@@ -99,4 +99,17 @@ nightmare. The alternative would be to fall back to something like
the way things work now, with Tor running inside the virtual machine...
but to warn the user that she was operating with degraded security.
##A promising, alternative solution: Qubes
Qubes is Fedora spin off which takes [security by isolation to the extreme](http://qubes-os.org/Architecture.html): a Xen hypervizor manages user defined "lightweight virtual machines" or "AppVMs" that isolate user processes, and even certain system-components like the network stack, from each other. Appropriate IPC, file and clip-board sharing supposedly works between programs in different AppVMs.
One fine thing with this approach is that it most likely would be easy to fallback to starting processes without these AppVMs in case it's detected that T(A)ILS itself runs inside a VM.
The two key questions that remain to answer is:
1. if these AppVMs can be "NAT:ed" or similarly made oblivious to the system interfaces' IP addresses.
2. if all this can be incorporated into Debian without too much trouble.
Read more at their [homepage](http://qubes-os.org/) and [wiki](http://www.qubes-os.org/trac/wiki).
