This guy claims to have created a firewall for untrusted USB's
https://github.com/robertfisk/USG/wiki .
Anyone tested this?
--
Securely sent with Tutanota. Claim your encrypted mailbox today!
https://tutanota.com
--
You received this message because you are subscribed to the Google Groups
On 03/11/2017 09:49 PM, cooloutac wrote:
Also what does Joanna mean by this statement on that page? " At the
same time allowing for easy user-to-root escalation in a VM is simply
convenient for users, especially for update installation."
The statement was originally written a long time ago.
When searching Google or Duck Duck Go, the docs come up on top. So I think
putting things in the docs is a good idea. The list is nice as a fall back
but then you have to sift through a whole chain and piece together the
answer. Much better to have the final "this is how you do X" in the docs.
On
On Sat, Mar 11, 2017 at 08:47:05PM -0500, Chris Laprise wrote:
> On 03/11/2017 11:56 AM, Unman wrote:
> >On Sat, Mar 11, 2017 at 04:43:41PM +, sm8ax1 wrote:
> >>7v5w7go9ub0o:
>
> >>>
> >>>Yep! And ISTM this is an argument for using dispvms to handle mail
> >>>(or any other WAN-exposed
On Saturday, March 11, 2017 at 8:48:27 PM UTC-5, Chris Laprise wrote:
> On 03/11/2017 10:50 AM, cooloutac wrote:
> > I have always felt any level of security is useful no matter how trivial to
> > bypass.
> >
> > But I think the decision here for passwordless sudo is not cause privilege
> >
On 03/11/2017 10:50 AM, cooloutac wrote:
I have always felt any level of security is useful no matter how trivial to
bypass.
But I think the decision here for passwordless sudo is not cause privilege
escalation or non root persistence is trivial. Its because people like my
mother are not
On 03/11/2017 11:56 AM, Unman wrote:
On Sat, Mar 11, 2017 at 04:43:41PM +, sm8ax1 wrote:
7v5w7go9ub0o:
Yep! And ISTM this is an argument for using dispvms to handle mail
(or any other WAN-exposed client/server): start a dispvm; copy mail
client and mail "file" into it; do your mail;
On 03/11/2017 12:15 PM, Unman wrote:
The answer to this is encouraging users to make good use of isolation,
qube use and Qubes features. That isnt irresponsible. It's a way of
dealing with the problem. I think you would need to develop a much more
detailed argument to convince me that the
It does not matter if I download the fedora-24 template from qubes-dom0-update
or if I upgrade it manually (or upgrade to fedora-25). I still get the same
result. The qubes-core.service and qubes-qmemman.service are not to be loaded
nor to be found.
Is this an error or is it designed this
On Sat, Mar 11, 2017 at 01:10:32PM -0800, Daniel Moerner wrote:
> On Friday, March 10, 2017 at 9:55:08 PM UTC-5, Unman wrote:
> > So yes, in a very real sense, it doesn't matter
> > to me if the qube where I collect mail, (which isn't the qube where I
> > read it) is compromised in some way.
>
>
On Saturday, March 11, 2017 at 11:46:24 AM UTC-5, Unman wrote:
> On Sat, Mar 11, 2017 at 08:00:33AM -0800, cooloutac wrote:
> > On Saturday, March 11, 2017 at 10:37:18 AM UTC-5, evo wrote:
> > > Hey,
> > >
> > > how can i change the template VM (from fedora to debian) in terminal of
> > > dom0?
>
On Sat, Mar 11, 2017 at 01:34:19PM -0800, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2017-03-11 09:31, Grzesiek Chodzicki wrote:
> > How to add custom applications to DispVM appmenu:
> >
> > 1. Install the required app in the TemplateVM upon which your
On Sat, Mar 11, 2017 at 10:05:50PM +0100, 'Antoine' via qubes-users wrote:
> On Thu, Mar 09, 2017 at 12:30:21AM +, Unman wrote:
> > > > > > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > > > > I have the same problem with Fedora 23, Debian 8 and Debian 9:
> > > > >
> > > > > =
W dniu sobota, 11 marca 2017 22:34:34 UTC+1 użytkownik Andrew David Wong
napisał:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2017-03-11 09:31, Grzesiek Chodzicki wrote:
> > How to add custom applications to DispVM appmenu:
> >
> > 1. Install the required app in the TemplateVM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2017-03-11 09:31, Grzesiek Chodzicki wrote:
> How to add custom applications to DispVM appmenu:
>
> 1. Install the required app in the TemplateVM upon which your DispVM depends
> (fedora-23/24 by default)
> 2. Shutdown the TemplateVM
> 3. In
On Friday, March 10, 2017 at 9:55:08 PM UTC-5, Unman wrote:
> So yes, in a very real sense, it doesn't matter
> to me if the qube where I collect mail, (which isn't the qube where I
> read it) is compromised in some way.
Hi Unman,
Could you explain your setup for collecting mail in one Qube and
On Thu, Mar 09, 2017 at 12:30:21AM +, Unman wrote:
> > > > > >> https://github.com/QubesOS/qubes-issues/issues/2674
> > > > I have the same problem with Fedora 23, Debian 8 and Debian 9:
> > > >
> > > > = Fedora 23 =
> > > > [user@work ~]$ grep PRETTY /etc/os-release
> > > >
I usually just assume I'm protecting against randoms, not some super persistent
personal target I can't defend against anyways. So you always have to weigh
the efforts.
I hate to use the phrase threat model cause when it pertains to attackers there
is no such thing. Everything is in it so the
Le samedi 11 mars 2017 11:11:41 UTC+1, Vít Šesták a écrit :
> My quick guess is that you need 2GiB more RAM with Qubes0S than with, say,
> Ubuntu. Reasoning:
>
> a. Experience: 6GiB with Ubuntu was somewhat usable, but I had to close all
> apps I was not using at the time and even with this, I
How to add custom applications to DispVM appmenu:
1. Install the required app in the TemplateVM upon which your DispVM depends
(fedora-23/24 by default)
2. Shutdown the TemplateVM
3. In Dom0 run qvm-create-default-dvm
4. At this point your app can be launched in DispVM, to confirm launch Xterm
On Sat, Mar 11, 2017 at 08:49:10AM -0500, Chris Laprise wrote:
> On 03/11/2017 08:10 AM, Unman wrote:
>
> >
> >Anyway, it's a argument that could go on. I dont agree that "the
> >chance for improved security comes for free". It's absolutely clear that
> >Qubes aims to balance security with
On Sat, Mar 11, 2017 at 04:43:41PM +, sm8ax1 wrote:
> 7v5w7go9ub0o:
> >
> >
> > On 03/11/2017 12:10 PM, Alex wrote:
> >> On 03/11/2017 12:14 PM, Chris Laprise wrote:
> >>> On 03/11/2017 04:20 AM, Alex wrote:
> the only really read-write directories (their changes are
> actually
On Sat, Mar 11, 2017 at 07:42:23AM -0800, Rainer Hörbe wrote:
> I installed Qubes R3.2 on a Gigabyte Brix and it worked nicely for a couple
> of weeks. Recently id started displaying the notification "Disconnected - the
> network connection has been disconnected" after login. And in fact no IP
On Sat, Mar 11, 2017 at 08:00:33AM -0800, cooloutac wrote:
> On Saturday, March 11, 2017 at 10:37:18 AM UTC-5, evo wrote:
> > Hey,
> >
> > how can i change the template VM (from fedora to debian) in terminal of
> > dom0?
>
> in the qubes-manager you can right lick a vm and select vm settings.
>
7v5w7go9ub0o:
>
>
> On 03/11/2017 12:10 PM, Alex wrote:
>> On 03/11/2017 12:14 PM, Chris Laprise wrote:
>>> On 03/11/2017 04:20 AM, Alex wrote:
the only really read-write directories (their changes are
actually persisted) are /home and /usr/local.
>>> That is enough to be able to
Thanks, Unman! It's an interesting idea! I'll see what fits better for my
case.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
On Saturday, March 11, 2017 at 10:37:18 AM UTC-5, evo wrote:
> Hey,
>
> how can i change the template VM (from fedora to debian) in terminal of
> dom0?
in the qubes-manager you can right lick a vm and select vm settings.
--
You received this message because you are subscribed to the Google
On Saturday, March 11, 2017 at 8:51:05 AM UTC-5, Chris Laprise wrote:
> On 03/11/2017 08:10 AM, Unman wrote:
>
> If it means a less attractive environment for script kiddies to raise
> hell--- chewing up resources, attacking other computers, creating
> footholds for more advanced threats---
hib0...@gmail.com:
> This part of the file system is not rewritten on every boot. Are you
> constantly somehow verifying your VM every boot, every 5 minutes, every web
> page load? Or are you restoring from a backup every boot or worse rebuilding
> the entire VM from a template every time you
I have always felt any level of security is useful no matter how trivial to
bypass.
But I think the decision here for passwordless sudo is not cause privilege
escalation or non root persistence is trivial. Its because people like my
mother are not gonna constantly type their password in
I installed Qubes R3.2 on a Gigabyte Brix and it worked nicely for a couple of
weeks. Recently id started displaying the notification "Disconnected - the
network connection has been disconnected" after login. And in fact no IP was
acquired from the DHCP server.
When I boot from CentOS etc.
Hey,
how can i change the template VM (from fedora to debian) in terminal of
dom0?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
On 03/11/2017 12:10 PM, Alex wrote:
> On 03/11/2017 12:14 PM, Chris Laprise wrote:
>> On 03/11/2017 04:20 AM, Alex wrote:
>>> the only really read-write directories (their changes are actually
>>> persisted) are /home and /usr/local.
>> That is enough to be able to persist.
> Yes, and that
Am 03/11/2017 um 04:20 PM schrieb cooloutac:
> On Saturday, March 11, 2017 at 10:17:52 AM UTC-5, evo wrote:
>> Am 03/11/2017 um 04:16 PM schrieb cooloutac:
>>> On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> On Friday, March 10,
On Saturday, March 11, 2017 at 10:22:47 AM UTC-5, evo wrote:
> Am 03/11/2017 um 04:20 PM schrieb cooloutac:
> > On Saturday, March 11, 2017 at 10:17:52 AM UTC-5, evo wrote:
> >> Am 03/11/2017 um 04:16 PM schrieb cooloutac:
> >>> On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> Am
On Saturday, March 11, 2017 at 10:16:29 AM UTC-5, cooloutac wrote:
> On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> > Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> > > On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> > >> On Friday, March 10, 2017 at 6:17:37 PM
On Saturday, March 11, 2017 at 10:17:52 AM UTC-5, evo wrote:
> Am 03/11/2017 um 04:16 PM schrieb cooloutac:
> > On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> >> Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> >>> On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
>
On Saturday, March 11, 2017 at 9:54:33 AM UTC-5, evo wrote:
> Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> > On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
> >> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
> >>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
> On
Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
>> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
>>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> Am
Am 03/11/2017 um 02:24 AM schrieb cooloutac:
> On Friday, March 10, 2017 at 8:22:51 PM UTC-5, cooloutac wrote:
>> On Friday, March 10, 2017 at 6:17:37 PM UTC-5, evo wrote:
>>> Am 03/10/2017 um 07:18 PM schrieb cooloutac:
On Friday, March 10, 2017 at 4:14:22 AM UTC-5, evo wrote:
> Am
On 03/11/2017 01:44 PM, Unman wrote:
Hello,
I realise with surprise that some items in the "Q"-symbol that gives
the
xfce menu have disappeared: the settings menu (!), the link to a dom0
termnal & the link to debian-8 template.
Is
On 03/11/2017 08:10 AM, Unman wrote:
Anyway, it's a argument that could go on. I dont agree that "the
chance for improved security comes for free". It's absolutely clear that
Qubes aims to balance security with usability - some of the compromises
that have been made seem wrong to me, this isnt
On Sat, Mar 11, 2017 at 01:10:08PM +0100, Alex wrote:
> On 03/11/2017 12:14 PM, Chris Laprise wrote:
> > On 03/11/2017 04:20 AM, Alex wrote:
> >> the only really read-write directories (their changes are actually
> >> persisted) are /home and /usr/local.
> >
> > That is enough to be able to
On 03/11/2017 07:10 AM, Alex wrote:
On 03/11/2017 12:14 PM, Chris Laprise wrote:
On 03/11/2017 04:20 AM, Alex wrote:
the only really read-write directories (their changes are actually
persisted) are /home and /usr/local.
That is enough to be able to persist.
Yes, and that doesn't even need
On Fri, Mar 10, 2017 at 09:25:23AM +0100, haaber wrote:
> On 03/10/2017 08:05 PM, cooloutac wrote:
> >> Hello,
> >> I realise with surprise that some items in the "Q"-symbol that gives
> >> the
> >> xfce menu have disappeared: the settings menu (!), the link to a dom0
> >>
On 03/11/2017 12:14 PM, Chris Laprise wrote:
> On 03/11/2017 04:20 AM, Alex wrote:
>> the only really read-write directories (their changes are actually
>> persisted) are /home and /usr/local.
>
> That is enough to be able to persist.
Yes, and that doesn't even need root :) So, both having root
On 03/11/2017 04:20 AM, Alex wrote:
the only really read-write directories (their changes are
actually persisted) are /home and /usr/local.
That is enough to be able to persist.
As the others already stated there could be problems for the actually
running session, i.e. the rogue command
My quick guess is that you need 2GiB more RAM with Qubes0S than with, say,
Ubuntu. Reasoning:
a. Experience: 6GiB with Ubuntu was somewhat usable, but I had to close all
apps I was not using at the time and even with this, I got some swapping times.
With 8GiB, it was much better. With QubesOS,
On Saturday, April 16, 2016 at 9:10:10 PM UTC-7, moto...@riseup.net wrote:
> VLC is unable to open the MRL
> 'smb:///share/path/to/movie.m4v'. Check the log
> for details.
>
> I am using a debian-8 cloned appvm to access the share via
> Files->Connect to Server->(type in smb://ip_address)->
On 03/11/2017 12:33 AM, hib0...@gmail.com wrote:
> Im sure this has been kicked into a pulp (considering the threads and
> the text in the sudoers files) but I am still perturbed by the
> argument that allowing unrestricted sudo to root in a DomU VM is
> "safe" and there is "no benefit" to
On Saturday, December 10, 2016 at 11:27:52 AM UTC+5, Achim Patzner wrote:
> Hi!
>
>
> Could someone tell me what qmemman tries to tell me from time to time
> when it is logging this (line wrapping by my editor):
>
>
> Dez 10 03:29:05 dom0 qmemman.systemstate[2624]:
> Xen free = 61143341669
Hi,
Do you want to sell the domain BNC.com?
email me at in...@networkpearl.com
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
52 matches
Mail list logo