Re: [Tails-dev] please look at Comparison of Whonix, Tails …

Delete this message

Reply to this message
Author: adrelanos
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] please look at Comparison of Whonix, Tails and TBB #2
intrigeri:
> Hi,
>
> adrelanos wrote (09 Feb 2013 19:10:32 GMT) :
>> intrigeri:
>>> adrelanos wrote (04 Feb 2013 20:19:24 GMT) :
>>>> I just updated the Whonix comparison of Whonix, Tails and Tor Browser
>>>> Bundle page. [1] Hopefully it's this time much more precise and correct
>>>> from the beginning.
>>>
>>>> If there is anything wrong, I'll correct it right away.
>
> I'm coming back to it finally, sorry for the delay.
>
> * "Tails 0.1.6." -> "Tails 0.16"


Fixed.

> * Tails has not been available as a LiveCD for a year or so


Fixed.

> About Whonix supporting "any" hardware: I don't think this is
> compatible with claiming to ship the Torbrowser. Rather than such
> a broad claim, perhaps clarify that Whonix supports any hardware that
> is able to emulate an architecture supported by the TBB binary builds?


Fixed.

>>> "Includes Tor Browser" in the general security comparison should be
>>> updated for Tails.
>
>> Not sure about this one. I have read:
> [...]
>> It would be nice if you could expand the design a bit or explain
>> it here.
>
> Thanks for the heads up. Added as "3.6.13 Iceweasel" on our design
> doc. But that comes with 0.17, so you might have to update other
> parts too.


Changed to "See footnote ^30^ for latest status." and

"^30^ See documentation [For the websites that you are
visiting](https://tails.boum.org/doc/about/fingerprint/index.en.html)
and todo [evaluate web
fingerprint](https://tails.boum.org/todo/evaluate_web_fingerprint/) for
latest status."

>> And actually, Tails can run (as any Debian / OS) behind a physically
>> isolated Whonix-Gateway. After running do_not_ever_run_me, configuring
>> the network to use the gateway, un-configuring misc proxy settings
>> (browser), it should work. I made a short test but didn't fully document
>> it yet.
>
> Nice. I'd rather see this called "a modified Tails" rather than
> "Tails", though.


I completely over thought that. Now changed to fail "^7^ ^8^"

"^7^ Fail, because it already failed against a VM exploit.
^8^ Usually not run behind a physically isolated Whonix-Gateway."

Which hopefully makes more sense now?

>>> This has quite some amount of outdated information:
>>> http://sourceforge.net/p/whonix/wiki/FAQ/#why-dont-you-merge-with-tails-and-join-efforts
>>> (at first glance: Using Tor Browser, Multi language support,
>>> obfsproxy...)
>
>> What's the Tails requirement for multi language support?
>
> I'm not sure what you mean. In any case, "3.3 Internationalization" in
> our design doc might help.


I am still not sure. Maybe I put a bit to much into "The TBB ships
l10n'd packages, while Tails needs to support as many languages as
possible." [1]

The question boils down to, when creating new features that require user
interaction or have user output, does it have have to provide
internationalization support to support as many languages as possible?

>> I hope I updated everything.
>
> "Requirement to fit on a CD." => CD, really?


CD -> DVD, fixed.

> "Isolating Proxy for strong IP/DNS leak protection." => why does the
> comparison that follows holds for *DNS* leak protection?


To answer that, I wrote a few more words...

* [Isolating
Proxy](https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IsolatingProxy)
for strong IP/DNS leak protection.
    * Whonix: Is a top priority for Whonix and already implemented. In
Whonix-Workstation you can do any kind of "creative" (sane or not)
modifications, edit any configuration files (DNSCrypt, DNSSEC, OpenVPN)
and there will be no IP/DNS leaks as long as the Virtual Box network
adapter settings on the host aren't changed or when using physical
isolation, as long as a physically isolated Whonix-Workstation is only
connected to a physically isolated Whonix-Gateway.
    * Tails: There are no DNS leaks, unless going "creative". Something
similar to an Isolating Proxy design is only a stale Wishlist Item, see
[Tails Wishlist Item: Two-layered virtualized
system](https://tails.boum.org/todo/Two-layered_virtualized_system/).


> "Remember installed packages." => upcoming in 0.18.


Added that.

> I'm still quite sad to read FUD like "adrelanos would have to obey the
> Tails developers decisions, otherwise contributions do not get merged"
> spread about Tails. I call this FUD because:
>
>   a. Using "to obey" suggests there is a strong authoritarian
>      structure in the Tails project, while I've never seen anyone
>      dictate anyone else what they should do, and ask them to "obey",
>      in this context (save various trolls that try to dictate what
>      we're going to spend our time on). I don't mean we're living in
>      a fantasy world where we're all perfectly equal, but I absolutely
>      disagree that our decision making process works the way you
>      put it.

>
>   b. It suggests there are "the Tails developers" and... the rest.
>      It's true that there are various more or less "core" developer
>      status, with different commit bits, different levels of access to
>      sensitive information, but there are certainly not two such
>      binary categories.


I agree. "Obey" is the wrong way to put it. You're not telling anyone
what to work on. And even have a decision making process. That's really
not what I wanted to say.

"As a code contributor to Tails, adrelanos would have to accept
decisions made by the Tails decision making process and couldn't simply
modify anything as personally desired, preferred or believed to be the
best solution."

>
>   c. By affirming that strongly that one has to "obey" else
>      "contributions do not get merged", it suggests that there are
>      precedents of this process. Reference needed.


The word "obey" has already been corrected.

The reason for pointing the quoted sentence above is to answer "Why
Whonix, why not contribute to Tails instead?" like questions.

Example, I like to see XChat in Tails:
https://mailman.boum.org/pipermail/tails-dev/2012-August/001442.html

Decision making process says no. I can do nothing but accept it.

Now, when I dislike the decision and I strongly care about it, I can do
nothing other than either fork Tails or start a new project.

> "Video/streaming software." => on the one hand, you make it clear one
> may install such software on Whonix; on the other hand, you point to
> a Tails ticket. That kind of unfair / differentiated treatment sounds
> like cheap advertising to me; it's not an isolated case, and to be
> honest, it certainly does not make me happily anticipate reviewing
> such documents again. I wish that next time, you apply a filter for
> differentiated treatment first, before asking for reviews. Anyway,
> that's your call :)


Sad to hear that.

I'd be happy if those comparison stuff articles could be moved to a
neutral space, so anyone can edit it, including the more knowledgeable
people from the involved projects. (In meanwhile, I wouldn't have a
problem giving others access to edit it in sf wiki.) As long it stays in
Whonix wiki, it will may always be perceived as advertising, biased and
so forth.

(And there is pandoc to do a lot heavy lifting when needed to convert
from markdown syntax to mediawiki syntax if required.)

It's GPLv3 already and in case it's required, I can make it CC or
whatever as well. Wikipedia may or may not be interested, but wouldn't
be a good choice, since Tor users have great difficulties editing it.

Torproject wiki isn't a good place either, Andrew Lewman said something
about "it's for what can I do with Tor and how" and Robert Ransom
suggests to take the wiki offline. (sorry, I don't remember which
mailing list thread it was, if you care to verify, they'll probable
confirm by mail)

Problem is, I don't know any wiki host interested in this kind of topic,
where (registered) Tor users are free to edit, and where the involved
projects are willing to participate. If there was, I am sure the
involved projects all are mature enough to make it objectively correct
in no time.

> To end with, perhaps drop the sub-sections where Tails and Whonix are
> on par?


Done.

I am puzzled how I could perhaps rewrite the faq entry [1] and migrate
to the comparison page [3].

The faq entry is supposed to be a subjective answer, why I maintain a
separate project, which differences I personally care about. Not about
criticizing/advertising/offending.

The comparison page is supposed to be as objective/factual as possible.
The purpose is to have a good overview for myself and others what the
differences are, demonstrate, that things are still non-ideal and
therefore open up for others to recognize, that one could contribiute a
Two-layered virtualized system / TorChat / etc. support to Tails
(because Whonix demonstrated it) and/or a Amnesic / Cold Boot Protection
/ etc. feature to Whonix (because Tails demonstrated it) and so forth.

If I start adding a feature comparison, such as "includes a spell
checker", supports obfsproxy, all projects yes, the list will be quite
incomplete. So if it was hosted elsewhere, where I am contributor rather
than owner, things would be simpler.

[1] https://tails.boum.org/todo/replace_iceweasel_with_Torbrowser/
[2]
https://sourceforge.net/p/whonix/wiki/FAQ/#how-is-whonix-different-from-tails
[3] https://sourceforge.net/p/whonix/wiki/Comparison%20with%20Others/