Commit 05250d5f authored by sajolida's avatar sajolida
Browse files

Merge branch 'web/14921-download-css' into web/14630-adjust-to-new-verification-extension

parents 0c2ca368 c564e338
......@@ -235,12 +235,16 @@ turned on:
console=tty1 printk.time=1 nosplash rootwait root=/dev/mmcblk0p2 ro rootfstype=ext4 lsm.module_locking=0 debug
console=tty0 printk.time=1 nosplash rootwait root=/dev/mmcblk0p2 ro rootfstype=ext4 lsm.module_locking=0 debug
> anonym speaking: FWIW, I cannot reproduce (backlight remains off).
Now, `/dev/mmcblk0` is really the internal flash storage, and not my
micro-SD, as pointing `root=` to the ChromeOS root partition like this
does start ChromeOS:
console=tty1 printk.time=1 nosplash rootwait root=/dev/mmcblk0p5 ro rootfstype=ext4 lsm.module_locking=0 debug
> anonym speaking: FWIW, I cannot reproduce this (nothing boots).
So to sum up, FWIW the "backlight turns on" behavior happens when…
`root=` is pointed to a ChromeOS kernel partition (that's definitely
not ext4). So, at least this kernel _is_ able to turn on backlight,
......@@ -253,6 +257,14 @@ backlight doesn't turn on.
Conclusion: the official ChromeOS kernel lacks too much stuff that
a Debian userspace needs.
> anonym speaking: I'm less sure about this conclusion; the Arch linux
> one that works for us *is* a ChromeOS Kernel, with 13 patches
> applied, none which looks relevant for boot issues (except
> `0008-Downgrade-mmc1-speed.patch`, but it targets the .dtb file and
> I tried rebuilding it with the patch => no joy).
>
> TODO: retry with all the patches applied?
## Kernel approach 2 - Debian's kernel
XXX: retry with a more recent Debian kernel.
......@@ -497,6 +509,9 @@ and the backlight remains off.
## Kernel approach 3 - custom Chrome OS kernel
> anonym speaking: I tried these steps from the `chromeos-4.14` branch
> with no success.
I've also tried building a custom ChromeOS kernel with added drivers
we might need. Instructions below are based on
<http://wiki.baserock.org/guides/baserock-native-cb5-311/>
......@@ -564,6 +579,9 @@ The results below are about `ArchLinuxARM-2017.09-oak-rootfs.tar.gz`,
that's available at the time of writing in
<http://os.archlinuxarm.org/os/mediatek/>.
> anonym speaking: I have reproduced this with:
> `ArchLinuxARM-2017.11-oak-rootfs.tar.gz` yay!
I've followed
<https://archlinuxarm.org/platforms/armv8/mediatek/acer-chromebook-r13>
to install Arch Linux on a USB stick, and it booted flawlessly.
......@@ -635,6 +653,8 @@ the partitioning and debootstrap steps have been done already.
## Kernel approach 5: custom Debian kernel
> anonym speaking: I last tried linux-image-4.13.0-1-arm64
Here we
[rebuild](https://kernel-handbook.alioth.debian.org/ch-common-tasks.html#s-common-building)
the Debian kernel with the `CONFIG_ARCH_MEDIATEK` and
......
[[!meta title="Tails November 2017 report"]]
[[!toc levels=2]]
This report covers the activity of Tails in November 2017.
Everything in this report is public.
# A. VeraCrypt support in GNOME
- The survey on VeraCrypt usage that we launched in October was
advertised on our website until December 1. We got 1012 complete
answers. ([[!tails_ticket 14474]])
- We recruited participants for the UX design sprint on VeraCrypt in
Tails what will happen in Berlin from December 8 to 10. We got 91
people volunteering to help us and selected the 10 most interesting
profiles to come work with us in December. We gave priority to people
who are users of both VeraCrypt and Tails and who seem less
tech-savvy. ([[!tails_ticket 14742]])
# B. Additional software
# C. Deliver new features
......@@ -26,7 +26,7 @@ beginning of May.
- August 2017: spriver
- September 2017: emmapeel
- October 2017: sajolida
- November 2017:
- November 2017:muri
- December 2017: muri
- January 2018: sajolida
......
......@@ -25,17 +25,32 @@ Code
XXX: List important code work that is not covered already by the Release
section (for example, the changes being worked on for the next version).
* We fixed issues regarding reproducible builds
([[!tails_ticket 14924]], [[!tails_ticket 14946]],
[[!tails_ticket 14933]]) and later realized that one of them fixes
did not work in some corner cases… that include the ISO images we
build for the Tails official releases. Sadly, due to an internal
communication mishap we've announced that Tails 3.3 was reproducible
before we had learned about this remaining problem.
Documentation and website
=========================
XXX: Explore the Git history:
git log --patch --since='1 October' --until='1 November' origin/master -- "*.*m*"
* We have documented internally how active Tails contributors can be
sponsored to attend events on behalf of Tails and are now working
towards publishing this documentation so that all contributors are
aware of this option ([[!tails_ticket 14727]]).
User experience
===============
XXX: Check the archives of tails-ux: https://mailman.boum.org/pipermail/tails-ux/
- We almost finished the work on the new download page and verification
extension for Firefox and Chrome. We're stick blocked by security
reviews and improvements on the JavaScript code.
- Our survey on file storage encryption was answered 1012 times between
October 17 and December 1. It was a huge success and we'll not move on
to analyzing the results.
Hot topics on our help desk
===========================
......@@ -69,15 +84,33 @@ XXX: The fundraising team should look at the fundraising Git.
XXX: The fundraising and accounting teams should look at the archives of <tails-fundraising@boum.org> and <tails-accounting@boum.org>.
* We submitted a funding request for the Secure Operating Systems
Summit that we are organizing with Qubes OS, Subgraph OS and Whonix.
* We applied to the "Good of the Internet" call for proposals by RIPE
NCC. Our proposal is titled "Interoperability and communication
continuity between mobile, laptop and desktop computers, in privacy
and security-sensitive environments".
Outreach
========
Past events
-----------
* Some of us attended the Reproducible Builds World summit in Berlin, Germany
([report](https://mailman.boum.org/pipermail/tails-dev/2017-November/011849.html)).
* intrigeri attended the OTF summit in Valencia, then followed-up with
people he has met there.
Upcoming events
---------------
* Many Tails people will be at the
[34th Chaos Communication Congress, aka. 34C3](https://www.ccc.de/en/updates/2017/34C3-in-leipzig)
in Leipzig (December 27 to December 30).
On-going discussions
====================
......@@ -103,8 +136,8 @@ XXX: Add the output of (adjust month!):
Metrics
=======
* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
* WHISPERBACK bug reports were received through WhisperBack.
* Tails has been started more than 655776 times this month. This makes 21859 boots a day on average.
* 12371 downloads of the OpenPGP signature of Tails ISO from our website.
* 99 bug reports were received through WhisperBack.
XXX: Ask tails@boum.org for these numbers.
......@@ -27,6 +27,16 @@ This is about [[!tails_ticket 11162]].
# Data sources
- [*Kevin Gallagher & Nasir Memon*, New Me: Understanding Expert and
Non-Expert Perceptions and Usage of the Tor Anonymity
Network](https://www.usenix.org/system/files/conference/soups2017/soups2017-gallagher.pdf):
has some interesting insights on the mental model of Tor for
non-expert users.
- [*Ruogu Kang et al.*, “My Data Just Goes Everywhere:” User Mental
Models of the Internet and Implications for Privacy and
Security](https://www.usenix.org/system/files/conference/soups2015/soups15-paper-kang.pdf).
- [*Rick Wash & Emilee Rader*, Too Much Knowledge? Security Beliefs and
Protective Behaviors Among United States Internet
Users](http://www.rickwash.com/papers/security-survey.pdf): studies a
......
......@@ -198,51 +198,55 @@ available for the promotion material repository.
<a id="puppet"></a>
Puppet modules
--------------
Puppet code
-----------
Those who have SSH access to these repositories must configure their
SSH client a bit, e.g.:
### Puppet manifests
Host git.puppet.tails.boum.org
HostName d53ykjpeekuikgoq.onion
ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p
Only Tails
[[system administrators|contribute/working_together/roles/sysadmins]]
have access to our Puppet manifests. If you are not a member of that
team, please skip to the _Puppet modules_ section below.
### tails
1. Configure your SSH client:
This is the main *public* Puppet module to manage Tails infrastructure,
including classes such as `tails::reprepro` and `tails::whisperback::relay`.
Host git.puppet.tails.boum.org
HostName d53ykjpeekuikgoq.onion
ProxyCommand torsocks monkeysphere ssh-proxycommand %h %p
Anyone can check it out like this:
git clone git://git.puppet.tails.boum.org/puppet-tails
Developers with write access to the repositories should instead:
git clone gitolite@git.puppet.tails.boum.org:puppet-tails
### Other Puppet modules
We use and publish a lot of other Puppet modules. See the section
about our [[other repositories|git#other-repositories]].
### tails_lizard_manifests
2. Clone our private Puppet manifests repository:
Developers with access to the APT secrets can check it out like this:
git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests && \
git submodule update --init
git clone gitolite@git.puppet.tails.boum.org:puppet-lizard-manifests
All the Puppet modules we use are tracked as Git submodules in
this repository.
### tails_secrets_apt
<a id="puppet-modules"></a>
Developers with access to the APT secrets can check it out like this:
### Puppet modules
git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_apt
We use and publish a lot of other Puppet modules. Each of them is
stored in a Git repository called `puppet-$module`. For example,
`puppet-tails` is the main public Puppet module we use to manage Tails
infrastructure, including classes such as `tails::reprepro` and
`tails::whisperback::relay`.
### tails_secrets_whisperback
If you are on the Tails system administration team, use the
authoritative repositories for these modules at
`git.puppet.tails.boum.org`:
Developers with access to the WhisperBack secrets can check it out like this:
- They are referenced as Git submodules in our private Puppet
manifests repository so you should have a local clone of
them already.
- Anything you push to these repositories (except `tails_secrets_*`)
is automatically synchronized to public mirrors at
<https://git-tails.immerda.ch/>.
- Do not push to the public mirrors: your changes would be
overwritten by the next automatic synchronization.
git clone gitolite@git.puppet.tails.boum.org:puppet-tails_secrets_whisperback
Otherwise, you can list, browse and fork these repositories using
their [[public mirrors|git#other-repositories]].
<a id="other-repositories"></a>
......
......@@ -11,9 +11,10 @@ Welcome aboard! Please read-on.</p>
# Read this first
First of all, please read the [[goals and
principles|contribute/working_together/roles/sysadmins#goals]] of the
Tails system administration team.
First of all, please read about the
[[goals|contribute/working_together/roles/sysadmins#goals]]
and [[principles|contribute/working_together/roles/sysadmins#principles]]
of the Tails system administration team.
# Skills needed
......@@ -103,6 +104,8 @@ To solve a problem with Puppet, you need to:
* Or, create a new Puppet module. But first, try to find an existing
module that can be adapted to our needs.
See the [[Puppet modules|contribute/git#puppet-modules]] we already use.
Many Puppet modules can be found in the [shared Puppet
modules](https://labs.riseup.net/code/projects/sharedpuppetmodules),
the [Puppet Forge](https://forge.puppetlabs.com/), and on GitHub.
......
