Author: Arpanet-Union Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] suggestions to ease tails configuration and/or
"tails blends" of sorts? ...
Seems like a waste of maintaining to be honest, but does the
- dmidecode --text: size, lines et sha256sum) and dmidecode --binary: size et sha256sum
even work cuz that caught my attention besides the clickbait thumbnail pick of this post.
On Friday, March 14th, 2025 at 13:39, Albretch Mueller <lbrtchx@???> wrote:
> There is "Debian blends". In a sense tails could be seen as a Debian blend customized for security, but, of course, some "security" is just one basic aspect when it comes to the functionality of a system. I use tails and Debian almost exclusively and the perfectionist in me has been "dreaming" of being able to customize and/or recompile the tails base to my needs in a win-win way from which everybody would benefit. Basically, the tails project could be just reorganized in two phases:
> 1st) "tails base": allowing for users to include their own cr@p on their own;
> 2nd) "tails": (essentially using §1st) to complete a full, final version.
>
> I could imagine other users have had their own wishes and "dreams", here is my wish list, from which most items don't relate to "security" per se or not entirely:
>
> 1) basic GUI silliness:
> * 1.1 who had the great idea of using "black on white" on terminals? ;-) (I would guess it was one of those "visual" dudes, this is the first time that I have noticed such thing);
> * 1.2 AFAIK people use tails on their laptops or desktops why is the GUI reacting to mouse over as if you were using a cell phone?, at times windows have been closed (without choosing what you want by clicking on it);
> * 1.3 specially considering §1.2, such item "context" functionality such as "format" on block devices should be kept away as part of a different "block altering" operational branch (when you are a teacher you can see your students making certain "mistakes", which are not entirely their fault).
>
> 2) As part of booting up:
> * 2.1 there should be an option to (semi or more) randomly generate a password in a one-time-pass kind of way which the user would jot down on a piece of paper [her|him]self for that session, we humans aren't/cannot be random at all (think of the Sarah Palin password crack and, yes, in that regard we are all like her);
> * 2.2 toram boot up option (a la Debain-based knoppix, I have never understood why Debian live doesn't have a "toram" option, memory is cheap and plenty these days)
> * 2.3 "testcd" option (knoppix also)
> * 2.4 user config phase before going "toram" (optimally based on a file the user would browse for and then that partition should be unmounted amnesically).
> * 2.5 poor man's secure boot option dedicated to your own exposed machine (the idea of secure computing is kind of a joke anyway, but at least you should be able to own your execution context to some extent):
> * 2.5.1 user burns [his|her] customized tails onto a physically write once device such as a DVD;
> * 2.5.2 using dmidecone (making sure the BIOS hasn't been altered) §2.5.1 is measured (dmidecode --text: size, lines et sha256sum) and dmidecode --binary: size et sha256sum
> * 2.5.2.1 measure fine: you continue the boot process
> * 2.5.2.2 measure didn't pass: the user is given the option to continue booting process (stating what the difference was based on a kept copy of dmidecode --text), user may be trying to use the same base as air-gaped and exposed computer.
>
> 3) recompiling the tails base for one's own needs:
> * 3.1 I don't think that §2.4 could help while solving all configuration problems, say you are using a piece of hardware such as a graphic or memory card which driver is not included in the kernel, so you will have to install its firmware before the final set up (for such issues it is better to recompile the tails base using menuconfig)
> * 3.2 an option to recompile tails with no networking whatsoever (not even as an option) in case you would rather have it that way on your unexposed machine, no games , ...
>
> 4) user favorite cr@p phase after a basic tails boot:
> * 4.1 there should be an option to not compile tails with certain sw (less "toram") and make eclipse, libreoffice, one's favorite browsers, ... run from a mounted block device later;
> * 4.2 users should then be responsible for taking appropriate measures to remain reasonably safe (guidelines and methodologies should be shared).
>
> lbrtchx
