idea about tips section in Qubes OS website
43 views
Skip to first unread message
Matteo
Mar 10, 2017, 1:25:42 PM3/10/17
to qubes...@googlegroups.com
i saw some tips for Qubes in internet, they doesn't require implementing
new things or be a programmer but they are useful.
so i was thinking about adding a section in the website where people can
share their tips that helps to increase security or usability.
maybe you could make it "approve before publish" so only good and
verified stuff end up there.
some examples are:
https://twitter.com/rootkovska/status/832571372085850112
Useful trick: start Windows template VM (which has no user data),
install/upgrade apps; then start Windows AppVM (w/ data) in offline
mode. So, if you worry (hypothetically) that your Windows or app updater
might want to send your data away, this QubesOS trick will prevent this.
this should be obvious given the nature of Qubes but i realized it only
after Rutkovska said it.
or this one:
https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
which is useful to prevent mistakes like clicking links in email VM and
also increase the security
(i have done that in a simpler way: chmod -x on firefox in bash.rc)
i'm sure there are many more but i want to keep this short
what do you all think?
i would also like to say thanks to everyone involved in Qubes and to
GsOC students for their effort and interest
new things or be a programmer but they are useful.
so i was thinking about adding a section in the website where people can
share their tips that helps to increase security or usability.
maybe you could make it "approve before publish" so only good and
verified stuff end up there.
some examples are:
https://twitter.com/rootkovska/status/832571372085850112
Useful trick: start Windows template VM (which has no user data),
install/upgrade apps; then start Windows AppVM (w/ data) in offline
mode. So, if you worry (hypothetically) that your Windows or app updater
might want to send your data away, this QubesOS trick will prevent this.
this should be obvious given the nature of Qubes but i realized it only
after Rutkovska said it.
or this one:
https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
which is useful to prevent mistakes like clicking links in email VM and
also increase the security
(i have done that in a simpler way: chmod -x on firefox in bash.rc)
i'm sure there are many more but i want to keep this short
what do you all think?
i would also like to say thanks to everyone involved in Qubes and to
GsOC students for their effort and interest
Andrew David Wong
Mar 10, 2017, 1:59:44 PM3/10/17
to Matteo, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2017-03-10 10:25, Matteo wrote:
> i saw some tips for Qubes in internet, they doesn't require
> implementing new things or be a programmer but they are useful. so
> i was thinking about adding a section in the website where people
> can share their tips that helps to increase security or usability.
> maybe you could make it "approve before publish" so only good and
> verified stuff end up there.
>
That's already how all the documentation (and, indeed, all the website
content) works. :)
https://www.qubes-os.org/doc/doc-guidelines/
> some examples are:
> https://twitter.com/rootkovska/status/832571372085850112 Useful
> trick: start Windows template VM (which has no user data),
> install/upgrade apps; then start Windows AppVM (w/ data) in
> offline mode. So, if you worry (hypothetically) that your Windows
> or app updater might want to send your data away, this QubesOS
> trick will prevent this.
>
This probably applies to any TemplateBasedVM relative to its parent
TemplateVM, but the privacy risk is especially high in the case of
Windows.
> this should be obvious given the nature of Qubes but i realized it
> only after Rutkovska said it.
>
> or this one:
> https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
>
> which is useful to prevent mistakes like clicking links in email VM and
> also increase the security (i have done that in a simpler way:
> chmod -x on firefox in bash.rc)
>
> i'm sure there are many more but i want to keep this short what do
> you all think?
>
Sure, we can have a "Tips and Tricks" page, similar to "Security
Guidelines" (but for non-security things):
https://www.qubes-os.org/doc/security-guidelines/
It's still generally better to have the "tip" on an specific existing
page devoted to a certain topic, but for tips that don't belong on any
particular page, having a general collection of them is still useful.
