From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.7 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.3 Received: by atuin.qyliss.net (Postfix, from userid 496) id 53213694A; Fri, 12 Jun 2020 11:28:42 +0000 (UTC) Received: from [127.0.0.1] (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 8898F6916; Fri, 12 Jun 2020 11:28:31 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 496) id D808368BD; Fri, 12 Jun 2020 11:28:29 +0000 (UTC) Received: from boston-packets.hackerspace.pl (boston-packets.hackerspace.pl [185.236.240.38]) by atuin.qyliss.net (Postfix) with ESMTPS id 21600690F for ; Fri, 12 Jun 2020 11:28:27 +0000 (UTC) Received: from guest-26.isnic.is ([185.93.158.26] helo=[10.137.0.19]) by boston-packets.hackerspace.pl with esmtpsa (TLS1.3) tls TLS_AES_128_GCM_SHA256 (Exim 4.93.0.4) (envelope-from ) id 1jjhrF-0002pt-Au for discuss@spectrum-os.org; Fri, 12 Jun 2020 13:28:25 +0200 To: discuss@spectrum-os.org References: <159196000593.15924.11324981664160187764@localhost> From: =?UTF-8?B?TWljaGHFgiAicnlzaWVrIiBXb8W6bmlhaw==?= Autocrypt: addr=rysiek@hackerspace.pl; keydata= mQINBFQ9X/EBEAC249MHVCp7+GGw4/L7m5uIhy7cK32oPvMlvCzVXtUtMZ7mKqeurNxQIzx8 7sfhhu5ZKn1XsB0Io3K70uTWNfxUuVYvigGKmPa52C0iS7irhUouMl5FuT03mvWsggIUW9N/ EYIM2T+HPhw00xJCJ7oMTAmyu69JIqhYSX8N1LevAoS1Po9k6UeOfn+mkrxuGCj8Ei9lfbDd yMah9LyqnNfeO7uk50UL71PoTbAPjZSarPl+J04Atva0pjFp9pdUuqq1sodxRHmLj8m3LZrI bHAuYVO63EYFzFbnRyVICX1y5owW1N2o20YEn2Or1P+IWvddTgI7corydWJlRLiFKzTKLhbX 6HwxqvcRqlC2pNA7igpTvwBe31TriHe1rqnpwZmDqVKhO6GxXslMIq8TFBN2kP82Hj+gTjLu 2GVzgld3JVNIpTzaRovhZPGKJtMXrQ6MDWJ5oQIHmFI1Mrcz0XJdrWcgLG5KcplyeVB8Jjcz G1I3UOydtsG3vkoIrKVTX5sHXg9IgAII1gpszSCnrX/fWBrHhXaJGgBATH44xsaI38+2NNzm 7vKai1PLmaTiag1HlzI6hsQQOCP8iudW9L4cYGHs9TgQ+LEvxeW9m0gumQ8eijDo0hZLl+Tf M+oYdgjT5RY0oe9dLdEixmz/ta22ln41cUWnkNiD1SqLRDKPOwARAQABtDFNaWNoYcWCICdy eXNpZWsnIFdvxbpuaWFrIDxyeXNpZWtAaGFja2Vyc3BhY2UucGw+iQI+BBMBAgAoBQJUPV/x AhsDBQkLRzUABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDqpOyBeWUrLhSgD/43DYTu LFMvQqOdYvoMELs2SN0ce/pjg+18YUED6jxJfpi4fNDd//D6awEIBTuM1Ow5LN+SqmIJGj3O NMNUEbSn+nbaq5Zg/OXkzFwZU1nSMAPd84UHflmzBfCFMq8em55fxo7v2i9DrIeoYUSsaGN5 I6fmPfHJnlzZ4yTpUh4qkFgRO0i73YJpPm7sn3wxncWE15cJ3PzdauQ4ZwSr2IxgKNzDSDxM oe9SNRc4VNLF98gv85nEKeDeOOeHhw3Pub+qfivZyJOtNezLpVCuLG2rfMO3gwp9zNNIw7LK cR5Jc0UbfeSDXLBXb+VyV6KLfqfDBw/T4ojwHkJvNK+/DKMt9y3mP6mpuQ3xnU67ZXWFa6wc RVf3uzh9Szdut3RalZwv7llQamhCgstS9M6qMQoSs3EBei2zx2fka2kD/fcaobOVBq3Wb3ph 3+pHc7HIrZcQeo5uUkWhWlRy9eQTKTxZDtyEX9nYmZ/dxhcJUVRS9pL1gYGRVpNr7DPSZOQ8 ygeKijDeWZ+KpsqqIapWqz8T1f3Z115rQ/L9n3JsXzWgLAM4lirfwoe1eUKCC5c9z3N+I2D9 bopJvEPDBIsVZJ38hto28M5F+DzLreG49EnKUdgsEiOrwu/00AR/EZSwn2PYf3/My5N0zhvW p+WlvyC+/XPAeNHPVDCJ49SIRd9WcbkCDQRUPV/xARAA7AJtz40go14VnI18CBJfWJlOT/AH Yi/rwVBTLB+inRfDQgJj1JFkv6Xo60v1PpEUlU5Dv33ATFm/Et98PGRFJ5XcIiThdsL6bBRl ucKHefafukBqSD//S3fly9H2TRewdWMIhkXIys/xtciPRNGU3KZQfuVwrLWG1uCBOS/kA2Ez eTUdbeVvUIE6K7HSSCljC7o2l8XD+ThqKX97s1vr34KmIkwpO6DuM8LXg0dofIqQPFjvfWbV Gy+wq2+fE05D4Rry2cI56jaMGBYLyZVRuvPHeKbi6DxxVyVEl5j0/sa/fLfQlL/gwGgQqg2x ihkE9mmcHvJZTYeUrzpRe+fRZ/1aHMyQeh6AAO0Dwf+Z4jrZYv/U3CPDTl38Nuo5i0TpAQhI zG5K+rn7RvTvFJ/przH0if2ms53Kbr00OS8iq+Q8/3KrioHJCxminrFttcy42mSxaNTJKLno Mv9T+RiN5/cigRtOjSVLzgnwhbWTLqPeWuTpMOPR23H3IjWA9zeYPiXyA1Qbw8dCbk8SPRF7 K2XPFaJrkzE5n5fla+NMS+GurL2Z2JpWhUdQlmh5QogWgL4dfd3tJKFbFnKZ7yUaeNht8rMH wb8FKxlRcNKa0MawAiNVA0QfreRM9jA9hkDLuii8zKXaOsykee8D1wYEMJDWcZhTEC3n6v3J GPD1L/EAEQEAAYkCJQQYAQIADwUCVD1f8QIbDAUJC0c1AAAKCRDqpOyBeWUrLgyGD/9Yeo4u T0nxAOOev8FzTnP2wkIsmdjeLJF4ZGrp8BSNpCcFq5yD1XLwGSFI+lgi6U1K1BLOy/Wml+0U ulboDJL8wj0ZMRdi+SImOZFH/0RCL5QD7fRs8h17Yt83NhiaYDfCmzHvELk2nHvbEPPfIiE8 boLjB5++fCx1kgeV6Z7NoXjtNadGHq+kZWn8P8Eaaw/rS0XDWQsk88Z0la1Gl2/KhrYKSyPy 6G0hoobgZmG9gWoKwOx6z/mkhEpvGQK7nUq2I55FAKM77iI7ef375VtkcjeCrVrrKM11AfdI V2M9qCLri0hTc9QUz5oJxglRVlvPiyrCaZjYdDA41ZVU2aZh2aUSsl5i+UgLGHZbBEs7PEPL x3zqREa3laViLPcb5qUvToHUC3k4ir7XNp/NJJVoAokeGVfu3uSrHUhIyVdv7biWg6YkzDqA 7EAX0p98fB9mN7GEcRmGpJEgY0MUMCQXkwCZuwdUpGluR7nWge6/X1VXFwQEDV+5Dp8LVv7E D8CQ84OZnbPpoNTBbMth7w9E3E3RCFHdCGp17l5QAMenKNukzOjyEwDC46JBExtM3ONjUOoo C6/BlI5tFLIUSFI/WYl0Z5vutz4f38nJR5cl4XvO2MYvCbJe7OxJ209UyQ2g9rtfdgI1tya8 MvpJDBxpXWTGZWj3HuHvLGBY7OqrC7kCDQRUPWNYARAArTD1US/3NCH3IjkjbFsB7EOXL4fQ 8v5trwF8owO8ZMHZgK7u6aMGX05XysEnG006YdYGY8nbPahhc8aC3CdraN3VpvWXbXmltG3u wPuHlhx1sfpx+9j8punfsoPw+5sCWxON5xXriKtF6NqgPcvgOrT/lXJ7u7r2cLZ1OD3JzA1T kz+TA9PKFwGLhCu3x8E0F3gaPEwG4L0Jb7gNXzOYDKJitSop+6qTzXKNVGA6rJmqna05S4PP zsifhHTUrDuON6A2mkfKIZ3pUgRqECWSX3nzgbXcp4e/eIzZYAd8c6j//uTdjdbIF12WdWKP UxEJwbjW4w450Q7uatG7BK4+K+6cUaPTWzqWqClmE3gIO8F+lO5T64Skh3qxoCZLkbajdmP7 Xx0HNyqlhkjdqFXCL6aZLYx/W+s9I/F+kytoJnbxjyEPKp2bVzQ488ghktBIDiyT6qkJe0hm BoGuhUqP4h4XZM6mmu8XStbN+R0qiHSjIGpo7w9m7ahiQi50c1/el3rURESQxWWbyEQ98J7W CtBlo5v5i5gHaylwzs5mk4zV2680Qb6a/iq4Vcqqb2F2PagVHgQ/W24N/iLA1ReTMN2iq9sj bemM2XYUFrKBLnjJzryTC05PDnKASbeSwn6rc129TBMkRKR95ImE114jQVckLffUsjNZuf4Z kdrwMiUAEQEAAYkERAQYAQIADwUCVD1jWAIbAgUJC0c1AAIpCRDqpOyBeWUrLsFdIAQZAQIA BgUCVD1jWAAKCRBSOHE9hZAEHXUnD/9MokD9DI/hZBU8eLkSHTFnh2jr5/WqBIV6jaDXMJTv 97wGbtf4GKj7lQ3Ex/BzYZBd/Dg51K7firhKbilq0P6OHqV5I0LsFeVyXQxYyK52UFdf8wnr KVlVkGwTKFGCxpcH6pc0N9eeeKLRDVjECiuvZDYLJceyO3qov6aEXXYjXk4stEMzO2JWN5ph 0CkVUtVQVAkPIZinO7tVrhqcCm4n1CnoSeGZtJ4rRjOLCJ2ebgnBbTpeYEYqARRAhRz13xnO VZLtTtPW0QJW8QUI4EkaNkrjqNtveQIlxERm8sFj4xleeAI4KYQmihKsksJ52xb2K67AbLdR rejR+e0rXbI15LkJvBgNerNA446TS7ErC84HS6B8aT1tmX9xcC+g/5ismzRxUL3w8p0IG/4z oaTbFTSY/afXn9yAP/1gEBC5Lr8Nx+lSSFiDvn5UFroPQGwWAr8BypeLNn9tqr3EQTZfc5dO 23fxz0lsy+ZtA/vOCJrnrcZ1roNvRiSWLKmdndbaeUpx5WwKxqZcsJjGBwONYzpqfTcuvZT0 u2EPEYIqMwThYYfmAxbIsH9cvXF/g/wsVTqQssi2QSOQsiWF5/qR0n5BIhch2YhvEAwR3ZO+ /k3jZj2CXPV+t5WP+EZBsUGol9hrKl14/KHKHT1CJ/7Ta2preJtfynm1tZZeNDbsV2wED/0a DAi+Sfa1mV2NMEFnL3cnA05gzGMi1IpGpUAzg8+vZk1kW3/4Ttwbsfl/BlD85sPqxWGsJGrF xIxrRrQ07EnXzoKFZ2GMikm7pvKkbDZnF6mhn9VhAcmXRjhL7QPUOu4V0TKkOX7H1Bu8eQ0i 46ehmQR8QZTehcJZqyr0fos2g1a0XY0YfkGrbJZhX254Aj1m0fJSxggYPYB0JqFefhX4+lXA QCNt7mhPHkj+0qeuy27F7syVRa7YW5KROdifrbQ/cjrI9hfoNzKQmEQ4e5c6e4haqQJXihAi JhxkKNAGlbrXR9Z99kkManSJvYQ8kPtFFgzzq5v8jcFtdoYHhGnzr3kJ628j0KZ0CMzOUQiE pRGKqONjXBzTKMOk0QSxcHoZbrO0MMBnTFS/wn2fcdDSUAQ59F2RwtqHKtgrXm06kxict3ly 5Pm6IfVhTqqeU11wtIiLpmRROslHaV4lLSahKNDh1wpvChf3rv4pI92u1pW6TNZVYwSNX8i6 8lgv9jz62QJncEJonNLwHlC2Unbwzwt2oJocIuvZF9Ygj+jtc9nXt0h0rmdktho2stjYro4Q UBNXaDUVwTunUNsQTwR8S7JprGsMpr+CCTGGMedK7VGI9q5ZSZJ2XrMtSKtfCaK/EqQM25J6 wgp0mlDaRN7IuwZCKadhaaaJ803XOr3aoA== Subject: Re: Comparison to Qubes OS Message-ID: <30b730a5-773e-41e8-e94e-5abec26018a4@hackerspace.pl> Date: Fri, 12 Jun 2020 11:28:03 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: <159196000593.15924.11324981664160187764@localhost> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="VQE9Je0MkHMgVMeXJg54hPsCwTZwqDvNO" Sender: rysiek@boston-packets.hackerspace.pl Message-ID-Hash: ASQFOYP5BWGXC3YL6ZAXX6R6SLRZOZKD X-Message-ID-Hash: ASQFOYP5BWGXC3YL6ZAXX6R6SLRZOZKD X-MailFrom: rysiek@boston-packets.hackerspace.pl X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.3.1 Precedence: list List-Id: General high-level discussion about Spectrum Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --VQE9Je0MkHMgVMeXJg54hPsCwTZwqDvNO Content-Type: multipart/mixed; boundary="GHdm7TVpsEQ524evFhxfv1OjEvlaYemJr"; protected-headers="v1" From: =?UTF-8?B?TWljaGHFgiAicnlzaWVrIiBXb8W6bmlhaw==?= To: discuss@spectrum-os.org Message-ID: <30b730a5-773e-41e8-e94e-5abec26018a4@hackerspace.pl> Subject: Re: Comparison to Qubes OS References: <159196000593.15924.11324981664160187764@localhost> In-Reply-To: <159196000593.15924.11324981664160187764@localhost> --GHdm7TVpsEQ524evFhxfv1OjEvlaYemJr Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi! A QubesOS user here for about a year and a half, let's see if I can help = out here. On 6/12/20 11:06 AM, joweill@icloud.com wrote: > Going over each usability issue mentioned in the motivation doc: >=20 > - "Hardware compatibility is extremely limited": I don't believe this i= s really the case for the minimum Qubes 4 requirements [4]: most modern c= omputers people buy support these. Is there anything I'm missing? I got a shiny new Thinkpad T490 a few months ago. 3d acceleration (KDE us= er here, I demand my wobbly windows!) is simply not available, because the d= om0 system is too old. My other laptop, a T470, was specifically selected for QubesOS, and there= were still issues (for instance, disabling Thuderbolt got me almost double the= battery life). Generally speaking, one can buy almost any laptop today and expect it to = mostly work with plain GNU/Linux. However, most might not even be able to boot Q= ubesOS. > - "People are reluctant to use Xen on their computer for power manageme= nt etc. reasons." Can you elaborate on these issues? The T470 had easily a 10-12h battery life on plain Kubuntu. On Qubes, 4-5= h is maximum I can squeeze out of it, and that's *after* the Tunderbolt fix. Running virtual machines is extremely resource-intensive, there's no way = around it. > - I know that Qubes considered using KVM and decided against it for sec= urity reasons [2]. My understanding is that the downside of this decision= is the limited hardware support, which is one of the things that Spectru= m views as an opportunity for improvement. Can you elaborate on this deci= sion? Can't speak for the developers, but the way I see Spectrum is as a compro= mise between regular GNU/Linux distro (with all the related security problems)= and QubesOS (with the limited hardware support and > - "VMs are heavy": How will Spectrum improve on this without sacrificin= g security? I'll leave this to the developers, but will say that I expect *some* secu= rity to be sacrificed. There are always trade-offs. I feel one needs to be an expert to use QubesOS, but a regular user (with= some basic training) can use a Mint or Ubuntu-based system. And I think it mak= es a lot of sense to offer a middle ground. > - "GUI applications are buggy, command line tools are mostly undocument= ed": I assume that the reason for this is the lack of resources the Qubes= project has. However, I don't see how this will be be > better in the case of Spectrum which is a new project with one develo= per. That's a fair point. Things to consider: 1. *probably* certain things can be easier (thus, less bug-prone) in Spec= trumOS than in QubesOS (kvm easier to work with than Xen, bigger potential commu= nity of users and developers due to improved hardware support, etc); 2. perhaps some QubesOS tools could be used in SpectrumOS, thus limiting = the amount of work needed > More generally, I'm wondering whether this projects' goals couldn't be = better achieved by trying to work with the Qubes developers to integrate = Nix. It may very well be that they would reject it for > some reason, but then the logical next step would be to fork Qubes. My feel is that QubesOS and SpectrumOS might have a bit different threat = models in mind, and thus things that make sense for SpectrumOS (like using kvm) = are a no-go for Qubes. But that's just guesswork on my part. > Have you reached out to the Qubes developers? >=20 > Thanks in advance! >=20 > ## References >=20 > [1] https://spectrum-os.org/motivation.html > [2] https://www.qubes-os.org/faq/#why-does-qubes-use-xen-instead-of-kvm= -or-some-other-hypervisor >=20 --GHdm7TVpsEQ524evFhxfv1OjEvlaYemJr-- --VQE9Je0MkHMgVMeXJg54hPsCwTZwqDvNO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEKiEppFKtTzw/7i97UjhxPYWQBB0FAl7jZstfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDJB MjEyOUE0NTJBRDRGM0MzRkVFMkY3QjUyMzg3MTNEODU5MDA0MUQACgkQUjhxPYWQ BB0DIw//T+/AuMVfjL91sOB3bIVXcxh3Iw2h+4qfZjkp6FknLsd72Vsj7xL4tLKi llYPwTElubOt0N27uIjSn9F+0Z22afSX+ErXHCWqkyMQ0E2fcyrrhOTJbteH0ytC lcyKFfyd9zJyyr4jJMoUsAgtJTQ7mT7lkRww0fOHS0I3W6V0GzqmL5m8iroXuQke /Rv9TQTKVnNbv8eaKpSOQMq8rS0rmYW8kYRyknMhS61XUOLb1zstsWOAIXU/I3fB xmReSxHwIySd0edUwbPV+e+gNwWnFTSqU//RUm6wpYed7StTSz31DE0DbS/xB88s 8nEWUo/m7hMQcNLuHj9pej97H5HB7gwPP0jRdXoZN7KKfcM0pCW3nqo7fE/Xh8OQ UBJWVyqIiPPG+75Oww43aa8QlNv07mP5+at+Kd5E22QWUZYbwnBy92AnPoQlua74 AKnPJuqntIim3v2T6qi4IhawMPhp0uST9ghHdlFuALplPlfa4j/DDWRb5RUea2If IOQJRY8O1MbwkLLH9Oofg1Jvcc11zjD5XZB0vsutRjubLdgNzhZdMluTJYdiwubV OrdhURTU0jTXPGYdkBqtrmtPvfh+RqeYVs9rXatlzCXA6NIuyIMgPiXZqCYhcsey dChQDWv5qFTfMmRxm5wGEpI3wSh0zRLcxyIeLcR4BuSQ4OY7tAM= =ADvP -----END PGP SIGNATURE----- --VQE9Je0MkHMgVMeXJg54hPsCwTZwqDvNO--