Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/02/2018 03:34 PM, Sven Semmler wrote: > I am struggling to see your perspective. Maybe I am an old fart, > but Thunderbird and Firefox are very much essential to me. I am > not looking for a big debate, which would be off topic here anyway >

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Tuesday, January 30, 2018 at 5:58:54 PM UTC+1, Marek Marczykowski-Górecki wrote: > 1. Switch to tty2 > 2. killall -9 anaconda > 3. anaconda --rescue Hmm, probably good enough in this situation. > - some users may not have fast internet connection available at >installation time;

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi Zrubi, On 31 January 2018 at 10:26, Zrubi wrote: > > Ah, I confused Memtest86 (proprietary) with Memtest86+ (GPL). The > > former tests for Rowhammer. The latter does not, although there is > > a patch available at https://github.com/CMU-SAFARI/rowhammer > > The "Free

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/30/2018 07:29 PM, Andrew Clausen wrote: > Ah, I confused Memtest86 (proprietary) with Memtest86+ (GPL). The > former tests for Rowhammer. The latter does not, although there is > a patch available at https://github.com/CMU-SAFARI/rowhammer

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi Vít, On 30 January 2018 at 14:39, Vít Šesták wrote: > On January 30, 2018 3:12:00 PM GMT+01:00, Andrew Clausen < > andrew.p.clau...@gmail.com> wrote: > >Isn't Memest86+ good for detecting Rowhammer vulnerabilities? > > AFAIK Memtest86+ does not detect it and it is not even

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jan 30, 2018 at 12:02:12AM -0800, Vít Šesták wrote: > Well, will there be a way to enter the rescue mode by entering a command, or > the user will have to handle all the stuff (LUKS, LVM, mount and chroot) > manually? Yes, it is possible

Re: [qubes-devel] R4.0-rc4 installation image considerations

On January 30, 2018 3:12:00 PM GMT+01:00, Andrew Clausen wrote: >Isn't Memest86+ good for detecting Rowhammer vulnerabilities? AFAIK Memtest86+ does not detect it and it is not even supposed to. My old laptop has passed Memtest86+ test, but it has failed rowhammer

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi all, On 30 January 2018 at 08:02, Vít Šesták < groups-no-private-mail--contact-me-at--contact.v6ak@v6ak.com> wrote: > > Also, Memtest86+ is probably going to be missing for UEFI without Grub (as > Memtest86+ is 16-bit, so UEFI cannot start it directly), but this is > probably not such

Re: [qubes-devel] R4.0-rc4 installation image considerations

Well, will there be a way to enter the rescue mode by entering a command, or the user will have to handle all the stuff (LUKS, LVM, mount and chroot) manually? For my purposes, I don't care much (i.e., I can handle all of those manually), but I can't imagine giving such advice to a user asking

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Jan 29, 2018 at 12:37:56AM -0500, Joseph Taylor wrote: > >2. grub suck at booting xen.efi (or rather: xen.efi is rather picky > > about its environment). On many systems, booting xen.efi without grub > > (using rEFInd, EFI shell, or simply

Re: [qubes-devel] R4.0-rc4 installation image considerations

>1. After upgrading templates to fedora-26 and debian-9, there is no way > the installation image will fit on DVD. Right now it takes 4908384256 > bytes. We probably could try to cut it down by eliminating even more > packages from templates, but I think there is no much non-essential > packages

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi Andrew, On 01/27/18 15:31, Andrew Clausen wrote: Hi Ivan, On 27 January 2018 at 12:57, Ivan Mitev wrote: I don't see the benefit of using a DVD (we're talking about USB DVD readers here) but maybe it's only me being thick... If the machine used to copy or checksum the

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi Ivan, On 27 January 2018 at 12:57, Ivan Mitev wrote: > I don't see the benefit of using a DVD (we're talking about USB DVD > readers here) but maybe it's only me being thick... > If the machine used to copy or checksum the payload/iso is compromised, > then IMO it's already

Re: [qubes-devel] R4.0-rc4 installation image considerations

On 01/27/18 13:33, Sebastian Götte wrote: On 01/22/2018 08:33 AM, Peter Todd wrote: Note that flash drives with physical write protect switches are available, such as the Kanguru FlashBlu30 line. While better than a regular r/w USB drive, I would not actually trust these. There's only going

Re: [qubes-devel] R4.0-rc4 installation image considerations

> 2. grub suck at booting xen.efi (or rather: xen.efi is rather picky > about its environment). On many systems, booting xen.efi without grub > (using rEFInd, EFI shell, or simply by renaming it over BOOTX64.efi) > helps with boot problems. An idea: do not use grub on UEFI installation. >

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jan 20, 2018 at 08:25:12AM -0800, Frédéric Pierret (fepitre) wrote: > Le samedi 20 janvier 2018 03:07:32 UTC+1, Marek Marczykowski-Górecki a écrit : > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Fri, Jan 19, 2018 at

Re: [qubes-devel] R4.0-rc4 installation image considerations

I'd also be strongly in favour of a minimal install image that would fit on a single layer DVD or small portable stick. In my ideal world, this would contain a minimal(ish) template with firmware as full fat for wireless cards, plus whatever is needed to install templates over tor. On first

Re: [qubes-devel] R4.0-rc4 installation image considerations

On 22 January 2018 at 07:33, Peter Todd wrote: > On Sat, Jan 20, 2018 at 11:54:11AM +, Andrew Clausen wrote: > > I buy a fresh USB DVD device with every secure laptop I buy. I don't > reuse > > them, because I don't want a mistake made with one of them to contaminate > >

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Sat, Jan 20, 2018 at 11:54:11AM +, Andrew Clausen wrote: > Hi all, > > On 20 January 2018 at 09:28, Ivan Mitev wrote: > > > +1 > > > > Other people in the thread disagree and still use regular DVDs - which as > > a readonly media is great for security - but how may people

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/20/2018 03:06 AM, Marek Marczykowski-Górecki wrote: > fedora-26, as default template for AppVMs, contains default user > applications, like Firefox, Thunderbird. Shipping a _desktop_ > operating system without web browser isn't going to

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jan 20, 2018 at 03:00:08PM +0100, Tom Zander wrote: > On Saturday, 20 January 2018 03:06:53 CET Marek Marczykowski-Górecki wrote: > > fedora-26, as default template for AppVMs, contains default user > > applications, like Firefox,

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/19/2018 09:11 PM, Andrew Clausen wrote: > Hi all, > > On 19 January 2018 at 19:32, Marek Marczykowski-Górecki > > wrote: > > 1. After upgrading templates to

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Sat, January 20, 2018 11:54 am, Andrew Clausen wrote: > > I buy a fresh USB DVD device with every secure laptop I buy. I don't > reuse them, because I don't want a mistake made with one of them to > contaminate another laptop. So I've got lots of them lying around the > house! Please also

Re: [qubes-devel] R4.0-rc4 installation image considerations

Le samedi 20 janvier 2018 03:07:32 UTC+1, Marek Marczykowski-Górecki a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Fri, Jan 19, 2018 at 11:11:02PM +, Unman wrote: > > On Fri, Jan 19, 2018 at 08:32:50PM +0100, Marek Marczykowski-Górecki wrote: > > > Hi all, > > > > > >

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Saturday, 20 January 2018 03:06:53 CET Marek Marczykowski-Górecki wrote: > fedora-26, as default template for AppVMs, contains default user > applications, like Firefox, Thunderbird. Shipping a _desktop_ operating > system without web browser isn't going to work... I understand the argument,

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi all, On 20 January 2018 at 09:28, Ivan Mitev wrote: > +1 > > Other people in the thread disagree and still use regular DVDs - which as > a readonly media is great for security - but how may people from Qubes' > user base still have and use an optical reader ? I haven't seen any

Re: [qubes-devel] R4.0-rc4 installation image considerations

On 01/19/2018 09:32 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jan 20, 2018 at 01:43:00AM +, Simon Gaiser wrote: Marek Marczykowski-Górecki: Hi all, I'm building what hopefully will be R4.0-rc4 and I have two reflections: 1. After

Re: [qubes-devel] R4.0-rc4 installation image considerations

Le samedi 20 janvier 2018 03:07:32 UTC+1, Marek Marczykowski-Górecki a écrit : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Fri, Jan 19, 2018 at 11:11:02PM +, Unman wrote: > > On Fri, Jan 19, 2018 at 08:32:50PM +0100, Marek Marczykowski-Górecki wrote: > > > Hi all, > > > > > >

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Sat, Jan 20, 2018 at 12:56 AM, Jean-Philippe Ouellet wrote: > On Fri, Jan 19, 2018 at 6:26 PM, 'Tom Zander' via qubes-devel > wrote: >> On Saturday, 20 January 2018 00:11:02 CET Unman wrote: >>> As far as trimming the templates, there is some scope

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Sat, Jan 20, 2018 at 12:56 AM, Jean-Philippe Ouellet wrote: > On Fri, Jan 19, 2018 at 6:26 PM, 'Tom Zander' via qubes-devel > wrote: >> On Saturday, 20 January 2018 00:11:02 CET Unman wrote: >>> As far as trimming the templates, there is some scope

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Fri, Jan 19, 2018 at 6:26 PM, 'Tom Zander' via qubes-devel wrote: > On Saturday, 20 January 2018 00:11:02 CET Unman wrote: >> As far as trimming the templates, there is some scope for this, but one >> of the problems is that people want what THEY like. Look at

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sat, Jan 20, 2018 at 01:43:00AM +, Simon Gaiser wrote: > Marek Marczykowski-Górecki: > > Hi all, > > > > I'm building what hopefully will be R4.0-rc4 and I have two > > reflections: > > > > 1. After upgrading templates to fedora-26 and

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Jan 19, 2018 at 11:11:02PM +, Unman wrote: > On Fri, Jan 19, 2018 at 08:32:50PM +0100, Marek Marczykowski-Górecki wrote: > > Hi all, > > > > I'm building what hopefully will be R4.0-rc4 and I have two > > reflections: > > > > 1. After

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marek Marczykowski-Górecki: > Hi all, > > I'm building what hopefully will be R4.0-rc4 and I have two > reflections: > > 1. After upgrading templates to fedora-26 and debian-9, there is no way > the installation image will fit on DVD. Right now it

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Fri, Jan 19, 2018 at 08:32:50PM +0100, Marek Marczykowski-Górecki wrote: > Hi all, > > I'm building what hopefully will be R4.0-rc4 and I have two > reflections: > > 1. After upgrading templates to fedora-26 and debian-9, there is no way > the installation image will fit on DVD. Right now it

Re: [qubes-devel] R4.0-rc4 installation image considerations

On Friday, 19 January 2018 20:32:50 CET Marek Marczykowski-Górecki wrote: > We probably could try to cut it down by eliminating even more > packages from templates, but I think there is no much non-essential > packages left there are thunderbird and firefox still included? Those are hardly

Re: [qubes-devel] R4.0-rc4 installation image considerations

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Marek Marczykowski-Górecki: > Right now I see two options: > - abandon the goal of fitting the image on DVD (I'd go for this) *single-layer DVD. Still lots of space on dual-layer DVDs, so this option seems totally fine to me. FWIW, I sometimes

Re: [qubes-devel] R4.0-rc4 installation image considerations

Hi all, On 19 January 2018 at 19:32, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > 1. After upgrading templates to fedora-26 and debian-9, there is no way > the installation image will fit on DVD. Right now it takes 4908384256 > bytes. We probably could try to cut it