Re: [Tails-dev] MAC spoofing: current status?

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] MAC spoofing: current status? [Was [RFC] Design (and prototype) for MAC spoofing in Tails]
Subject: Re: [Tails-dev] MAC spoofing: current status?
Hi,

anonym wrote (03 Dec 2013 00:33:43 GMT) :
>> * remaining coding blockers


> Most coding is done. See in particular commit 7ead3ed for the fail-safe
> (as an early Christmas gift for you, I gettext:ised it (commit 6c6604a)
> even before you asked for it :)))), which I pushed in a hurry without
> any mention a few days ago. There's also a new TG in the APT suite, and
> both the feature branch and the APT suite were merged
> into experimental.


Cool. Added a typo fix commit on top. You'll want to merge the current
devel branch into feature/spoof-mac, resolving any conflicts
introduced by commit d28ac88.

> Two things that remain comes to mind (although I promise to scan this
> thread for more loose ends):


> * Perhaps checking the return status of tails-unblock-network in TG's
> post-login script? If it fails due to `set -e`, NM may not start,
> leaving the user without networking. Yet another notification?


At least logging something on failure would seem useful.

> * Investigate the NM passive probe fingerprinting issue. This is not
> strictly coding, but it very well may turn into coding, which scares
> me a bit since you in an earlier email thought it had to be
> "addressed in the first released iteration of this work". IMHO, let's
> at least not require that for the beta, so we can get it out there
> faster just to see if in particular the network blocking and
> unblocking isn't causing large-scale disasters. And the by-default
> enabled MAC spoofing, of course...


Do you really mean "active" here?

If so, then I think we can allow ourselves to ship feature/spoof-mac
without the NM active probing issue resolved, but I'd like to see
clear plans about this topic (even if it is "it looks too hard, let's
file a wishlist and email a few people asking if they want to
implement it for us") first.

> Definitely. I'll return to this post in a few days (when I have more
> time on my hands) with more affirmative answers + proper bugs/tasks. See
> this post more as a heads up.


:)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc