If your PC could boot VMs in under a second (and shut them down equally fast), how would you use this power to maximize your security and/or Qubes’ usability? For example, would you create a chain of VMs that each do a part of a sensitive task?
This isn’t a thread that requires a lot of realism–its more like one of those brainstorming threads where anything other than spam is welcome.
Spawned from the thread on CPUs and VM boot times
I don’t imagine I’d be doing much different. My current VM boot times are generally under 5 seconds on my desktop, and although it can sometimes be noticeable (particularly when there’s a “chain” of VMs that must boot, like with split browser) it’s usually OK.
The longest delay by far I have is opening up encrypted storage, which isn’t germane here. (I’m going to work on ways to improve that. soon.) (Edit to add: Probably by queuing up disposables somehow, the big delay is starting up the split-vercrypt decryptor qube which is a disposable. I mention this because I just read about a couple of efforts to implement holding disposables in reserve until needed.)
So I’ll answer your question anyhow, because I’m already behaving as if it were true. I’ve basically compartmentalized to the max; almost every application I use lives on its own VM (with its own minimal-based template). That would be smoother, of course, if the app started up as fast as it would if it were on an already-running VM.
(Again the real constraint, which I tolerate, isn’t boot time, but accessing encrypted storage; each VM must do so separately. And if that were fast, I’d probably still do what I’m doing.)
I would probably switch more qubes from debian to kicksecure.
I like what kicksecure is trying to do, but the startup time is brutal.
How about this?
One day I’ll try out Kicksecure, but for now it seems to be way too much work (at least that’s what it seems from when I glanced over someone’s guide).
If it’s really important to security without being too much of a drag on performance, I imagine the devs would be all over it trying to integrate it into the templates or make hardened versions available.