Re: [qubes-users] Why is there no built-in nvidia driver support? aka GTX 980 issues
> > Qubes was working flawlessly on my GTX 670, > > So why did you change anything if things were working? > > > Achim Qubes isn't my main OS and I wanted an upgrade -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/aa021aae-69f9-4d5b-bede-16ac5eb1bb5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-15 14:45, mara.kuens...@gmail.com wrote: > Hi, > > I just installed Qubes OS and I feel its freakin awesome! > > I am trying to set it up the way I want and one thing on my list is having a > dropbox vm that provides simply just the cloud storage... I would like to run > the actual encryption on a different qube because I dont at all trust dropbox. > > How would I setup a qube that runs dropbox and exposes its filesystem > securely to another qube that runs encfs which in turn can then be used to > safely store & view cloud files via qubes OS standard file sharing > capabilities?! > > My idea was to run NFS on dropbox qube and connect to NFS with the encfs > qube, but that's in several unfortunate. > > 1) I don't trust NFS > 2) NFS is unreliable in combination with EncFS > > > I want to get rid of the network connection... > > How would you solve this? > > Thanks a bunch! > Please take a look at this previous discussion on the topic (including some warnings I gave that also apply to your case): https://groups.google.com/d/topic/qubes-users/DkaVGj5pL2I/discussion - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3FtGAAoJENtN07w5UDAwWE0P/3hsgaWqvXTdgnRLwtNSIkVk 0cEAzWrRkFs92QnpsI77jswwbi/7kxXKxef8j67WKnklAVL9zrOvJ9vL4sJ9KspT qdXB5vdHu0tFtytlKmXOqhYxkB8h9YmPknWGTtYtBtUo4GoE1EuR+ycQJQAjBq6R R8no1yP2pBCCBTnKNvvkMQgOezMXKGoTIlr8dnq0S1N+jzUqovtxgzmr6bfPCHpP 9Aq8bTBi7fzGPv9/adZuda10VQ+qCR2ovxetI3XqLUsw6w9Ltm5sCY666AmzosK4 89i41uy77Xvv6cTuvWofIvfjVes6sc0AIEPrhcrc8A/HTeCeQ2sjlTOU/RHx9dUH Y6v0u7hv5RwVLzVVGuBYGtjWfmW95uJKhvphBMCh+NXKAVFTrqPc8QRNGQXBrnE8 IgITBCZhQZ2ZsRC+N1puE54Re/2YJoPpep5DTNGI/X6kt3T1CXRfa4muJ/CqA9Z9 uqC22+enpX32ijhCNW9O1CgrM/+gMxUjpmlYLFDIdYFUDu5Tkyt3cjSQIH9uSG/Z 0I8FPPnz7oBocMmsET2JzOgIe3ZyKs8Fd39/PEpkw4orKDk51MAS9HDoRlPWC2/2 9sP+MUMS+8HItT3VUsA0Qn4l56S7pE5ujpUIZiqdXw9aZ2gGcqp8zDiaJNlh6y2r SHOYZi1/PEwgnykWyM4o =l4tX -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/2c711d90-9423-4342-bacb-0b22c0285929%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-16 10:36, Otto Kratik wrote: > With a Windows 7 HVM, initially upon creation it is a fixed small > window size and shows two mouse pointers chasing each other within > that HVM window. By installing Qubes Windows Tools, both of these > limitations are removed. One single mouse pointer and full screen > resolution are achieved - as well as seamless mode becoming > available. > > My question is, can the same full window size and single mouse > pointer objectives be achieved when using a Linux-based HVM, such as > one in which Ubuntu for example is installed? As far as I know, there > is no equivalent "Qubes Ubuntu Tools" which facilitates this. > > I know of course that regular Fedora/Debian/Whonix type PVM's based > upon templates already do this perfectly, and I use them frequently > for almost everything. I am asking specifically about an HVM for a > special usage case. It doesn't have to be Ubuntu specifically, but it > does have to be a Linux distro capable of running within an HVM under > Qubes R3.1. > > Does any such option exist? > I think you (or someone else) would have to put in the coding work in order to make this work in the desired way. However, a lot of work has already been done on the Archlinux Template (which, I assume, can be run as an HVM if desired, though I haven't tried it myself): https://www.qubes-os.org/doc/templates/archlinux/ Some work has also been done on an Ubuntu template: https://www.qubes-os.org/doc/templates/ubuntu/ There's also a more general workaround for the screen resolution issue (as well as a pointer regarding Qubes agents): https://www.qubes-os.org/doc/linux-hvm-tips/ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3FmBAAoJENtN07w5UDAwUzYP/iitko2uLYmpHkn5TQ+Li1b4 PuZTJvQPgx7WBwXMcBFD9W2/Zznx7AlA21WgDCw3Zr98e2qeg1zOZkjVgrk2yP1X L3O28V2SIGqFos7ii/BcAb3mpmX6IohkQWb+EEoUZs4l9vVwFMisG54P8tPvDBEa uICZVlPHPQnfVTUhUd4wQ6fZn6a0ENUO08prHhF9cMGy02/tx6vz+CC/ZmjwFnau mHByFGczxAXkZlWZLuSUaNpu3kqj5gxufkno/Wo1GWVbVAj6V7oXIelkud6EjL44 RVUwb3jPXP0dFh5eoBZ7SZNckcjAadbHc9r0WhbfPnMH2AFFlZbT4zKQEhqs3RMA 11lK1anzIMTfXeiflTvy1meUyqVWCwVTDY2AU278N4LMkw+Mw7AJfrK2Qdbq7+PA MyNzrjCoBo58wDhOwHwU0Y72qruT4sXkEMQsuI+fvT3sVgih3rBzNnQ+wzk0Iw0X nXJek620iKvWn1CcQjE3j5EyMHzlZ46be+M+mutZVr0JNecaS73un5SblR+eGIf9 RHQXPIQZzEF70+K+1FPC2NQe5Ag8RTVBQKTy/iQ8pgIyeUnogHRHWk19npyJVWHV jRs5hQmJUqkyKpFHBNrhzp+e2e9oP2exlsV6vIGjQ8cg9rYjs1+b5IbXQ8PyeIWw X0qPTT7NTjcSsmXXmnI8 =exLY -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d32f3462-6dec-065f-f66e-6d7746bda319%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2_rc3.iso Corrupt Download?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-16 04:41, amadaus wrote: > I have downloaded Qubes R3.2-rc3 iso and in the course of verifying > signatures received the following output: > [user@rubbish ~]$ gpg -v --verify > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' > gpg: armor header: Version: GnuPG v2 > gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID > 03FA5082 > gpg: using PGP trust model > gpg: Good signature from "Qubes OS Release 3 Signing Key" > gpg: binary signature, digest algorithm SHA256 > [user@rubbish ~]$ gpg --list-sig 03FA5082 > pub 4096R/03FA5082 2014-11-19 > uid Qubes OS Release 3 Signing Key > sig 36879494 2014-11-19 Qubes Master Signing Key > sig 3E2986940 2016-01-04 [User ID not found] > sig 303FA5082 2014-11-19 Qubes OS Release 3 Signing Key > > As you can see signature E2986940 is unknown. I imported this key, it > belongs to "Kabine Diane " > This seems very suspicious. Should I delete the iso and try a fresh > download? > Answered previously here: https://groups.google.com/d/msg/qubes-users/xn08ib7QauA/4s4yfcUgBwAJ - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3FgVAAoJENtN07w5UDAw+68P/jaZow1G0++1jsdUPmw6rk1P kRXmRSP47Z+6vcM2dajmHUbtg2EIwxHzkNsogUjXoT3y7WZKa5xw7/8YNMge9wY8 DF2XaEkkQ/gAOTqdPgHlP70URia3UPZhiaF+Pr8cR9FY4VrI7aK9ee02hNgGB0MM ywhSlO1pTliP9SrkdgVRy/rZA6x6f7Xrdte1s5aA0TdX7kIXpij+ZtYpuMFxbeKa L1ISrsjH2xc0dtB/5sjZnOy98PbDKpo7Lvz6gWclmtaYTgH7C3sPtJDmfHxqmbBd xegVvI03UNidTnDqfZpjRL060t1nA/VSgBguxrukRwW3/kJ2W5TD0arl2qFe+ZZd JqYgI32SoEXjRrilE2nBIEzTsFICfLZDDzeTPdhmwIQ3SKdZWY0/0TBbfeHW5QW0 yyl4lagt2zJ9ZFXLGnN+pUoUA3weGRinfLo7fyzZIEtnHeqdKylnJSIkfbI5UEbS zp3NsRuCfvvn9Dm2oqBySOEFUEOInfy4AtacYdxQIPmgXvx7GZXb4+xsQI4bHNyH f75WOIMlR+ZOPfRd0mHjh/VF5PZPA8a2SfF28zGEFnOpwjzYYPGAU0J5FcozffHJ 3AabXA+k3vrHQxwUbASLzfdu3yCRODdU7s2odWZPi7KoHJScKRTjTSFxXO6Swy0s qxhJLZYYs4X1390BN5yN =y88c -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d9aa18df-166e-1c18-a917-8356037ad4e3%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Bitcoin Qubes tutorial
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-15 17:50, Franz wrote: > On Thu, Sep 15, 2016 at 5:26 AM, Andrew David Wong wrote: > > On 2016-09-14 19:11, Franz wrote: On Wed, Sep 14, 2016 at 8:54 PM, Marek Marczykowski-Górecki < marma...@invisiblethingslab.com> wrote: > On Wed, Sep 14, 2016 at 08:07:35PM -0300, Franz wrote: >> On Thu, Jun 30, 2016 at 12:42 AM, Andrew David Wong >> wrote: >>> On 2016-06-29 09:37, Franz wrote: But how can I trust a printing dispVM for something as sensitive as a hot wallet? We would need two different dispVMs but we are not there yet. >>> >>> Indeed, not yet, but it will be implemented in R4.0: >>> >>> https://groups.google.com/d/topic/qubes-devel/xLZU0R5ijCg/discussion >>> https://github.com/QubesOS/qubes-issues/issues/866 >>> https://github.com/QubesOS/qubes-issues/issues/2075 >>> >> >> Andrew, >> After various tests I am getting a bit more confidence about bitcoins. > So I >> prepared the promised tutorial. I tried to go to Qubes documentation to > see >> if there is any way to upload it, but found no reference. So I post it >> here. Perhaps you know what to do. > > > Thank you for taking the time to write this, Franz. However, we > already have a page on using Split Bitcoin wallets (using > Electrum) here: > > https://www.qubes-os.org/doc/split-bitcoin/ > > Nonetheless, it looks like your guide has some additional > information that is missing from the current page. Please > consider submitting a pull request against this page with your > additions. > > >> Andrew >> Additions? Well I used a somehow different way, because i sign the >> transactions on both the hot and the cold VM. So the hot VM is not for >> "watching" it is for doing exactly all what does the non-connected one >> (including signing) and obviously for doing the real job of generating >> addresses for receiving and sending bitcoins to other addresses. It is what >> is called multi-signature. > >> Is it worth to sign the transaction two times, once for each VM? I do not >> know, but it is not so much additional work because in both cases you >> always have to copy a file forward and back between VMs. > >> But the two ways are somehow alternative. I see no point to mix them in the >> tutorial just to increase confusion to a matter that is already a bit >> complicated. > >> The final part of editing the firewall rules of hot VM to limit connection >> to Electrum servers may be worth to protect the keys in hot VM, but may >> have less sense if there are no keys to protect in hot VM. > >> So did nothing, but am obviously open to suggestions. >> Best >> Fran > Ok, I understand. Thanks for explaining, Fran. > > You can see the documentation guidelines including > a step-by-step how-to) here: > > https://www.qubes-os.org/doc/doc-guidelines/ > - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3FdMAAoJENtN07w5UDAwBxoP/11xlq+k73ECJ1HYB4otxrfa e8rlWTUrs1gbnzwJxMGKwhyRsF++oivCFmjCwFqNfL8moVQS72yIgy4rwSdmQ9gm iJNWTf+bqrYIs/yxBg3U55gdzrdiJ8CW1djnoOPqwCnCivvogmobkN4POX3vGluY LR9ni2QqzqALXU6lpfM65hllfWlxeSQQNYlE749RKxj/Yk23tE3VqWT+q7D4/K4X djymr/5ksmdHwPVrIz/Xr80XT9yo2C94+qAsE8Q5vRwD/4ik9h/jSP9byvU2cv7n OTmN0Eqsc03XHIAwbs/7Il5Lf0g7qXu0Ycb0nkwCegUhXtQFnD6kHQV9CRR8qznf wwn4sp8qPw8aufhH4BeM7GI3V71hhT3PJCI7b4+MJwJEU70vo9U0+Saos75jOYF+ szeHloKfn/k7ZcSX/q61qcuJIE4Q0u0yhb/ellohYe8WAZ+ZPoUyHmnmJpmzL0jp 52knik1Ivq3yH1raHYV5jPzA0kqfwNlD7oO54yG/F/f9QGh7cdjerY/p7uJfFUwu 3Oy2wNiIVnNHMxgkTiGQbXn8vn4zAuBHjWr4OBpw5HvqZti+1ywJBQkpoLXj89Ri GMzXQV3YhNhroe+ma77WqymJMLdw3SNE5aSoF3zvikN/Z3jJuHkd8P/QJ20DWtdG xuu01Q0m2mvlOmwZQI0f =viO+ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3ca4ade2-277b-688d-426f-4abddd802003%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Spoof MAC address
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-14 09:30, katerim...@sigaint.org wrote: > Hello > Little issue > After running: > cd /var/run/qubes-service/ > sudo touch macspoof-enp0s0 > sudo touch macspoof-wlp0s1 > > I see the files, but when I shutdown the VM and restart there aren't more. > MAC address spoof anyway. Is it normal? > > Than you > Those files have to be created in the TemplateVM if you want them to persist across reboots. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX3Fa+AAoJENtN07w5UDAws6EP/AhPMOJ+eYHz7/6nNSjuG9Og dzlU+v+/HsWCk8mzTXrQlbS5KbFaSog6CBW45opKC5cyuJJgTfdEhhq5SmUhGPN8 Luo1IGmHy1XgMI8bmdCUy1OlYtRe3CNdBNrIESOFnIf5LxOsyAv38NGkDnfGwBax BZaec7ptX2jXxwRMdULw24sow+c10TznjrcP6hKyRKr7/dvJbwOCpfxMkQbEX327 Ie1TSvBIzP+PESokux5Ocr3qt1gU2/4TUBdPdCeJLXPT5U9f+/C3PkHHXMB+WCI7 GSbXVHvOFm0QWrL8tkhLE8PrC6iNWsuxHicxJWH642Id+xk9XEhcTP4tNetVj/ZJ VWS/SFR/EtT2rpK3Aluq+AQ6yyKpCS9V31vMTo4Jb9+MxwTYQXc1nli1o6Cny72g CouFvmARUek+H0NRx+XVCLKJB8D9A0LcK6mL5IAxufx7Ycmuq9THp/DWCgXw2on9 8aD4cdzDFSOFEzaQukkpcc0IW/GO4TxUwp46V0nP9YBtmgFmOfv6uPimF2Cb/MYP iivIWdPIu5JQYW9F4zMh3elAegVKUHGA2mUOCBlRKl2Ump348EH4bIx+Cj7V8olV U7KTfR7w8DVygaSOeyH0dfipF3ZMN9TEWR6pU96POL+Ewdp3Hp87CeM9Eg/Tr9SB k6vNw0YjKzSefKTeEh+j =pGt/ -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ec12baa0-7150-3769-c49f-f4372f3a566e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why is there no built-in nvidia driver support? aka GTX 980 issues
> Am 16.09.2016 um 09:09 schrieb almightyl...@gmail.com: > > Qubes was working flawlessly on my GTX 670, So why did you change anything if things were working? Achim -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5A1D98D1-7318-42F5-933E-31BFE3A2E6B5%40noses.com. For more options, visit https://groups.google.com/d/optout.
Re: Re: [qubes-users] how to get appVM colour for customizing bash prompt's colours
> On 09/16/2016 01:18 PM, Robert wrote: > > Hi! > > > > I wonder if there is a command-line way to get the name (or any > > other id) of appVM's colour, used for window borders and such, from > > within the same appVM (not dom0)? It could be useful for > > customizing bash prompt's colours. > > > > I guess, I'd not be surprised if the answer was no due to security > > reasons. > > > > Best regards, Robert > > > > > I'm not sure if there is an official way, but I have written an RPC do > to this. https://github.com/kulinacs/qubes-rpc-GetLabel > I have the command run in /rw/config/rc.local and have it set to auto > allow. > > - -- > kulinacs Thanks, I'll try it out! -- Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57dc441332b024.18352490%40wp.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] how to get appVM colour for customizing bash prompt's colours
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/16/2016 01:18 PM, Robert wrote: > Hi! > > I wonder if there is a command-line way to get the name (or any > other id) of appVM's colour, used for window borders and such, from > within the same appVM (not dom0)? It could be useful for > customizing bash prompt's colours. > > I guess, I'd not be surprised if the answer was no due to security > reasons. > > Best regards, Robert > > I'm not sure if there is an official way, but I have written an RPC do to this. https://github.com/kulinacs/qubes-rpc-GetLabel I have the command run in /rw/config/rc.local and have it set to auto allow. - -- kulinacs -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EARYIAAYFAlfcPmYACgkQW1Q2Vuxs8jNwvQEA8omVIHS0V1D6YGSzlJLSJ4IJ Qm82iOXMt1V86mc8sG0BAMlW2529AVT5Ia1n4Sm0dYg8J/4TkK3fF+P6TpnCYi4E =5WrB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e56cc595-049a-7dc6-b4c4-31f74d025683%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
Am Freitag, 16. September 2016 20:11:48 UTC+2 schrieb Chris Laprise: > On 09/16/2016 09:58 AM, mara.kuens...@gmail.com wrote: > > Am Freitag, 16. September 2016 09:52:40 UTC+2 schrieb Drew White: > >> If they can get access, whether encrypted or not, it means it's insecure. > >> > >> Encryption just takes time to break. > >> > >> If you have encrypted files, encrypted with a STRONG password THEN a 2048 > >> bit cypher, THEN it will probably take about 6 months to decypher it and > >> get the data out. > > I think you need to educate yourself a bit on the topic of encryption. > > Encryption is secure if you use it correctly. Too secure actually, it's > > much more straightforward to simply torture the information out of > > someone... > > > > And unless there is a backdoor in AES-256 (which why ideally you would > > always use a combination of several ciphers), it is technically and > > theoretically unbreakable if you used a 256-bit random key. It's much more > > likely that someone will social engineer his way to the data. Matters are > > entirely different with current public key algorithms, which may very well > > be broken via quantum computers, so I wouldn't bet my money on that > > horse... On the other hand those are not the algorithms you use for backup > > anyway. > > Ssh may add some security against things like MITM attacks, but you have > to trust who you're connecting to as well. From a Qubes standpoint it > matters because the non-crypto parts add a bit more complexity, and > adding rsync adds substantially more. SSHFS is probably more complex and > attackable than both of those together. That, along with TCP/IP itself, > is attack surface. > > The way you're describing it makes it seem like any successful attack on > one of those components in the dropbox vm could be repeated against the > encfs vm. I think most Qubes users would consider that too risky for > handling sensitive info, or interfacing with highly trusted vms. It also > means you need to keep extra copies on your drive. > > What I described involves no extra copies, and if the dropbox vm becomes > compromised then there is very little it can do to attack your other vms > that are using the data. Ssh between the dropbox vm and dropbox is still > a good idea in this case, and you might even want to use SSHFS or > whatever else would allow you to map disk images in that vm. The dropbox > vm could be considered 'red' and your client vms (which encrypt and use > the data as mounted disk image) could be 'blue' or whatever. I think > this is worth a try because its more secure and probably less complex > than what you're suggesting. > > Of course, with Qubes its up to the user to weigh the risks and make the > decicions. Good luck... > > Chris I don't disagree with you... But your approach has several usability downsides. Although I am reconsidering this, since in the end I might be able to live with a "once per hour" dropbox sync which would open many doors for options like the ones you described. Thanks :) I will think about it and try it out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e7d495ec-116c-4079-bc54-2266d7c4f286%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] how to get appVM colour for customizing bash prompt's colours
Hi! I wonder if there is a command-line way to get the name (or any other id) of appVM's colour, used for window borders and such, from within the same appVM (not dom0)? It could be useful for customizing bash prompt's colours. I guess, I'd not be surprised if the answer was no due to security reasons. Best regards, Robert -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/57dc377e1f4c29.24506655%40wp.pl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
On 09/16/2016 09:58 AM, mara.kuens...@gmail.com wrote: Am Freitag, 16. September 2016 09:52:40 UTC+2 schrieb Drew White: If they can get access, whether encrypted or not, it means it's insecure. Encryption just takes time to break. If you have encrypted files, encrypted with a STRONG password THEN a 2048 bit cypher, THEN it will probably take about 6 months to decypher it and get the data out. I think you need to educate yourself a bit on the topic of encryption. Encryption is secure if you use it correctly. Too secure actually, it's much more straightforward to simply torture the information out of someone... And unless there is a backdoor in AES-256 (which why ideally you would always use a combination of several ciphers), it is technically and theoretically unbreakable if you used a 256-bit random key. It's much more likely that someone will social engineer his way to the data. Matters are entirely different with current public key algorithms, which may very well be broken via quantum computers, so I wouldn't bet my money on that horse... On the other hand those are not the algorithms you use for backup anyway. Ssh may add some security against things like MITM attacks, but you have to trust who you're connecting to as well. From a Qubes standpoint it matters because the non-crypto parts add a bit more complexity, and adding rsync adds substantially more. SSHFS is probably more complex and attackable than both of those together. That, along with TCP/IP itself, is attack surface. The way you're describing it makes it seem like any successful attack on one of those components in the dropbox vm could be repeated against the encfs vm. I think most Qubes users would consider that too risky for handling sensitive info, or interfacing with highly trusted vms. It also means you need to keep extra copies on your drive. What I described involves no extra copies, and if the dropbox vm becomes compromised then there is very little it can do to attack your other vms that are using the data. Ssh between the dropbox vm and dropbox is still a good idea in this case, and you might even want to use SSHFS or whatever else would allow you to map disk images in that vm. The dropbox vm could be considered 'red' and your client vms (which encrypt and use the data as mounted disk image) could be 'blue' or whatever. I think this is worth a try because its more secure and probably less complex than what you're suggesting. Of course, with Qubes its up to the user to weigh the risks and make the decicions. Good luck... Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f14d6dd0-3067-ebd9-0a30-877d3fea2ed6%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems attampting to test/install on a Lenovo 11e Yoga - 3.2 rc3
> > Looks like either the iso or the boot media is bad. > > Did you verify the iso with gpg? And is the DVD or USB stick big enough > (should be at least 7GB)? > > Chris Thanks for responding, Chris. I verified the ISO with gpg, cross-referencing the signatures from various reliable sources. Also, I'm using a 32GB USB. I've actually tried this on multiple USBs, on both 2.0 and 3.0 jacks. No luck with any of it. Other operating systems install just fine off the same USBs. One thing I forgot to ask is whether I might need to connect my computer to an external CD/DVD drive. Seems unusuall since many laptops don't have those these days, but the error message makes me think it might be an option. If anyone has heard of this, please let me know. Likewise, if this doesn't make sense, let me know too. Please ask any other questions that might help. Thanks again, Mike -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a63af043-6b58-4606-abf3-d07914a11e71%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Problems attampting to test/install on a Lenovo 11e Yoga - 3.2 rc3
On 09/16/2016 01:33 PM, Mike Schowalter wrote: I've had a heck of a time trying to get an installtion going on a little Lenovo 11e Yoga. I know it doesn't have vt-d, but I want to install it to at least get comfortable with Qubes. Release candidate 3 of 3.2 has actually been more promising than my attempts on 3.1 (which just gave me kernel errors). With 3.2 rc3, I receive a four penguins page (image attached) and what looks like two errrors. One states, "FATAL: CD check failed!" The other states, "Failed to start Media check on /dev/sdb." There is more info on the attached picture I took. If anyone has any ideas, please let me know. I've tried many of the various tricks on the troubleshooting page at https://www.qubes-os.org/doc/#troubleshooting, but to no avail. Many thanks! Mike Looks like either the iso or the boot media is bad. Did you verify the iso with gpg? And is the DVD or USB stick big enough (should be at least 7GB)? Chris -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cfc16fd2-88a0-55f8-2742-b25e5b3343f1%40openmailbox.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Fullscreen mode and/or single mouse pointer with Linux HVM?
With a Windows 7 HVM, initially upon creation it is a fixed small window size and shows two mouse pointers chasing each other within that HVM window. By installing Qubes Windows Tools, both of these limitations are removed. One single mouse pointer and full screen resolution are achieved - as well as seamless mode becoming available. My question is, can the same full window size and single mouse pointer objectives be achieved when using a Linux-based HVM, such as one in which Ubuntu for example is installed? As far as I know, there is no equivalent "Qubes Ubuntu Tools" which facilitates this. I know of course that regular Fedora/Debian/Whonix type PVM's based upon templates already do this perfectly, and I use them frequently for almost everything. I am asking specifically about an HVM for a special usage case. It doesn't have to be Ubuntu specifically, but it does have to be a Linux distro capable of running within an HVM under Qubes R3.1. Does any such option exist? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9555d756-45c6-4d07-8ea8-6d952e4a930b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] /dev/root does not exist trying to run installation on MacBookPro8,2 with both Qubes R3.1 and R3.2
Dear all, When I'm trying to boot Qubes on my MacBookPro8,2 from ca 2011 using the steps 1. put qubes on USB-stick using dd if=Downloads/Qubes-R3.1-x86_64/Qubes-R3.1-x86_64.iso of=/dev/disk2 bs=100m 2. reboot 3. in the previously installed refind choose either xen.efi or the penguin if I boot using xen.efi the graphics will be distorted beyond comprehension, possibly incorrect screen width / offset, maybe I see an extremely flat skewed penguin if I boot using the vmlinuz option I get the errors dracut: Scanning for all btrfs devices dracut Warning: /dev/root does not exist I re-ran with the rd.debug option, dropped into a shell and saved the rdsosreport.txt for R3.1 (found at https://github.com/QubesOS/qubes-issues/files/465676/rdsosreport-2.txt ) I also tried with the current R3.2 and get the same error, see attached rdsosreport.txt. [ 198.509872] localhost dracut-initqueue[527]: Warning: Could not boot. [ 198.510379] localhost dracut-initqueue[527]: Warning: /dev/root does not exist Is there anything I can do, is it possible to install Qubes in another way, by hand even? Thankful for your time, Tobias -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ab892d17-2267-c368-87fa-7440627612ee%400x63.nu. For more options, visit https://groups.google.com/d/optout.
[qubes-users] HCL - MSI-MS-7917
Hello, Been playing around with Qubes and lovin it so far. Windows 10 VM didn't play nice with my gpu settings but I'm still working on that. Keep up the good work! Sent from [ProtonMail](https://protonmail.com), Swiss-based encrypted email. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/awKE859ZionvG-EWWpKGSuCZf1-MdE1oakt9vNUc_jJ_Wlw-Cux0n-ULmBPua5lq10k44m6oJm0HYizTRmrvgwMQrsTe_-q3C5wFdyws-Vw%3D%40protonmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-MSI-MS_7917-20160916-093919.yml Description: application/yaml Qubes-HCL-MSI-MS_7917-20160916-093919.cpio.gz Description: application/gzip
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
Am Freitag, 16. September 2016 09:27:26 UTC+2 schrieb Raphael Susewind: > IMHO the safest option is indeed to use a split-dm kind of approach, as > suggested before: create a loopback file in the dropbox VM, expose this > via qvm-block to your working VM where you then do all the encryption > (using standard LUKS) and can either mount the thing right there or - > for extra security - expose to yet another VM, again using qvm-block: > > dropbox VM: loopback file -> /dev/loop0 -> exposed with qvm-block to > crypto VM: /dev/xvdX -> dm-crypt -> /dev/mapper/plain -> exposed to > work VM: /dev/xvdX -> mounted somewhere and used as usual... > > The only caveat is how Dropbox behaves if you have a file in it that > serves as backdrop for a loopback device - any thoughts on this? > > Raphael I dont have any references at hand, but back then when I decided to go with EncFS, I also looked at the block-device method. IIRC, Dropbox theoretically does handle giant files very well (actually it's pretty irrelevant what you store), but there were problems with syncing obviously (try accessing this device on multiple machines) and also with write-through and general integrity. It just had a lot of quirky corner cases and while EncFS + Dropbox isn't perfect for syncing either, it has worked flawlessly for over two years now (with daily use)... So for me, EncFS seems the way to go, unless you unmount the file system and flush it before activating dropbox but that is kinda unstable from a human error perspective... -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5be67da3-dc2f-49ae-be29-14263c81a1cb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
Am Freitag, 16. September 2016 09:52:40 UTC+2 schrieb Drew White: > If they can get access, whether encrypted or not, it means it's insecure. > > Encryption just takes time to break. > > If you have encrypted files, encrypted with a STRONG password THEN a 2048 bit > cypher, THEN it will probably take about 6 months to decypher it and get the > data out. I think you need to educate yourself a bit on the topic of encryption. Encryption is secure if you use it correctly. Too secure actually, it's much more straightforward to simply torture the information out of someone... And unless there is a backdoor in AES-256 (which why ideally you would always use a combination of several ciphers), it is technically and theoretically unbreakable if you used a 256-bit random key. It's much more likely that someone will social engineer his way to the data. Matters are entirely different with current public key algorithms, which may very well be broken via quantum computers, so I wouldn't bet my money on that horse... On the other hand those are not the algorithms you use for backup anyway. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/43d896a3-aee4-40ef-ae98-fff3e522c798%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Usb device
On Fri, Sep 16, 2016 at 6:38 AM, wrote: > > On Friday, 16 September 2016 06:53:25 UTC+10, kater...@sigaint.org > wrote: > >> > On Tuesday, September 13, 2016 at 12:48:50 PM UTC+2, > >> kater...@sigaint.org > >> > wrote: > >> >> Hello > >> >> I haven't understood yet how open an usb device in Qubes (or in VM > >> that > >> >> I > >> >> choose). > >> >> Can someone explain me how do I do? > >> >> > >> >> Thank you > >> > > >> > See here for the how-to, at the bottom for 3.2: -> > >> > https://www.qubes-os.org/doc/usb/ > >> > >> I have the 3.1, is it the same? > > > > What do you mean by "open up a usb device"? > > Are you trying to connect via RAW data connection? > > Are you trying to connect via Telnet or SSH or something? > > Are you attempting to open a USB Data Device? > > Are you attempting to connect to a USB NIC/Modem? > > > > Please provide details. > > > > I have no issues connecting to anything like this on Qubes 2, 3, 3.0, > 3.1, > > 3.2RC1. > > > > I may be able to help once I know details. > > Hello > Ok, I have attached my usb pen to a VM, that means that on Qubes manager you followed the "attach/detach block device" item? > now if I want to copy some file on > this pen, where I find the device? (Usually other OS open automatically > it) > If you reply yes to the previous question, then you should open Nautilus in the VM to which your device is attached. Nautilus will show a triangle next to the name of your device. Clicking on than name you open it. Best Fran > Thank you > > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To post to this group, send email to qubes-users@googlegroups.com. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/qubes-users/b421e84271092b44ebc53dbbc7ee0f5c.webmail%40localhost. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAPzH-qAXFFdpP%3DEki0ivvrgrfqFzh5bwVsNhk4v809Of7Cy%2BgA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.2_rc3.iso Corrupt Download?
