I've always been fascinated with the idea of having a completely customized, secure...

I first had this idea when I was 9, I'm now pretty much autistic, no trollposting here just truth

Would it be safe to run Windows?

Eventually I want to do something like this. Maybe also put in a BluRay drive, and M-Disc drive.

With windows 10 home these is pretty much the standard settings.
It even detects if you download anything illegally!

I mean it would be offline...

I mean if it's completely offline (at the hardware level) and physically well-protected (so a CIA nigger can't just come up to it and plug in a USB stick with stuxnet 2.0 or whatever) then you could run literally anything.

That's why TempleOS is ring0 only, it has no networking so there's no reason to have any security.

There is no """technology fortress""" which can exist while connected to the Internet.

What you probably want is to have your services / programs isolated in a manner where you absolutely control their communication. The easiest way to achieve this is through LXC or KVM with a VM/slice allocated to each service type and with very limited capabilities. This is pretty easily achievable these days thanks to PCIe passthrough being well supported.

When it comes to hardware, you're extremely limited due to blackbox blobs on-chip. Intel past C2D is a no-go thanks to its shitshow of a management engine. AMD is too, but they've considered open sourcing their ME, so they may be viable in the future.

POWER8/9 is the most paranoia-friendly platform with good performance unless you want to run some ARM or other RISC.

Networking hardware's a bit of a pain, but you can go for something OpenWRT-based I guess? Simple switches past whatever your ISP requires is the ideal there, but some people would want WiFi.

After you've chosen your hardware, unironically install Gentoo.

>fantasize about inventing my own written language with unique characters, create my own ASCII chart to associate the bytes to my new characters, and re-write an OS from scratch using a specially modified keyboard so that the entire set up is only understood by me
>tfw autistic enough to dream about it, but not autistic enough to actually do it

Someone post the pastebin guide on security

>install custom firmware to router
>use GNU/Linux

Bam, enjoy your technology fortress.

This pretty much

>use ganoo linux
>don't update because custom firmware takes too much work to maintain
>get hacked by wild packet knocking on your door
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8890
How can GANOOfaggots even live with themselves?

>What is embedded hardware design
>Do you even solder

>Kernel Version 4.9.20
Post IP

build a fab in your garage

probably this.

Impossible to achieve, since at hardware level all processors ( ARN, Intel and AMD) have backdoors like ARK in Intel procs. Even ARMs have some similar thing. You should build a custom processor with MIPS or something like it to have total control on what's going on in your hardware, otherwise there will never be a "technology fortess". You can harden your OS as much as you can and it would be useless.

CIA niggers can still get into an airgapped system, it just takes more effort.

IP

Qubes OS?

comfy. Give me that wallpaper right now or this bird stabs you

Why? Do you want to root me with some Android exploit?

>KDE
u use klipper actions?

Here, its KDE default wallpaper.

I literally just started using KDE two days ago after seeing some good things posted here so I don't really know all the features.

thanks, I can recommend icon only taskbars

I literally just started using KDE
pastebin.com/mg4B4Vf8

Looks pretty cool, thanks.

wanna moar?

ty

Ohms law

Offline.

You can only be truly secure if you're offline.

pastebin.com/5XfDX4wL

Are these new pictures of Elliot? The new season isn't until October, no?

>MAGA
What a cuck

>implying you don't jerk off to that shit because you saw someone else do it

>pastebin.com/5XfDX4wL

Already obsolete guide as Grsecurity is no longer available, and it's replacement KSPP is a joke that just introduces more bugs than it secures.

My favorite operating systems for these kinds of things is OpenBSD running on a physical separate device as Firewall/DNS/router, it's just too easy to use and maintain and is 'secure by default' out of the box so there's no building your own kernels or anything and having to enable protections. Go on libgen.io and get the latest Book of PF

The main box running GuixSD because you can control the entire thing in emacs and do reproducible deployments/builds to guarantee your server software hasn't changed. There's many more benefits, like a virtual environment for programming that automatically separates and contains all your dependencies. 'Guix environment guile emacs' and you're set to write your scheme based adtech malware or w/e.

For reading any pdfs, or emails that are likely to contain nasty targeted attacks (you are a sysadmin for some Euro Telecom (nsa attack), you are selling haxx0r tools (rival attack), you are a North Korean defector ect, I would use SubgraphOS running in a VM on GuixSD. It is heavily sandboxed and I believe they have paid access to grsecurity patches and even if they don't the people running it are competent enough to port pax/grsec to their project (unlike Google, who fucked up KSPP so badly it just introduced dozens more bugs).

I forgot to add, consumer routers are all totally and utterly junk.

If you need some kind of large internal wifi network there's only two real choices, UniFI AP, or Ruckus (which makes a cheaper version called Xclaim xclaimwireless.com/) just make sure you're running end to end VPNs for all your devices from your internal OpenBSD firewall and there's no possible way of wifi 3rd party spying.

There aren't any decent 'open' (none are truly open) wifi boards anywhere to run as an access point (AP) due to FCC req and piles of patents but there is this openbsd.org/faq/faq6.html#Wireless

>Currently updating to 4.11.1
Thanks for showing me that my actions aren't just for the lulz, user.

RSBAC may be a suitable replacement to grsec, it ships with PaX. Interesting comment about GuixSD.

All of those air-gap stories you here about like "researchers use HDD activity light to transfer information" or "researchers use fan-exhaust temperature to steal data" all share something in common: every one of them had access to the air-gapped machine.
Not to mention them being seriously nearby the machine to copy said data.
If you had some funky hacker base, they should never be able to get near it without being extremely noticeable.

Actual legit air-gap machine attacks depend on humans being retarded.
So, don't be a fucking retard and you will be fine.
Transfer data using purely storage media, no fucking electronics allowed.
DVD-RW only. or Blu-ray. No USB discs, no HDDs, no SSDs, fucking nothing.
The discs have no electronics on board that can be hacked to transfer a payload.

I'd not even go near WiFi if you are talking super ultra hacker base. LiFi only.
Having a central node per room and having an adaptor on top of computers to get the signal, done.
Or just run fucking ethernet everywhere. Realistic, well-documented, simple, cheap.
Plus it fits the theme.

Install Gentoo

Many air gap attacks are through microphones/speakers now. Some researches simply used GNU radio to break into an air gapped machine.

If you were really that paranoid you would be running all this in a SCIF with independent power supply that killed every single outside signal making it impossible to penetrate unless you could break/con your way into the SCIF or whoever ran it was retarded and took their phone inside.

Isn't PaX also private now? Pipacs and Spender pretty sure both stopped releasing all test patches, even Hardened Gentoo project no longer has access to Pax/Grsec. From what I know only SubgraphOS is the free project left that has access to Grsec/PaX and they probably pay $200 month for it like everybody else does.

I don't really blame grsec/pax for going full jewish either and demanding money. For like 20 years they've been doing this since the Phrack days and yet nothing has been done by kernel.org, or any major corps funding Linux to secure the kernel whatsoever. This is their way of kickstarting something (KSPP) though Google absolutely fucked that up bigtime.

I live in ultra-liberal NYC surrounded by actual cucks like yourself who get triggered really easily.

They also need to be physical near the machine to even record anything.
Again, if you were some hyper hermit hacker, you'd never be capable of being approached without notice.

Air-gap is mostly a meme.
It relies on already having had access to a machine.
The others rely on some idiot plugging in a USB stick.

You need a mic about 6-12ft from a machine or shine a laser through a window to bypass airgap news.ycombinator.com/item?id=12273512

This is why SCIFs exist because bypassing air gap can even be done from a floor underneath you in a hotel/apt

Things near an air gapped machine
-phone
-tv with mic/cam
-a wifi network you can analyze for movement disruption
-an investigator planting something while you are out buying hohos and nachos