I should probably drink some coffee before writing this, but my heart doctor would not approve. So please feel free and fill in the blanks.
When I was running my mouth off before on the subject, I received some emails from Human Rights people. They spoke very highly of you, unman, Deeplow, and Insurgo (and the rest of the Heads development group.) There are a whole lot of other names which might be mentioned gratefully by Human Rights advocates. There was an individual who has been working on this, whose list name I forgot, I think most of that individuals work is on github.
When I posted before, I was both feeling my way, and wanted to not limit the discussion to my ideas. One of the issue is the one which those who talk about what third party software should be in which Qube, is how much information should be retained in that Qube. The programs, the ability to update, the ability to keep those updates.
Eventually, I wanted to adopt the a similar approach to that advocated by a Human Rights worker. Who wrote an article https://unredactedmagazine.com/issues/003.pdf#003-layout.indd%3A.36191%3A1470
He was advocating for beginners, to mostly use one Qube like it was a usual operating system. I think someone wrote a derivation install of Qubes that was likewise limited to just getting started mostly with one Qube.
The first Qubes, I have already described; Several easy to download and install, sys-net VPN. Which I think a newcomer needs immediately, before becoming knowledgeable in how to create such on his own. As little newcomer interaction needed as possible is the goal. But let us leave behind the idea, first we do the things the documentation tells the newcomer not to do. Open a Template to the Net. Modify dom0. If SALT can accomplish this without violating the security, Do not open a Template to the web. Do not modify dom0. I would prefer, do not use Terminal (FYI, I started with computers when their was no mouse. Text commands only.) Plus, Not a lot of extra reading documentation.
Next choice would be to create a Qube, (two versions, one is a stand alone, and a disp that reads from the stand alone.) with a lot of typical Operating System things. Browser. A browser already modified to use one of the better search engines. If Firefox, a lot of privacy, security addons already installed. Perhaps a wide open Browser, like Chromium. Calendar. Calculator. I want this Qube to be open to the internet. Here, in the disp of this, the individual gets information from the internet. Saves it to a directory. The goal being to prevent information from different work areas (projects) from able to interact with each other. New User should restart the disp of this Qube for each project. In some ways it needs to retain which programs are installed, and which settings are made for those.
EDIT: I was thinking this could be a “Stand Alone Qube,” Points back to standard Fedora xx Template. With another disp pointing back to the Stand Alone. But I am not technically knowledgeable enough to recognize the security nuances of this kind of arrangement.
Then that directory. it to another Qube, which is not open to the internet, with a lot of those things, plus Office software to read things. Without the risk of some kind of string, a link to out on the internet, being started. yes, there are times when it seems necessary to allow, an article to open a link to somewhere on the net. ??? Mostly this Qube stays open, to the user, never the internet. As information flows into, possibly decrypted/encrypted here, offline, and out of- a directory copied to back to a Qube, which is open to the internet. EDIT: Riffing here, this would be like a standalone pointing back at another standalone, not a Template. The Second Stand Alone (which is sometimes opened to the internet) , the second stand alone - which is pointing back at Fedora xx Template.
I feel sure someone will now point out: Hey you should use the Split Qubes to accomplish that separation. Is it intuitive for a newcomer to do that? I can’t say.??? I might worry that the split Qubes might require a lot of reading to use correctly. Split Qube might have -surprise- a security hole. I think those who have written the Split Qubes. Split pgp, and such will not have left a hole. Plus some software, like verifying gpg Keys from internet servers is obviously meant to be interactive. What I have suggested covers a lot of early-configuration issues (for a newcomer - not perfect - just better than nothing.) Is meant to eliminate all the times when some web page tries to install something when I go to a web page, whether I click on something or not.
In my case, I put my Passwords in the Password manager in Vault. I copy and paste Passwords out, to the Qube on the internet, as needed. My point being, it is obvious how it works. The separation, the security of a Qube to hold Passwords. Then used, as needed, temporarily, and the Qube where I used the password is shut down. Oh yes, now I am suggesting a Vault Qube with some things pre-installed. Which brings up the concept of these Qubes be kept in a different column that the ones provided by the original Qubes. Always be sure of what parts of the basic Qubes OS as/is provided by Developers. Sounds like a fourth column is a lot of extra trouble to keep up with.
A Qube which has all the current Qubes documentation, so a newcomer does not have to be online to read a -how to.
I would use a separate Qube(s) for doing things like video chat. Which is another Qube to download. But only a Video Chat software which is now considered somewhat safe. Also some kinds of, each in their own Qube, pre-installed Chat software. My goal being, I don’t want a newcomer to just install anything he just finds, and I am pretty sure newcomer will not spend hours reading privacy/security web pages as to what is never recommended to use.
Now I have more Qubes than I wanted to have. I guess I could have installed the Video Chat, and other quality chat programs in the main-open to the internet Qube, and the user should only do one thing at a time in such a Qube. Make starting that Qube more memory consuming. Since I almost never use Video Chat, I guess I don’t give it consideration. Wissam wrote about spending hours talking with someone who -was related to a Human Rights issue- and who was not technical.
I felt that no one would work much beyond the hypothesis phase of what to include, before 4.2 Final is out.
unman, you bring up good points. Every one feel free to pile onto criticizing my ideas. I blame my lack of coffee.