@feld #QubesOS sounds pretty reasonable, though. The idea is that (1) the codebase that has access to everything is small (#Xen based I think) and (2) exploiting virtualization is expensive, which discourages many attackers.
Notices tagged with qubesos
-
Mateusz 😈 🤺 (0mp at FreeBSD) (mpts@mastodon.social)'s status on Tuesday, 14-May-2019 21:59:00 UTC Mateusz 😈 🤺 (0mp at FreeBSD) -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Thursday, 02-May-2019 22:54:08 UTC Rysiekúr Memesson Sorry for being so unresponsive. So much tech debt so little time.
But I figured out how to run #Tails (including from a dd'ed disk image) on #QubesOS. Will I write about it? Why yes, nice of you to ask!
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Friday, 26-Apr-2019 14:16:14 UTC Rysiekúr Memesson Dear #QubesOS #TAILS #InfoSec , if hypothetically one would need to run Tails with persistent storage from an img file that (dd FTW!) in Qubes, how would one proceed?
Asking for a friend. ;)
Yes, I have tried:
https://www.qubes-os.org/doc/tails/Next idea is to just dd the img file back to an actual USB and run the VM from that USB stick, but that's... meh.
What I cannot find anywhere is documentation on how to tell Qubes which volume/disk a VM should start from.
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Thursday, 11-Apr-2019 21:47:43 UTC Rysiekúr Memesson @whirli It werked!!1! And not just from any GNU/Linux system, from #QubesOS no less!
I think the important part was using the USB2 socket, instead of USB3. There's a bug related to this somewhere, I noticed.
Anyway, I haveS #SailfishOS on my Xperia XA2 now. Just as planned. I am okay with this.
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Tuesday, 15-Jan-2019 01:04:40 UTC Rysiekúr Memesson I should definitely set this up: https://github.com/woju/qubes-app-split-git
...to manage my #QubesOS Salt config.
Obviously, I should do that using Salt.
Waaait... 🐓 🥚
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Saturday, 12-Jan-2019 04:57:49 UTC Rysiekúr Memesson I just automagically created and configured a Wireguard-enabled cube in my #QubesOS, using Salt.
Relevant documentation:
https://www.qubes-os.org/doc/salt/
https://github.com/tasket/Qubes-vpn-support/wiki/Wireguard-VPN-connections-in-Qubes-OS
https://github.com/QubesOS/qubes-mgmt-salt-dom0-qvm/blob/master/README.rst
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.pkg.html
https://docs.saltstack.com/en/latest/ref/states/all/salt.states.kmod.htmlYes, I will release my Salt configs at some point.
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Saturday, 12-Jan-2019 00:40:54 UTC Rysiekúr Memesson Humm... I was supposed to set-up an IRC client on my #QubesOS.
But that requires a #Wireguard connection to my server. So, a StandaloneVM is the name of the game.
Which I should ideally set-up using Salt.
tl;dr I still don't have IRC access on my QubesOS. Lazy bastard, that's what I am.
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Thursday, 10-Jan-2019 19:54:03 UTC Rysiekúr Memesson Now when going home I can just shutdown the `work` cube, thus symbolically separating work from life.
It would be nice to have a life to go with that, too, though.
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Monday, 07-Jan-2019 14:23:41 UTC Rysiekúr Memesson Well, this is annoying: https://github.com/QubesOS/qubes-issues/issues/3253
-
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Monday, 07-Jan-2019 11:47:29 UTC Rysiekúr Memesson I am really enjoying my #QubesOS system.
Going through a list of things I want configured and working in a particular way takes quite a lot of time, but once I put them in Salt they're done for good and will be trivial to do in case of system reinstall.
The biggest issue is batter life. I am down to about 1.5h. That's really not great. I will need a bigger battery, for sure, but here's hoping I can fiddle with settings and get more battery life that way too.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Thursday, 03-Jan-2019 21:30:01 UTC Rysiekúr Memesson Tested out split-ssh on #QubesOS, based on this howto:
https://kushaldas.in/posts/using-split-ssh-in-qubesos-4-0.htmlProtip: if it doesn't work, make sure you have the nmap-ncat (for fedora-based templates) or nmap (for debian-based ones) installed.
I should probably write Salt configs around all of that.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Wednesday, 02-Jan-2019 23:21:39 UTC Rysiekúr Memesson Well that was easy... 30min of playing around and got wireguard to work in #QubesOS following a howto. Basically, create a StandaloneVM based on a debian-9 template, set it to HVM mode, set kernel preference to none, install wireguard as per: https://www.wireguard.com/install/
Set the settings you've used before and lo and behold pings fly.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Friday, 28-Dec-2018 13:38:58 UTC Rysiekúr Memesson Moved all my cubes, including sys-* cubes, from fedora-26 template to fedora-29 and everything works as expected. Pretty awesome, #QubesOS, pretty awesome.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Friday, 28-Dec-2018 13:33:40 UTC Rysiekúr Memesson So, @Herdir @HerraBRE , turns out there's a #QubesOS #35C3 assembly:
https://events.ccc.de/congress/2018/wiki/index.php/Assembly:Qubes_OS...and an Introduction to QubesOS self-organized session (Saturday, 21:15):
https://events.ccc.de/congress/2018/wiki/index.php/Session:Introduction_to_Qubes_OSIn conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Thursday, 27-Dec-2018 15:27:49 UTC Rysiekúr Memesson So I am at #35C3, playing with #Mailpile (switching to it from KMail) with @HerraBRE while using my new shiny #QubesOS install (finally moving to it fully).
And if you're asking if I perhaps decided to change too many things in my digital environment simultaneously, well, yes. Yes I have.
Haven't been that excited about technology for a while.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Tuesday, 25-Sep-2018 08:22:19 UTC Rysiekúr Memesson @kylerankin this *is* exciting. How hard do you think would it be to integrate this with #QubesOS? Seems like a pretty natural fit.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Tuesday, 14-Aug-2018 00:50:58 UTC Rysiekúr Memesson Spent ~6h setting up a Windows qube on #QubesOS 3.2 (don't ask). Ended up with something usable but far from perfect.
Still beats using Windows directly though.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Monday, 23-Jul-2018 08:46:41 UTC Rysiekúr Memesson @Dekken @Wolf480pl cc @rootkovska (and she's Polish). She started #QubesOS, too.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Sunday, 29-Apr-2018 23:21:18 UTC Rysiekúr Memesson Some things I want to do via Salt to Firefox installed in #QubesOS TemplateVMs:
- figure out a way to have "open in VM" option
- set the search engine by default to DuckDuckGo
- disable Pocket
- disable the built-in password managerAlready done:
- install HTTPS Everywhere, NoScript, uBlock Origin extensions
- make sure h264 and webm video playback works.This Salt thing is looking better and better.
In conversation from mastodon.social permalink -
Rysiekúr Memesson (rysiek@mastodon.social)'s status on Sunday, 29-Apr-2018 22:04:52 UTC Rysiekúr Memesson Ok, set-up my e-mail on #QubesOS finally (dropped split-gpg2 for the time being).
Let's see if I can go through a workday using just Qubes.
In conversation from mastodon.social permalink