Hope all of you are doing well. I see a group of names on this forum who have contributed greatly to the concept of getting us to a computer which is as much a privacy/security computer as is possible. Thanks for all that hard work. In comparison I am mostly a installer of software others have written.
I used to know a fellow who wrote code. He worked for a company who sold computers, and needed software to match a business company’s practice. Order. Financial. General Ledger. His company employed an individual, who always had a Bachelors degree, and who was good with people, interaction - communication skills. They called this person a System Manager. System Manager would spend time at the customers business, and write a description of the programs needed. Programmer wrote to fit those specifications. I am sure a lot of folks here already know the punch line. Once the customer saw the actual system they said they wanted, they wanted a lot different kind of thing, at least a lot of changes all over the place.
As those who have written code know. It can take a lot of time/effort to implement even a small change. Usually one realizes the customer who did the original interviews, was just riffing on what he wanted. Not deep consideration.
Right now, I am not concerned with creating a salt file to describe each of the Jqubes. Yes, I am, still, interested in what a Journalist would say as to what they want.
I would instead be concerned with describing a group of Qubes for Journalists/HRD (JQubes) and, that have as a first consideration being secure. Build them by cloning off of current Qubes, install relevant software. Set whether they are online or offline.
For the time being, besides a verbal description of the different Jqubes. To place those Jqubes where they can be downloaded and tested by those on forum, Journalists. That is folks who have the bandwidth to easily download them, and test them, while the tester is residing in a physically safe location.
It is from this I think I, or we, would see a lot of disagreement from Journalist saying that is not how I want it to look.
Putting things into Salt is part of the end of the project. Like the fellow re-writing code because he did not get a clear first description.
The points about the Intel Firmware which creates a security hole, for the newcomer to the concept is a good description of why those who are closely involved with Qubes are willing to use hardware which is ten years, or more older to help maintain security. The Firmware - code, and even better the firmware after it has been modified, — can be well understood, and is more secure than all the latest hardware/firmware from - Intel or. . .
I had a list of the uses of Jqubes based upon; Input. Process. Output.
To which someone has clearly pointed out it would be wise to have a Jqube for a VPN, (Virtual Privacy Network) to allow one to gain access to the internet without the local Hotel, public WiFi provider. Local ISP. or where-ever one gets online at - Watching. Gathering information on computer logged in.
Input, JQube which internet. is Online. Never opens documents. Can save all things to be worked on in one Directory. For which can be copied in one command to the Process Jqube, which is never online. Therefore its software is provided through being off another Template. Which in some ways I do not like, having a template for each of the other Jqubes is a lot of new Qubes to be added. How to handle emails, without all the extra connections the email might want. And still for some need email to buy a plane ticket or , I think many can be influenced to allow access of an particular email to allow those extra connections to be made. So? I know how I would do it. But to write a plan for someone else?
Once again, someone pointed out, they do a lot of ‘Video interactive chat,’ Which to me indicates a need for a specialized Qube. Even more its own Jqube because it was suggested that included in the Video Chats, Face-Time. Zoom. Who to me have a dubious security. but the Journalist must appear to have a public connection, and a private, secure connection. ??? If I was doing it for myself. I would put Face Time in a separate Qube from everything else. No way that bit of software grows tentacles to look for other information. Zoom the same, in its own Sandbox.
Process; Jqube. Never online. Here documents are read. Emails are opened. Things are De-crypted. Some go into Vault. Some are encrypted. Some are placed in directory for Outgoing Jqube.
Does Encryption/Decryption belong in a temporary disp Jqube, and a template to to the work of online key things. We have a great looking program for doing things, but from the things I see on the forum, it seems to have its own difficulties. ??? I am not using it, so I am not qualified to say, ‘Yeah that is definitely the thing to include.”
Outgoing Jqube 'Outgoing" directory; where it can be put onto internet. Printed. Put onto flash drive. And so on. Gee, that has the same software as Incoming Jqubes.
Standard Qubes documentation, which I think is pretty well written. Is kind of a select which option the individual wants - when. I used to use a piece of utility software which worked well. But to use it I needed to know not just what I wanted to accomplish, but where it was in all those tabs, and what it was named. Just like we have a Qubes Cult language. Then spend time reading about that issue. So the frustration with using Qubes begins, and seems forever ongoing.
I think we start with a sticky note. Before going online, decide to use Whonix-Tor, or a VPN. If the the user does not have a VPN, click here to get detail on getting one, starting one. Always, a nearby box of – this is the hazard of not following this guide path.
Hopefully we should develop like a check list of things to do. Like a pilot who is preparing to take off. Even if the pilot has done the take off thousands of times, he still uses the check list. Yeah, eventually the checklist is for a Journalist to write.
Which ones of these need to be disp qube. Need to be based on a special Template. Which pieces of software are pre-installed into that Jqube.
I had started to write a overly simple portion of the first. Jqube to do Mullvad VPN. For which I felt I should read all the different way others had accomplished that. I got distracted by - problems of life.
I think that it would be wise to set a date to finish the first set of Jqubes. Projects can drag along forever. Like all great leaders, I had thought all the rest of you do the work. Not to mention. For some of you. Doing some of these Jqubes, and all the intricacies involved that particular Qube is something you have accomplished before. No study or reading of documentation needed.
No doubt someone will let me know about this. I still have some more powerful pain killers.