@monsieuricon Not really, too much overhead with maintaining/monitoring two social platforms :/

@_spmbt For my application I don't care about these as much, as I care about the benefits I described above.

Does anyone happen to have a buidroot definition for encfs package (for Raspberrypi)?

(In case you wonder why I like encfs? Because it's the only cross platform fs-based encryption (so perfect for using over Dropbox) for which there is also an iOS app available (Boxcryptor Classic).)

Qubes Security Bulletin #31: Several Xen bugs, practical impact unclear (XSA 216-224):

t.co/l2ZjcCOGRf

Congrats to the Xen Team for finding most of the bugs and to Jann Horn of Google Project Zero for the remaining two!

No busques más, esta es toda la dulzura que necesitarás hoy

@bcrypt Ok, so that's the GUI frontend, what about the backend(s)?

Here's my quest for a project planning & tracking software:
github.com/QubesOS/qubes-issue

Some features I want:
1. Decompose projects into sub-projects, & further down,
2. Balance incomes & expenses,
3. Dependencies which can span multiple projects,
4. Take declarative description of projects, tasks, deps, people's availability, various constrains, etc,
5. Calendar-time and resource limitations aware.

So far TaskJuggler seems best, anything better/similar?

@HalvarFlake "Defense is politics"?How come? What good is politics for defense if your code/system is vulnerable? Am I missing some context here?

Organizations all over the world should DEMAND from Intel ability to disable ME/AMT code. For good. There are likely many more bugs there.

Intel should provide means to disable all ME code which runs AFTER host CPU init is complete, i.e. all the UNTURSTED-input processing code.

Intel AMT drama: 

@taoeffect What good is an OS that might not have any bugs, if it cannot protect against apps that might? E.g. can a buggy web browser or email client be effectively constrained if exploited?

A book about Mind, disguised as treatise on Formal Systems and Reasoning, camouflaged as work on Beauty, ultimately talking about Mind... ❤

Qubes Security Bulletin #30 for another critical Xen bug(s) in PV memory virtualization (XSA 213-214): github.com/QubesOS/qubes-secpa

The bugs were found by the same researcher who found the previous Xen bug (XSA 212): Jann Horn of Google P0, congrats!

Also, please read our commentary in the bulletin (linked above) about the general defense approaches we've been working on for Qubes 4.x.

@lattera Virtualization is not a magic solution, but it allows for significantly smaller interfaces, while at the same time to preserve compatibility with unmodified existing apps and drivers.

@DrWhax You use qubes.InputMouse service? Check the qrexec policy permissions?

Infosec ethics/drama 

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!