From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <discuss-bounces@spectrum-os.org>
X-Spam-Checker-Version: SpamAssassin 3.4.3 (2019-12-06) on atuin.qyliss.net
X-Spam-Level: 
X-Spam-Status: No, score=-1.5 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS
	autolearn=unavailable autolearn_force=no version=3.4.3
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 4DAE07423; Sat, 13 Jun 2020 11:38:38 +0000 (UTC)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by atuin.qyliss.net (Postfix) with ESMTP id 3EA8473DB;
	Sat, 13 Jun 2020 11:38:27 +0000 (UTC)
Received: by atuin.qyliss.net (Postfix, from userid 496)
	id 669E4736C; Sat, 13 Jun 2020 11:38:25 +0000 (UTC)
Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21])
	by atuin.qyliss.net (Postfix) with ESMTPS id 0477E73D5
	for <discuss@spectrum-os.org>; Sat, 13 Jun 2020 11:38:22 +0000 (UTC)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.42])
	by mailout.west.internal (Postfix) with ESMTP id 6FD383C5;
	Sat, 13 Jun 2020 07:38:21 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
  by compute2.internal (MEProxy); Sat, 13 Jun 2020 07:38:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alyssa.is; h=
	from:to:cc:subject:in-reply-to:references:date:message-id
	:mime-version:content-type; s=fm3; bh=RK0XNwYNtjiQXxiPyl5i2aF348
	CRlIkLQt4NvNBWNRY=; b=T0U+Rsl1KioB6IQmk8VFXKh23CMjIIgQt0vy/dPJr1
	nlLuLeoM7xmO+6XZEvvoanbIv4w0FW1ie5Nhm7iq0gYbUIwfm2dCF7d3DnpzVpMp
	BSLY/bhHHAMFNb2zQOhL6jvhrZjvM8q3NbVkj3VIszNv1piX271pIsAudvE3Z24z
	noPeZOKpR5SdXOl64jDF0MSPH0zy3PMdn97wkUP7ZGalFWbmbD+bJJFPAel7maSp
	89FH1nUC4r7YKQ0gSbQQWR3dhkjZgWcbJSQkcESQGlO7xbDKaalGCHjysiduxrF6
	Hs49MqT587LVBsii3p0ygco/hawUvuw3BrxtAfgkXpww==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to:x-me-proxy
	:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=RK0XNw
	YNtjiQXxiPyl5i2aF348CRlIkLQt4NvNBWNRY=; b=Do3EhgkLJmzY/hm7rXbWLr
	yNEedXeTAfxa7/3NBm9paBysr++YpNziNMOmrJOHokmtR1OK01HI5BRRYqLM0oc9
	L8YgI+KTLozW+K3J1wnMk6LNF8mX+PR1cwLnZiNGA0odPtwkv9nVIrHWM090cDYI
	ZnxNIO35Z21SlfIajOQvbe35i1j5uZhH9cN1HXm0CkYOxgWJ9JClo789qb/hE3Vo
	b/5xdbsd2Glrezn+2ABO3gknMq0+OFpTuva8m48KhBYeoITg7CwgiU2MBv2QV+1U
	tM6fYg9ft+FFOkdXQfSdKp4NNg7T929+vW3c3sT2R00rLqOXqC/7K3CsjIdmCsTA
	==
X-ME-Sender: <xms:rLrkXhOCohyPVu5VPKi4zk1S4RPNWuzP4kSHoHJ7crL4GXBKVrbSRw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrudeifedggeegucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
    uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffujghffffkgggtsehgtderre
    dttddtnecuhfhrohhmpeetlhihshhsrgcutfhoshhsuceohhhisegrlhihshhsrgdrihhs
    qeenucggtffrrghtthgvrhhnpeffheeuffehgeehjeefudeffeekgeffieeuhfdufeeife
    ekteeigffhueeggffhudenucffohhmrghinhepqhhusggvshdqohhsrdhorhhgnecukfhp
    peekgedrudekgedrvdefledruddutdenucevlhhushhtvghrufhiiigvpedtnecurfgrrh
    grmhepmhgrihhlfhhrohhmpehhihesrghlhihsshgrrdhish
X-ME-Proxy: <xmx:rLrkXj-QiN2UQ-_OUgW5hBQQjRXGmnr4WXVu8JBuozzhckGRGEdbZg>
    <xmx:rLrkXgRdMphZy9DpjB3-5ExxuwFyeQNoEOiO5qMgMnAsQNub2PQ0fw>
    <xmx:rLrkXtuelomLPMteSq6u9efUY30La1TSZNylo5SogcQm3SirxqJBIA>
    <xmx:rbrkXjr8y8UEXa4N13IMryH2Mt9oZpl-Y_SuywlLk0fzk0MHPU4Vhw>
Received: from x220.qyliss.net (p54b8ef6e.dip0.t-ipconnect.de [84.184.239.110])
	by mail.messagingengine.com (Postfix) with ESMTPA id 474053280063;
	Sat, 13 Jun 2020 07:38:20 -0400 (EDT)
Received: by x220.qyliss.net (Postfix, from userid 1000)
	id 7A76454A; Sat, 13 Jun 2020 11:38:19 +0000 (UTC)
From: Alyssa Ross <hi@alyssa.is>
To: joweill@icloud.com
Subject: Re: Comparison to Qubes OS
In-Reply-To: <159196000593.15924.11324981664160187764@localhost>
References: <159196000593.15924.11324981664160187764@localhost>
Date: Sat, 13 Jun 2020 11:38:17 +0000
Message-ID: <87o8pnci1i.fsf@alyssa.is>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
Message-ID-Hash: 5S4ZXMCN2BUV2JQ5FD6R6SVIII6CZ4K4
X-Message-ID-Hash: 5S4ZXMCN2BUV2JQ5FD6R6SVIII6CZ4K4
X-MailFrom: hi@alyssa.is
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
CC: discuss@spectrum-os.org
X-Mailman-Version: 3.3.1
Precedence: list
List-Id: General high-level discussion about Spectrum <discuss.spectrum-os.org>
Archived-At: <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/message/5S4ZXMCN2BUV2JQ5FD6R6SVIII6CZ4K4/>
List-Archive: <https://spectrum-os.org/lists/hyperkitty/list/discuss@spectrum-os.org/>
List-Help: <mailto:discuss-request@spectrum-os.org?subject=help>
List-Post: <mailto:discuss@spectrum-os.org>
List-Subscribe: <mailto:discuss-join@spectrum-os.org>
List-Unsubscribe: <mailto:discuss-leave@spectrum-os.org>

