this post was submitted on 15 Oct 2023
288 points (97.4% liked)

Technology

58303 readers
17 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
288
FreeBSD, GhostBSD, OpenBSD, Dragonfly BSD, Firefox Hardening - FOSS - git clone (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
18 comments fedilink hide all child comments
 

I'm personally motivated in a non-commercial way to supply everyone with as much cybersecurity as possible in the interests of civlization, especially now. I've just finished what I wanted to releae as "set" 2 days ago and it's time to announce them.

I'm the former Web Application Security Team Lead for the National Computer Center, Research Triangle Park, having been contracted to the EPA by the now defunct Computer Sciences Corporation.

If you have some extra hardware not really being used I would suggest perhaps a great use of it would be to create yourself a hardened platform, just in case, to protect your sensitive data on an emminently stable platform going forward.

Maybe you've always wanted to try a BSD, well now is a great time to do that. They are super stable, super reliable, community drive, and you are in control of everything.

I would also like to mention that if you'd like to go extra hard consider Hardened BSD. Another alternative is using grsecurity/PaX kernel patched Alpine Linux as a Desktop choosing crypt full disk encryption during setup + AppArmor.

Just as an example you can get your hands on a $250 Thinkpad T495 and installing GhostBSD on it is as simple to setup as Linux Mint and runs as fast as a brand new 2023 Windows laptop. If you choose Dragonfly BSD, the fastest BSD, on a T495 (the lastest year fully BSD compatible laptop), my repo will completely configure it for you, complete with all applications needed for a professional developer.

In addition to that I've created a Network Based Firefox hardening solution that wipes the extremely profitable, For-Profit, Mozilla Corporation off your Internet and easily combines with Arkenfox. It removes Mozilla servers from being contacted by any application or service on your machine and does not interfere with web page rendering.

I've created my own Git Repository using Gogs (which Gitea is based on) where you can get all the goods here:

Latest Software

https://quadhelion.dev

Main Website

https://www.quadhelion.engineering

About

https://www.quadhelion.engineering/about.html

Backup GitHub

https://github.com/wravoc

Backup BitBucket

https://bitbucket.org/quadhelion-engineering/workspace/repositories/

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 6 points 1 year ago (1 children)

Bringing the big brain out on me! This is off the cuff.

  1. I was not aware of Universal Design principles but a quick look suggests Principle 5: Tolerance for Error is most applicable to Software Engineering. Why not 1-5 bedrock? Because, in my opinion the general state of software is that it is more functional yet just as unreliable in decades past. What is the first thing a little experienced user to do when an error occurs? Yeah, they quit. No access. The micro-service paradigm has made the situation emminently worse as even finding the blame/responsibility for "no access" is fruitless.

2a. With anything of this type, the most obvious risk is to my own reputation. Security is a field burdened with responsiblity, people come to rely on it, what if they get hacked using my repo? I only took on things I spent months understanding and testing absolutely everything by hand. I limited myself to only distributions I could juggle, use daily, so I could be responsive to needs.

2b. Risk is competing objectives. FreeBSD and thus it's reliants, Ghost and Dragonfly, are in a strange position right now. FreeBSD is Linuxifying itself and adding more Corporates Sponsorships than ever in a path away from traditional BSD security. This presents itself a potentially competiing ethos situation for me, but not yet.

2c. OpenBSD is used by world security intelligence agencies and I hear the DoJ. Am I without my knowledge picking sides here and favoring some entities over others? Famously DARPA and FBI backdoor right? I researched the OpenBSD Sponsorship list carefully and asked around. The OpenBSD availability (at least of the version we use!) is equitable and I purposely put out an OpenBSD honeypot to see which entities would try to compromise it! Results: Fair.

  1. This is a can of worms because what we are really talking about is the Linux-Effect. Started out community home-grown to now be a Corporate Globally Mega-Corp sponsorship vehicle estimated to be worth $100 Billion. Even Apple is now a Silver Linux sponsor. What am I saying is Corporate dominance is think-tanking and policy making. Data selection is inherently profit focused instead of Humanity Progression focused. Bodies like the UN, EFF, et al. are wholly ineffective.

The paths forward on that are gruesome to be honest as what would be best would be something like a randomly selected group of High School Science Fair finalists and Waitresses to form a Governance body with teeth to dissolve Corporations completely for profiteering off populace private data, genetic data, financial data, and the engineering decisions that are ubiqutously driven by them when determined that a Corporation or other Government body is acting against out future.

[โ€“] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I appreciate the responses, I know they're not simple questions that lend themselves to quick answers.

As a follow-up:

  • What would you say and do if I told you your websites currently employ some techniques that are considered hostile to users with some disabilities?
  • What would be your process in addressing that, or is it not a concern/priority to you?
  • If there are relatively technically simple changes that can be implemented, but they are not ones you consider aesthetically pleasing or enjoyable, would that affect your stance?

suggests Principle 5: Tolerance for Error is most applicable to Software Engineering

I would say they all apply in different ways, but it's clear you come from a backend architecture perspective, so I'm not surprised Universal Design isn't a concept you have run into previously. No hate, just interdisciplinary acknowledgement that some topics never get traction in other areas.

I purposely put out an OpenBSD honeypot to see which entities would try to compromise it! Results: Fair.

Now that is also intriguing! I... won't get into asking how you were able to attribute parties to that, even if I am very tempted.

What am I saying is Corporate dominance is think-tanking and policy making. Data selection is inherently profit focused instead of Humanity Progression focused.

Yep, I'm on board with that. One of my personal areas of interest is how we shift that focus, hence my interest in your approach.

EFF and UN are wholly ineffective

Mmm, as an enforcement system, yes, but I'm unsure they ever really were designed for that. I think they still have some very important things to contribute to ethical engineering. But that's another topic altogether too.