File syncing between Qubes
Michael Haynes
The following question is likely to raise some eyebrows, given
that the point of using Qubes is to achieve security through
domain isolation. Thus, I'll start with a brief summary of the
context to indicate why I'm interested in this topic--the actual
question is printed in bold below. I should also
apologize at the outset for any stupidity in this question--I'm
pretty new at Qubes, and also at networking (e.g., I've never
setup a server of any kind before).
Here's the background: I use Joplin, a markdown editor and
notetaker, to manage daily notes / TODO's / journal entries / many
other things. In particular, when I encounter a website or
article I'd like to stash for later reading or reference, I use
Joplin's build-in "web clipper" extension on Firefox to save a MD
version of the page to a Joplin notebook. Unfortunately, since I
tend to do most of my journaling and personal work in a
network-isolated VM, while web clippings end up in notebooks on
networked VMs, I currently have a bunch of fragmentary Joplin
notebooks scattered across several VMs. I could manually pass
clippings between qubes using qvm-copy, but that's painfully
repetitive and kind of defeats the time-saving purpose of an app
like Joplin.
One of the nice things about Joplin is that it offers a number of
ways to cloud-sync notebooks across devices (similar to Evernote,
but without the proprietary software / file formats). This got me
wondering:
Question: Is there a simple way to setup a dedicated "server"
VM using WebDAV to allow qubes to [automatically /
periodically] exchange encrypted data even without Internet
access? If so, what are the security implications of doing
this? If not, what are some alternative ways of automating data
transfers between qubes?
Thanks in advance for any help.
~~Mike
awokd
> *Question: Is there a simple way to setup a dedicated "server" VM*
> *using WebDAV to allow qubes to [automatically / periodically] exchange
> security implications of doing this? If not, what are some alternative
> ways of automating data transfers between qubes?
Not really a simple way to do it, because like you said, the point of
Qubes is isolation. However, Qubes does have a mechanism (Qubes RPC) to
transfer data between qubes. Look into split-gpg or
https://github.com/freedomofpress/securedrop-proxy, for example. I don't
know if that mechanism could be adapted for your use case. There are
several security implications common to browser extensions in general:
- As an extension, it may have access to your browser history among
other browser contents. Some extensions have been found surreptitiously
phoning home that data.
- Some extensions can uniquely mark your requests, so web browsing
across different qubes could be linked.
- Probably more I'm not thinking of.
Simplest approach might be to only have one Joplin enabled web browser,
then copy & paste links you want to keep to it from browsers in other
qubes. You could then script a qvm-copy to run periodically, or develop
something with qubes-rpc to make it available to other qubes.
--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots
799
This got me wondering:
Question: Is there a simple way to setup a dedicated "server" VM using WebDAV to allow qubes to [automatically / periodically] exchange encrypted data even without Internet access? If so, what are the security implications of doing this? If not, what are some alternative ways of automating data transfers between qubes?