From a7d90290836234c3f85abdb92c757cf1e9c4cf20 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Thu, 2 Jul 2020 11:15:05 +0000 Subject: [PATCH 1/3] Tidy up operating systems pages --- _includes/nav.html | 2 +- ...ms.html => android-operating-systems.html} | 49 ++----- .../sections/live-operating-systems.html | 33 ----- _includes/sections/operating-systems.html | 120 +++++++++--------- .../other-mobile-operating-systems.html | 11 ++ _includes/sections/router-firmware.html | 40 ------ _includes/sections/tor-operating-systems.html | 23 ++++ assets/img/svg/3rd-party/alpinelinux.svg | 2 + assets/img/svg/3rd-party/archlinux.svg | 2 + assets/img/svg/3rd-party/calyxos.svg | 2 + assets/img/svg/3rd-party/nixos.svg | 2 + assets/img/svg/3rd-party/whonix.svg | 2 + pages/old.html | 6 +- pages/os.html | 35 +---- 14 files changed, 124 insertions(+), 205 deletions(-) rename _includes/sections/{mobile-operating-systems.html => android-operating-systems.html} (57%) delete mode 100644 _includes/sections/live-operating-systems.html create mode 100644 _includes/sections/other-mobile-operating-systems.html create mode 100644 _includes/sections/tor-operating-systems.html create mode 100644 assets/img/svg/3rd-party/alpinelinux.svg create mode 100644 assets/img/svg/3rd-party/archlinux.svg create mode 100644 assets/img/svg/3rd-party/calyxos.svg create mode 100644 assets/img/svg/3rd-party/nixos.svg create mode 100644 assets/img/svg/3rd-party/whonix.svg diff --git a/_includes/nav.html b/_includes/nav.html index a649fe92e..cae5cd8f3 100644 --- a/_includes/nav.html +++ b/_includes/nav.html @@ -87,7 +87,7 @@ PC OS - PC Live OS + Tor focused distributions Mobile OS Android Privacy Add-ons Router Firmware diff --git a/_includes/sections/mobile-operating-systems.html b/_includes/sections/android-operating-systems.html similarity index 57% rename from _includes/sections/mobile-operating-systems.html rename to _includes/sections/android-operating-systems.html index 1b1de836d..6825a1bf6 100644 --- a/_includes/sections/mobile-operating-systems.html +++ b/_includes/sections/android-operating-systems.html @@ -1,16 +1,26 @@

Mobile Operating Systems

+

Android-based Operating Systems

+ +{% include cardv2.html + title="CalyxOS" + image="/assets/img/svg/3rd-party/calyxos.svg" + description='CalyxOS is a custom ROM based on the Android Open Source Project with Pixel phones. It aims to be secure and private by default including a number of good choices for default applications. It also supports verified boot.' + badges="info:AOSP" + website="https://calyxos.org" + gitlab="https://gitlab.com/calyxos" +%} + {% include cardv2.html title="GrapheneOS" image="/assets/img/svg/3rd-party/grapheneos.svg" image-dark="/assets/img/svg/3rd-party/grapheneos-dark.svg" description='GrapheneOS (formerly known as CopperheadOS) is a free and open-source security- and privacy-focused mobile operating system built on top of the Android Open Source Project. It currently specifically targets devices offering strong hardware security.' badges="info:AOSP" - labels="color==warning::text==contrib::tooltip==This software may depend on or recommend non-free software." website="https://grapheneos.org/" github="https://github.com/GrapheneOS/" %} @@ -20,49 +30,14 @@

Worth Mentioning

    -
  • Replicant - {% include badge.html - color="info" - text="AOSP" - %} - - An open-source operating system based on Android, aiming to replace all proprietary components with free software. -
  • - -
  • - OmniROM - {% include badge.html - color="info" - text="AOSP" - %} - {% include badge.html - color="warning" - icon="far fa-question-circle" - text="contrib" - tooltip="This software may depend on or recommend non-free software." - %} - - A free-software operating system for smartphones and tablet computers, based on the Android mobile platform. -
  • -
  • MicroG {% include badge.html @@ -72,8 +47,6 @@

    Worth Mentioning

    {% include badge.html color="warning" icon="far fa-question-circle" - text="contrib" - tooltip="This software may depend on or recommend non-free software." %} - A project that aims to reimplement the proprietary Google Play Services in the Android operating system with a FLOSS replacement. The microG project also maintains a fork of LineageOS with microG and F-Droid preinstalled at Lineage for microG.
  • diff --git a/_includes/sections/live-operating-systems.html b/_includes/sections/live-operating-systems.html deleted file mode 100644 index af0a10141..000000000 --- a/_includes/sections/live-operating-systems.html +++ /dev/null @@ -1,33 +0,0 @@ -

    PC Live Operating Systems

    - -{% include cardv2.html - title="Tails" - image="/assets/img/svg/3rd-party/tails.svg" - description='Tails is a live operating system that can boot on almost any computer from a DVD, USB stick, or SD card you control. It aims at preserving privacy and anonymity, and circumventing censorship by forcing Internet connections through the Tor network; leaving no trace on the computer; and using state-of-the-art cryptographic tools to encrypt files, emails, and instant messages.' - badges="info:GNU/Linux" - labels="color==warning::text==contrib::tooltip==This software may depend on or recommend non-free software." - website="https://tails.boum.org/" - git="https://git-tails.immerda.ch/tails/" -%} - -

    Worth Mentioning

    - -
      -
    • - Fedora Workstation - {% include badge.html - color="info" - text="GNU/Linux" - %} - - Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment. -
    • - -
    • - Debian - {% include badge.html - color="info" - text="GNU/Linux" - %} - - Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project. -
    • -
    diff --git a/_includes/sections/operating-systems.html b/_includes/sections/operating-systems.html index 2fe24f817..6dac095fe 100644 --- a/_includes/sections/operating-systems.html +++ b/_includes/sections/operating-systems.html @@ -4,83 +4,83 @@

    If you are currently using an operating system like Windows 10, you should pick an alternative here. -{% include cardv2.html - title="Qubes OS" - image="/assets/img/svg/3rd-party/qubes_os.svg" - description='Qubes is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.' - badges="info:Xen" - labels="color==warning::text==contrib::tooltip==This software may depend on or recommend non-free software." - website="https://www.qubes-os.org/" - privacy-policy="https://www.qubes-os.org/privacy/" - github="https://github.com/QubesOS" - tor="http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/" -%} - {% include cardv2.html title="Fedora Workstation" image="/assets/img/svg/3rd-party/fedora.svg" description='Fedora is a Linux distribution developed by the Fedora Project and sponsored by Red Hat. Fedora Workstation is a secure, reliable, and user-friendly edition developed for desktops and laptops, using GNOME as the default desktop environment.' - badges="info:GNU/Linux" - labels="color==warning::text==contrib::tooltip==This software may depend on or recommend non-free software." + badges="info:Linux" website="https://getfedora.org/" privacy-policy="https://fedoraproject.org/wiki/Legal:PrivacyPolicy?rd=Legal/PrivacyPolicy" git="https://src.fedoraproject.org/" %} +{% include cardv2.html + title="Ubuntu" + image="/assets/img/svg/3rd-party/ubuntu.svg" + description='Ubuntu is a linux distribution developed by Canonical Ltd. Ubuntu is a reliable and distribution that is user-friendly and can be run on desktops, servers and IoT devices.' + badges="info:Linux" + website="https://ubuntu.com" + privacy-policy="https://ubuntu.com/legal/data-privacy" + git="https://launchpad.net/ubuntu" +%} + +

