On Sun, May 21, 2017 at 4:41 PM, Gaiko wrote:
> On Friday, May 19, 2017 at 9:35:26 PM UTC-4, cooloutac wrote:
>> On Friday, May 19, 2017 at 2:48:03 PM UTC-4, Gaiko wrote:
>> > I tried to rename my anon-whonix appvm through the qubes-manager, right
>> > click, vm settings, name & label. This worke
On Wed, May 24, 2017 at 6:45 AM, frigge wrote:
> Hi qubes-users,
>
> I installed a completely fresh installtion of QUBES R3.2 on a Lenovo v570
> notebook and if I try to start any VM, I receive the following error:
>
> $ qvm-star sys-net
> --> Creating volatile image: /var/lib/qubes/servicevms/sy
On Thu, May 25, 2017 at 4:46 AM, Jean-Philippe Ouellet wrote:
> On Wed, May 24, 2017 at 6:45 AM, frigge wrote:
>> Hi qubes-users,
>>
>> I installed a completely fresh installtion of QUBES R3.2 on a Lenovo v570
>> notebook and if I try to start any VM, I receive the f
On Mon, Nov 14, 2016 at 3:48 PM, Marek Marczykowski-Górecki
wrote:
> On Mon, Nov 14, 2016 at 01:21:29AM -0500, Jean-Philippe Ouellet wrote:
>> Does anyone know of a convenient place to grab the complete archives
>> of this list? (and qubes-devel too?)
>>
>> With the
On Mon, Jun 26, 2017 at 3:50 PM, wrote:
> I know this question has been asked many times but there is still no
> definitive answer. The Purism laptops do not have TPM support and in the HCL
> list there is not a machine that ticks every box without issues. What
> machines are the devs using? W
As for Purism, I have my gripes too, but at the end of the day I think
their existence provides a net-positive benefit to the community and
commodity hardware landscape.
Personally, I think Purism's marketing is perhaps a bit...
overoptimistic to a technical audience? And I do think they exaggerat
On Thu, Jun 22, 2017 at 11:21 AM, Eric Duncan wrote:
> Currently running Qubes 3.2 on one machine. Have a need to install it on
> another.
>
> To all of you long-term beta users of 3.x and now 4.x...
>
> 1a) Are upgrades simple to RTM versions of Qubes?
>
> Or 1b) Do you wipe and format each tim
On Mon, Jun 26, 2017 at 9:10 AM, Robert Mittendorf
wrote:
> Hello fellow Qubes users,
>
> the "Kölner Kreis", a group of regulars that are interested in IT-Security
> and IT-Forensics, will organize a "Qubes Community Event" in Cologne on July
> 15th 10.00 - 16.00.
>
> Major objective of this even
Hello fellow Qubesers,
Qubes continues to make me feel all warm and fuzzy inside, and makes
me want to share it with the world.
I've been quite busy with real-world things recently and had to use
several different printers & scanners. Prior experience has
conditioned me to expect frustration, or
On Thu, Jul 20, 2017 at 12:32 PM, js...@riseup.net wrote:
> Jean-Philippe Ouellet:
>> On Qubes, it's a completely different story. First, I pass my USB
>> printer or scanner through to a DispVM. To print, I just copy the file
>> to the DispVM, open it with anything, and
On Thu, Jul 27, 2017 at 5:22 PM, Franz <169...@gmail.com> wrote:
>
>
> On Thu, Jul 27, 2017 at 4:13 PM, cooloutac wrote:
>>
>> On Friday, July 21, 2017 at 12:26:35 PM UTC-4, PR wrote:
>> > Hello
>> >
>> >
>> >
>> > Am 21.07.2017 9:39 vorm. schrieb "Noor Christensen"
>> > :
>> >
>> >
>> >
>> >
>> >
On Fri, Jul 28, 2017 at 6:48 AM, Nero wrote:
> I'm installing Qubes on Macbook Air.
