We'll discuss some of the earliest necessary decisions such as which desktop and window managers to use. This should help narrow future package selection in future meetings.
Hey! Great stuff you guys are doin'. I'd love to help but the only code I know is VB. anywho... I think you guys should work to hide data on the inside as well, (unlisted directories, secret click spots, etc) so IF they find and infiltrate your computer, they can't find anything incriminating, or even mildly interesting.
Go with as many open standards as possible, so that other people can do the core work on auditing the code. Consider stealing any ideas you can from openbsd, which is secure by design, look at the selinux stuff.
Don't worry too much about back doors in selinux. Remember that it is in the best interest of everyone to eliminate back doors, as both the NSA and China are probably looking at using selinux and neither wants the other peeking at what they are doing.
But keep in mind that the more complexity you add to the system, the more security auditing you will need to do on each component. Over a certain level of complexity it becomes literally impossible to continue to audit properly, without a HUGE community of users working on it.
This is a problem because the trustworthiness of those end users is always going to be suspect, and it may be too big to get the same code audited by multiple end users. Thus, the secure system can be compromised by a malicious end user who penetrates the social network and becomes a "tester" auditing portions of the system for you.
So keep it simple where possible. Use simple but flexible components, and steal good ideas from others.
I love gnome, but it is anything but simple. XFCE is better, and a standalone WM like BlackBox is great. The problem is making it integrated enough that people want to use it. Paranoid linux in the book had good collaborative games, perhaps this should focus on that also.
When I read Little Brother, I immediately searched for ParanoidLinux online. What I found (before this project existed, obviously) was that there was already a hideously paranoid distribution available out there called Tinfoil Hat Linux. It appears to no longer be actively developed, and it's not designed for the same purpose as Paranoid Linux - the omission of all networking pretty much defeats the whole surveillance issue. However, Tinfoil Hat does incorporate a few features that you might consider looking at it.
However, if you're looking to port some useful (and paranoid) tools, you may want to look at the readme file that lists the features. Besides the keyboardless login, they also feature a tool to use the caps lock indicator light to blink morse code (to protect against Van Eck phreaking), using an encrypted ramdisk for all temp files that is destroyed on shutdown, their TEMPEST tool for creating encryption static, and others.
I'm no developer, just a relatively experienced Debian user, so I have no idea how difficult these tools would be to port, but hopefully you can extract something useful.
Comments
paranoid linux
What if, after it's developed, the government adopts Paranoid linux as it's standard?!?!
Never underestimate the power of the nerd.
help & suggestions
Hey! Great stuff you guys are doin'. I'd love to help but the only code I know is VB. anywho... I think you guys should work to hide data on the inside as well, (unlisted directories, secret click spots, etc) so IF they find and infiltrate your computer, they can't find anything incriminating, or even mildly interesting.
Use open standards, keep it simple, steal ideas from others
Go with as many open standards as possible, so that other people can do the core work on auditing the code. Consider stealing any ideas you can from openbsd, which is secure by design, look at the selinux stuff.
Don't worry too much about back doors in selinux. Remember that it is in the best interest of everyone to eliminate back doors, as both the NSA and China are probably looking at using selinux and neither wants the other peeking at what they are doing.
But keep in mind that the more complexity you add to the system, the more security auditing you will need to do on each component. Over a certain level of complexity it becomes literally impossible to continue to audit properly, without a HUGE community of users working on it.
This is a problem because the trustworthiness of those end users is always going to be suspect, and it may be too big to get the same code audited by multiple end users. Thus, the secure system can be compromised by a malicious end user who penetrates the social network and becomes a "tester" auditing portions of the system for you.
So keep it simple where possible. Use simple but flexible components, and steal good ideas from others.
I love gnome, but it is anything but simple. XFCE is better, and a standalone WM like BlackBox is great. The problem is making it integrated enough that people want to use it. Paranoid linux in the book had good collaborative games, perhaps this should focus on that also.
My .02! I will be lurking. :)
K
"We'll discuss some of the
"We'll discuss some of the earliest necessary decisions such as which desktop and window managers to use."
YOU'RE DOING IT WRONG.
Your words would carry more weight...
if you said WHY.
The selection of this software (especially desktop manager) affects the selection of all future packages and lets our developers know what to expect.
So how would YOU do it? Obviously you have some idea. Please tell us.
hi
hi just stubuled on this very cool would love 2 hellp out
_________________________________________________
praze Odin, Vili and Ve.
Tinfoilhat
When I read Little Brother, I immediately searched for ParanoidLinux online. What I found (before this project existed, obviously) was that there was already a hideously paranoid distribution available out there called Tinfoil Hat Linux. It appears to no longer be actively developed, and it's not designed for the same purpose as Paranoid Linux - the omission of all networking pretty much defeats the whole surveillance issue. However, Tinfoil Hat does incorporate a few features that you might consider looking at it.
However, if you're looking to port some useful (and paranoid) tools, you may want to look at the readme file that lists the features. Besides the keyboardless login, they also feature a tool to use the caps lock indicator light to blink morse code (to protect against Van Eck phreaking), using an encrypted ramdisk for all temp files that is destroyed on shutdown, their TEMPEST tool for creating encryption static, and others.
I'm no developer, just a relatively experienced Debian user, so I have no idea how difficult these tools would be to port, but hopefully you can extract something useful.
/$.02
---
"Quis custodiet ipsos custodes?" - Juvenal
what the heck does that
what the heck does that quote mean!?!?!?!?
"Quis custodiet ipsos custodes?" - Juvenal
Who shall guard the guards?
"The only thing that hasn't changed since 9/11 is that the government is still *u**ing up"
-Steal This Book Today