On Wednesday, February 28, 2018 at 1:30:55 PM UTC-5, Yuraeitha wrote: > On Wednesday, February 28, 2018 at 7:10:33 PM UTC+1, Braden wrote: > > On Wednesday, February 28, 2018 at 12:50:23 PM UTC-5, Unman wrote: > > > On Wed, Feb 28, 2018 at 09:48:43AM -0800, Yuraeitha wrote: > > > > On Wednesday, February 28, 2018 at 6:38:49 PM UTC+1, Unman wrote: > > > > > On Wed, Feb 28, 2018 at 08:52:07AM -0800, Braden wrote: > > > > > > Performing some modifications to dom0, but when I run apps like > > > > > > wget from dom0 terminal I am unable to resolve addresses. Same if I > > > > > > were to try running firefox from dom0. Know this is because of > > > > > > security benefits, but how can I enable networking from there. Say > > > > > > I wanted to connect to dom0 from a vnc temporarily. > > > > > > > > > > > There's almost never any need to do this. If you want to install > > > > > packages you can use the update mechanism. Otherwise download files > > > > > in a > > > > > qube and then copy them in to dom0 and install them there. > > > > > If dom0 is compromised then all your qubes are open. > > > > > > > > > > But you probably know this already. > > > > > > > > > > As things stand it's difficult, but not impossible to access dom0. You > > > > > could open a channel to allow vnc to a qube and use socat and an rpc > > > > > service to front to dom0. But really just dont do it: it subverts the > > > > > whole point in using Qubes. > > > > > > > > btw, isn't it possible that he can use the Qubes 4 dom0 admin features > > > > to make changes to VM's from a remote location? Could the solution be > > > > to upgrade to Qubes 4 and use that instead? I haven't yet went > > > > discovering/understood the limitations of the Qubes 4 dom0 admin tools, > > > > but isn't this a perfect match to his goal if he upgrades? Apologies if > > > > I misunderstood how the dom0 admin features work, I haven't started > > > > using it my self yet. > > > > > > > > > > Yes, it is. > > > OP could read this post > > > https://www.qubes-os.org/news/2017/06/27/qubes-admin-api/ > > My hardware is only 3.2 supported rn as you guessed, suppose I could > > explore the unique service idea, is there anything similar on *nix > > From a security point of view, Qubes 4 is probably long past the point to > surpass the security risk there is to opening up dom0 to networking (if > comparing the two situations purely from a security risk point of view). So > if you got the time for it, it might be worth it to install Qubes to gain > access to the dom0 admin tools. In terms of reliability, well personally I > feel Qubes 4 is pretty stable, I haven't had any major issues. But they're > still working on it, though, I believe it's because they want it to as > perfect as possible. It's very different from being ready to release, and to > release something near a perfection goal. Well obviously perfection is a > dangerous word to use, but it can translated into high quality instead. > That's how I perceive it at least. If you got the time, it may be worth > upgrading. > > Perhaps others may put in a word for how ready they perceive Qubes 4 is for > productivity and mission critical work. Since it isn't officially released as > as a final release yet, the more views on this matter, the merrier and more > accurate it'll be.
I'm excited for qubes 4 as well, even for more than the admin tools. It's just that my hardware doesn't support it the upgrade :( -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ad2d5889-0fb0-41e5-804f-80ed1ac29752%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
