operating systems. It could be easier to just replace > your Broadcom MiniPCIe card with something from Atheros ath9k family which > has opensource drivers / opensource firmware and work perfectly almost > everywhere. Just make sure that either your BIOS doesn't have a wifi > whitelist or you know how to remove it / where to obtain a hacked BIOS with > it removed (e.g. bios-mods site). E.g. check AR9462 miniPCIe card: > 2.4GHz+5.0GHz 300 Mbps 802.11n Wifi, costs just 8 dollars at aliexpress with > free shipping from china --> and problem solved Broadcom is definitely a nightmare to setup and I'm actually considering seriously replacing the card since I cannot find a solution to why the driver is not building. However I have no idea why it was so easy to setup on a Fedora 29 Workstation installation. I literally run sudo dnf install akmods "kernel-devel-uname-r == $(uname -r)" sudo dnf install broadcom-wl sudo dnf akmods reboot and I had WiFi. I can't seem to get past dnf akmods failing and have trouble understanding why is it happening. All this is such a dealbreaker cause otherwise I have configured Qubes in a way that I feel great using it. I just want to stop having to use a USB WiFi adapter to get Internet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1ce31c7-8c30-4dd2-9da4-d4263b9a2595%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Reversing dom0 testing repo installation
Just a humble reminder for my question. I tried to research the topic, but didn't move anywhere. Can anyone advice me please? Jan 28, 2019, 3:59 PM by qubes-...@tutanota.com: > hi, I accidentaly downloaded and installed the dom0 update from the testing > repo. Is there any way to reverse the action and keep only the stable version? > > I already disabled the testing repo in the /etc/yum.repos.d/qubes-dom0.repo > > Thank you > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LXU9GJn--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.