this post was submitted on 19 Aug 2024
2 points (75.0% liked)

Explorations in Networking and Computing

9 readers
1 users here now

A place for discussing the new developments in IT networking technologies that strive to enhance and assure privacy, security, and autonomy online, ensuring equitable and strong universal access to information.

You can share info about Confidential Computing software and hardware like Intel SGX enclaves, HSI, attestation, HEADS BIOS, and vendors like Nitrokey, Purism, Fairphone, Open Source Hardware, etc.

The Tor Project, Nym, mixmaster, Yggdrasil, Veilid, and other networking technologies can be discussed here. Questions could be answered by people versed in any of these networking projects.

Also, social media in such networking paradigms could be discussed and be of interest to the wider Mastodon community. You might think about how Amethyst with LND and LNC works, for example. Or have thoughts about developing a social media Veilid application. Facebook has an onion address. What about new networking technologies incorporated into the Fediverse?

founded 6 months ago
MODERATORS
lightscription
2
Qubes Os on Latest Stable Libreboot fully HCL X230 (lemmy.world)
submitted 3 months ago* (last edited 3 months ago) by lightscription to c/explorations_in_networking
1 comments fedilink hide all child comments
 

RAM is perfectly sufficient for full simultaneous functionality of all qubes on this X230 Thinkpad which also satisfies all the green check marks for HSI (hardware security). Latest Libreboot BIOS and no Intel ME.

  • encrypted messaging apps (Pidgin, signal-cli, Hexchat)
  • dvm veilid-server.service qube (network support)

  • sys qubes for networking like VPN, Yggdrasil, and DNS (TLS resolv and odoh.cloudflare)

  • lock LUKS with a Nitro USB A security key

  • dvm of Brave and Librewolf (in firejail) when tor is not an option

  • fully ephemeral Whonix WS dvm qube

  • Debian template upgrade to Kicksecure and enable apparmor service on all Debian

  • Vault (no networking) has LibreOffice and Keepass with a keyfile inside a FIPS security key

Pretty sweet.

you are viewing a single comment's thread
view the rest of the comments
[–] lightscription 1 points 2 months ago

Attacker found a way to disrupt updates over for via Qubes Update and Standalone qubes. Also seems to be a way of selectively disconnecting onion services.

Now believe Dom0 should not be updated (even if it is supposedly done so securely) and Vanguards needs to be added to Whonix GW or onionized repositories for system tor inside a Standalone. Downloading templates may also be advisably discouraged.

https://forum.qubes-os.org/t/update-security-measures/28865