Commit 13eaed5e authored by intrigeri's avatar intrigeri
Browse files

Merge remote-tracking branch 'origin/master' into stable

parents 0e2e2663 ff235fe0
RewriteEngine on
RewriteBase /
RewriteRule ^administration_password/?$ doc/first_steps/startup_options/administration_password [R]
RewriteRule ^blueprint/additional_software_packages_offline_mode/?$ blueprint/additional_software_packages/offline_mode [R]
RewriteRule ^bug_reporting/?$ doc/first_steps/bug_reporting [R]
RewriteRule ^build/?$ contribute/build [R]
......
......@@ -238,7 +238,7 @@ msgid ""
"tails-ux@boum.org is the list for matters related to [[user experience and "
"user interface|contribute/how/user_experience]]."
msgstr ""
"tals-ux@boum.org est la liste pour les problèmes liés à [[l'expérience "
"tails-ux@boum.org est la liste pour les problèmes liés à [[l'expérience "
"utilisateur et l'interface utilisateur|contribute/how/user_experience]]."
#. type: Plain text
......
......@@ -26,3 +26,5 @@ Feel free to add any relevant issue to this list.
* [[!gnome_gitlab totem/issues/116 desc="Saving playlist state sometimes hangs totem"]]
* [[!gnome_gitlab yelp/issues/98 desc="Yelp: Clicking a HTML link pointing to an anchor on the page currently viewed opens Nautilus"]]
* [[!gnome_gitlab gdm/issues/251 desc="screensaver doesn't lock with password prompt if password was just set"]]
* [[!gnome_gitlab gtk/issues/1211 desc="Cursor stays in wait status for some seconds after calling `gtk_show_uri_on_window`"]]
* [[!gnome_gitlab seahorse/issues/177 desc="Seahorse: Please support finding remote OpenPGP keys by fingerprint"]]
......@@ -8,7 +8,7 @@ bloat the ISO image.
The current limitations include:
- No user interface. Currently you have to edit a file as root. ([[!tails_ticket 5996 desc="#5996"]])
- No user interface. Currently you have to edit a file as root. ([[!tails_ticket 14568 desc="#14568"]])
- Their Installation locks the opening of the desktop. ([[!tails_ticket 9059 desc="#9059"]])
......
[[!meta title="Explain Tails"]]
Open relationship
-----------------
Tails is not my main operating system: Tails does not make me choose
between itself and other operating systems. With Tails I have an open
relationship. Is not my main operating system, I have other operating
systems for other things.
One in my laptop, one in my school...
Tails is not jealous and does not aim to fulfill all my computer needs:
if I need something Tails cannot give me... I can use another operating
system!
Camping
=======
But I respect our relationship: Tails does not want to be plugged to my
laptop if I am running other operating systems, so I never do that.
And I don't use identities I use on other operating systems from the
same Tails USB stick.
<a id="iff"></a>
Tails as a tent
---------------
From "[Writing good documentation](https://platform.internetfreedomfestival.org/en/IFF2018/public/schedule/custom/426)" at the IFF 2018
---------------------------------------------------------------------------------------------------------------------------------------
### Sheet 1
- [Drawing of an unfolded tent] portable, set up anywhere in the world or your own backyard
- [Drawing of a circus tent]
- [Drawing of a magic hat] make things magically disappear
- [Drawing of two similar tents]
- [Drawing of a tent in a bag] small portable tent fits in backpack, with your belongings.
- [Drawing of a tent city of similar tents]
### Sheet 2
Tents, The everyperson's
### Tents, The everyperson's
- Amnesic
- Empty every time its setup
......@@ -48,18 +26,42 @@ Tents, The everyperson's
- Live
- Can carry around in backpack
- Can set up in backyard (own laptop) or away from home
- Put it away when its finished
### Sheet 3
Leave No Trace
--------------
- clean every time where work (normal is really customized)
- common visual aspect
- decide what keep
- [Drawing of a tent city of similar tents]
"[Leave No Trace](https://lnt.org/)" is an organization and a code of ethics
for outdoor activities.
Open relationship
=================
Tails is not my main operating system: Tails does not make me choose
between itself and other operating systems. With Tails I have an open
relationship. Is not my main operating system, I have other operating
systems for other things.
One in my laptop, one in my school...
Tails is not jealous and does not aim to fulfill all my computer needs:
if I need something Tails cannot give me... I can use another operating
system!
But I respect our relationship: Tails does not want to be plugged to my
laptop if I am running other operating systems, so I never do that.
And I don't use identities I use on other operating systems from the
same Tails USB stick.
<a id="iff"></a>
### Sheet 4
Other output from [IFF 2018](https://platform.internetfreedomfestival.org/en/IFF2018/public/schedule/custom/426)
================================================================================================================
- [Drawing of a circus tent]
- [Drawing of a magic hat] make things magically disappear
- Doesn't leave a trace -- invisibility cloak
- Tent - put it away when its finished
- New wig every morning
- Incognito mode for your computer
- A caravan -- you're the owner, you can move it anywhere
......@@ -70,8 +72,8 @@ Tents, The everyperson's
- Using a bike lock
- Helmet with shades so you're unknown
From the user testing of Additional Software in January 2018 in Berlin
----------------------------------------------------------------------
From the user testing in January 2018 in Berlin
===============================================
- Additional Software P1 talking about how everything we do on the
Internet is tracked: "With Tails I can create that image for myself".
......
......@@ -47,7 +47,7 @@ These will help us for future work like defining a graphical style
guide, defining the tone on our website, the type of visuals to use,
etc.
XXX: Link to resources on brand attributes
- [Mozilla Open Design: Creative Strategy On View](https://blog.mozilla.org/opendesign/creative-strategy-on-view/)
### Deliverable
......@@ -230,6 +230,7 @@ Structured explanation
### Examples
- <https://icloak.me/>
- <https://www.apple.com/apple-watch-series-3/>
- <https://www.tunnelbear.com/>
......
......@@ -11,10 +11,26 @@ Generic
* Minimized applications in the taskbar can't be raised via the
taskbar. They can be raised via the *Activities Overwiew*.
Toshiba Encore 2
----------------
Toshiba Encore 2 WT8-B
----------------------
* Intel Atom CPU Z3735F @ 1.33GHz (Bay Trail)
* can cold-boot from USB: hold down the Vol+ button, then hold down
the Power button, until the boot selection menu appears.
Select the desired boot device and press the Windows key.
feature/jessie + 32-bit UEFI, 20150507:
### Tails pre-3.9 devel branch (Stretch) + feature/15763-linux-4.17
* MAC spoofing fails
* Backlight tuning: GNOME Shell offers the UI, but it has no visible effect.
* Display rotation (probably because we don't install `iio-sensor-proxy`)
* Sound card is detected but no sound output. The kernel complains
about missing `intel/fw_sst_0f28.bin` firmware while it's supposed
to be shipped in [[!debpts firmware-intel-sound]].
<http://www.studioteabag.com/science/dell-venue-pro-linux/#ALSA> has
some configuration tricks that might help.
### feature/jessie + 32-bit UEFI, 20150507
* The Florence virtual keyboard is not very usable:
- its default font size is way too small, but that can be configured
......@@ -35,16 +51,33 @@ feature/jessie + 32-bit UEFI, 20150507:
Works fine
==========
Generic
-------
Toshiba Encore 2
----------------
feature/jessie + 32-bit UEFI, 20150507:
### Tails pre-3.9 devel branch (Stretch) + feature/15763-linux-4.17
* _sometimes_ boots fine after:
- removing `slab_nomerge`, `slub_debug=FZP`, `vsyscall=none`, `page_poison=1`,
`quiet` and `splash` → XXX: which of these changes are are really needed?
- adding `nosplash` → XXX: really needed?
- adding `clocksource=tsc tsc=reliable` → XXX: really needed?
- `intel_idle.max_cstate=1` (<https://bugzilla.kernel.org/show_bug.cgi?id=109051>) → XXX: really needed?
* Battery level monitoring
### feature/jessie + 32-bit UEFI, 20150507
* boots fine with `nomodeset` (otherwise screen blanks at `switching
to inteldrmfb from simplefb`, although the OS continues loading)
* X.Org with KMS
* touchscreen
* USB
Resources
=========
* <https://twitter.com/kapper1224> gave an inspiring talk at DebConf18
([slides](https://www.slideshare.net/kapper1224/hacking-with-x86-windows-tablet-and-mobile-devices-on-debian-debconf18))
about "Hacking with x86 Windows Tablet and mobile devices on
Debian".
* <https://nmilosev.svbtle.com/fedora-on-baytrail-tablets-2017-edition>
* <http://www.studioteabag.com/science/dell-venue-pro-linux/>
......@@ -31,7 +31,7 @@ See [[blueprint/strategic_planning]] for the terminology.
### Gather comments on our draft personas
Chapter 3: [[Riou, the protest organizer|personas#riou]]
Chapter 3: [[Derya, the privacy advocate|personas#derya]]
From the work that we did at the last summit, we drafted skeletons of
personas: a very basic description of what kind of users they are.
......@@ -99,7 +99,7 @@ designate themselves beforehand.
| May 2018 | sajolida | segfault |
| June 2018 | intrigeri | u |
| July 2018 | sajolida | u |
| August 2018 | | |
| August 2018 | sajolida | segfault |
| September 2018 | | intrigeri |
| October 2018 | | |
| November 2018 | intrigeri | |
......
[[!meta title="Tails report for July, 2018"]]
[[!meta date="Tue, 10 Apr 2018 01:23:45 +0000"]] XXX: adjust date
[[!toc]]
Releases
========
* [[Tails VERSION was released on MONTH DAY|news/version_VERSION]] ([major|minor] release).
* Tails VERSION+1 is [[scheduled for MONTH DAY|contribute/calendar]].
The following changes were introduced in Tails VERSION:
XXX: Copy the "Changes" section of the release notes, and compact a bit:
* Remove lines about software upgrade (that's not Tails itself).
* Remove screenshots.
* Remove "New features" and "Upgrades and changes" headlines.
* Remove line about Changelog.
Code
====
XXX: If you feel like it and developers don't do it themselves,
list important code work that is not covered already by the
Release section (for example, the changes being worked on for
the next version).
Documentation and website
=========================
XXX: If you feel like it and technical writers don't do it
themselves, explore the Git history:
git log --patch --since='1 October' --until='1 November' origin/master -- "*.*m*"
User experience
===============
XXX: If you feel like it and the UX team does not do it
themselves, check the archives of tails-ux:
<https://mailman.boum.org/pipermail/tails-ux/>
Hot topics on our help desk
===========================
XXX: Ask tails-bugs@boum.org to list hot topics for the last month.
1.
1.
1.
Infrastructure
==============
XXX: Count the number of tests in /features at the beginning of next month
git checkout `git rev-list -n 1 --before="June 1" origin/devel`
git grep --extended-regexp '^\s*Scenario:' -- features/*.feature | wc -l
XXX: Report only if more scenarios have been written and add the diff from the previous month, for example:
- Our test suite covers SCENARIOS scenarios, DIFF more that in May.
Funding
=======
XXX: The fundraising team should look at the fundraising Git.
git log --patch --since='1 December' --until='1 January' origin/master
XXX: The fundraising and accounting teams should look at the archives of <tails-fundraising@boum.org> and <tails-accounting@boum.org>.
Outreach
========
Past events
-----------
Upcoming events
---------------
On-going discussions
====================
XXX: Link to the thread on <https://mailman.boum.org/pipermail/tails-XXX/>.
Press and testimonials
======================
XXX: Copy content from press/media_appearances_2018.mdwn
This page is continuously updated by tails-press@boum.org, so if
it's empty there might be nothing special to report.
Translation
===========
XXX: Add the output of `contribute/l10n_tricks/language_statistics.sh`
XXX: Add the output of (adjust month!):
git checkout $(git rev-list -n 1 --before="September 1" origin/master) && \
git submodule update --init && \
./wiki/src/contribute/l10n_tricks/language_statistics.sh
Metrics
=======
* Tails has been started more than BOOTS/MONTH times this month. This makes BOOTS/DAY boots a day on average.
* SIGS downloads of the OpenPGP signature of Tails ISO from our website.
* WHISPERBACK bug reports were received through WhisperBack.
[[How do we know this?|support/faq#boot_statistics]]
XXX: Ask <tails@boum.org> for these numbers.
......@@ -83,6 +83,13 @@ Past events
Upcoming events
---------------
- sajolida will be at [Tor meeting in Mexico
City](https://trac.torproject.org/projects/tor/wiki/org/meetings/2018MexicoCity)
from September 29 to October 3 and will present Tails during the open
days on October 2.
- XXX: UNAM colloquium
On-going discussions
====================
......
This diff is collapsed.
# /dev/random and /dev/urandom radomness seeding in Tails
/dev/random and /dev/urandom are special Linux devices that provide access from
user land to the Linux kernel Cryptographically Secure Pseudo Random Number
Generator (CSPRNG). This generator is used for almost every security protocol,
like TLS/SSL key generation, choosing TCP sequences, ASLR offsets, and GPG key
generation [1]. In order for this CSPRNG to be really cryptographically secure,
it's recommended to seed it with a 'good' entropy source, even though The Linux
kernel collects entropy from several sources, for example keyboard typing,
mouse movement, among others.
Because of the Tails nature of being amnesic, and run from different type of
live devices (from DVDs to USB sticks), special care must be taken to ensure
the system still gets enough entropy and boots with enough randomness. This is
not easy in the Tails context, where the system is almost always booting the
same way. Even the squashfs file is ordered to optimize boot time.
Although these problem have been documented since a long time (see [7] and
[8]), there's not much done to tackle the problem. We looked at notes and
research from LiveCD OS's and supply them here for completements sake. Whonix
has a [wiki page](https://www.whonix.org/wiki/Dev/Entropy) with some notes, and
Qubes has tickets about this ([3],[4],[5] and [6]).
/dev/random and /dev/urandom are special Linux devices that provide
access from user land to the Linux kernel Cryptographically Secure
Pseudo Random Number Generator (CSPRNG). This generator is used for
almost every security protocol, like TLS/SSL key generation, choosing
TCP sequences, ASLR offsets, and GPG key generation
[https://eprint.iacr.org/2006/086.pdf]. In order for this CSPRNG to
indeed be cryptographically secure, it's recommended to seed it with a
'good' entropy source, even though The Linux kernel collects entropy
from several sources, for example keyboard typing, mouse movement, among
others.
Because of Tails' feature of being amnesic, and run from different types
of live devices (from DVDs to USB sticks), special care must be taken to
ensure the system gets enough entropy and boots with enough randomness.
This proves to be hard within the Tails context, where the system is
almost always booting the same way. Even the squashfs file is ordered to
optimize boot time.
Although these problems have been documented since a long time (see
[https://www.av8n.com/computer/htm/secure-random.htm] and
[http://www.av8n.com/computer/htm/fixup-live-cd.htm]), there's not much
done to tackle the problem. We looked at notes and research from LiveCD
OS's and supply them here for completeness' sake. Whonix has a [wiki
page](https://www.whonix.org/wiki/Dev/Entropy) with some notes, and
Qubes has tickets about this
([http://wiki.qubes-os.org/trac/ticket/673],
[https://github.com/QubesOS/qubes-issues/issues/1311],
[https://groups.google.com/forum/#!msg/qubes-devel/Q65boPAbqbE/9ZOZUInQCgAJ],
[https://groups.google.com/forum/#!topic/qubes-devel/5wI8ygbaohk]).
## Current situation
See the related [[design document|contribute/design/random]]
Tails do not ship /var/lib/urandom/random-seed in the ISO, since it means
shipping a fixed known value for every Tails installation which means its
entropy contribution is zero, and breaks reproducibility of the ISO image.
Tails does not ship /var/lib/urandom/random-seed in the ISO, since it
means shipping a fixed known value for every Tails installation, which
in turn means that entropy contribution would zero. Furthermore, this
breaks reproducibility of the ISO image.
Without this random seed, systemd-random-seed won't write anything to
/dev/urandom, so we rely purely on the kernel CSPRNG and current system entropy
......@@ -39,8 +49,8 @@ Tails ships Haveged and rngd since a while. Still there are concerns about
Haveged's reliability to provide cryptographically secure randomness, and rngd
is only really useful when random generator devices are used.
Taking other measures to seed the Linux Kernel CSPRNG with good material is
something worst spending efforts on.
Taking other measures to seed the Linux Kernel CSPRNG with good material seems
worth spending efforts on.
## Use cases
......@@ -55,33 +65,33 @@ add one.
On the other hand, that's not the installation method we want to support the
most, and probably not the most used when people want to secure other
communication types than HTTPS (e.g persistence is very usefull for OpenPGP key
communication types than HTTPS (e.g persistence is very useful for OpenPGP key
storage and usage, chat account configuration, ...).
So we may eventually just document somewhere to users that they MUST NOT use
this type of installation if they want to rely on good cryptograpy for their
this type of installation if they want to rely on good cryptography for their
communications and key generation, or that they should wait after having
interacting a long (but hard to define) time with the system so that it had time
interacted a long (but hard to define) time with the system so that it had time
to collect entropy, and does not rely on the CSPRNG, Haveged and rngd only.
We could also add some kind of notification to users when entropy gets too low,
or just saying them that the way they use Tails is not compatible with strong
or just tell them that the way they use Tails is not compatible with strong
cryptography.
### Intermediary USB
This type of installation is supposed to be used when people are installing
Tails from another OS (except Debian and Ubuntu, where they can use the Tails
installer). In most case, this means having a bit by bit copy of the Tails ISO
installer). In most cases, this means having a bit-by-bit copy of the Tails ISO
on the USB stick, except for Windows where we ask to use the [Universal USB
Installer](http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/)
In this case the situation is pretty much the same than with the DVD one. No
seed, and adding one is very difficult if not impossible (except with the
seed. And adding one is very difficult if not impossible (except with the
Windows installation where we may ask upstream to implement that in the
Universal USB Installer, but well...).
That's also not really the way we encourge users to use Tails, so as with DVD
That's also not really the way we encourage users to use Tails, so as with DVD
there's maybe no point to fix the situation here, and the same workaround could
be applied (document it).
......@@ -92,10 +102,11 @@ That's supposed to be the standard way to use Tails.
Note that in this case, there are two situations: booting this installation
with persistence enabled, and without.
It is worth noting too that the first time this Tails installation is booted,
most of the time the first step is to configure persistence, which means
creating an encrypted partition. At this step though, there is at the moment
probably very little entropy, so this may weaken the LUKS volume encryption.
It is worth noting that the first time this Tails installation is
booted, most of the time the first step is to configure persistence,
which means creating an encrypted partition. At this step though, there
is probably very little entropy at this moment, which may weaken the
LUKS volume encryption.
### Virtual Machines
......@@ -120,6 +131,9 @@ partition is created.
### Use the Tails installer to create a better seed [[!tails_ticket 11897]]
Note that we'll likely soon distribute a USB image and won't use Tails
installer anymore for creating Tails devices. [[!tails_ticket 15292]]
Tails installer can be used on Debian and Ubuntu, and is the tool people
running OSX or Windows are told to use to install their final Tails
USB stick with, by using an intermediary Tails to create the final USB.
......@@ -128,32 +142,34 @@ Tails installer could store a seed in the FAT filesystem of the system
partition. That would workaround this first boot problem not handled by the
persistence option.
We can't sadly update this seed while running Tails, as mounting RW the system
We sadly can't update this seed while running Tails, as read-write mounting the system
FAT partition during a Tails session does not work. So the question whether updating it
or not is open.
If we want to do so, we'll have to update it at the system shutdown. This will
mean remount this partition, write the new random seed, then unmount it and
start the shutdown of the system. Obviously we can do this only in normal
shutdown process, and will have to avoid it in emergency shutdown mode.
shutdown process, and we'll have to avoid it in emergency shutdown mode.
We may alternatively not update it, and use it only when the persistence is not
enabled. That would still be a unique source of entropy per Tails installation,
so that would be a better situation that the current one.
so that would be a better situation than the current one.
One drawback: this would break the ability to verify this system partition with
a simple shasum operation.
### Use stronger/more entropy collectors [[!tails_ticket 5650]]
As already stated, Tails run Haveged, and rngd (since 2.6 for the later).
As already stated, Tails runs Haveged, and rngd (since 2.6 for the later).
We may want to add other sources though, given there are concerns about Haveged,
and rngd starts only when a hardware RNG is detected, which is not so often the
case.
XXX: It would be nice to have a study (read: a survey of packages, etc) of all the
useful entropy gathering daemons that might be of use on a Tails system. (and have this tested on computers with/without intel rng or things like an entropykey)
XXX: It would be nice to have a study (read: a survey of packages, etc)
of all the useful entropy gathering daemons that might be of use on a
Tails system. (and have this tested on computers with/without intel rng
or things like an entropykey)
An evaluation of some of them [has been done
already](https://volumelabs.net/best-random-data-software/)
......@@ -167,26 +183,26 @@ Possible candidates:
* randomsound: probably a bad idea in the Tails context as we're discussing a
Greeter option to deactivate the microphone.
### Block booting till enough entropy has been gathered
### Block booting until enough entropy has been gathered
One way to ensure Tails is booting with enough entropy would be to block during
the boot if the system is lacking of it.
One way to ensure Tails is booting with enough entropy would be to block
the boot while the system is lacking it.
But this brings questions about how to interact correctly with the users,
as blocking without notifications would be terrible UX. Also Tails boot time is
a bit long already, and this may grow it quite a bit more again.
XXX: So before going on, we need a bit more data about the state of the entropy when
Tails boot, specially now that we have several entropy collector daemons. It may
very well be that this case do not happen anymore. And if it is, we need to know
on average how much time that blocking would last. [Sycamoreone] [[!tails_ticket
Tails boots, especially now that we have several entropy collector daemons. It may
very well be that this case does not happen anymore. And if it does, we need to know
on average how much time that blocking would last. [[!tails_ticket
11758]]
### Regulary check available entropy and notify if low
An idea that has been mentioned several time is to have a service that
check if the available entropy is high enough, and notify the user if
it's not the case. One downside, is that observing the entropy pool costs
An idea that has been mentioned several times is to have a service that
checks if the available entropy is high enough, and notifies the user if
it's not the case. One downside is, that observing the entropy pool costs
randomness, so this may have to be implemented with care or is worth
discussing/researching the costs/benefits.
......@@ -195,15 +211,8 @@ discussing/researching the costs/benefits.
This is about [[!tails_ticket 7642]], [[!tails_ticket 7675]],
[[!tails_ticket 6116]], [[!tails_ticket 11897]] and friends.
## References
* [1] <https://eprint.iacr.org/2006/086.pdf>
* [2] <https://eprint.iacr.org/2013/338.pdf>
* [3] <http://wiki.qubes-os.org/trac/ticket/673>
* [4] <https://github.com/QubesOS/qubes-issues/issues/1311>
* [5] <https://groups.google.com/forum/#!msg/qubes-devel/Q65boPAbqbE/9ZOZUInQCgAJ>
* [6] <https://groups.google.com/forum/#!topic/qubes-devel/5wI8ygbaohk>
* [7] <https://www.av8n.com/computer/htm/secure-random.htm>
* [8] <http://www.av8n.com/computer/htm/fixup-live-cd.htm>
* [9] <https://www.python.org/dev/peps/pep-0506/>
* [10]<https://docs.python.org/2/library/os.html#os.urandom>
## More references
* <https://eprint.iacr.org/2013/338.pdf>
* <https://www.python.org/dev/peps/pep-0506/>
* <https://docs.python.org/2/library/os.html#os.urandom>
......@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: Tails\n"
"POT-Creation-Date: 2018-06-03 12:17+0200\n"
"PO-Revision-Date: 2018-03-29 10:44+0000\n"
"PO-Revision-Date: 2018-08-07 13:08+0000\n"
"Last-Translator: \n"
"Language-Team: Tails translators <tails@boum.org>\n"
"Language: fr\n"
......@@ -486,7 +486,7 @@ msgstr "*Tails Upgrader*: intrigeri"
#. type: Bullet: ' - '
msgid "*Tails Verification*: sajolida, anonym"
msgstr ""
msgstr "*Tails Verification*: sajolida, anonym"