[qubes-devel] Re: [qubes-users] Request for feedback: 4.9 Kernel
On 06/21/2017 12:45 AM, Chris Laprise wrote: On 05/24/2017 03:51 PM, Chris Laprise wrote: 4.9 is working OK so far. I was using 4.8 prior to this. Additional note: 4.9 seems to resolve a zombie process issue I was having with 4.8 (domU), and the 4.9.33-18 security update is working well so far. The newer 4.9.35-19 kernel has a side-effect: The return of an old problem where netVMs refuse to start unless an appVM has already been started. This means at boot I can't start anything network-connected until I start a non-networked VM. IIRC it was Qubes R3.0 that had this problem. -- Chris Laprise, tas...@openmailbox.org https://twitter.com/ttaskett PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/8a2177eb-b43e-c467-e23e-0afc375374e6%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Fedora 25 template for Qubes 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2017-07-13 15:52, Marek Marczykowski-Górecki wrote: > On Thu, Jul 13, 2017 at 10:49:53PM +0200, Marek Marczykowski-Górecki wrote: >> Hi all, > >> We've uploaded Fedora 25 template for Qubes 3.2. It was already possible >> to perform in-place upgrade[1], but now we also provide full template. > >> You can install it with: > >> sudo qubes-dom0-update qubes-template-fedora-25 > >> We've tested it internally, but you can help us here too! >> This is one of things to be included in Qubes 3.2.1. > >> [1] https://www.qubes-os.org/doc/template/fedora/upgrade-24-to-25/ > > Andrew, what do you think about posting this to qubes-announce in a week > or so (unless some major issues are found)? > Didn't we agree that qubes-announce is only for QSBs and new Qubes OS releases? Other than that, sounds good. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJZaEu/AAoJENtN07w5UDAwBt0QALt4IvknNw2k4MIuaUchnFm3 P1TPdeyDZ2dvVhtXuMznhhPKE79wPju/l5M5LhV65Iq6RHbak/aOTkgaKVRwxxEK x0OAGaRLVTU/f4Uye9mNA4iWwXsnnLur8/8K8E78n+UYLb8SMa7qlgFztk2QACGb moNpXFZX488zRr7x6+3lYji6ryfUwunpjz73pcqa/NT+LkCWGTKlDzrzM5waiHSm adplx1RuwX4iaDmZYA2IKTQwc6+heR58k/iamhZaDx8E/WfTJgI3KXhtKoLeDhWr t18c+NFCC8dHdIhlHGzCJ3YIE8I6QGltp8lLX+PQjuMwcOPZCdn2TD6ymfximByy iMSzsYE2ZhvFEAJS618p0z0Hm5uErzPUVc3KjJsGHv0ugoLe+vCmSuRhwR2C/i0b NNh3eUWI/7Z3b4jsmU2B54szThTEc1XfNMqlaO8xHn2qxM71HZzUaCp2qxCvpOLt SIjAaz8qQtEp/uX5+HCFxms69xxKpv4k+U7kvmgX2oJrmOb5YMqR8jDDxSx6US2i amp/zKYlhOR80MN3qiddPNhXiFmoKDXWMINsZvKjcaozmZ1aBBq6CTyccx28pSUM NbMvbzU0xP5NwIx0LqtzdWCugn7565ol+lxc04ykR+JCBpSgH7rjye/vzfkVupok Wh+SrGsFYEnj5Tn9vLd6 =1fQV -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/a5cde72e-402c-e9e7-4eb4-0cdcfe4cd591%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: 'Hypervisor Introspection defeated Eternalblue a priori'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 13, 2017 at 04:45:35PM -0700, pixel fairy wrote: > On Friday, July 7, 2017 at 1:20:10 PM UTC-7, Chris Laprise wrote: > > > > I know Joanna's reservations about VM introspection, but this > > Bitdefender introspection example is interesting nonetheless: > > > > > > https://businessinsights.bitdefender.com/hypervisor-introspection-defeated-enternalblue-a-priori > > > > > > Im curious about these reservations. is it the attack surface? Yes, at least two kinds: 1. Enabling API for reading VM memory break VM isolation - misbehaving monitoring VM can steal any secret and you'll never know 2. Parsing VM memory (operating system structures, application structures etc) is very complex - VM that know it is monitored can try exploit the parsing code; then go to point 1 for example As for examples what could possibly go wrong when adding anti-virus parsing whatever it can find, see here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1252 - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZaAoTAAoJENuP0xzK19csCqgH/RkDFLyKmIlzqasHgDp61WNE D1r5F9UfjMYYlQCaw8niupdFrdzl13TDfZGvPsZenQ6V1Z+wglPgu5Wu4CRWt7m8 9iJ++xWqLMalEP8bz5tphXT9mpXvdhPWH/xzeABLrD97JnDenL+lNWU5pgmDwev4 WxIzqEjElJb3jp5z2iM4AS+dyFtZKYMrLbupp8Bx7qWRLLwxI3/lWCH5XGwvgNDO 5KSagseX5m9D05RfV4lEetq+kXT+RUxvyIQmOfgPWGmYUPuFk9AoQ7WODdQEgdmp H1AflTbFvS6vQ6iImM4KFodtf7NmgHWJwlNyxiBJpPwZBykUzYPDcymlXNIzxyw= =voU1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170714000227.GH1095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: 'Hypervisor Introspection defeated Eternalblue a priori'
On Friday, July 7, 2017 at 1:20:10 PM UTC-7, Chris Laprise wrote: > > I know Joanna's reservations about VM introspection, but this > Bitdefender introspection example is interesting nonetheless: > > > https://businessinsights.bitdefender.com/hypervisor-introspection-defeated-enternalblue-a-priori > > Im curious about these reservations. is it the attack surface? xen hypervisor introspection looked like a total win to me. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/cd3cb803-62fd-4c37-9982-bc3982807ace%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Fedora 25 template for Qubes 3.2
meant to say please tell me this will be dom0 for qubes 3.2.1 On Thursday, July 13, 2017 at 3:12:55 PM UTC-7, pixel fairy wrote: > > please tell me this will be dom0 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/aabada27-ded7-4f20-973f-40fee93be627%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Fedora 25 template for Qubes 3.2
im curious if itll fix my networking issues and stop the damn core dumps, tempted to reinstall qubes 3.2 and update this template and the 4.9 kernel see if it sorts me out finally On Thu, Jul 13, 2017 at 6:12 PM, pixel fairy wrote: > please tell me this will be dom0 > > -- > You received this message because you are subscribed to the Google Groups > "qubes-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-devel+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-devel@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-devel/636f23ea-c391-4d16-ae85-e60adda0ec8f%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CAKYr3zzUYTq%2Bb72gVKwuetsYAE2EsgVw5HKEx2xuxQNiV7eOQA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Fedora 25 template for Qubes 3.2
please tell me this will be dom0 -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/636f23ea-c391-4d16-ae85-e60adda0ec8f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Fedora 25 template for Qubes 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Jul 13, 2017 at 10:49:53PM +0200, Marek Marczykowski-Górecki wrote: > Hi all, > > We've uploaded Fedora 25 template for Qubes 3.2. It was already possible > to perform in-place upgrade[1], but now we also provide full template. > > You can install it with: > > sudo qubes-dom0-update qubes-template-fedora-25 > > We've tested it internally, but you can help us here too! > This is one of things to be included in Qubes 3.2.1. > > [1] https://www.qubes-os.org/doc/template/fedora/upgrade-24-to-25/ Andrew, what do you think about posting this to qubes-announce in a week or so (unless some major issues are found)? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZZ914AAoJENuP0xzK19csDo8H/20xpr9MpTcrWYCaYF7+eVqi DUCxtwB/ezD00udn5El5iDYfHX8o3D4dd9hpU8QwairNP+Ht1BLbDGfb26KIA57N 1cwlnY2aQabltbidphZWQSqECEGi3ieE3auS4YRDywmseoLq1XuOeMBVaMgaelG1 7rBF17JGSj8qplqoMRY09G2O9hPJCPtGMywHRkrAadA3zR1lcCLwagzZ6HeIvFEe 7h/wGLno/CV3T2AhMgOnEV4ndH83BtW0HMXxyncF6dH62SeoSH0R9pOmfAXr06/w zbaqUk2Xowujx1cxYoa3RsqeZYxZPJ1W+b/88vxhJUdh/irh7bt6KHn3ygoXPvk= =/SbS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170713205207.GG1095%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Fedora 25 template for Qubes 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all, We've uploaded Fedora 25 template for Qubes 3.2. It was already possible to perform in-place upgrade[1], but now we also provide full template. You can install it with: sudo qubes-dom0-update qubes-template-fedora-25 We've tested it internally, but you can help us here too! This is one of things to be included in Qubes 3.2.1. [1] https://www.qubes-os.org/doc/template/fedora/upgrade-24-to-25/ - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJZZ9zyAAoJENuP0xzK19csDkYH/2jvV6GqpE4P8Kq+/nb5DEQl v7LwtckbxRVIc7UTesZt3r9+72Cvy2Eaa2tun5IVmWDG6XbIZK9d6ujdVhb/SYA6 C1f+hgzNFjcqU6GfIeTN678tYDZapMGg3/SB4E2qdSBsRAkHE+Q24zgKqapNtxDO lqyzY3/X2a/Zugz+PeTTbnUgj8UHw3H8RmamAQ7JpU+cXxVII6KtJQtD12coDXTR 8zwZMvo76YI6cnCM8PmK9PUt66AQj5vCiwjdvFl24K5CD04QeudL+YQnpvkvE3tx c+3c388S+IaWOb0je3jT/6RDIFjcsw23X6g9Z3FdLWfChv3pZg8KPczUyz9PHc4= =w3aY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170713204953.GY3828%40mail-itl. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Improvement to Qubes PDF Converter
The Qubes PDF Converter is excellent, but there are two annoying things about the final trusted PDF: the file size can be enormous, and you lose the text layer. For example, I have a 133 page PDF that doesn't contain any images, but has lots of text. The original file is 2.1mb. After I convert it into a trusted PDF, the final trusted PDF is 40.9mb. (And none of the text is searchable.) If I use a tool called shrinkpdf [1], which is just a simple wrapper around ghostscript, I can reduce that filesize to 23.3mb. Since the 40.9mb PDF at this point is already trusted, there's no danger is running it through gs without using another dispvm. I think it would be great if this step (or something similar) were built-in to Qubes PDF Converter, so that all final trusted PDFs are compressed. At some point in the future, it would also be awesome if the final trusted PDF could be fed through something like tesseract-ocr to OCR it and add a text layer back to the PDF. But I think that's a bigger project, and compressing the PDF would be a nice first addition. [1] http://www.alfredklomp.com/programming/shrinkpdf/ -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/e9cde720-7719-a34e-5cb4-e5e89c1a6e62%40micahflee.com. For more options, visit https://groups.google.com/d/optout.