You are not logged in.

Announcement

The old forums are still available here! (read-only)

#26 2016-10-06 01:36:39

truscellino
Member
From: Bristol, UK
Registered: 2014-02-11
Posts: 120
Posts: 120
Thanks: 12

Re: The Semplice 8 development thread

Ah, nice! Agree with all comments, there is a vision behind semplice, and 7 years of achievements - happy days if this goes on towards v8!

And atmosphere has always been lovely in the forums with Semplice. Not always the case...

Offline

#27 2016-10-06 15:42:16

Yquux
Member
From: France
Registered: 2015-06-07
Posts: 57
Posts: 57
Thanks: 2

Re: The Semplice 8 development thread

Hello !
Great to read news about Semplice ! Thanks for your work - indeed this is something good - we'll wait for Semplice 8 - take care,

Yquux

Offline

#28 2016-10-06 23:45:38

g7
Drink Drank Drunk
From: Fabrica di Roma, Italy
Registered: 1970-01-01
Posts: 2,657
Posts: 2,657
Thanks: 165
Website

Re: The Semplice 8 development thread

Thank you everyone for the kind words smile You all rock!


Eugenio


Releasing happiness. Blame me on twitter!
Like what I do? Buy me a beer! EUR, USD

Offline

#29 2016-11-26 20:22:33

ungarida
Member
Registered: 2015-06-02
Posts: 4
Posts: 4
Thanks: 0

Re: The Semplice 8 development thread

Super happy to read this news!

Offline

#30 2016-12-10 18:29:59

g7
Drink Drank Drunk
From: Fabrica di Roma, Italy
Registered: 1970-01-01
Posts: 2,657
Posts: 2,657
Thanks: 165
Website

Re: The Semplice 8 development thread

So December is here and I plan to finally restart working to Semplice this month (still have a couple of errands to run next week though).

So let's restart discussing development-related things...


Semplice is currently pretty ""lax"" regarding security of the installed system, on par with most desktop GNU/Linux distributions.

Semplice 5 introduced partition encryption support, but that's useful only for costraining physical attacks on a shut-down machine.

For the rest, it has been up to the end user configuring the system based on the their security requirements (note: I personally consider secure enough the default configuration for home users, given though that everyting is under NAT, which is the case most of time).

I'd like, starting with Semplice 8, to ramp up on security on the default installation.

To start up, I'd like to:

- Disable password authentication on SSH by default
- Expose in the UI a way to change the default SSH port (22) to another one
- Bundling a tool to configure the internal firewall (ufw + gufw probably)

I'm thinking of a dedicated section in the Control Center that will be dedicated to all things Security.
This will also mean a graphical interface to import SSH keys and manage the known hosts.

The idea is also to provide some security settings during the installation.

On a related note, I'm also thinking about simplyfing the management of CA certificates.
Due to the whole StartCom and WoSign thing, I had to remove the trust on their certificates and that was a bit depressing as that meant

1) Removing the certificate from the global database
2) Removing the trust from Firefox
3) Removing the trust from Icedove/Thunderbird
4) Removing the trust from Chromium

...and that on multiple machines.

I'd like to unify everything when possible in a nice UI so that when the next sad chapter in the history of CAs happen it will be at least a breeze taking countermeasures.

What are your thoughts on that? I'm also thinking about a switch to distrust government certificates right during installation.

Is there something else regarding this field you'd like to see in the next Semplice releases?


Thanks,
Eugenio


Releasing happiness. Blame me on twitter!
Like what I do? Buy me a beer! EUR, USD

Offline

#31 2016-12-11 22:19:11

DeepDayze
Member
From: USA
Registered: 2011-06-27
Posts: 341
Posts: 341
Thanks: 23

Re: The Semplice 8 development thread

A reasonably secure setup right out of the box on a fresh install is a good idea and giving users control over the security options should be in Semplice 8 and going forward. Maybe a tool for assessing and managing the security of existing setups too.

There's a lot of CVE's out there that affect Linux and not just Windows and Mac.

Last edited by DeepDayze (2016-12-11 22:20:23)


Real Men use Linux

Offline

#32 2016-12-12 03:48:31

truscellino
Member
From: Bristol, UK
Registered: 2014-02-11
Posts: 120
Posts: 120
Thanks: 12

Re: The Semplice 8 development thread

Hi all,
We are not talking servers but desktop usage, so I think Eugenio's suggestions make sense.
I don't have enough experience with Certificates to comment... but managing SSH keys sounds like a brilliant idea, as it's too complicated for most users.

Firewall is an important one I reckon, particularly for laptop users that often use poorly controlled wifi systems in public spaces... a tool that seems promising is DOUANE  http://douaneapp.com/ - uses netfilter and GTK3/python, so well up Semplice's street. But requires some user inputs each time an application tries to establish a connection... but then gufw is not needed.

When connecting to a new network, MS Windows asks the user if this is work/personal/public... this makes sense as in a public network, some services should be deactivated, like file sharing (SMB, NFS...), and firewall must be activated... something similar in Semplice would be useful, although it would require messing around Network Manager, not necessarily a great idea?

Also, I wonder if PACManager (Perl/GTK) covers some of the functionalities?
https://github.com/perseo22/pacmanager

Marc

Last edited by truscellino (2016-12-12 03:50:04)

Offline

#33 2016-12-12 05:05:24

DeepDayze
Member
From: USA
Registered: 2011-06-27
Posts: 341
Posts: 341
Thanks: 23

Re: The Semplice 8 development thread

Debian is quite good at managing certificates in the ca-certificates package as when there are major updates to the certificates an update is pushed out where certificates are added/modified/removed. Managing certificates  via a user-friendly tool would be a welcome idea as users can add/remove personal and other certificates (such as VPN certificates).


Real Men use Linux

Offline

#34 2017-02-10 19:59:16

riesermauf
Member
From: Austria
Registered: 2015-07-27
Posts: 81
Posts: 81
Thanks: 2

Re: The Semplice 8 development thread

Hallo

two month later, what's going on with Semplice 8.

Greetings

Last edited by riesermauf (2017-05-04 19:40:30)

Offline

#35 2017-03-10 13:18:20

riesermauf
Member
From: Austria
Registered: 2015-07-27
Posts: 81
Posts: 81
Thanks: 2

Re: The Semplice 8 development thread

Hallo

one month later, only post from spamer no post from Eugenio, is Semplice dead ???

Greetings

Offline

#36 2017-03-11 04:06:54

DeepDayze
Member
From: USA
Registered: 2011-06-27
Posts: 341
Posts: 341
Thanks: 23

Re: The Semplice 8 development thread

You OK Eugenio?


Real Men use Linux

Offline

#37 2017-03-11 08:39:45

Maro
Member
From: Warsaw Metropolit Area, Poland
Registered: 2013-03-07
Posts: 395
Posts: 395
Thanks: 6
Website

Re: The Semplice 8 development thread

try twitter instead. think Eugenio is active there.

cheers,


I ride my bike

Offline

#38 2017-03-13 17:33:49

riesermauf
Member
From: Austria
Registered: 2015-07-27
Posts: 81
Posts: 81
Thanks: 2

Re: The Semplice 8 development thread

Why not here ???

Greetings

Offline

#39 2017-05-16 20:48:54

riesermauf
Member
From: Austria
Registered: 2015-07-27
Posts: 81
Posts: 81
Thanks: 2

Re: The Semplice 8 development thread

Hallo Eugenio

I hope you are well, I think the community is waiting for a answer.

Offline

Board footer

Powered by FluxBB