> OK, so the main takeaway from your answer:
>
> "The card doesn't have a host CPU and so it doesn't require a firmware
> source"
>
> that seems like the most interesting
>
> the driver would still need to be bug-free though
>
> who knows whether any of these have even been audited
I think the
I guess the only other thing I would add is.
With Firefox, you have a page "Security Advisories", which lists the history of
Firefox exploits.
I wonder if such a thing exists for WiFi drivers + firmware.
Or even a list of any major audits of WiFi drivers + firmware.
If there is some
OK, so the main takeaway from your answer:
"The card doesn't have a host CPU and so it doesn't require a firmware source"
that seems like the most interesting
the driver would still need to be bug-free though
who knows whether any of these have even been audited
thanks for your replies
> Hi folks,
>
> Any chance that there will be added in the feature for snapshots?
> even CoW snapshots would be good, then a consolidation option once done.
>
> I have one issue where I want to do something, but I have to 7z the VM
> before I can do anything to it in-case it breaks.
>
> I know
> Yeah... and surely this is exactly what can happen, no..?
>
> We had 2 Xen exploits in the last 1 year.
I expect those exploits have caused a lot more scrutiny of the code, so
hopefully such exploits won't be heard of again. Qubes devs are moving
away from PVM which should avoid the threat of
Hi folks,
Any chance that there will be added in the feature for snapshots?
even CoW snapshots would be good, then a consolidation option once done.
I have one issue where I want to do something, but I have to 7z the VM before I
can do anything to it in-case it breaks.
I know that there are
On Friday, 23 September 2016 18:05:39 UTC+10, Simon wrote:
> Hello Drew,
>
> > I'm tired of having to re-do the work that gets lost if files get
> > corrupted
> > or not saved properly, and also browsing information from things I'm
> > doing.
>
> I share your frustration. Which computer are
> If your Tor is running in another appVM, such as whonix-gw does, the worst
> a sys-net compromise could do is redirect the *encrypted* Tor traffic from
> whonix-gw, which isn't terribly useful for the attacker.
Oh, I should mention, as you asked in your original question, that yes, a
> OK, but I have already built the script. I have it running in Net VM. It
> works.
>
> I am NOT asking you to make an alternative system.
>
> I am simply asking whether an attack on the WiFi/Ethernet in the Net VM
> could also end up messing up my Tor script.
>
> Look at the question again:
>
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Mon, Sep 26, 2016 at 12:02:01AM +0200, Mara Kuenster wrote:
> Hmm yeah with that I managed to boot through BIOS mode, unfortunately the VMs
> don’t start (randomly, different ones fail on each boot attempt). So
> basically something seems to go
> nishiwak...@gmail.com:
>> Hello,
>>
>> I am surprised that there is no way to disable ipv6 on Debian template.
>>
>> I reinstalled first the template using documentation
>> https://www.qubes-os.org/doc/reinstall-template/
>>
>> Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in
> I'm pretty sure that can be done fairly simply, out-of-the-box via
> NetworkManager, not requiring a script:
Oh, and another good tip, is to make another NetworkManager show up in a
secondary VM (other than just from sys-net), you can manually add
"network-manager" (and check it) as a service
> In terms of "hotspot" terminology, what it does is, quote from author of
> the script:
>
> "it bridges the two interfaces but uses NAT to achieve it"
Ah, so it sets up some iptable nat rules (and maybe tweaks torrc to allow
it to listen on a non-local interface; although iptables could do that
Hmm yeah with that I managed to boot through BIOS mode, unfortunately the VMs
don’t start (randomly, different ones fail on each boot attempt). So basically
something seems to go wrong. The disks get decrypted and I can login with the
manager etc. but the system is more or less a complete
In terms of "hotspot" terminology, what it does is, quote from author of the
script:
"it bridges the two interfaces but uses NAT to achieve it"
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving
NET VM
--
--
- WiFi device-
--
- Ethernet device-
--
- Tor ethernet hotspot script-
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, Sep 25, 2016 at 02:22:49PM -0700, mara.kuens...@gmail.com wrote:
> Hi,
>
> I just discovered that AEM needs a BIOS boot.
> Is there a way to install grub into the MBR of an USB drive after Qubes was
> already installed in UEFI mode? If
Hi,
I just discovered that AEM needs a BIOS boot.
Is there a way to install grub into the MBR of an USB drive after Qubes was
already installed in UEFI mode? If so... How? Like any other Linux distribution
or does Qubes need something special?
I would want to avoid re-installing Qubes if
nishiwak...@gmail.com:
> Hello,
>
> I am surprised that there is no way to disable ipv6 on Debian template.
>
> I reinstalled first the template using documentation
> https://www.qubes-os.org/doc/reinstall-template/
>
> Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I
OK.. here we go This is my question with a DIAGRAM to help you visualise it:
http://imgur.com/a/CTbLk
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, Sep 25, 2016 at 01:55:47PM -0700, Andrew David Wong wrote:
> On 2016-09-25 04:09, johnyju...@sigaint.org wrote:
> > (Apologies if this is a duplicate; I could have sworn I already submitted
> > it, but I don't see any sign of it on the list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-09-25 04:09, johnyju...@sigaint.org wrote:
> (Apologies if this is a duplicate; I could have sworn I already submitted
> it, but I don't see any sign of it on the list or my outbox. Weird.)
>
> USB is generally considered evil/risky as
Hello
Is it normal that after installed macchanger and made all the steps to
anonymize mac address, have to wait network-manager that start for more
than 1 minute when I run a proxyVM? (it didn't happen before, now shows
two monitor in the icon with a red x)
Regards
--
You received this message
And it works!? Please do share how! :)
I also have a brand new 4th gen x1 carbon and have spent the past week
struggling to get it to a usable state.
Do you have the horrible rainbow screen on resume?
What kernel are you running in dom0?
Was there some magic bios settings combination required
> OK, it's the original poster here.
> The consensus so far is that anything I run inside sys-net should be
> vulnerable, and that it is advised not to run programs in sys-net.
>
> So, in this case, how am I supposed to run my Ethernet Tor hotspot..?
I think you're going to have be more specific
> I am surprised that there is no way to disable ipv6 on Debian template.
>
> I reinstalled first the template using documentation
> https://www.qubes-os.org/doc/reinstall-template/
>
> Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I
> did reboot the Template but it didn't
On Saturday, September 24, 2016 at 10:36:11 PM UTC-4, Chris Laprise wrote:
> Have you tried using the grub boot menu to select another kernel
> version? You can also adjust some kernel parameters there by pressing 'e'.
>
> Does your x1 have an option for legacy boot instead of UEFI? That may
>
OK, it's the original poster here.
The consensus so far is that anything I run inside sys-net should be
vulnerable, and that it is advised not to run programs in sys-net.
So, in this case, how am I supposed to run my Ethernet Tor hotspot..?
I had somebody write me a script that lets Qubes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, Sep 25, 2016 at 05:05:36PM +0300, Eva Star wrote:
> On 09/25/2016 01:36 PM, Andrew David Wong wrote:
>
> > Sure, that could make sense. Some desktop environments already support
> > something similar. For example, in KDE you can assign
On Sunday, September 25, 2016 at 8:42:08 AM UTC-4, Clark Venable wrote:
> Nope. Allow local data to be set is enabled.
It all works as I expect in Firefox, So I'm happy to leave this alone and just
use Firefox rather than Chrome (which is probably what the devlopers intended
by including
On 09/25/2016 01:36 PM, Andrew David Wong wrote:
Sure, that could make sense. Some desktop environments already support
something similar. For example, in KDE you can assign different power
settings (including timeouts) to different "activities," then assign
hotkeys (or use a GUI widget) to
On 09/25/2016 08:12 AM, johnyju...@sigaint.org wrote:
Chris wrote:
Especially if you did the sharing via a separate vpn or ssh tunnel. But
in general, I don't think Qubes security should be considered much if
any benefit to adjacent non-Qubes systems.
I'm curious as to why you would say this.
Hello,
I am surprised that there is no way to disable ipv6 on Debian template.
I reinstalled first the template using documentation
https://www.qubes-os.org/doc/reinstall-template/
Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I did
reboot the Template but it didn't
Chris wrote:
> Especially if you did the sharing via a separate vpn or ssh tunnel. But
> in general, I don't think Qubes security should be considered much if
> any benefit to adjacent non-Qubes systems.
This is one of my favorite implicit features of Qubes:
Setting up multiple layers of network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Sun, Sep 25, 2016 at 08:09:34AM +0200, Fabian Wloch wrote:
> > What is the purpose of sys-firewall..?
> >
> > I noticed that every App VM has its own "Firewall Rules" > inside of VM
> > Settings.
> >
> > So therefore, what is the purpose of
Chris wrote:
> Especially if you did the sharing via a separate vpn or ssh tunnel. But
> in general, I don't think Qubes security should be considered much if
> any benefit to adjacent non-Qubes systems.
I'm curious as to why you would say this.
Any additional firewall between a Laptop and the
Sounds like it could have been introduced in R3.1 Xen 4.6 for you
specifically due to your hardware. If that's the case, it wouldn't
be a good idea to note this on the page, since it might not apply
to others.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
> Simple question: Why are Ethernet and WiFi in sys-net..?
>
> Is it
>
> (A) Just for easy access to the same network for all App VMs..?
>
> (B) Because this is isolating Ethernet and WiFi from the rest of the
> system, to stop DMA attacks..?
Primarily (B). Any DMA attack or other network
On 09/25/2016 07:08 AM, johnyju...@sigaint.org wrote:
Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet.
The Qubes machine is sharing its Internet connection.
Let's say the Qubes machine gets hit with a DMA attack.
The 2nd laptop is not a Qubes machine, and therefore
> If the Qubes machine is hit by a DMA attack, it is compromised and could
> thus tamper with the forwarded Internet connection however the attacker
> desires. (As well as scraping any credentials you might use in common on
> the Qubes box, and carrying out aggressive attacks on anything on your
> Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet.
>
> The Qubes machine is sharing its Internet connection.
>
> Let's say the Qubes machine gets hit with a DMA attack.
>
> The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for
> DMA protection.
>
> Can
On 09/25/2016 06:35 AM, asdfg...@sigaint.org wrote:
Hello
After setup my VPN in network manager (but not in config/vpn like the
tutorial says) I have configured DNS script (in my client and like
qubes-vpn-handler.sh file) and iptables (only the 2 lines that block
forwarding connection). Do these
On 09/25/2016 02:34 AM, neilhard...@gmail.com wrote:
Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet.
The Qubes machine is sharing its Internet connection.
Let's say the Qubes machine gets hit with a DMA attack.
The 2nd laptop is not a Qubes machine, and therefore
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-09-24 15:48, Eva Star wrote:
> On 09/20/2016 03:42 PM, Andrew David Wong wrote:
>
>> Note: Watching a movie, even in fullscreen mode, will not affect
>> this timeout, since dom0 doesn't "know" about that type of
>> activity. This is
What is the purpose of sys-firewall..?
I noticed that every App VM has its own "Firewall Rules" > inside of VM
Settings.
So therefore, what is the purpose of sys-firewall..?
Thanks
The reason I am aware of: VMs should not see each other. firewallVM allows
them to see/connect to netVM, but
45 matches
Mail list logo
