Refinement via Compatability

[midd...@gmail.com]

Just a curious fan here interested in upcoming 3.2 and beyond. So with 3 units separately tested 3.1 with newest kernels (including 4.4) all have been struggles to get installed and working on each various piece of hardware. 2 involved incremental upgrade trials and troubleshooting only to still either reach lack of usability or functionality (boot failure, lockups etc.) I'm curious if the soon to come 3.2 releases will begin to address the hardware struggles a lot of us are still experiencing? No judgment or disrespect intended, I'm trying to resolve issues for hopeful offering to the community just don't have background or time I'd like. I only ask because it seems that the better my Qubes OS runs, the OLDER the version (OS , kernel) of the program has to be loaded.

Am I doing something or understanding something incorrectly maybe? I get wanting recommendations on templates and what to INCLUDE in 3.2, but I would say the best inclusion would be a seamless and 100% garunteed installation and boot up process.

It seems so universally common that OS install and boot are the consistent issues you guys seem to be getting hit up about, that it would be the goal to 100% iron that down. I'll use Subgraph OS as a recent example (sorry I know different designs, goals etc. ) as I had it installed and booting unfailingly on 3 generations of systems, using AMD/Intel various UEFI mixtures and Bios options and it's considered an ALPHA release with much less community involvment.

I don't mean to insult, I LOVE what Qubes promises, and when I've managed to keep it stable for a few hours loved the operational capacity. I just am struggling to understand what adding more variables and unknown compatability issues accomplish outside feature bloat and more endless bug testing. Is not a consistent and standard experience the best focus in driving later amplification and variation? A reliable foundation vs unsteady and still unsettled?

[Chris Laprise]

My thoughts on the subject:

Hardware specifics cannot be treated as a small detail with Qubes.

People usually encounter compatibility issues with open source systems
like Linux if they are trying it on a variety of hardware. They think of
their hardware as "PCs" and just want "PC compatibility". But this
notion is misleading: The brands in the PC category are trying to make
money on ingenious corner-cutting of very complex designs, and then
customize drivers and configuration options to make it all work with
their target OS... WINDOWS.

So even Subgraph would have difficulty approaching the level of
compatibility that Windows enjoys as the defacto standard.

With that said, Qubes and Subgraph are really not in the same class.
Qubes depends on a bare-metal hypervisor (Xen) which -- let's face it --
was designed for and is mostly tuned for *server* hardware. It also uses
some of the most advanced and quickly evolving features of that
hypervisor, such as PCI passthrough to isolate hardware. This *greatly*
heightens the already precarious nature of non-Windows compatibility on
PCs. Of course, we're also in a special phase where incompatibility with
Intel Skylake graphics is causing even greater challenges.

So while Qubes boots up with a Desktop Linux face, it is far from having
a Desktop Linux architecture and there is currently only one hardware
vendor (Purism) that takes Qubes' design even slightly into account.
Vendors that certify some PC/laptop models for Linux are not taking Xen
into account.

By comparison, Subgraph is like a regular Linux distro with some
"security in-depth" tweaks.

Now, step back a bit: OS X is considered successful... How many models
does Apple offer for it? Its possible Qubes may have more compatible
hardware to run on.

I don't think you mentioned which computer models you are trying to run.
But my suggestion is -- if you want to run an OS as unique and secure as
Qubes -- that you purchase systems from Purism or at least adhere
closely to the most compatible systems indicated by the HCL for now. Do
not get stuck on "I want it to be PC compatible"; that mentality created
unrealistic expectations in the Desktop Linux realm and its exceedingly
at odds with the situation here.

FWIW ...

This is probably an issue where Qubes will have to evolve in order to
succeed. Compare the "desktop Linux" category with Android: The latter
has a reference hardware platform in the form of Nexus. The significance
of this is often overlooked, but Google understands it. (Here, Windows
is no real exception as "IBM compatible" pre-dated "PC compatible" and
the former was its reference hardware platform while Windows predecessor
MS-DOS gained in popularity.)

So, I think the long-term answer to your question is that the Qubes
project will have to evolve to begin specifying what hardware design is
most appropriate to bring Qubes' features to interested users. It may
have to create deep partnerships with hardware vendors to do it. My
guess is that someday the core developers may wish to do this by
defining an open source platform that doesn't use x86, creating a new
class of personal computer in the process.

