diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-10-14 01:08:24 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-10-14 01:17:41 +0000 |
commit | 89f029b73d6d780207e2e213d50f54d3b7a234af (patch) | |
tree | afb131d7a941c8ff692079b8ac656044cb01181b | |
parent | 44d0e0773c22ffe51fbd956885baa6d4106243eb (diff) | |
download | www-89f029b73d6d780207e2e213d50f54d3b7a234af.tar www-89f029b73d6d780207e2e213d50f54d3b7a234af.tar.gz www-89f029b73d6d780207e2e213d50f54d3b7a234af.tar.bz2 www-89f029b73d6d780207e2e213d50f54d3b7a234af.tar.lz www-89f029b73d6d780207e2e213d50f54d3b7a234af.tar.xz www-89f029b73d6d780207e2e213d50f54d3b7a234af.tar.zst www-89f029b73d6d780207e2e213d50f54d3b7a234af.zip |
A new website for a new era (of funding)
-rw-r--r-- | CONTRIBUTING | 30 | ||||
-rw-r--r-- | README | 16 | ||||
-rw-r--r-- | contributing.html | 87 | ||||
-rw-r--r-- | design.html | 112 | ||||
-rw-r--r-- | index.html | 299 | ||||
-rw-r--r-- | motivation.html | 124 | ||||
-rw-r--r-- | nlnet-pet-2019-03.html | 2 | ||||
-rw-r--r-- | participating.html | 124 | ||||
-rw-r--r-- | style.css | 19 |
9 files changed, 549 insertions, 264 deletions
diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..2f1f8b2 --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,30 @@ +---------------------------------------------------------------------- +This file provides instructions for contributing to the website hosted +at <https://spectrum-os.org/>. If you would like to contribute to the +Spectrum operating system itself, please refer to the +contributing.html file. +---------------------------------------------------------------------- + +Design tweaks, content updates, fixes (both factual and grammatical), +and new content for the Spectrum website are all welcomed. + +Try to keep lines at around 70 characters, HTML out of the way as much +as possible while still being valid (did you know <p> can +self-close?), and CSS to a minimum. We want to optimise for the +website being as nice as possible to navigate in a text editor, to +encourage people to edit and improve the website. + +Please send patches to devel@spectrum-os.org. Instructions for how to +do this are provided in the contributing.html file. + +It's helpful if people can see at a glance that your patch is for the +website. To help with this, Git provides a feature that will +automatically prepend a prefix to the subject line of every patch +message sent by it in a given repository. You can configure it by +running the following command in this Git repository: + + git config sendemail.subjectPrefix "PATCH www" + +From now on, git-send-email(1) will automatically add "[PATCH www]" to +the start of every patch sent for this repository, instead of the +default "[PATCH]". \ No newline at end of file diff --git a/README b/README new file mode 100644 index 0000000..156141b --- /dev/null +++ b/README @@ -0,0 +1,16 @@ +These files contain the static portion of the website accessible at +<https://spectrum-os.org/>. CGit, Mailman, etc, are run seperately. + +If you would like to propose changes to the web site, please see the +CONTRIBUTING file. + +The content of these web pages may be redistributed under the terms of +either the CC-BY-SA license (version 4.0 or later), or the GNU Free +Documentation License (version 1.2 or later), at your option. + +The source code of these web pages may be redistributed under the +terms of the GNU General Public License (version 3.0 or later). + +CC-BY-SA: <https://creativecommons.org/licenses/by-sa/4.0/> +GNU Free Documentation License: <https://www.gnu.org/licenses/gfdl.html> +GNU General Public License: <https://www.gnu.org/licenses/gpl-3.0.en.html> \ No newline at end of file diff --git a/contributing.html b/contributing.html new file mode 100644 index 0000000..9898be0 --- /dev/null +++ b/contributing.html @@ -0,0 +1,87 @@ +<!doctype html> +<html lang="en"> + +<head> + +<meta charset="utf-8"> +<meta name="viewport" content="width=device-width,initial-scale=1"> + +<link rel="stylesheet" href="style.css"> + +<title>Contributing to Spectrum</title> + +<body> + +<h1>Contributing to Spectrum</h1> + +<p> +Thank you so much for your interest in contributing to Spectrum. +Having a healthy community of people who feel empowered to work on the +project is vital to its success. To that end, if you have any +questions about contributing to the project, +please <a href="participating.html">get in touch</a> with the +community, and we'll gladly help you out! + +<h2>Contributing code</h2> + +<p> +If you're interested in contributing code to Spectrum, you +can <a href="https://spectrum-os.org/git/">find</a> the source +repositories online. If you've made changes you'd like to be included +in the official Spectrum distribution, please send patches to the +spectrum-devel <a href="https://spectrum-os.org/lists/postorius/lists/devel.spectrum-os.org/"> +mailing list</a> +(<a href="mailto:devel@spectrum-os.org">devel@spectrum-os.org</a>). + +<p> +<strong>DON'T PANIC.</strong> + +<p> +Sending patches to the list is easy — you can do it with Git, straight +from the command line. <strong>You don't have to set anything up in +your email client</strong>, and <strong>you don't have to subscribe to +the list</strong>. The only thing you need to do is probably to set +up Git so it knows how to send email using your provider's SMTP +server. These <a href="https://git-send-email.io/">instructions</a> +should be enough to get you going, but if you're still stuck, send an +email +to <a href="mailto:devel@spectrum-os.org">devel@spectrum-os.org</a> +and we'll help you out. + +<p> +Once you have Git configured correctly, sending your changes to the +list should be as simple as something like + +<pre> +git send-email origin/master --to devel@spectrum-os.org +</pre> + +<p> +You'll be CCed on replies to your posts, so you don't even have to be +subscribed to the mailing list if you're worried about too much +traffic. There's also +a <a href="https://spectrum-os.org/lists/hyperkitty">web interface</a> +that you can use to browse or even post to the mailing list. + +<p> +Don't be too afraid of getting it wrong the first couple of times. +This might well be a new way of collaborating for you, and everybody +understands that. Hopefully, you'll soon realise just how effective +this style of collaboration can be compared to the alternatives. + +<h2>Contributing other things</h2> + +<p> +At this early stage, it's difficult to say what things would be useful +to the project beyond code. Artwork and documentation will be +extremely important and valuable, but we don't yet have a good place +to keep / use them. But, don't let that dissuade you! At some point +we'll need all sorts of things, and we might as well get the work done +early if people are willing to do it. + +<p> +If you think you have skills to offer the project beyond writing code, +we'd love to hear from you. The best thing to do is to either talk +with us +on <a href="contributing.html#spectrum-discuss">spectrum-discuss</a>, +or in real time on <a href="contributing.html#irc">IRC</a>. diff --git a/design.html b/design.html new file mode 100644 index 0000000..4b96a41 --- /dev/null +++ b/design.html @@ -0,0 +1,112 @@ +<!doctype html> +<html lang="en"> + +<head> + +<meta charset="utf-8"> +<meta name="viewport" content="width=device-width,initial-scale=1"> + +<link rel="stylesheet" href="style.css"> + +<title>Spectrum Design</title> + +<body> + +<h1>Spectrum Design</h1> + +<p> +Spectrum will, for now, be a Linux-based system, derived from NixOS. +This gives us an actively-developed base with good hardware support, +powerful and optimised compartmentalization primitives in KVM, and the +reproducible packaging and configuration system that +is <a href="motivation.html">important</a> for a maintainable +compartmentalized system. + +<p> +The current plan is to implement compartmentalization in Spectrum by +running each application +inside <a href="https://chromium.googlesource.com/chromiumos/platform/crosvm/">crosvm</a>, +the hypervisor used by ChromiumOS. Qubes-style isolated, composited +windowing for applications can hopefully be provided through its +virtio-wayland feature, or failing that +through <a href="https://xpra.org/">Xpra</a>. Using a full virtual +machine for each application might come with high resource +requirements at first, but over time we should be able to optimise +this, for example by doing clever tricks +like <a href="https://lwn.net/Articles/610174/">DAX</a> to a read-only +storage device shared by multiple guests to save on duplicated memory. +In the short term, it might be prudent to allow multiple applications +to run in a single KVM instance, but our long-term focus should be on +one per application. + +<p> +Each virtual machine will be generated by +a <a href="https://nixos.org/nix/">Nix</a> derivation, and will have a +completely immutable root file system. Persistent storage will be +provided by virtual block devices, that arbitrary paths on the system +can be mapped to from the host. There may be other writable mount +points inside the virtual machine, but these will not persist between +reboots of the VM. Using Nix to generate virtual machines allows them +to be reproducibly built, rolled back, edited, and migrated as source +code, rather than large, opaque virtual machine images. + +<p> +Virtual block devices will also be defined in Nix, and block devices +and applications will be <var>m</var>:<var>n</var>. Some virtual +machines may have no persistent storage, or even write access to a +disk, at all. In other cases, it might be desirable for multiple +applications to be able to access the same device, such as a local +mail store being shared by two mail clients. Other resources and +permissions, such as network cards and USB controllers, will similarly +be defined in Nix. There are three logical sections for the Nix +configuration -- applications, which are just packages, resources +(virtual or physical devices), and <i>application instances</i>, which +are mappings between applications and accessible resources. This +structure allows users to have multiple instances of the same +application, with different permissions. + +<p> +Initial versions of Spectrum will have the user be responsible for +writing Nix code for each application and resource, and the +combinations they make between them. In future, it would be good if +this could be handled by a graphical interface and a data file for +simple cases, with Nix importing the data file and using it as input +for the standard functions that would be called in a Nix-language +configuration file. This use case should be kept in mind when writing +the Nix API for Spectrum. + +<p> +While Spectrum is expected to largely run on personal computers, most +of which will almost certainly use the x86_64 architecture, this will +not be the only architecture given first class support by Spectrum. +One of the advantages to Spectrum's Linux base is the extremely wide +hardware support that Linux offers, and, beyond that, x86_64 +is <a href="https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf">notably +untrustworthy</a>, especially with +the <a href="https://invidio.us/watch?v=_eSAF_qT_FY">huge attack +surface</a> of +the <a href="https://en.wikipedia.org/wiki/Intel_Management_Engine">Intel +Management Engine</a> +/ <a href="https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor">AMD +Platform Security Processor</a>. + +<p>So, Spectrum will additionally have +first class support for at least ppc64le. This architecture has been +chosen because it is the only other architecture that can come close +to the sheer performance x86_64 can offer at the high end, and +because, in stark contrast to x86_64, it is possible to buy a new +ppc64le (POWER9) system that does not require any proprietary firmware +that cannot be inspected and audited. It is a goal of the project to +build all packages, x86_64 and ppc64le, on POWER9 hardware. Even if a +user has to trust the x86_64 computer available to them, anti-freedom +firmware, undocumented backdoors and all, it would be a disservice to +them to force them to use packages built on other such untrustworthy +hardware. + +<p> +<small>You may distribute this content under the terms of either +the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a> +license (version 4.0 or later), or +the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free +Documentation License</a> (version 1.2 or later), at your +option.</small> diff --git a/index.html b/index.html index 7e3d316..1e6afcd 100644 --- a/index.html +++ b/index.html @@ -6,6 +6,8 @@ <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> +<link rel="stylesheet" href="style.css"> + <title>Spectrum, a step towards usable secure computing</title> <body> @@ -13,279 +15,48 @@ <h1>Spectrum — a step towards <em>usable</em> secure computing</h1> <p> -<a href="mailto:hi@alyssa.is">Alyssa Ross</a>, 2018-2019. - -<p> -You may distribute this work under the terms of either -the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a> -license (version 4.0 or later), or -the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free -Documentation License</a> (version 1.2 or later), at your option. - -<h2>Motivation</h2> - -<p> -Existing attempts to improve on the security of Unix-like operating -systems for everyday personal use have been hampered by complexity, -bugs, and security theatre. The concept of isolating applications by -giving them what appears to be a dedicated computer to run in is a -solid one, because it allows virtually all existing software to run -without modification. However, allowing all these isolated computers -to persist state leads to large maintenance costs — you now -have <var>n</var> stateful computers to maintain, not one. - -<p> -By minimizing the persistent state these computers are allowed to -store to a well-defined absolute minimum required by the software -running inside them, not only do we improve maintainability by -minimising side effects and even allowing the computers to be -regenerated without data loss if required, we also massively reduce -the avenues to persisting malware. - -<p> -Mutable state across the whole system isolated into two locations on -the host: a global state store, which is broken down by application -instance, and a global configuration file defining all configuration -for the host, and the isolated environments for each application -instance. Aside from these two locations, the host computer should -prevent persistent state as much as possible. This means that it is -possible to restore the host computer, along with all the isolated -application environments, simply by restoring a copy of the global -state store and configuration file. After an audit of the global -configuration, a potentially compromised host could be safely restored -onto a new computer without risk of the new host inheriting the -infection from the old one, since the only mutable data affecting the -host is the global configuration file. (Of course, this does not -prevent the new host from being compromised shortly afterward through -the same methods.) - -<h3>Existing implementations of security by compartmentalization</h3> - -<h4>Qubes OS</h4> - -<p> -Qubes OS is a distribution of the Xen hypervisor that isolates IO and -user applications inside their own dedicated virtual machines. Many -people interested in secure computing are aware of Qubes, however they -are often hampered by usability issues: - -<ul> - - <li> - Hardware compatibility is extremely limited. People often have - to buy a new computer just to use Qubes, and even then it can be a - struggle to set up. - - <li> - People are reluctant to use Xen on their computer for power - management etc. reasons. - - <li> - VMs are heavy, and there is no isolation between applications in the - same domain (VM). - - <li> - GUI applications are buggy, command line tools are mostly - undocumented. - - <li> - Maintaining many different TemplateVMs with persistent state is - difficult. (Qubes can use Salt to mitigate this.) - -</ul> - -<p> -However, the Qubes developers have created utilities for using -compartmentalized environments that could be very useful to other -implementations. For example, Qubes allows clipboard data to be safely -shared between isolated environments with explicit user action on both -ends, and Qubes Split GPG allows one environment to perform operations -using a GPG key stored in another environment, with permission granted -on a per-operation basis. - -<h4>Subgraph OS</h4> - -<p> -Subgraph only provides isolation to the 22 applications they have -manually containerized. Any other software is still run as normal. We -consider this a major security issue. - -<p> -The last release of SubgraphOS was an alpha in 2017. - -<h2>Implementation</h2> - -<p> -Because of the explosion of interest in compartmentalized computing in -recent years, there exists a plethora of existing work that can be -harnessed to implement these concepts. - -<h3>Containers</h3> - -<p> -A container is an isolated computing environment created using a -variety of features of the Linux kernel. A container can -be <em>almost</em> entirely isolated from the host system, and those -components that <em>are</em> shared can likely be made inaccessible to -isolated applications by denying them root access to their isolated -environments. Unlike virtual machines, containers share a kernel with -the host operating system, and do not require specially allocated -resources (although it is still possible to limit resource use by a -container). This makes containers able to deliver good performance -with far looser hardware requirements than virtual machines. - -<p> -In the proof of concept implementation, Docker, a popular -implementation of containers, is used. However, there is probably -not any tight coupling to Docker-specific features, and so Docker -could most likely be easily swapped out for another container -implementation, or even for virtual machines. - -<h4>Containers for personal computing</h4> - -<p> -Containers have mostly been designed for isolating headless server -applications. Additional challenges present themselves when applying -container-based application isolation to personal computing. - -<h5>Graphical User Interfaces</h5> - -<p> -The X11 protocol provides no isolation between applications -whatsoever. Any application (including one running on a remote server -using SSH X forwarding) can capture windows of other applications, -read from them, and even send events to them freely. The solution to -this problem is to use a separate X server for each container, and -then forward them over another protocol (such as VNC) to the window -manager running either on the host or, preferably, in a dedicated -container of its own. The pre-existing Xpra software provides this -capability. Doing this inevitably gives rise to yet more problems, -mostly around performance, although these should be solvable also: - -<ul> - - <li> - The current implementation of Xpra window forwarding causes - noticeable lag in high frame rate operations such as video playback - or gradual window resizing. This implementation uses a Unix socket - inside a tmpfs on the host, which is then mounted into the - container. However, Xpra also supports communicating over mapped - memory, and this should be significantly faster. - - <li> - An Xpra server (of which there must be one for every isolated - application instance) takes most of a minute to start. This - means that the delay before a window appears is extremely long - compared to traditional personal computing systems. One promising - solution to this takes advantage of the fact that Xpra servers do - not require any application specific configuration (at least for - most applications), and so while each application instance requires - its own Xpra server, the server does not need to have been created - specifically for this application. This allows us to create several - Xpra servers ahead of time (in containers of themselves), and then - assign them to application instances on demand, starting the process - of generating the next Xpra server in the background. - -</ul> - -<p> -Given the fundamental shortcomings in X, it might seem obvious to use -Wayland instead. Unlike X, Wayland was designed with security and -isolation between applications in mind. However, existing Wayland -implementations have no way of controlling isolation between -applications. A single Wayland compositor could provide e.g. clipboard -isolation in a similar way to Qubes or Xpra, but this doesn't exist -yet. Writing a Wayland compositor is not a simple task, even with a -library like wlroots that does a lot of heavy lifting, and it would -also couple a user to a single window manager or desktop -environment. While Wayland is extremely usable for general-purpose -desktop computing at this point, until a solution for these issues is -reached, Wayland is not suitable for a compartmentalized operating -system. - -<h3>NixOS</h3> - -<p> -The proof of concept implementation is built on top of NixOS Linux, an -operating system which is itself built on Nix, a purely functional -package manager. Nix provides pure packages (meaning packages will be -built from identical inputs each time — their outputs will not -necessarily be byte-identical). NixOS makes it possible to define an -entire GNU/Linux system in this manner. +Spectrum is a project that aims to create a computer operating system, +based on the principle of security by compartmentalization, that has a +lower barrier to entry and is easier to use and maintain than other +such systems. <p> -However, NixOS does not attempt to completely eliminate undeclared -state — it even allows for imperative package installation, which -makes a Nix package that has not been defined in the global -configuration available in the current environment. Responsibility for -eliminating this sort of mutable state lies with the Spectrum -implementation. +User data and application state will be managed centrally, while +remaining isolated, meaning that the system can be backed up and +managed as a whole, rather than mixed up in several dozen virtual +machines. <p> -The nixpkgs repository provides functions for generating Docker -containers from Nix expressions, using existing Nix package -definitions. These containers are not full NixOS installations — in -fact, they don't even have Nix or coreutils installed by default. This -ensures only the minimum software required for the isolated -application to run is available, reducing attack surface. +The host system and isolated environments will all be managed +declaratively and reproducibly +using <a href="https://nixos.org/nix/">Nix</a>, the purely functional +package manager. This will save the user the burden of maintaining +many different virtual computers, allowing finer-grained resource +access controls and making it possible to verify the software running +across all environments. <p> -NixOS provides its own container implementation, based on -systemd-nspawn however this is not suitable for security by -compartmentalization. Firstly, it is designed to contain full -installations of NixOS, rather than single applications. Further, it -has apparently proven to be unreliable and suffer breakages, and its -focus is not on providing truly isolated computing environments. By -contrast, other container implementations (such as, but not -exclusively, Docker), have reached a point of relative stability, and -had extensive resources put into making them as isolated as possible -from the host system. - -<h2>Current status</h2> +Further reading is available about +Spectrum's <a href="motivation.html">motivation</a> +and <a href="design.html">design</a>. If you want to jump straight in +and read our code, you can <a href="https://spectrum-os.org/git/">do +that</a> too. <p> -I have just begun full time work on Spectrum. Source code repositories -and discussion channels will be made available as soon, and I will -publish regular status updates. The first of these can -be <a href="https://alyssa.is/leaving-freeagent">found</a> on my -blog. to make it as clear as possible that Spectrum is not vapourware, -and that progress is rapidly being made. - -<h2>Changelog</h2> - -<h3><time>2019-08-17</time></h3> +Spectrum is free software, currently under active development. If you +are interested in <a href="participating.html">participating</a>, we'd +love to have you. <p> -Update Current status to reflect that full time work can now begin. - -<h3><time>2019-07-06</time></h3> +Funding for Spectrum is provided +by <a href="https://www.ngi.eu/about/ngi-zero/">NGI Zero</a>, an +initiative by the Digital Single Market of the European +Commission. <p> -Add current status section. - -<h3><time>2019-05-01</time></h3> - -<p> -Fix typo: "thins" → "this". - -<h3><time>2019-03-31</time></h3> - -<ul> - - <li> - Explain why Wayland isn't (yet) the answer - - <li> - Project name updated - - <li> - Converted to HTML - - <li> - Removed explicit GPLv3 license, because CC-BY-SA 4.0 is - GPLv3-compatible - - <li> - Minor copy editing - -</ul> +<small>You may distribute this content under the terms of either +the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a> +license (version 4.0 or later), or +the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free +Documentation License</a> (version 1.2 or later), at your +option.</small> diff --git a/motivation.html b/motivation.html new file mode 100644 index 0000000..fe9ed97 --- /dev/null +++ b/motivation.html @@ -0,0 +1,124 @@ +<!doctype html> +<html lang="en"> + +<head> + +<meta charset="utf-8"> +<meta name="viewport" content="width=device-width,initial-scale=1"> + +<link rel="stylesheet" href="style.css"> + +<title>Motivation for Spectrum</title> + +<body> + +<h1>Motivation for Spectrum</h1> + +<p> +Existing attempts to improve on the security of Unix-like operating +systems for everyday personal use have been hampered by complexity, +bugs, and security theatre. The concept of isolating applications by +giving them what appears to be a dedicated computer to run in is a +solid one, because it allows virtually all existing software to run +without modification. However, allowing all these isolated computers +to persist state leads to large maintenance costs — you now +have <var>n</var> stateful computers to maintain, not one. + +<p> +By minimizing the persistent state these computers are allowed to +store to a well-defined absolute minimum required by the software +running inside them, not only do we improve maintainability by +minimising side effects and even allowing the computers to be +regenerated without data loss if required, we also massively reduce +the avenues to persisting malware. + +<p> +Mutable state, then, across the whole system could be isolated into +two locations on the host: a global state store, which is broken down +by application instance, and a global configuration file defining all +configuration for the host, and the isolated environments for each +application instance. Aside from these two locations, the host +computer should prevent persistent state as much as possible. This +means that it is possible to restore the host computer, along with all +the isolated application environments, simply by restoring a copy of +the global state store and configuration file. After an audit of the +global configuration, a potentially compromised host could be safely +restored onto a new computer without risk of the new host inheriting +the infection from the old one, since the only mutable data affecting +the host is the global configuration file. (Of course, this does not +prevent the new host from being compromised shortly afterward through +the same methods.) + +<p> +This system is Spectrum. + +<h2>Existing implementations of security by +compartmentalization</h2> + +<h3>Qubes OS</h3> + +<p> +<a href="https://www.qubes-os.org/">Qubes OS</a> is a distribution of +the <a href="https://xen.net/">Xen</a> hypervisor that isolates IO and +user applications inside their own dedicated virtual machines. Many +people interested in secure computing are aware of Qubes, however they +are often hampered by usability issues: + +<ul> + + <li><p> + Hardware compatibility is extremely limited. People often have + to buy a new computer just to use Qubes, and even then it can be a + struggle to set up. + + <li><p> + People are reluctant to use Xen on their computer for power + management etc. reasons. + + <li><p> + VMs are heavy, and there is no isolation between applications in the + same domain (VM). + + <li><p> + GUI applications are buggy, command line tools are mostly + undocumented. + + <li><p> + Maintaining many different TemplateVMs with persistent state is + difficult. (Qubes + can <a href="https://www.qubes-os.org/doc/salt/">use</a> + <a href="https://docs.saltstack.com/en/latest/">Salt</a> + to mitigate this.) + +</ul> + +<p> +It is important to note, however, that the Qubes developers have +created utilities for using compartmentalized environments that could +be very useful to other implementations. For example, +Qubes <a href="https://www.qubes-os.org/doc/copy-paste/">allows</a> +clipboard data to be safely shared between isolated environments with +explicit user action on both ends, +and <a href="https://www.qubes-os.org/doc/split-gpg/">Qubes Split +GPG</a> allows one environment to perform operations using a GPG key +stored in another environment, with permission granted on a +per-operation basis. + +<h3>Subgraph OS</h3> + +<p> +<a href="https://subgraph.com/sgos/">Subgraph OS</a> only provides +isolation to the 22 applications they have manually containerized. Any +other software is still run as normal. This should be considered a +major security issue. + +<p> +The last release of SubgraphOS was an alpha in 2017. + +<p> +<small>You may distribute this content under the terms of either +the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a> +license (version 4.0 or later), or +the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free +Documentation License</a> (version 1.2 or later), at your +option.</small> diff --git a/nlnet-pet-2019-03.html b/nlnet-pet-2019-03.html index 0bf02fc..48e153c 100644 --- a/nlnet-pet-2019-03.html +++ b/nlnet-pet-2019-03.html @@ -5,6 +5,8 @@ <meta charset="utf-8"> <meta name="viewport" content="width=device-width,initial-scale=1"> +<link rel="stylesheet" href="style.css"> + <title>Spectrum NGI Privacy grant application</title> <body> diff --git a/participating.html b/participating.html new file mode 100644 index 0000000..c66bd58 --- /dev/null +++ b/participating.html @@ -0,0 +1,124 @@ +<!doctype html> +<html lang="en"> + +<head> + +<meta charset="utf-8"> +<meta name="viewport" content="width=device-width,initial-scale=1"> + +<link rel="stylesheet" href="style.css"> + +<title>Participating in Spectrum</title> + +<body> + +<h1>Participating in Spectrum</h1> + +<p> +There are several places online in which announcements, discussion, +and collaboration happen. Rather than tell you about them all at +once, though, it's best to tell you which ones are relevant to you, +given how you'd like to participate (or not) in the project. + +<p> +Our primary methods of communication are mailing lists and IRC. If +this isn't how you're used to interacting with free software projects, +<strong>DON'T PANIC</strong>. + +<p> +We provide instructions for how to get started, and several different +interfaces for you to choose from depending on what workflow (web, +mail, Atom, etc.) makes you most comfortable. Details of these will +be explained further on, but first, you should figure out what +communication channels are actually relevant for you. + +<p> +If you're interested in keeping up to date with announcements from +Spectrum's developers, you should subscribe +to <a href="#spectrum-announce">spectrum-announce</a>. You can +discuss Spectrum and related topics in real time +on <a href="#irc"><abbr title="Internet Relay Chat">IRC</abbr></a>, or +more long-form on <a href="#spectrum-discuss">spectrum-discuss</a>. +Finally, development work happens in +Spectrum's <a href="https://spectrum-os.org/git/">source +repositories</a>, and is discussed +on <a href="#spectrum-devel">spectrum-devel</a>. There's another page +that goes into more detail +about <a href="contributing.html">contributing to Spectrum's +development</a>. + +<h2>IRC</h2> + +<p> +There is a single IRC +channel, <a href="ircs://chat.freenode.net:6997/spectrum">#spectrum</a> +on Freenode, for all kinds of Spectrum discussions. If you're new to +IRC, you might find +Freenode's <a href="https://webchat.freenode.net/#spectrum">web +chat</a> the easiest way to get started. + +<h2>Mailing lists</h2> + +<p> +If you're interested in participating in the project, or even just +following along with it, the best thing to do is subscribe to one or +more of the Spectrum mailing lists. + +<p> +If mailing lists aren't your thing, that's okay! Try +the <a href="https://spectrum-os.org/lists/hyperkitty/">web UI</a>, which allows you to +interact with the mailing lists much like a modern web forum. + +<p> +Each list +has <a href="https://spectrum-os.org/lists/archives/">archives</a> +that can also be accessed via the web, NNTP or Atom. You are strongly +encouraged to mirror them. + +<h3 id="spectrum-announce">announce@spectrum-os.org</h3> + +<p> +This is a one-way list where announcements from Spectrum's developers +will be posted. + +<p> +You can +subscribe <a href="https://spectrum-os.org/lists/postorius/lists/announce.spectrum-os.org/">on +the web</a>, or by sending mail +to <a href="mailto:announce-subscribe@spectrum-os.org">announce-subscribe@spectrum-os.org</a>. + +<h3 id="spectrum-discuss">discuss@spectrum-os.org</h3> + +<p> +This list contains high-level discussion about the project. + +<p> +You can +subscribe <a href="https://spectrum-os.org/lists/postorius/lists/discuss.spectrum-os.org/">on +the web</a>, or by sending mail +to <a href="mailto:discuss-subscribe@spectrum-os.org">discuss-subscribe@spectrum-os.org</a>. + +<h3 id="spectrum-devel">devel@spectrum-os.org</h3> + +<p> +This list is for the nitty-gritty of development. It's where +low-level technical discussions happen, and where patches are sent. + +<p> +There's a <a href="/contributing.html">separate guide</a> for the Spectrum +development process, including how patches are sent to this list and +discussed. + +<p> +You can +subscribe <a href="https://spectrum-os.org/lists/postorius/lists/devel.spectrum-os.org/">on +the web</a>, or by sending mail +to <a href="mailto:devel-subscribe@spectrum-os.org">devel-subscribe@spectrum-os.org</a>. + +<p> +<small>You may distribute this content under the terms of either +the <a href="https://creativecommons.org/licenses/by-sa/4.0/">CC-BY-SA</a> +license (version 4.0 or later), or +the <a href="https://www.gnu.org/licenses/gfdl.html">GNU Free +Documentation License</a> (version 1.2 or later), at your +option.</small> diff --git a/style.css b/style.css new file mode 100644 index 0000000..9979547 --- /dev/null +++ b/style.css @@ -0,0 +1,19 @@ +/* +Less is more. +*/ + +body { + max-width: 65ch; + padding: 0 2em; + margin: 2em auto; + line-height: 1.4; + font-family: sans-serif; +} + +h1, h2, h3, h4 { + line-height: 1.1; +} + +var { + font-family: serif; +} |