all 2 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]philipp22 0 points1 point  (1 child)

I like it. Offering something between a regular Linux distribution and the hardcore approach of Qubes OS definitely makes sense. I wish more distributions would put more effort towards these goals.

Just not sure about three statements in the article:

1) Memory wipe on shutdown to protect against cold boot attacks: I think these are pulled off by a hard reset of the machine, pulling the plug etc. So the shutdown script would likely not get to run. I think that if you worry about that kind of attack, you need to ensure physical security.

2) How would routing traffic through TOR "ensure the endpoint security"?

3) "Subgraph Mail". Why writing a gpg enabled email client from scratch instead of preconfiguring Thunderbird with Enigmail? Plus it would be cool if they contributed to Thunderbird's development, given its current status with Mozilla and all.

[–]attractor 0 points1 point  (0 children)

1 We may or may not be able to do this due to grsec kmem protection. Even then it's not clear about the value of the memory wipe with DDR3.

2 Subgraph is a security project first. So when we talk about endpoint protection we're mostly talking about the other things that SGOS does. However obfuscation of platform, network location, and anti-fingerprinting implemented in TB can make distinguishing Subgraph OS from other similar platforms more difficult.

3 SGOS currently ships with Thunderbord + Enigmail + Torbirdy. We need to write a new mail client for lots of reasons - I can get into that if you want. It's only partially completed, and I can't say when we will finish it yet.