-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I wrote a module for dracut to allow 2FA on LUKS. Currently it's a beta
version. AFAIK a native solution for dracut already exists, however it isn't
compatible with systemd and the latter is enabled by default. Furthermore it
uses GPG, but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
There is a discussion about its security model at
https://github.com/QubesOS/qubes-issues/issues/2712
Best Regards,
Raffaele.
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEXw2ov1HEFPFo+AVy07vJZYtrAOMFAlttU7UACgkQ07vJZYtr
AOMWpw/9Gf10egH/hkzruEFOe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Thanks! I'll wait your opinion!
Best Regards,
Raffaele.
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEXw2ov1HEFPFo+AVy07vJZYtrAOMFAltui9IACgkQ07vJZYtr
AOMN5hAAsNUgqro1Pw98v3bgBhBjP7z1O2ECLM8xq5S9kK4464kO+HF0YMVvVCju
jnmrbfNdzvUOzX8LL8/dnALUnvzghCPn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Qubes community,
I've released a new version of "Open in Qube" (aka qubes-url-redirector)
[v3.0_beta]. The repository is at [repo].
This is a browser extension inspired by [gsoc idea] and it's written using
standard WebExtension APIs. Each cus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> Impressive work, Raffaele! Qubes OS just became an order of magnitude more
> attractive, and more Qubes-like :)
Yeah and it's a pleasure for me!! :)
Best Regards,
Raffaele.
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEXw2ov1HEFPFo+AVy07vJZYtr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Dear Qubes community,
I've released a new version of "Open in Qube" (aka qubes-url-redirector)
[v3.0.1_beta] because I fixed a bug in a function (makeUrl) that simplify the
build process of a whitelisted entry. The announce about the previous relea
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Joanna,
Thanks, thanks and thanks again for all your work! I wish you all the best.
Cheers,
Raffaele.
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEEXw2ov1HEFPFo+AVy07vJZYtrAOMFAlvTIVUACgkQ07vJZYtr
AOOqAxAAovyvQQKp0n3uW70apch9QG0nQgGCD2gPS4aeqjXJKD
> - In the rare case I forget to lock my notebook at cusomer 1 I don't want
> anyone to be able to extract other customers data. (While not perfect in
> regards to dom0 security at least it makes sure no data can be stolen)
>
After you forgot the notebook, will you restore to a clean state (lik
> Idea proposal:
>
> ===
>
> During writing I had an idea. An improved way to handle such use case could
> be the concept of PC (OS or Qubes) state (I hadn't time to find a suitable
> name, lol). I mean: when you are in a state only a subset of VMs are present,
> the other ones are d
> Yes, of course you have to consider the notebook compromised at this point
> and needs to be reset to a clean state afterwards. But that's another topic,
> It's all about minimizing the damage done here. If the VM groups are
> encrypted individually, at least you can have some peace of mind th
I'm asking apples, and you're giving me oranges. I'll explain again in what my
idea is, and why I think that this naive approach is bad.
As premises you should remember that you're proposing this feature in Qubes OS,
a security oriented OS. Furthermore you aren't the only user of this OS, so
wh
> Giving the user a way to additionaly encrypt some higher value VMs does not
> change anything for any user that doesn't use this feature at all. You can
> use it but you don't have to!
>
Sorry, what I meant isn't clear. Nonetheless the point is cleared subsequently
in my previous post. I wasn'
> So at first you are against vm-encryption with the possiblity to use unique
> passwords since it was too hard for you to remember multiple passwords. At
> the same time you refused to use the same password for more than one VM.
> Now you say, your "state" model also relies on ENCRYPTED VMS, whi
Hi all,
My name is Raffaele Florio and before Qubes OS I used a lot of open source OS
(Arch Linux most of all). Unfortunately I never was really satisfied. Now,
definitively, I am a happy Qubes OS user, and I want to contribute. :D Actually
this is my first contribution ever.
It's a patch for dw
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've an update :D
I patched dmenu for Qubes OS. You can get the patch here:
https://github.com/raffaeleflorio/qubes-dmenu
As you can see there are two files executed by dwm or other: one for Dom0
(dmenu_dom0), one for vms (dmenu_vms). For th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've just uploaded a better patch. With an obviously improvement, one shell
file instead of two for each type of dmenu (dom0 or vms).
Best,
Raffaele.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJZitFtAAoJEI08Rvun9XHuENIQA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I'd like to know if dwm has to handle /etc/xdg/autostart to gain complete
support for Qubes OS. Or is it acceptable to handle /etc/xdg/autostart not
directly? For example with a shell script that execute predefined required
stuff such as qubes-gui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I'm writing an extension to resolve this issue:
https://github.com/QubesOS/qubes-issues/issues/845. I uploaded on GitHub an
alpha version.
Currently I implemented redirection with a context menu. You can choose to open
the link in: dvm, de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I explain better what I'm doing. I just re-read and I think that this
explanation is not complete.
Currently I'm writing extension for Firefox/Chrome to resolve the issues
pointed in gsoc ideas list about browsers and email client, not only #845 is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've just uploaded a working version on GitHub. I tried it on Firefox, soon
I'll try on Chrome. Actually it can work on every browser that supports the
WebExtension standard.
Here what I've done:
1) You can customize default url redirectio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> One question about encoding here [1].
Encoding issue resolved. Then I also modified background's interface.
> In a specific VM is... non-trivial. See comments below.
Actually I implemented specific VM redirection because qvm-open-in-vm supports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I've just uploaded a new working version (1.1) on GitHub. I implemented
javascript regexp support. In this way there is a lot of flexibility to define
whitelisted URL. IMHO, this feature is vital.
So I implemented the last planned feature! :D
Soo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I've just finished tests on Chrome. Extension works with some fixes (to Chrome
settings too, it has a bad default behavior about suggestions).
Soon I'll create a new branch where I add Chrome's functions. There will be
also a new branch for Firefox
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I updated to v1.2. I improved Promise's code and setting's interface. I picked
colors from: https://www.qubes-os.org/doc/style-guide/ and I improved interface
following: https://www.qubes-os.org/doc/usability-ux/. I uploaded images on
GitH
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
Good news. I've just finished to write a polyfill for Chrome. So I finished
tests on Chrome. It works! I wrote a polyfill because with Mozilla's polyfill
doesn't work properly.
Tomorrow I'll upload everything on GitHub.
Best,
Raffaele.
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
Finally the compatible version with Chrome/Chromium is on GitHub. I reorganized
directories and files. Differences between the two versions are only two files:
manifest.json and json file about nativeMessaging.
Best,
Raffaele.
-BEGIN P
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've just build xpi file (Firefox package extension).
However in order to be installed user has to disable pacakge verification
globally through about:config or I have to send xpi to Mozilla and they signs
the package. Obviously I prefer th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've a question about Thunderbird's extension.
Are main objectives these ones?
1) Whitelist senders based on email address and signing key.
2) Open/Save behavior about attachment.
3) Context menus to decide where to open links.
I don't under
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> I'm not sure what the original intention was either. But the first step
> could be about attachments. The current extension allow you to open all
> attachments in DispVM by default. It would be nice to configure this
> behaviour based on sender (id
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've a question about HTTP redirection behavior. During this period of testing
I'm noting that redirection, sometimes useless (i.e. domain.xyz ->
www.domain.xyz), is very common. Currently, before redirection, extension
treats the request
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
Today I uploaded the version with redirection's modification. Furthermore I
fixed some issues and I added some features. Maybe a feature to implement is
domain name verification according RFC spec. However I don't consider it a
vital featu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi,
I've just uploaded the repo with installation istructions. Yeah I read that
method. However I don't consider it suitable for browsers, as you can read from
aforesaid motivations.
Before update [0], if an user opens a whitelisted URL and the se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The polyfill is at [0].
However I added it as a git submodule to qubes-url-redirector. If you used git
to clone my repo you can get proper file following instructions at [1].
Essentially git clones the submodule in the main repo. In this way there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
However I added to the Makefile the procedure to clone the submodule.
Best,
Raffaele.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQIcBAEBCAAGBQJZ4xLBAAoJEI08Rvun9XHu1MQQAJ2Ai8zSGPE+LqL5Ph/ltULt
efyaAeXmW4PQXI5Yzysg18M8HC6M+heqWsx3+jyu7VbcWGHL8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Yeah, with the next commit I'll resolve tab issue.
I know ad-tracker issue, in fact I implemented an object to escape Google
Search rwt manipulation. However I think that it's a privacy issue not related
to this extension. Maybe I'll write an exten
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all,
I've just released 2.0 version. There are a lot of changes in the code and
related files organization. I implemented tab closing prevention but actually
there is a Chrome issue, [0].
[0] = https://github.com/raffaeleflorio/qubes-url-redire
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all :),
During past months I worked on idea [0]. Currently it's supported only by
Firefox and Chrome. The repo is at [1] and the qubes-issue regarding
contribution message is at [2]. It was assigned to the 4.1 milestone.
I've a question about i
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi, I can also work on the Thunderbird extension.
However I've just submitted the Firefox extension to Mozilla for their signing.
Best Regards,
Raffaele.
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEE9bU8N8AgwMcjiC1xjTxG+6f1ce4FAlp0ercACgkQjTxG+6f1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi all :),
I've just released the qubes-url-redirector extension. The GitHub repo is at
[0] and the issue on QubesOS's repo is at [2].
The extension is based on the gsoc idea [1]. Soon I'll work on the Thunderbird
one :).
Here a brief description:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Andrew,
Thanks for the comments!
1) I partially agree. Can you explain better please?
2) I don't consider this case an issue. This extension is designed to block and
redirect non whitelisted URLs, that is opened through the browser (e.g. with
th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> The "make firefox" rule uses wget to get a few files. Is this because you
> don't want to distribute signatures on Github? Ideally, it would use local
> files only.
I was referring to the HTTPS statement. I'd like to deepen this statement.
Ther
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Andrew,
> It introduces an extra point of failure. I could owned by a corrupted "git
> clone" operation. I could also get cloned by a corrupted wget operation.
> It's one extra thing to audit (if I want to be careful).
Yeah, as I wrote the clo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> See discussion in https://github.com/QubesOS/qubes-issues/issues/2518
Great, thanks!
Best Regards,
Raffaele.
-BEGIN PGP SIGNATURE-
iQIzBAEBCAAdFiEE9bU8N8AgwMcjiC1xjTxG+6f1ce4FAlqFxWUACgkQjTxG+6f1
ce7VchAAiIaJTSR00JrO9oxaI0CDDSjDH0e+z8FuY
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Andrew,
I'm implementing these features. I'll release the v2.1.1 soon.
The extension itself could be automatically updated. However I'll not enable
this feature because:
1. There isn't any way to verify updated extension in Chrome/Chromium. Inst
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> Version 2.1 is not working on my Chrome 66.0.3350.0 (Official Build) dev
> (64-bit)
>
> It blocks URLs properly. It allows those matching the whitelist properly.
>
> But nothing is run on the Default VM specified.
Did you follow installation in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
> So I'm curious about the different options that exist for implementing this,
> and if anyone can point me towards what resources I should read up on to
> understand what I need to do to accomplish this. Do I need to build a
> modified Qubes in o
46 matches
Mail list logo