ToG Linux ("Touch of God" (no blasphemy intended) a la Michelangelo's "The Creation of Adam", with one of the poetic connotations being, to make best use of what you know to be certain, what "you can touch" (can exclusively reach with certainty), is readily available in your immediacy (before the physical reality of fields was understood, Leibniz made fun of Newton's "actions at a distance", of which Newton himself admitted not to know its origin and nature ...)) This would be a first draft about what could be considered a poor-man Debian Live air-gap running instance. I post it here because Debian is definitely my favorite distro (and many other are based on it), the deb live and blends mailing lists are mostly about specific changes to their project and I am talking about general topics relating to securing a Debian Linux running instance in a relatively straight forward way based on options which are already available. No fanciness or "conceptual demands"! Nothing new under the sun! It is more of a „Deutsches Eck” kind of thing, making things confluent to make good of them. Some of the ideas have nothing to do with Debian per se, but objectives which conceptual ecosystem aims at being able to use computers with some of that thing they used to call "privacy", at the very least less exposure. Most of the measures are procedural and physical (involving hardware). Using just software would just be an illusive waste of time. ~ 0. Objectives: 0.1) even though by their very nature OSs', applications, network- and/or IO-enabled computers can't possibly be secure, any malicious software which manage to get in your system would be mindlessly erased simply by a less than a minute reboot (only that would keep "hackers" away, they need persistence and they know they would be exposing their rear end to the four winds and that you won't have to spend your mind on worries and/or your hard earned money on "virus scanners", "malware detectors", ...); 0.2) you may be able to and should use the same computer in both: exposed, and "air-gapped" mode; 0.3) ToG would require just some disciplined and prudent exercise of your exposed activities, (if any) near to zero comma nada monetary investment; 0.4) ToG would let its user base have -some- healthy and aware tranquility of mind when it comes to safety and "privacy"; 0.5) the use of a package extensions phase during the boot process, makes blends unnecessary, since you would enhance the functionality of your initial Debian Live DVD during boot up in whichever way you want and even use other supported architecture*. *: 0.5)* multi-session DVDs for various architectures? 0.5)* generally speaking people using certain applications (say eclipse or Wazuh unified XDR and SIEM protection framework) would have a better sense of where the configuration and work files are kept. ~ 1) What you will need: 1.1) Debian Live on a DVD[-R|+R] write-once and finalize disk (you can't physically write onto) (alternatively USB pen drives could be used, but are not recommended, they are not simple "WYSWYG" things (a USB pen drive can be a RF device in ways you can't simply tell apart from regular ones) and most (all?) breaks into air-gap systems have been through misuse of USB pen drives)* 1.2) a "package extensions" USB pen drive (where you would keep extra, specific packages you need, not included in §1.1) and a lokal web references file; 1.3) a computer, you own*, which: 1.3.1) BIOS doesn't include networking, is open source (could be "trusted and checked") and which binaries you can linearize and dump in full as a file*; 1.3.2) BIOS lets you choose the boot device; 1.3.3) is not powered, not connected to the Internet (either as part of a wired or wireless network); 1.4) you will have a hard drive for your own your data which you never connect to the Internet*. *: 1.1)* an 8 cm (3.1 inches) DVD could be used which would easily fit in your shirt's front pocket including the §1.2 USB pen drive, with the most basic functionality. 1.3)* if you don't own the computer you are using, you will use the Debian Live DVD as such without extra extensions automatic fanciness and there will still be the option to update §1.2 for the new architecture and Linux version/distribution, but it must be done on the box you own which is the one with allows you access to the §1.2 strategy. 1.3.1)* Is there such a "safe BIOS"? Could you follow a physically safe procedure around this? Could you: a) dump the BIOS data onto a file? b) blank and reset the BIOS?, c) import a "new" binary and check it? 1.4)* why aren't hard drives being produced with a physical/mechanical switch to enable them to read data into or NOT? 1.4)* which HAL (Hardware AnaLyzer) techniques are used to check the hardware inside hard disk drives and computers? ~ 2) GRUB boot up Procedure (boot loaders' moment!): 2.1) insert Debian Live DVD; 2.2) power on computer; 2.3) select DVD as starting device; 2.4) as part of a secure boot procedure, at the grub start up options prompt, run some code to dump BIOS as HEX file, which sha256sum is then used to mount a USB pen drive via --uuid and to decrypt your package extensions USB pen drive (§1.2); 2.5) boot continues*; ... 2.6) based on the combination of: a) architecture, b) Live DVD (which could be multi-session for different architectures?), c) a list of needed utilities and applications in your package extensions USB pen drive, there will be: 2.6.2) some utilities which may come as part of the DVD; 2.6.3) other which will have to be installed with packages already in the extension USB pen drive; 2.6.3) if some needed packages included in the list of extensions is not included in the pen drive: 2.6.3.1) those packages will be listed; 2.6.3.2) some installation script will be generated for you and dropped in §1.2 which you would then run automatically becoming a permanent update once you boot using your home computer; 2.6.3.3) a copy of the script will be left in your $HOME folder for you to run right after you expose your computer during this sessions 2.7) sudo umount §1.2 and unplug it before exposing your computer* *: 2.4)* keep that pen drive with you at all times, in your set of keys if necessary (go pee before pluggin it in, do not leave your computer unattended!) 2.5)* where are the knoppix-like boot options: "toram", "tohd=<partition>", "fromhd=<partition>", "myconf=<...>", "home=<...>" in Debian Live? https://en.wikibooks.org/wiki/Knowing_Knoppix/Knoppix_boot_options The "toram" bootup option would make your instance even more unhackable since all RAM content will be unpowered, blank when the computer is turned off. These days even a $50 tablet comes with 16Gb RAM. 2.7)* internal check as part of the boot process to continue only after §1.2 has been physically unplugged? ~ 3) Exposed mode: 3.1) expose your computer by first physically/mechanically connecting the networking hardware you use (wired connections are always faster, right?); 3.2) run the necessary firmware (optimal option)*, if not automatically detected; 3.3) if §2.6.3.3 installation script exists, run it to download, install and save installed packages; 3.4) include versions of firefox and chromium browser (brave has HAR and TOR capabilities) run through selenium automation to: 3.4.1) parse/rewrite every HTML page based on its XPaths to choose what would reach your field of view; 3.4.2) keep track of data which have already been downloaded (so their link color will be changed) based on the lokal web reference file from the unexposed run*; 3.4.3) storage space is insanely cheap, anyway: as you "browse the web" (by downloading files to your computer) you keep them in a structured way in your hard drive's fs with paths more or less matching the URLs and URL <-> lokal Path ref. Tables (instead of using "download" subdirectory for all files) *: 3.2)* necessary installation script and networking libraries will be left in $HOME by §1.2 (ideally networking should be taken out of the Linux kernel) 3.4.1)* of crucial importance, not only to clear your way of all that google goo, farting images and javascript cr@p with pop ups telling you "they care about your privacy", showing you how much better would be dumping your sex partner and developing a crush on some amine picture, ... but also javascript is the main compromising attack vector used by that good for nothing Vladimir Putin and all IT companies are in bed with him anyway, as are (Victoria) Santa Nuland ("of the freedom loving cookies" (as she was canonized)), Ursula von der Leyen ("Queen of the EU royal garden"), ... 3.4.1)* after the parsing/XPath rewriting phase, downloaded pages would be kept as part of Korpus to be shared among users belonging to a friends of friends network (most of us have our ways to perceive and make sense of outer reality. Even though they might not "influence" you, farting images, annoying pop-up windows and such things get in your way in the way that you may not be scared of a barking dog, but the constant barking definitely taxes your mind and ultimately makes you waste time, anyway). 3.4.1)* to what extent should generated content be "engaged". Is, "yes, suring!" them enough? 3.4.1)* et 3.4.2)* (Selenium-linked) "lokal web" strategy whichever browser is being automated would route through, handle data using the four identifying coordinates: ("site + URL Path", "page", "link trajectory", "XPath within page") in order to look up an index to run a command object which cleanses that page segment ... 3.4.1)* et 3.4.2)* (Selenium-linked) Declaring on your settings that all sites or one in particular may not run javascript is way too coarse and breaks functionality. 3.4.1)* et 3.4.2)* (Selenium-linked) Broker all settings regardless of the browser used via Selenium. 3.4.2)* changing all links to the local option in a disk partition mounted as --read-only if available? 3.4.3)* all links of downloaded and kept pages and data must be relative, the external drive must be mounted via --uuid and the path to the lokal web directory should be part of some environment variable. 3.4.3)* some textual data such a pdf files may contain full (not relative) links, which should be extracted and downloaded (if data linked doesn't exist, try the way back machine, ... ). ~ 4) Unexposed mode (one way transfer strategy to save your data before shuting down your computer): 4.1) disconnect the exposed computer from the Internet by removing firm/software; 4.2) physically/mechanically remove your wired or wireless USB dongle*; 4.3) if post-installation script exists and you are on your home box, prompt telling user to insert §1.2 to save the downloaded installation packages; 4.4) rename §1.2 based on size, the number of lines and sha256sum; 4.5) in order to transfer data from the exposed configuration to the unexposed, external drive, you will: 4.5.1) mount your external hard drive §1.4; 4.5.2) right after mounting it, run a script to check the physical health of the disk (smartctl, xfs repair if you are running XFS, keep a dmesg diff from before and after the disk was mounted); 4.5.3) transfer delta of data via rsync; 4.5.4) recreate list of lokal (append new records to) web references based on §4.5.3 delta; 4.5.5) transfer new file with lokal web references to §1.2; *: 4.2)* should you inforced that the Internet connection is not available before continuing? 4.5.4)* should also there be a full check option double checking that "2+2=4" to be run once in a while? 4.5.5)* metadata in the name of the file: size, lines and sha256sum ~ 5.) shutdown* 5.1) run file integrity checks, keeping diffs of last exposed sessions ... 5.2) shutdown 5.3) power off *: 5)* regular shutdown procedures and checks are also part of securing your instances. "Hackers" will hate that since they existentially need persistence in your box and for you to be "visual", passive and innocent about it. ~ 6. ToG's shortcomings: 6.1) laptop and tablets these days come without a DVD caddy; 6.2) Most applications assume (and demand even during their installation!) that: 6.2.1) your computer is connected to the Internet; and 6.2.2) you are installing applications on your hard drive; so, settings should be permanent ... 6.3) some cookies and other data/session tracking bs you may want to keep. 6.4) you should not buy your computer over the Internet (at least not as an "all-in-one" PC) at least I know well about one of my best known hells, in the U.S. the federal postal service works as a nation-wide black chamber! *: 6.1)* you will have to keep one in your backpack inside of a protective box or use a partition of your USB pendrive to boot your computer (ideally if some sort of knoppix-like fromhd boot option is used, there should be an option to check the size, type and sha*sum of the iso) 6.2.2)* et 6.3)*: think of settings in browsers, startup conf files in Eclipse or a regular text editor, browsers' add ons, ... : running fs deltas right before exposing and right before shutdown would make obvious which work and configuration files may belong to which version of an applications and where they should be placed during the next boot, they should be saved in §1.2 and replaced after each reboot. ~ 7. Other security measures: 7.1) keep your computer in a Faraday Cage ideally grounded through both a ground plug of your electrical power outlet and some metal such as a digging bar deeply pushed into the ground and connected with a conducting wire to your Faraday cage; 7.2) noise the immediate vicinity of your environment with random, stochastic audible noise, ultra sound and EM variations in order to avoid, degrade tempesting; 7.3) read off and write on paper your must sensitive data (passwords, ...) and your most important train of thoughts; 7.4) why aren't there disks and pen drives with a switch to physically/mechanically disable the writing of data onto them? 7.5) from such apparently innocuous data such as your "finger" (keystroke patterns) to your search terms, should ToG include active noising options? (you mind a term search, while your browser somewhat predictively (within a narrative, initially and afterwards) does some search terms on antonyms and marginal senses based on word lists, thesauri and ludwig.guru patterns by itself which don't reach your field of view) 7.6) they say "life is a b!tch" and some add the coda "that is why I like it so much" as "we the people" do in places such a Cuba and did East Germany (and who would have thought that "'the' land of 'the' 'free' ..." would make you think of what goes on in Cuba and went on East Germany as benign, less perniciously consequential, much less all-encompassing?) creating a degree of noise around you (relatively loud music while you talk on the phone, work office kinds of background noises, ...) would cost nothing and be "healthy" to your mind and body.
You may ask me questions or suggest options on my wordpress page: https://ergosumus.wordpress.com/2023/12/06/tog-touch-of-god-linux-first-draft-of-a-rfc/ or right here via the mailing list. thank you, lbrtchx