Re: [qubes-users] Has anyone had a qube compromised?

[unman]

On Fri, Sep 11, 2020 at 11:03:15AM +, taran1s wrote:
> 
> 
> unman:
> 
> This is interesting. Can you be more specific in regards of settings you
> use? How do you set the tripwire for to run against network connected
> qubes? You also mentioned using mutt in an offline qube. Can you
> elaborate more on this too please? Is the mutt PGP friendly and more
> safer option than Thunderbird?
> 

This warrants a much more detailed answer than I have time for now.

Tripwire - install in templates, store db in offline vault - I'm looking
for changes in /rw, as well as "normal" directory structures.

Mutt - varies according to provider. I set this up when I was first
playing with Qubes.
I use 3 qubes: one disposableVM to pick up mail - either offline imap or
rsync mail dirs. That qube is minimal, connects over Tor, and is restricted
to mail provider.
If the sync is in Mbox format, you can use mb2md to convert to Maildir
format.
The mail dirs are synced in to my mutt qube which is offline. I use
qrexec for this.

Mutt is a great MUA, and has good integration with PGP. I use split-gpg,
of course. I use notmuch integrated with mutt to keep on top of email.

For sending mails I use msmtp. Actually I queue outgoing in the Mutt
qube, and rsync the queues (over qrexec) in to a sender disposableVM,
which has outgoing traffic restricted to SMTP host. Over Tor of course.

So the fetch and send are done using disposableVMs, and the message
queues synced in and out of the offline mutt queue over qrexec. The
disposableVMs use minimal templates, have restricted network access,
and use different network routes.
The mutt qube is also based on a minimal template, and has a mailcap
that effectively loads almost all attachments in offline disposableVMs.
I have keyboard shortcuts to trigger the receive and send sides - I
suppose you could do this with cron jobs, but I prefer not to use
automatic processes.

That probably raises a few more questions. If it does, ask and I'll try to
provide some specifics.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200915032523.GF1783%40thirdeyesecurity.org.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

[Mark Fernandes]

On Wednesday, 26 August 2020 at 17:01:20 UTC+1 sv...@svensemmler.org wrote:

>
> ... Google earns almost all their money 
> by selling user data / presenting advertisements. ...
>
> Even if the engineers working on their products have good motivations, 
> as a publicly traded corporation Google's goals are ultimately 
> maximizing "shareholder value"... which you can see by them making 
> compromises for suppressive states (China et al). The same is true for 
> any corporation including Apple. 
>

I'm not so clued-in about the mechanics behind publicly traded 
corporations, but I would have thought that maximising profits (which 
perhaps is what you are implying) is the only goal. Some businesses can 
sacrifice profits for a certain set of ethics...
 

>
> > Chrome OS is cheap and sufficient enough for this particular set of 
> > low-stake needs I have. 
>
> That's perfectly fine. ...
>
 

> What I want to provide is an explanation why people in this forum -- who 
> care a lot about both security and privacy -- have a particular dislike 
> for surveillance capitalistic superstars like Google, Microsoft and 
> Facebook. The basic (lack of) trust argument can be made about all 
> non-open technology. 
>

Whilst there is a relationship between privacy and security, increasing 
security doesn't necessarily mean that you increase privacy. Your arguments 
against Google seem to be significantly in relation to privacy, but 
sometimes security can be increased at the cost of losing privacy.

The cloud-based aspect of Chromebooks means that in those situations where 
you don't consider you have much local on-site security, you can gain extra 
security by keeping things in the cloud, and using cloud software. I cover 
some of the reasons why this is the case, in the "Sandboxing and cloud 
computing" section I wrote in the End-user Computer Security book hosted on 
Wikibooks (which can be accessed here 

).

Otherwise, Chromebooks can have security advantages because they use an 
open-source secure custom BIOS/UEFI known as Coreboot. Vendor-supplied OEM 
pre-installed closed-source BIOS/UEFI firmware can pose a security 
vulnerability--they can also be hard to replace with a custom firmware 
(which I'm particularly finding at the moment). Some info on the security 
aspects of custom BIOS/UEFI firmware can be found here 

.

That said, I definitely have security concerns over using the cloud. 
Keeping things on-site would probably be ideal in the case that you have 
strong on-site security.


Kind regards,


Mark Fernandes



/Sven 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85511eb5-061d-468a-87e5-017d0e37295cn%40googlegroups.com.

