kkarhan, 6 months ago (edited 6 months ago)

@landley I'll propably have to gut functions out of toybox to get it where I want it to be, but then again the "#CORE" Version of OS/1337 will be very much barebones....

Just the essentials to get #Dropbear #Client to be able to #SSH into stuff, be able to make a #ramdisk and #wget / tiny-#curl everything else (i.e. a system image one could dd onto a HDD/SSD)...

Kinda like an old #netinstall #Floppy...

Ideally configureable to the point that I could also swap #dbclient for dropbear as #Server

kkarhan, 7 months ago (edited 7 months ago)

@kurth granted I do prefer #Live-#Linux - Systems that avoid writes as much as possible and I do intent do enable OS/1337 to support a "boot from RAM" mode where it's copied as #Ramdisk and then started...

Because I do like that feature from @bunsenlabs / #BunsenLabs Linux and #PorteusKiosk as it provides a fast-feeling system whilst also yeeting all data afterwards.

Pretty shure @tails_live still wipes RAM manually at shutdown...

#OS1337

kkarhan, 9 months ago

@whitekiba I mean I don't look for computational efficiency....

OFC modern crypto needs a lot of processing power...

But I'd even consider doing a #ramdisk and making a script that #wget's #dropbear as a working hack...

Even if that makes it a sort-of "#netlive" [#netinstaller meets #live #linux] workaround...

kkarhan, 10 months ago

@PeterCxy @sigmasternchen yes and no:

Yes in that it'll require people to desolder stuff first.

No in that it's benefit is negigible considering that this attack vector will only apply to state-sponsored attackers and console hacking, so if someone has physical access to the PCB you're already f**ked.

Also you may want to instead use #encryption over #tmpfs if you want to use a #RAMdisk ...

kkarhan, 10 months ago

@sigmasternchen @PeterCxy

#TLDR: I don't think the risk is that apparent and if you use a #RAMdisk, please encrypt it...

If necessary by using an encrypted file container you can also easily backup and restore...