15. Sep 2018 00:14 by [email protected] 
<mailto:[email protected]>:


> On Fri, Sep 14, 2018 at 04:13:53PM -0500, Sven Semmler wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> On 9/14/18 2:16 PM, Matteo wrote:
>> > there is a docx in the "documents vm" but you open it in a special 
>> > vm that allows you to edit it safely (kind of dispvm), all this
>> > with just double click.
>>
>> You can already do this. All you have to do is set the default handler
>> in your "documents vm" to use qvm-open-in-dispvm.
>>
>> You can even go a step further and hook up qvm-open-in-vm via a
>> desktop shortcut (to provide an ignored vm parameter) and then change
>> the policy in dom0 to always show you the dialog of all VMs to choose
>> which one to open it in.
>>
>> Ivan Mitev explained the details to me back in May:
>> https://groups.google.com/d/msg/qubes-devel/0CpN7ol1ZdM/0cBPvwc6CgAJ 
>> <https://groups.google.com/d/msg/qubes-devel/0CpN7ol1ZdM/0cBPvwc6CgAJ>
>>
>> So in my setup:
>>
>> - -> whenever I click a web link I get a dialog and can choose to either
>> open a new online dispvm or tor dispvm or open in an already running
>> (disp) vm
>>
>> - -> whenever I open a document I get a dialog and I can choose to open
>> in an offline disp vm or an already running offline disp vm
>>
>> ... in other words: everything I ever open (links and documents) is
>> always in a disp vm and I can choose on the fly whether offline,
>> online or with TOR. Since changes to a document in a dispvm propagate
>> back to the calling VM this also works great for document I work on.
>>
>> If it wouldn't require customization of the guest vm (the default
>> handler and the desktop shortcut), I would promote this to be the
>> default behavior. But I should probably write it all up nicely and
>> submit to the Qubes documentation. It's really powerful.
>>
>> Cheers,
>> Sven
>>
>> -----BEGIN PGP SIGNATURE-----
>>
>> iQIzBAEBCAAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAlucJJIACgkQ2m4We49U
>> H7b7nQ/9HGyOn2Z1XWhvquuWAzBQPuJgE85cZ9IKCLK1OwjXpcUnej0/Dwa3jjL8
>> J6g2UVtsRx9/5jt0+tifRzFAlfOuFjvh/R80P335hnc4R+UceLq95dfnFaPFtLZk
>> +TelcKnJ5haSIsO/XErKPs+OqA4L5Ukdf7Wym36zIOm5TGU5QnrXHlIYr/Dpyjdt
>> sEG3gzk2itnTyEL4GOwK652tqMWHrzkc8ZnYLSmOOOdRCRJy/SCM+DV/DOSHrsvH
>> SZr5HpnCVLFWHn8WZ2af7h28g+foautDpsHGDfoU6hC/GU21nmCYKchKWUeuE7jM
>> sQCiVTv36MLgFD6WJg3hRZxr0x/T75V0iOAbS5rWZ+IRJaIoOF26ZrskYRfi5I62
>> MaeXgBFCMgvQr01pL6GUMMCrCIu01LViuJT8DsXW0vbxAI34gq1XexaUPaBWZJo5
>> rns+5oIixBUfuvROZPy3vwSKHxKdwFecHWkmVldFHcetnC9Q3rPveSRdAvhkNdQv
>> JpiFeCy/3n20cU7yOAJhEhs1xnRA1XH7VhyW6Dn4T1MgHWh74eVaEqQOUyl9Q+J1
>> p8HGONz8zSsPO+o9e+OCa2fMaPA8nfrTo1VjazMP1OmW5xLWedJb915aG+nxEfCy
>> ray1zbl2O8nCoOvtOOeJG1NeD7tv46m50Sv3SqbIXUOxS2KfLNs=
>> =zISj
>> -----END PGP SIGNATURE-----
>
> You dont say this, but if you use a minimal template for the document
> vm, then you minimise the risk of inadvertently opening a file there by
> mistake.
> You can, in fact, strip out almost any application other than a
> qubesopen tool, or pdf and img-convert.
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to > [email protected] 
> <mailto:[email protected]>> .
> To post to this group, send email to > [email protected] 
> <mailto:[email protected]>> .
> To view this discussion on the web visit > 
> https://groups.google.com/d/msgid/qubes-devel/20180915001411.7sl6jgcz3azv35g5%40thirdeyesecurity.org
>  
> <https://groups.google.com/d/msgid/qubes-devel/20180915001411.7sl6jgcz3azv35g5%40thirdeyesecurity.org>>
>  .
> For more options, visit > https://groups.google.com/d/optout 
> <https://groups.google.com/d/optout>> .




Something similar is the sd-svs in SecureDrop-on-Qubes, see 
https://github.com/freedomofpress/securedrop-workstation 
<https://github.com/freedomofpress/securedrop-workstation>




Anyway, it seems like there could be some issues:

a) Documents that "link" other documents. For example: html pages that 
reference locally-downloaded images/css, Inkscape docs with linked images, bash 
scripts that source other scripts. Unfortunately qvm-open-in-vm currently only 
copies just one file, so all links are broken in the dispvm.


b) Can't save progress. qvm-copy-to-vm only copies back the edits after the VM 
shuts down, right? So what if the system crashes in the meantime?



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/LMQJKiD--3-1%40tutanota.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to