Re: [qubes-users] What's the best way to share Firefox add-ons among VMs and have separate bookmarks and settings per VM?

2017-12-04 Thread Matteo
>> The problem is that I also want to have different sets of bookmarks
>> and settings depending on domain (for example, work, school, banking,
>> etc.). Since I want persistent bookmarks and settings, I assume I need
>> to use an AppVM (one per domain) instead of a DispVM, but then I can't
>> get a shared set of add-ons, since it's not recommended to configure
>> anything in a TemplateVM (what AppVMs are based on).
>>
>> What are my options for my use case (Firefox add-ons shared among VMs
>> and separate bookmarks and settings per domain)?

Here is what i have done, not perfect but might help:
i have started a vm as soon as i have installed Qubes (at this point
every vm has equal level of trust, in your case use a trusted one).
set up all the firefox settings: instal addons, clear bookmarks, change
settings...
After i copied the whole firefox profile in each vm so that in each vm
that need firefox you have a good base settings.
In the end i have fixed minor things like installing flash only in
untrasted domain. adding the bookmark of bank in banking.

As far as i know the only way is to set up every vm manually, but as i
said you can start from a good level of personalization and tweek only
minor settings.

you can have bookmarks and custom settings also in dispvm (at least in
3.2, i haven't installed 4 yet)
https://www.qubes-os.org/doc/dispvm-customization/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/aecc86cb-7ea8-93f9-0f2e-771edea7af36%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: What are the disadvantages of NOT having vt-d?

2017-12-14 Thread Matteo
> I see.. But currently I am using Qubes 3.2 and 4.0 last time I tried was
> VERY unpolished, I am not sure I am going to look at it before support
> for 3.2 expires...

Same here, and my pc doesn't have vt-d nor slat (second level addres
tranlation); both required for Qubes 4

> It's not like I would not have the money to buy a 7700k, but I want to
> avoid spending money if not necessary that is why I want to get a clear
> picture...

As far as i know, you can't just replace the cpu to get vt-d (IOMMU);
also the chipset and the bios must have proper support so changing the
cpu only might be a waste of money.
There was a discussion about finding a notebook with proper support
https://groups.google.com/forum/#!topic/qubes-users/Sz0Nuhi4N0o

vt-d protect from dma (direct memory access) attacks.
for a demo take a look at "inception" that works via firmware interface.
i have personally tested against a windows xp and worked (from what i
have read, newer os are protected against this *specific* attack).
it protect you from bad/exploited dma devices like network card.
net vm is used for both ethernet and wifi.

for your use case (almost anyone use case) you don't need vt-d but we
are starting to see succesful attacks against network interfaces, and
thanks to the hard work of Qubes OS team and that genius person Joanna
Rutkovska we have that extra protection for free.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3e5c2e86-63ad-74bd-c8e3-44bd6974dec9%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Dumping BIOS

2017-12-15 Thread Matteo

> I disagree when you say nooone is going to backdoor your bios.   I think its 
> very common nowadays. 
as far as i know there is computrace that is an anti theft system that
gain persistence over the os by dropping an exe that windows will load
at boot time but this works only over fat32 and ntfs (not encrypted).
i heard also about lenovo doing the same thing for ads or whatever. and
after people got angry they released a bios patch to opt-out.
but i wouldn't say "very common".

I don't think Qubes actually shields you from a buggy bios...
yes, Qubes "shield" you because bios is simply not visible from the vm
so for example a bug in S3 resume script that does not restore proper
spi flash write protection is not a problem (from what i have understood).
also see rutkovska:
https://twitter.com/rootkovska/status/934695078764974080

>   But I guess you are right not to worry about it
yes, and please anyone, focus your efforts on something more probable;
attackers always chose the cheapest path.
take a look at:
https://www.securityplanner.org/ (require javascript)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53f0da74-8526-c099-9a47-b1d3aac46442%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes GUI for v4

2017-12-19 Thread Matteo
> Last weeks there was a lot of talk about a lot of us missing the
> qubes-manager, or frankly any sort of useful graphical user interface.
> 
> As I’m a long time programmer I decided to just give this a go and try to 
> get something useful going.
> My approach is one where I talk directly to the Admin-API (at least when 
> running in dom0) from this code which happens to have been written using Qt 
> in C++, the code will be GPL licensed.
> 
> The GUI is showing some usefulness already, the ‘start’, ‘pause’ and ‘stop’ 
> buttons are functional.
> 
> I just wanted to show some progress, hope you like it.
> 

Thanks so much, it's a thing that i miss a lot.
i come from windows with virtual box and found the qubes manager similar
to virtual box gui (both useful and well done).

but before you code it you should talk to joanna to be sure it will be
accepted and used.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4fd8e0b0-0563-c583-5762-0d331bd0c987%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] HCL - Acer V3-571G

2017-11-18 Thread Matteo
VTX present and working
VTD missing
TPM missing
SLAT missing

Bios legacy: works
UEFI mode: more or less works: follow the common fixes in the qubes docs;
i have installed it on external usb hdd but if you boot once without the
hdd inserted the "qubes" boot option will disappear and you will not be
able to boot it again; better to use legacy bios.

Networking Ethernet works only after you assign to the net vm the sd
card reader (they share the same pci id).
if you autocreate default/typical vm during install it will throw error
since it cant start net vm; ignore the error and assign card reader to
the net vm than everything will work.

audio works
video works
external monitor (hdmi) works
S3/sleep works
power off/on works
USB works
Networking WiFi works
Windows 7 (HVM) works

sd card reader not tested, probably works but must be assigned to the
net vm.

if you have any question let me know.
Matteo

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5ec2d6ba-4745-4cd0-2786-1b8d1d2fc420%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-Acer-Aspire_V3_571G-20171118-135307.cpio.gz
Description: application/gzip


Qubes-HCL-Acer-Aspire_V3_571G-20171118-135307.yml
Description: application/yaml


Re: [qubes-users] What happened to domain manager in 4?

2017-12-08 Thread Matteo
> 
> Here are some things these users DONT want to do:
> Start a qube
> Stop a qube
> Start a disposableVM
> Look in the manager to see if there are updates.

at least a bit of the inner working must be known: disp vm is useful and
you have to stop a qube that you don't use to free some resources.
updates could be made automatic (or manual if a usere prefear this).

> Here are some of the things they want to do:
> Read their emails.
> Go online in a secure way.
> Browse without risking their emails/bank accounts
> Open a web browser that wont keep history/cant compromise their private
> stuff.
> Look at pictures from phones/ downloads as safely as possible.
> Keep their system updated.

I always used windows, and i find it easy to use:
just two buttons (mouse) + is all gui.
from long time i started using virtual box to open untrusted exe (any
exe) to increase my security and when i learnt about qubes i have found
it as a natural extension of what i was already doing.

i have found the qubes manager quite similar to the virtual box window
used to start, stop and edit vm settings and both were VERY nice and
EASEY to use.

i have not yet tested qubes 4 because i'm waiting for the definitive
version and because if vt-d and slat become mandatory i don't have them
so qubes will not run (on my pc i have only vt-x).

as a user i don't care in which language is written the manager, if it
is a single big app or small with plugins, i also understand that for a
developer it makes a huge difference.

i hope that a new manager will be written; or something where you can
find the state of the whole system without using the terminal.

i CAN use linux but i DON'T want to use it, i find gui much easier and
faster to use and to learn.
please don't force users to use a terminal, it is not going to work
https://www.xkcd.com/1168/

from qubes manager you could rightclick, open settings and just by
looking and clicking tabs you could see all the possible settings, for
example you could see that a setting " ammount of ram" existed and what
was its value.
how am i supposed to discover that such setting exists using a terminal?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fc18b7e5-b09c-eaec-fa3b-70fae0d5fb9a%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Re: Installing in UEFI without reefind (razer blade stealth 16gb ram 2016)

2017-12-09 Thread Matteo
>> update: I doscovered that Legacy Mode is called CSM on some 
>> BIOS(https://github.com/QubesOS/qubes-issues/issues/2838#issuecomment-349234545
>>  ), so I found that my system actually supports it. However, when I boot 
>> into legacy mode, I only see an empty black screen, forever. Here's my CSM 
>> menu:
>>
>> https://photos.app.goo.gl/Qbv7OBnXquEcHkTF3
> 
> I'd however prefer to install it in uefi mode, if possible. Could somebody 
> discover what is going on?
> 

i'm not expert but from the photo there is launch video option rom [uefi
only]
to me it seems "use video card only in uefi mode"
so this could explain why you see nothing if you boot legacy.

try enable everything in that meny also for legacy/csm (but not pxe, is
not needed. it is network boot you don't need it).

try again legacy, it's easier to have it working.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c8611499-6b43-202e-384b-de895ddbf524%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Password security/disposable vm security

2017-12-24 Thread Matteo

> "there is absolutely no point in not allowing e.g. Thunderbird to remember 
> the password – if it got compromised it would just steal it the next time I 
> manually enter it"

Correct!

> So this was written 6 years ago but it's the latest one I think.
> 
> Can't we just create disposable thunderbirds to protect the password?
> Or is disposable not true security? I mean maybe a custom thunderbird would 
> be needed so it never used the password again/instantaneously forgets it 
> after login >.>

no, this is not possible. let me try to explain:

This is going to be long thing, i hope anyone will read it, i was
quite inspired; qubes is A-W-E-S-O-M-E-!-!-!

the main reason is that you want to be able to read your mails, so you
can't just drop/delete/forget every received mail on shutdown.
you also can't drop/forget/don't store the password after login because
the way any email work is: login->check if there are new
mails->download->logout
and if you keep it open like me so that it check for new mails every 10
minutes it can't work.
websites with a login works in a different way:
you fill the password and if it is correct they give you a cookie that
your browser store and automatically give back to website every time you
open.
as you can see if you want to be logged in a moment of time you have to
present to the remote side some kind of "secret thing" in that moment of
time. is not that "you login once and the remote side automagically know
that you are logged".
so for the whole time you use the service you must keep in memory a
secret to prove that you are logged.

So where is the difference between Qubes and a normal os? how Qubes
improve the security?

let's think about a normal windows/linux computer:
you have many programs and every program can control the whole pc.
yes, there is admin vs not admin but on windows this means that a not
admin process can't mess with admin processes or can't write in
c:\programs or c:\windows.
but this is useless! a virus can do all the damage it wants also running
as not admin; it can:
-delete all your files (cryptolocker)
-run at boot (persistence)
-spy you from mic/webcam
-steal/upload all your files in internet
-keylogging all what you write
-steal saved passwords
for me this is comparable to "full control of the pc"
the problem with this model is that any single exe that you open can do
pretty much what it want, and you can only hope/hava a bit of trust that
it will not do it.
in such security model it might be good not store passwords because when
you will get a virus it will steal instantly all your saved password
(bad). while if you don't save them it will only steal the one that you
will write while the virus is present for example mail password because
you use it often.
so if we suppose that antivirus delete it after a few days you can hope
that you have used only a few passwords on the compromised pc, and not
all your passwords.
TL;DR: any program you open/have opened in the past might have
read/stealed all your mails/passwords

NOW QUBES OS:
On qubes your pc is splitted in more parts, every part works the way i
said above (in fact they are normal windows/linux os) and is isolated.
the only (important) difference is that only home in linux and c:\users
in windows is preserved if you reboot; this is good because it limits
the places in which a virus can hide (but still there is persistence=run
at boot).

suppose that you get a virus, downloaded from your browser. your mail is
safe because it runs in another vm. simple, isn't?
same for every other action you can do on your pc: play games, reading
documents, ... because all these actions happens in a different vm, not
in the mail vm.
now suppose that you get a virus exactly the mail vm:
the first question is how this can happen?
it's not that virus pop up automagically, most of the time is the user
that open them.
so how can you open a virus from the email?
you can open an attachment or a link, thats all you can do to open a
virus from email.
but on qubes this should not be possible because you should not open
attachments and links in the mail vm, but in a disposable vm! (here is
where the disposable thing became useful!!!)
you can also automate this, so you can't forget to open a link in dispvm.
if the attachment was something bad you simply don't care, close dispvm
and virus is gone.
but sometimes (smaller that always!) you need to store attachments,
because they are work documents, photos, or something important.
but again mail can't be compromised because you save photos and
documents in work vm or somewhere different.
the final question is: can mail vm be compromised?
yes, but since the user can't be tricked to open something bad in the
mail vm the only thing left is a zeroday: some bug in thunderbird that
when it receive the bad email it is instantly compromised because *for
example* the bad guy send 500 attachments and thunderbird can manage
only up to 255 attachments, and this thing lead to code 

Re: [qubes-users] Windows Tools

2018-02-02 Thread Matteo

>> I guess the benefit of the AppVM over the HVM is Qubes integration for
>> copy and paste  and   anything else practical?

If you make an AppVM instead of a template (or standalone) only
C:\Users\* will be preserved across reboot.
This is useful to keep the system clean from virus.

C:\Users will become a symlink to the qubes private image disk (when you
install windows tools)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a79d839e-e756-5042-feb9-fe9351c576fb%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Windows Tools

2018-02-02 Thread Matteo


Il 02/02/2018 19.20, Matteo ha scritto:
> 
>>> I guess the benefit of the AppVM over the HVM is Qubes integration for
>>> copy and paste  and   anything else practical?
> 
> If you make an AppVM instead of a template (or standalone) only
> C:\Users\* will be preserved across reboot.
> This is useful to keep the system clean from virus.
> 
> C:\Users will become a symlink to the qubes private image disk (when you
> install windows tools)
> 

AND!!! was forgetting the most important thing!!!
if you make a win7 AppVM based on a win7 Template, you can have the
template connected to the internet to download windows updates and
software updates, but the template has NO personal data inside!
while the AppVM can be set WITHOUT a netvm so without internet access
and will be full of your personal data (photos, documents, ...)
this will be even more secure.
(sorry for double mail)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/53363c19-0061-c564-d699-2a804f419dcc%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Windows Tools

2018-02-03 Thread Matteo
> Problem is:
> 1)
> I can't really tell if QWT is or is not installed.  From the HVM I
> wasn't able to copy out to another AppVM but  Frankly:
>
> I don't really follow the protocol To install the QWT,  I have it from
> the --repos in dom0 but then I am supposed to once flag it to install
> while starting the HVM ?
> or as the docs say "it may take multiple attempts" , and the way I'm
> going to know besides trial copying out  would be , look at the  Win
> Registry or ?


https://www.qubes-os.org/doc/windows-appvms/
qvm-start lab-win7 --install-windows-tools
Once the Windows VM boots, a CDROM should appear in the ‘My Computer’
menu (typically as D:) with a setup program in its main directory.

>
> 2)
> I can't follow how one creates an AppVM from the HVM at all ?   I do see
> an option in the  VMManager to create something called HVM Templates,
> perhaps that fits the bill or
>
> is the paradigm for TemplateVM/AppVM somehow different in this win7
> scenario ?
>

follow this instructions:
https://www.qubes-os.org/doc/hvm/
i did it much time ago (for 3.2 version) but from what i remember i have
created a new template (with the hvm option selected), then i installed
windows 7, i installed qubes tools following the instructions of these
two links, and made an appvm based on the win7 template created earlier
(which will be hvm too).

Follow *exactly* what this links say, and don't forget to enable test
signing mode (also explained)
https://www.qubes-os.org/doc/hvm/
https://www.qubes-os.org/doc/windows-appvms/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/eeacaba1-ef57-2e49-53c3-57a1bbf444e4%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-12 Thread Matteo

> It looks like fullscreen can't do "attacks" on dom0 and other VM's,
but it can do something like keylogging, just visually from the screen
instead, perhaps something akin to taking frequent light sized
screenshots and then sending the screenshots over the internet.

This is possible both if the VM is in full screen mode or "small/normal"
mode. The vm can also key log the keyboard but only for keys sent to
that vm (so only while it is focused).
(while on a normal pc the kwylogger would be for the whole pc, here an
infected vm can keylog itself).

> But this is supposedly only a problem if fullscreen can be executed
from within the VM itself, so as long as the "controls" for fullscreen
remains in a secure domain, such as dom0 keybinds, it should remain
safe, as the moment you use dom0  to stop fullscreen, the VM has no
means to keep up its attack to keylog screenshots. I suppose that's what
is meant by these words, maybe there is more to it. But it seems quite
harmful if you don't mind an attacker knowing what movies you are
watching, and even then, in this case it probably makes no difference if
using fullscreen or not anyhow, as the non-fullscreen can be keylogged
as well. So I suppose, as long you don't do anything in other windows,
that has sensitive information, while you use fullscreen, we're safe.
>
> Unless I've misunderstood something?
>
The vm can go fullscreen if you allow it from vm permissions, (just
click youtube fullscreen button).

The problem is NOT if a vm can keylog (byscreenshot or by keyboard), if
you open a virus a vm can keylog in both ways both if is fullscreen or not.

the problem is HOW do you know in which vm you are?
if you are not in fullscreen mode is as easy as watch the window title.
but if is in fullscreen mode you can't tell where you are.
and what if the vm draw a fake start menu?
take this for example:
https://textslashplain.com/2017/01/14/the-line-of-death/
go down you will see a fake paypal window inside the real browser.
but that is not a paypal browser window on chrome, is a photo in the
website!
that is the problem that qubes aim to solve by preventing fullscreen.
attacking qubes is not easy as the attacker to simulate your desktop
must know what background and installed apps you have, what are your
template and vm names.

note that (unlike normal pc windows/linux) in qubes if you have an
infected vm with keylogger you don't care very much if you insert
sensitive data in other vm it will not be keylogged.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d6635d1e-dcc5-8e5b-a44a-f70be0b28315%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

2018-02-11 Thread Matteo

> Does anyone know the 'alt+space+f'(fullscreen) command, or where to find it? 
> Or are there none available in /bin /usr/bin or similar?

i think that you have to press that keys on the keyboard, is not a
terminal command (in fact you can't find in /usr/bin)

if you press alt+space bar a menu should pop up, the same menu can be
seen by clicking in the title bar of the window, from there you can see
maximize, minimize, close, and probably also fullscreen that can be
quickly selected with f.

note that qubes by default doesn't allow fullscreen, unless you enable
it. also usually websites and programs have a easily accessible
fullscreeen button (youtube).

but i'm not sure about what you want to do.
hope it helps

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/73852f83-babb-e8e8-afed-072ce052612d%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Password security/disposable vm security

2017-12-26 Thread Matteo
>> ...switch to cookie authentication and forget the password, that way when 
>> the zero-day
>> happens you only lose your cookie which is probably not as powerful as
>> the actual password(ie I dont think you can change your password with
>> just the cookie) plus the zero day can't "permanently" compromise
>> thunderbird cause you opened it in a disposable

yes, it can't probably change the password.
but this is useless, is again like "admin vs not".

stealing a cookie *ONCE* and you:
-can't change password
-CAN impersonate user
-CAN read all mails
in other words can do everything someone does with his mail...

and mails works in other way so...
i think that Qubes way is much better than any other thing, use it and
don't worry about some impractical scenarios.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/247e0dfe-3c2d-3a1f-fedb-d65df200feea%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Qubes won't install from usb

2017-12-20 Thread Matteo
> Hey, I've tried all sorts of methods to get qubes to install after
> booting from a usb, but it freezes no matter what option I choose. I
> believe it has something to do with my NVIDIA graphics card but I can't
> disable it from my BIOS. Please help!

seems the same issue that you can find here:
https://github.com/QubesOS/qubes-issues/issues/3340

have you tried both uefi and legacy bios?

also take a look here:
https://www.qubes-os.org/doc/nvidia-troubleshooting/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e6764613-fbbe-f345-4eaa-a0521eb92a96%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Question Wi-Fi security

2018-04-10 Thread Matteo
> Dear Qubes Team
> I have a question regarding Qubes and to be specific the way it connects
> to wifi networks.

I'm not part of the Qubes team, i'm just a user.
I don't know if Qubes uses passive discovery, active or both.
But I know how you can find it: you can use another pc with kali live
(or any linux distro+aircrack).
I remember i used airodump and it showed that my mobile phone (android
7.1) was sending a hotel ssid (network i was connected few month before,
and that wasn't available in that moment, because i wasn't anymore at
the hotel).
There are more problems with this wifi thing:
-you leak connection history
-i don't remember if it send only ssid or also it's mac, if yes you are
leaking also position of that connections (so you are leaking where you was)
-supermarkets and some places are tracking all this to see where you go
in the market, they follow your phone.

i have Qubes 3.2, if you want i can check using the above method if my
pc send active requests or not.
but i think that is more a mobile phone thing, and less a pc one; i
don't have any proof or argument to say this, just my impression.

> May I express what you probably read in every letter (or should read). For
> the effort, the talent,the Qubes, and for what it can do, you're simply
> the best.
> Thank you very much
> James Patel

yes, really, i love the way the team is making and changing computer
security, most of the infosec people try to avoid difficult questions,
while Rutkovska and the tema try to find an answer to them.
for example:
https://theinvisiblethings.blogspot.it/2009/10/evil-maid-goes-after-truecrypt.html
I think that today most "security" is offensive security/no sense thing
like "i'm showing how 1337 i am" while this doesn't improve in any way
the security.
a super simple example:
-office macro exists
-usually they open cmd/powershell to download additional malware
-why don't we have a simple program that prevent office from opening any
child process? word have no reason to launch powershell or any other
exe, this would stop many attacks.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/99c70c60-54c9-5a40-f4eb-4065e5f42d66%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] Question Wi-Fi security

2018-04-11 Thread Matteo

> I still think seeing results from your test would be really interesting,
> and I could reference it on the Network Manager mailing list. So you
> have a 'yea' vote from me.
> 

i have done a test, but i haven't any concrete result :/
i saw that using "airodump-ng --channel 1 mon0"
-on the top there is the list of wifi routers (access points) available
-down there is a list of detected devices

-in the down list i can see both pc and mobile phone MAC addresses
-with the wifi router ON under the "probe" column i can see the name of
my wifi in the mobile phone line and also the pc line (windows). but not
always and is unclear on which condition the name appears  (i think i
should read the man page)
-with the router OFF i can't see my network name or other saved networks

-i remember that i saw that hotel wifi under the "probe" column.
so or android changed the way it work, or i have set something while i
was connecting... i don't remember...
i know that windows has an option "connect also if the network is not
transmitting" android is much more limited.

if there is someone who knows more details feel free to add them...
anyway i think that there is no reason to make multiple netvm and that
there are more important things to take care.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/10ee2b28-c2ee-5ffa-338e-236b5b4ced40%40posteo.net.
For more options, visit https://groups.google.com/d/optout.


Re: [qubes-users] [3.2rc1] Installer boot error '/dev/root' does not exist

2016-07-03 Thread matteo . crackme
i'm having this problem too, and i don't know how to disable alua

[ 8.319 ] dracut-pre-trigger[547]: cat /tmp/dd_disk: No such file or directory
[ OK ] Started Show Plymouth Boot Screen.
[ OK ] Reached target Paths.
[ OK ] Reached target Basic System.
BLOCKS HERE
[ 14.014 ] sd 7:0:0:0:0: alua: Attach failed (-22)
[ 14.016 ] sd 7:0:0:0:0: [sdf] Asking for cache data failed
[ 14.016 ] sd 7:0:0:0:0: [sdf] Assuming drive cache: write through
If i boot in "basic graphic mode" additional 3 lines are displayed and again 
blocked.
this happens on two computers
if i press tab and at the and i add blacklist alua line nothing change (not 
sure is the right way to do it)
i'd like to use new qubes os release but can't install it right now

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/493805ba-efd0-4b34-a607-697695ff3761%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


[qubes-users] Unsure How and If I Can Install Qubes

2020-03-17 Thread Matteo Chicarella
Hi, I'm new to this so bear with me whilst I get a grasp on things
I have a Dell Inspiron 5570 running Windows 10 Home on a 64-bit OS. It's
2TB HDD is fully encrypted with VeraCrypt
I'm looking to buy a 1TB HDD from Amazon to run Qubes on. Would it be
possible to fully encrypt the hard drive and have Qubes on that so I can
plug in in to run on my laptop; is there any issue with my hardware and
does it matter what HDD I buy?
Also, is there any reason that what I want to do is less secure than any
other method - either because of hardware or how I want to do it?

Thanks, all help is appreciated

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/VI1PR07MB5647EE8B4F0DAC4D119E9A9293F60%40VI1PR07MB5647.eurprd07.prod.outlook.com.