My background in in hardware and software, and even I find some/many aspects of Qubes difficult. My setup is pretty basic, yet still I am struggling with some issues, like:
creating a desktop or toolbar shortcut to the 3 or 4 things I do regularly (firefox in public qube, emacs in private qube, etc). I know I can easily add shortcuts to the qube app menu, but they are hardly easier than drilling down to the specific qubes menu. Is there some facility to make it easy to put a shortcut on the desktop or taskbar instead? Ideally I’d like to right click on an item, right click and select Add to Desktop instead of Add to favorites.
I use a laptop, but with an external mouse. Any time the laptop suspends, such as when I close the lid, I have to reauthorize that it cam be attached to dom0. It is the same mouse each time - it would be nice if there was an option to trust it in the future.
is there any way to do a screen capture of part of the screen? The prt sc button does the entire screen.
is there any way to be able to select a URL in Firefox, e.g. from a link in ProtonMail, and have the URL open in a disposable qube?
I’ve been reading the docs trying to figure some of this out, but they don’t seem to reflect the menu structure in 4.2, which is adding some confusion. For example, the menu shown in How to use disposables | Qubes OS doesn’t match what I see in 4.2.
Qubes is impressive, and I am really trying to make it work for my daily usage, but it is a little harder than Windows of Linut Mint. Some of that is the nature of the security constraints it is enforcing, but others my be just due to its relative youth and user base size. I remember how hard it was setting up Slackware on a 486! Linux has certainly come a long way. Qubes has also, and I imagine some of the issues I am mentioning may improve over time.
I don’t want to switch to kde - I would prefer to find solutions that work in xfce since that is what is installed by default. I suspect other new users might feel the same way.
Can I change the policy for just mice (or ideally the single mouse I use) to allow? I do not want to generally mount USB peripherals without explicit permissions.
The doc link you sent me I had looked at, but was unable to map to the menus in 4.2.
Updating the docs that I am trying to use is a bit of a catch-22. I don’t know how to do something, so I consult the docs, which are not up to date, so I can’t figure out what to do to update the docs.
While I have used Git, it is a bit unreasonable to expect every user to have that knowledge. Updating docs, in my opinion, should also be the responsibility of the folk who made code changes that impacted them.
For your mail qube, you can (and should) configure opening all links in a Disposable by default. For that, I’m using xdg-settings set default-web-browser open-in-dispvm.desktop, where the latter works thanks to a newly cretated file .local/share/applications/open-in-dispvm.desktop, which acts as a browser and contains a command to start a new Disposable.
For Firefox, I usually copy the URL into the Qubes clipboard (ctrl+shift+c), open a new Disposable (alt+F3, type fed, enter), paste the URL in the newly opened Firefox (ctrl+shift+v, ctrl+v). Not too convenient, but also not too frequent, as all my browsing is already in a Disposable, so opening another one is not usually necessary.
I think my use case is a little too different. I use ProtonMail via their web portal, in my “public” browsing qube, so I wouldn’t want all links to open in a disposable, just ones I select that i judge suspicious. I wouldn’t want to run proton mail in a disposable since logging in would require me to copy a password from lastpass in a different qube, and enter 2fa every time I opened the disposable qube to read email.
Currently I do copy the suspicious URL to a disposable qube. I was just hoping to automate it a bit more. A Firefox Qubes plugin to do that would be cool, but not in my wheel house to write.
public - has internet access, no LAN access. I’ll use this for ALL trusted sites and activities: protonmail, evernote, amazon, zoom, youtube, lastpass, banking.
private - has no internet access, only LAN access. I use this to manage the NAS, and work on local documents.
untrusted - I recreated this as a disposable qube that inherits a firewall setting from the disposable template, blocking LAN access. Internet access is allowed. This is where I want to open any suspicious content. I can do that with file/clipboard copy, but I was looking to see if that could be simplified.
You’re indeed not supposed to edit that file; one of the reasons is that a future update could reverse your edit.
Instead, create a new file, e.g. 30-user.policy, where you put the same line, but with allow instead of ask. As it has a lower numerical suffix, it will be regarded as higher priority and no update will overwrite that file. This is also described in the docs.
Thanks for clarifying how to do this. I do want to point out that having to refer to a Developer Documentation section to change a simple mouse behavior preference definitely is not what I would call usability for a non-technical user.
I think the “dummy user way” (at least in Qubes4.2) is to use the new “Qubes OS Global Config” app, which in the section “USB devices” has a combobox where you can change the default “always ask” to “enable”, which “under the hood” will likely create that user policy file for you (or edit the other file, but in a way that is guaranteed to persist).
When using a new piece of software it’s often a good idea to look through the available config options in the “Settings” or any config apps to find out the standard (and easy) ways of modifying the system.