|  Home  |  News  |  Products  |  Download  |  Support  |  Get rewarded  | 
News
Mailing list

Fortress Linux News


20th of May 2010:

After months of bug-hunting Linux (core) software together with the responsible Linux developers, I present to you the first glimps of the pre-Alpha Fortress Linux Operating System.

This basic version of the Fortress Linux Operating System has a large collection of the most used Linux software and a basic collection of security tools. All directly build from the source tarballs.

These screenshots are taken of the new Fortress Linux Operating System, installed on a single LUKS AES-256 encrypted root partition which in turn is divided into seven LVM partitions:
(double-click to enlarge)

Screenshot 1 Screenshot the XFCE desktop which includes office applications, a CD/DVD writer, multiple multimedia applications, a PDF reader, a browser, an email client, a filesharing application, image manipulation tools, network tools etc.


Screenshot 2 On this screenshot you see the network manager WICD, the Windows game "Risen" under Wine, the advanced firewall "Fortress Wall" and the Icecat webbrowser (rebranded version of Firefox) which is playing music from youtube.



Though it all looks very complete, much remains to be done before the first Alpha version can be released to the public:

* Not every Linux developer is willing to fix the errors in their software and I want to replace their software with better alternatives since I do not have the time to maintain so many software "forks"
* Convert the confusing and slow Sys V init style to the fast BSD init style
* Adjust the sources and configurations for minimal memory and disk usage
* Adjust the sources and configurations to speed up booting time
* Convert the raw sources into Slackbuild packages which are a lot easier in use and better to understand then the deb and rpm package management systems that I used before
* Create a new installer with LUKS encryption and LVM support
* Create, adjust and check scripts


Sometimes I wished that the other two lead-developers didn't left the project a year ago. The Alpha version would be finished long ago if that was not the case. Maybe I will find sponsors or generate enough money in the future to work on Fortress Linux fulltime. Who knows?


And as usual, I have some new ideas for the future releases of Fortress Linux like:

* adding Small Fortress Linux to the normal Fortress Linux OS so it can be used as very fast starting alternative if you only want to check your email or browse the web. It will be a bit similiar to a Splashtop motherboard (See http://www.splashtop.com/how_splashtop_works.php for more information)
* adding the possibility to pre-configure your installation online and auto-install it on your computer afterwards.
* auto-install multiple systems at the same time by using the installation profile that is stored under you Fortress Linux account.



The new Fortress Linux server:

By experimenting on the new non-FL VPS host with a read-only kernel, I was finally able to install a modified Fortress Linux pre-Alpha version on the VPS. The new VPS is now up and running and is secured as far as possible. A default LAMP configuration was too sluggish and too insecure to host the new Fortress Linux website. That is why I am also experimenting with a very unusual webserver setup. The other services I mentioned earlier, will be avaliable after the first or second Alpha release.

There was some delay caused by a botnet that was constantly trying to DDoS the new Fortress Linux VPS and the old Fortress Linux website. I was able to block, deflect and destroy this botnet and track down the scriptkiddie that was responsible for this mess. Just when I thought I had it all under control... Now there is another botnet constantly attacking the routers and nameservers of my current hosting, VPS and domain provider which are not under my control. And the providers refuse to listen to my advise or they just deny the whole problem, causing the new Fortress Linux websites en server to be unreachable sometimes. Good quality is hard to find these days.

Dedicated servers and dedicated network is the only option to get rid of all these annoying hosting companies and their junk, but that is too expensive at the moment. So I want to start Fortress Linux VPS hosting facilities in the future in order to pay for a dedicated network and dedicated servers.


The new Fortress Linux Website:

The build of the new Fortress Linux website is more then half-way finished, but is delayed by flaws and found exploits in some of the Drupal contributed modules which are used on the website.

You can get an impression of the new website at www.fortresslinux DOT nl where you will find a members area, forum, FAQ, chatbox, email form, mailing list, pdf converter, send-a-friend function etc. This new website has about 90 functions and security features in total.

Only the front page is accessible because of a faulty server at my webhosting provider. This is actualy a good thing because their current Plesk based shared hosting server is so insecure and unstable that I even do not dare to host the new website primarily on their servers. The same thing goes for the shared hosting server at www.fortresslinux.org. Luckily the old website is a static HTML website.



If you are interested in joining the development team, you will get early access to all the new Fortress Linux versions and a free VPN acount.

Not so certain about the security of your system? I am offering security consultancy for a very small price. Even for Microsoft products. Please contact me for more information.


Kind regards,

Palatinux


26th of February 2010:

Researching software and keeping your knowledge up-to-date is an important aspect of getting a perfect and secure Fortress Linux operating system. So, I have done extra research and testing last year and the following software will be used in the new Fortress Linux:


- GRSecurity.

GRSecurity has more features, is more secure, easier to use and is better maintained then SELinux and AppArmour. There are several known exploits in SELinux and AppArmour. You can find some SE-Linux exploits here:

http://www.youtube.com/user/spendergrsec


- Cryptsetup, loop-AES with AES-256 (Rijndael) and Serpent encryption ciphers.

These are considered as the best after testing and studying several types of encryption software, ciphers and their algorithms.

The Serpent cipher is more secure then AES but it is about seven to ten times slower. AES still offers a very high security level and is considered safe enough for all purposes.

You will also be able to choose for double encryption to prevent watermarking attacks or to increase the security level. Remember that extreme encryption will have a negative affect on your system performance.

I am still working on a solution to "fix" the only missing feature in cryptsetup: Hidden containers to provide deniable encryption. In simple terms: You cannot see if the drive is encrypted or not.


5th of February 2010:

The upcomming ACTA Convention with it's data retention and controversial "three-strikes-you're-out" law are forming a serious threat to the security, privacy and freedom of civilians and companies.

Data retention means that online phone calls, emails and Internet activities of every man will be stored for at least six months, placing legal duties on Internet companies to store everyone's private information, including email traffic and Internet browsing histories.

Besides the fact that this information can be used against you in the upcoming "three-strikes-you're-out" law; What is done with this confidential information? And who has access to all this information? We will never know.... All we know is that Big Brother has arrived and he forgot to close the door behind him...

Take a look at this what will happen next. That article is a very good example of very poor implemented security policies and careless user behavior. Securing your data and privacy just does not stop at your computer or local network; You also need a good security and privacy solution on the Internet.

I have done a lot of research on this subject together with some other security experts and privacy organizations and I have decided to change the Fortress Linux development priorities and tactics:

The current Fortress Linux Website and the Fortress Linux distribution will be redesigned, upgraded and tested to use the following secured services on our new server:

- Encrypted online data storage
- A secure and anonymous proxy for HTTP, HTTPS, FTP connections equipped with an anti-virus scanner
- Secure SIP / Voip / Skype telephone calls
- Secure email / web-mail services equipped with a spam killer
- A TOR server
- An extra firewall
- A secure private Fortress Linux Community network to share information and data securely among (a group of) of other FL users.

These services will be available to all our users by setting up a secure connection from your computer to the secured FL server. All your data and communication from, to and across the server is secured, no private information will be logged and your Internet activities cannot be traced back to you when you keep the default security settings of Fortress Linux.

When this is all finished, I will give the mail list subscribers the opportunity to be the first ones to test the the Fortress Linux distribution and the new services if their willing to fill in an anonymous survey afterwards. This information will be used to improve Fortress Linux or to fix found bugs.

And when this is done, I will release Fortress Linux to the public.

Note: I will not release any software without any research or proper testing. This could harm the user experience and the high level of security, stability and quality of Fortress Linux. Although bugs are not completely unavoidable.

Please understand that my spare time is limited and I had spent too much time in the past into fixing and reporting bug/exploits found in the Linux kernel and other (core) Linux programs which are used in Fortress Linux.

Anyway, I am always open for any good suggestions and you can always join the Fortress Linux team of security and freedom if you have any spare time left and if you have some knowledge of:

- Linux server and hosting skills (LAMP)
- Linux security (Iptables, grsecurity, PAX, aide, tripwire, Bastille, cryptsetup etc.)
- The Linux kernel
- BASH scripting
- BootP / netboot
- TOR
- Busybox
- Squid / ClamAV
- Asterix / Openser / OpenSis
- OpenVPN
- Qmail / Postfix / Squirrel Mail / Spamassasin
- Perl
- Drupal
- PHP
- Voip
- Web Designing
- Marketing
- Or when you are a native English speaker/writer
- etc.


I am working about four to six hours a day on Fortress Linux next to my normal job. I try to do everthing as fast as possible, but any extra pair of hands can help.