- 1 Developer Page
- 1.1 Project Schedule
- 1.2 Things To Do
- 1.3 Documentation
- 1.4 Other Projects
- Set up process for taking apart stock XUbuntu image, making our changes, and rebuilding iso
- Set up security auditing proceedure which includes penetration testing with Nessus and checking file permissions.
Milestone 1: to be completed by January 1, 2009
- BASIC PLATFORM & TOR
- Functioning Base level Platform of ISXubuntu
- Tor is functional when booting ISXubuntu
- working with firewalls...
- Ad blocker
- Customize Google to evade privacy-intrusive features of Google services
- Gmail S/MIME for encrypted Gmail
- Bugmenot to get around compulsory registration of websites
- On-screen keyboard to block keystroke loggers. Is this enough - what else can be done'?
Milestone 2: to be completed by March 1, 2009
- Set up process for building from scratch (something like what Incognito does with Catalyst)
- Currently OpenDNS is used to prevent pharming. When you attempt to go to a URL that doesn't exist you are redirected to a page of theirs. Disabling this requires setting up a free account with OpenDNS and having a static IP - or a domain name and registering with DynDNS. We need to discuss this further.
- OpenOffice word processor set to redact all revision history when saving files. The UK National Archives has a useful article on redaction.
- Encrypted persistent home directory using TrueCrypt*
- Encrypted swap space*
- Secure deletion of memory on shutdown*
- Enigmail for encrypted email with Thunderbird
- Spam and phishing protection
- Resolve flash drive issues (can we make the user's home directory read/write while leaving everything else read only?) Info on security issues with Linux filesystems from LinuxConsultingTeam.
Things To Do
We need to decide what security issues we want to address, and what changes we will make to ISXUbuntu to address them
ubuntu-hardened is a list about Ubuntu security issues.
Presentation and Usability issues
What other changes do we want to make? Should we worry about boot time? Hardware compatibility? Ease of use for Windows users? What would we want to include on the CD in terms of artwork, video clips, etc. ? Do we want to include persistent user directories? What happens if we run this from a USB stick? Are all user settings now persistent?
We need to come up with processes for
- including software packages in the distro
- modifying the default user and system wide setting to our liking
- including our own content (do we make packages out of them?)
It would be good if we could get a small server on a rack someplace - then everyone could help build and test things. We could use Xen or VirtualBox for a sandboxed environment and FreeNX, to test drive each build remotely. We won't be doing much compiling but the uncompressing and compressing of the filesystem to make an .iso takes some CPU.
Linux Journal recently published a series of articles explaining step by step how to do what we're working on. I would have had an easier time of things if these articles had been available two years ago:
The documentation needs to be filled out
Other projects we can learn and borrow from:
- AnonymOS andOlive OpenBSD- live CD versions of OpenBSD - not active
- ParanoidLinux - a project that's still in the discussion stage
- Rubberhose - a steganographic filesystem, not an OS but some interesting concepts we could consider
- Incognito - very similar but based on KDE and Gentoo Linux. This project is currently active (for a while it seemed as thought it wasn't) and we should integrate useful features from it when we can.
- Mozilla Weave - active but in a very early stage of development. Additional privacy and security for Web 2.0
- Knoppix-3.2 MiB-11b Privacy Edition- if this were an active project ISXubuntu wouldn't be necessary - but it's not
- What about privacy features of Internet Explorer 8's Private Browsing and added security features, Google Chrome and [Apple Safari's http://www.apple.com/safari/] "Private Browsing" mode? What is good about these and what is missing?