Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-20 Thread raahelps
On Thursday, October 20, 2016 at 8:38:38 PM UTC-4, Manuel Amador (Rudd-O) wrote: > On 10/20/2016 05:12 PM, pleom...@gmail.com wrote: > > @Jeremy Rand > > > > realy sorry about that,i didnt think that someone get some emails. > > THOUSANDS of us get "some emails" from you. > > > But this thing of

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-20 Thread Manuel Amador (Rudd-O)
On 10/20/2016 05:12 PM, pleom...@gmail.com wrote: > @Jeremy Rand > > realy sorry about that,i didnt think that someone get some emails. THOUSANDS of us get "some emails" from you. > But this thing of system security is important. > The fact that security — which you do not seem to understand

[qubes-users] Re: philosofy on qubes and other environment

2016-10-20 Thread pleomati
@Jeremy Rand realy sorry about that,i didnt think that someone get some emails.But this thing of system security is important. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it,

[qubes-users] Re: philosofy on qubes and other environment

2016-10-16 Thread raahelps
On Sunday, October 16, 2016 at 12:03:59 AM UTC-4, pleo...@gmail.com wrote: > I dont know how to install it,im so stupid omg.Maybe like ProxyVM and route > trafic by pFsense? but its no option to choice only fedora debian.WTF im so > stupid.I dont know how to install it. Its too complicated for

[qubes-users] Re: philosofy on qubes and other environment

2016-10-16 Thread raahelps
On Saturday, October 15, 2016 at 11:38:07 PM UTC-4, pleo...@gmail.com wrote: > unikernel u mean this? > http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ > i have installed it and work good. ya thats what i was talking about, nice I'll have to try it out. -- You

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
Ok i probobly figure it out how to do this.Install pfsense as HVM configure and then in qubes managment change HVM to proxy VM.But i dont know how to do this... maybe create proxyVM as name pfsense then delete in directory via terminal and copy HVM on the same name so qubes will see it as a

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
I dont know how to install it,im so stupid omg.Maybe like ProxyVM and route trafic by pFsense? but its no option to choice only fedora debian.WTF im so stupid.I dont know how to install it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
But i prefer to build that kind of sys-firewall on something like pfsense bcs its real firewall. Tell me how to build pFsense (or something familiar) firewall on Qubes and set to default. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
maybe this mirage-kernel should be add to standard repo config in Qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
unikernel u mean this? http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/ i have installed it and work good. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
I would love to see an openbsd, or some more hardened sys-firewall. There have been some community efforts maybe you can create one. we have minimal templates available now. I read about a unikernel someone made for qubes that looked interesting. Maybe you can create something. Qubes team

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 10:02:32 PM UTC-4, pleo...@gmail.com wrote: > for an example it was much better for security if that no build on the same > but somethin like this > > ubuntu (sys-net)-pfsense(sys-firewall)- appVM (debian or fedora) again probably only making a real difference

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
for an example it was much better for security if that no build on the same but somethin like this ubuntu (sys-net)-pfsense(sys-firewall)- appVM (debian or fedora) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
look at qubes how is it build? vitrualisation of the same environment 1-2-3 is separated but its still the same so somoene exploit 1 then exploit 2-3 on recursive. i mean by this vitrualisation same topology. So what i mean is better way to multiple topology than avoid recursive exploits.

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Andrew
pleom...@gmail.com: > or the worst thing if hacker cant do this he can try to compromize > sys-firewall in the same way as sysnet bcs its the same topology.And after > compromizing sys-firewall then can do whatever he like. > I'm not sure what you're trying to say here. Anyway it should be

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 9:17:14 PM UTC-4, johny...@sigaint.org wrote: > > Andrew: > > This kind of security-first posture is what has made Qubes famous. > > I agree that Qubes separation is probably the most secure basis for a > reasonably usable PC-based platform today. It's all I'll

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/16/2016 12:16 AM, pleom...@gmail.com wrote: > look guys if someone compromize sys-net then go route trafic by fake dns and > sites.You paste your credit card or something and all data goes to the hacker. If someone compromises the network card of your AppArmor-enabled Ubuntu instance, the

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread johnyjukya
> Andrew: > This kind of security-first posture is what has made Qubes famous. I agree that Qubes separation is probably the most secure basis for a reasonably usable PC-based platform today. It's all I'll use. (I worry about 4.0 not working on my hardware, tho. And upgrading hardware brings

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
or the worst thing if hacker cant do this he can try to compromize sys-firewall in the same way as sysnet bcs its the same topology.And after compromizing sys-firewall then can do whatever he like. -- You received this message because you are subscribed to the Google Groups "qubes-users"

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
look guys if someone compromize sys-net then go route trafic by fake dns and sites.You paste your credit card or something and all data goes to the hacker. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Andrew
pleom...@gmail.com: > But look every vms in qubes base on the same,so if someone compromize sys-net > VM then it should not be so hard to compromize other VMs. > It would compromise sys-net. Any writes to the template-based volume (with /bin, /usr, /var, etc.) are discarded upon VM reboot.

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Andrew
Andrew: > pleom...@gmail.com: >> If there is no user acces control like a real root real user then its no >> sense to use it. >> > > I think you've missed something pretty fundamental. > > Throw out everything you know about the Linux kernel and how it enforces > security (including MAC).

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Andrew
pleom...@gmail.com: > If there is no user acces control like a real root real user then its no > sense to use it. > I think you've missed something pretty fundamental. Throw out everything you know about the Linux kernel and how it enforces security (including MAC). Qubes takes the position

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
If there is no user acces control like a real root real user then its no sense to use it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
the idea of apparmor is to resist to app to resources they need to run and nothing more. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 7:09:00 PM UTC-4, raah...@gmail.com wrote: > On Saturday, October 15, 2016 at 7:08:24 PM UTC-4, raah...@gmail.com wrote: > > On Saturday, October 15, 2016 at 5:48:16 PM UTC-4, pleo...@gmail.com wrote: > > > @ raa...@gmail.com > > > > > > dont know if this have any

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 7:08:24 PM UTC-4, raah...@gmail.com wrote: > On Saturday, October 15, 2016 at 5:48:16 PM UTC-4, pleo...@gmail.com wrote: > > @ raa...@gmail.com > > > > dont know if this have any sense bcs everything in qubes in default > > configuration is user accesible.Firstly

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 5:48:16 PM UTC-4, pleo...@gmail.com wrote: > @ raa...@gmail.com > > dont know if this have any sense bcs everything in qubes in default > configuration is user accesible.Firstly to use this it should be configured > user acces control wich qubes dont provide in

Re: [qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread Manuel Amador (Rudd-O)
On 10/15/2016 01:04 PM, pleom...@gmail.com wrote: > you never break armored ubuntu,this is fact... dont try be einstein to know > some way to do this.No way. > This e-mail in particular has caused me to burst into uncontrollable laughter. -- Rudd-O http://rudd-o.com/ -- You received

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 7:35:47 AM UTC-4, pleo...@gmail.com wrote: > i realy think that is more safer Ubuntu apparmored than this qubes OS. u can use apparmor with debian in qubes. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
you never break armored ubuntu,this is fact... dont try be einstein to know some way to do this.No way. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread pleomati
in AppVM is the same topology sys so its posible chain logic atack.1 break exploit get down and other vms have the same system so its like domino.Multiple topology can solve this. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe

[qubes-users] Re: philosofy on qubes and other environment

2016-10-15 Thread raahelps
On Saturday, October 15, 2016 at 12:14:44 AM UTC-4, pleo...@gmail.com wrote: > philosofy of qubes is that you are safe when your app is isolatet.This is > wrong just keep app in sandboxes or jails and what wrong can be happen? I think its more like you can never be 100% safe lol. sanboxes are

[qubes-users] Re: philosofy on qubes and other environment

2016-10-14 Thread pleomati
And if there is some kind of exploaitaion so the secure system should not been build on the same topology as its qubes bcs of chain exploits.So this system under security measures dont have any value ... bcs its build on the same linux topology ... someone brake 1 pcs brake on chain logic whole

[qubes-users] Re: philosofy on qubes and other environment

2016-10-14 Thread pleomati
yep i know someone exploit ur app and take control on ur environment.. but ... if app is in sandbox then he cant take any control on system bcs its a jail or sanbox. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this