[qubes-users] Secure Handling of Encrypted Drives

2017-04-11 Thread Sam Hentschel
I am trying to figure out a way to securely handle my encrypted drives without two things: connecting the USB directly to the Vault (as this is obviously a bad idea for security), and decrypting the USB in sys-usb (also obviously a bad idea). As an example, I have some USB that I keep encrypted

[qubes-users] Re: Breaking the Security Model of Subgraph OS

2017-04-11 Thread cooloutac
Nice will def read this! As far as I know only diff between doing it yourself is they have their own sandbox or something and everything is sandboxed that needs network? And write a couple programs from scratch like a mail client? I can't remember, I tried it out very briefly and didn't

Re: [qubes-users] Breaking the Security Model of Subgraph OS

2017-04-11 Thread taii...@gmx.com
What exactly makes subgraph special and not just another apparmor/selinux MAC type clone? The firewall is a neat bit of progress however, but again that can also be accomplished with an apparmor MAC default profile however allow app to access site etc is only on an IP basis not a DNS basis

Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-11 Thread Unman
On Tue, Apr 11, 2017 at 06:20:38AM -0700, Dominique St-Pierre Boucher wrote: > On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote: > > qubenix: > > > Andrew David Wong: > > >> On 2017-04-09 15:25, Joonas Lehtonen wrote: > > >>> Hi, > > >> > > >>> if you setup MAC randomization via

[qubes-users] Stripping down dom0 kernels: Any tips?

2017-04-11 Thread Reg Tiangha
So I've been playing around with kernels in Qubes and successfully run kernel 4.10 in dom0 and any domUs where grsecurity-based kernels create too many issues. My next goal is to try and see if I can get coldkernel running in dom0 alongside the Qubes-specific kernel patches. I had tried a couple

Re: [qubes-users] Re: Persistent /usr/local: Are there risks?

2017-04-11 Thread Chris Laprise
On 04/10/2017 05:54 PM, Unman wrote: On Mon, Apr 10, 2017 at 03:39:26PM -0400, Chris Laprise wrote: On 04/10/2017 03:17 PM, Chris Laprise wrote: On 04/10/2017 02:55 PM, Reg Tiangha wrote: I think I'll try an /etc/rc.local script that deletes /rw/usrlocal and re-creates just the top dir. Also

Re: [qubes-users] Re: Protect AppVM init startup scripts:

2017-04-11 Thread Chris Laprise
On 04/11/2017 12:14 PM, cooloutac wrote: On Monday, April 10, 2017 at 11:43:55 AM UTC-4, Chris Laprise wrote: Here is a small script for Linux templates that protects files executed on startup by... bash sh Gnome KDE Xfce X11 Together with enabling sudo authentication, this is a simple way to

[qubes-users] HCL - Samsung 940X3G hcl report text

2017-04-11 Thread richard
--- layout: 'hcl' type: 'laptop' hvm: 'yes' iommu: 'no' slat: 'yes' tpm: 'unknown' brand: | SAMSUNG ELECTRONICS CO., LTD. model: | 940X3G/930X3G bios: | P05ACJ.128.140819.dg cpu: | Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz cpu-short: | FIXME chipset: | Intel Corporation

[qubes-users] HCL - Samsung 940X3G hcl report

2017-04-11 Thread richard
--- layout: 'hcl' type: 'laptop' hvm: 'yes' iommu: 'no' slat: 'yes' tpm: 'unknown' brand: | SAMSUNG ELECTRONICS CO., LTD. model: | 940X3G/930X3G bios: | P05ACJ.128.140819.dg cpu: | Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz cpu-short: | FIXME chipset: | Intel Corporation

[qubes-users] HCL - Samsung 940X3G

2017-04-11 Thread richard
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To

[qubes-users] Display issues with Kali HVM

2017-04-11 Thread Micah Lee
When I install Kali in an HVM it has this terrible display issue [1]. When I move the mouse to the top-left of the window, I can see the cursor navigate over the Application menu in the bottom left. Does anyone know how to fix this? This screen resolution trick [2] doesn't do it. If I set a

[qubes-users] Breaking the Security Model of Subgraph OS

2017-04-11 Thread Micah Lee
I met up with Joanna at the recent Tor meeting in Amsterdam, and we tried to see if we could hack Subgraph OS, which I was running on my travel computer. We succeeded, and I've written up all the details here: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ And also

Re: [qubes-users] Re: USB Headset

2017-04-11 Thread Grzesiek Chodzicki
W dniu wtorek, 11 kwietnia 2017 18:25:09 UTC+2 użytkownik Stephan Marwedel napisał: > Thank you for the hints. When assigning the USB controller to the > Windows HVM not error messages are displayed anymore. BTW, it is > difficult to figure out which USB controller to assign to the Windows HVM.

Re: [qubes-users] Re: USB Headset

2017-04-11 Thread Stephan Marwedel
Thank you for the hints. When assigning the USB controller to the Windows HVM not error messages are displayed anymore. BTW, it is difficult to figure out which USB controller to assign to the Windows HVM. However, the USB headset does not appear as a device in Windows, so the appropriate

Re: [qubes-users] HDMI-related threats in Qubes OS

2017-04-11 Thread cooloutac
On Monday, April 10, 2017 at 3:28:05 PM UTC-4, Vít Šesták wrote: > > what about vga or dvi wires? > > Frankly, my main interest is HDMI. But I have briefly looked at VGA and DVI > pinouts. It seems that the only input channels are hotplug (if you count > this) and DDC (for resolutions etc.).

Re: [qubes-users] Re: Persistent /usr/local: Are there risks?

2017-04-11 Thread cooloutac
On Monday, April 10, 2017 at 5:54:27 PM UTC-4, Unman wrote: > On Mon, Apr 10, 2017 at 03:39:26PM -0400, Chris Laprise wrote: > > On 04/10/2017 03:17 PM, Chris Laprise wrote: > > >On 04/10/2017 02:55 PM, Reg Tiangha wrote: > > > > > >I think I'll try an /etc/rc.local script that deletes

[qubes-users] Re: Scanner use in VM

2017-04-11 Thread cooloutac
On Monday, April 10, 2017 at 9:22:47 PM UTC-4, Daniel Acevedo wrote: > I only see my scanner in dom0, using this command: > > # lsusb | grep Canon > > Bus 001 Device 005: ID 04a9:1909 Canon, Inc. CanoScan LiDE 110 > > Of course it doesn't appear in the VMs. > > I know I should assign the

[qubes-users] Re: Skype Package Installation Issue

2017-04-11 Thread cooloutac
On Monday, April 10, 2017 at 11:45:01 PM UTC-4, Nick Geary wrote: > I've installed the Skype .dpm package and installed it using dnf install > ./..dpm. The installation completed without errors. > > However, I don't see skype listed in the AppVm's list of available shortcuts > or within the

Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-11 Thread cooloutac
On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote: > qubenix: > > Andrew David Wong: > >> On 2017-04-09 15:25, Joonas Lehtonen wrote: > >>> Hi, > >> > >>> if you setup MAC randomization via network manager in a debian 9 > >>> template as described here: > >>>

Re: [qubes-users] for people using MAC randomization (debian 9 tmpl): you might want to avoid hostname leaks via DHCP too

2017-04-11 Thread Dominique St-Pierre Boucher
On Monday, April 10, 2017 at 5:06:30 PM UTC-4, qubenix wrote: > qubenix: > > Andrew David Wong: > >> On 2017-04-09 15:25, Joonas Lehtonen wrote: > >>> Hi, > >> > >>> if you setup MAC randomization via network manager in a debian 9 > >>> template as described here: > >>>

Re: [qubes-users] Re: Android-x86 on Qubes

2017-04-11 Thread Eva Star
On 04/11/2017 12:17 PM, Desobediente wrote: I've tried every possibility to install or boot from live iso both cyanogen mod x86 and android-x86 and I've never had any luck. The HVM just sits there forever with "ANDROID" spinning. It goes on for days. Android 4.4 x86 work and install without

[qubes-users] Re: Android-x86 on Qubes

2017-04-11 Thread Desobediente
I've tried every possibility to install or boot from live iso both cyanogen mod x86 and android-x86 and I've never had any luck. The HVM just sits there forever with "ANDROID" spinning. It goes on for days. -- You received this message because you are subscribed to the Google Groups

[qubes-users] Re: off topic - invite codes to 'riseup'

2017-04-11 Thread mantixgermanix
Looking for one as well, getting an activist group started in my area and need some privacy. If someone could PM me one would be greatly appreciated. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop