Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> Well, entr0py, you are correct. > > It does indeed come down, to either Xen, or my networking stack. > > Let me ask... what is the security like for Ethernet..? Anything going over a wire is going to have a far shorter RF leakage range than WiFi. Unless your threat actor is in the house or

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread neilhardley
And yes, by all means, I will use Whonix's system rather than my own custom script. I originally created my own, because I saw that Whonix didn't have VT-D. But then I learned that VT-D is nowhere near as good as I thought. I originally thought VT-D isolates the devices from the Net VM itself.

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread neilhardley
Well, entr0py, you are correct. It does indeed come down, to either Xen, or my networking stack. Let me ask... what is the security like for Ethernet..? Let's say I connected to my home router via Ethernet, and also served out the Tor connection to a 2nd laptop, over Ethernet. In this setup,

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> And yes, by all means, I will use Whonix's system rather than my own > custom script. I agree that Whonix is a key component. A NetVM that ensures *all* your traffic goes through Tor, with no leakage, as well as doing secure DNS lookups for you, is a big security plus. They've also put a fair

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread nishiwaka46
Hey, Thank you guys for your help, but unfortunately I don't think there is a way to get rid of this process listening on tcp6 on init (systemd... d standing here for distant...). It is listed as 1 on PID, I don't think you can't remove it, it is a main process. So I am not interested in using

[qubes-users] HCL - Lenovo Thinkpad X1 Carbon 4th gen (20FB)

2016-09-26 Thread Jean-Philippe Ouellet
this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_BjR-7sPDNh%2B276fSpBBbrXz5vFWZw43Ee24x5O5JYPrA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-LENOVO-20FBCTO1W

Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"

2016-09-26 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-26 01:30, Robert Mittendorf wrote: > Hey Clark, > > the article which you referenced to is about opening (and converting) PDF > documents. My idea is about opening URLs (Links) in a DispVM. I think that is > not related in any way, is

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread johnyjukya
> Thank you guys for your help, but unfortunately I don't think there is a > way to get rid of this process listening on tcp6 on init (systemd... d > standing here for distant...). It is listed as 1 on PID, I don't think you > can't remove it, it is a main process. So I am not interested in using

Re: [qubes-users] Why won't Google Chrome remember my Google logins?

2016-09-26 Thread Clark Venable
Thanks for the confirmation, Mat. I was just chalking it up to not having done something right. As I indicated, Firefox works as I expect, so I've just switched to that as my main browser. Clark -- You received this message because you are subscribed to the Google Groups "qubes-users"

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread johnyjukya
> What does "systemctl list-sockets" show? Any services that systemd is > providing a listener for should be listed here. If you do spot a network socket service in that listing, you can stop the current service with "systemctl stop blah.socket", and disable it in the future (next reboot or VM

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread neilhardley
Very useful info, but what I meant is whether the Ethernet drivers/firmware etc are more secure than the WiFi ones. I wasn't really talking things like RF leakage etc. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this

Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"

2016-09-26 Thread Clark Venable
Robert, You are right. I misread your post as referring to attachments rather than links. Sorry about that. Clark -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> Please read if you haven't already: > > http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf > > 2 big takeaways: > > 2. The Physical Gateway needs to be secure not only from attacks from the > Internet but also attacks from the client appVM.

Re: [qubes-users] How to mount USB with ISO in Windows-Template

2016-09-26 Thread Jean-Philippe Ouellet
On Mon, Sep 26, 2016 at 3:01 PM, martin.forum wrote: > > https://www.qubes-os.org/doc/uefi-troubleshooting/ WOW! That was it... Thank you! I had ignored that page (having come across it several times) because the symptoms it describes did not match the behavior I was

Re: [qubes-users] Re: Thunderbird: "Open link in DispVM"

2016-09-26 Thread Robert Mittendorf
Hey Clark, the article which you referenced to is about opening (and converting) PDF documents. My idea is about opening URLs (Links) in a DispVM. I think that is not related in any way, is it? Robert btw: did you notice, that googlegroups blocks email having a subject starting with a

Re: [qubes-users] Snapshots - Use of CoW

2016-09-26 Thread Marek Marczykowski-Górecki
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Sep 26, 2016 at 02:11:42AM -, johnyju...@sigaint.org wrote: > > Hi folks, > > > > Any chance that there will be added in the feature for snapshots? > > even CoW snapshots would be good, then a consolidation option once done. > > > > I

Re: [qubes-users] Setup VPN, DNS script and iptables

2016-09-26 Thread asdfgher
> On 09/25/2016 06:35 AM, asdfg...@sigaint.org wrote: >> Hello >> After setup my VPN in network manager (but not in config/vpn like the >> tutorial says) I have configured DNS script (in my client and like >> qubes-vpn-handler.sh file) and iptables (only the 2 lines that block >> forwarding

Re: [qubes-users] Snapshots - Use of CoW

2016-09-26 Thread Drew White
On Monday, 26 September 2016 12:11:56 UTC+10, johny...@sigaint.org wrote: > AppVM's are designed to toss changes, other than /home, /rw, /usr/local. > It's a good thing; if one gets compromised, it's a temporary compromise. > :) > > If you want permanent changes, update your template. > > But

[qubes-users] Re: AMD vis-a-vis NVIDIA GPU

2016-09-26 Thread neznaika
> 1. Downloaded > http://install.linux.ncsu.edu/pub/yum/itecs/public/bumblebee/fedora21/noarch/bumblebee-release-1.2-1.noarch.rpm > 2. extracted two files from it: > * /etc/yum.repos.d/bumblebee.repo > * /etc/pki/rpm-gpg/RPM-GPG-KEY-bumblebeepublic > 3. Verified the files that the key is well

Re: [qubes-users] Why won't Google Chrome remember my Google logins?

2016-09-26 Thread Mathew Evans
On Sunday, 25 September 2016 15:33:35 UTC+1, Clark Venable wrote: > On Sunday, September 25, 2016 at 8:42:08 AM UTC-4, Clark Venable wrote: > > Nope. Allow local data to be set is enabled. > > It all works as I expect in Firefox, So I'm happy to leave this alone and > just use Firefox rather

Re: [qubes-users] Restored, and it's missing so much...

2016-09-26 Thread johnyjukya
> Hmmm, you would probably also need to re-export the app shortcuts to dom0. > This *may* be the best way to do it, but the Qubes devs may have a better > suggestion. Open a terminal in the newly restored VM and run: > > "/usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh >

Re: [qubes-users] Snapshots - Use of CoW

2016-09-26 Thread Drew White
On Tuesday, 27 September 2016 14:23:45 UTC+10, johny...@sigaint.org wrote: > > On Monday, 26 September 2016 12:11:56 UTC+10, johny...@sigaint.org wrote: > >> AppVM's are designed to toss changes, other than /home, /rw, /usr/local. > >> It's a good thing; if one gets compromised, it's a temporary

Re: [qubes-users] Restored, and it's missing so much...

2016-09-26 Thread Drew White
On Tuesday, 27 September 2016 14:58:58 UTC+10, johny...@sigaint.org wrote: > By backup/restore I assume you don't mean Qubes backup/restore feature, > but you copying .img files around manually, correct? Correct, because they are the HDD, the rest is not even worth saving in a STANDALONE. If

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread nishiwaka46
Hey, Really ? No one to find also suspicious a wild init/1 tcp6 port listening on your templateVM, right out of the box ? This got to be real. I am still interested in your solutions to quit Qubes OS and have another OS being able to run on my USB key and be installed, if you don't mind. I am

[qubes-users] Restored, and it's missing so much...

2016-09-26 Thread Drew White
Hi folks, I just copied my standalone VM that was working, to back it up. Then I restored the .img files, which is the HDD, and now it's telling me I don't have the dependancies to run the application that I was running before I copied the img files. Why is this broken? Why will

[qubes-users] Re: Why won't Google Chrome remember my Google logins?

2016-09-26 Thread chklin
https://bugs.chromium.org/p/chromium/issues/detail?id=631171 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> Wow. Not even 4 GB of compiled drivers for the WiFi. You are saying it's 4 > GB of raw plaintext source code..? > > WOW > > That's INSANELY complex. Apologies, I spoke a bit hastily. What was seeing was 4 million Git objects, not 4G of data (although it may be). And that included all branches

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread johnyjukya
> Really ? No one to find also suspicious a wild init/1 tcp6 port listening > on your templateVM, right out of the box ? This got to be real. ... > I am answering you on my phone just because it seems my old Qubes deleted > partition doesn't like very much my USB key to runs over it, for some >

Re: [qubes-users] Snapshots - Use of CoW

2016-09-26 Thread johnyjukya
> On Monday, 26 September 2016 12:11:56 UTC+10, johny...@sigaint.org wrote: >> AppVM's are designed to toss changes, other than /home, /rw, /usr/local. >> It's a good thing; if one gets compromised, it's a temporary compromise. >> :) >> >> If you want permanent changes, update your template. >>

Re: [qubes-users] Restored, and it's missing so much...

2016-09-26 Thread johnyjukya
> I just copied my standalone VM that was working, to back it up. > > Then I restored the .img files, which is the HDD, and now it's telling me > I don't have the dependancies to run the application that I was running > before I copied the img files. > > Why is this broken? > Why will