Re: [qubes-users] SWAPGS Side Channel Attack

2019-09-09 Thread Simon Gaiser
/archives/html/xen-devel/2018-07/msg00982.html [3]: https://grsecurity.net/respectre_announce.php Simon -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE3E8ezGzG3N1CTQ//kO9xfO/xly8FAl12ZYgACgkQkO9xfO/x ly8fVhAAytcPEKgHfchZFSx8b4q0yGijnM2PVS5z7zbYchQtZ3xkgf+6ZxGwauay buD22CE2B+ZMWhgnS3VW5fB

Re: [qubes-users] SWAPGS Side Channel Attack

2019-09-09 Thread Simon Gaiser
ing like this is not in place currently. See [3] for a description of the non-public gcc plugin from grsecurity which implements this approach. [2]: https://lists.xenproject.org/archives/html/xen-devel/2018-07/msg00982.html [3]: https://grsecurity.net/respectre_announce.php Simon -- You rece

[qubes-users] Re: service VMs not auto starting

2019-05-11 Thread simon . newton
On Saturday, May 11, 2019 at 1:47:05 PM UTC+1, simon...@gmail.com wrote: > Ive not had this problem on any other machine I run qubes on, and its a bit > perplexing > > service VMs will not start automatically during the boot process. systemctl > status returns "libxenlight

[qubes-users] service VMs not auto starting

2019-05-11 Thread simon . newton
Ive not had this problem on any other machine I run qubes on, and its a bit perplexing service VMs will not start automatically during the boot process. systemctl status returns "libxenlight failed to create new domain" libxl-driver.log shows "domcreate_attached_devices: unable to add PCI

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

2019-02-14 Thread simon . newton
elves in the foot because the interface is not intuitive (it > > says it blocks all traffic other than what is specified and then later > > modifies this saying "just kidding, we let DNS through") > > > > Feb 14, 2019, 11:59 AM by simon.new...@gmail.com: > >

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

2019-02-14 Thread simon . newton
On Thursday, February 14, 2019 at 11:54:28 AM UTC, simon@gmail.com wrote: > On Thursday, February 14, 2019 at 3:54:04 AM UTC, Marek Marczykowski-Górecki > wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Wed, Feb 13, 2019 at 08:42:10AM

Re: [qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

2019-02-14 Thread simon . newton
On Thursday, February 14, 2019 at 3:54:04 AM UTC, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Wed, Feb 13, 2019 at 08:42:10AM -0800, simon.new...@gmail.com wrote: > > In 3, if i clicked on "block connections" in the Qubes manager firewall > >

[qubes-users] why was DNS/ICMP removed from Qubes manager/firewall in R4?

2019-02-13 Thread simon . newton
In 3, if i clicked on "block connections" in the Qubes manager firewall section, there was (if memory serves me) an option to block DNS and ICMP. That is not present in R4 (though docs say you can disable DNS and ICMP manually) I'm just wondering what the logic behind the removal was? I would

[qubes-users] Does anyone use any integrity checking in Dom0

2019-01-08 Thread simon . newton
As per subject, does anyone use things such as AIDE (or other file integrity IDS) ? I understand the security model is "if dom0 is compromised, you are fscked" but it would be at least nice to have something that gave me a heads up if such an event happens. -- You received this message

Re: [qubes-users] Re: Qube max storage size

2019-01-08 Thread simon . newton
On Monday, January 7, 2019 at 3:03:00 PM UTC, unman wrote: > On Mon, Jan 07, 2019 at 07:52:25AM -0600, Stuart Perkins wrote: > > > > > > On Sun, 6 Jan 2019 07:41:35 -0800 (PST) > > Plex wrote: > > > > >On Sunday, January 6, 2019 at 3:20:08 PM UTC, Plex wrote: > > >> Is there a technical

[qubes-users] Re: my dom0 is not updating since before 4.01

2019-01-06 Thread simon . newton
On Sunday, January 6, 2019 at 1:32:45 PM UTC, Sergio Matta wrote: > I think I have a problem with yum file configuration. Fedora 25 looks like ok > but Qubes never finds data: > > Fedora 25 - x86_64 - Updates 1.0 MB/s | 24 MB 00:24 > Fedora 25 - x86_64

Re: [qubes-users] PCI passthrough working in Qubes R4.0?

2018-01-18 Thread Simon Gaiser
Marek Marczykowski-Górecki: [...] > I don't see anything else related to this device. So until Simon gets > permissive mode sorted out, it look like you have to use that usb > ethernet. FYI: https://github.com/QubesOS/qubes-core-admin/pull/184 -- You received this message be

Re: [qubes-users] PCI passthrough working in Qubes R4.0?

2018-01-18 Thread Simon Gaiser
Marek Marczykowski-Górecki:> On Thu, Jan 18, 2018 at 03:06:00PM +0000, Simon Gaiser wrote: >> awokd: >>> On Thu, January 18, 2018 2:26 pm, "Marek Marczykowski-Górecki" wrote: >>> >>>> >>>> According to logs provided by mossy-nw per

Re: [qubes-users] PCI passthrough working in Qubes R4.0?

2018-01-18 Thread Simon Gaiser
awokd: > On Thu, January 18, 2018 2:26 pm, "Marek Marczykowski-Górecki" wrote: > >> >> According to logs provided by mossy-nw permissive mode is correctly >> enabled in xen-pciback in dom0 for this device. The question here is what >> else is needed for HVM (using qemu in stubdomain). > > My

Re: [qubes-users] How to rollback Dom0 updates?

2016-12-12 Thread Simon
positive note I find it great that the template VM now shut down themselves automatically once the update is done :) ! Have a nice day, Simon. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving email

Re: [qubes-users] Re: How to enable permanent full screen mode in appvm ?

2016-12-11 Thread Simon
notes while watching the video). Regards, Simon. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to

Re: [qubes-users] How to rollback Dom0 updates?

2016-12-11 Thread Simon
issue around the proxy feature (there is no such issue with the templates, updating Dom0 takes twice as much time as updating the templates). - I regularly have ghost updates (the icon announcing that updates are available while there are none) but I think this is a known issue. Best regards,

[qubes-users] How to rollback Dom0 updates?

2016-12-10 Thread Simon
--- 8< -- Is there any equivalent feature allowing update rollback in Qubes-OS for the Dom0 domain? Thanks by advance, Simon. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe

[qubes-users] It's winter, my laptop is freezing (again!)

2016-12-09 Thread Simon
server should start, setting the Grub option i915.enable_rc6=0 does not help). Here is my previous message on the topic: https://groups.google.com/forum/#!topic/qubes-users/O4UO9CjO4TM Is there anything I can do or try? I hope someone has some good news for me... Thank you by advance for y

Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!

2016-11-04 Thread Simon
Hi Alex, Alex wrote : On 11/03/2016 11:37 AM, Simon wrote: If you use keepassx you may want to use its auto-type feature, which is designed exactly to prevent password theft by keylogger-only or clipboard-monitor-only malware. Auto type works by typing random parts of the password via simulated

Re: [qubes-users] Special (Secure) Browser Frontend for Qubes?!

2016-11-02 Thread Simon
ck option instead of the current "Right-Click, A, Ctrl-Shift-C, Alt-Tab, Ctrl-T, Ctrl-Shift-C, Ctrl-C, Enter" sequence... Best regards, Simon. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and

Re: [qubes-users] How to turn Windows HVM into Fullscreen ?

2016-10-29 Thread Simon
creen mode, otherwise if you do not remember this shortcut the Alt+Tab still works (and is not catchable by the VM, as described in the linked document) and allows you to safely escape from the full screen window. Regards, Simon. -- You received this message because you are subscribed to the Goo

Re: [qubes-users] System still freezes, still no resolution.

2016-09-23 Thread Simon
switched to XFCE, the freezes came back and I do not know any equivalent setting on XFCE. I recently tried to completely disable compositing and am now crossing my fingers. Regards, Simon. -- You received this message because you are subscribed to the Google Groups "qubes-users&q

[qubes-users] Qubes desktop random freezes on Thinkpad T500

2016-09-21 Thread Simon
for months with the XRender workaround in KDE, so if anybody knows any equivalent in the XFCE world or any other way to fix this he will have all my gratitude :) ! Best regards, Simon. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubsc