[Tails-dev] Tails report for December 2013

Delete this message

Reply to this message
Autore: Tails folks
Data:  
To: tails-dev
CC: tor-reports
Oggetto: [Tails-dev] Tails report for December 2013

Releases
========

Tails 0.22 was released on December 11.

Tails 0.22.1 is scheduled for January 21. The schedule for the next
releases is on our calendar.

https://tails.boum.org/contribute/calendar/

Metrics
=======

- Tails has been started more than 218 512 times in December.
This make 7 049 boots a day in average.
- 17 791 downloads of the OpenPGP signature of Tails ISO.
- 103 reports were received through WhisperBack.

Code
====

New features:

- Huge progress was made on the MAC spoofing feature, that can now be
tested.

https://git-tails.immerda.ch/tails/log/?h=feature/spoof-mac
https://tails.boum.org/news/spoof-mac/
https://labs.riseup.net/code/issues/5421

- Experimental UEFI support was completed and is been tested. A bit
more work is needed, though.

https://labs.riseup.net/code/issues/5739

- The last mile was basically completed regarding incremental upgrades,
that will be enabled by default starting with Tails 0.22.1.

https://git-tails.immerda.ch/tails/log/?h=feature/incremental-upgrades-integration
https://labs.riseup.net/code/issues/6014

Work in progress:

- David Wolinsky has started porting
the WiNoN design to Tails: multiple, independent VMs connected to
independent paths through the Tor network in order to wear multiple
hats. Also, as David put it: "There are other benefits of using VMs
as the Whonix folks have recognized".

https://mailman.boum.org/pipermail/tails-dev/2013-December/004517.html
https://labs.riseup.net/code/issues/5748

- We have struggled against a memory wipe
regression on some hardware with recent Linux kernels. No success
so far.

https://labs.riseup.net/code/issues/6460

- Some progress was made towards the migration to Wheezy (Tails 1.1).

https://git-tails.immerda.ch/tails/log/?h=feature/wheezy

- Early support for Monkeysign was merged, but more work
is needed.

http://web.monkeysphere.info/monkeysign/
https://git-tails.immerda.ch/tails/log/?h=feature/monkeysign
https://labs.riseup.net/code/issues/6455
https://labs.riseup.net/code/issues/6515

Bug and regression fixes:

- Disable WebRTC.

https://labs.riseup.net/code/issues/6468

- Fix keyboard shortcuts.

https://git-tails.immerda.ch/tails/log/?h=bugfix/6478
https://labs.riseup.net/code/issues/6478

- Use the same User-Agent in htpdate as in the Tor Browser.

https://git-tails.immerda.ch/tails/log/?h=bugfix/6477-htpdate-user-agent
https://labs.riseup.net/code/issues/6477

- Fix the Unsafe Browser configuration.

https://git-tails.immerda.ch/tails/log/?h=bugfix/unsafe-browser-vs.-FF24
https://labs.riseup.net/code/issues/6479

- Set the browser icon to IE's one in Windows camouflage mode.

https://git-tails.immerda.ch/tails/log/?h=bugfix/6536-IE-icon-in-Windows-camouflage-mode

Branches pending review:

- Install a 64-bit kernel.

https://git-tails.immerda.ch/tails/log/?h=feature/amd64-kernel

- Install poedit from official backports was proposed.

https://git-tails.immerda.ch/tails/log/?h=feature/poedit-from-backports
https://labs.riseup.net/code/issues/6465

- Do not create auto-login text consoles.

https://git-tails.immerda.ch/tails/log/?h=feature/5588-no-autologin-consoles
https://labs.riseup.net/code/issues/5588

And also:

- Tor 0.2.4 is now stable!

https://git-tails.immerda.ch/tails/log/?h=bugfix/tor-0.2.4-is-stable

- The Persistent Volume Assistant now displays nicer paths.
Thanks to Andres Gomez!

https://labs.riseup.net/code/issues/5311

- Torbutton was upgraded to 1.6.5.3.

https://git-tails.immerda.ch/tails/log/?h=feature/torbutton-1.6.5.3
https://labs.riseup.net/code/issues/6566

- Our Tor Browser build and runtime dependencies were updated.

https://git-tails.immerda.ch/tails/log/?h=feature/torbrowser-24.2.0esr-1+tails1

- We have fixed various NSS security issues in squeeze-backports.

https://labs.riseup.net/code/issues/6479

Documentation and website
=========================

- A branch to clean up our ikiwiki configuration was started.

https://git-tails.immerda.ch/tails/log/?h=feature/cleanup-ikiwiki-setup

- The Mac installation instructions were made a bit safer.

https://tails.boum.org/doc/first_steps/installation/manual/mac/

- The links to files and branches in cgit were fixed.
- The tails-support mailing-list is now mentioned on Help other
Tails users.

https://tails.boum.org/contribute/how/help/

- The documentation for incremental upgrades was written.
- The documentation for MAC spoofing was drafted.
- The draft FAQ has now more content.

https://tails.boum.org/blueprint/faq/

Infrastructure
==============

Test suite
----------

- The Tails automated test suite can now be run on pure Debian Wheezy
with backports.

https://git-tails.immerda.ch/tails/log/?h=test/rjb-migration
https://labs.riseup.net/code/issues/6399

This allowed us to update the test suite to match current code,
fix many bugs in it, and improve style a bit. Most of this was
merged, but a few more branches are pending review:

https://labs.riseup.net/code/issues/5959
https://labs.riseup.net/code/issues/5465
https://labs.riseup.net/code/issues/6544

- Our automated test suite was partially ported to the
feature/wheezy branch.

https://git-tails.immerda.ch/tails/log/?h=feature/wheezy

Build system
------------

- Thanks to David Wolinsky and others, our Vagrant setup
was updated to work with newer Vagrant, and
the corresponding basebox updated to include up-to-date Debian
archive keys. While we were at it, a few lurking bugs were fixed.

https://git-tails.immerda.ch/tails/log/?h=bugfix/6221-support-newer-vagrant
https://labs.riseup.net/code/issues/6221

- Thanks to WinterFairy, it is now easy to import translations from
Transifex into our various Git repositories.

https://git-tails.immerda.ch/winterfairy/tails/log/?h=feature/import-translations-extern

On-going discussions
====================

- Tor Browser branding in Tails?

https://mailman.boum.org/pipermail/tails-dev/2013-December/004362.html

- Risks of enabled/disabled TCP timestamps?

https://mailman.boum.org/pipermail/tails-dev/2013-December/004520.html
https://labs.riseup.net/code/issues/6579

Funding
=======

- The Freedom of the Press Foundation launched a campaign to support
encryption tools for journalists. Tails is among
the projects this campaign gathers fund for.

https://pressfreedomfoundation.org/

- The proposal we have sent to sponsor Echo was accepted.
- Our grant proposal with sponsor Charlie was rejected.
- We are slowly making progress on our grant proposal with
sponsor Golf.
- We have almost completed a proposal to be sent to sponsor Lima.
- Our contract with sponsor Bravo is now finished.
- Tails will soon accept donations in currencies other than Bitcoin.
- We are now very likely to create a non-profit organization dedicated
to Tails.
- We have almost wrapped-up our bounties program. A report will be
published soonish.

Outreach
========

Tails participated in the 30th Chaos Communication Congress. It was
a great opportunity to meet, in person, a few existing and new
contributors, as well as many people we are working with.

https://events.ccc.de/congress/2013/wiki/Main_Page

A self-organized event called *Tails needs your help* was organized.
It was a success considering the late notice.

https://tails.boum.org/promote/slides/2013-12-29_-_Tails_needs_your_help.shtml

See you next year, probably with more space and events dedicated
to Tails!

Press and testimonials
======================

* 2013-12: Bruce Schneier answered to someone asking him what Linux
distribution is its favorite: "I don't use Linux. (Shhh. Don't tell
anyone.) Although I have started using Tails".

http://www.reddit.com/r/IAmA/comments/1r8ibh/iama_security_technologist_and_author_bruce/cdknf7a

* 2013-12-12: In A conversation with Bruce Schneier,
  as part of the "Snowden, the NSA and free software" cycle at
  Columbia Law School NYC, Bruce Schneier says:
  - "I think most of the public domain privacy tools are going to be
    safe, yes. I think GPG is going to be safe. I think OTR is going
    to be safe. I think that Tails is going to be safe. I do think
    that these systems, because they were not -- you know, the NSA has
    a big lever when a tool is written closed-source by a for-profit
    corporation. There are levers they have that they don't have in
    the open source international, altruistic community. And these are
    generally written by crypto-paranoids, they're pretty well
    designed. We make mistakes, but we find them and we correct them,
    and we're getting good at that. I think that if the NSA is going
    after these tools, they're going after implementations."
  - "What do I trust? I trust, I trust Tails, I trust GPG [...]"
  - "We can make it harder, we can make it more expensive, we can make
    it more risky. And yes, every time we do something to increase one
    of those, we're making ourselves safer. [...] There are tools we
    are deploying in countries all over the world, that are keeping
    people alive. Tor is one of them. I mean, Tor saves lives. [...]
    And every time you use Tor [...] provides cover for everyone else
    who uses Tor [...]"


http://boingboing.net/2013/12/15/bruce-schneier-and-eben-moglen-2.html

* Jacob Appelbaum stated at the Chaos Communication
Congress:
"if you are a journalist and you are not using Tails, you should
probably be using Tails, unless you *really* know what
you're doing".

https://events.ccc.de/congress/2013/Fahrplan/events/5713.html


--
Tails folks