After the Vault 7 revelations are you ready to start thinking about a new OS? Linux is too big to audit for security...

After the Vault 7 revelations are you ready to start thinking about a new OS? Linux is too big to audit for security. A new OS with a minimal code base is required. The only way to achieve this is writing it in a high level language with garbage collection. Buffer overflow errors are still the number one source of errors in the C/C++ world. Yes, it's inefficient but you can not be sure of your security unless you know your system. Do you trust SystemD?
AMD has 8 core chips now, more than powerful enough. Lisp OS when? Unless you fight back with new code then the NWO wins.
independent.co.uk/life-style/gadgets-and-tech/news/stephen-hawking-world-government-stop-technology-destroy-humankind-th-a7618021.html

Other urls found in this thread:

opensource.apple.com/source/xnu/
wikileaks.org/ciav7p1/cms/page_3375253.html
nxp.com/products/microcontrollers-and-processors/arm-processors/qoriq-layerscape-arm-processors/qoriq-ls2088a-reference-design-board:LS2088A-RDB
sel4.systems/
openbenchmarking.org/result/1507277-BE-1507271BE53
arm.com/products/security-on-arm/trustzone
github.com/seL4/l4v
usb.org/developers/docs/devclass_docs/
wikileaks.org/ciav7p1/]
gnu.org/software/hurd/capability.html
github.com/minexew/Shrine
walkran.com/wugs.txt
yarchive.net/comp/microkernels.html
en.wikipedia.org/wiki/Direct_Rendering_Manager
twitter.com/NSFWRedditGif

TempleOS already exists as the answer to this you stupid CIA nigger.

dumb af tbh fam smh rn @ u

Not really. It is clearer than ever that proprietary blobs need to go and die though. Hope they finish the HURD some day.

There are people out there *right now* building Jupiter Ace clones. I think you can even buy kits.

freebsd ftw queers. linux is ibm nigger bitch and has systemd backdoor the size of a 2 car garage

If Mac OSX has backdoors, so does BSD. It's not just systemd which causes backdoors. Linux is just shit in general because of ADHD devs.

Just switch to one of the haskell OS projects out there

...

how hard would it be to fork TempleOS and add networking?

It's easy.

Not necessarily. With the BSD license, Apple can just take the BSD code, add their features, and don't have to submit any changes upstream.

Some large binary objects could be malicious.

Intel and AMD both have hardware backdoors. Use pre-2008 hardware from them or use ARM shit.

Agreed
lolno


Apple only took the POSIX system from BSD when they made XNU


XNU is open source idiot, also see above
opensource.apple.com/source/xnu/


Pick one, nothing short of complete formal proof would prove security.

seL4 is less than 10,000 lines of code but the formal proof for it is over 200,000. To do this for Linux would take decades even if you halted the addition of new code.

I would assume ARM is comprimised too. Also, if I remember correctly, ARM assembly is not stable.


If not a high level language then what is the point? Another C based unix clone? C is a big part of the problem with security. Rust won't last. Is ADA still viable? Besides, you need a higher level language because you also need to increase productivity. That is what machines are for.

systemd is mentioned in the Vault 7 documents. CIA is pulling the strings on systemd, they have their hand prints all over it. Any linux system using systemd is compromised. Only morons and shills will continue to use it.

wikileaks.org/ciav7p1/cms/page_3375253.html

C can be made more secure using analysis tools that detect use of features undefined by the language standard and may not be portable across compilers and common programming errors.

I don't see a big reason to move away from C. Rust can be just as insecure as C if the programmer using it is shit and leaves logic/domain errors or security holes in their program.

I say this half serious and half shitposting. Linux is as secure as Windows 10.

What's the point?

Proofs? Pretty sure ARM is free of CIAnigger microcode, unlike Intel or AMD

And who makes those stuffs?

Between chinks (ARM) and kikes (Intel), I'd rather stick with the chinks. They have at least a reason to attempt to stem CIAnigger break-ins. Anyway, all modern hardware is manufactured in China or Vietnam or some shit so its really a moot point.
I'd rather not have Israeli microcode and IME/TPM/etc breathing down my neck.

No its not, seL4 is written almost entirely in C and as I mentioned if formally proven to have no security bugs. The issue that we are facing now is partly because awful coders like yourself exist who think that its the language thats at fault rather than the garbage you shit out and call 'code'.

No, fuck monolithic kernels


ARM doesn't even use microcode, unlike x86 and Power* the ARM instruction decode and other associated functionality is all hard coded combinatorial logic.

*Power doesn't require signed microcode and the IBM developed one is open source so its far better than x86


NXP make 8 core A72 ARM SoCs and have what could be considered a development kit for them.

Other than that you could buy a TX1 (or TX2 when they are released) dev kit, they need a special kernel which Nvidia have molested but overall not bad computers.

What is the point of another C based Unix clone? None. You also need the advantage of faster development, high level language wins there. The chips get faster but none of the software is taking advantage of the power. You can cut the performance of every 4 core Intel chip in half an no one would notice. How do I know this? Because computers became good enough 10 years ago.

Forgot to add a link
nxp.com/products/microcontrollers-and-processors/arm-processors/qoriq-layerscape-arm-processors/qoriq-ls2088a-reference-design-board:LS2088A-RDB

Nice price too, $2750.

Yea I know, its not cheap but its botnet-free unlike everything else you can buy brand new.

I can't confirm this myself but I was told by someone credible that Dell are developing Power9 systems which is another option but they would be even more expensive.

Power9? Those will be servers or workstations and like you said, expensive.

Yes but its still an option, a Power9 workstation would actually be a very nice machine in my opinion.

I own a Rockchip RK3288.

Just curious, what do you run on it? I've been having tons of trouble running anything on it but Arch ARM (Debian is also supposed to work, but I always get a black screen.) Does anyone know if oBSD is compatible?

Sometimes I think this shit is the CIA coming to make sure we achieve nothing and our suggestions are ignored by everyone.
Kys my man

ARM is HQ'd in UK and their parent company is in Japan. I don't know if the manufacturing is based in China or Taiwan.

Companies can obtain an ARM architectural licence for designing their own CPU cores using the ARM instruction sets.

SeL4, faggots.
sel4.systems/

ARM doesn't make chips, they develop cores and instruction sets and then license them to vendors who bolt whatever peripherals they want onto them.

When companies license an ARM core they get the HDL code, some actually modify the core to achieve some specific functionality of characteristic but this is rare. After that they attach other IP-cores the CPU core(s) via the exposed AXI bus.

Because ARM licenses their IP to their customers they have an incentive to keep it botnet-free since if they tried to sneak something in it would get caught and as more companies caught onto it ARM would go out of business.

What do you suggest we do to make linux 100% secure? Keep in mind that the entire linux developer community have obviously failed so far.

chink/mossad network chips, memory controllers, I/O ...

No, I use gentoo without poettering software and I am not using binaries blobs or other shit on pre 2008 hardware with libreboot (and in future librecore).

Most of the leaks in ""linux"" was only about shit operating systems (or unix like solaris) that used non-free software like ubuntu or openWRT.

But I am seriously thinking that most any pol users are completely dumb when it comes to technology.
Pol users are pajeet level of users, you can't even see that your own board is maintained by CIA niggers and you aren't seeing that the dubs on your board are being "get" via simple scripts.

The first thread was so flooded of dumb irrelevant shit like "the jews did it" or leftypol that spammed their shit too.
I am tired of pretentious spergs and their constant political pushing either it's Holla Forums or Holla Forums.
I just want to talk about Holla Forums.

This;
Has retarded has it seems.
Meme it.
The more people get informed on such elegant kernel the more people will jump the wagon.
And if used massively, finally people will stop bitching about GPLv3 being incompatible with GPLv2 (and Torvalds will be angry)

If the hurd gets finished:
-The systemd project isn't necessary.
-Containers aren't necessary.
-SElinux becomes irrelevant.
-Audio encoding get 80% more efficient

This bench was done two years ago, their where two version since then.
And the hurd isn't even finished yet.
The performance for a kernel that is still considered has non usable in for a day to day use environment is still impressive.
openbenchmarking.org/result/1507277-BE-1507271BE53

You mean Ada. It's not a goddamn acronym. And yes, it's still entirely viable and remains the best systems language available.

How the fuck does audio encoding have anything at all to do with the kernel beyond the system calls to read/write to the disk?

It depends on the model but
TrustZone® technology
arm.com/products/security-on-arm/trustzone


You haven't read what he said
see >722333
Again Stallman was right


making a another operating system is retarded.
At best use assembly to make important small piece of software.
Otherwise it C or C++ nothing else.
Rust is a meme language and will die with the SJWs who created it.
Guile is a good compromise for high level language.


This
Has always it depends on how you make the software.

How about starting with settling on a usable estimate as to what point a code base becomes too large to audit for security. I've heard people claim systemd is too large to audit for security and it's only 550,000 lines of code while the Linux kernel, Firefox, and Chromium all sit around 15 million lines of code. Also, I assume you're talking about just the Linux kernel and not the other necessary code for a user to actually use the operating system.

Sure, you can do that for most languages. The part you're leaving out is that the language makes a huge difference in how easy it is to prove safe. With seL4, said proof is 20x as big as the source.

Do you even know what TrustZone is? Do you honestly believe that processors having separate operating modes is a security issue? Do you think protected mode on x86 processors, which has existed since the 286, is a security issue? Hell, are there even 32 bit processors out there that don't offer multiple operating modes?

The formal proof has nothing to do with the final implementation language, its all to do with the functionality the code performs. They could have written the final implementation in Java and the proof would still have been 200k lines of code.

Here is a very basic outline how its done
It is a very time consuming process but the outcome is very high quality and well documented code

As an addition, here is the formal proof for the seL4 kernel

github.com/seL4/l4v

The software is under a permissive license.
One of the main features is to enforce DRM and other restriction.

No, I think it's for one a freedom issue.
And second it should stay what it is a CPU.
Next thing we are going to have are embedded OS in the CPU seeing how fast shit is going.

So what you're essentially saying is that they're fuzzing pretty much every single parameter passed around the app? Every function - and what's passed to every function - is fuzzed?

I like this. But could the same principle not be applied retrospectively to Linux?

I.e:

OpenBSD is only a little over 500k lines for /usr/src/sys, but they also have a strong focus on security.
Terry Davis might be right that 100k lines is a good limit. The only problem is that nowadays you have shitty stuff like ACPI and USB that end up bloating your kernel if you choose to implement them. It was simpler when you only had APM (completely optional) and real serial/parallel ports. So the modern hardware is a bit like the Web 2.0, in the sense that you can't implement all of it unless you want your stuff to be all bloated.

USB doesnt take up that much code. When I used to fuck around with Microchip microcontrollers their USB implementation was rather small. I remember implementing a mass storage device which could hide autorun files from the host after they were executed

Its not just the fuzzing (although that is a big part of its proof), the formal spec'ing helps to ensure code that works together by not only forcing the coder to properly define what the code is to do but also provides heaps of documentation from other sections of code.

They also don't just unit test, they also do multiple rounds of integration testing.

Also your suggestion still doesn't fix the main problem with Linux, the millions of lines of poorly documented and not-proven code, it only helps to prevent future issues. I said 'help' because the strictness and attention to detail of the seL4 guys which produces the highly correct code is quite lacking in the Linux community and the size of it would mean not all code would be developed or reviewed to the same standard as the seL4 code.

Not to mention that such processes seriously slow down development the bigger the code base gets.

There is a reason why I am a fan of the idea of Exokernels and Microkernels.

That was exactly my reaction when I saw this.
But you could also ask yourself the same question about the linux kernel:
To respond to your question I asked youppi a long time ago IRL and I don't remember exactly his response but it was something like this.
The linux kernel has a shit software layer.
The hurd doesn't and you can directly record sound without distortion.
DRMs becomes completely irrelevant with the hurd because of it's conception has I understood it.

It sounds like you only did a small part. On my OpenBSD laptop, /usr/src/sys/dev/usb has 167609 lines, and the entire /usr/src/sys tree is only 577958 lines, so that's pretty significant. For comparison, /usr/src/sys/scsi is only 18816 lines. Serial and parallel drivers are tiny, and were the norm on 8-bit computers.
Modern hardware is really out of control, literally.

We make our own kernel. We'll port GNU Mach to lisp, and start from there.

They just explain how to use it, you dumb fuck. They don't talk about any kind of exploit or vulnerability for it.


None related to systemdicks.

That basic outline is convoluted. With an appropriate choice of implementation language (eg, SPARK) it could be reduced to:
Implementation language matters.

Exokernels are better from a performance perspective too. Small codebase that does one thing well (in this case securely multiplex raw hardware) beats massive monolithic do-everything blob every time.

...

Can buffer overflows even be used to hack anymore, now that there is ASLR and CFI?

Why have a kernel at all?

...

Why not have every program compiled into a unikernel and run with a hypervisor?

Congrats, you've moved the problem one level down without actually solving it.

Thanks. Its feels good to be recognized for my ingenuity.

TrustZone isn't software, it's a separate CPU operating mode. If you don't want certain software running in TrustZone then don't run that software in TrustZone.

It's a non issue so long as you have access to the code that runs in it. The FSF had no problem supporting Libreboot for the ARM based C201 Chromebook.

It did, only a communication device class (serial port), HID class and MSD, and even then not completely implemented. But if you go through the USB device spec, there is tons of useless shit not needed for the majority of systems like billboards, personal health devices and video

usb.org/developers/docs/devclass_docs/

I havent looked at OpenBSD's source but i'd be willing to bet if you wanted to reduce source code line count, these two systems could share source code. USB MSDs use a subset of SCSI commands for BOT mode iirc.

dude this is such a shit thread man

100k lines for a full OS and not just the kernel is a bad limit if you want to be able to do anything much. Windows 3.1 supposedly had 2.5-3 million lines of code and FreeDOS has around 1 million.

Would be nice

That's fucking retarded

You really think God would ordain a 100K SLOC limit if it weren't possible?

Honestly if there were to be a new OS it would need to figure out how to get around the fact that the CIA can snag the files before they're encrypted.

Some USB stuff (umass*) does have #include statements that refer to SCSI headers, but the reverse is not true.


For TempleOS it makes sense, since Terry is doing it all by himself, and he wants it to be a "user-developer" system, like Commodore 64. You'd boot up a C64 and get a really spartan ROM BASIC shell, the rest was up to you...
FreeDOS might just be bloated though. Remember DOS used to run fine on floppy-only systems like pic. It doesn't need a lot of stuff just for the OS. so then you write some software in GW-BASIC, or type some listing up from a magazine or book, or buy a fancy game and pop the floppy disk in...

OpenBSD. Is the only thing left, the sooner you realize it the faster we you can help with it's development. The CIA leaks have proven and will further prove in the coming months that Linux is just as insecure as Windows/OSX.

Qubes OS is cancer on an insecure Zen kernel.
Subgraph OS is the same cancer as other variations of Linux.

The fundamental problem that De Raadt has talked about is that retard developers will turn protections off to speed up their development. They don't give a shit about security, not one bit but that also means they code for shit because the code they produce is inefficient and often time's has flaws in it.

Stop trying to want to change the wheel and actually adopt a 'do it right the first time' mentality.

To the retards suggesting FreeBSD, it has turned off most of the security mitigations that OpenBSD offers for the sake of fast development and all for their server, it's the same as Linux insecure cancer.

If u need to play a game go get a separate gaming computer with a windows 7 install, only use it for games.

Not really. They've just added support for newer hardware. The minimum system requirements are supposedly just a 8088 processor, 512 KB of RAM, and a DSDD (720 KB) floppy drive (though that's not a full install).

There won't ever be a 100% secure operating system; you can keep trying but you will just have to keep patching the operating system after the CIA finds a flaw in it. The end result is; you may have a secure operating system for a couple of months before a flaw is found, then you won't be secure for about three months, then you will be secure for another two months until the CIA finds another flaw.

That's why code audits and exposing a minimal attack surface are necessary.

...

Where did i say a 100% secure? No where, i said the correct way to program lies within OpenBSD. Teaching people to code from a basal security perspective solves the majority of the problem. OpenBSD mitigates most attacks. A subsystem might still get infected but it is prevented from executing and doing what it needed to take over and do it's damage.

OpenBSD has had security flaws found in the past which were critical, but it was only 2 or so in the past 15~ years. Which is nothing when you compare it to the tens of thousands in windows, to the thousands in linux and the hundreds in OSX.

So, out of pure curiosity, how did everyone here treat computer security a week ago? You know, back when you thought it was just black hats finding vulnerabilities and developing exploits to attack your machine.

Right now I see there are a few options that I'm listing from most to least achievable:
1) make sure you're using 100% blob free linux distro with hardening and take care to use non-bloatware
2) switch to OpenBSD
3) wait for HURD/SeL4 to finish
4) fork a minimal kernel like Minix3 (I think its like 4,000 LOC compared to OpenBSD's 600,000 and Linux's millions) and build an OS off of it
5) create a Holla ForumsOS based off of TempleOS and finally be free of the CIA nigger scourge

Why not just run Minix instead of forking it?

The reason why I put option 4 low on the list is that I was thinking that picking that option would require doing some clean up and being what OpenBSD is to NetBSD. NetBSD may not be insecure, but it's not it's primary goal. As I have not looked at the source code myself I cannot not attest to how well it does it's job, but Minix seems to be more focused on staying up and running if it encounters an error rather than being locked tight

Well I never liked Windows to begin with. I came from an 8-bit computer and Amiga background. The death of Commodore made me resent Microsoft and their shoddy software. So I avoided their stuff and anything related (even games).
I moved to Slackware in the mid 90's. Got hacked, because I was naively running lots of services and hanging out on IRC a lot. WTF is a buffer overflow? Oh that's some kind of new hacking technique. Probably there's an article in Phrack magazine...
I moved to Debian, because they seemed to have their shit together, but eventually I found out they were alacking too. Stuff like named wasn't chrooted and running under dedicated UID/GID. When big bad named exploit came out, there was a lot of noise on mailing list, but it was all reactive, not proactive. I noticed that OpenBSD was doing pretty good on that front though (had already been using it as my firewall and NAT gateway). But could I use it for desktop? It seemed kind of unfriendly...
Only a few years later, I'm using OpenBSD everywhere, no exceptions. Well except for that Opera binary running under linux-compat (it was the only JS-ladden browser I liked)
Same old for about a decade, and then the Snowden shit surfaces. We find out about shit like Intel ME. Everything seems utterly hopeless... You don't even control the hardware you paid for anymore. What shit is this? And to really fuck with you, it's all widescreen shit with lame keyboards, even IBM Thinkpads are cucked.
So here we are last year: super-shit hardware, shit modern web, nothing but more shit to look forward to. I'm locking down my system even more, because I got nothing better to do. No services running accessible from Internet, pf.conf that passes no traffic whatsoever (except the sessions I start), malloc.conf turned up to 11 (so what if it slows things down, I hardly ever use Firefox anyway). I still feel like it's not enough though, and wish I was back on 80's computer, because that was both more peaceful, fun, and creative (I used to make games, and music, and stuff in Deluxe Paint).
And then that's when wikileaks reveals that Terry Davis was right all along.

Which is why I am shilling a Xerox Alto, LispOS, TempleOS approach. The entire system must be understandable to the user which means a high level language to reduce the code base.

cia fag

Stack smashing is merely one of hundreds of classes of retarded shit that's in modern software.
We still have all kind of injection and metacharacter vulnerabilities in everything (including anything to do with Unix whatsoever, including the terminal emulator itself).
For some reason it's a fad to make shoddy serialization tools which introduce vulnerabilities up to remote code execution.
Then if we look at any desktop software, it's just completely fucked in new made up ways, like if you download some shit to your downloads folder and run it, it will consider all the files in the downloads folder as libraries.
For some reason it's always been a fad to build vulnerabilities around the execution environment.
Today I ran into this bullshit where if you don't have a UTF-8 locale, youtube-dl just crashes (not a vuln but yet another bug caused by fucktards relying on the environment). fuck off cunts
Now we even have PCs shipping with broken RAM (rowhammer).
The entire software industry needs to be fired. And probably anyone in electronics or anything. Just look at:
>and even Samsung TVs, which are turned into covert microphones. [wikileaks.org/ciav7p1/]
Whoever made these TVs should kill theirselves. They had ONE job. (I only read up to that part for now but I'm sure like the NSA revelations nothing will be surprising) Same story for uconnect and similar motor vehicle vulnerabilities.
Every fucking product that contains electronics is now completely untrustworthy. This is because they keep adding bullshit like IoT into it and hiring more and more incompetent "engineers".
It was bad enough when this bullshit was limited to software. Everyone in the industry should be put into a concentration camp.
You wouldn't be using SystemD in a small TCB C-less OS, would you?

I run Arch on my Acer C201.

It's easy to get the Terry Davis experience:

Disconnect the network cable!

who said anything about 100% secure you dumb nigger?

It seems like a lot of people took it pretty seriously beforehand, my main shitposting laptop had OpenBSD with full disk encryption and sshd off by default; I was also toying around with DNScrypt and unbound. It seems like the extent of the vulnerabilities brought the OpenBSD users, Microkernel guys and Terry posters out of the woodwork as the main draw to their stuff is a far smaller attack surface. Ideas for a Holla ForumsOS have been talked about a bunch before, but not with as much enthusiasm as now.

What wm are you using? twm?

I think if a high-level approach is to be taken, the whoever's in charge of the project would either have to write a high performance implementation of the language (the idea of a compiled lisp sounds pretty sexy tbh) or go with one of the faster languages like ada or Erlang

...

THE AGE OF TERRY DAVIS IS UPON US

You have no fucking idea what you are talking about.
Kill yourself.

Quit being tech Mike.

L2R nigger

and
kys BSD cuck apple shill

I'm planning on switching to OpenIndiana and possibly either SmartOS or OmniOS.

I'd like to get Gentoo Prefix working on it too, so I don't have to be reliant on pkgsrc.

automatic memory management and memory+type safety are unrelated. See Rust and Ada, they are safe, yet non-managed and sufficiently low-level to be efficient

You're a cuck!

Would the average user benefit from a real time OS? I was reading that some gamers were switch back to windows 7 because windows 10 was hogging too much cpu in the background.

soft real time OS = highly responsive user interface

Another day, another "Vault 7 made me aware of years-old revelations about computer security so we have to build everything from scratch" thread.

Literally the only OS that has a chance of staying secure if people started working on it.

You don't need a real time OS to do that. What is required is programmers who understand how to work in a multiprocessing OS and can deal with race conditions and blocking API.

Minix
Hurd/gnu
Haiku
Plan9

We have no shortage of OSes, just application software.

Redox is nothing but a posterchild of a pet community and is not to be taken seriously.

Nix Hurd. Linux's vulns are probably in GNU rather than the kernel itself. If this is the case, projects like Alpine Linux might actually have a shot at security.

GNU Hurd is the multiserver component of a microkernel system. In their design, they make use of a security model known as capabilities. The idea of capabilities is that unforgeable tokens of authority are passed from mutually untrusting programs.

gnu.org/software/hurd/capability.html

Well, that's important, sure, but a lot of these exploits would have still worked without needing interprocess communication. Granted, I've never been formally educated on computer security, but it really only solves one part of a much larger problem.

You can almost taste the SJW

Which is why Rust is cancer regardless of its technical merits.

I guess we should just start hammering out quick [insert easy scripting language] alternative programs and using transpilers to eek our as much performance as possible on those platforms. Suckless sofware should be pretty easy to port as well.

why don't you all just make your own operating system, your own CPU, your own GPU, and your own HDDs?

it's not hard

You forgot to add "and I am too retarded to run `make nconfig` please spoonfeed me".

No, redhat/oracle/whatever-jew source is too big to audit for security.. also: support shekels.

Linux, Unix are fucking timesharing mainframes from the 70s. I am running a PC, not a timesharing mainframe from the 70s.

...

Garbage collector + kernel code = no go. Operating systems must operate in language environments where no assumptions about how memory is managed can be made, primarily because it is the operating system's job to manage memory! Moreover, garbage collectors are non-deterministic, whereas a kernel should absolutely behave 100% deterministically. Use RAII instead of a garbage collector. Rust, C++14/17, and Ada are all acceptable languages for developing operating systems.

Then how did Terry Davis write TempleOS? HolyC is JITed if I remember correctly. HolyC is managed?

Looking up some of his previous posts, he's got a Kernel.BIN and a Compiler.BIN for handling all of the OS-level shit, and everything userland is dealt with in the HolyC environment, which is JIT'd.

There have been cases of using Java or other "managed" languages for operating systems, but these basically require you to write a large amount of assembly or C to implement the runtime. At its core, however, an operating system must have a bulk of its code written in a language that has no dependencies on a runtime. The only practical languages for operating systems, arguably, are C, C++, Rust, Ada, D (with the GC turned off), or pure assembly. And no matter what, you're going to be writing some functions in pure assembly.

You can add Forth to that list.

NetBSD has turned off:
Static PIE (mitigation technique for injecting position independent payloads)
Base compiled with RELRO + BIND_NOW (memory corruption mitigation technique)
Network stack hardening (IP ID randomization, and temporary IPv6 address creation)

The first 2 would be considered crucial on a server but for the sake of poorly written server software they turned it off. That's not how you solve problems. I don't leave fence open simply because it's a inconvenience to me so people can come into my yard without making some noise and creating some physical barrier. Instead if i left my fence unlocked i created an fenced in area where nobody can see them and they can start attacking my backdoor. It's alien thinking to me and i don't understand why 95% of the world developers think this is somehow a acceptable compromise. I can RAT any NetBSD box within a few minutes.

Debian Linux, the only variant that still has some acceptable levels of security capabilities [not out of the box and one has to go to extreme lengths harden it], but for me it's not acceptable specifically since you have to trust the microcode in the kernel which also has turned off most attack mitigations. OpenBSD can also be even further hardened on tertiary features when the out of the box is not enough for you, even though its extremely secure.

Gentoo is the same, build upon an insecure kernel.


Strawman argument, shill.

/thread

Who gives a shit, kill jews

There already is a TempleOS fork with networking.
github.com/minexew/Shrine

For those who decide to give OpenBSD a shake, you can get a post-install script that automates common tasks at

walkran.com/wugs.txt

It's workstation oriented. We went through it in another thread, got rid of some bad apps, tuned some stuff, etc. Read the script before running as you will probably want to tune it.

...

Can you explain your zathura comment? I just ran the zathura pkg_add stuff and it all went fine. What is your problem with it and what do you suggest as a replacement?


Stays.


Anyone disagree? I don't care or know either way. What is the video player of choice?

mpv is a direct improvement over mplayer

Good enough for me. mpv it is.

If someone wanted to do an upgraded .fvwmrc (with maybe nicer colors, fonts, menus, a background, wugs-app-specific dropdown menu), I'll include it. you're spending too much time with video programs; .fvwmrc tuning would be a good diversion. No hurry, but, get to 'er when you can.

I just use mc (Midnight Commander) for file manager. Don't know about mpv, but if it requires working GPU then that's a not possible for me (but "mplayer -vo sdl" works fine in most cases). And xpdf, because it's lightweight (but pdftotext is even better!)

Generally if it's lighter weight and meets the purpose, it's preferred. So, is it fair to say that the lightest weight, useable pdf reader available in openbsd packages is xpdf? If so, it's in, zathura is out.

On mc, I hear you, but given that we are doing X, I should include an X file manager. Pcmanfm is the lightest weight fm that I consider useable: happy to look at others.

zathura-cb is useless for mangos/comics since it can't switch to the next archive when reaching the end of the current one. It's a GTK3 abomination, anyway.

Comix does this automatic reading of the next file stuff and it annoys me to no end. I don't want tools doing "smart" things behind my back. If I want to read a file, I'll tell it.

GNO

so, are they mathematically, logically proving anything, or are they just testing shit? Because i don't see why you'd test proven shit.

yarchive.net/comp/microkernels.html

that has absolutely nothing to do with transcoding. you can transcode all day everyday on pretty much anything that let's you write and read data from disk or similiar, recording(presumably from external audio inputs like microphones) has nothing to do with it. It's just reading data from it, doing some calculations with it, and writing data back.
uh, lol? 99% of DRM solutions don't even support DRM because you can't really lock down arbitrary linux installs.

en.wikipedia.org/wiki/Direct_Rendering_Manager

The default is now xpdf, with the option to uncomment zathura and comix. Thanks for the insight.

WUGS default apps are openvpn, nmap, etherape, sxiv, pcmanfm, mpv, xpdf, optional firefox-esr or chromium. Optional apps are libreooffice, arandr, zathura, comix.

Not sure if it was considered already, but mupdf is nice