Re: [qubes-devel] Refinement via Compatability

On 06/05/2016 05:33 PM, middi...@gmail.com wrote: Just a curious fan here interested in upcoming 3.2 and beyond. So with 3 units separately tested 3.1 with newest kernels (including 4.4) all have been struggles to get installed and working on each various piece of hardware. 2 involved

[qubes-devel] Project for 'leakproof' VPN firewalls on Qubes (incl. Tor over VPN)

Qubes-vpn-support contains an automatic firewall script that will make a dedicated VPN VM fail closed, and also prevent DNS queries and other info from leaking--whether your VPN client of choice is working or has gone down. Attempts to go around a failed VPN tunnel by Tor, for instance,

Re: [qubes-devel] Re: Reinitialize Templates

On 06/14/2016 07:22 AM, Ivan wrote: On 06/14/2016 02:01 PM, Chris Laprise wrote: On 06/14/2016 06:20 AM, Ivan wrote: Hi, On 06/14/2016 12:34 PM, Jasper Weiss wrote: There's some new documentation added to the website on reinstalling templates here <https://www.qubes-os.org/

Re: [qubes-devel] Question about nonfree software in Qubes

On 06/30/2016 09:36 PM, Unman wrote: On Thu, Jun 23, 2016 at 12:28:01AM +0100, D G wrote: Dear Qubes developers, I am interested in Qubes OS because of its design. However, I have a question about what software is included in Qubes, and whether it is free or non-free, particularly the Linux

Re: [qubes-devel] Subduing the bright window border colors

On 05/14/2016 02:03 PM, Chris Laprise wrote: [...] QubesLabel (QUBES_LABEL_DOM0, "dom0", QColor::fromHsv (0, 0, 210), Qt::black), QubesLabel (QUBES_LABEL_RED, "red", QColor::fromHsv (0,154, 168), Qt::black, Qt::lightGray), QubesLabel (QUBES_LABEL_ORANGE, "

Re: [qubes-devel] A proposed habit-friendly feature to increase security and user friendliness

On 01/30/2017 05:53 PM, aperi.auc...@gmail.com wrote: The idea is to allow for a way to tie together shutdown of a specific app with the shutdown of the entire AppVM it is located in. I'd see this also as a burden where the user has to remember which apps trigger which VMs to exit. So I

Re: [qubes-devel] What hardware to buy for security?Best way to go about FDE? & 3-way authentication? discussion!

On 12/29/2016 02:25 AM, HiringQubesExperts wrote: Hi all, I am planning on buying a 13.3 - 15.6 laptop that I will specifically use for running qubes, and containing lots and lots of highly sensitive files. I will also be using tor allot, and for me the main things I care about is being

Re: [qubes-devel] Qubes OS 3.2 has been released!

On 09/29/2016 07:11 AM, Joanna Rutkowska wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hello, We have just released Qubes OS 3.2: https://www.qubes-os.org/news/2016/09/29/qubes-32/ Enjoy! joanna. Hmmm. In debian template, libvchan-xen is at 3.1.0-1 while fedora template now has

Re: [qubes-devel] Qubes Security Bulletin #26

On 09/22/2016 01:11 PM, Vít Šesták wrote: On Qubes 3.2, I have qubes-gui-dom0 and no update is available through qubes-dom0-update. BTW, after the update, is itt enough to kill (and restart by some command) all guid processes? I haven't seen the update, either. Chris -- You received this

Re: [qubes-devel] Re: Running (or not) Xen during installation

On 11/05/2016 04:46 AM, Joanna Rutkowska wrote: In the long term, we would like to maintain *full* isolation of most of the PCIe devices (so DMA and MSI capable) from the TCB (perhaps except for the MCH pseudo devs). This should be maintained throughout the whole boot process, starting from

Re: [qubes-devel] [RFC] centralized triggering of copy/paste shortcuts

On 11/23/2016 08:13 PM, HW42 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: On 11/23/2016 07:17 PM, Marek Marczykowski-Górecki wrote: On Wed, Nov 23, 2016 at 06:29:40PM -0500, Jean-Philippe Ouellet wrote: On Wed, Nov 23, 2016 at 5:53 PM, Marek Marczykowski-Górecki

Re: [qubes-devel] [RFC] centralized triggering of copy/paste shortcuts

On 11/23/2016 07:17 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Nov 23, 2016 at 06:29:40PM -0500, Jean-Philippe Ouellet wrote: On Wed, Nov 23, 2016 at 5:53 PM, Marek Marczykowski-Górecki wrote: I would like

Re: [qubes-devel] [RFC] centralized triggering of copy/paste shortcuts

On 11/23/2016 08:36 PM, HW42 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Chris Laprise: On 11/23/2016 08:13 PM, HW42 wrote: Chris Laprise: On 11/23/2016 07:17 PM, Marek Marczykowski-Górecki wrote: On Wed, Nov 23, 2016 at 06:29:40PM -0500, Jean-Philippe Ouellet wrote: On Wed, Nov

Re: [qubes-devel] Fedora upgrade doc naming

On 11/27/2016 04:15 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 27, 2016 at 02:56:02PM -0500, Jean-Philippe Ouellet wrote: On Sun, Nov 27, 2016 at 11:48 AM, Marek Marczykowski-Górecki wrote: "Upgrading the

Re: [qubes-devel] Encrypted /boot partition

On 10/16/2016 07:43 AM, qu...@sigaint.org wrote: I've been experimenting with both encrypted /boot partitions and booting from a hidden encrypted volume inside an outer encrypted volume, and have been successful with Debian based systems. I'd like to get it working with Qubes, but I've run into

Re: [qubes-devel] [RFC] centralized triggering of copy/paste shortcuts

On 11/26/2016 07:24 PM, Jean-Philippe Ouellet wrote: A tray icon seems like a reasonable compromise to me. I propose a possible implementation here: https://github.com/QubesOS/qubes-manager/pull/15 A clipboard tray icon for developer debugging? Chris -- You received this message because

Re: [qubes-devel] Qubes vm.swappiness=0

On 11/28/2016 05:44 PM, Patrick Schleizer wrote: Would setting /etc/sysctl.d/swaplow.conf vm.swappiness=0 in Qubes by default make sense? If not effective at all, why is it not required? Cheers, Patrick I think it would depend on the processing profile of your software. If the system

Re: [qubes-devel] Re: Qubes vm.swappiness=0

I'm going to try vm.swappiness=15 in my debian vms, and probably leave dom0 as the default for now. In an 8GB system, I'll probably notice some difference before long. Chris -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from

[qubes-devel] Linux kernel security updates

Given the increased interest in securing domU where possible, I'd like to know if Qubes Project will be making upstream security updates to the Linux kernel available to Qubes users on a timely, regular basis. Kernel updates are an issue because users expect to update their templates to avoid

Re: [qubes-devel] Re: Qubes vm.swappiness=0

On 12/09/2016 12:40 PM, johnyju...@sigaint.org wrote: *However*, inside a VM, it's stupid and wasteful to swap stuff out so you can have more buffers/cache. In fact, it's stupid and wasteful to even have buffers/cache inside a VM at all. Any cached data will also be cached in dom0, doing the

Re: [qubes-devel] Linux kernel security updates

On 12/11/2016 03:16 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-10 19:23, Chris Laprise wrote: Given the increased interest in securing domU where possible, I'd like to know if Qubes Project will be making upstream security updates to the Linux

Re: [qubes-devel] Re: Qubes vm.swappiness=0

Just wanted to note there are various warnings against using swappiness=0 as it can result in killed processes; swappiness=1 is considered the minimum value to avoid this problem.

Re: [qubes-devel] Storage pools

On 12/12/2016 01:07 AM, Bahtiar `kalkin-` Gadimov wrote: Currently the only supported driver out of the box is `xen`. The benefit of pools (besides that you can write an own storage driver i.e. for btrfs) in R3.2 is that you can store your domains in multiple places. Thanks! That

Re: [qubes-devel] Announcement: Qubes OS Begins Commercialization and Community Funding Efforts

On 12/01/2016 08:02 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Dec 01, 2016 at 10:30:26AM +0200, Ivan wrote: Addressing the "mentality" problem (that there isn't such thing as free beer, that donations are *required* to keep the project

Re: [qubes-devel] Thoughts about persistent exploit in AppVM

On 12/01/2016 03:03 PM, entr0py wrote: hopefulf...@tuta.io: Hello, Currently any AppVM has persistent storage, it is referenced by default at least as /home, /rw/config, /usr/local. And software is executed from this persistent storage from read-only system. There may be additional

Re: [qubes-devel] Thoughts about persistent exploit in AppVM

On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote: Hi Chris, I agree with you. It is strange to me that Qubes doesn't follow defense in depth principle when thinking like "this vm is untrusted so we won't even try securing it". Sure, the vault vm won't be compromised - but that isn't the

Re: [qubes-devel] Thoughts about persistent exploit in AppVM

On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote: IMO, restoring user and root users in the VMs won't help with preventing persistent exploits - only removing the persistent storage will (and taking measures to prevent code execution from it, be it preserved in some VMs like Whonix-Gateway).

Re: [qubes-devel] Thoughts about persistent exploit in AppVM

On 12/04/2016 08:23 AM, hopefulf...@tuta.io wrote: 2. Dec 2016 00:28 by tas...@openmailbox.org : On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote: IMO, restoring user and root users in the VMs won't help with

Re: [qubes-devel] Thoughts about persistent exploit in AppVM

On 12/04/2016 06:18 AM, hopefulf...@tuta.io wrote: 2. Dec 2016 00:17 by tas...@openmailbox.org : On 12/01/2016 06:00 PM, hopefulf...@tuta.io wrote: Hi Chris, I agree with you. It is strange to me that Qubes

Re: [qubes-devel] Announcement: Qubes OS Begins Commercialization and Community Funding Efforts

On 12/04/2016 03:41 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-03 13:20, Chris Laprise wrote: On 12/03/2016 03:54 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-01 15:43, Chris Laprise wrote: On 12/01/2016

Re: [qubes-devel] Ticket 703: qvm-backup: save backups in AppVM

On 01/06/2017 06:24 AM, Andrew David Wong wrote: It sounds like you may be focusing exclusively on the hypothetical example at the expense of the general point, but for the sake of discussion: If the Qubes Project is not authoring some of the packages, it sounds unlikely to work as a primary

Re: [qubes-devel] Ticket 703: qvm-backup: save backups in AppVM

On 12/31/2016 11:43 AM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-30 19:32, Chris Laprise wrote: On 12/30/2016 12:58 AM, Andrew David Wong wrote: After meditating on this thread for a little over three years, I'd like to revive it, because I think

Re: [qubes-devel] Ticket 703: qvm-backup: save backups in AppVM

On 12/30/2016 12:58 AM, Andrew David Wong wrote: After meditating on this thread for a little over three years, I'd like to revive it, because I think Marek made an important point here, and I don't quite understand Joanna's response. If we don't trust GPG in our backup system because it does

Re: [qubes-devel] Ticket 703: qvm-backup: save backups in AppVM

On 01/01/2017 08:22 PM, Andrew David Wong wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-01-01 15:20, Chris Laprise wrote: On 12/31/2016 11:43 AM, Andrew David Wong wrote: On 2016-12-30 19:32, Chris Laprise wrote: On 12/30/2016 12:58 AM, Andrew David Wong wrote: After

Re: [qubes-devel] Re: not getting compromised while applying apt-get upgrade for CVE-2016-1252

On 12/19/2016 06:26 PM, Patrick Schleizer wrote: What about Debian graphical installer security? Isn't that in meanwhile the ideal target for exploitation for targeted attacks? Because it will take a while until the Debian point release with fixed apt. And during the gui installer, the output

Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager

On 12/20/2016 02:31 PM, Jean-Philippe Ouellet wrote: Hello, As requested in [1] and implemented in [2], I am proposing to add keyboard shortcuts to qubes-manager. Specifically, at this time I am proposing to add the following: 1. Ctrl+N for New VM 2. Delete / Backspace (no Ctrl) for delete

Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager

On 12/20/2016 09:10 PM, Jean-Philippe Ouellet wrote: On Tue, Dec 20, 2016 at 4:14 PM, Chris Laprise <tas...@openmailbox.org> wrote: On 12/20/2016 02:31 PM, Jean-Philippe Ouellet wrote: As requested in [1] and implemented in [2], I am proposing to add keyboard shortcuts to qubes-m

Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager

On 12/21/2016 10:12 AM, Jean-Philippe Ouellet wrote: On Wed, Dec 21, 2016 at 12:40 AM, Chris Laprise <tas...@openmailbox.org> wrote: On 12/20/2016 09:10 PM, Jean-Philippe Ouellet wrote: On Tue, Dec 20, 2016 at 4:14 PM, Chris Laprise <tas...@openmailbox.org> and the shortcuts propo

Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager

On 12/21/2016 11:30 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Dec 21, 2016 at 10:59:29AM -0500, Chris Laprise wrote: On 12/21/2016 07:06 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Dec 21

Re: [qubes-devel] [RFC] Keyboard shortcuts for qubes-manager

On 12/21/2016 07:06 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Dec 21, 2016 at 12:40:35AM -0500, Chris Laprise wrote: On 12/20/2016 09:10 PM, Jean-Philippe Ouellet wrote: On Tue, Dec 20, 2016 at 4:14 PM, Chris Laprise <tas...@openmailbox.

Re: [qubes-devel] Password encryption for individual vm's

-access-with-dom0-user-prompt -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this grou

Re: [qubes-devel] What are technical/security differences between passing a flash drive via qvm-block and qvm-usb?

vm-usb can expose your VMs to (more types of) attacks by malicious devices---its risky. OTOH, if the USB drives contain secure encrypted disk images (like .img files using LUKS) then attaching the image files via qvm-block -A is pretty safe. -- Chris Laprise, tas...@openmailbox.org https://t

Re: [qubes-devel] Require script to run immed. after /rw mount

On 04/15/2017 05:52 PM, Chris Laprise wrote: Hostname will be unset even if the script is blank. Looks like there is a race condition between some Qubes service files, such as qubes-db.service and qubes-early-vm-config.service. This prevents hostname from getting set. If I add "

Re: [qubes-devel] Require script to run immed. after /rw mount

hich have protected root access (i.e. vm-sudo). An argument against vm-sudo configuration is that its easy for an unpriv attacker to alter init scripts and acquire root privs when a user grants them for legitimate commands; Fixing that seems very realistic. -- Chris Laprise, tas...@openmailbox

Re: [qubes-devel] Require script to run immed. after /rw mount

On 04/15/2017 10:13 AM, Chris Laprise wrote: A possible workaround I'm trying is to have my systemd unit run before qubes-mount-dirs.service and do an independent mount-dismount of /rw. This allows my script to perform simple sanitizing operations in /rw before anything in there has a chance

[qubes-devel] Require script to run immed. after /rw mount

, mount-dirs.sh could have a hook that points to a specific user script in /etc. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-

[qubes-devel] Re: [qubes-users] Request for feedback: 4.9 Kernel

On 06/21/2017 12:45 AM, Chris Laprise wrote: On 05/24/2017 03:51 PM, Chris Laprise wrote: 4.9 is working OK so far. I was using 4.8 prior to this. Additional note: 4.9 seems to resolve a zombie process issue I was having with 4.8 (domU), and the 4.9.33-18 security update is working well so

Re: [qubes-devel] Reconsider VM/dom0 memory defaults?

-- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails fro

Re: [qubes-devel] Re: 'Hypervisor Introspection defeated Eternalblue a priori'

On 07/13/2017 08:02 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 13, 2017 at 04:45:35PM -0700, pixel fairy wrote: On Friday, July 7, 2017 at 1:20:10 PM UTC-7, Chris Laprise wrote: I know Joanna's reservations about VM introspection

Re: [qubes-devel] Announcement: Toward a Reasonably Secure Laptop

boot sequences. Knowing when a computer has truly reset / powered-on is part of the initial verification and trust process. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because

Re: [qubes-devel] Changing qubes-core-admin license to LGPL v2.1+

8kxSDF5K4idIWD3wF3Y45tc8I/aW 8/2QdGHEvw8ejsgtirRIw4o52MtNj6RHvH+Cak2PlYArUHPGsGX9un5PbO7n37uO MRLuZLo0+Y0TD+0JkdMCSJY18450Uh+4xF/7KLEBcXlyWRaqVnfKfBiDoH5aONOx Fanwp7gAH0Q1L6UnhG88cRGzwfgOvTiXk4IsMFAcXQSNqbFGZmFte1tTAocjj5VJ SK1E/SQNFbQR2J6MrIBikTRcHkd7Guwo5iXwub5DbmdxsPZN/47NL8uPLmgbmJk= =Sh4A -END PG

[qubes-devel] New beta of Qubes VPN support project

install script; No file editing * Flexible installation into template or to proxyVM-only Constructive input is welcome! :) https://github.com/tasket/Qubes-vpn-support/ -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F

Re: [qubes-devel] Re: [qubes-users] Re: Request for feedback: 4.9 Kernel

- but not in case of VM kernel 4.9 I noticed this, too. So reverting a dispVM's template back to 4.4 should fix it? -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

[qubes-devel] Stack-clash kernel vuln & patches

Are the latest kernels in testing patched for CVE-2017-1000364? Some info... https://www.darkreading.com/vulnerabilities---threats/stack-clash-smashed-security-fix-in-linux-/d/d-id/1329193 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364 -- Chris Laprise, tas

Re: [qubes-devel] Re: qvm-convert-pdf

temporarily by copying them into a test template. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubs

Re: [qubes-devel] Re: AMD Ryzen working with IOMMU, HCL results attached

hes can be added to Qubes 3.2 (if they work properly). Not sure if there is anything else I can do to test if IOMMU is working properly, if something is there to test that please let me know! > > Cheers, > Bjoern I'm curious: Does the MMU work with PVMs like sys-

Re: [qubes-devel] Re: GitLab

Tor implies there are many different PGP key servers where a key can be looked up. Its not hard to do. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed

[qubes-devel] Re: [qubes-users] Request for feedback: 4.9 Kernel

On 05/24/2017 03:51 PM, Chris Laprise wrote: 4.9 is working OK so far. I was using 4.8 prior to this. Additional note: 4.9 seems to resolve a zombie process issue I was having with 4.8 (domU), and the 4.9.33-18 security update is working well so far. -- Chris Laprise, tas

Re: [qubes-devel] Building security updates

mely security updates (without exposing themselves to feature instability in *current-testing) this seems fair. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the

Re: [qubes-devel] Re: qvm-convert-pdf

and -mono. When I test with a command like this: $ pdftocairo -r 300 file.pdf ...I see a dramatic improvement over default font quality. You can even use higher res -r 600 with -mono for extra sharpness without any anti-alias "blur". -- Chris Laprise, tas...@openmailbox.org

Re: [qubes-devel] Re: AMD Ryzen working with IOMMU, HCL results attached

On 05/16/2017 02:29 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, May 16, 2017 at 10:24:47AM -0400, Chris Laprise wrote: I'm curious: Does the MMU work with PVMs like sys-net? Does the NIC work correctly in the VM? PV do not need IOMMU

Re: [qubes-devel] Need VM GUI when startup service fails

On 06/06/2017 07:20 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Jun 06, 2017 at 06:42:59PM -0400, Chris Laprise wrote: Per https://github.com/tasket/Qubes-VM-hardening/issues/7#issuecomment-306637475 If a Qubes startup service (in this case

Re: [qubes-devel] How secure is Qubes dom0 backup tool encryption?

e the CPU is busy. Encryption should add very little to the backup overhead. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qub

[qubes-devel] Re: [qubes-users] Request for feedback: 4.9 Kernel

4.9 is working OK so far. I was using 4.8 prior to this. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel&q

Re: [qubes-devel] Future-proofing qubes-secpack

Can OpenTimestamps be easily reconfigured to use a blockchain system other than Bitcoin? Chris -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-devel] Need clarification for R4 qubes-firewall cycles

to modify iptables before forwarding is enabled at startup, and subsequently during normal runtime? Thanks! -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you

Re: [qubes-devel] Any chance of moving dom0 to F26 for 4.0 final release

essential component is missing for vpn and haven't had time to track it down. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google

[qubes-devel] Re: Fedora-related help

d also like to mention that Fedora's version of tboot is very outdated (from 2014). Qubes uses this for the anti-evil-maid feature: https://sourceforge.net/projects/tboot/files/?source=navbar -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C

Re: [qubes-devel] Re: (trying to avoid) unpacking before checking signatures

On 11/11/2017 06:11 PM, Jean-Philippe Ouellet wrote: On Sat, Nov 11, 2017 at 5:54 PM, Chris Laprise <tas...@posteo.net> wrote: On 11/08/2017 10:55 PM, Jean-Philippe Ouellet wrote: On Wed, Nov 8, 2017 at 10:51 PM, Jean-Philippe Ouellet <j...@vt.edu> wrote: Hello, The way

[qubes-devel] R4.0 policy for rootfs discard/trim?

usage in check? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from

Re: [qubes-devel] Need admin api advice

On 11/26/2017 05:56 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Nov 26, 2017 at 05:17:26PM -0500, Chris Laprise wrote: I'm trying to fix issue #3303 (inability to use --verify-only with qvm-backup-restore) but to do that I need to supply vm

Re: [qubes-devel] Need clarification for R4 qubes-firewall cycles

On 10/24/17 07:36, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Oct 24, 2017 at 01:02:53AM -0400, Chris Laprise wrote: In trying to adapt VPN scripts to Qubes R4.0 I've found the qubes-firewall-user-script has been renamed to qubes-ip-change-hook

Re: [qubes-devel] Remove SWAP file on SSD systems / provide option in installer

I'm looking at my /etc/crypttab wondering if I can change it to use /dev/urandom ? -- Chris Laprise, tas...@posteo.net https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-

Re: [qubes-devel] How to use VPN for encrypt traffic from Tor exit node of Whonix?

ts for TCP. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this grou

[qubes-devel] Script execute bit changed in testing (R4 guest)

be overwritten. Shouldn't these default files stay as -x ? -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel&q

Re: [qubes-devel] Re: Script execute bit changed in testing (R4 guest)

On 12/31/2017 07:04 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Dec 31, 2017 at 06:24:51AM -0500, Chris Laprise wrote: When creating new net-providing VMs the default (unused) scripts in /rw/config normally do not have +x set. But after

Re: [qubes-devel] R4-rc3 testing: VM settings attribute error

On 01/20/2018 10:41 AM, 'MirrorWay' via qubes-devel wrote: Fix and workaround in https://github.com/QubesOS/qubes-issues/issues/3475 Thanks. Yes, my default_dispvm was set to None. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E

Re: [qubes-devel] [Fwd: Issue #3553: Debian based UpdateVM does not support --action=list or reinstall]

support, so I think the only answer is for the user to keep a Fedora-based VM on hand if they wish to do anything more with packages in dom0 than simple updates. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106

[qubes-devel] Permission denied when using Qubes().domains

python3' instead. I don't know if this is considered normal behavior or a bug, as I would normally expect admin objects to be accessible with normal user privs. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106

[qubes-devel] qubes-firewall script error handling

or "exit 1" etc. so the service goes into a failed state. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups

Re: [qubes-devel] qubes-firewall script error handling

On 02/18/2018 06:30 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Feb 18, 2018 at 01:10:44PM -0500, Chris Laprise wrote: I'm thinking about posting a PR to have qubes-firewall raise errors whenever a firewall script from qubes-firewall-user

Re: [qubes-devel] Updates of qubes packages for VMs

bes-issues/issues/2063 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from

Re: [qubes-devel] Whonix Testers Wanted!

far. Only quirk that I also have with stable is when I shutdown a browser VM with my hotkey config (it runs a script that quits firefox + thunderbird in the foreground VM, then does qvm-shutdown on it) there is a popup saying "Error: Failed to start Tor Browser". -- Chris La

Re: [qubes-devel] Total removal of swap files from qubes as an installation option

audience monitoring TVs, there is reason to distrust their products based on their motives and lack of respect for people's privacy. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received

[qubes-devel] R4-rc3 testing: VM settings attribute error

) func: main line no.: 1128 file: /usr/lib/python3.5/site-packages/qubesmanager/settings.py line: load_entry_point('qubesmanager==4.0.11', 'console_scripts', 'qubes-vm-settings')() func: line no.: 9 file: /usr/bin/qubes-vm-settings -- Chris Laprise, tas...@posteo.net https://github.com

Re: [qubes-devel] R4.0-rc4 installation image considerations

rent debian template as debian-9-minimal, but don't include it) OTOH, stating that a dual-layer DVD is required is much simpler, and DL burners are pretty common. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3

Re: [qubes-devel] Upgrade instructions for R3.2 and QSB37 patches

this should be commuted to mean "latest release from the 3.x series". You could release an upgrade as either 3.3 or 3.2.5 for example, signifying a large bug fix. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB

Re: [qubes-devel] Permission denied when using Qubes().domains

On 03/04/2018 09:30 AM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Mar 04, 2018 at 05:46:39AM -0500, Chris Laprise wrote: On 02/21/2018 06:20 AM, Wojtek Porczyk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Feb 20, 2018 at 10:45

[qubes-devel] Firewall fixes not in 4.0rc5 stable repo

Per issues #3260 and #3503. The commits are approaching one month old but still in current-testing. I thought they'd make it to rc5 stable. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You

Re: [qubes-devel] Re: Firewall fixes not in 4.0rc5 stable repo

On 03/09/2018 04:43 PM, Marek Marczykowski-Górecki wrote: On Fri, Mar 09, 2018 at 04:26:26PM -0500, Chris Laprise wrote: Per issues #3260 and #3503. The commits are approaching one month old but still in current-testing. I thought they'd make it to rc5 stable. Templates in rc4 have qubes-core

Re: [qubes-devel] IP forwarding is on while qubes-firewall starts

On 04/19/2018 10:54 PM, Chris Laprise wrote: On 04/19/2018 09:10 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Apr 19, 2018 at 08:29:17PM -0400, Chris Laprise wrote: A departure from the R3.x behavior that I think may compromise network security

Re: [qubes-devel] IP forwarding is on while qubes-firewall starts

On 04/19/2018 09:10 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Apr 19, 2018 at 08:29:17PM -0400, Chris Laprise wrote: A departure from the R3.x behavior that I think may compromise network security is that in R4.0 proxyVMs /proc/sys/net/ipv4

Re: [qubes-devel] IP forwarding is on while qubes-firewall starts

On 04/19/2018 10:59 PM, Chris Laprise wrote: On 04/19/2018 10:54 PM, Chris Laprise wrote: On 04/19/2018 09:10 PM, Marek Marczykowski-Górecki wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Apr 19, 2018 at 08:29:17PM -0400, Chris Laprise wrote: A departure from the R3.x

Re: [qubes-devel] Offering salt help

M sudo/pam configuration. Also explore if its useful for configuring VPNs. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qub

[qubes-devel] IP forwarding is on while qubes-firewall starts

be a patch (ex: /etc/sysctl.conf) to have the initial VM forwarding state at '0' until qubes-firewall finishes initializing. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message

[qubes-devel] Moving cache dirs out of /dev/xvdb

to prefer block-device backups. So having a "cache" class of storage volume for each VM makes sense from this perspective. I just wanted to post this idea to explore whether its worth exploring. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP:

Re: [qubes-devel] Permission denied when using Qubes().domains

On 02/21/2018 06:20 AM, Wojtek Porczyk wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Feb 20, 2018 at 10:45:55PM -0500, Chris Laprise wrote: Using python3 in dom0, trying to access qubes.Qubes().domains results in the following error: /dev/mapper/control: open failed

[qubes-devel] Re: [qubes-users] nftables vs iptables

:56 AM, mfreemon wrote: On 10/2/18 2:25 AM, Ivan Mitev wrote: On 10/2/18 1:32 AM, Chris Laprise wrote: On 10/01/2018 05:48 PM, mfreemon wrote: On 1/11/18 3:01 PM, Chris Laprise wrote:     > On 01/10/2018 03:47 PM, Connor Page wrote:     >> The official templates use nftables so shouldn’t

[qubes-devel] qubes-builder stops with error

hare/perl5/vendor_perl/Digest.pm line 44. make[2]: *** [/home/user/qubes-builder/qubes-src/builder-debian/Makefile.debian:173: dist-build-dep] Error 2 make[1]: *** [Makefile.generic:177: packages] Error 1 make: *** [Makefile:217: vmm-xen-vm] Error 1 -- Chris Laprise, tas...@posteo.net

Re: [qubes-devel] qubes-builder stops with error

On 09/20/2018 10:30 AM, unman wrote: I saw that yesterday and thought it was my meddling. It's a new bug - will you report it? OK, its https://github.com/QubesOS/qubes-issues/issues/4327 -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2

  1   2   >