little snitch seems to be the correct approach. almost every compromise that isn’t target will attempt odd looking network connections.
we need more little snitch like things, including for filesystem access.
we also need the ability to run little snitch in paranoid mode, where the approvals happen on a separate device, sign each message with a key not on the primary device, and the validation is baked deeply and irrevocably into the kernel. smartphone face up on desk left of keyboard would work well for a second device.
linux lsm seems to work[1], and building the kernel is easy locally[2] or on cloud[3].
hopefully we see more and better use of lsm and custom kernels. we all should want our most trusted public key baked irrevocably into the kernel.
we need more little snitch like things, including for filesystem access.
we also need the ability to run little snitch in paranoid mode, where the approvals happen on a separate device, sign each message with a key not on the primary device, and the validation is baked deeply and irrevocably into the kernel. smartphone face up on desk left of keyboard would work well for a second device.
linux lsm seems to work[1], and building the kernel is easy locally[2] or on cloud[3].
hopefully we see more and better use of lsm and custom kernels. we all should want our most trusted public key baked irrevocably into the kernel.
personalized linux is the next frontier!
1. https://github.com/nathants/mighty-snitch
2. https://github.com/nathants/mighty-snitch/blob/master/kernel...
3. https://github.com/nathants/mighty-snitch/blob/master/kernel...