Here's the page. Please feel free to submit PRs against it:
https://www.qubes-os.org/doc/tips-and-tricks/
> i would also like to say thanks to everyone involved in Qubes and
> to GsOC students for their effort and interest
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYwveNAAoJENtN07w5UDAwiYAQAI5HuRF33/1dFhhdtKZ9QElf
AG4e0v+vZblo+BydwUpLqgnQXhbxyQBC/qxY/IBAGpMGY6sk+O6Hw8CTT3J5cgj7
9qdoJuG07z7Bbv6JqovcI3q7/POXL0mN5YaO7AmreU3aXND5WuiLF/fTRC+OGs6c
xTMuw+nqkSV/CWTK2c+Faqg3c3GYKpZL8VfhyQvnSYg5SSxoRXaqOwo8/4zaOS2F
hsl4uxojBqRYVazOW0B/0B/AvOP2tkvoGZz89WpmfoV7yAa60L9iUTDZ+pz0FZoY
tZuRhRXk+7LhikbqLFLQbXyXAexl1JKa2NPrbJmUvHzG6JGuU+2NAnpCQ4FGKWdC
tZW18rAVb+zsH2Xo68IqUwa5TySFc6VbN4AFxmM7dOeszdAxayrqfhvN/GR5kIvb
m20Kwa3t59oM1z9bhRkStIQfkgm69uE1YtsRtGak72Npbr1MJw6KshP3Mz/qSC5Q
dKibfdUvDtO97ooc1qrk1gxQ8fLNd2PUVgCDx9gF+i2yZpRHCKpTKhoBy0gDPeCI
BUEuPVPmeH6EHM9K3TvOjdFFbjDzw5Tsit+5i86KWyfInRFyFzPPA0LfXT03o1xe
s1SSD0Bj0bos6q4neroEE5r6E1dnOQHgTJVt4h7ktQmWwwe69SXIFIaDyNnqpDU7
tB7WofiSfqydDEFxODw8
=0y34
-----END PGP SIGNATURE-----
Hash: SHA512
On 2017-03-10 10:25, Matteo wrote:
> i saw some tips for Qubes in internet, they doesn't require
> implementing new things or be a programmer but they are useful. so
> i was thinking about adding a section in the website where people
> can share their tips that helps to increase security or usability.
> maybe you could make it "approve before publish" so only good and
> verified stuff end up there.
>
content) works. :)
https://www.qubes-os.org/doc/doc-guidelines/
> some examples are:
> https://twitter.com/rootkovska/status/832571372085850112 Useful
> trick: start Windows template VM (which has no user data),
> install/upgrade apps; then start Windows AppVM (w/ data) in
> offline mode. So, if you worry (hypothetically) that your Windows
> or app updater might want to send your data away, this QubesOS
> trick will prevent this.
>
TemplateVM, but the privacy risk is especially high in the case of
Windows.
> this should be obvious given the nature of Qubes but i realized it
> only after Rutkovska said it.
>
> or this one:
> https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/
>
> which is useful to prevent mistakes like clicking links in email VM and
> also increase the security (i have done that in a simpler way:
> chmod -x on firefox in bash.rc)
>
> i'm sure there are many more but i want to keep this short what do
> you all think?
>
Guidelines" (but for non-security things):
https://www.qubes-os.org/doc/security-guidelines/
It's still generally better to have the "tip" on an specific existing
page devoted to a certain topic, but for tips that don't belong on any
particular page, having a general collection of them is still useful.
Here's the page. Please feel free to submit PRs against it:
https://www.qubes-os.org/doc/tips-and-tricks/
> i would also like to say thanks to everyone involved in Qubes and
> to GsOC students for their effort and interest
>
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYwveNAAoJENtN07w5UDAwiYAQAI5HuRF33/1dFhhdtKZ9QElf
AG4e0v+vZblo+BydwUpLqgnQXhbxyQBC/qxY/IBAGpMGY6sk+O6Hw8CTT3J5cgj7
9qdoJuG07z7Bbv6JqovcI3q7/POXL0mN5YaO7AmreU3aXND5WuiLF/fTRC+OGs6c
xTMuw+nqkSV/CWTK2c+Faqg3c3GYKpZL8VfhyQvnSYg5SSxoRXaqOwo8/4zaOS2F
hsl4uxojBqRYVazOW0B/0B/AvOP2tkvoGZz89WpmfoV7yAa60L9iUTDZ+pz0FZoY
tZuRhRXk+7LhikbqLFLQbXyXAexl1JKa2NPrbJmUvHzG6JGuU+2NAnpCQ4FGKWdC
tZW18rAVb+zsH2Xo68IqUwa5TySFc6VbN4AFxmM7dOeszdAxayrqfhvN/GR5kIvb
m20Kwa3t59oM1z9bhRkStIQfkgm69uE1YtsRtGak72Npbr1MJw6KshP3Mz/qSC5Q
dKibfdUvDtO97ooc1qrk1gxQ8fLNd2PUVgCDx9gF+i2yZpRHCKpTKhoBy0gDPeCI
BUEuPVPmeH6EHM9K3TvOjdFFbjDzw5Tsit+5i86KWyfInRFyFzPPA0LfXT03o1xe
s1SSD0Bj0bos6q4neroEE5r6E1dnOQHgTJVt4h7ktQmWwwe69SXIFIaDyNnqpDU7
tB7WofiSfqydDEFxODw8
=0y34
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages