Re: [Tails-dev] overwriting with random data

[Adam Burns]

On 14/08/2020 19:58, kirg...@riseup.net wrote:

> Why does Tails default to overwriting with random data (instead of ones
> and zeros) ? When erasing files.

I would suggest because different types of media leave different
artifacts when writing over data.





signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Experimenting with Tails, preferred workflow ?

[Adam Burns]

On 21/03/17 20:15, anonym wrote:
> I just meant that detailed knowledge about aufs is not central to 
> understanding Tails and being able to hack on it. :) I think it is enough to 
> know the general idea, that we stack filesystems on top of each other. OTOH 
> if this area excites you, by all means, read up more, but probably about 
> overlayfs instead, since that is what we are moving towards slowly (help 
> needed!):

Ping. I've been scripting Raspbian builds (albeit in hacky unorthodox
ways) to support overlayfs with overlayctl. Layers of RO and one or more
RW seem to work well (whether on RAM or overlay persistent partitions).






signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Reproducible Builds sprint #2 report

[Adam Burns]

May I just say...

Awesome work! Props to all involved!!

Shine,

Adam.

On 17/03/17 08:37, intrigeri wrote:
> Hi,
> 
> here's a report of the second reproducible sprints that just ended.
> Ulrike volunteered to handle broader communication about this topic,
> so this report is only meant to share the news within our community.




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TLS certificate for git.tails.boum.org

[Adam Burns]

On 28/01/16 10:55, sycamoreone wrote:
> flapflap:
>> I get a certificate warning when visiting https://git.tails.boum.org,
>> issued by immerda.ch.
> 
> The certificate served by https://git.tails.boum.org is signed by
> immerda.ch itself (CN of the issuer is immerda_public_web_4-ca), so it
> won't be accepted by browser by default.

and tails.boum.org / boum.org use a wildcard certificate *.boum.org
issued by Gandi

> But this is probably not much of a problem, as I don't believe that site
> is really for general use: The official place for Tails' Git
> repositories is https://git-tails.immerda.ch/, which has a proper
> certificate signed by Gandi Standard SSL CA 2. git.tails.boum.org is
> only used by "developers with write access to the repositories" (see
> https://tails.boum.org/contribute/git/).
> 
> That of course doesn't mean that having a letsencrypt certificate
> wouldn't be great :).

I guess it depends on what the certificate is intended to be used for. I
think supporting CA-Cert is also a good thing (tm).

Whatever, I guess documented consistency is important.

Shine,

Adam.



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Persistence gone

[Adam Burns]

On 31/12/15 15:03, Justin Sokuar wrote:
> Logged on normally, and my persistence isn't there. I restarted and the same 
> thing happened. How can I get it back?

Forwarded to tails-support.

This is the mailing list for Tails *development*. For support, please
address your emails to one of the support channels:
https://tails.boum.org/support/




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Avoiding real MAC address in Tails macchanger being harmful?

[Adam Burns]

Thanks for the summary.

On 26/11/15 20:52, Patrick Schleizer wrote:
> Tails does verify, that randomly chosen MAC does not equal the real MAC
> by chance.
> 
> From tails-spoof-mac [1] (code: [A])
> 
>> # There is a 1/2^24 chance macchanger will randomly pick the real MAC
>> # address. We try to making it really unlikely repeating it up to
>> # three times. Theoretically speaking this leaks information about the
>> # real MAC address at each occasion but actually leaking the real MAC
>> # address will be more serious in practice.

Not a leak, but serious and much more likely would be MAC collisions in
larger third party network segment environments.

Happen to choose a MAC address of a fellow DHCP client? Someone could be
informed by their OS of a MAC collision, and such an event would be
likely logged.

Happen to choose a MAC address of a network gateway and/or DHCP server?
Well, that's fun for everyone ...

Shine,

Adam.




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] stats on upgrade time

[Adam Burns]

Hi Sajolida,

Nice graph!

On 25/11/15 11:10, sajolida wrote:
> But there's always a pretty long tail of people with quite outdated
> versions. If we look, on the day before each release, at the number of
> people that are still not running the latest version:
> 
> - Before 1.5: 19%
> - Before 1.6: 24% (we had a shorter cycle due to 1.5.1 here)
> - Before 1.7: 20%

My guess would be that Tails usage cases, in terms of boot and shutdown
frequencies would vary wildy, from daily continual desktop use to very
occasional needs-only booting an image for specific projects or topics.

> I'd like to continue working on this to:
> 
> 1. Have a nice script that I can share with more people.
> 2. Make is easier to take decision when doing migrations (like Icedove).
> 3. See if it's worth shipping IUK for more than one version to the next.
> 4. In the future, see how our improvements improve this situation
>(installation assistant, full-self upgrades, etc.).
> 
> Tell me if you have any other idea of how to make these numbers speak or
> what this would be useful for.

Uniquely identify each Tails image to assess and profile their usage
frequencies as per above?

;-)

But seriously, cool stats.

Shine,

Adam.



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Clawsmail connection problems and Tails

[Adam Burns]

Hi Steven,

This is a Tails development list, not for usage support.

Please see https://tails.boum.org/support/tails-support/index.en.html
for information on the support mailing list

https://tails.boum.org/support/tails-support/index.en.html

and friendly IRC channel

server: irc.oftc.net
port: 6697
chatroom: #tails
use TLS/SSL to connect!


for help.


Cheers,

Adam.


On 24/10/15 11:20, Steven Markowicz wrote:
> I have been trying for days now to configure Clawsmail on my Tails OS, I
> have done everything right but Clawsmail just wouldn't work for me
> because of my ISP. It seems like my ISP blocked out most of the ports
> listed on openmailbox.org  (SMTP /IMAP/POP
> ports). I really don't know if there is a way to go around this. I am
> really interested in setting this up so I can use PGP to send and
> receive encrypted messages. Is there a way to open up these ports so I
> can finally get Clawsmail to work? I would really appreciate some help.
> Thanks
> 
> 
> 
> ___
> Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to 
> tails-dev-unsubscr...@boum.org.
> 




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

On 08/04/2015 11:46 AM, intrigeri wrote:
> Hi,
> 
> Adam Burns wrote (23 Jul 2015 10:33:40 GMT) :
>> A *slightly* improved Rakefile patch that is back compatible with older
>> vagrant gem or distribution package environments.
> 
> Thanks!
> 
>> If the vagrant libraries cannot be found (ie require 'vagrant' fails),
>> this patch will optimistically add deb/rpm package paths for the vagrant
>> libraries and try again.
> 
> You mean third-party packages here, such as the one provided by
> upstream Vagrant, right?

Yup. This is using the Vagrant vagrant RPM file (thus the path under
/opt for the library files)


>> Can someone sanity check this under Debian with the 'official' Vagrant
>> deb package? Note I believe that you will need to clean/uninstall
>> existing vagrant gem files or packages first.
> 
> Can any of our Vagrant use try that? It would be good to support
> Vagrant 1.7, as least as provided by third-party packages.

I haven't had time to boot jessie from a usb yet but
a tip for jessie distributed vagrant 1.6.5+dfsg1-2 , I note from
https://packages.debian.org/jessie/all/vagrant/filelist that vagrant.rb
files are located under /usr/lib/ruby/vendor_ruby & a slight
modification of the patch may get that working if it does not already
straight away from jessie environment.

Shine,



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] DVD vs. USB: doc needs adjustments? [Fwd: [tor-talk] USB Sticks for Tails -> CCCamp]

[Adam Burns]

On 08/02/2015 04:25 PM, intrigeri wrote:
> sajolida wrote (01 Aug 2015 15:33:11 GMT) :
>> But it needs more info before we can go write something. Could you help
>> us complete this list? as nothing was really "apparent" to me from this
>> specific thread...
> 
> Added that to the ticket: "A malicious or buggy DVD drive's firmware
> can modify the Tails system on-the-fly." If it's not enough, please
> let me know what's still unclear.

+1 on this. BIOS firmware is just the beginning. DVD drives, hard
drives, etc, your laptop is actually a network of busses and devices
that may be remotely upgradable and/or contain firmware you do not
necessarily trust.




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

On 07/19/2015 12:11 PM, Adam Burns wrote:
> On 07/19/2015 09:37 AM, intrigeri wrote:
>> Adam Burns wrote (18 Jul 2015 21:31:55 GMT) :
>>> Bingo. Build now completes from current devel branch and generates iso file!
>>
>> Yay :)
>>
>> May you please share the changes that allowed you to build with
>> Vagrant 1.7+?
> 
> Tested and working under Fedora 21 with vagrant RPM installed from
> https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.4_x86_64.rpm

A *slightly* improved Rakefile patch that is back compatible with older
vagrant gem or distribution package environments.

If the vagrant libraries cannot be found (ie require 'vagrant' fails),
this patch will optimistically add deb/rpm package paths for the vagrant
libraries and try again.

Again, it works in personal environment above.

And again, it's still ugly & I'm still stupid (wrt rvm/ruby at least!) ;)

Can someone sanity check this under Debian with the 'official' Vagrant
deb package? Note I believe that you will need to clean/uninstall
existing vagrant gem files or packages first.

Shine


$ git diff
diff --git a/Rakefile b/Rakefile
index 0eeba39..e2485d4 100644
--- a/Rakefile
+++ b/Rakefile
@@ -18,9 +18,20 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

+
 require 'rbconfig'
 require 'rubygems'
-require 'vagrant'
+begin
+  require 'vagrant'
+rescue LoadError
+  VAGRANT_PKG_REQ_PREFIX = "/opt/vagrant/embedded/gems/gems/"
+  puts "vagrant library require files from gem not found, attempting
vagrant [deb,rpm] package require paths under #{VAGRANT_PKG_REQ_PREFIX}"
+  Dir.glob("#{VAGRANT_PKG_REQ_PREFIX}*/lib").each do |pkg_req_dir|
+$LOAD_PATH.unshift File.expand_path("#{pkg_req_dir}", __FILE__)
+  end
+  # attempt to load vagrant library again, this time failing by terminating
+  require 'vagrant'
+end
 require 'uri'

 $:.unshift File.expand_path('../vagrant/lib', __FILE__)





signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

On 07/19/2015 09:37 AM, intrigeri wrote:
> Adam Burns wrote (18 Jul 2015 21:31:55 GMT) :
>> Bingo. Build now completes from current devel branch and generates iso file!
> 
> Yay :)
> 
> May you please share the changes that allowed you to build with
> Vagrant 1.7+?

Tested and working under Fedora 21 with vagrant RPM installed from
https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.4_x86_64.rpm

Did I mention
a) I'm learning rake, ruby and rvm?
b) this is ugly?

] $ git diff
] diff --git a/Rakefile b/Rakefile
] index 0eeba39..5fe6112 100644
] --- a/Rakefile
] +++ b/Rakefile
] @@ -18,6 +18,12 @@
]  # You should have received a copy of the GNU General Public License
]  # along with this program.  If not, see <http://www.gnu.org/licenses/>.
]
] +$LOAD_PATH.unshift
File.expand_path('/opt/vagrant/embedded/gems/gems/vagrant-1.7.3/lib/',
__FILE__)
] +$LOAD_PATH.unshift
File.expand_path('/opt/vagrant/embedded/gems/gems/hashicorp-checkpoint-0.1.4/lib',
__FILE__)
] +$LOAD_PATH.unshift
File.expand_path('/opt/vagrant/embedded/gems/gems/log4r-1.1.10/lib',
__FILE__)
] +$LOAD_PATH.unshift
File.expand_path('/opt/vagrant/embedded/gems/gems/childprocess-0.5.5/lib',
__FILE__)
] +$LOAD_PATH.unshift
File.expand_path('/opt/vagrant/embedded/gems/gems/erubis-2.7.0/lib',
__FILE__)
] +
]  require 'rbconfig'
]  require 'rubygems'
]  require 'vagrant'

Apparently there are a few methods of elegant recursive require path
setting that may or may not depend on different ruby versions.

Given that most tails developers are likely building under a Debian
based host and a) above, perhaps below will help.

Firstly, I can confirm the .DEB file also installs vagrant under /opt,
so the same paths should hold.

Below is further info on the build ruby / rvm environment:

] $rvm -v
] rvm 1.26.11 (latest) by Wayne E. Seguin ,
] Michal Papis  [https://rvm.io/]

] $ rvm list rubies
]
] rvm rubies
]
] =* ruby-2.2.1 [ x86_64 ]
]
] # => - current
] # =* - current && default
] #  * - default
]

] $ rvm info
]
] ruby-2.2.1:
]
]   system:
] uname:   "Linux cephalo13 4.0.7-200.fc21.x86_64 #1 SMP Mon Jun
29 22:11:52 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux"
] system:  "fedora/21/x86_64"
] bash:"/bin/bash = GNU bash, version 4.3.39(1)-release
(x86_64-redhat-linux-gnu)"
] zsh: " => not installed"
]
]   rvm:
] version:  "rvm 1.26.11 (latest) by Wayne E. Seguin
, Michal Papis  [https://rvm.io/]";
] updated:  "6 days 18 hours 31 minutes 4 seconds ago"
] path: "/home/operations/.rvm"
]
]   ruby:
] interpreter:  "ruby"
] version:  "2.2.1p85"
] date: "2015-02-26"
] platform: "x86_64-linux"
] patchlevel:   "2015-02-26 revision 49769"
] full_version: "ruby 2.2.1p85 (2015-02-26 revision 49769)
[x86_64-linux]"
]
]   homes:
] gem:  "/home/operations/.rvm/gems/ruby-2.2.1"
] ruby: "/home/operations/.rvm/rubies/ruby-2.2.1"
]
]   binaries:
] ruby: "/home/operations/.rvm/rubies/ruby-2.2.1/bin/ruby"
] irb:  "/home/operations/.rvm/rubies/ruby-2.2.1/bin/irb"
] gem:  "/home/operations/.rvm/rubies/ruby-2.2.1/bin/gem"
] rake: "/home/operations/.rvm/gems/ruby-2.2.1/bin/rake"
]
]   environment:
] PATH:
"/home/operations/.rvm/gems/ruby-2.2.1/bin:/home/operations/.rvm/gems/ruby-2.2.1@global/bin:/home/operations/.rvm/rubies/ruby-2.2.1/bin:/usr/lib64/qt-3.3/bin:/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/operations/.rvm/bin:/home/operations/.local/bin:/home/operations/bin"
] GEM_HOME: "/home/operations/.rvm/gems/ruby-2.2.1"
] GEM_PATH:
"/home/operations/.rvm/gems/ruby-2.2.1:/home/operations/.rvm/gems/ruby-2.2.1@global"
] MY_RUBY_HOME: "/home/operations/.rvm/rubies/ruby-2.2.1"
] IRBRC:"/home/operations/.rvm/rubies/ruby-2.2.1/.irbrc"
] RUBYOPT:  ""
] gemset:   ""


This version of vagrant allows for plugins for libvirt and indeed docker
so may offer an easier/interesting way to build for all ...

Hope this helps,

Shine.




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

Hi intrigeri and anonym,

On 07/17/2015 04:17 PM, intrigeri wrote:
> Hi,
> 
> Adam Burns wrote (17 Jul 2015 09:46:19 GMT) :
>> Full log file:
>> http://www.networkcommons.org/files/tails-rake-build.log
> 
> In there I see:
> 
>   Switched to a new branch '9161-claws-advisory'
>   Branch 9161-claws-advisory set up to track remote branch 
> 9161-claws-advisory from origin.
> 
> There's no guarantee that this old branch still builds, and indeed, it
> doesn't => please build from the devel branch instead :)

Bingo. Build now completes from current devel branch and generates iso file!

I patently did not update since looking at the Claws issue (though my
faulty belief system is still whispering "but you did ...").

Thanks to both anonym & yourself.

Shine.



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

On 07/16/2015 03:43 PM, intrigeri wrote:
> Adam Burns wrote (16 Jul 2015 12:11:39 GMT) :
>> Now cross fingers ... ;)
> 
>>> root@tails-builder-20140709:~# apt-get install hopenpgp-tools keyringer 
>>> linux-image-3.16.0-4-586 linux-image-3.16.0-4-amd64
>>> Reading package lists... Done
>>> Building dependency tree   
>>> Reading state information... Done
>>> E: Unable to locate package linux-image-3.16.0-4-586
>>> E: Couldn't find any package by regex 'linux-image-3.16.0-4-586'
>>> E: Unable to locate package linux-image-3.16.0-4-amd64
>>> E: Couldn't find any package by regex 'linux-image-3.16.0-4-amd64'
>>> root@tails-builder-20140709:~# 
> 
>> No coconut :(
> 
> That's expected: these packages are supposed to be installed by
> live-build inside the chroot it sets up inside the Vagrant VM.

Thought I'd try. Guess that'd be why %^} Still in process of
understanding the end-to-end build process & new to live-build itself.

> The fact that you see similar errors while building Tails is
> a different matter, and a real problem, though ⇒ please share the full
> build log so we can try to understand what's going wrong during
> your build.

Build commands
> export TAILS_BUILD_OPTIONS="ignorechanges"
> rake build

Full log file:
http://www.networkcommons.org/files/tails-rake-build.log


> One useful info would be to check what version of live-build you have
> installed inside the Vagrant VM, too.

On VirtualBox host:
> vagrant@tails-builder-20140709:~/amnesia/config$ dpkg-query -l live-build
> Desired=Unknown/Install/Remove/Purge/Hold
> | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name Version Architecture 
>Description
> +++--===-===-=
> ii  live-build   3.0.5+really+is+2.0.12- all  
>Debian Live - System Build Scripts


Above log file grep:
> $ grep live-build tails-rake-build.log 
> ==> default:   libyaml-libyaml-perl live-build m4 perl perl-modules rsync 
> sgml-base
> ==> default: Get:4 http://deb.tails.boum.org/ builder-wheezy/main live-build 
> all 3.0.5+really+is+2.0.12-0.tails2 [1,940 kB]
> ==> default: Selecting previously unselected package live-build.
> ==> default: Unpacking live-build (from 
> .../live-build_3.0.5+really+is+2.0.12-0.tails2_all.deb) ...
> ==> default: Setting up live-build (3.0.5+really+is+2.0.12-0.tails2) ...
> + dpkg-query -W -f=${Version}\n live-build
> + echo live-build: 3.0.5+really+is+2.0.12-0.tails2
> ++ LB_ISO_PREPARER='live-build 2.0.12-2; 
> http://packages.qa.debian.org/live-build'




>> 'veewee vbox build' (in vagrant CWD) gives 404 error on
>> http://cdimage.debian.org/debian-cd/7.5.0/amd64/iso-cd/debian-7.5.0-amd64-netinst.iso
> 
>> Looks like this ISO image has been removed from the Debian site.
> 
> This should go away as soon as we migrate to a Jessie-based base box
> (the work has been done, see #9262 -- what remains to do is unrelated
> to Vagrant, and currently on my plate).

Haven't looked for mirrors or alternatives there yet, and understand
that it's not the core issue I'm facing.

I appreciate your feedback knowing that you are concentrating on other
issues.

Shine.





signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

On 07/15/2015 09:12 PM, anonym wrote:
> On 07/13/2015 06:32 PM, Adam Burns wrote:
>> Got Vagrant 1.7.3 to inter-operate with the current TAILS Rakefile by
>> adding explicit paths for some extra require commands. This likely is
>> not needed once ruby/rake system paths for require commands are set
>> correctly (I'm a ruby/rake n00b).
>>
>> The Vagrant/VirtualBox shell provisioning of the base box
>> 'tails-builder-20141201' currently errors with the following packages
>> not found.
>>
>> P: Begin installing packages...
>> Reading package lists...
>> Building dependency tree...
>> Reading state information...
>> Package hopenpgp-tools is not available, but is referred to by another
>> package.
>> This may mean that the package is missing, has been obsoleted, or
>> is only available from another source
>>
>> Package keyringer is not available, but is referred to by another package.
>> This may mean that the package is missing, has been obsoleted, or
>> is only available from another source
>>
>> Package linux-image-3.16.0-4-586 is not available, but is referred to by
>> another package.
>> This may mean that the package is missing, has been obsoleted, or
>> is only available from another source
>>
>> Package linux-image-3.16.0-4-amd64 is not available, but is referred to
>> by another package.
>> This may mean that the package is missing, has been obsoleted, or
>> is only available from another source
>>
>> E: Package 'linux-image-3.16.0-4-586' has no installation candidate
>> E: Package 'linux-image-3.16.0-4-amd64' has no installation candidate
>> E: Package 'hopenpgp-tools' has no installation candidate
>> E: Package 'keyringer' has no installation candidate
>> P: Begin unmounting filesystems...
>>
>> real4m42.505s
>> user2m6.284s
>> sys 0m33.978s
>> + RET=123
>> + '[' -e binary.iso ']'
>> + fatal 'lb build failed (1).'
>> + echo 'lb build failed (1).'
>> lb build failed (1).
>> + exit 1
> 
> You say that the "Vagrant/VirtualBox shell provisioning of the base box"
> fails, but the above error is clearly from the Tails build script, not
> while running the provisioning scripts. 

Perhaps my wording was in error. What I was trying to say clumsily was
the bash script vagrant/provision/assets/build-tails running on the
VirtualBox base image tails-builder-20141201 reeled in by the 'rake
build' command appears to bork with package dependency issues.

> Which branch are you trying to
> build? If you are trying to build something else than the 'devel'
> branch, that might explain it, so please try that.
> 

Thank you for that tip. Double-checked, and yes, I'm building the
'devel' branch:

> $ git checkout devel
> M   Rakefile
> Already on 'devel'


SSH'ing into the VirtualBox host after rake build errors:

> vagrant@tails-builder-20140709:~$ cat /etc/os-release 
> PRETTY_NAME="Debian GNU/Linux 7 (wheezy)"
> NAME="Debian GNU/Linux"
> VERSION_ID="7"
> VERSION="7 (wheezy)"
> ID=debian
> ANSI_COLOR="1;31"
> HOME_URL="http://www.debian.org/";
> SUPPORT_URL="http://www.debian.org/support/";
> BUG_REPORT_URL="http://bugs.debian.org/";
> 
> vagrant@tails-builder-20140709:~$ dpkg-query -l | egrep 
> "hopenpgp-tools|keyringer|linux-image-3.16.0-4"
> vagrant@tails-builder-20140709:~$ 

Use apt-get update to see if it exposes these packages:


> root@tails-builder-20140709:~# apt-get update
> Hit http://security.debian.org wheezy/updates Release.gpg
> Hit http://security.debian.org wheezy/updates Release 
>  
> Hit http://security.debian.org wheezy/updates/main Sources
>
> Hit http://security.debian.org wheezy/updates/main amd64 Packages 
>  
> Hit http://security.debian.org wheezy/updates/main Translation-en 
>   
>
> Hit http://deb.tails.boum.org builder-wheezy Release.gpg  
>   
>
> Hit http://deb.tails.boum.org builder-wheezy Release  
>
> Hit http://deb.tails.boum.org b

Re: [Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

I'm guessing from reading
https://tails.boum.org/contribute/design/vagrant/ and the naming of the
veewee generated basebox 'tails-builder-20141201' that the basebox is
out of date for the current vagrant build scripting?

Has anyone successfully built tails recently via vagrant as described in
https://tails.boum.org/contribute/build/ ?

Shine.

On 07/13/2015 06:32 PM, Adam Burns wrote:
> Got Vagrant 1.7.3 to inter-operate with the current TAILS Rakefile by
> adding explicit paths for some extra require commands. This likely is
> not needed once ruby/rake system paths for require commands are set
> correctly (I'm a ruby/rake n00b).
> 
> The Vagrant/VirtualBox shell provisioning of the base box
> 'tails-builder-20141201' currently errors with the following packages
> not found.
> 
> P: Begin installing packages...
> Reading package lists...
> Building dependency tree...
> Reading state information...
> Package hopenpgp-tools is not available, but is referred to by another
> package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> 
> Package keyringer is not available, but is referred to by another package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> 
> Package linux-image-3.16.0-4-586 is not available, but is referred to by
> another package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> 
> Package linux-image-3.16.0-4-amd64 is not available, but is referred to
> by another package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source
> 
> E: Package 'linux-image-3.16.0-4-586' has no installation candidate
> E: Package 'linux-image-3.16.0-4-amd64' has no installation candidate
> E: Package 'hopenpgp-tools' has no installation candidate
> E: Package 'keyringer' has no installation candidate
> P: Begin unmounting filesystems...
> 
> real4m42.505s
> user2m6.284s
> sys 0m33.978s
> + RET=123
> + '[' -e binary.iso ']'
> + fatal 'lb build failed (1).'
> + echo 'lb build failed (1).'
> lb build failed (1).
> + exit 1
> 
> Not sure what am I missing here?
> 
> Thanks for any pointers/tips!
> 
> 
> 
> ___
> Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to 
> tails-dev-unsubscr...@boum.org.
> 




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] TAILS build system with Vagrant 1.7.3

[Adam Burns]

Got Vagrant 1.7.3 to inter-operate with the current TAILS Rakefile by
adding explicit paths for some extra require commands. This likely is
not needed once ruby/rake system paths for require commands are set
correctly (I'm a ruby/rake n00b).

The Vagrant/VirtualBox shell provisioning of the base box
'tails-builder-20141201' currently errors with the following packages
not found.

P: Begin installing packages...
Reading package lists...
Building dependency tree...
Reading state information...
Package hopenpgp-tools is not available, but is referred to by another
package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package keyringer is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package linux-image-3.16.0-4-586 is not available, but is referred to by
another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package linux-image-3.16.0-4-amd64 is not available, but is referred to
by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Package 'linux-image-3.16.0-4-586' has no installation candidate
E: Package 'linux-image-3.16.0-4-amd64' has no installation candidate
E: Package 'hopenpgp-tools' has no installation candidate
E: Package 'keyringer' has no installation candidate
P: Begin unmounting filesystems...

real4m42.505s
user2m6.284s
sys 0m33.978s
+ RET=123
+ '[' -e binary.iso ']'
+ fatal 'lb build failed (1).'
+ echo 'lb build failed (1).'
lb build failed (1).
+ exit 1

Not sure what am I missing here?

Thanks for any pointers/tips!



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Question regarding Tails build

[Adam Burns]

On 05/24/2015 01:09 AM, anonym wrote:
> On 05/23/2015 10:15 AM, Adam Burns wrote:
>> Hi anonym,
>>
>> On 05/23/2015 09:09 AM, anonym wrote:
>>> On 05/22/2015 01:31 PM, Adam Burns wrote:
>>>> I've taken a very quick look at this.
>>>>
>>>> As the ticket #8086 suggests, it is an issue in the way Rake is used
>>>> with a "Monkey-patched" Vagrant to build TAILS.
>>>
>>> The monkey patch is against *Vagrant*, and has nothing to do with Rake.
>>> IIRC newer versions of Vagrant has built-in authentication of the boxes,
>>> so that patch can be dropped.
>>
>> Yes, understood.
>>
>>>> Although the devs are keen to move to some other tech (Docker was 
>>>> mentioned), I'm looking at removing Rake (and thus the Vagrant library
>>>> calls) from the build process if relatively easy to do so.
>>>>
>>>> I suspect rake was used to front end Vagrant in earlier days when
>>>> perhaps Vagrant was less complete, but from quick examination, I don't
>>>> think Rake is required now (nor I suspect the patching). It would
>>>> simplify things enormously and bring wider Vagrant version compatibility
>>>> across (including non-Debian) build OS environments.
>>>
>>> For the list of issues we have with Vagrant, see:
>>>
>>> https://tails.boum.org/blueprint/replace_vagrant/
>>
>> Also looked at that & related https://labs.riseup.net/code/issues/7527
>> some time back. Most of the issues appear to be solved except for the
>> library calls in the rakefile(?)
> 
> Please look a bit closer. Beyond importing some constants, we hack in
> some stuff for backwards-compatibility with older versions of Vagrant
> (see more about this issue below), but there's nothing interesting there
> to be concerned about (unless I'm mistaken -- please enlighten me in
> that case).

That's pretty much what I see. Modern versions of Vagrant have internal
conditionals for Vagrant versions now, and environment variables of
course can be manipulated.

>> Both Vagrant & vagrant-libvirt (installation through available though
>> vagrant) have matured to some degree. Qemu/KVM and VirtualBox images can
>> be built in parallel, or on choice of provisioning environment from a
>> Vagrantfile.
> 
> Ok, that sounds great! However, before I lost hope about Vagrant as our
> "official" build tool, my impression was that they as a project were
> moving things too fast, not caring much about backwards compatibility
> (including plugins, like vagrant-libvirt hard-depending on
> ever-increasing versions of base Vagrant), and making it very hard to
> support different versions of Vagrant at the same time. Hence our hope
> to support Debian stable + Debian testing + Debian sid + latest Ubuntu
> LTS + Ubuntu current (if not LTS). Also, it looked painful
> maintenance-wise (and has proved to be so). Perhaps it's better now, but
> it's not clear to me. Lastly, from our bluepint: "Vagrant hasn't been
> actively maintained in Debian for a while. It'll be part of Jessie, but
> that was by a very short margin", which is problematic from Tails'
> perspective.

Thanks for your insight. I was not aware of the Debian maintenance
background. Complete Vagrant eco-systems (especially with multiple
providers/provisioners) is often tricky to set up. Vagrant is a ruby/gem
application, it has its own OS dependencies, it reels in its own plugins
which also have their own OS dependencies. I happen to use a Fedora
build environment - these issues are not confined to Debian (other than
dist philosophies of conservative vs. bleeding edge, etc) :/

>> But granted my current experience has been with veewee, Vagrant, ansible
>> and VirtualBox/Qemu/KVM so may not be entirely appropriate here.
> 
> It sounds relevant. Patches are certainly welcome to improve the current
> situation. Even if "we" (the "core" developers, whatever) move towards
> docker it wouldn't hurt to also keep Vagrant (with the Virtualbox
> backend, and preferably with Libvirt too) as an alternative  if someone
> is committed to maintain it in Tails. And to make sure Vagrant is
> well-maintained in Debian.
> 
> However, it's a bit painful that veewee (and other stuff in the Vagrant
> world we need?) isn't packaged in Debian. If "we" move to docker, it'd
> be nice if there was a tool which could convert the docker image we will
> provide into a Vagrant box.

Good thought. Haven't looked into that, although there is some emerging
Vagrant/Docker support.

>> I st

Re: [Tails-dev] Question regarding Tails build

[Adam Burns]

Hi anonym,

On 05/23/2015 09:09 AM, anonym wrote:
> On 05/22/2015 01:31 PM, Adam Burns wrote:
>> I've taken a very quick look at this.
>>
>> As the ticket #8086 suggests, it is an issue in the way Rake is used
>> with a "Monkey-patched" Vagrant to build TAILS.
> 
> The monkey patch is against *Vagrant*, and has nothing to do with Rake.
> IIRC newer versions of Vagrant has built-in authentication of the boxes,
> so that patch can be dropped.

Yes, understood.

>> Although the devs are keen to move to some other tech (Docker was 
>> mentioned), I'm looking at removing Rake (and thus the Vagrant library
>> calls) from the build process if relatively easy to do so.
>>
>> I suspect rake was used to front end Vagrant in earlier days when
>> perhaps Vagrant was less complete, but from quick examination, I don't
>> think Rake is required now (nor I suspect the patching). It would
>> simplify things enormously and bring wider Vagrant version compatibility
>> across (including non-Debian) build OS environments.
> 
> For the list of issues we have with Vagrant, see:
> 
> https://tails.boum.org/blueprint/replace_vagrant/

Also looked at that & related https://labs.riseup.net/code/issues/7527
some time back. Most of the issues appear to be solved except for the
library calls in the rakefile(?)

Both Vagrant & vagrant-libvirt (installation through available though
vagrant) have matured to some degree. Qemu/KVM and VirtualBox images can
be built in parallel, or on choice of provisioning environment from a
Vagrantfile.

But granted my current experience has been with veewee, Vagrant, ansible
and VirtualBox/Qemu/KVM so may not be entirely appropriate here.

I still hope to put in small amount of time to at least strip rake out
of the mix to then suggest/assess what may be possible after that :)

Thanks,

Adam.





signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Question regarding Tails build

[Adam Burns]

kurono,

During the meanwhilst, you may want to take a look at this
https://labs.riseup.net/code/issues/8304 to get your build working with
a suitable Vagrant version.

On 05/22/2015 01:31 PM, Adam Burns wrote:
> I've taken a very quick look at this.
> 
> As the ticket #8086 suggests, it is an issue in the way Rake is used
> with a "Monkey-patched" Vagrant to build TAILS.
> 
> Although the devs are keen to move to some other tech (Docker was
> mentioned), I'm looking at removing Rake (and thus the Vagrant library
> calls) from the build process if relatively easy to do so.
> 
> I suspect rake was used to front end Vagrant in earlier days when
> perhaps Vagrant was less complete, but from quick examination, I don't
> think Rake is required now (nor I suspect the patching). It would
> simplify things enormously and bring wider Vagrant version compatibility
> across (including non-Debian) build OS environments.
> 
> Comments on this welcome, because as I said, I've only started to
> scratch the surface.
> 
> Regards,
> 
> Adam.
> 
> On 05/22/2015 12:15 PM, kurono wrote:
>> I followed this manual:
>> https://tails.boum.org/contribute/build/
>>
>> Beforehand I just had upgraded from Wheezy to Jessie.
>>
>> At the end I had the same error described here:
>> https://mailman.boum.org/pipermail/tails-dev/2014-July/006258.html
>> https://labs.riseup.net/code/issues/8086
>>
>> Many thanks
>>
>> On 05/22/15 11:24, anonym wrote:
>>> On 05/22/2015 09:43 AM, kurono wrote:
>>>> Hi,
>>>>
>>>> If I understand it correctly, the only current way of building Tails now
>>>> is manually as described here:
>>>> https://tails.boum.org/contribute/build/
>>>> right?
>>>>
>>>> Or is there another way that works?
>>> Using the Vagrant method also works both in Debian Wheezy and Jessie
>>> (proof: I use it). Please let us know if the existing instructions for
>>> installing the dependencies do not work.
>>>
>>> Cheers!
>>>
>>> ___
>>> Tails-dev mailing list
>>> Tails-dev@boum.org
>>> https://mailman.boum.org/listinfo/tails-dev
>>> To unsubscribe from this list, send an empty email to 
>>> tails-dev-unsubscr...@boum.org.
>>
>> ___
>> Tails-dev mailing list
>> Tails-dev@boum.org
>> https://mailman.boum.org/listinfo/tails-dev
>> To unsubscribe from this list, send an empty email to 
>> tails-dev-unsubscr...@boum.org.
>>
> 
> 
> 
> 
> ___
> Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to 
> tails-dev-unsubscr...@boum.org.
> 




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Question regarding Tails build

[Adam Burns]

I've taken a very quick look at this.

As the ticket #8086 suggests, it is an issue in the way Rake is used
with a "Monkey-patched" Vagrant to build TAILS.

Although the devs are keen to move to some other tech (Docker was
mentioned), I'm looking at removing Rake (and thus the Vagrant library
calls) from the build process if relatively easy to do so.

I suspect rake was used to front end Vagrant in earlier days when
perhaps Vagrant was less complete, but from quick examination, I don't
think Rake is required now (nor I suspect the patching). It would
simplify things enormously and bring wider Vagrant version compatibility
across (including non-Debian) build OS environments.

Comments on this welcome, because as I said, I've only started to
scratch the surface.

Regards,

Adam.

On 05/22/2015 12:15 PM, kurono wrote:
> I followed this manual:
> https://tails.boum.org/contribute/build/
> 
> Beforehand I just had upgraded from Wheezy to Jessie.
> 
> At the end I had the same error described here:
> https://mailman.boum.org/pipermail/tails-dev/2014-July/006258.html
> https://labs.riseup.net/code/issues/8086
> 
> Many thanks
> 
> On 05/22/15 11:24, anonym wrote:
>> On 05/22/2015 09:43 AM, kurono wrote:
>>> Hi,
>>>
>>> If I understand it correctly, the only current way of building Tails now
>>> is manually as described here:
>>> https://tails.boum.org/contribute/build/
>>> right?
>>>
>>> Or is there another way that works?
>> Using the Vagrant method also works both in Debian Wheezy and Jessie
>> (proof: I use it). Please let us know if the existing instructions for
>> installing the dependencies do not work.
>>
>> Cheers!
>>
>> ___
>> Tails-dev mailing list
>> Tails-dev@boum.org
>> https://mailman.boum.org/listinfo/tails-dev
>> To unsubscribe from this list, send an empty email to 
>> tails-dev-unsubscr...@boum.org.
> 
> ___
> Tails-dev mailing list
> Tails-dev@boum.org
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to 
> tails-dev-unsubscr...@boum.org.
> 




signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypted email to the IMAP server

[Adam Burns]

>> I pushed my work into doc/9161-claws-advisory. Please have a second look
>> if you want.
> 
> Done, looks good, great job!
> 
> Before publishing, you'll want to check that the attached images don't
> show up in the Atom/RSS feeds.
> 
> Cheers,
> 

Agreed, great job. And covers almost all my thoughts.

At the risk of lengthening the advisory, is it worth explicitly pointing
out:

- the context of plain-text copies. (It's obvious but) Note that
destined-to-be encrypted email replies often reveal quoted previous
messages in the thread.

- the timing of plain-text copies existing on the server, usually
momentarily for Queue, and for Draft auto-saving, until the draft email
is explicitly sent or deleted.

Glad to see this go out. Will it be posted prominently (front page or?).

The reason I ask is I believe people must be informed about this to take
appropriate action if required.

And I think it will add a lot to the Tails rep to see it widely read and
understood (if not prompt the Claws team into action! :/ ).

Shine,

Adam.

-- 
Adam Burns

+49 1704552266 (DE)

XMPP: adam.bu...@jit.si
51D2 CACB 3604 00E3 05D7  9AE0 E4C7 6DBF E283 909C
GPG  Server: keys.gnupg.net



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] PGP MIME is insecure (for me)

[Adam Burns]

Hi intrigi, sajolida, and others,

On 04/03/2015 11:48 AM, intrigeri wrote:
> Hi Adam,
> 
> Adam Burns wrote (02 Apr 2015 07:10:26 GMT) :
>> I caused the ticket 8986 to be raised and recently joined the list to not 
>> only 
>> follow up, but also see where I can help out.
> 
> Woohoo :)
> 
>> It's my understanding that the issue is the current default Claws 
>> configuration of the Drafts / Queue folders being over IMAP (and being auto-
>> saved) when they are perhaps better local (RAM disk or persistent volume).
> 
> Right. The easiest ways to fix the problem for real were tried
> already, and failed => see the "PGP MIME is insecure (for me)" thread
> on this mailing-list. Perhaps a less easy but working solution exists.
> Let's please keep the discussion going in that other thread, otherwise
> if it's spread over multiple threads it's going to be hard to
> follow :)

Reassigning Drafts/Queue folders to an MH local seems to be very messy,
not (eaaily) templatable and confusing to users now with 2 mailbox
accounts, one IMAP, one local.

sajolida, I note your recent posts in Claws bugzilla

http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2661
and
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965

Not sure there is much impetus by Claws team to act on this, however, I
note in

http://www.webupd8.org/2014/05/claws-mail-310-released-with-auto.html

"Changes in Claws Mail 3.10:
...
Added a preference to avoid automatically drafting emails that are
to be sent encrypted (Configuration > Preferences > Compose > Writing); "

Quick tests under version *3.11.1* (in Fedora 21) show the problem to go
away (yay!) when deselecting Preferences->Writing->Automatically save
messge to Draft->Even if message is to be encrypted". This should be
templatable.

Don't know the policy on application version bumping in Tails, but it
appears that the easiest way forward may be to upgrade Claws to >3.10?

>> It's also my belief that a solution be documented as soon as possible to 
>> publicize to existing users on existing versions the risk and how to 
>> mitigate 
>> it. 
> 
> Fully agreed. I believe BitingBird has added notes to this effect on
> an existing ticket, but I don't remember which one. BitingBird, will
> you take it from now on, and perhaps introduce Adam to our processes
> and tools to work on documentation?

I assume BitingBird has been busy, but if there are pointers to this,
would appreciate them to help out in more depth.

Cheers!

-- 
Adam Burns

XMPP: adam.bu...@jit.si
51D2 CACB 3604 00E3 05D7  9AE0 E4C7 6DBF E283 909C
GPG  Server: keys.gnupg.net



signature.asc
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Tails-like system for tablets

[Adam Burns]

On Saturday 11 April 2015 15:11:24 Jeff Burdges wrote:
> I skimmed the  "TAILS Mobile via USB or dual-boot”  thread :
> https://mailman.boum.org/pipermail/tails-dev/2014-January/004632.html
> 
> Ignoring momentarily questions about USB boot :
> 
> Can we even secure a mobile device at the application, OS, and network
> level?
> 

Given the hardware layout of most if not all mobile phones (and any 
tablet/phablet) together with the intimate hardware relationship with the 
carriers SIM card (computer) I would be extremely skeptical about answering 
even maybe to this question.

At the very least, see https://srlabs.de/rooting-sim-cards/

Regards,

Adam.

-- 
Adam Burns

XMPP: adam.bu...@jit.si
51D2 CACB 3604 00E3 05D7  9AE0 E4C7 6DBF E283 909C
GPG  Server: keys.gnupg.net


signature.asc
Description: This is a digitally signed message part.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Post-1.3.2 ticket assignments and postponements

[Adam Burns]

On Friday 03 April 2015 11:48:27 intrigeri wrote:

Hi intrigi,

> > It's also my belief that a solution be documented as soon as possible to
> > publicize to existing users on existing versions the risk and how to
> > mitigate it.
> 
> Fully agreed. I believe BitingBird has added notes to this effect on
> an existing ticket, but I don't remember which one. BitingBird, will
> you take it from now on, and perhaps introduce Adam to our processes
> and tools to work on documentation?

Actually, I would like to bump this even further in the interest of full 
prompt disclosure and risk minimization *right now*. This is an easy to miss 
subtle information scope leak (even if transitory) and non tech adept people 
are using TAILS in earnest (many if not most with large 3rd party mail 
providers - the usual suspects). I think the web site should prominently 
publish at least an informative warning immediately even if no tested full 
mitigation exists right now.

There is enough external interest in using TAILS as publicity over deeper 
vulnerability disclosures already (even those out of scope of the TAILS risk 
domain). 

See 
http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/
 

Actually, I wrote to Kim about this particular article concerning scope of 
this vulnerability wrt TAILS in particular and she replied:

On Wednesday 25 March 2015 21:42:46 Kim Zetter replied:
> As for why Tails was singled out, it was singled out by the
> researchers. They wanted to show how even a system that's entirely
> designed for stealth computing can be undermined. While you're right
> that other operating systems have a trusted relationship with the
> BIOS, Tails is marketed primarily for its security/privacy, whereas
> other operating systems aren't.

This is no criticism of Kim or Legbacore - I include the above in this thread 
purely to underline the issue that in order to maintain the large goodwill and 
trust in TAILS, an open disclosure process of existing issues must be in place 
and I believe such a process is applicable to this issue. Better to say such 
things out loud yourself rather than others appropriate for their own 
purposes.


Shine,

Adam.

signature.asc
Description: This is a digitally signed message part.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Post-1.3.2 ticket assignments and postponements

[Adam Burns]

On Wednesday 01 April 2015 23:55:02 anonym wrote:
> As of writing this there's only 6 unassigned tickets for 1.4:
> 
> * https://labs.riseup.net/code/issues/9072 - Pidgin IRC tests often fail
> due to OFTC Tor blocking
> 
> * https://labs.riseup.net/code/issues/8243 - Support meek bridges
> 
> * https://labs.riseup.net/code/issues/9000 - Claws Mail leaks cleartext
> of encrypted email to the IMAP server
>   - https://labs.riseup.net/code/issues/8999 - Claws Mail leaks
> cleartext of encrypted email to the Queue IMAP folder
>   - https://labs.riseup.net/code/issues/8986 - Claws Mail leaks
> cleartext of encrypted email to the Drafts IMAP folder
> 
> Any takers?
> 
> In particular I'd love to see someone take responsibility for the Claws
> tickets since they're outright dangerous for our users. I was
> considering it, and did some tiny tests [1], but then realized that I
> have way too much on my plate for Tails 1.4 so I doubt I'll manage it.
> Anyone?
> 

Hi

I caused the ticket 8986 to be raised and recently joined the list to not only 
follow up, but also see where I can help out. I also note there was a 
discussion on this list around the same time.

It's my understanding that the issue is the current default Claws 
configuration of the Drafts / Queue folders being over IMAP (and being auto-
saved) when they are perhaps better local (RAM disk or persistent volume).

It's also my belief that a solution be documented as soon as possible to 
publicize to existing users on existing versions the risk and how to mitigate 
it. 

So, a newbie to the list and processes used here. 

Any pointers to process & tools would be appreciated. I'll take this on :)

Shine,

Adam.


signature.asc
Description: This is a digitally signed message part.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.