Re: Debian GNU/Linux in a Human Rights environment?
- To: Robert Ribnitz <firstname.lastname@example.org>
- Cc: email@example.com
- Subject: Re: Debian GNU/Linux in a Human Rights environment?
- From: Henrique de Moraes Holschuh <firstname.lastname@example.org>
- Date: Thu, 16 Aug 2001 10:48:58 -0300
- Message-id: <20010816104858.B5003@godzillah>
- In-reply-to: <E15XJiq-0000Go-00@pinguin>; from email@example.com on Thu, Aug 16, 2001 at 11:45:52AM +0200
- References: <E15XJiq-0000Go-00@pinguin>
On Thu, 16 Aug 2001, Robert Ribnitz wrote:
> controversial knowledge that needs to be protected. The idea was to create a
> linux distribution to incorporate the following features:
> - Strong Cryptography (Public Key, without a Certification Authority, ie. Web
> of Trust like) built into the system from the bottom up. Everything on disk
> and in memory should be encrypted by default, and only decrypted when needed.
> There's willingness to sacrifice a noticable amount of system load to do this.
You'd need something more friendly to crypto than the current linux kernel
to do this properly, I suggest OpenBSD...
Although you can get away with the problem in Linux easily if you have NO
swap. Also, one can easily force the kernel to swap to a *file* in an
encripted filesystem. Proper (fast) encripted swap is not easy to get to
work, though. AFAIK anyway.
> - Crypted content (witness statements, eg) should be replicated to several
> machines connected to a same medium (the internet). This replication should
> be transparent to the user, and be done in an automatic way.
That one is somewhat difficult to do, unless a cron job that does a sync
every 10 minutes is considered enough for your needs.
It goes without saying that only encripted data should ever travel this
channel. But otherwise, rsync should be able to do it.
sfs might help, too. I need to read more on that one, and you probably will
want to research it as well.
> - There should exist the possibility to send "anonymous" email. This mail
> should be untraceable to protect the sender to the untomst extent.
You'll probably need to deploy a chain of suitable email hubs that anonymize
email for your own use; I doubt you'll be able to trust them otherwise. But
otherwise, yes, this is doable.
> - the whole system should be built on Free Software (in the DFSG sense).
> - the system should be based on capabilities, not the unix-line model of
I don't know about this one.
> - support for multiple languages, eg. spanish & chinese. It should be possible
> to completely localise the system, ie. also translate manpages & error
> messages into the target language.
Heh. Good luck on this one. We already have people working on it, anyway...
> - the system would be used by people with reading difficulties, let alone
> complely unable to read.
Expand that one, please. You mean people that cannot see, or you mean
> I thought debian was a good starting point, and yes, I know, its a lot of
> work. Any comments/inputs welcome (mail me if its off-topic of this list)
IF you're going to provide the required resources to do this in Debian (i.e.
manpower), it is on topic for this list right now, and should be moved to
-devel later when it goes more technical. Otherwise, it is off-topic, and
you should move it to -user, I suppose...
BTW, EMF is still a problem in your project. I suggest you use easy-to-move,
easy-to-destroy machines like laptops, or fully tempest-shielded machines to
help with that. Laptops are great security-wise: it is a pain to add
keyboard sniffers to them.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot