
Tails 2.4 is out - ikeboy
https://blog.torproject.org/blog/tails-24-out
======
josemrb
I think a better approach to a strong security and privacy would be to use
Whonix[0] in Qubes[1].

It's not too hard[2].

    
    
      0: https://www.whonix.org
      1: https://www.qubes-os.org
      2: https://www.qubes-os.org/doc/whonix/install

~~~
allemagne
Why do you think so?

~~~
htns
The whonix setup has tor and your browser on different VMs, whereas tails
relies on linux' firewall to funnel traffic through tor. Tails is "just" one
kernel exploit away from deanonymization.

More importantly, qubes is far superior to anything else for day to day
security. You can do your banking in one isolated domain, your "let's download
a thousand unverified dependencies from strangers" development on another,
your internet browsing in a third, you can create domains with no internet
connectivity to store your private files, and it's a lot easier than trying to
juggle VMs yourself. A side benefit for the people who never close tabs is
that qubes never becomes unresponsive due to running low on memory.

------
tptacek
If Tails is something you actually _need_ , I'd look at Subgraph first:

[https://subgraph.com/sgos/](https://subgraph.com/sgos/)

~~~
folksonomy
Subgraph is still alpha version and it even says on the site: 'Not for real
use'. Until SG is more fleshed out I'm sticking with TAILS.

~~~
tptacek
Subgraph was started in part based on concerns with Tails that the authors
might be too nice to pursue publicly. I'd personally be wary of both projects.

~~~
mapgrep
Why is that? What would you recommend to those of us who use TAILS frequently?

~~~
feklar
Subgraph is meant to be used as an installed OS with hardened
containers/grsecurity while TAILS is a live Debian system maintained by
anonymous developers without any of the grsec patches or containerization.

If you really need to not have your ID leaked, like the UAE recently going
after dissidents with state malware, you'd want to use something like Subgraph
with a seperate firewall/NAT internal address as insurance (pref running
OpenWRT or a BSD not the default proprietary lighthttp server 'admin portal'
firmware running with full privs).

~~~
tptacek
Huh? Which NCC consultant would that be? Neither Bruce Leidl nor David Mirza
have ever worked with NCC, or, for that matter, iSEC or Matasano or
Intrepidus.

~~~
feklar
On their twitter they linked a container whitepaper by "fellow NCC consultant
Jesse" guess I am mistaken.

~~~
ekiru
I think that was a retweet of
[https://twitter.com/dyn___/status/738079794689019904](https://twitter.com/dyn___/status/738079794689019904)
, which was tweeted by someone at NCC.

~~~
feklar
This is what happens when you write your own twitter.el and botch the UI

------
tomc1985
What's with the bullshit install wizard? Where did the direct download live
USB link go?

~~~
ikeboy
[https://tails.hactar.bz/tails/stable/tails-i386-2.4/tails-i3...](https://tails.hactar.bz/tails/stable/tails-i386-2.4/tails-i386-2.4.iso)
(from
[https://tails.boum.org/install/download/openpgp/index.en.htm...](https://tails.boum.org/install/download/openpgp/index.en.html))

------
CiPHPerCoder
The subtext here is unsettling; I really hope I'm misreading it:

Security issues fixed and announced a month ago are only just now available
for TAILS users.
[https://tails.boum.org/security/Numerous_security_holes_in_2...](https://tails.boum.org/security/Numerous_security_holes_in_2.3/)

TAILS still doesn't ship with a grsecurity-hardened kernel.

These might not be big deals if TAILS wasn't designed specifically for high
risk users. Maybe they need more funding and open source love?

~~~
Karunamon
Wasn't there some recent drama where the grsecurity folks were going to stop
distributing it for free?

~~~
poooogles
Yeah. Was following on from this,
[https://mobile.twitter.com/marcan42/status/72474588679483392...](https://mobile.twitter.com/marcan42/status/724745886794833920).

------
kbenson
So, from implications in comments here, wording on the update announcement,
and some vague recollection from past news, I'm assuming Tails is a TOR
enabled distro, possibly a livecd?

Does anyone mind chiming in with a succinct description of what Tails is and
it's likely use cases, or a link to an official page that does so?

~~~
MrJagil
I mean, I really try to avoid being snarky, but a basic google search....
[https://tails.boum.org/](https://tails.boum.org/)

It gained some additional fame because Snowden used it:
[https://en.wikipedia.org/wiki/Tails_(operating_system)#Histo...](https://en.wikipedia.org/wiki/Tails_\(operating_system\)#History)

~~~
kbenson
So, I'm supposed to go to a completely different domain than the one the
update notes were posted at?

Obviously I could have searched for it, but part of the reason for my comment
was that the update was posted to, and this submissions was linked to, is
blog.torproject.org and there is startlingly little information about what
Tails actually _is_ on that site. Is it too much to ask that when I click the
"about" link above the blog entry with the Tails changelog that they actually
mention Tails at some point?

~~~
MrJagil
I think the constructive thing to do would be to email the admin; I guess they
don't expect people to land on the page without knowing just a little bit
about Tails.

~~~
kbenson
> I think the constructive thing to do would be to email the admin

I agree that's the constructive _end point_ (and at your suggestion, I will do
so), I was soliciting information first (hopefully with more details from
users about where they found it was actually useful), rather than resorting to
Google and eventually site marketing copy. If there was some reason for this
(such as this not being the primary site for release notes about Tails, but a
secondary channel), then I wouldn't necessarily want to bother the admins
about it, or I may word it differently, depending.

> I guess they don't expect people to land on the page without knowing just a
> little bit about Tails.

That may be a valid assumption, but I think if your purpose is to disseminate
free software for a cause, and people are reaching the release notes without
much prior information (such as when they are linked here) and there's little
or no information on the site about that software without multiple steps, then
you've failed in some small way at a fundamental level.

Clicking "About Tor" at the top takes you to an about page at a different
(sub)domain, and the root of _that_ has information about tails. Or going to
Google. Many of the links in the release notes are to tails.boum.org, but some
subsection for downloads or upgrade instructions. You again have to decide to
go to the root of the domain for more info. For an example of where I think
this is done well, see the Rakudo Star release announcements[1]. Even if you
have no idea what it is (which is probably likely), the first paragraph should
give you enough information to know relatively well what this is about, and
there's a few more paragraphs expanding on details specific to the project or
release. Then it goes on to explain the specific changes (with less detail
than given for Tails, admittedly).

1: [http://rakudo.org/2016/02/03/announce-rakudo-star-
release-20...](http://rakudo.org/2016/02/03/announce-rakudo-star-
release-2016-01/)