[qubes-users] Re: External Fully Encrypted SSD Drive. What do you think?

[Mark Fernandes]

On Tuesday, 28 July 2020 at 12:09:39 UTC+1 load...@gmail.com wrote:

>
> ...
> I am thinking now to buy a Macbook Pro 16' and use this laptop in 2 
> different ways:
>
> 1. *Mac OS* for non-working tasks on internal drive.
> 2. *Qubes OS* for all working process on external encrypted drive.
>
>
> So for External Encrypted Drive I chose:
> ...
>
>
>
> *So I have 2 questions:*
>
> *1. Is this enough for comfort using Qubes OS with this speed of SSD?2. 
> What kind of Hardware Encrypted Drive do you know which has more speed 
> capacity?*
>
>
> P.S.
> I know that most of you could tell me that this is not very smart to do 
> this way, but I have my own reasons why I need external and encrypted 
> drive. When I will finish this setup I will write full guide how I am using 
> Qubes OS and hope it would helps someone to understand which way to use is 
> better for each one.
>


Hello "load...@gmail.com",

Just been perusing the email conversation so far with regard to your 
enquiry. Interesting thoughts. Regarding writing a full guide, I have 
produced some documentation on End-user Computer Security on the Wikibooks 
site here . I 
would like it to be a general free repository of knowledge, guidance, and 
wisdom. If you are able to add to it in regard to your full guide, that may 
be quite helpful for the general community--even just posting a link to 
your guide there, would probably be helpful.

In respect of which encrypted SSD drive to use, I have no suggestions. 
However, the thought has occurred to me that you might get more security if 
you load Qubes to RAM from a DVD drive. Some info on why this may be the 
case, is shown here 
.
 
Not sure whether it is feasible though, and your "encrypted SSD" plan might 
be sufficient for your purposes.


Kind regards,


Mark Fernandes















 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0393eb65-cb2e-483a-90b9-9b1a59141df6n%40googlegroups.com.

[qubes-users] Re: macbook air 7,2

[OH MY PLUG]

Hey, unfortunately I didn’t solve any of the problems, but macbook airs 
from 2017 and before are the best on Linux apart from qubes because the 
security and proprietary stuff don’t work well together, but other distros 
work really well with it
Il giorno lunedì 14 settembre 2020 alle 17:10:53 UTC+2 load...@gmail.com ha 
scritto:

> Hi,
>
> I am planning to buy a Macbook. I wanted to know did you solve any of the 
> problems?
>
> вторник, 11 августа 2020 г. в 14:07:02 UTC+3, momo...@gmail.com: 
>
>> hi, I have a macbook air 7,2 (2017)
>>I did a fresh qubes os install and I have no wifi, my wifi card is a 
>> broadcom bcm4360, I tried a lot of solutions but nothing works,
>> I have even a problem with sys-usb because my trackpad does not work.
>> If you have some solutions please reply
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/23a34842-222a-4d5f-ade8-fd90f2c3be86n%40googlegroups.com.

[qubes-users] Re: macbook air 7,2

[load...@gmail.com]

Hi,

I am planning to buy a Macbook. I wanted to know did you solve any of the 
problems?

вторник, 11 августа 2020 г. в 14:07:02 UTC+3, momo...@gmail.com: 

> hi, I have a macbook air 7,2 (2017)
>I did a fresh qubes os install and I have no wifi, my wifi card is a 
> broadcom bcm4360, I tried a lot of solutions but nothing works,
> I have even a problem with sys-usb because my trackpad does not work.
> If you have some solutions please reply
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eea9c8ad-e06c-4cd2-b739-6581985f1dfen%40googlegroups.com.

[qubes-users] HCL: Acer-Aspire_A515_43 AMD Ryzen 3

[qufo]

Hi,

Attached the result of 'sudo qubes-hcl-report -s VM'. The support files
should be free of identifying information. I run the files to filter:

"cat $FILE | sed '/Serial Number/d' \
| sed '/UUID/d' \
| sed '/Device Serial Number/d' \
> $FILE-OUT"

If I haven't missed anything, then maybe that could be incorporated
into qubes-hcl-report.

I don't use this laptop for daily work. It's just a test machine to get
the grips on Qubes-OS. So if I leaked information it doesn't matter.

Note:
The Hardware requirement should be changed to:

RAM:  >= 16GB / recommended 32GB
CPU:  >= 4 cores AMD / Intel (preferable AMD)
Storage:  64GB

That's what I think after testing Qubes-OS with real data (test
installation size close to 200GB) for a couple of weeks.

-- 

-BEGIN PGP PUBLIC KEY BLOCK-

mQINBF9SOUMBEAC6EH5yEQta+NP+rfVNOD7BBR9lYzZNjvAKceJCJCLr4oU04eW7
YPEi5hWRWG3kAceJYxz8QqCsBlHDjXGD1uvUx0lkmKSmiBdMRNslxfersWYDe9by
nT6Pfk1NBgNs/pu1ClMCBeC6B6yxMhO1cSiXn3sD/K+nTAecHZUa6uXiW8BUJ723
yJUeekQ+vVea0yEESpsqLbwP1OKOc+EwzWMzccwFgeDWZcMpcCxSfRdgl00ZBybd
VeNsF97tBnx+gF5PwcSudh5TBdu4XEIBggPpDxZb2/WR8j+saCcDXhPBypKQYXL4
7zJ3dbzd6PVTREURrtDD+K2hB436wWgX/lIyvwuAClmw3LeQ+CkdyyflDba/+0lB
9LQZg/EOTLIY2yBjzXV+HIghyy0rk/Z8JkLR2D6svS5asJltr/N88IvmIT4IqKoP
B1Z8ft6dOuiiVN8XvnOPm8zTlS/vQhGIRnC3JMfAUTw0WvSBWmRn4JTZjEnkOpp1
QGh+9NMblb059//HgELhlVklm77KFq3gUQqUM//w2+9ZpDLeEKoCqTG4RU9LDI5J
nJX8Yxpa4COKx5XbDVx8CtV53sFCUGF+Ltd3YJKElf5FfsWnOjh1U1ct80MDd88m
e8VQpJogHsVWNAb14npSAvsxynOH7tCfS5kgBYg7KG2B0lajQW79F+Z0KQARAQAB
tCBGTi1xdWZvIChxdWZvKSA8cXVmb0ByaXNldXAubmV0PokCTgQTAQoAOBYhBLQ4
il92uqLBVhOuTvyXGhmT+ndeBQJfUjlDAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B
AheAAAoJEPyXGhmT+ndeCTQP/1e/EwuAS82mRqZ8rMm7NHIS/xINGxhgdEsPFFsV
xy3oWM3DrMvRsxxtXRUSCUi5rYQsLQLmGgQepb9UYgqOHXH/Kj5G87Pldln8vBO7
9W0eVgg394vPXmgnJrxHJrdVnyuZEFUNBU+oLvcy6ei6khad6VUBr3COlcZ392mS
a4SmCWFMD3H3g9QDWRyBkCBIrD2UofKVVimCP8hUlvEJJXgYBSKQCke4nYDP6O0v
GX5witHXyxGb5ANeVd1hIXKkTSJMOgCvwp9HyRW1sJloLE6U9VU+r+5n20cj7oq4
1JT5zjE43LZlJF/rGgqtD/BXg1u2mkJLPDy4L14lHzO9c4GAJhmc52MjOrCFst9p
w8NH++TH5OGBDKbXGgd2Uv8KCON/rwapyGPawh4EymyTaIahExeBwo0AcKE1bJ1+
3vbZa8C1hhiqLxcpilkhubQi1v50a3QRB4UkH4l0SOw6Lp2Tn0twc/+EIQj7cOyC
AihlNmypuHGA0ivoVS2655P3H1keGoksKzjkD71JYpPwymRhybDY1k9Smo0efnfR
Sur3l2+3JZOv6pUeksmXp6PvkWYjEU6wKpBD1FEvMwrovjDoc6GA5T1oHucjfy7A
Ml1LlRf6GZwrZqaV5LEmEHUNBC21NiQEUQX3ORPxkcZXUJ02pZwJi2pJvYzml4H0
J1k6uQINBF9SOUMBEAC1+taJYkZZ6oCtQv7G/yM/aJbNAVjBrg78c2l26jfMaPJ2
LlXNJvJCdfrtjqOIk4Ty+JPd4gxfBfdwvxqQJRITlWNEn+KLq9xqHPkW5UtCNlau
GS58uaU4mPR0RXphMGVz3GmOx+popm7/A8fdGFayeBHIl26Xu91xfPnTHB9DH0Af
pvBmwJM+foJ5k87FwvEfps9wYrnLB4M0nk601cXhXNE2ZhHv9R7sfenkPcpUJQRp
hUkryyKg3GDzXCpU7JhR5UnVwDY9l61x4kDGaKVAf/oYw2Us8ab824HIuX99ToAz
B/amtB2vjnFmzVn91PBKq4c6iX2eIv1qyQJeFiuLQjVtP4RNUqibATKKUf9+G8MK
4xGhfGI8AJuGeoIOPWOTtg8WtoneqNvpVfXQ/nCGPx14UDPmBe2WTJSgCOcfPqE5
bl7Gp6rQjPsWFNkHE99g3mN8Zh0AY1Uw5pvhtNQwZ/l7rvwQHjKpLs8yZZ0lWTXl
R6K72j4kLBrP2Nm7MtMVI/dhXksi1f+vPoKYw+Cx5qtnhk2P1pyK1kdnWfKyktt7
XGzCvlXGl1gkg7wjaODAaIL2GTfjK2o4ODxZJipIuG8k0h075zt7dpyob8FEfmH/
c8nSJbG77p28y8vqtcTNnviozEjhY6ZLdvtJMXpSJKWVTVFRWbaxq+z0LvC5BwAR
AQABiQI2BBgBCgAgFiEEtDiKX3a6osFWE65O/JcaGZP6d14FAl9SOUMCGwwACgkQ
/JcaGZP6d17hyw/9FTbWncDSXhK+6wei8bgb3EWoAZtgYnPotKG5yqS+7DZPCgBx
Y11GNfbpVqDcXhaC5HF/Z4it2ob13SPBOEG5x7Ocm8V/kREutWtJUo1r5vzNpY/F
+zWo9Jy4HtKGfsxFLDU9elGKoBR/uyJVJkDU1fQaSq6CuwdY+By791eKK2UfcsQK
R9IQwDfTUsEhtsc9HFbZQF5Va8yl6HbLmVwKI8XsCW+rPn3XwG/s5wSAUz60z2Jf
jpsx8WVquEl5QKNvT3ILpR9LFp2huFyi5/HloKJujz4tSdn4oAAU772OXFhu+EfQ
tkeEsYnFm2PdYcWr3uOLFBled83AauXN95J91vkVLcEaIR5eP/A0z88S4SA9A0ma
FcNa9wc7ewkADRwJxhIdMvQcgM3Dy8VtiZAojDiL+ipo/R6KHQ6PiBaagZW/2Tg2
FSLvqPjGdaf/xbQ5O0MTOfFbYKAU6EsylnGct2nfdV4mK491wmxWiq9wEB4QG8HX
TAv1Wbi3irpKpJljQoYEgQRI9bpqY1GY+UsrFnnaNQkja/qGiE6oIpX64spvkb9p
lwnWWhsOk60C1QCqbi5739zMuuZJexsOvZK42Ox4YHe2g5qw/k250x4dmCyt5UgB
7vLRG7sSQOQWan0nHkRWEU2g1MXzXYHGrmDovsqRMX9oq/gSI2kcomPbRi8=
=xurW

-END PGP PUBLIC KEY BLOCK-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1e665145299a3f0fcbb4b0d799bd7db38adf3d1d.camel%40riseup.net.


Qubes-HCL-Acer-Aspire_A515_43-20200914-121254.cpio.gz
Description: application/cpio-compressed


Qubes-HCL-Acer-Aspire_A515_43-20200914-121254.yml
Description: application/yaml


signature.asc
Description: This is a digitally signed message part

[qubes-users] Failed to shutdown or suspend. Help

[ioko8]

Hi, for more than two months, qubes-os has not completed the shutdown and 
has not entered into suspension. To turn it off, I must necessarily hold 
down the power button.

further details:
1. after shutdown, at the end of the loading bar (which I didn't remember 
being there) the computer remains on.

2. The "sata operation mode" setting in the bios has been changed from 
Rapid to Ahci. Could it be the cause?

For me it is a very important problem, I do not find anything in the log 
files that allow me to understand and solve the problem.

Thanks to those who want to help me.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3ef5daa0-cdc5-4a17-8342-da4710497e95o%40googlegroups.com.