[qubes-users] Intel microcode fiddling

2020-10-28 Thread Sandy Harris
Noticed on Slashdot. Is this either dangerous or useful for Qubes? https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe

[qubes-users] Xen ported to Rasberry Pi 4

2020-09-30 Thread Sandy Harris
(from Slashdot) https://www.theregister.com/2020/09/29/xen_on_rpi_4/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To

[qubes-users] Intel Optane?

2020-09-16 Thread Sandy Harris
I am likely to buy a machine soon for Qubes. One candidate would come with 32G of optane & 512G PCIe SSD. I'm seeking advice on using optane with Qubes. Searching for optane on the Xen site gives no hits, a general search for "qubes optane" gives a few but none that seem remarkably helpful.

[qubes-users] F2FS?

2020-09-10 Thread Sandy Harris
F2FS is flash-friendly file system, designed from scratch (by Samsing) for flash devices. Some benchmarks look encouraging. https://www.phoronix.com/vr.php?view=27370 I've been using ext2 on flash drives to avoid the overheads of journalling in other systems like ext4. For my Qubes install, I

[qubes-users] For a Windows VM?

2020-09-06 Thread Sandy Harris
Windows 10 "minus the spyware" https://ameliorated.info/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this

[qubes-users] Graphics support?

2020-09-06 Thread Sandy Harris
I'm contemplating a new computer, either laptop or all-in-one desktop, on which I'll run Qubes. Looking at https://www.qubes-os.org/doc/system-requirements/ I find: : Intel IGP (strongly preferred) :: Nvidia GPUs may require significant troubleshooting. :: AMD GPUs have not been formally tested,

[qubes-users] All-in-one PC?

2020-09-04 Thread Sandy Harris
I travel a lot so I want something at least somewhat transportable, but I also want a large screen with fairly high resolution & a reasonably powerful system. It looks like an AIO PC might be a good compromise, better for me than either laptop or the usual desktop systems. Specifically, this HP

Fwd: [qubes-users] QUBES Friendly Version

2020-04-27 Thread Sandy Harris
Oops. Sent to poster rather than list. -- Forwarded message - From: Sandy Harris Date: Tue, Apr 28, 2020 at 11:41 AM Subject: Re: [qubes-users] QUBES Friendly Version To: [NOTIFICATION] '[NOTIFICATION]' via qubes-users wrote: > Do you think QUBES is better than COPPERH

[qubes-users] Boot qubes-os from net?

2020-04-26 Thread Sandy Harris
Can the OS be booted from the network? I want my workstation as secure as possible so I'd like to use Coreboot. However I also want a motherboard with support for the 17-9700K, a fast chip without hyperthreading (which qubes disables by default on CPUs that have it) and with 10G ethernet. It

[qubes-users] Another Intel vulnerability

2020-03-11 Thread Sandy Harris
https://techxplore.com/news/2020-03-unfixable-flaw-intel-chipset.html -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com.

Re: [qubes-users] Hyperthreading is turned off by Qubes

2019-12-27 Thread Sandy Harris
'Ilpo Järvinen' via qubes-users wrote: > > Is it possible to get Xen in Qubes to enable hyperthreading? ... > > Are there any obvs pitfalls or technical issues to explain why Xen turns > > it off? > > Yes, HT is turned off intentionally for security purposes. Some of the > Intel CPU

[qubes-users] hardware-level attack

2018-10-04 Thread Sandy Harris
Chinese government vs Supermicro servers: https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this

[qubes-users] Cukoo sandbox?

2018-05-27 Thread Sandy Harris
Will this work under Qubes-OS? https://cuckoosandbox.org/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to

Re: [qubes-users] Re: new Desktop build recommendation

2017-12-29 Thread Sandy Harris
On Sat, Dec 30, 2017 at 2:23 AM, taii...@gmx.com <taii...@gmx.com> wrote: > On 12/29/2017 12:01 PM, Sandy Harris wrote: >> That may be good advice, but there's another point of view. ... > What exactly are you trying to say here? That either one of us are idiots > like th

Re: [qubes-users] Re: new Desktop build recommendation

2017-12-29 Thread Sandy Harris
> I would buy the RAM and CPU off of ebay, there is no reason to pay $80/ea > for that ram or $172 for a 6380 ($100 on ebay) you could get a 6386SE for > that price. (needs 140W cooler FYI) No reason to get the "protection plan" > for anything either its a waste of money. That may be good advice,

[qubes-users] Fwd: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions

2017-11-22 Thread Sandy Harris
>From a crypto list, seemed relevant here. -- Forwarded message -- From: =JeffH Date: Tue, Nov 21, 2017 at 7:04 PM Subject: [Cryptography] Intel Management Engine pwnd (was: How to find hidden/undocumented instructions To: "Crypto (moderated) list"

Re: [qubes-users] Qubes & Quantum decryption Immunity

2017-11-12 Thread Sandy Harris
On Sat, Nov 11, 2017 at 6:22 PM, Chris Laprise wrote: >>> Would be simpler off the bat to limit discussion to asymmetric crypto, >>> as that is the type thought to be vulnerable to qc. LUKS/dmcrypt and >>> most other disk encryption uses symmetric crypto. >>> >>> I believe

Re: [qubes-users] Qubes & Quantum decryption Immunity

2017-11-10 Thread Sandy Harris
On Fri, Nov 10, 2017 at 1:45 PM, Yuraeitha wrote: > Either way, cryptography protected by "structure", should be safe against a > quantum computer, no? while all encryption without structure, would be > extremely vulnerable to quantum computers? I am not sure what you

[qubes-users] AMD and ME?

2017-09-01 Thread Sandy Harris
Since the Management Engine (ME) is an Intel feature, can one avoid its risk by just buying an AMD-based machine? Or does AMD have a similar feature? Or lack some of the virualisation support Qubes relies on? Perhaps some other sort of machine altogether? -- You received this message because

[qubes-users] Re: A worrisome threat?

2017-08-29 Thread Sandy Harris
As I probably should have known, Qubes developers are already well aware of this. See for example: https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and

[qubes-users] A worrisome threat?

2017-08-29 Thread Sandy Harris
Does Qubes block this? If not, should it? In either case, how? -- Forwarded message -- From: Henry Baker Date: Tue, Aug 29, 2017 at 7:51 AM Subject: Re: [Cryptography] How to find hidden/undocumented instructions To: cryptogra...@metzdowd.com FYI --

Re: [qubes-users] Re: Unofficial forward-ported grsec 4.9 Qubes kernel branch

2017-08-24 Thread Sandy Harris
At some point, these patches may become unnecessary & perhaps some of them already are. There is ongoing work aimed at getting related patches into the mainline Linux kernel. Wiki: https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project Mailing list:

Re: [qubes-users] GPU is deal-breaker

2017-08-21 Thread Sandy Harris
On Mon, Aug 21, 2017 at 8:54 AM, Matty South wrote: > On Monday, August 21, 2017 at 7:14:29 AM UTC-5, Francesco wrote: >> On Mon, Aug 21, 2017 at 12:38 AM, wrote: >> *** TL;DR: Would the option to attach the GPU to a single qube be feasible? >> ***

Re: [qubes-users] entropy for gpg

2017-07-30 Thread Sandy Harris
t does not support that, it should. > the appvm was based on debian-9 Debian has haveged(8) which might solve your problem. I wrote a small program to solve this problem & the PDF doc discusses other solutions including havege. https://github.com/sandy-harris/maxwell -- You received

[qubes-users] Kapersky OS?

2016-11-18 Thread Sandy Harris
Put this in a VM? https://fossbytes.com/kaspersky-os-hackproof-microkernel/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

Re: [qubes-users] Why does QUBES recommend SSD drives..?

2016-08-17 Thread Sandy Harris
On Tue, Aug 16, 2016 at 10:45 PM, wrote: > The Qubes website recommends SSD drives. > > Is there any particular reason..? The main one is speed. For the boot drive in workstations or laptops, I've been using SSDs for years. The performance gain was large enough to

Re: [qubes-users] adding gresecurity to Qubes

2016-06-17 Thread Sandy Harris
Lorenzo Lamas <lamas9...@gmail.com> wrote: > > On Wednesday, June 15, 2016 at 6:31:23 AM UTC+2, Sandy Harris wrote: >> >> It may not be necessary. There is a kernel hardening project >> which is bringing some of the grsecurity & PaX stuff into the >> mai

Fwd: [qubes-users] adding gresecurity to Qubes

2016-06-14 Thread Sandy Harris
On Fri, Jun 3, 2016 at 2:39 AM, wrote: > Hello I was wondering if Qubes might ever add Gresecurity in the future?I > think adding it would be great since you'll have a hardened kernel It may not be necessary. There is a kernel hardening project which is bringing some of the