On Wednesday, March 7, 2018 at 9:05:51 PM UTC+1, sevas wrote: > Cool. That gave me some ideas. Thanks for sharing your setup. > > So, another infosec question Im trying to figure out... > > Templates Vs AppVMs. > > I find myself with, currently, 8 templates and growing. > This is because I am installing different programs in different VMs > and Im not wanting to install all my programs into a single VM. > > Of course, one solution is to install all my programs into a single > templateVM and only enable the programs I need in the AppVM. > > But it seems more secure to me if I keep different templates for > different needs and then create a AppVM to run them in. Is this > good or am I wasting my time and hard drive space? > > For instance I have a template specifically for one set of > sys-net/sys-firewall and another template for sys-net2/sys-firewall2. > And another the vault and more to come.
I also made a launcher for all my Qubes scripts that I didn't keybind. They are definitely valuable for purposes like that as well :) You can also make scripts that sends commands into an AppVM from dom0, so essentially, you can securely control it from a secure domain, but also at the same time link keybinds in AppVM's to your keyboard or XFCE4 shortcuts. Scripting in Qubes is awesome. But be mindful of running dangerous or unknown scripts, they can do a lot of harm, in particular in dom0. I suspect at some point we might be able to move scripts out of dom0 though, actually, it might even be possible now with USB keyboards? I'm not sure, I have to check that one day, it would definitely make scripts that control AppVM's more secure. But the issue here is probably the few scripts that control actions within dom0 though. For example changing screen resolution and move the screen to left or right, i.e. when plugging in an extra HDMI TV monitor or projector. This too might change in Qubes 4.1. as well when how graphics works in Qubes is changed. Well, there is definitely a lot of things to think about and reflect on, but that too in and on itself can be fun if you enjoy solving small puzzles like these. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9c1dd311-42a6-4f62-a631-9dd78bb1f1cc%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
