Compare commits
4 Commits
121a42980e
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| d4380972a9 | |||
| 88642c22c8 | |||
| 6d4f7269af | |||
|
71ab12a202 |
45
index.html
45
index.html
@@ -82,6 +82,7 @@ pre.ascii-art {
|
||||
<button id="tab-home" class="active">Home</button>
|
||||
<button id="tab-git">User Repository</button>
|
||||
<button id="tab-wiki">Wiki</button>
|
||||
<button id="tab-about">About</button>
|
||||
</nav>
|
||||
<div id="terminal">
|
||||
<pre class=ascii-art>
|
||||
@@ -105,7 +106,7 @@ pre.ascii-art {
|
||||
<p><span class="prompt">➜</span> <span class="cmd">~/coming-soon</span></p>
|
||||
<p>Welcome to <strong>Miasma OS</strong> - An immutable, security first, Arch based distribution. Designed to be secure by default but modern and user friendly.</p>
|
||||
<p><strong>Overview:</strong></p>
|
||||
<p>MiasmaOS aims at being a security hardened, immutable Linux distribution built on top of Arch Linux. Whilst this distribution takes inspiration from GrapheneOS, Secureblue, DivestOS, and many others hardened systems, the goal here is to make a hardened distribution that is also modern and easy to use without much configuration. It is an attempt to break the privacy/security paradox where the common belief is that if it is secure and private, it is not user friendly.
|
||||
<p>MiasmaOS aims at being a security hardened, immutable Linux distribution built on top of Arch Linux. Whilst this distribution takes inspiration from GrapheneOS, Secureblue, DivestOS, and many others security focused systems, the goal here is to make a secure distribution that is also modern and easy to use without much configuration. It is an attempt to break the privacy/security paradox where the common belief is that if it is secure and private, it is not user friendly.
|
||||
</p>
|
||||
<p><strong>Security features</strong></p>
|
||||
<ul>
|
||||
@@ -114,16 +115,16 @@ pre.ascii-art {
|
||||
<li> Flatpak app store for installing GUI applications</li>
|
||||
<li> Immutable base, so root files cannot be tampered with</li>
|
||||
<li> Firejail and Apparmor for additional containerization for non Flatpak applications</li>
|
||||
<li> XWayland-Satellite for rather than XWayland for X11 apps (this uses a fake root so X11 can't break containment)</li>
|
||||
<li> Cosmic desktop. Whilst I can acknowledge the Cosmic desktop is still in beta, it is written in Rust (memory safety) and does not contain the amount of unsafe X11 code that other desktop environments like Gnome and KDE Plasma have. Its both a logical choice and good futureproofing.</li>
|
||||
<li> XWayland-Satellite for rather than XWayland. This offers more isolation and better compatibility for X11 appscompatibility for X11 apps.</li>
|
||||
<li> Cosmic desktop. Whilst I can acknowledge the Cosmic desktop is still in beta, it is written in Rust (memory safety) and does not contain the amount of unsafe X11 code that other desktop environments like Gnome and KDE Plasma have. It's both a logical choice and good futureproofing.</li>
|
||||
<li> Opendoas to replace sudo. This distro doesn't completely remove elevated privileges (by default) but it does replace sudo with doas. doas was ported from OpenBSD and has a smaller codebase so it has a smaller attack surface and is easier to maintain.</li>
|
||||
<li> doas has also been limited. If you must run higher privilege commands that are out of scope for doas, please use run0. The distribution does attempt to treat you like an adult, and you can use elevated permissions, but this is made somewhat inconvenient purposely to discourage/minimize it.</li>
|
||||
<li> doas has also been limited. If you must run higher privilege commands that are out of scope for doas, please use run0. Run0 removes set‑uid binaries, creates an isolated execution environment for commands, and uses Polkit to manage permissions. The distribution does attempt to treat you like an adult, and you can use elevated permissions, but this is made somewhat inconvenient purposely to discourage/minimize it.</li>
|
||||
<li> Blacklisted module - copied from Secureblue</li>
|
||||
<li> Brace scripts by DivestOS to add hardened policies to certain applications.</li>
|
||||
<li> Boot and System Integrity:<br>
|
||||
MiasmaOS boots through systemd‑boot with Secure Boot enabled on UEFI firmware. The boot chain is measured with the TPM 2.0, guaranteeing that every component—from the bootloader to the kernel and initramfs—is cryptographically verified before execution.</li>
|
||||
<li> Btrfs root with a dedicated @snapshots subvolume for rollback.</li>
|
||||
<li> Optional LUKS2 encryption (AES‑XTS, 512‑bit key) on install.</li>
|
||||
<li> Optional LUKS2 encryption (AES‑XTS, 256‑bit key) on install.</li>
|
||||
</ul>
|
||||
<p><strong>Additional Features</strong></p>
|
||||
<ul> <li>The default browser is a slightly modified version of Ungoogled-Chromium. Ungoogled-Chromium needs certain flags switched on for full Wayland support, and since avoiding anything X11 is a top priority of this distribution, that needs to be on by default. Additionally the Chromium-Web-Store extension by NeverDecaf comes preinstalled, so users can access their favorite browser extensions. Note that browser extensions can be a big security risk and by default, only a handful of extensions are approved in the modified Brace policy (located at /etc/chromium/policies).
|
||||
@@ -156,6 +157,22 @@ pre.ascii-art {
|
||||
<li><a class="link" href="https://wiki.miasma-ls.com/pages" target="_blank">Pages</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
<div id="content-about" style="display:none;">
|
||||
<p><span class="prompt">➜</span> <span class="cmd">~/about_us</span></p>
|
||||
<p style="color:#ff9e64"><strong>Coming soon - Miasma OS is still in development</strong></p>
|
||||
<p>The inspiration for building Miasma OS is simply that I have done so much hardening to Arch Linux on my desktop, and while all the policies, tools,
|
||||
have made my desktop secure, the usability is still excellent. There is very little tradeoff between security and usability in my configuration.<br>
|
||||
The problem was that I also had to maintain this on other devices such as my laptop. I was wishing that there was a pre-configured desktop that matched all my needs
|
||||
that I could install on a laptop and not have to maintain it with the same time and frequency that I maintain my desktop. I tried other options but did not find anything
|
||||
that checked all the boxes: </p>
|
||||
<ul>
|
||||
<li> Arch based</li>
|
||||
<li> Immutable so I don't have to worry about it</li>
|
||||
<li> Security focused defaults</li>
|
||||
<li> Modern desktop environments and window managers</li></ul>
|
||||
<p>So the goal was personal but I really do think this is something missing despite all the custom isos out there.</p>
|
||||
<p>Miasma OS at the end of the day Arch with a bunch of post install scripts, similar to something like Omarchy, but the philosophy and goal of the project is its distinguishing factor.</p>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
@@ -163,21 +180,27 @@ pre.ascii-art {
|
||||
const tabHome = document.getElementById('tab-home');
|
||||
const tabGit = document.getElementById('tab-git');
|
||||
const tabWiki = document.getElementById('tab-wiki');
|
||||
const tabAbout = document.getElementById('tab-about');
|
||||
const cntHome = document.getElementById('content-home');
|
||||
const cntGit = document.getElementById('content-git');
|
||||
const cntWiki = document.getElementById('content-wiki');
|
||||
const cntAbout = document.getElementById('content-about');
|
||||
|
||||
tabHome.addEventListener('click',()=>{
|
||||
tabHome.classList.add('active'); tabWiki.classList.remove('active'); tabGit.classList.remove('active');
|
||||
cntHome.style.display='block'; cntWiki.style.display='none'; cntGit.style.display='none';
|
||||
tabHome.classList.add('active'); tabWiki.classList.remove('active'); tabGit.classList.remove('active');tabAbout.classList.remove('active');
|
||||
cntHome.style.display='block'; cntWiki.style.display='none'; cntGit.style.display='none';cntAbout.style.display='none';
|
||||
});
|
||||
tabGit.addEventListener('click',()=>{
|
||||
tabGit.classList.add('active'); tabWiki.classList.remove('active');tabHome.classList.remove('active');
|
||||
cntGit.style.display='block'; cntWiki.style.display='none';cntHome.style.display='none';
|
||||
tabGit.classList.add('active'); tabWiki.classList.remove('active');tabHome.classList.remove('active');tabAbout.classList.remove('active');
|
||||
cntGit.style.display='block'; cntWiki.style.display='none';cntHome.style.display='none';cntAbout.style.display='none';
|
||||
});
|
||||
tabWiki.addEventListener('click',()=>{
|
||||
tabWiki.classList.add('active'); tabGit.classList.remove('active');tabHome.classList.remove('active');
|
||||
cntWiki.style.display='block'; cntGit.style.display='none';cntHome.style.display='none';
|
||||
tabWiki.classList.add('active'); tabGit.classList.remove('active');tabHome.classList.remove('active');tabAbout.classList.remove('active');
|
||||
cntWiki.style.display='block'; cntGit.style.display='none';cntHome.style.display='none';cntAbout.style.display='none';
|
||||
});
|
||||
tabAbout.addEventListener('click',()=>{
|
||||
tabAbout.classList.add('active'); tabWiki.classList.remove('active'); tabGit.classList.remove('active');tabHome.classList.remove('active');
|
||||
cntAbout.style.display='block'; cntWiki.style.display='none'; cntGit.style.display='none';cntHome.style.display='none';
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
|
||||
Reference in New Issue
Block a user