--=-=-=
Content-Type: text/plain

> Hi there,
>
> I just discovered this project and I'm really excited about it! I've
> long waited for an OS that combines Qubes-like compartmentalization
> with the reproducibility of Nix/GUIX.

Hi!  Thank you for getting in touch. :)

> I'm trying to understand what this project aims to improve over Qubes, other than the integration of Nix (which I do think is really important!). I read the motivation page [1], but I'm not yet convinced by most
> of the points mentioned that relate to Qubes. Going over each usability issue mentioned in the motivation doc:
>
> - "Hardware compatibility is extremely limited": I don't believe this is really the case for the minimum Qubes 4 requirements [4]: most modern computers people buy support these. Is there anything I'm missing?
> - "People are reluctant to use Xen on their computer for power management etc. reasons." Can you elaborate on these issues?
> - I know that Qubes considered using KVM and decided against it for security reasons [2]. My understanding is that the downside of this decision is the limited hardware support, which is one of the things that Spectrum views as an opportunity for improvement. Can you elaborate on this decision?
> - "VMs are heavy": How will Spectrum improve on this without sacrificing security?

I already talked about Xen vs KVM elsewhere in the thread, but wanted to
say that the impression I've got from talking to several Qubes
developers is that they are at this point far less enthusiastic about
Xen than their documentation might suggest.

Additionally, a couple of things that the Qubes Architecture
Specification[1] mentions as being benefits of Xen over KVM are now, I
believe, also available in KVM.  Specifically, I believe it is possible
to use PV drivers with KVM (although I wonder if maybe there is a
terminology mismatch here?), and I believe it will be at least partially
possible to have something resembling driver domains, although this is
an area of active R&D within Spectrum.  Other mentioned advantages of
Xen, such as auditability, remain, of course.

[1]: https://www.qubes-os.org/attachment/wiki/QubesArchitecture/arch-spec-0.3.pdf

> - "GUI applications are buggy, command line tools are mostly
>   undocumented": I assume that the reason for this is the lack of
>   resources the Qubes project has. However, I don't see how this will be
>   be better in the case of Spectrum which is a new project with one
>   developer.

My understanding is that a lot of the instability I've encountered with
Qubes's tools comes down to some severe technical debt with their
inter-VM communication system.  This is likely something that is very
difficult to fix, but easy to learn from.  Being a new project allows
Spectrum to learn from Qubes' mistakes.

> More generally, I'm wondering whether this projects' goals couldn't be
> better achieved by trying to work with the Qubes developers to
> integrate Nix. It may very well be that they would reject it for some
> reason, but then the logical next step would be to fork Qubes.  Have
> you reached out to the Qubes developers?

I've had the pleasure of speaking with several Qubes developers on
multiple occasions.  I also know that there is work being done to
support NixOS templates in Qubes.  As I see it, though, the real benefit
of Nix here is that it would allow defining the whole system in one
single Nix configuration.  Doing this in Qubes would require big
fundamental changes to how Qubes works.  I believe the idea has been
brought up to the Qubes developers, and as I recall they were not keen.
I believe there is room in this space for Qubes and Spectrum to coexist.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEH9wgcxqlHM/ARR3h+dvtSFmyccAFAl7kuqoACgkQ+dvtSFmy
ccDMdxAApkD5Py0tthDQdeWTc/u0j3stzXns5ZsnFL9sFXm8ydoJHIJEsARB7hf1
BdpMilM+r5tp7+4A1Pc2fYQu7ehrABxgpTik+QBOmNyPogKl+bsqIEws2Z1AXdEf
wNhp7TJesfArdkqWtoIc0KACpbNqwx06ftnBx7KHbTS1as4M0aLLCgxNve2NAaZu
Rcjy2Bykaj+4LWTtCgBJmTlkl5/LlRvXxSBp6JISAzyt6ErQ/OHkJIsnjEKCkAT7
VJJjWS3mIsbNyKd8gFzquz2lNcNMS2TH+BhMcxvF3Y6ixi0zFESE5lidQ8s3r1R2
BnyCBAO8Lpnq1V+9Z3wM/kaaECL97anhHKfbOe06HSxp3pFzPGcWGEZf+NB3kPqo
r6Ad1wMMsmewjAfIBS6h0OzCCIOxEF5fpdp98HaJVmdBkn7xZoQ1KodQYhkK7Qqc
3bSMxaKCKw0Gd7E3dE45WwTDca3Y0y7K0l3QGF7zrwvf6qWxrPXX8/y5JhVJt8TN
uRLSetefDyuMAGDs76YsSD6L6DzbfNxAitSSrIs0mka0t2GIaIpYhC6Wk1DMO6JW
YZyzyOkxatnJAzOuToyKLhSdJ1EHRxZKuhu9Cn7RzeFHTB7f0NR1T+BIz0azWezv
oF7i5b5pNOhhYM9nEtdaS82yFJbAT2zSRW5J3v3uB3M15jkpGNE=
=jPs7
-----END PGP SIGNATURE-----
--=-=-=--