Category: Uncategorized

I did this once before on Qubes 4.0 with help From Frédéric Pierret, but left Qubes on my NUC for Xubuntu due to too many issues with hardware. Intel NUC is not overly Linux friendly friendly. Microsoft is their primary focus.

Then today(of all days) I snuck an install of the promising Qubes 4.1rc3 on the box, and if started with a single error during final install [Start failed: internal error: Unable to reset PCI device 0000:00:1f.6: no FLR, PM reset or bus reset available, see /var/log/libvirt/libxl/libxl-driver.log for details”:

No networking was available upon startup. Disabling the PCI device in question [00:1f.6 Ethernet Controller….] in sys-net, made booting of sys-net possible and luckily wifi worked out-of-the-box.

Hope the above solution might help others in same situation.

Always use latest php available from your hosting provider:

AddType application/x-httpd-php-latest .php

Using mod_rewrite:

<IfModule mod_rewrite.c>

RewriteEngine On

#Disable compression:

RewriteRule ^(.)$ $1 [NS,E=no-gzip:1,E=dont-vary:1]

</IfModule>

Strict HSTS, CSP, XSFR headers:

</IfModule>

Having trouble connecting from browser on a freshly installed Xubuntu. My browser extensions in Firefox acted up. All because of snap is crap (in this regard anyways)

KeePassXC when installed in Xubuntu, uses “snap” and therefore the browser integration does not work. It has to go.

Goal: If a new security vulnerability is found in KeePassXC(eg. 0-day), I would like to ensure the fastest possible update, risking the possibility of not being able to use the application.

By updating from an unstable repository, this can, of course, also introduce vulnerabilities, that has just not been detected yet.

I have decided to rather patch known vulnerabilities, using software with potential unknown vulnerabilities, rather than having unpatched known vulnerabilities. That is basically my risk analysis.

Also, if the application fails and is unusable, it might still be better using “forgot password” features, than using a piece of known insecure software. Depends on who you are, and what level you are comfortable with. Every decision needs to be risk based and subjective to the risk taker.

So, lets solely, enable KeePassXC packages, getting updates from a more unstable branch. Put this in your fedora-30 /etc/yum.repos.d/fedora-updates-testing.repo end of first paragraph:

This should be called the frog/rabbit method, since we are litterally jumping ahead of ourselves, just as the remark from Quentin Tarantino in “Four Rooms” movie, states.

And I need ALL testing packages, that actually works, ending up in stable. That’s a premise.

UPDATE: As Samuel Sieb described, it is important to have “–disableexcludes” on the commandline, every time you need to update a package from the testing repository. I just experienced, I could not update the 0-day emergency patch from mozilla to firefox, due to this.

SOLUTION: [user@fedora-30 yum.repos.d]$ sudo dnf upgrade –enablerepo=updates-testing –disableexcludes=updates-testing –advisory=FEDORA-2020-2713adc57f

After installing Qubes 4.0, I’ve not actually used disposable vm’s as much as I should, but after Micah Lee showed me the Thunderbird plugin, I had to make a newer disp-vm template, than the old fedora-26 without libreoffice. Can’t open word documents without it, I’m afraid.

In Dom0:

qvm-prefs –set <AppVM to use as template> template_for_dispvms True

I have a personal-28 template to use for newer stuff, so that’s what I will use instead.

Howdy,

I just pledged $5, monthly to the Qubes-OS project:

You should absolutely do the same. Every little bit helps:

I've just donated $5 to Qubes OS. Consider donating too, every little helps! https://t.co/nigb51DHGV

— Max Andersen (@MaxMilitant) 15. juni 2018

My first was KeepassXC:

Yessss! I am now a proud patron of The KeePassXC Team on @Patreon, and you should be too: https://t.co/EwLYdanjM4

— Max Andersen (@MaxMilitant) 3. juni 2018