.)
It does not work for Windows, though.
Regards,
Vít Šesták 'v6ak'
On Tuesday, May 24, 2016 at 1:45:47 AM UTC+2, Iestyn Best wrote:
>
> Hi,
>
> I like trying to revitalize old discussion topics. ;) I hope there is not
> a problem with me doing so.
>
> I am curious
> security (exposing Dom0 to untrusted hardware).
IIUC:
1. Missing IOMMU also means a malicious DomU with a PCI device can attack dom0
through DMA.
2. Actually, IOMMU does not fully protect dom0 from a malicious hardware,
because a malicious hardware could alter the boot process.
--
You recei
ct. In the
documentation, I have found nothing about caching. A brief look at the
source code also suggests that I could set pool._config = None before
reading pool.config again, but that's really unclean solution that relies
on the current implementation.
Is there a better way to do it?
Regards,
V
HDMI-1 and eDP1 to
eDP-1. As a result, it broke my screen configuration scripts, so that my
external screen was just scaled-up fullHD mirror of my laptop screen. But
the solution was pretty easy: just adjust the screen names in the scripts.
I have observed no other drawbacks so far.
Regards,
V
Is it OK to see ”cat: broken pipe“ during update of the microcode package?
It still boots. Note that the machine has an AMD CPU.
Regards,
Vít Šesták 'v6ak'
On Wednesday, June 9, 2021 at 3:06:35 AM UTC+2 a...@qubes-os.org wrote:
> Dear Qubes Community,
>
> We have just publi
Hello,
In 3.0 and 3.1, I used KWin with XFCE and it worked well. In 3.2-rc3, it
does not show VM name in the title and does not color borders. Why?
This happens for both Plastik and Breeze.
In pure KDE, it works OK.
Regards,
Vít Šesták 'v6ak'
--
You received this message becau
f subprocess.check_output(
['xprop', '-root', '-notype', 'KWIN_RUNNING']) == \
'KWIN_RUNNING = 0x1\n':
Do you think you can merge such change back to Qubes?
Regards,
Vít Šesták 'v6ak'
On Wednesday, Septembe
When I use KWin with Breeze theme, the yellow window titles have white
text, which is poorly readable. Could this be changed to, say, black text?
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
rather designed to work with a specific narrow range of KWin versions.
BTW, advantage of non-checking the KDE version might come with KDE 6, which
would also break the condition :)
So, should I make a pull request for this?
Regards,
Vít Šesták 'v6ak'
--
You received this message becau
some
ancient KDE and without much details, but it still seems somewhat relevant.
I hope I'll do more about this later.
Regards,
Vít Šesták 'v6ak'
On Wednesday, September 7, 2016 at 3:46:29 PM UTC+2, Marek
Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Has
that I did
not break anything. If Plastik works OK for others, I'll have to find out
what is broken on my machine. If Plastik is not supposed to work well ATM,
I'll probably send a pull request.)
Regards,
Vít Šesták 'v6ak'
On Wednesday, September 7, 2016 at 11:42:44 PM UT
Thanks for the info.
On Sunday, September 11, 2016 at 9:00:46 PM UTC+2, Marek
Marczykowski-Górecki wrote:
>
> Take a look at discussion here:
> https://github.com/QubesOS/qubes-issues/issues/1784
>
I went through the discussion. Is there anything specific I should note?
In short: no, Plastik
On Qubes 3.2, I have qubes-gui-dom0 and no update is available through
qubes-dom0-update.
BTW, after the update, is itt enough to kill (and restart by some command) all
guid processes?
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubsc
critical issue, there will be a QSB for it.
Moreover, we still don't know the severity.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emai
My experience with swapiness (on non-Qubes): When having high swapiness, it
uses swap more than actually needed, sligtly slowing the system down. OTOH,
when having swapiness=0, it runs smoothly until RAM limit is reached. Then, it
suddenly freezes for few minutes.
Qubes doesn't look like design
rrent state of this countermeasure?
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@goo
Thanks for the responses. Knowing the RAM requirements is important for
choosing new hardware.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving ema
.
b. My favourite hack sudo swapoff -a && sudo swapon -a would not work well.
Maybe some alternative could be found, though.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe fro
hen it may force something else to be swapped out). So I think this
> problem still applies to some degree.
>
Why it would do so? If there is some extra memory and vm.swappiness==0, I
can't see a scenario for that (except those unrelated to swap).
Regards,
Vít Šesták 'v6ak&
variant: Assume that there is no use case for large vm.swappiness
in Qubes: f(usage_mem)/(1-swappiness/100)
b) Complex variant: Assume one might want higher swappiness, so add some
upper limit: min(f(usage_mem+usage_swap), f(usage_mem)/(1-swappiness/100))
Does this sound reasonable?
Regards,
n. Less ideally, at least some
focus-stealing notification would also help. Focus-stealing is poartially
discussed in seemingly unrelated issue
https://github.com/QubesOS/qubes-issues/issues/1455 .
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to
one more idea, but I forgot it. 😔
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googl
ually interacts with
dom0.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To
Cool. Are you planning to make them available also for those that don't attend
CCC?
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails f
OK, I understand you prefer investing the effort in Qubes to selling T-shirts
and I am OK with this. But there are some services (I know
https://www.redbubble.com/ , but there might be some others) that do all for
you, including T-shirts printing, shipping etc.
--
You received this message bec
Characters like “–” seem to be also disallowed. I also haven't succeeded with
RTL-related characters like \202e.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this
Note that I've taken rather a brief look, it was not a deep review.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, sen
the
same applications, it does not seem to matter if I am using a 1GiB template or,
say, 100GiB template. The extra apps are unused, so I don't care about them.
* Package clash – I don't share this experience.
* Uninstalling – well, if you read the questions, you can get it.
Regards,
Vít Še
default.
Regards,
Vít Šesták
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send emai
I don't see any extra exposure for dom0 there. Yes, there is some qrexec call
managed by dom0 (but handles by another AppVM) and this adds some (very very
marginal, thanks to qrexec simplicity) risk compared to not allowing any qrexec
call. However, there already are some other qrexec calls that
Well, blockchain could be probably also used as a proof of freshness: Just add
some Blockchain-related data to the signed message.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe
ying might be a challenge due to potential race conditions.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
different meaning there. The
copy/paste/cut keycodes would be a much more elegant solution if they were
supported.
2. How to prevent race conditions, e.g., copy from VM to dom0 happens before
text is copied from selection in the VM. Maybe there is some solution.
Regards,
Vít Šesták '
Hmm, copy action could be probably implemented by copying from selection, that
sounds rather OK for me.
But I still don't see how to implement paste.
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiv
I agree with the change.
> If you do not reply with one month, we will assume that you consent to this
> change.
I am afraid this is not legally bulletproof.
Anyway, I wish you smooth transition to the new license.
Regards,
Vít Šesták 'v6ak'
--
You received this message
name) that disables all USB
devices in dom0, you are currently out of luck. While there are input proxies,
they will not currently work with touchscreen.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" g
is encrypted by a key that is held in memory only, so the whole
partition is protected in a similar way as dom0 swap.
Regards,
Vít Šesták 'v6ak'
On Tuesday, September 26, 2017 at 9:43:32 AM UTC+2, tai...@gmx.com wrote:
>
> It increases SSD wear and decreases privacy by writing t
Do you mean Wayland in AppVMs, dom0, or in both?
For AppVMs, I don't care much while X11 is supported.
For dom0, it might be important for hardware support.
Regards,
Vít Šesták 'v6ak'
On Friday, November 17, 2017 at 8:20:33 PM UTC+1, Henry de Valence wrote:
>
> On Fri,
Running in DispVM can prevent some class of attack that extracts data using
techniques like path traversal, XXE (hmm, …) or other attacks below RCE.
Regards,
Vít Šesták 'v6ak'
On Wednesday, November 15, 2017 at 12:07:21 AM UTC+1, Marek
Marczykowski-Górecki wrote:
>
> -
g PV. I am not sure how hard/easy it is, though.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+un
t; into. As soon as we get stable PVHv2. Right now Xen do not support PVHv2
> as stubdomain. Also, Xen do not support PVHv2 with PCI passthrough. At
> least not yet.
Hmm, hmm.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
Cool, this can allow us to test PVH without switching to Q4.1.
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post t
late
now, but it might be good to use this in, say, Qubes 4.1.
Regards,
Vít Šesták
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr
rity.
Also, the people who don't want the performance hit and cannot upgrade to Q4
can:
a. Disable the patch. (Reasonable on CPUs that aren't affected.)
b. Maybe migrate to HVMs?
If Spectre cannot be addressed via the third option, then the conclusion is not
so clear for me.
Regar
On Thursday, January 18, 2018 at 11:25:11 AM UTC+1, Chris Laprise wrote:
> If this Xen 4.6 patch were more robust in protecting memory, I'd opt for
> it instead of upgrading Xen.
I believe that PVHs are more robust. But I'd prefer to stay conservative in
Qubes 3.2 and progressive in Qubes 4.0.
ble when there is no other way.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@google
s finished.
I see this approach is too late for Qubes4-rc1, but it could be useful for some
future release.
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop rec
owhammer test might take some time...
Regards,
Vít Šesták 'v6ak'
Maybe top-posting is bad. However, quoting whole message (including quotes of
quotes and quotes of quotes of quotes etc.) before your message is even worse.
Please don't let others scroll extensively.
--
You receiv
at the time of writing… (Note the typo
in my previous post – I wrote “rc1” instead of “rc4”.)
Regards,
Vít Šesták 'v6ak'
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop
49 matches
Mail list logo