Secure hi-perf, small footprint OS for our babus

While brainstorming on the way we should secure the desktops of our govt. employees, I had to face a few truths.

There are still quite a few Pentium-1 with 128mb memory (or less), black and white screens and sitting at critical points like immigration checkpoints at airports.

How do we bring them in the fold of security, easy administration and better performance.

Usually, these machines run DOS or some arcane Unix variant (most DOS).

Here’s what I had in mind:

  1. Linux kernel  with PAX patches - note that Ubuntu security advisory notes 41% of all security issues arising from buffer overflows which this hopes to address.
  2. Link with GCC Stack Smashing Protection (ProPolice)
  3. Python + Urwid for console based application development ( a much better route than C++ with ncurses)
  4. A Pacman based package manager - which needs to be enhanced to support different auth based package access and a SAT solver dependency resolution (so that access to certain packages are limited by authorisation)
  5. Samba4 - for integration with Windows and its authentication protocols. This is essential because any migration happens in stages and interoperability needs to maintained, especially in a bureaucratic organization.
  6. Cream editor - based on vim. for a lightweight, easy to use console editor with nice productivity features.
  7. Alpine based email client with SSL/TLS patches for security.
  8. sudo and dbus based security infrastructure (no all-powerful root account).
  9. UFW - uncomplicated firewall.

Cost of this OS - zero. Based on free and open-source software.

Considering that Slitaz fits a an entire GUI based Linux OS in 25 mb, I think it would be pretty easy to fit in the above OS in under 25 mb.

It is time our lawmakers migrated to a modern OS, instead of sticking to proprietary, outdated crap.


Secure hi-perf, small footprint OS for our babus


May 08, 2009

Find me on Twitter @sandeepssrin

Did i make any mistake? Please consider sending a pull request.