Re: [qubes-users] Seeking moderators for unofficial Qubes IRC channels on Freenode and OFTC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07/20/2017 07:27 PM, Andrew David Wong wrote: > Dear Qubes Community, > > We're looking for well-known, trustworthy volunteers from the > community who would like to be moderators in the unofficial Qubes > IRC channels on Freenode and OFTC (#qubes on both). We'd like to > have at least two unrelated moderators who can oversee both > channels. If you're interested, please let us know. > > Best, Andrew > > I'm always lurking in the Freenode #qubes, I'd be happy to be a moderato r. - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAll/fr8ACgkQuXLc0JPg MlYXLw//QtqB0NyvPLScIus5pZf7/93HiOkt7PJhnaqg0ENInvXkeXhJQg0bAJEA KxjdpggoxhwwsChxh4T1aq5f/YkeP5XDZhKAEeY4W/GElzTjFWgM7GSdlPb9bejS R7AOlwmtD+z0epdOHxQUb9ZWFyM0yJ9uEN/HP4tlDAqh0TrGxrWQQvoKYVagCXos bHCWcr0ynGYcRnAB//ABhRAcitGwBpyCfWgJc4fyR2sppmu6qVf5/drKC2eeJ605 H8c/RQThDuymj3W9vssYz5eLHsYYqugOJWwhCxjBIQ0bmwAmoQAH4EoVo0OoHV+T yZojBFtTnuNB+/Tf3NlOnYs8sNXmcTVoCLDt7mHYM+8mpLc2+6xCTK+K30wNjXla eveHEVjE81sxgqUhQGuh2C5jojrEReEGtPS5VAYPYVGh5kCbHarrK/XyuI9oGY98 y36H1+ViFBUdvWo5zvmA/qd/YwmRvFDULC+dFijzp6BXjEnMe9RP2D3taSHN34fB RADfhcM16GLwem14ROw9oRk8FhR8BECXYMwRmr0fqP8rH6bkGLQXswioeXKGPQdZ cJA73oyNvgiKByA7SaZdkKFJtUoPMzBGPw//kVpOWJavfkvYwZJsaG/SbvSq03ZI NBHn0qeveaMYB9Qg26HnEKcMGgFxdY2RNTnVMpGFSqrXTMmMFV4= =Alcw -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7bebf087-cb13-8113-a35c-d3ec4edba2f4%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
On May 7, 2017 10:39:22 AM CDT, Andrew David Wong wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >On 2017-05-07 10:32, nickl...@kulinacs.com wrote: >> On May 7, 2017 10:23:54 AM CDT, Andrew David Wong >> wrote: On 2017-05-07 10:10, >> nickl...@kulinacs.com wrote: > What benefit does this have over simply ysing > qubes-split-gpg-client-wrapper, like done here: > https://github.com/kulinacs/pass-qubes It seems like a lot > of overhead for not a lot of gain. > > On May 7, 2017 9:50:26 AM CDT, "Manuel Amador (Rudd-O)" > wrote: >> Building on the excellent pass (https://passwordstore.org), >> it gives me great pleasure to announce the initial release >> of qubes-pass — an inter-VM password manager and store for >> Qubes OS. >> >> Check it out here! >> >> https://github.com/Rudd-O/qubes-pass >> >> >> What are the advantages of either of these over the traditional >> Qubes model of having a normal password manager in a vault VM and >> using the inter-VM clipboard to copy/paste passwords out of it? >> >> >> I prefer Pass because it uses GPG for encryption, meaning I can >> manage fewer secrets over all (as it backends into my normal GPG >> key) and then track my password files in git. To do this with the >> traditional Keepass method, you either need to back up the password >> database somewhere secure or remember another password for it. >> > >Why not just back up the entire vault with qvm-backup? > >- -- >Andrew David Wong (Axon) >Community Manager, Qubes OS >https://www.qubes-os.org >-BEGIN PGP SIGNATURE- > >iQIcBAEBCgAGBQJZDz+kAAoJENtN07w5UDAwVdEQAKyEUNffYrCLsTK8TyRvWnyi >3dz15oDFHAL/PXkUHptcn4NJfU3BrmPBcf8DaBM2ROlXVJQayYZq9QwE1wlftxjr >+ZblvNOuYbc/+FGxGNpqimc7jSC5TSaaduMW47THp66xemYH55pVChD2WT3X/dk4 >gn51SLYKE7tixnsOaqNEQSawpwbDsVaL4hLDgV4NLDKeZTbhLLxLbFlvikoMsUxY >BXj19mfje2oJrDAXEDUtDK9qq8tOjttK4EomVG0HQVinyhpKiLn/Nil91xQnKvES >H8QG9sEUUEGs0/GsYsXIkb3VJqRdkns5A1Cp5FR3/WTiIxBARfewXY3klQKO0UFj >zTovVZ3OgjuqmqDlkLLGRI5bn1NHZ2k9IFly4+8VUYXPOVBNdkKmIpqS3x0EPhuO >rFZmg/1OYHeT3FLt6WwDJilNGzN2I/FByx7AbwiEHGgspQYVviDRha2n6eCDGh0R >uIZ3/8iYj+QA+glXZFGj5ghIKjBiA6rcn7vTh7/r+9rGaOCCDCGY6L4ZrgL8Ao76 >VOw1MnnzVHIOGjGQ0RacDN9qZ8D/YTy2BqZVUdF1RXoBb77LQgAfVfVAeIjzuWg7 >KIlXI9ScIFqEbbcxC7w4SC1LHbEcET81q5B0tNzJUJ+QL0/CZQ9avrPHBOq9kVRs >NK8zRvknFnPargpog2UK >=vzjL >-END PGP SIGNATURE- Git has less storage overhead (as you're backing up a bunch of text files, not an entire VM), allows proper versioning, so it is trivial to see your passwords at a point in time, and can be used cross platform if you chose to keep your GPG key on another system. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/B06DAF03-3208-4AB4-A0CF-96274F6A4804%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
On May 7, 2017 10:23:54 AM CDT, Andrew David Wong wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >On 2017-05-07 10:10, nickl...@kulinacs.com wrote: >> What benefit does this have over simply ysing >> qubes-split-gpg-client-wrapper, like done here: >> https://github.com/kulinacs/pass-qubes It seems like a lot of >> overhead for not a lot of gain. >> >> On May 7, 2017 9:50:26 AM CDT, "Manuel Amador (Rudd-O)" >> wrote: >>> Building on the excellent pass (https://passwordstore.org), it >>> gives me great pleasure to announce the initial release of >>> qubes-pass — an inter-VM password manager and store for Qubes >>> OS. >>> >>> Check it out here! >>> >>> https://github.com/Rudd-O/qubes-pass >>> > >What are the advantages of either of these over the traditional Qubes >model of having a normal password manager in a vault VM and using the >inter-VM clipboard to copy/paste passwords out of it? > >- -- >Andrew David Wong (Axon) >Community Manager, Qubes OS >https://www.qubes-os.org >-BEGIN PGP SIGNATURE- > >iQIcBAEBCgAGBQJZDzwAAAoJENtN07w5UDAwPwYP/A1L6MTJWkSTAkopSLUFQnbg >bL0/6/YxjMNG7YBRSDhB0k5hAD70WOnHt/W2AyEkr6ihhVDkflmeAkBuc7tZgZNa >Us/9q3X3bgN/loQ/nCgAlVN+E5EqdzJyo1y94fSF9hrKKXCKPF1/nK+GxweGJl+N >PLd+oq1XjhQ8YVSI1z2yZhfO0ro5j85YhE3F/btLbNpyjVEu41JVtgdamYmHrz2O >C72llnuLedHoYJ7uTtw1inurkenndnHnGrRw8QdJFy9l8Lq8o30dOTS2/zqZriig >NF+LVlwDzJ5kostP1Rx8f/80RGhjqtqsalT+WGbgcSC/mOBzoPxKMi48tiD5BGxx >wb6hezl0fcl/JKep7DfwZm+LGmEXO/S1KLEyGhACSkiIGmEaKDnzPq3q/nq8DKRj >7ZDUjp2+chXdK0OxgGuc6/NpQkSrT0fqe3wawH/JZmg8rYi49mMxWMVNfc3Rvfvl >3d093U+2voFmlr3uyO/3q9TeMV/fRJY9ft+ygXwrMie9zCBLHfKS5bACldzCeaW5 >JXqbkNuSmw48+f/QmS0EeRCPDCtv6cXB2vTN4rzxgKee7ww4p5JV6mqQi7RLA00Y >bJ7xP9BZb8R8eSXtLbsCmGpkSXMnyPl5NGgrkrFaktz4pYpH7+HGYXVOfvHxJkLG >I0EO4GdyH2SaXrj9OXke >=FKB/ >-END PGP SIGNATURE- I prefer Pass because it uses GPG for encryption, meaning I can manage fewer secrets over all (as it backends into my normal GPG key) and then track my password files in git. To do this with the traditional Keepass method, you either need to back up the password database somewhere secure or remember another password for it. --- kulinacs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1BBC6F4A-1054-4AB7-87EA-1E1236DB56DB%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] ANN: qubes-pass — an inter-VM password manager and store for Qubes OS
What benefit does this have over simply ysing qubes-split-gpg-client-wrapper, like done here: https://github.com/kulinacs/pass-qubes It seems like a lot of overhead for not a lot of gain. On May 7, 2017 9:50:26 AM CDT, "Manuel Amador (Rudd-O)" wrote: >Building on the excellent pass (https://passwordstore.org), it gives me >great pleasure to announce the initial release of qubes-pass — an >inter-VM password manager and store for Qubes OS. > >Check it out here! > >https://github.com/Rudd-O/qubes-pass > >-- >Rudd-O >http://rudd-o.com/ > >-- >You received this message because you are subscribed to the Google >Groups "qubes-users" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to qubes-users+unsubscr...@googlegroups.com. >To post to this group, send email to qubes-users@googlegroups.com. >To view this discussion on the web visit >https://groups.google.com/d/msgid/qubes-users/24c27d7a-e72e-14fc-e388-2f5718d95660%40rudd-o.com. >For more options, visit https://groups.google.com/d/optout. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0A765A21-F411-4015-B9C2-790508B1A0C1%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Toshiba Satellite C55A
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/10/2017 03:01 PM, Caleb Thompson wrote: > So how important is it that I don't have an IOMMU or TPM? What > things can I not do? Sorry for the newbie question. > > > On Mon, Jan 9, 2017 at 8:35 PM, Nicklaus McClendon > mailto:nickl...@kulinacs.com>> wrote: > > -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 > > On 01/09/2017 08:12 PM, Caleb Thompson wrote: >> Update: I'm trying to figure out why the report says I have no >> IOMMU when my BIOS says I'm set to VT-x. Are they different >> things? Is an IOMMU something I can take my computer to a >> computer store to have added to it? > > Intel VT-d provides IOMMU support on Intel chips. If your > processor does not support IOMMU/VT-d, you will need to get a new > processor, it isn't something that can just be added. > > - -- kulinacs <mailto:nickl...@kulinacs.com>> -BEGIN PGP SIGNATURE- > > iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlh0OmwACgkQuXLc0JPg > Mlam5g/6Aq8bFB6Lz6TV6UlgGYYnnkibeVFHoJ2fKXUcE8NiW6kiv+ykzOLLhCtb > bqiQniJvbh4tFwg7YRkD9bFMapx3expyG1y1cAbY1IzpKJ4Ljc8D59Zn7xy+oy+/ > zyS0EHakVHy7zYXiI+hVh+E781QDqdxroed5niAP76sd3xmIIKGchvJVfBrTXS2o > GPOSVm0+9Y2IVRiBINPF+4XlsMcWrdI8CuvLIBGq3AKh2ZAyZklUTVAD9ByeT9zx > 2uz22QwPbbz18y3c2aJpS4PZqsfLvtUtVjXbqBqOGetXIklQkp68cSGXCNsrh7Ah > tnjyjRWOk6QAmRQ2l7Nt0wLTKVQZE0xuP2xClIjOzEOQJFhS/OjNjpF2MAv1WDr0 > ZU2Owj3etTuHCJ7GKGz6kx7kEzovgf5fHaC14yxGk08BaaEOCEvIj6/TU7RXfF21 > OawfCKrpaLuQO/YqbgGozKsxi7GXHBZV/q/9ApfBfy0enZdrUKDFFgSQtBubeGI9 > EoKichPSyqEYPQGozUXztLtp2B3nXUkXvnZ7umPgQPdUZS1UI92Mbt6nPrQUvqoL > btwJrxaVB6v0ldvOJtPdUbJBhh8imQM45Vcw3JFKlRRDcUw+q1YXgEaBqvP7sEWJ > 4wJpIaLDoLAt8a7NUeDrj7+hEGZEdY/+NqI2IqgaEmwYwNKkKNs= =FlOO -END > PGP SIGNATURE- > > IOMMU allows you to isolate devices to specific chunks of memory. Without it is possible for someone to use a device in any VM to compromise the entire system. The TPM is mostly used for Anti Evil Maid with Qubes. https://theinvisiblethings.blogspot.com/2011/09/anti-evil-maid.html - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlh1b4IACgkQuXLc0JPg MlZy+w/9GVlPda2ca7gJ+twoeKZKAHW5jEEtWSBCt06tq4EFmQC5Gxn9XTYuYO5A GY3T6rC1VpUyU4fnlvxtQgFW5pFrvROudrPnEynLxlscQAJaRQXCV2NJDNViG1H5 1fkLSUc8sOpNRX/4FgUoo1f2MPEI4sASJvg6ZhWG1zMzdPiOZ/FPyfIFNkyqNAlC Z5/O041G6s0ot7Y25mLhcBvoZkQkvdetPYvhJWMxakMB3TUjA5AKj2oL1/VvIGPO TSVwA22CnlC2uVTgjWF033+s0QkXJfaa0skG865moz7R3twe2F34V6LrZ/uko+sR LVzkl+9DzWFZDd8AWj5bpAVZ6xN4z59Hypm7qRi6HU+eF4Z64p+1+KQ3zSVVyehG 1fiQEuAkbtn5uRs+vZjKKRMCzxgZFWUcNepYiy9atv7s4vPSn9RDAPRGJmtUniOy K1hEPz1RT1I2ptP8ZVq7Lw/9ukzFwW0CPdTLT0jnnpQpAjSncginSVONoUsEZxS4 /Zh0P6zwKU49IMFeiCZOZDqrx08X41AqWmFTjqvTkvxCppUH260AVXqOKY9VHzO4 6ZumsvYJCi7oGZ0S/hmCSlHPYQnp8t/JO6e3Sz+S00nZZClMOozoDHQcyAnsv2F2 MPxWV04NRtN4IeEdHQ7cD7JtpplPQzesVKD0bVohGcYgRTDGFag= =KDL1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6fe3de1e-5394-e591-b5e7-d8892b9c6545%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: HCL - Toshiba Satellite C55A
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 01/09/2017 08:12 PM, Caleb Thompson wrote: > Update: I'm trying to figure out why the report says I have no > IOMMU when my BIOS says I'm set to VT-x. Are they different things? > Is an IOMMU something I can take my computer to a computer store to > have added to it? Intel VT-d provides IOMMU support on Intel chips. If your processor does not support IOMMU/VT-d, you will need to get a new processor, it isn't something that can just be added. - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlh0OmwACgkQuXLc0JPg Mlam5g/6Aq8bFB6Lz6TV6UlgGYYnnkibeVFHoJ2fKXUcE8NiW6kiv+ykzOLLhCtb bqiQniJvbh4tFwg7YRkD9bFMapx3expyG1y1cAbY1IzpKJ4Ljc8D59Zn7xy+oy+/ zyS0EHakVHy7zYXiI+hVh+E781QDqdxroed5niAP76sd3xmIIKGchvJVfBrTXS2o GPOSVm0+9Y2IVRiBINPF+4XlsMcWrdI8CuvLIBGq3AKh2ZAyZklUTVAD9ByeT9zx 2uz22QwPbbz18y3c2aJpS4PZqsfLvtUtVjXbqBqOGetXIklQkp68cSGXCNsrh7Ah tnjyjRWOk6QAmRQ2l7Nt0wLTKVQZE0xuP2xClIjOzEOQJFhS/OjNjpF2MAv1WDr0 ZU2Owj3etTuHCJ7GKGz6kx7kEzovgf5fHaC14yxGk08BaaEOCEvIj6/TU7RXfF21 OawfCKrpaLuQO/YqbgGozKsxi7GXHBZV/q/9ApfBfy0enZdrUKDFFgSQtBubeGI9 EoKichPSyqEYPQGozUXztLtp2B3nXUkXvnZ7umPgQPdUZS1UI92Mbt6nPrQUvqoL btwJrxaVB6v0ldvOJtPdUbJBhh8imQM45Vcw3JFKlRRDcUw+q1YXgEaBqvP7sEWJ 4wJpIaLDoLAt8a7NUeDrj7+hEGZEdY/+NqI2IqgaEmwYwNKkKNs= =FlOO -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c3a6ca43-e3ff-3f38-0baf-cf858bf455ae%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Using pass with split GPG
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've been looking into solutions for password managers utilizing Qubes' isolation as well as possible while not compromising functionality. Password based options are suboptimal, as regular backups and syncing can be challenging, as the "Vault" qube for the database should not have network capability. Similarly, options that require copy and pasting between qubes lead to password being kept on the clipboard until manually removed. As such, I began looking at using pass with split gpg. Pass is designed to work with Git for backup and synchronization and uses GPG for encryption. With the following patch, you can set $PASSWORD_STORE_GPG_PROGRAM="qubes-gpg-client-wrapper" and enjoy pass with split gpg. https://lists.zx2c4.com/pipermail/password-store/2017-January/002633.htm l - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhwOjkACgkQuXLc0JPg MlZ7hA//aJ/9lsZlT2fx/VhKfN+CBkqNQZ7xkiQBc3qwso91Qu+PvyO4/WOPupb1 BYZkye838+s+tR3/1NHE7iwAZfl1fThlKKz+19TpFIWL64ARL408O7Bw+ijVezRY xL9tJMCaQkLvQRwwFXNBrETDlRnpzJwCj1YmA2oU717g0PBjs1qi4cq/cu7Mo/D+ w2cA2V7n8dPPY9lZa3oNH+xsL1N1g/OzQ3I8hgFMprd2Tpk7Xr2EJWNH+1AhCPtV AIsKv+QcgikIWscXRj+6EWYq3EG1qUA8dTWhO3st8LR7nvGJLSJYI92Fv0C4354T h8f6m8nza8JyTzBjk/FekjObil2q+3BEUaBHQA7sK6Q5kQEkYXprzm1G1X5tALWB 8gmdceYNiJBae/w3WQU4I2QG1ZdETy7T66hTMafHa5NEvDFVabWb2+50hsnGZ5Z/ KIP9cnliPzZKFKlm8tCmiYbFIG08w9QnIH3TBYzCxjmlLDldgw9U4KUts2V23fJq PH1gSChgEaCad9zTWMbJ5+s+QH6gmTBipUV1rrYN9P2vMeDhOX7tsB0NOG+jRBk6 dx45CQ2KzQopxy31z1Sd7HXMDmTeL+7lOuyPjhhOwrQSqHF9qHQbT73ujIDmps9W XKyw39uXrIZqg0XrkV77T9CybnLLsXFfDaJ0NlVYdBZ8ImzJ+hY= =VOI4 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5282174a-57e0-5927-f801-df6d6b7b3b92%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Heads Bootloader
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Trammell Hudson spoke a couple of days ago about a custom bootloader designed to minimally load the OS in a secure manner, and mentioned he got it compatible with Qubes. Does anyone here have any experience with this? Talk: https://www.youtube.com/watch?v=UqxRPLfrpfA Repo: https://github.com/osresearch/heads - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhkTL0ACgkQuXLc0JPg MlavtA/9GuiOZUlM89830n/0xV7uOpVPksnUrgjY5DxSHwoPgC1mkUzQQvrdWhKO 1GCYen3cbE27Hoyr/I3czBcTfqIQV/yHlQNJDVwyyoQDyC3g3Zq8huS2uqdZjl7l 0TiCA+cZ0jc4xAmgty9YMcmpgTcRMRFzQIVD91zsoAJF8qT66q8FEwgb3YZBGlMp HQ60JkEswDSkyhSy99Iaes3R7AiyXwR8b9+QUwKajwr7IQpdEFQytlxOYGhJXHD7 HRPflgTBSDHYj8zyPzcXHxx/IJw/C+Po+YuWTGy8uoQQzGLNPHwdcjRinRLj+Ru1 MKNUjjXqdRhw6QWBrej6U1fYdCqhg4udMCvDKkWa3xtnfFs+ZKPBU9pQccmGFwle 28EjyDwwakmrQdbVf8M1DvEWlVqBu7rP1BjDnmRJ1hGgnoO4To35gbh78p01/796 xmImBkTBPwNRM/BIrNWXinQtIdD+zHhb1LgRsUPNx9hCStnPCRC4RmkHonqS3Bry sgSk1gzYiveb/P64Qm7sljxrevqLDoY4Gy4deuBcfDW2iZvqp71RI3QAIahVNlPF bjjoLHLJ5wDbSP0xQQBQvTLDn0rgteryUHBkNsBdY07VUo8ZSX4K7wWTXsYNKX4Y LmDOCw9UM6yBL8uaKxUYpeaR2NkdCKWgjqEKrvGb9fMul33Rtvo= =863E -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b98ea523-70b2-e370-7bad-090a2548faed%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] RFC: adding qubes images to the (qubes) repo
>the problem is (as you wrote) 'supposed to be verified out-of-band'. >for some less technical people, even verifying the signature is a huge >step. >i am a fan of providing easy accessible security and using already >existing infrastructure. (in case of the dom0 repo, an ultimately >trusted source). I'm weary of calling the dom0 repo an ultimately trusted source, as it implies trust in all the related infrastructure (DNS, CAs, etc.) Package managers follow a trusted objects model. Each package's signature is verified before installing, meaning trust of the repo is not required. In either case however, a signing key must be distributed in such a fashion that it can be verified and, as such, Im not sure if this offers anything other than a wrapper around the signature verification step. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/E25AD111-9DFC-4072-A294-AEECDB5FDA0A%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes as Server OS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/23/2016 07:09 PM, Jean-Philippe Ouellet wrote: >> If you can't access dom0, qrexec is default allowed, > > Uhh What? Can you elaborate? qrexec usage is normally defined by an RPC. This RPC has a policy, either allow, deny, or ask. My understanding is that if you don't have access to dom0 to respond to a prompt, you must allow the running RPC by default if you want to use it. This argument, of course, hinges on my skepticism of secure remote dom0 access. >> which removes the added security of it. > > Definitely not entirely. I'm not sure what security is added by having a default allow Qubes RPC policy, but once again, this could be mitigated with secure dom0 access. > >> If you're remotely accessing dom0, you're adding the networking >> stack to the TCB, > > Not necessarily. At least your NIC need not be trusted, potentially > more. I think the NIC still must be trusted in some form or fashion, however, as a rogue attacker in the network vm could just shut off access to whatever secure management VM being utilized. I'm not sure how to classify this though. An attack on the NIC could stop remote management, but I don't think this would harm security. In any case, there is a lot to be added to the TCB by allowing network access, like a management VM, that makes me question its usefulness. >> and once again have a basic Xen installation with extra >> unnecessary overhead. > > ... and if overhead is your primary concern, why even bother with > Xen at all? Why not use containers or such. Overhead relative to functionality. A type 1 hypervisor offers better isolation than containers, and I was suggesting that Qubes features may not provide more security in a server environment. - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhdwsoACgkQuXLc0JPg MlaxFxAAl8ElXNawe9okc1RkzE6jbZUyEXK4r3n2SHsdZh1L2VIgmDBhcZankrm5 FoTMCpcqpoUIFde1PyaA5ZiIC9wCgDaiLMRHRkblCV6CYZ+7mufb0hUUX98jngLS Qkgee6lE0qB4iZWbtMKyOjlZbkODe1y8L65MjYB6qEy28IaXlHD64rptMi86qnvS 4Wag811+4Uox9reWCY5cmqriyMmx5sQN2cauWOausYIB8GRk/yYRXAk4Ex7bSuYh DXHrS2RIyZ9w5M7By1hcKaD+n29AJ42xVmJPlnK7kcTV67yO/gW7PDjwlLQj5W7F b2Ql4IBv56eTjP16cEeiq95K24enfx6drHBJuyRbopGVleAsGP4ZXroxZbufPxpf vrV6hdcxPoDZ+vigfdQTP5pxtZYk4msut0rAYi/36fhhvCkSmYYPDEZXUzlFg0us wSCw/9Tf/mir5aG7vNa4UzF2NKJRZHoudG+Td5cAJULpCgnocaQ+K27fOpA3UrK2 LzEuZi1iG5KbXyRueeOi+PYYtDuf86vFBxS1z79fooEN1mu8ksv4IsJcG5lbs6p2 C3398XeoyuE5oy+fzSXgU+Yem2w5AQ4PNIfzU+5XDXG9tBHXMXbjL/EhHAIxldgq C0fce2Sfdw+pPj6nyE5qDe0gsvCotQgkjC1/NZmx/i/7FqaOUL8= =SWEu -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9fb2cfd4-7b14-84d4-e3f7-6328bc0bf288%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes as Server OS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/23/2016 05:18 PM, Jean-Philippe Ouellet wrote: > ... except with decent dom0 disaggregation working out of the box, > and I'm personally making good use of qrexec in a server context > as well. > > Securely accessing dom0 remotely is left as an exercise for the > reader. ;) > I'm intrigued. How is qrexec utilized? qrexec is better than networked access in the case of Qubes because it is verified through dom0, which is part of the TCB. If you can't access dom0, qrexec is default allowed, which removes the added security of it. If you're remotely accessing dom0, you're adding the networking stack to the TCB, and once again have a basic Xen installation with extra unnecessary overhead. qrexec with a networked dom0 doesn't seem anymore secure than using SSH to run remote scripts between networked VMs. - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhdrX4ACgkQuXLc0JPg MlalzRAAgKmZPLtbbkuEyRr3fyJVDjxLwrV20c+WdtH/t9Snx//RPdLPmhEkqMTM D4fscVTjjJzjXFg5m5JGZQpPKiZgENEwYxgnuyqIxWg7gcySr83lXCGRdL64u1n8 r5ydg42R7gqaeS8fh+Fkhxext+4PmOGieinh9FZRPYc+eT+VWsbZvMK7Yhso1bZO U64JroC8O/JwUzJOl9VhqHChRjcbcxQszbyQadFT0QpEZ5HUoVcuW5nSj5w7jttJ lCV8CkIOMwGDuzaZJU3b2dRIxMqe2C4wQRtlsXHTO9JANN4S22z+OBlfkb/KhxGB d6caVxqgj0wgg0xWX7Fz5LBpNQtrL5xqBDVDMil3KSRsHEjJb23Ky6opJyJNaMWW jtvShsp6fFZD18262ZwUwwqRMYV6sE4a3nITAo3yoIRaT3LHBKnUBHXuRqxKYJPf AmkQAbyovsDKJ/9GHhHnOPLNunJqx/2pjuO4SaT1/7/+vb/ARXLmsq10jXdYKDsF o2XeC3DisRlStU5/vXXOx4NW4cbj21a9hyaQ9pQxEv9QOi/0kDSdVzXyaw6qR3U+ cXMBYplL2ZnrjXCPpmZY4wI92STATMMgw/Vb8ZSbeSRKiaFYHrQv2SpFvMRW6VK1 4tPTkLF242cTUzkOFWtvD8kMwvHy1aGx/hfm1r11TlvPQHXgTzg= =2+BL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/84d8b7d8-4f21-3d3d-7b4a-955a66d0a705%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: BIOS Security Settings?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/18/2016 03:17 PM, taii...@gmx.com wrote: > Some laptops such as dell latitudes/precisions have a "master > recovery password" that is generated from the current serial number > of the laptop (so do thinkpads) "Cannot be bypassed" - well you > could always clip on a eprom writer to the chip correct? I assume > then you could force it to spill. > > Entering the password on a latitude/precision then resets the > serial number and you have to re-enter it, you're now thinking that > you could simply do this to make a code that no one knows however > on the pre-boot authentication screen it helpfully provides the > current serial number. > > BIOS passwords and PBA schemes are simply another layer in > security, ideally you would have both a password and a smart-card > so somebody can't simply do shoulder surfing password recovery and > then be able to steal your laptop. (Most business laptops have a > contact-smart card reader). > > > Yes you should switch off ME, although "Disabled" means something > different to intel than it does to you and me - it isn't really > off. If you do that you will have to blacklist intel_ips kernel > module to prevent log spam of "ME Hung" > > There is a project from some coreboot developers that is able to > nerf (not remove) ME from most systems (caution - may brick your > mobo - do not perform without an external eeprom flashing device) > although of course you're still stuck with the proprietary bios and > FSP on anything recent. > I was unaware that the master recovery password existed for Thinkpads and hadn't been able to find any sort of thing when I searched previously, I'd be interested to see your source. The official Lenovo help page suggests that it does not exist. https://support.lenovo.com/us/en/documents/ht036206#super You could clip on analysis tools, as I mentioned as "digital analysis of the chip itself", perhaps analog analysis is more correct in this cas e. - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhW8ZAACgkQuXLc0JPg MlZbnQ/9Eoc7DwTp66EaV+tOWNaCKvaP5C1x3N8ObSlvUMxn/Lphl3chrgA5yrbW zwMhnZrBPjpzL4a7WHcAg/1tAOoo+zX1yQLXttO8TqAnnthJMgBdd0RA5fBCAccu KAFrwqQB8y/7m1ZQtSzA+pd/JXuStqfI6Z8NXybU1BaOWq0/HMaJeplPj5ch6ZtV 4/vB7Ox9ot92QULLIbEKpBcmnBT9hSKdfSHI+LdBBZK25oYK7E8YuGe4EwPyqvYj EFz/tKBEKAq+gvsTb7qj0L8ZyCHUSRF3YxXfTfltAaZFFcblywc3DOIEnz/Xi1un mL/uMgb6ssqAwYUcm2CAUNIBMKhpSroPAi2J88kZq5u/ii7p50Ay+Hg8teXl1cpg gloWsEIuFtda9O3qt7GEO/CftlX9s47PN/eZz+txZsVLucXjdKcoKy+NUUzClqzC 7RI4aOcddNzUP1Uk2Dvt/cnXuUBSq/+H5L96IhFhI6g6DzzDcZ1I6LOydOrys6bm cWoUyvvnKEKfdxpEdTIY2aS1MtvJyqV2AZGRIDShQYwNv7v/kG1tCjD8xncUAdrF RJ7Tvfiqsh4VQRsWmYsbuIVe8bH3s33Q3RMXEj7OXAgPWQy8QyDlwbf6/+Yhaei9 gpeDvwSq99+YyM0uQfWqW+NEIX0Xi1rlcUuIVLf+D/eGo0+qfys= =nDod -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f7c5e8c9-7a04-e0f5-5857-6ff59179c015%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: BIOS Security Settings?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12/18/2016 01:26 PM, Grzesiek Chodzicki wrote: > W dniu niedziela, 18 grudnia 2016 17:15:59 UTC+1 użytkownik > '0194358'019438'0194328'01943 napisał: >> Hello, >> >> does a BIOS password (against BIOS changes), gives a higher >> system security, or it is more like a security fake and could be >> easily bypassed? >> >> Should I switch the IME off? >> >> Kind Regards > > Usually, the BIOS password can be reset by using a jumper on the > motherboard, a dedicated button, or by removing the CMOS battery > so it's trivial to bypass. However if one day you notice that the > password is gone or that it has changed, that's a good indicator > that somebody accessed your pc. > In Lenovo Thinkpads (mentioning as they tend to be popular for Qubes) however, the supervisor BIOS password is stored in an EEPROM chip and cannot be bypassed without digital analysis of the chip itself. So, more secure against a standard attacker, but by no means secure against a dedicated one. - -- kulinacs -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEPL+ie5e8l/3OecVUuXLc0JPgMlYFAlhW4x4ACgkQuXLc0JPg MlYAeRAApBziRvsaUCGsWbUetc8Z0wEAHhoQrOYU9GdO5/FyRU0QtALMDBcjv/6z sYc5udhPn9lJoR9Ak65e+BRcR0zjWZ/jrkhan1GSvBV1B+Wma0jUyrLeVImq/gDj Bn3ZxPsDCWhX5kClAFAa1f+ckUgY8s+ksgpHC4aui/FcJGGBUO7P1KpC3US4MO8+ pBj2E0Aw5pcUqiqfk7MoKpaaGh16IzOyhm5EWkT2xOFTayQJPuMUec1F92N/8ikU SrVeC0VCCeIDD3DHoeGHa+4fu1+nurmGbwgICwWHRGHqqtdCG+IalUhEMsSF2oa0 oV5IbpvtdevnrE6JSv1AmLMe5w4tUDRryP6MUsd8BQHUwTfxDI9Lxbd9ip1oS2Uh fog2n7mxgkGqKfx5yY/kAiVWPYBoYp2gNy4K6XzYX0j7eZlHM36K5hQSH0C+FSu1 i/3OonmeBZ3PfOiF+GRw7tT6jq4lLxC0P2fkueiruHDX6hUjGs+qbhQbsjQWtufY KtPbmo/vR7QWvne4rs2Vcz1b5qgpO4c69MD68Fy0ks+xsbAhZ/WeARfCPGpqHhFR CMwvEzkWsf/nYnj0+AetiIkJB9dbCUdPeSiwxy1Q5tzgkQii5daRbY15v8igH73l 96fl7Mp96ERzMDEhC7fq2D1K0A7a3YEzQx7e+GiYhIezysy44/g= =jsc7 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/888f56ef-2aad-5a6d-dae5-08127cd83d80%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] how to get appVM colour for customizing bash prompt's colours
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/16/2016 01:18 PM, Robert wrote: > Hi! > > I wonder if there is a command-line way to get the name (or any > other id) of appVM's colour, used for window borders and such, from > within the same appVM (not dom0)? It could be useful for > customizing bash prompt's colours. > > I guess, I'd not be surprised if the answer was no due to security > reasons. > > Best regards, Robert > > I'm not sure if there is an official way, but I have written an RPC do to this. https://github.com/kulinacs/qubes-rpc-GetLabel I have the command run in /rw/config/rc.local and have it set to auto allow. - -- kulinacs -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EARYIAAYFAlfcPmYACgkQW1Q2Vuxs8jNwvQEA8omVIHS0V1D6YGSzlJLSJ4IJ Qm82iOXMt1V86mc8sG0BAMlW2529AVT5Ia1n4Sm0dYg8J/4TkK3fF+P6TpnCYi4E =5WrB -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e56cc595-049a-7dc6-b4c4-31f74d025683%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes for running virtual servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/23/2016 11:07 AM, darren...@redskiesgroup.com wrote: > How does Qubes perform as the host OS in a virtualised server > environment? > > I'm thinking of a configuration where the host OS is Qubes with > VM's running for things like a virtualised email server, IDS > server, perhaps a Tor relay etc. I've used Qubes as a desktop > host, I'm just curious about whether it's a practical host for > virtualised serviers? > You might want to look into using Xen instead. https://www.xenproject.or g/ Xen is the hypervisor Qubes uses, and should do what you're looking for. - -- kulinacs -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EARYIAAYFAle8dicACgkQW1Q2Vuxs8jNH2AEA7AnM5eaWIt0Dav4n/4Drk4pq p7Y1Es16as7U90kXy7QA/0HvxbtPZ9cZTUNVlblT7oU6p5p96sqAZ5DTapxekisI =oCt0 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a9bfc6be-41d1-cf87-6afe-a7da1f5025ce%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Tool to record Whonix / Tor browsing history..?
On 08/14/2016 06:33 PM, Unman wrote: > On Fri, Aug 12, 2016 at 02:58:26PM +, Manuel Amador (Rudd-O) wrote: >> On 08/12/2016 01:39 PM, neilhard...@gmail.com wrote: >>> I would like to be able to do something like: >>> >>> 1. Use Whonix/Tor as a disposable VM >>> >>> 2. Record browsing history using an external software >>> >>> One of the reasons I don't use Tor that much (other than slow speed, >>> captchas etc) is because I actually want to have a record of the websites I >>> have visited. >>> >>> We know that it could be risky to have the Tor browser itself record >>> history, if it gets hacked. >>> >>> But to have some tool running outside of the VM would be useful.. >> >> For the same reason that attackers outside the VM can't see what you're >> visiting, you yourself won't be able to see it either. >> >> What you want is not doable. >> >> If you want to have a record of sites you visit, then tell the Tor >> Browser to record your browsing history, and hope that works for you. >> >> -- >> Rudd-O >> http://rudd-o.com/ >> > > It should be possible to insert a proxy between the browser and the Tor > gateway, and sniff the traffic there. > You could use a crafted tcpdump filter to some effect, but you wont just > get a record of websites, but all requests, so you will have to do some > post processing on the file to identify the websites. Not difficult, but > probably wont be exactly what you want. It will, of course, also include > all resource requests: that could be interesting, and might surprise > you. > > unman > I was thinking something like have the Tor Browser record history in a disposable VM, and have a Qubes RPC pull the Firefox profile to a separate VM. More options like parsing the SQLite database could be included to increase usability. https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data -- kulinacs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/76bc7cdc-d0d9-faaa-27b1-292674c1900d%40kulinacs.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] installing Signal on Qubes mini-HOWTO
On 08/14/2016 05:22 PM, IX4 Svs wrote: > Just spent a few minutes to figure this out so I thought I'd share. > > If you're a Signal user on Android, you can now have Signal inside > Qubes. Here's how I did it: > > 1. Install the Chromium browser in your appvm template - skip if you > were already using it. Shut down the template VM. > 2. Create a new AppVM called Signal > 3. Launch Chromium browser in new VM, go to chrome://extensions/ in the > address bar and follow the link to the Chrome app store. > 4. In the app store, search for "Signal private messenger" and install > the app. > 5. The app launches automatically on first install. Follow the prompts > to "link" this app with your phone. > 6. At this stage Signal should work on your Qubes system. > > Let's make Signal a bit more usable by creating a shortcut in our > desktop panel that launches Signal directly. (this assumes KDE desktop > on Dom0) > > 7. Create a Chromium shortcut using the Qubes way (Q -> Domain: Signal > -> Signal: Add more shortcuts... -> Select "Chromium web browser") > 8. Follow > http://support.whispersystems.org/hc/en-us/articles/216839277-Where-is-Signal-Desktop-on-my-computer- > to create a desktop shortcut > 9. Right-click on Chromium icon in panel, select "Icon Settings" > 10. Change the "Command" field of the "Application" tab to: qvm-run -a > --tray Signal '/usr/lib64/chromium-browser/chromium-browser.sh > --profile-directory=Default --app-id=(long string which you'll get from > the properties of the desktop shortcut you created in step #7)' > 11. Copy the Signal app icon file from the Signal AppVM to Dom0. I used > the following command to copy the icon file to Dom0: [user@dom0]$ > qvm-run --pass-io Signal 'cat > /home/user/.local/share/icons/hicolor/48x48/apps/chrome-(long-appID)-Default.png' >> /home/users/signal-icon.png > 12. Now you can change your new shortcut's icon from Chrome to Signal, > by pointing it to /home/users/signal-icon.png > > If anyone has a better way of creating a custom panel shortcut I'd love > to hear it. > > Cheers, > > Alex This is a really neat idea and guide, thanks for sharing it! It might be better to work with the way Qubes' handles the shortcuts internally. That documentation can be found here. https://www.qubes-os.org/doc/managing-appvm-shortcuts/#tocAnchor-1-1-1 If you dig through the GetAppMenus RPC, you'll see it (generally put) draws it source list from desktop files in /usr/share/applications. If you put a Signal .desktop file in there, you should (I think, untested) be able to simply use the GetAppMenus RPC. -- kulinacs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dbd0f71c-ee9b-002f-519c-449fce6a83fd%40kulinacs.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Qubes 3.2(R2) USB Connecting to DOM0 by Default
On 08/12/2016 01:27 PM, johnroberts19...@gmail.com wrote: > On Thursday, August 11, 2016 at 8:50:53 PM UTC+2, Andrew David Wong wrote: > On 2016-08-11 05:08, amad...@riseup.net wrote: My understanding is that by default Qubes Dom0 is protected from USB attacks by disallowing access to USB's. To the contrary,on my system, USB's have direct access to Dom0 - I plug in a usb -popup shows it's connected to dom0 - i have direct access via dom0 to the files on the usb. Is it just me? or it it a system failure? > > Pleas read this page: > > https://www.qubes-os.org/doc/usb/ > > Without a USB qube, the USB controllers are left in dom0, which sounds like > your situation. Depending on the version of Qubes you're using and whether > you're using a USB keyboard and/or mouse, you should have been prompted during > installation to create a USB qube. However, you can also create one yourself > by following the instructions on that page. > > > So i use R 3.1 and have a usb mouse and keyboard but nothing about usb > mention while the installation. i wonder the same as the author after i > insert usb stick to my system and it's at dom0. > Do you have a USB Qube? If not, you need to make on following Axon's instructions above. Otherwise, I would check your USB Qube's attached devices with Qubes VM Manager (the Devices tab in the USB Qube's settings) and make sure your USB Controllers are selected. -- kulinacs -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/799e56e8-8afc-1bdb-08a6-4cbfe66b688f%40kulinacs.com. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] what practices, modules, and toolsets should I be familiar with to effectively contribute to qubes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/11/2016 11:32 AM, 'digitaldijjn' via qubes-users wrote: > I'm a programming noob going in my first year of a computer science > program. I spend most of my free time getting better with python3, > though I am familiar with java as well. In order to be able to > contribute the the project, what are the subjects, modules, > languages, practices and toolsets that I need to be familiar with? > Also are there parts of the project you guys looking to get the > most outside help? Areas somewhat neglected becaused the developers > are too busy focusing on major (security) concerns but has lots of > user request for? > I would personally recommend checking out the help wanted list on the Qubes Issue tracker on github: https://github.com/QubesOS/qubes-issues/issues?q=is%3Aopen+is%3Aissue+la bel%3A%22help+wanted%22 As far as helping out in general, I think we could always use more documentation. If you find a feature not documented or poorly documented, you should write it up and submit it to the documentation repo: https://github.com/QubesOS/qubes-doc - -- kulinacs -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EARYIAAYFAlesviwACgkQW1Q2Vuxs8jO/NgD/QvzQ01KCWD9OBPWDaukjm/0w q67n3L4jhvUUPrCKOB4BALx9ZTvNVrEkAoLbIALwzLYcDSW2ifUeeM7azi0mq2sM =NM1Q -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1d392c36-ed67-1ddf-b234-f5252227fd3b%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Memory resources
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/10/2016 04:57 PM, angelo "angico" costa wrote: > Hi, guys. > > Since I've read Kyle Rankin's articles on Qubes in the 5 last > issues of Linux Journal, I decided to give Qubes a try, and I > downloaded and installed Qubes-os 3.1 on an old hero Compaq > Presario C700 series notebook, with a Dual Core Intel CPU and 4GB > RAM. > > Then, I made the required updates and created a VM (based on Debian > template) in order to install and run OwnCloud client, so I could > have my ebook library synced with my other notebook, and the system > could become usable for something. > > All seems to be fine and working good. But when I try to open the > default WorkVM, the system yells a harsh "ERROR: Insuficient Memory > to start VM"! > > So I ask you: Isn't 4GB RAM anything near the ideal for me to > really start doing some work on that machine. Or if it's barely > affordable, what configuration am I missing? > > Thank you very much! > Just to note, the absolute minimum to run Qubes OS is listed as 4GB of RAM. https://www.qubes-os.org/doc/system-requirements/ Running at the minimum may not result in a great performance. If you consider upgrading hardware in the future and plan to use Qubes, I highly recommending checking the Hardware Compatibility List before purchasing anything. https://www.qubes-os.org/hcl/ As far as getting Qubes to run with 4GB of RAM, you should look at manually setting each VMs RAM in the Qubes VM Manager (The RAM settings are in the Advanced Tab.) I would recommend dropping the Max memory of your sys-net VM and sys-firewall VM to between 500 and 1000 to free more RAM for another VM. I would also recommend disabling the sys-usb VM if you have it enabled, at least until you can tune your RAM to run it as well. - -- kulinacs -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EARYIAAYFAler7IUACgkQW1Q2Vuxs8jNmPQEAqp9faNSG0Nt+ftl65DVyejpJ 4HCLbIbgLEZDlzJ8xOsA/jKbaeduE4uLNmfuXDrw2kVq/oQNBq6NViz1lUB5GWkO =nP2c -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ff4118a2-0911-55ae-8deb-ab691961d982%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Can't Boot From Win10 Retail USB
I do believe only Windows 7 is supported as an AppVM. https://www.qubes-os.org/doc/windows-appvms/ On July 18, 2016 7:54:30 AM CDT, rick.jeffr...@gmail.com wrote: >That was it precisely. The retail USB contains both the 32- and 64-bit >versions. The ISO for just my architecture worked perfectly. Thank you. > > >-- >You received this message because you are subscribed to the Google >Groups "qubes-users" group. >To unsubscribe from this group and stop receiving emails from it, send >an email to qubes-users+unsubscr...@googlegroups.com. >To post to this group, send email to qubes-users@googlegroups.com. >To view this discussion on the web visit >https://groups.google.com/d/msgid/qubes-users/4ad67042-d93d-4ec7-96da-48707fc1f5dc%40googlegroups.com. >For more options, visit https://groups.google.com/d/optout. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/32DCD9A4-97FA-474B-8CD0-FD84AE7F2450%40kulinacs.com. For more options, visit https://groups.google.com/d/optout.