Richard Bucker

Part 2 - the ideal system

Posted at — Nov 7, 2019

As I’m racing through the discovery on this subject I’m close to the end. The ideal platform is one that is air-gapped and has everything you need to start all over. For example if you trusted Ubuntu and their curated repo then making your own copy onto read-only media and then placing that media in an air-gapped network or storage would be useful. The problem with any of the Linux distros is that they are so dependent on modern hardware, many millions of LOC, thousands of programmers, and so on. Also, linux became so big that the network only distribution model was adopted very early. Earlier than modern hacking. And with so much code a different model for detecting back actors is needed and by the time that’s in place it may just be too late.OpenBSD checks a number of boxes;I have CDROMs that date way backIt has tools that cover all the basics so that starting from the beginning might not be necessarysupports a number of CPUsgenerally speaking it’s reliable, sensible, and inline with *nix thinkingThe thing is… if I had to everything is right there in the box, so to speak.packet filter for building your own firewallhaproxy as a reverse proxynginx, lighttpd, apache web servermaria, mysql, postgres, sqlight database serversasterisk phone servercertbot, letsencrypt, openssl cryptofirefox, mozilla, freeradius authenticationchroot, jailscripting languages like bash, perl, python, tcl, luaOpenSMTPd, postfix, mutt, post - email servers and clientcode editors like vim, joe, jedgit and fossil version controland with all of the source packaged here you can make world.What I’m saying here is that everything you need is here. If you put the whole thing on a USB and moved to the north pole you could still get great work done without the distractions from the modern world that just adds complexity and risk.