[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] obfs4proxy and ports < 1024



I just took a look at availability of FreeBSD Live ports - not mainstream, you say, although I think there are inherent advantages to running live systems (in part implied in why TAILS opts to be so by definition - my own pref is to exceed this and run the live boot image without ever installing it, making it continuous at each boot without being affected by usage, and capable of being reestablished and redeployed rapidly in case of failure). GhostBSD is one example, Frenzy is another. The latter, pondering defunctness, also illustrates another problem with distros in general, and the Linux road is littered with abandoned attempts, distros that are no longer supported, and so on. Repo operating systems need Repo support, and a constant user base that includes its developers. 
I also took a look at the Tor/Tor Browser Bundle issue with regard to BSD, where I see many have issues using the two together, as if Linux in this regard did not presenr enough. I have just had month after month of problems with Tor implementation - though not with the simple act of running Tor per se. I feel TBB is also superior, and would like to run Tor as a daemon from it, which no one seems to be doing. Many of the security issues derive from online operation -  withness the kerfuffle over DNS leaks - rather than OS kernel security itself (most pertinent to containment, in my view). 
The problem for me with Tor, as what should be one arm in a repertoire of secure systems that are largely unimplemented by default in most - and most security - OS's - is the potential lack of security or anonymity of its exit nodes, to which Tor Ram Disk was supposed to offer a solution but is unimplemented.
I became very tried of the work, and of the minefield of security advice, applications, and over-proliferation of problems associated with online security as a whole, including with regard to Tor. 
TAILS for me was a non-solution - rigid, not generally receptive to Debian's support for software, lacking VPN/I2P/Freenet support, over-committed to Tor alone, and what I felt was an awful front-end. I at least want to use an OS with a slick and approachable GUI. Fedora is now among the few OS's offering kernel hardening as a matter of course - and in my experience was riddled with bugs, despite being the apparent source for Redhat. 


​Sent from ProtonMail, Swiss-based encrypted email.​

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On March 25, 2018 3:52 PM, George <george@xxxxxxxxxx> wrote:

> ​​
> 
> Wanderingnet:
> 
> > I have considered it, as I explored various distros, most buggy and
> > 
> > by no means secured out-of-the-box, in my view. But I have had such a
> > 
> > nightmare experience working to any degree of satisfaction with
> > 
> > Linux, I am reluctant to work on anything more stripped down. Alpine
> > 
> > Linux was another option I looked at, for example, but there is no
> > 
> > readily available Live CD - you have to build it yourself from
> > 
> > command up (ideally from chroot, I think, to provide the basic
> > 
> > packages and a desktop), then find a way to make a live distro from
> > 
> > it. I remember looking at the BSD site and downloads and pondering on
> > 
> > what I would have to do to get a working live boot...But I have been
> > 
> > generally disappointed by the lack of an ideal secure OS ready to go
> > 
> > with which I am happy. OS work has been put on the backseat for me
> > 
> > for now :) I need a break from it.
> 
> Jumping in late to the party... specifically from BSD-land.
> 
> Keep in mind "stripped-down" is an individual's perspective. I think
> 
> OpenBSD is very tight, and the kernel is rumored to shrink on occasion
> 
> with releases. Yet by default, OpenBSD contains an httpd and smtp
> 
> server, fvwm for X and other things one might consider "bloat."
> 
> Live CDs aren't mainstream like they were ten or more years ago.
> 
> Specifically with FreeBSD, you had FreeBSD tools like Freesbie alive and
> 
> active. It's still in FreeBSD ports in sysutils, but I haven't used in a
> 
> long time. NanoBSD is another simple build system for RAM-based systems,
> 
> but I think most of the activity is/was around pfSense (which
> 
> discontinued using it, I think) and for arm platform builds.
> 
> Specifically look at Crochet for FreeBSD as another option.
> 
> It seems most full system on USB/CD media systems are EOL'd at this point.
> 
> It remains a relatively do-able task for any OS. Install to the media as
> 
> a target, boot off it and configure as you desire. If you want something
> 
> easier to maintain longer-term on OpenBSD, you might look at vnd(4) and
> 
> vndconfig(8) manual pages.
> 
> The issue remains there are so many different needs and preferences in
> 
> such systems, a simple third-party download that is one-size-fits-all is
> 
> unlikely. You'll notice that with systems that contains X managers,
> 
> where it's all XFCE, or KDE, or whatever. A creators view of the ideal
> 
> set of utilities and packages rarely matches that of more than a few users.
> 
> If it's really something you want, you should probably do it yourself.
> 
> We (https://www.torbsd.org/) have weighed doing some sort of TAILS-like
> 
> system for OpenBSD, but it's not in the cards in the near term. On that
> 
> note, you might look at our wiki at https://wiki.torbsd.org/ for more
> 
> relevant information.
> 
> g
> 
> > Sent from ProtonMail, Swiss-based encrypted email.
> > 
> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > 
> > On March 18, 2018 6:56 PM, grarpamp grarpamp@xxxxxxxxx wrote:
> > 
> > > > /etc/protocols
> > > 
> > > No, that affects userland libraries, largely unrelated
> > > 
> > > to the kernel. If some simple tool like netcat is kenel
> > > 
> > > blocked from binding < 1024 as uid 0, then your Linux
> > > 
> > > distro of the month has included some settings or security
> > > 
> > > architecture / patch beyond kernel.org, or something in
> > > 
> > > all those extra layers of abstraction has broken, which
> > > 
> > > you need to learn then fix, set, or work around as needed.
> > > 
> > > Or switch to FreeBSD for a more integrated leaner
> > > 
> > > experience that just works as a whole.
> > > 
> > > https://www.freebsd.org/
> > > 
> > > https://wikipedia.org/wiki/FreeBSD
> > > 
> > > https://www.freebsdfoundation.org/
> 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> 
> > > To unsubscribe or change other settings go to
> > > 
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> --
> 
> 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682
> 
> 
> -----------------------------------------------------
> 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> 
> To unsubscribe or change other settings go to
> 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk