[qubes-users] Re: download new fedora-26
On Wednesday, 22 November 2017 11:11:17 UTC-5, Roy Bernat wrote: > Hi > > i am trying to download fedora-26 but with no success . > > i succeeded a month ago but now i am getting nothing . > > any suggestions ? > > R Thank for all answers . i am using qubes4.0 and i used to download the template using Qubes-dom0-update command . manually download i tried to use wget but there is no wget availble in dom 0 . R -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c29e85b-7551-44f5-820f-fae637372f43%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] 4.x Recommendations for Processor/Laptop
On 11/23/2017 12:01 AM, LE wrote: I am looking to make my next laptop purchase, and I would like to avoid the vulnerability associated with ME and PSP. Some have recommended an old early-2013 Lenovo (G505S) running coreboot, but if possible I would prefer a newer laptop and processor. That is the last and best owner controlled open source init firmware no PSP/ME x86-64 laptop made, there are no other newer choices (purism is a scam[1]) It has a 4 core CPU, 16GB max RAM - this should be more than enough. Any recommendations (processor most importantly, but the more details of what you have tried/recommend with 4.x the better) particularly for those who are working with rc2 who have a good sense of what will work best. My first priority is security and anonymity, followed by performance (since I will be using this for work as well). Cost is third (but subject to reasonable limits—preferably below $1700 but if it’s worth it I could do more). What exactly are you doing? if you provide that info we can more adequately help you. There are ways to enhance performance of slightly older laptops such as using an eGPU. Btw I offer free personal tech support for owners of libre hardware. [1]https://www.reddit.com/r/linux/comments/3anjgm/on_the_librem_laptop_purism_doesnt_believe_in/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/28ee0ab6-3f95-3cce-939d-c89f8294b5db%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: qubes 4.0rc2 - debian appvm fails with qrexec-daemon message
On Monday, November 20, 2017 at 12:14:16 PM UTC, Bernhard wrote: > Hello, > with your nice help I happily installed Q4.0rc2. Then I created a bunch > of debian-8 based appvm's, to copy my data back from the backup. But > they don't start, finishing with "Cannot execute qrexec-daemon" error. I > hate that error : no clue where it comes from. Any hints? Thank you! > Bernhard > > > P.S: First, I thought that this is the annoying but harmless > "after-tempate-change-xfce-menu-messy" bug (which forces to go to VM > settings, remove all Applications, save, go there again, put them back & > save again to get all symlinks right). But the problem is somewhere else. I did not read through the link due to short of time atm, but here are some suggestions nontheless, as I've encountered similar issues once in Qubes 4. - Make sure all your VM's are running in HVM mode, in particular if your system cannot run in PV mode. Paradoxially, some systems run PV mode just fine in Qubes 3.2., but PV stops working in Qubes 4. It doesnt matter anyhow, since HVM is the desired mode for now. So just make sure the VM is in HVM. Verify if "qvm-prefs VM-name virt_mode" is giving back PV or HVM. Try change it to HVM if it rapport back PV. - Don't use any Qubes 3.2 templates, as they should not have the same Qubes tools code in them. - Some AppVM's restored from Qubes 3.2. has in my experience been sluggish, laggy, and slow. I moved my data, bookmarks, thunderbird profile folder, etc. in traditional Linux backup sense, over to a new fresh Qubes 4 AppVM. It solved any lag I had, except, sometimes firefox was a bit laggy with 10 or so tabs, whereas before I could easily have 40 tabs open. The firefox browser update happened around same time, so not sure wihch was the cause. But cleaning old firefox data did not fix it, however a clean AppVM did fix it. The issue also extened outside firefox to other applications. - If you cannot start an AppVM that you restored from the backup, assuming you still have the backup available in case anything goes wrong, then try change the Debian AppVM to a Fedora AppVM. Then see if you can trasfer your files out of the broken AppVM, either via Qubes tools, or passtrough an USB pen/drive and transfer it this way. Just be careful, I've been having issues where I was unable to disconnect my USB drive from within the old Qubes 3.2. AppVM, when I tried to salvage my data from it. Luckily it only caused damage to the last file from multiple of different transactions. In case you want to avoid this issue, it may be possible to do an extra transfer, with something pointless you dont mind loosing, just in case the last transfer made is destroyed when trying to disconnect the USB drive. USB works just fine in Qubes 4 AppVM's though, at least, that's my experience with it for now. Hopefully you don't encounter the worst issues. At least I feel stable on Qubes 4 now, but its been a bit turbulent. Hopefully you'll be fine too. Also, is it just me, or does Qubes 4 seem bloody fast in some areas after recent updates? Like shutting down VM's for example, it happens almost instantly, and various of other places that it seems much faster than Qubes 3.2. Perhaps its just my mind playing with me. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8d023980-f2d9-47d1-bb18-b51d8f1aeff8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On 11/22/2017 11:46 PM, Yuraeitha wrote: So for example, there is no issue buying a motherboard (and cleaning it up), with an intel NIC, just as long you do not use the nic, right? I mean, it cannot execute commands inwards to the motherboard, but only whatever passes through the NIC when its in use? Why would you buy one when there are so many alternatives? So if for example inserting a more trusted PCI nic card, and just ignoring the intel nic, it should be no problem? Not how it works, intel nic or not you have the same level of security once you use me_cleaner - additionally the non LOM series intel nic ASIC's lack the ME ability irregardless and one can also modify the LOM series firmware to remove that ability. The whole "oh you are fine from hypothetical nation state backdoors if you use a non-intel nic" rumor was started by purism - it is absolutely false. If such a backdoor existed they surely would have thought of that already - there are a variety of methods to communicate and control with a PCI-e networking device without having drivers for each and every NIC on the market. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4e7aed35-51e8-36fd-f075-f765ee20e3f4%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] 4.x Recommendations for Processor/Laptop
I am looking to make my next laptop purchase, and I would like to avoid the vulnerability associated with ME and PSP. Some have recommended an old early-2013 Lenovo (G505S) running coreboot, but if possible I would prefer a newer laptop and processor. Any recommendations (processor most importantly, but the more details of what you have tried/recommend with 4.x the better) particularly for those who are working with rc2 who have a good sense of what will work best. My first priority is security and anonymity, followed by performance (since I will be using this for work as well). Cost is third (but subject to reasonable limits—preferably below $1700 but if it’s worth it I could do more). Thanks! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2e9040ff-86e7-4402-bab8-01ea51215249%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On 11/22/2017 10:11 PM, Yuraeitha wrote: Nice! I did not know about TALOS, seems really interesting. I had kinda lost any hope for POWER CPU's since IBM are such big slackers when it comes to getting POWER marketed or supporting motherboard developers in the mass markets. The way I understand it, it's significantly easier to make motherboards, compared to making CPU's, and existing RAM technology can be used. So it was a bit mind-boggling for me that no one went ahead and made POWER motherboards. Not enough interest by the people at least capable of making motherboards, I guess? or my understanding of it falls short perhaps. Actually a lot of companies made POWER 8 motherboards you just didn't hear about it (as they aren't mass market) POWER 9 is a lot more accessible so there will be many more partners, as more components are now on the CPU die it is cheaper to make motherboards (which is also why TALOS 2 is a reality) and thus more will be made. Look up the OpenPOWER foundation, despite all the really bad things they have done in the past IBM is making many strides for computing freedom. What other company releases this level of information on their CPU's? their hardware? lets you fix your own microcode and gives you the documentation to teach yourself how to do so? But either way, TALOS is really good news. Though its a bit sad that its so pricy and only for desktops. The price is average for hardware in its performance class, like I said there are many lower priced (and lower performance) options but now we are lucky enough to have one in the very high performance sphere. Especially as mobile devices are becoming so powerful, that desktops are less relevant for most normal people these days. It makes the desktop market smaller, and TALOS even harder to sell to normal people and thereby probably also less likely to drop in price then too. And as a result, much less likely to come to laptops as well then. Unless something changes? Seems like an evil unbreakable circle, unless a shortcut is being cut out somewhere. TALOS 2 isn't meant for "normal people" - even I would be hard pressed to use the full capabilities of even the lower end POWER9 CPU's to the point where I would really be getting my moneys worth. The market segment is the small corporation concerned about IP theft that wants high performance secure computing and may already be using POWER systems, not grandma and not even you or me but I will however be purchasing one once I find full time employment again as I believe in the cause and I want to support them. It is the first time one can get a free firmware system off the shelf with the latest and greatest technology, no matter the cost they have truly done something special here. For one, the price is waay to high for most regular people. What hopes do we have for cheaper hardware, made available for the more popular devices (like laptops and phones), I wonder. You already have cheaper/slower hardware, such as the KCMA-D8 and KGPE-D16 (libre firmware ports and OpenBMC ports made by the same company) or the open source init G505S laptop. You can make a libre firmware workstation that can play the latest games in a VM for $500 total. In the case of TALOS 2 it fills the gap in the ultra high performance category, where as the D8 and D16 are the low-medium performance category. It's so frustrating, getting hopes, but at the same time, just enough out of reach, dangling there like a carrot on a stick, laughing at you. Frustrating... also, lmao, indeed, the claims and lack of results to show for, are gonna make purism a laughing stock for years to come. Maybe if they involved the open source community and got a huge backing with a single voice, but instead, many open source people got offended by their overestimated claims. The irony... They still refuse to take the input of the community in to account, but constantly attack people like me who give them the constructive criticism they deserve - they say "oh we are doing our best to free ME" aka waiting and hoping someone else will do so. They have no hardware engineers on staff so no one to tell them how impossible and pointless that is. The only thing they are good at is marketing, it is truly incredible the amount of spin and slick lingo they have on their website - hell there are even paid shills on various mailinglists who attack me and others on a regular basis. They have easily made a libre laptop via either the AMD FT3 mobile platform (high end when they released their second laptop) or hell even a KCMA-D8 in a custom fab case with a custom battery, keyboard, etc and a 35W 8 core CPU - heavy? sure free? definitely. On the coreboot website it says that you can't have free firmware for the latest and greatest x86-64 stuff due to the level of churn, but they still don't listen and refuse to change course and admit they made bad choices. Even leah rowe made right and
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On 11/22/2017 11:26 PM, Yuraeitha wrote: oh btw Tai, I realized I missed your AMD line comment. I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they could for starters try stop appearing so... well.. "evil" or needlessly and overly "greedy" beyond reason. If you really need a *brand new* x86-64 CPU then yes AMD is a better company, a few thousand people on reddit was enough to get executive level attention about PSP and they somewhat entertained the idea of providing a way to truly disable it or offer CPU's without it - not that they did but even google can't get intels attention like that. For now however a Socket G34 6328/6386SE is more than good enough for just about anything. AMD is a much smaller company with a much smaller market share. So I'm not saying AMD is any better, it's just that AMD can be used, like a tool, to fuck Intel up enough, to force Intel's hand to do something good (hopefully). Question is, will enough people do it, in orcer to force Intel's hand. And if enough do it, then its probably not for this reason. But nontheless, whatever little helps to send Intel a clear signal that they need to behave to regain any love. Intel is too big of a company for anyone to make an impact short of a nation state deciding to no longer buy their products for its governmental computers which would actually be a really smart idea (however none have done so) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d814f3e5-6080-6b4d-5801-ae73a9dc2059%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On Thursday, November 23, 2017 at 4:34:07 AM UTC, tai...@gmx.com wrote: > On 11/22/2017 10:54 PM, jkitt wrote: > > > On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris wrote: > >> From a crypto list, seemed relevant here. > >> . > >> Oh joy... > >> > >> Intel finds critical holes in secret Management Engine hidden in tons > >> of desktop, server chipsets > >> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/ > >> . > > So I have my ME "turned off", and I understand off never means off, but can > > it still be remotely exploited? I'm using a wireless NIC. > If you use me_cleaner as of now there are no *public* exploits that > allow for that, although I wouldn't be using an intel wireless NIC as I > am sure they have some unpublished extra ME features besides the vPro > ones that are documented. So for example, there is no issue buying a motherboard (and cleaning it up), with an intel NIC, just as long you do not use the nic, right? I mean, it cannot execute commands inwards to the motherboard, but only whatever passes through the NIC when its in use? So if for example inserting a more trusted PCI nic card, and just ignoring the intel nic, it should be no problem? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/66789f67-31bd-4482-b938-4dc38fe15996%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On 11/22/2017 10:54 PM, jkitt wrote: On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris wrote: From a crypto list, seemed relevant here. . Oh joy... Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/ . So I have my ME "turned off", and I understand off never means off, but can it still be remotely exploited? I'm using a wireless NIC. If you use me_cleaner as of now there are no *public* exploits that allow for that, although I wouldn't be using an intel wireless NIC as I am sure they have some unpublished extra ME features besides the vPro ones that are documented. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b60b2c00-47f1-4c19-1678-9229c0e197f6%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
