[qubes-users] Qubes source code in Python?
I was looking at the Qubes source recently and was mildly surprised to see that much of the Qubes-specific code is written in Python. As much as that helps with productivity, I would have thought that the security risks outweigh the benefits. Doesn’t the runtime engine alone present an attacker with a huge surface area compared to C, Rust, Go, and other languages typically used for system level development? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/213900ef-2430-456f-8239-eb664df4b459%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Python?
I was looking at the Qubes source recently and was mildly surprised to see that much of the Qubes-specific code is written in Python. As much as that helps with productivity, I would have thought that the security risks outweigh the benefits. Doesn’t the runtime engine alone present an attacker with a huge surface area compared to C, Rust, Go, and other languages typically used for system level development? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/63bcc9e6-3b39-4b9f-943d-a7f9c8017822%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] E' PEDOFILO ED ASSASSINO: PAOLO CARDENÀ (FACEBOOK)! DI CRIMINALISSIMO BLOG VINCITORI E VINTI ( VEDRA
I have reported you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b3a92df1-e75f-44b2-bc6a-3ff0be8e9a49%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qubes using cpu with 8 cores
There is a ton of information about Hyperthreading, use cases that benefit from it, use cases that don’t, Security issues, benchmarks, and more just a web search away. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8f52e5e9-80aa-4674-a420-77ef2ebfa09f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
Thank you for the informative reply. I have since learned that gaming on one PC while streaming from another is a thing. There are even PC cases made to house two separate motherboards, power supplies, etc for this purpose. I still don’t understand why anyone would want to do this, gamers have been streaming just fine from their gaming rigs for years. I suppose a dual system could be useful against ddos and other attacks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/33ec4659-6319-474e-bc55-a23815eae598%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
On Thursday, April 11, 2019 at 11:44:48 AM UTC-7, John Mitchell wrote: > On Thursday, April 11, 2019 at 7:31:49 PM UTC+2, jrsm...@gmail.com wrote: > > So do I. I just boot Windows for that though. I’m a very curious sort and > > genuinely don’t understand if you’re playing AAA games at high rez and > > frame rates. You’ll never get the performance for this use case out of a > > virtualized environment that you get with native Windows. > > The performance loss depends on the system. Some only lose 5%, I think I > lose a little more however I still have average 50 FPS at 1080p on a RX590 > and expect that will improve when the QEMU patches in the pipeline are > applied. That makes sense. I was thinking along the lines of 3K-4K with all of the eye candy dialed to Ultra. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d318825c-a2fb-4686-901b-e7fb11f1809f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
On Wednesday, April 10, 2019 at 3:25:34 AM UTC-7, unman wrote: > On Tue, Apr 09, 2019 at 11:45:02AM -0700, jrsmi...@gmail.com wrote: > > If there is no signal on PS/2 ground or I can eliminate it, is this the > > more secure route or is it worth doing the USB shuffle? I have 4 USB > > controllers available. > > > > If you really have 4 USB controllers I would allocate one to dom0 and 3 > to sys-usb (or more than one sys-usb). > Depending on your level of paranoia you might want to permanently attach > the devices to the usb port in dom0 - I mean physically. I see now why you phrased it the way you did ("If you really have 4 USB controllers..."). After running `sudo lspci -vv | grep -i usb` and getting back only two hits as dom0 I began digging. After all, my mobo docs and box says: Chipset+Intel ® Thunderbolt TM 3 Controller: - 2 x USB Type-C TM ports on the back panel, with USB 3.1 Gen 2 support Chipset+ASMedia ® USB 3.1 Gen 2 Controller: - 1 x USB Type-C TM port with USB 3.1 Gen 2 support, available through the internal USB header Chipset+Realtek ® USB 3.1 Gen 1 Hub: - 4 x USB 3.1 Gen 1 ports on the back panel Chipset: - 4 x USB 3.1 Gen 1 ports available through the internal USB headers - 6 x USB 2.0/1.1 ports (2 ports on the back panel, 4 ports available through the internal USB headers) so *obviously* there are four USB controllers, right? I can account for one of them not showing up, that's the controller in the Tunderbolt chipset. This shows up in Ubuntu as one of three USB controllers seen by lspci, but Qubes doesn't see it. The fourth could be the USB 3.1 Gen 2 front panel controller, which I haven't populated yet. Some of the docs I ran across describing lsusb looked promising, but then they would say something like, "you can see from the output above that there are two controllers", but it wasn't clear to me which were controllers vs hubs. I did learn that some controllers have multiple hubs (say USB 2.0 and USB 3.0), but it's much less straightforward to clearly identify the USB controllers than I thought it would be. I'm no longer sure that even that is the correct way to look at it since there could be multiple controllers on the same PCIe bus and the level of granularity we have to work with in Qubes is at the PCIe level. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a8cc1083-a65a-415c-893e-69be0dc50656%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Whonix-ws kill switch?
On Thursday, April 11, 2019 at 10:12:55 AM UTC-7, 22...@tutamail.com wrote: > If I am using Whonix-gw and Whonix-ws on Qubes is there in a sense a Tor kill > switch in place by default? i.e. would Whonix-ws, if always connected to > whonix-gw, ONLY transmit data thru Tor? or if the Tor circuit breaks is the > data transferred thru clear-net... > > Thx This doesn't really answer the question you asked, but have you considered using a VPN that has a kill switch feature? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c4428baf-0d48-445d-9289-73b02e1dd181%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
So do I. I just boot Windows for that though. I’m a very curious sort and genuinely don’t understand if you’re playing AAA games at high rez and frame rates. You’ll never get the performance for this use case out of a virtualized environment that you get with native Windows. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f117f79-cae7-4f72-bf7b-00154c30c6d0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: I found a good working alternative to pci video passthrough for owners of separate windows gaming PC w/ modern nvidia video card
On Wednesday, April 10, 2019 at 1:35:38 PM UTC-7, neovalis wrote: > Low latency game streaming is fantastic and doesn't need a GPU on the > client to work well. Moonlight Stream https://moonlight-stream.org/ is > a great open source project that allows near zero latency game streaming > over lan and internet (internet streaming requires a vpn and reducing > video quality but is still very functional). > > It needs a modern nvidia card that supports GameStream and GeForce > Experience Drivers installed on the windows PC. This allows for low > latency video encoding (on chip) and low latency decoding if you have > enough cpu power available in Qubes. (I'm currently running 1080p60fps > over lan and 720p 30fps over the internet on my mint laptop and > 1080p60fps on my qubes os desktop) > > If someone told me that this worked as well as it does I wouldn't have > believed it. > > The only big problem in Qubes OS is that the mouse doesn't translate > well once the session starts. The workaround for this is to connect a > separate mouse (and optional xbox controller) to the VM running > moonlight stream with qvm-usb. (If there's another solution to this I'd > be interested to know). As far as window size goes, moonlight stream > suffers from the same drop in frame rate/freezing that can occur when a > window is too large/fullscreen in qubes os. I'm able to run moonlight > stream at 1080p60 at nearly full screen on a 3440/1440 monitor. The > trick that I've found to determine the best window size is start > streaming a game/start streaming a video, notice which core is almost > maxed out which is usually the one Xorg on dom0 is running on (I'm using > sudo htop on dom0 to see this) and then increase/decrease the window > size little by little until the core is almost maxed out but with a > little left over headroom (Xorg is single threaded). The actual > decoding of the video stream in moonlight stream is multi-threaded so > extra cores assigned to the vm running the moonlight stream client helps > drastically (I'm currently using 10 cores and initial 800MB max 4000MB > memory). > > Outside of this the instructions on their site work great. The project > is also well supported by the community. I was able to get support on > discord for adding a config line for a non standard game controller > almost immediately. > > If I would have known this I wouldn't have wasted so much time working > on video pci passthrough setup. Hopefully this post will help more > people have their cake and eat it too as I have. > > Thanks, > -Neovalis I guess I'm missing a major point. Why would one want to game on Qubes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8dc5a8c9-f890-44fc-923c-8e6da2233c7c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
This is great input. This box will be in my home office on my home network (Xfinity), and I have no reason to think that anyone would be interested enough in what I’m doing to invest the resources necessary to enter my home when no one is there and plant surveillance. This is more about understanding risks and getting smarter about protecting my privacy. Plus I just think Qubes and Whonix are among the very few things in this world with noble goals and real solutions and I would eventually like to learn enough to make meaningful contributions. Just the fact that I’m on my home network precludes any sort of serious attempt at anonymity. If I needed that, I’d use a laptop, hotspot, and bitcoin bought through a cut-out, leave my cell phone at home, find a location far from any place I frequent, and get on a network that has no links back to me. Yeah, I read Kevin’s new book. :) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/19063f16-f3e7-42a7-8a3b-4fdb4d5e08ab%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
To be concrete and transparent, the mobo with PS/2 is a Gigabyte X299 Designare ex with four USB controllers and a header for a hardware TPM, which I’ve populated. The other mobo is an ASUS X299 Prime Deluxe II with no PS/2, five USB controllers and only supports a firmware TPM. Both are fantastic boards, but one is going back. If isolating USB kb and mouse to one controller that dom0 has exclusive access to is actually more secure than native PS/2 then I would lean toward keeping the ASUS and do without TPM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/185e94e0-9410-47b6-809c-1a3e55ffdedc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
The PS/2 keyboard leaking to ground risk seems like it would only apply if an attacker had physical access. Is that right or is there a way it could be exploited remotely? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0d553763-3f15-498d-8351-2b7f477af4d3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
Yet another approach might be to use a USB to PS/2 adapter to connect a USB keyboard that supports PS/2 signaling to a native PS/2 port. Would that be a good solution to avoid keyboard leaking signals to ground? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e118981a-a8f9-49cb-bfce-18a2abcb955a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
If there is no signal on PS/2 ground or I can eliminate it, is this the more secure route or is it worth doing the USB shuffle? I have 4 USB controllers available. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8eac93b9-892f-4b79-accb-b9ef31a1ad7d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: PS/2 Keyboard and Mouse via USB?
I really appreciate the responses. I bought a new mobo that does have native PS/2 to use with Qubes. It arrived today and I’ll be trying it out after work today. How would I go about determining if my keystrokes are being revealed on ground? I have a storage scope so I think it would just be a matter of hooking one probe near ground on the PS/2 port and the other to ground on something farther away like the power supply. If I see a signal, would some additional decoupling caps do the job to fix it or is there more to it? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/205c8262-03c8-4db7-8c6c-970ed3c58a08%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] New Install is Missing sys-USB, How to recover
Right after I posted, I ran across this, which directly answers your question and offers a solution that doesn’t require exposing dom0 to a USB controller except during LUKS password entry at boot time. https://www.qubes-os.org/doc/usb-qubes/#enable-a-usb-keyboard-for-login -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7319b228-1205-4320-8605-3661b4e0eca0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: PS/2 Keyboard and Mouse via USB?
And then there’s this: https://www.qubes-os.org/doc/usb-qubes/#enable-a-usb-keyboard-for-login. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5acd214c-2387-4e8b-9966-bcb1cda4a4f5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] New Install is Missing sys-USB, How to recover
I’ve done a fair amount of digging into USB with Qubes recently and the most comprehensive information I found was here: https://www.qubes-os.org/doc/usb-devices/. Also check out Joanna’s article on USB security issues that helped connect some dots for me: http://theinvisiblethings.blogspot.com/2011/06/usb-security-challenges.html My guess is that your keyboard is connecting via USB (perhaps indirectly via Bluetooth in your case). When installing Qubes with a USB keyboard, the installer doesn’t create sys-usb for you. The Qubes article describes how to create sys-usb manually, but it will only be able to manage the USB controller(s) your keyboard is not connecting through. You’ll still have dom0 exposed to the USB controller your keyboard is connecting through. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5eb83891-2c93-4338-a06d-6c2c3d66c5d5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: PS/2 Keyboard and Mouse via USB?
I just read Joanna’s 2011 article describing the challenges of USB security and I think this answers my question. Connecting the PS/2 keyboard and mouse to a USB device via an adapter still leaves the issue of securing the USB controller, so it offers little or nothing in the way of increased security vs simply using a USB keyboard and mouse. As she described, a separate domain could be used to manage the controller and use PVUSB to allow dom0 access to just the port(s) used by the keyboard and mouse. However, I don’t think this would work in the case of entering the LUKS password at boot time since that domain wouldn’t exist yet and dom0 would not have access to the keyboard. So if I’ve understood this material correctly, if I want to avoid exposing dom0 to any USB controllers and I want to use passwords for LUKS, native PS/2 keyboard and port are a must. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff63e2ce-8b2c-47a3-aab2-4097319c5fce%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: PS/2 Keyboard and Mouse via USB?
On Saturday, April 6, 2019 at 6:51:59 PM UTC-7, jrsm...@gmail.com wrote: > I have a motherboard that I would like to use with Qubes that has no PS/2 > ports. I have a PS/2 keyboard and mouse and would like to know if connecting > them via a PS/2 to USB adapter is as secure (or nearly so) as connecting via > native PS/2. > > There are excellent docs describing how to use a USB keyboard and mouse with > Qubes, but I haven't found anything that addresses this question, which is a > bit surprising. Seems like this would be a commonly asked and answered > question easily found in the docs. I went ahead and ordered one of these: SANOXY PS2 Keyboard To USB Adapter for about $10 from Amazon. It will be here Tuesday and I'll be able to try it out. Even if it "works" - as a fresh install of 4.0.1 will treat the PS/2 keyboard and mouse attached via USB as native PS/2 (I doubt it), that still leaves the question of how much exposure to USB dom0 will have. Anyone know for certain? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b719d777-2c11-4553-8ed5-88a221a559bb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] PS/2 Keyboard and Mouse via USB?
I have a motherboard that I would like to use with Qubes that has no PS/2 ports. I have a PS/2 keyboard and mouse and would like to know if connecting them via a PS/2 to USB adapter is as secure (or nearly so) as connecting via native PS/2. There are excellent docs describing how to use a USB keyboard and mouse with Qubes, but I haven't found anything that addresses this question, which is a bit surprising. Seems like this would be a commonly asked and answered question easily found in the docs. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b2c4fb0-4329-48bf-ba3c-fe9ec45cada5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: PS2 port add-on card?
On Saturday, April 6, 2019 at 2:38:53 PM UTC-7, jrsm...@gmail.com wrote: > Or is a PS2 to USB adapter with native PS2 keyboard and mouse just as secure? It looks as though adding native PS/2 ports to a motherboard that doesn't already have them is a non-starter. I also read through several docs (some of them Qubes docs, others from Reddit) that describe how to isolate a USB keyboard and mouse to dom0 while making other USB devices available via sys-usb, but I have found nothing that speaks to the question of whether or not a native PS/2 keyboard and mouse can be connected via a PS/2 to USB adapter and still be secure. It's a bit surprising that there isn't something easily found in the Qubes docs or with a simple Google search to answer this question. Hoping someone here has the answer. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8fc865bc-c810-4826-b618-09c0f62293a8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] PS2 port add-on card?
Or is a PS2 to USB adapter with native PS2 keyboard and mouse just as secure? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/16475027-0247-43ac-85bf-e6476afb4f26%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] PS2 port add-on card?
I've got a motherboard that does not have PS2 ports that I would like to use for Qubes with a PS2 keyboard and mouse. I've seen several add-on cards that look like they might provide the ports without going through USB, but they're slim on specifics. Is anyone using one that they can recommend? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d96bc3fe-8159-4cd6-a119-695abd0792d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hyperthreading on or off?
Looking for guidance on best practices for Qubes configuration: given the vulnerabilities that have been reported with Hyperthreading, it would seem to be a no-brainer that it should be disabled, but I don’t see anyone coming right out and saying so. Curious what this group thinks. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f4580a97-000b-449d-b0b3-fcc368ea84bd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Still don't understand how Debian-9 template is connected to Whonix templates
So I can safely delete the Debian-9 template? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4ba5ae55-6073-473e-8da2-31ddd1f990e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: coreboot on modern hardware?
On Saturday, March 30, 2019 at 12:27:47 PM UTC-7, Chris Laprise wrote: > On 3/30/19 2:43 PM, seshu wrote: > > > In terms of open source hardware has any tried RISD V (https://riscv.org/ > > )? or have thoughts on its potential? They are not selling hardware, albiet > > it's pretty expensive, through the company Sifive > > (https://www.sifive.com/boards ) > > > > This has been an interesting forum thread to read, So, I was wondering what > > potential RISC V and SiFive offer? > > Sifive isn't interesting for PCs/laptops. IIRC it is the BOOM processor > project that is said to take RISC-V in that direction. > > -- > > Chris Laprise, tas...@posteo.net > https://github.com/tasket > https://twitter.com/ttaskett > PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 After doing some more reading, I've fount that I was hasty to judgement in saying that the coreboot team had thrown up their hands in defeat at the limitations of modern hardware. As it turns out, the Docs are just horribly out of date. Looking at the release notes for the past few years shows that they have not only not given up, but have already made significant progress in adapting to changes in the hardware we live with. My apologies to the coreboot team for my mis-statement. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ebed317-3f78-48bf-b860-25aeb250cc39%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Still don't understand how Debian-9 template is connected to Whonix templates
On Sunday, March 31, 2019 at 8:12:01 AM UTC-7, awokd wrote: > jrsmi...@gmail.com wrote on 3/31/19 3:04 PM: > > I'm finally going to just ask. I've been searching for something to help > > me understand this for months now. Debian-9 template is somehow connected > > to the Whonix templates, but not by the usual templateVM / appVM mechanism. > > Can someone please enlighten me or point me to the docs I've not found yet. > > > > They share components during the build process, but by the time you > install them they are independent. Why do you think they continue to be > connected? Thanks, just having that verified helps. It seemed like that had to be true (that they are wired differently than other templateVMs due to tighter coupling requirements than simple overlays can provide). I suppose that whatever sharing of components that was configured at build time persists across domain updates so that the other templates are notified of installed package changes among each other. I believe dom0 also receives the same or similar notifications. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bd781c3-cf06-48f1-819e-1c6b104fdcb2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: [Update] Re: Announcement: Qubes Tor onion services will no longer be maintained
On Monday, March 25, 2019 at 7:44:31 PM UTC-7, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 24/03/2019 7.30 PM, Andrew David Wong wrote: > > Dear Qubes Community, > > > > We regret to announce that the Qubes Tor onion services will no longer > > be maintained due to lack of resources. This includes all Qubes onion > > services, including the Qubes website onion mirror and the onion package > > repos. > > > > We would like to thank the Whonix Project for generously maintaining > > these services for over a year. [1] Maintaining the Tor onion services > > requires labor, servers, and bandwidth. Unfortunately, none of these > > resources are available to the Qubes OS or Whonix projects in sufficient > > quantities to allow us to continue offering these services. > > > > We recommend that users who currently rely on any Qubes onion addresses > > transition to the corresponding clearnet addresses immediately. > > > > > > [1] > > https://www.qubes-os.org/news/2018/01/23/qubes-whonix-next-gen-tor-onion-services/ > > > > This announcement is also available on the Qubes website: > > https://www.qubes-os.org/news/2019/03/24/tor-onion-services-no-longer-maintained/ > > > > Dear Qubes Community, > > Thank you all for your support. Unman has generously agreed to bring the > Qubes Tor onion services back and maintain them. He has considerable > experience in hosting and infrastructure management, including running > onion services. He is working on it now. We'll have another update for > you soon. > > Thank you, unman! > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlyZkfsACgkQ203TvDlQ > MDCeNA/8Dcb3mOGy0GqtoVN1adyRk0sx8HjC372wsN3WdTKSpMPT3vSnv83x > 7F7l+14g5ODfp0g0NN2yNZau24KswW4j96cWMrjAGTgTBtpOp76MmKnDWAATUt13 > 6gL7QACtG6QOvK0FKKa+6Y3JGXyftG2GxomeS1d6LPiG09FN45IGbjyIvwRhM8iv > igfniJr/mhwxfjKjMrPiCBqJdr4PjX07LMSB/qns/qXJBcH8xga2KRM4tqSmCTEr > Vin6ecAxKsQOL0RMCoEGRDNt0ieQkrqhQTp4o+B6AbiYyjB7ggQm9Kyt8gGYymM1 > NibtSIiDooBQzOx+Qp61re2Im40bTrQPJV5KvHJkN3klBDQsfiu8n6LSdeGcdA8V > 49TGr1gVIegfpc56wCbj9g4UnKIpoUKpGJEyKMLaqXG0nVkr07gTuePQX4bhswD/ > sY/V1qwYssD1l79eqVNu9QC8Jnx6DTtKnidDaj6wEJFmZnAy+O35znrbquJpCRi+ > 2XGXnqF1MP+8xRlOlMnEtFzKVv2LPYKUJTYPVSPUci+D0l8f8649eJcGSECk13BX > FakdNrzIseJxOOhYvH8zsl4HGy4TD/Xe4aHeh+fBNCpO/9XEB0WYvWF2rW4RmaRn > YCCEOa2HA0E+3czZarhTYvTllQWLQ2N+874g/qkWU82cOzYtgIQ= > =hqT/ > -END PGP SIGNATURE- Thank you, Unman for taking this on. I still think the larger issue is that the qubes and whonix teams are severely resource strapped. It is truly a David and Goliath situation between them and the Wintel money machine. We need to give these guys all the financial support we can. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/68e9cb48-8d7a-4bea-abbc-d928d0fff52a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Still don't understand how Debian-9 template is connected to Whonix templates
I'm finally going to just ask. I've been searching for something to help me understand this for months now. Debian-9 template is somehow connected to the Whonix templates, but not by the usual templateVM / appVM mechanism. Can someone please enlighten me or point me to the docs I've not found yet. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/758da849-9664-44e8-8587-b7706fdaecb3%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] coreboot on modern hardware?
https://github.com/system76/coreboot Clearly they think they can handle modern hardware. Makes me wonder why the coreboot folks have thrown up Thierry hands and declared defeat. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/81b8ad67-48ab-400b-9bba-9a22280baa4e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] coreboot on modern hardware?
>From a recent System76 announcement: “In firmware news, our engineer Jeremy has made a lot of progress in porting Coreboot to the Darter Pro and multiple versions of Galago Pro. It can now run both BIOS and UEFI implementations. However, certain bugs need to be worked out before we can officially release Coreboot on any of our laptops, such as a bug that causes the computer to open from suspend in airplane mode, or another that prevents the user from activating the webcam via keyboard functions. These and other bugs are being worked out in testing, and many of us across different departments are testing Coreboot on our own computers.” -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2bd19eb5-94c6-4890-93e8-737b45a5b42c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] coreboot on modern hardware?
What does this say about the direction Joanna and Golem are taking? Everyone build clouds on Intel hardware. No getting around that. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/401ade55-d65d-4769-abcb-e54f52cbdd12%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Announcement: Qubes Tor onion services will no longer be maintained
This is seriously bad news. If you and Whonix are that resource strapped, it does not bode well for the future of either team. I have done my part and contributed what I could to both. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0dc40ab1-30fe-4a43-8c2f-4c6d111bd4e8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] coreboot on modern hardware?
That was one of the first places I looked. Maybe I’m just a hardhead, but I found it difficult to believe that there really was no support for coreboot in any form for modern hardware. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a38bc37-68b3-4a8e-b3a0-932742ced5d2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] coreboot on modern hardware?
Spent several hours yesterday trying to track down what I would need to do to install coreboot on all of my computers, starting with my Qubes box: a Levnovo Thinkpad T480. The bottom line from what I can tell is that if you have an Intel CPU made since 2008 (any that have Boot Guard) or an AMD CPU made since 2013 (any that have PSP), you are out of luck. Libreboot spells this out in their docs. I'm not sure if that is because of coreboot itself or something specific to Libreboot. I was stuck by how they seemed perfectly fine walling themselves off from the present and the future. I could find nothing indicating that anyone had even tried, much less succeeded, in installing coreboot on a T480 and everything I did find was for much older hardware. I read through the coreboot docs where they just wave their hands at the end of the build process and say "now go flash". I also read through the heads docs, which say more or less the same thing. Hackaday has an article on the horrors of installing coreboot on a Toshiba laptop. Not only do they neglect to say which model they used, at the end of the article they had it working. The gist is that the information that's out there is out of date, incomplete, misleading, and sometimes just incompetent. I'm hoping that someone here has first-hand knowledge and can advise me (and others who read this). Thanks, John Smiley -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91b65a9e-15d1-49a6-a828-13cc2c5b486b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: i9-9980XE or i9-7980XE on Gigabyte X299 DESIGNARE EX or AMD 2990WX TR on Gigabyte X399 DESIGNARE EX?
I knew that I get more cores per $ with AMD but hadn’t heard that IO would be better too. Can you paste a link? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/42d18859-41e5-4b3e-892b-4e1f6d08a6ca%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes - Critique (long)
“The install appeared successful. I was able to add Chromium to an appVM. When I started the appVM and launched Chromium from the menu... nothing! No window, no error message. I tried a number of times (the reason for just re-trying will be mentioned below). ” This stood out for me and was not addressed by others, so I’ll ask the obvious question. Did you install the software in the appVM as you stated or did you install in the template VM the appVM was based on? For most installed software, it needs to be installed in the Template VM for it to be there after the appVM is bounced. Installing in the appVM causes the install to be lost on the next reboot of that appVM since it gets its installed software from the Template. I usually clone the distro templates and install my stuff there and then create appVMs with my copies. That way I can be sure that the distro templates remain upgradable via QM. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/bf835842-6253-4b3b-83de-d43d3fde6362%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] i9-9980XE or i9-7980XE on Gigabyte X299 DESIGNARE EX or AMD 2990WX TR on Gigabyte X399 DESIGNARE EX?
There's nothing even close to these on the HCL, but would like to know if anyone has attempted either of these with 4.0.1 and succeeded. These are essentially the same base hardware as given in the BoM for the recently announced System76 Thelio Major open source hardware desktop systems. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0cac9db0-a0b3-452a-a08c-608d9034e5f0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Whonix Yes or No
Reading through the post questioning the trustworthiness of Whonix, I can't tell whether we can continue trusting/using Whonix or not. Can someone (preferably in a position to speak for QubesOS), please state, in a straightforward and unambiguous manner, spell this out for us? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2f35c1b7-bcdf-40f7-963d-3d29e2692b2a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Hardware Compatibility List
I'm new to Qubes, so I will preface this by saying that there may be something I'm missing. What struck me was how many systems lacked a specification for SLAT and TPM. If you want people to take you seriously, you need to know these things. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a6173911-b01b-4999-bfb4-708f57951134%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.