/g/ - Technology

install openbsd

[Make a Post]
[X]





What do you think of my setup /g/? Nanonymous No.1659 [D][U][F][S][L][A][C] >>1661
File: 79262c55ba929da9d20b48d083a5f9f8d47dbd59462f8db48fb5945f7afe5b34.jpg (dl) (60.78 KiB)

Because I do not want to give every process on my laptop access to the Internet I block all Internet connectivity with a Firewall on my laptop and I block all Internet access for that laptop on my router as well.

Now to get access to the internet I allow only access to port 22 (SSH) and my router IP, then I run this command if I want to connect to the Internet:
ssh root@192.168.1.1 -D 9000

Which sets up a SOCKS5 proxy which allows you to use the Internet connection of the router, processes can be configured to use that SOCKS5 proxy (TCP only) if you want these processes to connect to the Internet.

For the router I'm using a commercial router with OpenWrt, though I rather have a bit more trustworthy hardware and software ...

Nanonymous No.1661 [D]

>>1659
Just FYI, I'm attempting to block Internet access for processes (backdoors) in the firmware, BIOS, or CPU as well here. Also SSH isn't really necessary here, but I haven't put effort in looking for an alternative.

Nanonymous No.1662 [D][U][F] >>1671
File: 1f4ec0058905d2d0f5053bab5269008a7f7924a8e14983888b847411f76ba334.png (dl) (162.84 KiB)

All Kiketel CPUs after the 286 have (((System Management Mode))), which is referred to as ring -2 and allows any random (((firmware))) to have full access to the computer and all data. Even with your setup, some (((people))) could inject special packets with sentinel values as a response to any request you make, which could do anything on your computer.
Newer kiketel CPUs also have (((Intel Management Engine))) in ring -3, which is like an even worse version of SMM.
I would personally recommend running Minix 1.x on a 286 machine. I have a non-botnet Toshiba T3100e to use for this purpose, however I need to write a bunch of drivers for serial and dial-up modems. I hope that one day I will be able to shitpost on nanochan from one of the few truly non-botnet systems in existence.

Nanonymous No.1671 [D]

>>1662
>special packets with sentinel values as a response to any request you make
So outsiders can still upload data (for software updates) to my computer and make it compatible with my method of connecting to the internet ... that's indeed a problem. Besides I still have to trust the software that I give access to the internet, which I don't, at all.
Wondering how you guys handle things in terms of hardware/software security and privacy. I know my method is pretty hacky and barely works so any feedback is wanted.
>System Management Mode and Intel Management Engine
Intel is being incredibly shady with their features which almost no one asked for or uses. Besides the CPU the x86 platform is fucked as well, if you have a single hardware component with malware on its firmware you're fucked.

Nanonymous No.1673 [D] >>1682

Speaking of thinkpads, which should people be looking to get? I've been wanting something I can easily libreboot which is also really light, but finding the x60 with a core 2 duo isn't all that easy. Plus I kind of want the tablet version as well. I've seen people saying that you can just go with any AMD thinkpad made before 2012, but all of them have the god awful keyboards.

Nanonymous No.1682 [D] >>1686

>>1673
As I said, any CPU after the 286 is pozzed. The 286 is the last non-botnet x86 CPU.
Avoid DMA crap at all costs. Use PIO wherever possible. Although slow, it's secure. To do that you will have to make a few modifications to your OS, which should be Minix since it's the only unix-like OS which runs on the 286.

Nanonymous No.1686 [D]

>>1682
Oh and BTW, the 286 is faster when using the I/O space than main memory in some cases. Makes it convenient to use PIO.