DoD offers up tiny, secure Linux distro

I've tested LPS in the past. Their primary goal is to provide access to your "enclave" (remote access services offered by your command) while leaving no trace on the local machine. So you could be staying at the Omni Hotel in Belgrad and still check your command email from their business center.<p>As a practical matter, it verges on completely useless for any serious business. Note the screenshots don't include evidence of Citrix running, or even a web browser. There's no package management. You couldn't install it if you wanted to. As I recall, I never got networking up. That was a snapshot release from ... March, I believe.<p>I'm glad to see someone in US government working on desktop Linux. I would love to say goodbye to Windows XP. That said, for the advertized purpose, I've found an Ubuntu thumbdrive much more practical.

The article doesn't specify what distinguishes this from a regular liveCD Linux distro. My guess is that the DoD has hardened the included kernel (possibly included SELinux) and curated the included packages for security, but article doesn't say. It also doesn't specify what if any special configurations it has made to the standard included packages to make this more secure.

I'm really curious to know what this was originally designed for.<p>It has consumer-friendly "Windows XP" style UX and the user it logs into isn't root/sudo.<p>This all leads me to conclude the original purpose of this tool was for "normal people" to use, and so I'm left wondering whether it was for agents or informants to be able to communicate back to the mothership securely.<p>If this was for security personnel or those performing forensics on evidence, there wouldn't be cutesy UX and it would be logged in to root. If this was for 'rank and file' staff in CIA/FBI offices, they wouldn't need a portable distro.

"Running it from a CD means there is absolutely no way the OS can be compromised..."<p>... except if the underlying hardware is compromised.

In case you are interested in the actual distribution, it seems to be here:<p><a href="http://www.spi.dod.mil/lipose.htm" rel="nofollow">http://www.spi.dod.mil/lipose.htm</a><p>but the server looks busy.

There's a bunch of icons on the desktop that look directly cribbed from Windows (show desktop, command prompt, documentation), are those legit?

The spi.dod.mil server is clearly overloaded and downloading this is difficult.<p>Can anyone who's downloaded this give us an MD5 hash on the files as I'm going to try to download this from a mirror <i>(why the DoD hasn't published an official MD5 for these I don't know)</i>

How is this any different than Knoppix with scratch turned off?

Why not just offer a set of patches? It's a lot of work to create and maintain a distro.<p>Or the DoD could always go back to helping OpenBSD :)

Back door, anyone?

Like the concept but kind of sketches me out that they're that good at running systems in RAM after reading about how stuxnet does exactly that. Take a little give a little I guess

Why not Chrome