[Whonix-devel] [Secure Desktops] Hi!

ng0 contact.ng0 at cryptolab.net
Thu Feb 2 14:35:01 CET 2017 

bancfc at openmailbox.org writes:

> On 2017-01-30 20:41, ng0 wrote:
>> ng0 <contact.ng0 at cryptolab.net> writes:
>> 
>> 
>> […]
>> 
>>> Indeed, which is why I see tlsdated only as an intermediate solution.
>> 
>> Clarification about this point:
>> I did a short braindump about the roadmap. As it's not gitlab or
>> anything interactive (that's stuck behind an invite only onion
>> for now) I have to add that for some months I got lost and right
>> now almost everything is at 80%, working on the last 20% of
>> almost everything.
>
> Take your time. Please let us know when your public tracker goes live 
> for a chance to give feedback.

I gave it a second thought: At secushare we are still discussing
which issue tracker to use when we move, and yesterday I changed
the description of my project (see signature url) to clarify the
state. There will be no bugtracker dedicated for this project,
but feedback can be sent to my e-mail address and various other
ways I can be reached. The bugtrackers are multiple, as bugs and
issues can be filed directly against the 3 upstreams.
As soon as this project would go beyond just being a blend of
GuixSD, I will use a bugtracker (probably at our mantis on gnunet.org).

>> 
>> * You will see that tlsdated is just really intermediate.
>
> Got it :)
>
>> 
>> * Section "/ [optional items]" is one of these items which would
>>   need better documentation to understand, the short note is:
>>   ignore this section.
>> 
>> * I could exchange uclibc-ng for musl if I wanted a shortcut, but
>>   this would involve running into even more walls.
>
> uclibc-ng sounds cool. Where can I read more about the hardening 
> features it implements?

I think the best way is to check out the hardened uclibc-ng of
Gentoo. For me hardened uclibc-ng is "future music" as I have to
work on hardening the current system first, then do work (and
discussions) to support more than just glibc.

>> 
>> https://www.inventati.org/patternsinthechaos/pragmaOS/
>> 
>
>> new service: system selfdestruction(?)
>
> Something like a hotkey combination that securely erases the encrypted 
> partition's headers?
>
>> 
>> For sdwdate:
>> 
>> As far as I know I got stuck with porting genmkfile. Months later
>> I will sure proceed further than before, but I think I might
>> still hit problems. I imagine whonix-devel at whonix.org is the
>> right list to address for porting issues.
>
> Yes. Please feel free.

I think I can get back to genmkfile and sdwdate next month to
give you feedback where I was stuck.

>> 
>> […]


-- 
ng0 . https://www.inventati.org/patternsinthechaos/

More information about the Whonix-devel mailing list