Announcement: Qubes OS Begins Commercialization and Community Funding Efforts
271 views
Skip to first unread message
Andrew David Wong
Nov 30, 2016, 6:56:10 PM11/30/16
to qubes...@googlegroups.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Qubes Community,
Since the initial launch [01] of Qubes OS back in April 2010, work on Qubes
has been funded in several different ways. Originally a pet project, it was
first supported by Invisible Things Lab [02] (ITL) out of the money we earned
on various R&D and consulting contracts. Later, we decided that we should try to
commercialize it. Our idea, back then, was to commercialize Windows AppVM
support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought
we would offer Windows AppVM support under a proprietary license. Even though we
made a lot of progress on both the business and technical sides of this
endeavor, it ultimately failed.
Luckily, we got a helping hand from the Open Technology Fund [03] (OTF), which
has supported [04] the project for the past two years. While not a large
sum of money in itself, it did help us a lot, especially with all the work
necessary to improve Qubes' user interface, documentation, and outreach to new
communities. Indeed, the (estimated) Qubes user base has grown [05]
significantly over that period. Thank you, OTF!
But Qubes is more than just a nice UI: it's an entirely new, complex system --
a system that aims to change the game of endpoint security. Consequently, it
requires expertise covering a wide spectrum of topics: from understanding
low-level aspects of hardware and firmware (and how they translate to the
security of a desktop system), to UI design, documentation writing, and
community outreach. Even if we consider only the "security research" aspect of
Qubes, this area alone easily scales beyond the capabilities of a single human
being.
In order to continue to deliver on its promise of strong desktop security, Qubes
must retain and expand its core team, and this requires substantial funding. At
this point, we believe the only realistic way to achieve this is through
commercialization, supplemented by community funding.
Commercialization
=================
We're taking a different approach to commercialization this time. Building on
the success of the recent Qubes 3.2 release, which has been praised by users for
its stability and overall usability, we will begin offering commercial editions
(licenses) of Qubes OS to corporate customers. We believe that the maturity of
Qubes, combined with its powerful new management stack [06], makes it ripe
for adoption by any corporation with significant security needs.
Commercial editions of Qubes OS will be customized to meet special corporate
requirements. For example, two features that might be particularly attractive to
corporate customers are (1) "locking down" dom0 in order to separate the user
and administrator roles and (2) integrating our local management stack with a
corporation's remote management infrastructure. These are both examples of
features that our developers are capable of implementing now, on Qubes 3.2.
We plan to partner with one to three corporate clients in order to run a pilot
program throughout the first half of 2017. After it has been successfully
completed, we'll then widen our offer to more corporate customers and,
ultimately, to small business customers. Our main constraint is the scalability
required to cover each additional client. Hence, we plan to focus on larger
customers first.
Let there be no misunderstanding: Qubes OS will always remain open source. We
anticipate that the majority of our commercialization efforts will involve the
creation of custom Salt configurations, and perhaps writing a few additional
apps and integration code. In the event that any corporate features require
reworking the core Qubes code, that new code will remain open source.
We considered many other ways of attempting to commercialize Qubes before
arriving at this model. One possibility that some of our users have inquired
about is that we sell dedicated Qubes hardware (i.e. laptops). However, there
are a number of challenges here, both in terms of making the hardware
trustworthy enough to merit our "seal of approval", and from a business and
logistics perspective. For these reasons, we don't plan to pursue this option in
the immediate future.
Community funding
=================
Unfortunately, the financial necessity of shifting our priorities to commercial
clients will mean that we have less time to work on features that benefit the
wider, security-minded open source community, which has been our focus for the
past seven years. This deeply saddens us. (We all use Qubes on our personal
computers too!) However, the reality is that ITL can't afford to sustain the
open source development of Qubes for much longer. We're running out of time.
In an attempt to keep the open source development of Qubes going, we've teamed
up with Open Collective [07], which makes it easier to donate to the Qubes
project. Now, in addition to our Bitcoin fund [08], we can also accept
donations via credit card. ITL will not benefit from of any of the money donated
through Open Collective. Instead, the funds will be paid directly to individual
developers who have been hired to work on the open source edition of Qubes.
With the help of our community, we hope eventually to build a nonprofit
organization that will ensure the long-term future of Qubes as an open source
operating system that is freely available to all -- one of the few operating
systems that places the security of its users above all else.
If you are a user of Qubes and want to help us continue working on it, please
donate now [07]. Those who have contributed will be publicly recognized on our
Open Collective [07] page (if they so choose). Organizations that support the
Qubes project will be publicly recognized on our Partners page [09]
(again, if they so choose). If you are interested in supporting Qubes with
significant resources, whether as an individual or on behalf of an organization,
we ask that you please contact us directly [10], since donating through
Open Collective entails significant administrative overhead.
Thank you for your continued support. Together, we can ensure that Qubes is
around to secure our digital lives for many years to come.
--The Qubes team
[01] https://blog.invisiblethings.org/2010/04/07/introducing-qubes-os.html
[02] https://invisiblethingslab.com
[03] https://www.opentech.fund/
[04] https://www.opentech.fund/project/qubes-os
[05] https://www.qubes-os.org/counter/
[06] https://www.qubes-os.org/news/2015/12/14/mgmt-stack/
[07] https://opencollective.com/qubes-os
[08] https://www.qubes-os.org/news/2016/07/13/qubes-distributed-fund/
[09] https://www.qubes-os.org/partners/
[10] <busi...@qubes-os.org>
You can also view this announcement on the Web at:
https://www.qubes-os.org/news/2016/11/30/qubes-commercialization/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYP2b6AAoJENtN07w5UDAwJ4kQAMClOUh/vmxWr0Hb7ENgeBAq
xLQQrKuUBeK5yZ7+Jpeoqc/ni8VsZ8vwbXWayHLWHk1IMn22OMn/cd66T6tljt0x
UdcZ4Ng4nxl0j8sN0Ycw4iEx29LRwPs4m0EOPPEYRaqql+QNEPjs8mItE/vRtkd3
KTudISYCflBwFB2SlVn8NHd8gNbaV/y8oy7gRLCpzEtf3rU4WAf2jKdRpGWx3RFx
uqYLJ/vfEOBs2SctsuNLzm+8eX7hZ6DOBQNBGgAtdLMnaWqBBA3uEjmwjGbNL2jm
BGVYUnPyKIgCcGHGuInCgRb8vatrV6Vesduw9IRbQHB2BOQT41pdhlbtbPUkOSu4
HXn4j9/w3TXE4Qnvq5EeA3VTYM9cnf4COQ4XuaXNxUX9ojiuRgFqNxQ1vHw98rST
nsS//+9AoL2PQmElunWwhPe/srWDcODZ/iVDd2uafc0gEdNTYUHzDSQkhhd5GOEM
2xe9zMfR8m+mpXTX5/ObVbsQ61EXUw6YYb9IH0vBvnG6QUSRe6xzXKVK8h/9JaHt
5rhQxb+njEcovZ9cLadwA9IIZP4FJhYU0cvXpRbPSHueFRf7j4JfplClPEnL2vEC
NqG/lcgCKjA6tmk2x+CXU0rue35OwzjMUaWq8YZ0MmX0fc+/MFw121LpBu+0Ke0H
VOFj+L9DRea6g7k0OPtI
=3Y/D
-----END PGP SIGNATURE-----
Hash: SHA512
Dear Qubes Community,
Since the initial launch [01] of Qubes OS back in April 2010, work on Qubes
has been funded in several different ways. Originally a pet project, it was
first supported by Invisible Things Lab [02] (ITL) out of the money we earned
on various R&D and consulting contracts. Later, we decided that we should try to
commercialize it. Our idea, back then, was to commercialize Windows AppVM
support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought
we would offer Windows AppVM support under a proprietary license. Even though we
made a lot of progress on both the business and technical sides of this
endeavor, it ultimately failed.
Luckily, we got a helping hand from the Open Technology Fund [03] (OTF), which
has supported [04] the project for the past two years. While not a large
sum of money in itself, it did help us a lot, especially with all the work
necessary to improve Qubes' user interface, documentation, and outreach to new
communities. Indeed, the (estimated) Qubes user base has grown [05]
significantly over that period. Thank you, OTF!
But Qubes is more than just a nice UI: it's an entirely new, complex system --
a system that aims to change the game of endpoint security. Consequently, it
requires expertise covering a wide spectrum of topics: from understanding
low-level aspects of hardware and firmware (and how they translate to the
security of a desktop system), to UI design, documentation writing, and
community outreach. Even if we consider only the "security research" aspect of
Qubes, this area alone easily scales beyond the capabilities of a single human
being.
In order to continue to deliver on its promise of strong desktop security, Qubes
must retain and expand its core team, and this requires substantial funding. At
this point, we believe the only realistic way to achieve this is through
commercialization, supplemented by community funding.
Commercialization
=================
We're taking a different approach to commercialization this time. Building on
the success of the recent Qubes 3.2 release, which has been praised by users for
its stability and overall usability, we will begin offering commercial editions
(licenses) of Qubes OS to corporate customers. We believe that the maturity of
Qubes, combined with its powerful new management stack [06], makes it ripe
for adoption by any corporation with significant security needs.
Commercial editions of Qubes OS will be customized to meet special corporate
requirements. For example, two features that might be particularly attractive to
corporate customers are (1) "locking down" dom0 in order to separate the user
and administrator roles and (2) integrating our local management stack with a
corporation's remote management infrastructure. These are both examples of
features that our developers are capable of implementing now, on Qubes 3.2.
We plan to partner with one to three corporate clients in order to run a pilot
program throughout the first half of 2017. After it has been successfully
completed, we'll then widen our offer to more corporate customers and,
ultimately, to small business customers. Our main constraint is the scalability
required to cover each additional client. Hence, we plan to focus on larger
customers first.
Let there be no misunderstanding: Qubes OS will always remain open source. We
anticipate that the majority of our commercialization efforts will involve the
creation of custom Salt configurations, and perhaps writing a few additional
apps and integration code. In the event that any corporate features require
reworking the core Qubes code, that new code will remain open source.
We considered many other ways of attempting to commercialize Qubes before
arriving at this model. One possibility that some of our users have inquired
about is that we sell dedicated Qubes hardware (i.e. laptops). However, there
are a number of challenges here, both in terms of making the hardware
trustworthy enough to merit our "seal of approval", and from a business and
logistics perspective. For these reasons, we don't plan to pursue this option in
the immediate future.
Community funding
=================
Unfortunately, the financial necessity of shifting our priorities to commercial
clients will mean that we have less time to work on features that benefit the
wider, security-minded open source community, which has been our focus for the
past seven years. This deeply saddens us. (We all use Qubes on our personal
computers too!) However, the reality is that ITL can't afford to sustain the
open source development of Qubes for much longer. We're running out of time.
In an attempt to keep the open source development of Qubes going, we've teamed
up with Open Collective [07], which makes it easier to donate to the Qubes
project. Now, in addition to our Bitcoin fund [08], we can also accept
donations via credit card. ITL will not benefit from of any of the money donated
through Open Collective. Instead, the funds will be paid directly to individual
developers who have been hired to work on the open source edition of Qubes.
With the help of our community, we hope eventually to build a nonprofit
organization that will ensure the long-term future of Qubes as an open source
operating system that is freely available to all -- one of the few operating
systems that places the security of its users above all else.
If you are a user of Qubes and want to help us continue working on it, please
donate now [07]. Those who have contributed will be publicly recognized on our
Open Collective [07] page (if they so choose). Organizations that support the
Qubes project will be publicly recognized on our Partners page [09]
(again, if they so choose). If you are interested in supporting Qubes with
significant resources, whether as an individual or on behalf of an organization,
we ask that you please contact us directly [10], since donating through
Open Collective entails significant administrative overhead.
Thank you for your continued support. Together, we can ensure that Qubes is
around to secure our digital lives for many years to come.
--The Qubes team
[01] https://blog.invisiblethings.org/2010/04/07/introducing-qubes-os.html
[02] https://invisiblethingslab.com
[03] https://www.opentech.fund/
[04] https://www.opentech.fund/project/qubes-os
[05] https://www.qubes-os.org/counter/
[06] https://www.qubes-os.org/news/2015/12/14/mgmt-stack/
[07] https://opencollective.com/qubes-os
[08] https://www.qubes-os.org/news/2016/07/13/qubes-distributed-fund/
[09] https://www.qubes-os.org/partners/
[10] <busi...@qubes-os.org>
You can also view this announcement on the Web at:
https://www.qubes-os.org/news/2016/11/30/qubes-commercialization/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYP2b6AAoJENtN07w5UDAwJ4kQAMClOUh/vmxWr0Hb7ENgeBAq
xLQQrKuUBeK5yZ7+Jpeoqc/ni8VsZ8vwbXWayHLWHk1IMn22OMn/cd66T6tljt0x
UdcZ4Ng4nxl0j8sN0Ycw4iEx29LRwPs4m0EOPPEYRaqql+QNEPjs8mItE/vRtkd3
KTudISYCflBwFB2SlVn8NHd8gNbaV/y8oy7gRLCpzEtf3rU4WAf2jKdRpGWx3RFx
uqYLJ/vfEOBs2SctsuNLzm+8eX7hZ6DOBQNBGgAtdLMnaWqBBA3uEjmwjGbNL2jm
BGVYUnPyKIgCcGHGuInCgRb8vatrV6Vesduw9IRbQHB2BOQT41pdhlbtbPUkOSu4
HXn4j9/w3TXE4Qnvq5EeA3VTYM9cnf4COQ4XuaXNxUX9ojiuRgFqNxQ1vHw98rST
nsS//+9AoL2PQmElunWwhPe/srWDcODZ/iVDd2uafc0gEdNTYUHzDSQkhhd5GOEM
2xe9zMfR8m+mpXTX5/ObVbsQ61EXUw6YYb9IH0vBvnG6QUSRe6xzXKVK8h/9JaHt
5rhQxb+njEcovZ9cLadwA9IIZP4FJhYU0cvXpRbPSHueFRf7j4JfplClPEnL2vEC
NqG/lcgCKjA6tmk2x+CXU0rue35OwzjMUaWq8YZ0MmX0fc+/MFw121LpBu+0Ke0H
VOFj+L9DRea6g7k0OPtI
=3Y/D
-----END PGP SIGNATURE-----
Ivan
Dec 1, 2016, 3:30:30 AM12/1/16
to qubes...@googlegroups.com
> Community funding
> =================
[...]
> ITL will not benefit from of any of the money donated
> through Open Collective. Instead, the funds will be paid directly to individual
> developers who have been hired to work on the open source edition of Qubes.
> If you are a user of Qubes and want to help us continue working on it, please
> donate now [07].
around me (friends, acquaintances, ...) who do. It's not because of
wealth (you could donate something a low as 10$ to a project you like,
which is the price of a meal at a random restaurant where I live).
Rather, I see it as a problem related to mentality and then to lack of
information: mentality, because open source = free, so why should I pay
for something ? And then, lack of information, because when I get over
the mentality problem and know that there ain't such thing as free beer,
I either
- #1 don't know that a project is struggling
- #2 don't know how to donate
- #3 don't know to whom my money would go if I donate, and how it would
be used (ie., transparency).
- #4 don't know what amount to give.
- #5 don't know if the project got enough money for a given period (eg.
monthly) with donations from other people.
Your post made a good job at describing issues #1 and #2 (donating only
via bitcoin was a burden), and a little bit #3: donations would go to
pay a hired dev, but what would he work on ? I like the way development
is done now, with ITL people vetoing features/choosing what to develop,
as I trust them to know better than me what is needed and what is not. I
wouldn't want large donators to impose features and/or bloat the project.
Some kind of report on the current amount of donations and how they
were/are used would be welcome too, as most of the projects I've donated
to don't do that and just send a "we're struggling" message every now
and then in order to trigger donations. That would solve issue #5 and
the remaining of issue #3.
Some sites have a "donation bar" where you can see if the project has
reached (or not) an expected amount of money, that might be something
worth considering, that's a good visual cue. I often thought - ah, let's
donate - when I would see the end of the month looming, and the monthly
donation bar of a project still in the middle of expected funds (of
course, you need a cash buffer of at least a few months in advance).
Now with issue #4 - what amount to give. IMO you should make clear how
much a dev / devs costs, because I'm sure people think - yeah I'm going
to send 10 or 20 bucks - but they have to understand that this amount is
probably worth only 1 or 2 hours of paid programming work.
Addressing the "mentality" problem (that there isn't such thing as free
beer, that donations are *required* to keep the project running, ...)
should be advertised prominently on the web site instead of relying on
people clicking on the "donate" tab. The "donate" tab would then have
all the details covering the issues mentioned above.
Those are my 2c from experience I have donating to projects. Sorry for
the long post :)
Side question: what is the amount of "significant resources" above which
one should contact you directly rather than going through Open Collective ?
Ivan
Marek Marczykowski-Górecki
Dec 1, 2016, 8:02:56 AM12/1/16
to Ivan, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Exactly. We have always highlighted this on our donation page.
On the other hand, OpenCollective give us transparency to at least some
degree - all income and expenses are publicly visible:
https://opencollective.com/qubes-os
> Some kind of report on the current amount of donations and how they were/are
> used would be welcome too, as most of the projects I've donated to don't do
> that and just send a "we're struggling" message every now and then in order
> to trigger donations. That would solve issue #5 and the remaining of issue
> #3.
> Some sites have a "donation bar" where you can see if the project has
> reached (or not) an expected amount of money, that might be something worth
> considering, that's a good visual cue. I often thought - ah, let's donate -
> when I would see the end of the month looming, and the monthly donation bar
> of a project still in the middle of expected funds (of course, you need a
> cash buffer of at least a few months in advance).
>
> Now with issue #4 - what amount to give. IMO you should make clear how much
> a dev / devs costs, because I'm sure people think - yeah I'm going to send
> 10 or 20 bucks - but they have to understand that this amount is probably
> worth only 1 or 2 hours of paid programming work.
I think some kind of measurement is that we've got $410k from OTF [1]
during last year. During that time we've got also some much smaller
donations, but that doesn't change the above figure much.
This was enough to survive and release new versions, but not enough to
implement everything we've planned for. Some examples:
- Qubes 4.0 is delayed more and more,
- we haven't managed to add Gnome support
- Live USB is still in alpha phase and basically unmaintained
- a lot of bugs are not fixed (see github issues...)
This is a lot of money. And we don't think it's realistic to collect it
using public donations only. This is why we're introducing commercial
version. But it doesn't mean we don't need your support, on the
contrary! We'd love to continue work on open source project as much as
possible! Not only as a base for commercial product, but also as fully
usable and functional system on its own!
> Addressing the "mentality" problem (that there isn't such thing as free
> beer, that donations are *required* to keep the project running, ...) should
> be advertised prominently on the web site instead of relying on people
> clicking on the "donate" tab. The "donate" tab would then have all the
> details covering the issues mentioned above.
>
> Those are my 2c from experience I have donating to projects. Sorry for the
> long post :)
>
> Side question: what is the amount of "significant resources" above which one
> should contact you directly rather than going through Open Collective ?
I think anything >= $10k. We also have some internal overhead of
handling individual donations manually (mostly related to the number of
such donations, not necessary amount), so it doesn't worth for smaller
amounts - here is why we have OpenCollective to handle this.
[1] https://www.opentech.fund/project/qubes-os
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYQB98AAoJENuP0xzK19cso1gH/2REm8W/MzZoPH8MmZ3XyJeo
NSlu2ajNgzeWejKICDleG3IkMkisCGD1MhMDWQ+9MJBivs3cQ2m7gQ57LDpfZljo
Y7AQWN7fmd9GrJoVhYeYkaHWsAmp2k2VGXF+7A84qrDVyYwhRAlLjQdtv6gz3jiA
+quuJ0kTLxYA+WmHv4V22pD5qvCm3C8qwD8xk9sgvktxxO6g0vW08KnuNLotyvo0
WLZHov26pw0o7K6D8THEAaYL5Eru945ltIBtvUE5R71H+dBIKHYhVBCQfK35tkwk
bQjE2fB+OSLuYY66bBt3LJQJr9GJ/hCoTgeUTgk3cNBzXKqwNfKQhNvdOUpN3d8=
=sjQC
-----END PGP SIGNATURE-----
Hash: SHA256
On the other hand, OpenCollective give us transparency to at least some
degree - all income and expenses are publicly visible:
https://opencollective.com/qubes-os
> Some kind of report on the current amount of donations and how they were/are
> used would be welcome too, as most of the projects I've donated to don't do
> that and just send a "we're struggling" message every now and then in order
> to trigger donations. That would solve issue #5 and the remaining of issue
> #3.
> Some sites have a "donation bar" where you can see if the project has
> reached (or not) an expected amount of money, that might be something worth
> considering, that's a good visual cue. I often thought - ah, let's donate -
> when I would see the end of the month looming, and the monthly donation bar
> of a project still in the middle of expected funds (of course, you need a
> cash buffer of at least a few months in advance).
>
> Now with issue #4 - what amount to give. IMO you should make clear how much
> a dev / devs costs, because I'm sure people think - yeah I'm going to send
> 10 or 20 bucks - but they have to understand that this amount is probably
> worth only 1 or 2 hours of paid programming work.
during last year. During that time we've got also some much smaller
donations, but that doesn't change the above figure much.
This was enough to survive and release new versions, but not enough to
implement everything we've planned for. Some examples:
- Qubes 4.0 is delayed more and more,
- we haven't managed to add Gnome support
- Live USB is still in alpha phase and basically unmaintained
- a lot of bugs are not fixed (see github issues...)
This is a lot of money. And we don't think it's realistic to collect it
using public donations only. This is why we're introducing commercial
version. But it doesn't mean we don't need your support, on the
contrary! We'd love to continue work on open source project as much as
possible! Not only as a base for commercial product, but also as fully
usable and functional system on its own!
> Addressing the "mentality" problem (that there isn't such thing as free
> beer, that donations are *required* to keep the project running, ...) should
> be advertised prominently on the web site instead of relying on people
> clicking on the "donate" tab. The "donate" tab would then have all the
> details covering the issues mentioned above.
>
> Those are my 2c from experience I have donating to projects. Sorry for the
> long post :)
>
> Side question: what is the amount of "significant resources" above which one
> should contact you directly rather than going through Open Collective ?
handling individual donations manually (mostly related to the number of
such donations, not necessary amount), so it doesn't worth for smaller
amounts - here is why we have OpenCollective to handle this.
[1] https://www.opentech.fund/project/qubes-os
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYQB98AAoJENuP0xzK19cso1gH/2REm8W/MzZoPH8MmZ3XyJeo
NSlu2ajNgzeWejKICDleG3IkMkisCGD1MhMDWQ+9MJBivs3cQ2m7gQ57LDpfZljo
Y7AQWN7fmd9GrJoVhYeYkaHWsAmp2k2VGXF+7A84qrDVyYwhRAlLjQdtv6gz3jiA
+quuJ0kTLxYA+WmHv4V22pD5qvCm3C8qwD8xk9sgvktxxO6g0vW08KnuNLotyvo0
WLZHov26pw0o7K6D8THEAaYL5Eru945ltIBtvUE5R71H+dBIKHYhVBCQfK35tkwk
bQjE2fB+OSLuYY66bBt3LJQJr9GJ/hCoTgeUTgk3cNBzXKqwNfKQhNvdOUpN3d8=
=sjQC
-----END PGP SIGNATURE-----
Ilpo Järvinen
Dec 1, 2016, 2:41:03 PM12/1/16
to Andrew David Wong, qubes...@googlegroups.com, qubes...@googlegroups.com
On Wed, 30 Nov 2016, Andrew David Wong wrote:
> Commercial editions of Qubes OS will be customized to meet special corporate
> requirements. For example, two features that might be particularly
> attractive to corporate customers are (1) "locking down" dom0 in order
> to separate the user and administrator roles
I suppose this implies there is unlikely to be support for multi-user
> Commercial editions of Qubes OS will be customized to meet special corporate
> requirements. For example, two features that might be particularly
> attractive to corporate customers are (1) "locking down" dom0 in order
> to separate the user and administrator roles
environment for a shared computer any time soon except for commercial
users (e.g., within a family with one of the user effectively having
a sort of "administator role" and the other users would have less
priviledges)?
If yes, are the core devs/maintainers going to actively oppose
inclusion of feature(s) which would make the multi-user case
easier/feasible if it is provided by somebody from community?
I suppose it could be seen overlapping functionality and
therefore rejected on technical grounds (or it might be even
thought to deincentivize from getting the commercial version).
I understand the economical realities, so please don't take this
as complaining of any sort, I'm just asking what is the expected
position here.
--
i.
Chris Laprise
Dec 1, 2016, 2:41:29 PM12/1/16
to Marek Marczykowski-Górecki, Ivan, qubes...@googlegroups.com
On 12/01/2016 08:02 AM, Marek Marczykowski-Górecki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Thu, Dec 01, 2016 at 10:30:26AM +0200, Ivan wrote:
>
>> Addressing the "mentality" problem (that there isn't such thing as free
>> beer, that donations are *required* to keep the project running, ...) should
>> be advertised prominently on the web site instead of relying on people
>> clicking on the "donate" tab. The "donate" tab would then have all the
>> details covering the issues mentioned above.
>>
>> Those are my 2c from experience I have donating to projects. Sorry for the
>> long post :)
>>
>> Side question: what is the amount of "significant resources" above which one
>> should contact you directly rather than going through Open Collective ?
> I think anything >= $10k. We also have some internal overhead of
> handling individual donations manually (mostly related to the number of
> such donations, not necessary amount), so it doesn't worth for smaller
> amounts - here is why we have OpenCollective to handle this.
>
> [1] https://www.opentech.fund/project/qubes-os
>
> - --
Marek,
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Thu, Dec 01, 2016 at 10:30:26AM +0200, Ivan wrote:
>
>> Addressing the "mentality" problem (that there isn't such thing as free
>> beer, that donations are *required* to keep the project running, ...) should
>> be advertised prominently on the web site instead of relying on people
>> clicking on the "donate" tab. The "donate" tab would then have all the
>> details covering the issues mentioned above.
>>
>> Those are my 2c from experience I have donating to projects. Sorry for the
>> long post :)
>>
>> Side question: what is the amount of "significant resources" above which one
>> should contact you directly rather than going through Open Collective ?
> I think anything >= $10k. We also have some internal overhead of
> handling individual donations manually (mostly related to the number of
> such donations, not necessary amount), so it doesn't worth for smaller
> amounts - here is why we have OpenCollective to handle this.
>
> [1] https://www.opentech.fund/project/qubes-os
>
> - --
I share Ivan's concern about asking for donations. The style should be
more forward, with periodic donation drives (say 3X a year) that are
prominently featured on the qubes-os.org front page (and a link from the
github page, too). Many organizations also use email newsletters as a
funding-drive tool, since it can contain requests for donations in the
same vehicle that contains interesting information (not every Qubes user
will want to keep monitoring the mailing lists).
There should also be a stronger sense conveyed of the object of the
donations--The Qubes Project as separate from ITL--so people don't think
they are being asked to donate to a for-profit corp.
Chris
Andrew David Wong
Dec 1, 2016, 5:00:32 PM12/1/16
to Ivan, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-01 00:30, Ivan wrote:
> Your post made a good job at describing issues #1 and #2 (donating only via bitcoin was a burden), and a little bit #3: donations would go to pay a hired dev, but what would he work on ? I like the way development is done now, with ITL people vetoing features/choosing what to develop, as I trust them to know better than me what is needed and what is not. I wouldn't want large donators to impose features and/or bloat the project.
>
To expand on what Marek said: the stance of the Qubes project has not changed on this. Donors do not get to decide or vote on development priorities.
> Your post made a good job at describing issues #1 and #2 (donating only via bitcoin was a burden), and a little bit #3: donations would go to pay a hired dev, but what would he work on ? I like the way development is done now, with ITL people vetoing features/choosing what to develop, as I trust them to know better than me what is needed and what is not. I wouldn't want large donators to impose features and/or bloat the project.
>
However, corporate clients will almost certainly have this effect, since any time spent meeting the requirements of a corporate client is time not spent developing features for the wider, security-minded open source community (unless the interests of the two parties happen to coincide). But this is just the unfortunate economic reality of the situation.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYQJ1uAAoJENtN07w5UDAwp+cP/0P/JKyHB2pTFj1TvzOHKDe7
kJu3VkjDnJG0QpWvpa6bkKbfUFSLHC1RmimyFTrMVs/15ptMgiDCVxT8OhfuR3nz
VICDW3eur+7mCo45ILlHM2xX6LW/czG4kUiF28YKUYB6xWGPg9awVC089HKIUfTv
j6zTKCsz72FyMg3hWuGWjRzWs4GtjBXT5/PQHcZJ9YU7MDzYQjGSSPqomxuZwSbn
d9s3t0YT/zlTYOReFtpfZzgarwG0JjhfIs/k5vMF71CkCKWxCxw2eHZhyev0DHyA
4t6lQbEXMXV5ll/r6PnpuZ1Vya8raPXpSyG3ATifY0QyED64V52+I14B9jLPMn40
5nBsqteig9nZHV9bWre1wcKxlirzqxkpGSlyeg7j+Bs67HvM1dx+TTJav6fIr7B1
fEGyXShZD5ZxdFT+n2Cszdod0w4oIO6FDgyvLs8i/PKCSr6BE8rqrMouJbk7jzaI
TDSAC7a5Vq5lN6/q78SKcaDPOVyrHKdugjNXBXqCUVxFs8mddW8oyMTDx7/v81kG
y+eszavHVdlYLYqF9PSh1dPkJ4TCnVe7XhtVwGGunEZvCT33ZJnVgsdOovS5KpKs
kNcga4+jjtlj6/DoNBCQCInFalx91qJziisrU3QN/Vkimev3mpd6E3FfH84Bf70M
9/FwXkLG6w73wmFTfoq2
=hrwO
-----END PGP SIGNATURE-----
Andrew David Wong
Dec 1, 2016, 5:02:20 PM12/1/16
to Chris Laprise, Marek Marczykowski-Górecki, Ivan, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-12-01 11:41, Chris Laprise wrote:
> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>
These seem like reasonable ideas to me.
> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>
What about this part?
"ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
Is it possible to state that more clearly?
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYQJ3eAAoJENtN07w5UDAwxRcP/3idN0TKeH6fVL+owMfShG18
YODShZoXwLSzH8rZcD8xtlMqtQNgmhKsKF50OkeN8vsWFvhMTSV2lPbm7CwEbfAa
3h9lI3fKZkgzi3qDWZLCKo3XMguTJCqL7idSvhp8KxuVRZLcO8Afi/Bm5CIDFpZu
vjn3cXE2oK0j2HXbci2RU1LxZUBAfF4bMNelJKcjVHfMg787s/LVLH48drj65O5e
gCfQOeMulLiC4nmI59B5dtbOL1Db3wmSuMhZDWtlSBMspIENqYkE9vyGPUcJAa1d
C19zhwCZyDu89LDBIdrv+GK1MKcFSdu5bsEHhOmqiK6NlG3NHVdA6VB3zL3oA4YJ
+wE+9xDUIMGjifu/LTl3g8GlG8g7A+xf+KFNSaG9abVQqeGhoTtnm8qFpEJbiQZG
MTG9zWW5b0/eV/+iARKmuhAc5OQu12KkNBEND8MfU+EwrUxLexvLkrrfQOj/S9+d
1D5smZgeD/Fh7858eCIGLaiBMp+gk1TliyNLwIIfrY1xuTFdkItV3TO8amslixZz
jgIDQMCiKnjHWT4yeAVPWO6e6zFojCUvP3KYAG6gwU92Jtdeq/biqkAjVOEtcmme
Aujcq9mRrtGk+6apXEcEETRMs88KSwK/DteuI/rsQtod/kEw5IYIEwvDSxXfdCLU
2GjMbX02fUWWezYkfcqM
=bdIP
-----END PGP SIGNATURE-----
Hash: SHA512
On 2016-12-01 11:41, Chris Laprise wrote:
> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>
> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>
"ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
YODShZoXwLSzH8rZcD8xtlMqtQNgmhKsKF50OkeN8vsWFvhMTSV2lPbm7CwEbfAa
3h9lI3fKZkgzi3qDWZLCKo3XMguTJCqL7idSvhp8KxuVRZLcO8Afi/Bm5CIDFpZu
vjn3cXE2oK0j2HXbci2RU1LxZUBAfF4bMNelJKcjVHfMg787s/LVLH48drj65O5e
gCfQOeMulLiC4nmI59B5dtbOL1Db3wmSuMhZDWtlSBMspIENqYkE9vyGPUcJAa1d
C19zhwCZyDu89LDBIdrv+GK1MKcFSdu5bsEHhOmqiK6NlG3NHVdA6VB3zL3oA4YJ
+wE+9xDUIMGjifu/LTl3g8GlG8g7A+xf+KFNSaG9abVQqeGhoTtnm8qFpEJbiQZG
MTG9zWW5b0/eV/+iARKmuhAc5OQu12KkNBEND8MfU+EwrUxLexvLkrrfQOj/S9+d
1D5smZgeD/Fh7858eCIGLaiBMp+gk1TliyNLwIIfrY1xuTFdkItV3TO8amslixZz
jgIDQMCiKnjHWT4yeAVPWO6e6zFojCUvP3KYAG6gwU92Jtdeq/biqkAjVOEtcmme
Aujcq9mRrtGk+6apXEcEETRMs88KSwK/DteuI/rsQtod/kEw5IYIEwvDSxXfdCLU
2GjMbX02fUWWezYkfcqM
=bdIP
-----END PGP SIGNATURE-----
pixel fairy
Dec 1, 2016, 6:15:37 PM12/1/16
to qubes-users, qubes...@googlegroups.com
So this is basically support contracts with some custom coding thrown in? The next step, probably scary to some users, is corporate channels. Have you contacted dell and hp yet?
either way, im happy for this and hope it works!
either way, im happy for this and hope it works!
Chris Laprise
Dec 1, 2016, 6:43:41 PM12/1/16
to Andrew David Wong, Marek Marczykowski-Górecki, Ivan, qubes...@googlegroups.com
On 12/01/2016 05:02 PM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-01 11:41, Chris Laprise wrote:
>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>
> These seem like reasonable ideas to me.
>
>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>
> What about this part?
>
> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>
> Is it possible to state that more clearly?
On the 'funding' page, the ITL section presents the relationship pretty
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-01 11:41, Chris Laprise wrote:
>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>
> These seem like reasonable ideas to me.
>
>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>
> What about this part?
>
> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>
> Is it possible to state that more clearly?
well. But overall presentation could improve... For one, ITL's own
branding is a bit weak and seems to appear only on that one page. If ITL
had stronger branding that would give a greater impression that Qubes
Project is distinct (Qubes branding has gotten pretty good, BTW). Also,
there is no language referencing "non-profit" or "foundation", which is
the organizational language that is familiar to potential donors.
One other thing I feel is missing is an 'About' section that could
describe Qubes' story as a project that started at ITL and evolved. Its
not the same thing as what 'funding' and 'team' describe. 'About' could
be its own page or merely a section of 'intro' or 'team'.
In the short term, the best thing would be to start a periodic
announcement asking for donations. Other projects (which we are all
familiar with) engage in this important form of signaling to their users.
Re: The Newsletter idea, let me know if you would like help with that.
Chris
Marek Marczykowski-Górecki
Dec 1, 2016, 7:27:57 PM12/1/16
to Ilpo Järvinen, Andrew David Wong, qubes...@googlegroups.com, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, Dec 01, 2016 at 09:40:58PM +0200, Ilpo Järvinen wrote:
> On Wed, 30 Nov 2016, Andrew David Wong wrote:
>
> > Commercial editions of Qubes OS will be customized to meet special corporate
> > requirements. For example, two features that might be particularly
> > attractive to corporate customers are (1) "locking down" dom0 in order
> > to separate the user and administrator roles
>
> I suppose this implies there is unlikely to be support for multi-user
> environment for a shared computer any time soon except for commercial
> users (e.g., within a family with one of the user effectively having
> a sort of "administator role" and the other users would have less
> priviledges)?
That's right. We (as core Qubes OS team) don't plan to work on this
anytime soon in open source version.
> If yes, are the core devs/maintainers going to actively oppose
> inclusion of feature(s) which would make the multi-user case
> easier/feasible if it is provided by somebody from community?
> I suppose it could be seen overlapping functionality and
> therefore rejected on technical grounds (or it might be even
> thought to deincentivize from getting the commercial version).
>
> I understand the economical realities, so please don't take this
> as complaining of any sort, I'm just asking what is the expected
> position here.
I think both use cases still differ significantly. One is mostly about
protecting system configuration (maybe with addition of remote
attestation, or sth like this?), the other one is about protecting data
of other user(s). Some technical means may be the same, but I think not
all. And I think it's ok to accept contributions about one use case,
even if somehow overlap with the other. Of course if done properly.
Also note that the above mentioned examples are just examples. Actual
features will depend on customers needs.
But to answer more generic question: we can't stop anyone from
implementing the same features as in commercial version, and announcing
it anywhere. This is how open source works (which is great that we have
this freedom!). But we'd like to ask the community to not compromise the
business model - as explained above I think the use cases are different
and this shouldn't conflict with the goals of Qubes OS as the open
source project.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJYQMAHAAoJENuP0xzK19csjrkH/0hiyaEPYhPH/crEBATApFuE
+WX9umAKibeRbotaEDkY6o9vm92zoVKY1pSewbWMgXxQMKwIjCFfrsBYSH+PRYUD
Id9ES0uARuXMxNnEtZ2+B43DLngMOXtbZfb3LtGG4dq1WRFMRfZyUM82lNq+hPq8
OET+847PPdJ36TOZs+FgdeyW9xfFdmGU7mKavsv/iaunNou68NEOlxd6WEP27beA
w1S/5j8LyiOCfUPwGhVoKIVYCbGzAkE1RlJaSR8iwKe/Dl6PYNkjtB2WKVSfeIHL
cx3JIXiUP4z0skzXW3HoxhUYeEycDZtSTruD0E8PPcoHodBblXOfmpjCXBSc6nM=
=KiiL
-----END PGP SIGNATURE-----
Hash: SHA256
On Thu, Dec 01, 2016 at 09:40:58PM +0200, Ilpo Järvinen wrote:
> On Wed, 30 Nov 2016, Andrew David Wong wrote:
>
> > Commercial editions of Qubes OS will be customized to meet special corporate
> > requirements. For example, two features that might be particularly
> > attractive to corporate customers are (1) "locking down" dom0 in order
> > to separate the user and administrator roles
>
> I suppose this implies there is unlikely to be support for multi-user
> environment for a shared computer any time soon except for commercial
> users (e.g., within a family with one of the user effectively having
> a sort of "administator role" and the other users would have less
> priviledges)?
anytime soon in open source version.
> If yes, are the core devs/maintainers going to actively oppose
> inclusion of feature(s) which would make the multi-user case
> easier/feasible if it is provided by somebody from community?
> I suppose it could be seen overlapping functionality and
> therefore rejected on technical grounds (or it might be even
> thought to deincentivize from getting the commercial version).
>
> I understand the economical realities, so please don't take this
> as complaining of any sort, I'm just asking what is the expected
> position here.
protecting system configuration (maybe with addition of remote
attestation, or sth like this?), the other one is about protecting data
of other user(s). Some technical means may be the same, but I think not
all. And I think it's ok to accept contributions about one use case,
even if somehow overlap with the other. Of course if done properly.
Also note that the above mentioned examples are just examples. Actual
features will depend on customers needs.
But to answer more generic question: we can't stop anyone from
implementing the same features as in commercial version, and announcing
it anywhere. This is how open source works (which is great that we have
this freedom!). But we'd like to ask the community to not compromise the
business model - as explained above I think the use cases are different
and this shouldn't conflict with the goals of Qubes OS as the open
source project.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
+WX9umAKibeRbotaEDkY6o9vm92zoVKY1pSewbWMgXxQMKwIjCFfrsBYSH+PRYUD
Id9ES0uARuXMxNnEtZ2+B43DLngMOXtbZfb3LtGG4dq1WRFMRfZyUM82lNq+hPq8
OET+847PPdJ36TOZs+FgdeyW9xfFdmGU7mKavsv/iaunNou68NEOlxd6WEP27beA
w1S/5j8LyiOCfUPwGhVoKIVYCbGzAkE1RlJaSR8iwKe/Dl6PYNkjtB2WKVSfeIHL
cx3JIXiUP4z0skzXW3HoxhUYeEycDZtSTruD0E8PPcoHodBblXOfmpjCXBSc6nM=
=KiiL
-----END PGP SIGNATURE-----
Kopimi Security
Dec 2, 2016, 2:17:16 PM12/2/16
to qubes-users, qubes...@googlegroups.com
On Thursday, December 1, 2016 at 12:56:11 AM UTC+1, Andrew David Wong wrote:
> Unfortunately, the financial necessity of shifting our priorities to commercial
> clients will mean that we have less time to work on features that benefit the
> wider, security-minded open source community, which has been our focus for the
> past seven years. This deeply saddens us. (We all use Qubes on our personal
> computers too!) However, the reality is that ITL can't afford to sustain the
> open source development of Qubes for much longer. We're running out of time.
>
> In an attempt to keep the open source development of Qubes going, we've teamed
> up with Open Collective [07], which makes it easier to donate to the Qubes
> project. Now, in addition to our Bitcoin fund [08], we can also accept
> donations via credit card. ITL will not benefit from of any of the money donated
> through Open Collective. Instead, the funds will be paid directly to individual
> developers who have been hired to work on the open source edition of Qubes.
I'm excited about this, and wish to support Qubes.
> Unfortunately, the financial necessity of shifting our priorities to commercial
> clients will mean that we have less time to work on features that benefit the
> wider, security-minded open source community, which has been our focus for the
> past seven years. This deeply saddens us. (We all use Qubes on our personal
> computers too!) However, the reality is that ITL can't afford to sustain the
> open source development of Qubes for much longer. We're running out of time.
>
> In an attempt to keep the open source development of Qubes going, we've teamed
> up with Open Collective [07], which makes it easier to donate to the Qubes
> project. Now, in addition to our Bitcoin fund [08], we can also accept
> donations via credit card. ITL will not benefit from of any of the money donated
> through Open Collective. Instead, the funds will be paid directly to individual
> developers who have been hired to work on the open source edition of Qubes.
My first thoughts are "How can Qubes reach a broader community", and "Can the HOWTO's be made more approachable?".
For example, the section 'assigning-devices' on the /doc/, didn't get into how to actually use a mouse with a sys-usb qube, before at the very end.
And there, the way it was written gave the impression of giving the answer almost as an afterthought, as if it should have been obvious to everybody.
As such, it reads as it was written by somebody "too close to the problem".
Somebody being so familiar with the system that outsiders' inability to grasp the "obvious", escapes him. Or her.
This is not a unique issue for ITL though, the same problem pops up everywhere when highly technical minded people try to convey something to people who just wants to be *users*!
So that's what I'm thinking, maybe it would be good for the "evangelization" of Qubes to make some very simple, brief, and to-the-point videos and howto's?
Andrew David Wong
Dec 3, 2016, 3:55:02 AM12/3/16
to Chris Laprise, Marek Marczykowski-Górecki, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-01 15:43, Chris Laprise wrote:
> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>> On 2016-12-01 11:41, Chris Laprise wrote:
>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>
>> These seem like reasonable ideas to me.
>>
>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>
>> What about this part?
>>
>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>
>> Is it possible to state that more clearly?
>
> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>> On 2016-12-01 11:41, Chris Laprise wrote:
>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>
>> These seem like reasonable ideas to me.
>>
>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>
>> What about this part?
>>
>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>
>> Is it possible to state that more clearly?
>
> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
> If ITL had stronger branding that would give a greater impression that Qubes Project is distinct (Qubes branding has gotten pretty good, BTW).
> Also, there is no language referencing "non-profit" or "foundation", which is the organizational language that is familiar to potential donors.
>
> One other thing I feel is missing is an 'About' section that could describe Qubes' story as a project that started at ITL and evolved. Its not the same thing as what 'funding' and 'team' describe. 'About' could be its own page or merely a section of 'intro' or 'team'.
>
> In the short term, the best thing would be to start a periodic announcement asking for donations. Other projects (which we are all familiar with) engage in this important form of signaling to their users.
>
> Re: The Newsletter idea, let me know if you would like help with that.
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
nacnF8lgYx7jhJ8Ud4idgOK3twMwkCgn3Iax4CDaV32wR/P5/dhNKWotybUiIewh
ZBgbpdxmK3NCdFpwwGFeaJXo5h+LlKsTSTHo4yjXeNX9r/JxRBaubOwE5mnfzs5o
3CHHONGn3zU/bExIc1BV4lu8zI4S7Nrc19DiYqQPHMt0YL7JRzfMfDmR18BKvLU4
dH5eKYt2xXk5agRpARPaXIewsUtggFmirUXt/3OeOQNvppAA8yFzPi+8JakCiGtp
8d9ahVqx/ff2gD2H2Py3oe/s0+Gp1NSCJmKhep131VRmG51KDQcj/42perPcBQfM
TY+tIqPPwDD3FHavMhmdsnFfJEqYNpghQrJH8CcvBhDwZz54XxPMWZkKIGZIhFzY
1ITYygS5OIRLPVry8Q1CsG6nVR1T5AFG0wuEC7VBRLbDedJEF7Esj/PiSFUb6FLd
7+4NfTn5wuhNGHUkchvdnKtCZjTPkk81bMyEPURT5u5S5oc4HMgapkdSxoK3mKGS
7wvNJANByjkKd2IslVAyhgjx6fyxlYoQQ+MrxGb3hddCjeejQaRrz8CnH3jD2VdM
vYqcpOZjbK7CF1Lcj2NMw/VA3tWiJRppy11pWcyptcsK2j/fBZ8K43lKvI4UEQVR
7hWj5NNu+djRz9nwZiMk
=XbRl
-----END PGP SIGNATURE-----
Message has been deleted
Grzesiek Chodzicki
Dec 3, 2016, 8:07:49 AM12/3/16
to qubes-users, qubes...@googlegroups.com
This is a wonderful idea, there are about 20k Qubes users out there, if we al give you guys an equivalent of Windows license price you should be set for a millenium. I'd also love to see some Qubes merchandise available to buy so I can up my swag game while simultaneously contributing funds.
Also, you forgot to post this to qubes-announce Andrew.
Also, you forgot to post this to qubes-announce Andrew.
Chris Laprise
Dec 3, 2016, 4:20:56 PM12/3/16
to Andrew David Wong, Marek Marczykowski-Górecki, qubes...@googlegroups.com
On 12/03/2016 03:54 AM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-01 15:43, Chris Laprise wrote:
>> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>>> On 2016-12-01 11:41, Chris Laprise wrote:
>>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>>
>>> These seem like reasonable ideas to me.
>>>
>>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>>
>>> What about this part?
>>>
>>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>>
>>> Is it possible to state that more clearly?
>> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
> Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
My thrust is that people will feel more comfortable and eager with
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-01 15:43, Chris Laprise wrote:
>> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>>> On 2016-12-01 11:41, Chris Laprise wrote:
>>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>>
>>> These seem like reasonable ideas to me.
>>>
>>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>>
>>> What about this part?
>>>
>>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>>
>>> Is it possible to state that more clearly?
>> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
> Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
donating if Qubes Project exists as a very separate entity from its
for-profit progenitor. With core ITL staff doing the major work it
leaves the impression they are indistinct. Someone who is familiar with
the relationship between Redhat and Fedora, or Canonical and Ubuntu, may
not easily recognize a similar relationship with ITL and Qubes.
But this is by no means the biggest funding issue. Qubes will have to do
solicitation via email, lists, twitter, etc. and should consider
offering merchandise (decals, sweatshirts, etc) that Qubes users can
flaunt while helping the project's finances. :)
Chris
Andrew David Wong
Dec 4, 2016, 3:37:01 AM12/4/16
to Grzesiek Chodzicki, qubes-users, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-03 05:07, Grzesiek Chodzicki wrote:
> This is a wonderful idea, there are about 20k Qubes users out there, if we al give you guys an equivalent of Windows license price you should be set for a millenium. I'd also love to see some Qubes merchandise available to buy so I can up my swag game while simultaneously contributing funds.
>
Thanks! The merchandise ideas has been discussed internally, but we've decided not to pursue that option at this time.
> This is a wonderful idea, there are about 20k Qubes users out there, if we al give you guys an equivalent of Windows license price you should be set for a millenium. I'd also love to see some Qubes merchandise available to buy so I can up my swag game while simultaneously contributing funds.
>
> Also, you forgot to post this to qubes-announce Andrew.
>
https://www.qubes-os.org/mailing-lists/#qubes-announce
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
CSe0lFuLCbnjQiPH34ygV7oRGAoi5Tmqg/AEnxczpmy9hNZ/TYYHx85h1nwa3T7Z
hhE+8jJgPHsvtpBV37GZwSl/IG0YyUInQ0yaEwCSKFDNGSkb5kn/mWdF3745QgNe
tIn5cyHF5skswcFwxh+6TJFnIN9sAiHbDvqHNbNb5lyFShxyBklt55hmybzZ+2Y8
qopYmMR4MYYRBuzeKx4PPqfBF4+uEHEA9jQzpQBxclpSY4MPGOvgt0gBs+OPBWLG
VGdgcL2yzZIz5667YEO1NVu3FIlKH0B7128tcYEBV5wGTi0KNud7T7kVNSP5Qbvz
BTbaYpri8U/I+i1djHb9aHXkGzMn7oXznwOgCfFJ31YQivjym/E3c/j7ChRqNg0d
FcEQ3Qljz/Qn7LgO94Oj074sFTgBcjKb7pudfByMw1LJrdskCsdiDAGk2u30bLXP
/0l9QRC046NfEjEhVFHZqBpEqEoPiXMDizIy6antlyZx5BrlnIOv1iqETV4gUxaa
WKZx1GTWFZISsGqhPIjGtiO+WLDvhC0QoAzU0dBgxM+4/W3WmP64V1bv4PB5Achf
eYX46kT8SDMLJSVGlD7GQJYpVdbdAUZJfL1TgVTu1+l2xqWRV9F7pzRs5XopmQOX
X33rxAH+Bhc4yM7i41Uv
=GeRw
-----END PGP SIGNATURE-----
Andrew David Wong
Dec 4, 2016, 3:41:29 AM12/4/16
to Chris Laprise, Marek Marczykowski-Górecki, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-03 13:20, Chris Laprise wrote:
> On 12/03/2016 03:54 AM, Andrew David Wong wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> On 2016-12-01 15:43, Chris Laprise wrote:
>>> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>>>> On 2016-12-01 11:41, Chris Laprise wrote:
>>>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>>>
>>>> These seem like reasonable ideas to me.
>>>>
>>>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>>>
>>>> What about this part?
>>>>
>>>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>>>
>>>> Is it possible to state that more clearly?
>>> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
>> Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
>
> My thrust is that people will feel more comfortable and eager with donating if Qubes Project exists as a very separate entity from its for-profit progenitor. With core ITL staff doing the major work it leaves the impression they are indistinct. Someone who is familiar with the relationship between Redhat and Fedora, or Canonical and Ubuntu, may not easily recognize a similar relationship with ITL and Qubes.
>
Right, but I'm sure we can all agree if the ITL devs were to stop doing the major work on Qubes, it would be the end of Qubes development. So, giving that impression is surely a worthwhile price to pay to keep Qubes alive.
> On 12/03/2016 03:54 AM, Andrew David Wong wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> On 2016-12-01 15:43, Chris Laprise wrote:
>>> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>>>> On 2016-12-01 11:41, Chris Laprise wrote:
>>>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>>>
>>>> These seem like reasonable ideas to me.
>>>>
>>>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>>>
>>>> What about this part?
>>>>
>>>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>>>
>>>> Is it possible to state that more clearly?
>>> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
>> Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
>
> My thrust is that people will feel more comfortable and eager with donating if Qubes Project exists as a very separate entity from its for-profit progenitor. With core ITL staff doing the major work it leaves the impression they are indistinct. Someone who is familiar with the relationship between Redhat and Fedora, or Canonical and Ubuntu, may not easily recognize a similar relationship with ITL and Qubes.
>
> But this is by no means the biggest funding issue. Qubes will have to do solicitation via email, lists, twitter, etc.
> and should consider offering merchandise (decals, sweatshirts, etc) that Qubes users can flaunt while helping the project's finances. :)
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
95EsCtc474SZiz3SNoRVV8hUunBJsrHFEqlu8WbLlSQnpP39Eyz4qgw9TMON5RaS
RT0O9Wd3Xm9PJ5nioXisBPf1JQ0isYgAx8L3XQG357yDLpLI35lDadxj05AT/VaZ
aVbVgANk3enTixNjZbpm7Hv22Tu0v0Z7ZEKk5fJ/cvLS8p2gcuv/2Fnt+nQwJKnA
cFba48aIM8TOQ3DJnCbpDUlUpB3YMSNtgl8N3s3Dt4tir5GSeoSt8mnAc7JGKqsu
/TeyORypzgkZzOkQ1tgwvM+okEhH8Vv4snJ/SdxWtGYptrS9+7ITvXPnHHUh4BZD
sn5kxp4CJRU2XNuefiEKVFjL/E2T8ct2EF9BGOMYKt6GEpRphIBaFZTssulUoe/U
ztQ89fnktZ+6bIoEbEEtOJ/UqNYHd8vP3kOfN470M38UH1Qh0BBlR/r7Wq3j+ZNK
iivP8y6XInjfpaHSuIIsBoZMJFygZVE3qlfRnf2NkhUpmKqCto9CBflNhYoGe56u
ku5anUv2rdehRhfXy9YKXIBpouZtaJmqTrle+g4SuQmubvx7CTcGgu4KRR2uNQJ9
IbXk1jvfl0OfN2s7KauQYnCwiyJLEvFIpnNuGjs6quLg2A/IIxYbwQogJQlZwsQu
clHTysPnaOx9VzMW/9R2
=HR5K
-----END PGP SIGNATURE-----
Chris Laprise
Dec 4, 2016, 9:22:33 AM12/4/16
to Andrew David Wong, Marek Marczykowski-Górecki, qubes...@googlegroups.com
On 12/04/2016 03:41 AM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-03 13:20, Chris Laprise wrote:
>> On 12/03/2016 03:54 AM, Andrew David Wong wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> On 2016-12-01 15:43, Chris Laprise wrote:
>>>> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>>>>> On 2016-12-01 11:41, Chris Laprise wrote:
>>>>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>>>>
>>>>> These seem like reasonable ideas to me.
>>>>>
>>>>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>>>>
>>>>> What about this part?
>>>>>
>>>>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>>>>
>>>>> Is it possible to state that more clearly?
>>>> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
>>> Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
>> My thrust is that people will feel more comfortable and eager with donating if Qubes Project exists as a very separate entity from its for-profit progenitor. With core ITL staff doing the major work it leaves the impression they are indistinct. Someone who is familiar with the relationship between Redhat and Fedora, or Canonical and Ubuntu, may not easily recognize a similar relationship with ITL and Qubes.
>>
> Right, but I'm sure we can all agree if the ITL devs were to stop doing the major work on Qubes, it would be the end of Qubes development. So, giving that impression is surely a worthwhile price to pay to keep Qubes alive.
I certainly wasn't trying to suggest the devs are an obstacle. Only that
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-03 13:20, Chris Laprise wrote:
>> On 12/03/2016 03:54 AM, Andrew David Wong wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> On 2016-12-01 15:43, Chris Laprise wrote:
>>>> On 12/01/2016 05:02 PM, Andrew David Wong wrote:
>>>>> On 2016-12-01 11:41, Chris Laprise wrote:
>>>>>> I share Ivan's concern about asking for donations. The style should be more forward, with periodic donation drives (say 3X a year) that are prominently featured on the qubes-os.org front page (and a link from the github page, too). Many organizations also use email newsletters as a funding-drive tool, since it can contain requests for donations in the same vehicle that contains interesting information (not every Qubes user will want to keep monitoring the mailing lists).
>>>>>>
>>>>> These seem like reasonable ideas to me.
>>>>>
>>>>>> There should also be a stronger sense conveyed of the object of the donations--The Qubes Project as separate from ITL--so people don't think they are being asked to donate to a for-profit corp.
>>>>>>
>>>>> What about this part?
>>>>>
>>>>> "ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
>>>>>
>>>>> Is it possible to state that more clearly?
>>>> On the 'funding' page, the ITL section presents the relationship pretty well. But overall presentation could improve... For one, ITL's own branding is a bit weak and seems to appear only on that one page.
>>> Hm, I'm not sure what you mean. ITL appearing only on that page of the Qubes website is entirely intentional. The idea is that ITL is only one among many sponsors of the Qubes project. (Even though, historically, ITL and the Qubes project have an extremely close relationship, we'd like the Qubes project to become more of an independent, self-sufficient entity in the future.)
>> My thrust is that people will feel more comfortable and eager with donating if Qubes Project exists as a very separate entity from its for-profit progenitor. With core ITL staff doing the major work it leaves the impression they are indistinct. Someone who is familiar with the relationship between Redhat and Fedora, or Canonical and Ubuntu, may not easily recognize a similar relationship with ITL and Qubes.
>>
> Right, but I'm sure we can all agree if the ITL devs were to stop doing the major work on Qubes, it would be the end of Qubes development. So, giving that impression is surely a worthwhile price to pay to keep Qubes alive.
people have gotten used to core sponsorships from well-defined brands
with polished communications.
Chris
Matteo
Dec 4, 2016, 12:40:37 PM12/4/16
to qubes...@googlegroups.com
it works (my idea was to open a keylogger on windows and qubes and show
the differences)
here the discussion, some things must be fixed (too long intro, some off
topic things...)
https://groups.google.com/forum/#!msg/qubes-devel/I4lTrYnxKHE/CXxGVIouBwAJ
because many times i hear people say "why qubes and not this or that",
people simply don't understand that for example tails and qubes are two
completly different os with different tasks.
also they see just two coloured windows they don't understand why having
colour improve the security.
Patrick Bouldin
Dec 4, 2016, 4:50:46 PM12/4/16
to qubes-users, qubes...@googlegroups.com
I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
As a relatively new user I'm concerned about investing more time in this and it not progressing.
Thanks,
Patrick
Dallas, Texas
Andrew David Wong
Dec 5, 2016, 3:53:05 AM12/5/16
to Patrick Bouldin, qubes-users, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-04 13:50, Patrick Bouldin wrote:
> Andrew,
>
> I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
>
> Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
>
> As a relatively new user I'm concerned about investing more time in this and it not progressing.
>
> Thanks,
> Patrick
> Dallas, Texas
>
As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money. All from donated funds should be transparently visible to everyone on our Open Collective page.
> Andrew,
>
> I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
>
> Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
>
> As a relatively new user I'm concerned about investing more time in this and it not progressing.
>
> Thanks,
> Patrick
> Dallas, Texas
>
Does this address your concern?
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
x4o04p36NtNEvycrQ3GrjVl1o36BRG1VRxC2/IGT2zJVFrL6hRcwAfq2EAW3nITZ
sgVHtblyr45y4sKvm0ZXCBnIGIt04yo/6gy40enLuy7lz4HHY5xXsyxvui1M7/zW
LyLgWdIcNbBhhwYz/8sCp5yZxJX7a5gMiumNxa74b6fwPa7bMi83w67k1JDbduVJ
VO54Kkf/JTc28BWdEIGRYJ/k+1APibRq6RNRbTCGs6JQWHK2Z8ZIW3a7HBr8eW38
u2N+BSmzF1iKzlcBimK6K25ERQRaQuW0q5BdfjEmHKDarMrBQ2YnAyVUjBbLDdDy
tcMlt9M3xbnlwnXP62S7/2qdmqKl40/tJ/Y61kK3uVhaetJ/U2AOVkQI+f1CFKGy
s1eT7/gSm2C9oafcFzPWWvRzB9HMFDUpU7gQ6+kvxx1PJtJx4J2/oGiz+VVp1cQ5
1LjwZMVaDfrmHlAiN4y/UM4LLK7pWkLrbUhBSh6GvO/AIyd7+XA+Y3Ps/gtiKegd
VoYLpQ64MBdAw4YOfcx9+IRVtAGGRhHMjY+pu91SJpNJ7rCJKHbvuhCEF3X+Yq+0
uVxivVOOCB7KNjqqFrn6MpTY4r0/u9Pdk0YAfMVVRKcICHRUu5MwIrCc9BMduAMG
ocLaz94qaDRirvjNZJRR
=0cWy
-----END PGP SIGNATURE-----
Ivan
Dec 5, 2016, 5:41:05 AM12/5/16
to qubes...@googlegroups.com
Hi Andrew,
On 12/05/2016 10:52 AM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-04 13:50, Patrick Bouldin wrote:
>> Andrew,
>>
>> I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
>>
>> Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
>>
>> As a relatively new user I'm concerned about investing more time in this and it not progressing.
>>
>> Thanks,
>> Patrick
>> Dallas, Texas
>>
>
> As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money. All from donated funds should be transparently visible to everyone on our Open Collective page.
From Marek's answers to my questions (thanks BTW !) and from what I
read from follow-up posts by fellow users, I don't think it was clear
who would work on the open source edition, hence those questions from
the OP, from Chris Laprise, ...
The original post mentioned hiring a dev - but I thought it was because
of the amount of work to do *in addition* to ITL's (should there be
enough community funding/donations, of course), and not because of
having/wanting a clear separation, like you just answered
(ITL=commercial version, hired dev(s)=open source version).
WRT my concern that a large donor could steer the project in unwanted
directions Marek answered that it wouldn't be the case. If there is such
a separation between ITL and the open source version, who gets to decide
what is implemented, what is not (or vetoed), and how tasks ("expenses"
in Open Collective) are prioritized/chosen ? I expect it would be ITL's
staff, but it's not mentioned anywhere yet.
Along a similar vein, will there be some review of the code produced by
said hired developer ? A fair concern - if that's not a well known Qubes
dev - is to ensure that the design, code quality, ... is just as good as
what it is now.
After reading Open Collective's FAQ, IIUC the 2 things Open Collective
provides is (1) an easy way to send donations and (2) transparency about
how donations are used ("expenses"), which comes at a cost of 10% +
paypal fees (3% or so). Isn't that amount overkill if a developer is
hired full time ? I mean, wouldn't it be simpler to send money to a
paypal account (ITL's or anybody people would trust), which would then
pay the developer ? Tracking allocated and then spent time (= money) -
for instance with github - should be easy.
Don't get me wrong, I fully understand the economic realities ITL faces
and the choice made to work on a commercial/corporate version. But
there's a real need for more clarity about how the whole thing WRT the
"open source" version will be organized, which will surely help with the
amount of donations.
Cheers,
Ivan
On 12/05/2016 10:52 AM, Andrew David Wong wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 2016-12-04 13:50, Patrick Bouldin wrote:
>> Andrew,
>>
>> I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
>>
>> Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
>>
>> As a relatively new user I'm concerned about investing more time in this and it not progressing.
>>
>> Thanks,
>> Patrick
>> Dallas, Texas
>>
>
> As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money. All from donated funds should be transparently visible to everyone on our Open Collective page.
read from follow-up posts by fellow users, I don't think it was clear
who would work on the open source edition, hence those questions from
the OP, from Chris Laprise, ...
The original post mentioned hiring a dev - but I thought it was because
of the amount of work to do *in addition* to ITL's (should there be
enough community funding/donations, of course), and not because of
having/wanting a clear separation, like you just answered
(ITL=commercial version, hired dev(s)=open source version).
WRT my concern that a large donor could steer the project in unwanted
directions Marek answered that it wouldn't be the case. If there is such
a separation between ITL and the open source version, who gets to decide
what is implemented, what is not (or vetoed), and how tasks ("expenses"
in Open Collective) are prioritized/chosen ? I expect it would be ITL's
staff, but it's not mentioned anywhere yet.
Along a similar vein, will there be some review of the code produced by
said hired developer ? A fair concern - if that's not a well known Qubes
dev - is to ensure that the design, code quality, ... is just as good as
what it is now.
After reading Open Collective's FAQ, IIUC the 2 things Open Collective
provides is (1) an easy way to send donations and (2) transparency about
how donations are used ("expenses"), which comes at a cost of 10% +
paypal fees (3% or so). Isn't that amount overkill if a developer is
hired full time ? I mean, wouldn't it be simpler to send money to a
paypal account (ITL's or anybody people would trust), which would then
pay the developer ? Tracking allocated and then spent time (= money) -
for instance with github - should be easy.
Don't get me wrong, I fully understand the economic realities ITL faces
and the choice made to work on a commercial/corporate version. But
there's a real need for more clarity about how the whole thing WRT the
"open source" version will be organized, which will surely help with the
amount of donations.
Cheers,
Ivan
Andrew David Wong
Dec 5, 2016, 7:33:47 AM12/5/16
to Ivan, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-05 02:41, Ivan wrote:
> Hi Andrew,
>
> On 12/05/2016 10:52 AM, Andrew David Wong wrote:
>> On 2016-12-04 13:50, Patrick Bouldin wrote:
>>> Andrew,
>>>
>>> I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
>>>
>>> Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
>>>
>>> As a relatively new user I'm concerned about investing more time in this and it not progressing.
>>>
>>> Thanks,
>>> Patrick
>>> Dallas, Texas
>>>
>>
>> As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money. All from donated funds should be transparently visible to everyone on our Open Collective page.
>
> From Marek's answers to my questions (thanks BTW !) and from what I read from follow-up posts by fellow users, I don't think it was clear who would work on the open source edition, hence those questions from the OP, from Chris Laprise, ...
So, the question is: "Who would work on the open source edition of Qubes?"
> Hi Andrew,
>
> On 12/05/2016 10:52 AM, Andrew David Wong wrote:
>> On 2016-12-04 13:50, Patrick Bouldin wrote:
>>> Andrew,
>>>
>>> I'm very willing to donate - and well noted that you all will continue to update the core changes in the public domain. I do understand the why, the what and the dollars for the change - however, will there be anyone left to work on the core, for the sake of the core? Just wondering where the donation dollars will be going. I ask because I agree with the person noting 20,000 current licenses. If we all sent in $100 US each then that's $2 million US.
>>>
>>> Is it possible to set up some separation of funding to ensure each group is getting what they want? Set up the public funding better with separate marketing, and let that fund improvements for the public domain (not just maintenance and slight core improvements) - and then fund your corporate goals using the methods you mentioned.
>>>
>>> As a relatively new user I'm concerned about investing more time in this and it not progressing.
>>>
>>> Thanks,
>>> Patrick
>>> Dallas, Texas
>>>
>>
>> As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money. All from donated funds should be transparently visible to everyone on our Open Collective page.
>
> From Marek's answers to my questions (thanks BTW !) and from what I read from follow-up posts by fellow users, I don't think it was clear who would work on the open source edition, hence those questions from the OP, from Chris Laprise, ...
This question can be disambiguated in many different ways. I'll try to anticipate some of the likely intended meanings and to answer them to the best of my ability.
"Which developer(s) would work on the open source edition of Qubes? (I.e., what are their names?)"
Answer: We don't know yet.
"Would any/all of the current ITL devs continue to work on the open source edition of Qubes?"
Answer: Probably, but it depends on how much of their time is demanded by corporate clients. (But remember that any changes to core code will remain open source, so it's quite likely that they will, at least indirectly.)
"Would any/all of the current non-ITL devs continue to work on the open source edition of Qubes?"
Answer: Probably, but it depends on what they want to do, how much gets donated, and therefore how much money is available to pay them.
"Would *any* developer(s) work on the open source edition of Qubes?"
Answer: I certainly hope so, but again, it depends on how much money is available to pay anyone.
> The original post mentioned hiring a dev - but I thought it was because of the amount of work to do *in addition* to ITL's (should there be enough community funding/donations, of course), and not because of having/wanting a clear separation, like you just answered (ITL=commercial version, hired dev(s)=open source version).
>
"ITL will not benefit from of any of the money donated through Open Collective. Instead, the funds will be paid directly to individual developers who have been hired to work on the open source edition of Qubes."
And here's the answer I just gave:
"As mentioned in the announcement, all donations made via Open Collective will be paid directly to developers who have been hired to work on the open source edition of Qubes. ITL will not see or benefit from any of that money."
> WRT my concern that a large donor could steer the project in unwanted directions Marek answered that it wouldn't be the case. If there is such a separation between ITL and the open source version, who gets to decide what is implemented, what is not (or vetoed), and how tasks ("expenses" in Open Collective) are prioritized/chosen ? I expect it would be ITL's staff, but it's not mentioned anywhere yet.
> Along a similar vein, will there be some review of the code produced by said hired developer ? A fair concern - if that's not a well known Qubes dev - is to ensure that the design, code quality, ... is just as good as what it is now.
> After reading Open Collective's FAQ, IIUC the 2 things Open Collective provides is (1) an easy way to send donations and (2) transparency about how donations are used ("expenses"), which comes at a cost of 10% + paypal fees (3% or so). Isn't that amount overkill if a developer is hired full time ? I mean, wouldn't it be simpler to send money to a paypal account (ITL's or anybody people would trust), which would then pay the developer ? Tracking allocated and then spent time (= money) - for instance with github - should be easy.
> Don't get me wrong, I fully understand the economic realities ITL faces and the choice made to work on a commercial/corporate version. But there's a real need for more clarity about how the whole thing WRT the "open source" version will be organized, which will surely help with the amount of donations.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
jAKO1Yl7t4zzKtUw74le7rLbmxTY2d7bg25fxZhzUFP0/0ZlgSaKAWyzoKOEJ2bc
M45PkO/SIG0xyDqAtaCTz1rFKXbaSUTrP43vv1zH10jOh6VPWp9DMdrWkYm+z0M6
vnLrFZe3ih/R2uCQhvM6FDIoM4Wie6zUkldBz0vapLi15Y4RQM1rTesP7ZhgtIyn
eAW05xXMKAZbwo7iThp1SLxQUMc8ingyauGVa99+VyqYntIkU/SriHtSEPPoyPX+
cqXEqjxKJDqElAAkQTx7YCToF6tGXRoi6UPqoH3dv4UiJTzZH5aLyiN89cuMwIYc
iqDPZn/M93PnzBdERAQhHPK+saLacejRn60dVc5nCOq81kxmWO580YrpPhIbfhPa
rGbQIn31kO+JcFuCUDy+mEkvv5RYdwgJMD2OpahXl40i0Y6nRmRz83hTDvfBW+k6
su8o4BZ7MJzfOs8B9CQTKCrqn33ZPe5mCHX9LPt1QT6hOjSDS1h70rbo64WIBmGq
swzapNzgkuRi8gFOi3jQWvrrHoIRUOwZVdNQoBdCEgbJCuLNEUpOwTSKDchHzokh
FRluWW5UQXlTQ/yaS5YtSaWkmXNTe+EDaVml/xIV2eY0XN7Q/1B2d19WPOq3FD8U
BJGMaXnafB0XjnMVXWIw
=JYWz
-----END PGP SIGNATURE-----
Ivan
Dec 5, 2016, 8:24:29 AM12/5/16
to qubes...@googlegroups.com
> I hope this helped to clear things up a bit.
IMHO those "questions & answers" as well as some of Marek's answers to
my first post should be mentioned on the website, as I'm sure I'm not
the only one who was a bit confused.
Ivan
Patrick Bouldin
Dec 5, 2016, 12:18:33 PM12/5/16
to qubes-users, qubes...@googlegroups.com
On Wednesday, November 30, 2016 at 6:56:11 PM UTC-5, Andrew David Wong wrote:
Thanks,
Patrick
Dallas, TX
Grzesiek Chodzicki
Dec 5, 2016, 5:01:55 PM12/5/16
to qubes-users, grzegorz....@gmail.com, qubes...@googlegroups.com
Andrew David Wong
Dec 5, 2016, 8:51:30 PM12/5/16
to Ivan, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
2Zi6lD9Lif8uxjQqrwD1oj15rJPE/SlO5weeHXbGWKriUDquiGupuyPXpqlcWn1f
CPvKGK5XZrcduPwhxCIakWtdE6h7x3P2BcDaiss009b6F7qEWm3KUdLpgx1a2ixr
8pEdrnz95YoF75k1p7GieMctjrlhc2BSnToGh7izOcz1My1j9AWb4vtRgTAvtcWg
hyNgIvElUjIUuIb9TYl3rR5Qjirb8AiNr41Gs0WK0YoXAYQfqB227oLfxDf6O5kQ
aqyONUNavelFmt9/ThvpZdpMjB+8YTe2DEjUW75CYmIIQmsz3z8F6cKWtc2NyY3A
FREtqsYzzmUGOj8jRLodPZ7etjpgpU74zg2QhrijIK5FhdDSzFiF0RHsipT4GwHn
aQedZXAGR+yyflPCWhU+yHClqE+VWJdChFZ+JysGE0kcsyhbmj1BhMCnQbuk5iJS
Za62FPHuF54MW0vTd4nYXzHXWOuGMC6NETe4m66CsLoJQhmpRQjNpm+33AmlMtu6
PKt4WqtCdeeOCRoGgNQ0HPdMJFm7fLw/B+nbNpYDhP1Vz1Eh60mzMWc4R73B4hvx
Dcz5dq50C6q+LaTsCYjqRTTOlgu/9XviSvvbo1ZJhQ9nApYJ/H2cGW/q05n1KkXG
3CyhV9GD8jMLgWGn7VAh
=yaGl
-----END PGP SIGNATURE-----
Andrew David Wong
Dec 5, 2016, 8:54:50 PM12/5/16
to Patrick Bouldin, qubes-users, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-05 09:18, Patrick Bouldin wrote:
> Hi Andrew, ok - after reading it a couple more times I got the total gist. Not sure who all was hired but hopefully there will be sufficient marketing efforts to get them funded long term.
>
> Thanks,
> Patrick
>
> Dallas, TX
>
Just to clarify, I'm not aware of anyone having been newly hired specifically in connection with this announcement. Rather, I think the idea is that any funds donated through Open Collective will be used to pay individual developers to work on the open source edition of Qubes, whether they're developers who are already working on Qubes (who are listed on the Team page) or new developers hired in the future.
> Hi Andrew, ok - after reading it a couple more times I got the total gist. Not sure who all was hired but hopefully there will be sufficient marketing efforts to get them funded long term.
>
> Thanks,
> Patrick
>
> Dallas, TX
>
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
ux6Qmt7edr8EFsrQLF+nAEluyWvt2yF48sFYHyX6a7EX+WQq5sRFJ+c0xkiLRjql
l8giDlrPs1EfxVptdSYWZJh7L1qnO80CmaxXBK3mkwtCQHvktOqW5xFsKFYwC6Ze
K69hqUD/TPRfq30fW+c4L1TMVt2K9le5XxU+djKSIpOwqUTxisSIy1yvv6r19o3B
MiRgAj1VTl+NxHc7K8PzJbJMOZ5v3s+T5CoBy6fYYmntWkt1vBKuFjjTRoRtXRqt
56DSUnxRv1DKbO/r8d860kjDhxjFkLy4ZFo3BodxtqArOzmZITDu4V8Vhc47I1hf
V/zfPGWZGYOS4zGcxkRzGJugnEAVV36a5/grCILihD2M8zxp8cAQOt/z20ryeMZ3
pYO43YFw2WZ2dNlBX55ph/gNWwHvIKpIJZN+NEk10/NuCiHnXP7BKYzIIcWylX7K
ofD1kTH7WG1XxHI+73rYZqXQXjxNilFSkwZYz2JXmacKp/ap/dMwJabeRnPjv/vo
8fbwFF2dpQ+iydM9vKfaq0upCuwXAEeaQLkjlKhkak5xp08dAxjmBIVrGrjOuXQ/
5BoESHkYjgiZLhoiOKngeeNNgN65y43dQDJ3PpP4NybueAgF+zlUta7SiZizcVqj
wJ+h8ZpUezefJ7oi0ArX
=ymxe
-----END PGP SIGNATURE-----
Andrew David Wong
Dec 5, 2016, 8:59:39 PM12/5/16
to Grzesiek Chodzicki, qubes-users, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 2016-12-05 14:01, Grzesiek Chodzicki wrote:
> W dniu niedziela, 4 grudnia 2016 09:37:01 UTC+1 użytkownik Andrew David Wong napisał:
>> On 2016-12-03 05:07, Grzesiek Chodzicki wrote:
>>> Also, you forgot to post this to qubes-announce Andrew.
>>>
>> Didn't forget; qubes-announce is strictly for QSBs and new releases:
>>
>> https://www.qubes-os.org/mailing-lists/#qubes-announce
>>
> My bad then.
> W dniu niedziela, 4 grudnia 2016 09:37:01 UTC+1 użytkownik Andrew David Wong napisał:
>> On 2016-12-03 05:07, Grzesiek Chodzicki wrote:
>>> Also, you forgot to post this to qubes-announce Andrew.
>>>
>> Didn't forget; qubes-announce is strictly for QSBs and new releases:
>>
>> https://www.qubes-os.org/mailing-lists/#qubes-announce
>>
>
No worries. We know that some people are only willing to receive very infrequent
messages about critical Qubes announcements, and we want those people to be able
to trust qubes-announce for that purpose. We know that if we start sending too many
messages through qubes-announce, we'll drive those readers away, so it's very
important to us to keep our promise by sending announcements only for QSBs and
new Qubes OS releases.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
HiMjxAQE2h4SIUQSESjprFi52NUCpTFo/81UcC1pT6dHMPSWKHAZuOytChSnBqHI
A86vWbLP92uoqVJKuiGyhu5nAVP9EQBnKMV8ki3GbMzABNjeCIGvpuoGY3clDrIY
mc3yS9ArAKrPK99Ovkeuhbi80xrwHCjLyxAD6N0StF53VDsG22Au1mVGuDKwJqWk
isZKwyFl/9IG2LgTnNcIjWdv+SDGEi/g1HF0BcUcoG+rxa5O2tLlxJze9e5mdFo/
6eaIjOrJmNEDZYFRpzNzG7aI3Z3P1td2GpqgKMezsvN7r7ls7RsYY5hnwfvsfmKJ
9YtKC7ALZxAmob+x9bUYWbRum/si7ob777nawAmTBj6irN7FCGrYRxQLFPLolkcm
Z9Sf4xhTF9WwLit0zSxSK5HqRRT9cfHpj21c1vN3Xb0kaBjSZlve4CmxGcOLiaK5
XYaRkqAWJ0wcf5ayMDE2Pkze1q3ICjHD39tr5onsMEOj3+815sipHhvZn+5Holp5
nw+RHdACo7QbJUv4Fl0QakgdysXIcNJrSkIgp3WZ/1pTuWEf8te9VGJrDNcos9Or
+MvtOU9XFwH0z2eQCq1nSRucHoEcr2XKE4pA93dh/9HgbK7Ql78gXdbTK2N1BWLj
87eAVCfNsdCayrz/uVMe
=q9LD
-----END PGP SIGNATURE-----
Trammell Hudson
Dec 7, 2016, 10:45:01 AM12/7/16
to Andrew David Wong, qubes...@googlegroups.com
On Mon, Dec 05, 2016 at 04:33:35AM -0800, Andrew David Wong wrote:
> [...]
and open source trees, I'd strongly recommend that the entirety of
the system remain open and available to both corporate and individual
users. Otherwise it creates a disincentive to continue development of
the open source branch, as you predicted in one possible interpretation,
and might lead to duplication of effort as the community tries to
replicate the corporate features.
For instance, the management features make sense for a corporate setup,
but even as an individual user I still want the ability to lock down the
configuration of the VMs and the templates, and to require a hardware
token to sign any modifications so that even a code exploit that reaches
dom0 can't gain persistance.
If this only exists in the closed source tree, we might end up with
two implementations and twice the maintenance burden. That would be
suboptimal, considering how few people we have thinking deeply about
the security issues that we're trying to solve.
--
Trammell
> [...]
> "Would any/all of the current ITL devs continue to work on the open source
> edition of Qubes?"
>
> Answer: Probably, but it depends on how much of their time is demanded by
> corporate clients. (But remember that any changes to core code will remain
> open source, so it's quite likely that they will, at least indirectly.)
Unless there is a compelling reason to have separate closed source
> edition of Qubes?"
>
> Answer: Probably, but it depends on how much of their time is demanded by
> corporate clients. (But remember that any changes to core code will remain
> open source, so it's quite likely that they will, at least indirectly.)
and open source trees, I'd strongly recommend that the entirety of
the system remain open and available to both corporate and individual
users. Otherwise it creates a disincentive to continue development of
the open source branch, as you predicted in one possible interpretation,
and might lead to duplication of effort as the community tries to
replicate the corporate features.
For instance, the management features make sense for a corporate setup,
but even as an individual user I still want the ability to lock down the
configuration of the VMs and the templates, and to require a hardware
token to sign any modifications so that even a code exploit that reaches
dom0 can't gain persistance.
If this only exists in the closed source tree, we might end up with
two implementations and twice the maintenance burden. That would be
suboptimal, considering how few people we have thinking deeply about
the security issues that we're trying to solve.
--
Trammell
je
Dec 15, 2016, 10:43:51 AM12/15/16
to qubes-devel, qubes...@googlegroups.com
Hello,
1. have you thought about offering training, consulting and support for companies who want to use Qubes OS in their enterprise?
2. have you thought about developing commercial management solution which makes the deployment, remote administration and monitoring easy?
I do not believe that developing a commercial operating system based on an open source foundation will pay off on a long run. However, I agree
with you that customized tool and plugin development can provide a valuable source of income.
1. have you thought about offering training, consulting and support for companies who want to use Qubes OS in their enterprise?
2. have you thought about developing commercial management solution which makes the deployment, remote administration and monitoring easy?
I do not believe that developing a commercial operating system based on an open source foundation will pay off on a long run. However, I agree
with you that customized tool and plugin development can provide a valuable source of income.
Andrew David Wong
Dec 15, 2016, 11:15:46 AM12/15/16
to je, qubes-devel, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hash: SHA512
On 12/15/16 07:43, je wrote:
> Hello,
>
> 1. have you thought about offering training, consulting and support for
> companies who want to use Qubes OS in their enterprise?
Yes, this is something we've considered. We'd prefer to focus on selling
> Hello,
>
> 1. have you thought about offering training, consulting and support for
> companies who want to use Qubes OS in their enterprise?
licenses rather than selling services, since this would scale better for
our small team, but we also realize that we'll want to offer support (to
some extent) to clients who purchase licenses.
> 2. have you thought about developing commercial management solution which
> makes the deployment, remote administration and monitoring easy?
>
degree. I'm not sure if a more robust management solution than that
would be feasible for us to develop in the short-term, or whether it
would be worth the time and cost necessary to do so.
> I do not believe that developing a commercial operating system based on an
> open source foundation will pay off on a long run.
> However, I agree with you that customized tool and plugin development
> can provide a valuable source of income.
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYUsGpAAoJENtN07w5UDAw/IwQAL6W6mZ3zkIskovm0+MH2Yze
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
xkzKVZ++INeFsO3hxkC+s8eF9kVpPKtbHEWwdK6aCBOZS4fYACk7L3YqkuVwaRnO
0mu/EtSqx4NrlVxn57R4/2+tdsTEICcHoMd1IC0AqhuNXGy7dfumgSickBRTc3qB
Zg9xuxj76hvVOVj8X2lCko/XiTOz+rmQF7HhzbQxmWAlFFqr+xq6MH0D945oux9I
9C8kSx9I/Il1ZFq5vQi8BJN/UFITCH9D/AvBbHNFb690uXk5bRzxYRY30culPayn
NJIplbu0+BnlqDAMwrGT1GX1yq6hGAVLO+6ZOzybUUqjoIcmBZB1i7hUrGRusnYD
AAfOLjH5qsJNHn3ZjN0t+jqQ1+jdshsPUrqMfePs/TmdilJJ31gPDRSmU4OVGkOK
MmDLRXxv/oK3QlEkS8zfnidJY41wlfcKM/+TYI9PXf/kvosi8pKMnUDb1UnElyn1
nDpAgAXr0Od3mDP040PRaBMtDSGFJIoXXcrcxSr/6efGQacc2f96EeO5mWFGg369
sbIxh8JK9R2tnDM35xge1wg+hxsrpuJdcSiy+4RHwdo0UBY9vqOu0b6YeBmO6PfB
SR68NYFE3Pd2mxDfuWgGBP3xyWozrR6SVbvZ0NXlVwEJpqLHyeUvu1G1mE5v1/la
tqYENe2TwclBOi3k9rHe
=ScqY
-----END PGP SIGNATURE-----
je
Dec 15, 2016, 5:46:46 PM12/15/16
to qubes-devel, j.ep...@openmailbox.org, qubes...@googlegroups.com
> I do not believe that developing a commercial operating system based on an
> open source foundation will pay off on a long run.
Is there a specific reason you think it will not? Just curious.
1. Selling a license provides a one time payment. Even if you are able to sell 100_000 licenses for 40 you would earn
4_000_000, but the same companies will not buy a license the year after that. Which means no constant income for the long run.
Most companies will stick with one version of the product till they really have a reason to upgrade.
Because, the costs for upgrading are actually higher than the costs of the license and upgrades involve the risk of causing
disruption (problems during the upgrade, which blocks employees from getting their work done. Which again means I loose money).
With other words Qubes OS will be stuck with one version for years.
2. The simple question is how can you sell a product which contains mostly GPL licensed code (Xen, Linux Kernel)
which everybody can download and compile for free?
RHEL sells support subscriptions. They offer support (10 years backporting, customer support etc.) and most important they offer a platform for other business software.
The work RedHat constantly invests in their RHEL can not be easily replicated and that is the reason why CentOS is not a competitor.
3. Security is a process and not a product. As an enterprise customer I want to have constant updates and upgrades, security bulletins and other security information.
I want to know if DirtyCOW, hardbleed or other security flaws affect my business if I use Qubes OS or not?
Furthermore, I believe that the Qubes OS team and ITL does not understand what Qubes OS could offer on an enterprise level.
4_000_000, but the same companies will not buy a license the year after that. Which means no constant income for the long run.
Most companies will stick with one version of the product till they really have a reason to upgrade.
Because, the costs for upgrading are actually higher than the costs of the license and upgrades involve the risk of causing
disruption (problems during the upgrade, which blocks employees from getting their work done. Which again means I loose money).
With other words Qubes OS will be stuck with one version for years.
2. The simple question is how can you sell a product which contains mostly GPL licensed code (Xen, Linux Kernel)
which everybody can download and compile for free?
RHEL sells support subscriptions. They offer support (10 years backporting, customer support etc.) and most important they offer a platform for other business software.
The work RedHat constantly invests in their RHEL can not be easily replicated and that is the reason why CentOS is not a competitor.
3. Security is a process and not a product. As an enterprise customer I want to have constant updates and upgrades, security bulletins and other security information.
I want to know if DirtyCOW, hardbleed or other security flaws affect my business if I use Qubes OS or not?
Furthermore, I believe that the Qubes OS team and ITL does not understand what Qubes OS could offer on an enterprise level.
Matteo
Dec 16, 2016, 1:24:35 PM12/16/16
to qubes...@googlegroups.com
Il 15/12/2016 23.46, je ha scritto:
>
> > I do not believe that developing a commercial operating system
> based on an
> > open source foundation will pay off on a long run.
>
> Is there a specific reason you think it will not? Just curious.
>
>
> Most companies will stick with one version of the product till they
> really have a reason to upgrade.
Same here, they will not change to anything because what they have
> really have a reason to upgrade.
works: for example xp notebook (luckily air-gapped) with printer, no os
upgrade because printer works only with xp, and no more new drivers.
> 2. The simple question is how can you sell a product which contains
> mostly GPL licensed code (Xen, Linux Kernel)
> which everybody can download and compile for free?
that kind of people want a ready to use product, if you say "we
personalize for you" they will see it as "this is not ready to use".
forgive me if what i'm saying is not possible (for example license
problems) but...
what if you sell it to *us*, the users???
you are searching someone interested in buying it, there is no need to
search we, the users, are interested in this project!
["evil"+ pessimistic mode on]
i saw emails like "if everyone donate 1€", this just don't work
why should i pay for something that i can get free?
[and mum doesn't want that i donate :( but she allowed me to *buy*
posteo account]
tell me how many projects survive only by donations:
-wikipedia
-tor
-??? no more??
i know there are many other great projects like no-script but that is
much smaller project, here we are talking about an operating system.
[evil mode off]
also there are problems like is this no profit? or profit? what will you
do with the money?
what if you say that you aren't a no profit.
everything is simpler, you don't need to explain what will you do with
money: when you buy a car you don't ask what will you do with money.
you say that you do for profit and with that profit you will build new
features.
take a look at posteo, they sell email, you *can't* get it for free, 12€
year=1€ month
the estimated user base is about 10k people so if we copy posteo is 10k€
per month, enough to start developing it full time, and in a few years
you will not have to wait for a certified hardware, you will build it
yourself!
the question is users will pay? or quit and find something other that is
free?
to answer this question you could start a poll
the key point is that also if only 3000 people will accept it you will
probably have enough money to continue the project.
yes, it will not be used by much people but it will survive and grow
and to answer "how do you sell something that can be downloaded and
compiled for free?"
you could sell updates of qubes (since other software is free)
and also if some people will be able to not pay and compile it by
themself that is more complex that clicking the update button.
the idea is not that everyone must pay and if the license is expired 1
day after you can't use anymore qubes (more or less like posteo, seems
that they will not block your account 1 day after you haven't paid)
and to me paying for posteo is paying not only for an email but is
paying for improving the state of the art in computer and email security.
i know that free for all is better than paid and used by less people but
i don't see a long term future of qubes if we keep it free.
also not everyone can contribute to this project because they want high
quality (and imho is correct)
Reply all
Reply to author
Forward
0 new messages