On 2/23/13, Greg Troxel <[email protected]> wrote: > > Simon Forman <[email protected]> writes: > >> Forgive me if this is the wrong place to ask this or if it's terribly >> naive, but could I get some recommendations for secure OSs to run >> Tahoe on? I know there's OpenBSD, are they still near the top of the >> heap? What about OKL4? > > OpenBSD claims security as its first principle, but it's not clear that > it's significantly if any better than the other BSDs.
Without wanting to initiate a *BSD thread I have to say that it gives me a sad to think that all their effort was wasted. :( > I am a user and developer of NetBSD, and I think it's a good choice for > tahoe. > > Things to think about: > > off by default: you should operate a system with only things that you > actually need running. Windows, most Linux distributions and Mac all > have issues here (at least FC did when I looked a year or so ago). A > default NetBSD installation will not be running any services. I > expect OpenBSD to be similar, and probably FreeBSD. > > responsive to security advisories, and ease of updating > > not being a standard target. This is a bit controversial, but > running a system that isn't run by 90% helps against standard > attacks by script kiddies. It will not necessarily help against a > high-resource attacker that's after you specifically. Being on other > than Windows, and perhaps other than Mac or Linux helps here. Also > being on a CPU other than i386 or amd64. > > stable branch with good software engineering discipline. Sometimes > when there's an advisory, you have to update quickly. With NetBSD, > there is a stable branch for a major release, and it's really actually > stable - updating along it, rebuilding, installing, rebooting is a > sane thing to do. > > minimal system: if you are trying for security really seriously, > you'll want a system with just enough code to do what you want, but > not more. > > package management. There are surely packages for tahoe in major > linux distributions. Tahoe and dependencies are up to date in > pkgsrc, used on NetBSD. > Thank you for the excellent advice. :) I got the TUD:OS demo ISO image running on Qemu and they have a linux kernal patched to run in a "cell" (I think it's called.) http://demo.tudos.org/ The performance was surprising. It seems like I should concentrate on systems and tools that are more well-documented and supported, as the learning curves and security provided are roughly the same (for my purposes.) ~Simon -- http://twitter.com/SimonForman My blog: http://firequery.blogspot.com/ Also my blog: http://calroc.blogspot.com/ "The history of mankind for the last four centuries is rather like that of an imprisoned sleeper, stirring clumsily and uneasily while the prison that restrains and shelters him catches fire, not waking but incorporating the crackling and warmth of the fire with ancient and incongruous dreams, than like that of a man consciously awake to danger and opportunity." --H. P. Wells, "A Short History of the World" _______________________________________________ tahoe-dev mailing list [email protected] https://tahoe-lafs.org/cgi-bin/mailman/listinfo/tahoe-dev
