A new website for a new era (of funding)

9 files changed, 549 insertions, 264 deletions

diff --git a/CONTRIBUTING b/CONTRIBUTING
new file mode 100644
index 0000000..2f1f8b2
--- /dev/null
+++ b/CONTRIBUTING
@@ -0,0 +1,30 @@
+----------------------------------------------------------------------
+This file provides instructions for contributing to the website hosted
+at <https://spectrum-os.org/>.  If you would like to contribute to the
+Spectrum operating system itself, please refer to the
+contributing.html file.
+----------------------------------------------------------------------
+
+Design tweaks, content updates, fixes (both factual and grammatical),
+and new content for the Spectrum website are all welcomed.
+
+Try to keep lines at around 70 characters, HTML out of the way as much
+as possible while still being valid (did you know <p> can
+self-close?), and CSS to a minimum.  We want to optimise for the
+website being as nice as possible to navigate in a text editor, to
+encourage people to edit and improve the website.
+
+Please send patches to devel@spectrum-os.org.  Instructions for how to
+do this are provided in the contributing.html file.
+
+It's helpful if people can see at a glance that your patch is for the
+website.  To help with this, Git provides a feature that will
+automatically prepend a prefix to the subject line of every patch
+message sent by it in a given repository.  You can configure it by
+running the following command in this Git repository:
+
+	git config sendemail.subjectPrefix "PATCH www"
+
+From now on, git-send-email(1) will automatically add "[PATCH www]" to
+the start of every patch sent for this repository, instead of the
+default "[PATCH]".
\ No newline at end of file
diff --git a/README b/README
new file mode 100644
index 0000000..156141b
--- /dev/null
+++ b/README
@@ -0,0 +1,16 @@
+These files contain the static portion of the website accessible at
+<https://spectrum-os.org/>.  CGit, Mailman, etc, are run seperately.
+
+If you would like to propose changes to the web site, please see the
+CONTRIBUTING file.
+
+The content of these web pages may be redistributed under the terms of
+either the CC-BY-SA license (version 4.0 or later), or the GNU Free
+Documentation License (version 1.2 or later), at your option.
+
+The source code of these web pages may be redistributed under the
+terms of the GNU General Public License (version 3.0 or later).
+
+CC-BY-SA: <https://creativecommons.org/licenses/by-sa/4.0/>
+GNU Free Documentation License: <https://www.gnu.org/licenses/gfdl.html>
+GNU General Public License: <https://www.gnu.org/licenses/gpl-3.0.en.html>
\ No newline at end of file
diff --git a/contributing.html b/contributing.html
new file mode 100644
index 0000000..9898be0
--- /dev/null
+++ b/contributing.html
@@ -0,0 +1,87 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+
+<link rel="stylesheet" href="style.css">
+
+<title>Contributing to Spectrum</title>
+
+<body>
+
+<h1>Contributing to Spectrum</h1>
+
+<p>
+Thank you so much for your interest in contributing to Spectrum.
+Having a healthy community of people who feel empowered to work on the
+project is vital to its success.  To that end, if you have any
+questions about contributing to the project,
+please <a href="participating.html">get in touch</a> with the
+community, and we'll gladly help you out!
+
+<h2>Contributing code</h2>
+        
+<p>
+If you're interested in contributing code to Spectrum, you
+can <a href="https://spectrum-os.org/git/">find</a> the source
+repositories online.  If you've made changes you'd like to be included
+in the official Spectrum distribution, please send patches to the
+spectrum-devel <a href="https://spectrum-os.org/lists/postorius/lists/devel.spectrum-os.org/">
+mailing list</a>
+(<a href="mailto:devel@spectrum-os.org">devel@spectrum-os.org</a>).
+
+<p>
+<strong>DON'T PANIC.</strong>
+
+<p>
+Sending patches to the list is easy — you can do it with Git, straight
+from the command line.  <strong>You don't have to set anything up in
+your email client</strong>, and <strong>you don't have to subscribe to
+the list</strong>.  The only thing you need to do is probably to set
+up Git so it knows how to send email using your provider's SMTP
+server.  These <a href="https://git-send-email.io/">instructions</a>
+should be enough to get you going, but if you're still stuck, send an
+email
+to <a href="mailto:devel@spectrum-os.org">devel@spectrum-os.org</a>
+and we'll help you out.
+
+<p>
+Once you have Git configured correctly, sending your changes to the
+list should be as simple as something like
+
+<pre>
+git send-email origin/master --to devel@spectrum-os.org
+</pre>
+
+<p>
+You'll be CCed on replies to your posts, so you don't even have to be
+subscribed to the mailing list if you're worried about too much
+traffic.  There's also
+a <a href="https://spectrum-os.org/lists/hyperkitty">web interface</a>
+that you can use to browse or even post to the mailing list.
+
+<p>
+Don't be too afraid of getting it wrong the first couple of times.
+This might well be a new way of collaborating for you, and everybody
+understands that.  Hopefully, you'll soon realise just how effective
+this style of collaboration can be compared to the alternatives.
+
+<h2>Contributing other things</h2>
+
+<p>
+At this early stage, it's difficult to say what things would be useful
+to the project beyond code.  Artwork and documentation will be
+extremely important and valuable, but we don't yet have a good place
+to keep / use them.  But, don't let that dissuade you!  At some point
+we'll need all sorts of things, and we might as well get the work done
+early if people are willing to do it.
+
+<p>
+If you think you have skills to offer the project beyond writing code,
+we'd love to hear from you.  The best thing to do is to either talk
+with us
+on <a href="contributing.html#spectrum-discuss">spectrum-discuss</a>,
+or in real time on <a href="contributing.html#irc">IRC</a>.
diff --git a/design.html b/design.html
new file mode 100644
index 0000000..4b96a41
--- /dev/null
+++ b/design.html
@@ -0,0 +1,112 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+
+<link rel="stylesheet" href="style.css">
+
+<title>Spectrum Design</title>
+
+<body>
+
+<h1>Spectrum Design</h1>
+
+<p>
+Spectrum will, for now, be a Linux-based system, derived from NixOS.
+This gives us an actively-developed base with good hardware support,
+powerful and optimised compartmentalization primitives in KVM, and the
+reproducible packaging and configuration system that
+is <a href="motivation.html">important</a> for a maintainable
+compartmentalized system.
+
+<p>
+The current plan is to implement compartmentalization in Spectrum by
+running each application
+inside <a href="https://chromium.googlesource.com/chromiumos/platform/crosvm/">crosvm</a>,
+the hypervisor used by ChromiumOS.  Qubes-style isolated, composited
+windowing for applications can hopefully be provided through its
+virtio-wayland feature, or failing that
+through <a href="https://xpra.org/">Xpra</a>.  Using a full virtual
+machine for each application might come with high resource
+requirements at first, but over time we should be able to optimise
+this, for example by doing clever tricks
+like <a href="https://lwn.net/Articles/610174/">DAX</a> to a read-only
+storage device shared by multiple guests to save on duplicated memory.
+In the short term, it might be prudent to allow multiple applications
+to run in a single KVM instance, but our long-term focus should be on
+one per application.
+
+<p>
+Each virtual machine will be generated by
+a <a href="https://nixos.org/nix/">Nix</a> derivation, and will have a
+completely immutable root file system.  Persistent storage will be
+provided by virtual block devices, that arbitrary paths on the system
+can be mapped to from the host.  There may be other writable mount
+points inside the virtual machine, but these will not persist between
+reboots of the VM.  Using Nix to generate virtual machines allows them
+to be reproducibly built, rolled back, edited, and migrated as source
+code, rather than large, opaque virtual machine images.
+
+<p>
+Virtual block devices will also be defined in Nix, and block devices
+and applications will be <var>m</var>:<var>n</var>.  Some virtual
+machines may have no persistent storage, or even write access to a
+disk, at all.  In other cases, it might be desirable for multiple
+applications to be able to access the same device, such as a local
+mail store being shared by two mail clients.  Other resources and
+permissions, such as network cards and USB controllers, will similarly
+be defined in Nix.  There are three logical sections for the Nix
+configuration -- applications, which are just packages, resources
+(virtual or physical devices), and <i>application instances</i>, which
+are mappings between applications and accessible resources.  This
+structure allows users to have multiple instances of the same
+application, with different permissions.
+
+<p>
+Initial versions of Spectrum will have the user be responsible for
+writing Nix code for each application and resource, and the
+combinations they make between them.  In future, it would be good if
+this could be handled by a graphical interface and a data file for
+simple cases, with Nix importing the data file and using it as input
+for the standard functions that would be called in a Nix-language
+configuration file.  This use case should be kept in mind when writing
+the Nix API for Spectrum.
+
+<p>
+While Spectrum is expected to largely run on personal computers, most
+of which will almost certainly use the x86_64 architecture, this will
+not be the only architecture given first class support by Spectrum.
+One of the advantages to Spectrum's Linux base is the extremely wide
+hardware support that Linux offers, and, beyond that, x86_64
+is <a href="https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf">notably
+untrustworthy</a>, especially with
+the <a href="https://invidio.us/watch?v=_eSAF_qT_FY">huge attack
+surface</a> of
+the <a href="https://en.wikipedia.org/wiki/Intel_Management_Engine">Intel
+Management Engine</a>
+/ <a href="https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor">AMD
+Platform Security Processor</a>.
+
+<p>So, Spectrum will additionally have
+first class support for at least ppc64le.  This architecture has been
+chosen because it is the only other architecture that can come close
+to the sheer performance x86_64 can offer at the high end, and
+because, in stark contrast to x86_64, it is possible to buy a new
+ppc64le (POWER9) system that does not require any proprietary firmware
+that cannot be inspected and audited.  It is a goal of the project to
+build all packages, x86_64 and ppc64le, on POWER9 hardware.  Even if a
+user has to trust the x86_64 computer available to them, anti-freedom
+firmware, undocumented backdoors and all, it would be a disservice to
+them to force them to use packages built on other such untrustworthy
+hardware.
+
+<p>
+<small>You may distribute this content under the terms of either
+the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a>
+license (version 4.0 or later), or
+the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free
+Documentation License</a> (version 1.2 or later), at your
+option.</small>
diff --git a/index.html b/index.html
index 7e3d316..1e6afcd 100644
--- a/index.html
+++ b/index.html
@@ -6,6 +6,8 @@
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width,initial-scale=1">
 
+<link rel="stylesheet" href="style.css">
+
 <title>Spectrum, a step towards usable secure computing</title>
 
 <body>
@@ -13,279 +15,48 @@
 <h1>Spectrum — a step towards <em>usable</em> secure computing</h1>
 
 <p>
-<a href="mailto:hi@alyssa.is">Alyssa Ross</a>, 2018-2019.
-
-<p>
-You may distribute this work under the terms of either
-the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a>
-license (version 4.0 or later), or
-the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free
-Documentation License</a> (version 1.2 or later), at your option.
-
-<h2>Motivation</h2>
-
-<p>
-Existing attempts to improve on the security of Unix-like operating
-systems for everyday personal use have been hampered by complexity,
-bugs, and security theatre. The concept of isolating applications by
-giving them what appears to be a dedicated computer to run in is a
-solid one, because it allows virtually all existing software to run
-without modification. However, allowing all these isolated computers
-to persist state leads to large maintenance costs — you now
-have <var>n</var> stateful computers to maintain, not one.
-
-<p>
-By minimizing the persistent state these computers are allowed to
-store to a well-defined absolute minimum required by the software
-running inside them, not only do we improve maintainability by
-minimising side effects and even allowing the computers to be
-regenerated without data loss if required, we also massively reduce
-the avenues to persisting malware.
-
-<p>
-Mutable state across the whole system isolated into two locations on
-the host: a global state store, which is broken down by application
-instance, and a global configuration file defining all configuration
-for the host, and the isolated environments for each application
-instance. Aside from these two locations, the host computer should
-prevent persistent state as much as possible. This means that it is
-possible to restore the host computer, along with all the isolated
-application environments, simply by restoring a copy of the global
-state store and configuration file. After an audit of the global
-configuration, a potentially compromised host could be safely restored
-onto a new computer without risk of the new host inheriting the
-infection from the old one, since the only mutable data affecting the
-host is the global configuration file. (Of course, this does not
-prevent the new host from being compromised shortly afterward through
-the same methods.)
-
-<h3>Existing implementations of security by compartmentalization</h3>
-
-<h4>Qubes OS</h4>
-
-<p>
-Qubes OS is a distribution of the Xen hypervisor that isolates IO and
-user applications inside their own dedicated virtual machines. Many
-people interested in secure computing are aware of Qubes, however they
-are often hampered by usability issues:
-
-<ul>
-
-  <li>
-  Hardware compatibility is extremely limited. People often have
-  to buy a new computer just to use Qubes, and even then it can be a
-  struggle to set up.
-
-  <li>
-  People are reluctant to use Xen on their computer for power
-  management etc. reasons.
-
-  <li>
-  VMs are heavy, and there is no isolation between applications in the
-  same domain (VM).
-
-  <li>
-  GUI applications are buggy, command line tools are mostly
-  undocumented.
-
-  <li>
-  Maintaining many different TemplateVMs with persistent state is
-  difficult. (Qubes can use Salt to mitigate this.)
-
-</ul>
-
-<p>
-However, the Qubes developers have created utilities for using
-compartmentalized environments that could be very useful to other
-implementations. For example, Qubes allows clipboard data to be safely
-shared between isolated environments with explicit user action on both
-ends, and Qubes Split GPG allows one environment to perform operations
-using a GPG key stored in another environment, with permission granted
-on a per-operation basis.
-
-<h4>Subgraph OS</h4>
-
-<p>
-Subgraph only provides isolation to the 22 applications they have
-manually containerized. Any other software is still run as normal. We
-consider this a major security issue.
-
-<p>
-The last release of SubgraphOS was an alpha in 2017.
-
-<h2>Implementation</h2>
-
-<p>
-Because of the explosion of interest in compartmentalized computing in
-recent years, there exists a plethora of existing work that can be
-harnessed to implement these concepts.
-
-<h3>Containers</h3>
-
-<p>
-A container is an isolated computing environment created using a
-variety of features of the Linux kernel. A container can
-be <em>almost</em> entirely isolated from the host system, and those
-components that <em>are</em> shared can likely be made inaccessible to
-isolated applications by denying them root access to their isolated
-environments. Unlike virtual machines, containers share a kernel with
-the host operating system, and do not require specially allocated
-resources (although it is still possible to limit resource use by a
-container). This makes containers able to deliver good performance
-with far looser hardware requirements than virtual machines.
-
-<p>
-In the proof of concept implementation, Docker, a popular
-implementation of containers, is used. However, there is probably
-not any tight coupling to Docker-specific features, and so Docker
-could most likely be easily swapped out for another container
-implementation, or even for virtual machines.
-
-<h4>Containers for personal computing</h4>
-
-<p>
-Containers have mostly been designed for isolating headless server
-applications. Additional challenges present themselves when applying
-container-based application isolation to personal computing.
-
-<h5>Graphical User Interfaces</h5>
-
-<p>
-The X11 protocol provides no isolation between applications
-whatsoever. Any application (including one running on a remote server
-using SSH X forwarding) can capture windows of other applications,
-read from them, and even send events to them freely. The solution to
-this problem is to use a separate X server for each container, and
-then forward them over another protocol (such as VNC) to the window
-manager running either on the host or, preferably, in a dedicated
-container of its own. The pre-existing Xpra software provides this
-capability. Doing this inevitably gives rise to yet more problems,
-mostly around performance, although these should be solvable also:
-
-<ul>
-
-  <li>
-  The current implementation of Xpra window forwarding causes
-  noticeable lag in high frame rate operations such as video playback
-  or gradual window resizing. This implementation uses a Unix socket
-  inside a tmpfs on the host, which is then mounted into the
-  container. However, Xpra also supports communicating over mapped
-  memory, and this should be significantly faster.
-
-  <li>
-  An Xpra server (of which there must be one for every isolated
-  application instance) takes most of a minute to start. This
-  means that the delay before a window appears is extremely long
-  compared to traditional personal computing systems. One promising
-  solution to this takes advantage of the fact that Xpra servers do
-  not require any application specific configuration (at least for
-  most applications), and so while each application instance requires
-  its own Xpra server, the server does not need to have been created
-  specifically for this application. This allows us to create several
-  Xpra servers ahead of time (in containers of themselves), and then
-  assign them to application instances on demand, starting the process
-  of generating the next Xpra server in the background.
-
-</ul>
-
-<p>
-Given the fundamental shortcomings in X, it might seem obvious to use
-Wayland instead. Unlike X, Wayland was designed with security and
-isolation between applications in mind. However, existing Wayland
-implementations have no way of controlling isolation between
-applications. A single Wayland compositor could provide e.g. clipboard
-isolation in a similar way to Qubes or Xpra, but this doesn't exist
-yet. Writing a Wayland compositor is not a simple task, even with a
-library like wlroots that does a lot of heavy lifting, and it would
-also couple a user to a single window manager or desktop
-environment. While Wayland is extremely usable for general-purpose
-desktop computing at this point, until a solution for these issues is
-reached, Wayland is not suitable for a compartmentalized operating
-system.
-
-<h3>NixOS</h3>
-
-<p>
-The proof of concept implementation is built on top of NixOS Linux, an
-operating system which is itself built on Nix, a purely functional
-package manager. Nix provides pure packages (meaning packages will be
-built from identical inputs each time — their outputs will not
-necessarily be byte-identical). NixOS makes it possible to define an
-entire GNU/Linux system in this manner.
+Spectrum is a project that aims to create a computer operating system,
+based on the principle of security by compartmentalization, that has a
+lower barrier to entry and is easier to use and maintain than other
+such systems.
 
 <p>
-However, NixOS does not attempt to completely eliminate undeclared
-state — it even allows for imperative package installation, which
-makes a Nix package that has not been defined in the global
-configuration available in the current environment. Responsibility for
-eliminating this sort of mutable state lies with the Spectrum
-implementation.
+User data and application state will be managed centrally, while
+remaining isolated, meaning that the system can be backed up and
+managed as a whole, rather than mixed up in several dozen virtual
+machines.
 
 <p>
-The nixpkgs repository provides functions for generating Docker
-containers from Nix expressions, using existing Nix package
-definitions. These containers are not full NixOS installations — in
-fact, they don't even have Nix or coreutils installed by default. This
-ensures only the minimum software required for the isolated
-application to run is available, reducing attack surface.
+The host system and isolated environments will all be managed
+declaratively and reproducibly
+using <a href="https://nixos.org/nix/">Nix</a>, the purely functional
+package manager. This will save the user the burden of maintaining
+many different virtual computers, allowing finer-grained resource
+access controls and making it possible to verify the software running
+across all environments.
 
 <p>
-NixOS provides its own container implementation, based on
-systemd-nspawn however this is not suitable for security by
-compartmentalization. Firstly, it is designed to contain full
-installations of NixOS, rather than single applications. Further, it
-has apparently proven to be unreliable and suffer breakages, and its
-focus is not on providing truly isolated computing environments. By
-contrast, other container implementations (such as, but not
-exclusively, Docker), have reached a point of relative stability, and
-had extensive resources put into making them as isolated as possible
-from the host system.
-
-<h2>Current status</h2>
+Further reading is available about
+Spectrum's <a href="motivation.html">motivation</a>
+and <a href="design.html">design</a>.  If you want to jump straight in
+and read our code, you can <a href="https://spectrum-os.org/git/">do
+that</a> too.
 
 <p>
-I have just begun full time work on Spectrum. Source code repositories
-and discussion channels will be made available as soon, and I will
-publish regular status updates. The first of these can
-be <a href="https://alyssa.is/leaving-freeagent">found</a> on my
-blog. to make it as clear as possible that Spectrum is not vapourware,
-and that progress is rapidly being made.
-
-<h2>Changelog</h2>
-
-<h3><time>2019-08-17</time></h3>
+Spectrum is free software, currently under active development.  If you
+are interested in <a href="participating.html">participating</a>, we'd
+love to have you.
 
 <p>
-Update Current status to reflect that full time work can now begin.
-
-<h3><time>2019-07-06</time></h3>
+Funding for Spectrum is provided
+by <a href="https://www.ngi.eu/about/ngi-zero/">NGI Zero</a>, an
+initiative by the Digital Single Market of the European
+Commission.
 
 <p>
-Add current status section.
-
-<h3><time>2019-05-01</time></h3>
-
-<p>
-Fix typo: "thins" → "this".
-
-<h3><time>2019-03-31</time></h3>
-
-<ul>
-
-  <li>
-  Explain why Wayland isn't (yet) the answer
-
-  <li>
-  Project name updated
-
-  <li>
-  Converted to HTML
-
-  <li>
-  Removed explicit GPLv3 license, because CC-BY-SA 4.0 is
-  GPLv3-compatible
-
-  <li>
-  Minor copy editing
-
-</ul>
+<small>You may distribute this content under the terms of either
+the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a>
+license (version 4.0 or later), or
+the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free
+Documentation License</a> (version 1.2 or later), at your
+option.</small>
diff --git a/motivation.html b/motivation.html
new file mode 100644
index 0000000..fe9ed97
--- /dev/null
+++ b/motivation.html
@@ -0,0 +1,124 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+
+<link rel="stylesheet" href="style.css">
+
+<title>Motivation for Spectrum</title>
+
+<body>
+
+<h1>Motivation for Spectrum</h1>
+
+<p>
+Existing attempts to improve on the security of Unix-like operating
+systems for everyday personal use have been hampered by complexity,
+bugs, and security theatre. The concept of isolating applications by
+giving them what appears to be a dedicated computer to run in is a
+solid one, because it allows virtually all existing software to run
+without modification. However, allowing all these isolated computers
+to persist state leads to large maintenance costs — you now
+have <var>n</var> stateful computers to maintain, not one.
+
+<p>
+By minimizing the persistent state these computers are allowed to
+store to a well-defined absolute minimum required by the software
+running inside them, not only do we improve maintainability by
+minimising side effects and even allowing the computers to be
+regenerated without data loss if required, we also massively reduce
+the avenues to persisting malware.
+
+<p>
+Mutable state, then, across the whole system could be isolated into
+two locations on the host: a global state store, which is broken down
+by application instance, and a global configuration file defining all
+configuration for the host, and the isolated environments for each
+application instance. Aside from these two locations, the host
+computer should prevent persistent state as much as possible. This
+means that it is possible to restore the host computer, along with all
+the isolated application environments, simply by restoring a copy of
+the global state store and configuration file. After an audit of the
+global configuration, a potentially compromised host could be safely
+restored onto a new computer without risk of the new host inheriting
+the infection from the old one, since the only mutable data affecting
+the host is the global configuration file. (Of course, this does not
+prevent the new host from being compromised shortly afterward through
+the same methods.)
+
+<p>
+This system is Spectrum.
+
+<h2>Existing implementations of security by
+compartmentalization</h2>
+
+<h3>Qubes OS</h3>
+
+<p>
+<a href="https://www.qubes-os.org/">Qubes OS</a> is a distribution of
+the <a href="https://xen.net/">Xen</a> hypervisor that isolates IO and
+user applications inside their own dedicated virtual machines. Many
+people interested in secure computing are aware of Qubes, however they
+are often hampered by usability issues:
+
+<ul>
+
+  <li><p>
+  Hardware compatibility is extremely limited. People often have
+  to buy a new computer just to use Qubes, and even then it can be a
+  struggle to set up.
+
+  <li><p>
+  People are reluctant to use Xen on their computer for power
+  management etc. reasons.
+
+  <li><p>
+  VMs are heavy, and there is no isolation between applications in the
+  same domain (VM).
+
+  <li><p>
+  GUI applications are buggy, command line tools are mostly
+  undocumented.
+
+  <li><p>
+  Maintaining many different TemplateVMs with persistent state is
+  difficult. (Qubes
+  can <a href="https://www.qubes-os.org/doc/salt/">use</a>
+  <a href="https://docs.saltstack.com/en/latest/">Salt</a>
+  to mitigate this.)
+
+</ul>
+
+<p>
+It is important to note, however, that the Qubes developers have
+created utilities for using compartmentalized environments that could
+be very useful to other implementations. For example,
+Qubes <a href="https://www.qubes-os.org/doc/copy-paste/">allows</a>
+clipboard data to be safely shared between isolated environments with
+explicit user action on both ends,
+and <a href="https://www.qubes-os.org/doc/split-gpg/">Qubes Split
+GPG</a> allows one environment to perform operations using a GPG key
+stored in another environment, with permission granted on a
+per-operation basis.
+
+<h3>Subgraph OS</h3>
+
+<p>
+<a href="https://subgraph.com/sgos/">Subgraph OS</a> only provides
+isolation to the 22 applications they have manually containerized. Any
+other software is still run as normal. This should be considered a
+major security issue.
+
+<p>
+The last release of SubgraphOS was an alpha in 2017.
+
+<p>
+<small>You may distribute this content under the terms of either
+the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a>
+license (version 4.0 or later), or
+the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free
+Documentation License</a> (version 1.2 or later), at your
+option.</small>
diff --git a/nlnet-pet-2019-03.html b/nlnet-pet-2019-03.html
index 0bf02fc..48e153c 100644
--- a/nlnet-pet-2019-03.html
+++ b/nlnet-pet-2019-03.html
@@ -5,6 +5,8 @@
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width,initial-scale=1">
 
+<link rel="stylesheet" href="style.css">
+
 <title>Spectrum NGI Privacy grant application</title>
 
 <body>
diff --git a/participating.html b/participating.html
new file mode 100644
index 0000000..c66bd58
--- /dev/null
+++ b/participating.html
@@ -0,0 +1,124 @@
+<!doctype html>
+<html lang="en">
+
+<head>
+
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+
+<link rel="stylesheet" href="style.css">
+
+<title>Participating in Spectrum</title>
+
+<body>
+
+<h1>Participating in Spectrum</h1>
+
+<p>
+There are several places online in which announcements, discussion,
+and collaboration happen.  Rather than tell you about them all at
+once, though, it's best to tell you which ones are relevant to you,
+given how you'd like to participate (or not) in the project.
+
+<p>
+Our primary methods of communication are mailing lists and IRC.  If
+this isn't how you're used to interacting with free software projects,
+<strong>DON'T PANIC</strong>.
+
+<p>
+We provide instructions for how to get started, and several different
+interfaces for you to choose from depending on what workflow (web,
+mail, Atom, etc.) makes you most comfortable.  Details of these will
+be explained further on, but first, you should figure out what
+communication channels are actually relevant for you.
+
+<p>
+If you're interested in keeping up to date with announcements from
+Spectrum's developers, you should subscribe
+to <a href="#spectrum-announce">spectrum-announce</a>.  You can
+discuss Spectrum and related topics in real time
+on <a href="#irc"><abbr title="Internet Relay Chat">IRC</abbr></a>, or
+more long-form on <a href="#spectrum-discuss">spectrum-discuss</a>.
+Finally, development work happens in
+Spectrum's <a href="https://spectrum-os.org/git/">source
+repositories</a>, and is discussed
+on <a href="#spectrum-devel">spectrum-devel</a>.  There's another page
+that goes into more detail
+about <a href="contributing.html">contributing to Spectrum's
+development</a>.
+
+<h2>IRC</h2>
+
+<p>
+There is a single IRC
+channel, <a href="ircs://chat.freenode.net:6997/spectrum">#spectrum</a>
+on Freenode, for all kinds of Spectrum discussions.  If you're new to
+IRC, you might find
+Freenode's <a href="https://webchat.freenode.net/#spectrum">web
+chat</a> the easiest way to get started.
+
+<h2>Mailing lists</h2>
+
+<p>
+If you're interested in participating in the project, or even just
+following along with it, the best thing to do is subscribe to one or
+more of the Spectrum mailing lists.
+
+<p>
+If mailing lists aren't your thing, that's okay!  Try
+the <a href="https://spectrum-os.org/lists/hyperkitty/">web UI</a>, which allows you to
+interact with the mailing lists much like a modern web forum.
+
+<p>
+Each list
+has <a href="https://spectrum-os.org/lists/archives/">archives</a>
+that can also be accessed via the web, NNTP or Atom.  You are strongly
+encouraged to mirror them.
+
+<h3 id="spectrum-announce">announce@spectrum-os.org</h3>
+
+<p>
+This is a one-way list where announcements from Spectrum's developers
+will be posted.
+
+<p>
+You can
+subscribe <a href="https://spectrum-os.org/lists/postorius/lists/announce.spectrum-os.org/">on
+the web</a>, or by sending mail
+to <a href="mailto:announce-subscribe@spectrum-os.org">announce-subscribe@spectrum-os.org</a>.
+
+<h3 id="spectrum-discuss">discuss@spectrum-os.org</h3>
+
+<p>
+This list contains high-level discussion about the project.
+
+<p>
+You can
+subscribe <a href="https://spectrum-os.org/lists/postorius/lists/discuss.spectrum-os.org/">on
+the web</a>, or by sending mail
+to <a href="mailto:discuss-subscribe@spectrum-os.org">discuss-subscribe@spectrum-os.org</a>.
+
+<h3 id="spectrum-devel">devel@spectrum-os.org</h3>
+
+<p>
+This list is for the nitty-gritty of development.  It's where
+low-level technical discussions happen, and where patches are sent.
+
+<p>
+There's a <a href="/contributing.html">separate guide</a> for the Spectrum
+development process, including how patches are sent to this list and
+discussed.
+
+<p>
+You can
+subscribe <a href="https://spectrum-os.org/lists/postorius/lists/devel.spectrum-os.org/">on
+the web</a>, or by sending mail
+to <a href="mailto:devel-subscribe@spectrum-os.org">devel-subscribe@spectrum-os.org</a>.
+
+<p>
+<small>You may distribute this content under the terms of either
+the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a>
+license (version 4.0 or later), or
+the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free
+Documentation License</a> (version 1.2 or later), at your
+option.</small>
diff --git a/style.css b/style.css
new file mode 100644
index 0000000..9979547
--- /dev/null
+++ b/style.css
@@ -0,0 +1,19 @@
+/*
+Less is more.
+*/
+
+body {
+    max-width: 65ch;
+    padding: 0 2em;
+    margin: 2em auto;
+    line-height: 1.4;
+    font-family: sans-serif;
+}
+
+h1, h2, h3, h4 {
+    line-height: 1.1;
+}
+
+var {
+    font-family: serif;
+}