Chris

[J.M. Porup]

On Mon, Jun 06, 2016 at 05:19:01AM -0400, Chris Laprise wrote:
> This is probably an issue where Qubes will have to evolve in order to
> succeed. Compare the "desktop Linux" category with Android: The latter has a
> reference hardware platform in the form of Nexus. The significance of this
> is often overlooked, but Google understands it. (Here, Windows is no real
> exception as "IBM compatible" pre-dated "PC compatible" and the former was
> its reference hardware platform while Windows predecessor MS-DOS gained in
> popularity.)

For the Qubes vision to have impact beyond its current base of core
early adopters, the project needs to sell that vision to long-term VC
investors.

Laptops are rapidly going obsolete, replaced by touch-screen mobile
devices and, in the near future, eyeglass-mounted augmented reality,
followed by virtual reality. Bringing a security-optimized,
compartmentalized vision to these spaces is critical to scaling
security for a billion+ users.

Securing the laptop space is a rear guard action. Aggressively pursuing
funds to secure new frontiers is more likely to produce real-world
results that improve security for a huge chunk of humanity.

My $0.02

jmp

[Chris Laprise]

On 06/06/2016 08:34 AM, J.M. Porup wrote:
> On Mon, Jun 06, 2016 at 05:19:01AM -0400, Chris Laprise wrote:
>> This is probably an issue where Qubes will have to evolve in order to
>> succeed. Compare the "desktop Linux" category with Android: The latter has a
>> reference hardware platform in the form of Nexus. The significance of this
>> is often overlooked, but Google understands it. (Here, Windows is no real
>> exception as "IBM compatible" pre-dated "PC compatible" and the former was
>> its reference hardware platform while Windows predecessor MS-DOS gained in
>> popularity.)
> For the Qubes vision to have impact beyond its current base of core
> early adopters, the project needs to sell that vision to long-term VC
> investors.
>
> Laptops are rapidly going obsolete, replaced by touch-screen mobile
> devices and, in the near future, eyeglass-mounted augmented reality,
> followed by virtual reality. Bringing a security-optimized,
> compartmentalized vision to these spaces is critical to scaling
> security for a billion+ users.

OTOH, tablets shrank even more than PCs, which are doing OK in
establishing a new point of equilibrium with the mobile category.
Overall, people see fewer reasons to continually upgrade hardware than
they used to. That explains why PC shipments started slumping before
tablets took off. The upgrade cycles have become (thankfully) longer. So
I think "obsolete" is pretty inaccurate; the market is actually becoming
more sane.

Ultimately, a reformulation of security and privacy will have to reach
the mobile space, too. But PCs are still the best place for that vision
to solidify not only because (some of) the hardware is appropriate for
running Qubes, but because personal computing is about having control
over one's own devices.

> Securing the laptop space is a rear guard action. Aggressively pursuing
> funds to secure new frontiers is more likely to produce real-world
> results that improve security for a huge chunk of humanity.

Thus far, the 1990s "aggressive" funding and development mentality has
produced products that encourage consumer recklessness. So while I
encourage ITL and Qubes project to do what's necessary to further Qubes
development, I'd also urge them to keep some distance from a particular
business culture that developed insecure products and gobs of so-called
"security" products ...and worse.

Chris

>
> My $0.02
>
> jmp
>
>
>

[J.M. Porup]

On Mon, Jun 06, 2016 at 02:48:56PM -0400, Chris Laprise wrote:
> Thus far, the 1990s "aggressive" funding and development mentality has
> produced products that encourage consumer recklessness. So while I encourage
> ITL and Qubes project to do what's necessary to further Qubes development,
> I'd also urge them to keep some distance from a particular business culture
> that developed insecure products and gobs of so-called "security" products
> ...and worse.

This is undeniably true. However, Qubes is facing a funding crisis, and
I would rather see the project take VC money--with core GPL code
protected by a not-for-profit foundation--than see Joanna and Marek
forced to abandon the project.

Just imagine if Qubes had a couple million dollars to play with. What
could they achieve with that?

Sometimes you have to play the game if you want to win the game.

Just a thought.

jmp