[Tails-dev] encrypted
-BEGIN PGP MESSAGE- Version: GnuPG v1 hQIMA9hDwvXok4LrAQ//bTKFVO9oaHUNsUnYPtiJWkqo8cUnT6k9f52XZa2I0PVd fUfPmGWRZAYcj2reTs/6QEE6yX4eghI3AB4sT6Dkk5ZEEiciObXHbulD5AYlXsKl By2zsOZIa6SPH1eMJ6KMBnwHAyuTHxVBiFCw9VAe0uZTHSb2Rf2kO1ku2b3PgSPQ sWuxgWzrR+54/V+6pv5+MnhDABbbnvhZ8epgg09Ipvm1t5E4UKWgtadjcbvjuzBM 6yi6V44s8WeWCXvcBTx4K4HUf5pU602AQaz5hNIc2toRI381/sEusHTve1jcUuk7 ig43qyJklaKI1Vp1GOUtT2qcwBTNHZ7SWtzLJr6HSGRvYhQwjqz9FjsHyqmJ/1em 1/6haZPNFmzySmz/V2dRiNVjxWfUXBXdQ15t4rtBhIon/scP4aSTGPB/iHCxVLOR Kxc7ZWEx2/eeSA3pT1s77yEi6/LS6hm4RomLw8IKpVq+SHVwefBOkVDacuho70Bj 8BSNliUF3aBfHg+TnITUIq2PV6Z3bkaHRArYXcg2FxlY5cM1F4/UW/dOSBCLgG0u IUeBxBydtx/ET4Y5TWwByncCnMqoD/fhczCFqm0RZN05UHOgQUrBMJtGZGcqnfi5 lXKxCUEHcoIUNijnXnJotvNm9LqQ8jath7U0k2ePo9u8EptQ5VPgt6/imbQ61HaF AgwDCQz2kg5YhGoBEACk9erqGsPxtv/zzdMDR67ZcFGBhCM3MKID5tADmMo9xfV4 4FMnX+lEZmJ5BjNKCakQrizQqQxPbKnaFTvScBCMyUr6gX25pT74GYBUD7RsghgT v7Uz5IRrbb1zJEm6AnYE6+oDSpZw37LhOgXou4ql5t95eZD6LaEmRwk9x+eViZ6J 0NCVNL8wYFUQS1KBWwNjf4E+/o/OjiQ7CYQ8dfC75H+6VgdH44+QcUqXhVmMAK5s bQEQfewn1WHAxppUG4o5zyXQtyQWE6nGR0OLLZJbrrf7814g3N0RsEZM7iEw25n3 7WtQEgL47dEeiuPERi2U+uC0QLgKWmwvDWMns+TAAJs3dMNdXtYbArBeCMVDKWIy fAKDZd8dURGsXABAfc0RhNmjJHCYwJZb2CEGuytHI223tjgm9UwXIxtNYfpZOAUO CZS9tvyYkiBNHad/Sux9anEPQBtSEOUBuFqVE7fDkT2LGi3YAj4HoW+0EOGB8Q2s rtpx56Dq/SWRQt3UG/dOVMNzXyABSdP7loGi2zTF13J+HxJDJqFPJN6xWMf/5BYf KTLW24DHcFghV8UqMmFrE8iu4Fmcm/1GRTJWrcJQDuK/Xh8oaVHARMgTkPxV8bnb 3ITRfE/F+4GapxqMVWF4p32/BZzKpsilRE+Q6xPogcya4o+jl/N5Yu2Ld9lkoNLq AfM65JYT8hGse3ZeSR0M1w18/ifuoFGP+aBEMxS83DQXBfbJ7cB0gs08cipGPOCj B4z+1GDZ7ACyJhR9Q1q9PgxUMZ0dkFl/7i0DUJKUTwvnBbB30al4BunVrR2PMyRC HSybDwh8CjIsezzfYEvIpURIlDRLrTwOQUKpcPrwQThZ8gYQUhpBvh8wiAelOq4q g8rUIABYavZYlRRbIbdNGf59xxOzxSc76AHrdTTYzS+XktIa4VDU6E7KhCy7axnJ 5g9SdT7TesjnWPG3PAHyHWxMsHYovcGUBIoMbC4F1aTfZLIicQBLW44OSudyRZrA hyrWWmRaNLzkmm2yrimUMx26zKVnL85Km14VZgv+xh/8OcGftzhTxwl2THyTdEc0 ntLJxhIt99HF7IAEadQso+6U7iWBEpDS9K6v2yMCs7VqicKgSQgCTYNyLd7aoP3S rAcCEnRTJwe7qNX9huyKXL1LUi+AhoeCAKCC3imudxSepaIbO7mcZYIvNCwbWSKH S2fuL7jpHsQwqaC1Ok9Fd8grGXgq+ln1dO/80rjGKdENDumei9KluFxizUe3omhj UHXEzVRKIyegdu3aZPng+IIJ6wMIxD1Yfi0efDhVcFY464i7lg6EfYSzOL+ss3Ky g1hz1HAw9G+4ZuxpggYVsgdXMFZK3b+jOCxbV4FxKBWVyqr8nuBGXfVmdpfI5Y+p JA3QzFQ2hLZvyWmDdWoS4+qKq4Md81bDdphRMIFthLroUyuQrNPlQxsTjJf0qjIy yZeydbMA+L1uMh7+o+rlrytrxqLzY1eXBvE5eyTdWX/Bcum4YMpawT/gOLhQzzew WK+04l/v/lrV4bZNavtc3eanCzQOCsfC5MuTO8z3OUtoihBFeEUnA6VwCk/Ek5AH NEndu6MrDKZJlmeWtovSaFRRMxhdZicVyPIrc/1pk++/Z+DiVpGlM4zQGnEjmAep cV9Yh0TpX6zBJsdSD8cQ1IuWUVtYjmvdCw/IbNqcXCT63ZW5WMpGmoBMk2g6HBj2 arTMpKYhRkEgFHl+VFiSMcCMBguu0rRyyQNbUw07x6Z6Zf5lKbKl5ZGEYk9JS4rq Wnps4q8eb/1NQu8IdSWNQhUH/MX1MGq8B8QxRJJIbC3wSGJvh1UAjMw2OiYUzdHF ztO/YnH2YirTDV4cEnrO/uq9KcJu/FrKLev601Itar6jLfGni5/7q0KbBTC0qAp7 JFTtPr6WQ0gZiqJKE1oWZA2kTAp+X6xFJB3xa8bXrtcguC6jdpMmRDXpBvrTLmlU d+l9P2FaXLqJYUAHmjP9GuKh/qH6Tt72g1A4HZrl97CIV8CHY6DK7RGccvQhiNaz keW4v1CHAQUuI6SvMLicWRIz18FuTPXbPghorOeETKLIi6A= =cH3U -END PGP MESSAGE- ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] minutes of a tails/freepto meeting
At hackmeeting we had some good chat about sharing more work between freepto&tails (and, if possible, any other distribution). I'll be sketchy here. Low-hanging fruits are good to enjoy the benefits of sharing things without getting into too much complicated projects. Packaging small shell scripts or simple parts of the distribution is probably a good example of that. For example, we'd like to package the "random nick chooser". We also talked about how to share "hooks" or other parts of live-build process, and our conclusion was that there is no simple way to do that, and it isn't that much important, since they're typically very short and simple scripts. On configurations = Iceweasel - We observed that preconfiguring applications can be ugly, and tried to see what we could do about that. The most problematic seems to be mozilla's one, since their complex configuration, multiple databases, embedded plugins can make that a nightmare. We decided not to write any wrapper script to create configurations: it would add complexity without making the configurations process considerably simpler. Freepto has one binary extension (Disconnect) and will try to get that into debian: RFP are cool! SQL files should be transformed into SQL scripts. Mumble -- mumble has a sqlite-based configuration; instead of copying the sqlite file, it's better to create it with a script TorBrowser: TBB and TBL === We discussed the benefits and cons of having a "launcher" (TBL) instead of the whole TBB inside the image. Of course putting it inside will ensure shorter 'opening' times; this is especially true for live systems. We ended up saying that having the TBL pre-downloading the TBB during image building (with a chroot-hook) would be the best solution. Boyska volounteered on that: this would require something like torbrowser-launcher --batch-download To make TBL more robust, we also need to get in touch with TBB sysadmins, to ensure a sane way of getting the latest browser and signature. Unit testing Unit tests are cool, tails has, and freepto wants them, too! We also would benefit from running daily builds which (in case of error) will send notification email: this will ensure that no change in debian is breaking the build. Hosting === We don't like github, so we need to find a better hosting. This could require a different organization. Boot persistence-media - persistence-media=removable-usb is not very reliable: it will not work on some usb sticks (sandisk). The proposed way of doing this is using a syslinux hook to append a cmdline parameter that clarifies which disk we're in to the initramfs (which does not have udisk to inspect it). Then, we should change live-boot method of filtering devices. Intrigeri is working on the first part (changing syslinux), while boyska will work on the live-boot part. EFI --- ... but freepto has TWO boot loaders (grub for EFI). We decided to move everything to syslinux. This will bring us: * less maintainance * more similar to tails * cleaner (.efi images are inside git code, right now!) * support for the persistence-media hack explained above. I think that's all, I surely forgot something, but it's anyway a lot of stuff. Cheers! -- boyska ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Website defacement
Hi, sajol...@pimienta.org wrote (29 Jun 2014 20:57:13 GMT) : > I checked and the index page is blocked for writing by logged in users. > But this commit was done by user "admin@web". Maybe that username has > special power in the ikiwiki world and should be banned explicitly from > the config file. After talking with root@: indeed, the "admin" ikiwiki user had special powers. Either it had a weak password, or we didn't even create it ourselves, and someone only had to register it. Whatever. Anyhow, that user has no special credentials anymore. Cheers, -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Website defacement
jvoisin wrote: > Hello, > it seems that currently, Tails website was defaced by some script > kiddie, as shown in the attached image. People are starting to freak out > on #tails, and this is slowly spreading over the Internet. > > Does someone has some information about what is currently happening? Commits 8c60a7f..0b08998 were done on the index page. Initial commit of the defacement is 8392893. I checked and the index page is blocked for writing by logged in users. But this commit was done by user "admin@web". Maybe that username has special power in the ikiwiki world and should be banned explicitly from the config file. But I think there's nothing to really worry about :) -- sajolida signature.asc Description: OpenPGP digital signature ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] "Upgrade from ISO" path from 1.0.1 to 1.1 [Was: Please start reviewing bugfix/7345-upgrade-from-iso-from-1.0-to-1.1]
27/06/14 18:38, intrigeri wrote: > Hi, > > it would be good to decide something ASAP on this front, so that we > can crash-test the supported procedure for 1.1~rc1. The input we need > to make this decision is: > > * Who, among the core developers and those invited to run the manual > test suite, has extra time to do these tests against 1.0.1+IUK on > July 2, *in addition to* doing the 1.1~rc1 tests? After releasing 1.1~rc1 on July 1, I will be almost completely AFK until the summit. I guess I'd come back if 1.1~rc1 turns out to be completely broken to prepare a 1.1~rc2, but I won't commit to any testing this time, as I've said earlier. > * Who, among the core developers and those invited to run the manual > test suite, has extra time to do these tests against 1.0.1+IUK on > July 21, *in addition to* doing the 1.1 tests? I'll be present here, and could do it, if we decide to do this. > If enough people can do that, then the "IUK way" can be an option, and > likely the preferred one. I am not completely convinced it is the "preferred" one. Even though our UDFs can describe multiple upgrade paths (one full, one incremental), it will only present one, and will prefer incremental ones. Hence all Tails 1.0.1 installations will get the suggestion to incrementally upgrade to 1.0.2 (or whatever we'll call it) which is just a waste of time if they don't plan to use the "Upgrade from ISO" path. After all, the "real" upgrade path from 1.0.1 to 1.1 will be a full (i.e. non-incremental) upgrade to 1.1. Worse, some users may even think that they are installing the 1.1 upgrade, and then get confused when they boot up 1.0.2 only to see the same security notice again, and a suggestion to do a full upgrade to 1.1. I think the key issue here is that the Tails Upgrader and IUKs are designed around the idea that they provide "must have" upgrades, and will only present one. For instance, there is no facility to show custom messages in the UI (so we could explain that the upgrade is only relevant for "Upgrade from ISO"), only a link (which some users won't click). There are channels, of course, so I suppose we could create a new channel for the 1.0.2 upgrade, but imho apt-get:ing the required upgrades is easier both for us and our users. To sum up, I don't think our Upgrader is designed for this, and I foresee a potential user support nightmare if we try to force it to do this any way. > Else, I think we're back to where this thread was at on June 19, that > is: either document the steps to install the new Tails Installer, or > simply state that "Upgrade from ISO" is not supported from 1.0.1 to > 1.1. Since bugfix/7345-upgrade-from-iso-from-1.0-to-1.1 has been merged, and the extra steps will be simple enough, I