Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2025-07-27 08:45:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

exchanged webarchive links, minor wording

Browse source
This commit is contained in:
qubedmaiska 2025-07-01 03:17:45 -04:00
parent 823c5f34ba
commit 4554eef362
No known key found for this signature in database
GPG key ID: 204BCE0FD52C0501
5 changed files with 6 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

2
developer/releases/4_0/release-notes.md
View file

@ -9,7 +9,7 @@ title: Qubes R4.0 release notes
New features since 3.2 New features since 3.2
---------------------- ----------------------
* Core management scripts rewrite with better structure and extensibility, [API documentation](https://web.archive.org/web/20230128102821/https://dev.qubes-os.org/projects/qubes-core-admin/en/latest/) * Core management scripts rewrite with better structure and extensibility, [current API documentation](https://dev.qubes-os.org/projects/core-admin/en/latest/) and the documentation API index as a [webarchive](https://web.archive.org/web/20230128102821/https://dev.qubes-os.org/projects/qubes-core-admin/en/latest/)
* [Admin API](/news/2017/06/27/qubes-admin-api/) allowing strictly controlled managing from non-dom0 * [Admin API](/news/2017/06/27/qubes-admin-api/) allowing strictly controlled managing from non-dom0
* All `qvm-*` command-line tools rewritten, some options have changed * All `qvm-*` command-line tools rewritten, some options have changed
* Renaming VM directly is prohibited, there is GUI to clone under new name and remove old VM * Renaming VM directly is prohibited, there is GUI to clone under new name and remove old VM

2
user/downloading-installing-upgrading/install-security.md
View file

@ -51,7 +51,7 @@ Cons:
(If the drive is mounted to a compromised machine, the ISO could be maliciously altered after it has been written to the drive.) (If the drive is mounted to a compromised machine, the ISO could be maliciously altered after it has been written to the drive.)
* Untrustworthy firmware. * Untrustworthy firmware.
(Firmware can be malicious even if the drive is new. (Firmware can be malicious even if the drive is new.
Plugging a drive with rewritable firmware into a compromised machine can also [compromise the drive](https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil). Plugging a drive with rewritable firmware into a compromised machine can also [compromise the drive](https://web.archive.org/web/20160304013434/https://srlabs.de/badusb/).
Installing from a compromised drive could compromise even a brand new Qubes installation.) Installing from a compromised drive could compromise even a brand new Qubes installation.)
### Optical discs ### Optical discs

2
user/hardware/certified-hardware/nitropc-pro.md
View file

@ -40,7 +40,7 @@ The NitroPC Pro also comes with a "Dasharo Entry Subscription," which includes t
- Accesses to the latest firmware releases - Accesses to the latest firmware releases
- Exclusive newsletter - Exclusive newsletter
- Special firmware updates, including early access to updates enhancing privacy, security, performance, and compatibility - Special firmware updates, including early access to updates enhancing privacy, security, performance, and compatibility
- Early access to new firmware releases for [newly-supported desktop platforms](https://docs.dasharo.com/variants/overview/#desktop) (please see the [roadmap](https://github.com/Dasharo/presentations/blob/main/archive/dug_2/dug2_dasharo_roadmap.md#dasharo-desktop-roadmap)) - Early access to new firmware releases for [newly-supported desktop platforms](https://docs.dasharo.com/variants/overview/#desktop) (please see the [roadmap](https://github.com/Dasharo/presentations/blob/8f360b3e82108d1e85585c1c324a28a08dd276a5/dug2_dasharo_roadmap.md))
- Access to the Dasharo Premier Support invite-only live chat channel on the Matrix network, allowing direct access to the Dasharo Team and fellow subscribers with personalized and priority assistance - Access to the Dasharo Premier Support invite-only live chat channel on the Matrix network, allowing direct access to the Dasharo Team and fellow subscribers with personalized and priority assistance
- Insider's view and influence on the Dasharo feature roadmap for a real impact on Dasharo development - Insider's view and influence on the Dasharo feature roadmap for a real impact on Dasharo development
- [Dasharo Tools Suite Entry Subscription](https://docs.dasharo.com/osf-trivia-list/dts/#what-is-dasharo-tools-suite-supporters-entrance) keys - [Dasharo Tools Suite Entry Subscription](https://docs.dasharo.com/osf-trivia-list/dts/#what-is-dasharo-tools-suite-supporters-entrance) keys

2
user/security-in-qubes/anti-evil-maid.md
View file

@ -43,7 +43,7 @@ Security Considerations
However, in its default configuration, installing and using AEM requires attaching a USB drive (i.e., [mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class)) directly to dom0. However, in its default configuration, installing and using AEM requires attaching a USB drive (i.e., [mass storage device](https://en.wikipedia.org/wiki/USB_mass_storage_device_class)) directly to dom0.
(The other option is to install AEM to an internal disk. (The other option is to install AEM to an internal disk.
However, this carries significant security implications, as explained [here](https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html).) This presents us with a classic security trade-off: each Qubes user must make a choice between protecting dom0 from a potentially malicious USB drive, on the one hand, and protecting the system from Evil Maid attacks, on the other hand. However, this carries significant security implications, as explained [here](https://blog.invisiblethings.org/2011/09/07/anti-evil-maid.html).) This presents us with a classic security trade-off: each Qubes user must make a choice between protecting dom0 from a potentially malicious USB drive, on the one hand, and protecting the system from Evil Maid attacks, on the other hand.
Given the practical feasibility of attacks like [BadUSB](https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil) and revelations regarding pervasive government hardware backdoors, this is no longer a straightforward decision. Given the practical feasibility of attacks like [BadUSB](https://web.archive.org/web/20160304013434/https://srlabs.de/badusb/) and revelations regarding pervasive government hardware backdoors, this is no longer a straightforward decision.
New, factory-sealed USB drives cannot simply be assumed to be "clean" (e.g., to have non-malicious microcontroller firmware). New, factory-sealed USB drives cannot simply be assumed to be "clean" (e.g., to have non-malicious microcontroller firmware).
Therefore, it is up to each individual Qubes user to evaluate the relative risk of each attack vector against his or her security model. Therefore, it is up to each individual Qubes user to evaluate the relative risk of each attack vector against his or her security model.

2
user/templates/fedora/fedora-upgrade.md
View file

@ -121,7 +121,7 @@ The same general procedure may be used to upgrade any template based on the stan
If this attempt is successful, proceed to step 4. If this attempt is successful, proceed to step 4.
- `dnf` may complain: `At least X MB more space needed on the / filesystem.` - `dnf` may error with the text: `At least X MB more space needed on the / filesystem.`
In this case, one option is to [resize the template's disk image](/doc/resize-disk-image/) before reattempting the upgrade process. In this case, one option is to [resize the template's disk image](/doc/resize-disk-image/) before reattempting the upgrade process.
(See [Additional Information](#additional-information) below for other options.) (See [Additional Information](#additional-information) below for other options.)