Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-09-18 Thread 54th Parallel 
On Tuesday, 15 September 2020 at 01:13:13 UTC+8 m.fernande...@gmail.com 
wrote:

> The cloud-based aspect of Chromebooks means that in those situations where 
> you don't consider you have much local on-site security, you can gain extra 
> security by keeping things in the cloud, and using cloud software. I cover 
> some of the reasons why this is the case, in the "Sandboxing and cloud 
> computing" section I wrote in the End-user Computer Security book hosted on 
> Wikibooks (which can be accessed here 
> 
> ).
>
> Otherwise, Chromebooks can have security advantages because they use an 
> open-source secure custom BIOS/UEFI known as Coreboot. Vendor-supplied OEM 
> pre-installed closed-source BIOS/UEFI firmware can pose a security 
> vulnerability--they can also be hard to replace with a custom firmware 
> (which I'm particularly finding at the moment). Some info on the security 
> aspects of custom BIOS/UEFI firmware can be found here 
> 
> .
>
> That said, I definitely have security concerns over using the cloud. 
> Keeping things on-site would probably be ideal in the case that you have 
> strong on-site security.
>

Hi Mark,

I've read your wiki entries and enjoyed them--thanks for taking the time to 
share the information. I just want to clarify that Chromebooks do have 
local storage and that this can be completely isolated from the cloud (and 
usually is). This means I can choose not to be at the mercy of the cloud 
and the condition of my internet connection. 

Also, I've been looking for evidence that Chromebooks generally have 
Coreboot installed several years ago before using Chromebooks and now after 
reading your article. I've failed to find any so far, aside from sites like 
MrChromebox that mentions older devices. I know that there are ARM 
Chromebooks, but from a business point of view I don't really see why 
Google would feel the need to replace ME with Coreboot for the wide variety 
of CPUs in their devices (though I wish it were true).

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3579f8bf-372f-44b8-8d32-cb06cd15f498n%40googlegroups.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-09-14 Thread Mark Fernandes 


On Wednesday, 26 August 2020 at 17:01:20 UTC+1 sv...@svensemmler.org wrote:

>
> ... Google earns almost all their money 
> by selling user data / presenting advertisements. ...
>
> Even if the engineers working on their products have good motivations, 
> as a publicly traded corporation Google's goals are ultimately 
> maximizing "shareholder value"... which you can see by them making 
> compromises for suppressive states (China et al). The same is true for 
> any corporation including Apple. 
>

I'm not so clued-in about the mechanics behind publicly traded 
corporations, but I would have thought that maximising profits (which 
perhaps is what you are implying) is the only goal. Some businesses can 
sacrifice profits for a certain set of ethics...
 

>
> > Chrome OS is cheap and sufficient enough for this particular set of 
> > low-stake needs I have. 
>
> That's perfectly fine. ...
>
 

> What I want to provide is an explanation why people in this forum -- who 
> care a lot about both security and privacy -- have a particular dislike 
> for surveillance capitalistic superstars like Google, Microsoft and 
> Facebook. The basic (lack of) trust argument can be made about all 
> non-open technology. 
>

Whilst there is a relationship between privacy and security, increasing 
security doesn't necessarily mean that you increase privacy. Your arguments 
against Google seem to be significantly in relation to privacy, but 
sometimes security can be increased at the cost of losing privacy.

The cloud-based aspect of Chromebooks means that in those situations where 
you don't consider you have much local on-site security, you can gain extra 
security by keeping things in the cloud, and using cloud software. I cover 
some of the reasons why this is the case, in the "Sandboxing and cloud 
computing" section I wrote in the End-user Computer Security book hosted on 
Wikibooks (which can be accessed here 

).

Otherwise, Chromebooks can have security advantages because they use an 
open-source secure custom BIOS/UEFI known as Coreboot. Vendor-supplied OEM 
pre-installed closed-source BIOS/UEFI firmware can pose a security 
vulnerability--they can also be hard to replace with a custom firmware 
(which I'm particularly finding at the moment). Some info on the security 
aspects of custom BIOS/UEFI firmware can be found here 

.

That said, I definitely have security concerns over using the cloud. 
Keeping things on-site would probably be ideal in the case that you have 
strong on-site security.


Kind regards,


Mark Fernandes



/Sven 
>

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/85511eb5-061d-468a-87e5-017d0e37295cn%40googlegroups.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-26 Thread Sven Semmler 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 8/26/20 3:07 AM, 54th Parallel wrote:
> the wider point I want to make is that people jump on Chrome OS
> simply for being an OS by Google.

Well, that is a bit understandable. Google earns almost all their money
by selling user data / presenting advertisements. They dominate the web
and push their ideas through Chrome and Android in a way Microsoft could
have only dreamed of.

Even if the engineers working on their products have good motivations,
as a publicly traded corporation Google's goals are ultimately
maximizing "shareholder value"... which you can see by them making
compromises for suppressive states (China et al). The same is true for
any corporation including Apple.

> Chrome OS is cheap and sufficient enough for this particular set of
>  low-stake needs I have.

That's perfectly fine. None of the above is a criticism of your decision
to use anything. I have a Windows 7 qube (to run some business software
in isolation) and my wife uses a Mac because that's the best compromise
(Qubes in it's current form would be too much hassle for her).

What I want to provide is an explanation why people in this forum -- who
care a lot about both security and privacy -- have a particular dislike
for surveillance capitalistic superstars like Google, Microsoft and
Facebook. The basic (lack of) trust argument can be made about all
non-open technology.

> That said, I bought two new laptops just for Qubes and have sunk
> months into understanding it, so I'm not shilling for Chrome OS
> here.

Understood. I didn't mean to imply otherwise.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl9Ghx8ACgkQ2m4We49U
H7bJZRAAxO3NtPCGs3SXiJsRftOEVzEWuamfhWXNqt8rcrWVA2RjI9zMyWiTbuB7
qA+JT28gWA3TLOSB/7Wo4w3i00zIn3fFNLzZsGVoudD313fcD/wGalghwsM38+0H
9agwFhSgIBSyZo4TLl8C6VyUHeIg4XeHY1ewdsbST3KV9IMI0+l2y+wkgHwSAdwx
aoszb+uLekxqRSnavDlPb/jsENW+afch1tDlSceUwpGwTmMkQw+UJXmeGg7s093r
73T3ypJBUNIjexB63gRut53xUH9s1BUG2BnPTWKIpzkYDpybxYd6cNvIvFP1jayc
daVrj2xhtZeumvPR7Yxl790yg1HFRA3nT0wsfcrLQFBPXgBghLRvPIRPJhoDhPsU
p8AxBrDLO6OCzUDFzEDejoD1VU5hmhpEjuoroEAjfj1974FHKNgtfdAaLpZlh0Nd
OIEmKshtQle1alwUD9rxT1w+dE8njzh3HFVi2z2+kLLRFAZgjLVMQNXYkIozkAud
NqfsxjeWc/51bMBnhjsKWuD1yBc7vJK03m49ZgtbfG/3eeXAYEaTnlP5+SgeM9O+
Tday1lHnzCImdrxENuFNwU7XXpDehVkiE7cxcggCD1gpTFlOSqIDh7ibO0tuJLZD
3yDJ9pFzV40ZS4O0PWx0uAVsyJZKzp2ugBZ5SRhq66yhXeZEo3E=
=ilFv
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e775f2bc-7269-5d02-84ef-f555a2aef69e%40SvenSemmler.org.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-26 Thread 54th Parallel 
On Wednesday, 26 August 2020 at 10:52:47 UTC+8 sv...@svensemmler.org wrote:

> Here are my thoughts: security is on a spectrum, here are two extremes: 
>
> a) 
> - - completely offline 
> - - in a locked room at a secure location 
> - - completely shielded 
> - - I never leave that room 
>
> b) 
> - - always connected to the internet 
> - - running on proprietary hardware 
> - - software is partly or completely closed 
> - - data lives "in the cloud" (aka other peoples computer) 
>
> Security is also about what I want to be secure from. 
>
> a) keeps me pretty secure except from the government of the location 
>
> b) keeps (maybe) some script kiddies away if the provider knows their 
> stuff, but any skilled criminal / company / state actor own you in no ti 
> me 
>
> ... which is why I have no understanding at all for all those 
> companies moving their stuff into office365 ... what are they thinking? 
>
> /Sven 
>

Well, if this is a criticism of me using Chrome OS for certain tasks, may I 
politely suggest that you take some time to read about Chrome OS as well. 
The assumption that my data lives in the cloud is not necessarily true and 
my threat model (which is basically what your post is about) is different, 
but the wider point I want to make is that people jump on Chrome OS simply 
for being an OS by Google. 

Qubes (the user in the thread) isn't wrong when he said that privacy and 
security are two sides of the same coin, but, provided you're aware of the 
potential risks (e.g. profile-building, keystroke deanonymization, and much 
more), Chrome OS is cheap and sufficient enough for this particular set of 
low-stake needs I have. That said, I bought two new laptops just for Qubes 
and have sunk months into understanding it, so I'm not shilling for Chrome 
OS here.

Security overview for the open-source Chromium OS (Gentoo-based) which 
forms the base for Chrome OS:
https://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/71ae9e45-3af8-4b1f-a860-2f6a26366463n%40googlegroups.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-25 Thread Sven Semmler 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 8/22/20 5:11 AM, 54th Parallel wrote:
> I don't want to get into an argument with you, so all I'll say is
> that you should probably read up more on ChromeOS.

Here are my thoughts: security is on a spectrum, here are two extremes:

a)
- - completely offline
- - in a locked room at a secure location
- - completely shielded
- - I never leave that room

b)
- - always connected to the internet
- - running on proprietary hardware
- - software is partly or completely closed
- - data lives "in the cloud" (aka other peoples computer)

Security is also about what I want to be secure from.

a) keeps me pretty secure except from the government of the location

b) keeps (maybe) some script kiddies away if the provider knows their
stuff, but any skilled criminal / company / state actor own you in no ti
me

... which is why I have no understanding at all for all those
companies moving their stuff into office365 ... what are they thinking?

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl9Fzl0ACgkQ2m4We49U
H7ZixRAAvXHCkPILxo/pAZbeZVa5ULpfq8+RB5nqP8JYnOWne0I8lJINK+uMpC31
h7/7I1MRaI2Y37BqjrIQrx0AMtBn9lDb59kUcDMKqpWjC+ISaVfM/m8n2mbt5hkD
CTQsex9gfesxcet/krybXZyj4GWAyjSe8AMtKbvWH7yZVEgE1ZoZD8zKHUzErz4/
xr1QnJLWbrsI3ThqgREAfw7PJhvrsV8Onr/u5lQo1V41Qup/uXvE3Kkxk/fERw7A
5fZZ/Ndw2AHhKZc+MnV6RNSjC5QJjvsyScAGpq0RqpgrACfdiCiHnOg+F06W7oFG
sIGwsaSs26rgbct9IU8UxrTsKz530BJlbp+bMMCReAfy+w88OxpafaJhPUGCjF37
emzvn1C/1ZPwz5PEDOf2p5siXu48O5a8kYS5vV48YqDDUw5bF2cj+WIq3YsfGZH8
hSE/yCYyuKb7pE+GywLU0miiF2eMfddsoIwpi0VtkIvixBUXMoFeKf9QMcFtGhnk
HEDWPNSmsb0p6bAyV0Wdr8O3R4rj7UG3m5ZTcdm8t2A1Bp0NZJhPevUMYRx2g7A5
9dX/extGXoXGEYiQipWh+rheAIF3tnN7s5RRcWYBkUPElJ/fkwooKwthIcZCnso1
1Q5R52UCk1xQDSjAhDOAudQHmvjcfqKFlCKLQDIKicpxMYaK2oI=
=7B+m
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a4371ecf-46d7-abd8-8dde-7f5daa9e4dda%40SvenSemmler.org.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-22 Thread 54th Parallel 
On Saturday, 22 August 2020 at 17:37:24 UTC+8 Qubes wrote:

>
> Yes a big difference, but the two are intertwined in ways that it is 
> impossible to separate them. If you believe an operating system from 
> Google, Microsoft, Apple, or any other tech giant, provides 
> "near-absolute" security I think you have been wholly misguided. 


I think you're being uncharitable about my judgments. I don't want to get 
into an argument with you, so all I'll say is that you should probably read 
up more on ChromeOS. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2fe0d61d-7934-4b25-a7c4-2a588230795fn%40googlegroups.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-22 Thread Qubes 




There's a difference between privacy and security. Chrome OS provides
security (near-absolute security, some might say) but obviously little
privacy is to be expected.
  
Yes a big difference, but the two are intertwined in ways that it is 
impossible to separate them. If you believe an operating system from 
Google, Microsoft, Apple, or any other tech giant, provides 
"near-absolute" security I think you have been wholly misguided.



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/29af-8dac-1b75-d536-db9a97e1%40ak47.co.za.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-21 Thread 54th Parallel 
On Saturday, 22 August 2020 at 01:35:05 UTC+8 Qubes wrote:

>
> If you configure Firefox and uMatrix properly you should see less of 
> these funnies creep up. Have a look at this guide, 
>
> https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs.
>  
>
>
> If that is too much for you there is also a 'for dummies' guide, 
>
> https://12bytes.org/articles/tech/firefox/the-firefox-privacy-guide-for-dummies.
>  
>
>
> The above guides are linked full of very useful information, tips and 
> tricks, proper configuration methodology, and plain good old advice. 
>
 
I'm using Chrome, but this might come in handy for when I use Firefox. 
Thanks
 

> I find it a bit funny that you are paranoid about some unknown adversary 
> tampering with your hardware in transit but you seem to use Google 
> products a lot. 
>

There's a difference between privacy and security. Chrome OS provides 
security (near-absolute security, some might say) but obviously little 
privacy is to be expected.
 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/b0b1c9f1-5309-470a-8c94-a9c6e16ef60cn%40googlegroups.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-21 Thread Qubes 

On 8/21/20 6:37 PM, 54th Parallel wrote:

On Friday, 21 August 2020 at 23:35:05 UTC+8 deeplow wrote:


It's working just fine for me (also tried it in chromium version
83.0.4103.116). Does it work for you in other browsers?



Working fine on Firefox and Tor Browser, but not Chrome 84.0.4147 on Chrome
OS (yes, I'm a dirty Google user). I did some tinkering and I misspoke
earlier--uMatrix was showing everything being allowed so I said it was
disabled. It turns out actually switching off uMatrix allows the site to
appear, even though it should theoretically not be doing anything.

This was *not* the case earlier, hence why I was (and am) so confused.
Someone should see if they can replicate this.

If you configure Firefox and uMatrix properly you should see less of 
these funnies creep up. Have a look at this guide, 
https://12bytes.org/articles/tech/firefox/firefoxgecko-configuration-guide-for-privacy-and-performance-buffs.


If that is too much for you there is also a 'for dummies' guide, 
https://12bytes.org/articles/tech/firefox/the-firefox-privacy-guide-for-dummies.


The above guides are linked full of very useful information, tips and 
tricks, proper configuration methodology, and plain good old advice.



I find it a bit funny that you are paranoid about some unknown adversary 
tampering with your hardware in transit but you seem to use Google 
products a lot.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/19c47928-15dd-0ca3-bb72-cf8d1860b457%40ak47.co.za.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-21 Thread 'deeplow' via qubes-users 
‐‐‐ Original Message ‐‐‐
On Friday, August 21, 2020 4:37 PM, 54th Parallel 
 wrote:

> On Friday, 21 August 2020 at 23:35:05 UTC+8 deeplow wrote:
>
>> It's working just fine for me (also tried it in chromium version 
>> 83.0.4103.116). Does it work for you in other browsers?
>
> Working fine on Firefox and Tor Browser, but not Chrome 84.0.4147 on Chrome 
> OS (yes, I'm a dirty Google user). I did some tinkering and I misspoke 
> earlier--uMatrix was showing everything being allowed so I said it was 
> disabled. It turns out actually switching off uMatrix allows the site to 
> appear, even though it should theoretically not be doing anything.
>
> This was *not* the case earlier, hence why I was (and am) so confused. 
> Someone should see if they can replicate this.

uMatrix has also trolled me quite a few times when accessing discourse 
instances due to all the CDN stuff. Glad it's sovled. See you there!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7_-oNTbZqHLrtZ1573O9v5ZnbN6Cgr0oQPagaJUlIC6pBtjvsqHJ7WsxuQrgvUum2p3kxYn1nKs1wzt0giwh5nPDYQah2cr80VGWPtccVCE%3D%40protonmail.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-21 Thread 54th Parallel 
On Friday, 21 August 2020 at 23:35:05 UTC+8 deeplow wrote:

> It's working just fine for me (also tried it in chromium version 
> 83.0.4103.116). Does it work for you in other browsers?
>

Working fine on Firefox and Tor Browser, but not Chrome 84.0.4147 on Chrome 
OS (yes, I'm a dirty Google user). I did some tinkering and I misspoke 
earlier--uMatrix was showing everything being allowed so I said it was 
disabled. It turns out actually switching off uMatrix allows the site to 
appear, even though it should theoretically not be doing anything.

This was *not* the case earlier, hence why I was (and am) so confused.  
Someone should see if they can replicate this.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f8f0a9a6-1285-474e-92a3-c4c5c258331en%40googlegroups.com.

Re: [qubes-users] Re: Announcement: New community forum for Qubes OS users!

2020-08-21 Thread 'deeplow' via qubes-users 
On Friday, August 21, 2020 3:15 PM, 54th Parallel 
 wrote:

> On Friday, 21 August 2020 at 01:21:11 UTC+8 a...@qubes-os.org wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>>
>> Dear Qubes community,
>>
>> We're pleased to announce the launch of a new forum for Qubes OS users:
>>
>> https://qubes-os.discourse.group
>
> Not sure if I'm the only one, but after working for me earlier (I replied to 
> a question), the discourse.group link no longer works and just displays a 
> blank page on Chrome with extensions disabled. Doesn't seem like VPN 
> blacklisting.

It's working just fine for me (also tried it in chromium version 
83.0.4103.116). Does it work for you in other browsers?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/t23gZTXqqt0rSpDAqo8XcZnF9SPeG4yJRDS4YWL6kqT0PdiNA2gXb0TTMiQ6Mpmp60dlWECmC-W5TEwHegAk5lAInQuVqo2ew_-E7e0aOL0%3D%40protonmail.com.