Re: [qubes-users] New Foreshadow exploits CPU bug

2018-08-21 Thread 'Leo Gaspard' via qubes-users
On 08/21/2018 11:39 AM, taii...@gmx.com wrote: > SGX is another ME service slash intel marketing gimmick invented for DRM > not security. > > If the person who purchased the computer can't examine the VM's running > on it then they are not owning it simply licensing it which is why SGX > is a bad

Re: [qubes-users] Re: Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

2018-05-16 Thread 'Leo Gaspard' via qubes-users
On 05/16/2018 11:20 PM, Ilpo Järvinen wrote: > On Wed, 16 May 2018, taii...@gmx.com wrote: > >> On 05/15/2018 01:22 AM, john wrote: >> >>> On 05/14/18 14:58, Ángel wrote: This paper is most interesting for the discovery of multiple ways email client leak information on visualization.

Re: [qubes-users] Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

2018-05-14 Thread 'Leo Gaspard' via qubes-users
On 05/14/2018 02:45 PM, mossy wrote: > embargo broken early, attack/vulnerability details here -- > https://efail.de/ > > (and yes it seems like disabling HTML will mitigate the most > reliable/least complex attacks) Incidentally, the GnuPG press release, that raises the point that the paper may

Re: [qubes-users] Critical PGP bugs. Do they possibly affect Split-GPG in Qubes?

2018-05-14 Thread 'Leo Gaspard' via qubes-users
I can't tell for sure for not having read the paper, but it sounds like too much hype for vulnerabilities not so important: https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060317.html https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html (Werner being the maintainer of GnuPG)

Re: [qubes-users] Re: R4.0 drops USB data

2018-03-08 Thread Leo Gaspard
On 03/08/2018 02:12 PM, Ed wrote: > [...] > > Are you passing the device through to another VM? > > The USB pass-through method has given me issues in the past for devices > that use a lot of bandwidth (webcams), though you are saying data is > lost after only a few bytes, I still might be

Re: [qubes-users] Re: porting to ARM

2018-01-12 Thread Leo Gaspard
On 01/12/2018 12:45 PM, 'awokd' via qubes-users wrote: > On Fri, January 12, 2018 8:59 am, Ph.T wrote: >> . my initial motivation for ARM was that >> intel seemed more prone to #spectre than ARM; >> https://developer.arm.com/support/security-update >> "majority of Arm processors are not impacted

POWER9 (was: Re: [qubes-users] Re: porting to ARM)

2018-01-10 Thread Leo Gaspard
Am I the only one to notice you brought up POWER/TALOS something like five times in the last week, even when the thread originally had nothing to do with it (like this one)? I get it you're enthusiastic about an open processor getting actually used (unlike RISCV) (and must say I am too), but it's

[qubes-users] Re: Mozilla

2017-12-27 Thread Leo Gaspard
On 12/27/2017 07:38 PM, taii...@gmx.com wrote: > On 12/26/2017 06:34 PM, Leo Gaspard wrote: > >> (disclaimer: I once was an intern for Mozilla, though I do not have any >> bond with Mozilla right now) >> >> tl;dr: please do google for “looking glass” and “mozilla”

Mozilla (was: Re: [qubes-users] Password security/disposable vm security)

2017-12-26 Thread Leo Gaspard
On 12/26/2017 03:25 PM, 'Tom Zander' via qubes-users wrote:>> "Personally, I' d avoid thunderbird and anything from mozilla, but thats >> just me." >> Do they have a bad track record(I planned on researching my apps later >> =p). > > Just last month they added an invisible plugin in their binary

Re: [qubes-users] Suggestions (for forum posts)

2017-12-03 Thread Leo Gaspard
On 12/03/2017 04:02 AM, Andrew David Wong wrote:>> No, a Google Account is not required. Many people who use the >> Qubes mailing lists never create one. If you're subscribed to one >> of the lists, you should be receiving every message sent to that >> list. (Of course, you won't retroactively

Re: [qubes-users] Re: Qubes support Secure Boot

2017-12-02 Thread Leo Gaspard
On 12/02/2017 03:11 AM, taii...@gmx.com wrote: > On 11/23/2017 07:55 AM, Leo Gaspard wrote: > >> Can you please avoid ranting against secure boot once again? >> >> Secure boot is *not* useless. It *does* bring security benefits, >> although not as good as measure

Re: [qubes-users] Re: Qubes support Secure Boot

2017-11-23 Thread Leo Gaspard
On 11/23/2017 03:35 AM, taii...@gmx.com wrote: > On 11/22/2017 07:25 PM, xeph...@gmail.com wrote: >> This is quite late, but now that UEFI is supported...is secure boot?  >> Wasn't quite sure what key or signature to import. > Why are all the newbies here so obsessed with a microsoft technology? >

Re: [qubes-users] Qubes & Quantum decryption Immunity

2017-11-12 Thread Leo Gaspard
On 11/12/2017 10:43 AM, Yuraeitha wrote: >> As for quantum networks, they are slightly more obtainable than, say, >> moon rockets. > > [...] > Given the fiber internet network might be able to carry these signals, it's > not farfetched to imagine we'll start to have portions of Quantum internet

Re: [qubes-users] Re: Is there a way to use secure boot with qubes?

2017-11-11 Thread Leo Gaspard
On 11/09/2017 12:27 PM, blacklight wrote: > On Wednesday, 8 November 2017 20:52:14 UTC, Guerlan wrote: >> My computer complains about bad signature when I try to install qubes. Is >> there a way to install it without disabling secure boot? Does qubes support >> secure boot? Is there a way to

Re: [qubes-users] Pointer lock API

2017-09-24 Thread Leo Gaspard
On 09/24/2017 04:50 AM, Nagaev Boris wrote: > Hey! > > I noticed that Quake3 almost works in Qubes 3.2, but has one annoying > issue: the pointer is unmanageable. It looks like the pointer has the > "memory" about its previous position: e.g. when I move it left, the > game continues moving right.

Re: [qubes-users] Supercookies / Zombie cookies / Web Tracking — how effective are Qubes security domains against this

2017-09-19 Thread Leo Gaspard
On 09/19/2017 02:23 PM, taii...@gmx.com wrote:> It is impossible to have storage communication between VM's, that would > be a separate security issue. > On timing attacks or w/e - you may be able to avoid cross communication > by putting every AppVM on a separate core of a many core CPU such as

Re: [qubes-users] Supercookies / Zombie cookies / Web Tracking — how effective are Qubes security domains against this

2017-09-18 Thread Leo Gaspard
On 09/18/2017 09:27 PM, jes...@gmail.com wrote: > Thank you Micah and Michał, but I am not actually asking about a standard as > strong as 100% bulletproof anonymity or anything. I really am just concerned > about whether any of the methods on that list that I linked to would be > enough to

Re: [qubes-users] Options for securing /boot

2017-09-08 Thread Leo Gaspard
On 09/08/2017 04:51 AM, taii...@gmx.com wrote: > One can use coreboot with grub's kernel signing features on an owner > controlled non PSP/ME PC such as the Lenovo G505 (laptop) or KCMA-D8 > (workstation), then after coreboot is working you enable the flash write > restriction so that it can't be

Re: [qubes-users] Options for securing /boot

2017-08-29 Thread Leo Gaspard
On 08/29/2017 04:01 PM, cooloutac wrote: > On Monday, August 28, 2017 at 6:36:08 PM UTC-4, Leo Gaspard wrote: >> Just encrypting /boot would bring little, as it would still be possible >> to modify the unencrypted part of GRUB (that decrypts /boot) to have it >> overwrite the

Re: [qubes-users] Options for securing /boot

2017-08-28 Thread Leo Gaspard
Just encrypting /boot would bring little, as it would still be possible to modify the unencrypted part of GRUB (that decrypts /boot) to have it overwrite the /boot with malicious kernel images (or even to not use the ones provided). The options I know of are (from IMO strongest to weakest): *

Re: [qubes-users] Re: remote code execution via UDP packets (CVE-2016-10229) in the context of Qubes // and kernel update recommendations

2017-04-14 Thread Leo Gaspard
On 04/14/2017 06:00 AM, Reg Tiangha wrote: > On 04/13/2017 09:33 PM, cooloutac wrote: >> On Thursday, April 13, 2017 at 11:26:07 PM UTC-4, cooloutac wrote: >>> So probably the kernels are not actually vulnerable, They fixed it a year >>> ago with patches, and with Qubes you assume this sort of