Slashdot Mirror
Secure, Portable, Virtual Privacy Machine
solcity writes "Looks like an online privacy company, Metropipe, are
planning to release a secure linux virtual privacy machine that runs from a USB stick. The image contains a pre-release of their new 'Metropipe Tunneler' product and also contains Firefox, and Thunderbird with the Enigmail/gpg extension. Looks
like the whole thing is based on damnsmalllinux
and uses qemu to boot on Windows or Linux
without any installation or configuration. Very interesting use of qemu and damnsmalllinux, and all 100% GPL."
this is more of a gadget than a your-rights-online
No, PGP is a commercial, non-GPL'd product.
They mean GPG, open source software that works in the same way.
Lose Weight and Feel Great with Isagenix
The zip is 82MB. Probably want to run this on a 256MB or larger key so you have room to store data as well...
I was reading about something like this on a PC Magazine sometime ago called the stealthsurfer (http://www.stealthsurfer.biz/). I guess it's like this except that this one uses GPL software (stealthsurfer uses a personalized version of netscape 7)
std::disclaimer<std::legalese> sig=new std::disclaimer; sig->dump(); delete sig;
RTFA: it's run on the qemu emulator. You first boot the host OS, and your qemu session is just a process under that, with no more rights than otherwise.
:-).
If you had a boot CD, now that would a problem. Would I let someone boot my laptop from Knoppix? Not unless I would trust them to sysadmin my laptop
As the above poster says, security accepted wisdom is that physical control implies vulnerability.
sigs, as if you care.
The ./ story, as well as the link (Portable Virtual Privacy Machine), say that it's 100% GPL, but at least the Mozilla parts (Firefox and Thunderbird) are under the Netscape Public License.
Huh? NPL is Gone. Dead. Buried. Mozilla has been (mostly, and the exceptions should be BSD etc. GPL-compatible) LGPL/GPL/MPL tri-licensed for quite a while now, the new licensing policy is over three years old.
Well, they've provided a torrent too, which seems quite well seeded for the moment. So, should not be a problem!
How to avoid keyloggers
A quote from there website:
"MetroPipe's proxy servers are located in the privacy friendly jurisdictions of The Netherlands and Germany."
The Netherlands and Germany privacy friendly? Yeah, sure, compared to China maybe.
The Netherlands is known as the country where the most phone-taps are placed.
Germany and The Netherlands are preparing Europian legislation to log every email message you send, to log every url you are visiting for at least a year "to fight terror".
Europe is getting even worse compared to the US; everyone is a suspect from now on.
Freedom of speech is only guaranteed when you agree with the majority.
Wake up my friends!
The limitation on the number of writes to a particular area of memory has been known since flash memory first started to appear. Most devices or drivers should account for the issue by either rotating writes to avoid overusing one particular region or by remapping failing sections into other areas. Remapping failing areas will cause the available capacity of formatted flash devices to gradually shrink, while rotating writes will attempt to keep any areas from wearing out too fast (making it more likely that multiple areas will start to fail around the same time). Someone who's done more looking into this should be able to give a good idea which technique(s) are most widely used.
fencepost
just a little off
I just tried this on two reasonably modern machines, and it's slow as hell. Unusably slow. QEMU claims to be a 'FAST!' emulator. It is not.
Why not use Cygwin instead? Almost all of the apps in this distro has have been ported to cygwin, and I doubt there'd be much trouble porting Firefox if someone got serious about it.
A cygwin based distro could pack a minimal installation (including X) on a USB keyfob that would provide all of the same functionality, but running the apps as native code, at near native speed (minus the small cygwin/POSIX to win32 api translation penalty).
Now of course this solution won't work on a Linux machine, but I think it would be rare that you'd encounter a Linux machine that you'd want to run this on. Most likely you'd be at a friend's house, or in a computer lab where everything runs windows.
Last week I was thinking about exactly this question. I've been using VMware to do the same sort of thing form my laptop, but it has the disadvantage of being costly, non-portable (no easy or possibly legal installing to usb drives/etc.), and not pre-configured for the purpose of this VPM. But in my experience VMware is quicker, feeling almost like the emulated computer was the host computer.
At any rate, I installed and ran this VPM software, and it certainly seems to deliver, and has a very nice collection of pre-installed apps. Sadly the performance is about as poor as you might expect (that's running it off a HD, not a USB drive). Every operation takes a while to complete, click on Firefox, and wait 40 seconds for it to ask which profile you want to use (this is after first use). Type in a URL and wait at least 30 seconds for any signs that it's coming up. My laptop is only P4M 1.8Ghz, so no doubt performance would be much better on a more recent machine.
Still, pretty neat, though not entirely usable for me.
quincy
Don't vote for Eugene Papansanovich for Congress!
Nothing new, Primedius WebTunnel http://www.primedius.com/ already has a USB version, and you don't need to boot into a new OS. Works with your existing desktop.
I like Primedius because it's much more powerful than what I hear Metropipe is....let's you use HTTP, SOCKS, NTTP, etc.
Plus they have some sort of peer network that allows you access to sites that have been blocked/censored. Rumor has it that they have a huge overseas userbase.
This is more secure than nothing (although there is the danger of a false sense of security!) and it would allow you to use portable encryption on machines that belong to people you trust, but that's all.
It would be much better to boot a secure OS from the key. Something like Tinfoil Hat Linux (following the link is worth it just for the Tux picture), but with more features (Tinfoil runs from a 1.4MB floppy, I think). Tinfoil can play text output as Morse Code through the keyboard LEDs, however, to prevent Tempest attacks.
It's a compromise. It's more difficult to modify the hardware than the software. And the software can easily be compromised without even the owner knowing it by various spyware.
A computer at an internet cafe is likely to have spyware on it, but it would take more work for them to install a physical keylogger. So if you sit down at one of those, you should at least check it for one of these.
So this will protect you when you're borrowing a friend's computer or dropping in on a client or customer. Probably. It can't reduce the trust to zero. You can get closer to zero by borrowing an Ethernet cable and using your own laptop, but it would certainly be convenient to have to bring along nothing more than a tiny USB key than having to schlep around your own processor, monitor, and keyboard.
Why do so many people continue to only use Squid/SSH for proxying when it is not required anymore? SSH supports dynamic port forwarding.
SSH basically includes a builtin socks proxy. Download putty and create a dynamic port on locahost:1080 and say goodbye squid.
Of course there are still advantages to having a local squid proxy, but in most cases it's not worth the effort anymore.
This is exactly why OSX has FileVault. It allows you to encrypt your entire home directory. So when the computer is off your data is safe. I unfortunatly used this with my developer version last summer and it corrupted everything. Luckily the powerbook was brand new and i didn't have anything on it. It should be rock solid now.
Your description is conceptually good, but let me correct and add to it.
- The maximum number of writes a particular area of flash can sustain has been increasing as the technology has matured. Better manufacuter are now promising, in writing, endurance in the 100,000's and even 1,000,000's of erase/write cycles.
- Better manufacturers do both the "rotating," called wear-leveling, and "remapping," called spare sectors management or sparing.
- Flash memory modules already come with reserved spare sectors that are not included in the capacity usable by the host. In other words, as spares are mapped in to replace failing areas, the usable capacity does not decrease. The amount of spares decreases, obviously. Once the spares are gone and a new one is needed, the write will fail. It will be read-only after that but the capacity will be the same as when it was first used.
"Unfortunately, that flash fob is of very limited lifespan."
That's not really a problem. Damnsmalllinux is a livecd distro and the concept is similar when you boot off a flashdrive. The boot media is mounted readonly and the OS actually runs in a ramdisk (these days it's called a shared memory filesystem). The only writes would be user data which is very little compared to the OS.
As far as disposing of a broken flashdrive, I'd say take a hammer to the thing and be sure to smash up the flash chips very well.
Then how can it possibly be considered secure? You have no guarantees that what you see isn't being manipulated by the system you are running it from.
:)
Of course, you shouldn't be using someone else's computer anyway, god knows what kind of keyloggers or whatever it has lurking in it...