Qubes feedback

content/posts/qubes/index.md

@@ -26,23 +26,36 @@ Qubes OS is not quite another version of Linux. Rather, it is based on many "[vi
 
 What is a virtual machine? [Virtualization](/glossary/#virtualization) is the process of running a virtual computer *inside* your computer. The virtual machine thinks it's a computer running on real hardware, but really it's running on abstracted hardware (software imitating hardware). Qubes OS uses a special program called a hypervisor to manage and run many of these virtual machines at once, on the same physical computer. To simplify things, virtual machines are referred to as qubes. Different operating systems like Debian, Whonix, Fedora, Windows, etc. can all run together simultaneously. The hypervisor strongly isolates each of the qubes from one another. 
 
-At the risk of overwhelming you, here is an overview of how Qubes OS is structured. Each rectangle represents a qube (that is, a virtual machine). Let's break it down.  
+![desktop](r4.0-xfce.png)
 
-![Qubes Architecture](qubes-arch.png)
+At the risk of overwhelming you, here is an overview of how Qubes OS is structured. You don't need to memorize any of this to actually use Qubes OS, it can just be helpful to understand the outline of the system before getting started. Each rectangle represents a qube (that is, a virtual machine). Let's break it down.  
+
+#### General Usage 
+
+![Qubes Architecture](qubes-general.png)
 
-* **Admin qube**. This graphic uses the old naming convention (AdminVM). This is the small, isolated and trusted qube that manages the other qubes. It is very protected because if it's compromised, it's game over. It uses a technology called Xen as the hypervisor. It is also named dom0, which is a Xen naming convention. The Admin qube has no network connectivity and is only used for running the [desktop environment](https://en.wikipedia.org/wiki/Desktop_environment) and [window manager](https://en.wikipedia.org/wiki/Window_manager). 
 
 * **App qubes**. There are three in this example. #1 is running the Debian operating system, #2 is running Fedora, and #3 is running Whonix. App qubes are where you run applications, store files, and do your work. You can have many isolated App qubes for different activities or purposes. Each App qube is like an entire self-contained operating system. 
 
-* **Template qubes**. These are where applications and operating system files live. Templates are where you install and update software. Every App qube is based on a Template qube, but the Template is "read only" from the App qube's perspective. This means that the more sensitive system files are additionally protected from whatever happens in an App qube - they are not preserved between restarts of an App qube. Multiple App qubes can be based on a single Template, which has the convenient feature that updating a Template will provide updates to all App qubes based on this Template.
 
 * **Service qubes**. Sys qubes (as in *system*) connect to the Internet and devices. **sys-usb** manages attached USB devices, so that they are only attached to a qube with your consent. **sys-net** is similar to sys-usb, for network devices. **sys-firewall** is firewall control for all qubes connected to the Internet, and is in a separate qube so that if sys-net is compromised the firewall rules can't be trivially modified. Note that qubes never connect to sys-net directly, but always through sys-firewall. **sys-whonix** forces all network traffic through Tor, and itself connects to the firewall.   
 
-You'll notice that App qube #1 is connected to the Internet, App qube #2 is offline, while App qube #3 is connected to the Internet over Tor and is Disposable. Note that Whonix is actually two qubes: the workstation (App qube #3) and the gateway (sys-whonix). This has the security property that if the workstation is compromised, the gateway (where Tor is running) is not. Another security feature of the Qubes OS structure is that the App qubes don't have direct access to the hardware - only the Admin qube can directly access the hard drive and only Service qubes can directly access the networking, USB, microphone and camera hardware. 
+You'll notice that App qube #1 is connected to the Internet, App qube #2 is offline, while App qube #3 is connected to the Internet over Tor and is Disposable. Note that Whonix is actually two qubes: the workstation (App qube #3) and the gateway (sys-whonix). This has the security property that if the workstation is compromised, the gateway (where Tor is running) is not. 
 
-A Disposable qube is a type of App qube that self-destructs when its originating window closes - after shutdown it reverts back to the Template. Note that while Tails exclusively uses memory (if the Persistent Storage feature is not enabled), Qubes OS uses the hard drive so forensic traces are still possible when using a Disposable. 
+A Disposable qube is a type of App qube that self-destructs when its originating window closes. Note that while Tails exclusively uses memory (if the Persistent Storage feature is not enabled), Qubes OS uses the hard drive so forensic traces are still possible when using a Disposable. 
 
-You don't need to memorize any of this to actually use Qubes OS, it can just be helpful to understand the outline of the system before getting started. 
+
+#### Management Qubes 
+
+![Qubes Architecture](qubes-arch.png)
+
+We now see the whole picture - two new components are introduced:
+
+* **Admin qube**. This is the small, isolated and trusted qube that manages the other qubes. It is very protected because if it's compromised, it's game over. It uses a technology called Xen as the hypervisor. It is also named dom0, which is a Xen naming convention. The Admin qube has no network connectivity and is only used for running the [desktop environment](https://en.wikipedia.org/wiki/Desktop_environment) and [window manager](https://en.wikipedia.org/wiki/Window_manager). 
+
+* **Template qubes**. These are where applications and operating system files live. Templates are where you install and update software. Every App qube is based on a Template qube, but the Template is "read only" from the App qube's perspective. This means that the more sensitive system files are additionally protected from whatever happens in an App qube - they are not preserved between restarts of an App qube. Multiple App qubes can be based on a single Template, which has the convenient feature that updating a Template will provide updates to all App qubes based on this Template.
+
+Another security feature of the Qubes OS structure is that the App qubes don't have direct access to the hardware - only the Admin qube can directly access the hard drive and only Service qubes can directly access the networking, USB, microphone and camera hardware. 
 
 # When to Use Tails vs Qubes OS
 Qubes includes Whonix by default for when you need to force all connections through Tor. As [Privacy Guides](https://www.privacyguides.org/desktop/#anonymity-focused-distributions) compares (emphasis added):
@@ -75,7 +88,7 @@ The [installation guide](https://www.qubes-os.org/doc/installation-guide/) will
 In the post-installation:
 * Tick the checkmark for Whonix qubes, as well as for updates to happen over Tor.
 
-* The post-installation also gives the option of using the Debian Template for all sys qubes (the default is Fedora). Whether you opt to use Debian or Fedora for qubes that don't require Tor is your decision. Privacy Guides [makes the argument](https://www.privacyguides.org/os/linux-overview/#choosing-your-distribution) that the Fedora software model (semi-rolling release) is more secure than the Debian software model (frozen).
+* The post-installation gives the option of installing exclusively Debian or Fedora Templates (instead of both), as well as using the Debian Template for all sys qubes (the default is Fedora). Whether you opt to use Debian or Fedora for qubes that don't require Tor is your decision. Privacy Guides [makes the argument](https://www.privacyguides.org/os/linux-overview/#choosing-your-distribution) that the Fedora software model (semi-rolling release) is more secure than the Debian software model (frozen), yet also recommends [Kicksecure](https://www.privacyguides.org/en/os/linux-overview/#kicksecure) (which is based on Debian). See [Best Practices](#best-practices) for further discussion of this configuration choice. 
 
 * Make sys-net disposable if you will be using an Ethernet connection (or don't mind entering the Wi-Fi password upon boot).
 
@@ -111,6 +124,13 @@ From the [docs](https://www.qubes-os.org/doc/how-to-copy-and-move-files/):
 >
 >4. If you wish, you may now move the file in the target qube to a different directory and delete the /home/user/QubesIncoming/ directory when no longer needed.
 
+# How to Shutdown Qubes 
+![domains](r4.1-widgets.png)
+
+Click on the Domains widget to see which Qubes are currently running, as well as how much memory (RAM) and computing power (CPU) they are using. Each qube uses memory, so when you are done with a qube you should shut it down to free up the memory it is using. Closing windows is not enough - you need to shut each qube down manually when it's no longer needed. 
+
+![shutdown](shutdown.png)
+
 # How to Install Software
 While Tails [has a Graphical User Interface](https://tails.boum.org/doc/persistent_storage/additional_software/index.en.html) for installing any additional software, at this time Qubes OS does not, so new software must be installed from the command line. If unfamilar with either the command line or how software works in Linux, check out [Linux Essentials](/posts/linux/) to get acquainted. For choosing what additional software to install, keep in mind that an application being [open-source](/glossary/#open-source) is an essential criteria, but is insufficient to be considered secure. The list of [included software for Tails](https://tails.boum.org/doc/about/features/index.en.html#index1h1) will cover many of your needs with reputable choices. 
 
@@ -184,6 +204,8 @@ It's possible to just use the system as it is now, but let's show you how to cre
 
 If you want your qubes that are not using Tor to be forced through a VPN, this is the easiest way to set that up. 
 
+By default, App qubes only have 2 GB of private storage. This small amount will fill up quickly - if an App qube is close to filling up, the Disk Space Monitor widget will have a notification. To increase the private storage size of any given qube, in the qubes' **Settings > Basic** tab, change "Private storage max size". This storage won't be used immediately, it is just the max that can be used by that qube. 
+
 # How to Use Disposables 
 Disposables can be launched from the Applications menu; the disposable will be at the top, and the disposable Template near the bottom. For example, to use a disposable Tor Browser, go to **Application Menu > Disposable: whonix-16-ws-dvm > Tor Browser**. This is how you do all Tor browsing. If you launch a disposable application, but then want to access the file manager for the same disposable qube, this can be accomplished from the Qubes Domains widget, in the top-right corner of the interface. If you were to simply select "Files" from the Applications menu, this would start yet another disposable. 
 
@@ -203,7 +225,9 @@ If your file is opening in a different application than what you require, you'll
 6. Delete the file from the disposable Template (don't forget to empty the trash).  
 7. Shut down the disposable Template for the change to take effect. 
 
-For PDF files, right-clicking will also give the option **Convert To Trusted PDF**. This will sanitize the PDF file so that it can go from being untrusted to trusted. This is achieved by it being converted into images in a disposable, and then OCR to make highlighting text possible again.
+For PDF files, right-clicking will also give the option **Convert To Trusted PDF**. This will sanitize the PDF file so that it can go from being untrusted to trusted. This is achieved by it being converted into images in a disposable, and cleaning the metadata. 
+
+Particular types of files in an App qube can be set to be opened in a disposable by default. For example, if I always want to open PDF files in a disposable, I would implement [this guide](https://forum.qubes-os.org/t/opening-all-files-in-disposable-qube/4674), and only include the line `application/pdf=open-in-dvm.desktop;` in `.local/share/applications/mimeapps.list`. This is not failsafe as some files may end in `.pdf` but in reality be something else, which is where the guide's approach of opening all files in a disposable is useful. 
 
 # How to Use Devices (like USBs) 
 To learn how to attach devices, we will format the empty USB or hard drive you will be using for backups. The USB will be attached to an offline disposable to mitigate against [BadUSB attacks](https://en.wikipedia.org/wiki/BadUSB). 
@@ -216,14 +240,16 @@ To learn how to attach devices, we will format the empty USB or hard drive you w
 
 2. The Qubes Devices widget is used to attach a USB drive (or just its partitions) to any qube easily. Simply click on the widget and plug in your USB drive. The new entry will be under "Data (Block) Devices", typically `sys-usb:sda` is the one you want (`sda1` is a partition and would need to be mounted manually). Hover over the entry, and attach it to the disposable you just started (in the case of the example I gave above, disp4653). 
 
-3. The empty USB or hard drive should now be displayed in the Disks application. Format the empty device and then create a new encrypted partition, [like you would in Tails](https://tails.boum.org/doc/encryption_and_privacy/encrypted_volumes/index.en.html#index2h1). You can use the same LUKS password as is used for your Qubes OS LUKS, because you will need to memorize it to restore from backup, and it will contain the same data. 
+3. The empty USB or hard drive should now be displayed in the Disks application. Format the empty device and then create a new encrypted partition, [like you would in Tails](/posts/tails/#how-to-create-an-encrypted-usb). You can use the same LUKS password as is used for your Qubes OS LUKS, because you will need to memorize it to restore from backup, and it will contain the same data. 
 
 4. Before removing the USB drive, first eject it using the Qubes Devices widget, which ejects it from the qube. Then go to **Applications menu > sys-usb > Files**, and select "Safely Remove Drive" to eject it from the computer. 
 
-There are command line instructions for using an [external keyboard](https://www.qubes-os.org/doc/usb-qubes/#manual-setup-for-usb-keyboards) or [mouse](https://www.qubes-os.org/doc/usb-qubes/#usb-mice). 
+There are command line instructions for using an [external keyboard](https://www.qubes-os.org/doc/usb-qubes/#manual-setup-for-usb-keyboards) or [mouse](https://www.qubes-os.org/doc/usb-qubes/#usb-mice). Webcams and microphones are considered devices, and must be attached to an App qube in order to use them. 
+
+You don't always need to attach a USB drive to another qube with the Qubes Devices widget - it will also be accessible from sys-usb directly, through the File Manager. You can [copy specific files](#how-to-copy-and-move-files) between the USB and another App qube without needing to attach the USB controller to the App qube. After the USB is ejected, restart sys-usb - since it's disposable, it does the job of sanitizing for another device. 
 
 # How to Backup
-As soon as your qubes are organized in the way that you would like, backup your system. Depending on your needs, we recommend making a weekly backup, and a redundant one which is stored off-site and is synchronized monthly (to protect against data loss from a [house raid](https://www.csrc.link/threat-library/techniques/house-raid.html)).  
+As soon as your qubes are organized in the way that you would like, backup your system. Depending on your needs, we recommend making a weekly backup - pick a day of the week and add a reminder on your calendar. We also recommend making a redundant backup which is stored off-site and is synchronized monthly (to protect against data loss from a [house raid](https://www.csrc.link/threat-library/techniques/house-raid.html)).  
 
 Adapted from the [docs](https://www.qubes-os.org/doc/how-to-back-up-restore-and-migrate/#creating-a-backup):
 
@@ -253,12 +279,12 @@ Also worth noting is that "for those who regularly download Internet files, Tor
 Tor Browser can't upload files from `/home/user/QubesIncoming/` due to how permissions are set, so move files somewhere in `/home/user/` to upload them, such as the Downloads directory.
 
 # Password Management 
-Passwords should be managed with KeePassXC from the `vault` App qube. If unfamiliar with KeePassXC, you can learn about it in the [Tails for Anarchists](/posts/tails/). This leaves three passwords that must be memorized:
+Passwords should be managed with KeePassXC from the `vault` App qube. If unfamiliar with KeePassXC, you can learn about it in [Tails for Anarchists](/posts/tails/#password-manager-keepassxc). This leaves three passwords that must be memorized:
 1. [LUKS](/glossary/#luks) password (first boot password)
 2. User password (second boot password)
-3. KeePassXC file password
+3. KeePassXC password
 
-For notes on password quality for passwords you must memorize, see [Tails Best Practices](/posts/tails-best/#passwords). 
+For advice on password quality, see [Tails Best Practices](/posts/tails-best/#passwords). 
 
 # Windows Qubes
 It is possible to have [Windows qubes](https://www.qubes-os.org/doc/windows/), though the installation is a bit involved. This allows programs that are not available for Linux, such as the Adobe Creative Suite programs, to be used from Qubes OS (ideally offline). Installing "cracked" software downloaded from a torrent is not recommended as these are often malicious. The Adobe Creative Suite can be downloaded from Adobe, and then cracked with [GenP](https://www.reddit.com/r/GenP/wiki/redditgenpguides/#wiki_guide_.232_-_dummy_guide_for_first_timers_genp_.28method_1.3A_cc.2Bgenp.29).  
@@ -285,5 +311,19 @@ There is a lot more flexibility in how you configure Qubes OS than Tails, but mo
 	* Open attachments in a qube that is disposable and offline. 
 	* Open links in a Whonix qube that is disposable. 
 
+During the [post-installation of Qubes OS](#getting-started), you have the option of installing exclusively Debian or Fedora Templates (instead of both). You also have the option of using the Debian Template for all sys qubes (the default is Fedora). Our recommendation is to install only Debian Templates, and to convert them to [Kicksecure](https://www.privacyguides.org/en/os/linux-overview/#kicksecure). This way, every App qube on your system will either be Whonix or Kicksecure - Kicksecure is significantly more [hardened](/glossary#hardening) than either Debian or Fedora.  
+
+Kicksecure is not currently [available as a Template](https://www.kicksecure.com/wiki/Qubes#Template). To get the Kicksecure Template you will clone the Debian Template - follow the [Kicksecure docs for distribution morphing on Qubes OS](https://www.kicksecure.com/wiki/Qubes#Distribution_Morphing). App qubes that require Internet access without Tor can now use the Kicksecure template instead of the Debian Template. We recommend to use disposable qubes whenever possible when connecting to the Internet. To create a Kicksecure disposable:
+* Go to **Applications menu > Qubes Tools > Create Qubes VM**
+	* Name: kicksecure-16-dvm
+	* Color: purple
+	* Type: AppVM
+	* Template: kicksecure-16
+	* Networking: default (sys-firewall)
+* In the new qubes' **Settings > Advanced** tab, under "Other" tick "Disposable Template", then press **OK**. You will now see the disposable present at the top of the Applications Menu - make sure to work in the disposable, and not the disposable Template.
+
+Kicksecure is [considered untested](https://www.kicksecure.com/wiki/Qubes#Service_VMs) for sys qubes. If during the Qubes OS installation, you set all sys qubes to use the Debian Template, and set sys qubes to be disposable, the Template for `sys-net`, `sys-firewall`, and `sys-usb` will be `debian-11-dvm`. If you want to use disposable Kicksecure for sys qubes:
+* Set `sys-net`, `sys-firewall`, and `sys-usb` to use the `kicksecure-16-dvm` Template.
+
 # Wrapping Up
 The documentation has several [troubleshooting entries](https://www.qubes-os.org/doc/#troubleshooting), and the [forum](https://forum.qubes-os.org/) is generally very helpful. We recommend starting to use Qubes OS gradually, where you can progressively do tasks on Qubes OS instead of your previous operating system, because trying to learn everything at once may be overwhelming.