Conversation

Notices

1. Embed this notice
   Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 18:04:51 JST Solène :flan_hacker:

   My virtual machines topology on Qubes OS looks like this (without going too much in details)

   - 3 VM per client (web ui, development, administration) + 2 VM per VPN
   - 1 VM for my web browser (that resets every start)
   - 2 VM for emails (I use 2 emails providers)
   - 1 VM for each communication app (matrix, xmpp, whatever)
   - 1 VM for handling the audio device
   - 1 VM for the network device
   - 2 VM for each VPN (clients VPNs, home VPN, infra VPN...)
   - 1 VM offline for data storage
   - 1 VM offline for secret storage (ssh, gpg, password databases)
   - 1 VM for development
   - more or less 1 VM for each program I run from there :D

   I have 2 VMs per VPN as one holds the VPN and another one is holding the firewall rules under it, so if the VPN is compromised the rules below and upper will not be affected.

   below rules affect the VM using the VPN, upper rules affects the VM with the VPN to restrict it only to the VPN destination

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 18:18:49 JST Solène :flan_hacker:

     in reply to

     • Aloïs Cochard

     @alois I actually use one VM for browsing knowns and trusted websites. If I had to use weird websites I never used, I could spin a new disposable VM for the task

     there is a split-browser setup that allows using a web browser without exposing it to the network, but I did not try it yet.

   • Embed this notice
     Aloïs Cochard (alois@functional.cafe)'s status on Saturday, 16-Nov-2024 18:18:52 JST Aloïs Cochard

     in reply to

     @solene if you use one VM for each program you could as well use one VM for each browser tab, unless you trust your browser more than your OS?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 18:21:18 JST Solène :flan_hacker:

     in reply to

     • tanguyraton

     @tanguyraton why? This does not look very special to me

   • Embed this notice
     tanguyraton (tanguyraton@masto.bike)'s status on Saturday, 16-Nov-2024 18:21:20 JST tanguyraton

     in reply to

     @solene im impressed

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 18:24:51 JST Solène :flan_hacker:

     in reply to

     • tanguyraton

     @tanguyraton why? :flan_think:

   • Embed this notice
     Alvaro Munoz-Aycuens :pci: (alvaro@podcastindex.social)'s status on Saturday, 16-Nov-2024 18:24:56 JST Alvaro Munoz-Aycuens :pci:

     in reply to

     • tanguyraton

     @tanguyraton @solene me too 🤯

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 18:31:45 JST Solène :flan_hacker:

     in reply to

     • tanguyraton

     @tanguyraton the first day I tried Qubes OS, I formatted a few hours after as I failed to copy/paste a text between two qubes

     although, after trying some time later and taking the time to read the documentation (it's quite good in my opinion, although it does not really cover advanced subsystems), I have been able to use it fine :)

   • Embed this notice
     tanguyraton (tanguyraton@masto.bike)'s status on Saturday, 16-Nov-2024 18:31:46 JST tanguyraton

     in reply to

     @solene tbh, im impressed coz i tried to install qubes in 2018/2019 and failed to use it properly and found no tutorials

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 18:32:58 JST Solène :flan_hacker:

     in reply to

     • tanguyraton

     @tanguyraton people using a single computer for everything, including work, development, personal use :flan_nooo:

   • Embed this notice
     tanguyraton (tanguyraton@masto.bike)'s status on Saturday, 16-Nov-2024 18:32:59 JST tanguyraton

     in reply to

     @solene ahah then i'm curious about what looks very special to you

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 23:09:41 JST Solène :flan_hacker:

     in reply to

     • Joel Carnat ♑ 🤪 :runbsd:

     @joel there is a copy / move mechanism between qubes that goes through a xen channel

   • Embed this notice
     Joel Carnat ♑ 🤪 :runbsd: (joel@piou.foolbazar.eu)'s status on Saturday, 16-Nov-2024 23:09:42 JST Joel Carnat ♑ 🤪 :runbsd:

     in reply to

     @solene what is paranoia?
     #jeopardy 😆

     How do you transfer data from one to another? Using a dedicated directory and/or clipboard?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 23:25:48 JST Solène :flan_hacker:

     in reply to

     • Joel Carnat ♑ 🤪 :runbsd:

     @joel there is also a clipboard system to copy between qubes

     the file / clipboard systems are configured in qubes os, you can allow / forbid sources and destinations.

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Saturday, 16-Nov-2024 23:43:12 JST Solène :flan_hacker:

     in reply to

     • Joel Carnat ♑ 🤪 :runbsd:

     @joel yes, for instance my client qubes can not receive copy/paste from outside or exfiltrate data to the outside, but I can copy/paste between them

   • Embed this notice
     Joel Carnat ♑ 🤪 :runbsd: (joel@piou.foolbazar.eu)'s status on Saturday, 16-Nov-2024 23:43:13 JST Joel Carnat ♑ 🤪 :runbsd:

     in reply to

     @solene even clipboard usage can be allowed/forbidden between cubes in 1-to-1 configuration? That’s something other isolation tool don’t do AFAIK. Nice!

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Sunday, 17-Nov-2024 17:50:18 JST Solène :flan_hacker:

     in reply to

     • मोक्ष

     @moksh does this give some hints already https://bsd.network/@solene/113493999319891521 ?

     Qubes OS works with 8 GB of memory, but do not expect to open firefox in 3 qubes at the same time

     Although, depending on what one does on Qubes OS, 8 GB can be really enough, or not.

   • Embed this notice
     मोक्ष (moksh@ieji.de)'s status on Sunday, 17-Nov-2024 17:50:20 JST मोक्ष

     in reply to

     @solene can you deep dive or make a blog post about your setup and I assume this setup would require pretty capable machine not a average 8gig ram pc?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 18-Nov-2024 05:55:24 JST Solène :flan_hacker:

     in reply to

     • मोक्ष

     @moksh I quickly stop using Alpine as I didn't really like it :/

   • Embed this notice
     मोक्ष (moksh@ieji.de)'s status on Monday, 18-Nov-2024 05:55:25 JST मोक्ष

     in reply to

     @solene thanks, do you still use your alpine stateless setup or have moved to qubes?

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 25-Nov-2024 17:43:34 JST Solène :flan_hacker:

     in reply to

     • Ytrog

     @ytrog it has drawback and does not cover all use cases, but when you need the level of security offered, there is no alternative AFAIK

   • Embed this notice
     Ytrog (ytrog@mstdn.social)'s status on Monday, 25-Nov-2024 17:43:35 JST Ytrog

     in reply to

     @solene Qubes looks interesting, however it looks like it would be a bit heavy as a daily driver for my computer 👀