Page MenuHomePhabricator
Feed All Stories

Sat, Jun 15

Patrick updated the task description for T918: mediawiki extensions to install for better links.
Sat, Jun 15, 4:15 AM · server-ssh-access-required, Whonix, website

Fri, Jun 14

Patrick changed the status of T769: Add LUKS container GUI or CLI utility by default from Open to testing-in-next-build-required.
Fri, Jun 14, 3:31 PM · Whonix 15, Debian version 10 codename Buster
Patrick edited projects for T803: coyIM, added: Whonix 16; removed Whonix 15.
Fri, Jun 14, 3:30 PM · Whonix 16, anon-meta-packages, Whonix
Patrick created T920: consider /etc/xdg/xfce4/ defaults.
Fri, Jun 14, 3:23 PM · Whonix 15, security-misc, whonix-xfce-desktop-config, Whonix
Patrick added a project to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time: whonix-base-files.
Fri, Jun 14, 3:00 PM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Fri, Jun 14, 2:57 PM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick created T919: Whonix Live Branding.
Fri, Jun 14, 2:54 PM · Whonix, live-mode
Patrick added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

Probably, when the package is getting updated, it disables the firewall for a minute so it can apply the updates and the fail closed mechanism kicks in.

Fri, Jun 14, 1:21 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick created T918: mediawiki extensions to install for better links.
Fri, Jun 14, 12:29 PM · server-ssh-access-required, Whonix, website
Patrick created T917: whonix.org server SSL settings enhancement.
Fri, Jun 14, 12:20 PM · website, server-ssh-access-required, Whonix, whonix.org server admin
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Fri, Jun 14, 11:51 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick added a project to T916: improve sdwdate connectivity check: whonixcheck.
Fri, Jun 14, 11:40 AM · whonixcheck, sdwdate-gui, Whonix, sdwdate
Patrick created T916: improve sdwdate connectivity check.
Fri, Jun 14, 11:37 AM · whonixcheck, sdwdate-gui, Whonix, sdwdate
Patrick created T915: sdwdate connectivity check host support.
Fri, Jun 14, 11:34 AM · Whonix, Whonix-Host
Patrick created T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.
Fri, Jun 14, 11:27 AM · Whonix, live-mode
Patrick created T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Fri, Jun 14, 11:24 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick added a comment to T912: qubes integration tools missing.

Might be fixed with upgrades / (over) next Qubes-Whonix images.

Fri, Jun 14, 11:21 AM · Whonix 15, Whonix, Qubes
Patrick created T912: qubes integration tools missing.
Fri, Jun 14, 11:20 AM · Whonix 15, Whonix, Qubes
Patrick closed T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks as Resolved.
Fri, Jun 14, 11:18 AM · server-ssh-access-required, website, Whonix

Tue, Jun 11

tempest added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

@Patrick @mig5 it appears to be working great. thank you and sorry for the late reply.

Tue, Jun 11, 3:18 AM · server-ssh-access-required, website, Whonix

Wed, May 22

Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, May 22, 6:51 PM · VirtualBox, usability, Whonix
Patrick added a comment to T803: coyIM.

@Patrick were you able to reproduce this?

Wed, May 22, 6:45 PM · Whonix 16, anon-meta-packages, Whonix
HulaHoop added a comment to T901: package and test wiperam for Debian.

https://github.com/AvANa-BBS/freepto-lb/issues/53

Wed, May 22, 7:42 AM · Whonix, Whonix-Host
HulaHoop added a comment to T803: coyIM.

@Patrick were you able to reproduce this? I wasn't

Wed, May 22, 7:37 AM · Whonix 16, anon-meta-packages, Whonix
HulaHoop added a comment to T803: coyIM.

He was a major dev/creator of CoyIM but not the only one.

Wed, May 22, 7:36 AM · Whonix 16, anon-meta-packages, Whonix
HulaHoop added a comment to T817: install jitterentropy by default.

His detailed reply:

Wed, May 22, 7:34 AM · Whonix 15, Debian version 10 codename Buster, Whonix
HulaHoop added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

Accepted as optional feature/usecase. Moved implementation design from protocol level to spice-gtk.

Wed, May 22, 7:33 AM · VirtualBox, usability, Whonix

May 16 2019

Patrick added a comment to T904: make sure there is no swap by default.

madaidan (madaidan):

madaidan added a comment.

> We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.
I can test it for that too. Where do I download it?
May 16 2019, 12:16 PM · Whonix-Host, Whonix

May 12 2019

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Maybe there is no need. It's just when Tails has a ticket, we should
check it at Whonix too. Thank you for looking into this, too!

May 12 2019, 5:36 PM · research, Whonix, Whonix 15
madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

The way it is now looks fine. Why would it need to be changed?

May 12 2019, 2:36 PM · research, Whonix, Whonix 15
madaidan added a comment to T904: make sure there is no swap by default.

We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.

May 12 2019, 2:34 PM · Whonix-Host, Whonix
madaidan added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

May 12 2019, 2:14 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick added a comment to T729: network hardening.

Could you please review this? @HulaHoop

May 12 2019, 12:56 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
Patrick added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

May 12 2019, 12:55 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick added a comment to T904: make sure there is no swap by default.

Thanks for testing! Would have been surprising if there was.

May 12 2019, 12:53 PM · Whonix-Host, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

madaidan (madaidan):

madaidan added a comment.

> https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.
Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this?
May 12 2019, 3:21 AM · research, Whonix, Whonix 15

May 11 2019

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

May 11 2019, 7:27 PM · research, Whonix, Whonix 15
Patrick assigned T729: network hardening to madaidan.
May 11 2019, 1:12 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

May 11 2019, 9:57 AM · research, Whonix, Whonix 15

May 10 2019

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

May 10 2019, 7:27 PM · research, Whonix, Whonix 15
madaidan added a comment to T729: network hardening.

My pull request enables all of these except martian packet logging which I doubt would be useful on Whonix.

May 10 2019, 7:18 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
madaidan added a comment to T770: Custom TBB profile for localhost access + Privoxy.

You can create directories in tor-browser_en-US/Browser/TorBrowser/Data/Browser/ called (profile_name).default. Here will be all the configurations for the profile. It should have a custom user.js with proxy settings using privoxy and setting network.proxy.no_proxies_on to 0.

May 10 2019, 7:15 PM · Whonix
madaidan added a comment to T795: Customized welcome page and bookmarks for I2P / Alt TBB (keyword: homepage).

Alternatively, you could change the home page to the program's interface e.g. 127.0.0.1:7657 for I2P and start the browser with a script that creates a popup box using zenity or similar that tells the user the information.

May 10 2019, 6:48 PM · html, whonix-welcome-page, Whonix
madaidan added a comment to T875: fix fail closed mechanism.

Maybe disable it just for package upgrades?

May 10 2019, 6:19 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
madaidan added a comment to T904: make sure there is no swap by default.

There is none. You can run swapon -s or cat /proc/swaps to verify.

May 10 2019, 5:55 PM · Whonix-Host, Whonix
madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

No, I mean the upstream repository thunar-volman by XFCE developers.

May 10 2019, 5:47 PM · Whonix, Whonix-Host
Patrick added a comment to T902: disable removable drives auto-mounting - XFCE only.

madaidan (madaidan):

madaidan added a comment.

> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.
debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
May 10 2019, 2:43 AM · Whonix, Whonix-Host

May 9 2019

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.

May 9 2019, 7:24 PM · Whonix, Whonix-Host
Patrick changed the status of T902: disable removable drives auto-mounting - XFCE only from Open to Review.

Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml

May 9 2019, 3:31 AM · Whonix, Whonix-Host
Patrick updated subscribers of T902: disable removable drives auto-mounting - XFCE only.
May 9 2019, 3:21 AM · Whonix, Whonix-Host

May 8 2019

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Automounting can be configured in /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf

May 8 2019, 10:27 PM · Whonix, Whonix-Host

May 7 2019

Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:59 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:52 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:51 PM · Whonix, Apps, enhancement, usability

May 5 2019

Patrick added a comment to T670: Activating Lockdown.

More kernel hardening:
https://github.com/Whonix/security-misc/pull/5

May 5 2019, 11:28 PM · Debian version 10 codename Buster, Whonix

May 3 2019

HulaHoop added a comment to T670: Activating Lockdown.

Related thread on general kernel hardening:

May 3 2019, 6:14 PM · Debian version 10 codename Buster, Whonix
Patrick added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Does this work for you? @tempest

May 3 2019, 12:13 PM · server-ssh-access-required, website, Whonix
Patrick renamed T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks from Proposed Download Directory Structure / download redirects / stable download links to Proposed Download Directory Structure / download redirects / stable download links / permalinks.
May 3 2019, 12:13 PM · server-ssh-access-required, website, Whonix
Patrick renamed T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks from Proposed Download Directory Structure to Proposed Download Directory Structure / download redirects / stable download links.
May 3 2019, 12:08 PM · server-ssh-access-required, website, Whonix
Patrick updated the task description for T670: Activating Lockdown.
May 3 2019, 6:41 AM · Debian version 10 codename Buster, Whonix

May 2 2019

Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
May 2 2019, 12:04 PM · VirtualBox, usability, Whonix

May 1 2019

Patrick added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

HulaHoop (HulaHoop):

HulaHoop added a comment.

https://gitlab.freedesktop.org/spice/spice-protocol/issues/8
May 1 2019, 2:25 AM · VirtualBox, usability, Whonix
Patrick added a comment to T817: install jitterentropy by default.

user@host:~/jitterentropy-20140131/tests_userspace/timing$ ./jitterentropy-inittest
Pass 10000 - Fail 0 - Rounds 10000

foldtime.O0
foldtime.O2

https://anonfile.com/g8E9mal5n6/foldtime_O2
https://anonfile.com/63H8m6l9nb/foldtime_O0

May 1 2019, 2:23 AM · Whonix 15, Debian version 10 codename Buster, Whonix
HulaHoop added a comment to T817: install jitterentropy by default.

user@host:~/jitterentropy-20140131/tests_userspace/timing$ ./jitterentropy-inittest
Pass 10000 - Fail 0 - Rounds 10000

May 1 2019, 2:21 AM · Whonix 15, Debian version 10 codename Buster, Whonix

Apr 30 2019

HulaHoop added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

https://gitlab.freedesktop.org/spice/spice-protocol/issues/8

Apr 30 2019, 11:52 PM · VirtualBox, usability, Whonix
Patrick updated the task description for T817: install jitterentropy by default.
Apr 30 2019, 1:28 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick updated the task description for T817: install jitterentropy by default.
Apr 30 2019, 1:27 PM · Whonix 15, Debian version 10 codename Buster, Whonix

Apr 26 2019

Patrick added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 26 2019, 12:59 PM · VirtualBox, usability, Whonix

Apr 25 2019

Patrick triaged T911: xfce theming as Normal priority.
Apr 25 2019, 12:28 PM · Whonix 15, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 25 2019, 11:09 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 25 2019, 11:08 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 25 2019, 11:08 AM · VirtualBox, usability, Whonix
HulaHoop added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

Issue was discussed by Libvirt devs on RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c4
I even linked to a secure clipboard proposal that would have given a secure clipboard functionality by copying Qubes style interaction. It went no where and was closed as WONTFIX.

Apr 25 2019, 4:01 AM · VirtualBox, usability, Whonix

Apr 24 2019

Patrick updated the task description for T817: install jitterentropy by default.
Apr 24 2019, 11:05 AM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick renamed T720: post feature request for more secure clipboard sharing against VirtualBox and KVM from Better Clipboard and DragnDrop for Whonix to post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 24 2019, 10:17 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 24 2019, 10:07 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Apr 24 2019, 10:04 AM · VirtualBox, usability, Whonix

Apr 23 2019

Patrick updated the task description for T909: instructions how to copy Whonix Host image to disk.
Apr 23 2019, 3:45 PM · user documentation, Whonix, Whonix-Host
Patrick triaged T910: amnesia testing of Whonix-Host in Live mode as Normal priority.
Apr 23 2019, 3:29 PM · Whonix-Host, Whonix
Patrick triaged T909: instructions how to copy Whonix Host image to disk as Normal priority.
Apr 23 2019, 2:38 PM · user documentation, Whonix, Whonix-Host
Patrick triaged T908: copy Whonix VM images to Whonix-Host and set up during build as Normal priority.
Apr 23 2019, 1:41 PM · build, VirtualBox, Whonix, Whonix-Host
Patrick updated the task description for T906: encrypt Whonix-Host disk after first boot.
Apr 23 2019, 1:20 PM · Whonix, Whonix-Host
Patrick renamed T907: resize disk image at first boot of Whonix Host from resize disk image at first boot to resize disk image at first boot of Whonix Host.
Apr 23 2019, 12:54 PM · Whonix-Host, Whonix
Patrick triaged T907: resize disk image at first boot of Whonix Host as Normal priority.
Apr 23 2019, 12:54 PM · Whonix-Host, Whonix
Patrick triaged T906: encrypt Whonix-Host disk after first boot as Normal priority.
Apr 23 2019, 12:47 PM · Whonix, Whonix-Host
Patrick updated the task description for T905: emergency shutdown on USB removal.
Apr 23 2019, 12:40 PM · Whonix, Whonix-Host
Patrick updated the task description for T905: emergency shutdown on USB removal.
Apr 23 2019, 12:39 PM · Whonix, Whonix-Host
Patrick updated the task description for T552: Packaging USBKill.
Apr 23 2019, 12:39 PM · Whonix-Host, security, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Apr 23 2019, 12:38 PM · Whonix-Host, security, Whonix
Patrick closed T485: whonix-host-qemu-kvm package has an unmet dependency. Depends: whonix-host-shared but is not installable as Invalid.

No such package anymore.

Apr 23 2019, 12:36 PM · anon-meta-packages, Whonix-Host, Whonix
Patrick triaged T905: emergency shutdown on USB removal as Normal priority.
Apr 23 2019, 12:31 PM · Whonix, Whonix-Host
Patrick triaged T904: make sure there is no swap by default as Normal priority.
Apr 23 2019, 12:30 PM · Whonix-Host, Whonix
Patrick triaged T903: find new name for Hardened Debian and rename it as Normal priority.
Apr 23 2019, 12:25 PM · Whonix, Whonix-Host
Patrick triaged T902: disable removable drives auto-mounting - XFCE only as Normal priority.
Apr 23 2019, 12:24 PM · Whonix, Whonix-Host
Patrick triaged T901: package and test wiperam for Debian as Normal priority.
Apr 23 2019, 12:22 PM · Whonix, Whonix-Host
mig5 added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

@Patrick I have set it to a temporary redirect now (302). In my tests in Firefox, the request is not being cached (server sends back the 302 each time according to Nginx logs)

Apr 23 2019, 12:31 AM · server-ssh-access-required, website, Whonix

Apr 20 2019

0brand added a comment to T900: Installation and setup of Hardened Debian Linux tutorials.

Hardened Debian Linux has been added to Google Season of Docs project ideas.

Apr 20 2019, 2:47 AM · Whonix, user documentation
Herald added a project to T900: Installation and setup of Hardened Debian Linux tutorials: Whonix.
Apr 20 2019, 2:33 AM · Whonix, user documentation

Apr 19 2019

TNTBOMBOM added a comment to T869: Install Firejail by default inside Whonix.

i would say purge xpra , if someone want xpra he can install it easily.

Apr 19 2019, 12:57 PM · Whonix 15, firejail, Whonix
Patrick added a comment to T869: Install Firejail by default inside Whonix.
apt-file list xpra | grep desktop
Apr 19 2019, 12:39 PM · Whonix 15, firejail, Whonix