On Fri, Sep 16, 2016 at 11:41:30AM +, amadaus wrote: > I have downloaded Qubes R3.2-rc3 iso and in the course of verifying > signatures received the following output: > [user@rubbish ~]$ gpg -v --verify > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' > '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' > gpg: armor header: Version: GnuPG v2 > gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID > 03FA5082 > gpg: using PGP trust model > gpg: Good signature from "Qubes OS Release 3 Signing Key" > gpg: binary signature, digest algorithm SHA256 > [user@rubbish ~]$ gpg --list-sig 03FA5082 > pub 4096R/03FA5082 2014-11-19 > uid Qubes OS Release 3 Signing Key > sig 36879494 2014-11-19 Qubes Master Signing Key > sig 3E2986940 2016-01-04 [User ID not found] > sig 303FA5082 2014-11-19 Qubes OS Release 3 Signing Key > > As you can see signature E2986940 is unknown. I imported this key, it > belongs to "Kabine Diane " > This seems very suspicious. Should I delete the iso and try a fresh > download? Anyone can sign anyone's key and upload it to the keyservers. A presence of an unknown signature on a key doesn't invalidate it in any way. As long as there is a signature you do trust (DDFA1A3E36879494), the key is valid. Regards, -- Konstantin Ryabitsev Linux Foundation Collab Projects Montréal, Québec -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160916121846.GA2126%40gmail.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: PGP signature
[qubes-users] R3.2_rc3.iso Corrupt Download?
I have downloaded Qubes R3.2-rc3 iso and in the course of verifying signatures received the following output: [user@rubbish ~]$ gpg -v --verify '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso.asc' '/home/user/Downloads/Qubes-R3.2-rc3-x86_64.iso' gpg: armor header: Version: GnuPG v2 gpg: Signature made Wed 31 Aug 2016 01:08:18 PM BST using RSA key ID 03FA5082 gpg: using PGP trust model gpg: Good signature from "Qubes OS Release 3 Signing Key" gpg: binary signature, digest algorithm SHA256 [user@rubbish ~]$ gpg --list-sig 03FA5082 pub 4096R/03FA5082 2014-11-19 uid Qubes OS Release 3 Signing Key sig 36879494 2014-11-19 Qubes Master Signing Key sig 3E2986940 2016-01-04 [User ID not found] sig 303FA5082 2014-11-19 Qubes OS Release 3 Signing Key As you can see signature E2986940 is unknown. I imported this key, it belongs to "Kabine Diane " This seems very suspicious. Should I delete the iso and try a fresh download? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nrglpa%24btn%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Usb device
> On Friday, 16 September 2016 06:53:25 UTC+10, kater...@sigaint.org wrote: >> > On Tuesday, September 13, 2016 at 12:48:50 PM UTC+2, >> kater...@sigaint.org >> > wrote: >> >> Hello >> >> I haven't understood yet how open an usb device in Qubes (or in VM >> that >> >> I >> >> choose). >> >> Can someone explain me how do I do? >> >> >> >> Thank you >> > >> > See here for the how-to, at the bottom for 3.2: -> >> > https://www.qubes-os.org/doc/usb/ >> >> I have the 3.1, is it the same? > > What do you mean by "open up a usb device"? > Are you trying to connect via RAW data connection? > Are you trying to connect via Telnet or SSH or something? > Are you attempting to open a USB Data Device? > Are you attempting to connect to a USB NIC/Modem? > > Please provide details. > > I have no issues connecting to anything like this on Qubes 2, 3, 3.0, 3.1, > 3.2RC1. > > I may be able to help once I know details. Hello Ok, I have attached my usb pen to a VM, now if I want to copy some file on this pen, where I find the device? (Usually other OS open automatically it) Thank you -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b421e84271092b44ebc53dbbc7ee0f5c.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
Re: Negative test result for fedora 24... Was: Re: Request for test: Re: [qubes-users] Fedora 24?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Sep 15, 2016 at 09:41:37PM -0700, J. Eppler wrote: > Is it a good idea to spend time on fedora 24? Fedora 25 should be released in > November/December and will use Wayland per default. Would it not be better to > skip Fedora 24 and focus on resources and efforts on Fedora 25? Most likely problems found on F24 will also affect F25, so those will need to be fixed anyway. On the other hand, since it mostly works, it isn't much effort. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX2684AAoJENuP0xzK19csEGYH/1mZK2nJH7bU9WwVP8pHFNJL yT3VApyDAC/h4p9WVCS/3Jaj0ZTkNsPUzXLh85Ico5L++rz7Cg0HxhjnNSkh7gSK cQOWbVq4Eeo4iRybCgkR7d1oKG+ar4mkvyXzE4psWFDb95WV3m/zZsNFgw4YhM9/ IN5ZbsOSE6DVF32lOh9Qbv2MkhSeyi7eI8KB1DIWoqEJUt+5CA3pXDVRsPvbIxIe w3uTZWnPn3tA4aZCEh2/dnkULiVpZTM+iHNgUKQHpr0WRMtXPj1oAxx9O1SaZr7m 9pB6RfGGFZDZ0uEHeJfrei3hd0LHU4OXx5+CAsGmhIBIDxKw6D4FS2r59AORnh0= =meEW -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160916083712.GT31510%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] VGPU output access
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Sep 15, 2016 at 08:27:05PM -0700, Drew White wrote: > Hi folks, > > I'm trying to access the VGPU output for a guest, and wondering where I would > go to find out how to access it, or what file I had to read, or what data > stream I had to access? > > Any information that would allow me to gain access to it would be grateful. PV domains on Qubes OS do not have VGPU at all. For HVM, it is what you see in a window of that domain. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX266TAAoJENuP0xzK19cseuwH/1MYXHQaFoA4B9fbYd6Tgeuu yo7+ySWPEQ9n/tcv2adBm7dBJkPh4s+Z6NP3eHDVX6Chy9byCbni9Falb97LZuDX /wvLSqeQnz9x3EDP241OeoyM98Z/41ogD2zgCn4Iq6cybaiYIFyz6DCNBfpggCgo f8euwNtriFPjmGA1cfiyX93oV3drPkWIS0jchmhzx/2k2pGF5gkjELBeTVvrV8Tx laZccsBfJLLiK/oRNPdxUa6e5NkUZVXgZYe6GOxmWrMfa6SrkQjo7HEeATOfflzk Uu60GGIBDJ5GthboYUCDS+Y7gjcaJ8gd93AMXR5YahirkLdZVytDWDnjxN7O0Cw= =gFUH -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160916083427.GS31510%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
If they can get access, whether encrypted or not, it means it's insecure. Encryption just takes time to break. If you have encrypted files, encrypted with a STRONG password THEN a 2048 bit cypher, THEN it will probably take about 6 months to decypher it and get the data out. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/15c15e19-9fe8-4614-b4da-f6c68b7512a2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
On Friday, 16 September 2016 16:37:47 UTC+10, mara.k...@gmail.com wrote: > @Chris > > Thanks I will think about this block-level approach. > > @Drew > > I don't agree... Storing encrypted files on dropbox IS secure in the sense > that nobody in the world will be able to decrypt them (as long as the > encryption step is not exposed to the dropbox process, which might be > compromised). Of course dropbox can delete all your files instantly, but that > is another matter. I use dropbox as cloud backup and if they delete > everything it doesn't really matter, unless I lose all my own backups at the > same time. If they can get access, whether encrypted or not, it means it's insecure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6f70c8ce-0b8c-48ed-9375-6f64e80c414c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
IMHO the safest option is indeed to use a split-dm kind of approach, as suggested before: create a loopback file in the dropbox VM, expose this via qvm-block to your working VM where you then do all the encryption (using standard LUKS) and can either mount the thing right there or - for extra security - expose to yet another VM, again using qvm-block: dropbox VM: loopback file -> /dev/loop0 -> exposed with qvm-block to crypto VM: /dev/xvdX -> dm-crypt -> /dev/mapper/plain -> exposed to work VM: /dev/xvdX -> mounted somewhere and used as usual... The only caveat is how Dropbox behaves if you have a file in it that serves as backdrop for a loopback device - any thoughts on this? Raphael -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f9994a6d-2c0f-0a7f-eb8a-3a2da837f49a%40raphael-susewind.de. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
PS: SSH alone is of course not very ideal, because this could mean I am running rsync of the dropbox qube. Instead I could use SSHFS to mount the dropbox qube's folder in encfs and then use the rsync of the encfs qube to sync the files via SSHFS. This is like super indirect, but probably safer?! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6cd48d49-5ce5-49ee-9fae-66ed81290cc8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Encfs + Dropbox: How to keep your cloud files secure?!
> > Hi, > > > > I just installed Qubes OS and I feel its freakin awesome! > > > > I am trying to set it up the way I want and one thing on my list is having > > a dropbox vm that provides simply just the cloud storage... I would like to > > run the actual encryption on a different qube because I dont at all trust > > dropbox. > > > > How would I setup a qube that runs dropbox and exposes its filesystem > > securely to another qube that runs encfs which in turn can then be used to > > safely store & view cloud files via qubes OS standard file sharing > > capabilities?! > > > > My idea was to run NFS on dropbox qube and connect to NFS with the encfs > > qube, but that's in several unfortunate. > > > > 1) I don't trust NFS > > 2) NFS is unreliable in combination with EncFS > > > > > > I want to get rid of the network connection... > > > > How would you solve this? > > > > Thanks a bunch! > > > > The operative word here is 'expose'... There is probably no secure way > to share something as complex as a filesystem, which is why Qubes has no > built-in file sharing capabilities. > > You could use qvm-copy-to-vm or the equivalent in the context menu of > the file browser... but that copies whole files between vms. > > You could also create one disk image per vm on dropbox, and somehow set > them up as loopback devices in the dropbox vm. This allows you to > 'share' data to client vms as disk blocks using qvm-block, which is far > less risky than sharing filesystems. You would also have to encrypt the > disk images in each client vm to make this truly secure. > > Chris What do you think about this: Encfs-Qube contains plaintext & encrypted files and has a cron job that runs like every hour. This job will SSH into dropbox-qube and run Rsync to project all the changes onto the dropbox-qube (but ignores all the changes inside dropbox, which would also be nice in case dropbox deletes everything or modifies encrypted files etc.) Dropbox-Qube just contains the public SSH key and see only encrypted files... Is SSH + Rsync reasonably safe? Or do I have to assume an attacker could easily break into the encfs domain once he compromises dropbox? Remember that Rsync will not promote any changes in the dropbox domain back to the encfs domain... It will discard all the changes inside dropbox instead. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6b1267b3-9295-4104-9d73-89e3b072667c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Why is there no built-in nvidia driver support? aka GTX 980 issues
Qubes was working flawlessly on my GTX 670, recently upgraded to a GTX 1070 and now I can't even load the installer -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ece01772-290a-4b3f-8d96-0f6323f9069c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.