VM Page #1064
No Reviewers
Dismiss Review
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1064
Loading…
x
Reference in New Issue
Block a user
No description provided.
Delete Branch "patch-10"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description: Adds notice to using VM
Why?: Applications are inherently insecure, users should run extra-insecure apps in a VM.
-like what QubesOS does.What is the attached files: I created a PR for this design. It doesn't need to be the final result but I wanted to get the ball rolling. Edits from maintainers are welcomed.
Has this been discussed here: Nope.
Deploy preview for privacytools-io ready!
Built with commit
e9c3fcff49https://deploy-preview-1064--privacytools-io.netlify.com
I am indifferent about this PR, but I guess I wish answers to my questions before giving my approval. Questions that I didn't ask yet:
@ -53,6 +53,8 @@<a class="dropdown-item" href="/software/networks/"><i class="fas fa-user-secret fa-fw"></i> Self-contained Networks</a><a class="dropdown-item" href="/software/cloud/"><i class="fas fa-hdd fa-fw"></i> Self-Hosted Cloud Server</a><a class="dropdown-item" href="/software/voip/"><i class="fas fa-phone fa-fw"></i> Video & Voice Messenger</a><a class="dropdown-item" href="/vm"><i class="fas fa-phone fa-fw"></i> Virtual Machines</a>I think you might want to take a different icon here.
I am not sure if this is so useful link, it's possible to break out into vulnerable virtual machine, so it's important to keep it up-to-date and it's also easier to do the reverse.
@ -0,0 +9,4 @@<ol><li><strong>Choosing a strong hyperviser.</strong><ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li>There is a dot missing in the end while other lines end to a dot.
How about Virtualbox OSE/CE? I don't remember which name it is. I haven't used QEMU personally that I remember of.
@ -0,0 +10,4 @@<li><strong>Choosing a strong hyperviser.</strong><ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li><li>Stay wary of KVM as it can be a security risk (accesses kernel).</li>Citation needed?
@ -0,0 +11,4 @@<ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li><li>Stay wary of KVM as it can be a security risk (accesses kernel).</li><li>Choose one with managable settings like shared clipboard.</li>Is shared clipboard a secure setting? What if untrusted application from the VM copies a malicious script to your clipboard and you accidentally paste it to your root terminal or it includes
sudowhile your sudo cooke is still in force? What do you mean with manageable settings here?@ -0,0 +17,4 @@<li><strong>Choosing an OS.</strong><ul><li>View our <a href="https://www.privacytools.io/operating-systems/">OS section</a> for information on OSes that respect your privacy.</li>I wonder if this should directly tell hardware users to use Qubes and for VMs to pick Tails and then mention our OS section for other options?
I thought I had requested changes, maybe I shouldn't ask editorional for a review. Anyway see my previous comments.
@ -0,0 +9,4 @@<ol><li><strong>Choosing a strong hyperviser.</strong><ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li>If I remember properly, Virtual box uses non-free code for GPU exceleration.
I've looked at others too, like GNOME (Linux) boxes and VMM (OpenBSD and UNIX-based OSes) but they only support a few platforms.
XEN also looked promising, but if I remember properly they don't work on any LIbreboot laptop and many Coreboot machines as they require non-free code for the CPU.
QEMU-kvm may require non-free code as well.
@ -0,0 +10,4 @@<li><strong>Choosing a strong hyperviser.</strong><ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li><li>Stay wary of KVM as it can be a security risk (accesses kernel).</li>KVM's in general widen your attack surface.
For more info just look up the micro vs monolithic kernel debate.
Gives you plenty of information and instances.
@ -0,0 +11,4 @@<ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li><li>Stay wary of KVM as it can be a security risk (accesses kernel).</li><li>Choose one with managable settings like shared clipboard.</li>It is handy, but it generally should be turned off.
I mean that you (the user) should be able to control it.
Not sure what edit your recommending (if any) :)
@ -0,0 +17,4 @@<li><strong>Choosing an OS.</strong><ul><li>View our <a href="https://www.privacytools.io/operating-systems/">OS section</a> for information on OSes that respect your privacy.</li>Tails is proprietary, not generally a good OS for stuff like this (uses Debian
non-free).Qubes OS is iffy, it doesn't support most privacy focused hardware (Libreboot). It has non-free dependencies: https://github.com/QubesOS/qubes-issues/issues/5163
If this is the general consensus, I'll remove it.
@ -53,6 +53,8 @@<a class="dropdown-item" href="/software/networks/"><i class="fas fa-user-secret fa-fw"></i> Self-contained Networks</a><a class="dropdown-item" href="/software/cloud/"><i class="fas fa-hdd fa-fw"></i> Self-Hosted Cloud Server</a><a class="dropdown-item" href="/software/voip/"><i class="fas fa-phone fa-fw"></i> Video & Voice Messenger</a><a class="dropdown-item" href="/vm"><i class="fas fa-phone fa-fw"></i> Virtual Machines</a>I thought it was Wikipedia which is generall licensed under CC.
However, I cannot refind it.
You may want to purge it before merging.
I'll try to add a new logo. How do I edit the color? All I get is this hot pink. XD
Edit: Super cool tool BTW. Thanks for sharing!
@ -53,6 +53,8 @@<a class="dropdown-item" href="/software/networks/"><i class="fas fa-user-secret fa-fw"></i> Self-contained Networks</a><a class="dropdown-item" href="/software/cloud/"><i class="fas fa-hdd fa-fw"></i> Self-Hosted Cloud Server</a><a class="dropdown-item" href="/software/voip/"><i class="fas fa-phone fa-fw"></i> Video & Voice Messenger</a><a class="dropdown-item" href="/vm"><i class="fas fa-phone fa-fw"></i> Virtual Machines</a>As for the nav, I'm thinking cubes:
https://fontawesome.com/icons/cubes?style=solid
As cubes has now become a method to explain isolation.
How do I add images to nav?
@blacklight447-ptio I am assigning this to you as I think this is more of your cup of tea.
@ -53,6 +53,8 @@<a class="dropdown-item" href="/software/networks/"><i class="fas fa-user-secret fa-fw"></i> Self-contained Networks</a><a class="dropdown-item" href="/software/cloud/"><i class="fas fa-hdd fa-fw"></i> Self-Hosted Cloud Server</a><a class="dropdown-item" href="/software/voip/"><i class="fas fa-phone fa-fw"></i> Video & Voice Messenger</a><a class="dropdown-item" href="/vm"><i class="fas fa-phone fa-fw"></i> Virtual Machines</a>The
<i class="fas fa-phone fa-fw"></i>is the icon, which you would want to change to<i class="fas fa-cubes fa-fw"></i>I am unsure about this one, as it adds quite a bit of complicated information that can confuse non tech savvy users. maybe it would be more appropriate to make some sort of blog post about the topic on write.privacytools.io, and link to it for our advanced users who need a bit of extra security, and have the technical knowledge to run a VM?
@blacklight447-ptio VMs shouldn't be that hard, however I do understand your point.
Would it be better to recommend simplistic managers, like GNOME Boxes?
If this page is targeting non-tech-savvy users, I think more explanations are needed in general (e.g. what is a hypervisor?). Also, information such as "security risk (accesses kernel)" should be supplemented with a "Related Information" subsection (e.g. see related information on warrant canaries: https://www.privacytools.io/providers/#wc)
@ -0,0 +1,24 @@<h1 id="win10" class="anchor"><a href="#vm"><i class="fas fa-link anchor-icon"></i></a> Use VMs for isolation.</h1>I've noticed that headers on this site tend summarize the content, but the content currently is more about how to get started with VMs. Also, the headers on PTIO don't end with periods.
@ -0,0 +1,24 @@<h1 id="win10" class="anchor"><a href="#vm"><i class="fas fa-link anchor-icon"></i></a> Use VMs for isolation.</h1><div class="alert alert-warning" role="alert"><strong> When opening up insecure applications use a VM!</strong>@ -0,0 +7,4 @@<img src="/assets/img/layout/desktop-solid.svg" width="367" height="369" class="img-fluid float-right" alt="desktop-icon" style="margin-left:10px;"><ol><li><strong>Choosing a strong hyperviser.</strong>@ -0,0 +9,4 @@<ol><li><strong>Choosing a strong hyperviser.</strong><ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li>@ -0,0 +11,4 @@<ul><li>Use one that is <a href="https://www.wikipedia.org/wiki/Free_software">free software</a> like QEMU</li><li>Stay wary of KVM as it can be a security risk (accesses kernel).</li><li>Choose one with managable settings like shared clipboard.</li>@ -0,0 +15,4 @@</ul></li><li><strong>Choosing an OS.</strong>@ -0,0 +1,8 @@---layout: pagepermalink: /vm/title: "Virtual Machine"@ -0,0 +2,4 @@layout: pagepermalink: /vm/title: "Virtual Machine"description: "Use a VM for insecure applications"Seems out of scope for this project as @blacklight447-ptio mentioned.