|
Post by Kevin McAleavey on Oct 31, 2011 2:27:25 GMT -5
We're currently in the pre-beta planning for KNOS 9, based on BSD's upcoming 9 release sometime later this year which will eventually be the core of the next KNOS release once they remove the many insects from where BSD 9 is currently. Everything is in a state of flux for our next release, including features. Please have a look at what we're already planning here: knosproject.proboards.com/index.cgi?board=news&action=display&thread=119&page=1... and then if you have any ideas as to necessary or widely useful additions to our public release of KNOS, we'd be interested in hearing them. Each thing we add does require additional space at the expense of both speed and size, but if we've managed to miss "needed things" in our public KNOS, we'd like to know what folks think would be a useful addition to the next KNOS. We make special CUSTOM KNOS versions for corporate, government and institutional users specific to their specialized needs, but our generic "public release" of KNOS for the masses is always looking to be more relevant. Feel free to add to the wishlist here, and we'll see what we can do so long as it's practical. Once we get past the beta stage into the "Release candidate" stage, features will be frozen. But we're not there yet!
|
|
|
Post by pharrisire on Oct 31, 2011 16:51:59 GMT -5
I'll put in a repeat wish from a few versions back - and I do remember how you explained it wasn't necessary with KNOS, but as a placebo for chronic worry-holics who can't afford to let script kiddies or the Mob or TSA get their grubby mitts on hard-earned savings, -KeyScrambler - Firefox in permanent Private Mode and as secured as possible out-of-the-box
In M$, it seems that the PortableApps format is less susceptible to the installed version (of anything) , if only for the fact that all saved info/settings can be saved in one .ini file in the local folder as opposed to being spread out in a hundred different places in the registry, Of course KNOS doesn't have the registry problem, but limiting the number of places ID's/passwords/account names +numbers/Bank names/routing #'s/ etc. could be seen or saved is good practice. So a mode or setting that would block all of the 65535 ports available except for the absolute minimum to allow as secure as possible banking with no ways to sneakily snoop and pry and meddle. I love the built-in Tor idea, but unless there is a way to limit the exit nodes to a location near enough not to set off the banks alarms, it could be unusable for banking. The exits can be limited in AdvOr and AdvTor, but I'm not sure about the Tor bundle. Even Google has blocked me from checking Gmail via the Tor browser as it thinks an overseas site is trying to use my account, so I'm sure the banks would be even stricter.
|
|
|
Post by Kevin McAleavey on Oct 31, 2011 19:42:54 GMT -5
I'll put in a repeat wish from a few versions back - and I do remember how you explained it wasn't necessary with KNOS, but as a placebo for chronic worry-holics who can't afford to let script kiddies or the Mob or TSA get their grubby mitts on hard-earned savings, -KeyScrambler - Firefox in permanent Private Mode and as secured as possible out-of-the-box In M$, it seems that the PortableApps format is less susceptible to the installed version (of anything) , if only for the fact that all saved info/settings can be saved in one .ini file in the local folder as opposed to being spread out in a hundred different places in the registry, Of course KNOS doesn't have the registry problem, but limiting the number of places ID's/passwords/account names +numbers/Bank names/routing #'s/ etc. could be seen or saved is good practice. So a mode or setting that would block all of the 65535 ports available except for the absolute minimum to allow as secure as possible banking with no ways to sneakily snoop and pry and meddle. I love the built-in Tor idea, but unless there is a way to limit the exit nodes to a location near enough not to set off the banks alarms, it could be unusable for banking. The exits can be limited in AdvOr and AdvTor, but I'm not sure about the Tor bundle. Even Google has blocked me from checking Gmail via the Tor browser as it thinks an overseas site is trying to use my account, so I'm sure the banks would be even stricter. Yeah, tor's gonna be a fun one since I have next to zero experience with it other than we've got it working. I don't know how to configure it beyond what it does by itself. I guess this'll give you something to do when we get into the beta cycle. Heh. As for keyscrambler, the developers only know Windows world so there's nothing for even Linux available from them so far. While it IS possible to snoop keys through an X server on Linux and BSD, there would have to be some means for them to actually import a library into our code and that door is not only closed in our design, but buried in a bunker. I wish anyone who wanted to try doing that some serious luck. Will see if I can find anything though ... as for the "private browsing" we're already on Firefox 7 for KNOS 9 and like our existing arrangement, everything done in Firefox goes away when you close it aside from settings. I don't see any available holes in our design there either, especially if you don't back it up after every use ...
|
|
|
Post by rustleg on Nov 2, 2011 13:21:09 GMT -5
I have to say your new features list is exciting. I really would like to migrate to using KNOS as my main system. At present I am using a multibooted environment wherein I use KNOS (on USB) for banking only, Linux Mint for most of my normal internet activity and local documents, and Windows mainly because some companies still assume you are using this or a Mac (e.g. need iTunes for my iPhone) although I don't use it for general internet work. (I also need to keep abreast of Windows in order to support my local sports club's computers.)
I have only just got into KNOS so I may be able to achieve more with the present version but my overall ideal operating enviroment would be: 1. live DVD or USB stick KNOS for banking (I am still too paranoid to use the same system for other stuff). Here I'd like an encrypted "safe" to put in a list of banking passwords, a few text files and spreadsheets, then write to somewhere such as my normal data drive so I can do a cloud backup of this - or allow cloud backup (below) to back up this safe from the USB stick. 2. multiboot Windows(when forced to use), Linux (for playing with) and KNOS (for serious work) via Terabyte's Bootit product. Currently I can do this with KNOS running on a USB stick but not writing to my main documents partition. It would be good to run from hard disk or even SSD and able to write to a hard drive data partition, probably on a different physical disc, formatted FAT32 (so it can be read/written by Windows/Linux, which shouldn't cause a problem with KNOS even if malware invades it). It isn't a problem if I have to dedicate a physical drive to KNOS.
For this I'd specifically want for KNOS: 1. Read/write to 2 FAT32 volumes. In my case a large volume around 500MB - 1GB each. I use a second one purely for local backup in case the main one fails (or gets screwed up by me) 2. Cloud backup. Currently using JungleDisk which has versions for Windows, Mac and Linux but not BSD (not investigated if this can be overcome somehow). I use JungleDisk because the provider is Amazon, I encrypt before sending and the master password is only stored hashed on their servers. 3. Password manager. I see you have KeePassX and also mention somewhere that you have a separate password manager (haven't found it yet but haven't really tried). Hitherto I have used LastPass for non-banking password management which is very convenient for logging into sites automatically. There's pros and cons to this as it allows me to retrieve internet passwords if using a different computer, but then I'd probably not be using KNOS so it might expose such passwords to a system which could be compromised. I'd have to be very careful here. I expect you wouldn't want to provide a facility which allows use of your password store elsewhere. 4. Gnucash. I use this in Linux to keep abreast of my personal finances. Ideally I'd use it within my secure banking USB KNOS system and keep its files in my "safe".
Comments: 1. Thunderbird (I see in your list) will be useful for me as I use it to monitor my several email (gmail) accounts although I tend to open the web interface to operate each account. Also used for traditional newsgroups. 2. I have tried Chrome but don't use it at present since I prefer Firefox in Linux with the "Noscript" addon which selectively disables/enables Javascript mainly as a security measure. I probably don't need to restrict scripting in KNOS although this would significantly cut down a lot of page ads and tracking sites at the expense of having to decide which things to allow to get the web site to work properly. I believe Google are planning to do some sort of script control. One irritation with Chrome/Chromium is that there's no option to automatically switch to a new tab when you control-click (just a nitpick). 3. I've got a Kindle so Calibre will be very useful to convert to Mobi format although I haven't tried this yet as I have only used Calibre when I had a Sony Reader before I bought the Kindle. 4. (Not sure if this comment is relevant) When I use LInux I don't use the Home directory for personal documents since I want the OS and the data to reside in different partitions as I back up an OS via a partition image (occasionally) and data via file backup (daily). I know you can put Home (in Linux at least) on a different partition but then I wouldn't be able to access this data from different systems.
If you can't accommodate these things or suggest I operate a different way I'd be pleased to hear your reactions.
|
|
|
Post by pharrisire on Nov 2, 2011 15:25:26 GMT -5
Another Wish!: An Industrial Strength Firewall that will Laugh at all the alphabet orgs, underworld critters, and all-round nasty peoples!
|
|
|
Post by Kevin McAleavey on Nov 3, 2011 1:41:35 GMT -5
I have to say your new features list is exciting. I really would like to migrate to using KNOS as my main system. At present I am using a multibooted environment wherein I use KNOS (on USB) for banking only, Linux Mint for most of my normal internet activity and local documents, and Windows mainly because some companies still assume you are using this or a Mac (e.g. need iTunes for my iPhone) although I don't use it for general internet work. (I also need to keep abreast of Windows in order to support my local sports club's computers.) (snippity-snip) If you can't accommodate these things or suggest I operate a different way I'd be pleased to hear your reactions. Wow ... a lot to digest there indeed! And thanks for the kind words. We're more than just another "operating system" ... we're an entire portable computer, and so being as useful as possible (within reason) is what we're all about, and the reason why we're happy to build customs for specific purposes since there are so many different needs with different expectations while a generic "one size fits all public" version that's useful is what we aim for without the requirement to build a custom since those get a bit pricey but large numbers of copies of that custom still come out cheap. You're definitely going to want to join in once we start the next beta process then ... I'll see how much of that can be worked into KNOS for KNOS 9 for certain. A custom build if someone wanted such now is definitely doable with all the wishlist, but we didn't build the public one for all that currently. Here's what's already in the "for sale" build though ... item 1 is doable, but clunky at this time solely because the partitions are larger than 128GB each. Were they 128GB or smaller, they'd already be mounted. Cloud backup can be done by connecting directly to the Cloud server using the "Places/Connect to server" option up top. We support SSH, VNC, WebDav and other protocols - all you need to do is put in the URL to access and any encryption is handled automatically. Amazon's EC2 is already running BSD, so it's native. Item 3 can be handled with KeePassX (and your stuff can be backed up to a separate stick using "Backup app settings" in System tools) ... I don't have a copy of KNOS 8 running at the moment since we're alpha-testing 9 now in-house, but under Applications, Accessories there should be an item marked "Passwords and encryption keys" which is gnome keyring, PGP and all that. If it isn't visible, it's still in there, let me know if you need more. And GnuCash is included already under the Applications/Office item on the main menu. For the next release of KNOS, Thunderbird is working out quite well with settings stored along with the other "Backup app settings" so that's definitely going to be in 9 public. We're doing Chromium instead of Chrome because Chrome is WAY too intrusive. So far I'm really not at all impressed with Chrome/Chromium, but people want it and so we're going to include it. Firefox is getting futt-bugly too, we're in 7 now ... it's really turning into an unstable memory pig but people want that too. My kingdom for a decent browser but Opera is awful in BSD so we're not going to bother. Calibre is WONDERFUL! It'll be in there in all its glory, and we're going with gtkpod for an iTunes replacement. Here, there's a concern though because previous versions have trashed the database on some ipods. So far it's behaving but in the past, we've had to reformat the ipod with Windows to restore the cover art. That's the only trashing we've ever seen but that's important to some folks. Hopefully it will pass with flying colors in testing once we see how it does on other iPod models that we don't have here for testing. As to your desire to have the home directory elsewhere, we'll see what we can do to make that optional. It's just an OS setting but we felt it best to keep that safely tucked away with the rest of KNOS in order to keep it under the protective umbrella of the OS itself. If your current mountable HD wasn't so large as to cause that mount error, that drive would show up on your desktop as a directory and all of us who went for "big KNOS" store our personals in there (you can also plug in a separate USB stick and store your personals there too) ... but features is features and options are good as long as they're not too piggy. We have a little thing about unnecessary bloat and "feature creep" for generic versions, but once again whatever the customer wants goes on custom builds, we can do ANYTHING no matter how stupid there. Heh. Lemme see what we can do ... we're actually not that far away from what you were looking for in the current release out there, and we're perfectly willing to provide more stuff as long as it doesn't adversely impact everything else. Our design for KNOS is *so* unique, almost anything is possible here.
|
|
|
Post by Kevin McAleavey on Nov 3, 2011 1:47:49 GMT -5
Another Wish!: An Industrial Strength Firewall that will Laugh at all the alphabet orgs, underworld critters, and all-round nasty peoples! You might be pleased to know that KNOS has included IPFW since the beginning, a stateful packet firewall. As to the "extended definition" that some AV vendors have given to the word "firewall" as to a program stopper for outbounds that really don't work, we have no need to do that. We're KNOS ... let them TRY to gain a foothold. After five years now, we're still waiting for something to sneak in and we've tried VERY hard to break into KNOS since I spent a good part of my life with malware. We use sandboxing and virtual machine trickery in KNOS which is what most Windows vendors call a "firewall" ... already built in which is why I was chuckling over the Air Force Linux thingy. They really need to talk to us! Firefox 3 (which is in our current 8.2 KNOS) is the leakiest barge ever created and yet ... no leaks because of our internal "firewalling" and a thing unique to BSD, an additional safety net called "jails" ... in fact, the earliest version of KNOS was branded as "SafetyNet" ... Nancy didn't like the name and since we couldn't think of anything better, we just called it KNOS hoping that some day, investors and media consultants would give it a snappier name.
|
|
|
Post by pharrisire on Nov 3, 2011 12:03:52 GMT -5
""You might be pleased to know that KNOS has included IPFW since the beginning, a stateful packet firewall. ""
I am indeed! As it doesn't appear in the pull-down menus, what are the commands and options available to enable it?
|
|
|
Post by pharrisire on Nov 3, 2011 13:31:47 GMT -5
Next on the WishList:
Extend the items included in the "Backup App Settings" command to include such things as =Top and Bottom bar auto-hide properties, =Edit>Preferences>Views>Show Hidden and Backup Files and >Behavior>Include a Delete Command that bypasses Trash =View>List =modified desktop wallpaper etc... the little personal preferences that have to bet reset each time we reboot.
|
|
|
Post by rustleg on Nov 3, 2011 17:27:22 GMT -5
Wow ... a lot to digest there indeed! ... and you have responded in your usual comprehensive manner thanks. if I can get the current one to work on a hard drive (will get to that shortly) I will find another one for a beta version, I'm going to revisit my partition layout now you've explained (elsewhere) how large FAT32 is a kludge which I didn't realise. I don't think it will be a problem to live within 128GB. so say all of us This sounds good to me, wholeheartedly agree to keep home within KNOS, I don't need it separating - it was just a comment that I prefer to store my personal docs elsewhere. It's a bit tedious to always have to change the default directory where software expects you to store your own stuff - but this is only a nitpick. Of course if the defaults could be tweaked by the user somehow ... I really like your can-do approach, very refreshing. Thanks.
|
|
|
Post by Kevin McAleavey on Nov 4, 2011 0:28:13 GMT -5
""You might be pleased to know that KNOS has included IPFW since the beginning, a stateful packet firewall. "" I am indeed! As it doesn't appear in the pull-down menus, what are the commands and options available to enable it? Watch your KNOS bootup carefully ... when the bootup starts hitting the networking stuff, you'll see: ipfw2 (+ipv6) initialized, divert enabled, nat loadable, rule-based forwarding disabled, default to accept, logging disabled ipfw0: bpf attached pflog0: bpf attached pfsync0: bpf attached First one is setting up the ipfirewall, the rest are attaching the Berkeley Packet Filters to it. There are no "user adjustments" since the configuration is frozen in our design. That prevents things from being bypassed or turned off either by accident or intent. We did the configurations in our design for it.
|
|
|
Post by Kevin McAleavey on Nov 4, 2011 0:29:25 GMT -5
Next on the WishList: Extend the items included in the "Backup App Settings" command to include such things as =Top and Bottom bar auto-hide properties, =Edit>Preferences>Views>Show Hidden and Backup Files and >Behavior>Include a Delete Command that bypasses Trash =View>List =modified desktop wallpaper etc... the little personal preferences that have to bet reset each time we reboot. This is something we're looking at doing through another mechanism. Those settings are applied during bootup as system defaults and the reason why we didn't provide that previously is that system permissions are required to set those from a file. Thus we had to leave those as manual changes to assure that someone actually at the keyboard would be the only authorized ones to change any of that. We've already kicked in the delete command for the next build - we suppressed that in KNOS 8 as a sort of "idiot-proofing" since the simple act of deleting a file REALLY deletes it and we were concerned that there might be complaints that the file really couldn't be recovered. With a new layer of separations possible in the upcoming 9, we're going to find a way to allow all that and still prevent any possibility of system access, so wish GRANTED!
|
|
|
Post by Kevin McAleavey on Nov 4, 2011 0:33:34 GMT -5
and you have responded in your usual comprehensive manner thanks. if I can get the current one to work on a hard drive (will get to that shortly) I will find another one for a beta version, I'm going to revisit my partition layout now you've explained (elsewhere) how large FAT32 is a kludge which I didn't realise. I don't think it will be a problem to live within 128GB. so say all of us This sounds good to me, wholeheartedly agree to keep home within KNOS, I don't need it separating - it was just a comment that I prefer to store my personal docs elsewhere. It's a bit tedious to always have to change the default directory where software expects you to store your own stuff - but this is only a nitpick. Of course if the defaults could be tweaked by the user somehow ... I really like your can-do approach, very refreshing. Thanks. You're MOST welcome ... I'm an older guy who still believes that machines should serve humans, not the other way around. As I said in the other response, if you can keep one of those huge fat ones free for testing once we get 9 into beta, it'd be appreciated as far as proof of performance goes. Our intent is to allow YOU to make the choices you want and we'll take care of making it happen. If you're up to that manual load I was talking about for your convenience now, let me know. It should be possible with what you're running now, it's just a little messy until we can automate it in the next build ...
|
|
|
Post by rustleg on Nov 4, 2011 5:10:15 GMT -5
Next on the WishList: Extend the items included in the "Backup App Settings" command to include such things as =Top and Bottom bar auto-hide properties, =Edit>Preferences>Views>Show Hidden and Backup Files and >Behavior>Include a Delete Command that bypasses Trash =View>List =modified desktop wallpaper etc... the little personal preferences that have to bet reset each time we reboot. This is something we're looking at doing through another mechanism. Those settings are applied during bootup as system defaults and the reason why we didn't provide that previously is that system permissions are required to set those from a file. Thus we had to leave those as manual changes to assure that someone actually at the keyboard would be the only authorized ones to change any of that. We've already kicked in the delete command for the next build - we suppressed that in KNOS 8 as a sort of "idiot-proofing" since the simple act of deleting a file REALLY deletes it and we were concerned that there might be complaints that the file really couldn't be recovered. With a new layer of separations possible in the upcoming 9, we're going to find a way to allow all that and still prevent any possibility of system access, so wish GRANTED! I second that. I'm way behind the curve on KNOS and just found out that backup settings doesn't include Gnome stuff. I hate icon view and don't want double click. I think I'll have to paste (with glue) a list of my prefs on the real wallpaper
|
|
|
Post by pharrisire on Nov 4, 2011 15:06:58 GMT -5
"" Watch your KNOS bootup carefully ... when the bootup starts hitting the networking stuff, you'll see:
ipfw2 (+ipv6) initialized, divert enabled, nat loadable, rule-based forwarding disabled, default to accept, logging disabled ipfw0: bpf attached pflog0: bpf attached pfsync0: bpf attached
'' On the hard drive it was too fast to catch it, so I did a diags and used the search in gedit. It found the first one (ipfw2), but no hits on ipfw0, pflog0, or pfsync0. Do these three not show up in diags, or is Lenovo messing me up yet again?
The bpf does show up in 4 places: net.bpf.zerocopy_enable: 0 net.bpf.maxinsns: 512 net.bpf.maxbufsize: 524288 net.bpf.bufsize: 4096 but not as 'bpf attached'.
|
|