New release of Heads (Tails without blobs & systemd)!

21 replies [Last post]
traxter
Offline
Joined: 03/23/2018

Hi everybody,

just wanted to let you know that Heads Version 0.4 was released today.

https://heads.dyne.org/news/2018/03/release-04.html

For those who have not heard about Heads yet: it is basically a 100 % FSF-compatible version of Tails, but based on Devuan instead of Tails itself or Debian. Just like Tails, Heads is meant to be used as an amnestic live system routing all traffic through the Tor Network. This release uses sysvinit combined with OpenRC as init system (no systemd). There is no non-free stuff included and they are going to "apply for the GNU free distribution list".

There have been rumours that the project is dead and also concerns that version 0.3 is outdated, since it was released in June 2017.

It's good to hear that the project is alive and that there is a fresh release.

Anyone tried it yet? Would be nice to hear how it performs.

strypey
Offline
Joined: 05/14/2015

Is Heads a replacement for Dyne:Bolic? I notice it's produced by the same organisation.
https://www.dyne.org/software/dynebolic/

Dyne hasn't had a new version since 2011, and DistroWatch lists it as discontinued:
https://distrowatch.com/table.php?distribution=dynebolic

traxter
Offline
Joined: 03/23/2018

I don't think it's supposed to be a replacement. As far as I know, Heads doesn't focus on multimedia production and doesn't offer any extraordinary tools of this kind.

I hope I'll have the time to try it on Easter, I will do a review then.

strypey
Offline
Joined: 05/14/2015

Dyne:Bolic was never really usable for multimedia production in my experience. It was a great concept, but the resource demands of media production apps make running the OS off a USB stick a bit impractical. Even during my time with Indymedia, who were big on grassroots multimedia production using only free code software where possible, I never heard of anyone using it in production.

Maybe that's why Dyne have abandoned it and switched focus to a libre amnesic distro? Or maybe work on Dyne was diverted into anti-systemD campaigning and working on stuff for Devuan?

calher

I am a member!

Offline
Joined: 06/19/2015

> For those who have not heard about Heads yet: it is basically a 100 %
> FSF-compatible version of Tails, but based on Devuan instead of Tails itself
> or Debian.

No, it's not. It's designed by a 1337 h4x0r who considers the standard
Tails interface "bloat" and makes many sacrifices in functionality and
usability. As we know, when you make something hard to use, people
don't use it as much. And laziness is the weak link in security.

For example, the file manager in Tails lets you right click on a file
and encrypt it. Heads offers no such functional equivalent. You have
to use GPG from the command line. At that point, I might as well use
whatever distro I like, because Heads is definitely not aiding in the
use of Tor and encryption.

traxter
Offline
Joined: 03/23/2018

What is wrong with the developers of Heads? Any dubious reputation?

I was a bit lazy when writing the first post, that was why I simplified it with "basically a ... version of Tails".

But it's good that you mention these differences here, I hadn't noticed the lack of the encryption option in the file manager yet...this could definitely be improved.

Hope I'll soon have some time to take a closer look at it.

We definitely need a FSF-compatible alternative to Tails and this is the only one so far. Let's hope it will grow and improve as time goes by.

onpon4
Offline
Joined: 05/30/2012

I haven't tried Heads, but I immediately had little hope for it when I noticed that it makes a point of excluding systemd, a perfectly good init system that doesn't affect privacy whatsoever. It tells me that the developer of Heads is focusing on the wrong details. A libre Tails should be just that: Tails minus the firmware blobs, which are the only proprietary component (old versions of Tails had TrueCrypt as well, but that has since been removed due to security concerns). Other than that, it should imitate Tails exactly, not only because it has usability down, but also because it ensures that its fingerprint will be the same.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

I've never used Tails (or Heads), but if Tails is apt-based and the only problem is the kernel, could one just use jxself's repo to replace the kernel with linux-libre?

akito
Offline
Joined: 05/10/2017

Is there a tutorial on how to harden Trisquel's kernel against 0-day attacks, or maybe just linux-libre + grsecurity patches? TAILS is too slow for me and heads does not have an option for 'saving files on shutdown', documentation is few.

onpon4
Offline
Joined: 05/30/2012

That has nothing to do with what Tails is about. Tails is about anonymity, and that's why it's slow: it uses the Tor network for everything.

If you're looking for system security, I think you want to take a look at SELinux. But for most users, Trisquel is perfectly fine security-wise (or, as fine as it can possibly be given the hardware-level vulnerabilities).

akito
Offline
Joined: 05/10/2017

Slow for my machine, the GNOME interface eats more RAM not the Tor network. LXDE is fine for me though. SELinux is made by NSA so I would not trust it.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Tails seriously uses GNOME? Choice of DE seems irrelevant to Tails's purpose, so it's disappointing that they'd go with the only option that excludes older machines and machines without (often proprietary) GPU drivers installed.

Is it safe to install a different DE, or could such a change to the default configuration be deanonymizing?

Heather

I am a member!

Offline
Joined: 03/06/2013

Unfortunately, yes. That's not going to change, either.

https://tails.boum.org/support/faq/index.en.html#index4h2

32 bit support also ended some time ago for TAILS. There is still a 32
bit .iso for HEADS up there, which should have the choice of Openbox or
Awesome at boot up time, but it's still not loading for me.

onpon4
Offline
Joined: 05/30/2012

There are very few 32-bit x86 machines left these days. The last 32-bit CPU from Intel was released all the way back in 2004, the last 32-bit CPU from AMD was released in 2004, and the first x86-64 CPUs came out in 2003, from AMD; Intel followed suit in 2005.

Legacy hardware support is great, but surely there has to be a limit. Tails isn't a general-use system, it's a specialized tool. As long as it works on computers that you can buy used for cheap, there's no problem.

onpon4
Offline
Joined: 05/30/2012

Please do not spread misinformation. GNOME does not require 3-D acceleration to work anymore. It can run entirely in software, and the performance drop isn't even really that bad. The only downside is RAM consumption is a bit high, but it's still not that bad.

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

I did not realize until now that GNOME 3 used to require 3D acceleration in order to run at all. If I had, I would have been more careful not to make it sound like this is still the case. What I should have said is that on some machines GNOME can perform rather poorly unless the proper GPU driver is installed. My friend who runs GNOME on Ubuntu 16.04 installed the proprietary Nvidia driver for his GPU because the animations in GNOME were extremely slow and choppy. If this had not been the case, he likely would have stuck with the free Nouveau driver I had helped him install. Perhaps the situation has improved in later versions of GNOME than the version included in 16.04.

I have 2GB of RAM, which is not quite enough for GNOME to run well, but I know that 2GB is not very much compared to what many people have, and I'm sure that 4GB would be plenty. There is certainly nothing wrong with taking advantage of the capabilities of newer hardware, and because GNOME is very easy to learn how to use I understand why many distros use it as their default. Given how important it is for some people to use Tor, and that Tails is the distro that the Tor Project has chosen to support, I wish they were able to provide at least one other DE as an alternative to the default, but I understand why they don't. If I ever require Tails, I can probably get by with a tty.

onpon4
Offline
Joined: 05/30/2012

I haven't tried recent versions of Tails, so I don't know about its RAM usage, but I'm only using about 1GB right now (GNOME Shell on Trisquel 7), and I never had a problem using GNOME 3 on my old laptop with 2 GB (until one day I accidentally left one of the RAM cards unplugged, resulting in only 1GB of RAM being available). What's your RAM usage in Tails? Does keeping number of tabs to a minimum help?

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

I was mistaken about RAM usage being the problem. I just installed GNOME in Trisquel 8. With nothing open except for gnome-system-monitor and one Abrowser tab, I am only using 1.3GB. As long as I don't use the dash, everything works pretty smoothly. Opening windows and switching workspaces is a little slow, but it is not as bad as I remember from Trisquel 7.

Something interesting happened with the dash. At first using the search bar was extremely slow because after each character typed it took close to a second to update the search results, and toggling the grid of applications took several seconds. However, after a while GNOME started dropping some of the animations that were slowing everything down and updating the screen instantly in these situations. The dash is now usable. Perhaps GNOME is able to determine when eye candy is getting in the way of functionality and simplify the animations accordingly. I'd prefer to disable the animations entirely, but this is good enough that I could use GNOME on Tails if I had to, assuming it performs similarly.

I have never used Tails due to the nonfree kernel. Every few months I try to get Heads working but haven't succeed. Do you think adding jxself's linux-libre repository to Tails is safe, or might installing a different kernel be deanonymizing?

onpon4
Offline
Joined: 05/30/2012

It's probably safe, but I'm no security expert. If you want a libre Tails, though, I'd imagine the best way to do that would be to compile the source code after applying the Linux-libre scripts to Tails's version of Linux.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

To remove all animations:
$ gsettings set org.gnome.desktop.interface enable-animations false

There are extensions to more selectively remove or speed up animations:

chaosmonk

I am a member!

I am a translator!

Offline
Joined: 07/07/2017

Good to know. Thank you!

J.B. Nicholson-Owens
Offline
Joined: 06/09/2014

name at domain wrote:
> SELinux is made by NSA so I would not trust it.

That's what makes free software so great: you don't need to trust SELinux
so long as SELinux is free software.

You can inspect the code, compile and run the version you understand, and
pass on copies to help others with something you understand and can help
them with. No need or use for damning by reputation or character
assassination; such claims are read entirely differently.

Therefore I say let the NSA and any other individual or organization write
and publish free software. We can see it's bad and reject it, adapt and
adopt it, or see that it's good and use it. This is a radically different
story from why we must not trust non-free software. We have too little
information by which to properly evaluate non-free software. Non-free
software really asks users to blindly trust that it is not malware (even
though https://www.gnu.org/proprietary/ has plenty of examples of
proprietary malware).