I know it should be considered as a security whole, however, I use my Qubes installation as main OS, for almost everything.
I’ll have remote course where my teacher needs access to my computer using great, open-source DWService.
So I have to set up a qube where I’d install DWAgent which will allow externally to use apps from qube, of course mouse and keyboard interaction is needed.
Current state:
Debain-10 based qube (of course in new, separated template)
DWAgent installed and running
Almost there. Mouse is able to move, select, left/right click. Unfortunately keyboard doesn’t work.
From the security site it’s interesting topic too, as we may need to protect from every external input, especially this kind.
But I think the above-linked is probably for full computer control. What you would want in that situation is at most give access to one VM, which could be the case with the DWService you mention (haven’t looked into it yet).
Interesting. My assumptions would be that the mouse would be the trickiest part.
I mean, I can understand if you’re doing an exam, similar to the concept of anti-cheat software for gaming, but fullaccess…? That’s a bit much…
I hope you passed this course with flying colours
———
I use qubes-remote-support for work machines. It proves very useful when someone borks their machine and cannot describe (not rectify) what they’ve actually done.
No, it’s not. The scripts are solid, but they were written for Whonix 15, and we needed to do a bit of tweaking to get them to work with Whonix 16. We also added a function to be able to specify the dom0 user name (just in case it isn’t user).
For the most part, it works fairly well, albeit with noticeable latency (it uses Tor), but so far it’s been very useful.
Will be submitting a merge request, so hopefully these tweaks benefit others.
Yes. I wouldn’t be giving anyone you don’t fully trust access to your Qubes OS machine with qubes-remote-support. It’s more of a tool for “help, I’ve borked my machine and don’t know how to fix it, please help!”
I completely agree, but it is really helpful when you’re trying to teach someone how to use Qubes OS if they know they have a “rescue button”. It seems to put their mind at ease a little more than “If you forget your LUKS password, your files are gone, I cannot recover them, nobody can…”
What, I didn’t fully understand the use-case originally, but if this is the case, screw it. Professors should never have access to student’s devices. Even if for exams. If this is the case, I suggest a student boycott, protests, etc. and upscaling this to data protection authorities of your country (if that exists). Utterly unacceptable…
If you don’t have time to coordinate a boycott, give your professor access to a qube. It should work like normal. The only difference is that they’ll see some white margins around apps. But they’ll only see that qube’s application windows. Using the great power of Qubes do to single-user boycott.