-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Patrick,
> I would appreciate suggestions on debugging systemd ordering [and
> also dependency] cycles.
If the cycle is relatively short, you could try opening a couple of
terminal windows and running "systemctl show" commands on each of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Iestyn,
> I tried retrieving the journal for qubes-updates-cache but it only
> had one line that described the timeframe for the journal.
Can you paste the output of "systemctl status qubes-updates-cache"?
Rusty
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Chris Laprise:
> On 02/21/2017 07:43 AM, Rusty Bird wrote:
> > Hi Chris!
> >
> > > On 02/20/2017 08:28 AM, Rusty Bird wrote:
> > > > A small qvm-backup wrapper script that handles running VMs by chrooting
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Trammell Hudson:
> The one drawback to the rd.luks.key approach is that only a single key
> can be passed in.
You can also use "[rd.]luks.key=LUKSUUID=KEYFILE", no idea if that works
any better in practise...
Rusty
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Rusty Bird:
> Trammell Hudson:
> > On Tuesday I presented my work on the Heads firmware at 33C3 and
> > gave Qubes OS (and Joanna's 32C3 tallk) a shout-out. You can watch
> > the video, titled "Bootstrapping a s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> For such multi-stage attack, it could be be much more effective and
> still perfectly feasible to implant a passive hardware device into
> the target computer that would silently capture and record relevant
> USB traffic. Such
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> I'm thinking about applying to the GSoC program and working on
> the Anti Evil Maid shoulder surfing and video surveillance
> resistance project idea.
Awesome!
> However, I've got a question regarding the proposed
> solution which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> On Wed, Mar 29, 2017 at 1:39 PM, Rusty Bird <rustyb...@openmailbox.org> wrote:
> > 1. The TOTP part of the complex scheme. This would be nicely straight-
> >forward, I think.
>
> Agreed. I ev
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Jean-Philippe Ouellet:
> On Wed, Mar 22, 2017 at 8:31 AM, Oleg Artemiev wrote:
> > Is this OK to provide a pullrequest for adding VM (qube) functionality
> > for kill / shutdown some VM using window color border as a start
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Tue, Aug 15, 2017 at 01:59:59PM +, Holger Levsen wrote:
> > So, "sudo qubes-dom0-update" for the first paragraph, and
> > "sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing" for the
> > 2nd…
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> I've updated the README a bit [1] to (hopefully) make some things
> clearer. Also added a section on how to recover from compromises.
>
> Rusty: do you think it's ready to be built and pushed into R4 testing
> repos?
Almost ready
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> Finally managed to track down why unlocking disk with unsealed and
> decrypted LUKS key file didn't work on a clean Qubes OS installation.
>
> While starting to develop this feature, I added the key file path to
> my /etc/crypttab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Patrik!
> On 07/05/2017 05:30 PM, Rusty Bird wrote:
> > How should portable Qubes installations be handled? We can't save
> > the owner password in the initramfs. But I was thinking, the
> > function to write a 256 bit value
the list of contributors:
>
> - Andrew David Wong (Axon)
> - Bahtiar `kalkin-` Gadimov
> - Desobediente Civil
> - HW42
> - Ivan Konov
> - Jasper Tron
> - Jeepler
> - Jon Griffiths
> - Mario Geckler
> - Michal Rostecki
> - Nicklaus McClendon
> - Olivier Médoc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> Would it be OK if I squashed all the commits so far into a single
> large one (as there's already quite a lot of reverts and design
> changes anyway).
Yes, please do.
Rusty
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Andrew Morgan:
> (For some reason your reply doesn't show up in mailing list, so replying
> with it quoted below)
Ah what is the matter with Google Groups and my e-mail address.
> Heh, I need to stop replying to emails in the wee hours of the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Patrik!
I just noticed that qubes-devel seems to break your PGP/MIME
signatures. Inline PGP works better on Google Groups based mailing
lists. (The CCs have all been fine, of course.)
> On 06/26/2017 05:28 PM, Rusty Bird wrote:
> >&g
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> On 07/04/2017 12:28 AM, Rusty Bird wrote:
> > Hi Patrik!
> >> OK, let's go with the freshness token then.
> >
> > To avoid implementation complexity here: What do you think about
> > unconditi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Patrik,
> I've opened a pull request [1] to the AEM repository.
>
> Again, enormous thank you to Rusty Bird for being a wonderful GSoC
> mentor and helping me clean up the patches for submission.
Thank you for not going c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi Patrik,
> On 06/19/2017 12:43 PM, Rusty Bird wrote:
> > Patrik Hagara:
> >> On 06/18/2017 05:51 PM, Rusty Bird wrote:
> >>> Rusty Bird:
> >>>> Patrik Hagara:
> >>>>> Sing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Wed, Jun 07, 2017 at 10:45:30PM +0200, Patrik Hagara wrote:
> > On 06/07/2017 09:45 PM, Rusty Bird wrote:
> > > Hi Patrik,
> > >
> > > Sorry that it took me a whi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Rusty Bird:
> Patrik Hagara:
> > On 06/09/2017 05:22 AM, Rusty Bird wrote:
> > > Rusty Bird:
> > >> In the current WIP version, the keyfile is encrypted before sealing
> > >> and decrypted after unseal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> Any and all code reviews are welcome! The changes I made are stored in
> my fork of AEM repository [1].
- - Please don't feel obligated to read this on a weekend :) -
One thing I noticed is that a comment in anti-evil-maid-unseal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi everyone,
What do you think about getting rid [1] of .png image secret support in
the next major version of Anti Evil Maid? This would offset some of the
increase in complexity incurred by the upcoming TOTP/keyfile support, in
addition to other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Rusty Bird:
> Patrik Hagara:
> > Single-use key file code committed
>
> Whee, I finally get it... Seeing how it all fits together, it looks
> really cool!
>
> What do you think about making replay protection a self-con
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> The initramfs would, upon next boot, read both the sealed LUKS key file
> (unsealing it, along with stored counter value) and the publicly
> readable counter value from TPM -- and, assuming the values match,
> continue booting. An
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> I think PNG support is a nice half-measure against shoulder surfing -
> details on the image are harder to copy/remember (or even photograph
> with a small camera), than some text.
You're right, it is better. I hadn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Patrik Hagara:
> Single-use key file code committed
Whee, I finally get it... Seeing how it all fits together, it looks
really cool!
What do you think about making replay protection a self-contained
secret? If we'd change it from a counter (shared
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Chris Laprise:
> On 09/26/2017 11:14 AM, Peter Todd wrote:
> > Re: privacy, you can setup swap files to use encrypted storage with
> > *volatile*
> > encryption keys that are generated at boot, and never get written to
> > persistent
> > storage.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> Right now I see two options:
> - abandon the goal of fitting the image on DVD (I'd go for this)
*single-layer DVD. Still lots of space on dual-layer DVDs, so this
option seems totally fine to me.
FWIW, I sometimes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Elias Mårtenson:
> Last year, there was a lot of activity surrounding two really
> interesting projects: One about improving the AEM feature, and
> another which was about being able to mark downloaded files as
> insecure so that they can be opened
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi!
So, the qid/dispid of a removed VM can be recycled immediately. When
that happens inside a 10 minute window*, it could break inter-VM Tor
circuit isolation, which is based on the VMs' IP addresses.
For dispids, a relevant collision happens
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Jean-Philippe Ouellet:
> On Wed, Jan 3, 2018 at 7:02 PM, Rusty Bird wrote:
> > Hi!
> >
> > So, the qid/dispid of a removed VM can be recycled immediately. When
> > that happens inside a 10 minute window*, it could bre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marcus Linsner:
> On Thursday, September 27, 2018 at 7:15:30 PM UTC+2, Rusty Bird wrote:
> > Marcus Linsner:
> > > I haven't yet tried installing an .iso because I need to get an
> > > empty disk, probably next w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
Is there a way to build an up-to-date R4.0 installer ISO from the
latest pre-built official packages in current(-testing)?
I'd rather not rebuild all of them - just the few for which I have
extra patches.
Rusty
-BEGIN PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Fri, Sep 21, 2018 at 08:51:52AM +0000, Rusty Bird wrote:
> > Is there a way to build an up-to-date R4.0 installer ISO from the
> > latest pre-built official packages in current(-testing)?
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Fri, Sep 21, 2018 at 11:48:17AM +0000, Rusty Bird wrote:
> > Now, if I run
> >
> > $ make iso
> >
> > it fails with:
> >
> > -> Installing installer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marcus Linsner:
> 2. in another terminal: sudo iotop
> 3. in a 3rd terminal: logger
>
> every time you press Enter in [3.] [...] "Actual DISK WRITE" is like
> 15KB)
I can't reproduce this in my dom0, which has vanilla journald.conf/
sysctl values
fails due to a download error, just rerun it. Unless I
made a mistake putting everything together (in which case, please say
so), it should spit out an installer image file in the iso/ directory.
> I'd be very interested into building(and testing) an iso with all of this:
> "Rus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marcus Linsner:
> On Tuesday, September 25, 2018 at 3:13:19 PM UTC+2, Rusty Bird wrote:
> > Rusty Bird:
> > > Marcus Linsner:
> In other words, `systemd-journald` causes a write as `Total DISK
> WRITE`, but not a sync/flush
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Rusty Bird:
> Marcus Linsner:
> > 2. in another terminal: sudo iotop
> > 3. in a 3rd terminal: logger
> >
> > every time you press Enter in [3.] [...] "Actual DISK WRITE" is like
> > 15KB)
>
> I c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Manuel Amador (Rudd-O):
> > I haven't been able to understand the codebase for the "file" storage
> > pool very well.
That might be for the better... It's kind of the haunted house storage
driver at this point.
> > At which point in the lifetime
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Hobach:
> the latest dom0 update apparently introduced a socat dependency for
> qubes-core-dom0 4.0.47-1.
>
> Where does this come from?
https://github.com/QubesOS/qubes-core-admin/commit/c95370c5fbb57c8fc6caadb6c20a1d4ef91e5369
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> Nest week turned out to be next month, but it's here:
> https://ftp.qubes-os.org/iso/Qubes-R4.1.0-alpha20201014-x86_64.iso
> and its signature:
> https://ftp.qubes-os.org/iso/Qubes-R4.1.0-alpha20201014-x86_64.iso.asc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Chris Laprise:
> On 9/20/20 3:10 PM, Rusty Bird wrote:
> > Chris Laprise:
> > > * Allocating a thin lvm pool and then using the plain file pool type
> >
> > Can you expand on what you're trying to do and how it's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek, the masses are chanting it!!
https://www.youtube.com/watch?v=sq5g-V63Q30=1511
Less shitpostingly, I was about to comment on #6041 with how to move
from ext4/file to btrfs/file-reflink but noticed that btrfs-convert
had a nasty bug that's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
> On 9/20/20 2:03 PM, Marek Marczykowski-Górecki wrote:
> > In the meantime, I could use some help with debugging suspend issues[2]
> > which I consider one of the very few blockers before I switch to R4.1
> > myself :)
Oh shit, I'm like the least
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Pin dev:
> I need to analyze memory from one qube that is suspected to contain
> malware.
$ xl dump-core vmname filename
Rusty
-BEGIN PGP SIGNATURE-
iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAl80Sl5fFIAALgAo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
David Hobach:
> I'm trying to understand the qubes.storage.Pool interface and its
> requirements for implementations.
>
> In particular I wonder:
> Are implementations required to be fully initialized right after the
> constructor is called?
You
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi David,
> How do you distribute modifications specific to certain template operating
> systems?
>
> I considered sending the seemingly trivial 2-line PR for [5988], but then
> noticed that
> modifying upstream systemd configuration can be done
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Mon, May 10, 2021 at 10:27:38AM +0000, Rusty Bird wrote:
> > I was trying to check on the status of the Arch Linux template, but
> > the issue ticket[1] has disappeared ("Page not found"
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I was trying to check on the status of the Arch Linux template, but
the issue ticket[1] has disappeared ("Page not found"). Maybe it's
caught in a GitHub spam filter?
(archive.org has a single old capture[2] that's definitely missing
some updates.)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Peter Todd:
> On Fri, Feb 05, 2021 at 06:59:05PM +0100, donoban wrote:
> > On 2/5/21 5:24 PM, Jinoh Kang wrote:
> > > - Switch to reflinks. BTRFS has been around 10+ years, so I assume it's
> > > stable enough?
> >
> > I've been using BTRFS for a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Wed, Apr 20, 2022 at 12:32:56PM +0000, Rusty Bird wrote:
> > Did you ever hear back from them?
>
> Yes, a month later, and it's not very optimistic one:
> I'm unable to provide any further
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Marek Marczykowski-Górecki:
> On Mon, May 10, 2021 at 11:56:51AM +0000, Rusty Bird wrote:
> > Marek Marczykowski-Górecki:
> > > On Mon, May 10, 2021 at 10:27:38AM +, Rusty Bird wrote:
> > > > I was trying to check o
55 matches
Mail list logo