[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] obfs4proxy and ports < 1024



Wanderingnet:
> I have considered it, as I explored various distros, most buggy and
> by no means secured out-of-the-box, in my view. But I have had such a
> nightmare experience working to any degree of satisfaction with
> Linux, I am reluctant to work on anything more stripped down. Alpine
> Linux was another option I looked at, for example, but there is no
> readily available Live CD - you have to build it yourself from
> command up (ideally from chroot, I think, to provide the basic
> packages and a desktop), then find a way to make a live distro from
> it. I remember looking at the BSD site and downloads and pondering on
> what I would have to do to get a working live boot...But I have been
> generally disappointed by the lack of an ideal secure OS ready to go
> with which I am happy. OS work has been put on the backseat for me
> for now :) I need a break from it.
> 

Jumping in late to the party... specifically from BSD-land.

Keep in mind "stripped-down" is an individual's perspective. I think
OpenBSD is very tight, and the kernel is rumored to shrink on occasion
with releases. Yet by default, OpenBSD contains an httpd and smtp
server, fvwm for X and other things one might consider "bloat."

Live CDs aren't mainstream like they were ten or more years ago.
Specifically with FreeBSD, you had FreeBSD tools like Freesbie alive and
active. It's still in FreeBSD ports in sysutils, but I haven't used in a
long time. NanoBSD is another simple build system for RAM-based systems,
but I think most of the activity is/was around pfSense (which
discontinued using it, I think) and for arm platform builds.
Specifically look at Crochet for FreeBSD as another option.

It seems most full system on USB/CD media systems are EOL'd at this point.

It remains a relatively do-able task for any OS. Install to the media as
a target, boot off it and configure as you desire. If you want something
easier to maintain longer-term on OpenBSD, you might look at vnd(4) and
vndconfig(8) manual pages.

The issue remains there are so many different needs and preferences in
such systems, a simple third-party download that is one-size-fits-all is
unlikely. You'll notice that with systems that contains X managers,
where it's all XFCE, or KDE, or whatever. A creators view of the ideal
set of utilities and packages rarely matches that of more than a few users.

If it's really something you want, you should probably do it yourself.

We (https://www.torbsd.org/) have weighed doing some sort of TAILS-like
system for OpenBSD, but it's not in the cards in the near term. On that
note, you might look at our wiki at https://wiki.torbsd.org/ for more
relevant information.

g






> 
> ​Sent from ProtonMail, Swiss-based encrypted email.​
> 
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> 
> On March 18, 2018 6:56 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:
> 
>> ​​
>> 
>>> /etc/protocols
>> 
>> No, that affects userland libraries, largely unrelated
>> 
>> to the kernel. If some simple tool like netcat is kenel
>> 
>> blocked from binding < 1024 as uid 0, then your Linux
>> 
>> distro of the month has included some settings or security
>> 
>> architecture / patch beyond kernel.org, or something in
>> 
>> all those extra layers of abstraction has broken, which
>> 
>> you need to learn then fix, set, or work around as needed.
>> 
>> Or switch to FreeBSD for a more integrated leaner
>> 
>> experience that just works as a whole.
>> 
>> https://www.freebsd.org/
>> 
>> https://wikipedia.org/wiki/FreeBSD
>> 
>> https://www.freebsdfoundation.org/
>> 
>> 
>> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> 
>> To unsubscribe or change other settings go to
>> 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> 


-- 


34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk