
Joanna Rutkowska leaves Qubes OS, joins Golem - pentestercrab
https://www.qubes-os.org/news/2018/10/25/the-next-chapter/
======
lvh
FWIW: just over half of Latacora uses Qubes on a daily basis. We do that
because "Xen VM" is a pretty great boundary; it allows me to have totally
separate client environments with the convenience of a single laptop. (We've
had a client have us use their endpoint before; while I generally like that
client, we won't be doing that again :-))

It's not flawless. Sometimes switching to a big screen or moving USB devices
between VMs is wonky... but the bottom line is I haven't booted my MacBook Pro
for work in 2018. We stopped using MBPs because the then-current now one-
minor-rev old generation is trash; all of them broke, and that was
unacceptable, so I have a Lenovo (again).

Happy to answer questions about Qubes.

FWIW: not worried about Qubes' future. As Joanna herself points out in the
blog post: Marek has been doing most of the technical day to day stuff for a
while now, and Qubes has been doing just fine. I'm really thankful for the
work Joanna has done in making Qubes happen and hope her new endeavors are
everything she wants them to be :)

~~~
wanderfowl
What's hardware compatibility like? Did/do you struggle to find good portable
machines to run Qubes on with solid wireless/bluetooth support?

As somebody whose (trash) recently-current MBP just spent the weekend with
Apple due to a display failure, I'm evaluating my options.

~~~
lvh
I have a T470 -- at the time the most recent T-series 14" Thinkpad. Everything
pretty much worked fine? But that's just one data point. Perhaps if they're
super new, you'll run into more issues. dom0 is hyperconservative with
updates, so maybe you'll need to run testing-grade stuff to get all your
hardware to work properly.

I think I had an issue with WiFi + suspend/resume but that was easy to fix,
and fixed by default now. (It involves reloading the driver after resume --
that's automatic now but the setting lives in a config file.)

~~~
storrgie
For what its worth the T4x0(s) series has been very good for Linux in general.
We've been hopping the odd numbers every other year.

------
wanderfowl
Joanna's brilliant, and this Golem project is fascinating. The idea of a
secure remote compute arrangement is sort of a natural extension from Qubes,
and this is a pretty unique approach. May she (and Qubes, and Golem) find
great success.

~~~
wanderfowl
Reading the Golem website, I'm no longer sure that I 'get it'. Is this just a
decentralized AWS or supercomputing service which is payable using
$ThisWeeksHotCryptocurrency? Her description made it sound less like a
marketplace for spare cycles and more like a thin-client sort of thing.

~~~
hackermailman
It's a Graphene SGX fork running docker containers so far.

------
zapita
These ICO-funded research projects are turning into the next Xerox Parc, IBM
Research etc. I doubt they will ever ship something practical directly, or
that the investing public will ever get their money back, but they are
spending the money by hiring great engineers and researchers and giving them
free rein to have fun with no budget restrictions. I suspect that will result
in fundamental advances that will benefit us in the long term, like Darpanet
eventually gave us the Internet.

I want to believe that something good will come of this, beyond incinerating
cash building products nobody actually wants to use. (Yes, I’m saying that
Golem as described is impractical and naive, and giving it so much funding so
early makes it even harder for them to learn hard lessons and succeed as a
product).

In a way, they found a way to trick us into paying more taxes to subsidize
public research and development! You’ve got to respect that.

~~~
jacoblambda
The difference is that unlike taxes, these research projects are 100% opt in
and you get to pick which project to support.

~~~
zapita
I think most ICO participants expect something in return other than “lots of
cool research that won’t be immediately practical, but might indirectly
advance society in 20 years”. They expect either financial gain through
speculation, or a successful launch of the product specified by the ICO
whitepaper. They will most likely not get either of those things.

~~~
nostrademons
I wonder if this is really true. My understanding is that the majority of ICO
funding actually comes from Bitcoin & Ethereum "whales" who got in early, own
thousands of coins worth tens of millions of dollars, `and are looking for
something cool to do with it that won't trigger a huge tax bill. (Well,
technically investing in an ICO is a taxable event, but when you can just use
your private key to send Ethereum from your pseudonymous address to a smart
contract that exists everywhere and nowhere at once, enforcement is
difficult.)

Most of the newbie Bitcoin investors I've met at meetups have been very wary
of ICOs. Too risky; they won't go near them. Occasionally they'll be someone
who spreads maybe 5% of their crypto portfolio across a dozen ICOs, but
they're the die-hard exceptions.

If this is the case, the analogy really is more like Google X or YCombinator:
an already-wealthy firm who spends money on passion projects because they can,
with the potential added benefit of a small chance of an even bigger payoff
down the road, and a nice PR boost in the meantime that increases the value of
their primary holdings.

------
fabricexpert
Golem has the potential to solve the Cloud Trustworthiness problem, and it's
an interesting problem one with huge upside if it we ever get there. How do we
verify that the the code we're running (e.g. the VPN we have set up on a VPS
in the cloud, or the web server we're connecting to) is actually running the
code it says it's running?

Ethereum can do that (because it's just one giant computer running the same
code and verifying it's state after every functional call), it's just really,
really slow and insanely expensive. Perhaps they'll figure this out, if they
do, it will be awesome.

~~~
AgentME
>Ethereum can do that (because it's just one giant computer running the same
code and verifying it's state after every functional call), it's just really,
really slow and insanely expensive.

Also, everything on Ethereum is public.

------
ddtaylor
Very interesting to see her joining Golem. I have been following them for many
years and I'm excited to see what they produce, but they seem to have been in
a holding pattern for a while unable to produce progress in some ways. I think
she'll probably help solve that.

~~~
wycs
I'm not fond of the economics of Golem. I suspect they will not be able to
compete with centralized solutions, as they have to support all sorts of
redundancy to make things trustless. They could make it more federated, but
then how is that better than AWS? And why do you need a token at all?

~~~
vvillena
When you use AWS you're subjected to AWS pricing and AWS servers. A more open
network where everyone can offer computing power has the potential to reduce
the lock-in effect that all the big cloud vendors force upon their customers.

The initial goal of Golem was to be so efficient that the best way for big
cloud vendors to offer their services would be through the Golem platform.
That's obviously a moonshot, but it helps us to see what the Golem team is
aiming for.

------
StreamBright
From her new project: [https://golem.network/](https://golem.network/)

>> Ethereum-based transaction system

Is this going to be fast enough for their use cases?

~~~
pjc50
Sounds like FileCoin for CPU rental. Could be legit, especially as they're
_not_ creating their own token for this purpose. Nonetheless, by using
Ethereum they're still committing to burning a lot of electricity - would be
interesting to know if it's more or less power than used in the actual
computation they're selling.

~~~
Karunamon
Ether is planning on moving to proof-of-stake rather than proof-of-work some
time in 2019, which should help with the power consumption.

[https://www.mangoresearch.co/ethereum-roadmap-
update/](https://www.mangoresearch.co/ethereum-roadmap-update/)

~~~
linuxdude314
GNT is the ERC-20 token they use. Golem had an ICO last year. It would be
really challenging to figure out how much power is used by a particular ERC-20
token given that mining is performed on the whole chain, not a token bybtoken
basis.

------
orliesaurus
Looks like Joanna left the project in good hands. She says Golem raised money
but the challenge to me seems being able to verify whatever computation is
being done as trustworthy/correct. Unlike in crypto transactions, it becomes
hard to build a trustworthy network where computation can be verified,
especially because there are so many different kinds of computations available
out there

~~~
camjohnson26
Can't zkSnarks help with this? [https://blog.ethereum.org/2016/12/05/zksnarks-
in-a-nutshell/](https://blog.ethereum.org/2016/12/05/zksnarks-in-a-nutshell/)

------
floatboth
Oh no. From a serious OS project to a buttcoin startup. I guess these people
are the ones that pay the big money these days…

------
AdmiralAsshat
Best of luck to her. It's sad to see her go; I still don't think Qubes OS is
quite ready for prime-time yet.

~~~
jake_the_third
why?

------
sdwisely
_Another challenge is the trustworthiness of the x86 platform._

I can only imagine that's incredibly frustrating. Knowing no matter how hard
you work on Qubes, x86 isn't really deserving of trust right now.

------
thyrsus
In case someone else is just learning about these folks: ITL is Invisible
Things Labs.

------
wglb
You should use the proper title: * The Next Chapter: From the Endpoint to the
Cloud _

~~~
concernedctzn
Counterpoint: Joanna is a highly regarded security researcher and this is big
news for the Qubes project. I wouldn't have clicked on this link if it was
presented with the generic title

~~~
Tomte
Your counterpoint doesn't matter, this site's rules are very clear.

If you wouldn't have clicked the link, that's a pity, but that's something the
article's author brought on himself.

~~~
luckyorlame
rules are only useful when they serve their intended purpose.

------
agounaris
Who is Joanna Rutkowska and what is Qubes OS :S

~~~
lloeki
The first link of the top header is _' INTRO'_ leading to a page which
literally has _' What is Qubes OS?'_ as the first h2.

The third link of the top header is _' TEAM'_ leading to a page where Joanna
Rutkowska is the most obvious topmost item, appearing above the fold on many
devices (even my phone!), complete with her title(s).

Sometimes comments make my day. This is not one of them. I am achingly
speechless.

