Most secure linux equivalent to Shadow Defender for live CD-like nonpersistency with no traces left (or traces that are encrypted)

Virtualisation can do reasonably secure nonpersistent drives. Would rather not rely on this alone but also have a host that is nonpersistent too. A live DVD as a host leaves no traces and is physically impossible to permanently infect/own but not very practical to carry around. A live USB flash drive is more practical. Another option is grub2 configured to boot from an ISO image in an internal hard drive.

In Windows there is Shadow Defender that intercepts all writes to disk and makes them nonpersistent by storing deltas instead. The deltas are stored in an encrypted format so in the event of a power-down they cannot be recovered easily. This software is hard to bypass because it uses a driver stub that loads very early in the boot sequence. What can one do in linux that is as securely nonpersistent as Shadow Defender or better?

Is grub2 boot from an ISO image as effective?

Are bootable USB flash drives made with Rufus given any bootable ISO image as effective?

What about fsprotect, is it any better than grub2 boot from an ISO image?

Anything else?

Distros proposed for the host: anything hardened like Pure OS, Astra Linux, Kodachi. Preferably Secure Boot signed.

Which is the most hardened option?

in the lambda calculus with products and sums is $f : [n] \to [n]$ $\beta\eta$ equivalent to $f^{n!}$?

$ \eta$ -reduction is often described as arising from the desire for functions which are point-wise equal to be syntactically equal. In a simply typed calculus with products it is sufficient, but when sums are involved I fail to see how to reduce point-wise equal functions to a common term.

For example, it is easy to verify that any function $ f: (1+1) \to (1+1)$ is point-wise equal to $ \lambda x.f(fx)$ , or more generally $ f$ is point-wise equal to $ f^{n!}$ when $ f: A \to A$ and $ A$ has exactly $ n$ inhabitants. Is it possible to reduce $ f^{n!}$ to $ f$ ? If not, is there an extension of the simply typed calculus which allows this reduction?

Redirect all subdomains from one root, to the equivalent subdomain of another root?

I have foo.com and bar.com

I want sub.foo.com to redirect (not be aliased with) sub.bar.com, same for asdf.foo.com and asdf.bar.com, etc, for all sub domains.

I know I can redirect all subdomains of foo.com to a particular subdomain of bar.com (e.g. sub.foo.com & asdf.foo.com both go to www.bar.com) using a wildcard DNS record, but I am not aware of how to maintain the requested subdomain name and apply it with the redirect.

Is this even possible?

Is arithmetic coding restricted to powers of $2$ in denominator equivalent to Huffman coding?

With restriction to $ \frac{k}{2^n}$ as line segment ends, does arithmetic coding degrade to Huffman coding? As far as I can tell, each symbol will be encoded with an integer amount of bits, which is the same as Huffman coding. However, I’m not sure how to prove that arithmetic coding with this restriction is optimal for integer code lengths.

What goes into proving two complicated programs are equivalent?

Say I wanted to prove that two programs were equivalent (either rigorously if possible, or informally if not). More specifically, say I have something relatively complex such as an HTTP server implemented in C, and one implemented in Node.js/JavaScript. What can I do in terms of saying “these two are effectively the same”? What are my options? What is possible? What is not possible?

It’s been a little while since I’ve looked into proving program equivalence (I’m currently linked to this, but I can’t read it yet haha, and it looks like it’s focusing on extremely simple programs like equality checks or basic loops, whereas I’m asking about a robust HTTP server).

Essentially (I’m imagining) I want to say “these two programs in JS and C do the same thing”. That “do the same thing” is obviously vague, but at the same time it means something specific. Any observable outcome on either system is generally the same, give or take. So it’s like a proof, but without being a perfect proof. It’s like it’s a partial proof or something.

I would like to be able to say of my programs “these two implementations are equivalent for all intents and purposes”. I would probably start by providing measurable guarantees or observations about performance and input/output behavior, and then write some tests, and … I don’t quite remember, somehow make statements about the system. Or should I just be thinking that “a functioning HTTP server in either language is an AXIOM“. That would simplify it 🙂 Just assume it does the same thing as one another. But that’s sidestepping it feels like.

Wondering what are my options here? How far can I take this in theory? I am not concerned with how long this would take to implement or define, if it takes years, fine. I just would like to know what is possible in terms of making the statement “these two programs in C and JS are equivalent” more rigorous and nailed down. What techniques/theories/research-directions could I look into to make it possible?

Right now I am just assuming they are equal implicitly, allowing my code to call either the C function or the JS function knowing that the ~overall effect~ is the same (nebulous, I know, don’t know how to pin it down). I would like to apply some math or model checking or program simulation or something to this so that I can make it more solid, if possible 🙂

At the other end of the spectrum is proving that 3 > 2 is equivalent in both C and JS. What am I even supposed to do in this simple case? Making that slightly more complex on it’s way to a full HTTP server, copying a string in C is very different than in JavaScript, but it’s a relatively simple thing. Where do I even begin to prove those “operations” equivalent between the two languages? Or if not “prove”, then just “state” that they are equivalent, with some backup evidence or something, I dunno.

Here is not much, but this diagram is what I’m basically trying to do:

enter image description here

At a broader level, the problem seems to be similar to this…. Say I want to get a medallion. I can either go the store and buy one, or I can 3D print one. Both “algorithms” (going to the store, or 3D printing) are way different from each other, but they are effectively the same. There would be no straightforward way to step-wise prove these are equivalent operationally (from what my imagination provides), but visibly the end result is the same. How would you (even here) state this with rigor?

How does progress fail in system $F_{\omega}$ when types $T_1 \to T_2$ and $T_2 \to T_1$ are equivalent?

Pierce’s TAPL book gives in exercise 30.3.17 the setting where $ T_1 \to T_2 \equiv T_2 \to T_1$ (the function type are assumed to be equivalent). In the solutions, he claims that this assumption breaks the progress property.

It is easy to see that preservation fails. How can progress:

$ \vdash t:T \implies t \text{ is a value } \lor \exists t’. t \to t’$

be wrong in this setting?

Confluence to show equivalent terms have one common reduct

In lemma 30.3.9, Pierce states a confluence property for $ F_{\omega}$ :

$ S \to_* T \land S \to_* U \implies \exists V. T \to_* V \land U \to_* V$

He then states the following proposition:

$ S \leftrightarrow_* T \implies \exists U. S \to_* U \land T \to_* U$

However, he doesn´t use the above property to prove it. I remember this was the case for other books on term rewriting systems that I read. However, to me it looks very simple to prove using the confluence lemma.

From $ S \leftrightarrow_* T$ one has $ S \to_* T$ and $ S \to_* T \to_* S$ thus by confluence $ \exists U. S \to_* U \land T \to_* U$ .

Why is this approach not correct?

Is there an equivalent to the monkey grip feat in d&d 5e?

While I was DMing a D&D 3.5 adventure, one of my players played a character with the monkey grip feat (because he liked the manga Berserk, where the hero has a giant sword). And turned out it was fun.

Now I DM for D&D 5e, and I plan to play with this player again, and he might want to play a similar character.

So here I am with this question: Is there an equivalent to the monkey grip feat in d&d 5e?

Does Juniper have an equivalent of ‘show security pki local-certificate’ for remote certificates?

On a Juniper Firewall, the command show security pki local-certificate will give all sorts of detail for a local certificate. (The sort of certificate you would use to stand up an IKE connection)

My question is, is there an equivalent command for the certificate being used by the remote peer to validate themselves?

Or, is the remote peer’s certificate also considered by Juniper to be a ‘local certificate’, even though it’s for the remote peer?

I can see that there is a command ‘show security ike active-peer’ that can be used to get the security associate details.

And that there’s a command show security ipsec security-associations that gives a lot of details, but not, it appears, the details of the remote certificate (I don’t have access to enough equipment to check for myself, I’m afraid)

The page IKE Policy for Digital Certificates on an ES PIC suggests that it’s possible to assign a name to the remote certificate.

To define the remote certificate name, include the identity statement at the [edit security ike policy ike-peer-address] hierarchy level:

[edit security ike policy ike-peer-address]

identity identity-name;

It’s not clear to me if that name can then be used in the same way that the name of a locally stored certificate can be.

Juniper’s introduction to PKI does talk about a “Remote server local certificate”, which suggests that maybe for some purposes, local doesn’t strictly mean local but also includes “remote local certificates”. (Odd concept.)

Proving that max flows of undirected graph and equivalent directed graph are equal

There is an undirected graph $ G$ . A graph $ H$ is constructed by changing each edge $ (a,b)$ in $ G$ to a pair of directed edges $ (a,b)$ and $ (b,a)$ . How to prove that the maximum flow in $ H$ is equal to the maximum flow in $ G$ ?

I don’t really have any idea how to start it. I just know that I can use Ford-Fulkerson on $ H$ and update the reverse edge such that $ f(a,b)+f(b,a)=c(a,b)$ but that’s it.