On Wed, 02 Nov 2016 09:09:14 +0000 "Ian Henderson" <ian.henderson@hushmail.com> allegedly wrote:

I am new to Linux.

Hi Ian This reply is a bit late, but OK - I'll bite. This is intriguing.

I'm porting over to Ubuntu 16.04 LTS with the Unity desktop from Windows 10. I want to keep things as simple (and hopefully therefore as reliable) as possible, for home/office critical use. I also wantq to stick to the main and universe repositories.

That I understand. Windows 10 is an abomination and if you are new to linux then picking a popular mainstream distro such as Ubuntu makes sense.

Because prices were much lower for Linux-compatible laptops than with Win 10 installed, I can afford two. I plan to divide them into one for critical offline-only use, and the other for universal online use. I will air-gap the two. But it also means that I need to complete the final build of the offline air-gapped laptop ahead of porting data, after which it will not go online again (unless for a wipe and rebuild).

Laptops without Windows aren't /that/ much cheaper in my experience, but hey, if you can afford two, go ahead. Here though you begin to lose me. Why exactly do you want a laptop which will never go on-line after the initial build? What is your threat model? (By that I mean, what are you worried about, what are you trying to protect against, and why?) How are you going to install an up to date Ubuntu 16.04 (or 16.10 now) without going on-line for all the latest updates at build? Similarly, how are you going to install additional software without going on-line? And if you go on-line for the build, what exactly is the point of staying off-line thereafter (and thus failing to get security updates)? Are you intending to use the "sacrificial" on-line laptop to build your ideal distro and then use that to create an installation set for the off-line laptop? It can be done, but it's trickier than just installing direct to the "off-line" laptop in the first place. If you are worried that your "off-line" laptop may be compromised in some way (by "bad guys" where the definition of "bad guys" depends on your threat model) how can you be sure that it won't already have been compromised before you start the build (it's possible) or by introduction of some compromised software ported from the "on-line" machine? Malware jumps air gaps via USB sticks, CDs, DVDs etc. And that all assumes that your off-line laptop actually stays off-line anyway - you would need to physically disable the wifi chip to be sure, and even then if your threat model includes one or more of the so called three letter (or four over here) agencies you could not be certain that the damned thing stayed off-line (and if your threat model /does/ include the TLAs, then you are very probably toast already. :-) )

For the offline-only laptop, I am looking at the following range of apps. Could I ask that you check my ideas, and offer suggestions and advice, please.:-

1) An office-like suite, for which I will be using LibreOffice, which is installed by default.

LibreOffice is fine.

2) I need a whole-directory and free space overwriting utility, as well as the means to securely delete individual files. My understanding is that shred and wipe are available by default. I am looking at bleachbit for the whole-directory and free space wiping.

File wipers like shred are a bit problematic with modern journalling filesystems - see the discussion at https://linux.die.net/man/1/wipe for example. Personally I assume that /any/ data I have written to disk can be recovered at some time in the future. I therefore tend to physically destroy any disks I have used which may contain sensitive data before disposing of them.

But the software centre says "sudo" for this app: does that mean it has elevated privileges and is this a bad idea?

sudo (or su depending on your distro) is needed for any program which needs privileges higher than the user you are currently logged in as (unless of course that program is setuid to the higher privilege - but that's a different packet of cornflakes). So, yes, it means privilege elveation and yes, that can be risky - depending on your threat model. OTOH, sudo does limit that privilege escalation to execution of the one command before returning you to normal user pvilege. You pays your money and takes your chance.

3) GtkHash for SHA256 etc. cryptographic hashes, primarily to verify backups.

I'm not sure what you are asking here. Do you simply want to make hashes of backed up files so that you can verify them later?

4) Can anyone suggest an archiving utility which also verifies the files within the archive (I can then hash the archive file backup)? Archiving does not necessarily have to include compression. Are any installed by default?

Again, I'm not entirely sure what you are asking for here. There are lots of archiving tools (I like tar, but zip is also fine) in linux (or unix/bsd whatever). You could simply create tar archives, read the archive back for checking, list the files archived to a text file to be stored alongside the archive and then create and store hashes of the archives. But again I'm not sure what you are worried about and what you are trying to prevent. Sure a "bad guy" could attack and modify your archives (or they could simply fall to bit rot) but how likely is that and is it not sufficient to simply store multiple backup copies of the file archives you really care about?

5) GnuPG. I understand that this is installed by default? Am I correct that I can encrypt with password files if transferring on FAT32 USB or CD/DVD with this? Is it GUI?

GPG is installed in most distros (I think) and even if it isn't, it is prett easy to do so. You can use GPG to encypt (and sign) files. See https://www.gnupg.org/gph/en/manual/x110.html for advice. There are other ways of achieving the same goal though (such as the file archiver zip which allows you to specify a password to be used in encryption of the archive). Any linux file (encrypted or not) can be stored on a FAT32 file system, on a USB or a CD. The file storage medium doesn't care much about the file format.

6) CD/DVD burning, including both copying using a single optical drive, ordinary file burning and creating bootable CD/DVD from ISO images. I'm looking at Brasero for this.

I use K3b, but brasero is fine.

Can anyone suggest any other apps I should include ahead of locking off the build?

Not without fully understanding what it is you are trying to achieve. :-)

I'm also assuming that the default 16.04 LTS supports formatting USB sticks to ext4, including encryption?

Yes. But again here I'm not sure what you mean with the second part of the question. Once the USB disk is formatted, you can store any file type (including encrypted files) you like on it. Of course you could use something like veracrypt to create an encrypted virtual file system on the device or use LUKS with dm-crypt.

Also, anyone any thoughts on using live-CD version of Ubuntu for online banking (in case the online unit got owned)?

You could do that. You could also use any other live CD/USB stick. For good protection (and anonymity) I'd suggest you look at "tails" - see https://tails.boum.org/. Be very careful here though. If you use tails for general anonymous access to the net, do NOT use that same mechanism to access your bank or any other system which links to your real identity. Doing so will compromise your anonymity. Personally I use a clean installation of a distro in a virtualbox container when I want to do on-line banking. And I only use that virtualised installation for banking and nothing else. That means that the browser I use has never (ahem!) been exposed to any other sites which might be malicious. For my general anonymous net access I use whonix (https://www.whonix.org/) in a separate VM.

Please remember that I am a complete newbie to Linux. So please remember if you start talking about OpenWTF 0.666.1066 I will have no idea what you're talking about! Not for some months yet, anyway. :)

If you really /are/ a complete newbie then I respectfully suggest that you may simply end up shooting yourself in both feet if you try to make your life unnecessarily complex without thinking carefully about what you are trying to do. That includes careful consideration of your particular threat model. But that would be the case even if you were to continue to use windows.

(C) Copyright 2016 by Ian Henderson. All rights reserved. Do not pass on my email address without my prior written consent (if emailing multiple recipients at the same time, use the BCC field in place of the To field).

Ummm. I hate to point out the obvious here, but the very fact that you have posted this question to a public mailing list means that your email address has been "passed on". Oh, and hushmail is not a good privacy respecting email provider. See https://www.wired.com/2007/11/encrypted-e-mai/ Cheers Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------