[[!meta date="2011-03-02 00:46:14 +0100"]]
[[!meta title="Bimonthly report: January and February 2011"]]
We are pleased to present you the first Tails bimonthly report ever.
This is a first try that may, or may not, be followed by others
depending on the feedback we get: if you like reading such news about
Tails, don't hesitate [[telling us|support/talk]]!
This report sums up the work that was done on Tails in January and
# Helping third-parties do security analyses of Tails
We finished writing and published the [[Tails design
document|contribute/design]] that presents a specification of a
*Privacy Enhancing Live Distribution* (PELD) as well as the Tails
By writing this document we intend to help third-parties do security
analyses of any given PELD and specifically of Tails. We also wish to
help establish best practices in the field of PELD design and
implementation, and thus raise the baseline for all similar projects
Reviews of this document and audits of Tails are most welcome.
# Preparing next release
The next Tails release, which will be called 0.7, is based on the
newly released Debian Squeeze. It has been feature freezed recently
and is now being tested in a wild, unsuspecting world; if it survives,
we can bet it will be the best Tails release ever... until 0.8 is out
Protecting against memory recovery
A new, safer way to wipe memory on shutdown was implemented. It is now
also used when the boot media is physically removed: in an emergency
situation, one can grab her Tails Live USB stick or Live CD and leave
while the system will quickly erase her traces from the computer's
memory and shut it down.
Making Tails easier to use
We enhanced the onBoard virtual keyboard; patches were obviously
The Tails user interface was improved in several other ways: hiding
some useless GNOME preference menu items, using a background that does
not overlap with the bootloader menu, adding a shutdown button to the
right of the top GNOME panel (nice idea stolen from Ubuntu).
Other noteworthy enhancements
A fix for a virtual keyboard critical bug was prepared, amongst the
ton of usual release preparation work.
TrueCrypt can be optionally installed at boot time; we may not want to
include TrueCrypt forever, but we at the very least we want to provide
a migration path from TrueCrypt volumes created by good old Incognito
to other formats.
The [HTTPS Everywhere](https://www.eff.org/https-everywhere) Iceweasel
extension is now installed.
Queries to DNS resolvers on the LAN are [[now
Writing our [[design document|contribute/design]] made us think more
thoroughly various parts of the Tails configuration and enhance many
parts of it. Moreover, we compared it with the [Tor Browser
configuration, picked many nice ideas from there, and generally made
Tails configuration more similar to the TBB's one, which shall ease
peer review and enlarge the anonymity set Tails users are part of. A
notable example is the enabling of US English browser spoofing in
The HTP time synchronization system is now more robust wrt. network
GNOME automatic media mounting and opening was disabled to protect
against a class of attacks that was recently put under the spotlights.
Tails was added to a couple spots on the Tor website:
We discussed various funding and sponsoring opportunities; we have
that shall be submitted under the Tor Project umbrella for the Google
Summer of Code and other summer intership programs. [One of
We have participated in the Debian Derivatives Census initiative
([[!debwiki Derivatives/Census]]): Tails now has a dedicated page
([[!debwiki Derivatives/Census/TAILS]]) on the Debian Wiki; in order
to better cooperate with Debian, we have followed their guidelines for
Debian Derivatives ([[!debwiki Derivatives/Guidelines]]); e.g. we have
published a statement about our
Website design: a few visible enhancements have been pushed online,
but stay tuned, some more is being worked on under the hood! Rumor
says our CSS gnomes are preparing something pretty slick.
# A glimpse towards the future
Bridges support: we now have a working prototype; it might not make
its way into the upcoming 0.7 release though.
Accessibility tools for visually impaired people have been
selected and are installed in our development Git branch.
We updated our survey of existing tools for easy install and upgrade
of Tails onto USB sticks, with support for an encrypted persistent
volume in mind.
More and more upcoming Tails features (including [[todo/persistence]],
[[todo/macchanger]], [[todo/bridge support]]) need ways to ask the
user for input at boot time. We have [[researched various
ways|todo/boot_menu]] we could implement this.
We have researched how we could harden a bit Tails resistance against
exploitation of security issues in bundled software
([[todo/Mandatory_Access_Control]], [[todo/nx_bit]], kernel hardening,
compiler hardening options) in a way that would not be a maintenance
burden... while being efficient enough to protect against some classes
of attacks. We have started efforts to push such hardening features in
A general plan was thought through to reorganize the Tails user
documentation. Once this is done, several entry points will be
available to better fit a given user's available time and energy. In
the meantime, we now at least have a [[nice
documentation|doc/first_steps/manual_usb_installation/linux]] that explains how
to install Tails onto a USB stick.