Re: [qubes-users] Multiple monitors for laptops with a single HDMI port?

2019-03-12 Thread '1900' via qubes-users 


tai...@gmx.com:
> I would suggest to purchase a new laptop, one can be had for around $100
> that has multiple ports on the laptop plus more ports on the dock and
> the option of an eGPU via the ExpressCard slot which has a variety of
> uses such as more screens or running a VM for video games with the
> graphics card attached to it via IOMMU-GFX which can play new games if
> you have the quad core ivy bridge CPU. 

Did you or someone else in the ML try to use a eGPU on Thinkpad X2** ?

I would appreciate some deepening and guidance on the hardware to
purchase (including a decent graphic card supporting 3 (or more)
monitors mostly used in 2D and never in gaming (maybe some 3D rendering
for 3D printing in the future)

> 
> For this use case I recommend a W520 for a mobile workstation with an
> upgrade to 32GB RAM, a new better wifi card and the best quad core ivy
> bridge CPU - it supports coreboot with open source hardware initiation
> (vs 100% blobbed closed source on puri-craptops) and a nerfable ME.

I suppose that puri-craptops is a "hint" to puri.sm hardware. I have no
intention to purchase a puri.sm laptop right now but I'm tempted by
their phone and I don't exclude to evaluate one of their laptop too in
the far future.
I see that you refer to 100% blobbed closed source and I don't
understand clearly what you mean. Could you please clarify or point me
to something to read?

Thank you

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c27d600a-d93d-662a-b9c8-0c4b2e5a77d6%40elude.in.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: off topic - invite codes to 'riseup'

2019-03-11 Thread '1900' via qubes-users 



Mr. DONG:
> Please can someone also send one to me!
> 
> Very, very appreciated!!
> 
> 
> Thank you a million!
> 

I don't have any but you might want to look at elude.in (you need Tor
Browser to access the real website). They offer an interesting email
service (for free) which is accessible from darknet and (almost
entirely) from clearnet as well.

Disclaimer:

* I'm not involved with elude.in
* I don't know if the service can really be trusted for sensitive
correspondence
* It's not the most reliable service: I've experienced downs

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/400d2708-2470-bbba-77a6-0fb9622d655c%40elude.in.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] R.I.S.K.S. - Relatively Insecure System for Keys and Secrets (for Qubes OS)

2019-03-09 Thread '1900' via qubes-users 
[I hope this message won't get lost or misplaced. This is why I keep
good part of the original message in my reply. I've recovered the
message from the Google archive and some headers have been changed for
sure, hopefully just the sender.]

qube...@tutanota.com:
> 
> 
> 
> Jan 25, 2019, 1:43 PM by 19hun...@tutanota.com:
> 
>>
>> I just published R.I.S.K.S. (> https://19hundreds.github.io/risks-workflow 
>> > ). The source repo is > 
>> https://github.com/19hundreds/risks-workflow 
>> >  .
>>
>>
>> I've been searching for a viable system for managing my own secrets since a 
>> while and I'm still on it.
>>
>>
>> Inspired by Snowden's experience with journalists, projects like Enough (> 
>> https://enough.community/ > ) and determined to 
>> contribute the way I can against digital abuses (monitoring, tapping etc.) I 
>> decided to sum up what I know in a step-by-step guide providing a reasonable 
>> setup (hopefully) for defending user's secrets.
>>
>>
>> I don't know if many feel the need for such a guide but I crafted it in the 
>> hope to be helpful to the vast majority of the audience.
>>
>>

I apologize for the delay.

> 
> It is really interesting collection. 

thank you

Did you consider to:
>
> - use the Hidden Volume function like provided in the Vera Crypt? Today in 
> the US and GB, and more, you can be forced to unlock any encrypted partition 
> under the threat to be locked up indefinitely. Plausible deniability of 
> Hidden Volumes can help here. These risks are today very real.

I did not consider Vera Crypt because I never used it. I wanted to
provide a solid guide so I mostly used software that I know quite well.

Plausible deniability is definitely important and RISKS does no do
enough yet about it imo.

I quickly looked up Vera Crypt manual: as far as I can see, the hidden
partition can be spotted by any attacker rather easily. I didn't study
it enough to judge or discard it.

Lately I've been thinking of an alternative solution, tell me what you
think about this. LUKS keys are small enough to be broken in few
fragments (2 to 5) and each of them could be and hidden with
steganography in one picture (chosen by the user). The pictures could be
stored on any media on an unencrypted filesystem or even (partially or
entirely) in the cloud. A script could perform the retrieve and gluing
of the fragments.

In this scenario the smartcard in mo more a necessity.

There is still the problem of hiding the laptop and the fact that it's
running Qubes but, at least, the user can travel without an encrypted
smartcard.


> - use some secure USB key, like Notrokey (I know, issue of trusting the 
> vendor, but it is similar to an SD card trust). It decreases the need to 
> remember more passphrases (all of it can theoretically sleep nicely on the 
> secure USB). 

(as a side note for those not knowing RISKS, it requires a very low
mnemonic effort)

It can be used with Heads to provide an interesting protection against
Evil Maid. It also decreases the behind shoulder watching of input of
long-strong passwords in exposed areas. You just use few-char-pass to
unlock the HD or log into the system and more.

Again, I'm ignorant about ad-hoc hardware and it's a choice motivated by
these reasons:

* dedicated hardware can be too expensive for some
* I have trust issues with hardware. IntelMe was the straw that broke
the camel's back. I prefer to use the stupidest piece of hardware available
* I'm also concerned with hardware reliability: what happens if the key
breaks and I'm in a situation/location where I can't get quickly a new
one? what if I don't have backups with me? Can backups be tested before
an accident happens?
* At last but not least, purchasing this kind of hardware usually
requires a credit card based purchase made over the internet. Little
anonymity. I don't even trust alternative channels different from the
producer's website: some reported cases of tampered hardware

I'd love to be proven wrong but, so far, I don't think it's a good solution.

> - use even the Hidden operating system on the secure USB, like that of 
> Nitrokey Storage. 
> 

Again, I'm ignorant in this but this time not willingly. Thank you for
pointing it out, I'll give it a close look. It's a while that I'm
thinking of a good way for hiding the OS.

> Combining the above mentioned with your attitude, could be very interesting. 


You maybe considered what I mentioned and didn't opt for it for some
reason. If so, why?
> 
> Nice work tbh, good luck!

Thanks, you too!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit

[qubes-users] [OT] Evil Maid - OMG cable

2019-03-08 Thread '1900' via qubes-users 
I think it would be interesting to some to know about this malicious USB
cable with wifi capability

https://twitter.com/_MG_/status/1094389042685259776

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ccad8e7e-02e4-9a5e-1618-b4ba5fd33945%40elude.in.
For more options, visit https://groups.google.com/d/optout.