Relationship between Open Source projects and business

Overall, my experience in the professional space (public: Got Breach? “Whoopsie!” -OPM et al./private: Got Breach? “Whoopsie!” -Experian et al.) is directly contrary to your sentiment but, who knows; maybe I need to “get out more”,

Most organizations/individuals care very little about security and/or privacy, the focus is on liability. Very few organizations are willing to invest in ~resources~ humans which are able to (over-time) design, develop, document & distribute sound computing processes, procedures & OPSEC; especially when Gartner suggests a new “killer-app” (pizza box or ) for CxOs to gobble up, each year.

Until the day comes when the consequences of breach match the impact of said breaches (read penalties/fines are percentage-based per revenue … don’t hold your breathe ), C-Levels are MORE than happy to piss in the bucket and keep it moving.

Furthermore, I don’t see such an “official” Qubes offering as you suggest becoming a reality unless someone/some group decide to fork and do so. Despite outwardly calling for critique, IME if there’s anything that rubs the Qubes team the wrong way it’s calling their baby ugly.

Guess what paying customers will undoubtedly do?

Until investment (temporal, financial or otherwise) is required.

What you’re referring to here is specifically about documentation. Quality documentation leading to ease-of-use for end users is more often than not a clear parallel to quality projects/products.

Qubes organizers recognize that the docs are oft out-dated/lacking yet, have the audacity to expect other’s to do their work for them while at the same time shill for corpo contracts.

Don’t get me wrong. I’m all in favor of the Qubes team being paid (and, paid well might I add ) but, this approach seems odd (?) to me.

Perhaps “typical” is the key word in this statement as, most groups seem to have fallen head-over-heels for layer after layer ~of “ease-of-use”/“rapid deployment” complexities~ to create abundantly more opportunities for failure.

IMO, Qubes is pretty straight forward from a zero-trust admin perspective:

• Xen is the hypervisor layer (virtualization in production is nothing new and widely adopted & Citrix offers many different certifications in and around Xen use)
• The rest (whether it be *nix or Winblows also with many certification options) is good old-fashioned, vanilla administration

If the Qubes team were serious about adoption, developing & offering official, publicly available training and/or certification options might go a long way toward adoption.

If this forum is any indicator, the most common challenges users face/speak up about are:

A) Linux-centric hardware troubleshooting (unfortunately, still pretty standard in this day & age)

B) Linux-centric software troubleshooting (thankfully, not the hardest challenge to overcome)

I can imagine an attempt to delegate Qubes troubleshooting to a typical Ubuntu no-brainer guy. I’d better not be the person who suggested Qubes as a solution, unfortunately.

You are clearly mixing Qubes OS people with ITL people. Some of ITL people are paid to work on Qubes OS and are part of the Qubes OS team but this is not Qubes OS people in general that are paid to work on Qubes OS. Qubes OS is an open-source project. As @andrew said, it’s a community effort. You cannot claim to have something because you want it. So if anyone has specific needs that would not fit with free time of people working on Qubes OS, there exists ITL that welcome such paid contracts.

It would aid me in better understand your comment if you were to quote exactly which part of my post it is that you’ve misconstrued.

TIA

You are clearly making an unbased assumption.

FWIW, I’m well familiar with the distinction, thanks.

@adw didn’t drop an ITL address; they dropped a qubes-os.org address.

With a single “official” support organization which, IMO doesn’t seem too “open” for those seeking professional services.

Sure, there’s a few other options for vetted services (ie: @unman @Insurgo and I’m sure some other’s which may not be so easy to find for some).

This post is a request for Qubes OS “businessman” Edition yet, a representative from the “open-source” project is seeking business proposals.

Going forward, please try to remain on-topic.

I don’t really follow what you are insinuating here. To what was it that I seem to be “claiming” to you?

Are you confused or, just trolling in the throws about feels of teh ? If so, thanks for illustrating the point made.

TBH, I’m thankful that there’s chips left on the table. Means more get to sit at the table and game play continues.

Competition in a niche space is a for all if you ask me.

I suppose this is directed at me, since my comments are the ones you linked, even though you didn’t mention me.

1. It’s not “my” work any more than it is yours or anyone else here. I don’t get paid to maintain the Qubes documentation. That’s not my job. I volunteered to be the doc maintainer many years ago because I saw a need that no one else was filling. It’s still a volunteer role that I do in my spare time. If you (or anyone else) would like to take the role and will do a better job with it, you are more than welcome to have it. Personally, I find it to be a rather thankless position that’s gotten to be more trouble than it’s worth, but perhaps you’ll have better luck with it. (If you do a better job at it, then I would benefit as a Qubes user who also relies on the documentation.)

2. In an open-source project, it’s no one’s responsibility to create software, documentation, or anything else for you to consume for free. Your use of the software and documentation, along with your involvement in the project and its community, is entirely voluntary. No one is forcing you to be here. No one here owes you anything. If you don’t like the product, you are entitled to a full refund. You are always free to find (or, better yet, start) a superior project. (And, if it is actually superior, I will come use it too.)

3. What you see as “shilling for corpo contracts” is simply providing information of which people may not be aware. Invisible Things Lab (ITL) is the private, for-profit company behind the Qubes OS Project. It has been and continues to be the largest donor to the project, mainly in the form of costly developer-hours. Qubes OS requires developers with specialized skills and experience in security, virtualization, and other areas. The supply of such skilled labor is limited, while the demand is high. As a result, it is costly to hire and retain such developers, and it is costly for ITL to donate their labor to the open-source Qubes OS Project.

   As a company, ITL has to earn income in some way, or else it will go bankrupt (and therefore be unable to pay any developers to continue to work on Qubes). One way that ITL earns income is by doing paid work on Qubes OS for clients. This can take many different forms, depending on what the client needs. For example, some clients might want new, custom features built for Qubes OS or a customized edition of Qubes OS that meets their specific needs.

   The point is that developers have to eat, and most don’t work for free, especially those with high-demand specialized skills that took decades of education and experience to hone. They won’t be able to work on the open-source edition of Qubes OS without being paid something for their work, and the money for payroll has to come from somewhere. As generous as the Qubes partners and donors are, I’m told it’s not enough for the open-source Qubes OS Project to be sustainable on its own. So, without ITL working some paid jobs to keep the lights on, Qubes will simply die.

   In light of that, I don’t think it was unreasonable to post a brief comment (on a thread asking for a business edition of Qubes OS) about how prospective clients can contact the team.

“If the Qubes team were serious about adoption, developing & offering official, publicly available training and/or certification options might go a long way toward adoption.”

Have you already done such things? Do you know how much time it is to have quality material? If not, please don’t say we are not serious in not offering what you suggest.

Sure, for quite few other products; yes I have. Dumbed down to the details which a C-Level could implement.

Could do so for Qubes OS as well. But, because said training would be re-sold, it’d have to be for the right price.

That said, if the last user that suggested they had such on offer being shamed & run out (likely due to other absurd claims as well) is any indication, YOUR sandbox is apparently full and invites are closed.

Damn right I do. Dunno what puts you in the position to suggest otherwise.

It’s a valid observation based on decades of professional experience.

Said statement stands, get over it (or yourself), choice is your’s.

I’m truly perplexed at the efforts your clique goes to to intentionally misconstrue & vilify those which are supporting all of the same copy/paste sentiments you’re on about.

In case you missed the gist …

$ printf "$MY_OPINE\n"
No, there will never be a "businessman's" edition of Qubes OS without external backing because:
A) The corporate space doesn't care
B) Very few organizations are willing to invest in ~resources~ humans which are able to (over-time) design, develop, document & distribute sound computing processes, procedures & OPSEC

Hey now, I agree AND resemble these remarks!

Nor do I. It’s just a bit blurry when someone such as yourself representing the unpaid “open-source” Qubes OS project hawks the paid services of ITL using a domain which represents the unpaid “open-source” Qubes OS project.

You can see where the business@qubes-os.org address came from here:

I can only speculate on why it’s a @qubes-os.org address rather than a @invisiblethingslab.com address, but here are some possible reasons:

• Since the initial goal was to reduce spamming the devs, a @qubes-os.org address might work better for people who are finding some place to send Qubes-related emails.
• Some prospective clients who are looking for something Qubes-related might not know about ITL (yet).
• It might look odd to have, on the Qubes website, an email address for a different domain.
• Perhaps more importantly, ITL also does a lot of non-Qubes-related work for paying clients, so maybe it makes sense to have a dedicated address for Qubes stuff.
• Also, “Qubes business” can encompass quite a lot, not just paid ITL work, so having this dedicated address for Qubes business might come in handy.

Where did I intentionally misconstrue or vilify you? Please provide an exact quote.

Where did I exhibit hostility? Again, please provide an exact quote.

While I’m confident this is largely true and am unable to speak on behalf of others, I know for certain that I have directly, personally thanked you 1st-hand myself.

For a PhD with MCL honors, comms manager of Qubes OS, you sure don’t seem to be putting all those years of effort to much use here.

As much as I appreciate Qubes OS for what it is/does, from the consistent tantrums and displays of hypocrisy; I could never in good-faith advise any clients to seek professional services with the organization which, is a pity IMO.

In keeping with my personal experience, Qubes Team reps derailing descent after inviting it.

1. How is that a diatribe?

2. I didn’t choose to feel personally targeted. Rather, you targeted me:

Both of those links point to my posts. So, clearly you were referring directly to me (without mentioning me, which seems a bit passive-aggressive, by the way). Why are you upset that I responded?

Not at all. I think plenty of folks around here understand open-source initiatives (many of them better than I do).

Can you point out where I responded to you with “tantrums and displays of hypocrisy” or “feels”?

off-topic

Out of respect for others using the forum (which @mods pine away for yet offer little), my DM’s are open for discussion in the hopes of offering clarity of confusion & assumptions.

No expectations other than s.

Accurate.

Clearly you were not attacked as you so feel, the docs post was merely the quickest find w/search; nothing more.

As you yourself have went to great lengths to document the confusion surrounding it’s subject matter, the 2nd link is hella confusing enough for yourself (someone in the “know”) to have to explain away as much as it would be for stakeholders you’re soliciting.

Perhaps the inability to accept feedback from your potential customer base with grace isn’t the best characteristic for a communications manager?

Inaccurate.

I’m sorry to hear that you feel this way but, you’re wrong. If you’d like to communicate further about your misunderstanding, I welcome your thoughts via DM.

If you’d like a textbook example of passive-aggressiveness communiqué, here’s one:

Hardly upset. Curious as to why experience backed posts are derailed so hard by the “team”. Additionally puzzled by your personal requests for contributions while also driving them away.

Sure does give me “glowie” goosebumps though.

Perhaps try something like this?

SELECT posts FROM forum WHERE groupid = mods AND WHERE userid  = cayce

Solely within this thread as an example, we have two “team” members taking talking points out of context (an increasingly defining trend within moderation) and transmogrifying them into alleged attacks while intentionally being offensively condescending and talking down to another user for no other reason other than this user has presented healthy dissent.

Others have come before you, just as others have come before I, others will come after us.

From my perspective, I see two men mansplaining how the world works.

This discussion is getting really toxic and it was completely destroying the original thread’s purpose. So I took it out so the discussion could keep its focus.

A post was merged into an existing topic: Alternate Qubes iso for business person

I find it interesting that a moderator lacks the ability to read before posting but, not as interesting as the uselessly feeble shame bullying coming from said moderator.