Re: [Tails-dev] uVirtus design
Hi, Dlshad Othman wrote (16 Oct 2013 20:29:52 GMT) : I'll answer each question Great :) intrigeri wrote (08 Oct 2013 10:32:18 GMT) : On 09/13/2013 11:15 AM, intrigeri wrote: What kind of adversary is the anonymity meant to be strong against? I've eventually found time to test uVirtus 2.0. As far as I can tell, the default web browser goes out in the clear, without any anonymity whatsoever (neither VPN nor Tor): I see no route by the one through my local router, and the firewall's filter and nat tables are empty. Same for DNS resolution, that goes through the OpenDNS open resolvers. Is it on purpose? I'm worried that users may think otherwise, after reading the webpage, and then put themselves at risk. What do you think? Are you sure? have you tried Sanctuary VPN on the Desktop? By the default web browser, I meant the one I get if I simply boot uVirtus and double-click the Internet launcher on the desktop, without further operation from my part. Once I manually start the VPN, then yes, web browsing flows through it. Perhaps the web homepage should make it clear that the announced security features are held only after some manual steps are taken? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[Tails-dev] feature/liveusb_ui_improvement: phrasing issue?
On Mon, 14 Oct 2013 11:41:28 +0200 sajol...@pimienta.org wrote: _(You are going to install Tails on the %(vendor)s %(model)s device (%(size)s). All data on the selected drive will be lost. Continue?) I'm afraid that the phrasing make the suer believe that her data is actually erased, which is not the case, but that's not a regression. I'm not sure I understand your concern with this phrasing. Do you mean the user might think her data is securely deleted from the device while it is not? Yes. What about : You won't be able to easily access the data currently saved on the selected drive anymore. Cheers ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Please review feature/remove_clock_applet
Hi, On Mon, 14 Oct 2013 22:14:22 +0200 sajol...@pimienta.org wrote: To follow up on the discussion regarding the removal of the clock applet, and since the new applet by Kevin C. Krinke won't be ready time for the freeze on Friday, here is a branch that removes the clock applet from the desktop. I'm convinced that the way forward is to have our own applet, since Kevin is already working on that, but the arguments in favor of removing the old one still holds, even if the new one is not here yet. It's a bit provocative, I know; and if we decide not to merge it that's totally fine with me as well. I think it is better to wait for 0.22 and replace the current applet by the new one being developed or merge your branch if the new applet in not ready by then. It seems me that removing the clock, explaining the users why it has been removed, then adding another one and explaining why it reappears another way is putting energy in basically nothing. I won't however block the merge of this branch if others really see the point. Cheers ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Please review and merge feature/liveusb_ui_improvement
Hi, On Sat, 12 Oct 2013 09:36:52 +0200 intrigeri intrig...@boum.org wrote: Alan wrote (11 Oct 2013 17:52:19 GMT) : Just curious: any specific reason that I've missed to display the device size in the confirmation dialog on initial install, but not at upgrade time? No. Do you intend to fix this (say, in time for 0.22), or should I? I'll do it in time for 0.22. +def _format_bytes(value): +return '%0.1f GB' % (value / 10.0**9) I appreciate the minor refactoring, but then I'd rather: * either use some library to display human-readable units in all cases (think: 2TB external drive) to improve UX * or simply rename the function to _format_bytes_in_GB, so that at least the name expresses its current limitations. I would choose the 2nd for now. Do you intend to fix this (say, in time for 0.22), or should I? I'll. However, the No/Yes buttons ordering seems unusual to me. I didn't dare patching it, as I thought you might have followed the GNOME HIG or something, and I may be missing something. Any reason to order it this way? No. I'm used to GTK+, which chooses the right order automatically. Qt might not do that. Do you intend to fix this (say, in time for 0.22), or should I? I'll too. To end with, the test suite was not updated yet, and is likely broken by these changes, so please file a ticket about it, assigned to me if you wish (I'd rather do it together, though). This must be fixed before the 0.21 freeze. I'm afraid that I don't have the infrastructure to do that yet, so I would appreciate if you took care of it. OK, will (try to) do. Thanks. Cheers ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] Please review feature/remove_clock_applet
FTR: we're frozen, and it wasn't merged. ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
[Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?
I have a question: Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR) Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution) To be found in Tails (not found in TBB), some additional certificates: DigiCert Inc - DigiCert High Assurance EV CA-1 DigiCert Inc - DigiCert High Assurance CA3 GeoTrust Inc. - Google Internet Authority G2 StartCom Ltd. - StartCom Class 2 Primary Intermediate Server CA The Go Daddy Group, Inc - Go Daddy Secure Certification Authority The USERTRUST Network - Gandi Standard SSL CA All these are listed as Software Security Device certificaties. The others are Builtin Object Token and baked in the browser. Mozilla's documentation explains about Software Security Devices: Software Security Device stores your certificates and keys that aren't stored on external security devices, including any CA certificates that you may have installed in addition to those that come with the browser. https://www.mozilla.org/projects/security/pki/psm/help_21/using_certs_help.html Question is: did TAILS added some extra CA's ? ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
Re: [Tails-dev] TAILS (Tor Linux distribution) contains extra root CAs ?
Hi, 2013/10/17, Anonymous Remailer (austria) mixmas...@remailer.privacy.at: I have a question: Tor Browser Bundle - Firefox ESR 17.0.9 (LATEST TOR) Compared to: Iceweasel 17.0.9 (LATEST TAILS Linux distribution) To be found in Tails (not found in TBB), some additional certificates: DigiCert Inc - DigiCert High Assurance EV CA-1 DigiCert Inc - DigiCert High Assurance CA3 GeoTrust Inc. - Google Internet Authority G2 StartCom Ltd. - StartCom Class 2 Primary Intermediate Server CA The Go Daddy Group, Inc - Go Daddy Secure Certification Authority The USERTRUST Network - Gandi Standard SSL CA All these are listed as Software Security Device certificaties. The others are Builtin Object Token and baked in the browser. Mozilla's documentation explains about Software Security Devices: Software Security Device stores your certificates and keys that aren't stored on external security devices, including any CA certificates that you may have installed in addition to those that come with the browser. https://www.mozilla.org/projects/security/pki/psm/help_21/using_certs_help.html Question is: did TAILS added some extra CA's ? ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev I've got all of those (and more listed as Software Security Device) in Iceweasel on my regular Debian system. Likely, either Debian adds such certificates to upstream Firefox, or TorProject removes them when they build TorBrowser Alessandro ___ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev