On Sat, Mar 11, 2017 at 08:47:05PM -0500, Chris Laprise wrote: > On 03/11/2017 11:56 AM, Unman wrote: > >On Sat, Mar 11, 2017 at 04:43:41PM +0000, sm8ax1 wrote: > >>7v5w7go9ub0o: > > >>> > >>>Yep! And ISTM this is an argument for using dispvms to handle mail > >>>(or any other WAN-exposed client/server): start a dispvm; copy mail > >>>client and mail "file" into it; do your mail; copy out and save the > >>>updated mail file (which is text); flush away the dispvm - all > >>>handled by a script(s). > >> > >>How do you figure that's less of a pain in the ass than typing a sudo > >>password? > >> > > > >You're missing the point - that procedure is trivial to set up in > >Qubes and addresses real security concerns. Just putting a password on > >root access, or requiring some dom0 interaction doesn't. > > > >This is important - security IS a pain in the ass. Qubes can make it > >less so. > > > > Yes, sm8ax1 got you there. :) > > DispVMs are nice to have when we think that certain operations carry > threats. But its ridiculous to expect a typical user to do a majority of > their tasks in them. >
No, it isn't ridiculous to expect a typical user to work in disposableVMs. I've set up a number of users with a range of experience, and they are very comfortable with this. If the implementation is kept hidden generally speaking everything goes fine. Some scripting to make things easier, and support is probably no greater than usual ,except for "that funny copy thing". I've said this before. Set up right I don't think that Qubes is outrageously difficult to use, even with disposableVMs doing most of the heavy lifting. But that's a separate issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170312034142.GA27103%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
