this post was submitted on 15 Oct 2023
282 points (97.3% liked)

Technology

59715 readers
5939 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

I'm personally motivated in a non-commercial way to supply everyone with as much cybersecurity as possible in the interests of civlization, especially now. I've just finished what I wanted to releae as "set" 2 days ago and it's time to announce them.

I'm the former Web Application Security Team Lead for the National Computer Center, Research Triangle Park, having been contracted to the EPA by the now defunct Computer Sciences Corporation.

If you have some extra hardware not really being used I would suggest perhaps a great use of it would be to create yourself a hardened platform, just in case, to protect your sensitive data on an emminently stable platform going forward.

Maybe you've always wanted to try a BSD, well now is a great time to do that. They are super stable, super reliable, community drive, and you are in control of everything.

I would also like to mention that if you'd like to go extra hard consider Hardened BSD. Another alternative is using grsecurity/PaX kernel patched Alpine Linux as a Desktop choosing crypt full disk encryption during setup + AppArmor.

Just as an example you can get your hands on a $250 Thinkpad T495 and installing GhostBSD on it is as simple to setup as Linux Mint and runs as fast as a brand new 2023 Windows laptop. If you choose Dragonfly BSD, the fastest BSD, on a T495 (the lastest year fully BSD compatible laptop), my repo will completely configure it for you, complete with all applications needed for a professional developer.

In addition to that I've created a Network Based Firefox hardening solution that wipes the extremely profitable, For-Profit, Mozilla Corporation off your Internet and easily combines with Arkenfox. It removes Mozilla servers from being contacted by any application or service on your machine and does not interfere with web page rendering.

I've created my own Git Repository using Gogs (which Gitea is based on) where you can get all the goods here:

Latest Software

https://quadhelion.dev

Main Website

https://www.quadhelion.engineering

About

https://www.quadhelion.engineering/about.html

Backup GitHub

https://github.com/wravoc

Backup BitBucket

https://bitbucket.org/quadhelion-engineering/workspace/repositories/

all 19 comments
sorted by: hot top controversial new old
[–] elias_griffin 22 points 1 year ago (2 children)

Yes, I'm serious about my mission statement in the beginning and I have some more ideas. First there is a Linux OS that installs all kinds of Educational Software, like Encyclopedia, Maps, Learning Tools that is all available offline in the full 17GB Full Version. It's called Endless OS (no affilitions) and here is the excerpt.

Multi-language system, pre-loaded with apps in English including games, productivity software, reference materials like Cooking, Farming, Health, Travel, and educational materials like a robust Encyclopedia.

It would be great if all of us could have some of the civilization important databases on this BSD installation of yours. Please contribute a downloadable database file or file set you know of. I'll start.

Downloadable Wikipedia Database Encyclopedia Britannica All Volumes

[–] [email protected] 11 points 1 year ago (1 children)

I've recently been looking into downloading offline copies of important data, since I don't expect that today's freely available information will continue to be freely available and accessible in perpetuity.

One problem I quickly ran into was that e.g. wikipedia downloads are not in an easily browsable format.

I found a project called Kiwix that packages datasets from a variety of free sources, like Wikipedia and Project Gutenberg, along with a reader application that can read these "zim" archives. The different data sources are available via torrents or direct downloads. https://wiki.kiwix.org/wiki/Content

I'm particularly interested in freely downloadable archives of scientific papers. A lot seems to be paywalled, or at least free-account-walled, even though the papers themselves are theoretically open-access. I would love to know of any sources out there to download an entire database locally.

[–] elias_griffin 4 points 1 year ago (1 children)

I was thinking the exact same thing, thanks for the awareness! Tangentially, problem with Wiki is it's excellent for Who, What, Where, but is nearly totally bereft of how to do anything.

[–] 0ddysseus 3 points 1 year ago

Aha! I went down this road recently.

I have the main full Wikipedia plus extras on my file server accessible on the home land through kiwix.

It was really simple and painless to set up. It also includes wikihow which is the How you're after

These things aren't the greatest sources for anything of course but they cover pretty much everything you might want to know in a general "archiving human knowledge at home" sense.

Very happy with it all and have bookmarks on all the devices at home now.

10/10

[–] elias_griffin 1 points 1 year ago* (last edited 1 year ago)
[–] [email protected] 11 points 1 year ago

Thank you for taking the time to build and share this. I’ve dabbled in the BSDs from time to time and use TrueNAS as my storage solution at home.

[–] funker 5 points 1 year ago (2 children)

I can’t recommend anyone who doesn’t even fully comprehend windows to install any Linux distribution for security purposes. Sounds like a disaster waiting to happen.

[–] [email protected] 3 points 1 year ago

I don't think I'd necessarily agree with that, but just to note, op is recommending the BSDs, not Linux.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Oh yeah? How often are you able to prevent the windows installer from ignoring your partition tables that you just configured manually, with the fucking Windows partition tool?

Because I'm up to about 50/50, and I've installed more Windows, Linux, and BSD systems than anyone ever should.

Point is, can anyone really truly and completely understand the temperamental beast that is the Windows installer?

Also, this is BSD, not Linux. So there's that...

[–] [email protected] 5 points 1 year ago (2 children)

Ok, color me intrigued. I've got some general questions

  • What is your stance on Universal Design as it applies to ethical engineering?
  • Also, your site indicates you're a fan of >1 level thinking. What risks have you anticipated in developing/providing these resources?
  • Also, Is there any thinking around how you might measure or address bias in data and source selection, or engineering decisions?
[–] elias_griffin 6 points 1 year ago (1 children)

Bringing the big brain out on me! This is off the cuff.

  1. I was not aware of Universal Design principles but a quick look suggests Principle 5: Tolerance for Error is most applicable to Software Engineering. Why not 1-5 bedrock? Because, in my opinion the general state of software is that it is more functional yet just as unreliable in decades past. What is the first thing a little experienced user to do when an error occurs? Yeah, they quit. No access. The micro-service paradigm has made the situation emminently worse as even finding the blame/responsibility for "no access" is fruitless.

2a. With anything of this type, the most obvious risk is to my own reputation. Security is a field burdened with responsiblity, people come to rely on it, what if they get hacked using my repo? I only took on things I spent months understanding and testing absolutely everything by hand. I limited myself to only distributions I could juggle, use daily, so I could be responsive to needs.

2b. Risk is competing objectives. FreeBSD and thus it's reliants, Ghost and Dragonfly, are in a strange position right now. FreeBSD is Linuxifying itself and adding more Corporates Sponsorships than ever in a path away from traditional BSD security. This presents itself a potentially competiing ethos situation for me, but not yet.

2c. OpenBSD is used by world security intelligence agencies and I hear the DoJ. Am I without my knowledge picking sides here and favoring some entities over others? Famously DARPA and FBI backdoor right? I researched the OpenBSD Sponsorship list carefully and asked around. The OpenBSD availability (at least of the version we use!) is equitable and I purposely put out an OpenBSD honeypot to see which entities would try to compromise it! Results: Fair.

  1. This is a can of worms because what we are really talking about is the Linux-Effect. Started out community home-grown to now be a Corporate Globally Mega-Corp sponsorship vehicle estimated to be worth $100 Billion. Even Apple is now a Silver Linux sponsor. What am I saying is Corporate dominance is think-tanking and policy making. Data selection is inherently profit focused instead of Humanity Progression focused. Bodies like the UN, EFF, et al. are wholly ineffective.

The paths forward on that are gruesome to be honest as what would be best would be something like a randomly selected group of High School Science Fair finalists and Waitresses to form a Governance body with teeth to dissolve Corporations completely for profiteering off populace private data, genetic data, financial data, and the engineering decisions that are ubiqutously driven by them when determined that a Corporation or other Government body is acting against out future.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I appreciate the responses, I know they're not simple questions that lend themselves to quick answers.

As a follow-up:

  • What would you say and do if I told you your websites currently employ some techniques that are considered hostile to users with some disabilities?
  • What would be your process in addressing that, or is it not a concern/priority to you?
  • If there are relatively technically simple changes that can be implemented, but they are not ones you consider aesthetically pleasing or enjoyable, would that affect your stance?

suggests Principle 5: Tolerance for Error is most applicable to Software Engineering

I would say they all apply in different ways, but it's clear you come from a backend architecture perspective, so I'm not surprised Universal Design isn't a concept you have run into previously. No hate, just interdisciplinary acknowledgement that some topics never get traction in other areas.

I purposely put out an OpenBSD honeypot to see which entities would try to compromise it! Results: Fair.

Now that is also intriguing! I... won't get into asking how you were able to attribute parties to that, even if I am very tempted.

What am I saying is Corporate dominance is think-tanking and policy making. Data selection is inherently profit focused instead of Humanity Progression focused.

Yep, I'm on board with that. One of my personal areas of interest is how we shift that focus, hence my interest in your approach.

EFF and UN are wholly ineffective

Mmm, as an enforcement system, yes, but I'm unsure they ever really were designed for that. I think they still have some very important things to contribute to ethical engineering. But that's another topic altogether too.

[–] elias_griffin 1 points 1 year ago

Interesting timing, myself having spotlighted Corporate greed in my screed. The internet is afire, bringing the website offline at times, with the supremely influential updated tonight https://usdebtclock.org/ covering up all it's valuable financial data in a foreboding hint with the following quotations:

“You are a den of vipers and thieves. I intend to rout you out, and by the eternal God, I will rout you out. If Congress has the right under the constitution to issue paper money, it was given them to be used by themselves, not to be delegated to individuals or corporations.”

“The mischief springs from the power which the monied interest derives from a paper currency which they are able to control, from the multitude of corporations with exclusive privileges...which they have employed for their benefit"

  • Andrew Jackson.
[–] [email protected] 5 points 1 year ago

Grsecurity stopped providing their kernel patches for free years ago. The alpine grsec patches are years old -- like before spectre/meltdown. Don't use them. Just use hardenedbsd/netbsd/openbsd.

[–] [email protected] 3 points 1 year ago (1 children)

You sound like a buddy of mine from high school. Great guy, I'd love to see what he's up to now, but last I heard it was super secret, like he's trying to build his own kernel and he doesn't want anyone to copy him, I guess.

Anyways, ELI5? Any good reason I should use your system instead of Debian 12 and normal hardening practices? You talk about "Linuxification" like it's a bad thing, can you expand on that idea? Most people use PCs for gaming or media purposes, how do you address that issue?

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago)

Also his (so far unsupported) shots against Mozilla. How does that help in a world where >90% of the Desktop world is still dominated by Microsoft and web and mobil by Google products?