[qubes-users] Screen corruption on nvidia

2016-08-15 Thread johnyjukya
I realize that nVidia's aren't the preferred video card, but (being divorce-poor) one sometimes has to make do with what one has. :) With my on-board nVidia (GeForce7100) and the nouveau driver (on both Tails and Qubes), things work okay, then suddenly at some random point the screen gets filled

[qubes-users] Service VM Size, Memory, Security

2016-08-16 Thread johnyjukya
One of the banes of a Qubes addict's existence is memory. Too many times I see that red stop sign and breathe a sigh of frustration, that I need to shut down or mem-set other VM's to start up another AppVM. I like my VM separation, dammit, which means lots of VMs. In a perfect world, I'd have a

Re: [qubes-users] USB Root Drive Corruption

2016-08-17 Thread johnyjukya
Thanks for the feedback. The fact USB is a bad idea all around for security (and potentially stability), and the fact I was getting minor corruption, should have been a warning to me to move the drive right onto the SATA bus, rather than risking worse corruption. I guess I only have myself to

Re: [qubes-users] Re: installing Signal on Qubes mini-HOWTO

2016-08-17 Thread johnyjukya
On the Signal matter, just some personal paranoia Re: Signal and Google Play Services: I've been the subject of some rather intense and ongoing hacking (iPhone, iPad, Android phone/tablet, PC, MacBook, cable modem connection, you name it). On the Android phone, I wiped it several times, and

Re: [qubes-users] USB Root Drive Corruption

2016-08-17 Thread johnyjukya
Well, my wild enthusiasm with Qubes has turned into complete frustration and exasperation this morning. The "mild" corruption I was seeing on boot (running Qubes from a USB 2.5" HD) wasn't quite so mild the last time I booted. This time, rather than "recovering journal... done," the fsck spewed

Re: [qubes-users] Screen corruption on nvidia

2016-08-19 Thread johnyjukya
However, under Qubes, I experience random screen corruption. See: https://i.imgur.com/ovEFgYO.png > This problem persists in 3.2rc2. > > JJ Actually, just FYI, the behavior seems to be a lot better under 3.2rc2. I've only seen it a couple of times, versus seeing it consistently

[qubes-users] Clipboard

2016-08-19 Thread johnyjukya
Is there any qvm-* command, or other method, to programmatically copy to the qubes clipboard? (Similar to my last question, a perfectly reasonable answer might be "of course not, are you crazy?" due to security concerns. Requiring explicit dom0/GUI user interaction for clipboard manipulation

[qubes-users] qvm-run only available from dom0?

2016-08-19 Thread johnyjukya
When I try to run qvm-run from within an AppVM, I get "Request refused." Is this by design, for security reasons? If so, I guess that's perfectly reasonable. I just don't see that fact documented anywhere. (The demonstration of one of the Xen exploits executes a qvm-run of xcalc in dom0 from

Re: [qubes-users] USB Root Drive Corruption - Solved???

2016-08-19 Thread johnyjukya
>> This problem persists in 3.2rc2. >> >> (And I get 0 errors on the same USB drive under Tails. When I can find >> the SATA power connector around here somewhere, I'll try moving the >> drive >> direct onto the SATA bus.) > > I think the problem *may* be that systemd has a default 90 second

Re: [qubes-users] Screen corruption on nvidia

2016-08-16 Thread johnyjukya
>> However, under Qubes, I experience random screen corruption. >> >> See: https://i.imgur.com/ovEFgYO.png > Looks like it could be this issue: > > https://github.com/QubesOS/qubes-issues/issues/1028 > > As you can see from the qubes-builder-github comments, some patches for > this > are already

Re: [qubes-users] qvm-run only available from dom0?

2016-08-19 Thread johnyjukya
> On 2016-08-19 05:11, johnyju...@sigaint.org wrote: >> When I try to run qvm-run from within an AppVM, I get "Request refused." >> >> Is this by design, for security reasons? If so, I guess that's >> perfectly >> reasonable. I just don't see that fact documented anywhere. >> > > Yes, but it's

Re: [qubes-users] Screen corruption on nvidia

2016-08-19 Thread johnyjukya
>> Several packages were recently pushed to testing repos (see >> qubes-buider-github comments on the issue). Have you had a chance to try >> those? > > Cool, I will grab the latest qubes-gui-vm from current-testing and see if > that helps. Sorry, that was phrased wrong, and I hate to add any

[qubes-users] /rw/config/rc.local on debian-8

2016-08-22 Thread johnyjukya
/rw/config/rc.local doesn't seem to be run on startup in debian-8 (3.2-testing). What is supposed to launch this? systemd, another startup script, or something dom0-related? I added "/rw/config/rc.local" to "/etc/rc.local" and it works, but was wondering what might be the official way to do

[qubes-users] vif in user ProxyVM?

2016-08-22 Thread johnyjukya
I'm trying to create a ProxyVM of my own, to replace sys-firewall. I'm on 3.2rc2-testing. When I create a ProxyVM in either fedora23 or debian-8, eth0 shows up, but no vif interface appears. There are iptables entries for 10.137.4.*, so the firewall mechanism seems to be doing (part of) it's

[qubes-users] timesync on by default in debian-8 template (3.2-testing)

2016-08-22 Thread johnyjukya
I notice in the debian-8 template that network time synchronization seems to be on by default in systemd. systemd-timesyncd.service loaded active running Network Time Synchronization time-sync.target loaded active activeSystem Time Synchronized It's disabled in fedora-23 by

Re: [qubes-users] Screen corruption on nvidia

2016-08-22 Thread johnyjukya
> Added testing repos to (clones of) debian-23 and debian-8 templates (as > well as whonix-gw/whonix-ws), did upgrades/dist-updates, restarted, loaded > up a bunch of AppVM's, and have been pounding on things awhile. > > No sign of screen garbage yet! :) > > Looks promising. Day 3 of banging on

Re: [qubes-users] Oddness in sys-net's VIF startup

2016-08-22 Thread johnyjukya
> In trying to figure out why my ProxyVM has no VIF (on Qubes 3.2-testing) I > was looking at the dmesg's of the servicevm's, and noticed something that > looked a bit odd (running rapidly through vif interface #'s) in sys-net > (fedora23 template). > Similarly, iptables-save shows duplicate rules

Re: [qubes-users] Qubes for running virtual servers

2016-08-23 Thread johnyjukya
> How does Qubes perform as the host OS in a virtualised server environment? > > I'm thinking of a configuration where the host OS is Qubes with VM's > running for things like a virtualised email server, IDS server, perhaps a > Tor relay etc. I've used Qubes as a desktop host, I'm just curious

Re: [qubes-users] /rw/config/rc.local on debian-8

2016-08-22 Thread johnyjukya
> On 2016-08-22 07:52, johnyju...@sigaint.org wrote: >> /rw/config/rc.local doesn't seem to be run on startup in debian-8 >> (3.2-testing). >> >> What is supposed to launch this? systemd, another startup script, or >> something dom0-related? >> >> I added "/rw/config/rc.local" to "/etc/rc.local"

Re: [qubes-users] vif in user ProxyVM?

2016-08-22 Thread johnyjukya
> On 08/22/2016 10:47 AM, johnyju...@sigaint.org wrote: >> I'm trying to create a ProxyVM of my own, to replace sys-firewall. >> >> I'm on 3.2rc2-testing. >> >> When I create a ProxyVM in either fedora23 or debian-8, eth0 shows up, >> but >> no vif interface appears. >> > > vif interfaces appear

Re: [qubes-users] timesync on by default in debian-8 template (3.2-testing)

2016-08-24 Thread johnyjukya
I would say so, yes. I think exim, cups, and possibly some gvfs-samba thing were also all enabled on both the Fedora and debian-8 templates. I personally don't like having those on by default in all the VMs, listening on ports and poking around the network or Internet, as they really should only

Re: [qubes-users] Qubes VM compromised? - Follow up

2016-08-24 Thread johnyjukya
> My guess is that Paypal is giving you a hard time just because of the > tor exits you use to interact with their website. Could be. At first I didn't see how/why, but I guess refusing a legit password from what they judge as a dodgy IP address is a possibility. (Although accepting the

Re: [qubes-users] Qubes 3.2 rc3 has been released!

2016-08-31 Thread johnyjukya
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Details here: > https://www.qubes-os.org/news/2016/08/31/qubes-OS-3-2-rc3-has-been-released/ > > As usual, you can download new image from: > https://www.qubes-os.org/downloads/ > > Users of R3.2 rc1 or rc2 can just install updates, no need

[qubes-users] Adding individual partitions from Manager

2016-08-31 Thread johnyjukya
While qvm-block is a wonderfully handy tool for adding individual partitions to a VM, the Qubes VM Manager can only add entire devices from its GUI. I think that it's a pretty strong argument Qubes' spirit of "protecting the user from him/herself" to make sure this feature (maybe in a nested menu

Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?

2016-09-02 Thread johnyjukya
> On Wednesday, August 31, 2016 at 10:40:23 AM UTC-7, grzegorz@gmail.com > wrote: > >> An actual protection would be some kind of a chemical that would destroy >> the ram chips if they ever reach certain (lower than room) temperature. > > the epoxy is likely to damage them in most means of

Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?

2016-09-01 Thread johnyjukya
> On Wed, Aug 31, 2016 at 10:05:59PM -, johnyju...@sigaint.org wrote: >> I'm curious to some mentions-in-passing about Andrew's hate for USB >> keyboards. USB-anything isn't good for security, but what in particular >> so much worse about USB? Both USB and PS/2 can keylog, or play >>

Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?

2016-09-01 Thread johnyjukya
> This is scary: > > https://hakshop.myshopify.com/collections/usb-rubber-ducky/products/usb-rubber-ducky-deluxe?variant=353378649 Related, and (disturbingly) informative: https://github.com/brandonlw/Psychson JJ -- You received this message because you are subscribed to the Google Groups

Re: [qubes-users] Re: epoxy on ram to prevent cold boot attacks?

2016-09-01 Thread johnyjukya
>> https://freedesktop.org/wiki/Software/PulseAudio/FAQ/#index15h3 > > I've looked at it few years ago and it was outdated/unmaintained at that > time already. I gave up on setting this on Win 7. I bet now it's even > harder. Yes, weird how neglected it is. Do people not write utility software

Re: [qubes-users] qvm-run only available from dom0?

2016-08-31 Thread johnyjukya
> On 2016-08-30 01:16, johnyju...@sigaint.org wrote: >> Say someone compromises the dom0 encrypted drive password, and >> then goes shuffling through the private.img file of the AppVM's to >> get at Firefox's passwords...? The VM itself wouldn't have to be >> running corrupt code for that, and

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> In terms of "hotspot" terminology, what it does is, quote from author of > the script: > > "it bridges the two interfaces but uses NAT to achieve it" Ah, so it sets up some iptable nat rules (and maybe tweaks torrc to allow it to listen on a non-local interface; although iptables could do that

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> Yeah... and surely this is exactly what can happen, no..? > > We had 2 Xen exploits in the last 1 year. I expect those exploits have caused a lot more scrutiny of the code, so hopefully such exploits won't be heard of again. Qubes devs are moving away from PVM which should avoid the threat of

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> OK, but I have already built the script. I have it running in Net VM. It > works. > > I am NOT asking you to make an alternative system. > > I am simply asking whether an attack on the WiFi/Ethernet in the Net VM > could also end up messing up my Tor script. > > Look at the question again: > >

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> OK, it's the original poster here. > The consensus so far is that anything I run inside sys-net should be > vulnerable, and that it is advised not to run programs in sys-net. > > So, in this case, how am I supposed to run my Ethernet Tor hotspot..? I think you're going to have be more specific

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> If your Tor is running in another appVM, such as whonix-gw does, the worst > a sys-net compromise could do is redirect the *encrypted* Tor traffic from > whonix-gw, which isn't terribly useful for the attacker. Oh, I should mention, as you asked in your original question, that yes, a

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-25 Thread johnyjukya
> I am surprised that there is no way to disable ipv6 on Debian template. > > I reinstalled first the template using documentation > https://www.qubes-os.org/doc/reinstall-template/ > > Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in /etc/sysctl.conf, I > did reboot the Template but it didn't

Re: [qubes-users] Snapshots - Use of CoW

2016-09-25 Thread johnyjukya
> Hi folks, > > Any chance that there will be added in the feature for snapshots? > even CoW snapshots would be good, then a consolidation option once done. > > I have one issue where I want to do something, but I have to 7z the VM > before I can do anything to it in-case it breaks. > > I know

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> I'm pretty sure that can be done fairly simply, out-of-the-box via > NetworkManager, not requiring a script: Oh, and another good tip, is to make another NetworkManager show up in a secondary VM (other than just from sys-net), you can manually add "network-manager" (and check it) as a service

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-25 Thread johnyjukya
> nishiwak...@gmail.com: >> Hello, >> >> I am surprised that there is no way to disable ipv6 on Debian template. >> >> I reinstalled first the template using documentation >> https://www.qubes-os.org/doc/reinstall-template/ >> >> Then I added "net.ipv6.conf.all.disable_ipv6 = 1" in

