Commit 661dbe17 authored by Tails developers's avatar Tails developers
Browse files

Merge branch 'master' into devel

Conflicts:
	wiki/src/todo/persistence.mdwn
parents d1c81875 3fcfd76a
Hi, I installed tails to USB and when I start it, I get problem with tor connections, here is copy/paste from controlpanel-messagelog-advanced: Hi, I installed tails to USB and when I start it, I get problem with tor connections, here is copy/paste from controlpanel-messagelog-advanced:
Mar 16 17:58:46.091 [Notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Mar 16 17:58:46.091 [Notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686)
Mar 16 17:58:46.096 [Notice] Initialized libevent version 1.4.13-stable using method epoll. Good.
Mar 16 17:58:46.096 [Notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Mar 16 17:58:46.097 [Notice] Opening Socks listener on 127.0.0.1:9050
Mar 16 17:58:46.097 [Warning] /var/run/tor is not owned by this user (amnesia, 1000) but by debian-tor (106). Perhaps you are running Tor as the wrong user?
Mar 16 17:58:46.097 [Notice] Opening Socks listener on 127.0.0.1:9050 Mar 16 17:58:46.097 [Warning] Before Tor can create a control socket in "/var/run/tor/control", the directory "/var/run/tor" needs to exist, and to be accessible only by the user account that is running Tor. (On some Unix systems, anybody who can list a socket can conect to it, so Tor is being careful.)
Mar 16 17:58:46.097 [Notice] Closing partially-constructed listener Socks listener on 127.0.0.1:9050
Mar 16 17:58:46.097 [Warning] /var/run/tor is not owned by this user (amnesia, 1000) but by debian-tor (106). Perhaps you are running Tor as the wrong user? Mar 16 17:58:46.097 [Warning] Failed to parse/validate config: Failed to bind one of the listener ports.
Mar 16 17:58:46.097 [Error] Reading config failed--see warnings above.
Mar 16 17:58:46.097 [Warning] Before Tor can create a control socket in "/var/run/tor/control", the directory "/var/run/tor" needs to exist, and to be accessible only by the user account that is running Tor. (On some Unix systems, anybody who can list a socket can conect to it, so Tor is being careful.)
> It looks like you tried to start Tor yourself, didn't you?
Mar 16 17:58:46.097 [Notice] Closing partially-constructed listener Socks listener on 127.0.0.1:9050 >
> Please report a bug [[as documented|doc/first_steps/report_a_bug]]
Mar 16 17:58:46.097 [Warning] Failed to parse/validate config: Failed to bind one of the listener ports. > so that we get the information we need to help you.
Mar 16 17:58:46.097 [Error] Reading config failed--see warnings above. [[done]]
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-04-04 04:05+0300\n" "POT-Creation-Date: 2012-04-11 14:26+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
...@@ -190,12 +190,6 @@ msgid "" ...@@ -190,12 +190,6 @@ msgid ""
"Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot." "Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot."
msgstr "" msgstr ""
#. type: Plain text
msgid ""
"ALT Method: Open Disk Utility Find The Drive Format Tab Source is ISO File "
"Destination is USB Drive Poof!"
msgstr ""
#. type: Title = #. type: Title =
#, no-wrap #, no-wrap
msgid "Notes\n" msgid "Notes\n"
...@@ -206,3 +200,29 @@ msgid "" ...@@ -206,3 +200,29 @@ msgid ""
"Note that Tails developers are in general not very knowledgeable about Mac. " "Note that Tails developers are in general not very knowledgeable about Mac. "
"Any additional information is welcome." "Any additional information is welcome."
msgstr "" msgstr ""
#. type: Plain text
msgid ""
"An alternative, easier method was suggested; it looks like it requires a "
"fairly recent version of OSX:"
msgstr ""
#. type: Bullet: '1. '
msgid "Open Disk Utility"
msgstr ""
#. type: Bullet: '1. '
msgid "Find The Drive"
msgstr ""
#. type: Bullet: '1. '
msgid "Format Tab"
msgstr ""
#. type: Bullet: '1. '
msgid "Source is ISO File"
msgstr ""
#. type: Bullet: '1. '
msgid "Destination is USB Drive"
msgstr ""
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-04-04 04:05+0300\n" "POT-Creation-Date: 2012-04-11 14:26+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
...@@ -190,12 +190,6 @@ msgid "" ...@@ -190,12 +190,6 @@ msgid ""
"Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot." "Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot."
msgstr "" msgstr ""
#. type: Plain text
msgid ""
"ALT Method: Open Disk Utility Find The Drive Format Tab Source is ISO File "
"Destination is USB Drive Poof!"
msgstr ""
#. type: Title = #. type: Title =
#, no-wrap #, no-wrap
msgid "Notes\n" msgid "Notes\n"
...@@ -206,3 +200,29 @@ msgid "" ...@@ -206,3 +200,29 @@ msgid ""
"Note that Tails developers are in general not very knowledgeable about Mac. " "Note that Tails developers are in general not very knowledgeable about Mac. "
"Any additional information is welcome." "Any additional information is welcome."
msgstr "" msgstr ""
#. type: Plain text
msgid ""
"An alternative, easier method was suggested; it looks like it requires a "
"fairly recent version of OSX:"
msgstr ""
#. type: Bullet: '1. '
msgid "Open Disk Utility"
msgstr ""
#. type: Bullet: '1. '
msgid "Find The Drive"
msgstr ""
#. type: Bullet: '1. '
msgid "Format Tab"
msgstr ""
#. type: Bullet: '1. '
msgid "Source is ISO File"
msgstr ""
#. type: Bullet: '1. '
msgid "Destination is USB Drive"
msgstr ""
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
msgid "" msgid ""
msgstr "" msgstr ""
"Project-Id-Version: PACKAGE VERSION\n" "Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2012-04-04 04:05+0300\n" "POT-Creation-Date: 2012-04-11 14:26+0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
...@@ -190,12 +190,6 @@ msgid "" ...@@ -190,12 +190,6 @@ msgid ""
"Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot." "Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot."
msgstr "" msgstr ""
#. type: Plain text
msgid ""
"ALT Method: Open Disk Utility Find The Drive Format Tab Source is ISO File "
"Destination is USB Drive Poof!"
msgstr ""
#. type: Title = #. type: Title =
#, no-wrap #, no-wrap
msgid "Notes\n" msgid "Notes\n"
...@@ -206,3 +200,29 @@ msgid "" ...@@ -206,3 +200,29 @@ msgid ""
"Note that Tails developers are in general not very knowledgeable about Mac. " "Note that Tails developers are in general not very knowledgeable about Mac. "
"Any additional information is welcome." "Any additional information is welcome."
msgstr "" msgstr ""
#. type: Plain text
msgid ""
"An alternative, easier method was suggested; it looks like it requires a "
"fairly recent version of OSX:"
msgstr ""
#. type: Bullet: '1. '
msgid "Open Disk Utility"
msgstr ""
#. type: Bullet: '1. '
msgid "Find The Drive"
msgstr ""
#. type: Bullet: '1. '
msgid "Format Tab"
msgstr ""
#. type: Bullet: '1. '
msgid "Source is ISO File"
msgstr ""
#. type: Bullet: '1. '
msgid "Destination is USB Drive"
msgstr ""
...@@ -79,18 +79,17 @@ whole process might take a while, generally a few minutes. Be patient… ...@@ -79,18 +79,17 @@ whole process might take a while, generally a few minutes. Be patient…
Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot. Reboot your Mac, wait for the rEFIt menu and select the USB drive to boot.
- - - - - - - - - - - - - - - - - - - -
ALT Method:
Open Disk Utility
Find The Drive
Format Tab
Source is ISO File
Destination is USB Drive
Poof!
Notes Notes
===== =====
Note that Tails developers are in general not very knowledgeable about Note that Tails developers are in general not very knowledgeable about
Mac. Any additional information is welcome. Mac. Any additional information is welcome.
An alternative, easier method was suggested; it looks like it
requires a fairly recent version of OSX:
1. Open Disk Utility
1. Find The Drive
1. Format Tab
1. Source is ISO File
1. Destination is USB Drive
...@@ -195,7 +195,7 @@ msgstr "" ...@@ -195,7 +195,7 @@ msgstr ""
"Diese Techniken basieren auf standard HTTPS und [[!wikipedia " "Diese Techniken basieren auf standard HTTPS und [[!wikipedia "
"Certificate_authority desc=\"Zertifizierungsstellen\"]] um dir Vertrauen in " "Certificate_authority desc=\"Zertifizierungsstellen\"]] um dir Vertrauen in "
"den Inhalt dieser Website zu geben. Aber, [[wie auf unserer Warnungsseite " "den Inhalt dieser Website zu geben. Aber, [[wie auf unserer Warnungsseite "
"erklärt|doc/warning#index3h1]], könntest du immer noch Opfer eines Man-in-" "erklärt|doc/about/warning#index3h1]], könntest du immer noch Opfer eines Man-in-"
"the-middle-Angriffs sein während du HTTPS benutzt. Auf dieser Homepage, " "the-middle-Angriffs sein während du HTTPS benutzt. Auf dieser Homepage, "
"genauso wie auch auf jeder anderen im Internet." "genauso wie auch auf jeder anderen im Internet."
......
...@@ -7,11 +7,9 @@ It would be very nice to have (cpu) power saving enabled by default (with the on ...@@ -7,11 +7,9 @@ It would be very nice to have (cpu) power saving enabled by default (with the on
>>> Oops, you're right, the `-486` kernel we ship does not support >>> Oops, you're right, the `-486` kernel we ship does not support
>>> SMP. Sorry for the confusion. This will be fixed once we ship >>> SMP. Sorry for the confusion. This will be fixed once we ship
>>> several kernels, and the best supported one will be auto-detected; >>> several kernels; this feature is tracked on [[todo/nx_bit]], which
>>> this feature is tracked on [[todo/nx_bit]], which is implemented, >>> is implemented, but needs polishing. So, all this is likely to
>>> and only blocked by the lack of a working [[todo/TailsGreeter]]. >>> land into Tails 0.12.
>>> So, all this is likely to land into Tails 0.11 (scheduled to be
>>> released late in April or early in May).
[[!tag todo/wait]] [[!tag todo/wait]]
......
...@@ -30,8 +30,8 @@ Let's call it "Unsafe web browser". When executed we: ...@@ -30,8 +30,8 @@ Let's call it "Unsafe web browser". When executed we:
0. Show a dialog asking the user for verification, while also briefly 0. Show a dialog asking the user for verification, while also briefly
explaining that the unsafe browser won't be anonymous. explaining that the unsafe browser won't be anonymous.
0. If yhes, we start a separate Iceweasel instance . 0. If yes, we start a separate Iceweasel instance.
0 The Iceweasel profile should use a theme with scary colors, but it 0. The Iceweasel profile should use a theme with scary colors, but it
should be deactivated when Windows camouflage is activated. should be deactivated when Windows camouflage is activated.
0. Add a small visual cue to "amnesia branding" addon (which will be 0. Add a small visual cue to "amnesia branding" addon (which will be
the only cue for Windows camouflage users), the only cue for Windows camouflage users),
......
[[!taglink todo/discuss]] [[!taglink todo/discuss]]
The kernel documentation reads (`debugging-via-ohci1394.txt`):
> The alternative firewire-ohci driver in drivers/firewire uses
> filtered physical DMA by default, which is more secure but not
> suitable for remote debugging. Compile the driver with
> `CONFIG_FIREWIRE_OHCI_REMOTE_DMA` [...] to get unfiltered
> physical DMA.
Given:
1. `CONFIG_FIREWIRE_OHCI_REMOTE_DMA` is not set in Debian's Linux 3.2.
1. Only the new FireWire stack (`firewire-ohci`) is shipped in
Debian's Linux 3.2.
... Tails seems to be immune from the physical memory attacks via
FireWire/DMA we know.
Resources
=========
* [Physical memory attacks via Firewire/DMA - Part 1: Overview and Mitigation (Update)](http://www.hermann-uwe.de/blog/physical-memory-attacks-via-firewire-dma-part-1-overview-and-mitigation)
* [Using physical DMA provided by OHCI-1394 FireWire controllers for debugging](http://feishare.com/debug/using-physical-dma-provided-by-ohci-1394-firewire-controllers-for-debugging)
[[!tag todo/code]]
Since the transparent firewall-level torification is gone, Tails now
uses `torify` more and more. Given Tails does not include `torsocks`,
`torify` uses `tsocks`, which is unmaintained upstream, and makes
`torify` display scary messages such as *WARNING: tsocks is known to
leak DNS and UDP data. If you had torsocks we would use that.*.
Not displaying that meaningless message would save some
user-support time.
1. install `torsocks` (probably 1.2-3 or later from squeeze-backports)
1. test that every program that's torified using `torify` still works
correctly: `git grep -w torify`
...@@ -8,6 +8,7 @@ a special mode that would better suit the needs of these situations: ...@@ -8,6 +8,7 @@ a special mode that would better suit the needs of these situations:
* remove the unsafe browser user and launcher * remove the unsafe browser user and launcher
* remove the persistence setup launchers * remove the persistence setup launchers
* don't allow users to enable persistence? * don't allow users to enable persistence?
* session timeout: see [webconverger implementation](http://webconverger.org/blanking/)
* more? * more?
An initial implementation of the kiosk mode would be entered by adding An initial implementation of the kiosk mode would be entered by adding
......
...@@ -53,6 +53,8 @@ User interface ...@@ -53,6 +53,8 @@ User interface
advanced; custom lines would go to advanced; advanced would be advanced; custom lines would go to advanced; advanced would be
displayed if, and only if, at least one custom line is already in displayed if, and only if, at least one custom line is already in
live.persist; else, an arrow icon allows to unroll/display it live.persist; else, an arrow icon allows to unroll/display it
- add a "Reboot now" button to the dialog of the persistence
wizard that state that you need to reboot to apply the changes
### use persistence ### use persistence
......
As there are still many Apple PowerMac G3 and G4 computers running in the world and some companies do use them, too, support for this arcitecture would be a good thing. Maybe, a layered virtualization could solve this problem along with others.
> Closing as duplicate of [[todo/powerpc_support]].
> Help in this area is much welcome.
[[!tag todo/done]]
[[!tag todo/code]]
Linux 3.2 adds a "Speaker" channel for some sound cards. Linux 3.2 adds a "Speaker" channel for some sound cards.
> That channel has been there since forever for some cards. > That channel has been there since forever for some cards.
...@@ -19,4 +17,12 @@ We need to patch `/usr/share/alsa/utils.sh` the same way alsa-utils ...@@ -19,4 +17,12 @@ We need to patch `/usr/share/alsa/utils.sh` the same way alsa-utils
>> I'm the bug reporter, you set the "Speaker" volume as 80%. Doesn't this mean 80% master x 80% speaker = 64% total volume? If I didn't get it wrong it should be same for Headphones (80% x 80% = 64%). If so, please set the other channels at maximum and decrease the master if needed so we could change the volume only by controlling the master channel >> I'm the bug reporter, you set the "Speaker" volume as 80%. Doesn't this mean 80% master x 80% speaker = 64% total volume? If I didn't get it wrong it should be same for Headphones (80% x 80% = 64%). If so, please set the other channels at maximum and decrease the master if needed so we could change the volume only by controlling the master channel
>>Can anybody answer this? >> Can anybody answer this?
>>> All such mixer levels are set to 80% in the initscript shipped by
>>> the alsa-utils Debian package. Hardware is wired in many
>>> "interesting" ways, that may or may not satisfy the equation
>>> you're guessing, so I doubt there's any better general setting.
>>> I suggest you talk to the maintainers of the alsa-utils Debian
>>> package if you want to contribute to improve this area of Debian
>>> and Tails.
...@@ -17,6 +17,10 @@ follow. At least one similar bug was triggered on 686-pae kernel ...@@ -17,6 +17,10 @@ follow. At least one similar bug was triggered on 686-pae kernel
(64bit CPU) too. Launching the program with various linux32's options (64bit CPU) too. Launching the program with various linux32's options
does not help. does not help.
Those crashes don't happen on a Wheezy amd64 kernel + amd64 userspace.
Is this bug fixed in Wheezy, or due to mixing 64bit kernel with
32bit userspace?
[creator:1160] extlinux not found! Only FAT filesystems will be supported [creator:1160] extlinux not found! Only FAT filesystems will be supported
*** glibc detected *** /usr/bin/python: malloc(): memory corruption: 0x0951d720 *** *** glibc detected *** /usr/bin/python: malloc(): memory corruption: 0x0951d720 ***
======= Backtrace: ========= ======= Backtrace: =========
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment