On Wednesday, 22 November 2017 13:34:26 UTC, Sandy Harris wrote:
> From a crypto list, seemed relevant here.
> .
> Oh joy...
>
> Intel finds critical holes in secret Management Engine hidden in tons
> of desktop, server chipsets
> https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_
On Tuesday, 24 January 2017 11:54:34 UTC, qmast...@gmail.com wrote:
> I was sad when installed VirtualBox, tried launching it and it said that
> something like "not supported on Xen hosts"
But why would you want to do that? You already have virtual machines at your
disposal..
--
You received
On Thursday, 15 June 2017 13:02:28 UTC+1, Jarle Thorsen wrote:
> Paras Chetal:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On 06/15/2017 03:44 PM, Jarle Thorsen wrote:
> > > Having Qubes automatically give the titlebar of the windows the
> > > same coulour as defined for the V
On Wednesday, 20 September 2017 09:41:58 UTC+1, pels wrote:
> [1.617897] systemd[1]: Failed to mount tmpfs at /run: Permission denied
> [.[0;1;31m!!.[0m] Failed to mount API filesystems, freezing.
> [1.621206] systemd[1]: Freezing execution.
Looks like a tmpfs cannot be mounted at boo
Is this just a case of running a Dom0 update? Or would I have to manually
install the stable release?
FYI: I'm still on 3.2.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send
for the templates - how can I turn off the update proxy?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this
On Thursday, 22 September 2016 02:57:39 UTC+1, Drew White wrote:
> Hi Qubes devs,
>
> Can you please point out how I can make the system STOP overwriting the HOSTS
> FILE?
>
> I have different domains targeted to 127.0.0.1
> then when I boot, you automatically overwrite anything that is...
> 12
it's a stupid mess. People don't deal with it.
It would be nice if there was a specification, other than a shitty vulnerable
USB, that would allow the plugging in of a key that stored a GPG private key.
That way even your grandma could automagically sign an authentication token.
Such a key-fob
On Saturday, 1 October 2016 14:07:32 UTC+1, Arqwer wrote:
> Documentation says to check digests after I verified an .iso with gpg. Why?
> Doesn't correct PGP signature mean, that .iso is good and came from Qubes
> developers?
Yes it does. Normally distros sign the digest. Qubes signs the iso.
Hey guys, i made this post and largely forgot about it. It would appear that
the installation media I used corrupted the image. I used another USB stick and
the installation boots no problem - I've been using 3.2 for about 3 or 4 days
now without any problems on the T420s; no kernel parameters n
Wouldn't an appvm, with the tor browser, and netvm set to sys-whonix do the
same thing?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@g
Shouldn't a security focused distro make security announcement in a more direct
and urgent way? I was surprised to find that Qubes only had a 'users' and
'development' mailing list.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe
On Friday, 21 October 2016 17:50:47 UTC+1, cubit wrote:
> 7. Sep 2016 16:33 by jo...@johnrshannon.com:
> From the OpenBSD 6.0 Release Notes:
> The xen(4) driver now supports domU configuration under Qubes OS.
>
>
> Has any persons investegated if OpenBSD as a AppVM is likely to possible?
I'd re
On Monday, 21 November 2016 16:45:10 UTC, Warren wrote:
> I'm looking at the "HP Laptop 250 G5 (X9U07UT#ABA) Intel Core i5 6200U (2.30
> GHz) 8 GB Memory 256 GB SSD Intel HD Graphics 520" at
> (http://www.newegg.com/Product/Product.aspx?Item=N82E16834266056&cm_re=HP_Laptop_250_G5_%28X9U07UT%23AB
As the title states. Can this be done through salt?
I'm looking for put together something that will manage the updates for all my
template VMs and even Dom0.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and st
On Tuesday, 22 November 2016 18:58:33 UTC, kev27 wrote:
> On Tuesday, November 22, 2016 at 8:57:56 PM UTC+2, kev27 wrote:
> > I saw this being retweeted by the Qubes account on Twitter. Can Grsec
> > support still land in Qubes 4.0, or should we expect it for 4.1 or 4.2, etc?
> >
> > I think if
On Tuesday, 22 November 2016 19:49:07 UTC, Ronald Duncan wrote:
> Will this be using the latest linux kernel since grsecurity only provide the
> latest version free.
Yes, it will be an "unstable" kernel. A bare metal grsec kernel is actually
available in Debian's testing repo. However, it is no
On Thursday, 24 November 2016 00:32:48 UTC, Marek Marczykowski-Górecki wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Wed, Nov 23, 2016 at 03:19:30PM -0800, jkitt wrote:
> > As the title states. Can this be done through salt?
> >
> > I'm
On Friday, 25 November 2016 11:38:21 UTC, raah...@gmail.com wrote:
> can you just tell us the options so we can compile it ourselves? paste the
> cfg or something.
https://wiki.gentoo.org/wiki/Hardened/FAQ#Do_I_need_to_pass_any_flags_to_LDFLAGS.2FCFLAGS_in_order_to_turn_on_hardened_building.3F
The point is that the security of a grsecurity protected system depends on the
userspace being compiled in a special way. The binaries need to be compiled
with pie, and shared objects need to be compiled with pic. There are also some
other mitigations like SSP.
A grsecurity kernel on it's own i
I'm not 100% that this is the issue but I'm having troubles running anything
with qvm-run on a Debian-8 template/app-vms. This happened after a recent
upgrade. Fedora template/app-vms are working fine after some initiation
problems (I have to killall qrexec-client in dom0 - possibly because it's
On Monday, 5 December 2016 05:26:04 UTC, jkitt wrote:
> I'm not 100% that this is the issue but I'm having troubles running anything
> with qvm-run on a Debian-8 template/app-vms. This happened after a recent
> upgrade. Fedora template/app-vms are working fine after some ini
Fixed.
Quoting marmarek:
"Missing libxen-4.6 update seems to be the cause, just uploaded the update.
Also, enabling testing repository should be enough (the package was there, but
I missed uploading it to stable).
So, to fix the issue - start the template, access its console (sudo xl console
On Wednesday, 7 December 2016 13:37:36 UTC, throwaw...@tutanota.com wrote:
> Hello everyone! =)
>
> Usually when I update dom0 and then I shutdown the computer it takes quiet a
> while to finish, the progress bar reaches the end after nearly 5 min, but
> then it takes 30min (yes!) for it to com
Can I ask development related questions there? Or is the mailing list only for
core developers and contributors? (I'd like to get involved)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails
What's it like to update - is it relatively simple? Would you say it's more
secure than Debian or Fedora?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-u
I'm trying to remove some applications that I don't need (like VLC).
The problem is that apt attempts to remove a number of packages that I'm
not sure if i need or not - some of the whonix-gw/qubes specific packages
seem reasonably important.
1. Are these packages needed? What are the for - th
Since i3 is without most of th pointy clicky benefits I was wondering if
any of you guys have any scripts that make life easier. I was thinking
about writing a python script to control VM applications and domains with
little effort.
--
You received this message because you are subscribed to th
Great! Most of the commands are quite easy to remember anyway but there's a
lot of xen specific stuff in there that's very useful - plus a few extra
commands I didn't know about.
I'll be using this as a reference for a lot of things.
On Saturday, 11 June 2016 15:35:16 UTC+1, J. Eppler wrote:
>
Is there a quick and easy way to do this?
I need to change both the class and instance strings for i3wm.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-us
P SIGNED MESSAGE-
> Hash: SHA256
>
> On Mon, Jun 13, 2016 at 06:31:49PM -0700, jkitt wrote:
> > Is there a quick and easy way to do this?
> >
> > I need to change both the class and instance strings for i3wm.
>
> https://github.com/QubesOS/qubes-issues/i
e, Jun 14, 2016 at 04:59:19AM -0700, jkitt wrote:
> > That's great! What's the rough timescale for 3.2?
>
> "soon"
>
> > Also, can you point me in the direction of the repository that contains
> the
> > cli tools? I wish to have a look at qvm-
Are there any specific issues with ACPID in Dom0?
For whatever reason the actions are not being executed. acpi_listen is
displaying the event fine though.
Is there an alternative?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe
>
> On Tue, Jun 14, 2016 at 06:39:18AM -0700, jkitt wrote:
> > Soon is good. Are the qvm-tools something I can contribute to? I will be
> > making something for myself anyway and it will be properly tested.
>
> If you just want to work on something useful, take a look
One of the many benefits of FOSS is that users can contribute - even if
it's just writing tickets on the issue tracker.
On Wednesday, 15 June 2016 08:11:54 UTC+1, Drew White wrote:
>
> Hi folks,
>
> Please, do not take this whole thing the wrong way.
> It will seem like it is sounding the way it
Oh thanks! Turns out i wasn't setting the display variable.
On Wednesday, 15 June 2016 08:08:28 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Tue, Jun 14, 2016 at 09:11:41AM -0700, jkitt wrote:
> > Are there any
So it appears that pactl or pacmd isn't in qubes Dom0 repository. Any
suggestions on how I can control Pulse Audio through the command line?
Apparently it can be done with amixer:
amixer -D pulse sset Master mute
However, the device pulse doesn't exist. amixer without arguments displays
all th
ecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On Wed, Jun 15, 2016 at 05:12:33PM -0700, jkitt wrote:
> > So it appears that pactl or pacmd isn't in qubes Dom0 repository.
>
> They are - pulseaudio-utils package.
>
> - --
> Best Regards,
> M
I would share mine but it's pretty much the default. There's not really
much to tinker with in i3 because it's pretty headless. I was going to
write some scripts to place some VM info in the bar at the bottom but I
haven't got round to it yet - I will no doubt post them in this group when
I do
Bump, okay, the "systemd" process turned out to be a service for scanners.
However, I'm stil not sure whether qubes requires quests to run rpcbind or
not.
On Sunday, 12 June 2016 13:38:17 UTC+1, jkitt wrote:
>
> I was wondering what listening sockets are requ
Nice! Since I'm new to Qubes my question would be - "upgrade path" does
this mean that releases normally can be upgraded via qubes-update-dom0?
On Saturday, 18 June 2016 09:49:02 UTC+1, Marek Marczykowski-Górecki wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Details here:
>
It really depends on what you are installing. You can run Wireshark to find
out where it's connecting and if it's using HTTPS.
On Saturday, 18 June 2016 20:26:10 UTC+1,
'093845'0923845'09238'045928'039458 wrote:
>
> Hello,
>
> I installed Wine in a Standalone VM.
>
>
> https://wiki.winehq.org/Wi
So I was unable to get pci passthrough working for any of the USB devices
without disabling pci_strictreset. What does this option actually do?
Has anyone got any experience with the T420s or the Intel 6 series/c200
chipset HC?
--
You received this message because you are subscribed to the Goo
Thanks. I read that in the man page but what does "reset" mean in this
context?
On Sunday, 19 June 2016 15:07:12 UTC+1, Andrew David Wong wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 2016-06-18 17:49, jkitt wrote:
> > So I was unable to
I ask because I'm wondering what kind of risk I expose Dom0 to if pci
passthrough fails at some point. By reset - does that mean the state of the
device? Which includes compromised firmware? I'm not entirely sure.
On Sunday, 19 June 2016 19:52:41 UTC+1, jkitt wrote:
>
> Thanks
It's an old English idiom that means to "not take seriously":
http://idioms.thefreedictionary.com/take+with+a+pinch+of+salt
On Monday, 20 June 2016 23:00:41 UTC+1, xopl...@gmail.com wrote:
>
> On Friday, June 17, 2016 at 11:55:40 AM UTC-4, Sandy Harris wrote:
> > Lorenzo Lamas > wrote:
> > >
> >
The same happens with me. i suspect hardware acceleration. It can be
switched off in flash with:
sudo su
mkdir /etc/adobe && echo "EnableLinuxHWVideoDecode = 0" > /etc/adobe/mms.cfg
Restart the browser.
For HTML5 videos (YouTube) the media.* configs are for controlling HTML5
decoding extension
I couldn't agree more - just because you live in a safe neighborhood it
doesn't mean you go out and leave your door unlocked. Every mitigation is
useful.
However, with grsecurity there's a great deal of performance overhead, some
things like X really don't like grsecurity, and with a semi-state
Sometimes it works; sometimes it doesn't. Has anyone else noticed this?
v3.1
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroup
On Thursday, 14 July 2016 21:57:23 UTC+1, jkitt wrote:
> Sometimes it works; sometimes it doesn't. Has anyone else noticed this?
>
> v3.1
secure copy
handle_clipboard_data, len=0x0
open /var/run/qubes/qubes-clipboard.bin.xevent: No such file or directory
--
You received this m
On Friday, 15 July 2016 21:32:05 UTC+1, Marek Marczykowski-Górecki wrote:
> Len 0? VM returned no data for copy request. Are you sure you've copied
> it there (i.e. Ctrl-C before Ctrl-Shift-C)?
Well, therein lies the problem. I wasn't copying it to the clipboard first (for
some reason I thought
I am unable to update either of my templates. Debian tries to connect to
10.137.255.254; none of my VMs have that IP. Why is it trying to connect to
that - is it an update proxy? Fedora tries to do the same.
I can ping google.com on both systems and I can also run an update in appvms.
--
You r
My netvm is a proxyvm that I've set up. I've just found out about the global in
which the updatevm can be changed. However, i've set this to my VPN VM yet
nothing - it's still trying to connect to the same IP. IRRC that IP is a
non-existent node but it's filtered by a proxy. How do i get that pr
I have a Thinkpad t420s and the WiFi card is showing as hard blocked.
The kill switch, on the side, is in the on position;
I've disabled and removed the card for an extended period of time (20 mins) to
try and reset potential state corruption;
run rfkill on it with modules unloaded (however, it'
Fingers crossed on this one.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-
On Wednesday, 7 September 2016 14:08:16 UTC+1, Connor Page wrote:
> agree, when I looked at it some time ago I could not imagine why I would need
> all of that. too large an attack surface for my taste. however, I did
> investigate what individual elements are capable of and borrowed some ideas,
On Friday, 9 September 2016 09:56:36 UTC+1, neilh...@gmail.com wrote:
> the problem with Qubes, of course, is all the Xen exploits which make it
> insecure.
Off-topic here but is Qubes really insecure? Should I be worried?
--
You received this message because you are subscribed to the Google G
On Monday, 12 September 2016 00:29:14 UTC+1, neilh...@gmail.com wrote:
> Qubes uses VT-D to protect against DMA attacks on things such as WiFi chip.
>
> But are there any proven DMA attacks against wired networking, i.e.
> Ethernet..?
>
> Hackers can exploit a buffer overflow on the network car
On Saturday, 10 September 2016 19:18:10 UTC+1, neilh...@gmail.com wrote:
> I've seen some dispute that a Linux browser exploit even exists.
>
> Like, could you take Chrome or Firefox to a page, and then have a remote
> shell, that loads a file onto the hard drive to monitor everything?
>
> I ca
> A malicious guest administrator can crash the host, leading to a DoS.
> Arbitrary code execution (and therefore privilege escalation)
Think this is an example of why it's a good idea to password protect guests?
--
You received this message because you are subscribed to the Google Groups
"qub
Any software can have flaws. The only distinction between ethernet and wifi in
that regards is that WiFi can be exploited by anyone within RF range regardless
whether they're authenticated to the same network or not; ethernet requires a
physical connection.
--
You received this message becau
61 matches
Mail list logo