Good morning,
If you care so much about physical penetration of your equipment, why bother with local storage anyway.
There are enough solution out there, which do not need to have a installed system.
As example: Coreboot with etherboot (payload) this combination allows you to load a system with a http server and there is even a so called SafeBootMode with verification of your boot-image. After that you only need an local storage, which could be a ramdisk or an encrypted tmp / swap hard or flash drive.
So there wouldn't be any necessity to obscure your hardware anyhow and all further penetration vectors would need a higher sophistication.
PS: I do agree that PCengines do need more RAM. A version with at least 512MB would be highly appreciated.
Saludos Miguel
On 02.06.12 11:50, Silvan Gebhardt wrote:
Good Morning!
I do have to trust the people I will be hosting it with, there is a reason I do it in switzerland. (Yes, I belive after beeing the nation of money we will be the *data bankers* soon)
@Stanislav: Interesting flag with SSH -A - I will have to read there futher, is this something like PFS with IPSEC? never heard about that flag.
I think we are creating a topic for next swinog here. "Networking for Mobile workers (Mosh) with paranoia"