On Thursday, November 23, 2017 at 3:54:57 AM UTC, jkitt wrote: > On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris wrote: > > From a crypto list, seemed relevant here. > > . > > Oh joy... > > > > Intel finds critical holes in secret Management Engine hidden in tons > > of desktop, server chipsets > > https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/ > > . > > So I have my ME "turned off", and I understand off never means off, but can > it still be remotely exploited? I'm using a wireless NIC. @jkitt a good question, we need some more answers. For starters, where is the proof that it works, and not just take "experts words for that it works". Taking a word for it, simply just isn't good enough. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a18e14e2-ec65-41c3-9c5b-7c4282b4490e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On Thursday, November 23, 2017 at 2:46:16 AM UTC, tai...@gmx.com wrote: > On 11/22/2017 05:07 PM, Yuraeitha wrote: > > > Now seems like a really good time to twist Intel's arm to the back and > > force them to get rid of these invasive blobs, once and for all. Going open > > source, should be the very minimum solution, after all, how can we trust a > > company like this otherwise, if they don't at least try to be as > > transparent as possible. They lack trust enough already as it is, them now > > admitting it should mean no more roadblocks to get rid of it once and for > > all. > > > > If they got to the point and they admitted it (and its no longer a case of > > proving its existence), and still don't want to do the right thing, then > > imho, all hell should break loose. > > > > Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get > > this right. Because right now, Intel needs to look good again, while AMD > > does not after its come-back. Boycutting Intel now, may force its hand to > > do the right thing. Push em where it hurts. > > > > And if Intel finally does the right thing, then who knows, AMD may follow > > suit. AMD is halfway there already anyway. > > > AMD has PSP, which is their version of ME. It is no better. > > owner controlled POWER is the future, if enough people buy TALOS > products eventually they'll be a lower end option (FYI the TALOS 2 price > is appropriate for high end server hardware, it is actually less than > Intel's stuff) > > If google can't convince intel to offer a way to remove ME then no one > can, certainly not a small company with no real connections and no > hardware engineers (purism) oh btw Tai, I realized I missed your AMD line comment. I'm well aware that AMD sucks too, but this is not my point I tried to make. The point is that AMD looks good (for other reasons), compared to Intel right now. If Intel wants to fight back, they could for starters try stop appearing so... well.. "evil" or needlessly and overly "greedy" beyond reason. So I'm not saying AMD is any better, it's just that AMD can be used, like a tool, to fuck Intel up enough, to force Intel's hand to do something good (hopefully). Question is, will enough people do it, in orcer to force Intel's hand. And if enough do it, then its probably not for this reason. But nontheless, whatever little helps to send Intel a clear signal that they need to behave to regain any love. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a43c179c-0091-4c12-8bbb-e97e5c1a892e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris wrote: > From a crypto list, seemed relevant here. > . > Oh joy... > > Intel finds critical holes in secret Management Engine hidden in tons > of desktop, server chipsets > https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/ > . So I have my ME "turned off", and I understand off never means off, but can it still be remotely exploited? I'm using a wireless NIC. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bb84ce1e-52bd-4da0-a4e4-a1f59b120f30%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On Thursday, November 23, 2017 at 2:46:16 AM UTC, tai...@gmx.com wrote: > On 11/22/2017 05:07 PM, Yuraeitha wrote: > > > Now seems like a really good time to twist Intel's arm to the back and > > force them to get rid of these invasive blobs, once and for all. Going open > > source, should be the very minimum solution, after all, how can we trust a > > company like this otherwise, if they don't at least try to be as > > transparent as possible. They lack trust enough already as it is, them now > > admitting it should mean no more roadblocks to get rid of it once and for > > all. > > > > If they got to the point and they admitted it (and its no longer a case of > > proving its existence), and still don't want to do the right thing, then > > imho, all hell should break loose. > > > > Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get > > this right. Because right now, Intel needs to look good again, while AMD > > does not after its come-back. Boycutting Intel now, may force its hand to > > do the right thing. Push em where it hurts. > > > > And if Intel finally does the right thing, then who knows, AMD may follow > > suit. AMD is halfway there already anyway. > > > AMD has PSP, which is their version of ME. It is no better. > > owner controlled POWER is the future, if enough people buy TALOS > products eventually they'll be a lower end option (FYI the TALOS 2 price > is appropriate for high end server hardware, it is actually less than > Intel's stuff) > > If google can't convince intel to offer a way to remove ME then no one > can, certainly not a small company with no real connections and no > hardware engineers (purism) Nice! I did not know about TALOS, seems really interesting. I had kinda lost any hope for POWER CPU's since IBM are such big slackers when it comes to getting POWER marketed or supporting motherboard developers in the mass markets. The way I understand it, it's significantly easier to make motherboards, compared to making CPU's, and existing RAM technology can be used. So it was a bit mind-boggling for me that no one went ahead and made POWER motherboards. Not enough interest by the people at least capable of making motherboards, I guess? or my understanding of it falls short perhaps. But either way, TALOS is really good news. Though its a bit sad that its so pricy and only for desktops. Especially as mobile devices are becoming so powerful, that desktops are less relevant for most normal people these days. It makes the desktop market smaller, and TALOS even harder to sell to normal people, and thereby probably also less likely to drop in price then too. And as a result, much less likely to come to laptops as well then. Unless something changes? Seems like an evil unbreakable circle, unless a shortcut is being cut out somewhere. For one, the price is waay to high for most regular people. What hopes do we have for cheaper hardware, made available for the more popular devices (like laptops and phones), I wonder. It's so frustrating, getting hopes, but at the same time, just enough out of reach, dangling there like a carrot on a stick, laughing at you. Frustrating... also, lmao, indeed, the claims and lack of results to show for, are gonna make purism a laughing stock for years to come. Maybe if they involved the open source community and got a huge backing with a single voice, but instead, many open source people got offended by their overestimated claims. The irony... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c0abc87b-acae-4dad-8665-b96919c43f7e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: [Cryptography] Intel Management Engine pwnd
On 11/22/2017 05:07 PM, Yuraeitha wrote: Now seems like a really good time to twist Intel's arm to the back and force them to get rid of these invasive blobs, once and for all. Going open source, should be the very minimum solution, after all, how can we trust a company like this otherwise, if they don't at least try to be as transparent as possible. They lack trust enough already as it is, them now admitting it should mean no more roadblocks to get rid of it once and for all. If they got to the point and they admitted it (and its no longer a case of proving its existence), and still don't want to do the right thing, then imho, all hell should break loose. Even if AMD is fucked up in this way as well, I'll buy AMD until Intel get this right. Because right now, Intel needs to look good again, while AMD does not after its come-back. Boycutting Intel now, may force its hand to do the right thing. Push em where it hurts. And if Intel finally does the right thing, then who knows, AMD may follow suit. AMD is halfway there already anyway. AMD has PSP, which is their version of ME. It is no better. owner controlled POWER is the future, if enough people buy TALOS products eventually they'll be a lower end option (FYI the TALOS 2 price is appropriate for high end server hardware, it is actually less than Intel's stuff) If google can't convince intel to offer a way to remove ME then no one can, certainly not a small company with no real connections and no hardware engineers (purism) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56e6b6ee-04fb-888c-4e56-785cb7306385%40gmx.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
On Thursday, November 23, 2017 at 2:40:57 AM UTC, Yuraeitha wrote: > On Thursday, November 23, 2017 at 2:38:21 AM UTC, Yuraeitha wrote: > > Been thinking about ways to increase the accuracy, here are some extra > > thoughts and limitations. Feel free to add any too if you see a different > > perspective. > > > > Generally, there are three macro perspective trends. > > Trend 1): Qubes is over-represented in a region or country. > > Trend 2): Qubes is at average represented in a region or country. > > Trend 2): Qubes is under-represented in a region or a country. > > > > If any region or data, falls into the trend 1, or trend 3, then it messes > > up the accuracy. > > > > Trend 1) speculated factors > > - Different culture (Can have huge influence). > > - Reasonable stable and functioning economy, towards a strong economy. > > - Peace. > > - Order and predictability in short term daily life. > > - Reasonable infrastructure towards great infrastructure. > > - Anything else that you can imagine in this, etc. > > > > > > Trend 3) speculated factors > > - Different culture (Can have huge influence). > > - Poor economy, country is not functioning well, or barely at all. > > - War with another country. > > - Civil war. > > - Turmoil and unstable government. > > - Poor infrastructure (roads, internet, food supply, reliability in > > expectancy). > > - Anything else that you can imagine in this, etc. > > > > > > Trend 2) is what we can calculate with pretty high accuracy given how > > physics work. However the real world is far more complex, trend 2) is not > > taking the many factors of life into consideration. The trend 1) and trend > > 3), as on the list above, have big influence. > > > > Similar problems are found in GNP (Gross National Product), which is > > something used by macro economists and politicians too, to measure how well > > a country is performing in its production. The drawback, just like trend > > 1), and trend 3) above, is the vast different cultures, history, current > > state, different ways from country to country on how to calculate, or even > > different ways in gathering the raw data used in the calculations, etc. > > The solution, is to limit these comparisons to the countrys own GNP from > > the year before, and to avoid comparing with other countries, unless, of > > course, the country look a lot alike in the trend 1) and trend 3) factor > > lists. For example USA states, may draw better similarities between similar > > looking states, compared to if you compare a US States GNP with say, > > Germany, Russia, China, Italy, and so on, whom have similar, but yet also > > very different cultures and factors that make comparisons inaccurate. The > > solution therefore, is to only compare where it makes sense to compare, > > either by comparing to your own GNP the year before, or only compare with a > > country that looks a lot alike. Keeping in mind that even within USA, a US > > state can be very different from another US State, so one has to be very > > careful with comparisons like these. Even if comparing a countrys own GNP > > from several years back, ones own country culture will likely have changed, > > and even the method of calculation, or method of data collection, can be > > different if going too many years back in the same country. > > However, if you do like inflation calculations, you can go year by year, > > one at a time, make % comparison with the countries own GNP, only one year > > back at a time. This way, you can see a chain reaction, only looking at > > small changes at a time. But its dangerous to try jump too far in the > > timeline, unless changes in trend 1) or trend 3) are taken into account. > > Given the complexity, this is notoriously difficult to do, in any way that > > represent accuracy. Even getting a close estimation can easily be > > notorious. > > > > So the takeaway? > > Reducing complexity, and limit ourselves into how we use and take the data > > for granted. For example, be mindful of all the various ways the data can > > be shaped differently from what reality really looks like. > > > > So keeping these challenges in mind from economics, we can draw a bit from > > it in our Qubes demographics. > > > > For example, if you know how many Qubes users are in the USA, or in China, > > EU, Africa, Russia, or any other similar region, which is very different to > > the rest of the world, yet similar inwards towards itself and its own > > culture, then we can increase the accuracy quite a bit. > > > > The problem is we don't have such data, and it probably isn't a good idea > > if the Qubes team start to look into the unique IP's in an invasive way. > > It's already troubling enough that they keep logs of everyone's IP to begin > > with. > > > > So what else can we do? We might be able to incorporate some secondary > > data, i.e. find out how many people live in a country without > >
Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
On Thursday, November 23, 2017 at 2:38:21 AM UTC, Yuraeitha wrote: > Been thinking about ways to increase the accuracy, here are some extra > thoughts and limitations. Feel free to add any too if you see a different > perspective. > > Generally, there are three macro perspective trends. > Trend 1): Qubes is over-represented in a region or country. > Trend 2): Qubes is at average represented in a region or country. > Trend 2): Qubes is under-represented in a region or a country. > > If any region or data, falls into the trend 1, or trend 3, then it messes up > the accuracy. > > Trend 1) speculated factors > - Different culture (Can have huge influence). > - Reasonable stable and functioning economy, towards a strong economy. > - Peace. > - Order and predictability in short term daily life. > - Reasonable infrastructure towards great infrastructure. > - Anything else that you can imagine in this, etc. > > > Trend 3) speculated factors > - Different culture (Can have huge influence). > - Poor economy, country is not functioning well, or barely at all. > - War with another country. > - Civil war. > - Turmoil and unstable government. > - Poor infrastructure (roads, internet, food supply, reliability in > expectancy). > - Anything else that you can imagine in this, etc. > > > Trend 2) is what we can calculate with pretty high accuracy given how physics > work. However the real world is far more complex, trend 2) is not taking the > many factors of life into consideration. The trend 1) and trend 3), as on the > list above, have big influence. > > Similar problems are found in GNP (Gross National Product), which is > something used by macro economists and politicians too, to measure how well a > country is performing in its production. The drawback, just like trend 1), > and trend 3) above, is the vast different cultures, history, current state, > different ways from country to country on how to calculate, or even different > ways in gathering the raw data used in the calculations, etc. > The solution, is to limit these comparisons to the countrys own GNP from the > year before, and to avoid comparing with other countries, unless, of course, > the country look a lot alike in the trend 1) and trend 3) factor lists. For > example USA states, may draw better similarities between similar looking > states, compared to if you compare a US States GNP with say, Germany, Russia, > China, Italy, and so on, whom have similar, but yet also very different > cultures and factors that make comparisons inaccurate. The solution > therefore, is to only compare where it makes sense to compare, either by > comparing to your own GNP the year before, or only compare with a country > that looks a lot alike. Keeping in mind that even within USA, a US state can > be very different from another US State, so one has to be very careful with > comparisons like these. Even if comparing a countrys own GNP from several > years back, ones own country culture will likely have changed, and even the > method of calculation, or method of data collection, can be different if > going too many years back in the same country. > However, if you do like inflation calculations, you can go year by year, one > at a time, make % comparison with the countries own GNP, only one year back > at a time. This way, you can see a chain reaction, only looking at small > changes at a time. But its dangerous to try jump too far in the timeline, > unless changes in trend 1) or trend 3) are taken into account. Given the > complexity, this is notoriously difficult to do, in any way that represent > accuracy. Even getting a close estimation can easily be notorious. > > So the takeaway? > Reducing complexity, and limit ourselves into how we use and take the data > for granted. For example, be mindful of all the various ways the data can be > shaped differently from what reality really looks like. > > So keeping these challenges in mind from economics, we can draw a bit from it > in our Qubes demographics. > > For example, if you know how many Qubes users are in the USA, or in China, > EU, Africa, Russia, or any other similar region, which is very different to > the rest of the world, yet similar inwards towards itself and its own > culture, then we can increase the accuracy quite a bit. > > The problem is we don't have such data, and it probably isn't a good idea if > the Qubes team start to look into the unique IP's in an invasive way. It's > already troubling enough that they keep logs of everyone's IP to begin with. > > So what else can we do? We might be able to incorporate some secondary data, > i.e. find out how many people live in a country without infrastructure. Then > we can take the world population, and subtract the amount of people whom have > no or extremely poor infrastructure. > > Another method, which can be used in addition to the above, or any other > similar subtractions, is to f
Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
Been thinking about ways to increase the accuracy, here are some extra thoughts and limitations. Feel free to add any too if you see a different perspective. Generally, there are three macro perspective trends. Trend 1): Qubes is over-represented in a region or country. Trend 2): Qubes is at average represented in a region or country. Trend 2): Qubes is under-represented in a region or a country. If any region or data, falls into the trend 1, or trend 3, then it messes up the accuracy. Trend 1) speculated factors - Different culture (Can have huge influence). - Reasonable stable and functioning economy, towards a strong economy. - Peace. - Order and predictability in short term daily life. - Reasonable infrastructure towards great infrastructure. - Anything else that you can imagine in this, etc. Trend 3) speculated factors - Different culture (Can have huge influence). - Poor economy, country is not functioning well, or barely at all. - War with another country. - Civil war. - Turmoil and unstable government. - Poor infrastructure (roads, internet, food supply, reliability in expectancy). - Anything else that you can imagine in this, etc. Trend 2) is what we can calculate with pretty high accuracy given how physics work. However the real world is far more complex, trend 2) is not taking the many factors of life into consideration. The trend 1) and trend 3), as on the list above, have big influence. Similar problems are found in GNP (Gross National Product), which is something used by macro economists and politicians too, to measure how well a country is performing in its production. The drawback, just like trend 1), and trend 3) above, is the vast different cultures, history, current state, different ways from country to country on how to calculate, or even different ways in gathering the raw data used in the calculations, etc. The solution, is to limit these comparisons to the countrys own GNP from the year before, and to avoid comparing with other countries, unless, of course, the country look a lot alike in the trend 1) and trend 3) factor lists. For example USA states, may draw better similarities between similar looking states, compared to if you compare a US States GNP with say, Germany, Russia, China, Italy, and so on, whom have similar, but yet also very different cultures and factors that make comparisons inaccurate. The solution therefore, is to only compare where it makes sense to compare, either by comparing to your own GNP the year before, or only compare with a country that looks a lot alike. Keeping in mind that even within USA, a US state can be very different from another US State, so one has to be very careful with comparisons like these. Even if comparing a countrys own GNP from several years back, ones own country culture will likely have changed, and even the method of calculation, or method of data collection, can be different if going too many years back in the same country. However, if you do like inflation calculations, you can go year by year, one at a time, make % comparison with the countries own GNP, only one year back at a time. This way, you can see a chain reaction, only looking at small changes at a time. But its dangerous to try jump too far in the timeline, unless changes in trend 1) or trend 3) are taken into account. Given the complexity, this is notoriously difficult to do, in any way that represent accuracy. Even getting a close estimation can easily be notorious. So the takeaway? Reducing complexity, and limit ourselves into how we use and take the data for granted. For example, be mindful of all the various ways the data can be shaped differently from what reality really looks like. So keeping these challenges in mind from economics, we can draw a bit from it in our Qubes demographics. For example, if you know how many Qubes users are in the USA, or in China, EU, Africa, Russia, or any other similar region, which is very different to the rest of the world, yet similar inwards towards itself and its own culture, then we can increase the accuracy quite a bit. The problem is we don't have such data, and it probably isn't a good idea if the Qubes team start to look into the unique IP's in an invasive way. It's already troubling enough that they keep logs of everyone's IP to begin with. So what else can we do? We might be able to incorporate some secondary data, i.e. find out how many people live in a country without infrastructure. Then we can take the world population, and subtract the amount of people whom have no or extremely poor infrastructure. Another method, which can be used in addition to the above, or any other similar subtractions, is to figure out how many children and teenagers, as well as old people, there are in the world. While some old people, and likely some teenagers too, use Qubes, the bigger population of Qubes users are probably in the years of maybe, say, 20-50 years
Re: [qubes-users] Re: Qubes support Secure Boot
On 11/22/2017 07:25 PM, xeph...@gmail.com wrote: This is quite late, but now that UEFI is supported...is secure boot? Wasn't quite sure what key or signature to import. Why are all the newbies here so obsessed with a microsoft technology? Just shut it off, it provides no benefit to you. If their code is so great and beneficial to you why not simply install windows 10? they say it is safe and secure just like SB 2.0... "Secure" boot isn't secure, it is an anti-feature designed to eventually remove the ability for average joes to install and boot linux - while SB 1.0 included a owner control mandate this was conveniently left out of SB 2.0 after the SB 1.0 media circus died down with the goal being the eventual blocking of linux via attrition of board makers no longer wanting to take the extra effort to allow for owner control or even add the second SB key which allows people to boot the red hat signed version of grub2. If you have to ask for permission to run code it isn't your computer and you do not own it you are simply purchasing a lease on it. I for one would never buy such a thing and neither should you (I have re-programmed the firmware on all my workstations/servers - they are owner controlled and are truly mine with no hardware code signing enforcement anti-features - doesn't that sound better?) Tell me, how does it prevent a rootkit? why couldn't that hypothetical rootkit simply modify another critical system file instead of the bootloader or kernel? or disable SB? (already root, hence rootkit - if you have a zero day for windows you certainly have one for SB as well) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/27a795d9-b4a6-b05f-e8c4-a23f43bec551%40gmx.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] How To Replace Libvirt Drivers
I have Qubes 3.2, and whenever I try to create HVM domains, libvirt fails to create them. Is there any way to replace libvirt drivers? If so, what drivers would you recommend using? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fb32b98c-fa0c-4a90-bc4f-6a387a7df532%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: download new fedora-26
On Wednesday, November 22, 2017 at 11:56:33 PM UTC, Unman wrote: > On Wed, Nov 22, 2017 at 12:50:08PM -0800, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 4:11:17 PM UTC, Roy Bernat wrote: > > > Hi > > > > > > i am trying to download fedora-26 but with no success . > > > > > > i succeeded a month ago but now i am getting nothing . > > > > > > any suggestions ? > > > > > > R > > > > > > Are you running Qubes 4 or Qubes 3.2.? > > > > I can only speak for Qubes as I never installed the template when on Qubes > > 3.2., however it failed for me as well. I do not recall what the issue was. > > The only other template issue I remember by head, is the fedora-26-minimal, > > which require a password when you try to use "sudo" or "su" etc. which > > means, you cannot install or update anything. The password has be fixed. > > > > Please specify your Qubes version, and also what is happening when the > > template fails. > > > > Also, it's my gut feeling, without knowing for sure, that the developers > > are not overly focused on the different templates right now. Their focus is > > primarily Fedora-25 right now it seems. This is understandable, as they are > > working hard, and maybe even overtime, to get Qubes 4 out of beta and into > > stable final release. Before that, having just one good working template, > > compared to other nasty Qubes 4 bugs, is good enough, at least for me, and > > I assume most people too. > > > > If it's trouble in Qubes 3.2. you encounter, then you probably won't see > > much else than security update in Qubes 3.2., as Qubes 3.2. is to be > > out-phased when the extended support ends. Which will likely happen, my > > guess, within half a year after Qubes 4 is stable. So unless someone > > provides an easy quick fix, the developers probably won't spend much time > > on fixing Qubes 3.2. templates. > > > > Keep in mind the Qubes tools was changed and updated in Qubes 4, so > > whatever fix work in one Qubes version, may not necessarily work in the > > other. > > > > Another solution could be to try compile the template yourself, there > > should be enough material around if you're good to follow guides on how to > > do so. > > > > There is a Fedora-26 template available for both 3.2 and 4 - you > can see them at yum.qubes-os.org. > When you say that you are unable to download, do you mean that you are > trying using qubes-dom0-update, or are you manually downloading a > template? There's nothing stopping you from downloading manually, > transferring in to dom0 and then installing. > > On the support issue, 3.2 will be supported for a full 12 months after > the release of a final 4.0, and this will include bug fixes as well as > security issues. Of course, support will inevitably tail off toward the > end of that time. The method I used at least, was the one downloading a fresh new Fedora-26 via the Qubes-dom0-update command. But I'm not trying to solve this as I'm happy enough with Fedora-25 for now. This is only in case it's useful info to help the original poster to find a solution. I do not remember what was wrong with my Feodra-26, I had some other issues alongside it that I tried to solve. But I may give it a shot again within the day or tomorrow and rapport here what I find. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/09302ab8-eed7-46fd-9bee-b94114b9850a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
On Wednesday, November 22, 2017 at 10:27:55 PM UTC, a.mc...@yandex.com wrote: > Wow! > > Just wow! I am really impressed! > > Now I'm going to make such statistics for my country. > > > On November 22, 2017 6:50:36 PM UTC, Yuraeitha wrote: > On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu wrote: > Hi,my name is Knut von Walter.In order to progress in my understanding of > Qubes OS, I am looking for members of the Qubes-community in > Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter > > If you look here, you can see how many people who use Qubes, based on unique > IP addresses https://www.qubes-os.org/statistics/ > Only the Tor IP's may be more of the same people, so ignore those. In > addition, people may update Qubes while out in the wild, i.e. while on > company, school, or if using VPN on. Basically, it's a rough statistic > regarding how many people use Qubes. > > However, what the statistics does provide, is that no more than the maximum > can exist. And this information is relevant to your question. > > Currently there is probably some 25.000 Qubes users, probably less, given the > laptops that move abouts and update on different non-Tor IP's. > > It's probably not proper to take the German population, and devide by the > world population, to find out the ratio, and transfer this ratio to the > 25.000 Qubes users. This is because culture, and mouth to mouth > recommendations, infrastructure like technical security universities, > companies, etc. may spread Qubes in different and various populations across > the world. > However its given that Germany is more focused on security than some other > western countries out there, so the ratio may be a bit higher than the > average world ratio. > > Lets crack some numbers. Data is just roughly accurate, give or take some > millions or source update delays, wiki use controversy, etc.. But it should > be accurate enough to get a useful conclusion. We're not trying to split > hairs after all. > > - Data - > "The world population was estimated to have reached 7.6 billion as of October > 2017" https://en.wikipedia.org/wiki/World_population > > Germany Population 2017: 82,155,210 > http://worldpopulationreview.com/countries/germany-population/ > > Munich1,330,440 > Same link source as German population, just scroll down. > > Qubes users: ~ 25.000 > https://www.qubes-os.org/statistics/ > > - Analysis - > Step 1,A) > 82M German pop. divided by 7.600M world pop. = 0,0107 (or 1,07 %). > > Step 1,B) > 1,330M Munich pop. divided by 7.600M world pop. = 0,000175 (or 0,0175 %). > > > > Step 2,A) > 25.000 Qubes users multiplied by German/world population ratio 0,0107 = 267,5 > German Qubes users. > > Step 2,B) > 25.000 Qubes users multiplied by Munich/world population ratio 0,000175 = 4,3 > Munich Qubes users. > > > - Conclusion - > This means, in a perfect square, evenly distributed scenario, there are at > average some 267,5 Qubes users in all of Germany, and some 4,3 Qubes users in > Munich specifically. However, keep in mind, this is evenly distributed. Other > factors, such as culture, universities, companies, mouth to mouth, and so on, > may change how even the distribution is. As such, you may for example be the > only one in Munich to use Qubes, or perhaps, there are 10 others besides you > in Munich. Similar, there may be 500 in German, or maybe only 10 QUbes users > in Germany. > > - Perspective, a small extra study - > However, we can make a logical deduction from our little inductive research > above. Deductively, we can assume that because Germans are subjectively known > t be more keen on security and privacy than some other western countries, or > most countries in the world. And because Germany is one of the leading > country in some technologies and science. It's not unlikely to think that > Germany might have a somewhat higher distribution of Qubes users, compared to > elsewhere. > > For example, it may be assumed that Germany then have 300? or maybe 700? > Qubes users (up from 267,5), it's a wild guess. At this point, it becomes > calculated guess-work. But you can still estimate the likelihood of how > likely your guess is. > > However, keep in mind, a slightly bigger likelihood of more Qubes users in > Germany, does not translate into many more Qubes users in Munich. Germany is > about 88 times bigger in population than Munich is, so for every 88 extra > Qubes user in Germany, there is only 1 extra in Munich, if evenly > distributed. However, if you got universities, privacy advocated companies, > or just plain lucky to have people interested in Qubes to spread mouth to > mouth in Munich or near Munich, then Munich may have a bigger ratio as well. > > So, your take away, considering so few of the 25.000 Qubes users actually > post on these e-mail thread / forums, it can be "assumed" that some just read > without post
[qubes-users] Re: Qubes support Secure Boot
This is quite late, but now that UEFI is supported...is secure boot? Wasn't quite sure what key or signature to import. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6e5b9162-a74f-421d-a379-cb92e31f7033%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: download new fedora-26
On Wed, Nov 22, 2017 at 12:50:08PM -0800, Yuraeitha wrote: > On Wednesday, November 22, 2017 at 4:11:17 PM UTC, Roy Bernat wrote: > > Hi > > > > i am trying to download fedora-26 but with no success . > > > > i succeeded a month ago but now i am getting nothing . > > > > any suggestions ? > > > > R > > > Are you running Qubes 4 or Qubes 3.2.? > > I can only speak for Qubes as I never installed the template when on Qubes > 3.2., however it failed for me as well. I do not recall what the issue was. > The only other template issue I remember by head, is the fedora-26-minimal, > which require a password when you try to use "sudo" or "su" etc. which means, > you cannot install or update anything. The password has be fixed. > > Please specify your Qubes version, and also what is happening when the > template fails. > > Also, it's my gut feeling, without knowing for sure, that the developers are > not overly focused on the different templates right now. Their focus is > primarily Fedora-25 right now it seems. This is understandable, as they are > working hard, and maybe even overtime, to get Qubes 4 out of beta and into > stable final release. Before that, having just one good working template, > compared to other nasty Qubes 4 bugs, is good enough, at least for me, and I > assume most people too. > > If it's trouble in Qubes 3.2. you encounter, then you probably won't see much > else than security update in Qubes 3.2., as Qubes 3.2. is to be out-phased > when the extended support ends. Which will likely happen, my guess, within > half a year after Qubes 4 is stable. So unless someone provides an easy quick > fix, the developers probably won't spend much time on fixing Qubes 3.2. > templates. > > Keep in mind the Qubes tools was changed and updated in Qubes 4, so whatever > fix work in one Qubes version, may not necessarily work in the other. > > Another solution could be to try compile the template yourself, there should > be enough material around if you're good to follow guides on how to do so. > There is a Fedora-26 template available for both 3.2 and 4 - you can see them at yum.qubes-os.org. When you say that you are unable to download, do you mean that you are trying using qubes-dom0-update, or are you manually downloading a template? There's nothing stopping you from downloading manually, transferring in to dom0 and then installing. On the support issue, 3.2 will be supported for a full 12 months after the release of a final 4.0, and this will include bug fixes as well as security issues. Of course, support will inevitably tail off toward the end of that time. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171122235631.5sl5egteaotodplm%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 11:13:35 PM UTC, beso wrote: > On Thursday, November 23, 2017 at 1:07:28 AM UTC+2, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 10:49:46 PM UTC, beso wrote: > > > On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote: > > > > On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > > > > > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > > > > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > > > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha > > > > > > > wrote: > > > > > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso > > > > > > > > > wrote: > > > > > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso > > > > > > > > > > wrote: > > > > > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso > > > > > > > > > > > wrote: > > > > > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, > > > > > > > > > > > > One7two99 wrote: > > > > > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am > > > > > > > > > > > > > happy to help, but honestly your question/problem is > > > > > > > > > > > > > to unqualified. > > > > > > > > > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > > > > > internal USB device. > > > > > > > > > > > > > - are you using sys-usb to connect the card to your > > > > > > > > > > > > > sys-net VM? Or are you passing through the whole USB > > > > > > > > > > > > > controller? > > > > > > > > > > > > > - have you tried to boot up a Fedora live Linux and > > > > > > > > > > > > > check if your mobile broadband is working there? > > > > > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > > > > > Try to get the mobile broadband card working without > > > > > > > > > > > > > Qubes (Linux Live Boot from USB-Stick). > > > > > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon > > > > > > > > > > > > X7 > > > > > > > > > > > > - do I have to attach it somewhere? > > > > > > > > > > > > - As I mentioned I can create new broadband connection > > > > > > > > > > > > and even select it from applet menu but it keeps > > > > > > > > > > > > connecting(applet shows "circles" as trying connect). > > > > > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > > > > > > > > > PS. > > > > > > > > > > [user@sys-net ~]$ ifconfig > > > > > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > > > collisions 0 > > > > > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > > > collisions 0 > > > > > > > > > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast > > > > > > > > > > 0.0.0.0 > > > > > > > > > > inet6 fe80::fcff::feff: prefixlen 64 > > > > > > > > > > scopeid 0x20 > > > > > > > > > >
Re: [qubes-users] Mobile broadband-not enabled
On Thursday, November 23, 2017 at 1:07:28 AM UTC+2, Yuraeitha wrote: > On Wednesday, November 22, 2017 at 10:49:46 PM UTC, beso wrote: > > On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote: > > > On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > > > > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > > > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha > > > > > > wrote: > > > > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso > > > > > > > > > wrote: > > > > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, > > > > > > > > > > > One7two99 wrote: > > > > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy > > > > > > > > > > > > to help, but honestly your question/problem is to > > > > > > > > > > > > unqualified. > > > > > > > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > > > > internal USB device. > > > > > > > > > > > > - are you using sys-usb to connect the card to your > > > > > > > > > > > > sys-net VM? Or are you passing through the whole USB > > > > > > > > > > > > controller? > > > > > > > > > > > > - have you tried to boot up a Fedora live Linux and > > > > > > > > > > > > check if your mobile broadband is working there? > > > > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > > > > Try to get the mobile broadband card working without > > > > > > > > > > > > Qubes (Linux Live Boot from USB-Stick). > > > > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > > > > > - do I have to attach it somewhere? > > > > > > > > > > > - As I mentioned I can create new broadband connection > > > > > > > > > > > and even select it from applet menu but it keeps > > > > > > > > > > > connecting(applet shows "circles" as trying connect). > > > > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > > > > > > > PS. > > > > > > > > > [user@sys-net ~]$ ifconfig > > > > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > > collisions 0 > > > > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > > collisions 0 > > > > > > > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast > > > > > > > > > 0.0.0.0 > > > > > > > > > inet6 fe80::fcff::feff: prefixlen 64 > > > > > > > > > scopeid 0x20 > > > > > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > > > > > TX
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 10:49:46 PM UTC, beso wrote: > On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > > > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 > > > > > > > > > > wrote: > > > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to > > > > > > > > > > > help, but honestly your question/problem is to > > > > > > > > > > > unqualified. > > > > > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > > > internal USB device. > > > > > > > > > > > - are you using sys-usb to connect the card to your > > > > > > > > > > > sys-net VM? Or are you passing through the whole USB > > > > > > > > > > > controller? > > > > > > > > > > > - have you tried to boot up a Fedora live Linux and check > > > > > > > > > > > if your mobile broadband is working there? > > > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > > > Try to get the mobile broadband card working without > > > > > > > > > > > Qubes (Linux Live Boot from USB-Stick). > > > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > > > > - do I have to attach it somewhere? > > > > > > > > > > - As I mentioned I can create new broadband connection and > > > > > > > > > > even select it from applet menu but it keeps > > > > > > > > > > connecting(applet shows "circles" as trying connect). > > > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > > > > > PS. > > > > > > > > [user@sys-net ~]$ ifconfig > > > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > collisions 0 > > > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > collisions 0 > > > > > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast > > > > > > > > 0.0.0.0 > > > > > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > > > > > 0x20 > > > > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 > > > > > > > > collisions 0 > > > > > > > > > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > > > > > 192.168.43.255 > > > > > > > >
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 > > > > > > > > wrote: > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to > > > > > > > > > help, but honestly your question/problem is to unqualified. > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > internal USB device. > > > > > > > > > - are you using sys-usb to connect the card to your sys-net > > > > > > > > > VM? Or are you passing through the whole USB controller? > > > > > > > > > - have you tried to boot up a Fedora live Linux and check if > > > > > > > > > your mobile broadband is working there? > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > Try to get the mobile broadband card working without Qubes > > > > > > > > > (Linux Live Boot from USB-Stick). > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > > - do I have to attach it somewhere? > > > > > > > > - As I mentioned I can create new broadband connection and even > > > > > > > > select it from applet menu but it keeps connecting(applet shows > > > > > > > > "circles" as trying connect). > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > PS. > > > > > > [user@sys-net ~]$ ifconfig > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > > > 0x20 > > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > > > 192.168.43.255 > > > > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid > > > > > > 0x20 > > > > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 108834 bytes 37072683 (35.3 MiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > > > > sudo dmesg: > > > > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip > > > > > 732046957569 sp 7ffe0cc871f0
Re: [qubes-users] Mobile broadband-not enabled
On Thursday, November 23, 2017 at 12:37:59 AM UTC+2, Yuraeitha wrote: > On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 > > > > > > > > > wrote: > > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to > > > > > > > > > > help, but honestly your question/problem is to unqualified. > > > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > > internal USB device. > > > > > > > > > > - are you using sys-usb to connect the card to your sys-net > > > > > > > > > > VM? Or are you passing through the whole USB controller? > > > > > > > > > > - have you tried to boot up a Fedora live Linux and check > > > > > > > > > > if your mobile broadband is working there? > > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > > Try to get the mobile broadband card working without Qubes > > > > > > > > > > (Linux Live Boot from USB-Stick). > > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > > > - do I have to attach it somewhere? > > > > > > > > > - As I mentioned I can create new broadband connection and > > > > > > > > > even select it from applet menu but it keeps > > > > > > > > > connecting(applet shows "circles" as trying connect). > > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > > > PS. > > > > > > > [user@sys-net ~]$ ifconfig > > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast > > > > > > > 0.0.0.0 > > > > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > > > > 0x20 > > > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > > > > 192.168.43.255 > > > > > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid > > > > > > > 0x20 > > > > > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > > > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > > TX packets 108834 by
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 > > > > > > > > wrote: > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to > > > > > > > > > help, but honestly your question/problem is to unqualified. > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > internal USB device. > > > > > > > > > - are you using sys-usb to connect the card to your sys-net > > > > > > > > > VM? Or are you passing through the whole USB controller? > > > > > > > > > - have you tried to boot up a Fedora live Linux and check if > > > > > > > > > your mobile broadband is working there? > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > Try to get the mobile broadband card working without Qubes > > > > > > > > > (Linux Live Boot from USB-Stick). > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > > - do I have to attach it somewhere? > > > > > > > > - As I mentioned I can create new broadband connection and even > > > > > > > > select it from applet menu but it keeps connecting(applet shows > > > > > > > > "circles" as trying connect). > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > PS. > > > > > > [user@sys-net ~]$ ifconfig > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > > > 0x20 > > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > > > 192.168.43.255 > > > > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid > > > > > > 0x20 > > > > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 108834 bytes 37072683 (35.3 MiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > > > > sudo dmesg: > > > > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip > > > > > 732046957569 sp 7ffe0cc871f0
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 10:03:22 PM UTC, beso wrote: > On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 > > > > > > > > wrote: > > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > > NetworkManager Applet. > > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > > connection but it keeps connecting > > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to > > > > > > > > > help, but honestly your question/problem is to unqualified. > > > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > > - how is the broadband card connected? Probably as an > > > > > > > > > internal USB device. > > > > > > > > > - are you using sys-usb to connect the card to your sys-net > > > > > > > > > VM? Or are you passing through the whole USB controller? > > > > > > > > > - have you tried to boot up a Fedora live Linux and check if > > > > > > > > > your mobile broadband is working there? > > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > > Try to get the mobile broadband card working without Qubes > > > > > > > > > (Linux Live Boot from USB-Stick). > > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > > - do I have to attach it somewhere? > > > > > > > > - As I mentioned I can create new broadband connection and even > > > > > > > > select it from applet menu but it keeps connecting(applet shows > > > > > > > > "circles" as trying connect). > > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > > > PS. > > > > > > [user@sys-net ~]$ ifconfig > > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > > loop txqueuelen 1 (Local Loopback) > > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > > > 0x20 > > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > > > 192.168.43.255 > > > > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid > > > > > > 0x20 > > > > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > > TX packets 108834 bytes 37072683 (35.3 MiB) > > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > > > > sudo dmesg: > > > > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip > > > > > 732046957569 sp 7ffe0cc871f0
Re: [qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
Wow! Just wow! I am really impressed! Now I'm going to make such statistics for my country. On November 22, 2017 6:50:36 PM UTC, Yuraeitha wrote: >On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu >wrote: >> Hi,my name is Knut von Walter.In order to progress in my >understanding of Qubes OS, I am looking for members of the >Qubes-community in Munich-Bavaria-Germany. Thank you. Best of best Knut >von Walter > >If you look here, you can see how many people who use Qubes, based on >unique IP addresses https://www.qubes-os.org/statistics/ >Only the Tor IP's may be more of the same people, so ignore those. In >addition, people may update Qubes while out in the wild, i.e. while on >company, school, or if using VPN on. Basically, it's a rough statistic >regarding how many people use Qubes. > >However, what the statistics does provide, is that no more than the >maximum can exist. And this information is relevant to your question. > >Currently there is probably some 25.000 Qubes users, probably less, >given the laptops that move abouts and update on different non-Tor >IP's. > >It's probably not proper to take the German population, and devide by >the world population, to find out the ratio, and transfer this ratio to >the 25.000 Qubes users. This is because culture, and mouth to mouth >recommendations, infrastructure like technical security universities, >companies, etc. may spread Qubes in different and various populations >across the world. >However its given that Germany is more focused on security than some >other western countries out there, so the ratio may be a bit higher >than the average world ratio. > >Lets crack some numbers. Data is just roughly accurate, give or take >some millions or source update delays, wiki use controversy, etc.. But >it should be accurate enough to get a useful conclusion. We're not >trying to split hairs after all. > >- Data - >"The world population was estimated to have reached 7.6 billion as of >October 2017" https://en.wikipedia.org/wiki/World_population > >Germany Population 2017: 82,155,210 >http://worldpopulationreview.com/countries/germany-population/ > >Munich 1,330,440 >Same link source as German population, just scroll down. > >Qubes users: ~ 25.000 >https://www.qubes-os.org/statistics/ > >- Analysis - >Step 1,A) >82M German pop. divided by 7.600M world pop. = 0,0107 (or 1,07 %). > >Step 1,B) >1,330M Munich pop. divided by 7.600M world pop. = 0,000175 (or 0,0175 >%). > > > >Step 2,A) >25.000 Qubes users multiplied by German/world population ratio 0,0107 = >267,5 German Qubes users. > >Step 2,B) >25.000 Qubes users multiplied by Munich/world population ratio 0,000175 >= 4,3 Munich Qubes users. > > >- Conclusion - >This means, in a perfect square, evenly distributed scenario, there are >at average some 267,5 Qubes users in all of Germany, and some 4,3 Qubes >users in Munich specifically. However, keep in mind, this is evenly >distributed. Other factors, such as culture, universities, companies, >mouth to mouth, and so on, may change how even the distribution is. As >such, you may for example be the only one in Munich to use Qubes, or >perhaps, there are 10 others besides you in Munich. Similar, there may >be 500 in German, or maybe only 10 QUbes users in Germany. > >- Perspective, a small extra study - >However, we can make a logical deduction from our little inductive >research above. Deductively, we can assume that because Germans are >subjectively known t be more keen on security and privacy than some >other western countries, or most countries in the world. And because >Germany is one of the leading country in some technologies and science. >It's not unlikely to think that Germany might have a somewhat higher >distribution of Qubes users, compared to elsewhere. > >For example, it may be assumed that Germany then have 300? or maybe >700? Qubes users (up from 267,5), it's a wild guess. At this point, it >becomes calculated guess-work. But you can still estimate the >likelihood of how likely your guess is. > >However, keep in mind, a slightly bigger likelihood of more Qubes users >in Germany, does not translate into many more Qubes users in Munich. >Germany is about 88 times bigger in population than Munich is, so for >every 88 extra Qubes user in Germany, there is only 1 extra in Munich, >if evenly distributed. However, if you got universities, privacy >advocated companies, or just plain lucky to have people interested in >Qubes to spread mouth to mouth in Munich or near Munich, then Munich >may have a bigger ratio as well. > >So, your take away, considering so few of the 25.000 Qubes users >actually post on these e-mail thread / forums, it can be "assumed" that >some just read without posting or rarely posting. However, many more >likely don't read these e-mail thread / forums much or at all. This is >without considering there are other Qubes platforms too, like the >Reddit one. > >In other words, even if its evenly di
[qubes-users] Re: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
On Wednesday, November 22, 2017 at 1:34:26 PM UTC, Sandy Harris wrote: > From a crypto list, seemed relevant here. > > -- Forwarded message -- > From: =JeffH > Date: Tue, Nov 21, 2017 at 7:04 PM > Subject: [Cryptography] Intel Management Engine pwnd (was: How to find > hidden/undocumented instructions > To: "Crypto (moderated) list" > > > Oh joy... > > Intel finds critical holes in secret Management Engine hidden in tons > of desktop, server chipsets > https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/ > > By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53 > > Intel today admitted its Management Engine (ME), Server Platform > Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to > multiple worrying security flaws, based on the findings of external > security experts. > > The firmware-level bugs allow logged-in administrators, and malicious > or hijacked high-privilege processes, to run code beneath the > operating system to spy on or meddle with the computer completely out > of sight of other users and admins. The holes can also be exploited by > network administrators, or people masquerading as admins, to remotely > infect machines with spyware and invisible rootkits, potentially. > > Meanwhile, logged-in users, or malicious or commandeered applications, > can leverage the security weaknesses to extract confidential and > protected information from the computer's memory, potentially giving > miscreants sensitive data – such as passwords or cryptographic keys – > to kick off other attacks. This is especially bad news on servers and > other shared machines. > > In short, a huge amount of Intel silicon is secretly running code that > is buggy and exploitable by attackers and malware to fully and > silently compromise computers. The processor chipsets affected by the > flaws are as follows: > > 6th, 7th and 8th Generation Intel Core processors > Intel Xeon E3-1200 v5 and v6 processors > Intel Xeon Scalable processors > Intel Xeon W processors > Intel Atom C3000 processors > Apollo Lake Intel Atom E3900 series > Apollo Lake Intel Pentiums > Celeron N and J series processors > > Intel's Management Engine, at the heart of today's disclosures, is a > computer within your computer. It is Chipzilla's much maligned > coprocessor at the center of its vPro suite of features, and it is > present in various chip families. It has been assailed as a "backdoor" > – a term Intel emphatically rejects – and it is a mechanism targeted > by researchers at UK-based Positive Technologies, who are set to > reveal in detail new ways to exploit the ME next month. > > The Management Engine is a barely documented black box. it has its own > CPU and its own operating system – recently, an x86 Quark core and > MINIX – that has complete control over the machine, and it functions > below and out of sight of the installed operating system and any > hypervisors or antivirus tools present. > > It is designed to allow network administrators to remotely or locally > log into a server or workstation, and fix up any errors, reinstall the > OS, take over the desktop, and so on, which is handy if the box is so > messed up it can't even boot properly. > > The ME runs closed-source remote-administration software to do this, > and this code contains bugs – like all programs – except these bugs > allow hackers to wield incredible power over a machine. The ME can be > potentially abused to install rootkits and other forms of spyware that > silently snoop on users, steal information, or tamper with files. > > SPS is based on ME, and allows you to remotely configure Intel-powered > servers over the network. TXE is Intel's hardware authenticity > technology. Previously, the AMT suite of tools, again running on ME, > could be bypassed with an empty credential string. > > Today, Intel has gone public with more issues in its firmware. It > revealed it "has identified several security vulnerabilities that > could potentially place impacted platforms at risk" following an audit > of its internal source code: > > In response to issues identified by external researchers, Intel has > performed an in-depth comprehensive security review of our Intel > Management Engine (ME), Intel Server Platform Services (SPS), and > Intel Trusted Execution Engine (TXE) with the objective of enhancing > firmware resilience. > > The flaws, according to Intel, could allow an attacker to impersonate > the ME, SPS or TXE mechanisms, thereby invalidating local security > features; "load and execute arbitrary code outside the visibility of > the user and operating system"; and crash affected systems. The > severity of the vulnerabilities is mitigated by the fact that most of > them require local access, either as an administrator or less > privileged user; the rest require you to access the management > features as an authenticated sysadmin. > > >
