On Wednesday, March 7, 2018 at 9:05:51 PM UTC+1, sevas wrote:
> Cool. That gave me some ideas. Thanks for sharing your setup. 
> So, another infosec question Im trying to figure out...
> Templates Vs AppVMs. 
> I find myself with, currently, 8 templates and growing. 
> This is because I am installing different programs in different VMs
> and Im not wanting to install all my programs into a single VM. 
> Of course, one solution is to install all my programs into a single 
> templateVM and only enable the programs I need in the AppVM. 
> But it seems more secure to me if I keep different templates for 
> different needs and then create a AppVM to run them in. Is this 
> good or am I wasting my time and hard drive space?
> For instance I have a template specifically for one set of 
> sys-net/sys-firewall and another template for sys-net2/sys-firewall2. 
> And another the vault and more to come.

I also made a launcher for all my Qubes scripts that I didn't keybind. They are 
definitely valuable for purposes like that as well :) You can also make scripts 
that sends commands into an AppVM from dom0, so essentially, you can securely 
control it from a secure domain, but also at the same time link keybinds in 
AppVM's to your keyboard or XFCE4 shortcuts. Scripting in Qubes is awesome. But 
be mindful of running dangerous or unknown scripts, they can do a lot of harm, 
in particular in dom0.

I suspect at some point we might be able to move scripts out of dom0 though, 
actually, it might even be possible now with USB keyboards? I'm not sure, I 
have to check that one day, it would definitely make scripts that control 
AppVM's more secure. But the issue here is probably the few scripts that 
control actions within dom0 though. For example changing screen resolution and 
move the screen to left or right, i.e. when plugging in an extra HDMI TV 
monitor or projector. This too might change in Qubes 4.1. as well when how 
graphics works in Qubes is changed. Well, there is definitely a lot of things 
to think about and reflect on, but that too in and on itself can be fun if you 
enjoy solving small puzzles like these.

