Add documentation about Standalone VMs

[bnvk]

As a technical user trying to configure and understand how to best install apps and packages. After discussing this with @rootkovska the model that is best is to use a "Standalone VM" which I had never heard of before. I think this is simply because there is no documentation about it, yet. I will do my best to draft up rudimentary documentation regarding this

[faern]

Here is some documentation about them:
www.qubes-os.org/doc/SoftwareUpdateVM/#standalone-vms

[faern]

Here is some documentation about them:
www.qubes-os.org/doc/SoftwareUpdateVM/#standalone-vms

[adrelanos]

(Define "best". ;)

I think standalone VMs are useful, but mainly useful for advanced users?
I think, newcomers should stick to TemplateBasedVMs?

The current usual, expected way to install software is to:

1. start TemplateVM
2. install software
3. stop TemplateVM
4. (stop+)start a TemplateBasedVM based on that TemplateVM

Okay, you could argue, that this work flow is not very user friendly.
And you would be right.

With StandaloneVMs it's easier to install software. You can just install
software in there and changes will persist VM stop/start. But
StandaloneVMs also come with a lot disadvantages. Namely, they take up a
lot more space. And those are not upgraded by the centralized update
mechanism. (For TemplateBasedVMs one just updates the TemplateVM.) Also
if you backup those using the built-in backup mechanism, those are
several GB big (containing the whole root file system) instead of just
/var and /home.

Technically this is described more verbosely here:
https://www.qubes-os.org/doc/TemplateImplementation/

On https://www.qubes-os.org/doc/SoftwareUpdateVM/ also see chapter
"StandaloneVM".

While software installation within StandaloneVMs is easier, updating is
more cumbersome. Users would have to run updating in all VMs.

Somehow both approaches are not very user friendly. But that derives
from Qubes architecture. Maybe anyone can think of a better solution.

[adrelanos]

(Define "best". ;)

I think standalone VMs are useful, but mainly useful for advanced users?
I think, newcomers should stick to TemplateBasedVMs?

The current usual, expected way to install software is to:

1. start TemplateVM
2. install software
3. stop TemplateVM
4. (stop+)start a TemplateBasedVM based on that TemplateVM

Okay, you could argue, that this work flow is not very user friendly.
And you would be right.

With StandaloneVMs it's easier to install software. You can just install
software in there and changes will persist VM stop/start. But
StandaloneVMs also come with a lot disadvantages. Namely, they take up a
lot more space. And those are not upgraded by the centralized update
mechanism. (For TemplateBasedVMs one just updates the TemplateVM.) Also
if you backup those using the built-in backup mechanism, those are
several GB big (containing the whole root file system) instead of just
/var and /home.

Technically this is described more verbosely here:
https://www.qubes-os.org/doc/TemplateImplementation/

On https://www.qubes-os.org/doc/SoftwareUpdateVM/ also see chapter
"StandaloneVM".

While software installation within StandaloneVMs is easier, updating is
more cumbersome. Users would have to run updating in all VMs.

Somehow both approaches are not very user friendly. But that derives
from Qubes architecture. Maybe anyone can think of a better solution.

[marmarek]

Personally I often install software in template based VMs, being aware
that such software will disappear after VM restart. And that's fine for
some use cases - for example testing some programs (trying to choose
best one for particular task), or just needing some software for one
time task. This way I don't pollute my system :)

But of course for software needed to be installed "permanently", it must
be done in the template, or in standalone VM.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[marmarek]

Personally I often install software in template based VMs, being aware
that such software will disappear after VM restart. And that's fine for
some use cases - for example testing some programs (trying to choose
best one for particular task), or just needing some software for one
time task. This way I don't pollute my system :)

But of course for software needed to be installed "permanently", it must
be done in the template, or in standalone VM.

Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

[bnvk]

I think standalone VMs are useful, but mainly useful for advanced users?
I think, newcomers should stick to TemplateBasedVMs?

I definitely agree. Which is why I opened the issue from the "As a technical user" persona :-)

Specifically, I felt a bit stumped on how / where to setup a dev environment and install packages (so they don't disappear on restarting the AppVM) and how to install software from untrusted parties (not in Yum or RPM Fusion) such as Github's Atom Editor or the Electron Bitcoin Wallet.

Joanna's answer felt satisfying on a technical level to my understanding of Qubes threat model and how to proceed.

• Use a StandaloneVM for my software dev environment
• It's ok to be unsure of the code / things an actual app does as long as it's in it's own AppVM, and thus is OK to install in a normal template. But it's the "packaging" of the app that is dangerous to be installing in the template VM.

I've seen some things that Micah Lee wrote up, about creating a temporary VM for building an app from source, then copying that over to the template. I suppose this is a question thing we need to think about:

"Do we discourage non-advanced users who aren't comfortable compiling software in a temp VM from installing non-Fedora packaged software"

or

"Do we figure out a way to that process user friendly"

[bnvk]

I think standalone VMs are useful, but mainly useful for advanced users?
I think, newcomers should stick to TemplateBasedVMs?

I definitely agree. Which is why I opened the issue from the "As a technical user" persona :-)

Specifically, I felt a bit stumped on how / where to setup a dev environment and install packages (so they don't disappear on restarting the AppVM) and how to install software from untrusted parties (not in Yum or RPM Fusion) such as Github's Atom Editor or the Electron Bitcoin Wallet.

Joanna's answer felt satisfying on a technical level to my understanding of Qubes threat model and how to proceed.

• Use a StandaloneVM for my software dev environment
• It's ok to be unsure of the code / things an actual app does as long as it's in it's own AppVM, and thus is OK to install in a normal template. But it's the "packaging" of the app that is dangerous to be installing in the template VM.

I've seen some things that Micah Lee wrote up, about creating a temporary VM for building an app from source, then copying that over to the template. I suppose this is a question thing we need to think about:

"Do we discourage non-advanced users who aren't comfortable compiling software in a temp VM from installing non-Fedora packaged software"

or

"Do we figure out a way to that process user friendly"

[desci]

I found it better for me, in most use cases, to clone a given TemplateVM and having alternative templates like fedora-21-with-fusion, debian-8-dev, debian-8-torrent and so on.

This has another double benefit which makes it easy to discard an unwanted AppVM and just create another with the already working template, and easy to just clone a pre-shipped template (like fedora-21 or debian-8) and just using an apt or yum install list to put together a brand new TemplateVM in the event of the first one became compromised, thus allowing one to just configure the AppVMs to use the new TemplateVM.

It works best for me because I have SSD as the running disk (so template creation is really fast) and plenty of HDD external storage.

[desci]

I found it better for me, in most use cases, to clone a given TemplateVM and having alternative templates like fedora-21-with-fusion, debian-8-dev, debian-8-torrent and so on.

This has another double benefit which makes it easy to discard an unwanted AppVM and just create another with the already working template, and easy to just clone a pre-shipped template (like fedora-21 or debian-8) and just using an apt or yum install list to put together a brand new TemplateVM in the event of the first one became compromised, thus allowing one to just configure the AppVMs to use the new TemplateVM.

It works best for me because I have SSD as the running disk (so template creation is really fast) and plenty of HDD external storage.