> I partitioned (EFI, Macos journalled) my SSD but Qubes installer do not see
> any partitions on SSD but see my 32GB USB stick.
> 1. Why I can not install on SSD?
>
> Ok, trying to install on USB goes ok until me
On Tue, Aug 1, 2017 at 7:02 AM, Rusty Bird wrote:
> Zrubi:
>> So I would really appreciate some statement if Qubes will really drop
>> KDE support. I can accept that, but then I not waste my time trying to
>> make it work. Instead focusing to fix the XFCE issues I have ;)
>>
>> - the default login
On Tue, Aug 1, 2017 at 7:46 PM, cooloutac wrote:
> am I reading this right? There is no qubes-manager in 4.0? Does that mean
> everything must be done in a terminal? Tell me I read that wrong lol.
tl;dr - https://github.com/QubesOS/qubes-issues/issues/2132
--
You received this message becaus
On Tue, Aug 1, 2017 at 7:50 PM, cooloutac wrote:
> Qubes doesn't support secure boot unfortunately. I think its batshit crazy
> to consider a pc even reasonably secure without it.
Secure boot in reality is quite far from the boot chain panacea its
name may suggest.
If you haven't already, I'd
On Fri, Aug 11, 2017 at 4:41 AM, Nicolas Mojon wrote:
> Hi,
>
> I would like to know if on the new 4.0 it is possible to lock down data in a
> VM like that nothing can go out of the VM (like no internet or copypaste
> through dom0). I would like to make that specially for usb sticks or other
>
On Wed, Aug 23, 2017 at 11:25 AM, 'Brotherfill' via qubes-users
wrote:
> Hi,
> To avoid hostname leaks I add # at the beginning of line 'send
> host-name=gethostname' in /etc/dhcp/dhclient.conf
> Do you suggest to use this method or to set a static ip?
AFAIK the hostname should always be sys-net,
On Thu, Oct 19, 2017 at 1:25 AM, blacklight wrote:
> We all know well why xen was chosen as the hypervisor for qubes instead of
> kvm, since this has been stated in multiple places by the devs. But i wonder
> how feasable it would be to use bhyve as a hypervisor for qubes. Ive read
> that it on
Moving discussion from qubes-devel to qubes-users:
On Thu, Nov 2, 2017 at 3:47 PM, 'Marek Jenkins' via qubes-devel
wrote:
> On Thursday, November 2, 2017 at 7:03:12 PM UTC+1, Jean-Philippe Ouellet
> wrote:
>>
>> On Thu, Nov 2, 2017 at 1:13 PM, 'Marek Jenkins'
On Fri, Nov 3, 2017 at 1:18 PM, 'Marek Jenkins' via qubes-users
wrote:
>
>> > Hi Jean-Philippe,
>> >
>> > thanks for your advice.
>> >
>> > I have read the docs over here regarding kernel updates:
>> > https://www.qubes-os.org/doc/software-update-dom0/
>> >
>> > So should I simply run the followin
On Wed, Nov 8, 2017 at 3:09 PM, wrote:
> On Thursday, April 13, 2017 at 1:33:53 PM UTC+1, Thomas Leonard wrote:
>> On Thursday, April 13, 2017 at 11:08:11 AM UTC+1, Foppe de Haan wrote:
>> > On Thursday, April 13, 2017 at 10:00:20 AM UTC+2, Thomas Leonard wrote:
>> > > On Wednesday, April 12, 201
On Wed, Nov 8, 2017 at 3:37 PM, ludwig jaffe wrote:
> Hi, I saw that the linux kernel has some flaws
> (http://www.openwall.com/lists/oss-security/2017/11/06/8) in the usb stack,
> so I am
> thinking about security against common errors, I would suggest to use
> OpenBSD as USB-VM. Maybe, as Net-
On Fri, Nov 17, 2017 at 2:47 PM, wrote:
> On Friday, September 29, 2017 at 6:31:15 PM UTC-7, Andrew David Wong wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> Dear Qubes community,
>>
>> On 2017-09-12, we published Qubes Canary #13. The text of this canary is
>> reproduced belo
Hello,
I've written a script [1] to import VMs directly from a Qubes R3 hard
drive into a Qubes R4 machine without needing to make a backup first.
I would definitely recommend making a full backup on R3 and restore on
R4 instead of using this. I just figured I'd share in case anybody
else is unab
On Sun, Nov 19, 2017 at 7:17 PM, wrote:
> Here's one such comment, taken from an r/privacy Reddit thread.
>
> "[...]paravirtualization makes hardware profiling impossible unless an
> exploit is found to defeat it."
That statement is demonstrably false. For example, we don't filter
CPUID vendor
On Mon, Nov 20, 2017 at 5:59 PM, taii...@gmx.com wrote:
> On 11/19/2017 07:17 PM, riggedegg...@gmail.com wrote:
>
> Does this hold any water? Does the switch from paravirtualization to
> HVM/SLAT degrade privacy by allowing easier hardware fingerprinting?
>
> It holds no water.
>
> There is no suc
On Mon, Nov 20, 2017 at 6:04 PM, taii...@gmx.com wrote:
> On 11/20/2017 04:36 AM, Jean-Philippe Ouellet wrote:
>
>> That statement is demonstrably false. For example, we don't filter
>> CPUID vendor IDs in either mode.
>
> How come?
See discussion at https://gi
And it works!? Please do share how! :)
I also have a brand new 4th gen x1 carbon and have spent the past week
struggling to get it to a usable state.
Do you have the horrible rainbow screen on resume?
What kernel are you running in dom0?
Was there some magic bios settings combination required t
On Mon, Sep 26, 2016 at 3:01 PM, martin.forum wrote:
>
> https://www.qubes-os.org/doc/uefi-troubleshooting/
WOW! That was it... Thank you!
I had ignored that page (having come across it several times) because
the symptoms it describes did not match the behavior I was
experiencing, but it did ind
A few notes:
The 4.1 kernel R3.1 ships with is not usable due to graphics issues on
resume. Update with the unstable repo or use 3.2.
I am booting in UEFI mode, and had to follow the advice of
https://www.qubes-os.org/doc/uefi-troubleshooting/ in order to get the
4.4 kernel to boot. This was *ver
Hello,
Is there a recommended way to track default-installed packages on an
already-installed system?
I just independently re-discovered the fix for the un-muting problem
[1][2] and the hard way because the fix [3][4] (patch to
qubes-installer-qubes-os) appears to not have propagated to my machin
On Wed, Oct 12, 2016 at 8:17 PM, wrote:
> Can you let me know how things function under 3.2? Any improvements? I am
> keen to get the X1 4th generation but I want to make sure it has full Qubes
> compatibility since that will be it's primary purpose.
3.2 is no different from 3.2-rc3 from an x1
If you're going to get one, I'd say definitely go with 16gb ram, and
know that NVMe vs traditional SSDs appear to be equally well
supported.
The idea of a WWAN module (w/ accompanying free-to-do-whatever
baseband) in a laptop is a scary proposition and highly
un-recommended, and so are the vPro-la
Also, here are the hashes of the files I used to update my BIOS to
1.18 without ever booting windows following the procedure described
here:
http://www.floccinaucinihilipilification.net/blog/2011/10/2/updating-the-bios-of-a-thinkpad-x220-using-linux.html
$ sha256sum geteltorito.pl x1carbon-bios-1
On Thu, Nov 3, 2016 at 12:50 AM, Andrew David Wong wrote:
> So, the fact that you're allowed to see your screen content from yesterday
> doesn't constitute any violation of the security model. You're still the same
> trusted user as you were yesterday. (If I've misunderstood your concern,
> ple
See also https://github.com/QubesOS/qubes-issues/issues/2388
If we have appropriate metadata for each VM, we could automatically
shut-down VMs if they were not running prior to triggering the update.
