[arch-general] Preferred CHOST

Toyam Cox csupercomputergeek at gmail.com
Thu Nov 13 21:22:33 UTC 2014


On Thu, Nov 13, 2014 at 4:16 PM, Ralf Mardorf <ralf.mardorf at rocketmail.com>
wrote:

> On Thu, 13 Nov 2014 21:31:40 +0100
> Ralf Mardorf <ralf.mardorf at rocketmail.com> wrote:
>
> > On Thu, 13 Nov 2014 15:02:58 -0500
> > Sean Greenslade <sean at seangreenslade.com> wrote:
> >
> > > On Thu, Nov 13, 2014 at 06:55:51AM +0100, Ralf Mardorf wrote:
> > > > Sean, actually you tells us that we should care about security
> > > > holes in Mutt/1.5.23 to attack you ;) and since you're replying to
> > > > Arch general email, you're likely using Arch Linux. This likely is
> > > > a trick, you're running Alpin on openSUSE? ;)
> > >
> > > Ha hah! I'm running LFS and using telnet as my mail client!
> > >
> > > I kid, I kid. And I actually did have that thought as I was writing
> > > that mail. So, uh...do as I say, not as I do, etc. etc. I really
> > > won't claim that my setup is anywhere near hardened.
> >
> > :)
> >
> > Another point of view is, that if we mention Arch Linux in a header,
> > we also point out, that our OS is upgraded with current security
> > patches from upstream. IOW it's easier for you, to attack somebody
> > using another Linux distro. OTOH the latest bash issue was fixed by
> > FreeBSD and all Linux distros I watch very soon and much more people
> > use Apple, Windows and Android (pseudo-Linux) operating systems. I
> > like to show that I'm using a MUA running on Arch Linux. Assumed I
> > should need security, then I would use two additional computers to
> > provide that. One for absolutely anonymous Internet usage and another
> > computer that is completely decoupled from the Internet.
>
> Assumed we want to share data between the anonymous Interne
> computer and the computer without an Internat connection, e.g. by a
> "brand new tidied up" USB stick, we should consider to use a third
> computer before we transfer the data. With the computer in the
> middle, we should check if the USB stick is "clean". The computer in the
> middle should be rebuild several times a day, using different hardware
> combinations.
>


But perhaps that would be too much hassle. Maybe the computer in the middle
should be a live-ISO chosen at random by the offline computer, which would
have been pre-loaded with all the necessary verification tools.

-- 
- Toyam


More information about the arch-general mailing list