ID: 998PHID: PHID-TASK-spmw3fd424lxblyvwtndAuthor: sanyoStatus at Migration Time: wontfixPriority at Migration Time: Wishlist
Hello,
Please let me know, may be a manual exists about how to switch Whonix to [[ An easy method to get Whonix based on Devuan instead of Debian? / Devuan Derivatives / Dev1 Galaxy Forum | Devuan base ]] and still keep all or most security enhancements of the Whonix project and [[ Arguments against systemd / Off-topic / Dev1 Galaxy Forum | eliminate systemD ]] from it at the same time?
It has so many security features I am missing including hardened kernel, but unfortunately it uses systemD which is a very serious unacceptable flaw.
May be just installing a few packages mentioned on:
can do the thing? Though I am not sure about the hardened kernel from Whonix, is there an easy method to borrow its kernel with all its hacks and tunes to Devuan?
2020-07-06 10:01:19 UTC
2020-07-06 18:26:38 UTC
I guess it shall not be any harder to port Whonix to Devuan than porting it to original Debian.
And I need only console mode for services and daemons like anonymization router, chat, etc.
No any need for a desktop. X11. etc.
2020-07-06 18:44:33 UTC
May I know, what do you think about Whonix vs OpenBSD in terms of security for a headless server without any GUI?
And why there are no any public leaks of more recent releases from grsecurity? Would not it be legal provided the kernel is GPLed?
Could not someone create a website like:https://wpcrack.in/join-the-club-now/
It is the same idea, since Wordpress is GPLed, most its addons are GPLed too and it is legal to redistribute them for a cheaper price.
Since grsecurity is less popular than Wordpress they could set a price tag like $100-200 USD per year just to support expenses to find a new nominal LLC to purchase further updates to always a new company each time after earlier used company is banned by grsecurity, say once per 1-3 years. They could make a lag of releasing updates like a year behind of the grsec mainline, so the ban would occur only after subscription is already exhausted. It would be like a group buy campaigns.
2020-07-07 09:53:55 UTC
2020-07-07 18:06:57 UTC
2020-07-07 20:23:46 UTC
2020-08-23 12:58:04 UTC
It is important to understand, that systemD is actually much more than simply an init system:
systemD is only named “init system” just for marketing purposes to hide true (in)security hell promoted by it, IMHO actually systemD is much more like a second kernel running in parallel with general kernel and providing many new unified API for easy phoning home, remote control of many desktop program’s data, etc.
More details are described here
Many spare/odd (if they would be without systemd) software processes are running, not desired ports listening, main kernel options silently changed without permission, may be something else unpredictable, it is like a living on a volcano.
If systemD would be just another init system, it would not take years from Devuan to throw it out of the distribution and replace with another true init system like OpenRC or any other like it.
Bound to happen ... / News & Announcements / Dev1 Galaxy Forum