On Thu, Feb 28, 2013 at 01:43:38PM +0000, anonymous2...@nym.hush.com wrote: > Every idiot knows Linux is more secure in many ways > than Windows yet sometimes other factors come into play that > require the use of MS.
No. MS is never required. I've heard that contention for decades and it's never been true. There's ALWAYS a better way to anyone who has the intelligence, the resourcefulness, the diligence to find one. (And this gets easier all the time: finding alternatives is much easier in 2013 than it was in 2003. The problem now, in some ways, is not "are there vastly superior alternatives?" but "which of the many is right for this instance?" Good problem to have, though.) So you have a choice: you can either stubbornly persist with this, or you can go back through your checklist and remove every single item that's not open-source. (For starters. That's by no means a sufficient change, but it's a necessary one, and would at least dispense with some of the most egregiously poor choices, of which "operating system" is not the only one.) And Linux is far from the only choice available, and it probably would not be the one that I recommend first. But -- to back up quite a bit -- actually making a serious recommendation would require seeing your design goals, and we haven't. If we presume, for the sake of argument, that you have powerful, clueful enemies who are well-funded and somewhat ruthless, then other changes might also be in order. For example, you list: "Strong physical protection in a liberal country as regards human rights" If you build according to that model, then you are doing your adversaries the favor of constructing a single, centralized, easily-identifiable, fixed target for them to aim at. I don't think that's a good architecture, regardless of what you install in it. So if you really want serious thinking applied to this at the architectural, design, and implementation levels, then we probably need to see some kind of documentation that goes into what you're trying to accomplish along with some assessment of the capabilities of your adversaries. How large an operation is this? How global (or not)? What's your hardware/software budget? What functions are you trying to provide? We also probably need to know what your assets are: what are your personnel resources? What's your training budget? And so on. You may also need to recognize that you're not up to this. Could be. Can't tell. But it's certainly possible. I've seen many people try to build things that they really, truly weren't capable of building, with disastrous results. If that's the case, then it would be a poor choice indeed to proceed without serious reconsideration. ---rsk -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
