Re: [qubes-users] How to change / swap behavior of Ctrl, Alt, Win, and fn keys?
On 08/06/2017 03:43 PM, Connor Page wrote: > AFAIK fn does not emit a code and bios will process it only in combinations > with predefined keys. That is also how I observed it. > other keys can probably be remapped. but from my exprience I failed to swap > fn and ctrl. Depends on the laptop model. The keyboard is handled by the embedded controller which typically runs proprietary firmware. But that does not prevent people from modifying it anyway :) https://github.com/hamishcoleman/thinkpad-ec/pull/32 -- Live long and prosper Robin `ypid` Schneider -- https://me.ypid.de/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/86f1843d-e6d6-8a91-7100-35645adc83a6%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Best Desktop for Qubes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/02/2017 07:28 PM, Zbigniew Łukasiak wrote: > A companion to the Best Laptop for Qubes thread :) > > Most of the HCL is filled with laptops - very few desktops are there, > especially on the high end. > > Currently I have a Dell Inspiron - works but 16GB RAM is max there (and it > is a non-ECC so most probably more than that does not make much sense), and > 16BG is not enough for me (browsers seem to eat unbelievable amounts of > RAM). > > Is there a recommended desktop system for Qubes with over 16GB RAM? > Hi Zbigniew The ASUS KGPE-D16 can not be left unnoticed and it has been mentioned a couple of times in the "Best Laptop For Qubes" thread already. You can even buy machines based on this MB built and flashed to your wishes: * https://minifree.org/product/libreboot-d16/ * https://store.vikings.net/libre-friendly-hardware/vikings-d16-workstation Pro: * More than 16 GiB RAM with ease. 16 GiB is basically the entry option for these machines ;-) * Supported and on the HCL * Runs Libreboot * No management engine * ECC RAM Contra: * Price * Power consumption * No Qubes OS 4.0 support I assume? I guess this choice is easy :) ? - -- Live long and prosper Robin `ypid` Schneider -- https://me.ypid.de/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJZWTOvAAoJEIb9mAu/GkD4NzkQAICDV6fWPONqUM7lksyLbZjq RsfvYzAGBFmutPcEWHLQr/vjwRjhOQArGwC9ARp5HYoj3LGwi24xAD/Qp5fcv2ev EBjq74jbpvuc4hzXS+92uJyW54DSR3lXiwyED05rU11sUY558nWOX17stig6RQ08 9GO7Ad7xaRyB5Eos0P1hCyd139WWxIROv4i8ZbpttXbF2aAqzJKa53xvrNCMX0r7 a1atera4ewPdZPQJD5N1SVjcqCuHRlAfx5Dp5n/rzBdILgyIL4t65I9LQ0YAJmnA wwqaUQshk5oPX1Eb/uv7k/JPBTNMXp05Q4YTgLxbEUwjVmL60M8WdBFVbYU9500Y xZj92S5BqdgXIdWbQu5Rshaj6DFYVvtHcCQobY8WXB4TkRrPrtR8nfoQzqBXufbt hA6Cm6ZFcSXYhXiud4tgoJO+VhzyOnIzjrSYDW2/SQpteL7/vsYFAE7Biz8Q0U3v +Rln6xu1LZ/3fhnCXFLQj51T4W8z6XgNw/JTrxjC3zsmJpf64YaUWeiLgV/Ikh8/ S5bpsrQq5KkZ11i2YVsho7K4L5pcAA93lI7Xlan0qDP4CkhGnm09hID+anevXuIR 2cGSdQFymecRlHYDM6kM9N1ActRFfW3ZFkvMk7plmXZ0T8GYsu7hj4/cBZBWu+// q/cdKW+kzKgJvWLAQSNf =OHo2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/377c5741-320f-ccf6-f1d9-a1a7ddad3d1a%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] looks like sha-1 is over
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/23/2017 08:51 PM, Oleg Artemiev wrote: > a little bit offtopic, everyone is using sha-256, I guess, > > http://shattered.it/ > > but, btw - any comments to this in Qubes contex: > > cut--- - -- > > > How is GIT affected? > > GIT strongly relies on SHA-1 for the identification and integrity checking > of all file objects and commits. It is essentially possible to create two > GIT repositories with the same head commit hash and different contents, > say a benign source code and a backdoored one. An attacker could > potentially selectively serve either repository to targeted users. This > will require attackers to compute their own collision. > cut--- - -- > > > ? > Hey You might be interested in this issue: https://github.com/QubesOS/qubes-issues/issues/2240 - -- Live long and prosper Robin `ypid` Schneider -- https://me.ypid.de/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYr0fYAAoJEIb9mAu/GkD4reoQAKPvuUxTl9qETXhZmuLJcSb+ 4msToekwUrg5pGALC7XAV2DpXTd0UPD4muMNLE4W/F1Ynmm/i7ehe9A1UGyiy3QG LYMDvJxg0cCPxADgBj0a43KtqaZJ9DvkcQcC6AwHOHw+9UIJjJXqPKj0gK1YFGHU +FjI9iMEN4DHBMmi7UJ7ZX8Qe0vJ5Hq2lCYoToYmQCa+XYnDwqgjyv6J+RCJqtPr P4/E5R/pYK36HRzFhXOm0KcnX6WynO7E1kBAdrkO2VpK+rk1QykKIxmnGfEfXaKO zx8qEPkZqViGAZ4+Y3uuWXAbCjkJ0tOSIxZKXvuJfNSOO+R6+k6tDHzWZxX9+NY2 tf8VDckZOBHJM/Dk02HR1icXcQ+jpB4DfNrjjI8dKv0gJ0jCV/oVN2hsTeeoZri8 0bN0HAuWSrk+CreTrQv23lfjssPzAG1sYU8bofiE4QvuqToIH6FofKpr/RKas+wC qgk2O86Y1MAZvzZsOgYHvCUFAtCFSjlqm+JuPCAoHowYNbAmpmc4SzgOFVxSKSgk IzulqwctJXNdrLiJU8IehgZhTR4hAQbuljnctfX0qT/YvpozCII4nTkxBYR4DTCZ mtQrBnVqv7rkqfNzb5Ri6NGgg3x9eVSBlhM+OQKpSKt+k9CipqrZwMaSJuVQU9vU ZQdWuDabWIETqtqyOVcd =YFtl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c6e1861-a319-e689-6d1a-88c3e74738a2%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: wlan with kernel 4.8 (Re: [qubes-users] HCL - Lenovo ThinkPad X1 Yoga 2016 (20FQ005UGE))
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/02/2017 03:44 PM, Holger Levsen wrote: > Hi, > > On Sun, Jan 15, 2017 at 10:24:01PM +0100, Robin Schneider wrote: >> Adding to the reports about the Thinkpad X1 Carbon 4th gen (20FB), here >> are my experiences with the ThinkPad X1 Yoga 20FQ005UGE: > > another skylake system here… > >> WLAN works after installing firmware-iwlwifi in Debian 9. The only >> problem is that almost all times after resuming from S3, the net VM needs >> to be restarted to get wlan working again. The following is logged in >> sys-net: > > I have the same problem with WLAN :/ After suspend I need to restart > sys-net, which requires shutting down all VMs using it, so that's pretty > super annoying :/ My sys-net VM still runs fedora-23… You don’t have to restart all the VMs, luckily, which I learned shortly after posting this. There is a pretty simple trick going around. Just set your sys-firewall to no net vm, restart your net vm and reattach your sys-firewall back to the net vm :) - -- Live long and prosper Robin `ypid` Schneider -- https://me.ypid.de/ -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYk3j3AAoJEIb9mAu/GkD49BEP/ivBq8NePQ+4rHTXPh30ZULp PJvc7YkKc93/NfXJH8J7V23yfPadZJCGZndcF2XkuWETFuAuM75r2Xpl1Xb1zoyQ mWgtAKueCEwKzZ8FM/CgKpBaFeA02BcLB1OpzB9iVuFARMvV0wXhh1N1nk0jkFMB yoY7warhbefbskTy8MKXJ/GDb7GwqhOgQrnomExW+QThJOtoOPIu12jGV63ppmRq xUiKg7m51j1ufY4+/7FyQojytNTNmvq+LxPju1qxQI1GjT3ULTLrXlAFZ4VZnI3G TGgR4r9DOGHHIMAul1CTuV/8NUy3sug8oAJLJUuA1q+3VPv57WPYaFWUnREN4B1S xwjSvCXPgeHcsNoenRfOStuCVzmrG++mwOZjnegXlFEuBBq550/p3cTlqQBSDoVy AzsY7FzRNHjm2+B+HguE2h8LDllOfdpgTTrkN+rTSNyTlwF0M9W49YnXOo9G6Xoo xyRV0RdweIVeEEfFtBDOQ4Pa367WmgL/1h0gBIzd6xYttwVcz0D9gJLnwvoKYjgT GXPVw50HR3EZIjX7PjftuYOSYKmlAqBOdilWJCu5VmJoanHr3nWW4ekjRwWwopW+ jNqT/d4+0Loh/T/cJyfnjDM2cxQGDuTm6ni6ghFDgy81Pfe0M7ICUxomdXuIhXWd DHdNJ6HhkX5eiXvMvqa1 =aEbR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/58fb74e5-eef8-1a2b-d938-4affe1de8786%40riseup.net. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - Lenovo ThinkPad X1 Yoga 2016 (20FQ005UGE)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all Adding to the reports about the Thinkpad X1 Carbon 4th gen (20FB), here are my experiences with the ThinkPad X1 Yoga 20FQ005UGE: ## TL;DR Qubes OS R3.1 works in CSM mode but the graphics becomes unusable after suspending, switching to another vty or changing any graphics option. Some workarounds where required for Grub and the NVMe SSD. Qubes OS R3.2 can not be installed directly (neither in native UEFI nor CSM). When doing an in-place upgrade from R3.1 to R3.2, only the 4.1 kernel boots and can be used to upgrade to 4.8 which fixes the graphics issues. I have been testing with Qubes OS R3.2 for one month and am really happy with it. Works for me :) Awesome work! ## Long version The graphics problems I experienced where already described here: https://groups.google.com/forum/#!msg/qubes-users/QOINoTl1aXc/2dXut2SrBAAJ ### Qubes OS R3.1 installation Installer finished but after the reboot Grub is not able to find its /boot. Same as the initial post here: https://www.reddit.com/r/Qubes/comments/4vqb3y/grub_fails_to_boot `ls` only shows: (hd0) So, no partitions. Possible fix: Boot into rescue mode of the installer and install /boot and Grub onto a USB thumb drive. I used the handy anti-evil-maid-install script for this task which only needed to be slightly modified (attached). Not needed when using Grub from R3.2. ### Qubes OS R3.2 installation The platform resets when booting Linux 4.4.31 from R3.2 with CSM as described in https://www.reddit.com/r/Qubes/comments/4vqb3y/grub_fails_to_boot/ and https://groups.google.com/forum/#!topic/qubes-users/mOlHA2KhzLE When debugging is enabled, you can see that Xen boots just fine and one of the last entries is that Xen starts dom0 * i915.enable_rc6=0 did not help (suggested here https://www.qubes-os.org/doc/thinkpad-troubleshooting/#thinkpads-with-intel-hd-3 000-graphics) * intel_pstate=disable did not help (suggested here: http://www.thinkwiki.org/wiki/Installing_Fedora_24_on_a_ThinkPad_X1_Yoga#Success _Chart_-_Out_of_the_box_experience) ### UEFI boot UEFI mode is not usable as Grub refuses to boot any menu option for some reason for every version of Qubes OS I have tested. I disabled secure boot. The following error message is shown: /EndEntire file path: //File/(\EFI\BOOT)/File(xen.efi)/EndEntire Xen 4.6.1 (c/s) EFI loader Failed to boot both default and fallback entries. I already tried the things mentioned here: https://www.qubes-os.org/doc/uefi-troubleshooting/ as suggested in https://groups.google.com/d/msg/qubes-users/vPDD4rgNXx4/5faeFS-RBgAJ This does not help. ### Kernel update 4.1.24 works with graphics problems 4.4.31 does not boot (platform resets when kernel is loaded, no kernel messages) following https://groups.google.com/forum/#!msg/qubes-users/m8sWoyV58_E/HYdReRIYBAAJ 4.8.11-100.vanilla.knurd.fc23 boots but hangs after the root filesystem has been mounted (FDE pw entered). A _ keeps appearing for like .5 seconds all 4 seconds. 4.8.12-12 Works without issues. `qubes-dom0-update --enablerepo=qubes-dom0-unstable kernel` and `dnf upgrade kernel` worked! ### Screen brightness By default the screen brightness can not be controlled by xfce and is at maximum. There is a workaround for this: dom0# qubes-dom0-update bc inotify-tools And then run https://github.com/rickybrent/x1yoga-scripts/blob/master/x1yoga-backlight-mon.sh in dom0. To start the script automatically at boot you can use "Sessions and Startup" from xfce or other means. ### Touch screen Works without issues in the default configuration. See sys-usb for more details. ### AEM I only got AEM working without owner nor SRK password set. As soon as I set any one of the passwords (even after full TPM clear), the password is being asked for at boot. But the password is not accepted (error: "Key not found in persistent storage"). When setting both passwords to well known, then it works with the exception that the secret message is not shown in plymouth but only on the text console (switched with ESC). I removed the plymouth packages from dracut again with `dnf remove '*plymouth*' && dracut -f` which solved it. I expect that this problem was caused by the in place upgrade from R3.1 to R3.2 or the fact that I removed the plymouth packages previously for debugging and later reinstalled them on R3.2. TXT seems to not work. If enabled in the UEFI setup, the platform resets after grub. The last message shown is that 6th_gen_i5_i7_SINIT_71.BIN has been loaded. I updated the AEM config in /etc to use SRTM for now. I will retry with a clean install when possible but for now it works with the mentioned limitations. ### Grub Grub is horribly slow in default config on this machine. You can read the few text lines as they start appearing on the screen and are only able to make selections when it is done. Set `GRUB_TERMINAL=console` in `/etc/default/grub` and regen grub.cfg to workaround this. ### sys-usb Required the
Re: [qubes-users] recommendations on encrypted usb disk?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 06.11.2016 13:43, pixel fairy wrote: > crypt setup has a lot of options. what do you recommend for a usb disk for > backups and file transfer between qubes and bare metal linux systems? > Hi I would go with AES-256 as cipher and sha512 has hash for LUKS. Refer to https://docs.debops.org/en/latest/ansible/roles/ansible-cryptsetup/docs/defaults .html#cryptography-defaults for details :) - -- Live long and prosper Robin `ypid` Schneider -- https://me.ypid.de/ -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJYHysSAAoJEIb9mAu/GkD4NhEP/1jZujyKK0RWUuqQKWNglE7n adRvP2fZlfCMzAOQfDdB5jnwIKCX3Ir0mWHisIVWww3+FsWP1ysMgEu4zTCcMpJd 3/SnIHF0sonBL6C6VIpIBUuyiRXe0Z3sjWcc4HeJMI7KdNNhH42Y6gJwjHumuiZr g4k5aDhp7wlZrHxEhRirMfoA3QiamdRrBb0+yHFjmBiHt9dbT0NuN4Z+3PxWggtj lMR/xiSxU8BDzM0KLD3iMLDIARcz8lSvxHrkij9aWdcVaUuaVkOkg729pHw/tBzV Y0/zDcVibnxDdcpsNZFiDdK76loJxGb/+WF9b2Pxjh3r7dAdoNmxAvlJGcB40sh0 X2huFy4CI+gU+lP0ZomD0fRMvCQhLrSTTA5ibjaLMY0rnvwfyZ8pXYDCtwkeh9EA VFvWvtQtvhNuA+agUXQoP334zh2tnJDbfFWZN/S/OWJY1/k7jTTuYSywFd5XH14X tYoBKu6fhDfy6ae01CNigrdAtx4YaOZzxpNogVhCrFEmb/1sGJqTSr3fwEC3LbTP CHKv9IkyWLxRKPTUnsKRxFEhWTegDEfYZMNX8QtjG46vsBvFskLXHc2Go3j91m86 HHSTjcG4Rb09ef6ykWIClwhb1APrEALoigilrraAcDcMcx+kAF1N6xxiDl6K6zQI mtyO0wcHDWOiP49oiusD =J+4d -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32e3b70c-ce04-6f27-e52d-964e7ab8b703%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] new hardware for qubes.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 15.09.2016 09:14, pixel fairy wrote: > https://www.crowdsupply.com/design-shift/orwl > > personally wouldnt pay that kind of money for a box with only 8 gigs of > ram, but its got some good ideas. > Hey Have you seen http://blog.invisiblethings.org/2016/09/03/thoughts-about-orwl.html yet :) ? - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX2kzFAAoJEIb9mAu/GkD4+M0P/R6OjwTBOZ9N4pikguMZdf4/ lVzmmwFnoaLJgopjnb3Iou2TzjOQzIx6YxF1VYHFrAMO/47y+rrnf9m+fML7qlHM K5BAGSZsRr2tpQqXOvvIZarONKLmQtsUPiOM0My5VMfgPCz8Jkmx1ngGJsoDRo3M 14ozX3PD5/2r19KPviBGJQow2nPxnCKGxjhApgqqJMIsReDxF82gO3SFv22qARF9 LOMjS69G9b0ogT/+0y0I8fjGukK+u1F4VYib8N6ZY31wdvZ3g8B5t7yvAWmAOmGE CjMghJMT8cWOFgqpP73oAl+/l/0po0iVhVmD8ab8h2/t6/YM8YBv7W2v1fjFcFDi s0X2ZxVYYtCTW57STbtWQY4EXF3XEHbJWQekyFOqO19nVTJHYCTv9dyUTUq1Lb5e EHKkVhZXEJdNp/WNibIquUA8MQBNTC7/LMh+XiAh9MbMAvc61G/mYsLGdoKqWnqf FJPQKiuj2Z9cckOwNTc02ZIqc3waRajjdGVM11esVjjuOl+Z3pm5w+zueixxYJvK YWjWqOvTWkHAusNFV2JwOn1NVSDx7breCn8Pmv9XmcjHkmRLFfwFgDlONZKuLwb5 HlfFvCaB1GWHPdxq3nx8FTMDv9zXPSLc6ObroQEgT1oSbnwO7fxlfA+pV/s8YbZ3 0gzO6QcBkDgtRPsrbcXl =LPlU -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/386284e9-7a20-a7ca-1ea2-ff47fd9d00b3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] OwnCloud-Client - wrong credentials
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 18.08.2016 19:00, angelo "angico" costa wrote: > Hi, all! > > - Qubes-os 3.1 - debian 8 based vm - owncloud-client 1.77 > > I can quickly and easily login to my OwnCloud account using a webbrowser, > whatever password I set on it, but I just can't connect using > owncloud-client 1.77 -- it refuses the connection yelling "Error: Wrong > credentials". > > Does anybody have any hint? > > TIA, > > Angico. > Hi Have you tried 2.1.1 from Backports yet? https://packages.debian.org/jessie-backports/owncloud-client - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXtgTTAAoJEIb9mAu/GkD4mfEQAKb+vChGL7sDZlS2RR8fRQaU 1O0FMrKgzoG5JI7LpyZ/AHPihqqdAF9sbt/JXw6/toLAsEneHQq1HnwABXdQa5OR Ajnc9sV6lNTqUXuks054hUwH8H3pm8kquaEYvS/xbHd0D6+qg2QWBRqnGcqSwNCu B7HE5PDrxqTDGGv5brJ3ZpbZ6Odtv96qUmCJidhUg8z/O21+Wtvoz4yOpymEzWCd lPqIhQPNYRcwUhpJoWnyW2yxGj5qqUO6QLkP9y8OckvCDsFJQKCxAUFupw/UsEQs Z4CtKDfbqHXw2fuNPYb6mNpzcJtMEDBV7anRokeuyKb467UO+MEchqjIvkfOC9+i l35B2+g1R1WuT3AVzn3cr/7Lb9/h8zoZptJiDiTcGO9Fkuqi7M7omeSk48YmTEaF EQXTVSATpyabzmUAwddiDSdDwrMCTB867bQRrFwCe9GjNjHYeD6NnNMTSUpM03pg 2O376mpzmDfySjVYLlXioC3VCE0TSkjgHpugUppIcHsAJ2GXTUalc/f7mN4IyCGv a1PmPpyj9TawcrXdJfxkfetVxSXfnVNoeFV4R4Nsn9wWbrIGYPKMKvxiV72vBoqs LakJTUuGkLsVsUKxz+K/XI3n/SWkmbVqa492qMjqmppPHOTwnuGxHLfiZ8gXKgfq tiThehHb0CWUfnWIKDpK =9YIT -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7390a7d1-c93f-5ed6-c7a0-8bd717bb3fdb%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why does QUBES recommend SSD drives..?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 17.08.2016 09:47, Robin Schneider wrote: > On 17.08.2016 04:45, neilhard...@gmail.com wrote: >> The Qubes website recommends SSD drives. > >> Is there any particular reason..? > >> Does Qubes use read/write to the hard drive any more than Windows... to >> the point where it's going to cause drive failure a lot earlier..? > >> Or is it simply a speed thing..? > >> Or what.? > > > Hi > > I am pretty sure the main reason is speed. Also depending on your setup > (snapshots/btrfs) there might be alot of random read operations. > > But when you look at the recently published paper [DiskFiltration: Data > Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive > Noise][1] there might also be another good reason to use SSDs ;) > > [1]: https://arxiv.org/pdf/1608.03431v1.pdf To bring the paper into perspective in regards to Qubes OS: Qubes OS does mitigate such an possibility already in that only the VM which controls a (S)ATA controller with an HDD attached could do that. So the impact of such a side-channel data leak should be pretty low for Qubes OS users when you keep that in mind. - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXtBi8AAoJEIb9mAu/GkD4s5kP/3Qh3fgGEcsi/Jrt8+74lDQN qQzJjWYusNfPy7jwR+P5R7zJjkPXkU79/P77d5kVGYN3UQULU0DpvsIgVw3V3fTI vQzbj33hlOXCsAjG6V/FfE1TL5QWKpZV7I2Q2oQoUfe8HNNhvmu/QoSNlDFRIoj3 KMso2iqQPCMLzjUESWM95i9HBmNfzfH4fZyDKF1stqTIm9POr3k26excqV+WfOoi RV7l7j87Ejn+yI/BhMGTI8VbdfV1e+8Yfl4tJmb06PfqKpDCn6gUi9Bp1+RcjGHC JYzdEQ0y2tbZMvh1V4JJpvhu4OTT35BK7ML2hTLxdd3HKkAaFfK0+fD++pPeQI28 Cg/mQeUhitUhu12m7Qi1ilGRSekGUknt4pmBWJaISWzKjUwld9sN0or01swq/1qs mQIQ0+BGMwMsuFb7356QMyNjSa60cu4i9ehxR905zH2ZDseiNVYBMpKZb7NvIOgM eKy7HES0MdxNzEPn+LgMa3mliR9t2qdQ0JDeJUfd8xLtfBVe+rcZx/GTRoP817RZ 71Q4n3/Jkh0NVwEiNilFvz4N4j94kW0Lpymv6Je4gBjzaXEcbTOrmG4R3RVK1btB N44SPjOVE8dhKIjQrv3nsEeCtjkVip79gecinjqeZ4wE8Xvo/Fi1ppYu0fQaSy3X pu93R1Z/aS/Rm1e9JOIQ =4iX2 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20851865-c3e6-8056-7d99-3900428bf667%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why does QUBES recommend SSD drives..?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 17.08.2016 04:45, neilhard...@gmail.com wrote: > The Qubes website recommends SSD drives. > > Is there any particular reason..? > > Does Qubes use read/write to the hard drive any more than Windows... to the > point where it's going to cause drive failure a lot earlier..? > > Or is it simply a speed thing..? > > Or what.? > Hi I am pretty sure the main reason is speed. Also depending on your setup (snapshots/btrfs) there might be alot of random read operations. But when you look at the recently published paper [DiskFiltration: Data Exfiltration from Speakerless Air-Gapped Computers via Covert Hard Drive Noise][1] there might also be another good reason to use SSDs ;) [1]: https://arxiv.org/pdf/1608.03431v1.pdf - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXtBaXAAoJEIb9mAu/GkD4ZlcQANTjVBR2MbYidSzgOv4Di/GZ EQZnqUwFhGtbvoZ623z7ZDxl8Vn4BpohAx4kUU/stmA0nm7nJcd3y8/j43quUUYy L4jJQmVk6pd6p1i1I9N24Ra0TkteQHPn0bJ7r+U5p8xVPYdDz0iseQMCHHLKSPc5 L8/VoMIqYFFcmDccbu7oHKaCU3nqCTpYsO89bu0RjhLlAE2+EiXc3c8jK/R0+xuC os7OV05ltMjhS1LH3SRgYWHPvvihDr9kcR+REhKVJ0NNmAFnsevZ0zgsPTGHqJrs JZ7Rm4s4782Q80sTDOeMqQZfU2RbWn8Hm0+GEVio4XFbA882AW1cpJd7juOus3M6 m34LHl5s+2E8fWttbqNjlXCsI7gU0MfB1rwVNCK2MVObpjgAZyudJ+ArI9THGMXz eAwQ6v7scHuBjI+ufrbNnGdtnRNkEhCjYKXCyr+NTWj+nCM3+xgBmQscAg+50eU8 Wl5IueIwkawzUoNCs+1oTOZyyW+SRPZhrfL8Jt9ftw7I5MqneobceH8k/YX9kYnp HLmSQZ+170ZoW7LVvSnyiKUgYnhWI5JdKPlyX1CiOLVcP3gPCYtJ6kMKPOW+fhZl RCh3uMzDr1nb7TCN2dOJ33gt9df7M1eraEjYQztuzOi9BfSq0rhx701hhjS9md7c JKPUwVrj+YGlhJ/kvT5K =3I7z -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/87eef10e-4735-a02d-99b2-4b1388a29842%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bad GPG Signature is Good on 2nd Try?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 06.08.2016 04:47, Andrew David Wong wrote: > Well, it should only be unnerving if you know with certainty that GnuPG is > returning different results on the *exact same* sequence of bits. Since > you didn't hash the ISO before the first (failed) verification attempt, we > don't have any evidence that that's the case. It's much more likely that > the bits changed (e.g., due to write caching, as you suggested). Bad memory or bit flips in memory might be a second plausible cause to look at. Maybe you can check that (bad memory) with memtest86+? - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXpZ+eAAoJEIb9mAu/GkD4X8oQANZ9cGCScw2W8JSsI2yvSmWD H0SIrIz4QtamITtQhwpOVJT40hnMnoiilTfiR2OeOW9iKE7MbABYV3diyiYJh5Yg XhkiEi3d4LoK0Kxn1Zn/9MI+DHTN+yKlWj5V0GH9V7x8mdSewksUD5P63Zsses+f 7s2Ant5cfUdnV12ysayXmzq5YlYG4C0vJptP8aMqbVW8wFytKZFczzM31sGPaRWw 7DJShhP4jILLbqtqL+v0Lmgkl4fjW8Z2wTUqeJJ9F0EmQdHm5ANDyVXb1m+od0vT jK+wdoPDlgljHz4bkFiXHjMvrLggFXjboR54/2UcglhYgDcwggrAmmOKEzC1c7mK wV0BtdIrv1+PWPOqxv5Xb3rOKZb3lbiNcHp3Upz/NaMTGmqn+vT50rg8f0kLxara QUW1YlArN0Lp7csO22Gpnj7rQfIubjzwhNpdAh26gSUXkfKbGvkjOTr5MctR73sE JG50NXGWCQpBj1Q0cAzuXhCGDW3YhGMl9OgPOos6ZG+BMVPw+Qxf85VgIxUcCfJb 2pBSWfShcPmBsZ1FzrFvVWE2O9StwpaKheezVYbLNxjcta2QL32AY0Wp3cXsYxGU W7kisX0+HTH2xijdY4R60W2uXtNlXZCXPiqwu58Uleo7h5/qXaDWx06r0s5mf9QW lnskN719dtd4jFwi3Rv3 =udik -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d513833b-e1e9-8746-021d-e20f867b85f3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Qubes default cryptsetup. How strong is it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 21.06.2016 23:54, Arqwer wrote: > How "quick" any of available super PCs (10,649,60 cores, 125,435. TFLOP/S >> ) can find the password (e.g 8-16 chars) encrypted with Qubes default >> settings cryptsetup? >> > > Encryption is the hardest part of chain. If the passphrase is long > enough.If password is 16 random lowercase and uppercasr letters, then it > is 52^16 combinations, it is about 10^27. If you can crack 100 Peta > passwords/S, then it will take 10^(27-17) = 10^(10) seconds to brute the > password, which is 316 years. (Really expectation is half of it, so 158 > years on average). Of course, if those letters are not "Password12345678". > > How can we improve security to prevent this? > > > If 316 years is not enough, than you can add one more character, to make > it 16 thousands of years! Most of those projections about how many years brute forcing a passphrase with that many bits of entropy may take completely ignore one key aspect, especially when you are talking about hundreds of years and that is technical advance and Moore's law. So to be realistic, you would need to take that into consideration. Refer to: * https://crypto.stackexchange.com/questions/1815/how-to-account-for-moores-law-in - -estimating-time-to-crack - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXabyzAAoJEIb9mAu/GkD4DhQP/iru7NGtTJ6gVdsdnYlZfLx1 6uTWhX0mwwOYw1TMV4wGC9uW2NDGsiVXHHEJSXpdeLvMwZYdZGfKxu8vv8SRpUQc SZYI38gybmYn4+wg/fp4oU6cDaHqJ2eh+oOh1YUZhnewOM/jcUMD7kK+sVFcP0Sr koagcIuEXFC0nRnwZsSMtcfr1DQ3x/rJHQuBwdfQLpKyK6gDOVJEqQ5K1kh0Q2w+ yUEcMVtJiMdFkYyTFu7/pcuVv4Xgssiw+8eUt7tsr8QO5Sqczhr0oxlN3d8EwEeX 2H8poeBIPJ1v++xqiFuglxA2NkS3pi/y5VMWqs4rI8phazSvgPhkcZJ7NOsNpo6k NkOFZHccwdRAq9KVq8M6OGcFk6ulSU6Y1SayHxkNM9zQ8ofJ4IBoJ4b+zAwcKta6 nPidNlPjhATD1BY0G1wO61TtfCqYqHuEdENvxko+Q2OXuNqaNREs+9+xdQrcwTuJ hCy+YMC5wS1W25Le4f8Q0oNQrhMiLM92/YNz+tW8JzmLLU1LdzbM4Dz9Kf3aGrqV Fi0FSj4MdRLzD9lLiZ6zUXpCpfYGlACyP2j58mssa5jLyKqHvEiMt1cSiOAoE16O Lqxr0D8/M/O4Zx7o9NuQWi86stKK39x1xzbzOTCo0zjK+zwd8L5LspbVZpmW8AQW q5t6CA096mCC45lflC4F =0UJ1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a69beae4-41e8-6f5b-9cce-b56916e1c6a3%40riseup.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Template VM Hierachy?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 05.06.2016 18:26, 981'0932481'029438'0194328'0913284'0913284'09182'3 wrote: > Hello, > > Can I build a Template VM hierarchy? > > i) If I install all apps in the same TVM, that it looks pretty the same > mess like in a monolithic system ii) If I install any app in a new HVM, > than I waste lots of space. > > If I take the working hypothesis, that I can define more safe and mess safe > apps, I could build N TVM's for different topics and additional some > dependent Template Sub-VM's, which contains more risky apps. > > E.g. TVM-Hierarchy for text processing > > TVM1 contains only a secure and simple text editor TVM1-1 is based on TVM1 > and contains also a simple painting tool TVM1-1-1 is based on TVM1-1 and > enables the more risky JAVA stack and OpenOffice > > So only AppVM's based on TVM1-1-1 like > > AVM1-1-1-1 AVM1-1-1-2 AVM1-1-1-3 AVM1-1-1-4... take the JAVA risk but you > will save the space, because TVM1-1 don't get duplicated only to build up > TVM1-1-1. > > Even you can update the full T-Hierarchy in the best case with one click. > > Will be this possible? And how can I reach it? > > The benefit will be, that any app-code get stored and updated only once, > but the risk can be limited (if a good app black- and white list exists). > > Kind Regards > I think this would be difficult to implement. One reason for this is that when you update TVM1 for example, the filesystem of it diverges. You would have to do something like a three-Way Merge as known from version control systems like git. I am not aware how this could be done. I think your best beat is to use a COW filesystem like btrfs. This was discussed a few days ago on this list that you can use btrfs to reflink copy VMs. The only limitation to your scenario would be that changes in TVM1 would not get magically merged down the hierarchy. - -- Live long and prosper Robin `ypid` Schneider -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXVFWhAAoJEIb9mAu/GkD4FkQP/AjH8golFQ3b5viaiWCsdeyQ Q+e1CFwKtGZ2fDMUs7Kxo3gI1bwPGg88G0zwgl5TI+RsilcraNCeawKvGiC/JIeS iHIMdCVKMF8JCx4ebMNaaWJUN7rOqwztsR46cf4/vmoEI1nB/NBz5NuRDeTL/9ss HQKV8BBJppbQpmyE4OZe5ksWZbo2BO8f/+KI3JVX0qw6KgpEnkeY+V2JxW0izQUj F2nViEj11U7EZZhkiOWA6sF3jntEavQrUD5k9l5y5z+qpFEGyoiECmQTRcAGYxIx 44WXPhD0to7PtI7ROxHEtL1eoz1aDwXVzUxGRDHDBBoDqwjt/5aI9PKpWn+fZ+Bq K81VKCRff60xRr6yuaM4gsjY76VLKFN22RVAC1JVH6x4mxQ2bGXW3L6cHBhVtlwV dZGN+EjMeWWpqYnSM8JIiLmDNM0JZcDQFOzoOEjZoI6n20x/uYlwVrdjeNHGetiO ytPUJS1frJp2147mKz1SCIk169Rw9Aa1w6EK3OHDU6KvzVx05nZmjGs8BBnB3NQE kUcYWCEvl/nDXExT5L4/8dkSiE3NJ2ENNaEhA8ZORyitzo4GqiDPM01FLssFgFzB vkIkiBmDN+9dIzplHwLaYPIYIXyWFp16JT2g1pasmONJXo9FrxATgNzUnjsmfCap muYORrnTiYMI2qbXDvkj =VwNN -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/575455A1.3090501%40riseup.net. For more options, visit https://groups.google.com/d/optout.
