Re: [Tails-dev] Tails: pcmcia / firewire / etc.

Delete this message

Reply to this message
Author: Ague Mill
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Tails: pcmcia / firewire / etc.
On Mon, Oct 15, 2012 at 02:47:05PM +0000, Abel Luck wrote:
> intrigeri:
> > Hi,
> >
> > Jacob Appelbaum wrote (13 Oct 2012 11:02:17 GMT) :
> >> As this is a modular kernel - is there a reason not to simply add
> >> a "enable firewire" widget?
> >
> > There are several I can see:
> >
> > * It is a UX failure every time someone has to go out of their way to
> > have Tails work with their hardware.
> > * Every such widget we add to Tails Greeter makes the greeter worse
> > for every Tails user: more cluttered, more complicated.
> >
> > That's why I still prefer the "let's guess what the user wants"
> > approach: if they plug a device in the "X" slot, that's probably
> > because they want to use it, so let's keep the "X" bus enabled, and
> > disable it else.
> >
> > OTOH, I understand your concern, and I now think the 5 minutes delay
> > that was suggested may be a bit too long. We did not specify exactly
> > when the 5 minutes countdown starts, anyway. Perhaps we could start an
> > initscript right after GDM, have it sleep 1 minute, and then disable
> > these dangerous buses if unused? (This gives a clear visual indication
> > of when the countdown starts.)
>
> Regardless of the solution proposed above, would it be possible to have
> an alternate grub menu that disables these dangerous interfaces from the
> get go?


Please note that Tails is using SYSLINUX at the moment and not GRUB.

> There could be an "Advanced" grub menu entry, that displays these
> alternative kernel-param boot options.
>
> Surely, there should be *some* secure option where the window of attack
> is zero?


How would you label it so that it does not puzzle users who are using a
FireWire external disks, but never had to think about the word "FireWire"
before?

What would you write in the end-user documentation? Who would be using
such option?

I am afraid about the endless stream of "why are you not making it the
default?", like the one we already get regarding Javascript. Answers
would probably be even quite similar. I'm not having such option, but it
really needs to be done right.

--
Ague