A UK company is using a six-figure sum from the UK government to develop a secure Linux-based desktop operating system.
Netproject announced on Tuesday that the Department of Trade and Industry had contributed £132,000 to its Secure Open Source Desktop programme. An equal sum has been provided by members of netproject's Incubator Club — a group of companies and government organisations who want to investigate open source options privately, without attracting the attention of major software vendors.
Eddie Bleasdale, director of netproject, said that the Secure Open Source Desktop was suitable for organisations that want guaranteed trusted computing through a centrally managed system.
PCs running the Secure Open Source Desktop application cannot be modified by their users. Each has a common software image that is downloaded when the client is first connected to the network. All later software updates are managed remotely, and user data is kept on central servers rather than being stored on individual PCs.
"This approach allows a large number of Linux computers to be managed centrally by a small support team. This, together with the reliability and security of Linux, can enable the total cost of deploying and managing Linux desktop computers to be below 25 percent of equivalent Microsoft desktop computers," claimed netproject.
The government's grant is being used to develop software tools for the Secure Open Source Desktop, to make it more commercially attractive.
As ZDNet UK reported last year, the Incubator Club was launched after companies who considered moving to open source were allegedly offered tempting incentives by Microsoft to make them stay with their existing systems.
Talkback
Easy. Don't use Intel. Mount all writeable partitions noexec and all partitions with executables read-only. Use a restricted shell by default and run KDE (or fluxbox) in kiosk mode. Maintenance is done using sudo, and if necessary calling a non-restricted shell or temporarily re-mounting the partitions with new options. Some compact flash units even have a hardware based r/w switch - use that.
If the CPU is sufficiently powerful, then you can also encrypt directories or partitions.
For kiosks, make sure the user is not the owner of their home directory or key configuration files.
Nicely done, although I would also add 'tie the user up and lock them in a small tea chest'.