[qubes-devel] Re: [qubes-users] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-05 14:01, Grzesiek Chodzicki wrote: > W dniu niedziela, 4 grudnia 2016 09:37:01 UTC+1 użytkownik Andrew David Wong > napisał: >> On 2016-12-03 05:07, Grzesiek Chodzicki wrote: >>> Also, you forgot to post this to qubes-announce Andrew. >>> >> Didn't forget; qubes-announce is strictly for QSBs and new releases: >> >> https://www.qubes-os.org/mailing-lists/#qubes-announce >> > My bad then. > No worries. We know that some people are only willing to receive very infrequent messages about critical Qubes announcements, and we want those people to be able to trust qubes-announce for that purpose. We know that if we start sending too many messages through qubes-announce, we'll drive those readers away, so it's very important to us to keep our promise by sending announcements only for QSBs and new Qubes OS releases. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYRht/AAoJENtN07w5UDAwpNcP/2A3YZloArvt8+d4JLxNeNTk HiMjxAQE2h4SIUQSESjprFi52NUCpTFo/81UcC1pT6dHMPSWKHAZuOytChSnBqHI A86vWbLP92uoqVJKuiGyhu5nAVP9EQBnKMV8ki3GbMzABNjeCIGvpuoGY3clDrIY mc3yS9ArAKrPK99Ovkeuhbi80xrwHCjLyxAD6N0StF53VDsG22Au1mVGuDKwJqWk isZKwyFl/9IG2LgTnNcIjWdv+SDGEi/g1HF0BcUcoG+rxa5O2tLlxJze9e5mdFo/ 6eaIjOrJmNEDZYFRpzNzG7aI3Z3P1td2GpqgKMezsvN7r7ls7RsYY5hnwfvsfmKJ 9YtKC7ALZxAmob+x9bUYWbRum/si7ob777nawAmTBj6irN7FCGrYRxQLFPLolkcm Z9Sf4xhTF9WwLit0zSxSK5HqRRT9cfHpj21c1vN3Xb0kaBjSZlve4CmxGcOLiaK5 XYaRkqAWJ0wcf5ayMDE2Pkze1q3ICjHD39tr5onsMEOj3+815sipHhvZn+5Holp5 nw+RHdACo7QbJUv4Fl0QakgdysXIcNJrSkIgp3WZ/1pTuWEf8te9VGJrDNcos9Or +MvtOU9XFwH0z2eQCq1nSRucHoEcr2XKE4pA93dh/9HgbK7Ql78gXdbTK2N1BWLj 87eAVCfNsdCayrz/uVMe =q9LD -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ea52a1ec-2add-4534-638d-5a99ca291b0e%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: [qubes-users] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-05 09:18, Patrick Bouldin wrote: > Hi Andrew, ok - after reading it a couple more times I got the total gist. > Not sure who all was hired but hopefully there will be sufficient marketing > efforts to get them funded long term. > > Thanks, > Patrick > > Dallas, TX > Just to clarify, I'm not aware of anyone having been newly hired specifically in connection with this announcement. Rather, I think the idea is that any funds donated through Open Collective will be used to pay individual developers to work on the open source edition of Qubes, whether they're developers who are already working on Qubes (who are listed on the Team page) or new developers hired in the future. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYRhpWAAoJENtN07w5UDAw7IoP/AptSAnCHu0tA6Ojhlx2iVHd ux6Qmt7edr8EFsrQLF+nAEluyWvt2yF48sFYHyX6a7EX+WQq5sRFJ+c0xkiLRjql l8giDlrPs1EfxVptdSYWZJh7L1qnO80CmaxXBK3mkwtCQHvktOqW5xFsKFYwC6Ze K69hqUD/TPRfq30fW+c4L1TMVt2K9le5XxU+djKSIpOwqUTxisSIy1yvv6r19o3B MiRgAj1VTl+NxHc7K8PzJbJMOZ5v3s+T5CoBy6fYYmntWkt1vBKuFjjTRoRtXRqt 56DSUnxRv1DKbO/r8d860kjDhxjFkLy4ZFo3BodxtqArOzmZITDu4V8Vhc47I1hf V/zfPGWZGYOS4zGcxkRzGJugnEAVV36a5/grCILihD2M8zxp8cAQOt/z20ryeMZ3 pYO43YFw2WZ2dNlBX55ph/gNWwHvIKpIJZN+NEk10/NuCiHnXP7BKYzIIcWylX7K ofD1kTH7WG1XxHI+73rYZqXQXjxNilFSkwZYz2JXmacKp/ap/dMwJabeRnPjv/vo 8fbwFF2dpQ+iydM9vKfaq0upCuwXAEeaQLkjlKhkak5xp08dAxjmBIVrGrjOuXQ/ 5BoESHkYjgiZLhoiOKngeeNNgN65y43dQDJ3PpP4NybueAgF+zlUta7SiZizcVqj wJ+h8ZpUezefJ7oi0ArX =ymxe -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/d8d8e886-6b1c-5986-bdc3-a327c048335b%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-05 05:24, Ivan wrote: > >> I hope this helped to clear things up a bit. > > It did ! Thanks for your thorough reply. > > IMHO those "questions & answers" as well as some of Marek's answers to my > first post should be mentioned on the website, as I'm sure I'm not the only > one who was a bit confused. > > Ivan > Good idea. I'll add a Q & A section to the original announcement post on the website and to the Donations page. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYRhmPAAoJENtN07w5UDAw66wQAMbKXKGcy/g2z6fWnlsdmGtl 2Zi6lD9Lif8uxjQqrwD1oj15rJPE/SlO5weeHXbGWKriUDquiGupuyPXpqlcWn1f CPvKGK5XZrcduPwhxCIakWtdE6h7x3P2BcDaiss009b6F7qEWm3KUdLpgx1a2ixr 8pEdrnz95YoF75k1p7GieMctjrlhc2BSnToGh7izOcz1My1j9AWb4vtRgTAvtcWg hyNgIvElUjIUuIb9TYl3rR5Qjirb8AiNr41Gs0WK0YoXAYQfqB227oLfxDf6O5kQ aqyONUNavelFmt9/ThvpZdpMjB+8YTe2DEjUW75CYmIIQmsz3z8F6cKWtc2NyY3A FREtqsYzzmUGOj8jRLodPZ7etjpgpU74zg2QhrijIK5FhdDSzFiF0RHsipT4GwHn aQedZXAGR+yyflPCWhU+yHClqE+VWJdChFZ+JysGE0kcsyhbmj1BhMCnQbuk5iJS Za62FPHuF54MW0vTd4nYXzHXWOuGMC6NETe4m66CsLoJQhmpRQjNpm+33AmlMtu6 PKt4WqtCdeeOCRoGgNQ0HPdMJFm7fLw/B+nbNpYDhP1Vz1Eh60mzMWc4R73B4hvx Dcz5dq50C6q+LaTsCYjqRTTOlgu/9XviSvvbo1ZJhQ9nApYJ/H2cGW/q05n1KkXG 3CyhV9GD8jMLgWGn7VAh =yaGl -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/a7229182-e100-199a-8df3-aa4e5a1b2841%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Pi is not Pi (3563018237 NE 2188794840)
Hello HW42, what are your last 3 digits? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/4f26b94e-3bff-4214-b6cb-8aedcc973183%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Pi is not Pi (3563018237 NE 2188794840)
Hi HW42, I think you are right and with Hash[ToString[N[Pi, 10^6]], "Adler32"] I came to the same result for the hashes: 1477199102. But still the last digits differ: 021 under Windows 149 under Qubes , which cannot be the truth, or? What are your last 3 digits of Pi with an accuracy of 1000 000 digits? Kind Regards -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/aa7c9654-ca0c-4936-a5c0-fa2c2b2f237b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: [qubes-users] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
W dniu niedziela, 4 grudnia 2016 09:37:01 UTC+1 użytkownik Andrew David Wong napisał: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-12-03 05:07, Grzesiek Chodzicki wrote: > > This is a wonderful idea, there are about 20k Qubes users out there, if we > > al give you guys an equivalent of Windows license price you should be set > > for a millenium. I'd also love to see some Qubes merchandise available to > > buy so I can up my swag game while simultaneously contributing funds. > > > > Thanks! The merchandise ideas has been discussed internally, but we've > decided not to pursue that option at this time. > > > Also, you forgot to post this to qubes-announce Andrew. > > > > Didn't forget; qubes-announce is strictly for QSBs and new releases: > > https://www.qubes-os.org/mailing-lists/#qubes-announce > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJYQ9WhAAoJENtN07w5UDAw9pEQAKdkd/X7l9SwDJHHaWhVHDFp > CSe0lFuLCbnjQiPH34ygV7oRGAoi5Tmqg/AEnxczpmy9hNZ/TYYHx85h1nwa3T7Z > hhE+8jJgPHsvtpBV37GZwSl/IG0YyUInQ0yaEwCSKFDNGSkb5kn/mWdF3745QgNe > tIn5cyHF5skswcFwxh+6TJFnIN9sAiHbDvqHNbNb5lyFShxyBklt55hmybzZ+2Y8 > qopYmMR4MYYRBuzeKx4PPqfBF4+uEHEA9jQzpQBxclpSY4MPGOvgt0gBs+OPBWLG > VGdgcL2yzZIz5667YEO1NVu3FIlKH0B7128tcYEBV5wGTi0KNud7T7kVNSP5Qbvz > BTbaYpri8U/I+i1djHb9aHXkGzMn7oXznwOgCfFJ31YQivjym/E3c/j7ChRqNg0d > FcEQ3Qljz/Qn7LgO94Oj074sFTgBcjKb7pudfByMw1LJrdskCsdiDAGk2u30bLXP > /0l9QRC046NfEjEhVFHZqBpEqEoPiXMDizIy6antlyZx5BrlnIOv1iqETV4gUxaa > WKZx1GTWFZISsGqhPIjGtiO+WLDvhC0QoAzU0dBgxM+4/W3WmP64V1bv4PB5Achf > eYX46kT8SDMLJSVGlD7GQJYpVdbdAUZJfL1TgVTu1+l2xqWRV9F7pzRs5XopmQOX > X33rxAH+Bhc4yM7i41Uv > =GeRw > -END PGP SIGNATURE- My bad then. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/6133abb5-d83c-4b85-8441-16593179edb6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Turn Speakers to Microphones?
Il 04/12/2016 20:05, HW42 ha scritto:
> Patrick Schleizer:
>> Recent security research shows that soundcards support surreptitiously
>> switching line-out jacks into line-in by modifying the software stack.
>> The way modern speakers and headphones are designed makes them readily
>> usable as microphones. The Intel High Definition (HD) Audio standards
>> which all modern consumer soundcards are based mandates this.
>
>> https://arxiv.org/ftp/arxiv/papers/1611/1611.07350.pdf
>
>> Does anyone know if XEN's emulated sound devices follow this standard?
>> If yes then a malicious guest that can modify the virt sound hardware
>> can turn PC speakers into surveillance devices even if the microphone is
>> disabled on the host.
>
>> Asked on xen list:
>> https://lists.xen.org/archives/html/xen-users/2016-12/msg8.html
>
> I don't know how other virtual sound support for Xen works. Qubes uses a
> custom PulseAudio based solution which streams raw audio data via vchan.
> A VM has (or should have) no control over the sound card configuration in
> dom0 there. See gui-{daemon,agent-linux}/pulse
>
i don't know about qubes os, but on desktop computer this should not be
a problem, you can switch the output to input but speakers has also an
amplifier out of computer control and dessigned only as output, this
means that also if speakers can be used as mic, signal doesn't pass the
ampli.
this is theorical (and makes sense) but i'm planning to do a check with
an oscilloscope, if someone is really interested.
same *should* apply to notebook computer.
the reasearch talks about headphones in fact they doesn't have an
amplifier so you can directly use it's signal.
(you can do the same with LED: i cloned ir remote with led connected to
mic input, rec & play).
it's a bit paranoid discussion but given the recent research like this:
"Don't Skype & Type" https://arxiv.org/pdf/1609.09359.pdf
i have also added a switch for webcam & mic and was planning to update
my (paranoid?) guide due to this new research.
http://www.instructables.com/id/My-1-antispyware-that-can-beat-billion-dollar-stat/
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/0651f3f5-b014-bad4-5169-de54521bf83c%40posteo.net.
For more options, visit https://groups.google.com/d/optout.
[qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
On Wednesday, November 30, 2016 at 6:56:11 PM UTC-5, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Dear Qubes Community, > > Since the initial launch [01] of Qubes OS back in April 2010, work on Qubes > has been funded in several different ways. Originally a pet project, it was > first supported by Invisible Things Lab [02] (ITL) out of the money we earned > on various R and consulting contracts. Later, we decided that we should try > to > commercialize it. Our idea, back then, was to commercialize Windows AppVM > support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we > thought > we would offer Windows AppVM support under a proprietary license. Even though > we > made a lot of progress on both the business and technical sides of this > endeavor, it ultimately failed. > > Luckily, we got a helping hand from the Open Technology Fund [03] (OTF), which > has supported [04] the project for the past two years. While not a large > sum of money in itself, it did help us a lot, especially with all the work > necessary to improve Qubes' user interface, documentation, and outreach to new > communities. Indeed, the (estimated) Qubes user base has grown [05] > significantly over that period. Thank you, OTF! > > But Qubes is more than just a nice UI: it's an entirely new, complex system -- > a system that aims to change the game of endpoint security. Consequently, it > requires expertise covering a wide spectrum of topics: from understanding > low-level aspects of hardware and firmware (and how they translate to the > security of a desktop system), to UI design, documentation writing, and > community outreach. Even if we consider only the "security research" aspect of > Qubes, this area alone easily scales beyond the capabilities of a single human > being. > > In order to continue to deliver on its promise of strong desktop security, > Qubes > must retain and expand its core team, and this requires substantial funding. > At > this point, we believe the only realistic way to achieve this is through > commercialization, supplemented by community funding. > > > Commercialization > = > > We're taking a different approach to commercialization this time. Building on > the success of the recent Qubes 3.2 release, which has been praised by users > for > its stability and overall usability, we will begin offering commercial > editions > (licenses) of Qubes OS to corporate customers. We believe that the maturity of > Qubes, combined with its powerful new management stack [06], makes it ripe > for adoption by any corporation with significant security needs. > > Commercial editions of Qubes OS will be customized to meet special corporate > requirements. For example, two features that might be particularly attractive > to > corporate customers are (1) "locking down" dom0 in order to separate the user > and administrator roles and (2) integrating our local management stack with a > corporation's remote management infrastructure. These are both examples of > features that our developers are capable of implementing now, on Qubes 3.2. > > We plan to partner with one to three corporate clients in order to run a pilot > program throughout the first half of 2017. After it has been successfully > completed, we'll then widen our offer to more corporate customers and, > ultimately, to small business customers. Our main constraint is the > scalability > required to cover each additional client. Hence, we plan to focus on larger > customers first. > > Let there be no misunderstanding: Qubes OS will always remain open source. We > anticipate that the majority of our commercialization efforts will involve the > creation of custom Salt configurations, and perhaps writing a few additional > apps and integration code. In the event that any corporate features require > reworking the core Qubes code, that new code will remain open source. > > We considered many other ways of attempting to commercialize Qubes before > arriving at this model. One possibility that some of our users have inquired > about is that we sell dedicated Qubes hardware (i.e. laptops). However, there > are a number of challenges here, both in terms of making the hardware > trustworthy enough to merit our "seal of approval", and from a business and > logistics perspective. For these reasons, we don't plan to pursue this option > in > the immediate future. > > > Community funding > = > > Unfortunately, the financial necessity of shifting our priorities to > commercial > clients will mean that we have less time to work on features that benefit the > wider, security-minded open source community, which has been our focus for the > past seven years. This deeply saddens us. (We all use Qubes on our personal > computers too!) However, the reality is that ITL can't afford to sustain the > open source development of Qubes for much longer. We're running out of time. > > In an
Re: [qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
I hope this helped to clear things up a bit. It did ! Thanks for your thorough reply. IMHO those "questions & answers" as well as some of Marek's answers to my first post should be mentioned on the website, as I'm sure I'm not the only one who was a bit confused. Ivan -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/2897128c-d108-ecfe-4653-b038170f05a8%40c3i.bg. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-12-05 02:41, Ivan wrote:
> Hi Andrew,
>
> On 12/05/2016 10:52 AM, Andrew David Wong wrote:
>> On 2016-12-04 13:50, Patrick Bouldin wrote:
>>> Andrew,
>>>
>>> I'm very willing to donate - and well noted that you all will continue to
>>> update the core changes in the public domain. I do understand the why, the
>>> what and the dollars for the change - however, will there be anyone left to
>>> work on the core, for the sake of the core? Just wondering where the
>>> donation dollars will be going. I ask because I agree with the person
>>> noting 20,000 current licenses. If we all sent in $100 US each then that's
>>> $2 million US.
>>>
>>> Is it possible to set up some separation of funding to ensure each group is
>>> getting what they want? Set up the public funding better with separate
>>> marketing, and let that fund improvements for the public domain (not just
>>> maintenance and slight core improvements) - and then fund your corporate
>>> goals using the methods you mentioned.
>>>
>>> As a relatively new user I'm concerned about investing more time in this
>>> and it not progressing.
>>>
>>> Thanks,
>>> Patrick
>>> Dallas, Texas
>>>
>>
>> As mentioned in the announcement, all donations made via Open Collective
>> will be paid directly to developers who have been hired to work on the open
>> source edition of Qubes. ITL will not see or benefit from any of that money.
>> All from donated funds should be transparently visible to everyone on our
>> Open Collective page.
>
> From Marek's answers to my questions (thanks BTW !) and from what I read from
> follow-up posts by fellow users, I don't think it was clear who would work on
> the open source edition, hence those questions from the OP, from Chris
> Laprise, ...
So, the question is: "Who would work on the open source edition of Qubes?"
This question can be disambiguated in many different ways. I'll try to
anticipate some of the likely intended meanings and to answer them to the best
of my ability.
"Which developer(s) would work on the open source edition of Qubes? (I.e., what
are their names?)"
Answer: We don't know yet.
"Would any/all of the current ITL devs continue to work on the open source
edition of Qubes?"
Answer: Probably, but it depends on how much of their time is demanded by
corporate clients. (But remember that any changes to core code will remain open
source, so it's quite likely that they will, at least indirectly.)
"Would any/all of the current non-ITL devs continue to work on the open source
edition of Qubes?"
Answer: Probably, but it depends on what they want to do, how much gets
donated, and therefore how much money is available to pay them.
"Would *any* developer(s) work on the open source edition of Qubes?"
Answer: I certainly hope so, but again, it depends on how much money is
available to pay anyone.
> The original post mentioned hiring a dev - but I thought it was because of
> the amount of work to do *in addition* to ITL's (should there be enough
> community funding/donations, of course), and not because of having/wanting a
> clear separation, like you just answered (ITL=commercial version, hired
> dev(s)=open source version).
>
Sorry, but I simply don't see that. The answer I gave was merely a restatement
(almost verbatim) of what was written in the original announcement. Here's what
the original announcement said:
"ITL will not benefit from of any of the money donated through Open Collective.
Instead, the funds will be paid directly to individual developers who have been
hired to work on the open source edition of Qubes."
And here's the answer I just gave:
"As mentioned in the announcement, all donations made via Open Collective will
be paid directly to developers who have been hired to work on the open source
edition of Qubes. ITL will not see or benefit from any of that money."
I'd contend that any perception of a substantive difference in meaning between
these two passages must be due to a misreading of one (or both) of them. (At
any rate, no difference in meaning was intended.)
> WRT my concern that a large donor could steer the project in unwanted
> directions Marek answered that it wouldn't be the case. If there is such a
> separation between ITL and the open source version, who gets to decide what
> is implemented, what is not (or vetoed), and how tasks ("expenses" in Open
> Collective) are prioritized/chosen ? I expect it would be ITL's staff, but
> it's not mentioned anywhere yet.
It'll remain the same as now (i.e., Joanna and/or Marek).
> Along a similar vein, will there be some review of the code produced by said
> hired developer ? A fair concern - if that's not a well known Qubes dev - is
> to ensure that the design, code quality, ... is just as good as what it is
> now.
Yes, of course. (But code review also costs time and money...)
> After reading Open Collective's FAQ, IIUC the 2 things
Re: [qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
Hi Andrew,
On 12/05/2016 10:52 AM, Andrew David Wong wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 2016-12-04 13:50, Patrick Bouldin wrote:
Andrew,
I'm very willing to donate - and well noted that you all will continue to
update the core changes in the public domain. I do understand the why, the what
and the dollars for the change - however, will there be anyone left to work on
the core, for the sake of the core? Just wondering where the donation dollars
will be going. I ask because I agree with the person noting 20,000 current
licenses. If we all sent in $100 US each then that's $2 million US.
Is it possible to set up some separation of funding to ensure each group is
getting what they want? Set up the public funding better with separate
marketing, and let that fund improvements for the public domain (not just
maintenance and slight core improvements) - and then fund your corporate goals
using the methods you mentioned.
As a relatively new user I'm concerned about investing more time in this and it
not progressing.
Thanks,
Patrick
Dallas, Texas
As mentioned in the announcement, all donations made via Open Collective will
be paid directly to developers who have been hired to work on the open source
edition of Qubes. ITL will not see or benefit from any of that money. All from
donated funds should be transparently visible to everyone on our Open
Collective page.
From Marek's answers to my questions (thanks BTW !) and from what I
read from follow-up posts by fellow users, I don't think it was clear
who would work on the open source edition, hence those questions from
the OP, from Chris Laprise, ...
The original post mentioned hiring a dev - but I thought it was because
of the amount of work to do *in addition* to ITL's (should there be
enough community funding/donations, of course), and not because of
having/wanting a clear separation, like you just answered
(ITL=commercial version, hired dev(s)=open source version).
WRT my concern that a large donor could steer the project in unwanted
directions Marek answered that it wouldn't be the case. If there is such
a separation between ITL and the open source version, who gets to decide
what is implemented, what is not (or vetoed), and how tasks ("expenses"
in Open Collective) are prioritized/chosen ? I expect it would be ITL's
staff, but it's not mentioned anywhere yet.
Along a similar vein, will there be some review of the code produced by
said hired developer ? A fair concern - if that's not a well known Qubes
dev - is to ensure that the design, code quality, ... is just as good as
what it is now.
After reading Open Collective's FAQ, IIUC the 2 things Open Collective
provides is (1) an easy way to send donations and (2) transparency about
how donations are used ("expenses"), which comes at a cost of 10% +
paypal fees (3% or so). Isn't that amount overkill if a developer is
hired full time ? I mean, wouldn't it be simpler to send money to a
paypal account (ITL's or anybody people would trust), which would then
pay the developer ? Tracking allocated and then spent time (= money) -
for instance with github - should be easy.
Don't get me wrong, I fully understand the economic realities ITL faces
and the choice made to work on a commercial/corporate version. But
there's a real need for more clarity about how the whole thing WRT the
"open source" version will be organized, which will surely help with the
amount of donations.
Cheers,
Ivan
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/f9ef8f24-31d8-247b-9794-fde71f9fa0f4%40c3i.bg.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 development status update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Mon, Dec 05, 2016 at 03:55:45AM +, Manuel Amador (Rudd-O) wrote: > On 12/05/2016 02:50 AM, Marek Marczykowski-Górecki wrote: > > > > There are also still a couple of rough edges during installation/first > > run. For > > example "LVM thin" storage should be used, but currently it needs to be > > selected manually (using custom partitioning option). And depending on > > the disk > > layout, it may require creating those partitions manually. > > > > Honestly, it would be so much better if Qubes OS did NOT use LVM, and > used btrfs or ZFS instead. LVM has no protection whatsoever against > data corruption. I hope the APIs are modular such that there is an > implementable interface for storage backends which does not assume LVM > is the only thing that underlies the system. As a person using Qubes OS > on top of ZFS, I would find myself in quite some trouble if that was not > the case. Yes, new modules can be easily added. You can see API documentation in linked github issue (will be moved to qubes-doc later). Also adding fs-based module should be quite easy, because we have also 'file' storage module, for handling file based VM images. Should be easy to build btrfs or zfs module based on it. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYRT4AAAoJENuP0xzK19csX+sH/0lcaWnDuGWVdVAyCuQJ2JZa fLKI6tHS3OwlMbmHj2vzd4PBBRkL+MCGenNoedyR8i0wZQ8m93G+tZtH9l8V101j LI5YrZ3P+yFSEuHsL3d0c/6DWIEoZHp2THHW0nuIs3CovxfoeXVPx8B8QZa1zJ6f QJcrRLqDeVgErbk+m5/pL/T8nCoOWy1Sk5AMvghCHZktsZD0/247zP86g5dkTW4Y NquxudIJxRCXx6q4pxksGD3m86GFnU6lZBiuxSIMZOzH85OsV+8dVqfulArkoFY/ yg4LpEex2URz19oSamKD/kGd8FYHQy/DrnFHYAMZIATtzLFTjIfnOpLpasExZBk= =QbjE -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161205101423.GX1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 development status update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Dec 04, 2016 at 11:19:41PM -0800, Vít Šesták wrote: > I am interested about the implications of using HVMs. I know about the > introduced need of some CPU features, some changes under-the-hood and > potentiially better compatibility. But I am interested in some others: > > 1. What will change about performance and memory-usage > characteristics? I believe there will be just small (and maybe even > positive) performance difference for CPU/RAM-related tasks. The > difference for I/O will probably be rather low if any. There might be > some differences for PCI latency, but I am unsure about them. Start of > a VM will probably take slightly longer, because of the need of the > stubdom. RAM usage will be also somewhat (how much?) higher because of > the stubdom. Your intuition is right. As for memory usage, stubdomain use about 50MB, so not that much... > 2. Security implications. When attacker has a QEMU 0day, HVM fails as > a counter-measure against PV-related vulnerabilities. In such case, > the attack scenario is even larger (both PV-only and HVM-only Xen > vulnerabilities can be used). We'll make this stubdomain as limited as possible, but still, some things are unavoidable. > I remember you mentioned an idea about > killing the stubdom in an early phase of the boot (probably even > before mounting /rw), which would somehow mitigate some (most?) > attacks. As a nice side-effect, it would also lower the memory usage. > What's the current state of this countermeasure? That would be nice indeed, but we haven't tried it yet. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJYRT2OAAoJENuP0xzK19cscpgH/2ziwG+QSxaObKw33oJAUXOm C3aNNKFQSHh3QqP6TQaGksmB1dOlGH5hGW606U+iA83K/oDBJ1BlegdO5HzY5SYh JWAoMK9/nRpw5bCoYkJtOmFpzBcI3YCIV0SfWu80kEj9Ihszg6qOBmzo/og7eUtl 9RSO5OWYI9Jso1o8bxVvcUdiSr8M+GR1rc5bBQlyza5GwGV/SOXXOMWPekDijggh aUXZTq8aiVsZ65QsnXn3OjsJp3ptftsPWzxpWwMrimNNsn0D+6U8syUC7epNBnCI 4m/77bjBOo0Xfq5HEzCCfwMndrm++GqBpr2grCPkEFE6HSaLuoa2oNlphXk9Ls0= =i2ru -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161205101228.GW1145%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Re: Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-12-04 13:50, Patrick Bouldin wrote: > Andrew, > > I'm very willing to donate - and well noted that you all will continue to > update the core changes in the public domain. I do understand the why, the > what and the dollars for the change - however, will there be anyone left to > work on the core, for the sake of the core? Just wondering where the donation > dollars will be going. I ask because I agree with the person noting 20,000 > current licenses. If we all sent in $100 US each then that's $2 million US. > > Is it possible to set up some separation of funding to ensure each group is > getting what they want? Set up the public funding better with separate > marketing, and let that fund improvements for the public domain (not just > maintenance and slight core improvements) - and then fund your corporate > goals using the methods you mentioned. > > As a relatively new user I'm concerned about investing more time in this and > it not progressing. > > Thanks, > Patrick > Dallas, Texas > As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money. All from donated funds should be transparently visible to everyone on our Open Collective page. Does this address your concern? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYRSrmAAoJENtN07w5UDAwUqIP/RYxE5CfTfzfYh7c3g3KSid/ x4o04p36NtNEvycrQ3GrjVl1o36BRG1VRxC2/IGT2zJVFrL6hRcwAfq2EAW3nITZ sgVHtblyr45y4sKvm0ZXCBnIGIt04yo/6gy40enLuy7lz4HHY5xXsyxvui1M7/zW LyLgWdIcNbBhhwYz/8sCp5yZxJX7a5gMiumNxa74b6fwPa7bMi83w67k1JDbduVJ VO54Kkf/JTc28BWdEIGRYJ/k+1APibRq6RNRbTCGs6JQWHK2Z8ZIW3a7HBr8eW38 u2N+BSmzF1iKzlcBimK6K25ERQRaQuW0q5BdfjEmHKDarMrBQ2YnAyVUjBbLDdDy tcMlt9M3xbnlwnXP62S7/2qdmqKl40/tJ/Y61kK3uVhaetJ/U2AOVkQI+f1CFKGy s1eT7/gSm2C9oafcFzPWWvRzB9HMFDUpU7gQ6+kvxx1PJtJx4J2/oGiz+VVp1cQ5 1LjwZMVaDfrmHlAiN4y/UM4LLK7pWkLrbUhBSh6GvO/AIyd7+XA+Y3Ps/gtiKegd VoYLpQ64MBdAw4YOfcx9+IRVtAGGRhHMjY+pu91SJpNJ7rCJKHbvuhCEF3X+Yq+0 uVxivVOOCB7KNjqqFrn6MpTY4r0/u9Pdk0YAfMVVRKcICHRUu5MwIrCc9BMduAMG ocLaz94qaDRirvjNZJRR =0cWy -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/77d29120-e6cf-56a7-7c4e-984eb7979a51%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-devel] Qubes 4.0 development status update
Hi Marek, thanks for sharing this information. I found it quite interesting! (and wouldnt mind to see such posts every 3 months or so…) -- cheers, Holger -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20161205084857.GA3282%40layer-acht.org. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Digital signature
