Richard Bucker

Part 2 - the ideal system

Posted at — Nov 7, 2019

As I’m racing through the discovery on this subject I’m close to the end. The ideal platform is one that is air-gapped and has everything you need to start all over. For example if you trusted Ubuntu and their curated repo then making your own copy onto read-only media and then placing that media in an air-gapped network or storage would be useful. The problem with any of the Linux distros is that they are so dependent on modern hardware, many millions of LOC, thousands of programmers, and so on. Also, linux became so big that the network only distribution model was adopted very early. Earlier than modern hacking. And with so much code a different model for detecting back actors is needed and by the time that’s in place it may just be too late.

OpenBSD checks a number of boxes;

The thing is… if I had to everything is right there in the box, so to speak.
  • packet filter for building your own firewall
  • haproxy as a reverse proxy
  • nginx, lighttpd, apache web server
  • maria, mysql, postgres, sqlight database servers
  • asterisk phone server
  • certbot, letsencrypt, openssl crypto
  • firefox, mozilla, 
  • freeradius authentication
  • chroot, jail
  • scripting languages like bash, perl, python, tcl, lua
  • OpenSMTPd, postfix, mutt, post - email servers and client
  • code editors like vim, joe, jed
  • git and fossil version control
  • and with all of the source packaged here you can make world.
What I’m saying here is that everything you need is here. If you put the whole thing on a USB and moved to the north pole you could still get great work done without the distractions from the modern world that just adds complexity and risk.