Tails 0.14 rc1 686-pae sees all my cpu cores and RAM Time to test virtualization.
virtualbox and vmplayer will use the 3.2.0-4-686-pae kernel headers and compile and insert some kernel modules needed to run virtual machines, create virtual network cards etc Kernel headers 3.2.0-4-686-pae, vmplayer & virtualbox need gcc 4.6 There is no squeeze backport for gcc-4.6 A Solution: dpkg --install gcc-4.4_4.4.5-8_i386.deb ln -s /usr/bin/gcc-4.4 /usr/bin/gcc-4.6 vmplayer will now install, compile & insert kernel modules virtualbox 4.2 will now install, compile & insert kernel modules Side effects of gcc-4.4 = gcc-4.6, none observed TODO: 1. View release notes & changelogs between gcc 4.4 and 4.6 Everything is running well. vmplayer in particular is *very* fast when I copy the tails-0.14-rc1 iso to the ramdisk and boot it in a VM, GIMP and all other apps load very fast apt-get, it appears secure, using the debian public key(s) stored on the tails livecd to verify the Releases file (which has the hash of the packages file), then the hash of the Packages file(which has the hash of the individual .debs), then the hash of the .deb so it should be ok to install using apt-get over tor, I havent audited it yet though, there must be bugs Once you apt-get install gcc-4.4 and symlink it to gcc-4.6 you can apt-get install virtualbox4.2 and it will install fine. https://www.virtualbox.org/wiki/Linux_Downloads is verified by verisign, so you only get verisign/ssl-level security The webpage text shows 7B0F AB3A 13B9 0743 5925 D9C9 5442 2A4B 98AB 5139 Oracle Corporation (VirtualBox archive signing key) <[email protected]> as the key fingerprint for oracle_vbox.asc which you will need to add to your apt-key repository, and edit /etc/apt/sources.list and add deb http://download.virtualbox.org/virtualbox/debian squeeze contrib non-free to the list. Full instructions are at https://www.virtualbox.org If anyone wants to run virtualbox or vmplayer from within their tails livecd you can do it TODO: 1. Calculate what size requirements there would be if virtualbox was ever shipped with tails 2. See how a git patch could be made that is easy simple and just makes everything work well Running virtual Tails from within a Tails live-cd: Advantages: * Can hide hardware serial numbers, even if an attacker gets root * Allows stronger enforcement of tor-only connections, an attacker must break out of a virtual machine, in addition to previous steps taken. A VM can be configured to only be able to send traffic through the tor process running on the host machine. * Enables the features described at https://tails.boum.org/todo/Two-layered_virtualized_system/ https://tails.boum.org/todo/Two-layered_virtualized_system/virtails.png is a great diagram, but could be made even more secure by using multiple computers to separate things even further, whonix has a multi-computer design Example setup, each item in brackets[] is a separate computer, connected to the other computers via a crossover cable: [Tails Storage Server] Runs encrypted storage from within a vm | Gives access to encrypted storage vis sshfs | Encryption keys are never in RAM of vulnerable apache server | running many end-user services | [Tails Server Edition] Runs Apache inside a virtual tails | | | [Tails Gateway] Runs only Tor process inside a virtual tails | | | [OpenBSD livecd] Transparent Bridge Firewall - Runs only pf and allows only connections to a list of Tor bridges | | Internet ^Bridges may not be recommended for tor hidden services? but this will also work for a end-user client setup ^At any ethernet crossover cable, an intrusion detection system tap can be added A hacker could root a number of machines, and would have a very difficult time ever revealing the real IP of the machine. Please critique! I'm not sure what the point of this email is, other than to get more people interested in testing out virtualization! and making it easier for anyone who saw some error messages using apt-get I was told to discuss here ideas about virtualization and tails as it is still early in the discussion process What does everyone think about virtualization and tails? References: https://tails.boum.org/todo/Two-layered_virtualized_system/ https://tails.boum.org/todo/amd64_kernel/ _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
