Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-29 Thread goldsmith
On 2019-01-28 21:51, Alexandre Belgrand wrote: > Le lundi 28 janvier 2019 à 13:08 -0800, goldsm...@riseup.net a écrit : >> To Alexandre Belgrand >> >> I'm intrigued how you know can catagorically state "CAs and GNU/Linux >> distributions are #1 targets for national >> intelligence agencies". This

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-01-28 Thread goldsmith
On 2019-01-28 19:46, billol...@gmail.com wrote: > On Monday, January 28, 2019 at 10:27:32 AM UTC-5, gold...@riseup.net wrote: >> On 2019-01-27 19:15, billol...@gmail.com wrote: >> > On Sunday, January 27, 2019 at 12:22:03 PM UTC-5, unman wrote: >> >>[snip] >> >> Qubes provides a framework for

Re: [qubes-users] QSB #46: APT update mechanism vulnerability

2019-01-28 Thread goldsmith
On 2019-01-27 14:33, Alexandre Belgrand wrote: > Le dimanche 27 janvier 2019 à 13:11 +, Holger Levsen a écrit : >> I *believe* they probably misunderstood evil32.com and it's fallout. > > CAs and GNU/Linux distributions are #1 targets for national > intelligence agencies. > > Debian

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-01-28 Thread goldsmith
On 2019-01-27 19:15, billol...@gmail.com wrote: > On Sunday, January 27, 2019 at 12:22:03 PM UTC-5, unman wrote: >>[snip] >> Qubes provides a framework for using software - it doesn't take away the >> onus on users to use that software properly, and to ensure they are aware >> of good practice.

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-01-27 Thread goldsmith
On 2019-01-27 01:34, unman wrote: > On Sat, Jan 26, 2019 at 04:39:45AM -0800, goldsm...@riseup.net wrote: >> >> Am I right in thinking that the recently discovered apt vulnerability >> (DSA 4371-1) in Debian based systems could and should have been >> mitigated against many years ago by

Re: [qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-01-27 Thread goldsmith
On 2019-01-27 01:34, unman wrote: > On Sat, Jan 26, 2019 at 04:39:45AM -0800, goldsm...@riseup.net wrote: >> >> Am I right in thinking that the recently discovered apt vulnerability >> (DSA 4371-1) in Debian based systems could and should have been >> mitigated against many years ago by

[qubes-users] Debian Template APT Vulnerability - A ticking bomb?

2019-01-26 Thread goldsmith
Am I right in thinking that the recently discovered apt vulnerability (DSA 4371-1) in Debian based systems could and should have been mitigated against many years ago by downloading and activating an apt package; "apt-transport-https", which forces apt updates via https? The researcher (Max

Re: [qubes-users] Re: [qubes-devel] QSB #46: APT update mechanism vulnerability

2019-01-23 Thread goldsmith
On 2019-01-23 21:08, gone wrote: > unfortunately the reboot brought no change. Still the > 201812091508 version. Try sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-9 -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] qvm-prefs clockvm command fails

2019-01-20 Thread goldsmith
On 2019-01-20 23:57, unman wrote: > On Sun, Jan 20, 2019 at 04:42:12AM -0800, goldsm...@riseup.net wrote: >> I'm following qubes docs >> https://www.qubes-os.org/doc/disposablevm-customization/ and trying to >> set clockvm to disp-sys-net using command in Dom0 qvm-prefs clockvm >> disp-sys-net >>

Re: [qubes-users] Qubes 4.0.x - Linux kernel 4.19.15 package available in testing repository

2019-01-20 Thread goldsmith
On 2019-01-20 00:57, Marek Marczykowski-Górecki wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Hi all, > > There is updated "kernel" package available in current-testing > repository - it's a Linux long term support 4.19.x series, as an update > over 4.14.x before. Since the

[qubes-users] qvm-prefs clockvm command fails

2019-01-20 Thread goldsmith
I'm following qubes docs https://www.qubes-os.org/doc/disposablevm-customization/ and trying to set clockvm to disp-sys-net using command in Dom0 qvm-prefs clockvm disp-sys-net which gives message: qvm-prefs: error: no such domain clockvm. Have tried variations of clockvm e.g. ClockVM to no avail.

Re: Fwd: Re: [qubes-users] Mirage-Firewall - Trusted in Dom0?

2019-01-20 Thread goldsmith
On 2019-01-19 13:46, Illidan Pornrage wrote: > On 1/18/19 5:02 PM, Goldi wrote: >> >> >> >> Original Message >> From: goldsm...@riseup.net >> Sent: January 18, 2019 3:45:06 PM UTC >> To: unman >> Subject: Re: [qubes-users] Mirage-Firewall - Trusted in Dom0? >> >> On 2019-01-18

[qubes-users] Qubes Updates - Broken?

2019-01-19 Thread goldsmith
Qubes 4 -testing version Qubes updates widget informs there are 4 updates available --> launch updater highlights only 2 updates available (debian 9 template & whonix-gw-14) I select update all. Perversely, debian9 and whonix-gw are not updated, but my 2 fedora templates are updated. After all

Re: [qubes-users] Mirage-Firewall - Trusted in Dom0?

2019-01-18 Thread goldsmith
On 2019-01-15 15:19, Goldi wrote: > I've been happily using Qubes for several years and noticed that > several prominent members of the Qubes Team have in the past suggested > installing Mirage-Firewall as an alternative to Sys-Firewall. However, > I cannot find any reference to MF in the Qubes