With the talk of comprimise in security amongst GNU/Linux systems, I've decided to finally step up my security game. While most threads are discussing how it happened, I'd like to discuss security protocol to minimize/prevent snooping. My knowledge is very lackluster, and consist mainly of dialogue from this site: (one internet-connceted and more public, one not) are good, but tor and VPNs may be broken
But that's basically the full extent of it. I lack a bigger picture and understanding of how it all ties together. I thought in my free time it'd be great to start working through some literature on improving one's security, so any sources are welcome. Stallman's always exmaplary in this regard, and in this article: stallman.org/stallman-computing.html , he mentions having webpages mailed to him via a daemon. Any of you do something similar and want to share how you set it up?
Which I'm going through and trying to make consistent small changes. Hopefully it all begins to make sense soon. I know the answer isn't as simple as "OpenBSD".
Install Gentoo is still, and has always been, a solution. Hardened Gentoo with musl, perhaps only amd64 (for purity, not security) is more than safe enough. make sure you have
in your make.conf.
Luckily for me I have an x200 with Libreboot. Waiting on Librecore.
Jackson Butler
I've an x60 that I'm librebooting ASAP. So, you're not worried then? Libreboot & a hardened Gentoo with solid op-sec are enough?
Jeremiah Nelson
I haven't been worried since day-one when I installed libreboot read-only
Brayden Lee
Even when not only accessing the internet, but posting online? Surely you don't use TOR 24/7, do you? Or do you just feel safe behind a couple VPNs and a TOR node?
Isaac Turner
I just use Mullvad VPN, and I pay with Bitcoins. To connect to the internet I use OpenVPN and dnscrypt-proxy. My browser changes user agent every page reload, I have umatrix and ublock0, self destructing cookies, a bunch of other shit. Just don't be a retard who runs `.sh` files off the internet without reading them
Christopher Rivera
No love for FreeBSD?
Samuel Perez
Nothing in Vault 7 of what has been released so far as much as implies this. All we know is that the CIA considers systemd good enough to use internally.
Jason Russell
The more you try to avoid shit the more obvious you become and stand out on the network level. I would recommend installing gentoo, flashing your router firmware with something FOSS, replacing your bios if possible and keep everything at the hardware/software level as FOSS as possible. Have Tor and i2p downloaded installed and updated on your machine and use a firecuck fork.
Your spelling of Tor is triggering my autism
systemd has plenty of objectively bad things about it but we can't say it's compromised yet for sure. I'll just assume at this point though
Thomas Davis
Why at this point? Nothing has been revealed that makes it reasonable for your opinion on systemd to become worse.
Luke Brooks
Seems to me if I was the CIA or NSA I would probably look at targeting what is becoming the most popular init system among linux communities. Your first post is right though, there's no proof at this point.
Liam Mitchell
flashing the router is a novel idea, thank you. What Firefox fork would you recommend, and why not use the cuck itself? I don't believe any fork is more secure after add-ons and extensions, right? Firefox just comes with botnet mode enabled, to my understanding.
Also, I'd like to formally engage in a gentoo vs openBSD security flameware. Can they match eachother in terms of security, once hardened and configured (to a reasonable extent, no rewriting the OS)?
Jaxson Young
OpenBSD is better imo because it requires less fiddling and gets a regular code audit That said, it also has less software options (though, that also means less attack vectors) My major problem with it it doesn't support very many platforms (i.e. Nvidia users are cucked, armv7 users that aren't using rPi/memeboards are cucked, etc.)
Colton Taylor
OpenBSD tries to be secure by default. With Gentoo you need to manually configure basic things like privilege separation for downloading package sources or validating repository snapshots.
Matthew Adams
I want to build a firewall with something like PFSense, looking to get some hardware that isn't pozzed. Aside from buying a battered laptop on EBay that might have 7 years of coffee spilled onto it, what are a good list of processors? I want to try and build something using NOS that has no millage on it.
Kayden Carter
Find a NOS ALIX board, for a long time it was the goto platform for them, tops at 3 eth, 2 miniPCI and uses a Geode proc with 256 ram (far more than enoughf unless your using pfs as a whole utm box). Also uses less power than a nightlight/no heatsink needed.
Carson Torres
low power is exactly what i was aiming for. not interested in toasting PITA to source hardware because the fucking fan bearing popped out. thanks fam.
Ya I sold em for a while, recently pfs has somewhat over-ran that platform but 2.2.2 is what I use on all still in service (their official geode/serial distro) They even have (had) a package called blinkled? to assign the 3 onboard LEDs to various things like link or state of things. Also, the Geode is basically (relativly) modern made a k6-2.
Easton Ramirez
PC Engines ALIX.1E looks like it can take a beefier NIC, for now the 2D13 looks good though.
Matthew Morris
Personally, i never messed with the kiosk ones, 2+ nics and a serial port is what pfsense developed the distro for. You connect like any other real network hardware: with a serial port at 9600baud. Also, pfs wifi component is garbage (not their fault), either get a cheap ap or use whatever all-in-one you have laying around with everything off as just another network device. The 2 and 3 port ones were often sold with a form fitting aluminum case (someone even made a 1u). I still have 3 2d13s in service and expect then to live as long as my old k6-2 does (forever)
Mason Hill
yea i was going to do that to expand wireless access to keep cell data costs down. I actually got a shiny new linksys I plan on putting behind this, just for the wireless. I'll use a dumbed-down regular switch to expand CAT connections.
Adrian James
Personally, I don't care so much about standing out. The main thing I care about is that my system remains secure from intruders, malware, and related botnet shit. I never used Tor or similar stuff, and don't really need them. I use Lynx and Links as my default browsers, and their fingerprints are pretty unique compared to Firefox, Chrome, and Webkit-derived stuff. But to some extent, the lack of javascript, along with some blocking of analytics stuff via unbound.conf and /etc/hosts, helps to avoid part of the tracking mechanisms. But that's a secondary goal, and not my main focus.
BTW, OP if you're going to do the RMS webemail proxy thing, try to have your proxy server email you a plain text file of just the web page content, so your local machine doensn't even have to parse the HTML ("lynx -dump" can do this, for example). That'll be one less possible attack vector. Plain text is the final solution.
Connor Barnes
I'm happy to see posters like you on Holla Forums still. If only we could rebuild and compile a world where that monster wasn't born.