think we should support the "Upgrade from ISO" path. However, to not taint the 1.0.1 APT suite (which is frozen forever now!) I think we should create a new suite and instruct our users to add that one. The final instructions would be: 1. Boot Tails 1.0.1 2. Enable admin password 3. Start a root shell and run: echo "deb http://deb.tails.boum.org/ 1.0.1-to-1.1-upgrade main" > \ /etc/apt/sources.list.d/upgrade.list apt-get update && apt-get install liveusb-creator syslinux 4. Proceed normally by starting Tails Installer and picking the "Upgrade from ISO" option Cheers! ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] "Upgrade from ISO" path from 1.0.1 to 1.1 [Was: Please start reviewing bugfix/7345-upgrade-from-iso-from-1.0-to-1.1]
intrigeri wrote: > * Who, among the core developers and those invited to run the manual > test suite, has extra time to do these tests against 1.0.1+IUK on > July 2, *in addition to* doing the 1.1~rc1 tests? I might be able to help on that day. > * Who, among the core developers and those invited to run the manual > test suite, has extra time to do these tests against 1.0.1+IUK on > July 21, *in addition to* doing the 1.1 tests? That sounds more tricky. I'll have time but little networking by then. If the IUK is small in size and I don't have to download an new ISO to test it then this might be possible. > Else, I think we're back to where this thread was at on June 19, that > is: either document the steps to install the new Tails Installer, or > simply state that "Upgrade from ISO" is not supported from 1.0.1 to > 1.1. I was worried about people with a persistence volume on their Tails 1.0.1 device but I tried the procedure to do "Clone & Upgrade" from Tails 1.1 experimental onto Tails 1.0.1 and this works. So documenting the steps to install the new Tails Installer in the release notes seems acceptable to me. You anyway need two Tails USB sticks to do a full upgrade, either to "update from ISO" or "clone & upgrade". -- sajolida signature.asc Description: OpenPGP digital signature ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Time-driven alias generator
Chamelephon wrote: > What do you guys think about scripting a fast and web-based online alias > generator for extremely opsec-minded people. The basic idea is : you only > provide a 8-16 digit pre-shared pin number and it gives your the account > for the week/day/month the remote side should be subscribed to. This way it > would be easier to change credentials over time and ensure followability. How would this fit into Tails? Remember that Tails is an operating system project. In other word, we write very little code to create new security tool, but rather work on the getting them working well together and being usable to a wide audience. -- sajolida signature.asc Description: OpenPGP digital signature ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Installer → Installation
I renamed the "Installer" category in Redmine to "Installation" so we can fit in there the issues related to UUI, documentation about manual installation methods, etc. I find it usually hard to search for tickets in Redmine, and having a category set for as many tickets as possible might help. -- sajolida signature.asc Description: OpenPGP digital signature ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Please review and merge doc/7216-persistence-backup-permissions
intrigeri wrote: > I'm sorry, but I don't get how this can be a solution to the problem > described on that ticket. IMO either the description of the problem is > wrong, or the solution is wrong. Replied there. I think what's wrong here is your understanding of the problem. I already tested that `find` command and it works. Still, I tested the whole procedure again, and fix a glitch related to Nautilus with commit c634868. Replied on the ticket. -- sajolida signature.asc Description: OpenPGP digital signature ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Fwd: Bug#753095: RFH: vagrant
Hi there, it's now been made clear that the vagrant package in Debian needs help: --- Begin Message --- Package: wnpp Severity: normal Hi, Would somebody be interested in helping me maintaining vagrant package in debian. My knowledge of ruby is unfortunately to low to continue working on it especially with the latest versions where the code used to load the plugins has heavily changed. Cheers, Laurent Bigonville Description-en: Tool for building and distributing virtualized development environments This package provides the tools to create and configure lightweight, reproducible, and portable virtual environments. . Vagrant uses Oracle’s VirtualBox to create its virtual machines and then uses Chef or Puppet to provision them. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140629090822.25322.14573.report...@fornost.bigon.be --- End Message --- -- intrigeri ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] Post-backbone collaboration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hoi, E-mail is hard, my apologies for the resend, but now everyone is cc'd and it's easier to stay in the loop. Please use "reply-all" to keep everyone in the loop.! - - Dear Privacy Distributions, It was good to see all of you recently at backbone409, I would like to keep this momentum fresh and e-mail you about how we can improve some software upstream we all benefit from, below, some tickets we would like to see happening, from Tails' side. What are the things freepto and subgraph would like to see happening? Or what are you working on? Perhaps a good start would be to make an inventory of bugs we would like to see resolved? :) Thoughts? For the folks who weren't at backbone409, we had a long discussion about our privacy distributions and finding out we are all based on Debian, this makes for "leveraging" work! Hurray! - - Feature #6337: Add support for TrueCrypt volumes in udisks https://bugs.freedesktop.org/show_bug.cgi?id=70164 https://labs.riseup.net/code/issues/6337 - - Feature #5868: hkps support in Seahorse https://bugzilla.gnome.org/show_bug.cgi?id=617383 https://labs.riseup.net/code/issues/5868 - - Feature #6272: Wait for GNOME GnuPG agent to support OpenPGP smartcards https://bugzilla.gnome.org/show_bug.cgi?id=530439 https://labs.riseup.net/code/issues/6272 - - Feature #5655: Share username and hostname amongst all anonymity distributions https://labs.riseup.net/code/issues/5655 I included the last one, since I brought it up at backbone409 and might be interesting to have as an discussion. All the best, Jurre -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTr+zRAAoJELc5KWfqgB0Cih4IAIv2E9SiZEy6RMup9cJDCzQ0 2KEsBib5diZlOenEFnV2uguyB/Qk61ZuQxlV5rv8PxyqtCYjkR3imAkSZDMRiw9Y c2jDIcrc+i8KSrudQSIZ05sEG5XGubXGlHftYbdg0/7gA5M7g3MYfKGronGa4fa4 r7U8Sx7YL7F34Qny+HTueoGXdc8mQkGJsRw55d/laMRGayituoJnOJTLYzGQXFrA w2mrYP10EQfDPi1E2cMj6JQTsNIBy266uVZ1EGgd1UquwqyqhSCJIO4GgBkmVPyl e0rJL6wGB45F/weJ1Bz6hhuTu+0qPu+SNpegQ+HsuhBwNDXLPR2YpL2CMEXw+X8= =v9rl -END PGP SIGNATURE- ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
