On Wednesday, March 7, 2018 at 9:05:51 PM UTC+1, sevas wrote:
> Cool. That gave me some ideas. Thanks for sharing your setup.
> So, another infosec question Im trying to figure out...
> Templates Vs AppVMs.
> I find myself with, currently, 8 templates and growing.
> This is because I am installing different programs in different VMs
> and Im not wanting to install all my programs into a single VM.
> Of course, one solution is to install all my programs into a single
> templateVM and only enable the programs I need in the AppVM.
> But it seems more secure to me if I keep different templates for
> different needs and then create a AppVM to run them in. Is this
> good or am I wasting my time and hard drive space?
> For instance I have a template specifically for one set of
> sys-net/sys-firewall and another template for sys-net2/sys-firewall2.
> And another the vault and more to come.
I also made a launcher for all my Qubes scripts that I didn't keybind. They are
definitely valuable for purposes like that as well :) You can also make scripts
that sends commands into an AppVM from dom0, so essentially, you can securely
control it from a secure domain, but also at the same time link keybinds in
AppVM's to your keyboard or XFCE4 shortcuts. Scripting in Qubes is awesome. But
be mindful of running dangerous or unknown scripts, they can do a lot of harm,
in particular in dom0.
I suspect at some point we might be able to move scripts out of dom0 though,
actually, it might even be possible now with USB keyboards? I'm not sure, I
have to check that one day, it would definitely make scripts that control
AppVM's more secure. But the issue here is probably the few scripts that
control actions within dom0 though. For example changing screen resolution and
move the screen to left or right, i.e. when plugging in an extra HDMI TV
monitor or projector. This too might change in Qubes 4.1. as well when how
graphics works in Qubes is changed. Well, there is definitely a lot of things
to think about and reflect on, but that too in and on itself can be fun if you
enjoy solving small puzzles like these.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.