    Advanced Operating Systems

    + + + +{% include cardv2.html + title="Alpine Linux" + image="/assets/img/svg/3rd-party/alpinelinux.svg" + description='Alpine Linux is a very minimal distribution designed to be secure and very resource efficient. Alpine Linux can run from RAM, and merge configuration files into the system on boot using Alpine local backup. Alpine Linux is often used on servers and in Linux containers.' + badges="info:Linux" + website="https://alpinelinux.org/" + privacy-policy="https://alpinelinux.org/privacy-policy.html" + gitlab="https://gitlab.alpinelinux.org" +%} + +{% include cardv2.html + title="Arch Linux" + image="/assets/img/svg/3rd-party/archlinux.svg" + description='A simple, lightweight Linux distribution. It is composed predominantly of free and open-source software, and supports community involvement.' + badges="info:Linux" + labels="color==success::link==https://tests.reproducible-builds.org/archlinux/archlinux.html::text==Reproducable builds" + website="https://www.archlinux.org/" + privacy-policy="https://wiki.archlinux.org/index.php/ArchWiki:Privacy_policy" + gitlab="https://gitlab.archlinux.org" +%} + {% include cardv2.html title="Debian" image="/assets/img/svg/3rd-party/debian.svg" description='Debian is a Unix-like computer operating system and a Linux distribution that is composed entirely of free and open-source software, most of which is under the GNU General Public License, and packaged by a group of individuals known as the Debian project.' - badges="info:GNU/Linux" + badges="info:Linux" + labels="color==success::link==https://reproducible.debian.net::text==Reproducable builds" website="https://www.debian.org/" privacy-policy="https://www.debian.org/legal/privacy" tor="http://sejnfjrq6szgca7v.onion" gitlab="https://salsa.debian.org/qa/debsources" %} -

    Worth Mentioning

    - -
      -
    • OpenBSD - {% include badge.html - color="info" - text="BSD" - %} - - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography. -
    • - -
    • - Arch Linux - {% include badge.html - color="info" - text="GNU/Linux" - %} - {% include badge.html - color="warning" - icon="far fa-question-circle" - text="contrib" - tooltip="This software may depend on or recommend non-free software." - %} - - A simple, lightweight Linux distribution. It is composed predominantly of free and open-source software, and supports community involvement. Parabola is a - completely open source version of Arch Linux. -
    • - -
    • - Trisquel - {% include badge.html - color="info" - text="GNU/Linux" - %} - - Derived from Ubuntu, this project aims for a fully free software system without proprietary software or firmware and uses Linux-libre, a version of the Linux kernel with the non-free code (binary blobs) removed. -
    • +{% include cardv2.html + title="NixOS" + image="/assets/img/svg/3rd-party/nixos.svg" + description='NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages.' + badges="info:Linux" + labels="color==success::link==https://r13y.com::text==Reproducable builds" + website="https://nixos.org" + privacy-policy="https://nixos.wiki/wiki/NixOS_Wiki:Privacy_policy" + github="https://github.com/NixOS" +%} -
    • - Whonix - {% include badge.html - color="info" - text="GNU/Linux" - %} - - A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" - and a Tor "Gateway". All communication are forced through the Tor network to accomplish this. -
    • -
    +{% include cardv2.html + title="Qubes OS" + image="/assets/img/svg/3rd-party/qubes_os.svg" + description='Qubes is an open-source operating system designed to provide strong security for desktop computing. Qubes is based on Xen, the X Window System, and Linux, and can run most Linux applications and utilize most of the Linux drivers.' + badges="info:Xen" + website="https://www.qubes-os.org/" + privacy-policy="https://www.qubes-os.org/privacy/" + github="https://github.com/QubesOS" + tor="http://qubesosfasa4zl44o4tws22di6kepyzfeqv3tg4e3ztknltfxqrymdad.onion/" +%} diff --git a/_includes/sections/other-mobile-operating-systems.html b/_includes/sections/other-mobile-operating-systems.html new file mode 100644 index 000000000..f1cb488d2 --- /dev/null +++ b/_includes/sections/other-mobile-operating-systems.html @@ -0,0 +1,11 @@ +

    Other Mobile Operating Systems

    + +{% include cardv2.html + title="Ubuntu Touch" + image="/assets/img/svg/3rd-party/ubuntu.svg" + description="Ubuntu Touch is a free and open-source operating system for smartphones and tablets. It's an alternative to the current popular mobile operating systems on the market. Only a few devices are supported." + badges="info:Linux" + website="https://ubuntu-touch.io/" + privacy-policy="https://ubports.com/privacy" + github="https://github.com/ubports" +%} diff --git a/_includes/sections/router-firmware.html b/_includes/sections/router-firmware.html index c2dbea93b..b8a2c0f0b 100644 --- a/_includes/sections/router-firmware.html +++ b/_includes/sections/router-firmware.html @@ -6,7 +6,6 @@

    Worth Mentioning

    - -
      -
    • - OpenBSD - {% include badge.html - color="info" - text="BSD" - %} - - A project that produces a free, multi-platform 4.4BSD-based UNIX-like operating system. Emphasizes portability, standardization, correctness, proactive security and integrated cryptography. -
    • - -
    • - DD-WRT - {% include badge.html - color="info" - text="GNU/Linux" - %} - {% include badge.html - color="warning" - icon="far fa-question-circle" - text="contrib" - tooltip="This software may depend on or recommend non-free software." - %} - - A Linux-based open-source firmware compatible with several models of routers and access points. -
    • -
    diff --git a/_includes/sections/tor-operating-systems.html b/_includes/sections/tor-operating-systems.html new file mode 100644 index 000000000..e5e09d9d3 --- /dev/null +++ b/_includes/sections/tor-operating-systems.html @@ -0,0 +1,23 @@ +

    Tor-Focused Distributions

    + + + +{% include cardv2.html + title="Tails" + image="/assets/img/svg/3rd-party/tails.svg" + description='Tails is a live operating system that can boot on almost any computer from a DVD, USB stick, or SD card you control. It aims at preserving privacy and anonymity, and circumventing censorship by forcing Internet connections through the Tor network; leaving no trace on the computer; and using state-of-the-art cryptographic tools to encrypt files, emails, and instant messages.' + badges="info:Linux" + website="https://tails.boum.org/" + git="https://git-tails.immerda.ch/tails/" + %} + +{% include cardv2.html + title="Whonix" + image="/assets/img/svg/3rd-party/whonix.svg" + description='A Debian-based security-focused Linux distribution. It aims to provide privacy, security and anonymity on the internet. The operating system consists of two virtual machines, a "Workstation" and a Tor "Gateway". All communication are forced through the Tor network to accomplish this. Whonix is best used in conjunction with Qubes.' + badges="info:Linux" + website="https://www.whonix.org/" + github="https://github.com/Whonix" +%} diff --git a/assets/img/svg/3rd-party/alpinelinux.svg b/assets/img/svg/3rd-party/alpinelinux.svg new file mode 100644 index 000000000..e2aef2d35 --- /dev/null +++ b/assets/img/svg/3rd-party/alpinelinux.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/svg/3rd-party/archlinux.svg b/assets/img/svg/3rd-party/archlinux.svg new file mode 100644 index 000000000..4b46a612f --- /dev/null +++ b/assets/img/svg/3rd-party/archlinux.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/svg/3rd-party/calyxos.svg b/assets/img/svg/3rd-party/calyxos.svg new file mode 100644 index 000000000..21743c853 --- /dev/null +++ b/assets/img/svg/3rd-party/calyxos.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/svg/3rd-party/nixos.svg b/assets/img/svg/3rd-party/nixos.svg new file mode 100644 index 000000000..dacba1545 --- /dev/null +++ b/assets/img/svg/3rd-party/nixos.svg @@ -0,0 +1,2 @@ + + diff --git a/assets/img/svg/3rd-party/whonix.svg b/assets/img/svg/3rd-party/whonix.svg new file mode 100644 index 000000000..212ea7dbb --- /dev/null +++ b/assets/img/svg/3rd-party/whonix.svg @@ -0,0 +1,2 @@ + + diff --git a/pages/old.html b/pages/old.html index c7149c09d..8e7e86e3c 100644 --- a/pages/old.html +++ b/pages/old.html @@ -73,12 +73,14 @@ {% include sections/operating-systems.html %} -{% include sections/live-operating-systems.html %} +{% include sections/tor-operating-systems.html %} -{% include sections/mobile-operating-systems.html %} +{% include sections/android-operating-systems.html %} {% include sections/android-addons.html %} +{% include sections/other-mobile-operating-systems.html %} + {% include sections/router-firmware.html %} {% include sections/windows10.html %} diff --git a/pages/os.html b/pages/os.html index 08d138daa..536f2cf31 100644 --- a/pages/os.html +++ b/pages/os.html @@ -13,41 +13,14 @@

    Warning

  • Don't use Windows 10 - It's a privacy nightmare
-

Remember to check CPU vulnerability mitigations

+{% include sections/tor-operating-systems.html %} -

This also affects Windows 10, but it doesn't expose this information or mitigation instructions as easily. MacOS users check How to enable full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities on Apple Support.

- -

When running a recent enough Linux kernel, you can check the CPU vulnerabilities it detects by tail -n +1 /sys/devices/system/cpu/vulnerabilities/*. By using tail -n +1 instead of cat, the file names are also visible.

- -

- In case you have an Intel CPU, you may notice "SMT vulnerable" display after running the tail command. To mitigate this, disable hyper-threading from the UEFI/BIOS. You can also take the following mitigation steps below if your system/distribution uses GRUB and supports /etc/default/grub.d/: -

- -
    -
  1. sudo mkdir /etc/default/grub.d/ to create a directory for additional grub configuration
  2. -
  3. echo GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT l1tf=full,force mds=full,nosmt mitigations=auto,nosmt nosmt=force" | sudo tee /etc/default/grub.d/mitigations.cfg to create a new grub config file source with the echoed content
  4. -
  5. sudo grub-mkconfig -o /boot/grub/grub.cfg to generate a new grub config file including these new kernel boot flags
  6. -
  7. sudo reboot to reboot
  8. -
  9. after the reboot, check tail -n +1 /sys/devices/system/cpu/vulnerabilities/* again to see that everything referring to SMT now says "SMT disabled."
  10. -
- -
Further reading
- - - -{% include sections/live-operating-systems.html %} - -{% include sections/mobile-operating-systems.html %} +{% include sections/android-operating-systems.html %} {% include sections/android-addons.html %} +{% include sections/other-mobile-operating-systems.html %} + {% include sections/router-firmware.html %} {% include sections/windows10.html %} From cb1131d045afae7a0dfb4cc2f5cfa8bbd44ac503 Mon Sep 17 00:00:00 2001 From: Daniel Gray Date: Mon, 6 Jul 2020 08:10:28 +0000 Subject: [PATCH 2/3] Use a onion for Tor focused distributions --- _includes/nav.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/nav.html b/_includes/nav.html index cae5cd8f3..5db86462a 100644 --- a/_includes/nav.html +++ b/_includes/nav.html @@ -87,7 +87,7 @@ PC OS - Tor focused distributions + Tor focused distributions Mobile OS Android Privacy Add-ons Router Firmware From 342b3a6eade925ff281009ef13edaea2cf3bb6c2 Mon Sep 17 00:00:00 2001 From: Daniel Nathan Gray Date: Tue, 7 Jul 2020 02:27:24 +0000 Subject: [PATCH 3/3] Grammar Co-authored-by: nitrohorse <1514352+nitrohorse@users.noreply.github.com> --- _includes/sections/operating-systems.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_includes/sections/operating-systems.html b/_includes/sections/operating-systems.html index 6dac095fe..0882ebee6 100644 --- a/_includes/sections/operating-systems.html +++ b/_includes/sections/operating-systems.html @@ -17,7 +17,7 @@

{% include cardv2.html title="Ubuntu" image="/assets/img/svg/3rd-party/ubuntu.svg" - description='Ubuntu is a linux distribution developed by Canonical Ltd. Ubuntu is a reliable and distribution that is user-friendly and can be run on desktops, servers and IoT devices.' + description='Ubuntu is a Linux distribution developed by Canonical Ltd. Ubuntu is a reliable and distribution that is user-friendly and can be run on desktops, servers, and IoT devices.' badges="info:Linux" website="https://ubuntu.com" privacy-policy="https://ubuntu.com/legal/data-privacy"