mirror of
https://github.com/QubesOS/qubes-doc.git
synced 2024-12-24 06:49:34 -05:00
parent
f074152217
commit
3db4fe4ed5
54
about/code-of-conduct.md
Normal file
54
about/code-of-conduct.md
Normal file
@ -0,0 +1,54 @@
|
||||
---
|
||||
layout: default
|
||||
title: Code of Conduct
|
||||
permalink: /code-of-conduct/
|
||||
---
|
||||
|
||||
## Our Pledge
|
||||
|
||||
The Qubes OS project creates a reasonably secure OS. In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to make participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, sexual identity and orientation, or other characteristic.
|
||||
|
||||
## Our Standards
|
||||
|
||||
Examples of behavior that contributes to creating a positive environment include:
|
||||
|
||||
- Using welcoming and inclusive language
|
||||
- Being respectful of differing viewpoints and experiences
|
||||
- Gracefully accepting constructive criticism
|
||||
- Focusing on what is best for the community
|
||||
- Showing empathy towards other community members
|
||||
|
||||
Examples of unacceptable behavior by participants include:
|
||||
|
||||
- The use of sexualized language or imagery and unwelcome sexual attention or advances
|
||||
- Trolling, insulting/derogatory comments, and personal or political attacks
|
||||
- Reinforcing stereotypical models for illustration of non-technical users (e.g. our mothers/grandmothers, etc.)
|
||||
- Public or private harassment, as defined by the [Citizen Code of Conduct](http://citizencodeofconduct.org/)
|
||||
- Publishing others' private information, such as a physical or electronic address, without explicit permission
|
||||
- Other conduct which could reasonably be considered inappropriate in a professional setting
|
||||
|
||||
(Please also see our [mailing list discussion guidelines](https://www.qubes-os.org/mailing-lists/#discussion-list-guidelines).)
|
||||
|
||||
## Our Responsibilities
|
||||
|
||||
Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior. This action can include removing, editing, or rejecting comments, commits, code, wiki edits, issues, and other contributions, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at `mods@qubes-os.org`. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
|
||||
|
||||
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
|
||||
|
||||
## A note on trust
|
||||
|
||||
Expect all contributions to be reviewed with some amount of healthy adversarial skepticism, regardless of your perceived standing in the community.
|
||||
This is a security project, and allowing ourselves to get complacent while reviewing code simply because it comes from a well-known party would not be in the best interest of the project.
|
||||
Please try not to get offended if you perceive your contributions as being met with distrust -- we are most definitely thankful and appreciative of your efforts, but must also remain vigilant in order to ensure continued quality and safeguard against potential sabotage.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from the [Contributor Covenant, version 1.4](http://contributor-covenant.org/version/1/4) and the [Rust Code of Conduct](https://www.rust-lang.org/en-US/conduct.html).
|
80
about/donate.md
Normal file
80
about/donate.md
Normal file
@ -0,0 +1,80 @@
|
||||
---
|
||||
layout: default
|
||||
title: Donations
|
||||
permalink: /donate/
|
||||
redirect_from:
|
||||
- /en/donate/
|
||||
- /doc/Donations/
|
||||
- /wiki/Donations/
|
||||
---
|
||||
|
||||
**News:** [Qubes OS Begins Commercialization and Community Funding Efforts!](/news/2016/11/30/qubes-commercialization/)
|
||||
|
||||
Thank you for your interest in supporting Qubes! The Qubes Project accepts
|
||||
monetary donations in
|
||||
<a href="#bitcoin"><i class="fa fa-btc black-icon" aria-hidden="true"></i> Bitcoin</a>
|
||||
(preferred) or by
|
||||
<a href="#credit-card"><i class="fa fa-credit-card black-icon" aria-hidden="true"></i> Credit Card</a>.
|
||||
If you are interested instead in donating hardware or providing substantial and
|
||||
sustained [funding], please visit the [Qubes Partners page].
|
||||
|
||||
<h2 id="bitcoin"><img src="/attachment/site/btc.png"> Donate Bitcoin</h2>
|
||||
|
||||
Bitcoin donations have zero administrative overhead for us, which means 100% of
|
||||
your donation goes towards supporting Qubes development!
|
||||
(Please note that we do not currently accept donations in other cryptocurrencies.)
|
||||
|
||||
#### Donation Address:
|
||||
|
||||
<form class="more-bottom">
|
||||
<div class="form-group">
|
||||
<div class="input-group input-group-lg">
|
||||
<span class="input-group-addon" id="donate-btn-icon"><i class="fa fa-btc"></i></span>
|
||||
<input type="text" class="form-control" aria-describedby="donate-btc-icon" value="3GakuQQDUGyyUnV1p5Jc3zd6CpQDkDwmDq" readonly>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
|
||||
#### How to Verify the Address
|
||||
|
||||
The donation address can be verified via the [Qubes Security Pack]
|
||||
(QSP or `qubes-secpack`), specifically in the [fund] directory. Detailed
|
||||
instructions for verifying the digital signatures are available [here][verify].
|
||||
You can also view the address on [blockexplorer.com] and [blockchain.info].
|
||||
|
||||
#### About the Donation Fund
|
||||
|
||||
The Qubes Project maintains a decentralized Bitcoin fund using a
|
||||
multi-signature wallet. This means that no single person is capable of spending
|
||||
these funds. For further details, please see [here][announcement].
|
||||
|
||||
<h2 id="credit-card"><i class="fa fa-credit-card" aria-hidden="true"></i> Donate with a Credit Card</h2>
|
||||
|
||||
You can donate towards Qubes development using your credit card through
|
||||
[Open Collective] (which uses [Stripe][stripe] to process financial
|
||||
transactions). Please note that, unlike [Bitcoin donations], we lose
|
||||
[~14%][open-collective-faq] of every credit card donation to administrative
|
||||
overhead.
|
||||
|
||||
---
|
||||
|
||||
## About Your Donation
|
||||
|
||||
- We will use your donations to fund our continued development of Qubes.
|
||||
- We regret that we cannot implement requested features based on funding. (If
|
||||
everybody were to decide, then nothing would get implemented.)
|
||||
- Donations to the Qubes project are not tax-deductible.
|
||||
|
||||
[funding]: /funding/
|
||||
[Qubes Partners page]: /partners/
|
||||
[Qubes Security Pack]: /security/pack/
|
||||
[fund]: https://github.com/QubesOS/qubes-secpack/tree/master/fund
|
||||
[announcement]: /news/2016/07/13/qubes-distributed-fund/
|
||||
[verify]: /security/pack/#how-to-obtain-verify-and-read
|
||||
[blockexplorer.com]: https://blockexplorer.com/address/3GakuQQDUGyyUnV1p5Jc3zd6CpQDkDwmDq
|
||||
[blockchain.info]: https://blockchain.info/address/3GakuQQDUGyyUnV1p5Jc3zd6CpQDkDwmDq
|
||||
[Open Collective]: https://opencollective.com/qubes-os
|
||||
[Bitcoin donations]: #bitcoin
|
||||
[open-collective-faq]: https://opencollective.com/faq
|
||||
[stripe]: https://stripe.com
|
||||
|
121
about/experts.md
Normal file
121
about/experts.md
Normal file
@ -0,0 +1,121 @@
|
||||
---
|
||||
layout: home
|
||||
title: Experts
|
||||
permalink: /experts/
|
||||
---
|
||||
|
||||
<div class="home-content container">
|
||||
<div class="row more-top">
|
||||
<div class="col-lg-12 col-md-12">
|
||||
<h2 class="text-center"><i class="fa fa-thumbs-o-up"></i> What the experts are saying about Qubes</h2>
|
||||
</div>
|
||||
</div>
|
||||
<div class="white-box more-bottom">
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/Snowden/status/781493632293605376" target="_blank">
|
||||
<img src="/attachment/site/picture-snowden.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/Snowden/status/781493632293605376" target="_blank">
|
||||
<blockquote>"If you're serious about security, QubesOS is the best OS available today. It's what I use, and free. Nobody does VM isolation better."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Edward Snowden<cite>, whistleblower and privacy advocate</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/hashbreaker/status/577206817475850240" target="_blank">
|
||||
<img src="/attachment/site/picture-dan-bernstein.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/hashbreaker/status/577206817475850240" target="_blank">
|
||||
<blockquote>"Happy thought of the day: An attacker who merely finds a browser bug can't listen to my microphone except when I've told Qubes to enable it."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Daniel J. Bernstein<cite title="Source Title">, mathematician, cryptologist, computer scientist</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/micahflee/status/577998730340622337" target="_blank">
|
||||
<img src="/attachment/site/picture-micah-lee.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/micahflee/status/577998730340622337" target="_blank">
|
||||
<blockquote>"When I use Qubes I feel like a god. Software thinks that it's in control, that it can do what it wants? It can't. I'm in control."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Micah Lee<cite title="Source Title">, Freedom of the Press Foundation, The Intercept</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/isislovecruft" target="_blank">
|
||||
<img src="/attachment/site/picture-isis.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/isislovecruft" target="_blank">
|
||||
<blockquote>"With QubesOS, I feel more comfortable accessing Tor Project infrastructure from the same laptop I use to execute random GameBoy ROMs I downloaded from the internet."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Isis Agora Lovecruft<cite title="Source Title">, cypherpunk, Tor Project core developer</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/csoghoian/status/756212792785534976" target="_blank">
|
||||
<img src="/attachment/site/picture-soghoian.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/csoghoian/status/756212792785534976" target="_blank">
|
||||
<blockquote>"I am so much happier and less stressed out after switching to QubesOS. Can wholeheartedly recommend."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Christopher Soghoian<cite title="Source Title">, privacy researcher, activist, and principal technologist at the ACLU</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/petertoddbtc/status/709098684672135168" target="_blank">
|
||||
<img src="/attachment/site/picture-todd.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/petertoddbtc/status/709098684672135168" target="_blank">
|
||||
<blockquote>"One of the most valuable parts of installing QubesOS was forcing myself to think through exactly what vulns [vulnerabilities] I have."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Peter Todd<cite title="Source Title">, Applied Cryptography Consultant</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-3 col-md-3 text-center">
|
||||
<a class="avatar-large" href="https://twitter.com/legind/status/742504400854257664" target="_blank">
|
||||
<img src="/attachment/site/picture-bill-budington.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9 more-top">
|
||||
<a href="https://twitter.com/legind/status/742504400854257664" target="_blank">
|
||||
<blockquote>"I really like it [Qubes OS]. If your hardware supports it, I recommend it. Everything is super well thought-out."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Bill Budington<cite title="Source Title">, Security Engineer & Technologist, Electronic Frontier Foundation</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% include footer.html %}
|
||||
</div>
|
71
about/funding.md
Normal file
71
about/funding.md
Normal file
@ -0,0 +1,71 @@
|
||||
---
|
||||
layout: default
|
||||
title: Funding
|
||||
permalink: /funding/
|
||||
---
|
||||
|
||||
Qubes OS Project Funding
|
||||
========================
|
||||
|
||||
Qubes OS is [free and open-source software][FOSS] (read about the [license]).
|
||||
This means that Qubes OS is not a paid or proprietary product. We do not earn
|
||||
any revenue by selling it. Instead, we rely external sources of funding and [donations][donate] from
|
||||
individuals and organizations who find the work we do valuable and who in turn
|
||||
rely on Qubes OS for secure computing in their work and personal lives. (Read
|
||||
more about our [partners].)
|
||||
|
||||
We plan to fund continued Qubes OS development through a diverse mix of sources,
|
||||
both in terms of the entities providing the funding and the timelines of the
|
||||
funding.
|
||||
|
||||
We are seeking new sources of funding and welcome your help in these endeavors.
|
||||
If you or your organization has relevant knowledge, experience, leads, or
|
||||
resources and would like to help us secure the future of Qubes OS, please
|
||||
[contact us].
|
||||
|
||||
Below you can find the funding of the project by year.
|
||||
|
||||
2017
|
||||
----
|
||||
|
||||
| Funding tiers
|
||||
| ----------|
|
||||
| $250,000+ | [Invisible Things Lab]
|
||||
| $50,000+ |
|
||||
| $10,000+ |
|
||||
|
||||
2016
|
||||
----
|
||||
|
||||
| Funding tiers
|
||||
| --------- |
|
||||
| $250,000+ | [Invisible Things Lab], [Open Technology Fund]
|
||||
| $50,000+ |
|
||||
| $10,000+ | [NLnet Foundation]
|
||||
|
||||
2015
|
||||
----
|
||||
|
||||
| Funding tiers
|
||||
| --------- |
|
||||
| $100,000+ | [Open Technology Fund]
|
||||
| $50,000+ |
|
||||
| $10,000+ |
|
||||
|
||||
2010-2014
|
||||
---------
|
||||
|
||||
| Funding tiers
|
||||
| --------- |
|
||||
| $∞ | [Invisible Things Lab]
|
||||
| $50,000+ |
|
||||
| $10,000+ |
|
||||
|
||||
[Open Technology Fund]: /partners/#open-technology-fund
|
||||
[NLnet Foundation]: /partners/#nlnet-foundation
|
||||
[Invisible Things Lab]: /partners/#invisible-things-lab
|
||||
[FOSS]: https://en.wikipedia.org/wiki/Free_and_open-source_software
|
||||
[license]: /doc/license/
|
||||
[partners]: /partners/
|
||||
[contact us]: mailto:funding@qubes-os.org
|
||||
[donate]: /donate/
|
289
about/home.html
Normal file
289
about/home.html
Normal file
@ -0,0 +1,289 @@
|
||||
---
|
||||
layout: home
|
||||
title: "Qubes OS: A reasonably secure operating system"
|
||||
permalink: /
|
||||
redirect_from:
|
||||
- /wiki/
|
||||
- /wiki/WikiStart/
|
||||
- /trac/
|
||||
- /trac/WikiStart/
|
||||
---
|
||||
|
||||
<!-- Featured Content -->
|
||||
<div class="home-banner text-center more-bottom">
|
||||
<div class="container-fluid">
|
||||
<div class="row more-bottom">
|
||||
<div class="col-lg-8 col-lg-offset-2 col-md-8 col-md-offset-2">
|
||||
<h1 class="add-top">
|
||||
<strong>Qubes</strong> OS
|
||||
<small>A reasonably secure operating system</small>
|
||||
</h1>
|
||||
</div>
|
||||
</div>
|
||||
<div class="clearfix"></div>
|
||||
<div class="row more-bottom">
|
||||
<div class="col-lg-8 col-lg-offset-2 col-md-8 col-md-offset-2">
|
||||
<div class="home-big-button">
|
||||
<a class="btn btn-lg btn-primary btn-block" href="/downloads/" role="button">
|
||||
Download & Install<br>
|
||||
<small>Version 3.2</small>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="clearfix"></div>
|
||||
<div class="row more-top">
|
||||
<div class="col-lg-4 col-lg-offset-2 col-md-4 col-md-offset-2">
|
||||
<a class="black-link" href="/intro/">What is Qubes OS?</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<a class="black-link" href="/video-tours/"><i class="fa fa-play-circle"></i> Watch a Video Tour</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="clearfix"></div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="home-content container">
|
||||
|
||||
<!-- Experts -->
|
||||
<div class="row">
|
||||
<div class="col-lg-12 col-md-12">
|
||||
<h2 class="text-center"><i class="fa fa-thumbs-o-up"></i> What the experts are saying</h2>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="white-box more-bottom">
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-1 col-md-1 text-center">
|
||||
<a class="avatar" href="https://twitter.com/Snowden/status/781493632293605376" target="_blank">
|
||||
<img src="attachment/site/picture-snowden.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-5 col-md-5">
|
||||
<a href="https://twitter.com/Snowden/status/781493632293605376" target="_blank">
|
||||
<blockquote>"If you're serious about security, Qubes OS is the best OS available today. It's what I use, and free."
|
||||
<i class="fa fa-twitter" aria-hidden="true"></i>
|
||||
<footer>Edward Snowden<cite>, whistleblower and privacy advocate</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-1 col-md-1 text-center">
|
||||
<a class="avatar" href="https://twitter.com/hashbreaker/status/577206817475850240" target="_blank">
|
||||
<img src="attachment/site/picture-dan-bernstein.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-5 col-md-5">
|
||||
<a href="https://twitter.com/hashbreaker/status/577206817475850240" target="_blank">
|
||||
<blockquote>"Happy thought of the day: An attacker who merely finds a browser bug can't listen to my microphone except when I've told Qubes to enable it."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Daniel J. Bernstein<cite title="Source Title">, mathematician, cryptologist, computer scientist</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes">
|
||||
<div class="col-lg-1 col-md-1 text-center">
|
||||
<a class="avatar" href="https://twitter.com/micahflee/status/577998730340622337" target="_blank">
|
||||
<img src="attachment/site/picture-micah-lee.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-5 col-md-5">
|
||||
<a href="https://twitter.com/micahflee/status/577998730340622337" target="_blank">
|
||||
<blockquote>"When I use Qubes I feel like a god. Software thinks that it's in control, that it can do what it wants? It can't. I'm in control."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Micah Lee<cite title="Source Title">, Freedom of the Press Foundation, The Intercept</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-1 col-md-1 text-center">
|
||||
<a class="avatar" href="https://twitter.com/isislovecruft" target="_blank">
|
||||
<img src="attachment/site/picture-isis.jpg">
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-5 col-md-5">
|
||||
<a href="https://twitter.com/isislovecruft" target="_blank">
|
||||
<blockquote>"With Qubes OS, I feel more comfortable accessing Tor Project infrastructure from the same laptop I use to execute random GameBoy ROMs I downloaded from the internet."
|
||||
<i class="fa fa-twitter fa-fw" aria-hidden="true"></i>
|
||||
<footer>Isis Agora Lovecruft<cite title="Source Title">, cypherpunk, Tor Project core developer</cite></footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row featured-quotes add-bottom">
|
||||
<div class="col-lg-12 col-md-12 text-center">
|
||||
<a class="btn btn-small btn-primary" href="/experts/">More From The Experts</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- News -->
|
||||
<div class="row">
|
||||
<div class="col-lg-6 col-md-6 more-bottom">
|
||||
<h2 class="text-center"><i class="fa fa-newspaper-o"></i> Media & Press</h2>
|
||||
<div class="white-box">
|
||||
<div class="featured-quotes">
|
||||
<a href="https://motherboard.vice.com/read/finally-a-reasonably-secure-operating-system-qubes-r3" target="_blank">
|
||||
<img src="attachment/site/motherboard-logo.png" class="logo">
|
||||
<blockquote>
|
||||
"Finally, a 'Reasonably-Secure' Operating System: Qubes R3"
|
||||
<footer>by J.M. Porup</footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
<div class="featured-quotes">
|
||||
<a href="https://www.economist.com/blogs/babbage/2014/03/computer-security" target="_blank">
|
||||
<img src="attachment/site/the-economist-logo.png" class="logo">
|
||||
<blockquote>
|
||||
"For those willing to put in the effort, Qubes is more secure than almost any other operating system available today"
|
||||
<footer>by J. M. P.</footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
<div class="featured-quotes">
|
||||
<a href="https://www.wired.com/2014/11/protection-from-hackers" target="_blank">
|
||||
<img src="attachment/site/wired-magazine-logo.png" class="logo">
|
||||
<blockquote>
|
||||
"So Rutkowska flipped the game, this time in favor of the defenders."
|
||||
<footer>by Andy Greenberg</footer>
|
||||
</blockquote>
|
||||
</a>
|
||||
</div>
|
||||
<a href="/news/" class="btn btn-sm btn-primary">More Media & Press</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6 more-bottom">
|
||||
<h2 class="text-center"><i class="fa fa-bullhorn"></i> Announcements</h2>
|
||||
<div class="white-box">
|
||||
<ul class="list-unstyled remove-bottom">
|
||||
{% for post in site.posts limit:5 %}
|
||||
<li class="list-links">
|
||||
<a class="black-link" href="{{ post.url }}">
|
||||
{{ post.title }}
|
||||
<span class="detail">
|
||||
{% for category in post.categories %}{% if site.allowed_categories contains category %}
|
||||
<strong>{{ category | capitalize }}</strong>
|
||||
{% endif %}{% endfor %} on {{ post.date | date: "%b %-d, %Y" }}
|
||||
</span>
|
||||
</a>
|
||||
</li>
|
||||
{% endfor %}
|
||||
<li class="list-links-normal">
|
||||
<a href="/news/" class="btn btn-sm btn-primary">More Articles & Announcements</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Technology -->
|
||||
<div class="row">
|
||||
<div class="col-lg-12 col-md-12">
|
||||
<h2 class="text-center"><i class="fa fa-cogs"></i> What's Inside of Qubes?</h2>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="white-box more-bottom">
|
||||
<div class="row">
|
||||
<div class="col-lg-6 col-md-6 text-center">
|
||||
<img src="attachment/site/xen-logo.svg" class="add-top">
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6">
|
||||
<h3 class="text-center add-bottom">Secure Compartmentalization</h3>
|
||||
<p>Qubes brings to your personal computer the security of the Xen hypervisor, the same software relied on by many major hosting providers to isolate websites and services from each other. <a href="/doc/architecture/">Learn more</a></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-lg-6 col-md-6 text-center">
|
||||
<img src="attachment/site/OS-logos.svg" class="add-top">
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6">
|
||||
<h3 class="text-center add-bottom">Operating System Freedom</h3>
|
||||
<p>Can't decide which Linux distribution you prefer? Still need that one Windows program for work? With Qubes, you're not limited to just one OS. <a href="/doc/templates/">Learn more</a></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-lg-6 col-md-6 text-center">
|
||||
<img src="attachment/site/whonix-tor.svg" class="add-top">
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6">
|
||||
<h3 class="text-center add-bottom">Serious Privacy</h3>
|
||||
<p>With Whonix integrated into Qubes, using the Internet anonymously over the Tor network is safe and easy. <a href="/doc/whonix/">Learn more</a></p>
|
||||
</div>
|
||||
</div>
|
||||
<div class="clearfix"></div>
|
||||
</div>
|
||||
|
||||
<!-- Details: Awards / Follow -->
|
||||
<div class="row">
|
||||
<div class="col-lg-6 col-md-6 more-bottom">
|
||||
<h3 class="text-center"><i class="fa fa-file-text"></i> Recent Research</h3>
|
||||
<div class="white-box">
|
||||
<ul class="list-unstyled remove-bottom">
|
||||
{% for research in site.data.research.papers limit:5 %}
|
||||
<li class="list-links">
|
||||
<a class="black-link" href="{{research.url}}">
|
||||
{{research.title}}
|
||||
<span class="detail"><strong>{{research.author}}</strong>, {{research.date}}</span>
|
||||
</a>
|
||||
</li>
|
||||
{% endfor %}
|
||||
<li class="list-links-normal">
|
||||
<a href="/research/" class="btn btn-sm btn-primary">Read More Research</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6 more-bottom">
|
||||
<h3 class="text-center"><i class="fa fa-trophy"></i> Awards & Grants</h3>
|
||||
<div class="white-box">
|
||||
<ul class="list-unstyled remove-bottom">
|
||||
<li class="list-links text-center">
|
||||
<a href="https://nlnet.nl/" target="_blank">
|
||||
<img src="attachment/site/nlnet.gif" class="featured-logo center-block">
|
||||
<span>2016</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="list-links text-center">
|
||||
<a href="https://www.opentech.fund/project/qubes-os" target="_blank">
|
||||
<img src="attachment/site/OTF-logo.png" class="featured-logo center-block">
|
||||
<span>2015 and 2016</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="list-links text-center">
|
||||
<a href="https://www.accessnow.org/blog/2014/02/13/endpoint-security-prize-finalists-announced" target="_blank">
|
||||
<img src="attachment/site/access-innovation-prize.jpg" class="featured-logo center-block">
|
||||
<span>2014 Finalist for Endpoint Security</span>
|
||||
</a>
|
||||
</li>
|
||||
<li class="list-links text-center">
|
||||
<a href="/partners/">
|
||||
<img src="attachment/site/partners-shake.svg" class="center-block">
|
||||
<span>We would love for you to fund or partner with us</span>
|
||||
</a>
|
||||
</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Details: Get Involved -->
|
||||
<div class="row">
|
||||
<div class="col-lg-12 col-md-12">
|
||||
<h2 class="text-center"><i class="fa fa-comments"></i> Join the Community!</h2>
|
||||
</div>
|
||||
</div>
|
||||
<div class="white-box more-bottom">
|
||||
<div class="row">
|
||||
<div class="col-lg-12 col-md-12 text-center">
|
||||
<a title="GitHub" href="https://github.com/QubesOS" class="fa fa-github fa-5x fa-fw black-icon" aria-hidden="true"></a>
|
||||
<a title="Twitter" href="https://twitter.com/QubesOS" class="fa fa-twitter fa-5x fa-fw" aria-hidden="true"></a>
|
||||
<a title="Reddit" href="https://www.reddit.com/r/Qubes/" class="fa fa-reddit fa-5x fa-fw" aria-hidden="true"></a>
|
||||
<a title="Facebook" href="https://www.facebook.com/QubesOS" class="fa fa-facebook fa-5x fa-fw" aria-hidden="true"></a>
|
||||
<a title="StackExchange" href="https://area51.stackexchange.com/proposals/98519/qubes-os" class="fa fa-stack-exchange fa-5x fa-fw" aria-hidden="true"></a>
|
||||
<a title="Mailing Lists" href="/mailing-lists/" class="fa fa-envelope-o fa-5x fa-fw black-icon" aria-hidden="true"></a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% include footer.html %}
|
||||
</div>
|
117
about/join.md
Normal file
117
about/join.md
Normal file
@ -0,0 +1,117 @@
|
||||
---
|
||||
layout: sidebar
|
||||
title: Join
|
||||
permalink: /join/
|
||||
---
|
||||
|
||||
Join the Qubes OS Team!
|
||||
=======================
|
||||
|
||||
The Qubes OS Project is seeking individuals for the positions listed
|
||||
below. If you're interested in any of these positions, please send an email to
|
||||
[Marek Marczykowski-Górecki](mailto:marmarek@invisiblethingslab.com).
|
||||
|
||||
Besides the positions below, there are many different ways you can [contribute to the Qubes OS project](/doc/contributing/).
|
||||
|
||||
Stable release manager
|
||||
----------------------
|
||||
|
||||
### General tasks ###
|
||||
|
||||
* Deciding what will be fixed in each stable release and what will be fixed
|
||||
only in new major releases
|
||||
* Backporting fixes to stable releases (and requesting core dev input when it
|
||||
isn't trivial)
|
||||
* Releasing packages for stable release (deciding when the package should be
|
||||
released to the `current-testing` repository and when it should be moved to
|
||||
the `current` repository)
|
||||
|
||||
As this position involves great trust and may have major impact on project
|
||||
security, we'd like for the candidate to be already known and active in Qubes
|
||||
OS community.
|
||||
|
||||
Core developer
|
||||
--------------
|
||||
|
||||
### General tasks ###
|
||||
|
||||
* Actual debugging of issues
|
||||
* Writing new features
|
||||
* Writing tests
|
||||
* Writing developer documentation (API, etc)
|
||||
* Providing input for community contributors when requested
|
||||
|
||||
### Required and optional skills ###
|
||||
|
||||
* Python
|
||||
* Shell scripting
|
||||
* System configuration (basic services, startup scripts etc)
|
||||
* Git, make
|
||||
* (Optional) networking, firewalling
|
||||
* (Optional) X11 protocol (raw)
|
||||
* (Optional) GUI frameworks (Gtk, Qt)
|
||||
* (Optional) kernel and/or hypervisor debugging skills
|
||||
* (Optional) low level stuff (UEFI, PCI communication,
|
||||
including IOMMU, networking down to ethernet layer, Xen
|
||||
backend/frontend interfaces)
|
||||
* (Optional) libvirt internals
|
||||
* (Optional) salt stack
|
||||
* (Optional) advanced desktop environment configuration, including
|
||||
writing plugins (KDE, Gnome)
|
||||
|
||||
The more "optional" the better :)
|
||||
|
||||
### Example features for implementation ###
|
||||
|
||||
#### Smaller ####
|
||||
|
||||
* [#1499](https://github.com/QubesOS/qubes-issues/issues/1499)
|
||||
* [#1454](https://github.com/QubesOS/qubes-issues/issues/1454)
|
||||
* [#1363](https://github.com/QubesOS/qubes-issues/issues/1363)
|
||||
* [#1329](https://github.com/QubesOS/qubes-issues/issues/1329)
|
||||
* [#979](https://github.com/QubesOS/qubes-issues/issues/979)
|
||||
|
||||
#### Larger ####
|
||||
|
||||
* [#1455](https://github.com/QubesOS/qubes-issues/issues/1455)
|
||||
* [#1426](https://github.com/QubesOS/qubes-issues/issues/1426)
|
||||
* [#971](https://github.com/QubesOS/qubes-issues/issues/971)
|
||||
* [#889](https://github.com/QubesOS/qubes-issues/issues/889)
|
||||
* [#866](https://github.com/QubesOS/qubes-issues/issues/866)
|
||||
* [#830](https://github.com/QubesOS/qubes-issues/issues/830)
|
||||
|
||||
Qubes Live USB Maintainer
|
||||
-------------------------
|
||||
|
||||
### Required Skills ###
|
||||
|
||||
* Shell
|
||||
* Python
|
||||
* Bootloaders (`grub2`, `isolinux`)
|
||||
* `initrd` creation (`dracut`)
|
||||
* Kickstart (automated installation -- basics are enough)
|
||||
* A general understanding of Qubes OS ;)
|
||||
|
||||
GNOME Desktop Environment developer
|
||||
-------------------------------------
|
||||
|
||||
### Tasks ###
|
||||
|
||||
* Custom window decorations (colored frames)
|
||||
* Configuration for Qubes OS dom0
|
||||
* Disable uneeded things (e.g., file manager)
|
||||
* Configure menu to ease navigation through multiple VMs (similar to [what is
|
||||
configured in KDE](https://github.com/QubesOS/qubes-issues/issues/1784#issuecomment-216868265))
|
||||
* [Implementation of new, GTK based Qubes Manager](https://github.com/QubesOS/qubes-issues/issues/1870)
|
||||
|
||||
### Example Tasks ###
|
||||
|
||||
Listed here: [#1806](https://github.com/QubesOS/qubes-issues/issues/1806)
|
||||
|
||||
### Required Skills ###
|
||||
|
||||
* GNOME
|
||||
* GTK
|
||||
* Whatever is needed to customize GNOME
|
||||
|
||||
|
385
about/mailing-lists.md
Normal file
385
about/mailing-lists.md
Normal file
@ -0,0 +1,385 @@
|
||||
---
|
||||
layout: sidebar
|
||||
title: Mailing Lists
|
||||
permalink: /mailing-lists/
|
||||
redirect_from:
|
||||
- /doc/mailing-lists/
|
||||
- /en/doc/mailing-lists/
|
||||
- /en/doc/qubes-lists/
|
||||
- /doc/qubes-lists/
|
||||
- /doc/QubesLists/
|
||||
- /wiki/QubesLists/
|
||||
---
|
||||
|
||||
Qubes Mailing Lists
|
||||
===================
|
||||
|
||||
Discussion list guidelines
|
||||
--------------------------
|
||||
|
||||
Qubes discussions take place on two mailing lists: `qubes-users` and
|
||||
`qubes-devel`, both of which are explained below. Please send all questions
|
||||
regarding Qubes to one of these two lists. **Please do not send questions to
|
||||
individual Qubes developers.** By sending a message to the appropriate mailing
|
||||
list, you are not only giving others a chance to help you, but you may also be
|
||||
helping others by starting a public discussion about a shared problem or
|
||||
interest.
|
||||
|
||||
These are open mailing lists where people freely come together to discuss Qubes
|
||||
and voluntarily help each other out of mutual interest and good will. They are
|
||||
*not* your personal, paid support service. **No one owes you a reply.** No one
|
||||
here is responsible for solving your problems for you. Nonetheless, there are
|
||||
many things you can do to make it more likely that you will receive a reply.
|
||||
This community is fortunate to have an exceptionally large number of friendly
|
||||
and knowledgeable people who enjoy corresponding on these lists. The vast
|
||||
majority of them will be happy to help you if you follow these simple
|
||||
guidelines.
|
||||
|
||||
* **Be polite and respectful.** Remember, no one here is under any obligation
|
||||
to reply to you. Think about your readers. Most of them are coming home after
|
||||
a long, hard day at work. The last thing they need is someone's temper
|
||||
tantrum in their inboxes. If you are rude and disrespectful, you are very
|
||||
likely to be ignored.
|
||||
|
||||
* **Be concise.** Include only essential information. Most of your readers lead
|
||||
busy lives and have precious little time. We *want* to spend some of that
|
||||
time helping you, if we can. But if you ramble, it will be easier to skip
|
||||
over you and help someone else who gets right to the point.
|
||||
|
||||
* **Help us help you.** Tell us what you've already tried, and which
|
||||
documentation pages you've already read. Put yourself in your readers' shoes.
|
||||
What essential information would they require in order to be able to help
|
||||
you? Make sure to include that information in your message. [Ask
|
||||
questions the smart way.][smart-questions]
|
||||
|
||||
* **Be patient.** Do not "bump" a thread more than once every three days *at
|
||||
most*. If it seems like your messages to the mailing lists are consistently
|
||||
being ignored, make sure you're following the guidelines explained on this
|
||||
page. If you're already doing so but still not getting any replies, then it's
|
||||
likely that no one who knows the answer has had time to reply yet. Remember
|
||||
that the devs are very busy working on Qubes. They usually only have a chance
|
||||
to answer questions on the mailing lists once every several days.
|
||||
|
||||
* **Be a good community member.** As with any social community, members of the
|
||||
mailing list earn different reputations for themselves over time. We want the
|
||||
mailing lists to be a friendly, productive place where information and ideas
|
||||
are exchanged for the mutual benefit of all. We understand that the best way
|
||||
to achieve this is to encourage and cultivate other like-minded individuals.
|
||||
Those who have shown themselves to be good community members through their
|
||||
past contributions have earned our good will, and we will be especially eager
|
||||
to help them and collaborate with them. If you are new to the community, you
|
||||
should understand that it will take time for you to earn the good will of
|
||||
others. This does not mean that you will not receive help. On the contrary,
|
||||
we are fortunate to have such a helpful and understanding community that many
|
||||
of them spend hours of their personal time helping complete strangers,
|
||||
including many who post to the lists anonymously. (Given the integration of
|
||||
Qubes with [Whonix], we understand better than most the complexities of
|
||||
privacy and anonymity, and we know that many users have no other choice but
|
||||
to post anonymously.) You can read our project's [Code of Conduct][coc] for more information.
|
||||
|
||||
### Specific rules and notes ###
|
||||
|
||||
* Send your message to the correct list. Read the sections below to determine
|
||||
which list is correct for your message.
|
||||
* Do not [top-post].
|
||||
* Include a precise and informative subject line. This will allow others to
|
||||
easily find your thread in the future and use it as a reference. (Bad: "Help!
|
||||
Qubes problems!" Good: "R2B2 Installation problem: Apple keyboard not working
|
||||
in installer.")
|
||||
* If your message is not successfully sent to the list, it probably got caught
|
||||
in the spam filter. We check the spam filter regularly, so please be patient,
|
||||
and your message should be approved (and your email address added to the
|
||||
whitelist) within a few days.
|
||||
* Keep the mailing list CCed throughout the conversation unless there's a
|
||||
special need for privacy (in which case, use PGP encryption). This increases
|
||||
the likelihood that a greater quantity of useful information will be
|
||||
available to everyone in the future.
|
||||
* Quote appropriately. If you're replying to a thread (whether your own or
|
||||
someone else's), you should make sure to quote enough from previous messages
|
||||
in the thread so that people reading your message can understand the context
|
||||
without having to find and read earlier messages from that thread. Each reply
|
||||
should continue the conversation and, ideally, be readable as a conversation
|
||||
in itself. Do not quote advertisements in signatures or inline PGP signature
|
||||
blocks. (Quoting the latter interferes with the ability of programs like
|
||||
Enigmail to properly quote replies thereafter).
|
||||
* If you do not speak English, you should feel free to post in your own
|
||||
language. However, bear in mind that most members of the list can only read
|
||||
English. You may wish to include an automated translation in your message out
|
||||
of consideration for those readers. If you choose to write in English, please
|
||||
do not apologize for doing so poorly, as it is unnecessary. We understand and
|
||||
will ask for clarification if needed.
|
||||
* While we're generally open to hearing suggestions for new features, please
|
||||
note that we already have a pretty well defined [roadmap], and it's rather
|
||||
unlikely that we will change our schedule in order to accommodate your
|
||||
request. If there's a particular feature you'd like to see in Qubes, a much
|
||||
more effective way to make it happen is to contribute a patch that implements
|
||||
it. We happily accept such contributions, provided they meet our standards.
|
||||
Please note, however, that it's always a good idea to field a discussion of
|
||||
your idea on the `qubes-devel` list before putting in a lot of hard work on
|
||||
something that we may not be able or willing to accept.
|
||||
|
||||
|
||||
qubes-users
|
||||
-----------
|
||||
|
||||
### How to use this list
|
||||
|
||||
This list is for helping users solve various daily problems with Qubes OS.
|
||||
Examples of topics or questions suitable for this list include:
|
||||
|
||||
* [HCL] reports
|
||||
* Installation problems
|
||||
* Hardware compatibility problems
|
||||
* Questions of the form: "How do I...?"
|
||||
|
||||
### Read these first
|
||||
|
||||
Please try searching both the Qubes website and the archives of the mailing
|
||||
lists before sending a question. In addition, please make sure that you have
|
||||
read and understood the following basic documentation prior to posting to the
|
||||
list:
|
||||
|
||||
* The [Installation Guide], [System Requirements], and [HCL] (for problems
|
||||
related to installing Qubes OS)
|
||||
* The [User FAQ]
|
||||
* The [documentation] (for questions about how to use Qubes OS)
|
||||
|
||||
### How to subscribe and post
|
||||
|
||||
#### Google Groups
|
||||
|
||||
You don't have to subscribe in order to post to this list. However, subscribing
|
||||
might nonetheless be desirable, as it ensures that your messages will not be
|
||||
eaten by the Google Groups spam filter and allows you to receive messages which
|
||||
were sent directly to the list.
|
||||
|
||||
* To subscribe to the list, send a blank email to
|
||||
`qubes-users+subscribe@googlegroups.com`.
|
||||
* Note: A Gmail account is *not* required. Any email address will work.
|
||||
* To post a message to the list, address your email to
|
||||
`qubes-users@googlegroups.com`.
|
||||
* Note: You don't have to be subscribed in order to post.
|
||||
* To unsubscribe, send a blank email to
|
||||
`qubes-users+unsubscribe@googlegroups.com`.
|
||||
* This list also has a [Google Groups web interface][qubes-users-web].
|
||||
* Some users prefer to interact with the mailing list through the web
|
||||
interface. This has the advantage that it allows you to search and reply to
|
||||
messages which were sent prior to your subscription to the list. However, a
|
||||
Google account is required in order to post through this interface.
|
||||
|
||||
#### Gmane
|
||||
|
||||
The mailing list is also available via Gmane, a service that provides mailing
|
||||
lists in the form of newsgroups. This makes it possible for you to subscribe
|
||||
and read all mails sent to the list without having them all sent to your normal
|
||||
mail account. To use Gmane, you need a newsreader such as Mozilla Thunderbird.
|
||||
|
||||
To add Gmane's server to Thunderbird, follow the instructions in
|
||||
[Mozilla Thunderbird's documentation for how to add
|
||||
newsgroups][thunderbird-newsgroup].
|
||||
In the fourth step replace `news.mozilla.org` with `news.gmane.org`.
|
||||
|
||||
* To subscribe to the list, click on **Subscribe...** and search for the
|
||||
newsgroup [`gmane.os.qubes.user`]. Click on the checkbox besides the name
|
||||
and **OK**.
|
||||
* You send and reply to mails the same way you would normally.
|
||||
* To unsubscribe from the list, click on **Subscribe...**
|
||||
search for the newsgroup [`gmane.os.qubes.user`], uncheck the checkbox, and
|
||||
click on **OK**. Thunderbird will automatically remove the newsgroup.
|
||||
|
||||
|
||||
qubes-announce
|
||||
--------------
|
||||
|
||||
This is a read-only list for those who wish to receive only very important,
|
||||
infrequent messages. Only the core Qubes team can post to this list, and only
|
||||
[Qubes Security Bulletins (QSBs)][qsb] and new Qubes OS releases are announced
|
||||
here.
|
||||
|
||||
### How to subscribe
|
||||
|
||||
#### Google Groups
|
||||
|
||||
* To subscribe to the list, send a blank email to
|
||||
`qubes-announce+subscribe@googlegroups.com`.
|
||||
* Note: A Gmail account is *not* required. Any email address will work.
|
||||
* To unsubscribe, send a blank email to
|
||||
`qubes-announce+unsubscribe@googlegroups.com`.
|
||||
* This list can also be browsed via an optional [Google Groups web
|
||||
interface][qubes-announce-web].
|
||||
|
||||
|
||||
qubes-devel
|
||||
-----------
|
||||
|
||||
### How to use this list
|
||||
|
||||
This list is primarily intended for people who are interested in contributing to
|
||||
Qubes or who are willing to learn more about its architecture and
|
||||
implementation. Examples of topics and questions suitable for this list include:
|
||||
|
||||
* Questions about why we made certain architecture or implementation decisions.
|
||||
* For example: "Why did you implement XYZ this way and not the other way?"
|
||||
* Questions about code layout and where code is for certain functionality.
|
||||
* Discussions about proposed new features, patches, etc.
|
||||
* For example: "I would like to implement feature XYZ."
|
||||
* Contributed code and patches.
|
||||
* Security discussions which are relevant to Qubes in some way.
|
||||
|
||||
### How to subscribe and post
|
||||
|
||||
#### Google Groups
|
||||
|
||||
You must be subscribed in order to post to this list.
|
||||
|
||||
* To subscribe to the list, send a blank email to
|
||||
`qubes-devel+subscribe@googlegroups.com`.
|
||||
* Note: A Gmail account is *not* required. Any email address will work.
|
||||
* To post a message to the list, address your email to
|
||||
`qubes-devel@googlegroups.com`.
|
||||
* Note: You must be subscribed in order to post. If your post does not
|
||||
appear, please allow time for moderation to occur.
|
||||
* To unsubscribe, send a blank email to
|
||||
`qubes-devel+unsubscribe@googlegroups.com`.
|
||||
* This list has a [Google Groups web interface][qubes-devel-web].
|
||||
* Some users prefer to interact with the mailing list through the web
|
||||
interface. This has the advantage that it allows you to search and reply to
|
||||
messages which were sent prior to your subscription to the list. However, a
|
||||
Google account is required in order to post through this interface.
|
||||
|
||||
#### Gmane
|
||||
|
||||
The mailing list is also available via Gmane, a service that provides mailing
|
||||
lists in the form of newsgroups. This makes it possible for you to subscribe
|
||||
and read all mails sent to the list without having them all sent to your normal
|
||||
mail account. To use Gmane, you need a newsreader such as Mozilla Thunderbird.
|
||||
|
||||
To add Gmane's server to Thunderbird, follow the instructions in
|
||||
[Mozilla Thunderbird's documentation for how to add
|
||||
newsgroups][thunderbird-newsgroup].
|
||||
In the fourth step replace `news.mozilla.org` with `news.gmane.org`.
|
||||
|
||||
* To subscribe to the list, click on **Subscribe...** and search for the
|
||||
newsgroup [`gmane.os.qubes.devel`]. Click on the checkbox besides the name
|
||||
and **OK**.
|
||||
* You send and reply to mails the same way you would normally.
|
||||
* To unsubscribe from the list, click on **Subscribe...**
|
||||
search for the newsgroup [`gmane.os.qubes.devel`], uncheck the checkbox, and
|
||||
click on **OK**. Thunderbird will automatically remove the newsgroup.
|
||||
|
||||
qubes-project
|
||||
-----------
|
||||
|
||||
### How to use this list
|
||||
|
||||
This list is for non-technical discussion and coordination around the
|
||||
Qubes OS project.
|
||||
|
||||
Examples of topics or question suitable for this list include:
|
||||
|
||||
* Participation (talks, workshops, etc.) at upcoming events
|
||||
* Project funding applications and strategies
|
||||
* FOSS governance discussions
|
||||
* Most Github issues tagged "[business]"
|
||||
|
||||
### How to subscribe and post
|
||||
|
||||
#### Google Groups
|
||||
|
||||
You don't have to subscribe in order to post to this list. However, subscribing
|
||||
might nonetheless be desirable, as it ensures that your messages will not be
|
||||
eaten by the Google Groups spam filter and allows you to receive messages which
|
||||
were sent directly to the list.
|
||||
|
||||
* To subscribe to the list, send a blank email to
|
||||
`qubes-project+subscribe@googlegroups.com`.
|
||||
* Note: A Gmail account is *not* required. Any email address will work.
|
||||
* To post a message to the list, address your email to
|
||||
`qubes-project@googlegroups.com`.
|
||||
* Note: You don't have to be subscribed in order to post.
|
||||
* To unsubscribe, send a blank email to
|
||||
`qubes-project+unsubscribe@googlegroups.com`.
|
||||
* This list also has a [Google Groups web interface][qubes-project-web].
|
||||
* Some users prefer to interact with the mailing list through the web
|
||||
interface. This has the advantage that it allows you to search and reply to
|
||||
messages which were sent prior to your subscription to the list. However, a
|
||||
Google account is required in order to post through this interface.
|
||||
|
||||
#### Gmane
|
||||
|
||||
The mailing list is also available via Gmane, a service that provides mailing
|
||||
lists in the form of newsgroups. This makes it possible for you to subscribe
|
||||
and read all mails sent to the list without having them all sent to your normal
|
||||
mail account. To use Gmane, you need a newsreader such as Mozilla Thunderbird.
|
||||
|
||||
To add Gmane's server to Thunderbird, follow the instructions in
|
||||
[Mozilla Thunderbird's documentation for how to add
|
||||
newsgroups][thunderbird-newsgroup].
|
||||
In the fourth step replace `news.mozilla.org` with `news.gmane.org`.
|
||||
|
||||
* To subscribe to the list, click on **Subscribe...** and search for the
|
||||
newsgroup [`gmane.os.qubes.project`]. Click on the checkbox besides the name
|
||||
and **OK**.
|
||||
* You send and reply to mails the same way you would normally.
|
||||
* To unsubscribe from the list, click on **Subscribe...**
|
||||
search for the newsgroup [`gmane.os.qubes.project`], uncheck the checkbox, and
|
||||
click on **OK**. Thunderbird will automatically remove the newsgroup.
|
||||
|
||||
|
||||
qubes-translation
|
||||
-----------
|
||||
|
||||
### How to use this list
|
||||
|
||||
This list is for discussion around the localization and translation of Qubes OS,
|
||||
its documentation, and the website.
|
||||
|
||||
Examples of topics or question suitable for this list include:
|
||||
|
||||
* Questions about or issues with [Transifex], the translation platform we use
|
||||
* Who is managing localization for a given language
|
||||
* Most Github issues tagged "[localization]"
|
||||
|
||||
### How to subscribe and post
|
||||
|
||||
#### Google Groups
|
||||
|
||||
You must be subscribed in order to post to this list.
|
||||
|
||||
* To subscribe to the list, send a blank email to
|
||||
`qubes-translation+subscribe@googlegroups.com`.
|
||||
* Note: A Gmail account is *not* required. Any email address will work.
|
||||
* To post a message to the list, address your email to
|
||||
`qubes-translation@googlegroups.com`.
|
||||
* Note: You don't have to be subscribed in order to post.
|
||||
* To unsubscribe, send a blank email to
|
||||
`qubes-translation+unsubscribe@googlegroups.com`.
|
||||
* This list also has a [Google Groups web interface][qubes-translation-web].
|
||||
* Some users prefer to interact with the mailing list through the web
|
||||
interface. This has the advantage that it allows you to search and reply to
|
||||
messages which were sent prior to your subscription to the list. However, a
|
||||
Google account is required in order to post through this interface.
|
||||
|
||||
[qsb]: /security/bulletins/
|
||||
[qubes-announce-web]: https://groups.google.com/group/qubes-announce
|
||||
[top-post]: https://en.wikipedia.org/wiki/Posting_style
|
||||
[roadmap]: https://github.com/QubesOS/qubes-issues/milestones
|
||||
[smart-questions]: http://www.catb.org/esr/faqs/smart-questions.html
|
||||
[Whonix]: /doc/whonix/
|
||||
[HCL]: /doc/hcl/
|
||||
[Installation Guide]: /doc/installation-guide/
|
||||
[System Requirements]: /doc/system-requirements/
|
||||
[User FAQ]: /doc/user-faq/
|
||||
[documentation]: /doc/
|
||||
[thunderbird-newsgroup]: https://support.mozilla.org/en-US/kb/creating-newsgroup-account
|
||||
[qubes-users-web]: https://groups.google.com/group/qubes-users
|
||||
[qubes-devel-web]: https://groups.google.com/group/qubes-devel
|
||||
[qubes-translation-web]: https://groups.google.com/group/qubes-translation
|
||||
[qubes-project-web]: https://groups.google.com/group/qubes-project
|
||||
[`gmane.os.qubes.user`]: http://dir.gmane.org/gmane.os.qubes.user
|
||||
[`gmane.os.qubes.devel`]: http://dir.gmane.org/gmane.os.qubes.devel
|
||||
[`gmane.os.qubes.project`]: http://dir.gmane.org/gmane.os.qubes.project
|
||||
[business]: https://github.com/QubesOS/qubes-issues/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20label%3Abusiness
|
||||
[localization]: https://github.com/QubesOS/qubes-issues/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aopen%20label%3Alocalization
|
||||
[coc]: /code-of-conduct/
|
||||
[Transifex]: https://www.transifex.com/otf/qubes/
|
109
about/partners.md
Normal file
109
about/partners.md
Normal file
@ -0,0 +1,109 @@
|
||||
---
|
||||
layout: default
|
||||
title: Partners
|
||||
permalink: /partners/
|
||||
redirect_from: /en/partners/
|
||||
---
|
||||
|
||||
Qubes Partners
|
||||
==============
|
||||
|
||||
This page is dedicated to recognizing the organizations, companies, and
|
||||
individuals who have contributed support to the development of Qubes OS. The
|
||||
Qubes Project is grateful for their support! If your organization is interested
|
||||
in becoming a Qubes Partner, please [contact us]. You can also read more about
|
||||
how Qubes is [funded] and about making a [monetary donation] to the project.
|
||||
|
||||
<table class="partners">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Tier</th>
|
||||
<th>Partner</th>
|
||||
<th>Description</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr id="invisible-things-lab">
|
||||
<td rowspan="2">
|
||||
$500,000+
|
||||
</td>
|
||||
<td>
|
||||
<a href="http://invisiblethingslab.com/itl/Welcome.html">
|
||||
<img src="/attachment/site/itl.png">
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="http://invisiblethingslab.com/itl/Welcome.html">Invisible
|
||||
Things Lab s.c. (ITL)</a> is a privately held company based in
|
||||
Warsaw, Poland, owned by Joanna Rutkowska and Joanna Gołębiewska. ITL
|
||||
supported Qubes OS development from the beginning of the project in 2010
|
||||
until the end of 2014. ITL's primary source of revenue is security
|
||||
research and development.
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="open-technology-fund">
|
||||
<td>
|
||||
<a href="https://www.opentechfund.org/">
|
||||
<img src="/attachment/site/OTF-logo.png">
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="https://www.opentechfund.org/">Open Technology Fund (OTF)</a>
|
||||
is a United States government-funded program of
|
||||
<a href="http://www.rfa.org">Radio Free Asia</a>, whose
|
||||
<a href="https://www.opentech.fund/about/program">stated mission</a> is
|
||||
to "support open technologies and communities that increase free
|
||||
expression, circumvent censorship, and obstruct repressive surveillance
|
||||
as a way to promote human rights and open societies." In 2015-2016, OTF
|
||||
<a href="https://www.opentech.fund/project/qubes-os">funded</a> the
|
||||
Qubes project in a number of activities to improve Qubes, make it easier
|
||||
to use and more accessible. In 2014-2015, OTF
|
||||
<a href="https://www.opentech.fund/project/qubes-os">funded</a> the
|
||||
Qubes project to integrate <a href="https://www.whonix.org/">Whonix</a>,
|
||||
improve hardware compatibility and user experience. The complete
|
||||
announcement is available
|
||||
<a href="http://blog.invisiblethings.org/2015/06/04/otf-funding-announcement.html">here</a>.
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="access-now">
|
||||
<td rowspan="2">
|
||||
$10,000+
|
||||
</td>
|
||||
<td>
|
||||
<a href="https://www.accessnow.org/">
|
||||
<img src="/attachment/site/accessnow.png">
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="https://www.accessnow.org/">Access Now</a> is an international
|
||||
human rights organization whose
|
||||
<a href="https://www.accessnow.org/about-us/">stated mission</a> is to
|
||||
"defend and extend the digital rights of users at risk around the
|
||||
world." Beginning in 2015, Access Now generously agreed to provide staff
|
||||
time to help manage the Qubes OS project.
|
||||
</td>
|
||||
</tr>
|
||||
<tr id="nlnet-foundation">
|
||||
<td>
|
||||
<a href="https://nlnet.nl">
|
||||
<img src="/attachment/site/nlnet.gif">
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
<a href="https://nlnet.nl">Stichting NLnet</a> ("NLnet Foundation" in
|
||||
English) is a recognized philanthropic non-profit foundation based in
|
||||
the Netherlands, whose <a href="https://nlnet.nl/foundation/">stated
|
||||
mission</a> is "to promote the exchange of electronic information
|
||||
and all that is related or beneficial to that purpose." In 2016, the
|
||||
NLnet Foundation provided a grant to the Qubes project to support
|
||||
improvements in automated build processes, Debian template packaging,
|
||||
networking & privacy, and hardware compatibility.
|
||||
</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
[funded]: /funding/
|
||||
[monetary donation]: /donate/
|
||||
[contact us]: mailto:funding@qubes-os.org
|
||||
|
26
about/research.md
Normal file
26
about/research.md
Normal file
@ -0,0 +1,26 @@
|
||||
---
|
||||
layout: default
|
||||
title: Research
|
||||
permalink: /research/
|
||||
redirect_from:
|
||||
- /doc/qubes-research/
|
||||
- /en/doc/qubes-research/
|
||||
- /doc/QubesResearch/
|
||||
- /wiki/QubesResearch/
|
||||
---
|
||||
|
||||
Here are links to various research papers, projects, and blog posts that relate
|
||||
to Qubes OS.
|
||||
|
||||
{% for category in site.data.research.categories %}
|
||||
<h3>{{category.name}}</h3>
|
||||
<ul class="add-top more-bottom">
|
||||
{% for paper in site.data.research.papers %}
|
||||
{% if paper.category == category.slug %}
|
||||
<li>
|
||||
<a href="{{paper.url}}">{{paper.title}}</a> by {{paper.author}}{% if paper.date %}, {{paper.date}}{% endif %}
|
||||
</li>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</ul>
|
||||
{% endfor %}
|
123
about/screenshots.md
Normal file
123
about/screenshots.md
Normal file
@ -0,0 +1,123 @@
|
||||
---
|
||||
layout: default
|
||||
title: Screenshots
|
||||
permalink: /screenshots/
|
||||
redirect_from:
|
||||
- /media/
|
||||
- /doc/QubesScreenshots/
|
||||
- /wiki/QubesScreenshots/
|
||||
---
|
||||
|
||||
Select Qubes OS Screenshots
|
||||
===========================
|
||||
|
||||
[![r32-xfce-desktop.png](/attachment/wiki/QubesScreenshots/r32-xfce-desktop.png)](/attachment/wiki/QubesScreenshots/r32-xfce-desktop.png)
|
||||
|
||||
Beginning with Qubes 3.2, the default desktop environment is Xfce4.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-kde-start-menu.png](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-start-menu.png)
|
||||
|
||||
Starting applications from different domains (AppVMs) is very easy.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-kde-three-domains-at-work.png](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-three-domains-at-work.png)
|
||||
|
||||
In this example, the word processor runs in the “work” domain, which has been assigned the “green” label. It is fully isolated from other domains, such as the “untrusted” domain (assigned the “red” label -- “Watch out!”, “Danger!”) used for random Web browsing, news reading, as well as from the "work-web" domain (assigned the "yellow" label), which is used for work-related Web browsing that is not security critical. Apps from different domains run in different AppVMs and have different X servers, filesystems, etc. Notice the different color frames (labels) and VM names in the titlebars. These are drawn by the trusted Window Manager running in Dom0, and apps running in domains cannot fake them:
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b3-windows-seamless-1.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-1.png)
|
||||
|
||||
Qubes Release 2 can also run Windows AppVMs in seamless mode, integrated onto the common Qubes trusted desktop, just like Linux AppVMs! The seamless GUI integration has been introduced in Qubes R2 Beta 3. This requires our dedicated Qubes Windows Support Tools to be installed in the Windows VMs first. The Qubes Windows Tools are proprietary but we distribute the binaries for free with current Qubes OS releases.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b3-windows-seamless-filecopy.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-filecopy.png)
|
||||
|
||||
Windows AppVMs are fully integrated with the rest of the Qubes OS system, which includes things such as secure, policy governed, inter-VM file copy, clipboard, and generally our whole elastic qrexec infrastructure for secure inter-VM RPC! Starting with Qubes R2 Beta 3 we also support HVM-based templates allowing to instantly create many Windows AppVMs with shared "root filesystem" from the Template VM (but one should ensure their license allows for such instantiation of the OS in the template). Just like with Linux AppVMs!
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-xfce4-programmers-desktop-2.png](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png)](/attachment/wiki/QubesScreenshots/r2b2-xfce4-programmers-desktop-2.png)
|
||||
|
||||
Here we see Xfce4.10 Window Manager running in Dom0 (instead of KDE as on previous screens). Qubes supports customized Xfce4 in dom0 beginning with R2 Beta 2!
|
||||
|
||||
* * * * *
|
||||
|
||||
[![password-prompt.png](/attachment/wiki/QubesScreenshots/password-prompt.png)](/attachment/wiki/QubesScreenshots/password-prompt.png)
|
||||
|
||||
It is always clearly visible to which domain a given window belongs. Here it’s immediately clear that the passphrase-prompting window belongs to some domain with the “green” label. When we look at the titlebar, we see “[work]”, which is the name of the actual domain. Theoretically, the untrusted application (here, the “red” Firefox) beneath the prompt window could draw a similar looking window within its contents. In practice, this would be very hard, because it doesn’t know, e.g., the exact decoration style that is in use. However, if this is a concern, the user can simply try to move the more trusted window onto some empty space on the desktop such that no other window is present beneath it. Or, better yet, use the Expose-like effect (available via a hot-key). A malicious application from an untrusted domain cannot spoof the whole desktop because the trusted Window Manager will never let any domain “own” the whole screen. Its titlebar will always be visible.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-kde-tray-icons.png](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-tray-icons.png)
|
||||
|
||||
Qubes is all about seamless integration from the user’s point of view. Here you can see how it virtualizes tray icons from other domains. Notice the network icon in a red frame. This icon is in fact managed by the Network Manager running in a separate NetVM. The notes icon (with the green frame around it) has been drawn by the note-taking app running in the work domain (which has the "green" label).
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-manager-and-netvm-network-prompt.png](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png)](/attachment/wiki/QubesScreenshots/r2b2-manager-and-netvm-network-prompt.png)
|
||||
|
||||
All the networking runs in a special, unprivileged NetVM. (Notice the red frame around the Network Manager dialog box on the screen above.) This means that in the event that your network card driver, Wi-Fi stack, or DHCP client is compromised, the integrity of the rest of the system will not be affected! This feature requires Intel VT-d or AMD IOMMU hardware (e.g., Core i5/i7 systems).
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-software-update.png](/attachment/wiki/QubesScreenshots/r2b2-software-update.png)](/attachment/wiki/QubesScreenshots/r2b2-software-update.png)
|
||||
|
||||
Qubes lets you update all the software in all the domains all at once, in a centralized way. This is possible thanks to Qubes' unique TemplateVM technology. Note that the user is not required to shut down any AppVMs (domains) for the update process. This can be done later, at a convenient moment, and separately for each AppVM.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![copy-paste-1.png](/attachment/wiki/QubesScreenshots/copy-paste-1.png)](/attachment/wiki/QubesScreenshots/copy-paste-1.png) [![copy-paste-2.png](/attachment/wiki/QubesScreenshots/copy-paste-2.png)](/attachment/wiki/QubesScreenshots/copy-paste-2.png)
|
||||
|
||||
Qubes supports secure copy-and-paste operations between AppVMs. Only the user can initiate a copy or paste operation using a special key combination (Ctrl-Shift-C/V). Other AppVMs have no access to the clipboard buffer, so they cannot steal data from the clipboard. Only the user decides which AppVM should be given access to the clipboard. (This is done by selecting the destination AppVM’s window and pressing the Ctrl-Shift-V combination.)
|
||||
|
||||
* * * * *
|
||||
|
||||
[!["r2b2-copy-to-other-appvm-1.png](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png)](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-1.png) [![r2b2-copy-to-other-appvm-3.png](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png)](/attachment/wiki/QubesScreenshots/r2b2-copy-to-other-appvm-3.png)
|
||||
|
||||
Qubes also supports secure file copying between AppVMs.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-open-in-dispvm-1.png](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png)](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-1.png) [![r2b2-open-in-dispvm-3.png](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png)](/attachment/wiki/QubesScreenshots/r2b2-open-in-dispvm-3.png)
|
||||
|
||||
Qubes' unique Disposable VMs (DispVMs) allow the user to open any file in a disposable VM in a matter of seconds! A file can be edited in a disposable VM, and any changes are projected back onto the original file. Currently, there is no way to mark files to be automatically opened in a disposable VM (one needs to right-click on the file and choose the "Open in Disposable VM" option), but this is planned for the R2 Beta 3 release.
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b2-convert-to-trusted-pdf-3.png](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png)](/attachment/wiki/QubesScreenshots/r2b2-convert-to-trusted-pdf-3.png) [![r2b2-converting-pdf-2.png](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png)](/attachment/wiki/QubesScreenshots/r2b2-converting-pdf-2.png)
|
||||
|
||||
Qubes provides an advanced infrastructure for programming inter-VM services, such as a PDF converter for untrusted files (which is described in [this article](https://blog.invisiblethings.org/2013/02/21/converting-untrusted-pdfs-into-trusted.html)).
|
||||
|
||||
* * * * *
|
||||
|
||||
[![r2b1-manager-firewall.png](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png)](/attachment/wiki/QubesScreenshots/r2b1-manager-firewall.png)
|
||||
|
||||
Qubes provides a dedicated firewall that itself runs in an isolated FirewallVM.
|
||||
|
||||
* * * * *
|
||||
|
||||
And some more screenshots:
|
||||
|
||||
[![r2b2-xfce4-start-menu-3.png](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png)](/attachment/wiki/QubesScreenshots/r2b2-xfce4-start-menu-3.png)
|
||||
|
||||
[![r2b2-kde-red-and-green-terminals.png](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png)](/attachment/wiki/QubesScreenshots/r2b2-kde-red-and-green-terminals.png)
|
||||
|
||||
[![r2b3-windows-seamless-2.png](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png)](/attachment/wiki/QubesScreenshots/r2b3-windows-seamless-2.png)
|
||||
|
||||
* * * * *
|
||||
|
||||
The following screenshots, [courtesy of Qubes user nalu](https://groups.google.com/d/topic/qubes-users/KhfzF19NG1s/discussion), demonstrate some of the ways in which KDE can be customized to work with Qubes:
|
||||
|
||||
[![r3rc1-nalu-desktop-1.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-1.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-1.png)
|
||||
|
||||
[![r3rc1-nalu-desktop-2.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-2.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-2.png)
|
||||
|
||||
[![r3rc1-nalu-desktop-3.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-3.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-3.png)
|
||||
|
||||
[![r3rc1-nalu-desktop-4.png](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-4.png)](/attachment/wiki/QubesScreenshots/r3rc1-nalu-desktop-4.png)
|
||||
|
19
about/statistics.md
Normal file
19
about/statistics.md
Normal file
@ -0,0 +1,19 @@
|
||||
---
|
||||
layout: default
|
||||
title: Statistics
|
||||
permalink: /statistics/
|
||||
redirect_from:
|
||||
- /counter/
|
||||
---
|
||||
|
||||
<div style="text-align: center; margin-bottom: 3em;">
|
||||
<img src="https://tools.qubes-os.org/counter/stats.png" alt="Estimated Qubes OS userbase graph"/>
|
||||
</div>
|
||||
|
||||
The graph is updated daily.
|
||||
|
||||
Raw data is available at
|
||||
[https://tools.qubes-os.org/counter/stats.json](https://tools.qubes-os.org/counter/stats.json).
|
||||
Format is not documented and may change any time should the developers feel the
|
||||
need to include something else. Source code is available at
|
||||
[https://github.com/woju/qubes-stats](https://github.com/woju/qubes-stats).
|
125
about/team.md
Normal file
125
about/team.md
Normal file
@ -0,0 +1,125 @@
|
||||
---
|
||||
layout: team
|
||||
title: Team
|
||||
permalink: /team/
|
||||
redirect_from:
|
||||
- /people/
|
||||
- /doc/QubesDevelopers/
|
||||
- /wiki/QubesDevelopers/
|
||||
---
|
||||
|
||||
<div id="team-core" class="white-box page-content more-bottom">
|
||||
<div class="col-lg-12 col-md-12 col-sm-12">
|
||||
<h2 class="text-center more-bottom">Core Team</h2>
|
||||
</div>
|
||||
{% for team in site.data.team %}
|
||||
{% if team.type == "core" %}
|
||||
<div class="row team team-core">
|
||||
<div class="col-lg-2 col-md-2 col-sm-5 col-xs-12 text-center">
|
||||
<div class="picture more-bottom">
|
||||
{% if team.picture %}
|
||||
<a href="/team/#{{team.name | slugify}}"><img src="/attachment/site/{{team.picture}}" title="Picture of {{team.name}}"></a>
|
||||
{% else %}
|
||||
<i class="fa fa-user"></i>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4 col-sm-7 col-xs-12" id="{{team.name | slugify}}">
|
||||
{% assign name_array = team.name | split:" " %}
|
||||
<a href="/team/#{{team.name | slugify}}"><h4 class="half-bottom">{{team.name}}</h4></a>
|
||||
<em class="role half-bottom">{{team.role}}</em>
|
||||
{% if team.email %}
|
||||
<a href="mailto:{{team.email}}" class="add-right"><i class="fa fa-envelope fa-fw"></i> Email</a>
|
||||
{% endif %}
|
||||
{% if team.website %}
|
||||
<a href="{{team.website}}" class="add-right" target="blank"><i class="fa fa-globe fa-fw"></i> Website</a>
|
||||
{% endif %}
|
||||
{% if team.twitter %}
|
||||
<a href="https://twitter.com/{{team.twitter}}" target="blank"><i class="fa fa-twitter fa-fw"></i> Twitter</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6 col-sm-12 col-xs-12 text-center">
|
||||
{% if team.fingerprint %}
|
||||
<span class="fingerprint" title="{{team.name}}'s PGP Key Fingerprint">{{team.fingerprint}}</span>
|
||||
{% endif %}
|
||||
{% if team.pgp_key %}
|
||||
<a href="{{team.pgp_key}}"><i class="fa fa-lock fa-fw"></i> {{name_array[0]}}'s PGP Key</a>
|
||||
{% endif %}
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
<div class="text-center more-bottom">
|
||||
<a href="/join/" class="btn btn-primary"><i class="fa fa-user-plus fa-fw white-icon"></i> Join the team!</a>
|
||||
</div>
|
||||
</div>
|
||||
<div class="white-box page-content more-bottom">
|
||||
<div class="col-lg-12 col-md-12 col-sm-12">
|
||||
<h2 class="text-center more-bottom">Emeritus</h2>
|
||||
<p>Emeriti are honorary members of the Qubes team who previously
|
||||
contributed to the project in a central way but who are no longer
|
||||
currently active.</p>
|
||||
</div>
|
||||
{% assign emeritus_total = 0 %}
|
||||
{% for team in site.data.team %}
|
||||
{% if team.type == "emeritus" %}
|
||||
{% assign emeritus_total = emeritus_total | plus:1 %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% assign emeritus_half = emeritus_total | divided_by:2 %}
|
||||
{% assign emeritus_shown = 0 %}
|
||||
<div class="row team">
|
||||
<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
|
||||
{% for team in site.data.team %}
|
||||
{% if team.type == "emeritus" %}
|
||||
{% if emeritus_shown < emeritus_half %}
|
||||
{% include team-simple.html %}
|
||||
{% elsif emeritus_shown == emeritus_half %}
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
|
||||
{% include team-simple.html %}
|
||||
{% else %}
|
||||
{% include team-simple.html %}
|
||||
{% endif %}
|
||||
{% assign emeritus_shown = emeritus_shown | plus:1 %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="white-box page-content more-bottom">
|
||||
<div class="col-lg-12 col-md-12 col-sm-12">
|
||||
<h2 class="text-center more-bottom">Community Contributors</h2>
|
||||
<p>Qubes would not be where it is today without the input of the many users,
|
||||
testers, and developers of all skill levels who have come together to form
|
||||
this thriving community. The community's discussions take place primarily on
|
||||
the <a href="/doc/mailing-lists/">Qubes mailing lists</a>.</p>
|
||||
</div>
|
||||
{% assign community_total = 0 %}
|
||||
{% for team in site.data.team %}
|
||||
{% if team.type == "community" %}
|
||||
{% assign community_total = community_total | plus:1 %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% assign community_half = community_total | divided_by:2 %}
|
||||
{% assign community_shown = 0 %}
|
||||
<div class="row team">
|
||||
<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
|
||||
{% for team in site.data.team %}
|
||||
{% if team.type == "community" %}
|
||||
{% if community_shown < community_half %}
|
||||
{% include team-simple.html %}
|
||||
{% elsif community_shown == community_half %}
|
||||
</div>
|
||||
<div class="col-lg-6 col-md-6 col-sm-6 col-xs-12">
|
||||
{% include team-simple.html %}
|
||||
{% else %}
|
||||
{% include team-simple.html %}
|
||||
{% endif %}
|
||||
{% assign community_shown = community_shown | plus:1 %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
79
about/video-tours.html
Normal file
79
about/video-tours.html
Normal file
@ -0,0 +1,79 @@
|
||||
---
|
||||
layout: default
|
||||
title: Video Tours of Qubes OS
|
||||
permalink: /video-tours/
|
||||
---
|
||||
|
||||
<div id="tour">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-md-12 col-xs-12">
|
||||
<h2 class="add-bottom">A Video Tour of Qubes 3.1 by Matthew Wilson</h2>
|
||||
<div id="player0"></div>
|
||||
<p>This video by Matthew Wilson provides an overview of Qubes 3.1. You can use the menu links to browse to specific chapters.</p>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-12 col-xs-12">
|
||||
<h2 class="add-bottom"> </h2>
|
||||
<ul id="player0-menu" class="list-unstyled remove-bottom">
|
||||
<li><a href="00:00" class="player0-seek">An Overview of Qubes OS</a></li>
|
||||
<li><a href="01:47" class="player0-seek">Web browsing with multiple identities</a></li>
|
||||
<li><a href="05:26" class="player0-seek">Isolating files in different Qubes</a></li>
|
||||
<li><a href="07:28" class="player0-seek">Moving files between Qubes</a></li>
|
||||
<li><a href="09:21" class="player0-seek">Using the secure clipboard</a></li>
|
||||
<li><a href="11:13" class="player0-seek">Web browsing securely in a Disposable Qube</a></li>
|
||||
<li><a href="13:51" class="player0-seek">Handling untrusted files in a Disposable Qube</a></li>
|
||||
<li><a href="16:50" class="player0-seek">Exploring the Qubes Manager</a></li>
|
||||
<li><a href="18:54" class="player0-seek">Templates and App Qubes</a></li>
|
||||
<li><a href="20:04" class="player0-seek">Installing temporary applications</a></li>
|
||||
<li><a href="21:57" class="player0-seek">Installing persistent applications</a></li>
|
||||
<li><a href="24:20" class="player0-seek">Managing the applications menu</a></li>
|
||||
<li><a href="25:09" class="player0-seek">Creating & using a Standalone Qube</a></li>
|
||||
<li><a href="26:38" class="player0-seek">Editing settings of a Qube</a></li>
|
||||
<li><a href="28:40" class="player0-seek">Creating a Qube for added security & privacy</a></li>
|
||||
<li><a href="29:42" class="player0-seek">Whonix and Tor for privacy & anonymity</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<hr class="more-top more-bottom">
|
||||
<div class="row">
|
||||
<div class="col-lg-4 col-md-4 col-xs-12">
|
||||
<h2>Introduction</h2>
|
||||
<p>Learn the basics in this introduction to Qubes OS.</p><br>
|
||||
<a href="/intro/" class="btn btn-primary">
|
||||
<i class="fa fa-flag"></i> What is Qubes OS?
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4 col-xs-12">
|
||||
<h2>Screenshots</h2>
|
||||
<p>See what using Qubes actually looks like with these screenshots of various applications running in Qubes.</p>
|
||||
<a href="/screenshots/" class="btn btn-primary">
|
||||
<i class="fa fa-picture-o"></i> See Screenshots
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4 col-xs-12">
|
||||
<h2>Getting Started</h2>
|
||||
<p>Ready to get started with Qubes? Here's what you need to know after installing.</p>
|
||||
<a href="/getting-started/" class="btn btn-primary">
|
||||
<i class="fa fa-cubes"></i> Getting Started
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<hr class="more-top more-bottom">
|
||||
<div class="row">
|
||||
<div class="col-lg-8 col-md-12 col-xs-12">
|
||||
<h2 class="add-bottom">French Video Series by Paf LeGeek (6 Parts)</h2>
|
||||
<div id="player1"></div>
|
||||
<p>This French series by Paf LeGeek provides a guide to Qubes OS across six videos. You can use the menu links to browse to specific videos in the series.</p>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-12 col-xs-12">
|
||||
<h2 class="add-bottom"> </h2>
|
||||
<ul id="player1-menu" class="list-unstyled remove-bottom">
|
||||
<li><a href="q7mCeYCrQ24" class="player1-play">Partie 1: Présentation du projet Qubes OS</a></li>
|
||||
<li><a href="a8YIVqaP8Lk" class="player1-play">Partie 2: ProxyVM VPN et Tor</a></li>
|
||||
<li><a href="RcUUAGdAFHo" class="player1-play">Partie 3: Installer Qubes OS</a></li>
|
||||
<li><a href="Zu9ab7E-Mqk" class="player1-play">Partie 4: Installer Windows 7</a></li>
|
||||
<li><a href="HgIKtopFZxU" class="player1-play">Partie 5: Créer un coffre fort numérique</a></li>
|
||||
<li><a href="Yr-oRWtCZGI" class="player1-play">Partie 6: ProxyVM VPN avec kill switch</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
580
basics_dev/gsoc.md
Normal file
580
basics_dev/gsoc.md
Normal file
@ -0,0 +1,580 @@
|
||||
---
|
||||
layout: sidebar
|
||||
title: Google Summer of Code
|
||||
permalink: /gsoc/
|
||||
redirect_from: /GSoC/
|
||||
---
|
||||
|
||||
2017 Google Summer of Code
|
||||
================
|
||||
|
||||
## Information for Students
|
||||
|
||||
Thank you for your interest in participating in the [Google Summer of Code program][gsoc-qubes] with the [Qubes OS team][team]. You can read more about the Google Summer of Code program at the [official website][gsoc] and the [official FAQ][gsoc-faq].
|
||||
|
||||
Being accepted as a Google Summer of Code student is quite competitive. Students wishing to participate in the Summer of Code must be aware that you will be required to produce code for Qubes OS for 3 months. Your mentors, Qubes developers, will dedicate a portion of their time towards mentoring you. Therefore, we seek candidates who are committed to helping Qubes long-term and are willing to do quality work and be proactive in communicating with your mentor.
|
||||
|
||||
You don't have to be a proven developer -- in fact, this whole program is meant to facilitate joining Qubes and other free and open source communities. The Qubes community maintains information about [contributing to Qubes development][contributing] and [how to send patches][patches]. In order to contribute code to the Qubes project, you must be able to [sign your code][code-signing].
|
||||
|
||||
You should start learning the components that you plan on working on before the start date. Qubes developers are available on the [mailing lists][ml-devel] for help. The GSoC timeline reserves a lot of time for bonding with the project -- use that time wisely. Good communication is key, you should plan to communicate with your team daily and formally report progress and plans weekly. Students who neglect active communication will be failed.
|
||||
|
||||
### Overview of Steps
|
||||
|
||||
- Join the [qubes-devel list][ml-devel] and introduce yourself, and meet your fellow developers
|
||||
- Read [Google's instructions for participating][gsoc-participate] and the [GSoC Student Manual][gsoc-student]
|
||||
- Take a look at the list of ideas below
|
||||
- Come up with a project that you are interested in (and feel free to propose your own! Don't feel limited by the list below.)
|
||||
- Read the Student Proposal guidelines below
|
||||
- Write a first draft proposal and send it to the qubes-devel mailing list for review
|
||||
- Submit proposal using [Google's web interface][gsoc-submit] ahead of the deadline (this requires a Google Account!)
|
||||
- Submit proof of enrollment well ahead of the deadline
|
||||
|
||||
Coming up with an interesting idea that you can realistically achieve in the time available to you (one summer) is probably the most difficult part. We strongly recommend getting involved in advance of the beginning of GSoC, and we will look favorably on applications from students who have already started to act like free and open source developers.
|
||||
|
||||
Before the summer starts, there are some preparatory tasks which are highly encouraged. First, if you aren't already, definitely start using Qubes as your primary OS as soon as possible! Also, it is encouraged that you become familiar and comfortable with the Qubes development workflow sooner than later. A good way to do this (and also a great way to stand out as an awesome applicant and make us want to accept you!) might be to pick up some issues from [qubes-issues][qubes-issues] (our issue-tracking repo) and submit some patches addressing them. Some suitable issues might be those with tags ["help wanted" and "P: minor"][qubes-issues-suggested] (although more significant things are also welcome, of course). Doing this will get you some practice with [qubes-builder][qubes-builder], our code-signing policies, and some familiarity with our code base in general so you are ready to hit the ground running come summer.
|
||||
|
||||
### Student proposal guidelines
|
||||
|
||||
A project proposal is what you will be judged upon. Write a clear proposal on what you plan to do, the scope of your project, and why we should choose you to do it. Proposals are the basis of the GSoC projects and therefore one of the most important things to do well. The proposal is not only the basis of our decision of which student to choose, it has also an effect on Google's decision as to how many student slots are assigned to Qubes.
|
||||
|
||||
Below is the application template:
|
||||
|
||||
```
|
||||
# Introduction
|
||||
|
||||
Every software project should solve a problem. Before offering the solution (your Google Summer of Code project), you should first define the problem. What’s the current state of things? What’s the issue you wish to solve and why? Then you should conclude with a sentence or two about your solution. Include links to discussions, features, or bugs that describe the problem further if necessary.
|
||||
|
||||
# Project goals
|
||||
|
||||
Be short and to the point, and perhaps format it as a list. Propose a clear list of deliverables, explaining exactly what you promise to do and what you do not plan to do. “Future developments” can be mentioned, but your promise for the Google Summer of Code term is what counts.
|
||||
|
||||
# Implementation
|
||||
|
||||
Be detailed. Describe what you plan to do as a solution for the problem you defined above. Include technical details, showing that you understand the technology. Illustrate key technical elements of your proposed solution in reasonable detail.
|
||||
|
||||
# Timeline
|
||||
|
||||
Show that you understand the problem, have a solution, have also broken it down into manageable parts, and that you have a realistic plan on how to accomplish your goal. Here you set expectations, so don’t make promises you can’t keep. A modest, realistic and detailed timeline is better than promising the impossible.
|
||||
|
||||
If you have other commitments during GSoC, such as a job, vacation, exams, internship, seminars, or papers to write, disclose them here. GSoC should be treated like a full-time job, and we will expect approximately 40 hours of work per week. If you have conflicts, explain how you will work around them. If you are found to have conflicts which you did not disclose, you may be failed.
|
||||
|
||||
Open and clear communication is of utmost importance. Include your plans for communication in your proposal; daily if possible. You will need to initiate weekly formal communications such as a detailed email to the qubes-devel mailing list. Lack of communication will result in you being failed.
|
||||
|
||||
# About me
|
||||
|
||||
Provide your contact information and write a few sentences about you and why you think you are the best for this job. Prior contributions to Qubes are helpful; list your commits. Name people (other developers, students, professors) who can act as a reference for you. Mention your field of study if necessary. Now is the time to join the relevant mailing lists. We want you to be a part of our community, not just contribute your code.
|
||||
|
||||
Tell us if you are submitting proposals to other organizations, and whether or not you would choose Qubes if given the choice.
|
||||
|
||||
Other things to think about:
|
||||
* Are you comfortable working independently under a supervisor or mentor who is several thousand miles away, and perhaps 12 time zones away? How will you work with your mentor to track your work? Have you worked in this style before?
|
||||
* If your native language is not English, are you comfortable working closely with a supervisor whose native language is English? What is your native language, as that may help us find a mentor who has the same native language?
|
||||
* After you have written your proposal, you should get it reviewed. Do not rely on the Qubes mentors to do it for you via the web interface, although we will try to comment on every proposal. It is wise to ask a colleague or a developer to critique your proposal. Clarity and completeness are important.
|
||||
```
|
||||
|
||||
## Project Ideas
|
||||
|
||||
These project ideas were contributed by our developers and may be incomplete. If you are interested in submitting a proposal based on these ideas, you should contact the [qubes-devel mailing list][ml-devel] and associated GitHub issue to learn more about the idea.
|
||||
|
||||
```
|
||||
### Adding a Proposal
|
||||
|
||||
**Project**: Something that you're totally excited about
|
||||
|
||||
**Brief explanation**: What is the project, where does the code live?
|
||||
|
||||
**Expected results**: What is the expected result in the timeframe given
|
||||
|
||||
**Knowledge prerequisite**: Pre-requisites for working on the project. What coding language and knowledge is needed?
|
||||
If applicable, links to more information or discussions
|
||||
|
||||
**Mentor**: Name and email address.
|
||||
```
|
||||
|
||||
### Qubes MIME handlers
|
||||
|
||||
**Project**: Qubes MIME handlers
|
||||
|
||||
**Brief explanation**: [#441](https://github.com/QubesOS/qubes-issues/issues/441) (including remembering decision whether some file
|
||||
should be opened in DispVM or locally)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Design mechanism for recognising which files should be opened locally and which in Disposable VM. This mechanism should:
|
||||
- Respect default action like "by default open files in Disposable VM" (this
|
||||
may be about files downloaded from the internet, transferred from
|
||||
other VM etc).
|
||||
- Allow setting persistent flag for a file that should be opened in specific
|
||||
way ("locally"); this flag should local to the VM - it shouldn't be possible
|
||||
to preserve (or even fabricate) the flag while transferring the file from/to
|
||||
VM.
|
||||
- See linked ticket for simple ideas.
|
||||
- Implement generic file handler to apply this mechanism; it should work
|
||||
regardless of file type, and if file is chosen to be opened locally, normal
|
||||
(XDG) rules of choosing application should apply.
|
||||
- Setting/unsetting the flag should be easy - like if once file is chosen to
|
||||
be opened locally, it should remember that decision.
|
||||
- Preferably use generic mechanism to integrate it into file managers (XDG
|
||||
standards). If not possible - integrate with Nautilus and Dolphin.
|
||||
- Optionally implement the same for Windows.
|
||||
- Document the mechanism (how the flag is stored, how mechanism is plugged
|
||||
into file managers etc).
|
||||
- Write unit tests and integration tests.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- XDG standards
|
||||
- Bash or Python scripting
|
||||
- Basic knowledge of configuration/extension for file managers
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Template manager, new template distribution mechanism
|
||||
|
||||
**Project**: Template manager, new template distribution mechanism
|
||||
|
||||
**Brief explanation**: Template VMs currently are distributed using RPM
|
||||
packages. There are multiple problems with that, mostly related to static
|
||||
nature of RPM package (what files belong to the package). This means such
|
||||
Template VM cannot be renamed, migrated to another storage (like LVM), etc.
|
||||
Also we don't want RPM to automatically update template package itself (which
|
||||
would override all the user changes there). More details:
|
||||
[#2064](https://github.com/QubesOS/qubes-issues/issues/2064),
|
||||
[#2534](https://github.com/QubesOS/qubes-issues/issues/2534).
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Design new mechanism for distributing templates (possibly including some
|
||||
package format - either reuse something already existing, or design
|
||||
new one). The mechanism needs to handle:
|
||||
- integrity protection (digital signatures), not parsing any data in dom0
|
||||
prior to signature verification
|
||||
- efficient handling of large sparse files
|
||||
- ability to deploy the template into various storage mechanisms (sparse
|
||||
files, LVM thin volumes etc).
|
||||
- template metadata, templates repository - enable the user to browse
|
||||
available templates (probably should be done in dedicated VM, or Disposable VM)
|
||||
- Implement the above mechanism:
|
||||
- tool to download named template - should perform download operation in
|
||||
some VM (as dom0 have no network access), then transfer the data to dom0,
|
||||
verify its integrity and then create Template VM and feed it's root
|
||||
filesystem image with downloaded data.
|
||||
- tool to browse templates repository - both CLI and GUI (preferably in (py)GTK)
|
||||
- integrate both tools - user should be able to choose some template to be
|
||||
installed from repository browsing tool - see
|
||||
[#1705](https://github.com/QubesOS/qubes-issues/issues/1705) for some idea
|
||||
(this one lack integrity verification, but similar service could
|
||||
be developed with that added)
|
||||
- If new "package" format is developed, add support for it into
|
||||
[linux-template-builder](https://github.com/QubesOS/qubes-linux-template-builder).
|
||||
- Document the mechanism.
|
||||
- Write unit tests and integration tests.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- Large files (disk images) handling (sparse files, archive formats)
|
||||
- Bash and Python scripting
|
||||
- Data integrity handling - digital signatures (gpg2, gpgv2)
|
||||
- PyGTK
|
||||
- RPM package format, (yum) repository basics
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Qubes Live USB
|
||||
|
||||
**Project**: Revive Qubes Live USB, integrate it with installer
|
||||
|
||||
**Brief explanation**: Qubes Live USB is based on Fedora tools to build live
|
||||
distributions. But for Qubes we need some adjustments: starting Xen instead of
|
||||
Linux kernel, smarter copy-on-write handling (we run there multiple VMs, so a
|
||||
lot more data to save) and few more. Additionally in Qubes 3.2 we have
|
||||
so many default VMs that default installation does not fit in 16GB image
|
||||
(default value) - some subset of those VMs should be chosen. Ideally we'd like
|
||||
to have just one image being both live system and installation image. More
|
||||
details: [#1552](https://github.com/QubesOS/qubes-issues/issues/1552),
|
||||
[#1965](https://github.com/QubesOS/qubes-issues/issues/1965).
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Adjust set of VMs and templates included in live edition.
|
||||
- Update and fix build scripts for recent Qubes OS version.
|
||||
- Update startup script to mount appropriate directories as either
|
||||
copy-on-write (device-mapper snapshot), or tmpfs.
|
||||
- Optimize memory usage: should be possible to run sys-net, sys-firewall, and
|
||||
at least two more VMs on 4GB machine. This include minimizing writes to
|
||||
copy-on-write layer and tmpfs (disable logging etc).
|
||||
- Research option to install the system from live image. If feasible add
|
||||
this option.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- System startup sequence: bootloaders (isolinux, syslinux, grub, UEFI), initramfs, systemd.
|
||||
- Python and Bash scripting
|
||||
- Filesystems and block devices: loop devices, device-mapper, tmpfs, overlayfs, sparse files.
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Unikernel-based firewallvm with Qubes firewall settings support
|
||||
|
||||
**Project**: Unikernel based firewallvm with Qubes firewall settings support
|
||||
|
||||
**Brief explanation**: [blog post](http://roscidus.com/blog/blog/2016/01/01/a-unikernel-firewall-for-qubesos/), [repo](https://github.com/talex5/qubes-mirage-firewall)
|
||||
|
||||
**Expected results**: A firewall implemented as a unikernel which supports all the networking-related functionality as the default sys-firewall VM, including configuration via Qubes Manager. Other duties currently assigned to sys-firewall such as the update proxy may need to be appropriately migrated first.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- [OCaml](https://ocaml.org/) + [MirageOS](https://mirage.io/) or other unikernel framework,
|
||||
- Xen network stack,
|
||||
- Qubes networking model & firewall semantics.
|
||||
|
||||
**Mentor**: [Thomas Leonard](mailto:talex5@gmail.com), [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### IPv6 support
|
||||
**Project**: IPv6 support
|
||||
|
||||
**Brief explanation**: Add support for native IPv6 in Qubes VMs. This should
|
||||
include IPv6 routing (+NAT...), IPv6-aware firewall, DNS configuration, dealing
|
||||
with IPv6 being available or not in directly connected network. See
|
||||
[#718](https://github.com/QubesOS/qubes-issues/issues/718) for more details.
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Add IPv6 handling to network configuration scripts in VMs
|
||||
- Add support for IPv6 in Qubes firewall (including CLI/GUI tools to configure it)
|
||||
- Design and implement simple mechanism to propagate information about IPv6
|
||||
being available at all (if necessary). This should be aware of ProxyVMs
|
||||
potentially adding/removing IPv6 support - like VPN, Tor etc.
|
||||
- Add unit tests and integration tests for both configuration scripts and UI
|
||||
enhancements.
|
||||
- Update documentation.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- network protocols, especially IPv6, TCP, DNS, DHCPv6, ICMPv6 (including
|
||||
autoconfiguration)
|
||||
- ip(6)tables, nftables, NAT
|
||||
- Python and Bash scripting
|
||||
- network configuration on Linux: ip tool, configuration files on Debian and
|
||||
Fedora, NetworkManager
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Thunderbird, Firefox and Chrome extensions
|
||||
**Project**: additional Thunderbird, Firefox and Chrome extensions
|
||||
|
||||
**Brief explanation**:
|
||||
|
||||
* browser/mail: open link in vm
|
||||
* browser/mail: open link in dispvm
|
||||
* browser: save destination to vm
|
||||
* mail: add whitelisted senders option (address-based and signing key-based) [#845](https://github.com/QubesOS/qubes-issues/issues/845)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Extend existing Thunderbird extension to decide on action (where to open/save attachments) based on message sender - recognized as email address, or signing key
|
||||
- Add Firefox extension to open links in Disposable VM / selected VM (right-click option and a default action for not-whitelisted URLs/domains)
|
||||
- The same for Chrome
|
||||
- Add tests for above enhancements
|
||||
- Update user documentation
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- writing Thunderbird/Firefox extensions (XUL, javascript)
|
||||
- writing Chrome extensions (javascript)
|
||||
|
||||
**Mentor**: [Jean-Philippe Ouellet](mailto:jpo@vt.edu)
|
||||
|
||||
### LogVM(s)
|
||||
|
||||
**Project**: LogVM(s)
|
||||
|
||||
**Brief explanation**: Qubes AppVMs do not have persistent /var (on purpose).
|
||||
It would be useful to send logs generated by various VMs to a dedicated
|
||||
log-collecting VM. This way logs will not only survive VM shutdown, but also be
|
||||
immune to altering past entries. See
|
||||
[#830](https://github.com/QubesOS/qubes-issues/issues/830) for details.
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Design a _simple_ protocol for transferring logs. The less metadata (parsed
|
||||
in log-collecting VM) the better.
|
||||
- Implement log collecting service. Besides logs itself, should save
|
||||
information about logs origin (VM name) and timestamp. The service should
|
||||
_not_ trust sending VM in any of those.
|
||||
- Implement log forwarder compatible with systemd-journald and rsyslog. A
|
||||
mechanism (service/plugin) fetching logs in real time from those and sending
|
||||
to log-collecting VM over qrexec service.
|
||||
- Document the protocol.
|
||||
- Write unit tests and integration tests.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- syslog
|
||||
- systemd
|
||||
- Python/Bash scripting
|
||||
|
||||
**Mentor**: [Jean-Philippe Ouellet](mailto:jpo@vt.edu)
|
||||
|
||||
### GUI improvements
|
||||
|
||||
**Project**: GUI improvements
|
||||
|
||||
**Brief explanation**:
|
||||
|
||||
* GUI for enabling USB keyboard: [#2329](https://github.com/QubesOS/qubes-issues/issues/2329)
|
||||
* GUI for enabling USB passthrough: [#2328](https://github.com/QubesOS/qubes-issues/issues/2328)
|
||||
* GUI interface for /etc/qubes/guid.conf: [#2304](https://github.com/QubesOS/qubes-issues/issues/2304)
|
||||
* Improving inter-VM file copy / move UX master ticket: [#1839](https://github.com/QubesOS/qubes-issues/issues/1839)
|
||||
* and comprehensive list of GUI issues: [#1117](https://github.com/QubesOS/qubes-issues/issues/1117)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Add/enhance GUI tools to configure/do things mentioned in description above.
|
||||
Reasonable subset of those things is acceptable.
|
||||
- Write tests for added elements.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- Python, PyGTK
|
||||
|
||||
**Mentor**: [Jean-Philippe Ouellet](mailto:jpo@vt.edu)
|
||||
|
||||
### Xen GPU pass-through for Intel integrated GPUs
|
||||
**Project**: Xen GPU pass-through for Intel integrated GPUs (largely independent of Qubes)
|
||||
|
||||
**Brief explanation**: This project is prerequisite to full GUI domain support,
|
||||
where all desktop environment is running in dedicated VM, isolated from
|
||||
dom0. There is already some support for GPU passthrough in Xen, but needs to be
|
||||
integrated in to Qubes and probably really make working, even when using qemu
|
||||
in stubdomain. GUI domain should be a HVM domain (not PV).
|
||||
This should be done without compromising Qubes security features, especially:
|
||||
using VT-d for protection against DMA attacks, using stubdomain for sandboxing
|
||||
qemu process (if needed) - qemu running in dom0 is not acceptable. More
|
||||
details in [#2618](https://github.com/QubesOS/qubes-issues/issues/2618).
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Ability to start a VM with GPU connected. VM should be able to handle video
|
||||
output (both laptop internal display, and external monitors if apply). That
|
||||
VM also should be able to use hardware acceleration.
|
||||
- This project may require patching any/all of Xen hypervisor, Libvirt, Qemu,
|
||||
Linux. In such a case, patches should be submitted to appropriate upstream
|
||||
project.
|
||||
- It's ok to focus on a specific, relatively new Intel-based system with Intel
|
||||
integrated GPU.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- C language
|
||||
- Kernel/hypervisor debugging
|
||||
- Basics of x86_64 architecture, PCIe devices handling (DMA, MMIO, interrupts), IOMMU (aka VT-d)
|
||||
- Xen hypervisor architecture
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Whonix IPv6 and nftables support
|
||||
**Project**: Whonix IPv6 and nftables support
|
||||
|
||||
**Brief explanation**: [T509](https://phabricator.whonix.org/T509)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Work at upstream Tor: An older version of https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy page was the origin of Whonix. Update that page for nftables / IPv6 support without mentioning Whonix. Then discuss that on the tor-talk mailing list for wider input. - https://trac.torproject.org/projects/tor/ticket/21397
|
||||
- implement corridor feature request add IPv6 support / port to nftables - https://github.com/rustybird/corridor/issues/39
|
||||
- port whonix-gw-firewall to nftables
|
||||
- port whonix-ws-firewall to nftables
|
||||
- make connections to IPv6 Tor relays work
|
||||
- make connections to IPv6 destinations work
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
**Mentor**: [Patrick Schleizer](/team/)
|
||||
|
||||
### Standalone connection wizard for Tor pluggable transports
|
||||
**Project**: Standalone connection wizard for Tor pluggable transports
|
||||
|
||||
**Brief explanation**: [#1938](https://github.com/QubesOS/qubes-issues/issues/1938), https://www.whonix.org/blog/connection-bridge-wizard, https://github.com/Whonix/anon-connection-wizard
|
||||
|
||||
**Expected results**:
|
||||
|
||||
Users are presented with a GUI where they can select different bridges to use to connect to Tor if it is censored in their country/region, just like with the Tor Browser.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
**Mentor**: [Patrick Schleizer](/team/)
|
||||
|
||||
### Leverage modern static & dynamic analysis
|
||||
**Project**: Leverage modern static & dynamic analysis
|
||||
|
||||
**Brief explanation**:
|
||||
|
||||
**Expected results**: Stand up tooling to automatically run various tools against the Qubes code base, and address as many found issues as possible.
|
||||
|
||||
**Knowledge prerequisite**: Familiarity with various analysis tools & techniques, including but not limited to: valgrind, coverity, clang's sanitizers, guided fuzzing.
|
||||
|
||||
**Mentor**: [Jean-Philippe Ouellet](mailto:jpo@vt.edu)
|
||||
|
||||
### Formally analyze how untrusted inputs propagate through the Qubes code base
|
||||
**Project**: Formally analyze how untrusted inputs propagate through the Qubes code base
|
||||
|
||||
**Brief explanation**: It would be useful to have a rigorous understanding of what code paths are reachable and which state can be affected via input from untrusted domains. Such analysis would likely involve building a model of the system with a combination of taint tracking and static and symbolic analysis.
|
||||
|
||||
**Expected results**: A rigorous model of the scope of code paths and state reachable or affectable from other (Xen) domains.
|
||||
|
||||
**Knoledge prerequisite**: Frama-C, pytaint, angr, others.
|
||||
|
||||
**Mentor**: [Jean-Philippe Ouellet](mailto:jpo@vt.edu)
|
||||
|
||||
### Audio support for Qubes Windows Tools
|
||||
**Project**: Audio support for Qubes Windows Tools
|
||||
|
||||
**Brief explanation**: Add audio support for Windows HVMs via Qubes Windows Tools. [#2624](https://github.com/QubesOS/qubes-issues/issues/2624)
|
||||
|
||||
**Expected results**: Windows HVMs should have an audio device that supports playback and recording.
|
||||
|
||||
**Knowledge prerequisite**: C/C++ languages, familiarity with Windows API, possibly familiarity with Windows audio stack on the driver level.
|
||||
|
||||
**Mentor**: [Rafał Wojdyła](/team/)
|
||||
|
||||
### Improve Windows GUI agent performance and stability
|
||||
**Project**: Improve Windows GUI agent performance and stability
|
||||
|
||||
**Brief explanation**: Previous profiling has shown that the Windows GUI agent uses significant portion of VM's CPU time for mouse input simulation. This can be improved, as well as agent's stability in some cases (desktop/user switching, logon/logoff, domain-joined VMs, multiple monitors). Seamless GUI experience can be significantly improved, but that may require changes in the Qubes video driver. [#1044](https://github.com/QubesOS/qubes-issues/issues/1044) [#1045](https://github.com/QubesOS/qubes-issues/issues/1045) [#1500](https://github.com/QubesOS/qubes-issues/issues/1500) [#2138](https://github.com/QubesOS/qubes-issues/issues/2138) [#2487](https://github.com/QubesOS/qubes-issues/issues/2487) [#2589](https://github.com/QubesOS/qubes-issues/issues/2589)
|
||||
|
||||
**Expected results**: Reduction of agent's CPU usage, improved stability.
|
||||
|
||||
**Knowledge prerequisite**: C language, Familiarity with Windows API, especially the windowing stack. Familiarity with profiling and debugging tools for Windows.
|
||||
|
||||
**Mentor**: [Rafał Wojdyła](/team/)
|
||||
|
||||
### Gui agent for Windows 8/10
|
||||
**Project**: Gui agent for Windows 8/10
|
||||
|
||||
**Brief explanation**: Add support for Windows 8+ to the Qubes GUI agent and video driver. Starting from Windows 8, Microsoft requires all video drivers to conform to the WDDM display driver model which is incompatible with the current Qubes video driver. Unfortunately the WDDM model is much more complex than the old XPDM one and officially *requires* a physical GPU device (which may be emulated). Some progress has been made to create a full WDDM driver that *doesn't* require a GPU device, but the driver isn't working correctly yet. Alternatively, WDDM model supports display-only drivers which are much simpler but don't have access to system video memory and rendering surfaces (a key feature that would simplify seamless GUI mode). [#1861](https://github.com/QubesOS/qubes-issues/issues/1861)
|
||||
|
||||
**Expected results**: Working display-only WDDM video driver or significant progress towards making the full WDDM driver work correctly.
|
||||
|
||||
**Knowledge prerequisite**: C/C++ languages, familiarity with Windows API, familiarity with the core Windows WDM driver model. Ideally familiarity with the WDDM display driver model.
|
||||
|
||||
**Mentor**: [Rafał Wojdyła](/team/)
|
||||
|
||||
### Make Anti Evil Maid resistant against shoulder surfing and video surveillance
|
||||
|
||||
**Project**: Observing the user during early boot should not be sufficient to defeat the protection offered by Anti Evil Maid.
|
||||
|
||||
**Brief explanation**:
|
||||
|
||||
1. Implement optional support for time-based one-time-password seed secrets. Instead of verifying a static text or picture (which the attacker can record and replay later on a compromised system), the user would verify an ephemeral six-digit code displayed on another device, e.g. a smartphone running any Google Authenticator compatible code generator app.
|
||||
|
||||
2. Implement optional support for storing a passphrase-encrypted LUKS disk decryption key on a secondary AEM device. The attacker would then have to seize this device in order to decrypt the user's data; just recording the passphrase as it is entered would no longer be enough.
|
||||
|
||||
**Expected results**: AEM package updates implementing both features, with fallback support in case the user does not have their smartphone or secondary AEM device at hand. Good UX and documentation for enrolling or upgrading users.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- Bash scripting
|
||||
- The AEM threat model
|
||||
- GRUB2, dracut, systemd, LUKS
|
||||
|
||||
**Mentor**: [Rusty Bird](mailto:rustybird@openmailbox.org)
|
||||
|
||||
### GNOME support in dom0
|
||||
|
||||
**Project**: GNOME support in dom0
|
||||
|
||||
**Brief explanation**: Integrating GNOME into Qubes dom0. This include:
|
||||
|
||||
- patching window manager to add colorful borders
|
||||
- removing stuff not needed in dom0 (file manager(s), indexing services etc)
|
||||
- adjusting menu for easy navigation (same applications in different VMs and such problems, dom0-related entries in one place)
|
||||
- More info: [#1806](https://github.com/QubesOS/qubes-issues/issues/1806)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
- Review existing support for other desktop environments (KDE, Xfce4, i3, awesome).
|
||||
- Patch window manager to draw colorful borders (we use only server-side
|
||||
decorations), there is already very similar patch in
|
||||
[Cappsule project](https://github.com/cappsule/cappsule-gui).
|
||||
- Configure GNOME to not make use of dom0 user home in visible way (no search
|
||||
in files there, no file manager, etc).
|
||||
- Configure GNOME to not look into external devices plugged in (no auto
|
||||
mounting, device notifications etc).
|
||||
- Package above modifications as rpms, preferably as extra configuration files
|
||||
and/or plugins than overwriting existing files. Exceptions to this rule may
|
||||
apply if no other option.
|
||||
- Adjust comps.xml (in installer-qubes-os repo) to define package group with
|
||||
all required packages.
|
||||
- Document installation procedure.
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
- GNOME architecture
|
||||
- C language (patching metacity)
|
||||
- Probably also javascript - for modifying GNOME shell extensions
|
||||
|
||||
**Mentor**: [Marek Marczykowski-Górecki](/team/)
|
||||
|
||||
### Mitigate focus-stealing attacks
|
||||
**Project**: Mitigate focus-stealing attacks
|
||||
|
||||
**Brief explanation**: [Focus stealing attacks](https://en.wikipedia.org/wiki/Focus_stealing) have long been an issue in Qubes OS. The Qubes community has long punted the issue due to having higher priority things to work on, and it being viewed as the responsability of the window manager, but nevertheless it remains a serious issue, and an *effective* mitigation would be most welcome. Any student wishing to work on this would need to engage the community in a discussion about the effectiveness of their proposed earlier rather than later. [#1166](https://github.com/QubesOS/qubes-issues/issues/1166)
|
||||
|
||||
**Expected results**: Working robust focus stealing prevention for Xfce (currently the default Qubes desktop environment) or Gnome (the targeted future Qubes desktop environment).
|
||||
|
||||
**Knoledge prerequisite**: X APIs, Qubes GUI protocol, familiarity with the targeted window manager.
|
||||
|
||||
**Mentor**:
|
||||
|
||||
### Progress towards reproducible builds
|
||||
**Project**: Progress towards reproducible builds
|
||||
|
||||
**Brief explanation**: A long-term goal is to be able to build the entire OS and installation media in a completely bit-wise deterministic manner, but there are many baby steps to be taken along that path. See:
|
||||
|
||||
- "[Security challenges for the Qubes build process](https://www.qubes-os.org/news/2016/05/30/build-security/)"
|
||||
- [This mailing list post](https://groups.google.com/d/msg/qubes-devel/gq-wb9wTQV8/mdliS4P2BQAJ)
|
||||
- and [reproducible-builds.org](https://reproducible-builds.org/)
|
||||
|
||||
for more information and qubes-specific background.
|
||||
|
||||
**Expected results**: Significant progress towards making the Qubes build process deterministic. This would likely involve cooperation with and hacking on several upstream build tools to eliminate sources of variability.
|
||||
|
||||
**Knoledge prerequisite**: qubes-builder [[1]](https://www.qubes-os.org/doc/qubes-builder/) [[2]](https://www.qubes-os.org/doc/qubes-builder-details/) [[3]](https://github.com/QubesOS/qubes-builder/tree/master/doc), and efficient at introspecting complex systems: comfortable with tracing and debugging tools, ability to quickly identify and locate issues within a large codebase (upstream build tools), etc.
|
||||
|
||||
**Mentor**:
|
||||
|
||||
### Android development in Qubes
|
||||
|
||||
**Project**: Research running Android in Qubes VM (probably HVM) and connecting it to Android Studio
|
||||
|
||||
**Brief explanation**: The goal is to enable Android development (and testing!)
|
||||
on Qubes OS. Currently it's only possible using qemu-emulated Android for ARM.
|
||||
Since it's software emulation it's rather slow.
|
||||
Details, reference: [#2233](https://github.com/QubesOS/qubes-issues/issues/2233)
|
||||
|
||||
**Expected results**:
|
||||
|
||||
**Knowledge prerequisite**:
|
||||
|
||||
**Mentor**:
|
||||
|
||||
----
|
||||
|
||||
We adapted some of the language here about GSoC from the [KDE GSoC page](https://community.kde.org/GSoC).
|
||||
|
||||
[gsoc-qubes]: https://summerofcode.withgoogle.com/organizations/6239659689508864/
|
||||
[gsoc]: https://summerofcode.withgoogle.com/
|
||||
[team]: https://www.qubes-os.org/team/
|
||||
[gsoc-faq]: https://developers.google.com/open-source/gsoc/faq
|
||||
[contributing]: https://www.qubes-os.org/doc/contributing/#contributing-code
|
||||
[patches]: https://www.qubes-os.org/doc/source-code/#how-to-send-patches
|
||||
[code-signing]: https://www.qubes-os.org/doc/code-signing/
|
||||
[ml-devel]: https://www.qubes-os.org/mailing-lists/#qubes-devel
|
||||
[gsoc-participate]: https://developers.google.com/open-source/gsoc/
|
||||
[gsoc-student]: https://developers.google.com/open-source/gsoc/resources/manual#student_manual
|
||||
[how-to-gsoc]: http://teom.org/blog/kde/how-to-write-a-kick-ass-proposal-for-google-summer-of-code/
|
||||
[gsoc-submit]: https://summerofcode.withgoogle.com/
|
||||
[mailing-lists]: https://www.qubes-os.org/mailing-lists/
|
||||
[qubes-issues]: https://github.com/QubesOS/qubes-issues/issues
|
||||
[qubes-issues-suggested]: https://github.com/QubesOS/qubes-issues/issues?q=is%3Aissue%20is%3Aopen%20label%3A%22P%3A%20minor%22%20label%3A%22help%20wanted%22
|
||||
[qubes-builder]: https://www.qubes-os.org/doc/qubes-builder/
|
190
basics_user/getting-started.md
Normal file
190
basics_user/getting-started.md
Normal file
@ -0,0 +1,190 @@
|
||||
---
|
||||
layout: default
|
||||
title: Get Started
|
||||
permalink: /getting-started/
|
||||
redirect_from:
|
||||
- /doc/getting-started/
|
||||
- /en/doc/getting-started/
|
||||
- /doc/GettingStarted/
|
||||
- /wiki/GettingStarted/
|
||||
---
|
||||
|
||||
<a name="already-installed"></a>Now that you've installed Qubes, let's cover some basic concepts.
|
||||
You might also like to refer to the [Glossary](/doc/glossary/).
|
||||
|
||||
AppVMs (qubes) and TemplateVMs
|
||||
--------------------------------
|
||||
|
||||
In Qubes, you run all your programs in lightweight Virtual Machines called **qubes**.
|
||||
Not every app runs in its own qube.
|
||||
(That would be a big waste of resources!)
|
||||
Instead, each qube represents a *security domain* (e.g., "work," "personal," "banking," etc.).
|
||||
By default all qubes are based on a single, common **TemplateVM** , although you can create more TemplateVMs if you wish.
|
||||
When you create a new qube, you don't copy the whole root filesystem needed for this qube to work (which would include copying all the programs).
|
||||
Instead, each qube *shares* the root filesystem with its respective TemplateVM.
|
||||
A qube has read-only access to the filesystem of the Template on which it's based, so a qube cannot modify a TemplateVM in any way.
|
||||
This is important, as it means that if a qube is ever compromised, the TemplateVM on which it's based (and any other qubes based on that TemplateVM) will still be safe.
|
||||
So creating a large number of domains is cheap: each one needs only as much disk space as is necessary to store its private files (e.g., the "home" folder).
|
||||
|
||||
If you've installed Qubes using the default options, a few qubes have already been created for you:
|
||||
|
||||
- work
|
||||
- personal
|
||||
- untrusted
|
||||
|
||||
Each qube, apart from having a distinct name, is also assigned a **label**, which is one of several pre-defined colors.
|
||||
The trusted window manager uses these colors in order to draw window decorations (color frames) around the windows of applications running in each qube.
|
||||
It's totally up to you how you'd like to interpret these colors.
|
||||
You might like to use them to quickly and easily identify the trust level of a given window at a glance.
|
||||
Personally, I find it natural to associate red with that which is untrusted and dangerous (the “red light” -- stop! danger!), green with that which is safe and trusted, and yellow and orange with things in the middle.
|
||||
I've also extended this scheme to include blue and black, which I interpret as indicating progressively more trusted domains than green, with black being ultimately trusted.
|
||||
Alternatively you might use the colors to show that qubes belong to the same domain - for example, you might use 3 or 4 qubes for work activities, and give them all the same distinct color label. It's entirely up to you.
|
||||
|
||||
![snapshot12.png](/attachment/wiki/GettingStarted/snapshot12.png)
|
||||
|
||||
In addition to qubes and TemplateVMs, there's one special domain called "dom0," which is where the Desktop Manager runs.
|
||||
This is where you log in to the system.
|
||||
Dom0 is more trusted than any other domain (including TemplateVMs and black-labeled qubes).
|
||||
If dom0 were ever compromised, it would be Game Over<sup>TM</sup>.
|
||||
(The entire system would effectively be compromised.)
|
||||
Due to its overarching importance, dom0 has no network connectivity and is used only for running the Window and Desktop Managers.
|
||||
Dom0 shouldn't be used for anything else.
|
||||
In particular, [you should never run user applications in dom0](/doc/security-guidelines/#dom0-precautions).
|
||||
(That's what your qubes are for!)
|
||||
|
||||
Qubes VM Manager and Command Line Tools
|
||||
---------------------------------------
|
||||
|
||||
All aspects of the Qubes system can be controlled using command line tools run under a dom0 console.
|
||||
To open a console window in dom0, either go to Start-\>System Tools-\>Konsole or press Alt-F2 and type `konsole`.
|
||||
|
||||
Various command line tools are described as part of this guide, and the whole reference can be found [here](/doc/dom0-tools/).
|
||||
|
||||
![r2b1-dom0-konsole.png](/attachment/wiki/GettingStarted/r2b1-dom0-konsole.png)
|
||||
|
||||
Alternatively, you can use a rather intuitive GUI tool called **Qubes VM Manager**.
|
||||
It supports most of the functionality that command line tools provide.
|
||||
The Qubes VM Manager starts and opens automatically when Qubes starts up, but you can also start it by going to Start-\>System Tools-\>Qubes Manager.
|
||||
Once the Qubes VM Manager is running, you can open the window at any time by clicking on the Qubes tray icon, which typically resides in the bottom-right corner of the screen.
|
||||
|
||||
![r2b1-qubes-manager-2.png](/attachment/wiki/GettingStarted/r2b1-qubes-manager-2.png)
|
||||
|
||||
Starting Apps in qubes
|
||||
------------------------
|
||||
|
||||
Apps can be started either by using the shortcuts in the Desktop Manager's menu or by using the command line (i.e., a console running in dom0).
|
||||
|
||||
You can start apps directly from the start menu.
|
||||
Each qube has its own menu directory under the scheme **Domain: \<name\>**.
|
||||
After navigating into one of these directories, simply click on the application you'd like to start:
|
||||
|
||||
![r2b1-appsmenu-1.png](/attachment/wiki/GettingStarted/r2b1-appsmenu-1.png) ![r2b1-appsmenu-3.png](/attachment/wiki/GettingStarted/r2b1-appsmenu-3.png)
|
||||
|
||||
By default, each qube's menu contains only a few shortcuts.
|
||||
If you'd like to add more, simply click **Add more shortcuts...**, select the desired applications, and click **OK**.
|
||||
You can also add shortcuts manually.
|
||||
(This is sometimes necessary if the desired application doesn't show up in the Qubes VM Manager window.)
|
||||
To do this in KDE, right-click on the **Start** button and click **Menu Editor**.
|
||||
Click the qube directory in which you'd like the menu to appear, click **New Item**, enter its name as **\<qube name\>: \<app name\>**, and provide the command for starting the app (see below).
|
||||
Then click **Save** and wait approximately 15 seconds for the changes to propagate to the KDE menu.
|
||||
|
||||
To start apps from the console in dom0, type:
|
||||
|
||||
qvm-run -a <qube> "<app name> [arguments]"
|
||||
|
||||
e.g.:
|
||||
|
||||
qvm-run -a untrusted firefox
|
||||
|
||||
The -a parameter will start the qube if it is not already running.
|
||||
|
||||
Adding, Removing, and Listing qubes
|
||||
-------------------------------------
|
||||
|
||||
A qube can easily be added and removed by clicking on the **Add** and **Remove** buttons in the Qubes VM Manager.
|
||||
|
||||
A qube can also be added, removed, and qubes may be listed from the command line (i.e., a console running in dom0) using the following tools:
|
||||
|
||||
- `qvm-create`
|
||||
- `qvm-remove`
|
||||
- `qvm-ls`
|
||||
|
||||
How Many Qubes Do I Need?
|
||||
---------------------------
|
||||
|
||||
That's a great question, but there's no one-size-fits-all answer.
|
||||
It depends on the structure of your digital life, and this is at least a little different for everyone.
|
||||
If you plan on using your system for work, then it also depends on what kind of job you do.
|
||||
|
||||
It's a good idea to start out with the three qubes created automatically by the installer: work, personal, and untrusted.
|
||||
Then, if and when you start to feel that some activity just doesn't fit into any of your existing qubes, or you want to partition some part of your life, you can easily create a new qube for it.
|
||||
You'll also be able to easily copy any files you need to the newly created qube, as explained [here](/doc/copying-files/).
|
||||
|
||||
More paranoid people might find it worthwhile to read [this article](https://blog.invisiblethings.org/2011/03/13/partitioning-my-digital-life-into.html), which describes how one of the Qubes authors partitions her digital life into security domains.
|
||||
|
||||
Running an application Full Screen
|
||||
----------------------------------
|
||||
|
||||
By default, Qubes doesn't allow any application window to occupy the entire screen such that its window name (which includes the name of the qube to which it belongs) and colored window border are no longer visible.
|
||||
This is a security precaution designed to prevent a situation in which an application which has been allowed to enter full screen mode begins to emulate the entire Qubes system.
|
||||
The user should always be able to identify which qube is displaying any given window.
|
||||
Otherwise, a compromised qube which is able to occupy the entire screen could trick the user into thinking that she is interacting with a variety of different qubes (including dom0), when in fact she is interacting with only a single, compromised qube pretending to be the whole system.
|
||||
|
||||
**Note:** A similar attack is possible even *without* fullscreen mode.
|
||||
Since a compromised qube can draw pixels within its own windows however it likes, it could draw a fake password prompt, for example, which appears to have a different colored border so that it looks like it belongs to a different qube.
|
||||
This is why you should always drag such prompts away from other windows (or use some other means of manipulating the windows) to ensure that they belong to the qube to which they appear to belong.
|
||||
|
||||
However, if the user makes use of an "expose-like" desktop switcher, such as the "Desktop Grid" effect that is enabled by default under KDE (default activation command: Ctrl-F8), then we can safely allow qubes to enter full screen mode, as we have assurance that we can always "preempt" them by hitting the magic key combination (e.g., Ctrl-F8), which will be consumed by the trusted window manager and not passed down to the fullscreen qube.
|
||||
This means that the qube has no way of effectively "faking" the fullscreen view of the system, as the user can easily identify it as "just another qube."
|
||||
Theoretically, this could be achieved even with primitive Alt-Tab like switching, which should be available on simpler Window Managers (such as Xfce4, which we also support as an alternative dom0 Desktop Environment), but this might be less obvious to the user.
|
||||
|
||||
To allow a qube to enter full screen mode, one should edit the `/etc/qubes/guid.conf` file in dom0.
|
||||
|
||||
To allow all qubes to enter full screen mode, set `allow_fullscreen` flag to `true` in the `global` section:
|
||||
|
||||
global: {
|
||||
# default values
|
||||
allow_fullscreen = false;
|
||||
#allow_utf8_titles = false;
|
||||
#secure_copy_sequence = "Ctrl-Shift-c";
|
||||
#secure_paste_sequence = "Ctrl-Shift-v";
|
||||
#windows_count_limit = 500;
|
||||
};
|
||||
|
||||
To allow only select qubes to enter full screen mode, create a per-VM section, and set `allow_fullscreen` flag there to `true`:
|
||||
|
||||
VM: {
|
||||
work: {
|
||||
allow_fullscreen = true;
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
In order for the changes to take effect, restart the qube(s).
|
||||
|
||||
More details can be found [here](/doc/full-screen-mode/).
|
||||
|
||||
<div class="row">
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<h2>Compatible Hardware</h2>
|
||||
<p>Ready to install Qubes? Make sure your hardware is compatible, as Qubes cannot run on every type of computer. Also, check out <a href="/doc/certified-laptops/">Qubes-certified Laptops</a>.</p>
|
||||
<a href="/hcl/" class="btn btn-primary">
|
||||
<i class="fa fa-laptop"></i> Hardware Compatibility List
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<h2>Downloads</h2>
|
||||
<p>Download an ISO, learn how to verify its authenticity and integrity, and follow our guides to install Qubes. Looking for the source code? You'll find it on <a href="https://github.com/QubesOS">GitHub</a>.</p>
|
||||
<a href="/downloads/" class="btn btn-primary">
|
||||
<i class="fa fa-download"></i> Downloads
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<h2>Documentation</h2>
|
||||
<p>Peruse our extensive library of documentation for users and developers of Qubes. You can even help us <a href="/doc/doc-guidelines/">improve</a> it!</p>
|
||||
<a href="/doc/" class="btn btn-primary">
|
||||
<i class="fa fa-book"></i> Documentation
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<hr class="more-top more-bottom">
|
236
basics_user/intro.md
Normal file
236
basics_user/intro.md
Normal file
@ -0,0 +1,236 @@
|
||||
---
|
||||
layout: intro
|
||||
title: An Introduction to Qubes OS
|
||||
permalink: /intro/
|
||||
redirect_from:
|
||||
- /tour/
|
||||
- /en/tour/
|
||||
- /tour/#what-is-qubes-os
|
||||
- /about/
|
||||
- /en/about/
|
||||
---
|
||||
|
||||
What is Qubes OS?
|
||||
-----------------
|
||||
|
||||
Qubes OS is a security-oriented operating system (OS). The OS is the software
|
||||
that runs all the other programs on a computer. Some examples of popular
|
||||
OSes are Microsoft Windows, Mac OS X, Android, and iOS. Qubes is free and
|
||||
open-source software (FOSS). This means that everyone is free to use, copy,
|
||||
and change the software in any way. It also means that the source code is
|
||||
openly available so others can contribute to and audit it.
|
||||
|
||||
Why is OS security important?
|
||||
-----------------------------
|
||||
|
||||
Most people use an operating system like Windows or OS X on their desktop
|
||||
and laptop computers. These OSes are popular because they tend to be easy
|
||||
to use and usually come pre-installed on the computers people buy. However,
|
||||
they present problems when it comes to security. For example, you might
|
||||
open an innocent-looking email attachment or website, not realizing that
|
||||
you're actually allowing malware (malicious software) to run on your
|
||||
computer. Depending on what kind of malware it is, it might do anything
|
||||
from showing you unwanted advertisements to logging your keystrokes to
|
||||
taking over your entire computer. This could jeopardize all the information
|
||||
stored on or accessed by this computer, such as health records, confidential
|
||||
communications, or thoughts written in a private journal. Malware can also
|
||||
interfere with the activities you perform with your computer. For example,
|
||||
if you use your computer to conduct financial transactions, the malware
|
||||
might allow its creator to make fraudulent transactions in your name.
|
||||
|
||||
Aren't antivirus programs and firewalls enough?
|
||||
-----------------------------------------------
|
||||
|
||||
Unfortunately, conventional security approaches like antivirus programs
|
||||
and (software and/or hardware) firewalls are no longer enough to keep out
|
||||
sophisticated attackers. For example, nowadays it's common for malware
|
||||
creators to check to see if their malware is recognized by any signature-based
|
||||
antivirus programs. If it's recognized, they scramble their code until it's
|
||||
no longer recognizable by the antivirus programs, then send it out. The
|
||||
best of these programs will subsequently get updated once the antivirus
|
||||
programmers discover the new threat, but this usually occurs at least a
|
||||
few days after the new attacks start to appear in the wild. By then, it's
|
||||
too late for those who have already been compromised. More advanced antivirus
|
||||
software may perform better in this regard, but it's still limited to a
|
||||
detection-based approach. New zero-day vulnerabilities are constantly being
|
||||
discovered in the common software we all use, such as our web browsers, and no
|
||||
antivirus program or firewall can prevent all of these vulnerabilities from
|
||||
being exploited.
|
||||
|
||||
|
||||
How does Qubes OS provide security?
|
||||
-----------------------------------
|
||||
|
||||
Qubes takes an approach called **security by compartmentalization**, which
|
||||
allows you to compartmentalize the various parts of your digital life into
|
||||
securely isolated compartments called *qubes*.
|
||||
|
||||
This approach allows you to keep the different things you do on your computer
|
||||
securely separated from each other in isolated qubes so that one qube getting
|
||||
compromised won't affect the others. For example, you might have one qube for
|
||||
visiting untrusted websites and a different qube for doing online banking. This
|
||||
way, if your untrusted browsing qube gets compromised by a malware-laden
|
||||
website, your online banking activities won't be at risk. Similarly, if
|
||||
you're concerned about malicious email attachments, Qubes can make it so
|
||||
that every attachment gets opened in its own single-use [disposable
|
||||
qube]. In this way, Qubes allows you to do everything on the same physical
|
||||
computer without having to worry about a single successful cyberattack taking
|
||||
down your entire digital life in one fell swoop.
|
||||
|
||||
Moreover, all of these isolated qubes are integrated into a single, usable
|
||||
system. Programs are isolated in their own separate qubes, but all windows are
|
||||
displayed in a single, unified desktop environment with [unforgeable colored
|
||||
window borders][getting started] so that you can easily identify windows from
|
||||
different security levels. Common attack vectors like network cards and USB
|
||||
controllers are isolated in their own hardware qubes while their functionality
|
||||
is preserved through secure [networking], [firewalls], and [USB device
|
||||
management][USB]. Integrated [file] and [clipboard] copy and paste operations
|
||||
make it easy to work across various qubes without compromising security. The
|
||||
innovative [Template] system separates software installation from software use,
|
||||
allowing qubes to share a root filesystem without sacrificing security (and
|
||||
saving disk space, to boot). Qubes even allows you to sanitize PDFs and images
|
||||
in a few clicks. Users concerned about privacy will appreciate the
|
||||
[integration][Qubes-Whonix] of [Whonix] with Qubes, which makes it easy to use
|
||||
[Tor] securely, while those concerned about physical hardware attacks will
|
||||
benefit from [Anti Evil Maid].
|
||||
|
||||
|
||||
How does Qubes OS compare to using a "live CD" OS?
|
||||
--------------------------------------------------
|
||||
|
||||
Booting your computer from a live CD (or DVD) when you need to perform
|
||||
sensitive activities can certainly be more secure than simply using your main
|
||||
OS, but this method still preserves many of the risks of conventional OSes. For
|
||||
example, popular live OSes (such as [Tails] and other Linux distributions)
|
||||
are still **monolithic** in the sense that all software is still running in
|
||||
the same OS. This means, once again, that if your session is compromised,
|
||||
then all the data and activities performed within that same session are also
|
||||
potentially compromised.
|
||||
|
||||
|
||||
How does Qubes OS compare to running VMs in a conventional OS?
|
||||
--------------------------------------------------------------
|
||||
|
||||
Not all virtual machine software is equal when it comes to security. You may
|
||||
have used or heard of VMs in relation to software like VirtualBox or VMware
|
||||
Workstation. These are known as "Type 2" or "hosted" hypervisors. (The
|
||||
**hypervisor** is the software, firmware, or hardware that creates and
|
||||
runs virtual machines.) These programs are popular because they're designed
|
||||
primarily to be easy to use and run under popular OSes like Windows (which
|
||||
is called the **host** OS, since it "hosts" the VMs). However, the fact
|
||||
that Type 2 hypervisors run under the host OS means that they're really
|
||||
only as secure as the host OS itself. If the host OS is ever compromised,
|
||||
then any VMs it hosts are also effectively compromised.
|
||||
|
||||
By contrast, Qubes uses a "Type 1" or "bare metal" hypervisor called
|
||||
[Xen]. Instead of running inside an OS, Type 1 hypervisors run directly on the
|
||||
"bare metal" of the hardware. This means that an attacker must be capable of
|
||||
subverting the hypervisor itself in order to compromise the entire system,
|
||||
which is vastly more difficult.
|
||||
|
||||
Qubes makes it so that multiple VMs running under a Type 1 hypervisor can be
|
||||
securely used as an integrated OS. For example, it puts all of your application
|
||||
windows on the same desktop with special colored borders indicating the
|
||||
trust levels of their respective VMs. It also allows for things like secure
|
||||
copy/paste operations between VMs, securely copying and transferring files
|
||||
between VMs, and secure networking between VMs and the Internet.
|
||||
|
||||
|
||||
How does Qubes OS compare to using a separate physical machine?
|
||||
---------------------------------------------------------------
|
||||
|
||||
Using a separate physical computer for sensitive activities can certainly be
|
||||
more secure than using one computer with a conventional OS for everything,
|
||||
but there are still risks to consider. Briefly, here are some of the main
|
||||
pros and cons of this approach relative to Qubes:
|
||||
|
||||
<div class="focus">
|
||||
<i class="fa fa-check"></i> <strong>Pros</strong>
|
||||
</div>
|
||||
|
||||
* Physical separation doesn't rely on a hypervisor. (It's very unlikely
|
||||
that an attacker will break out of Qubes' hypervisor, but if one were to
|
||||
manage to do so, one could potentially gain control over the entire system.)
|
||||
* Physical separation can be a natural complement to physical security. (For
|
||||
example, you might find it natural to lock your secure laptop in a safe
|
||||
when you take your unsecure laptop out with you.)
|
||||
|
||||
<div class="focus">
|
||||
<i class="fa fa-times"></i> <strong>Cons</strong>
|
||||
</div>
|
||||
|
||||
* Physical separation can be cumbersome and expensive, since we may have to
|
||||
obtain and set up a separate physical machine for each security level we
|
||||
need.
|
||||
* There's generally no secure way to transfer data between physically
|
||||
separate computers running conventional OSes. (Qubes has a secure inter-VM
|
||||
file transfer system to handle this.)
|
||||
* Physically separate computers running conventional OSes are still
|
||||
independently vulnerable to most conventional attacks due to their monolithic
|
||||
nature.
|
||||
* Malware which can bridge air gaps has existed for several years now and
|
||||
is becoming increasingly common.
|
||||
|
||||
(For more on this topic, please see the paper
|
||||
[Software compartmentalization vs. physical separation][paper-compart].)
|
||||
|
||||
<hr class="add-top more-bottom">
|
||||
<div class="row">
|
||||
<div class="col-lg-4 col-md-4 col-xs-12">
|
||||
<h2>Video Tours</h2>
|
||||
<p>Want to see Qubes OS in action? Sit back and watch a guided tour!</p>
|
||||
<a href="/video-tours/" class="btn btn-primary">
|
||||
<i class="fa fa-play-circle"></i> Video Tours
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4 col-xs-12">
|
||||
<h2>Screenshots</h2>
|
||||
<p>See what using Qubes actually looks like with these screenshots of various applications running in Qubes.</p>
|
||||
<a href="/screenshots/" class="btn btn-primary">
|
||||
<i class="fa fa-picture-o"></i> Screenshots
|
||||
</a>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4 col-xs-12">
|
||||
<h2>Getting Started</h2>
|
||||
<p>Ready to get started with Qubes? Here's what you need to know after installing.</p>
|
||||
<a href="/getting-started/" class="btn btn-primary">
|
||||
<i class="fa fa-cubes"></i> Getting Started
|
||||
</a>
|
||||
</div>
|
||||
</div>
|
||||
<hr class="more-top more-bottom">
|
||||
|
||||
More information
|
||||
----------------
|
||||
|
||||
This page is just a brief sketch of what Qubes is all about, and many
|
||||
technical details have been omitted here for the sake of presentation.
|
||||
|
||||
* If you're a current or potential Qubes user, you may want to check out the
|
||||
[documentation][doc] and the [FAQ][user-faq].
|
||||
* If you're a developer, there's dedicated [documentation][system-doc]
|
||||
and an [FAQ][devel-faq] just for you.
|
||||
* Ready to give Qubes a try? Head on over to the [downloads] page.
|
||||
|
||||
|
||||
[disposable qube]: /doc/dispvm/
|
||||
[networking]: /doc/networking/
|
||||
[firewalls]: /doc/firewall/
|
||||
[USB]: /doc/usb/
|
||||
[file]: /doc/copying-files/
|
||||
[clipboard]: /doc/copy-paste/
|
||||
[Template]: /doc/templates/
|
||||
[Qubes-Whonix]: /doc/whonix/
|
||||
[Whonix]: https://www.whonix.org/
|
||||
[Tor]: https://www.torproject.org/
|
||||
[Anti Evil Maid]: /doc/anti-evil-maid/
|
||||
[Tails]: https://tails.boum.org/
|
||||
[Xen]: https://www.xenproject.org
|
||||
[paper-compart]: https://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
|
||||
[doc]: /doc/
|
||||
[user-faq]: /doc/user-faq/
|
||||
[system-doc]: /doc/system-doc/
|
||||
[devel-faq]: /doc/devel-faq/
|
||||
[downloads]: /downloads/
|
||||
[getting started]: /getting-started/
|
||||
|
172
hardware/hcl.html
Normal file
172
hardware/hcl.html
Normal file
@ -0,0 +1,172 @@
|
||||
---
|
||||
layout: full
|
||||
title: Hardware Compatibility List (HCL)
|
||||
permalink: /hcl/
|
||||
model: all
|
||||
redirect_from: /compatible-hardware/
|
||||
---
|
||||
|
||||
<div id="hcl">
|
||||
<div class="row">
|
||||
<div class="col-lg-3 col-md-3">
|
||||
<h4>Hardware Type</h4>
|
||||
<p>
|
||||
<a href="#hardware-laptops" class="btn btn-primary btn-block" href=""><i class="fa fa-laptop"></i> Laptop Devices</a>
|
||||
</p>
|
||||
<p>
|
||||
<a href="#hardware-desktops" class="btn btn-primary btn-block" href=""><i class="fa fa-desktop"></i> Desktop, Workstation & Servers</a>
|
||||
</p>
|
||||
<p>
|
||||
<a href="#hardware-motherboards" class="btn btn-primary btn-block" href=""><i class="fa fa-server"></i> Motherboards</a>
|
||||
</p>
|
||||
<hr>
|
||||
<p>
|
||||
<a href="/doc/hcl/#generating-and-submitting-new-reports" class="btn btn-default btn-block" href=""><i class="fa fa-plus"></i> Add Your Device</a>
|
||||
</p>
|
||||
<h4>Information</h4>
|
||||
<ul>
|
||||
<li><a href="/doc/hcl/">What is the Hardware Compatibility List (HCL)?</a></li>
|
||||
<li><a href="/doc/hcl/#generating-and-submitting-new-reports">How do I Submit a Report?</a></li>
|
||||
<li><a href="/doc/system-requirements/">Qubes OS System Requirements</a></li>
|
||||
<li><a href="/doc/certified-hardware/">Certified Hardware</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-lg-9 col-md-9">
|
||||
<h4>Marks & Colours</h4>
|
||||
<table class="table table-bordered">
|
||||
<tr>
|
||||
<td width="25%" class="success text-center"><strong>yes</strong><br> feature is working correctly</td>
|
||||
<td wdith="25%" class="info text-center"><strong>unknown</strong><br>a blank cell indicates we lack information</td>
|
||||
<td width="25%" class="warning text-center"><strong>partial</strong><br>some tweaking is needed, see remarks for more information</td>
|
||||
<td width="25%" class="danger text-center"><strong>no</strong><br>does not work or is not present</td>
|
||||
</tr>
|
||||
</table>
|
||||
<h4>List Columns</h4>
|
||||
<table class="table table-bordered table-responsive">
|
||||
<tr>
|
||||
<td><strong>Model</strong></td>
|
||||
<td>Manufacturer and Devicename (Socket/CPU, Chipset/Southbridge, Graphics)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>BIOS</strong></td>
|
||||
<td>Reported BIOS version</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a class='ext-link' href='https://en.wikipedia.org/wiki/Hardware_virtual_machine'>HVM</a></td>
|
||||
<td>
|
||||
<a class='ext-link' href='https://en.wikipedia.org/wiki/Intel_VT-x#Intel-VT-x'>Intel VT-x</a> or <a class='ext-link' href='https://en.wikipedia.org/wiki/AMD-V#AMD_virtualization_.28AMD-V.29'>AMD-v</a> technology (required for running HVM domains, such as <a class='ext-link' href='/doc/WindowsAppVms/'>Windows-based AppVMs</a>)
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a class='ext-link' href='https://en.wikipedia.org/wiki/IOMMU'>IOMMU</a>
|
||||
</td>
|
||||
<td>
|
||||
Intel VT-d or AMD IOMMU technology (required for effective isolation of network VMs and <a class='ext-link' href='https://wiki.xen.org/wiki/Xen_PCI_Passthrough'>PCI passthrough</a>)
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a class='ext-link' href='https://en.wikipedia.org/wiki/Second_Level_Address_Translation'>SLAT</a>
|
||||
</td>
|
||||
<td>
|
||||
Second Level Address Translation (SLAT): Intel VT-x support for Extended Page Tables (EPT) or AMD-V support for Rapid Virtualization Indexing (RVI).
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><a class='ext-link' href='https://en.wikipedia.org/wiki/Trusted_Platform_Module'>TPM</a></td>
|
||||
<td>
|
||||
TPM with proper BIOS support (required for <a class='ext-link' href='/doc/AntiEvilMaid/'>Anti Evil Maid</a>)
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Qubes</strong></td>
|
||||
<td>Reported Qubes version (R=Release, rc=release candidate, B=Beta, i.e.: R1, R2B1, R2rc1)</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>
|
||||
<a class='ext-link' href='https://en.wikipedia.org/wiki/Linux_kernel#Maintenance'>Kernel</a>
|
||||
</td>
|
||||
<td>
|
||||
Reported <a class='ext-link' href='https://en.wikipedia.org/wiki/Dom0'>dom0</a> kernel version (numbers in uname -r), can be selected during installation and boot in Troubleshooting menu
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Remark</strong></td>
|
||||
<td>Further information field. Qubes, Kernel and this field is coloured in conjunction to reflect general machine compatibility
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><strong>Credit</strong></td>
|
||||
<td>Name linked to report in <a class='ext-link' href='https://groups.google.com/forum/#!forum/qubes-users'>qubes-users</a></td>
|
||||
</tr>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<h2 id="hardware-laptops" class="add-left"><i class="fa fa-laptop"></i> Laptop Devices</h2>
|
||||
<table class="table table-hover table-bordered table-responsive more-bottom" align="center">
|
||||
<tr>
|
||||
<th style="width=23%">Model</th>
|
||||
<th style="width=42px">BIOS</th>
|
||||
<th style="width=32px">HVM</th>
|
||||
<th style="width=32px">IOMMU</th>
|
||||
<th style="width=32px">SLAT</th>
|
||||
<th style="width=32px">TPM</th>
|
||||
<th style="width=42px">Qubes</th>
|
||||
<th style="width=42px">Xen</th>
|
||||
<th style="width=42px">Kernel</th>
|
||||
<th>Remark</th>
|
||||
<th style="width=20%">Credit</th>
|
||||
</tr>
|
||||
{% for device in site.hcl %}
|
||||
{% if device.type == 'laptop' or device.type == 'notebook' %}
|
||||
{% include hcl-device.html %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</table>
|
||||
|
||||
<h2 id="hardware-desktops" class="add-left"><i class="fa fa-desktop"></i> Desktop, Workstation & Server</h2>
|
||||
<table class="table table-hover table-bordered table-responsive more-bottom" align="center">
|
||||
<tr>
|
||||
<th style="width=23%">Model</th>
|
||||
<th style="width=42px">BIOS</th>
|
||||
<th style="width=32px">HVM</th>
|
||||
<th style="width=32px">IOMMU</th>
|
||||
<th style="width=32px">SLAT</th>
|
||||
<th style="width=32px">TPM</th>
|
||||
<th style="width=42px">Qubes</th>
|
||||
<th style="width=42px">Xen</th>
|
||||
<th style="width=42px">Kernel</th>
|
||||
<th>Remark</th>
|
||||
<th style="width=20%">Credit</th>
|
||||
</tr>
|
||||
{% for device in site.hcl %}
|
||||
{% if device.type == 'desktop' or device.type == 'workstation' or device.type == 'server' %}
|
||||
{% include hcl-device.html %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</table>
|
||||
|
||||
<h2 id="hardware-motherboards" class="add-left"><i class="fa fa-server"></i> Motherboards</h2>
|
||||
<table class="table table-hover table-bordered table-responsive " align="center">
|
||||
<tr>
|
||||
<th style="width=23%">Model</th>
|
||||
<th style="width=42px">BIOS</th>
|
||||
<th style="width=32px">HVM</th>
|
||||
<th style="width=32px">IOMMU</th>
|
||||
<th style="width=32px">SLAT</th>
|
||||
<th style="width=32px">TPM</th>
|
||||
<th style="width=42px">Qubes</th>
|
||||
<th style="width=42px">Xen</th>
|
||||
<th style="width=42px">Kernel</th>
|
||||
<th>Remark</th>
|
||||
<th style="width=20%">Credit</th>
|
||||
</tr>
|
||||
{% for device in site.hcl %}
|
||||
{% if device.type == 'motherboard' %}
|
||||
{% include hcl-device.html %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</table>
|
||||
</div>
|
175
installing/downloads.md
Normal file
175
installing/downloads.md
Normal file
@ -0,0 +1,175 @@
|
||||
---
|
||||
layout: boxless
|
||||
title: Download Qubes OS
|
||||
permalink: /downloads/
|
||||
redirect_from:
|
||||
- /doc/releases/
|
||||
- /en/doc/releases/
|
||||
- /doc/QubesDownloads/
|
||||
- /wiki/QubesDownloads/
|
||||
---
|
||||
|
||||
<div class="white-box more-bottom page-content">
|
||||
<div class="row">
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<h3>Choosing Your Hardware</h3>
|
||||
<ul class="list-unstyled">
|
||||
<li><a href="/doc/system-requirements/"><i class="fa fa-server fa-fw black-icon"></i> System Requirements</a></li>
|
||||
<li><a href="/doc/hardware/"><i class="fa fa-laptop fa-fw black-icon"></i> General Hardware Information</a></li>
|
||||
<li><a href="/hcl/"><i class="fa fa-desktop fa-fw black-icon"></i> Hardware Compatibility List</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<h3>Installing Qubes Securely</h3>
|
||||
<ul class="list-unstyled">
|
||||
<li><a href="/doc/installation-guide/"><i class="fa fa-book fa-fw black-icon"></i> Installation Guide</a></li>
|
||||
<li><a href="/security/verifying-signatures/"><i class="fa fa-lock fa-fw black-icon"></i> How and Why to Verify Signatures</a></li>
|
||||
<li><a href="/doc/install-security/"><i class="fa fa-lightbulb-o fa-fw black-icon"></i> Installation Security Considerations</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<h3>Help and Support</h3>
|
||||
<ul class="list-unstyled">
|
||||
<li><a href="/doc/reporting-bugs/"><i class="fa fa-bug fa-fw black-icon"></i> Report a Bug</a></li>
|
||||
<li><a href="/doc/#troubleshooting"><i class="fa fa-life-ring fa-fw black-icon"></i> Troubleshooting Guides</a></li>
|
||||
<li><a href="/mailing-lists/"><i class="fa fa-envelope fa-fw black-icon"></i> Get Help on the Mailing Lists</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="white-box more-bottom page-content">
|
||||
<div class="row">
|
||||
<div class="col-lg-12 col-md-12">
|
||||
{% for releasex in site.data.downloads.releases %}
|
||||
{% assign release_name = releasex[0] %}
|
||||
{% assign release = releasex[1] %}
|
||||
{% assign testing = release.testing | default: false %}
|
||||
{% assign latest = release.latest | default: false %}
|
||||
{% assign aging = release.aging | default: false %}
|
||||
{% assign deprecated = release.deprecated | default: false %}
|
||||
<h3 class="more-bottom" id="{{ release.link }}">{{ release_name }}</h3>
|
||||
{% if testing %}
|
||||
<div class="alert alert-info" role="alert">
|
||||
<i class="fa fa-question-circle"></i>{% if testing != true %} {{ testing }}{% else %} This is a testing release. We appreciate your desire to help us test Qubes. However, we recommend you use a <a href="/doc/supported-versions/">current and supported release</a> for daily use.{% endif %}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if latest %}
|
||||
<div class="alert alert-success" role="alert">
|
||||
<i class="fa fa-check-circle"></i>{% if latest != true %} {{ latest }}{% else %} This is the latest stable Qubes OS release. We recommend this release for all new and existing users.{% endif %}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if aging %}
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<i class="fa fa-info-circle"></i>{% if aging != true %} {{ aging }}{% else %} This is an old, <a href="/doc/supported-versions/">supported</a> release. For the best Qubes OS experience, we suggest upgrading to the latest stable release.{% endif %}
|
||||
</div>
|
||||
{% endif %}
|
||||
{% if deprecated %}
|
||||
<div class="alert alert-danger" role="alert">
|
||||
<i class="fa fa-exclamation-circle"></i>{% if deprecated != true %} {{ deprecated }}{% else %} This is an old, <a href="/doc/supported-versions/">unsupported</a> release. We strongly recommend upgrading to a supported release in order to receive the latest security updates.{% endif %}
|
||||
</div>
|
||||
{% endif %}
|
||||
<table class="table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Download</th>
|
||||
<th>Verify
|
||||
<a class="fa fa-question-circle" href="/security/verifying-signatures/"
|
||||
title="How do I verify my download?"></a></th>
|
||||
<th>File</th>
|
||||
<th>Size</th>
|
||||
<th>Source <a class="pull-right" href="#mirrors"><i class="fa fa-download black-icon"></i> Mirrors</a></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for source in release.sources %}
|
||||
{% if source.name == "mirrors.kernel.org" %}
|
||||
<tr>
|
||||
<td>
|
||||
<a class="btn btn-primary btn-block" href="{{ source.url }}">
|
||||
<i class="fa fa-download"></i> {{ source.type }}
|
||||
</a>
|
||||
</td>
|
||||
<td>
|
||||
{% for verifier in source.verifiers %}
|
||||
{% if verifier[0] == "hash" %}
|
||||
<a title="MD5, SHA-128, SHA-256, and SHA-512 hash values" class="btn btn-default" href="{{ verifier[1] }}">Digests</a>
|
||||
{% elsif verifier[0] == "sig" %}
|
||||
<a title="Detached PGP signature file" class="btn btn-default" href="{{ verifier[1] }}">Signature</a>
|
||||
{% elsif verifier[0] == "key" %}
|
||||
<a title="PGP Release Signing Key" class="btn btn-default" href="{{ verifier[1] }}">PGP Key</a>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</td>
|
||||
<td>
|
||||
<samp>{{ source.filename }}</samp>
|
||||
</td>
|
||||
<td>
|
||||
<samp>{{ source.size }}</samp>
|
||||
</td>
|
||||
<td>
|
||||
<a href="https://{{ source.name }}/"><i class="fa fa-linux fa-fw black-icon"></i><samp> {{ source.name }}</samp></a>
|
||||
</td>
|
||||
</tr>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% for docdata in release.docs %}
|
||||
{% assign doc_name = docdata[0] %}
|
||||
{% assign doc = docdata[1] %}
|
||||
{% if doc_name == "Installation Guide" %}
|
||||
<a class="btn btn-link" href="{{ doc.url }}"><i class="fa fa-book black-icon"></i> {{ doc_name }}</a>
|
||||
{% endif %}
|
||||
{% if doc_name == "Release Notes" %}
|
||||
<a class="btn btn-link" href="{{ doc.url }}"><i class="fa fa-file-text-o black-icon"></i> {{ doc_name }}</a>
|
||||
{% endif %}
|
||||
{% if doc_name == "Release Schedule" %}
|
||||
<a class="btn btn-link" href="{{ doc.url }}"><i class="fa fa-calendar black-icon"></i> {{ doc_name }}</a>
|
||||
{% endif %}
|
||||
{% if doc_name contains "Upgrading" %}
|
||||
<a class="btn btn-link" href="{{ doc.url }}"><i class="fa fa-arrow-circle-up black-icon"></i> {{ doc_name }}</a>
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
<a class="btn btn-link" href="#versions"><i class="fa fa-history black-icon"></i> Version Information</a>
|
||||
<a class="btn btn-link" href="#source-code"><i class="fa fa-code black-icon"></i> Source Code</a>
|
||||
<hr class="more-top more-bottom">
|
||||
{% endfor %}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<div class="white-box more-bottom page-content">
|
||||
<h3 id="mirrors">Download Mirrors</h3>
|
||||
<ul class="list-unstyled">
|
||||
<li><a href="https://mirrors.kernel.org/qubes/iso/"><i class="fa fa-download fa-fw black-icon"></i> mirrors.kernel.org</a></li>
|
||||
<li><a href="https://archive.org/download/QubesOS"><i class="fa fa-download fa-fw black-icon"></i> archive.org</a></li>
|
||||
<li><a href="http://ftp.halifax.rwth-aachen.de/qubes/iso/"><i class="fa fa-download fa-fw black-icon"></i> ftp.halifax.rwth-aachen.de</a></li>
|
||||
<li><a href="https://ftp.qubes-os.org/iso/"><i class="fa fa-download fa-fw black-icon"></i> ftp.qubes-os.org</a></li>
|
||||
<li><a href="http://ftp.qubesos4rrrrz6n4.onion/iso/"><i class="fa fa-download fa-fw black-icon"></i> ftp.qubesos4rrrrz6n4.onion</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<div class="white-box more-bottom page-content">
|
||||
<h3 id="versions">Version Information</h3>
|
||||
<ul class="list-unstyled">
|
||||
<li><a href="/doc/supported-versions/"><i class="fa fa-history fa-fw black-icon"></i> Supported Versions</a></li>
|
||||
<li><a href="/doc/version-scheme/"><i class="fa fa-code-fork fa-fw black-icon"></i> Version Scheme</a></li>
|
||||
<li><a href="/doc/templates/"><i class="fa fa-clone fa-fw black-icon"></i> Templates</a></li>
|
||||
<li><a href="/security/"><i class="fa fa-lock fa-fw black-icon"></i> Security Information</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-lg-4 col-md-4">
|
||||
<div class="white-box more-bottom page-content">
|
||||
<h3 id="source-code">Source Code</h3>
|
||||
<ul class="list-unstyled">
|
||||
<li><a href="/doc/source-code/"><i class="fa fa-code fa-fw black-icon"></i> Source Code</a></li>
|
||||
<li><a href="/doc/license/"><i class="fa fa-file-text-o fa-fw black-icon"></i> Software License</a></li>
|
||||
<li><a href="/doc/coding-style/"><i class="fa fa-terminal fa-fw black-icon"></i> Coding Guidelines</a></li>
|
||||
<li><a href="/doc/architecture/"><i class="fa fa-cubes fa-fw black-icon"></i> OS Architecture</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
Loading…
Reference in New Issue
Block a user