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> Well, entr0py, you are correct. > > It does indeed come down, to either Xen, or my networking stack. > > Let me ask... what is the security like for Ethernet..? Anything going over a wire is going to have a far shorter RF leakage range than WiFi. Unless your threat actor is in the house or

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> And yes, by all means, I will use Whonix's system rather than my own > custom script. I agree that Whonix is a key component. A NetVM that ensures *all* your traffic goes through Tor, with no leakage, as well as doing secure DNS lookups for you, is a big security plus. They've also put a fair

Re: [qubes-users] Re: Dear qubes-users

2016-09-24 Thread johnyjukya
> Mr. Harrison: >> Dear qubes-users, >> >> I am long time qubes follower and user. I apologize in advance if anyone >> feels this request is spam. >> >> I am looking for two invite codes needed to sign up to anonymous >> riseup.net email service. I agree that asking random strangers for Riseup

Re: [qubes-users] New version of Qubes Screenshot Tool (0.5 beta)

2016-09-24 Thread johnyjukya
> Hello, > > New version of Qubes Screenshot tool available. > > https://github.com/evadogstar/qvm-screenshot-tool > > > If you do not know what is it: a tool to easy make screenshots and > upload them to the AppVM and to the web ( imgurl service ). > > Changelog: > - Now, it's possible to re-open

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread johnyjukya
> Thank you guys for your help, but unfortunately I don't think there is a > way to get rid of this process listening on tcp6 on init (systemd... d > standing here for distant...). It is listed as 1 on PID, I don't think you > can't remove it, it is a main process. So I am not interested in using

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread johnyjukya
> What does "systemctl list-sockets" show? Any services that systemd is > providing a listener for should be listed here. If you do spot a network socket service in that listing, you can stop the current service with "systemctl stop blah.socket", and disable it in the future (next reboot or VM

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> Please read if you haven't already: > > http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf > > 2 big takeaways: > > 2. The Physical Gateway needs to be secure not only from attacks from the > Internet but also attacks from the client appVM.

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> OK, so the main takeaway from your answer: > > "The card doesn't have a host CPU and so it doesn't require a firmware > source" > > that seems like the most interesting > > the driver would still need to be bug-free though > > who knows whether any of these have even been audited I think the

Re: [qubes-users] Re: Booting Cubes, Migration

2016-09-20 Thread johnyjukya
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-09-19 13:36, johnyju...@sigaint.org wrote: >>> I've finally got Qubes set up in a way I'm comfortable working every >>> day. >>> >>> Now I wanted to move that same installation to another drive for its >>> permanent home. >> >> Oh, I

Re: [qubes-users] Re: NVIDIA GeForce

2016-09-20 Thread johnyjukya
> On Sunday, September 11, 2016 at 11:11:28 PM UTC-4, Drew White wrote: >> On Friday, 9 September 2016 18:58:51 UTC+10, Thomas Ernst wrote: >> > Hi all, >> > >> > Does Qubes support NVIDIA GeForce graphics cards? The reason for >> asking is that I am planing to buy a Lenovo ThinkPad T460p Laptop,

[qubes-users] Failed device allocation

2016-09-20 Thread johnyjukya
Quite frequently, under Debian-8, when I go to assign a device, it quietly appears to work (Qubes Manager shows it assigned), but the device never shows up, and the VM's dmesg shows things like this: [Tue Sep 20 13:17:09 2016] xenwatch: page allocation failure: order:5, mode:0x240c0c0 [Tue Sep 20

[qubes-users] USB hotplug messing up other USB devices?

2016-09-19 Thread johnyjukya
Qubes 3.2rc3-testing (and earlier), AMD Athlon X2, GeForce motherboard, NVidia MCP61 USB controller: I'm currently running Qubes from an external USB drive. (Moving to internal drive as soon as I figure out how to smoothly migrate it.) For now, it works great in general. In the meantime, I've

Re: [qubes-users] Booting Cubes, Migration

2016-09-19 Thread johnyjukya
> Anaconda is notorious for messing up specific requests for volume > layout. You would stand a much better chance of getting help in a fedora > or redhat forum... they have many more people experienced with this. Cool, thanks. I guess it is a more general grub/luks/lvm issue, and not

[qubes-users] Re: Booting Cubes, Migration

2016-09-19 Thread johnyjukya
> I've finally got Qubes set up in a way I'm comfortable working every day. > > Now I wanted to move that same installation to another drive for its > permanent home. Oh, I also meant to ask this: Does all of the Template/VM state live in /var/lib/qubes? Obviously the machines' disks do, and it

Re: [qubes-users] BTRFS?

2016-09-22 Thread johnyjukya
> -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > On Thu, Sep 22, 2016 at 03:56:57PM -0700, Connor Page wrote: >> In fact, I think the right question is "Will Qubes 4 be compatible with >> btrfs root if vm storage is expected to reside on a LVM thin pool?" > > This is a good question. The

Re: [qubes-users] Re: NVIDIA GeForce

2016-09-21 Thread johnyjukya
> On Wednesday, 21 September 2016 02:25:15 UTC+10, johny...@sigaint.org > wrote: >> > On Sunday, September 11, 2016 at 11:11:28 PM UTC-4, Drew White wrote: >> >> On Friday, 9 September 2016 18:58:51 UTC+10, Thomas Ernst wrote: >> >> > Hi all, >> >> > >> >> > Does Qubes support NVIDIA GeForce

[qubes-users] Booting Cubes, Migration

2016-09-19 Thread johnyjukya
I've finally got Qubes set up in a way I'm comfortable working every day. Now I wanted to move that same installation to another drive for its permanent home. The current drive has a standard bios /boot partition (sda1), and an encrypted extended partition (#5) containing lvm with swap and /.

[qubes-users] BTRFS?

2016-09-22 Thread johnyjukya
Has the Qubes team ever considered the use of btrfs? https://en.wikipedia.org/wiki/Btrfs It's been the default root FS for Suse since 2012: https://www.linux.com/news/suse-linux-says-btrfs-ready-rock While reading about its features (and using it) it seems like it would be especially

Re: [qubes-users] USB Root Drive Corruption

2016-08-18 Thread johnyjukya
This problem persists in 3.2rc2. (And I get 0 errors on the same USB drive under Tails. When I can find the SATA power connector around here somewhere, I'll try moving the drive direct onto the SATA bus.) > Thanks for the feedback. The fact USB is a bad idea all around for > security (and

[qubes-users] Qubes 4.0 Hardware Requirements

2016-08-18 Thread johnyjukya
The Qubes security team has written: > Consequently, we have decided to move to hardware memory > virtualization for the upcoming Qubes 4.0 release [4]. And Joanna has written: > For Qubes 4 we want to move away from using PV as the default > method of virtualization in favor of using hw-aided

Re: [qubes-users] Screen corruption on nvidia

2016-08-18 Thread johnyjukya
This problem persists in 3.2rc2. JJ >>> However, under Qubes, I experience random screen corruption. >>> >>> See: https://i.imgur.com/ovEFgYO.png > >> Looks like it could be this issue: >> >> https://github.com/QubesOS/qubes-issues/issues/1028 >> >> As you can see from the qubes-builder-github

Re: [qubes-users] Qubes VM compromised? - Follow up

2016-08-27 Thread johnyjukya
> Am 25.08.2016 um 21:33 schrieb johnyju...@sigaint.org: > >> While it's a bit slower, I prefer booting from DVD, a read-only medium. > > There are verifyably hardware-controlled (physical switch) unwritable > USB storage devices. A bit expensive but you can get one. I might look into that, it

Re: [qubes-users] Qubes VM compromised? - Follow up

2016-08-27 Thread johnyjukya
>> Whether using an "isolating proxy" (multiple machines) or not, using a >> white-listing proxy like Corridor can help ensure all of your traffic >> passes through Tor (Entry Guard, at least). >> > > That's right. Also, using Firefox with those extensions is *not* the same > as > using Tor

[qubes-users] OSX

2016-08-27 Thread johnyjukya
Hey, does anyone have any luck with getting any form of OSX to fire up under Qubes? After several other failures, I was able to get some iPC ISO build to get to a certain point in an HVM, but the mouse didn't work, so I couldn't do much, and I couldn't figure out how to get it to any kind of

Re: [qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?

2016-08-27 Thread johnyjukya
> On 08/27/2016 07:36 PM, Cube wrote: >> On Saturday, August 27, 2016 at 9:31:31 AM UTC-7, Alex wrote: >>> On 08/27/2016 05:59 PM, Cube wrote: For specific services (say, the >>> mentioned Amazon) I keep a keepassx database on the specific AppVM >>> in which the service is expected to be used -

[qubes-users] Qubes VM compromised?

2016-08-23 Thread johnyjukya
Wow, what a weird day. A rather bizarre story, which is possibly a good example as to how Qubes can help protect you from hacking, or at least spot the effects of it. I use a sigaint address, because of a psycho ex and her corrupt cop buddies. Anyhow, I created another sigaint address today, to

Re: [qubes-users] Qubes VM compromised?

2016-08-23 Thread johnyjukya
>> On 08/23/2016 06:01 PM, johnyju...@sigaint.org wrote: >>> Wow, what a weird day. >>> >>> A rather bizarre story, which is possibly a good example as to how >>> Qubes >>> can help protect you from hacking, or at least spot the effects of it. >> >> What threat model does this fit? If a skilled

Re: [qubes-users] Qubes VM Manager Suggestions

2016-08-28 Thread johnyjukya
> Thanks for the suggestions. Our goal for Qubes 4.0 is to "decmopose" > the current Qubes Manager by integrating its functions more seamlessly > into the desktop environment: > > https://github.com/QubesOS/qubes-issues/issues/2132 > > We hope that this approach will take care of the kinds of

[qubes-users] Re: OSX

2016-08-28 Thread johnyjukya
> Hey, does anyone have any luck with getting any form of OSX to fire up > under Qubes? > > After several other failures, I was able to get some iPC ISO build to get > to a certain point in an HVM, but the mouse didn't work, so I couldn't do > much, and I couldn't figure out how to get it to any

[qubes-users] Qubes VM Manager Suggestions

2016-08-28 Thread johnyjukya
These are fairly minor cosmetic issues, and if I ever get some of my current struggles under control, I'll submit patches instead of suggestions. :) I think the Qubes folks work on the VM Manager (and install process, which is amazing) has made major strides in making the system more accessible

Re: [qubes-users] Qubes VM Manager Suggestions

2016-08-28 Thread johnyjukya
> But I'll Joanna's page a more detailed read when I'm a bit more refreshed. Sorry, not just "Joanna's" page; on a quick scan, I see you contributed to it significantly as well. I very much look forward to giving it a proper read and review tomorrow. Cheers, and thanks, Andrew. :) JJ -- You

Re: [qubes-users] Security Best Practice: Cache web passwords in custom VM's or not?

2016-08-28 Thread johnyjukya
> On Saturday, August 27, 2016 at 1:50:22 PM UTC-7, johny...@sigaint.org > wrote: >> BTW, keepassx rocks. I'm working on some scripts to make it a little >> less >> painful with all the Ctrl-Alt-C and Ctrl-Alt-V'ing (which also conflicts >> with the standard konsole paste shortcuts). > > I have

[qubes-users] Memory saving techniques

2016-08-23 Thread johnyjukya
I know I may be in the minority with an under-powered machine (4G), but I thought I'd share some tips for getting more room for additional AppVM's that worked well for me: I guess I should state that this really would "void your warrantee" and you shouldn't hassle the Qubes folks with problems

Re: [qubes-users] Qubes VM compromised? - Follow up

2016-08-25 Thread johnyjukya
> I am too paranoid for using tails other than the reccomended method (two > usb drives updating each other - I have two pairs of three). No aware of the two drive method. Is that just updating to the next version from the previous version, onto another USB drive? While it's a bit slower, I

Re: [qubes-users] Qubes VM compromised?

2016-08-25 Thread johnyjukya
> On 08/23/2016 07:25 PM, Chris Laprise wrote: >> What threat model does this fit? If a skilled attacker tricks you into >> thinking you created an account at sigaint, but you later cannot use >> it... what is the advantage of that? The possible gain seems to be >> little or nothing. > > Well,

[qubes-users] qvm-block by UUID?

2016-08-25 Thread johnyjukya
Most standard Linux utilities that refer to block devices, allow you to specify by uuid as well (mount, cryptsetup are two examples). The documentation for qvm-block is sparse, but probably because it's a striaght-forward utility. There's no support in qvm-block to assign a device to a VM by

[qubes-users] 3.2rc3 install on btrfs

2016-09-29 Thread johnyjukya
Finally got around to doing a fresh install of Qubes 3.2rc3 on a btrfs root. It's quite wonderful, being able to clone a template or an AppVM instantly, taking no additional disk space except for changes. However, after the initial install, I had sys-net, sys-firewall and had to create them

Re: [qubes-users] USB VM

2016-09-27 Thread johnyjukya
> Hi JJ, > > My PC has 10 USB Bus's. > My keyboard and mouse are on bus 10, which is PCI device .XX.X and I > left that one on Dom0. Are they 10 separate PCI devices, 10 separate USB buses? I'd be very surprised if that were the case. But also very impressed, and wanting such a motherboard

Re: [qubes-users] USB VM

2016-09-27 Thread johnyjukya
> I want to get the USB VMs to work, but I use keyboard and mouse via USB, > not PS/2, so it will not permit me to configure it. > > I wish to attach specific USB Ports to Dom0, which is 1 of the bus's. And > the other USB bus's to the USBVM, but I can't find out what device to > attach to Dom0 to

Re: [qubes-users] USB VM

2016-09-27 Thread johnyjukya
> It may no longer be the case, but it used to be that most USB keyboards > and mice had controllers that also automatically auto-detected and > supported PS/2, with a simple passive passthrough dongle between the > USB->PS/2 connection. > >

Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?

2016-09-27 Thread johnyjukya
> Yeah, Joanna is seriously epic. Upon that, we can all agree. Everything she designs or writes up, seems bang-on (and wonderfully informative) in this increasingly security-threatened world we're living in. She's probably just a fictional character created by the NSA to mesmerize and lure us

Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?

2016-09-27 Thread johnyjukya
> You can get a motherboard that has a removable bios chip that you can just > snap in to replace, Then call the company and have them send you one or > two to hold onto for emergency lol. There is also mobos with dualbios, > most ly this is for bringing a bricked board back to life. I actually

Re: [qubes-users] Screen geometry for VMs

2016-09-27 Thread johnyjukya
> I'm back with a brand-new workstation setup to try Qubes on. I bought a > Matrox C680 and hooked up six monitors to its DisplayPort outputs. I'm > using Qubes R3.2 fully updated as of now, with XFCE. Six monitors??? Wow! Can I come over and hang out at your place? JJ -- You received this

Re: [qubes-users] USB VM

2016-09-28 Thread johnyjukya
> Hi JJ, > > Did some more testing, you were right, I only have 3. Hey, that's still pretty handy for separation. In Qubes VM Manager, for a chosen VM, you *should* be able to pick a given PCI USB device and assign it. Only having one USB bus myself, also used for root, I haven't tried this. I

Re: [qubes-users] "Carrying forward" a DMA attack..?

2016-09-25 Thread johnyjukya
> Let's say I have a Qubes machine connected to a 2nd laptop by Ethernet. > > The Qubes machine is sharing its Internet connection. > > Let's say the Qubes machine gets hit with a DMA attack. > > The 2nd laptop is not a Qubes machine, and therefore doesn't have VT-D for > DMA protection. > > Can

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-25 Thread johnyjukya
> Simple question: Why are Ethernet and WiFi in sys-net..? > > Is it > > (A) Just for easy access to the same network for all App VMs..? > > (B) Because this is isolating Ethernet and WiFi from the rest of the > system, to stop DMA attacks..? Primarily (B). Any DMA attack or other network

Re: [qubes-users] "Carrying forward" a DMA attack..?

2016-09-25 Thread johnyjukya
> If the Qubes machine is hit by a DMA attack, it is compromised and could > thus tamper with the forwarded Internet connection however the attacker > desires. (As well as scraping any credentials you might use in common on > the Qubes box, and carrying out aggressive attacks on anything on your

Re: [qubes-users] "Carrying forward" a DMA attack..?

2016-09-25 Thread johnyjukya
Chris wrote: > Especially if you did the sharing via a separate vpn or ssh tunnel. But > in general, I don't think Qubes security should be considered much if > any benefit to adjacent non-Qubes systems. I'm curious as to why you would say this. Any additional firewall between a Laptop and the

Re: [qubes-users] "Carrying forward" a DMA attack..?

2016-09-25 Thread johnyjukya
Chris wrote: > Especially if you did the sharing via a separate vpn or ssh tunnel. But > in general, I don't think Qubes security should be considered much if > any benefit to adjacent non-Qubes systems. This is one of my favorite implicit features of Qubes: Setting up multiple layers of network

Re: [qubes-users] Restored, and it's missing so much...

2016-09-26 Thread johnyjukya
> Hmmm, you would probably also need to re-export the app shortcuts to dom0. > This *may* be the best way to do it, but the Qubes devs may have a better > suggestion. Open a terminal in the newly restored VM and run: > > "/usr/lib/qubes/qrexec-client-vm dom0 qubes.SyncAppMenus /bin/sh >

Re: [qubes-users] Why are Ethernet and WiFi in sys-net..?

2016-09-26 Thread johnyjukya
> Wow. Not even 4 GB of compiled drivers for the WiFi. You are saying it's 4 > GB of raw plaintext source code..? > > WOW > > That's INSANELY complex. Apologies, I spoke a bit hastily. What was seeing was 4 million Git objects, not 4G of data (although it may be). And that included all branches

Re: [qubes-users] I can't disable ipv6 on Debian Template

2016-09-26 Thread johnyjukya
> Really ? No one to find also suspicious a wild init/1 tcp6 port listening > on your templateVM, right out of the box ? This got to be real. ... > I am answering you on my phone just because it seems my old Qubes deleted > partition doesn't like very much my USB key to runs over it, for some >

Re: [qubes-users] Snapshots - Use of CoW

2016-09-26 Thread johnyjukya
> On Monday, 26 September 2016 12:11:56 UTC+10, johny...@sigaint.org wrote: >> AppVM's are designed to toss changes, other than /home, /rw, /usr/local. >> It's a good thing; if one gets compromised, it's a temporary compromise. >> :) >> >> If you want permanent changes, update your template. >>

Re: [qubes-users] Restored, and it's missing so much...

2016-09-26 Thread johnyjukya
> I just copied my standalone VM that was working, to back it up. > > Then I restored the .img files, which is the HDD, and now it's telling me > I don't have the dependancies to run the application that I was running > before I copied the img files. > > Why is this broken? > Why will

Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?

2016-09-27 Thread johnyjukya
> On Tuesday, September 27, 2016 at 6:51:31 AM UTC-4, neilh...@gmail.com > wrote: >> If I think a computer has been infected, is there anything else I should >> wipe/re-install other than >> >> 1. Hard Drive / Operating System >> >> 2. BIOS This also brings up the question of BIOS vs. EFI, which

Re: [qubes-users] Anything else to wipe other than HDD and BIOS..?

2016-09-27 Thread johnyjukya
> I forget which blackhat event, they showed how you can think you are > flashing a bios. But the malware will remain. That's creepy. Don't most BIOS flashing utilities do a verification? Or perhaps the flashing utility itself is what was compromised in the blackhat demo. Another reason why

Re: [qubes-users] Anything else to wipe other than HDD and BIOS..?

2016-09-27 Thread johnyjukya
> If I think a computer has been infected, is there anything else I should > wipe/re-install other than > > 1. Hard Drive / Operating System > > 2. BIOS > > Is there anything else that a hacker could possibly infect that needs to > be wiped/re-installed..? Lol, don't get me started... - Any PCI

Re: [qubes-users] "Carrying forward" a DMA attack..?

2016-09-27 Thread johnyjukya
>> Especially if you did the sharing via a separate vpn or ssh tunnel. But >> in general, I don't think Qubes security should be considered much if >> any benefit to adjacent non-Qubes systems. >> >> Chris >> >> > The benefits far outweigh the risks, as long as you don't do most of >> your >> >

Re: [qubes-users] Re: Anything else to wipe other than HDD and BIOS..?

2016-09-27 Thread johnyjukya
> How about Google Chromebooks which have a system to auto-restore the OS if > it thinks it's been tampered with..? Doesn't that imply trust in Google, who is known to cooperate with NSA and such (as required by US law)? I have had serious problems with a hacked Android phone, and the

Re: [qubes-users] Re: I can't disable ipv6 on Debian Template

2016-09-27 Thread johnyjukya
> Also just to add qubes devs have fedora template with less listening > process then debian-8 which is not default and more community based. But > if you want to use use debian instead for your sysnet or firewall or w/e. > You can disable all the listening processes yourself. It's an

Re: [qubes-users] Re: I can't disable ipv6 on Debian Template

2016-09-27 Thread johnyjukya
> The "listening" services are less of a concern, since the firewall > wouldn't permit any incoming connections to be passed through to start > with. It's the "phone home" style services, like time sync, Samba name > lookups on microsoft servers, and such, that are more concerning, and >

Re: [qubes-users] Re: I can't disable ipv6 on Debian Template

2016-09-27 Thread johnyjukya
> My PC's RT clock might drift by a few seconds each week Actually, it's not even that bad. I'm sure I've fired up motherboards or laptops that haven't been touched in years, and their clocks were accurate within a minute. So there's no need for synchronizing your time so frequently. I just

  1   2   >