Field OS
Categories: Hacking
Following on from yesterday’s post, it’s probably worth thinking about sanitising more than my phone. I’m getting quite tired of travelling with 2 laptops - one for work, one for personal. Sometimes I travel with 3 - work, personal and restricted site (specific softwre/hardware requirements depending on the… sensitivity of where I am). Carrying that many machines gets annoying.
I also get a little stressed taking my personal laptop through customs in some of the countries I go to. There exists a worry that the more extreme states like the UK won’t take kindly to “Asylum for Snowden”, Anti GCHQ stickers and other hacker-related nonsense. Mixed with my regular browsing habits, who I talk to, and the media collection on my laptop, I’m happier if it doesn’t come to the Middle East.
I don’t want to do all my normal browsing on my work laptop too - I don’t really know what my employer has installed on there. Our IT policies are changing with no transparency as of late, so I don’t think it’s unreasonable to belive that there could be a keylogger or VNC-type-software silently broadcasting what I’m up to.
With that in mind, I’m travelling with a USB3 San Disk Ultra Fit model memory stick. Instead of doing the normal trick of flashing a live linux distribution’s .iso and a persistant partition on it, I’ve used it as my install target for Debian. It’s small enough to live in a USB port and get forgotten about. If it’s formatted with a filesystem Windows doesn’t recognise, it’s pretty easy to imagine a situation where it gets reformatted by someone who finds it too. Mix in a little bit of encryption and I have a burnable, lose-able system - it’s all good.
My work machine is windows and I only had this bright idea in-country, so I had to work out the best way of doing this from Windows. After some thoughts, it turns out it shouldn’t be difficult.
The process was pretty simple:
- Create Virtualbox VM with Debian netinst iso as live image
- Making a virtual hard drive is optional. If you do, your USB device will be /dev/sdb. If you don’t, it’ll be /dev/sda.
- Bind USB3 device to Debian VM.
- It’s worth knowing that to get good performance you need the virtualbox extensions pack, under their personal use evaluation license.
- Fire up VM, run Debian installer.
- I chose to have no swap space
- I chose to have a single system partition marked bootable
- I chose to have a KDE desktop as all my usual machines are quite capable and I absolutely adore the current KDE Software Compilation 5.
I chose to make my drive ext4 - journalling might come in handy at some point, or it might just cause me further issues. Suggestions for other filesystems are welcome, it’s an area I’ve never explored really.
On first boot it didn’t work. I restarted the VM and went into recovery mode - turns out I hadn’t done my bootloader properly. I installed grub on /dev/sdb and it was fine. Booted happily.
My first observations on this sytem is that it’s noticably speedy - I don’t know what my IO figures are supposed to be like, but I’m happier in this than I am using the windows install on the main system. It takes maybe 15 seconds from power on to get the desktop, compared to the 5+ minutes on the Windows side. USB technology appears to have come on some from when I last ran an OS from a memory stick.
I only had to install one non-free piece of firmware to get this working,
firmware-iwlwifi
. That was quick and painless - I used my phone to download it
and MTP transferred the file first time, no questions asked. (Thanks, KDE; ThaDE).
KDE’s Network manager integration has made connecting to my openvpn server a doddle - no fussing about as root or having terminals running in the background, and it imported my client.ovpn config that the server gave me easily enough. Yes, I am a wimp and I do run openvpn access server.
I’m a little curious as to how much of my day-to-day workflow I can achieve in this system - the biggest hurdles I need to work out are connecting to our cisco corporate VPN while I’m out the office and connecting to our in-house shared drives while I’m in the office. Oh yeah, nominally Lync too, but fuck Lync.
The dayjob mixed with linux would make me happier, I think.
Tags: Hacking Debian USB Install