Re: [qubes-users] Re: Networking
On Friday, 22 July 2016 03:59:45 UTC+10, raah...@gmail.com wrote: > On Wednesday, July 20, 2016 at 9:59:28 PM UTC-4, Drew White wrote: > > On Thursday, 21 July 2016 10:56:42 UTC+10, raah...@gmail.com wrote: > > > I use kde. I just hit esc at the splash screen to see the boot log. > > > > KDE or not, it's Linux, I don't have RHGB or Silent on, that way wether > > it's boot or shutdown, I can see what's going on. > > > > > > > I've gone back and forth over the years, last time i went back to firefox > > > was when they one again got caught with issue regarding mic and camera > > > haha. Like they often do. But now i'm back to chromium after firefox > > > was not in the latest pwn2own so i guess its a choice between privacy vs > > > security? I use apparmor on both. > > > > Does it work well? > > > > > > > Regarding gpu its my understanding something still has to be for dom0? > > > or at least that would be easier so user would need two gpus on the > > > system at least an onboard and another pci plugin adapter. vms can > > > attack each other and I consider gaming one of he most dangerous things > > > you can do online nowadays. i'd say especially for fps games lmao, so i > > > game on another machine keep qubes machine for everything else. > > > > That's where I have the advantage, I have 1 GPU that I have available for > > passthru. since I have 2. > > > > But still, adding to an AppVM, means it's no longer assigned to Qubes, but > > when the VM shuts down, it's back in use by Qubes. So it's only removed > > from Qubes when it's running. > > First things I've always done is take off quiet and disable ipv6 on bare > metal linux grub. haven't bothered on qubes. I did too, and rhgb. I hate the graphical boot screen. Just comes with being a sys-admin I guess. I like to see what the computer's doing. ipv6, yeah, I always have that disabled. It's not needed after all. I turn it off in all guests too. > Ya chromium works good in qubes. I don't get the fullscreen issue. and > default apparmor works fine with it too. You can see how to setup apparmor > from whonix instructions, and use same method on debian template. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add > some alias lines documented here > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as I'll have to take a look at apparmor, but I wish it wasn't american product. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fc9b6f77-b29d-4509-a324-3af10e576d48%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Handling PDFs in Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 21, 2016 at 01:48:59PM -0400, Micah Lee wrote: > I just wrote a quick blog post about this: > https://micahflee.com/2016/07/how-qubes-makes-handling-pdfs-way-safer/ Nice post :) Minor correction: "It copies the trusted PDF back to the VM" - that would mean that compromised DispVM (by the very same PDF) could pass it back unmodified instead of the sanitized one. It isn't what is done there - it pass only very simple representation of the file (bitmap in this case), then reassemble PDF in the calling VM. But I'm not sure if it worth mentioning in a high level description. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXkRbEAAoJENuP0xzK19csQv4H/RN8zOvc8u9pzlmYRg+iX54n VQYpNWUAyfKREEdsymBtiZoHOUoTa52CjDy9oqXQBFdWOfMNZJni0Bh2jv4vY3Op ZcdMezFXZEdvSM74RHoO+XuAwQEpYZ+1uYWZKxI8FEDS1mUj8ACaqRZudbZN4fXa GBLfT1Z/gDY++7YnfObE98zH1NGTbkMZ1kj+vgC4oOXLSXQgPxBv0Phj/uJxCq/1 UttTvwpoYDjkN2MUuDrdP6ZGQMEU2jvTx99YiitKzEFkNV6HMy/D5MpmzPCAzvy6 0b6PTckSXVXn0y6wQFdXpLRH/1s6/9CWXibMFjOjtISIJCvO1Mkbw17U1GNELn4= =1drR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160721183900.GA5036%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Networking
On Thursday, July 21, 2016 at 1:59:45 PM UTC-4, raah...@gmail.com wrote: > On Wednesday, July 20, 2016 at 9:59:28 PM UTC-4, Drew White wrote: > > On Thursday, 21 July 2016 10:56:42 UTC+10, raah...@gmail.com wrote: > > > I use kde. I just hit esc at the splash screen to see the boot log. > > > > KDE or not, it's Linux, I don't have RHGB or Silent on, that way wether > > it's boot or shutdown, I can see what's going on. > > > > > > > I've gone back and forth over the years, last time i went back to firefox > > > was when they one again got caught with issue regarding mic and camera > > > haha. Like they often do. But now i'm back to chromium after firefox > > > was not in the latest pwn2own so i guess its a choice between privacy vs > > > security? I use apparmor on both. > > > > Does it work well? > > > > > > > Regarding gpu its my understanding something still has to be for dom0? > > > or at least that would be easier so user would need two gpus on the > > > system at least an onboard and another pci plugin adapter. vms can > > > attack each other and I consider gaming one of he most dangerous things > > > you can do online nowadays. i'd say especially for fps games lmao, so i > > > game on another machine keep qubes machine for everything else. > > > > That's where I have the advantage, I have 1 GPU that I have available for > > passthru. since I have 2. > > > > But still, adding to an AppVM, means it's no longer assigned to Qubes, but > > when the VM shuts down, it's back in use by Qubes. So it's only removed > > from Qubes when it's running. > > First things I've always done is take off quiet and disable ipv6 on bare > metal linux grub. haven't bothered on qubes. > > Ya chromium works good in qubes. I don't get the fullscreen issue. and > default apparmor works fine with it too. You can see how to setup apparmor > from whonix instructions, and use same method on debian template. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add > some alias lines documented here > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as woop forgot to ctrl shift c, here is instructinos for apparmor https://www.whonix.org/wiki/Qubes/AppArmor -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/44a48f0f-fe57-40fc-872c-63bc65a32052%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Networking
On Wednesday, July 20, 2016 at 9:59:28 PM UTC-4, Drew White wrote: > On Thursday, 21 July 2016 10:56:42 UTC+10, raah...@gmail.com wrote: > > I use kde. I just hit esc at the splash screen to see the boot log. > > KDE or not, it's Linux, I don't have RHGB or Silent on, that way wether it's > boot or shutdown, I can see what's going on. > > > > I've gone back and forth over the years, last time i went back to firefox > > was when they one again got caught with issue regarding mic and camera > > haha. Like they often do. But now i'm back to chromium after firefox was > > not in the latest pwn2own so i guess its a choice between privacy vs > > security? I use apparmor on both. > > Does it work well? > > > > Regarding gpu its my understanding something still has to be for dom0? or > > at least that would be easier so user would need two gpus on the system at > > least an onboard and another pci plugin adapter. vms can attack each other > > and I consider gaming one of he most dangerous things you can do online > > nowadays. i'd say especially for fps games lmao, so i game on another > > machine keep qubes machine for everything else. > > That's where I have the advantage, I have 1 GPU that I have available for > passthru. since I have 2. > > But still, adding to an AppVM, means it's no longer assigned to Qubes, but > when the VM shuts down, it's back in use by Qubes. So it's only removed from > Qubes when it's running. First things I've always done is take off quiet and disable ipv6 on bare metal linux grub. haven't bothered on qubes. Ya chromium works good in qubes. I don't get the fullscreen issue. and default apparmor works fine with it too. You can see how to setup apparmor from whonix instructions, and use same method on debian template. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829 You just have to add some alias lines documented here > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742829as -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec57c772-66d7-4a1a-a088-7913125b7e18%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.