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 11:49:16 PM UTC+2, Yuraeitha wrote: > On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > > > > > > > Hello Beso, > > > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > > NetworkManager Applet. > > > > > > > > > I can create new Mobile Broadband > > > > > > > > > connection but it keeps connecting > > > > > > > > > and nothing else > > > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to help, > > > > > > > > but honestly your question/problem is to unqualified. > > > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > > - how is the broadband card connected? Probably as an internal > > > > > > > > USB device. > > > > > > > > - are you using sys-usb to connect the card to your sys-net VM? > > > > > > > > Or are you passing through the whole USB controller? > > > > > > > > - have you tried to boot up a Fedora live Linux and check if > > > > > > > > your mobile broadband is working there? > > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > > > My suggestion: > > > > > > > > Try to get the mobile broadband card working without Qubes > > > > > > > > (Linux Live Boot from USB-Stick). > > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > > > [799] > > > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > > - Qubes release 3.2(R3.2) > > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > > - from qvm-usb I can see that card is: Sierra Wireless > > > > > > > Incorporated Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > > - do I have to attach it somewhere? > > > > > > > - As I mentioned I can create new broadband connection and even > > > > > > > select it from applet menu but it keeps connecting(applet shows > > > > > > > "circles" as trying connect). > > > > > > > I am trying to make screenshot if it helps > > > > > > > > > > PS. > > > > > [user@sys-net ~]$ ifconfig > > > > > enp0s1f6: flags=4099 mtu 1500 > > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > > RX packets 0 bytes 0 (0.0 B) > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > TX packets 0 bytes 0 (0.0 B) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > > > lo: flags=73 mtu 65536 > > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > > loop txqueuelen 1 (Local Loopback) > > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > > 0x20 > > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > > 192.168.43.255 > > > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid > > > > > 0x20 > > > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > > TX packets 108834 bytes 37072683 (35.3 MiB) > > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > > > > sudo dmesg: > > > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 > > > > sp 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000] > > > > > > Also, if you have multiple of USB controllers, try sacrifice one > > > controller to sys-net, while keeping the remaining in sys-usb. > > > > > > I believe you have a laptop since you want to use an US
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 9:37:38 PM UTC, beso wrote: > On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > > > > > > Hello Beso, > > > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > > NetworkManager Applet. > > > > > > > > I can create new Mobile Broadband > > > > > > > > connection but it keeps connecting > > > > > > > > and nothing else > > > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to help, > > > > > > > but honestly your question/problem is to unqualified. > > > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > > - what modell of mobile broadband card are you using? > > > > > > > - how is the broadband card connected? Probably as an internal > > > > > > > USB device. > > > > > > > - are you using sys-usb to connect the card to your sys-net VM? > > > > > > > Or are you passing through the whole USB controller? > > > > > > > - have you tried to boot up a Fedora live Linux and check if your > > > > > > > mobile broadband is working there? > > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > > > My suggestion: > > > > > > > Try to get the mobile broadband card working without Qubes (Linux > > > > > > > Live Boot from USB-Stick). > > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > > > [799] > > > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > > - Qubes release 3.2(R3.2) > > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated > > > > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > > - do I have to attach it somewhere? > > > > > > - As I mentioned I can create new broadband connection and even > > > > > > select it from applet menu but it keeps connecting(applet shows > > > > > > "circles" as trying connect). > > > > > > I am trying to make screenshot if it helps > > > > > > > > PS. > > > > [user@sys-net ~]$ ifconfig > > > > enp0s1f6: flags=4099 mtu 1500 > > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > > RX packets 0 bytes 0 (0.0 B) > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > TX packets 0 bytes 0 (0.0 B) > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > device interrupt 26 memory 0xe120-e122 > > > > > > > > lo: flags=73 mtu 65536 > > > > inet 127.0.0.1 netmask 255.0.0.0 > > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > > loop txqueuelen 1 (Local Loopback) > > > > RX packets 636 bytes 74412 (72.6 KiB) > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > TX packets 636 bytes 74412 (72.6 KiB) > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > vif2.0: flags=4163 mtu 1500 > > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid > > > > 0x20 > > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > wlp0s2: flags=4163 mtu 1500 > > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > > 192.168.43.255 > > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid > > > > 0x20 > > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > > TX packets 108834 bytes 37072683 (35.3 MiB) > > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > > > > sudo dmesg: > > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 > > > sp 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000] > > > > Also, if you have multiple of USB controllers, try sacrifice one controller > > to sys-net, while keeping the remaining in sys-usb. > > > > I believe you have a laptop since you want to use an USB modem, but even > > laptops tend to have at least two USB controllers now a days and some years > > back. > > > > So verify how many USB controllers you got (NOT! ports, but controllers, > > that is to be blond, how many USB controlling chips are there i
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 11:22:47 PM UTC+2, Yuraeitha wrote: > On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > > > > > Hello Beso, > > > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > > NetworkManager Applet. > > > > > > > I can create new Mobile Broadband > > > > > > > connection but it keeps connecting > > > > > > > and nothing else > > > > > > > > > > > > I am using mobile broadband within Qubes and am happy to help, but > > > > > > honestly your question/problem is to unqualified. > > > > > > > > > > > > - what version of Qubes are you running? > > > > > > - what modell of mobile broadband card are you using? > > > > > > - how is the broadband card connected? Probably as an internal USB > > > > > > device. > > > > > > - are you using sys-usb to connect the card to your sys-net VM? Or > > > > > > are you passing through the whole USB controller? > > > > > > - have you tried to boot up a Fedora live Linux and check if your > > > > > > mobile broadband is working there? > > > > > > - what does "keeps connecting" means? > > > > > > > > > > > > My suggestion: > > > > > > Try to get the mobile broadband card working without Qubes (Linux > > > > > > Live Boot from USB-Stick). > > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > > > [799] > > > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > > - Qubes release 3.2(R3.2) > > > > > - Previous linux distros worked (ubuntu 16.04) > > > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated > > > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > > - do I have to attach it somewhere? > > > > > - As I mentioned I can create new broadband connection and even > > > > > select it from applet menu but it keeps connecting(applet shows > > > > > "circles" as trying connect). > > > > > I am trying to make screenshot if it helps > > > > > > PS. > > > [user@sys-net ~]$ ifconfig > > > enp0s1f6: flags=4099 mtu 1500 > > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > > RX packets 0 bytes 0 (0.0 B) > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > TX packets 0 bytes 0 (0.0 B) > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > device interrupt 26 memory 0xe120-e122 > > > > > > lo: flags=73 mtu 65536 > > > inet 127.0.0.1 netmask 255.0.0.0 > > > inet6 ::1 prefixlen 128 scopeid 0x10 > > > loop txqueuelen 1 (Local Loopback) > > > RX packets 636 bytes 74412 (72.6 KiB) > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > TX packets 636 bytes 74412 (72.6 KiB) > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > vif2.0: flags=4163 mtu 1500 > > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > > inet6 fe80::fcff::feff: prefixlen 64 scopeid 0x20 > > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > > RX packets 102007 bytes 32168371 (30.6 MiB) > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > TX packets 228493 bytes 219299357 (209.1 MiB) > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > wlp0s2: flags=4163 mtu 1500 > > > inet 192.168.43.181 netmask 255.255.255.0 broadcast > > > 192.168.43.255 > > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid 0x20 > > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > > RX packets 238240 bytes 225553537 (215.1 MiB) > > > RX errors 0 dropped 0 overruns 0 frame 0 > > > TX packets 108834 bytes 37072683 (35.3 MiB) > > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > > > sudo dmesg: > > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 sp > > 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000] > > Also, if you have multiple of USB controllers, try sacrifice one controller > to sys-net, while keeping the remaining in sys-usb. > > I believe you have a laptop since you want to use an USB modem, but even > laptops tend to have at least two USB controllers now a days and some years > back. > > So verify how many USB controllers you got (NOT! ports, but controllers, that > is to be blond, how many USB controlling chips are there in your hardware). > Many developers like to put multiple of ports on a single controller. Be sure > you got more than one controller, and then only pass one of them to your > sys-net, and keeping the other in sys-usb. > > Then in practice, avoid any USB ports used for t
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 9:11:18 PM UTC, beso wrote: > On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > > > > Hello Beso, > > > > > > > > > > > Mobile Broadband is enabled in > > > > > > NetworkManager Applet. > > > > > > I can create new Mobile Broadband > > > > > > connection but it keeps connecting > > > > > > and nothing else > > > > > > > > > > I am using mobile broadband within Qubes and am happy to help, but > > > > > honestly your question/problem is to unqualified. > > > > > > > > > > - what version of Qubes are you running? > > > > > - what modell of mobile broadband card are you using? > > > > > - how is the broadband card connected? Probably as an internal USB > > > > > device. > > > > > - are you using sys-usb to connect the card to your sys-net VM? Or > > > > > are you passing through the whole USB controller? > > > > > - have you tried to boot up a Fedora live Linux and check if your > > > > > mobile broadband is working there? > > > > > - what does "keeps connecting" means? > > > > > > > > > > My suggestion: > > > > > Try to get the mobile broadband card working without Qubes (Linux > > > > > Live Boot from USB-Stick). > > > > > If you got it working try to make it work in Qubes. > > > > > > > > > > [799] > > > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > > - Qubes release 3.2(R3.2) > > > > - Previous linux distros worked (ubuntu 16.04) > > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated > > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > > - do I have to attach it somewhere? > > > > - As I mentioned I can create new broadband connection and even select > > > > it from applet menu but it keeps connecting(applet shows "circles" as > > > > trying connect). > > > > I am trying to make screenshot if it helps > > > > PS. > > [user@sys-net ~]$ ifconfig > > enp0s1f6: flags=4099 mtu 1500 > > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > > RX packets 0 bytes 0 (0.0 B) > > RX errors 0 dropped 0 overruns 0 frame 0 > > TX packets 0 bytes 0 (0.0 B) > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > device interrupt 26 memory 0xe120-e122 > > > > lo: flags=73 mtu 65536 > > inet 127.0.0.1 netmask 255.0.0.0 > > inet6 ::1 prefixlen 128 scopeid 0x10 > > loop txqueuelen 1 (Local Loopback) > > RX packets 636 bytes 74412 (72.6 KiB) > > RX errors 0 dropped 0 overruns 0 frame 0 > > TX packets 636 bytes 74412 (72.6 KiB) > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > vif2.0: flags=4163 mtu 1500 > > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > > inet6 fe80::fcff::feff: prefixlen 64 scopeid 0x20 > > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > > RX packets 102007 bytes 32168371 (30.6 MiB) > > RX errors 0 dropped 0 overruns 0 frame 0 > > TX packets 228493 bytes 219299357 (209.1 MiB) > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > > wlp0s2: flags=4163 mtu 1500 > > inet 192.168.43.181 netmask 255.255.255.0 broadcast 192.168.43.255 > > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid 0x20 > > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > > RX packets 238240 bytes 225553537 (215.1 MiB) > > RX errors 0 dropped 0 overruns 0 frame 0 > > TX packets 108834 bytes 37072683 (35.3 MiB) > > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > > sudo dmesg: > [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 sp > 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000] Also, if you have multiple of USB controllers, try sacrifice one controller to sys-net, while keeping the remaining in sys-usb. I believe you have a laptop since you want to use an USB modem, but even laptops tend to have at least two USB controllers now a days and some years back. So verify how many USB controllers you got (NOT! ports, but controllers, that is to be blond, how many USB controlling chips are there in your hardware). Many developers like to put multiple of ports on a single controller. Be sure you got more than one controller, and then only pass one of them to your sys-net, and keeping the other in sys-usb. Then in practice, avoid any USB ports used for the exposed USB controller, and then keep remaining USB controllers in the safer sys-usb. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qub
Re: [qubes-users] Mobile broadband-not enabled
On Monday, October 2, 2017 at 11:06:38 AM UTC, beso wrote: > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > Hello Beso, > > > > > Mobile Broadband is enabled in > > > NetworkManager Applet. > > > I can create new Mobile Broadband > > > connection but it keeps connecting > > > and nothing else > > > > I am using mobile broadband within Qubes and am happy to help, but > > honestly your question/problem is to unqualified. > > > > - what version of Qubes are you running? > > - what modell of mobile broadband card are you using? > > - how is the broadband card connected? Probably as an internal USB device. > > - are you using sys-usb to connect the card to your sys-net VM? Or are you > > passing through the whole USB controller? > > - have you tried to boot up a Fedora live Linux and check if your mobile > > broadband is working there? > > - what does "keeps connecting" means? > > > > My suggestion: > > Try to get the mobile broadband card working without Qubes (Linux Live Boot > > from USB-Stick). > > If you got it working try to make it work in Qubes. > > > > [799] > > - Laptop is ThinkPad X1 Carbon 4th gen. > - Qubes release 3.2(R3.2) > - Previous linux distros worked (ubuntu 16.04) > - from qvm-usb I can see that card is: Sierra Wireless Incorporated Sierra > Wireless EM7455 Qualcomm Snapdragon X7 > - do I have to attach it somewhere? > - As I mentioned I can create new broadband connection and even select it > from applet menu but it keeps connecting(applet shows "circles" as trying > connect). > I am trying to make screenshot if it helps Yes, because you passed the USB controller to your sys-USB, correct? In that case, that means if you attach an USB modem, it'll be passed to your sys-USB, and not your sys-net that should have the internet device instead. The solution could be to merge your sys-net with sys-usb, though, I never felt truly safe having my USB exposed like that. Though logically speaking, its not anymore exposed in sys-net, than compared with any other non Qubes-OS system out there. Either way, I believe this is pretty likely your problem. Try test it first, you can worry about the security after wards. See if it works if you passthrough your USB controller to your sys-net instead, and then try apply your USB modem there. If it still doesn't work, then it's probably either (in order of likelihood, the first is most likely imho). - No driver/module for your USB modem. It may be visible in i.e. "lspci", but it'll have no functionality, no less any signal. - PCI strictness is too strict, and qvm-prefs strictreset option set to false is not enough. - Pass-through is not supported in your USB modem. But these potential issues, you only need to worry about, after you get USB into sys-net, instead of sys-usb. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a71d2572-00a7-4ed8-a616-d1973f4e3087%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 5:48:43 PM UTC+2, beso wrote: > On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > > > Hello Beso, > > > > > > > > > Mobile Broadband is enabled in > > > > > NetworkManager Applet. > > > > > I can create new Mobile Broadband > > > > > connection but it keeps connecting > > > > > and nothing else > > > > > > > > I am using mobile broadband within Qubes and am happy to help, but > > > > honestly your question/problem is to unqualified. > > > > > > > > - what version of Qubes are you running? > > > > - what modell of mobile broadband card are you using? > > > > - how is the broadband card connected? Probably as an internal USB > > > > device. > > > > - are you using sys-usb to connect the card to your sys-net VM? Or are > > > > you passing through the whole USB controller? > > > > - have you tried to boot up a Fedora live Linux and check if your > > > > mobile broadband is working there? > > > > - what does "keeps connecting" means? > > > > > > > > My suggestion: > > > > Try to get the mobile broadband card working without Qubes (Linux Live > > > > Boot from USB-Stick). > > > > If you got it working try to make it work in Qubes. > > > > > > > > [799] > > > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > > - Qubes release 3.2(R3.2) > > > - Previous linux distros worked (ubuntu 16.04) > > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated > > > Sierra Wireless EM7455 Qualcomm Snapdragon X7 > > > - do I have to attach it somewhere? > > > - As I mentioned I can create new broadband connection and even select it > > > from applet menu but it keeps connecting(applet shows "circles" as trying > > > connect). > > > I am trying to make screenshot if it helps > > PS. > [user@sys-net ~]$ ifconfig > enp0s1f6: flags=4099 mtu 1500 > ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) > RX packets 0 bytes 0 (0.0 B) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 0 bytes 0 (0.0 B) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > device interrupt 26 memory 0xe120-e122 > > lo: flags=73 mtu 65536 > inet 127.0.0.1 netmask 255.0.0.0 > inet6 ::1 prefixlen 128 scopeid 0x10 > loop txqueuelen 1 (Local Loopback) > RX packets 636 bytes 74412 (72.6 KiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 636 bytes 74412 (72.6 KiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > vif2.0: flags=4163 mtu 1500 > inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 > inet6 fe80::fcff::feff: prefixlen 64 scopeid 0x20 > ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) > RX packets 102007 bytes 32168371 (30.6 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 228493 bytes 219299357 (209.1 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > wlp0s2: flags=4163 mtu 1500 > inet 192.168.43.181 netmask 255.255.255.0 broadcast 192.168.43.255 > inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid 0x20 > ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) > RX packets 238240 bytes 225553537 (215.1 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 108834 bytes 37072683 (35.3 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 sudo dmesg: [ 3847.841147] NetworkManager[6145]: segfault at 38 ip 732046957569 sp 7ffe0cc871f0 error 4 in libnm-wwan.so[73204695+11000] -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c2344c54-07ad-454c-ae2f-93cde7e8756f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: download new fedora-26
On Wednesday, November 22, 2017 at 4:11:17 PM UTC, Roy Bernat wrote: > Hi > > i am trying to download fedora-26 but with no success . > > i succeeded a month ago but now i am getting nothing . > > any suggestions ? > > R Are you running Qubes 4 or Qubes 3.2.? I can only speak for Qubes as I never installed the template when on Qubes 3.2., however it failed for me as well. I do not recall what the issue was. The only other template issue I remember by head, is the fedora-26-minimal, which require a password when you try to use "sudo" or "su" etc. which means, you cannot install or update anything. The password has be fixed. Please specify your Qubes version, and also what is happening when the template fails. Also, it's my gut feeling, without knowing for sure, that the developers are not overly focused on the different templates right now. Their focus is primarily Fedora-25 right now it seems. This is understandable, as they are working hard, and maybe even overtime, to get Qubes 4 out of beta and into stable final release. Before that, having just one good working template, compared to other nasty Qubes 4 bugs, is good enough, at least for me, and I assume most people too. If it's trouble in Qubes 3.2. you encounter, then you probably won't see much else than security update in Qubes 3.2., as Qubes 3.2. is to be out-phased when the extended support ends. Which will likely happen, my guess, within half a year after Qubes 4 is stable. So unless someone provides an easy quick fix, the developers probably won't spend much time on fixing Qubes 3.2. templates. Keep in mind the Qubes tools was changed and updated in Qubes 4, so whatever fix work in one Qubes version, may not necessarily work in the other. Another solution could be to try compile the template yourself, there should be enough material around if you're good to follow guides on how to do so. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e28e23c8-18eb-4d98-8a67-54ba8b24cb3c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: ***SPAM*** Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
On Wednesday, November 22, 2017 at 8:10:43 PM UTC, m...@militant.dk wrote: > Yuraeitha skrev den 22.11.2017 20:27: > snip--- > > > I can see from your screenshot that you're trying to install Qubes 4, > > and you commented that you have no VT-D. You mayde sure its not just > > disabled? > > I have VT-x ,but not VT-d : > https://ark.intel.com/products/75460/Intel-Core-i7-4500U-Processor-4M-Cache-up-to-3_00-GHz > > > Write "lscpu" in your dom0 terminal, and find the CPU processor name. > > Then you can yourself, or put the name here and we can do it for you, > > quickly check if your CPU supports VT-D or not. > > Thank you. Output is the above CPU. > > > Qubes 4 is much more strict towards missing hardware support than > > Qubes 3.2. Specifically the security/privacy hardware support > > features. Qubes is meant to be about security, by making it only > > install on security enabling hardware, falls within reasonable so that > > no one install Qubes on unsafe hardware, and thereby falsely believe > > to be "safe". > > A very solid point. A mere mention of the implications should suffice in > my book, then the choice could be mine and my choice to compromise, > evaluating the risk involved. Then I would not think to be 100% safe, > but actually be safer than running a non qubes-OS. > > > The most dangerous kind of lack of security around, is ironically not > > technical of nature. The most dangerous one, is the attitude, or > > belief, that you're safe, when you in fact are not. Think of it like > > ancient humans sleeping on the havana, and lions sneak around in the > > grass. Because you're not on watch, i.e. build a house or barricaded a > > cave entrance, then you'll likely die pretty darn fast. The same > > applies to Qubes, this move, in my view, is the developers kindly > > pushing us all to buy VT-D (and similar) security enabling hardware. > > And that is a really good idea. Nudging works, but pushing works better > ;) I believe that I'm never truly safe, but only "safer" using Qubes, > than if running another setup. Being a 100% safe is utopia in my book. > Just want to go as far as my brain and hardware takes me. Apparently > that is not far enough in version 4's case. > > > However, you can probably still install Qubes 3.3 and sleep on the > > hanava just fine. The type of attacks that affect you, are rare > > enough, to justify Qubes 3.2. on a no VT-D (or similar tech) machine. > > And it's more likely to work on a non VT-D machine, than Qubes 4 which > > require VT-D instead of just recommending it. > > I'm waiting for my new notebook that has actual VT-d > support(https://ark.intel.com/products/88194), so it seems that my > pre-training on version 4 collapsed with the above setup :) > > > Also Qubes 3.2. should be updated for a while yet, > > https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/` > > thank you very much for your time and feedback. > > Sincerely > Max Your welcome :) I hope your new laptop will run Qubes 4 smoothly, it can be a hit and miss sometimes, but generally you can reduce the risk by i.e. checking if it supports VT-D, like you already did :) I definitely agree too that more could be done to communicate, sadly, despite how pretty awesome Qubes is, communication with its communicate, seems to be its weak point. Most people around here seem to care about each others, it's just, there is so little organizing and corporation, both within the community, and between the community and developers. But having said that, the developers are awesome to step in and help fix user issues, despite being so busy. It's just, I think at least, that Qubes could use more staff members to help fostering the community a bit more. I.e. like you said, help communicate so people don't fall into security traps, instead of relying purely on OS system designs to make sure people don't get into trouble. A mix of both, seems like a good balance. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/27384fba-ee30-48b2-bccf-63ea385a0df9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to Setup Wireless
On Wednesday, November 22, 2017 at 7:43:59 PM UTC, Ray Joseph wrote: > donoban, > > Thank you. It is now running in dom0. I changed to v4.0RC1. My vms start > intermittently so it is a challenge to test further. > > I guess I could practice in v3.2 until v4 matures. Actually, if you managed to get that far, you can probably manage to get Qubes 4 to run more or less smoothly. Albeit still may be unlucky to encounter a nasty bug of course, but in my own experience it runs pretty smoothly with newest updates and fixed user mistakes. Qubes 4 user (or semi-user) mistakes that I encountered, that have a big impact on a working Qubes 4: - Not making sure ALL VM's, i.e. from restored backup, are set to HVM instead of PV. This can mess up your VM's, as some systems can no longer run PV VM's properly in Qubes 4, despite having done so just fine in Qubes 3.2. - Using any older Qubes 3.2. templates. A lot of changes was made to the Qubes tools, so the Qubes tools code probably changed in the VM templates too. Be sure you are mindful of this, if you insist on using an older Qubes 3.2. VM template. - A bug in the AppVM templates, seem to mess up icon update in the XFCE4 menu, or somehow even preventing apps to start in VM's. If you encounter a bad AppVM, check if it was restored from Qubes 3.2. If so, then manually transfter your files, bookmarks, etc. out of it and over into a new Qubes 4 freshly made AppVM. - VT-D and similar, is now required for a fully working system, instead of just recommended as it was in Qubes 3.2. and back. You may be able to install, but it won't run smooth without VT-D or similar supported tech. - Newest Qubes (Testing update) has a drawback of Hibernate/Suspend breaking Wi-Fi, and various of other VM functionality. For example all your VM apps may be gone and cannot start. Only solution is either restart ALL your VM's, or in the worst cases, having to restart all of Qubes. Still, this is a testing update, and a user mistake for using a testing update. The developers will probably get it fixed eventually. Staying with regular updates should be safe, I assume of course. If you get the bug, then just be sure you save important work if you use suspend/hibernate. This is likely a pass-through issue (I think), but its definitely not a driver/module issue, like those we otherwise often saw in the past after hibernate/suspend. Either way, my guess is its probably soon fixed before it becomes a normal update. I'm not saying to go Qubes 4 for stability or critical data production, though, in my experience the user (or semi user) mistakes above can have a huge impact on if Qubes 4 works properly or not. There are still other issues, but they are getting more rare, and mostly everything seems to work now. Personally I'd rate Qubes RC-2, fully updated to this date, as late stage beta testing. But that's just my look at it. If you got important work, then it's probably better to stay on Qubes 3.2. for a while yet. If not, and you want to play with Qubes, then you can probably get it work reasonably on supported hardware. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/658c1271-b949-413e-a768-6840e17f665c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: ***SPAM*** Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
Yuraeitha skrev den 22.11.2017 20:27: snip--- I can see from your screenshot that you're trying to install Qubes 4, and you commented that you have no VT-D. You mayde sure its not just disabled? I have VT-x ,but not VT-d : https://ark.intel.com/products/75460/Intel-Core-i7-4500U-Processor-4M-Cache-up-to-3_00-GHz Write "lscpu" in your dom0 terminal, and find the CPU processor name. Then you can yourself, or put the name here and we can do it for you, quickly check if your CPU supports VT-D or not. Thank you. Output is the above CPU. Qubes 4 is much more strict towards missing hardware support than Qubes 3.2. Specifically the security/privacy hardware support features. Qubes is meant to be about security, by making it only install on security enabling hardware, falls within reasonable so that no one install Qubes on unsafe hardware, and thereby falsely believe to be "safe". A very solid point. A mere mention of the implications should suffice in my book, then the choice could be mine and my choice to compromise, evaluating the risk involved. Then I would not think to be 100% safe, but actually be safer than running a non qubes-OS. The most dangerous kind of lack of security around, is ironically not technical of nature. The most dangerous one, is the attitude, or belief, that you're safe, when you in fact are not. Think of it like ancient humans sleeping on the havana, and lions sneak around in the grass. Because you're not on watch, i.e. build a house or barricaded a cave entrance, then you'll likely die pretty darn fast. The same applies to Qubes, this move, in my view, is the developers kindly pushing us all to buy VT-D (and similar) security enabling hardware. And that is a really good idea. Nudging works, but pushing works better ;) I believe that I'm never truly safe, but only "safer" using Qubes, than if running another setup. Being a 100% safe is utopia in my book. Just want to go as far as my brain and hardware takes me. Apparently that is not far enough in version 4's case. However, you can probably still install Qubes 3.3 and sleep on the hanava just fine. The type of attacks that affect you, are rare enough, to justify Qubes 3.2. on a no VT-D (or similar tech) machine. And it's more likely to work on a non VT-D machine, than Qubes 4 which require VT-D instead of just recommending it. I'm waiting for my new notebook that has actual VT-d support(https://ark.intel.com/products/88194), so it seems that my pre-training on version 4 collapsed with the above setup :) Also Qubes 3.2. should be updated for a while yet, https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/` thank you very much for your time and feedback. Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d0a2ff4a1312b0dbd98b2c0a42d93a82%40militant.dk. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] How to Setup Wireless
donoban, Thank you. It is now running in dom0. I changed to v4.0RC1. My vms start intermittently so it is a challenge to test further. I guess I could practice in v3.2 until v4 matures. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8cd83d2c-a615-431f-90f7-6dfa8fba7724%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] https://www.intel.com/.../nuc6i3syk.html says NO TPM yesterday and earlier but today TPM = 1.00
On Wed, Nov 22, 2017 at 11:13:09AM -0800, squeakl...@gmail.com wrote: > https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc6i3syk.html > > Today i am accessing qubes-users mailing lists > ( that is the only difference between today and yesterday ) > and now this > webpage now says it has TPM = 1.00 > > so this sounds like webpage defacing might be going on > so what could this mean? > somebody doesn't want me to use Qubes OS? > am i infected with something? > how does defacing work? > Wayback machine confirms that TPM was NO on Ma 5 2017 - I cant see any other difference form today's TPM=1. So either the spec has change, or there's some glitch in back end db at Intel. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171122194348.4yfs22kx56jqawvo%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
On Wednesday, November 22, 2017 at 7:09:27 PM UTC, m...@militant.dk wrote: > Hello again, > > I tried to ignore the "Missing hardware support" error and found this to > be a possible similar issue with wrongful detection (Since my BIOS shows > vanderpool support): > https://github.com/QubesOS/qubes-issues/issues/3208 > > It seems the installer accepted my configuration and the system gets > installed(?). > > My issue is now that the menu looks nothing like version 3, and I have > no qubes related that works. I have "Qubes Global Settings", that fails. > I cannot update dom0, and gets an error. > > I've uploaded screenshot at imgur, and any help will be appreciated: > https://i.imgur.com/Te3bH9I.png > > Sincerely > Max > > On 11/22/2017 03:46 PM, awokd wrote: > > > On Wed, November 22, 2017 13:57, 'Max' via qubes-users wrote: > > > >> Hi awokd, > >> > >> Thank you for your response. I have tried to reset BIOS, deselect UEFI > >> / > >> select legacy, but other errors come up. Missing hardware support > >> VT-d, > >> etc, and Interrupt Remapping, so it would be perfect if setup > >> succeeded > >> with another user, using this specific laptop. > > > > Legacy/UEFI boot mode should not affect processor features. Check to > > see > > if there's a newer BIOS available for your laptop? If there is, it > > might > > help with the installer too. > > > > Unfortunately, Xen issues with UEFI are pretty common. Search this > > mailing > > list for "EFI 4.0" (or maybe "Lenovo EFI 4.0" in your case). You could > > also look at https://www.qubes-os.org/doc/uefi-troubleshooting/ but it > > might be more 3.2 specific. I've managed to work around UEFI issues on > > a > > Lenovo before by booting Refind from a USB key, then the installer from > > that. Sorry I don't have a silver bullet! I can see from your screenshot that you're trying to install Qubes 4, and you commented that you have no VT-D. You mayde sure its not just disabled? Write "lscpu" in your dom0 terminal, and find the CPU processor name. Then you can yourself, or put the name here and we can do it for you, quickly check if your CPU supports VT-D or not. Qubes 4 is much more strict towards missing hardware support than Qubes 3.2. Specifically the security/privacy hardware support features. Qubes is meant to be about security, by making it only install on security enabling hardware, falls within reasonable so that no one install Qubes on unsafe hardware, and thereby falsely believe to be "safe". The most dangerous kind of lack of security around, is ironically not technical of nature. The most dangerous one, is the attitude, or belief, that you're safe, when you in fact are not. Think of it like ancient humans sleeping on the havana, and lions sneak around in the grass. Because you're not on watch, i.e. build a house or barricaded a cave entrance, then you'll likely die pretty darn fast. The same applies to Qubes, this move, in my view, is the developers kindly pushing us all to buy VT-D (and similar) security enabling hardware. However, you can probably still install Qubes 3.3 and sleep on the hanava just fine. The type of attacks that affect you, are rare enough, to justify Qubes 3.2. on a no VT-D (or similar tech) machine. And it's more likely to work on a non VT-D machine, than Qubes 4 which require VT-D instead of just recommending it. Also Qubes 3.2. should be updated for a while yet, https://www.qubes-os.org/news/2016/09/02/4-0-minimum-requirements-3-2-extended-support/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ca72ac9-12df-4ef9-8a08-6f39d5b2d429%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] https://www.intel.com/.../nuc6i3syk.html says NO TPM yesterday and earlier but today TPM = 1.00
https://www.intel.com/content/www/us/en/products/boards-kits/nuc/kits/nuc6i3syk.html Today i am accessing qubes-users mailing lists ( that is the only difference between today and yesterday ) and now this webpage now says it has TPM = 1.00 so this sounds like webpage defacing might be going on so what could this mean? somebody doesn't want me to use Qubes OS? am i infected with something? how does defacing work? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b47b2258-5609-4fa6-8f28-ffbdfb22a06e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
Hello again, I tried to ignore the "Missing hardware support" error and found this to be a possible similar issue with wrongful detection (Since my BIOS shows vanderpool support): https://github.com/QubesOS/qubes-issues/issues/3208 It seems the installer accepted my configuration and the system gets installed(?). My issue is now that the menu looks nothing like version 3, and I have no qubes related that works. I have "Qubes Global Settings", that fails. I cannot update dom0, and gets an error. I've uploaded screenshot at imgur, and any help will be appreciated: https://i.imgur.com/Te3bH9I.png Sincerely Max On 11/22/2017 03:46 PM, awokd wrote: On Wed, November 22, 2017 13:57, 'Max' via qubes-users wrote: Hi awokd, Thank you for your response. I have tried to reset BIOS, deselect UEFI / select legacy, but other errors come up. Missing hardware support VT-d, etc, and Interrupt Remapping, so it would be perfect if setup succeeded with another user, using this specific laptop. Legacy/UEFI boot mode should not affect processor features. Check to see if there's a newer BIOS available for your laptop? If there is, it might help with the installer too. Unfortunately, Xen issues with UEFI are pretty common. Search this mailing list for "EFI 4.0" (or maybe "Lenovo EFI 4.0" in your case). You could also look at https://www.qubes-os.org/doc/uefi-troubleshooting/ but it might be more 3.2 specific. I've managed to work around UEFI issues on a Lenovo before by booting Refind from a USB key, then the installer from that. Sorry I don't have a silver bullet! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8a37fa62-7ff0-5166-cde9-ab9f6c5953c2%40militant.dk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu wrote: > Hi,my name is Knut von Walter.In order to progress in my understanding of > Qubes OS, I am looking for members of the Qubes-community in > Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter Based on all that, I'd rather recommend you extend your invitation to the entirety of Germany. There are evenly distributed, without other factors, expected to be 276,5 Qubes users in all of Germany. You're far more likely to find fellow Germans here, than fellow people from Munich. You could even extend it to nearby countries to Germany, if you make an event, some are likely to travel further. Also keeping in mind that many Qubes users are privacy minded, or may not enjoy the idea of meeting strangers. The more people you invite, the more are likely to come. Organize an event, it can even be small and without investment in the beginning, like ask people to donate a little for a meeting room for a few days, and then wait for the event and everyone to arrive. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/25c5710f-c81b-4695-8ebe-3ba24d569632%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Looking for Qubes OS-Users in Munich-Germany
On Wednesday, November 22, 2017 at 3:30:09 PM UTC, in...@websecur.eu wrote: > Hi,my name is Knut von Walter.In order to progress in my understanding of > Qubes OS, I am looking for members of the Qubes-community in > Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter If you look here, you can see how many people who use Qubes, based on unique IP addresses https://www.qubes-os.org/statistics/ Only the Tor IP's may be more of the same people, so ignore those. In addition, people may update Qubes while out in the wild, i.e. while on company, school, or if using VPN on. Basically, it's a rough statistic regarding how many people use Qubes. However, what the statistics does provide, is that no more than the maximum can exist. And this information is relevant to your question. Currently there is probably some 25.000 Qubes users, probably less, given the laptops that move abouts and update on different non-Tor IP's. It's probably not proper to take the German population, and devide by the world population, to find out the ratio, and transfer this ratio to the 25.000 Qubes users. This is because culture, and mouth to mouth recommendations, infrastructure like technical security universities, companies, etc. may spread Qubes in different and various populations across the world. However its given that Germany is more focused on security than some other western countries out there, so the ratio may be a bit higher than the average world ratio. Lets crack some numbers. Data is just roughly accurate, give or take some millions or source update delays, wiki use controversy, etc.. But it should be accurate enough to get a useful conclusion. We're not trying to split hairs after all. - Data - "The world population was estimated to have reached 7.6 billion as of October 2017" https://en.wikipedia.org/wiki/World_population Germany Population 2017: 82,155,210 http://worldpopulationreview.com/countries/germany-population/ Munich 1,330,440 Same link source as German population, just scroll down. Qubes users: ~ 25.000 https://www.qubes-os.org/statistics/ - Analysis - Step 1,A) 82M German pop. divided by 7.600M world pop. = 0,0107 (or 1,07 %). Step 1,B) 1,330M Munich pop. divided by 7.600M world pop. = 0,000175 (or 0,0175 %). Step 2,A) 25.000 Qubes users multiplied by German/world population ratio 0,0107 = 267,5 German Qubes users. Step 2,B) 25.000 Qubes users multiplied by Munich/world population ratio 0,000175 = 4,3 Munich Qubes users. - Conclusion - This means, in a perfect square, evenly distributed scenario, there are at average some 267,5 Qubes users in all of Germany, and some 4,3 Qubes users in Munich specifically. However, keep in mind, this is evenly distributed. Other factors, such as culture, universities, companies, mouth to mouth, and so on, may change how even the distribution is. As such, you may for example be the only one in Munich to use Qubes, or perhaps, there are 10 others besides you in Munich. Similar, there may be 500 in German, or maybe only 10 QUbes users in Germany. - Perspective, a small extra study - However, we can make a logical deduction from our little inductive research above. Deductively, we can assume that because Germans are subjectively known t be more keen on security and privacy than some other western countries, or most countries in the world. And because Germany is one of the leading country in some technologies and science. It's not unlikely to think that Germany might have a somewhat higher distribution of Qubes users, compared to elsewhere. For example, it may be assumed that Germany then have 300? or maybe 700? Qubes users (up from 267,5), it's a wild guess. At this point, it becomes calculated guess-work. But you can still estimate the likelihood of how likely your guess is. However, keep in mind, a slightly bigger likelihood of more Qubes users in Germany, does not translate into many more Qubes users in Munich. Germany is about 88 times bigger in population than Munich is, so for every 88 extra Qubes user in Germany, there is only 1 extra in Munich, if evenly distributed. However, if you got universities, privacy advocated companies, or just plain lucky to have people interested in Qubes to spread mouth to mouth in Munich or near Munich, then Munich may have a bigger ratio as well. So, your take away, considering so few of the 25.000 Qubes users actually post on these e-mail thread / forums, it can be "assumed" that some just read without posting or rarely posting. However, many more likely don't read these e-mail thread / forums much or at all. This is without considering there are other Qubes platforms too, like the Reddit one. In other words, even if its evenly distributed, and there are 4,3 Qubes users in Munich alone, or even if your lucky, and the distribution is affected by factors that spread Qubes in Munich, then maybe there are some more, but its probably hardly re
[qubes-users] Re: HOWTO: Compiling Kernels for dom0
Le mercredi 22 novembre 2017 18:31:29 UTC+1, Foppe de Haan a écrit : > Now that 4.14's reached stable, does anyone plan to test it soon (or have an > idea when they'll have time to do so)? Since 4.13 wasn't stable 'by default' > in qubes, I would assume 4.14 won't be either, but although I'll certainly > give it a go, I'm fairly sure I am not the best person to try to figure out > what's wrong when I run into trouble. :) I started to update patches etc and I should test it this tomorrow or this week-end (depending on the time I have :) ). By the way, the latest kernel4.13 is "more stable" with my Ryzen but I still experiment random crashes...So I will give you a feedback soon for 4.14. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6807d188-7fa8-4d2a-bb3d-f7f582a84b99%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: HOWTO: Compiling Kernels for dom0
Now that 4.14's reached stable, does anyone plan to test it soon (or have an idea when they'll have time to do so)? Since 4.13 wasn't stable 'by default' in qubes, I would assume 4.14 won't be either, but although I'll certainly give it a go, I'm fairly sure I am not the best person to try to figure out what's wrong when I run into trouble. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5322447a-5335-472c-8298-a0d2828a5acf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] mount root.img files
On 11/22/2017 10:01 AM, Chris Laprise wrote: Glad you recovered OK. The best way to execute the vm-sudo instructions is to switch to root user first with 'sudo su'. Notice that all the shell prompts in the document are '[root@vmname]#'. BTW I have a project Qubes-VM-hardening that uses vm-sudo configuration to leverage template-based security. Its an added layer of protection against malware persistence. The master branch currently only deals with user init scripts, but the systemd branch has some more interesting things in development, like white-listing. https://github.com/tasket/Qubes-VM-hardening -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/881ca94d-5ad9-23f2-5516-40dfa2a5de65%40posteo.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] download new fedora-26
Hi i am trying to download fedora-26 but with no success . i succeeded a month ago but now i am getting nothing . any suggestions ? R -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7e9cc977-f5d7-4bbb-9ad6-ab7cde0eb6ce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Mobile broadband-not enabled
On Wednesday, November 22, 2017 at 3:00:41 PM UTC+2, beso wrote: > On Monday, October 2, 2017 at 2:06:38 PM UTC+3, beso wrote: > > On Monday, October 2, 2017 at 12:01:41 AM UTC+3, One7two99 wrote: > > > Hello Beso, > > > > > > > Mobile Broadband is enabled in > > > > NetworkManager Applet. > > > > I can create new Mobile Broadband > > > > connection but it keeps connecting > > > > and nothing else > > > > > > I am using mobile broadband within Qubes and am happy to help, but > > > honestly your question/problem is to unqualified. > > > > > > - what version of Qubes are you running? > > > - what modell of mobile broadband card are you using? > > > - how is the broadband card connected? Probably as an internal USB > > > device. > > > - are you using sys-usb to connect the card to your sys-net VM? Or are > > > you passing through the whole USB controller? > > > - have you tried to boot up a Fedora live Linux and check if your mobile > > > broadband is working there? > > > - what does "keeps connecting" means? > > > > > > My suggestion: > > > Try to get the mobile broadband card working without Qubes (Linux Live > > > Boot from USB-Stick). > > > If you got it working try to make it work in Qubes. > > > > > > [799] > > > > - Laptop is ThinkPad X1 Carbon 4th gen. > > - Qubes release 3.2(R3.2) > > - Previous linux distros worked (ubuntu 16.04) > > - from qvm-usb I can see that card is: Sierra Wireless Incorporated Sierra > > Wireless EM7455 Qualcomm Snapdragon X7 > > - do I have to attach it somewhere? > > - As I mentioned I can create new broadband connection and even select it > > from applet menu but it keeps connecting(applet shows "circles" as trying > > connect). > > I am trying to make screenshot if it helps PS. [user@sys-net ~]$ ifconfig enp0s1f6: flags=4099 mtu 1500 ether 54:ee:75:aa:4d:e3 txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 26 memory 0xe120-e122 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 1 (Local Loopback) RX packets 636 bytes 74412 (72.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 636 bytes 74412 (72.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 vif2.0: flags=4163 mtu 1500 inet 10.137.1.1 netmask 255.255.255.255 broadcast 0.0.0.0 inet6 fe80::fcff::feff: prefixlen 64 scopeid 0x20 ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet) RX packets 102007 bytes 32168371 (30.6 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 228493 bytes 219299357 (209.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlp0s2: flags=4163 mtu 1500 inet 192.168.43.181 netmask 255.255.255.0 broadcast 192.168.43.255 inet6 fe80::e6a4:71ff:fe8a:d310 prefixlen 64 scopeid 0x20 ether e4:a4:71:8a:d3:10 txqueuelen 1000 (Ethernet) RX packets 238240 bytes 225553537 (215.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 108834 bytes 37072683 (35.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8bb90d02-af3c-4b14-aef9-f2ca7440089d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Failed to load Kernel Modules
This is the first line while booting. So I checked systemctl status systemd-modules-load.service that says the below. I see no errors .. all OK then?? Thank you, Bernhard [me @dom0 ] systemd-modules-load.service - Load Kernel Modules Loaded: loaded (/usr/lib/systemd/system/systemd-modules-load.service; static; vendor preset: disabled) Active: active (exited) since Wed 2017-11-22 10:30:29 EST; 2min 35s ago Docs: man:systemd-modules-load.service(8) man:modules-load.d(5) Process: 1299 ExecStart=/usr/lib/systemd/systemd-modules-load (code=exited, status=0/SUCCESS) Main PID: 1299 (code=exited, status=0/SUCCESS) Tasks: 0 (limit: 4915) CGroup: /system.slice/systemd-modules-load.service Nov 22 10:30:29 dom0 systemd-modules-load[1299]: Inserted module 'uinput' Nov 22 10:30:29 dom0 systemd-modules-load[1299]: Module 'xen_evtchn' is builtin Nov 22 10:30:29 dom0 systemd[1]: Started Load Kernel Modules. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/780717b0-d11a-7373-b249-9bdda5f12650%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Looking for Qubes OS-Users in Munich-Germany
Hi,my name is Knut von Walter.In order to progress in my understanding of Qubes OS, I am looking for members of the Qubes-community in Munich-Bavaria-Germany. Thank you. Best of best Knut von Walter -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ea17e1b6-c897-4036-a030-646868f03c47%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Copying file from Debian8(or Whonix) to a Fedora VM?
Ahhh...space bar! I think I tried every key except the biggest oneit worked! All working...thank you both and thank you to all who have made this OSS package possible! Probably going to try a fresh install again and start from scratch just to make sure. My only concern is I have Firefox ESR however I suspect it might be do to the order I originally updated the software. Thanks again... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d328f38c-a621-4861-ab5a-faac1945e1a4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] mount root.img files
On 11/22/2017 05:02 AM, Bernhard wrote: Hello, I brought myself in trouble, when I (badly) followed the vm-sudo instructions : as non-root, I modified (using each time sudo) the file /etc/pam.d/common-auth in debian-8. Now, at the follwoing steps I would need to sudo again - but the process is blocked (saying 3 times bad password), since the new VMAuth is (only) partially set up. - Of course, qubes-revert command for template vm does not exist in Q4, that would be too easy. - Actually, reinstalling debian-8-template fails as well, since there seems no package named qubes-template-debian-8 in contrast with the qubes documentation - So I would like to "break in" the vm-template as dom0, and change that one line in /etc/pam.d/common-auth back. But how to mount the root.img file? I tried a losetup & mount approach, but the file is non-mountable. I have not found any documentation either. So I ask in despair for some help. Bernhard Glad you recovered OK. The best way to execute the vm-sudo instructions is to switch to root user first with 'sudo su'. Notice that all the shell prompts in the document are '[root@vmname]#'. -- Chris Laprise, tas...@posteo.net https://github.com/tasket https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ba7dc737-ae49-f864-2605-e0734ee1580e%40posteo.net. For more options, visit https://groups.google.com/d/optout.
Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
On Wed, November 22, 2017 13:57, 'Max' via qubes-users wrote: > Hi awokd, > > Thank you for your response. I have tried to reset BIOS, deselect UEFI / > select legacy, but other errors come up. Missing hardware support VT-d, > etc, and Interrupt Remapping, so it would be perfect if setup succeeded > with another user, using this specific laptop. Legacy/UEFI boot mode should not affect processor features. Check to see if there's a newer BIOS available for your laptop? If there is, it might help with the installer too. Unfortunately, Xen issues with UEFI are pretty common. Search this mailing list for "EFI 4.0" (or maybe "Lenovo EFI 4.0" in your case). You could also look at https://www.qubes-os.org/doc/uefi-troubleshooting/ but it might be more 3.2 specific. I've managed to work around UEFI issues on a Lenovo before by booting Refind from a USB key, then the installer from that. Sorry I don't have a silver bullet! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b9f7811ce4fd30efd9ff650bed25dd82%40elude.in. For more options, visit https://groups.google.com/d/optout.
Re: Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
Hi awokd, Thank you for your response. I have tried to reset BIOS, deselect UEFI / select legacy, but other errors come up. Missing hardware support VT-d, etc, and Interrupt Remapping, so it would be perfect if setup succeeded with another user, using this specific laptop. The Lenovo Yoga 2 Pro has no DVD, so I hoped the USB would suffice. I might test this further with 3.2. Thank you again for your reply. I've pasted screenshots here, if something stares you in the face :): https://pasteboard.co/GUPAgPV.png https://pasteboard.co/GUPAx1x.png https://pasteboard.co/GUPAKm1.png Sincerely Max On 11/22/2017 01:21 PM, awokd wrote: On Wed, November 22, 2017 11:58, max via qubes-users wrote: Den lørdag den 11. februar 2017 kl. 21.49.02 UTC+1 skrev James Young: I am attempting to install Qubes from USB on a Lenvo Yoga Pro 2. GUI is not starting and only getting text message. When selecting the install option the screen only flashes and then returns to the menu Has anyone faced this issue before or have any suggestions? I just faced this issue, and tried every possible setting in BIOS to no avail. Did you find a solution? Try legacy boot or burning to a DVD instead. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87cbea83-ac80-45b7-4191-5375ad27ef2a%40militant.dk. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fwd: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions
>From a crypto list, seemed relevant here. -- Forwarded message -- From: =JeffH Date: Tue, Nov 21, 2017 at 7:04 PM Subject: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions To: "Crypto (moderated) list" Oh joy... Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/ By Thomas Claburn in San Francisco 20 Nov 2017 at 23:53 Intel today admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) are vulnerable to multiple worrying security flaws, based on the findings of external security experts. The firmware-level bugs allow logged-in administrators, and malicious or hijacked high-privilege processes, to run code beneath the operating system to spy on or meddle with the computer completely out of sight of other users and admins. The holes can also be exploited by network administrators, or people masquerading as admins, to remotely infect machines with spyware and invisible rootkits, potentially. Meanwhile, logged-in users, or malicious or commandeered applications, can leverage the security weaknesses to extract confidential and protected information from the computer's memory, potentially giving miscreants sensitive data – such as passwords or cryptographic keys – to kick off other attacks. This is especially bad news on servers and other shared machines. In short, a huge amount of Intel silicon is secretly running code that is buggy and exploitable by attackers and malware to fully and silently compromise computers. The processor chipsets affected by the flaws are as follows: 6th, 7th and 8th Generation Intel Core processors Intel Xeon E3-1200 v5 and v6 processors Intel Xeon Scalable processors Intel Xeon W processors Intel Atom C3000 processors Apollo Lake Intel Atom E3900 series Apollo Lake Intel Pentiums Celeron N and J series processors Intel's Management Engine, at the heart of today's disclosures, is a computer within your computer. It is Chipzilla's much maligned coprocessor at the center of its vPro suite of features, and it is present in various chip families. It has been assailed as a "backdoor" – a term Intel emphatically rejects – and it is a mechanism targeted by researchers at UK-based Positive Technologies, who are set to reveal in detail new ways to exploit the ME next month. The Management Engine is a barely documented black box. it has its own CPU and its own operating system – recently, an x86 Quark core and MINIX – that has complete control over the machine, and it functions below and out of sight of the installed operating system and any hypervisors or antivirus tools present. It is designed to allow network administrators to remotely or locally log into a server or workstation, and fix up any errors, reinstall the OS, take over the desktop, and so on, which is handy if the box is so messed up it can't even boot properly. The ME runs closed-source remote-administration software to do this, and this code contains bugs – like all programs – except these bugs allow hackers to wield incredible power over a machine. The ME can be potentially abused to install rootkits and other forms of spyware that silently snoop on users, steal information, or tamper with files. SPS is based on ME, and allows you to remotely configure Intel-powered servers over the network. TXE is Intel's hardware authenticity technology. Previously, the AMT suite of tools, again running on ME, could be bypassed with an empty credential string. Today, Intel has gone public with more issues in its firmware. It revealed it "has identified several security vulnerabilities that could potentially place impacted platforms at risk" following an audit of its internal source code: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience. The flaws, according to Intel, could allow an attacker to impersonate the ME, SPS or TXE mechanisms, thereby invalidating local security features; "load and execute arbitrary code outside the visibility of the user and operating system"; and crash affected systems. The severity of the vulnerabilities is mitigated by the fact that most of them require local access, either as an administrator or less privileged user; the rest require you to access the management features as an authenticated sysadmin. ___ The cryptography mailing list cryptogra...@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving
Re: [qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
On Wed, November 22, 2017 11:58, max via qubes-users wrote: > Den lørdag den 11. februar 2017 kl. 21.49.02 UTC+1 skrev James Young: >> I am attempting to install Qubes from USB on a Lenvo Yoga Pro 2. GUI is >> not starting and only getting text message. When selecting the install >> option the screen only flashes and then returns to the menu >> >> Has anyone faced this issue before or have any suggestions? > > I just faced this issue, and tried every possible setting in BIOS to no > avail. Did you find a solution? Try legacy boot or burning to a DVD instead. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ccbea05b1d6931c1ce25f549e3bd19b4%40elude.in. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can not use Realtek RTS525A PCI Express Card : Unsigned class [ff00]
On Wed, November 22, 2017 07:24, Laurent wrote: > > Yes, I use an USB Ethernet adapter (USB type C): > https://www.amazon.com/Dell-Dbqbcbc064-Adapter-Usb-C-Ethernet/dp/B01BQ8RU2U USB devices are handled differently. See https://www.qubes-os.org/doc/usb/. If you are only using the Ethernet adapter occasionally, try doing a passthrough of it to your NetVM as described towards the bottom of that link. If you need to use it all the time, you could assign one of your USB controllers to the NetVM but note each USB controller handles specific physical USB ports. > I've the same issue with my hub USB (type C also) : > (https://shop.hardware.fr/fiche/AR201511130055.html?gclid=EAIaIQobChMI_4bM8tHR1wIVdSjTCh2HWQSyEAQYASABEgLnqfD_BwE) > > > My USB flash drive works fine when directly plugged on my laptop. When > using my Hub, the same USB flash drive is not detected. > Same for an external USB Disk Drive. In dom0, try lsusb and qvm-usb to see if they are showing up anywhere. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c60cfd55e42c09479cbece25041d834%40elude.in. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Install Failing on Lenovo Yoya Pro 2
Den lørdag den 11. februar 2017 kl. 21.49.02 UTC+1 skrev James Young: > I am attempting to install Qubes from USB on a Lenvo Yoga Pro 2. GUI is not > starting and only getting text message. When selecting the install option > the screen only flashes and then returns to the menu > > Has anyone faced this issue before or have any suggestions? I just faced this issue, and tried every possible setting in BIOS to no avail. Did you find a solution? Sincerely Max -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a42024c9-c1f1-46ae-a1ae-f6a1d8db71c3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] mount root.img files [solved]
> So I would like to "break in" the vm-template as dom0, and change > that one line in /etc/pam.d/common-auth back. But how to mount the > root.img file? I answer my own question, since this is more easy & efficient than I thought, and should help others in many cases! (0) make sure template-vm is halted. (1) as dom0 root: (a) fdisk -l path-to-root.img Then read off the start sector of ...root.img3, (say, 1000). Multiply that value with 512 (512000 in my example). (b) mount -o loop,offset=512000 path-to-root.img /mnt (change 512000 by your value) (c) modify bad config files (d) umount /mnt (2) restart template-vm and we're back! Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bb6ea5f3-73aa-b6e0-4d32-e3f2a11d8d4c%40web.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] mount root.img files
Hello, I brought myself in trouble, when I (badly) followed the vm-sudo instructions : as non-root, I modified (using each time sudo) the file /etc/pam.d/common-auth in debian-8. Now, at the follwoing steps I would need to sudo again - but the process is blocked (saying 3 times bad password), since the new VMAuth is (only) partially set up. - Of course, qubes-revert command for template vm does not exist in Q4, that would be too easy. - Actually, reinstalling debian-8-template fails as well, since there seems no package named qubes-template-debian-8 in contrast with the qubes documentation - So I would like to "break in" the vm-template as dom0, and change that one line in /etc/pam.d/common-auth back. But how to mount the root.img file? I tried a losetup & mount approach, but the file is non-mountable. I have not found any documentation either. So I ask in despair for some help. Bernhard -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c601bc55-8bfa-39eb-f396-a20b08bff24a%40web.de. For more options, visit https://groups.google.com/d/optout.