[Tails-dev] Debian popularity contest
Hi, did you consider participating with Tails in Debian popularity contest? (popcorn) I saw you disabled it, but couldn't find an explanation in the Design. Cheers, adrelanos ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] [PATCH] Remove the last absolute path in our SYSLINUX config
hi, intrigeri wrote (25 Oct 2012 10:50:06 GMT) : Great! So, I think next steps are: 0. someone else tests the patch a bit and ACKs it: I'll do it Done = ACK 1. a ticket is created to remind us to upstream this later 2. the release manager decides if he wants to merge it ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Debian popularity contest
Hi, adrelanos wrote (26 Oct 2012 10:42:48 GMT) : did you consider participating with Tails in Debian popularity contest? (popcorn) I don't remember doing more than disabling it, as a way to avoid having to think about it. I saw you disabled it, but couldn't find an explanation in the Design. First, Tails has no outgoing SMTP client configured by default, so popcon would not work out of the box. Second, even if Tails had the needed facility, I'm unsure Debian mail servers would accept email coming from Tor exit nodes. I suppose we could setup a dedicated limited SMTP relay as we have for WhisperBack, but that is quite some effort to setup and maintain. Personally, I'm not interested in doing this work. Third, I like Tails not to call home by default, and only then, we can make exceptions when we feel it safe and needed (e.g. the security issue check). Cheers! ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Debian popularity contest
intrigeri: Hi, adrelanos wrote (26 Oct 2012 10:42:48 GMT) : did you consider participating with Tails in Debian popularity contest? (popcorn) I don't remember doing more than disabling it, as a way to avoid having to think about it. I saw you disabled it, but couldn't find an explanation in the Design. First, Tails has no outgoing SMTP client configured by default, so popcon would not work out of the box. It tries http first. Second, even if Tails had the needed facility, I'm unsure Debian mail servers would accept email coming from Tor exit nodes. Valid point. I suppose we could setup a dedicated limited SMTP relay as we have for WhisperBack, but that is quite some effort to setup and maintain. Personally, I'm not interested in doing this work. Third, I like Tails not to call home by default, and only then, we can make exceptions when we feel it safe and needed (e.g. the security issue check). I considered it for Whonix today and it's a real bad idea to add it. Reasons are listed here: https://sourceforge.net/p/whonix/wiki/Security/#popularity-contest If you are interested I could adjust it for Tails and add it to the Tails design. Cheers, adrelanos ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] [PATCH] Remove the last absolute path in our SYSLINUX config
26/10/12 13:03, intrigeri wrote: hi, intrigeri wrote (25 Oct 2012 10:50:06 GMT) : Great! So, I think next steps are: 0. someone else tests the patch a bit and ACKs it: I'll do it Done = ACK 1. a ticket is created to remind us to upstream this later 2. the release manager decides if he wants to merge it I merged this into testing (and devel) in hope that it will fix our issues with the Universal USB Installer in rc2, or at least make fixing them easier. Cheers! ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[Tails-dev] Tails Attack Surface Reduction - Bridge Enforcement
Hello Work is being done on adding bridge support to Tails In addition to supporting bridges, here is another idea: [Standard Tails Livecd] 1. | | | [Bridging Firewall - Allow only bridgeip:bridgeport] 2. 1. The standard tails livecd is just the normal tails os, the user enters their bridges into vidalia, or however it ends up being supported in tails 2. This is simply a bridge firewall, for example a Tails livecd where iptables is configured to be a transparent bridge firewall. The user also enters their bridge IPs in here The bridging firewall is simply iptables in bridge mode (no IP addresses used) and is told to ONLY allow traffic going to and from the user supplied bridge IP addresses The attack surface for revealing a users IP is now reduced to being able to exploit a vulnerability in iptables, these are *extremely* rare compared to vulnerabilities in the end-user applications used, local kernel exploits etc Worth the effort making a bridge firewall CD ? ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[Tails-dev] Please review and merge feature/korean_input
Hi, please review and merge (into devel): branch: feature/korean_input ticket: todo/korean_input_system Tested, as in if I choose Korean language in Tails greeter, then I get a SCIM applet in the panel, in which I can choose the Hangul input method. We've got someone willing to test early ISO images once they're out (I guess that would be 0.15~rc1 or something). Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[Tails-dev] Please review and merge feature/dpkg-origin
Hi, branch: feature/dpkg-origin ticket: todo/custom_dpkg_origin candidate for post-0.14. commit 833df8b944c80b93b94623b5a5aec229e9e1e14e Author: Tails developers amne...@boum.org Date: Fri Oct 26 16:33:45 2012 +0200 Add vendor-specific dpkg origin information. This makes dpkg-vendor return correct information. See deb-origin(5) and dpkg-vendor(1) for details. Thanks to Paul Wise p...@debian.org for suggesting this on the debian-derivatives mailing-list. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Tails 0.14 rc1 virtualization testing howto install virtualbox and vmplayer
hi, a...@riseup.net wrote (26 Oct 2012 15:43:09 GMT) : Tails 0.14 rc1 686-pae sees all my cpu cores and RAM Nice to hear. Time to test virtualization. Ah. FYI this is tracked on https://tails.boum.org/todo/add_virtualbox_host_software/ (I'll ignore the proprietary vmware thing in what follows.) virtualbox 4.2 will now install, compile insert kernel modules Nice to read! https://www.virtualbox.org/wiki/Linux_Downloads is verified by verisign, so you only get verisign/ssl-level security A long-term solution for Tails would have to be based on Debian, rather than on Oracle's packages. Current status in Tails is a bit kludgy: we are shipping a 4.1.10-dfsg-1~bpo60+1 custom backport of the guest tools and drivers (custom because they are built against the xorg from squeeze-backports). TODO: 1. Calculate what size requirements there would be if virtualbox was ever shipped with tails 2. See how a git patch could be made that is easy simple and just makes everything work well + check that issue, quoted directly from the aforementioned ticket: IIRC, VirtualBox host software sets iptables/netfilter up in a way that makes the guest system bypass the existing firewall / or be blocked by it, so some care should be taken on this side. What does everyone think about virtualization and tails? Personally, I'd be very happy to see todo/add_virtualbox_host_software solved, but I lack time to do it any time soon. You are most welcome to go on working on this! :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Debian popularity contest
adrelanos wrote (26 Oct 2012 15:58:44 GMT) : First, Tails has no outgoing SMTP client configured by default, so popcon would not work out of the box. It tries http first. Thanks for correcting me. I considered it for Whonix today and it's a real bad idea to add it. Reasons are listed here: https://sourceforge.net/p/whonix/wiki/Security/#popularity-contest If you are interested I could adjust it for Tails and add it to the Tails design. I'd be very thankful if contributed such an adapted version. Sending it here first would be preferred. BTW, it's popcon, not popcorn :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev