[Tails-dev] Testing the ISO Verification Extension
Hi,
Giorgio Maone:
As soon as it's on AMO it's gonna be signed by Mozilla.
Also, in a near future, installing extensions which have not been
signed
by Mozilla will automatically fail.
Finally, if we want hash-based verification right now, rather than
providing a raw link, we can use Firefox's proprietary
window.InstallTrigger method, like this:
InstallTrigger.install(
"Download and Verify Extension 0.2.6": {
URL: "dave.xpi",
Hash:
"sha256:c750017b572ebc6417324196f216a13216e5f65de6abd8b1a5a1ce07618ccfdc"
}
);
Gangster.
Wordlife,
Spencer
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Update Electrum documentation for Tails 1.8 upgrade to version 2.5.4
Sajolida, please forward this message to s7r. s7r, If you do not have any specific ideas for updating the Electrum documentation, I volunteer to take the lead. Otherwise, you can draft an updated version of the documentation and I can update where necessary. The goal is to document Electrum specifically for Tails and not duplicate the existing Electrum wiki. Most of the updates like wallet format happen automatically in the background, so they do not need to be documented. I only recommend making two additions. The most obvious change to the user when updating Electrum versions is that the default base unit changes which can be confusing. No, I do not think that we should manually change the default base unit with a config file. That decision should be made upstream. However, users should be aware that the appearance of their Bitcoin balances changes especially when sending Bitcoins. DoS refers to the SPV vulnerability of servers withholding information from their clients leading to an incorrect balance. Connecting to a trusted .onion server protects against DoS. Yes, it is not a bug, but it is a well-known limitation of SPV that is specifically relevant for Tor users. Pleas read “Bitcoin over Tor is not a good idea” http://arxiv.org/pdf/1410.6079.pdf . Cheers, Michael English sajolida: > Michael English: >> Please see https://labs.riseup.net/code/issues/9713 for context. >> >> Recommend users to manually select a trusted .onion server to protect >> against DoS after note about SPV vulnerability. >> >> Make a note that Electrum uses mBTC as the default base unit. 1 mBTC = >> 0.001 BTC. It can be changed in preferences. > > Thanks for the input. I'd like to see whoever is working on the update > to 2.5.4 propose patches to the current documentation [1]. Then I don't > mind editing and polishing it but I won't have time to do the > investigation part myself. So thanks for starting it. > > - How would people "manually select a trusted .onion server"? > - Where can people find "a trusted .onion server"? > - How should our current warning about SPV be adapted? > > [1]: > https://git-tails.immerda.ch/tails/tree/wiki/src/doc/anonymous_internet/electrum.mdwn > ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Releasing automated tests
Hi, On Wed, Nov 18, 2015 at 02:38:00PM +0100, intrigeri wrote: > bertagaz wrote (18 Nov 2015 12:34:34 GMT) : > > Intrigeri, what's on your opinion on [...] > > Please give me an explicit deadline. I probably won't be able to work on it before week 49 anyway, so no rush, but an answer before would be cool. > Thanks for asking! Well, you express a strong blocking position, can't get a real consensus without an update from you :) Bert. ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
[Tails-dev] hi. help me
I don't want to use TOR+APT-GET How should setup?___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Testing the ISO Verification Extension
Giorgio Maone: > On 19/11/2015 13:17, sajolida wrote: 2. #bittorrent-minor should also be visible when #use-button and #install-button are visible. See slides 3 and 4. >>> OK, done in latest commit. >> I don't see this. I tested with 0.2.5 and it didn't work. I also don't >> see any change while search on 'bittorrent' in the Git history as of >> 1039f5f. Maybe you forgot to push? >> 3. Clicking #use-button or #install-button should #i_have_iso (when the download starts). >>> You mean *hide* #i_have_iso, correct? Tentatively done, then. >> Sorry for the missing word. You understand correctly, I meant "Clicking >> #use-button or #install-button should hide #i_have_iso". Still, I don't >> see this in 0.2.5. See screenshot in attachment. > > Are you using latest dave.css? Indeed we were missing some changes there. We integrated them in 53f0a63. You can see it live on https://tails.boum.org/install/download. We'll try to fix as much as we can on our side with CSS but we're a bit learning as we do... ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Testing the ISO Verification Extension
On 19/11/2015 13:17, sajolida wrote: >>> 2. #bittorrent-minor should also be visible when #use-button >>>and #install-button are visible. See slides 3 and 4. >> OK, done in latest commit. > I don't see this. I tested with 0.2.5 and it didn't work. I also don't > see any change while search on 'bittorrent' in the Git history as of > 1039f5f. Maybe you forgot to push? > >>> 3. Clicking #use-button or #install-button should #i_have_iso (when >>>the download starts). >> You mean *hide* #i_have_iso, correct? Tentatively done, then. > Sorry for the missing word. You understand correctly, I meant "Clicking > #use-button or #install-button should hide #i_have_iso". Still, I don't > see this in 0.2.5. See screenshot in attachment. Are you using latest dave.css? -- G ___ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
Re: [Tails-dev] Testing the ISO Verification Extension
On 19/11/2015 17:46, Spencer wrote:
>
>> sajolida:
>> You can see it live on https://tails.boum.org/install/download.
>>
>
> Is there a way to verify the extension?
As soon as it's on AMO, it's gonna be signed by Mozilla.
Also, in a near future, installing extensions which have not been signed
by Mozilla will automatically fail.
Finally, if we want hash-based verification right now, rather than
providing a raw link we can use Firefox's proprietary
window.InstallTrigger method like this:
InstallTrigger.install(
"Download and Verify Extension 0.2.6": {
URL: "dave.xpi",
Hash:
"sha256:c750017b572ebc6417324196f216a13216e5f65de6abd8b1a5a1ce07618ccfdc"
}
);
--
Giorgio Maone
https://maone.net
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
tails-dev-unsubscr...@boum.org.
