"Now You're Thinking with Qubes"

Just realised that I could do that also to separate “real” work from personal stuff, by letting the Qube that I work from connect to ETH only.

Makes for a very neat routine of plugging in before starting work at home & then unplugging, rituals like these have a lot of impact.

Added security and splitting up possible data harvesting is a great plus too, but for me its mostly about workflow & blocking big data surveillance which I hate with a vengeance.

1 Like

2 posts were merged into an existing topic: Graphene OS Template?

When we can say “Qubes now suitable for the Normal People”?

Is it a good idea or it is risky for noops?

I’d say that this has absolutely wrong premise. Can you imagine a youngster first to be introduced to a modern car, telling him that it is not for young people because it has a lot of safety features he/she can’t use because the features are complicated?

You want to drive? Especially beginners should start with modern car with as much as possible safety features.
You want to compute? Especially beginners should start with as much as possible Qubes computer.

Using your logic, would you call people who drive cars without seat belts. airbags, ABS, all the working lights, without bumpers, shatter resistant glasses and without both side view mirrors - normal? Probaly no. And you are calling people who are using computers without even more safety features - normal. It just ain’t right to us using Qubes. :wink:


Yes, I agree with you…
(People caring for Privacy without advanced experience )
But I think about the “the future of qubes” and “The concept of simplicity” I think we can see soon qubes is simple for all the people …
Why I say that ?
Some features in qubes are simple more than linux distribution (of course qubes depend on linux templates):

  • you can see how it’s simple to install qubes and update the templates.
    I don’t know if the aim of the developers of qubes wasto make it simple for the normal user.
  • I think the idea of qubes is “The Ultimate privacy” and “compartmentalization
  • To illustrate, when I say for the normal people I was thinking of the people who are caring of privacy and " don’t have a lot of experience with programing and linux "
    So I hope we could see qubes more simple for the "Normal User " in the future…

“Now You’re Thinking with Qubes”

The toughest concept for me to grasp was the bare metal virtual machines offered by Xen, and how beautifully Qubes built a collection of OS’s and VM’s to leverage them all, especially the chaining of VM’s providing networking services to other VM’s. Once I swallowed the pill, and made myself comfortable with it, I went hog wild.

I love lots of networking options, and this is where Qubes excels. As a linux junkie, I like renting VPS servers from various providers around the world, and using those servers for whatever I want. For $5/month each, they are dirt cheap, but gives me lots of great experience. I usually put a private VPN server on each one, to access it that way. Sometimes I’ll also install a tor entry-node server on it, to play around with tor. Most VPS providers don’t mind entry-node servers, they just don’t like exit nodes, so it’s not a problem.

I like to create a variety of networking options, frequently changing too, like:


then work/play VM’s to access each of those, easily changeable, like:


Qubes makes it so easy, that once you get used to it, the sky really is the limit. As new things pop up, like wireguard, I’ll play with those too.

As a rule, I don’t put anything sensitive or important on the laptop. It’s just for fun learning really. If it gets screwed up, I’ll just wipe the drive and start over.

I played around with “minimal” installs, minimal firewall, blah blah blah. In the end, it’s just not necessary, for me anyways. A Debian template and a Fedora template give you more than enough to handle almost anything. Sure, there are niche situations, and multiple templates can be necessary. We all do different things, which is another reason why Qubes is so great. The flexibility to do things so easily that other platforms do poorly, if at all, to me, is the greatest appeal.

Sorry I’m late to this thread. Couldn’t resist!


A post was split to a new topic: Why Use Minimal Templates?

A post was split to a new topic: Which one is more secure: sys-usb sys-net as sys-usb

Not sure if you’re logged into facebook or trying to view posts without an account, but if you’re logging into facebook, they have a .onion domain that you could use in whonix.

A post was split to a new topic: Qubes trick: 2-slot clipboard

Network interfaces are always assumed to be compromised, yes?

So is the benefit of this approach that it gives you the flexibility to chose the device, or is there a security benefit of isolating two network devices from each other?

Perhaps hypothetically if you had an external WiFi adapter that you used to connect to public wifi’s for sensitive journalistic uploads, and an ETH or onboard WiFi for home network, would having them separate prevent some kind of leak or some kind of log of useful data that your more trusted network device gained from its home connection that could be accessed or exported by your riskier external adapter device? This may be completely ridiculous just trying to understand any security gains from isolation here.

@Brainhack Can you tell me what the added security is of the setup you mentioned?


Did you have a look at my original post that @fiftyfourthparallel is refering to?

Maybe this can give you more ideas when such a separation might be useful.
What I wrote there is basically what we still use today.
Of course, with the whole pandemic situation our work has shifted to more home office in the last years, and this setup can handle such a situation perfectly fine.
When I am not in the office, I can connect “sys-firewall-lan” to a VPN Qube which then goes out through either sys-net-lan or sys-net-wlan, depending on whether or not I have an Ethernet cable connected. I am currently thinking about renaming the firewall VMs to “sys-firewall-trusted” and “sys-firewall-untrusted” to better reflect their versatility.

I think the most benefit of this setup can be drawn if you have a physical network setup that supports your segmentation approach, such as in our situation (see my post from 2020).

1 Like

I always recommend separating network devices to distinct qubes for this
There is some cost in convenience: if you are travelling and want to use
WiFi you may have to change a qube’s netvm if you want to be online.
This is no bad thing since it may make you think whether you really
need that qube to be online at all in this case.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.

Or you could use an intermediate routing-only VM between the appVMs and the netVMs.
This would allow to “swap” connections without restarting any VM and changing no VM setting in the manager.

To add to what everyone else is saying:

Don’t assume what is known is all that is out there; it’s a good way to get nasty surprises (hello Log4Shell). Keep the unknown unknowns in mind–especially when it comes to infosec. Risk management is the real name of the game.


Awesome :slight_smile:
Maybe this forum can be upgraded into the same mindset with disposable forum accounts!
Now we first have to create an email address, create a new forum account, wait for an email to be sent… before we can write a post. Very cumbersome.
It would be handier if we would have a choice: log into our non-disposable forum account, or log in as guest with a randomly assigned username, which becomes inactive after use. If that isn’t thinking with Qubes :smiley:

Other idea’s that would be handy :

adjustable titles for disposable qubes.
Now, if you have a dozen or more disposable qubes in use… things get consing… what disposable is run from what template and connected to what network? Now we have to open qubes manager and look at the numbers, for example:

  • disp4399 anon-whonix-dvm via sys-whonix
  • disp5028 whonix-ws-16-dvm via sys-whonix
  • disp544 debian-11-dvm via VPN1
  • disp6844 debian-11-dvm via VPN2

Maybe the titles of disposables can be changed in something like [disp# $templ $exit-node] $webpage-title Tor Browser
with $templ maybe something like:
$templ=d11 # for debian-11-dvm
$templ=d11min # for debian-11-minimal-dvm
$templ=fXX # for fedora-XX-dvm
$templ=anon # for anon-whonix-dvm
$templ=who # for whonix-ws-16-dvm
and $exit-node maybe a country-code, and ‘no-net’ for isolated disposables?

Extra colors
and maybe add extra colors… => 50 shades of red?
Now all disposables are the same kind of red… so are the other untrusted qubes

Being able to reboot a proxy-vm
now if we want to reboot a qube, for example a disposable [sys-VPN], we first have to disconnect everything that is connected to it before we are able to shut it down and/or reboot. I can see the point of this with a shutdown… but not so much with a reboot.
Like: sys-whonix hangs? Though luck as we have to change the network settings of each and every disposable qube we wanna keep using, reboot sys-whonix, then reconnect all those disposables again.

same as last suggestion but instead of rebooting the proxy-vm, first boot a new version of the (of course disposable) proxy-vm and replace the old proxy-vm with no network down time.

Yes, I love disposables! Best inventions ever!
I actually practice the same technique in my non-computer life: while working on a project, I’m 100% focused on the task. But as soon as the project is finished, it’s deleted from memory!
“Thinking with Qubes” = “living in the moment”
The only time is “now”, the only place is “here”. Time and locations are merely illusions…
The hubby/wife hates it though… “hey hon, how was your day?” => “hmmm… I don’t remember, project must have been finished…”

Awesome! You have my vote! (although disposable forum accounts don’t get to vote :p)


One solution is to create ‘fixed’ disposable qubes (or ‘fDisp’) for specific purposes. For example, a disp qube for opening PDFs might be called ‘disp-pdf’.

  1. Create a disposable VM based on the desired template (make sure ‘disposable template’ is checked in the GUI, or use the qvm-prefs command)
  2. Set that as the global default disposable template via the Global Settings menu, accessible via Qubes Manager
  3. In a dom0 terminal, type qvm-create -C DispVM -l red disp-pdf

disp-pdf is now accessible from the Qubes Manager and can be configured just like any regular qube. This is how disposable sys-qubes are usually set up.

Make sure the newly created fDisp is properly configured, then use that to open PDFs. Keep in mind that only one instance of this fDisp can be active AFAIK, but it shouldn’t be an issue with diligent window-closing (I highly recommend GitHub - tasket/Qubes-scripts: Scripts that help with administration and usage of Qubes OS halt-vm-by-window). If you need two open at the same time, repeat steps 2 and 3 but with disp-pdf2 instead.

Since you seem to have a fetish for disposables, much like I do, you too can indulge your wildest disposable fantasies by making using this simple three-step method.

This is pretty much how your computer should feel like when all is said and done:


Anyone have any creative applications for disposables?


That reminds me… I also love the “Shut down when idle for more than 15 minutes” checkbox for disposable proxyVM’s… but… how do I set that to 1 minute instead of 15? Or even 15 seconds (since proxyVM’s can’t be shut down if there’s still something connected to it (unless they add that feature)).

Not only for computers! One can increase their happiness level tremendously by de-cluttering the mind. Like for example: Always be your happy self! That way your friends will love you, stranger will want to hang out with you, and your enemies will be pissed off as they don’t understand why you are so happy and friendly after they kicked you in the guts last time.

I, for example, live a nomadic lifestyle. Some months I talk with 100+ random ppl daily, other periods I don’t see a soul for months. It’s always awkward when a stranger suddenly starts talking to you like “Hey [name], a couple months ago we had a deep philosophical conversation about X, and I was wondering how you would apply that to situation Y”, all while I’m trying to remember “have I met this stranger before?” :-p
Of course, when someone asks a favor, I quickly check the [Vault] in my brain, and

if [“no data” (as nothing worthy of holding a grudge over happened)]; then
I help that stranger as if they are my best friend… as - in that moment - they are :slight_smile:

Anyway… getting distracted again…
To stay in your theme: disposable forum accounts are like:
Collect call from-“I’m not giving my name to a machine!”

1 Like

Ninty two qubes, regularly using around 92% of them and still counting.

“Now I’m Thinking with Qubes”?

1 Like

I’m going to assume you are the person I replied to (@wdfqcnc).

How much work is it to make a disposable account for every message? Is it worth it?