This may be a preferable user experience.
--
You received this message because you are subscrib
You are already free to do this in Qubes today, however I suggest that
doing so probably does not provide the properties you may expect.
You can do X-forwarding over SSH to another machine with your browser,
or whatever your preferred supposedly-secure remote-desktoping
application is.
However, b
On Mon, Nov 7, 2016 at 2:02 PM, Grzesiek Chodzicki
wrote:
> In order to capture the whole screen such tool would need to run in dom0
> which is really, really not a good idea.
I think it is important to understand the actual risks involved,
rather than just saying something is "really, really no
On Mon, Nov 7, 2016 at 2:29 PM, Chris Laprise wrote:
> The framebuffer is being handled by the trusted dom0 graphics stack, so is
> actually a trusted input.
Perhaps we have run into trusted != trustworthy terminology issues.
I meant to say that the content of the framebuffer being processed by
On Sun, Nov 13, 2016 at 8:36 PM, Eric wrote:
> though Intel ME is apparently disabled, which is a win, I guess?
You can not "disable" ME. See page 37 of
https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf
--
You received this message because you are subscribed to the Google Groups
"qu
Does anyone know of a convenient place to grab the complete archives
of this list? (and qubes-devel too?)
With the (lets hope indeed temporary) death of gmane and its nntp
interface, I lost the only easy way I knew of to bulk-download the
entire history of arbitrary mailing lists for offline grepp
tl;dr - kernel-4.8.7-11 +1 from me!
On Thu, Oct 13, 2016 at 1:20 AM, Jean-Philippe Ouellet wrote:
> The laptop fails to resume about once a day and requires a
> hold-the-power-button reset
> I'm hoping that newer kernels fix this (dom0 currently on 4.4.14-11),
Since last Friday
On Mon, Nov 14, 2016 at 2:02 AM, Jean-Philippe Ouellet wrote:
> kernel-4.8.7-11 from qubes-dom0-testing
Err, that should be qubes-dom0-unstable.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and s
On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote:
> Could open up a vulnerability if not done carefully.
>
> VM could use it to query and identify other VMs in existence on the system.
There are already several timing side-channel ways to do that.
Example:
AppVM$ time /usr/lib/qubes/qrexec-cli
On Mon, Nov 14, 2016 at 2:42 PM, Jean-Philippe Ouellet wrote:
> On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote:
>> Could open up a vulnerability if not done carefully.
>>
>> VM could use it to query and identify other VMs in existence on the system.
>
> There are
On Tue, Nov 15, 2016 at 12:17 AM, dumbcyber wrote:
> On Tuesday, 15 November 2016 10:28:52 UTC+11, Marek Marczykowski-Górecki
> wrote:
>> you need to remove 'rd.qubes.hide_all_usb' from kernel parameters.
>
> Thanks for the info. For me a noob, how do I remove that parameter from
> kernel? Tha
Alternatively, if you just want to see if things will work at all,
IIRC you should also be able to un-check a "use sys-usb" (or similar)
checkbox in the installer somewhere, and IIRC rd.qubes.hide_all_usb is
only set if this box is checked.
--
You received this message because you are subscribed
On Mon, Nov 14, 2016 at 4:16 PM, Marek Marczykowski-Górecki
wrote:
> You can temporarily set sys-firewall netvm to none. This will allow you
> to shutdown/restart sys-net without consequences. Remember to change
> sys-firewall netvm back to sys-net afterwards.
Good to know! I wish I'd thought of
I found it hung again today with pulsing power button and no 100% fans
this time to alert me to suspend problem (just a hot backpack). The
old failure symptoms appear still present, but nowhere near as
frequent.
I'm honestly surprised I still haven't noticed any problems due to
file-system corrupt
On Wed, Nov 16, 2016 at 2:43 PM, '81029438'1094328'0194328'0914328
wrote:
> ... idealistic description of heterogeneous computations and validating i/o
> proxy ...
This method of verification is not the panacea it may appear to be.
If an attacker can find vulnerabilities (potentially for differ
This is a known problem area.
See discussions in:
- https://github.com/QubesOS/qubes-issues/issues/971
- https://github.com/QubesOS/qubes-issues/issues/858
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop r
If I were you I would try to see if you can reproduce the issue with
upstream xen, and then ask on the xen mailing list.
It sounds more like a this-xen-version + this-linux-version on
your-hardware problem than a qubes problem.
--
You received this message because you are subscribed to the Googl
On Sun, Nov 20, 2016 at 8:44 PM, Drew White wrote:
> How do I reproduce the issue on upstream XEN when I run Qubes and keep
> working and doing my stuff without wasting several weeks on testing it on
> upstream XEN?
I don't know, but seeing as you're the only person who reports
experiencing thi
On Mon, Nov 21, 2016 at 8:04 PM, taii...@gmx.com wrote:
> or go to a store and boot a liveCD then run the HCL.
^ This! It can be fun...
You may wish to try to explain to an employee what you are doing, to
avoid getting "banned" (thrown out) from that store for "trying to put
malware on the compu
On Tue, Nov 22, 2016 at 1:30 PM, Steve Coleman wrote:
> ... APT is likely preventable if you have the tools to trap
> their initial probes and exploits rather than log them, and while we watch,
> the logs just get removed to clean up behind them. If we don't know to check
> a log before its remove
On Thu, Nov 24, 2016 at 3:00 PM, Grzesiek Chodzicki
wrote:
> W dniu czwartek, 24 listopada 2016 20:53:08 UTC+1 użytkownik
> rspei...@gmail.com napisał:
>> I am interested in purchasing the Purism Librem 13 laptop and noticed that
>> it was supported for Qubes R3.x but not R4.x.
>>
>> Is this bec
On Thu, Nov 24, 2016 at 10:29 AM, wrote:
> * Primarily I would like to use Qubes for data science work. I understand
> that OpenGL is not supported for security concerns. I'm wondering whether I
> could use a OpenCL on a GPU in Qubes for running deep learning algorithms.
> Would this be suppor
On Thu, Nov 24, 2016 at 3:44 PM, wrote:
> I would like to use Qubes for development work in Rust. I understand that
> Rust can eliminate many different sorts of memory related bugs. Would it be
> helpful to use in Qubes OS development for improving security? Are there any
> security concerns t
On Thu, Nov 24, 2016 at 8:51 AM, Marek Marczykowski-Górecki
wrote:
> Actually, generic PCI passthrough should just work in both cases now.
> Don't know if GPU passthrough is any special here, but I wouldn't be
> surprised if it is...
At least for intel-integrated stuff I can confirm that it defin
On Thu, Nov 24, 2016 at 6:55 PM, Drew White wrote:
> Is there any way that I can pass through all real hardware specifics to the
> guest to make it not think it's running under xen? (primarily Windows)
Malware trying to determine if it's on bare metal will likely always
be able to do so, other c
On Sat, Nov 26, 2016 at 12:42 PM, Andrew David Wong wrote:
> Any ideas for logs or tools I should check to find out what's
> failing, or where it's failing?
I'd start with: dmesg, ifconfig -a -v, tcpdump, iptables-save.
--
You received this message because you are subscribed to the Google Group
On Sat, Nov 26, 2016 at 2:25 PM, Jean-Philippe Ouellet wrote:
> On Sat, Nov 26, 2016 at 12:42 PM, Andrew David Wong wrote:
>> Any ideas for logs or tools I should check to find out what's
>> failing, or where it's failing?
>
> I'd start with: dmesg, if
Are only AppVMs frozen? (Can you still interact with dom0?)
Can you switch to tty2 (Ctrl+Alt+F2, and Ctrl+Alt+F1 to get back) and
log in there? If so, maybe you can figure out what's gone wrong via
command line tools?
--
You received this message because you are subscribed to the Google Groups
On Tue, Nov 29, 2016 at 7:15 AM, Joshua van den Hoven
wrote:
> Hello guys,
>
> I am having a few isses with installing Qubes on my Dell Latitude e6330. I
> have checked and i do have the correct chipset and a TPM available but still
> get two errors the first is when i let the bootable media che
It may make more sense to use qvm-block than qvm-usb here. Should in
theory have a smaller attack surface and expose better-tested code
paths.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving email
Check if the latest xen version installed is actually the xen version running.
I had an issue where the update did not modify the appropriate EFI
variables and I was still running the old version after the update.
This issue has been addressed, but perhaps not completely.
You can check the versio
On Tue, Nov 29, 2016 at 11:18 PM, pixel fairy wrote:
> has anyone here experimented with bluetooth locks? it seems like a lot of
> extra scary code to run in dom0, but i like the idea of auto shutdown if
> device loses range. or maybe after a timeout period of some trigger?thats
> another discu
On Wed, Nov 30, 2016 at 11:49 AM, wrote:
> Can someone tell me where I can get the files? Any tips or hints when it
> comes to running the latest build?
I am not aware of any publicly-available full "development builds",
however qubes-builder[1] makes it very easy to build them yourself..
[1]:
On Wed, Nov 30, 2016 at 5:54 PM, Manuel Amador (Rudd-O)
wrote:
> On your Bluetooth VM (usually a USBVM), run Blueproximity, and have
> Blueproximity invoke a custom /etc/qubes-rpc/pixelfairy.Lock service on
> dom0 which you will need to write yourself. It's a one-liner service:
You may also wish
On Thu, Dec 1, 2016 at 7:55 AM, wrote:
> Also, What about the Tresor mod which saves your encryption key in the cpu? I
> really like the idea of being able to prevent people frm extracting the key
> from my ram.
IMO not worth it in practice. See "TRESOR-HUNT: Attacking CPU-Bound
Encryption" pa
On Thu, Dec 1, 2016 at 2:58 PM, Marc de Bruin wrote:
> Doesn't the Qubes VM Manager “window” proportionally scale itself related to
> the
> occupied pixels of the text due to the font? Or am I missing something?
Agh, unfortunately no. Some layout is hard-coded.
I wanted to fix it, but no time,
On Thu, Dec 1, 2016 at 6:25 PM, pixel fairy wrote:
> On Thursday, December 1, 2016 at 2:58:21 PM UTC-5, Marc de Bruin wrote:
>
>> Is there a way to get around this? Doesn't the Qubes VM Manager “window”
>> proportionally scale itself related to the occupied pixels of the text due
>> to the font?
On Fri, Dec 2, 2016 at 6:58 PM, Eva Star wrote:
> xdotool not pre-installed (maybe it's better?)
It will be in a future version:
https://github.com/QubesOS/qubes-core-admin-linux/blob/be1d984364de9641312f56def13b0af27cfe1cd4/rpm_spec/core-dom0-linux.spec#L51
Pulled in as part of a work-in-progre
On Sat, Dec 3, 2016 at 9:12 AM, Marc de Bruin wrote:
> With what will it be replaced in Qubes 4?
Assuming you mean qubes-manager, then...
Discussion here: https://github.com/QubesOS/qubes-issues/issues/2132
WIP code here: https://github.com/bnvk/qubes-manager-new
Some early screenshots here: h
On Wed, Dec 7, 2016 at 8:49 AM, wrote:
> I'm new to qubes but how can I make a more user friendly desktop
Qubes' patched KDE still worked fine last time I tried it. Perhaps you
might find that more friendly?
> without installing a few things on dom0
I think the seriousness of installing things
On Sun, Dec 4, 2016 at 11:27 AM, Vít Šesták
wrote:
> Alternatively, you can forward USB to Windows using usbip. Again, you need
> iptables rules. I did this in older Qubes version with Linux machines, but it
> should work the same with Windows.
>
> Security concerns when using usbip this way:
>
On Tue, Dec 6, 2016 at 8:12 PM, wrote:
> Never mind I figured it out :)
>
> If anyone has the same issues you can change the booted version by editing
> /boot/efi/EFI/qubes/xen.cfg
>
> Update the default var at the top and reboot.
For the archives: this is only true if you are actually booting
On Thu, Dec 8, 2016 at 6:37 AM, Andrew David Wong wrote:
> Qubes isn't supported on VirtualBox or on Macbooks
This is the first I've heard of MacBooks being "not supported".
I know at least one person personally who is currently running Qubes
on a recent (<2yo) MacBook, and it is completely usab
Another (perhaps hacky solution) is to replace pacat-simple on dom0
with a script which invokes pacat-simple in sys-usb over qrexec. This
would have a much smaller attack surface than USB passthrough.
You may also need to configure some pulseaudio settings in sys-usb.
--
You received this messag
On Fri, Dec 9, 2016 at 7:45 PM, Andrew David Wong wrote:
> On 2016-12-08 21:11, Jean-Philippe Ouellet wrote:
>> On Thu, Dec 8, 2016 at 6:37 AM, Andrew David Wong wrote:
>>> Qubes isn't supported on VirtualBox or on Macbooks
>>
>> This is the first I'v
Hello,
Google Chrome disabled the chrome://flags mechanism to disable WebGL
some time ago, but now it appears that it is back as "Use hardware
acceleration when available" at the bottom of the Advanced section of
chrome://settings.
Disabling this makes google maps not lag/crash for me! :)
Perhap
On Tue, Dec 20, 2016 at 3:08 PM, 5n7xyb+qphld0j5ytif4l via qubes-users
wrote:
> I also don't want to remove the password from my private key since I used it
> in different devices and I don't want to use a different template as I have
> many things installed on my debian 8 template.
Using a sep
If I understand correctly, it would be completely useless.
The point of AEM is ultimately to somehow authenticate the computer to
the user, rather than the more common direction of authenticating the
identify of a user to the computer (which IIUC is all that U2F can
provide, where in the U2F case
On Tue, Dec 20, 2016 at 4:00 PM, Jean-Philippe Ouellet wrote:
> Unless you can come up with some cryptographically-sound way to
> integrate the information provided by a 2nd factor as a hard
> requirement to complete the secrets-unsealing-at-boot process, then
> the evil-maided co
On Tue, Dec 20, 2016 at 4:09 PM, Jean-Philippe Ouellet wrote:
> It does now somehow detect that your computer has been evil-maided, nor
> prevent it from being so.
"does now" should be "does not"
It's been a rough day >_>
--
You received this message bec
On Tue, Dec 20, 2016 at 10:22 AM, wrote:
> it wouldn't require external services like TOTP and other variations.
The reason TOTP isn't useful is not specifically because it requires
an external service, but because the passphrase to be used on the next
boot is not known the previous time the com
On Mon, Dec 19, 2016 at 11:56 AM, '103948'109438'0194328'0914328098
wrote:
> the new rusty security OS, RedoxOS
Neat!
Thanks for pointing this out. I was not aware of it.
My favorite of your random links so far :)
--
You received this message because you are subscribed to the Google Groups
"
On Mon, Dec 19, 2016 at 6:13 PM, Eva Star wrote:
> Hello,
>
> Will be issue with a lot of virtual machines fixed at new Qubes Manager at
> Q4.0?
I also have lots of virtual machines, and this is a problem I intend
to address eventually unless someone else does it first ;)
> Now it's not possible
On Wed, Dec 21, 2016 at 4:20 AM, 'Gaea' via qubes-users
wrote:
> Please what are the differences between:
>
> Minimal:
fedora-24-minimal + text editor, openssh, git, zsh, etc.
> Extremely Minimal
fedora-24-minimal + a text editor -- nothing else
> Full ?? VMs
All the crap. Browser, photo edi
On Wed, Dec 21, 2016 at 1:11 PM, Jean-Philippe Ouellet wrote:
> I have various others in between, such as one with only a browser (for
> online banking and such).
I should clarify, this is a template with only a browser, and an
individual VM used for only online banking. The "and such
2016-12-23 10:07 GMT-05:00 Andrew David Wong :
>> J'utilise un pc avec trois disques durs (ssd). L'os (ubuntu ou
>> qubes) est installé sur un ssd et mes fichiers importants sur les
>> deux autres.
>>
>> L'ensemble de mes disques durs n'est accessible que via Dom 0 mais
>> je ne parviens pas à fair
On Thu, Dec 22, 2016 at 11:00 PM, Leeteqxv wrote:
> (Ref. "I wish there was a magical menu entry that could do this:"
> - "Enforce restarting sys-net/sys-Firewall and temporarily take down any
> open VM that are blocking the restart, and then subsequently start them all
> again afterwards WITH all
On Thu, Dec 22, 2016 at 10:39 PM, Marek Marczykowski-Górecki
wrote:
> On Thu, Dec 22, 2016 at 12:41:25PM -0800, stevenwinderl...@gmail.com wrote:
>> I thought about the fact if its possible to use Qubes OS as a Server OS for
>> example for shared hosting or for application servers,etc.
>
> Most Q
On Fri, Dec 23, 2016 at 6:10 PM, wrote:
> but if its sole purpose is just being a server then who even cares if dom0 is
> compromised or not?
I strongly disagree.
1) If your server performs more than one purpose, having strong trust
boundaries as (attempted to be) provided by Xen is still very
On Fri, Dec 23, 2016 at 6:04 PM, Nicklaus McClendon
wrote:
> I'm intrigued. How is qrexec utilized?
Something which I have not set up yet, but intend to soon, is a split
email server model, where the MTA and MDA are in separate VMs, and
incoming mail is delivered over qrexec. This would have the
On Thu, Dec 22, 2016 at 1:17 AM, Andrew David Wong wrote:
> You'll want to install Dropbox in your TemplateVM so that you can use it
> in AppVMs based on that TemplateVM. You can follow the instructions on
> Dropbox's website for adding their repo in your Fedora TemplateVM, then:
>
> $ sudo dn
On Fri, Dec 23, 2016 at 7:35 PM, Nicklaus McClendon
wrote:
> On 12/23/2016 07:09 PM, Jean-Philippe Ouellet wrote:
>>> If you can't access dom0, qrexec is default allowed,
>>
>> Uhh What? Can you elaborate?
>
> qrexec usage is normally defined by an RPC. Th
On Sat, Dec 24, 2016 at 12:52 AM, Andrew David Wong wrote:
> On 2016-12-23 16:20, Jean-Philippe Ouellet wrote:
>> On Thu, Dec 22, 2016 at 1:17 AM, Andrew David Wong
>> wrote:
>>> You'll want to install Dropbox in your TemplateVM so that you can
>>> use it i
Currently: anything that doesn't require nested virt, meaning anything
that actually emulates instead of trying to use vmx (via kvm, etc.).
Examples include qemu using its tcg backend instead of kvm, and bochs.
On Thu, Sep 19, 2019 at 11:58 AM Patrick Schleizer
wrote:
>
> Is there any virtualize
Hey all,
Am I the only one who seems to have noticed chrome reaching max mem &
swapping way more often than used to happen in the past? Some of my
workflows result in having a bunch of tabs (not even _that_ many,
maybe 20-30+) open in DispVMs. Unfortunately, this reaches the 4gb max
pretty quickly
101 - 200 of 214 matches
Mail list logo
