This is a Linux distribution with some clever ideas about container isolation and using the PAX / grsecurity kernel patchset.
Since it is running Linux, not some minimal RTOS, I take some of their marketing on the website with a huge grain of salt. When it says things like, "verifiably trustworthy" and is a Linux distribution, it makes baby Brad Spengler (Spender) cry. Call me a skeptic, but I'm currently using Linux, professionally have managed Linux for over a decade, and <3 it entirely. That being said, I call BS on a Linux distribution that claims what this does.
Great marketing page however!
Written from my Fedora 20 laptop with SELinux enabled and my tinfoil anti-NSA hat on
I would be more enthusiastic about a "trustworthy" and "hardened" distribution with "container isolation" if it were BSD based with jails (among other things).
A simpler system, with fewer moving parts, and contributions (perhaps) from cperciva ?
Why BSD over Linux? And which BSD would you start with?
I'd stay far away from SELinux, knowing that added complexity is unlikely to add security in practice. But is any of the major BSD kernels appreciably simpler or more secure than the Linux kernel these days? I'm sure that the Linux kernel has broader hardware support; that would yield an OS that more people can actually run without restricting their hardware choices. So on balance, Linux seems to me like a better choice.
To be sure, I'd strip down the userland, starting with the C library; I'd choose musl over glibc. Actually, my idea of a "trustworthy", "hardened" Linux distro would look a lot like Alpine Linux (the in-development musl-based version).
Truthfully it's the kernel rather than userland I'd be more concerned about. It might be open-source but it's an enormous piece of software. Heartbleed showed us that serious vulns can slip through, and AFAIK the kernel hasn't had a truecrypt-style security audit (which I believe it deserves).
I don't think BSD is necessarily more secure, despite what that Theo blowhard has to say.
I'd see you as a bit misguided then. Different than Linux != more secure. The best way would be isolation using hardware's VT functionality. That enforced separation at the hardware level. Something more like this. Also, the xen microkernel is very small in comparison to Linux and easier to audit.
None really, other than they have been around a lot longer and have potential to have been audited by more people. That being said, a lot more people look at Linux code and work on it than all of the BSDs combined, so it is really a wash.
Yesterday we updated our website with information about a new project that we've been working on since December and made a very small announcement on Twitter about the website change and this generated more attention than we were expecting.
So I should clarify the status of the project which is that we haven't released anything yet, but we've been working on what is described on our website for the last 6 months. We predict but can't promise that we'll have something available for brave enthusiastic people to test by the end of summer. That's the point at which we normally would have announced our project here.
By "operating system" they seem to mean "linux distribution". I suspect that, like most glamorous crypto project, this will turn out to be woefully inadequate. (For example, they did their own implementation of openpgp. Not clear why.)
Yes, Subgraph OS is meant to be used as a general purpose desktop operating system. There is pressure on TAILS to evolve in this direction by people who like TAILS and want to use it as their main everyday OS, but this conflicts with the 'amnesic' philosophy and vision of TAILS as an ephemeral read-only system. One of the objectives of Subgraph OS is to provide something more convenient to users who wish to use TAILS persistently.
I only recently started using Tails myself. I found it to be pretty easy to get going, and the Windows Camouflage mode is fun. I don't see this being a real replacement. Maybe a competitor?
> Subgraph OS users who install the operating system must have encrypted filesystems. It is not optional in Subgraph OS.
I like that. All "secure" operating systems should have that, and all operating systems should have it if they benefit from hardware encryption, which would make the performance overhead a non-issue.
hardware encryption is more difficult to audit, likely to have backdoors, etc.. djb recently posted some feedback on how to improve available instructions in x86 for doing the type of maths common in today's crypto code, which is far more useful.
Well this is good news. More choices we will have, more privacy we get. Maybe one day, this kind of OS will be default for everyone and even usable for "basic" users. I'm really looking forward to try it asap. Keep up the good work guys.
Since it is running Linux, not some minimal RTOS, I take some of their marketing on the website with a huge grain of salt. When it says things like, "verifiably trustworthy" and is a Linux distribution, it makes baby Brad Spengler (Spender) cry. Call me a skeptic, but I'm currently using Linux, professionally have managed Linux for over a decade, and <3 it entirely. That being said, I call BS on a Linux distribution that claims what this does.
Great marketing page however!
Written from my Fedora 20 laptop with SELinux enabled and my tinfoil anti-NSA hat on