On Wed, Nov 30, 2016 at 8:56 PM, Andrew David Wong <a...@qubes-os.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> Dear Qubes Community,
> Since the initial launch  of Qubes OS back in April 2010, work on Qubes
> has been funded in several different ways. Originally a pet project, it
> first supported by Invisible Things Lab  (ITL) out of the money we
> on various R&D and consulting contracts. Later, we decided that we should
> try to
> commercialize it. Our idea, back then, was to commercialize Windows AppVM
> support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we
> we would offer Windows AppVM support under a proprietary license. Even
> though we
> made a lot of progress on both the business and technical sides of this
> endeavor, it ultimately failed.
> Luckily, we got a helping hand from the Open Technology Fund  (OTF),
> has supported  the project for the past two years. While not a large
> sum of money in itself, it did help us a lot, especially with all the work
> necessary to improve Qubes' user interface, documentation, and outreach to
> communities. Indeed, the (estimated) Qubes user base has grown 
> significantly over that period. Thank you, OTF!
> But Qubes is more than just a nice UI: it's an entirely new, complex
> system --
> a system that aims to change the game of endpoint security. Consequently,
> requires expertise covering a wide spectrum of topics: from understanding
> low-level aspects of hardware and firmware (and how they translate to the
> security of a desktop system), to UI design, documentation writing, and
> community outreach. Even if we consider only the "security research"
> aspect of
> Qubes, this area alone easily scales beyond the capabilities of a single
> In order to continue to deliver on its promise of strong desktop security,
> must retain and expand its core team, and this requires substantial
> funding. At
> this point, we believe the only realistic way to achieve this is through
> commercialization, supplemented by community funding.
> We're taking a different approach to commercialization this time.
> Building on
> the success of the recent Qubes 3.2 release, which has been praised by
> users for
> its stability and overall usability, we will begin offering commercial
> (licenses) of Qubes OS to corporate customers. We believe that the
> maturity of
> Qubes, combined with its powerful new management stack , makes it ripe
> for adoption by any corporation with significant security needs.
> Commercial editions of Qubes OS will be customized to meet special
> requirements. For example, two features that might be particularly
> attractive to
> corporate customers are (1) "locking down" dom0 in order to separate the
> and administrator roles and (2) integrating our local management stack
> with a
> corporation's remote management infrastructure. These are both examples of
> features that our developers are capable of implementing now, on Qubes 3.2.
> We plan to partner with one to three corporate clients in order to run a
> program throughout the first half of 2017. After it has been successfully
> completed, we'll then widen our offer to more corporate customers and,
> ultimately, to small business customers. Our main constraint is the
> required to cover each additional client. Hence, we plan to focus on larger
> customers first.
> Let there be no misunderstanding: Qubes OS will always remain open source.
> anticipate that the majority of our commercialization efforts will involve
> creation of custom Salt configurations, and perhaps writing a few
> apps and integration code. In the event that any corporate features require
> reworking the core Qubes code, that new code will remain open source.
> We considered many other ways of attempting to commercialize Qubes before
> arriving at this model. One possibility that some of our users have
> about is that we sell dedicated Qubes hardware (i.e. laptops). However,
> are a number of challenges here, both in terms of making the hardware
> trustworthy enough to merit our "seal of approval", and from a business and
> logistics perspective. For these reasons, we don't plan to pursue this
> option in
> the immediate future.
> Community funding
> Unfortunately, the financial necessity of shifting our priorities to
> clients will mean that we have less time to work on features that benefit
> wider, security-minded open source community, which has been our focus for
> past seven years. This deeply saddens us. (We all use Qubes on our
> computers too!) However, the reality is that ITL can't afford to sustain
> open source development of Qubes for much longer. We're running out of
> In an attempt to keep the open source development of Qubes going, we've
> up with Open Collective , which makes it easier to donate to the Qubes
> project. Now, in addition to our Bitcoin fund , we can also accept
> donations via credit card. ITL will not benefit from of any of the money
> through Open Collective. Instead, the funds will be paid directly to
> developers who have been hired to work on the open source edition of Qubes.
> With the help of our community, we hope eventually to build a nonprofit
> organization that will ensure the long-term future of Qubes as an open
> operating system that is freely available to all -- one of the few
> systems that places the security of its users above all else.
> If you are a user of Qubes and want to help us continue working on it,
> donate now . Those who have contributed will be publicly recognized
> on our
> Open Collective  page (if they so choose). Organizations that support
> Qubes project will be publicly recognized on our Partners page 
> (again, if they so choose). If you are interested in supporting Qubes with
> significant resources, whether as an individual or on behalf of an
> we ask that you please contact us directly , since donating through
> Open Collective entails significant administrative overhead.
> Thank you for your continued support. Together, we can ensure that Qubes is
> around to secure our digital lives for many years to come.
> --The Qubes team
>  https://blog.invisiblethings.org/2010/04/07/introducing-qubes-os.html
>  https://invisiblethingslab.com
>  https://www.opentech.fund/
>  https://www.opentech.fund/project/qubes-os
>  https://www.qubes-os.org/counter/
>  https://www.qubes-os.org/news/2015/12/14/mgmt-stack/
>  https://opencollective.com/qubes-os
>  https://www.qubes-os.org/news/2016/07/13/qubes-distributed-fund/
>  https://www.qubes-os.org/partners/
>  <busin...@qubes-os.org>
> You can also view this announcement on the Web at:
The people able to donate enough to maintain this project are hardly on
this mailing list. They are elsewhere and probably do no even know that
Qubes exists at all. But they have the money and want to use this money for
some good purpose before they die.
It is worth looking for them. But this is professional work. It is
something difficult to do in an amateurish way. Professional work need to
be paid. So it is an investment hoping to get a result. But it may be
worth for some reasons:
1. Once you get a commitment it may work long term and this is obviously
2. Our quest for security is something easy to understand and sell,
particularly to rich old people. Anyone seeing a video of a Joanna's
conference would be impressed even if unable to understand technical
3. You already got a financing from Open Technology Fund and this is an
authoritative card confirming that somebody obviously very expert endorses
4. You probably have many other distinguished endorsements that confirm
that your efforts are worth substantial help
5. The problem of hackers and governments stealing data is so obvious and
well known that everybody already understands it with no need to convince.
To have an idea of a possible professional partner to get this done, or
simply to understand better what it means, please look at this google
> -----BEGIN PGP SIGNATURE-----
> -----END PGP SIGNATURE-----
> You received this message because you are subscribed to the Google Groups
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to qubes-users+unsubscr...@googlegroups.com.
> To post to this group, send email to firstname.lastname@example.org.
> To view this discussion on the web visit https://groups.google.com/d/
> For more options, visit https://groups.google.com/d/optout.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.