Commit be805373 authored by intrigeri's avatar intrigeri
Browse files

Make.

parent 1d068e32
% Tails: a technical overview
% BitingBird, kurono, intrigeri
% Debian Conference 2015
% DebConf 15
<style>
.reveal h1 {
......@@ -27,23 +27,21 @@ A Live operating system
-----------------------
* works on (almost) any computer
* boots off a DvD, a USB stick, or a SD card (some of them)
* boots off a DVD or a USB stick
Preserving privacy and anonymity #1
-----------------------------------
Privacy and anonymity #1
------------------------
* use the Internet anonymously and circumvent censorship:
all connections to the Internet are forced to go through the Tor network
* leave no trace on the computer you are using unless you ask it
explicitly
Preserving privacy and anonymity #2
-----------------------------------
Privacy and anonymity #2
------------------------
* cryptographic tools:
encrypt your files, emails and instant messaging
* media production tools:
sound, video, office publishing, graphics...
* cryptographic tools: encrypt your files, emails and instant messaging
* media production tools: sound, video, office publishing, graphics...
And... it works?
----------------
......@@ -69,24 +67,23 @@ Usability: a security feature
Examples
--------
* working with UX experts (ETA for visible results: end of the year)
* GNOME desktop
* desktop cryptographic tools (Seahorse, OpenPGP applet, GNOME Disks)
* integrates the "Spoof MAC address, or not" decision in
a user-friendly way
* documentation
* translations
* documentation and translations
* warnings
* WhisperBack
A small delta, to avoid drowning
------------------
* Often, specialized distributions die quickly.
* At least in this area.
✝ Haven, Anonym.OS, ParanoidLinux, onionOS, Phantomix and
many others. RIP.
* Fact: specialized distributions often die quickly.
* At least in this area: ✝ Liberté Linux, Haven, Anonym.OS,
ParanoidLinux, onionOS, Phantomix and many others. RIP.
Why?
Why did they die so quickly?
------------------
* small teams, not organized to grow
......@@ -94,15 +91,16 @@ Why?
* no long-term commitment
* NIH
Examples: what we're doing upstream
E.g. what we're doing upstream
------------------
* AppArmor
* Debian: pkg-apparmor-team, pkg-anonymity-tools,
pkg-otr-team
* libvirt
* Seahorse
* Debian
* Debian Live
* fix OTR downgrade → v1
* Tor
* Puppet shared modules
Results
---------------
......@@ -115,7 +113,7 @@ Results
find skilled people to do the work at the best place
* slow rhythm (waiting the next Debian release, and sometimes the one
after), despite backports
* Tails is still alive!*
* **Tails is still alive!**
Implementation
==========
......@@ -126,9 +124,10 @@ PELD
* <https://tails.boum.org/contribute/design>
* Tails currently based on Debian Wheezy.
* ...migrating to Jessie.
* Core software:
* Tor
* Vidalia (migrating to Tor Monitor <https://labs.riseup.net/code/issues/6841>)
* Core software:
Tor
Tor Browser
GNOME
Use the Internet anonymously
-----------------------
......@@ -138,16 +137,17 @@ Use the Internet anonymously
* (and I2P when enabled)
* Unsafe Browser for captive portals
Tails installer
-----------------------
* Based on Fedora's liveusb-creator
Tails Installer
---------------
* Initially based on Fedora's liveusb-creator
* <https://tails.boum.org/contribute/design/installation/>
* Debian version in progress :)
* Currently PyGTK
* recently converted to Python + GTK3 + udisks2
* will be uploaded to Debian very soon :)
Leave no trace on the computer
-----------------------
* Protect against memory recovery such as cold boot attack
* Protect against memory recovery such as cold boot attacks
* RAM is overwritten when Tails is being shutdown
<https://tails.boum.org/contribute/design/memory_erasure/>
* Actual memory erasure: secure-delete (sdmem)
......@@ -158,33 +158,36 @@ Tails persistence
* Somewhat tricky topic for a live distro
* User keys, some APT packages...
* LUKS-encrypted GPT partition (TailsData)
* dm-crypt
* ext 3
* Written in Perl (Historical reasons)
* dm-crypt, ext4
* backend implemented upstream in `live-boot`
* GUI written in Perl + GTK3
Incremental upgrades
-----------------------
* Only possible in USB stick
* Only possible when installed on USB stick
* Incremental Upgrade Kit (IUK)
Application isolation
-----------------------
* Currently only file system isolation
* AppArmor to isolate applications
* Currently only file access isolation
(missing non-mainlined kernel patches)
* The best supported in Debian
* Hacks to support the Live system
* Web browser in process
* Currently (somewhat) confined: Tor Browser, Tor, Pidgin, Evince,
Totem, Vidalia, etc.
Build and Test
-----------------------
* Git repo --> <https://tails.boum.org/contribute/git/#main-repo>
* Git repo
→ <https://tails.boum.org/contribute/git/#main-repo>
* Building Tails using Vagrant
* Goal: automated build and tests
* Automated test suite
* Sikuli, libvirt, cucumber
* Automated builds (done!) and tests (WIP) in Jenkins
* Test suite: Sikuli, libvirt, cucumber
→ live demo next Friday
Challenges
==========
......@@ -193,115 +196,101 @@ Cadence & popularity
--------------------
- new release every 6 weeks
- about 10k boots a day, doubles every 6-9 months
- about 14k boots a day (* 2.8 since 2 years)
Limited resources and time
--------------------------
- mostly volunteer work
- 2000 commits, by ~10 persons, on the last 6 months
- small team compared to scope and pressure
- 3500 commits, by 13+ persons, in the last 6 months
Roadmap
=======
Overview
--------
> * welcome more varied contributions
> * ... from more varied people
> * make our life easier
> * make Tails (even) more usable
> * better protect users against targeted attacks
This summer
-----------
> - **Tails 1.1** — July 22: Debian Wheezy, UEFI
And then
--------
- **Tails 2.0**: sustainability and maintainability
Greeter
same-day security updates
mitigate effects of security holes
- **Tails 3.0**: hardening, sandboxing
- More?
<https://labs.riseup.net/code/projects/tails/roadmap>
Early 2016
----------
Tails needs you, for...
=======================
- **Tails 2.0**: Debian Jessie
Tests
--------
Early testers help improve Tails quality.
<https://tails.boum.org/contribute/how/testing/>
* &#35;5174: Test Pidgin SSL validation in Debian unstable
* &#35;5709: Test OnionCat unidirectional mode for VoIP
Usability
--------
User interface and user experience experts can make Tails easier to
use and more appealing.
Hardening
---------
<https://tails.boum.org/contribute/how/user_interface/>
- Persistent Tor state
- Protect against exploitation via external buses
- Stronger HTTPS on our website
- Persistent seed for random number generator
- Robust time syncing
* &#35;7437: Design a progress indicator while establishing a connection to Tor
* &#35;6417: Evaluate Tails Greeter revamp proposals
International audience
----------------------
Code
--------
- Persistent Tor configuration (e.g. bridges)
- Web platform for translating our website
Software people with very diverse skills can improve Tails.
Ease adoption
-------------
<https://tails.boum.org/contribute/how/code/>
- Revamp Tails Greeter
- Multi-platform Tails Installer
- Improve Tails Installer
- Explain better what Tails is and what makes it so awesome
- Revamp the website
* &#35;5917: tails-greeter password field : Warn when caps-lock in ON
* &#35;6918: Track hardening status of the binaries shipped in Tails
* &#35;5881: Add reboot button to persistence setup assistant
Better user support
-------------------
Infrastructure
--------
- Request tracker for bug reports
- Improve WhisperBack
System administrators can improve the development and quality
assurance processes.
Polished and reliable platform
------------------------------
<https://tails.boum.org/contribute/how/sysadmin/>
- Tor and network progress bar
- Improve additional packages persistence feature
- Localized displayed clock
- Backup system for persistence
- Screen locker
- Full self-upgrades
* &#35;6295: Evaluate consequences of importing large amounts of packages into reprepro
* &#35;6891: Monitor broken links on our website
Sustainability
--------------
Debian
--------
- Replace Vidalia with Tor Monitor
- Fix the build system
- Reproducible build of the ISO image
- Automated Debian package build infrastructure
- (Even more) automated tests
One can improve Tails (and other Debian derivatives, such as
Freepto ;) by contributing to Debian.
Fundraising
-----------
<https://tails.boum.org/contribute/how/debian/>
- Have more reliable and steady sources of incomes
- Depend less on grants from governments
* AppArmor (<https://wiki.debian.org/AppArmor/Contribute>)
* &#35;6507: Package our OpenPGP applet for Debian
* &#35;7352: Backport ruby-libvirt 0.5+ for Wheezy
Tails needs help
================
Where to start?
--------
## _You_ can help
* <https://tails.boum.org/contribute/>
* "easy" tasks
* User or trainer: early testing, feedback
* User interface / web / UX person
* Software developer / maintainer
* System administrator
* Debian
* Technical writer
* Translator
* Donor
* Starting point: <https://tails.boum.org/contribute/>
Contact
=======
## Talk to us
* I'm here.
* We are here.
* Development mailing-list: **<tails-dev@boum.org>**
* Mailing-list for translators: **<tails-l10n@boum.org>**
* Early testers mailing-list: **<tails-testers@boum.org>**
* Private and encrypted mailing-list: **<tails@boum.org>**
* Mailing-lists for translators, UX, early testers, user support,
non-technical project discussions, etc.
* Core team's encrypted mailing-list: **<tails@boum.org>**
* IRC: see <https://tails.boum.org/contribute/>
* Web: **<https://tails.boum.org/>**
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment