Merge branch 'master' into testing

wiki/src/Discussion.html

-Um, I would be very grateful if you included option for using KDE and TorK ( http://sourceforge.net/projects/tork/ ) 
-
-Opinions on KDE might ... differ, but TorK is definitely better Vidalia.

wiki/src/bug_reporting.de.po

@@ -7,7 +7,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-04-12 04:25-0600\n"
+"POT-Creation-Date: 2011-09-13 03:32-0600\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -105,3 +105,44 @@ msgid ""
 "Then try to boot again, and append the end of the boot log (or what seems to "
 "be relevant to your problem) to your bug report."
 msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "No internet access\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"The WhisperBack bug reporting tool (accessed from the Tails desktop)  can of "
+"course not send the bug report when there is not internet access. The "
+"following steps can be used as a work-around (Note that your bug report will "
+"not be anonymous unless you take further steps yourself (e.g. using Tor with "
+"a throw-away email account)):"
+msgstr ""
+
+#. type: Bullet: '1. '
+msgid "In Tails, start the bug reporting tool"
+msgstr ""
+
+#. type: Bullet: '2. '
+msgid "In the bug report window, expand \"technical details to include\""
+msgstr ""
+
+#. type: Bullet: '3. '
+msgid "Copy everything in the \"debugging info\" box"
+msgstr ""
+
+#. type: Bullet: '4. '
+msgid "Paste it to another document (using gedit for instance)"
+msgstr ""
+
+#. type: Bullet: '5. '
+msgid "Save the document on a USB strick"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"6. Boot into a system with working networking and send the debugging\n"
+"info to us.\n"
+msgstr ""

wiki/src/bug_reporting.es.po

@@ -7,7 +7,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-04-12 04:25-0600\n"
+"POT-Creation-Date: 2011-09-13 03:32-0600\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -105,3 +105,44 @@ msgid ""
 "Then try to boot again, and append the end of the boot log (or what seems to "
 "be relevant to your problem) to your bug report."
 msgstr ""
+
+#. type: Title -
+#, no-wrap
+msgid "No internet access\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"The WhisperBack bug reporting tool (accessed from the Tails desktop)  can of "
+"course not send the bug report when there is not internet access. The "
+"following steps can be used as a work-around (Note that your bug report will "
+"not be anonymous unless you take further steps yourself (e.g. using Tor with "
+"a throw-away email account)):"
+msgstr ""
+
+#. type: Bullet: '1. '
+msgid "In Tails, start the bug reporting tool"
+msgstr ""
+
+#. type: Bullet: '2. '
+msgid "In the bug report window, expand \"technical details to include\""
+msgstr ""
+
+#. type: Bullet: '3. '
+msgid "Copy everything in the \"debugging info\" box"
+msgstr ""
+
+#. type: Bullet: '4. '
+msgid "Paste it to another document (using gedit for instance)"
+msgstr ""
+
+#. type: Bullet: '5. '
+msgid "Save the document on a USB strick"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"6. Boot into a system with working networking and send the debugging\n"
+"info to us.\n"
+msgstr ""

wiki/src/bug_reporting.fr.po

@@ -6,7 +6,7 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
-"POT-Creation-Date: 2011-04-12 04:25-0600\n"
+"POT-Creation-Date: 2011-09-13 03:32-0600\n"
 "PO-Revision-Date: 2011-03-25 12:39+0100\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -123,3 +123,44 @@ msgid ""
 msgstr ""
 "Ensuite, essayez de redémarrer, et ajoutez la fin du journal de démarrage "
 "(ou ce qui semble correspondre à votre problème) à votre rapport de bug."
+
+#. type: Title -
+#, no-wrap
+msgid "No internet access\n"
+msgstr ""
+
+#. type: Plain text
+msgid ""
+"The WhisperBack bug reporting tool (accessed from the Tails desktop)  can of "
+"course not send the bug report when there is not internet access. The "
+"following steps can be used as a work-around (Note that your bug report will "
+"not be anonymous unless you take further steps yourself (e.g. using Tor with "
+"a throw-away email account)):"
+msgstr ""
+
+#. type: Bullet: '1. '
+msgid "In Tails, start the bug reporting tool"
+msgstr ""
+
+#. type: Bullet: '2. '
+msgid "In the bug report window, expand \"technical details to include\""
+msgstr ""
+
+#. type: Bullet: '3. '
+msgid "Copy everything in the \"debugging info\" box"
+msgstr ""
+
+#. type: Bullet: '4. '
+msgid "Paste it to another document (using gedit for instance)"
+msgstr ""
+
+#. type: Bullet: '5. '
+msgid "Save the document on a USB strick"
+msgstr ""
+
+#. type: Plain text
+#, no-wrap
+msgid ""
+"6. Boot into a system with working networking and send the debugging\n"
+"info to us.\n"
+msgstr ""

wiki/src/bug_reporting.mdwn

@@ -44,3 +44,20 @@ that a bunch of hopefully useful messages are displayed on boot.
 
 Then try to boot again, and append the end of the boot log (or what
 seems to be relevant to your problem) to your bug report.
+
+No internet access
+------------------
+
+The WhisperBack bug reporting tool (accessed from the Tails desktop)
+can of course not send the bug report when there is not internet
+access. The following steps can be used as a work-around (Note that
+your bug report will not be anonymous unless you take further steps
+yourself (e.g. using Tor with a throw-away email account)):
+
+1. In Tails, start the bug reporting tool
+2. In the bug report window, expand "technical details to include"
+3. Copy everything in the "debugging info" box
+4. Paste it to another document (using gedit for instance)
+5. Save the document on a USB strick
+6. Boot into a system with working networking and send the debugging
+info to us.

wiki/src/bugs/Cannot_connect_to_Tor_if_clock_is_too_wrong.mdwn

@@ -8,5 +8,4 @@ was released. If HTP fails a first time, and if the current time clock
 is different by more than 6 (?) months, we start by setting the time
 clock to the live system release before attempting HTP once more.
 
-This issue will be fixed when
-[[todo/remove_the_htp_user_firewall_exception]] is implemented.
+> [[pending]] for 0.8

wiki/src/bugs/bumping_the_eject_button_shouldn__39__t_shutdown_Tails.mdwn

@@ -5,3 +5,5 @@ As of Tails 0.7, it is too easy to shutdown Tails. It shuts down, without waitin
 >> I'm against changing this. It's a feature; when necessary, you can
 >> just grab your media and run without having any secon thoughts. A
 >> confirmation prompt would be dangerious. --anonym
+
+>>> We reached agreement to close this bug as invalid. [[done]]

wiki/src/bugs/exploitable_typo_in_url_regex__63__.mdwn

@@ -84,7 +84,7 @@ Of course, that still allows requests for invalid names like "http://...---...i2
 Many apologies if my English is unclear: please feel free to ask for clarification on any points.
 
 > Thanks! All this was fixed in the devel branch (41ee709)
-> => [[!taglink pending]]
+> => [[pending]]
 
 >> Thanks for the update, and for fixing up my markup - I learned
 >> stuff! :D Is the devel branch publicly available on some SVN

wiki/src/bugs/msva_does_not_use_configured_keyserver.mdwn

+In Tails 0.8-rc2, the msva does not use the configured keyserver but
+pool.sks-keyservers.net.
+
+`.xsession-errors` says:
+
+	Not a valid keyserver (from gpg config /home/amnesia/.gnupg/gpg.conf):
+	hkp://2eghzlv2wwcq7u7y.onion
+
+[Reported upstream](https://labs.riseup.net/code/issues/3457).

wiki/src/bugs/sdmem_on_eject_broken_for_CD.mdwn

+In Tails 0.8-rc1, sdmem on eject works when booting from USB, but has
+no visible effect when booting from CD.
+
+The problems seem to have something to to with udev not sending events
+(e.g. the "change" uevent we wait for) until the device is unmounted.
+The following was tested on a secondary CD-ROM drive (so not the boot
+device which may or may not invalidate this theory):
+
+1. Insert a CD in the seconday CD-ROM drive (say it's /dev/sr1) and
+mount it.
+2. Run: udev-watchdog <udev path for /dev/sr1> cd
+3. Eject the CD.
+4. Observe that the watchdog sees nothing and that the device remains
+mounted. Trying to access the mounted filesystem will produce I/O
+errors.
+4. Run: umount /dev/sr1
+5. Observe that the watchdog finally sees the "change" action.
+
+Furthermore, in lack of hardware, I tested this in VirtualBox, which
+may behave different than real hardware. So YMMV.
+
+When building 0.8-rc1 with the stable kernel (2.6.32-5-486) this issue
+does not arise, which suggests that the issue is with the linux kernel
+and was introduced somewhere after 2.6.32. Otoh, on my up-to-date
+wheezy system (linux 3.0.0-1-amd64, udev 172-1, etc.) I do not have
+this issue using udev-watchdog, wich could suggest a compatibility
+issue with some other package (we also have i386 vs amd64, of course).
+Updating to unstable's udev (172-1) in hope of it playing better with
+linux 3.0.0-1 from unstable did not solve the issue either, however.
+
+> Indeed, linux 2.6.38-rc1 [[reworked disk event handling|http://lwn.net/Articles/423619/]]
+> and adds block.events_dfl_poll_msecs that can be used to set the
+> interval for polling block devices for events. This does not seem
+> to work properly though: settings it to 1000 makes it work in
+> VirtualBox with its virtual CD-ROM drive, but no value seems to work
+> on the one real machine I have available with a CD-ROM drive.
+
+>> This was half-workaround'd for 0.8 => the eject button now triggers
+>> shutdown/sdmem sequence, but the CD is not ejected, which is a
+>> regression.
+
+>>> Should be fixed in d5353b5 in devel.

wiki/src/contribute/design.mdwn

@@ -959,16 +959,19 @@ stored there), history is disabled (just in case) and many other
 things. It is also setup not to automatically check for updates of its
 installed extensions. Java support is disabled.
 
-Iceweasel is shipped with some extensions to help users manage
-their browsing experience. The
-[CS Lite](https://addons.mozilla.org/fr/firefox/addon/5207/)
-extension treats all cookies as session cookies by default, and
-provides more fine-grained cookie control for users who need it. This
-prevents the known leak of browsing informations cookies can lead to.
-The [Adblock plus](https://addons.mozilla.org/fr/firefox/addon/1865/)
-extension protects against many tracking possibilities by
-removing most ads. The [FireGPG](http://getfiregpg.org/) plugin allows
-users to use GnuPG inside websites such as webmails.
+Iceweasel is shipped with some extensions to help users manage their
+browsing experience. The Torbutton settings treat all cookies as
+session cookies by default; the [CS
+Lite](https://addons.mozilla.org/fr/firefox/addon/5207/)
+(until Tails 0.8) (PENDING-FOR-0.9 [Cookie
+Monster](https://addons.mozilla.org/en-US/firefox/addon/cookie-monster))
+provides more
+fine-grained cookie control for users who need it. This prevents the
+known leak of browsing informations cookies can lead to. The [Adblock
+plus](https://addons.mozilla.org/fr/firefox/addon/1865/) extension
+protects against many tracking possibilities by removing most ads. The
+[FireGPG](http://getfiregpg.org/) plugin allows users to use GnuPG
+inside websites such as webmails.
 
 Tails ships the [HTTPS
 Everywhere](https://www.eff.org/https-everywhere) extension that

wiki/src/contribute/release_process.mdwn

@@ -17,9 +17,9 @@ Merge the `master` branch into the one used to build the release.
 
 ### version number
 
-In the branch used to build the release, update the `inc/*` files to match the
-version number of the new release. Don't update `/inc/stable_i386_hash.html`
-since the hash can't be computed yet.
+In the branch used to build the release, update the `inc/*` files to
+match the *version number* and *date* of the new release. Don't update
+`/inc/stable_i386_hash.html` since the hash can't be computed yet.
 
 ### design documentation
 

wiki/src/contribute/release_process/test.mdwn

@@ -93,6 +93,13 @@ Check the output for:
   EHLO/HELO SMTP messages it sends). Send an email using Claws and a
   non-anonymizing SMTP relay. Then check that email's headers once
   received, especially the `Received:` and `Message-ID:` ones.
+* Also check that the EHLO/HELO SMTP message is not leaking anything
+  with a packet sniffer: Disable SSL/TLS for SMTP in Claws (so take
+  recations for not leaking you password in plaintext by either
+  chaning it temporarily or using a disposable account). Then run
+  "sudo tcpdump -i lo -w dump" so we capture the packet before Tor
+  encrypts it, and check the dump for the HELO/EHLO message and
+  verify that it only contains "localhost".
 
 # Whisperback
 
@@ -104,17 +111,16 @@ Check the output for:
 Those tests shall be run using GnuPG on the command-line, the
 Seahorse GUI and FireGPG:
 
-* key search/receive: torified? going to the configured hkps://
-  server?
+* key search/receive: torified? going to the configured keyserver?
  - `gpg --search` tells what server it is connecting to
- - the IP of the configured keyserver must appear in Vidalia's list
-   of connections
+ - the connection to the configured keyserver must appear in Vidalia's
+   list of connections
  - if you run a keyserver, have a look there.
 
 # Monkeysphere
 
-* Monkeysphere validation agent key search/receive: torified?
-  (the MSVA is simply not working currently, ignore this.)
+* Monkeysphere validation agent key search/receive: torified? uses
+  configured keyserver?
 
 # HTP
 
@@ -127,11 +133,7 @@ Seahorse GUI and FireGPG:
 4. connect the network cable
 
 => the date should be corrected and Tor/Vidalia should start
-correctly. Except it does not work currently as the queried servers'
-SSL certificates are invalid if the date is too much wrong
-
-=> also test with a slightly less wrong date, which is supposed to
-work already.
+correctly.
 
 # erase memory on shutdown
 
@@ -144,6 +146,11 @@ Testing that the needed files are really mapped in memory, and the
 erasing process actually works, involves slightly more complicated
 steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].
 
+# Virtualization support
+
+* `modinfo vboxguest` should work
+* test in VirtualBox
+
 # Misc
 
 * Check that links to the online website (`Mirror:`) at the bottom of
@@ -159,3 +166,5 @@ steps that are worth [[a dedicated page|test/erase_memory_on_shutdown]].
 * Boot and check basic functionality is working for every supported language.
 * Try to start with the `truecrypt` option on boot, see if it can be found in
   the Application -> Accessories menu and that it runs correctly
+* Virtual keyboard must work and be auto-configured to use the same
+  keyboard layout as the X session.

wiki/src/todo/Flash_support.mdwn

@@ -33,6 +33,8 @@ Next things to do:
     may not support the video formats broadcasted by YouTube, and
     might not be robust enough; `mozilla-plugin-vlc` (15MB compressed
     .deb files) might be safer bet.
+* Native YouTube client, such as [[!debpts minitube]] (6MB compressed
+  .deb files).
 * If we decide to go the Gnash way, we'll need to research the
   privacy/anonymity issues it may have.
 

wiki/src/todo/Iceweasel_5.x.mdwn

@@ -14,7 +14,8 @@ Some of our extensions are not marked as compatible with FF5:
   compatible with FF5; tracked by [[!debbug 634071]]
 - Monkeysphere 0.6 is not marked as compatible with FF5; it mostly
   works with FF5, though, as we [reported to
-  upstream](https://labs.riseup.net/code/issues/3314).
+  upstream](https://labs.riseup.net/code/issues/3314) and to Debian
+  ([[!debbugs 638585]])
 
 Some other extensions are in a much worse state wrt. FF4+:
 

wiki/src/todo/MSN-pecan.mdwn

@@ -16,9 +16,10 @@ Early September 2011: the popcon reports approx. 180 users,
 the PTS ([[!debpts msn-pecan]]) reports a still unpackaged 3-months
 old new upstream version, the BTS reports no bug.
 
-Upstream [bug
-#299](https://code.google.com/p/msn-pecan/issues/detail?id=299)
-and [[!debbug 624733]] indicate that the current Debian Squeeze
-version (0.1.2-1) is completely broken due to protocol changes. We
-need to [[!taglink todo/test]] this: if true, it greatly deserves an
-upload to `squeeze-update`.
+The current Debian Squeeze version (0.1.1-1) is completely broken due
+to protocol changes ([upstream bug
+299](https://code.google.com/p/msn-pecan/issues/detail?id=299),
+[[!debbug 624733]]). A backported 0.1.2-1 works nicely => let's ship
+that.
+
+[[!tag todo/code]]

wiki/src/todo/Pidgin_ctcp_replies.mdwn

+[[!tag todo/research]]
+
+Which CTCP replies should Pidgin reply to over IRC? In 0.8-rc2 it
+responds to PING and VERSION (with "Purple IRC"), but before that it
+didn't respond to any CTCP query. We need to assess which ones are
+safe or even desireable w.r.t. fingerprintability (e.g vs. "normal"
+Pidgin users) and other leaks.

wiki/src/todo/Squeeze:_no_more_boot_splash.mdwn

-[[!tag todo/research]]
-
 Splashy was removed from testing and won't be part of the Squeeze
 release. The reasons for this removal (see [[!debbug 599245]]) are not
 of the kind we can afford ignoring (incompatible with KMS, progress
@@ -13,5 +11,33 @@ We then need to choose amongst the following solutions:
 - forget the boot splash thing until a maintainable solution arises
   (could be affordable as GDM now starts quite earlier)
 
-We could [[!taglink todo/test]] plymouth with various hardware, some
-that uses KMS by default on Squeeze and some that does not.
+The [[todo/windows_theme]] task would be improved by a graphical
+Windows splash screen.
+
+Update: according to dba, the simple Plymouth blue progress bar
+(ascii, no drm) is working absolutely everwhere, he's not found one
+machine not supporting it, yet. For squeeze-based systems,
+progress-linux just installs the [[!debpkg plymouth]] package and
+that's all. Once the level of broken hardware has dropped
+significantly, which probably is when wheezy is due, a clean looking
+graphical splash can be shipped with DRM support.
+
+Quickly implemented in `feature/plymouth`.
+
+Left to do
+==========
+
+Testing
+-------
+
+[[!tag todo/test]]
+
+We now need to test it with various hardware, some that uses KMS by
+default on Squeeze and some that does not.
+
+Works on:
+
+ - Thinkpad X32 (radeon, kms enabled)
+
+Does not work on:
+

wiki/src/todo/TailsGreeter/install.mdwn

@@ -6,9 +6,20 @@ This page contains installation and testing instructions and hints.
 
 The login with given language (locale) and setting password for amnesia should work. Note that original greeter is disabled upon installation so you'll not be able to login via gdm if something is broken in tails-greeter - you've been warned.
 
+## Git repositories
+
+Core Tails developers repo:
+
+	git://git.immerda.ch/max/tails-greeter.git
+	ssh://git@git.immerda.ch/tails/tails-greeter.git
+
+Max' repo:
+
+	git://git.immerda.ch/max/tails-greeter.git
+
 ## Build package from git
 
-0. git clone git://git.immerda.ch/max/tails-greeter.git
+0. git clone git://git.immerda.ch/tails/tails-greeter.git
 0. cd tails-greeter 
 0. git-buildpackage 
 

wiki/src/todo/Torbutton_toggling.mdwn

+[[!tag todo/discuss]]
+
+In Tails <=0.7.2 (with Torbutton <1.4) we allowed toggling Torbutton
+to enable full javascript for pages it breaks etc. We made it more
+difficult to toggle by mistake by setting torbutton.locked_mode=true,
+which makes the panel require a right-click -> Toggle instead of just
+a left-click, which is good. In Torbutton 1.4 the behaviour changed:
+torbutton.locked_mode=true makes it impossible to toggle, and false
+enabled toggling only through the Torbutton menu, which essentually
+is our old bahaviour.
+
+The question is, do we even want to support toggling at all at this
+point, i.e. Tails 0.8 and on? That might just confuse our users as
+Tor really can't be disabled thanks to our
+[[firewall|contribute/design/Tor_enforcement]].