 Show Posts
|
|
Pages: [1] 2 »
|
Is it minimum or recommend specification? For a second i though i read specification for modern video game. What makes this distro have high specification requirement (for example Qubes OS have high requirement because hypervisor usage to perform isolation)?
 Certainly recommended. 4GB of RAM is certainly doable but becomes sluggish once the user gets everything they prefer loaded. Bitcoin Core will utilize roughly 1GB/RAM & OpenSnitch up to 2GB/RAM. Matched with Chromium based browsers and other full node wallets like Daedalus, it quickly becomes a circus. I found 8GB best for overall user experience though not necessary. With regard to the processor, i5 certainly provides a smoother experience. You definitely need to mention it's recommended specification on your page, many people will assume it's minimum if you only list 1 specification. Adding note why 8GB RAM/i5 is recommended also helpful since i doubt user run all of the application you mentioned at once. Great advice ETF. I'll updated this immediately and expand further in the future. Thanks again. |
|
|
|
Also here are the critical specs:
Dual Core 64-bit processor / Intel i3 or Intel i5
8 GB of system memory (RAM)
120 GB SSD
Is it minimum or recommend specification? For a second i though i read specification for modern video game. What makes this distro have high specification requirement (for example Qubes OS have high requirement because hypervisor usage to perform isolation)? Certainly recommended. 4GB of RAM is certainly doable but becomes sluggish once the user gets everything they prefer loaded. Bitcoin Core will utilize roughly 1GB/RAM & OpenSnitch up to 2GB/RAM. Matched with Chromium based browsers and other full node wallets like Daedalus, it quickly becomes a circus. I found 8GB best for overall user experience though not necessary. With regard to the processor, i5 certainly provides a smoother experience. |
|
|
|
To be promptly listed and to buy a tiny bit of advertising space was roughly $220. Thought this to be extremely worth it as it also serve as direct support for distrowatch. I don't know if there is any better and free alternative website for distrowatch, many people think they are a bit bias with their rankings, meaning if you pay more you get higher on their list and many wonder if MX linux got on topo like that. Good thing about distrowatch is that they are accepting Bitcoin donation. 8 GB of system memory (RAM)
Running on a older laptop with equivalent specs shouldn't be an issue, however the experience may be a bit painful. Running opensnitch and a full node wallet can quickly chew up resources.
Oh there is no way I could run that on my ancient laptop that has only 1 GB system memory Yeah I thought the process over at distrowatch was great as they did actually perform checks of the LBX image beforehand. We did see a notable bump in traffic after our purchasing ad space for a week for sure. However the true goal of course was to increase exposure and trust. And it was a huge plus they accepted BTC. As for your laptop, Certainly would be frozen on arrival. |
|
|
|
Just a follow up, we've been officially listed on distrowatch and paid in BTC of course  Thanks again for the suggestion! Nice work, bit I didn't know you have to pay to be listed on that website... if it's not a secret can you tell us how much they charge for this? I see that ISO size is around 3.4 GB but I am wondering what are the minimum system requirements (RAM/CPU) needed for running LockBox Linux, and is it possible to run it on some old laptop computer? Thanks and sure thing. To be promptly listed and to buy a tiny bit of advertising space was roughly $220. Thought this to be extremely worth it as it also serve as direct support for distrowatch. Also here are the critical specs: Dual Core 64-bit processor / Intel i3 or Intel i5 8 GB of system memory (RAM) 120 GB SSD Running on a older laptop with equivalent specs shouldn't be an issue, however the experience may be a bit painful. Running opensnitch and a full node wallet can quickly chew up resources. |
|
|
|
|
Quick Update - A signed ISO was requested yesterday and is now available via the site. Key and sig are both publicly available via our git.
|
|
|
|
Do you have any updates regarding listing LockBox on DistroWatch, because I don't see it listed yet? If you didn't do it so far you can contact them directly and follow instructions on distribution submission page. Interesting thing about DistroWatch website is accepting of Bitcoin and Monero donations, along with regular paypal donations. Hey dkbit, Just a follow up, we've been officially listed on distrowatch and paid in BTC of course Thanks again for the suggestion! https://distrowatch.com/table.php?distribution=lockbox |
|
|
|
|
Original post has been updated to include snapshots and a list of software/application installed on the latest image. I'll be working to tidy up a few more items over the weekend including, distrowatch, website and git. Thanks again for the awesome feedback and I look forward to improving this project with community feedback as we progress.
Special thanks to:
ETFbitcoin
NotATether
dkbit98
ETFbitcoin
DaveF
|
|
|
|
From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't.
I get the point, but i would rather choose DNS that might keep log you (but the privacy policy/their website still respect your privacy) than DNS that obviously keep log. For sure, until we can come up with an method of simplifying this on a user-friendly basis, I've reverted back theses changes to default. I think this is an area of which it would be hard to satisfy the needs and the wants of specific users. |
|
|
|
Perhaps an option at install? Let the user pick what they want.
1) Use DHCP assigned.
2) Use 1.1.1.1, 8.8.8.8, 9.9.9.9 etc. While letting people know that they are probably going to be logged
3) Use NextDNS / others but let people know about possible performance issues / blocking
4) User configured DNS servers.
5) Install BIND and let them know about the bloat that comes with it.
Look, Dave just dumped a couple of weeks of programming and testing on someone :-)
-Dave
Thanks Dave For the sake of finalizing the image, I've reverted back the configuration and commented out DNS services Quad9, Cloudflare and NextDNS. User may configure to their discretion. |
|
|
|
You're joking right? I understand Cloudflare is reliable service, but it's bad for privacy and people report few website can't be accessed when using CloudFlare DNS. I would suggest looking for alternative DNS such as NextDNS which is used by Firefox. Hey ETF, I believe this is indirectly part of that rabbit hole Dave was referenced earlier. NextDNS is great, however they typically do have more performance issues than their competitors. From a reliability perspective this gets tricky. Some users may also perceive latency or blocklist issues to be issues related to the LBX image itself, hence the call for Cloudflare. This now becomes a question of finding a happy medium or reverting DNS configurations back to default for user configuration. From a privacy perspective, the assumption should be held that all providers retain logs even when they say they don't. I think NextDNS is headed in the right direction however the best course of action is the use of a solid VPN service. Thanks again for taking a sec to highlight this. |
|
|
|
No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request? Link: https://technitium.com/dns/Looks promising, will have to look into it too. It's amazing how much information you leak using public / your internet providers DNS. And how many people & places still refuse to use DNS over TLS. Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router. And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto. And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway. Yes, and extreme edge case, but still worth thinking about. -Dave Hey Dave, Just a quick follow up. resolvconf has been installed and the nameservers below have been set to permanent (default): nameserver: 9.9.9.9 (Quad 9) - Main - DNS over HTTPS (aka DoH) Link:https://quad9.net/news/blog/doh-with-quad9-dns-servers/ nameserver 1.1.1.1 (Cloudflare) - Fallback - DNS over HTTPS (aka DoH) Link: https://developers.cloudflare.com/1.1.1.1/encrypted-dnsnameserver: 127.0.0.53 (Local) - Fallback Technitium looked great, however after a hearty conversation with the team no one liked the idea of this remotely resembling a DNS server |
|
|
|
No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request? Link: https://technitium.com/dns/Looks promising, will have to look into it too. It's amazing how much information you leak using public / your internet providers DNS. And how many people & places still refuse to use DNS over TLS. Look a hardware wallet connected to an encrypted PC connected to an actual cable to the SonicWall router. And lets go to Coinbase using local ISPs DNS lookup. And now we know you have (or are interested in) crypto. And since your local ISP probably is not using DNSSEC, who knows if you are really at Coinbase anyway. Yes, and extreme edge case, but still worth thinking about. -Dave You're right. |
|
|
|
Pi-Hole have lots of dependency though.
Does not need to be Pi-Hole, just a local DNS resolver that you can query that will give 127.0.0.1 or whatever for places that you do not want your PC going to. But...... Since 99% of the world runs on BIND it's probably going to be that and it's dependencies. Since some pages are going to sit there and wait for a response from the query you need something internally running a web server and it's dependencies. Then, you are going to need a front end to manage it since you need a simple way to add / remove blocks. It's a trip down a very deep rabbit hole. But I still think it would be a nice feature to have or at least the option to have. You could probably get some app that manages your hosts file that pulls data from the blocklists you want to use and puts them in there, and then some sort of a front end manager for that. -Dave No worries Dave, I think security should always include a solid dialogue and its a valid point. I'm currently reviewing Technitium DNS Server and will need to perform a bit more research before implementing. I think this may fall along the lines of your request? Link: https://technitium.com/dns/ |
|
|
|
Do you have any updates regarding listing LockBox on DistroWatch, because I don't see it listed yet? If you didn't do it so far you can contact them directly and follow instructions on distribution submission page. Interesting thing about DistroWatch website is accepting of Bitcoin and Monero donations, along with regular paypal donations. Hey DK! Been pretty focused on doing this right but this is an action item and we look forward to submission! We should have this submitted within the next week or so. |
|
|
|
Is it intentional that you include few application with similar functionality? Few example 1. Flathub/Snapcraft to install additional app. 2. Gufw Firewall/Opensnitch to manage firewall. Gufw is a front end for UFW that just puts on a pretty GUI, but with no additional information. Opensnitch gives you a more info and does it a bit differently. It lets you know firefox is attempting to connect to facebook, so you can see the page but will block the connections to FB. Closer to adblock at the PC level. At least that is how I have always used it. @MagnumOpus3k how about adding an internal DNS resolver that blocks those requests. Something link Pi-Hole -Dave Hey Dave! We did look into pi-hole previously, but the installation of netcat was a red flag for the build. Though its not being used for nefarious purposes, we do know it can be. Also the idea of opening additional ports wasn't ideal either as it adds to the attack surface. However, it does appear opensnitch has integrated blocklist for ads and domains (ad lists may be used). Link: https://github.com/evilsocket/opensnitch/issues/298Link2: https://github.com/evilsocket/opensnitch/wiki/block-lists |
|
|
|
Is it intentional that you include few application with similar functionality? Few example 1. Flathub/Snapcraft to install additional app. 2. Gufw Firewall/Opensnitch to manage firewall. Hey ETF! 1. I would have much preferred to have either or with Flathub and Snapcraft, however there were simply gaps between application libraries. Snapcraft application library seems to be more geared towards advanced users as Flatpak is more so for the typical user. I incorporated both for a happy medium. 2. Gufw Firewall/Opensnitch to manage firewall. I think DaveF nailed this one. The Gufw is extremely limited in the data that it offers. You can add/block ports, log and enable/disable. Opensnitch is the modern day ZoneAlarm in my opinion. It basic incorporates a zero-trust factor and questions every single connection and blocks the connection within 15seconds (default) if not approved by the user. Furthermore, event logs are human readable thus making it easer for the average user to make a quick correlation. |
|
|
|
Nearing completion of the latest image and should have this it available shortly. Please see the list of installed applications below: Git: https://github.com/StratousLabs/LockBox1. Flathub-Home of hundreds of apps which can be easily installed on any Linux distribution. Browse the apps online, from your app center or the command line. 2. Snapcraft- Snaps are containerised software packages that are simple to create and install. They auto-update and are safe to run. And because they bundle their dependencies, they work on all major Linux systems without modification. 3. Gufw Firewall - GUFW is a graphical utility for managing Uncomplicated Firewall (UFW) 4. Gnome Feeds - Add your favorite feeds, start reading the latest news. It’s that simple. 5. Borg Backup -The main goal of Borg is to provide an efficient and secure way to backup data. The data deduplication technique used makes Borg suitable for daily backups since only changes are stored. The authenticated encryption technique makes it suitable for backups to not fully trusted targets. 6. Vorta Backup - Vorta is a cross-platform open source backup client. It makes managing Borg backups easy and there is no need to run commands in the Terminal. 7. Brave Browser - Brave is a free and open-source web browser developed by Brave Software, Inc. based on the Chromium web browser. Brave is a privacy-focused browser, which distinguishes itself from other browsers by automatically blocking online advertisements and website trackers in its default settings. 8. LibraWolf - A fork of Firefox, focused on privacy, security and freedom. 9. Chromium - Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web 10. KeypassXC - KeePassXC is a free and open-source password manager. It started as a community fork of KeePassX 11. Eddy - Install, update, uninstall and view information about debian packages. 12. Opensnitch - GNU/Linux application firewall. 13. btcrecover - btcrecover is an open source Bitcoin wallet password and seed recovery tool. It is designed for the case where you already know most of your password or seed, but need assistance in trying different possible combinations. 14. GNOME Partition Editor - GParted is a free partition editor for graphically managing your disk partitions. |
|
|
|
|
Update:
Near completion on the updated image. We did hit a minor snag with elementaryos and will be working to removing all trademarks pertaining to their brand. Please see their response below for transparency:
" LBX Team,
elementary OS is open source software, but the elementary brand is considered a trademark of elementary, Inc. While we don’t have official guidance for a software redistribution of elementary OS, we would expect you to comply with the guidelines laid out at elementary.io/brand, especially under the Hardware Distributors section. It’s critical that anyone using something that represents itself as “elementary OS” has the same experience as if they downloaded the OS from the elementary.io website—or that it is rebranded entirely. As our primary funding source is paid downloads of elementary OS, we do not allow redistribution of modified versions under the elementary OS name.Let me know if you have any other questions.
Best,
Cassidy James Blaede
Co-founder & CXO
elementary.io"
|
|
|
|
5. Add password manager such as KeePassXC.
I'm always a little apprehensive of pre-installing anything that deals with the users passwords or seed phrases, thus a password manager not being installed the first go around. Had a quick chat regarding this today and a concern of in the event the machine is compromised, the attackers may have access to everything possibly including the password manager. Furthermore, another piece of software increase the attack surface of the machine. We're currently ironing this out, but it is certainly being considered. Thanks again for the feedback!
KeePassXC encrypt the file (which store the password), so even if the machine is compromised, user need to open the file before user's password is compromised. Besides, Tails include KeePassXC, so IMO it should be safe since your distro doesn't aim to be as secure/private as Tails. Thanks ETF! I was thinking of more along the lines of keylogging malware that would comprise the vault, however per your comments you've sparked a new idea. Thanks again for taking a sec to chime in! Greatly appreciated. |
|
|
|
Although Tails already exist, your distro could fill different user base. But here are few suggestion 1. Publish the source code of your distro, otherwise you would violate Elementary's GPLv3 license (according to https://github.com/elementary/os/blob/master/LICENSE) 2. Remove Google Chrome, it's privacy nightmare. Brave or Ungoogled chromium is acceptable if user wish to visit website which doesn't support Firefox. 3. Add Tor Browser. 4. I don't know if Elementary OS already have this feature, but add option to encrypt the partition during system installation. 5. Add password manager such as KeePassXC.
Thanks you for this. The baseline OS is elementary and all changes/notations have been published to our git. Also its very important to note that this image was built with CUBIC (Custom Ubuntu ISO Creator), so not directly from source. Should we garner support from the community to keep this project going, we will begin the process of compiling from source. 2. Remove Google Chrome, it's privacy nightmare. Brave or Ungoogled chromium is acceptable if user wish to visit website which doesn't support Firefox.
I think its unamanious, we'll get this removed on the next update. 3. Add Tor Browser.
Added to the roadmap! 4. I don't know if Elementary OS already have this feature, but add option to encrypt the partition during system installation.
Yep! Before install you will have the option for FDE (Full Disk Encryption) and of course we recommend it. 5. Add password manager such as KeePassXC.
I'm always a little apprehensive of pre-installing anything that deals with the users passwords or seed phrases, thus a password manager not being installed the first go around. Had a quick chat regarding this today and a concern of in the event the machine is compromised, the attackers may have access to everything possibly including the password manager. Furthermore, another piece of software increase the attack surface of the machine. We're currently ironing this out, but it is certainly being considered. Thanks again for the feedback! |
|
|
|
|
