"Now You're Thinking with Qubes"

I’d say that this has absolutely wrong premise. Can you imagine a youngster first to be introduced to a modern car, telling him that it is not for young people because it has a lot of safety features he/she can’t use because the features are complicated?

You want to drive? Especially beginners should start with modern car with as much as possible safety features.
You want to compute? Especially beginners should start with as much as possible Qubes computer.

Using your logic, would you call people who drive cars without seat belts. airbags, ABS, all the working lights, without bumpers, shatter resistant glasses and without both side view mirrors - normal? Probaly no. And you are calling people who are using computers without even more safety features - normal. It just ain’t right to us using Qubes. :wink:

3 Likes

Yes, I agree with you…
(People caring for Privacy without advanced experience )
But I think about the “the future of qubes” and “The concept of simplicity” I think we can see soon qubes is simple for all the people …
Why I say that ?
Some features in qubes are simple more than linux distribution (of course qubes depend on linux templates):

  • you can see how it’s simple to install qubes and update the templates.
    I don’t know if the aim of the developers of qubes wasto make it simple for the normal user.
  • I think the idea of qubes is “The Ultimate privacy” and “compartmentalization
  • To illustrate, when I say for the normal people I was thinking of the people who are caring of privacy and " don’t have a lot of experience with programing and linux "
    So I hope we could see qubes more simple for the "Normal User " in the future…

“Now You’re Thinking with Qubes”

The toughest concept for me to grasp was the bare metal virtual machines offered by Xen, and how beautifully Qubes built a collection of OS’s and VM’s to leverage them all, especially the chaining of VM’s providing networking services to other VM’s. Once I swallowed the pill, and made myself comfortable with it, I went hog wild.

I love lots of networking options, and this is where Qubes excels. As a linux junkie, I like renting VPS servers from various providers around the world, and using those servers for whatever I want. For $5/month each, they are dirt cheap, but gives me lots of great experience. I usually put a private VPN server on each one, to access it that way. Sometimes I’ll also install a tor entry-node server on it, to play around with tor. Most VPS providers don’t mind entry-node servers, they just don’t like exit nodes, so it’s not a problem.

I like to create a variety of networking options, frequently changing too, like:

sys-net-eth
sys-net-wifi
sys-vpn-losangeles
sys-vpn-chicago
sys-vpn-tokyo
sys-vpn-amsterdam
sys-tor-vpn-losangeles
sys-tor-vpn-tokyo
sys-tor-vpn-amsterdam

then work/play VM’s to access each of those, easily changeable, like:

play-vpn-tokyo
play-tor-vpn-amsterdam
work-vpn-losangeles

Qubes makes it so easy, that once you get used to it, the sky really is the limit. As new things pop up, like wireguard, I’ll play with those too.

As a rule, I don’t put anything sensitive or important on the laptop. It’s just for fun learning really. If it gets screwed up, I’ll just wipe the drive and start over.

I played around with “minimal” installs, minimal firewall, blah blah blah. In the end, it’s just not necessary, for me anyways. A Debian template and a Fedora template give you more than enough to handle almost anything. Sure, there are niche situations, and multiple templates can be necessary. We all do different things, which is another reason why Qubes is so great. The flexibility to do things so easily that other platforms do poorly, if at all, to me, is the greatest appeal.

Sorry I’m late to this thread. Couldn’t resist!

2 Likes

A post was split to a new topic: Why Use Minimal Templates?

A post was split to a new topic: Which one is more secure: sys-usb sys-net as sys-usb

Not sure if you’re logged into facebook or trying to view posts without an account, but if you’re logging into facebook, they have a .onion domain that you could use in whonix.

A post was split to a new topic: Qubes trick: 2-slot clipboard

Network interfaces are always assumed to be compromised, yes?

So is the benefit of this approach that it gives you the flexibility to chose the device, or is there a security benefit of isolating two network devices from each other?

Perhaps hypothetically if you had an external WiFi adapter that you used to connect to public wifi’s for sensitive journalistic uploads, and an ETH or onboard WiFi for home network, would having them separate prevent some kind of leak or some kind of log of useful data that your more trusted network device gained from its home connection that could be accessed or exported by your riskier external adapter device? This may be completely ridiculous just trying to understand any security gains from isolation here.

@Brainhack Can you tell me what the added security is of the setup you mentioned?

Thanks.

Did you have a look at my original post that @fiftyfourthparallel is refering to?

Maybe this can give you more ideas when such a separation might be useful.
What I wrote there is basically what we still use today.
Of course, with the whole pandemic situation our work has shifted to more home office in the last years, and this setup can handle such a situation perfectly fine.
When I am not in the office, I can connect “sys-firewall-lan” to a VPN Qube which then goes out through either sys-net-lan or sys-net-wlan, depending on whether or not I have an Ethernet cable connected. I am currently thinking about renaming the firewall VMs to “sys-firewall-trusted” and “sys-firewall-untrusted” to better reflect their versatility.

I think the most benefit of this setup can be drawn if you have a physical network setup that supports your segmentation approach, such as in our situation (see my post from 2020).

1 Like

Yes.
I always recommend separating network devices to distinct qubes for this
reason.
There is some cost in convenience: if you are travelling and want to use
WiFi you may have to change a qube’s netvm if you want to be online.
This is no bad thing since it may make you think whether you really
need that qube to be online at all in this case.

I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
2 Likes

Or you could use an intermediate routing-only VM between the appVMs and the netVMs.
This would allow to “swap” connections without restarting any VM and changing no VM setting in the manager.

To add to what everyone else is saying:

Don’t assume what is known is all that is out there; it’s a good way to get nasty surprises (hello Log4Shell). Keep the unknown unknowns in mind–especially when it comes to infosec. Risk management is the real name of the game.

2 Likes

Awesome :slight_smile:
Maybe this forum can be upgraded into the same mindset with disposable forum accounts!
Now we first have to create an email address, create a new forum account, wait for an email to be sent… before we can write a post. Very cumbersome.
It would be handier if we would have a choice: log into our non-disposable forum account, or log in as guest with a randomly assigned username, which becomes inactive after use. If that isn’t thinking with Qubes :smiley:

Other idea’s that would be handy :

adjustable titles for disposable qubes.
Now, if you have a dozen or more disposable qubes in use… things get consing… what disposable is run from what template and connected to what network? Now we have to open qubes manager and look at the numbers, for example:

  • disp4399 anon-whonix-dvm via sys-whonix
  • disp5028 whonix-ws-16-dvm via sys-whonix
  • disp544 debian-11-dvm via VPN1
  • disp6844 debian-11-dvm via VPN2

Maybe the titles of disposables can be changed in something like [disp# $templ $exit-node] $webpage-title Tor Browser
with $templ maybe something like:
$templ=d11 # for debian-11-dvm
$templ=d11min # for debian-11-minimal-dvm
$templ=fXX # for fedora-XX-dvm
$templ=anon # for anon-whonix-dvm
$templ=who # for whonix-ws-16-dvm
and $exit-node maybe a country-code, and ‘no-net’ for isolated disposables?

Extra colors
and maybe add extra colors… => 50 shades of red?
Now all disposables are the same kind of red… so are the other untrusted qubes

Being able to reboot a proxy-vm
now if we want to reboot a qube, for example a disposable [sys-VPN], we first have to disconnect everything that is connected to it before we are able to shut it down and/or reboot. I can see the point of this with a shutdown… but not so much with a reboot.
Like: sys-whonix hangs? Though luck as we have to change the network settings of each and every disposable qube we wanna keep using, reboot sys-whonix, then reconnect all those disposables again.

bonus
same as last suggestion but instead of rebooting the proxy-vm, first boot a new version of the (of course disposable) proxy-vm and replace the old proxy-vm with no network down time.

Yes, I love disposables! Best inventions ever!
I actually practice the same technique in my non-computer life: while working on a project, I’m 100% focused on the task. But as soon as the project is finished, it’s deleted from memory!
“Thinking with Qubes” = “living in the moment”
The only time is “now”, the only place is “here”. Time and locations are merely illusions…
The hubby/wife hates it though… “hey hon, how was your day?” => “hmmm… I don’t remember, project must have been finished…”

Awesome! You have my vote! (although disposable forum accounts don’t get to vote :p)

3 Likes

One solution is to create ‘fixed’ disposable qubes (or ‘fDisp’) for specific purposes. For example, a disp qube for opening PDFs might be called ‘disp-pdf’.

  1. Create a disposable VM based on the desired template (make sure ‘disposable template’ is checked in the GUI, or use the qvm-prefs command)
  2. Set that as the global default disposable template via the Global Settings menu, accessible via Qubes Manager
  3. In a dom0 terminal, type qvm-create -C DispVM -l red disp-pdf

disp-pdf is now accessible from the Qubes Manager and can be configured just like any regular qube. This is how disposable sys-qubes are usually set up.

Make sure the newly created fDisp is properly configured, then use that to open PDFs. Keep in mind that only one instance of this fDisp can be active AFAIK, but it shouldn’t be an issue with diligent window-closing (I highly recommend GitHub - tasket/Qubes-scripts: Scripts that help with administration and usage of Qubes OS halt-vm-by-window). If you need two open at the same time, repeat steps 2 and 3 but with disp-pdf2 instead.

Since you seem to have a fetish for disposables, much like I do, you too can indulge your wildest disposable fantasies by making using this simple three-step method.

This is pretty much how your computer should feel like when all is said and done:

206

Anyone have any creative applications for disposables?

2 Likes

That reminds me… I also love the “Shut down when idle for more than 15 minutes” checkbox for disposable proxyVM’s… but… how do I set that to 1 minute instead of 15? Or even 15 seconds (since proxyVM’s can’t be shut down if there’s still something connected to it (unless they add that feature)).

Not only for computers! One can increase their happiness level tremendously by de-cluttering the mind. Like for example: Always be your happy self! That way your friends will love you, stranger will want to hang out with you, and your enemies will be pissed off as they don’t understand why you are so happy and friendly after they kicked you in the guts last time.

I, for example, live a nomadic lifestyle. Some months I talk with 100+ random ppl daily, other periods I don’t see a soul for months. It’s always awkward when a stranger suddenly starts talking to you like “Hey [name], a couple months ago we had a deep philosophical conversation about X, and I was wondering how you would apply that to situation Y”, all while I’m trying to remember “have I met this stranger before?” :-p
Of course, when someone asks a favor, I quickly check the [Vault] in my brain, and

if [“no data” (as nothing worthy of holding a grudge over happened)]; then
I help that stranger as if they are my best friend… as - in that moment - they are :slight_smile:
fi

Anyway… getting distracted again…
To stay in your theme: disposable forum accounts are like:
Collect call from-“I’m not giving my name to a machine!”

1 Like

Ninty two qubes, regularly using around 92% of them and still counting.

“Now I’m Thinking with Qubes”?

1 Like

I’m going to assume you are the person I replied to (@wdfqcnc).

How much work is it to make a disposable account for every message? Is it worth it?

try it for yourself
open a disposable whonix-ws
type in forum.qubes-os.org
press [ctrl]+tab
type in guerrilla mail
From now on, work parallel, while you browse the forum, click on the first link in duckduckgo, which is https://www.guerrillamail.com/
guerrillamail automagically gives a random account, in this case xpmjoveh @sharklasers.com
then create new account on this forum
copy/paste email
as username and name I just select the text before the @ and press middle-mouse-button twice
as password fill in whatever
then wait for an email to arrive. But you don’t have to wait as in the meantime you can do other stuff, like open a mousepad and start writing your forum-post :wink:
When email arrives, click a link, and another link.

Is this cumbersome? Sure. But if you use the same account with a decent password, like one generated by < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo; for example, then I’m not even going to try to remember that… so in that case I have to boot [vault] to open my logins/passwords file, then [shift]copy/[shift]paste it, which is almost equall cumbersome…

Maybe there’s a better/automated way to manage passwords cross-qubes, but I haven’t looked into that yet :-/

Or use a simple, easy to remember password that is easily compromised… but then what is the point of having an account if it’s not secure? (or - God forbid - use the same password as you use on other websites)

dunno, that’s a personal question. To me it’s like second nature…, so to me it is.

I would encourage everyone to use the same method as that would increase both your and my anonymity :wink: :-p
The down side is of course that we can’t build up a reputation, but I’m not ruled by my ego, so that’s fine.
Also, anyone who knows the email address you used can easily change your post using “I forgot my password”. (Have fun changing this post :-p )

1 Like

I find this to be a very fast process, personally. I love Keepassxc in vault. Signing up for a new account with guerilla mail each time to post seems a lot less convenient. And then you have the issue of returning to threads etc.

And do you manually pause all qubes connected via via to sys-net, and then manually unpause them again after you’ve closed [Vault]?

Manually pausing all qubes just to “safely” copy/past a forum-account-password sounds way more inconvenient than simply making a new account :-p
Hehehe, of course out treat model is not as severe that we have to worry about that of course… but yeah… security or convenience… that’s what my windows-friends tell me too whenever I talk about Linux… they prefer the convenience of windows, lol, and then I didn’t even mention qubes :-p

Oh, this for sure! I’m 100% with you on this one :slight_smile: