Michael Raskin wrote:
- "GUI applications are buggy, command line tools are mostly undocumented": I assume that the reason for this is the lack of resources the Qubes project has. However, I don't see how this will be be better in the case of Spectrum which is a new project with one developer. My understanding is that a lot of the instability I've encountered with Qubes's tools comes down to some severe technical debt with their inter-VM communication system. This is likely something that is very difficult to fix, but easy to learn from. Being a new project allows Spectrum to learn from Qubes' mistakes. I agree, but I'm still not convinced this will be different in the case of Spectrum, having even more limited dev resources than Qubes'. I mean, if the Qubes folks could fix these issues without a huge effort, even if it meant rewriting all the inter-VM communication tools, they probably would. If they didn't, I assume this is because this is just a huge undertaking (as is the whole project), and they're busy with other work which has higher priority. I would assume that you will end up in exactly the same situation.
Note that SpectrumOS is going to make tradeoffs that are complete non-starters for Qubes.
True, but I'm not sure this applies to making GUI tools less buggy, or having better documentation for CLI tools. Even if Spectrum development will make big compromises, I find it unlikely that these aspects will be improved over Qubes. Now, I'm not saying this is not possible at all. Maybe a 100 new contributors will join the project soon and will make this viable. I just think that this is not a strong selling point of Spectrum, which is somewhat implied in the motivation page.
A wl_roots based tooling is seriously considered for the first full release, after all���
Is using wl_roots a non-starter for Qubes?
A lot of problems for Qubes is that things are hard to do without making security slightly worse than what Qubes has now. Spectrum is definitely not going to achieve this level of security anytime soon for various reasons, and the goal is more to find the best trade-off between security and usability.
There is quite a bit of design space in the gap between ��quite a bit more secure than Firejail, with the ease of use around plain NixOS plus Firejail�� and ��less secure than Qubes, but easier to manage��.
What do you mean by "quite a bit more secure than firejail"? isn't this side of the spectrum actually "firejail-like security"? The way I see it, the following are the major points on the usability-security spectrum for running desktop Linux (or another desktop OS for that matter), starting from the best usability and worst security, and ending in the worst usability and best security: 1. Run a regular Linux distro (some are better than others in providing quick security updates) 2. Harden the system: sandbox processes, harden the kernel and important userspace libraries like libc, enforce MAC, use Wayland instead of X11, firewall, verified/secure boot, etc. 3. Use Qubes Most users, of course, don't bother and just use (1), which is actually fine in most cases. (2) gives pretty good usability, with the main issues related to sandboxing, since most Linux desktop apps were not built with sandboxing in mind, and the overall experience does not support it well (for example, there's no standard permission dialogs like in Android, where sandboxing works much better in practice). Theoretically, people could use (2), run untrusted software in VMs to get strong sandboxing but still be able to use most software, and get pretty good security. In practice this doesn't quite work because running stuff in dedicated VMs is not streamlined enough, so people just don't do it. Then there's (3), which is the most secure, but has some usability issues that were already mentioned. So Spectrum can fill the gap between (2) and (3).