Page MenuHomePhabricator
Feed All Stories

Today

Patrick edited Description on whonix-gw-firewall.
Wed, Dec 11, 9:48 AM
Patrick edited Description on whonix-ws-firewall.
Wed, Dec 11, 9:47 AM
marmarek added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

It looks like bpfilter is in rather early stages, and it's few years until we'll see it in Debian.

Wed, Dec 11, 3:35 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick renamed T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables from Consider nftables as a replacement for iptables to Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Wed, Dec 11, 2:11 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Or skip nftables and use Berkeley Packet Filter (BPF)?

Wed, Dec 11, 2:10 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick updated the task description for T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Wed, Dec 11, 2:09 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Sun, Dec 8

HulaHoop triaged T944: Hardened sshd Setup as Normal priority.
Sun, Dec 8, 4:06 PM · enhancement, Whonix

Sat, Dec 7

Patrick renamed T937: make /boot and /lib/modules unreadable for non-root users from make /boot unreadable for non-root users to make /boot and /lib/modules unreadable for non-root users.
Sat, Dec 7, 9:14 AM · Whonix, security-misc
Patrick renamed T943: make /boot and /lib/modules unreadable even for root from make /boot unreadable even for root to make /boot and /lib/modules unreadable even for root.
Sat, Dec 7, 9:14 AM · security, Whonix, apparmor-profile-everything
Patrick triaged T943: make /boot and /lib/modules unreadable even for root as Normal priority.
Sat, Dec 7, 9:13 AM · security, Whonix, apparmor-profile-everything

Thu, Dec 5

Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Thu, Dec 5, 4:16 PM · Whonix, security
Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Thu, Dec 5, 4:12 PM · Whonix, security
Patrick renamed T941: lock down interpreters / compilers (interpreter lock) (compiler lock) from lock down interpreters (interpreter lock) to lock down interpreters / compilers (interpreter lock) (compiler lock).
Thu, Dec 5, 4:12 PM · Whonix, security
Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Thu, Dec 5, 4:07 PM · Whonix, security
Patrick triaged T942: polish Whonix Host Firewall for Whonix Host as Normal priority.
Thu, Dec 5, 4:04 PM · security, Whonix, Whonix-Host
Patrick renamed T941: lock down interpreters / compilers (interpreter lock) (compiler lock) from lock down interpreters to lock down interpreters (interpreter lock).
Thu, Dec 5, 3:51 PM · Whonix, security
Patrick triaged T941: lock down interpreters / compilers (interpreter lock) (compiler lock) as Normal priority.
Thu, Dec 5, 3:51 PM · Whonix, security
Patrick updated the task description for T940: grub boot password.
Thu, Dec 5, 3:35 PM · security, Whonix-Host, Whonix
Patrick triaged T940: grub boot password as Normal priority.
Thu, Dec 5, 3:22 PM · security, Whonix-Host, Whonix
Patrick updated the task description for T868: mediawiki fixes #2.
Thu, Dec 5, 9:14 AM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Thu, Dec 5, 9:13 AM · Whonix, website
Patrick updated the task description for T771: install magic-wormhole by default / Implementing an Onionshare alternative.
Thu, Dec 5, 6:57 AM · Whonix 14, Whonix, Whonix 15

Mon, Nov 25

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Mon, Nov 25, 1:32 PM · C Code, security, Whonix

Sat, Nov 23

Patrick closed T938: request apparmor environment scrubbing whitelist from AppArmor upstream as Resolved.

Awesome!

Sat, Nov 23, 5:53 PM · apparmor-profile-everything, AppArmor, Whonix
madaidan added a comment to T938: request apparmor environment scrubbing whitelist from AppArmor upstream.

I created the issue:

Sat, Nov 23, 5:51 PM · apparmor-profile-everything, AppArmor, Whonix
Patrick triaged T939: file permissions hardening lockdown as Normal priority.
Sat, Nov 23, 5:25 PM · security-misc, Whonix
Patrick triaged T938: request apparmor environment scrubbing whitelist from AppArmor upstream as Normal priority.
Sat, Nov 23, 5:23 PM · apparmor-profile-everything, AppArmor, Whonix
Patrick added a member for security-misc: madaidan.
Sat, Nov 23, 5:20 PM
Patrick triaged T937: make /boot and /lib/modules unreadable for non-root users as Normal priority.
Sat, Nov 23, 5:19 PM · Whonix, security-misc
Patrick closed T936: apparmor-profile-everything breaks Qubes upgrading as Resolved.
Sat, Nov 23, 5:07 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor
Patrick added a project to T936: apparmor-profile-everything breaks Qubes upgrading : apparmor-profile-everything.
Sat, Nov 23, 5:07 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor
Patrick added a member for apparmor-profile-everything: madaidan.
Sat, Nov 23, 5:07 PM
Patrick created apparmor-profile-everything.
Sat, Nov 23, 5:06 PM
madaidan added a comment to T936: apparmor-profile-everything breaks Qubes upgrading .

https://github.com/Whonix/apparmor-profile-everything/pull/7

Sat, Nov 23, 4:44 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor
Patrick added a comment to T936: apparmor-profile-everything breaks Qubes upgrading .

Could you add to git please?

Sat, Nov 23, 4:41 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor
Patrick added a comment to T936: apparmor-profile-everything breaks Qubes upgrading .

Works.

Sat, Nov 23, 4:38 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor
madaidan added a comment to T936: apparmor-profile-everything breaks Qubes upgrading .

Try adding:

Sat, Nov 23, 4:20 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor
Patrick triaged T936: apparmor-profile-everything breaks Qubes upgrading as Normal priority.
Sat, Nov 23, 4:16 PM · apparmor-profile-everything, Qubes, Whonix, AppArmor

Thu, Nov 21

Patrick updated the task description for T470: Whonix home page redesign.
Thu, Nov 21, 8:56 PM · html, Whonix, user documentation
Patrick closed T588: improve Troubleshooting / Test as Resolved.

Good enough.

Thu, Nov 21, 8:55 PM · Whonix, user documentation
Patrick closed T621: Combatting sclockadj's log spam as Resolved.

Not a problem anymore.

Thu, Nov 21, 8:54 PM · Debian version 10 codename Buster, Whonix, research

Sat, Nov 16

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Sat, Nov 16, 11:20 AM · C Code, security, Whonix
Patrick added a comment to T543: TCP ISNs and Temperature induced clock skews.
Sat, Nov 16, 11:19 AM · C Code, security, Whonix
Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Sat, Nov 16, 11:18 AM · C Code, security, Whonix

Nov 8 2019

Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 4:50 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 4:21 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:59 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:58 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:57 PM · Whonix, website
Patrick closed T809: mediawiki fixes as Resolved.

Migrated remaining task to T868.

Nov 8 2019, 3:56 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:56 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:53 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:52 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:51 PM · Whonix, website

Nov 6 2019

Patrick updated subscribers of T362: systemd SystemCallFilter= containment option seccomp hardening.
Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T362: systemd SystemCallFilter= containment option seccomp hardening as Resolved.

This was done. If not, please create specific tickets where it isn't done.

Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T444: test if Ricochet IM instructions are functional as Invalid.

https://www.whonix.org/wiki/Chat#Ricochet_IM

Nov 6 2019, 3:33 AM · onion-grater (Control Port Filter Proxy), research, Whonix

Nov 4 2019

Patrick closed T918: mediawiki extensions to install for better links as Resolved.

Installed. See screenshot on how to use:

Nov 4 2019, 3:33 PM · server-ssh-access-required, website, Whonix

Nov 3 2019

Patrick updated the task description for T935: add Whonix newsletter.
Nov 3 2019, 8:33 AM · website, Whonix
Patrick updated subscribers of T935: add Whonix newsletter.
Nov 3 2019, 8:33 AM · website, Whonix
Patrick triaged T935: add Whonix newsletter as Normal priority.
Nov 3 2019, 8:32 AM · website, Whonix

Oct 25 2019

Patrick closed T934: fix whonix-wiki-html backup / fix scrape-whonix-wiki.sh as Resolved.
Oct 25 2019, 1:38 PM · Whonix, website
Patrick added a comment to T934: fix whonix-wiki-html backup / fix scrape-whonix-wiki.sh.

Sitemap was broken. May be unrelated to https://github.com/WhonixBOT/whonix-wiki-html/blob/master/scrape-whonix-wiki.sh. Just a follow up issue. Not cause. In progress of fixing this.

Oct 25 2019, 12:30 PM · Whonix, website
Patrick triaged T934: fix whonix-wiki-html backup / fix scrape-whonix-wiki.sh as Normal priority.
Oct 25 2019, 12:00 PM · Whonix, website
Patrick triaged T933: fix offline documentation - pdfbook as Normal priority.
Oct 25 2019, 11:53 AM · website, Whonix
Patrick triaged T932: fix Git-Mediawiki whonix-wiki-backup as Normal priority.
Oct 25 2019, 11:50 AM · website, Whonix

Oct 23 2019

Patrick updated the task description for T868: mediawiki fixes #2.
Oct 23 2019, 4:00 PM · Whonix, website

Oct 21 2019

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

NonaSuomy:

Added requested NFTables example from duclicsic #netfilter freenode.

Oct 21 2019, 7:33 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Oct 17 2019

HulaHoop added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Starting with Bullseye nftables will be the default:

Oct 17 2019, 7:29 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Oct 15 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Oct 15 2019, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 13 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Oct 13 2019, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 10 2019

HulaHoop renamed T931: Testing tpm2-pkcs11with KVM vTPM 2.0 from Testing tpm2-pk11 with KVM vTPM 2.0 to Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 10 2019, 3:54 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop removed a project from T931: Testing tpm2-pkcs11with KVM vTPM 2.0: packaging.
Oct 10 2019, 3:50 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop claimed T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 10 2019, 3:49 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop renamed T931: Testing tpm2-pkcs11with KVM vTPM 2.0 from Packaging for tpm2-pk11 to Testing tpm2-pk11 with KVM vTPM 2.0.
Oct 10 2019, 3:49 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop added a comment to T931: Testing tpm2-pkcs11with KVM vTPM 2.0.

Already packaged in Debian but is currently orphaned and needs a maintainer accoridng to its ex-maintainer:

Oct 10 2019, 3:47 PM · Whonix, Debian version 11 codename Bullseye

Oct 7 2019

HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 7 2019, 11:29 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 7 2019, 11:13 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 7 2019, 9:40 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 7 2019, 9:28 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop added a comment to T543: TCP ISNs and Temperature induced clock skews.

An alternative proposal for editing ISNs without involving the kernel:

Oct 7 2019, 3:11 AM · C Code, security, Whonix

Oct 6 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick closed T596: keep an eye on kloak anti keystroke deanonymization tool as Resolved.

Implemented for some time now.

Oct 6 2019, 9:54 PM · Whonix 16, security, Whonix
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Oct 6 2019, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Oct 6 2019, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Oct 6 2019, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Oct 6 2019, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 5 2019

HulaHoop added a comment to T931: Testing tpm2-pkcs11with KVM vTPM 2.0.

TPM hw not working. Troubleshooting thread:

Oct 5 2019, 5:10 PM · Whonix, Debian version 11 codename Bullseye

Oct 4 2019

madaidan added a comment to T670: Activating Lockdown.

It turns out, what I said only applies to the Debian package. The kernel patch and the package are actually two different things.

Oct 4 2019, 8:37 PM · Debian version 10 codename Buster, Whonix
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 4 2019, 6:06 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop updated the task description for T931: Testing tpm2-pkcs11with KVM vTPM 2.0.
Oct 4 2019, 4:33 PM · Whonix, Debian version 11 codename Bullseye
HulaHoop triaged T931: Testing tpm2-pkcs11with KVM vTPM 2.0 as Normal priority.
Oct 4 2019, 4:22 PM · Whonix, Debian version 11 codename Bullseye

Sep 28 2019

Patrick added a project to T930: whonix.SdwdateStatus service starts VMs that were killed: sdwdate-gui.
Sep 28 2019, 10:44 AM · sdwdate-gui, Whonix

Sep 27 2019

marmarek created T930: whonix.SdwdateStatus service starts VMs that were killed.
Sep 27 2019, 8:46 PM · sdwdate-gui, Whonix

Sep 23 2019

Patrick updated the task description for T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Sep 23 2019, 10:10 AM · server-ssh-access-required, website, Whonix
Patrick updated the task description for T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Sep 23 2019, 10:09 AM · server-ssh-access-required, website, Whonix

Sep 14 2019

Patrick updated the task description for T89: Whonix Control Panel.
Sep 14 2019, 7:45 PM · Whonix, Apps, enhancement, usability

Aug 31 2019

Patrick triaged T929: Whonix XFCE Wallpaper / Background Image as Normal priority.
Aug 31 2019, 3:50 PM · Whonix 16, whonix-xfce-desktop-config, Whonix
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:49 PM · live-mode, Whonix
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:49 PM · live-mode, Whonix