......@@ -20,7 +20,7 @@ Priorities for the next years
- **Improve our installation instructions**:
- Find a graphical installation tool for macOS ([[!tails_ticket 11682]])
- Have a more robust tool for Windows ([[!tails_ticket 13206]])
- Act on the expert review done in August 2017 ([[!tails_ticket 12328]])
- Act on the expert review done in August 2017 ([[!tails_ticket 14548]])
- **Give some love to our troubleshooting documentation**:
- Our [[known issues page|support/known_issues]] ([[!tails_ticket 11665]])
- Computers with unsupported Wi-Fi devices, very common on Mac ([[!tails_ticket 11683]])
......
......@@ -88,8 +88,9 @@ The main tools used to manage the Tails infrastructure are:
cases, we run the current stable release
* [Puppet](http://projects.puppetlabs.com/projects/puppet),
a configuration management system
- our [[Puppet code|contribute/git#puppet]]
* [Git](http://git-scm.com/) to host and deploy configuration,
including our [[Puppet modules|contribute/git#puppet]]
including our Puppet code
<a id="communication"></a>
......@@ -276,10 +277,12 @@ Below, importance level is evaluated based on:
- [[sysadmins/automated_tests_in_Jenkins]]
* importance: critical (as a key component of our development process)
<a id="mumble"></a>
## Mumble
* purpose: internal communication for the Fundraising team
* access: Fundraising team members
* purpose: internal communication for some internal teams
* access: members of some internal teams
* tools: [[!debpts mumble-server]]
* configuration:
- <https://github.com/voxpupuli/puppet-mumble>
......
......@@ -6,14 +6,14 @@
msgid ""
msgstr ""
"Project-Id-Version: \n"
"POT-Creation-Date: 2017-11-01 13:32+0100\n"
"POT-Creation-Date: 2017-11-26 17:57+0000\n"
"PO-Revision-Date: 2017-11-14 13:51+0000\n"
"Last-Translator: Tails translators <tails@boum.org>\n"
"Language-Team: \n"
"Language: fr\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
"Last-Translator: Tails translators <tails@boum.org>\n"
"Language-Team: \n"
"X-Generator: Poedit 1.8.11\n"
#. type: Plain text
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2017-07-31 21:51+0000\n"
"POT-Creation-Date: 2017-11-23 12:04+0000\n"
"PO-Revision-Date: 2017-08-20 19:56+0200\n"
"Last-Translator: Tails translators\n"
"Language-Team: Tails translators <tails@boum.org>\n"
......@@ -295,8 +295,8 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "[[!img man-in-the-middle.png link=no alt=\"Illustration of a man-in-the-middle attack\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"Illustration eines Man-in-the-Middle-Angriffs\"]]\n"
msgid "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: tails-l10n@boum.org\n"
"POT-Creation-Date: 2017-07-31 21:51+0000\n"
"POT-Creation-Date: 2017-11-23 12:04+0000\n"
"PO-Revision-Date: 2015-10-15 12:19+0000\n"
"Last-Translator: sprint5 <translation5@451f.org>\n"
"Language-Team: Persian <http://weblate.451f.org:8889/projects/tails/warning/"
......@@ -303,8 +303,8 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "[[!img man-in-the-middle.png link=no alt=\"Illustration of a man-in-the-middle attack\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"تصویرسازی یک حملهٔ فرد میانی\"]]\n"
msgid "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2017-07-31 21:51+0000\n"
"POT-Creation-Date: 2017-11-23 12:04+0000\n"
"PO-Revision-Date: 2017-08-03 18:50+0000\n"
"Last-Translator: Chre <tor@renaudineau.org>\n"
"Language-Team: Tails translators <tails@boum.org>\n"
......@@ -299,8 +299,8 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "[[!img man-in-the-middle.png link=no alt=\"Illustration of a man-in-the-middle attack\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"Illustration d'une attaque de l'homme-du-milieu\"]]\n"
msgid "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: \n"
"POT-Creation-Date: 2017-08-05 14:00+0200\n"
"POT-Creation-Date: 2017-11-23 12:04+0000\n"
"PO-Revision-Date: 2016-09-07 21:29+0200\n"
"Last-Translator: jkl <jkl>\n"
"Language-Team: ita <transitails@inventati.org>\n"
......@@ -306,8 +306,8 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "[[!img man-in-the-middle.png link=no alt=\"Illustration of a man-in-the-middle attack\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"Illustrazione di un attacco Man-in-the-Middle\"]]\n"
msgid "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -115,7 +115,7 @@ between them, making them believe that they are talking directly to each other
over a private connection, when in fact the entire conversation is controlled by
the attacker.
[[!img man-in-the-middle.png link=no alt="Illustration of a man-in-the-middle attack"]]
[[!img man-in-the-middle.png link=no alt=""]]
<!-- Source: wiki/lib/man-in-the-middle.svg -->
While using Tor, man-in-the-middle attacks can still happen between the exit
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2017-07-31 21:51+0000\n"
"POT-Creation-Date: 2017-11-23 12:04+0000\n"
"PO-Revision-Date: 2014-11-24 16:47+0100\n"
"Last-Translator: Tails Developers <amnesia@boum.org>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -290,8 +290,8 @@ msgstr ""
#. type: Plain text
#, no-wrap
msgid "[[!img man-in-the-middle.png link=no alt=\"Illustration of a man-in-the-middle attack\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"Ilustração de um ataque man-in-the-middle\"]]\n"
msgid "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
msgstr "[[!img man-in-the-middle.png link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2016-09-04 16:39+0200\n"
"POT-Creation-Date: 2017-11-23 12:25+0000\n"
"PO-Revision-Date: 2014-04-04 08:25+0100\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -43,10 +43,10 @@ msgstr "Das <span class=\"application\">OpenPGP Applet</span> befindet sich im B
#, no-wrap
msgid ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"OpenPGP Applet with lines of text\"]]\n"
"link=no alt=\"\"]]\n"
msgstr ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"OpenPGP Applet mit ein paar Zeilen Text\"]]\n"
"link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: tails-l10n@boum.org\n"
"POT-Creation-Date: 2016-09-04 16:39+0200\n"
"POT-Creation-Date: 2017-11-23 12:25+0000\n"
"PO-Revision-Date: 2015-10-17 07:36+0000\n"
"Last-Translator: sprint5 <translation5@451f.org>\n"
"Language-Team: Persian <http://weblate.451f.org:8889/projects/tails/"
......@@ -49,10 +49,10 @@ msgstr "<span class=\"application\">برنامک اُپن‌پی‌جی‌پی
#, no-wrap
msgid ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"OpenPGP Applet with lines of text\"]]\n"
"link=no alt=\"\"]]\n"
msgstr ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"برنامک اُپن‌پی‌جی‌پی تیلز با خط‌های متنی\"]]\n"
"link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -6,7 +6,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2016-09-04 16:39+0200\n"
"POT-Creation-Date: 2017-11-23 12:25+0000\n"
"PO-Revision-Date: 2014-10-08 14:04-0000\n"
"Last-Translator: \n"
"Language-Team: LANGUAGE <LL@li.org>\n"
......@@ -45,10 +45,10 @@ msgstr "<span class=\"application\">L'applet OpenPGP de Tails</span> est situé
#, no-wrap
msgid ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"OpenPGP Applet with lines of text\"]]\n"
"link=no alt=\"\"]]\n"
msgstr ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"OpenPGP Applet with lines of text\"]]\n"
"link=no alt=\"\"]]\n"
#. type: Plain text
#, no-wrap
......
......@@ -7,7 +7,7 @@
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2016-09-04 16:39+0200\n"
"POT-Creation-Date: 2017-11-27 17:16+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: ita <transitails@inventati.org>\n"
......@@ -43,7 +43,7 @@ msgstr ""
#, no-wrap
msgid ""
"[[!img doc/first_steps/introduction_to_gnome_and_the_tails_desktop/openpgp_applet.png\n"
"link=no alt=\"OpenPGP Applet with lines of text\"]]\n"
"link=no alt=\"\"]]\n"
msgstr ""
#. type: Plain text
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment