Seems like a waste of maintaining to be honest, but does the
- dmidecode --text: size, lines et sha256sum) and dmidecode --binary: size et
sha256sum
even work cuz that caught my attention besides the clickbait thumbnail pick of
this post.
On Friday, March 14th, 2025 at 13:39, Albretch Mueller <[email protected]>
wrote:
> There is "Debian blends". In a sense tails could be seen as a Debian blend
> customized for security, but, of course, some "security" is just one basic
> aspect when it comes to the functionality of a system. I use tails and Debian
> almost exclusively and the perfectionist in me has been "dreaming" of being
> able to customize and/or recompile the tails base to my needs in a win-win
> way from which everybody would benefit. Basically, the tails project could be
> just reorganized in two phases:
> 1st) "tails base": allowing for users to include their own cr@p on their own;
> 2nd) "tails": (essentially using §1st) to complete a full, final version.
>
> I could imagine other users have had their own wishes and "dreams", here is
> my wish list, from which most items don't relate to "security" per se or not
> entirely:
>
> 1) basic GUI silliness:
> * 1.1 who had the great idea of using "black on white" on terminals? ;-) (I
> would guess it was one of those "visual" dudes, this is the first time that I
> have noticed such thing);
> * 1.2 AFAIK people use tails on their laptops or desktops why is the GUI
> reacting to mouse over as if you were using a cell phone?, at times windows
> have been closed (without choosing what you want by clicking on it);
> * 1.3 specially considering §1.2, such item "context" functionality such as
> "format" on block devices should be kept away as part of a different "block
> altering" operational branch (when you are a teacher you can see your
> students making certain "mistakes", which are not entirely their fault).
>
> 2) As part of booting up:
> * 2.1 there should be an option to (semi or more) randomly generate a
> password in a one-time-pass kind of way which the user would jot down on a
> piece of paper [her|him]self for that session, we humans aren't/cannot be
> random at all (think of the Sarah Palin password crack and, yes, in that
> regard we are all like her);
> * 2.2 toram boot up option (a la Debain-based knoppix, I have never
> understood why Debian live doesn't have a "toram" option, memory is cheap and
> plenty these days)
> * 2.3 "testcd" option (knoppix also)
> * 2.4 user config phase before going "toram" (optimally based on a file the
> user would browse for and then that partition should be unmounted
> amnesically).
> * 2.5 poor man's secure boot option dedicated to your own exposed machine
> (the idea of secure computing is kind of a joke anyway, but at least you
> should be able to own your execution context to some extent):
> * 2.5.1 user burns [his|her] customized tails onto a physically write once
> device such as a DVD;
> * 2.5.2 using dmidecone (making sure the BIOS hasn't been altered) §2.5.1 is
> measured (dmidecode --text: size, lines et sha256sum) and dmidecode --binary:
> size et sha256sum
> * 2.5.2.1 measure fine: you continue the boot process
> * 2.5.2.2 measure didn't pass: the user is given the option to continue
> booting process (stating what the difference was based on a kept copy of
> dmidecode --text), user may be trying to use the same base as air-gaped and
> exposed computer.
>
> 3) recompiling the tails base for one's own needs:
> * 3.1 I don't think that §2.4 could help while solving all configuration
> problems, say you are using a piece of hardware such as a graphic or memory
> card which driver is not included in the kernel, so you will have to install
> its firmware before the final set up (for such issues it is better to
> recompile the tails base using menuconfig)
> * 3.2 an option to recompile tails with no networking whatsoever (not even as
> an option) in case you would rather have it that way on your unexposed
> machine, no games , ...
>
> 4) user favorite cr@p phase after a basic tails boot:
> * 4.1 there should be an option to not compile tails with certain sw (less
> "toram") and make eclipse, libreoffice, one's favorite browsers, ... run from
> a mounted block device later;
> * 4.2 users should then be responsible for taking appropriate measures to
> remain reasonably safe (guidelines and methodologies should be shared).
>
> lbrtchx
_______________________________________________
Tails-dev mailing list
[email protected]
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
