Re: [DNG] Airwalled updating
On Sun, 6 May 2018 12:11:14 -0700 spiralofhopewrote: > There's another stage of paranoia, where the offline box cannot have.. > > - audio (possibly inaudible signals?, unresearched) > - USB functionality (radio transmission, demonstrated) USB is interesting also from another point of view, as a rogue USB device (like the thumb drive or hard disk used for the transfer of updates and "legitimate" files) could be used to infect the offline machine with malware and, after that, as a hidden channel to transfer data from and to that machine. libre Grüße, Florian -- \ \\ \ \ | | / \ | ILS SONT FOUS| |CES ROMAINS!| \__/ pgpqMiCN2DZ6L.pgp Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Airwalled updating
On Sun, 6 May 2018 12:37:12 +0200 Florian Ziebollwrote: > I just found that the "offline" documentation in the apt-doc package, > > /usr/share/doc/apt-doc/offline.html/index.html Confirmed, thanks a lot. I see 1.0.9.8.4, copyright 1999 though. --- > For all three solutions I am wondering, at which stage (i.e. on which > machine: online or offline) the integrity of the packages (and of the > release file!) get checked. I have this same concern. Part of the reason for airwalling is security, but I figure that since data only goes in, then it's not too much of concern if packages are untrustworthy, so long as they don't corrupt local data (backups, duh), have upgrades break functionality (gtk+ menu item underlining, I'm looking at you), and it remains offline no matter what. There's another stage of paranoia, where the offline box cannot have.. - audio (possibly inaudible signals?, unresearched) - USB functionality (radio transmission, demonstrated) - .. and whatever concerns still relevant from TEMPEST (unresearched) Additional offline-access concerns exist (encryption is done, but also compromised peripherals), but that's not my focus at this point. I just find this gap to be as sensible a practice as having a bedroom in a house separate from an office downtown; be social out in the world, with some quaint assumptions of privacy, yet maintain some sort of more-actual privacy with works created, maintained or otherwise stored offline. - People paste chapters of their books-in-progress into online grammar checkers. Hell (and I don't have any), people actually keep sex tapes on their _phones_ .. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Airwalled updating
On Sat, 5 May 2018 18:16:42 -0700 spiralofhopewrote: > That's likely the direction I'll go in, although I do see there are > others interested in such endeavours: > > https://dev1galaxy.org/viewtopic.php?id=746 Hello, Hope-Bender^^ I just found that the "offline" documentation in the apt-doc package, referenced by Miroslav in his "2017-07-15 22:59" edit, provides two simple possibilities of keeping an airwalled machine updated without the help of extra software: /usr/share/doc/apt-doc/offline.html/index.html For all three solutions I am wondering, at which stage (i.e. on which machine: online or offline) the integrity of the packages (and of the release file!) get checked. But it's too sunny a day (and not enough reason for me to paranoia) to find out now :-) libre Grüße, Florian -- \ \\ \ \ | | / \ | ILS SONT FOUX| |CES ROMAINS!| \__/ pgp_4IL4P9vbD.pgp Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Airwalled updating (apt-offline)
re. apt-offline: http://rickysarraf.github.io/apt-offline/ https://github.com/rickysarraf/apt-offline I found old notes. I have to audit this project, then it'll be here: https://github.com/spiralofhope/shell-random/tree/master/live/apt-offline Those notes will be old and possibly broken until I take another pass at it when I install the upcoming Devuan ascii. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Airwalled updating
On Sun, 6 May 2018 00:55:10 +0200 Florian Ziebollwrote: > Not actively, but I used to use the apt-offline tool with Debian for a > while - and it worked, IIRC, well and quite simple. I did some looking, and confirmed that I had been using apt-offline.[1] I hunted it down and found that it's still an active project: http://rickysarraf.github.io/apt-offline/ https://github.com/rickysarraf/apt-offline -- That's likely the direction I'll go in, although I do see there are others interested in such endeavours: https://dev1galaxy.org/viewtopic.php?id=746 -- [1] It didn't note a website in its README. How.. odd. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Airwalled updating
On Sat, 5 May 2018 15:00:34 -0700 spiralofhopewrote: > I had airwalled [1] updating working on Debian variants (Lubuntu at > least) some years ago, and I intend to pursue it again once ascii is > out (or if I use the beta). > > I searched this mailing list and did not find any topical > conversation. Is anyone here actively doing such a thing? Not actively, but I used to use the apt-offline tool with Debian for a while - and it worked, IIRC, well and quite simple. Libre Grüße, Florian -- \ \\ \ \ | | / \ | ILS SONT FOUX| |CES ROMAINS!| \__/ pgpbWty66o010.pgp Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Airwalled updating
On 2018-05-05 17:00, spiralofhope wrote: I had airwalled [1] updating working on Debian variants (Lubuntu at least) some years ago, and I intend to pursue it again once ascii is out (or if I use the beta). I searched this mailing list and did not find any topical conversation. Is anyone here actively doing such a thing? - I have some old scripts that I borrowed from then-quiet projects, and it all ought to work still. Pretty simple stuff: 1. offline: run offline-script, generate log 2. online: bring offline-script log 3. online: run online-script, referencing offline-log, download packages 4. offline: bring packages, update packages (I don't know my stuff, but I get the impression that if all my tools were broken, I could eventually re-create this process myself.) -- [1] https://en.wikipedia.org/wiki/Air_gap_%28networking%29 This is the sneakernet updating of an offline box: https://en.wikipedia.org/wiki/Sneakernet ___ On the dev1galaxy forum miroR has written extensively about airgapping. That's all way beyond me but you might find something interesting there. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng