Better still is Whonix (VM isolation for both Tor and Torbrowser). TAILS may have a fancy configuration to attempt leak prevention, but privilege escalation attacks are a dime a dozen on Linux.
By the time you get to AmigaOS 3.x (probably 2.x), an app author could choose to have their non-OS dependencies all relative to the app dir. The only exception was something that required a new hardware driver. Of course, there were a few large libraries (one add-on widget set, as I recall) that developers wanted to treat as a common resource.
The Amiga did "do that" to an extent, but the built-in OS functions were too sparse to avoid the developer interest in shared, third-party libraries and runtimes.
"Monolithic apps" is nothing but a formal acknowledgement that the OS stops providing APIs at some boundary. This helps keep both the OS and the app(s) well-defined. What an app needs beyond that point should be supplied by the app's author. Windows follows this model to a certain extent as well as OS X.
OTOH, Linux distros have taken the management model for OSs internals and extended it into applications. This reduces the apps' integrity as a separate (if dependant) thing.
OS maintainers should not be meddling in app packaging to the extent they do on regular Linux distros. It means that every app must be chewed-up into little pieces and sprayed around different places in the filesystem. It means your app will be paired with library revisions it was never tested with, not just for traditional OS functions but also for a lot of the features that make the app(s) interesting. It means app developers have to track the developments in 1,000 different projects instead of worrying about Apple/Microsoft + the 4 extra libraries added to their app. This is one of the reasons Linux repels app developers, and people more intelligent than me, like Mark Shuttleworth, have complained about it for a long time.
Which means its ability to handle system events and manage power must be sh!t. I remember the first time I booted an OS X system that had LaunchD; It only took a few minutes to know it was better. Had the same experience when Ubuntu got Upstart.
I think both Qubes and Gobo are interesting, but to me Gobo's promise was about making the system more sane and manageable to both app developers and their users.
OTOH, this filesystem virtualization could be a nice compliment to AppArmor and maybe enhance security. The underlying problem remains, however: Relying on security features provided by a huge monolithic kernel is always a risky proposition. At the end of the day, I'll organize my computing by threat model (Qubes domains) instead of by convenience (OS X, Gobo).
Probably because security (not just privacy) conscious Tor users were already resorting to platforms like Whonix, a VM that runs on Qubes OS. Think of it like "sandbox++".
The problem is that Qubes can be very finnicky about the hardware it runs on. It prefers to have equipment like an IOMMU, and if your game-o-tron "rig" has all that nice hardware in spades, the firmware will probably fubar it. If you have a Mac, USB hardware cannot be effectively isolated. Qubes usually travels "PC business class" for those reasons: Thinkpads, etc.
So offering garden-variety isolation (monolithic kernel sandboxing) is an accessible way to increase the security level of a privacy platform like Tor. Just don't expect that sandbox to be as strong as what Qubes offers (bare-metal hypervisor isolation).
Wifi equipment has started down a road of anonymization. Linux users have been tinkering with macchanger for a while (though not effectively enough to stop the native MAC address from popping up now and then). Apple made the first big splash when they made MAC randomization standard for scanning mode; Android copied that. Microsoft followed suit with a MAC randomization in more modes. Then the Linux folks finally did it right by building MAC randomization features into Network Manager. The idea, of course, is to keep the original MAC address suppressed.
Maybe the increase in competition will be a good thing.
On the negative side, hardware (esp. DRAM) is becoming a security nightmare, and I don't think Kaspersky OS is going to mitigate that any better than the others.
TAILS tries to provide anonymity within the context of kernel-based security, but browser and privilege exploits are quite plentiful and such malware can go on to reprogram your firmware and peripherals. Qubes provides better protection of the core system, and Whonix ensures that Tor is utilized in a way that's optimum for anonymity.
The wealthy own the mechanisms of the market, and they use this advantage to bleed everyone else dry. They own the politicians, too, so forget about being accountable to regulations or even having meaningful sets of regulations. And market accountability...? Too Big To Fail!
The disparity in wealth upsets the wealthy, too. So they inflame other kinds of conflict (among the working classes) to draw unwanted attention away from themselves.
FBI is not even interviewing the CEO of the server farm where the attacks were launched. He says he'll even provide logs, but no one is asking. I think the US govt knows it won't be good for their image.
Slashdot Mirror
install Linux. Heck, in a VM if you're lazy.
In a VM if you're smart.... https://www.qubes-os.org/
Better still is Whonix (VM isolation for both Tor and Torbrowser). TAILS may have a fancy configuration to attempt leak prevention, but privilege escalation attacks are a dime a dozen on Linux.
By the time you get to AmigaOS 3.x (probably 2.x), an app author could choose to have their non-OS dependencies all relative to the app dir. The only exception was something that required a new hardware driver. Of course, there were a few large libraries (one add-on widget set, as I recall) that developers wanted to treat as a common resource.
The Amiga did "do that" to an extent, but the built-in OS functions were too sparse to avoid the developer interest in shared, third-party libraries and runtimes.
Ubuntu also has something similar now: http://snapcraft.io/docs/core/...
"Monolithic apps" is nothing but a formal acknowledgement that the OS stops providing APIs at some boundary. This helps keep both the OS and the app(s) well-defined. What an app needs beyond that point should be supplied by the app's author. Windows follows this model to a certain extent as well as OS X.
OTOH, Linux distros have taken the management model for OSs internals and extended it into applications. This reduces the apps' integrity as a separate (if dependant) thing.
OS maintainers should not be meddling in app packaging to the extent they do on regular Linux distros. It means that every app must be chewed-up into little pieces and sprayed around different places in the filesystem. It means your app will be paired with library revisions it was never tested with, not just for traditional OS functions but also for a lot of the features that make the app(s) interesting. It means app developers have to track the developments in 1,000 different projects instead of worrying about Apple/Microsoft + the 4 extra libraries added to their app. This is one of the reasons Linux repels app developers, and people more intelligent than me, like Mark Shuttleworth, have complained about it for a long time.
Here is Ubuntu's solution - https://www.ubuntu.com/desktop...
Which means its ability to handle system events and manage power must be sh!t. I remember the first time I booted an OS X system that had LaunchD; It only took a few minutes to know it was better. Had the same experience when Ubuntu got Upstart.
I think both Qubes and Gobo are interesting, but to me Gobo's promise was about making the system more sane and manageable to both app developers and their users.
OTOH, this filesystem virtualization could be a nice compliment to AppArmor and maybe enhance security. The underlying problem remains, however: Relying on security features provided by a huge monolithic kernel is always a risky proposition. At the end of the day, I'll organize my computing by threat model (Qubes domains) instead of by convenience (OS X, Gobo).
Probably because security (not just privacy) conscious Tor users were already resorting to platforms like Whonix, a VM that runs on Qubes OS. Think of it like "sandbox++".
The problem is that Qubes can be very finnicky about the hardware it runs on. It prefers to have equipment like an IOMMU, and if your game-o-tron "rig" has all that nice hardware in spades, the firmware will probably fubar it. If you have a Mac, USB hardware cannot be effectively isolated. Qubes usually travels "PC business class" for those reasons: Thinkpads, etc.
So offering garden-variety isolation (monolithic kernel sandboxing) is an accessible way to increase the security level of a privacy platform like Tor. Just don't expect that sandbox to be as strong as what Qubes offers (bare-metal hypervisor isolation).
Wifi equipment has started down a road of anonymization. Linux users have been tinkering with macchanger for a while (though not effectively enough to stop the native MAC address from popping up now and then). Apple made the first big splash when they made MAC randomization standard for scanning mode; Android copied that. Microsoft followed suit with a MAC randomization in more modes. Then the Linux folks finally did it right by building MAC randomization features into Network Manager. The idea, of course, is to keep the original MAC address suppressed.
Stay tuned for more.
Maybe the increase in competition will be a good thing.
On the negative side, hardware (esp. DRAM) is becoming a security nightmare, and I don't think Kaspersky OS is going to mitigate that any better than the others.
Anyone trusting a secure drop system that involved Kevin Poulsen in its development, should look at what happened to Chelsea Manning.
Interesting.
Very.
Anyone trusting a secure drop system that involved Kevin Poulsen in its development, should look at what happened to Chelsea Manning.
Interesting.
https://www.whonix.org/
TAILS tries to provide anonymity within the context of kernel-based security, but browser and privilege exploits are quite plentiful and such malware can go on to reprogram your firmware and peripherals. Qubes provides better protection of the core system, and Whonix ensures that Tor is utilized in a way that's optimum for anonymity.
Using a POP3 client doesn't change the fact that Google is scanning your emails and associating the content with you in their advertising system.
Apparently new /. media company is finding new ways to outdo the old one. Have a nice life.
And look at all the mod points the troll apologists wasted.
Interesting question. He already knows how to kill with money.
I agree. Slashdot giving this guy a platform is a pretty low thing to do. Maybe they are desperate.
https://soylentnews.org/
Apparently new /. media company is finding new ways to outdo the old one. Have a nice life.
...don't forget the pinky.
The wealthy own the mechanisms of the market, and they use this advantage to bleed everyone else dry. They own the politicians, too, so forget about being accountable to regulations or even having meaningful sets of regulations. And market accountability...? Too Big To Fail!
The disparity in wealth upsets the wealthy, too. So they inflame other kinds of conflict (among the working classes) to draw unwanted attention away from themselves.
Ancient Aliens vs Dinosaurs with Action Bronson:
https://youtu.be/uExUUoXcllg?t...
IMHO, its a must see!
FBI is not even interviewing the CEO of the server farm where the attacks were launched. He says he'll even provide logs, but no one is asking. I think the US govt knows it won't be good for their image.
They mean "unmonitored" by NK government, but monitored by the US.
https://www.youtube.com/watch?...