Author: Albretch Mueller Date: To: tails-dev Subject: [Tails-dev] suggestions to ease tails configuration and/or "tails
blends" of sorts? ...
There is "Debian blends". In a sense tails could be seen as a Debian blend
customized for security, but, of course, some "security" is just one basic
aspect when it comes to the functionality of a system. I use tails and
Debian almost exclusively and the perfectionist in me has been "dreaming"
of being able to customize and/or recompile the tails base to my needs in a
win-win way from which everybody would benefit. Basically, the tails
project could be just reorganized in two phases:
1st) "tails base": allowing for users to include their own cr@p on their
own;
2nd) "tails": (essentially using §1st) to complete a full, final version.
I could imagine other users have had their own wishes and "dreams", here
is my wish list, from which most items don't relate to "security" per se or
not entirely:
1) basic GUI silliness:
* 1.1 who had the great idea of using "black on white" on terminals? ;-)
(I would guess it was one of those "visual" dudes, this is the first time
that I have noticed such thing);
* 1.2 AFAIK people use tails on their laptops or desktops why is the GUI
reacting to mouse over as if you were using a cell phone?, at times windows
have been closed (without choosing what you want by clicking on it);
* 1.3 specially considering §1.2, such item "context" functionality such
as "format" on block devices should be kept away as part of a different
"block altering" operational branch (when you are a teacher you can see
your students making certain "mistakes", which are not entirely their
fault).
2) As part of booting up:
* 2.1 there should be an option to (semi or more) randomly generate a
password in a one-time-pass kind of way which the user would jot down on a
piece of paper [her|him]self for that session, we humans aren't/cannot be
random at all (think of the Sarah Palin password crack and, yes, in that
regard we are all like her);
* 2.2 toram boot up option (a la Debain-based knoppix, I have never
understood why Debian live doesn't have a "toram" option, memory is cheap
and plenty these days)
* 2.3 "testcd" option (knoppix also)
* 2.4 user config phase before going "toram" (optimally based on a file
the user would browse for and then that partition should be unmounted
amnesically).
* 2.5 poor man's secure boot option dedicated to your own exposed machine
(the idea of secure computing is kind of a joke anyway, but at least you
should be able to own your execution context to some extent):
* 2.5.1 user burns [his|her] customized tails onto a physically write once
device such as a DVD;
* 2.5.2 using dmidecone (making sure the BIOS hasn't been altered) §2.5.1
is measured (dmidecode --text: size, lines et sha256sum) and dmidecode
--binary: size et sha256sum
* 2.5.2.1 measure fine: you continue the boot process
* 2.5.2.2 measure didn't pass: the user is given the option to continue
booting process (stating what the difference was based on a kept copy of
dmidecode --text), user may be trying to use the same base as air-gaped and
exposed computer.
3) recompiling the tails base for one's own needs:
* 3.1 I don't think that §2.4 could help while solving all configuration
problems, say you are using a piece of hardware such as a graphic or memory
card which driver is not included in the kernel, so you will have to
install its firmware before the final set up (for such issues it is better
to recompile the tails base using menuconfig)
* 3.2 an option to recompile tails with no networking whatsoever (not even
as an option) in case you would rather have it that way on your unexposed
machine, no games , ...
4) user favorite cr@p phase after a basic tails boot:
* 4.1 there should be an option to not compile tails with certain sw (less
"toram") and make eclipse, libreoffice, one's favorite browsers, ... run
from a mounted block device later;
* 4.2 users should then be responsible for taking appropriate measures to
remain reasonably safe (guidelines and methodologies should be shared).
