Re: [Tails-dev] Proposal: Add support for curl (does ALL_PROXY fix it?)

[David A. Wheeler]

> On Feb 6, 2023, at 2:44 AM, segfault  wrote:
> I agree that it might be useful to document in the Additional Software docs 
> that some applications need to be run via torsocks. I'll let our UX and 
> documentation person decide on that.
> 
>> However, in the case of *curl*, using torsocks has drawbacks.
>> The torsocks program uses the LD_PRELOAD trick that is
>> sometimes unreliable
> 
> I'm not aware of torsocks being unreliable. It's used in Tails for many 
> applications and I use it myself for others and in my experience when it 
> works once it works every time.

LD_PRELOAD has its uses, but it works by intercepting lower-level function 
calls.
This means that future "minor" changes to a program or library can cause
things to unexpectedly break. E.g., If a function call is internally added or 
changed
that should be intercepted (but isn't) the interception won't work.
Calls that get statically linked don't get intercepted.
Also, glib will just plow ahead if loading LD_PRELOAD libraries fails
.
I've written several programs that use LD_PRELOAD, and found it's
remarkably fiddly & that upgrades can easily make things go wrong.
I don't think Debian designs or tests its programs to work with LD_PRELOAD.

So while LD_PRELOAD certainly has its uses, I think it's better to use
more reliable alternatives where they're sensible. E.g.,
configuring a tool to directly use SOCKS (if it can do so) and/or
implementing a transparent proxy (again, so it reliably works).
Implementing a transparent proxy takes some effort,
so I was trying to find a simple but reliable solution.


> On Feb 6, 2023, at 4:08 AM, boyska  wrote:
> oh yeah, we all like curl. I wonder what kind of user needs curl, though.
> You mentioned that some packages in Debian will "just work" if curl is 
> working. Can you name any of them? I think that would be very valuable info!

Sorry, what I meant was, "I expect that some packages in Debian will "just 
work" if curl is working".
I don't have a specific list. That said, as you stated, *many* people like 
curl, so
I expect a lot of tools use curl internally. I think a reverse dependency lookup
(of the Debian metadata, not of a running instance) would show a long list.

--- David A. Wheeler
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Critical Usability Issue due to which I Haven't Used Tails in Years

[David A. Wheeler]

> From: Internet Spam 
> Date: Mon, Dec 5, 2022 at 2:41 AM UTC
> Subject: Critical Usability Issue due to which I Haven't Used Tails in Years
> ...
> 
> The issue is this:
> Tails runs without any swap space (obviously, to maintain amnesia), the 
> entire system may lock up at any moment due to heavy memory usage and opening 
> of many Web browser tabs (which I usually do), the Magic Sysrq functionality 
> of manually invoking the OOM killer in such emergency situations is disabled 
> by default in Tails (and there's no way to enable without rebooting, and it's 
> not recommended to enable it when connecting to the Internet as it's 
> insecure), and Tails bundles no userspace early OOM daemon enabled 
> out-of-the-box (such as systemd-oomd).
> The very least you can do is ship a new version of Tails with a slightly 
> modified configuration value under /proc to enable the Magic Sysrq-F key 
> combination. I request that you also consider shipping systemd-oomd enabled 
> by default in the next major release of Tails (i.e. version 6.0).

I'm not a Tails developer, but I thought I might make a few comments that will 
hopefully be helpful.

Unfortunately, running many web browser tabs can easily use a lot of memory
depend on the pages being viewed. Doing this on a system without a large amount
of physical RAM *and* without swapping is asking for trouble.
The systems-oomd service itself *highly* recommends having swap enabled for it 
to work
 .

Making it easier to handle crashes isn't a bad idea, but that doesn't
*really* solve the end-user problem. What you *want* is a way to gracefully 
degrade
but have everything continue to work.

I think an alternative longer-term solution would be to allow users
to *enable* a swap file if the persistent storage is enabled.
After all, if persistent storage is enabled, you don't need perfect amnesia.
The easy implementation would then put the swap in a file
within the persistent storage; that way, you know it's encrypted, and
you don't have to manage a separate partition. Such swap space would be
slower than real RAM, but at least the system would keep doing its job.
I suggest setting the swappiness to a low value so it tends to be used only 
when needed;
the default is 60, but if you set it to 0 the kernel will not initiate swap 
until the
amount of free and file-backed pages is less than the high water mark in a zone
.
This would be fairly easy to implement. You could do this at boot page time
or as a runtime system menu option. Doing it from
the GUI system menu is probably the most flexible.
Just make sure the backup system doesn't back up the swap file itself, just
the fact it exists (again, that should be easy to ensure).

Also enabling Magic Sysrq-F key seems reasonable to me, though maybe there's a
downside. That said, many users won't know
how to use it, and it's a sledgehammer best avoided where possible.

--- David A. Wheeler
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Fwd: Critical Usability Issue due to which I Haven't Used Tails in Years

[boyska]

Hi,

Tails runs without any swap space (obviously, to maintain amnesia), 
the entire system may lock up at any moment due to heavy memory usage 
and opening of many Web browser tabs (which I usually do), the Magic 
Sysrq functionality of manually invoking the OOM killer in such 
emergency situations is disabled by default in Tails (and there's no 
way to enable without rebooting, and it's not recommended to enable it 
when connecting to the Internet as it's insecure), and Tails bundles 
no userspace early OOM daemon enabled out-of-the-box (such as 
systemd-oomd).
*The very least you can do is ship a new version of Tails *with a 
slightly modified configuration value under /proc *to enable the Magic 
Sysrq-F key combination*. I request that you also consider shipping 
*systemd-oomd enabled by default* in the next major release of Tails 
(i.e. version 6.0).
Thanks for the suggestion. Would you mind explaining in what kind of 
scenarios relying on Linux kernel built-in OOM killer gave you a bad UX?


I have a USB flash drive with Tails, installed using Tails installer, 
with an encrypted persistence, up-to-date as of around 2019-2020, with 
an early (stable) version of Tails 4.x if I remember right. My 
question is this: Can I do a manual upgrade to the latest stable 
version of Tails 5?

yes


*Should I back up my encrypted persistence *before doing anything,


yes

--
boyska



OpenPGP_signature
Description: OpenPGP digital signature
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Proposal: Add support for curl (does ALL_PROXY fix it?)

[boyska]

On 04/02/2023 20:18, David A. Wheeler wrote:

Currently Tails includes and supports wget. I propose *also* adding support for 
curl.

Curl is widely-used and is the "go-to" tool for many people at the command line.
Thus, including it would make Tails more convenient for some. In addition,
enabling curl would make a number of added packages in Debian "just work",

oh yeah, we all like curl. I wonder what kind of user needs curl, though.
You mentioned that some packages in Debian will "just work" if curl is 
working. Can you name any of them? I think that would be very valuable info!


--
boyska
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] Critical Usability Issue due to which I Haven't Used Tails in Years

[Anti-OOM in Tails via Tails-dev]

Hello, I've decided to forward my unanswered query to the public mailing list. 
Tails developers and Tails Foundations team, please check this. I welcome 
opinion from anyone though.
Thank you in advance.
(I sent this a few days ago, and saw new mail appear 
[here](https://lists.autistici.org/list/tails-dev.html) and 
[here](https://www.mail-archive.com/tails-dev@boum.org/) without this message 
listed, so now I created this email address and am resending this.)

-- Original message -
From: 
Date: Tue, Dec 19, 2022 at 10:42 PM UTC
Subject: Fwd: Critical Usability Issue due to which I Haven't Used Tails in 
Years
To: 

Hello, (I don't need PGP, please don't ignore this,)
I sent the email message reproduced below and forwarding it to you since I 
didn't get any reply yet as of writing. I have issues that I request that 
you'll forward to the Tails developers. TL;DR: I wrote about three things, in 
this order: (1) Firstly, I wrote about the OOM-killing situation in Tails, 
which needs to be addressed directly by the Tails developers or the Tails 
Foundations team dealing with Debian/distribution work; (2) secondly, I 
mentioned my personal stance regarding VRAM wiping on shutdown; (3) finally, I 
asked whether I can do a manual upgrade of Tails from a very old version to the 
latest stable version.

Please don't reply with instructions for debugging or troubleshooting, as 
they're unnecessary -- but you're free to express your disagreement with me on 
this, provided that you don't jump to hasty conclusions and have read my 
message.
I'm sorry if this sounds rude, but after various email messages and WhisperBack 
reports over the past six or seven years or so, it feels like you're actively 
ignoring me.

Thank you.

-- Original message -
From: 
Date: Mon, Dec 5, 2022 at 2:41 AM UTC
Subject: Critical Usability Issue due to which I Haven't Used Tails in Years
To: ta...@boum.org , 

Hello. First of all, do not dismiss this email please. I live in a free, 
democratic country where my human rights are respected; I don't use PGP but I 
don't require its use for this matter. If you're not an official member of the 
Tails developers team, then please forward this email to them! In the past, 
when I used to use Tails, I used both WhisperBack and the helpdesk mailing list 
to contact you regarding this matter; either you did nothing about the issue, 
or the helpdesk person dismissed my report as if I should do more 
troubleshooting or my hardware is faulty or whatever (don't remember, but it 
doesn't matter actually).

The issue is this:
Tails runs without any swap space (obviously, to maintain amnesia), the entire 
system may lock up at any moment due to heavy memory usage and opening of many 
Web browser tabs (which I usually do), the Magic Sysrq functionality of 
manually invoking the OOM killer in such emergency situations is disabled by 
default in Tails (and there's no way to enable without rebooting, and it's not 
recommended to enable it when connecting to the Internet as it's insecure), and 
Tails bundles no userspace early OOM daemon enabled out-of-the-box (such as 
systemd-oomd).
The very least you can do is ship a new version of Tails with a slightly 
modified configuration value under /proc to enable the Magic Sysrq-F key 
combination. I request that you also consider shipping systemd-oomd enabled by 
default in the next major release of Tails (i.e. version 6.0).

(I want to use this opportunity to express my stance regarding video RAM 
erasure during reboot: I don't think that the fact that something cannot be 
done perfectly is a good excuse to refrain from doing it at all, i.e. if 
something cannot be done 100% well, it's better to do even 20% of the job 
rather than 0%; at the same time, I don't ever expect you to ship spaghetti 
code, so I don't expect you to write a half-assed implementation that does 20% 
of the job, despite what I said earlier. I request that you research solutions 
that you can implement in the short term to at least try to erase the VRAM 
during reboot.)

Related to this:
I have a USB flash drive with Tails, installed using Tails installer, with an 
encrypted persistence, up-to-date as of around 2019-2020, with an early 
(stable) version of Tails 4.x if I remember right. My question is this: Can I 
do a manual upgrade to the latest stable version of Tails 5? (Could I do a 
manual upgrade to 6.x when it would be released?) When doing manual upgrades, 
what are the earliest versions supported? Is such an old version of Tails 
supported for manual upgrades using Tails installer in the latest stable Tails? 
Should I back up my encrypted persistence before doing anything, or do you not 
expect such a manual upgrade from Tails 4.x to the latest Tails 5 to cause data 
loss?

Tails developers: please acknowledge that you received this email ASAP, at 
least so I would know that you got it, even if you have no answers yet.
Thank you very much.

--

[Tails-dev] Fwd: Critical Usability Issue due to which I Haven't Used Tails in Years

[Internet Spam]

Hello, I've decided to forward my unanswered query to the public mailing
list. *Tails developers and Tails Foundations team*, please check this. I
welcome opinion from anyone though.
Thank you in advance.

-- Forwarded message -
From: Internet Spam 
Date: Tue, Dec 19, 2022 at 10:42 PM UTC
Subject: Fwd: Critical Usability Issue due to which I Haven't Used Tails in
Years
To: 


Hello, (I don't need PGP, please don't ignore this,)
I sent the email message reproduced below and forwarding it to you since I
didn't get any reply yet as of writing. I have issues that *I request that
you'll forward to the Tails developers*. TL;DR: I wrote about three things,
in this order: (1) Firstly, I wrote about the *OOM-killing situation in
Tails, which needs to be addressed directly by the Tails developers or the
Tails Foundations team* dealing with Debian/distribution work; (2)
secondly, I mentioned *my personal stance regarding VRAM wiping* on
shutdown; (3) finally, I asked *whether I can do a manual upgrade of Tails
from a very old version* to the latest stable version.

Please *don't* reply with instructions for debugging or troubleshooting, as
they're unnecessary -- but you're free to express your disagreement with me
on this, *provided that you don't jump to hasty conclusions* and have read
my message.
I'm sorry if this sounds rude, but after various email messages and
WhisperBack reports *over the past six or seven years or so, it feels like
you're actively ignoring me*.

Thank you.

-- Forwarded message -
From: Internet Spam 
Date: Mon, Dec 5, 2022 at 2:41 AM UTC
Subject: Critical Usability Issue due to which I Haven't Used Tails in Years
To: ta...@boum.org , 


Hello. First of all, *do not dismiss this email please. I live in a free,
democratic country *where my human rights are respected; I don't use PGP
but I don't require its use for this matter. *If you're not an official
member of the Tails developers team, then please forward this email to
them!* In the past, when I used to use Tails, I used both WhisperBack and
the helpdesk mailing list to contact you regarding this matter; either you
did nothing about the issue, or the helpdesk person dismissed my report as
if I should do more troubleshooting or my hardware is faulty or whatever
(don't remember, but it doesn't matter actually).

The issue is this:
Tails runs without any swap space (obviously, to maintain amnesia), the
entire system may lock up at any moment due to heavy memory usage and
opening of many Web browser tabs (which I usually do), the Magic Sysrq
functionality of manually invoking the OOM killer in such emergency
situations is disabled by default in Tails (and there's no way to enable
without rebooting, and it's not recommended to enable it when connecting to
the Internet as it's insecure), and Tails bundles no userspace early OOM
daemon enabled out-of-the-box (such as systemd-oomd).
*The very least you can do is ship a new version of Tails *with a slightly
modified configuration value under /proc *to enable the Magic Sysrq-F key
combination*. I request that you also consider shipping *systemd-oomd
enabled by default* in the next major release of Tails (i.e. version 6.0).

(I want to use this opportunity to express my stance regarding *video RAM
erasure during reboot*: I don't think that the fact that something cannot
be done perfectly is a good excuse to refrain from doing it at all, i.e. if
something cannot be done 100% well, it's better to do even 20% of the job
rather than 0%; at the same time, I don't ever expect you to ship spaghetti
code, so I don't expect you to write a half-assed implementation that does
20% of the job, despite what I said earlier. I request that you research
solutions that you can implement in the short term to at least try to erase
the VRAM during reboot.)

Related to this:
I have a USB flash drive with Tails, installed using Tails installer, with
an encrypted persistence, up-to-date as of around 2019-2020, with an early
(stable) version of Tails 4.x if I remember right. My question is this: Can
I do a manual upgrade to the latest stable version of Tails 5? (Could I do
a manual upgrade to 6.x when it would be released?) When doing manual
upgrades, what are the earliest versions supported? *Is such an old version
of Tails supported for manual upgrades using Tails installer in the latest
stable Tails? Should I back up my encrypted persistence *before doing
anything, or do you not expect such a manual upgrade from Tails 4.x to the
latest Tails 5 to cause data loss?

*Tails developers: please acknowledge that you received this email ASAP, at
least so I would know that you got it, even if you have no answers yet.*

Thank you very much.
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.