Re: [Tails-dev] Tails: pcmcia / firewire / etc.
On Fri, Oct 12, 2012 at 06:15:07PM -0700, Steve Weis wrote: Hi. I booted Tails' latest release and was able to scrape memory contents via FireWire. All the necessary firewire modules are enabled by default and Inception worked out of the box. This would let someone root a machine through, say, a daisy chained thunderbolt monitor. I'd either remove support from the kernel, blacklist the modules in modprobe, or disable support with a boot param. We can't just do that. Tails is also meant to be a safe environment to produce sensitive documents. Being able to retrieve a video from a DV camera, edit it and send it online is a use case Tails should support. From the recent discussions regarding ExpressCards and the likes, it looks like we are moving to a common pattern of you have 5 minutes to plug things on those ports that can be dangerous, otherwise, they will be disabled. This should work for FireWire too, even if it feels more cumbersome to me than for an expansion card. -- Ague pgp4q3EidLIt5.pgp Description: PGP signature ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Tails: pcmcia / firewire / etc.
Ague Mill: On Fri, Oct 12, 2012 at 06:15:07PM -0700, Steve Weis wrote: Hi. I booted Tails' latest release and was able to scrape memory contents via FireWire. All the necessary firewire modules are enabled by default and Inception worked out of the box. This would let someone root a machine through, say, a daisy chained thunderbolt monitor. I'd either remove support from the kernel, blacklist the modules in modprobe, or disable support with a boot param. We can't just do that. Tails is also meant to be a safe environment to produce sensitive documents. Being able to retrieve a video from a DV camera, edit it and send it online is a use case Tails should support. I'd hardly call this safe. I mean, sure - those video people are safely able to download videos over firewire - but for every person that does that, how many people will be vulnerable to DMA attacks without even having a clue about firewire? From the recent discussions regarding ExpressCards and the likes, it looks like we are moving to a common pattern of you have 5 minutes to plug things on those ports that can be dangerous, otherwise, they will be disabled. This should work for FireWire too, even if it feels more cumbersome to me than for an expansion card. As this is a modular kernel - is there a reason not to simply add a enable firewire widget? That way everyone is secure by default and when someone wishes to enable it, someone will be able to be notified of the danger they have just enabled? All the best, Jacob ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Download manager
On Sat, Oct 13, 2012, at 01:34, Jacob Appelbaum wrote: I like the idea of a download manager and an upload manager. In both cases we have the same issue - sometimes normal network issues that would make a non-anonymous download fail will also cause Tor downloads to fail. An example is bumping an ethernet cable on a laptop or a microwave screwing up a wifi connection. DownThemAll! has all these features, less the upload. I figgure out as there are quite a few FireFox hackers, it would be easier to verify for safety than a standalone app depending on some obscure third party library. ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Upstreaming yelp patch
hi, Ague Mill wrote (12 Oct 2012 20:44:31 GMT) : On Fri, Oct 12, 2012 at 05:52:50PM +0200, intrigeri wrote: to anyone who pushed commit 64de544 (Fix Yelp crashing on internal links): [...] 2. Please open a ticket about upstreaming this fix. I don't see the need: [...] * Yelp has been heavily rewritten since Squeeze. I have not tested, but I doubt the bug is still in the version in Wheezy. If the bug was fixed upstream since then (== is not present in Wheezy), then I agree, the effort is not worth it, let's forget about it. If the bug is still present in Wheezy, then I still think we should report it to Debian and/or GNOME, and contribute our existing patch. Perhaps they'll ignore it, but at least, let's make upstream aware of the problem and possible solution. Our contribute/relationship_with_upstream page contains plenty of reasons to do. ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Upstreaming yelp patch
On Sat, Oct 13, 2012 at 11:11:11AM +0200, intrigeri wrote: hi, Ague Mill wrote (12 Oct 2012 20:44:31 GMT) : On Fri, Oct 12, 2012 at 05:52:50PM +0200, intrigeri wrote: to anyone who pushed commit 64de544 (Fix Yelp crashing on internal links): [...] 2. Please open a ticket about upstreaming this fix. I don't see the need: [...] * Yelp has been heavily rewritten since Squeeze. I have not tested, but I doubt the bug is still in the version in Wheezy. If the bug was fixed upstream since then (== is not present in Wheezy), then I agree, the effort is not worth it, let's forget about it. My look at the code was right: everything is different. Except there is yet another bug in the code affecting internal links... See https://bugzilla.gnome.org/show_bug.cgi?id=686095 for details. That patch also applies to the version currently in Wheezy. -- Ague pgpEyEuSpWN1i.pgp Description: PGP signature ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev