SoylentNews is people
SoylentNews
Tails Linux 2.5 is out (Aug 2, 2016).
Tails is a live system that aims to preserve your privacy and anonymity. It helps you to use the Internet anonymously and circumvent censorship almost anywhere you go and on any computer but leaving no trace unless you ask it to explicitly.
It is a complete operating system designed to be used from a DVD, USB stick, or SD card independently of the computer's original operating system. It is Free Software and based on Debian GNU/Linux.
Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc
= Announcements:
https://tails.boum.org/news/version_2.5/index.en.html
https://twitter.com/Tails_live/status/760516381905448968
https://mailman.boum.org/pipermail/amnesia-news/2016-August/000110.html
https://twitter.com/torproject/status/760516806587117568
[Continues...]
Useful links:
- Download / Burning Tails on a DVD: (See also: "Direct Downloads")
https://tails.boum.org/install/dvd/index.en.html- Download and verify using OpenPGP:
https://tails.boum.org/install/download/openpgp/index.en.html- Download / and verify the Tails ISO image (#2):
https://tails.boum.org/install/download/- Numerous security holes in Tails 2.4:
https://tails.boum.org/security/Numerous_security_holes_in_2.4/index.en.html- About:
https://tails.boum.org/about/index.en.html- News:
https://tails.boum.org/news/index.en.html- Getting Started:
https://tails.boum.org/getting_started/index.en.html- First steps with Tails:
https://tails.boum.org/doc/first_steps/index.en.html- Documentation:
https://tails.boum.org/doc/index.en.html
(Score: 2) by frojack on Thursday August 04 2016, @12:10AM
I found it an interesting thread to read. Especially because it was close to home for a software product I worked on in a former job.
The package used encrypted communications links over untrusted networks. It handled large financial transactions and transmitted account numbers and authentication data, etc.
When asked about the encryption, we would provide the design documents and our source code of the encryption routines, and references to the books written by experts stating exactly how to do this type of encryption.
But in the end, our product ran on Windows machines, and we were a small shop without a Phd in sight. We were not going to roll our own, and our routines all ended up calling Windows crypto-APIs to do the actual encryption.
And we told customers this, and showed the customers our code. We demonstrated that we did our part correctly and carefully. Then handed it off to windows APIs. Clear text in. Gibberish out. Gibberish in. Clear text out.
Did we trust the windows crypto library? No of course not. And even if we did, its Windows for Christ sake! Could we rewrite windows? No. Would they replace windows? No.
We never got to the point of talking about hardware or binary blobs. What would be the point? What possible route around those is there?
In the end we simply stated we used the best crypto that Microsoft had to offer, and we did it by the book. We left it at that.
What more can a small programming team do?
In the end, you are a fish, swimming in a barrel. You can zig and zag, but you are still in a barrel not of your making.
The software was quite successful and sold well. They still sell it today.
No, you are mistaken. I've always had this sig.
(Score: 3, Interesting) by melikamp on Thursday August 04 2016, @12:29AM
Absolutely, there is often a room for compromise, and additional layers of security are not a waste, even in the face of total insecurity elsewhere. But what drives me bananas about projects like Tails (serving blobs) or Tor (serving a Windoze client) is their refusal to even acknowledge this is terrible. All they have to do is write on their website with big red letters:
The Windows client is provided, but it's next to useless, since Windows rats out your every move.
The default Linux kernel is probably compromized, please use Linux-libre kernel if your hardware supports it. (Incidentally, Tails does not support Linux-libre, even though it would be trivial for a project that big.)
They are not even selling a product, they got nothing to lose except committed non-free software users who already gave up their privacy anyway. But when I talked to either team, I was more or less stonewalled: none of this seems to concern them. Unless they really are oblivious to these issues, they must know their product has terrible deficiencies, but they will not admit it to their users.