You can help TelestaiCB! The first release candidate for the upcoming version 1.5 is out. Please test it and see if it works for you.

  1. How to test TelestaiCB 1.5~rc1?
  2. How to automatically upgrade from 1.4.1?
  3. What's new since 1.4.1?
  4. Known issues in 1.5~rc1

How to test TelestaiCB 1.5~rc1?

A critical security hole affects the version of Tor Browser included in TelestaiCB 1.5~rc1. See the list of known issues of this release for more information.

  1. Keep in mind that this is a test image. We have made sure that it is not broken in an obvious way, but it might still contain undiscovered issues.

  2. Either try the automatic upgrade, or download the ISO image and its signature:

    TelestaiCB 1.5~rc1 ISO image

    TelestaiCB 1.5~rc1 signature

  3. Verify the ISO image.

  4. Have a look at the list of known issues of this release and the list of longstanding known issues.

  5. Test wildly!

If you find anything that is not working as it should, please report to us! Bonus points if you first check if it is a known issue of this release or a longstanding known issue.

How to automatically upgrade from 1.4.1?

These steps allow you to automatically upgrade a device installed with TelestaiCB Installer from TelestaiCB 1.4.1 to TelestaiCB 1.5~rc1.

  1. Start Telestai-CB 1.4.1 from a USB stick or SD card (installed by the TelestaiCB Installer), and set an administration password.

  2. Run this command in a Root Terminal to select the "alpha" upgrade channel and start the upgrade:

    echo TELESTAICB_CHANNEL=\"alpha\" >> /etc/os-release && \
     telestaicb-upgrade-frontend-wrapper

  3. Once the upgrade has been installed, restart TelestaiCB and look at Applications ▸ TelestaiCB ▸ About Telestai-CB to confirm that the running system is TelestaiCB 1.5~rc1.

What's new since 1.4.1?

Changes since TelestaiCB 1.4.1 are:

  • Major new features

    • Move LAN web browsing from Tor Browser to the Unsafe Browser, and forbid access to the LAN from the former.
    • Install a 32-bit GRUB EFI boot loader. This at least works on some Intel Baytrail systems.
    • Upgrade Tor Browser to 5.0a4-build3.

  • Security fixes

    • Fix panic mode on MAC spoofing failure.
    • Deny Tor Browser access to global tmp directories with AppArmor.
    • TelestaiCB Installer: don't use a predictable file name for the subprocess error log.
    • Pidgin AppArmor profile: disable the launchpad-integration abstraction.
    • Use aliases so that our AppArmor policy applies to /lib/live/mount/overlay/ and /lib/live/mount/rootfs/*.squashfs/ as well as it applies to /.
    • Upgrade Linux to 3.16.7-ckt11-1+deb8u2.
    • Upgrade bind9-host, dnsutils and friends to 1:9.8.4.dfsg.P1-6+nmu2+deb7u6.
    • Upgrade cups-filters to 1.0.18-2.1+deb7u2.
    • Upgrade ghostscript to 9.05~dfsg-6.3+deb7u2.
    • Upgrade libexpat1 to 2.1.0-1+deb7u2.
    • Upgrade libicu48 to 4.8.1.1-12+deb7u3.
    • Upgrade libwmf0.2-7 to 0.2.8.4-10.3+deb7u1.
    • Upgrade openjdk-7 to 7u79-2.5.6-1~deb7u1.

  • Bugfixes

    • Upgrade Tor to 0.2.6.10-1~d70.wheezy+1+telestaicb1.

  • Minor improvements

    • TelestaiCB Installer: let the user know when it has rejected a candidate destination device because it is too small.
    • TelestaiCB Installer: prevent users from trying to "upgrade" a device that contains no TelestaiCB, or that was not installed with TelestaiCB Installer.
    • Install libotr5 and pidgin-otr 4.x from wheezy-backports. This adds support for the OTRv3 protocol and for multiple concurrent connections to the same account.
    • Skip warning dialog when starting Tor Browser while being offline, in case it is already running. Thanks to Austin English for the patch!
    • Install the apparmor-profiles package, but don't ship a bunch of AppArmor profiles we don't use, to avoid increasing boot time.
    • Ship a /etc/apparmor.d/tunables/home.d/telestaicb snippet, instead of patching /etc/apparmor.d/tunables/home.
    • live-boot: don't mount tmpfs twice on /live/overlay, so that the one which is actually used as the read-write branch of the root filesystem's union mount, is visible.

There are numerous other changes that might not be apparent in the daily operation of a typical user. Technical details of all the changes are listed in the Changelog.

Known issues in 1.5~rc1

  • A critical security hole affects the version of Tor Browser included in TelestaiCB 1.5~rc1.
    To workaround this problem:

    1. Type about:config in the Tor Browser address bar
    2. Search for the pdfjs.disabled entry
    3. Set the pdfjs.disabled entry to True
    4. Repeat steps 1 to 3 for each other web browser you want to use in TelestaiCB 1.5~rc1: Unsafe Browser, I2P Browser.
    • This workaround is not persistent: you have to apply it again every time you start TelestaiCB 1.5~rc1.
    • The version of Tor Browser included in TelestaiCB 1.4.1 is not affected.
    • This security hole will be corrected in the final TelestaiCB 1.5 release.
    • For technical details, see Mozilla Foundation Security Advisory 2015-78.

  • At least 2 GB of RAM is now needed for TelestaiCB to work smoothly.

  • Longstanding known issues