Re: [qubes-users] Can a joystick be used as a mouse?

2018-04-10 Thread Giulio 
Have you considered a vertical mouse?

On April 10, 2018 10:05:06 PM GMT+02:00, aisteruannano...@gmail.com wrote:
>Is there a way that a ordinary gaming joystick could be used in place
>of a mouse to control the cursor in Qubes? I am having some trouble
>with a repetitive stress injury, and I thought a joystick might be more
>ergonomic. 
>
>I have seen information on how this can be done on a normal Linux
>system (such as by editing the xorg configuration), but have not been
>able to get it to work. I am also aware that there are special joystick
>pointers made for people with dexterity problems, but these are
>prohibitively expensive.
>
>Any help on this would be appreciated.
>
>Thanks in advance,
>
>--Timmy
>
>-- 
>You received this message because you are subscribed to the Google
>Groups "qubes-users" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to qubes-users+unsubscr...@googlegroups.com.
>To post to this group, send email to qubes-users@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/qubes-users/f39a545d-96d7-4c24-8867-3054c83a90e6%40googlegroups.com.
>For more options, visit https://groups.google.com/d/optout.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/EE46271A-21B0-413B-B0B6-EE478BBDF674%40anche.no.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Offtopic :: reasonable secure routers?

2018-04-12 Thread Giulio 
In my opinion the best affordable option is using a PC Engines APU2 with 
OpenBSD https://www.pcengines.ch/apu2.htm (but of couse you can use 
linux/FreeBSD too).


On April 12, 2018 8:01:02 AM GMT+02:00, 799  wrote:
>Hello,
>
>having a reasonable secure OS and maybe some additional freedom by
>using
>Coreboot is great, but might not be enough.
>
>At least in Germany most home routers are not owned by the users but
>the
>internet providers, even worse it ia often not possible to upgrade the
>software as a user.
>If I want to improve this situation, what do you think about librecmc (
>https://librecmc.org/faq.html), I have come across by accident?
>
>Sorry if this is non-qubes question, but I don't know that much people
>carrying about privacy and would like to hear your opinion about it.
>
>"(...)  In the light of recent events, it is more important now more
>than
>ever to fight for the freedom to control the software that runs on a
>given
>device. Users should have the freedom to control their devices, not the
>OEMs who originally made the device. Since libreCMC is free software,
>users
>have total control over what the software on their device is doing.
>This is
>important because it means that the community can add new features,
>review
>what the software is doing and make improvements that benefit the
>community
>as a whole. (...)"
>
>Regards
>
>[799]
>
>-- 
>You received this message because you are subscribed to the Google
>Groups "qubes-users" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to qubes-users+unsubscr...@googlegroups.com.
>To post to this group, send email to qubes-users@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/qubes-users/CAJ3yz2svo8YYKaOUyvUEqCQCcy%2B_ORWxk-P%3Dk9HbHHLi-rm-Bw%40mail.gmail.com.
>For more options, visit https://groups.google.com/d/optout.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8F288F95-3501-40FB-BC0E-0D3132FB4446%40anche.no.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Tor security - browsing/downloading over http

2018-04-03 Thread Giulio 
Just a note, it all depends on your threat model. Be careful that most of the 
solutions you explained have each very different implications:
1) Most website with a login do have https. If they are hidden services they do 
not need it as traffic does not go through an exit node. If none of the above 
apply you could still use a VPN or a tunnel on top of tor but you will loose 
some anonimity

2) Which type of files are you talking about? If we are not talking about 
executables (i hope not) then Qubes do have disposable vms which should prevent 
an attacker from accessing sensitive files or gaining persistance. Also even 
for attacking the disposable vm the attacker would need an exploit for a reader 
software (evince, libreoffice etc).

3) Not using tor in order to download files prevent only man in the middles 
attack coming from the tor network, your provider, your neighbors, your dns 
server etc may still tricks you the same way.

As a general rule, mixing any of your tor activities with your non tor 
activities do break the very purpose of tor, especially if you use the same 
accounts in and out. My suggestion is to first try to understand what the 
purpose of tor is and against which type of adversary you need protection and 
then make your choices on that basis.

Giulio

On April 4, 2018 1:23:56 AM GMT+02:00, "js...@riseup.net" <js...@riseup.net> 
wrote:
>Hi everyone,
>
>I've been thinking about ways i can increase security when using tor in
>a whonix vm, and i had a few questions about the security risks of
>browsing/downloading files over http.
>
>I've looked up some info about it and i know it presents a security
>risk, but i don't really know what i'm talking about so i thought i'd
>ask you guys. Please let me know if i'm wrong about anything here
>(which
>is likely!) Sorry this is so long!
>
>Anyways, let's say i want to use a site that doesn't use https (http
>only) that i can do 3 things on:
>
>1. general browsing/reading content
>2. download small files
>3. log into an account, which is required to download large files
>
>I'm browsing the site in a relatively unsecure vm that i don't
>necessarily care much about, but i'll probably want to move some of the
>files to another vm to use elsewhere, or to a usb stick to transfer to
>another machine.
>
>If i use the site over tor, the exit node operator can read all the
>unencrypted traffic, and possibly maliciously modify files downloaded,
>which is why it's recommended to always use https when possible over
>tor. Qubes helps with this since i can do all my browsing on the site
>in
>a separate vm, but there's still a security risk especially if i
>transfer files elsewhere.
>
>It seems to me that i basically have 4 options:
>
>1. Do everything over tor, including downloading files and logging into
>the account. This is bad because the exit node operator can see my
>username/password, and i don't think there's any way of really reducing
>the risk from this.
>
>2. Browse the site and download small files (without logging in) over
>tor, but use a non-tor VM to log into the account to download larger
>files. This is better than option 1 because exit node operators never
>see me log into the account, but still presents a security risk because
>they can maliciously modify files i download.
>
>It seems to me that exit node operators doing something like this
>(modifying files downloaded over http to compromise my vm) is something
>that would have to be done manually, in real time, but please let me
>know if i'm wrong about that! I also don't know how likely this is to
>actually happen.
>
>But it seems to me that a way to reduce the risk here is to use the
>"get
>a new tor circuit" option right before downloading the file. That way
>the new exit node operator would have not much warning/time to do
>something bad before i download the file. Would that help?
>
>3. Do general browsing in tor, but download all files outside of tor.
>This is better than option 2 from a security standpoint because i'm not
>downloading files in a risky way over tor that will then be transfered
>elsewhere, and if the vm i'm browsing the site in using tor gets
>compromised, i don't really care. But it's a pain to have to switch to
>a
>non-tor vm every time to download a file (and i know it's recommended
>not to have tor and non-tor connections to the same site at the same
>time).
>
>4. Do everything on the site outside of tor because the site doesn't
>support https. This is best from a security perspective, but worst from
>a privacy/anonymity perspective because i can't use tor to browse the
>site.
>
>If i really wanted to only use https over tor, i could enable the
>"block
>http connections" option in https everywhere,

[qubes-users] Choosing between TPM or ME removal

2018-03-19 Thread Giulio 

Hello,

I have been  using Qubes 4 on a thinkpad x220 and it runs very well. 
Unfortunately, my model is the one with the i7 which is not very well 
tested/supported by coreboot and i failed multiple times while trying to 
flash it.


So i had to keep the original BIOS but at least i removed the ME 
sections and set the disable bit using me_cleaner. The problem is that 
this operation makes the TPM non functioning for the operating system: 
it is impossible to take ownership.


In the future i'll try to only set the disable bit without removing the 
sections and some other combinations of that but in case the TPM will 
still not work i'm wondering if i should re flash the original BIOS. In 
summary, are the TPM benefits enough to forcw me to keep the ME?
I know this may be more subjective depending on everyone's own threat 
model but i would like to hear opinions on it.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6c195f3e-d0e6-2006-ec9a-12e872501c4a%40anche.no.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Monero Wallet on Qubes

2018-03-21 Thread Giulio 
Hello,
I use the monero gui in a clean fedora-25 template succesfully. However i use a 
remote daemon for the gui because of the cpu power and storage space (50gb+) 
needed. Are you trying to sync locally?



On March 21, 2018 3:59:37 PM GMT+01:00, Unman  
wrote:
>On Wed, Mar 21, 2018 at 07:25:50AM -0700, abilgili...@gmail.com wrote:
>> Hi there beautiful community,
>> 
>> 5 months user here.
>> I think i have figured Qubes out enough to use it as my main OS but
>still i'm so noob.
>> I have been trying to move my monero wallet to Qubes from windows as
>well and there is no good documentation about it just like any
>other thing about Qubes.
>> 
>> So i have found this guide : 
>> 
>>
>https://github.com/0xB44EFD8751077F97/monero-site/blob/3e6f4fa28b7b834a7049ee45edc294ff1c026565/resources/user-guides/cli_wallet_daemon_isolation_qubes_whonix.md
>> 
>> I have followed every step and managed to setup everything EXCEPT
>running and synchronizing MONEROD ( monero blockchain ) 
>> 
>> This is the error that i'm getting :
>> 
>> user@host:~/monero-v0.11.1.0$ ./monerod
>> 2018-03-21 14:17:46.267 719f8bf9e740INFOglobal 
>src/daemon/main.cpp:279 Monero 'Helium Hydra' (v0.11.1.0-release)
>> 2018-03-21 14:17:46.267 719f8bf9e740INFOglobal 
>src/daemon/protocol.h:55Initializing cryptonote protocol...
>> 2018-03-21 14:17:46.268 719f8bf9e740INFOglobal 
>src/daemon/protocol.h:60Cryptonote protocol initialized OK
>> 2018-03-21 14:17:46.268 719f8bf9e740INFOglobal 
>src/daemon/p2p.h:63 Initializing p2p server...
>> 2018-03-21 14:17:52.126 719f8bf9e740INFOglobal 
>src/daemon/p2p.h:68 P2p server initialized OK
>> 2018-03-21 14:17:52.126 719f8bf9e740INFOglobal 
>src/daemon/rpc.h:58 Initializing core rpc server...
>> 2018-03-21 14:17:52.127 719f8bf9e740INFOglobal 
>contrib/epee/include/net/http_server_impl_base.h:70   Binding on
>127.0.0.1:18081
>> 2018-03-21 14:17:52.127 719f8bf9e740INFOglobal 
>src/daemon/rpc.h:63 Core rpc server initialized OK on port: 18081
>> 2018-03-21 14:17:52.127 719f8bf9e740INFOglobal 
>src/daemon/core.h:73Initializing core...
>> 2018-03-21 14:17:52.127 719f8bf9e740INFOglobal 
>src/cryptonote_core/cryptonote_core.cpp:323   Loading blockchain
>from folder /home/user/.bitmonero/lmdb ...
>> 2018-03-21 14:17:52.128 719f8bf9e740WARN   
>blockchain.db.lmdb  src/blockchain_db/lmdb/db_lmdb.cpp:1155   LMDB
>memory map needs to be resized, doing that now.  
>> 2018-03-21 14:17:52.164 719f8bf9e740INFOglobal 
>src/blockchain_db/lmdb/db_lmdb.cpp:494LMDB Mapsize increased.  Old:
>1024MiB, New: 2048MiB
>> Bus error
>> 
>> If any of the users of this community have this software or using
>this wallet for XMR can help me, that'd be highly appreciated.
>> 
>> If not, no worries.
>> 
>> Have a good day.
>> King Regards.
>> 
>
>Greetings
>
>Can you confirm which Qubes version you're using?
>Is there anything in the logs?
>Can you check memory allocated and also free space with df ?
>
>It looks as if LMDB wants 2G space, and if this is in ~ you'll need to
>allocate more space for /rw
>
>-- 
>You received this message because you are subscribed to the Google
>Groups "qubes-users" group.
>To unsubscribe from this group and stop receiving emails from it, send
>an email to qubes-users+unsubscr...@googlegroups.com.
>To post to this group, send email to qubes-users@googlegroups.com.
>To view this discussion on the web visit
>https://groups.google.com/d/msgid/qubes-users/20180321145937.awnmrsucwiflihdf%40thirdeyesecurity.org.
>For more options, visit https://groups.google.com/d/optout.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/E325A89B-96A0-4AB7-AF06-5CF1A86FB37C%40anche.no.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Disk problems when installing ReactOS 0.4.5 on HVM

2018-03-17 Thread Giulio 

|Hello,
i need to run some simple windows applications that should run on 
ReactOS that compared to Windows has the advantage to be open source and 
very lightweight.


I have read
 - https://github.com/QubesOS/qubes-issues/issues/2809
 - 
https://github.com/Jeeppler/QubesOS-notes/blob/master/ReactOS/Qubes-ReactOS.md
 - 
https://mark911.wordpress.com/2017/12/09/procedure-for-installing-newest-reactos-operating-system-in-stand-alone-hvm-in-qubes-os-3-2/


My HCL report is attached.

This is the command i use to create the StandaloneVM

qvm-create reactos --class StandaloneVM --property virt_mode=hvm 
--property kernel="" property memory=4096 --property maxmem=4096 --label 
green


If i try booting the installation ISO the the procedure fails because it 
cannot recognize the block device. (install_error.png)
If i convert the VirtualBox image a similar error occur during boot. 
(virtualbox_error.png)


Is there someway i can change the device type in HVM? i.e. set it as an 
IDE device? I tried also installing Windows XP and it failed for a 
related reason.

|

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3699c348-a6ba-b10e-00e4-d0e81339992f%40anche.no.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-LENOVO-429136G-20180317-100650.yml
Description: application/yaml