Page MenuHomePhabricator
Feed All Stories

Apr 28 2020

Patrick renamed T910: anti-forensics / amnesia testing of Whonix-Host in Live mode from amnesia testing of Whonix-Host in Live mode to anti-forensics / amnesia testing of Whonix-Host in Live mode.
Apr 28 2020, 7:03 PM · Whonix 15, Whonix-Host, Whonix

Apr 23 2020

Patrick closed T970: Whonix-Host hash, gpg, signify, torrent, signature creation script as Resolved.

Works fine in 15.0.1.3.2-developers-only.

Apr 23 2020, 9:37 PM · Whonix 15, Whonix, Whonix-Host
Patrick closed T928: install xfce4-power-manager on Whonix Host and Kicksecure Host as Resolved.

xfce4-power-manager is installed on Whonix-Host in 15.0.1.3.2-developers-only.

Apr 23 2020, 9:37 PM · Whonix 15, whonix-libvirt, live-mode, Whonix, Whonix-Host
Patrick closed T986: Whonix-Host livecheck systray broken as Resolved.

Fixed in 15.0.1.3.2-developers-only.

Apr 23 2020, 9:36 PM · Whonix 15, Whonix, Whonix-Host
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Setting quiet loglevel=0 in that exact order as per https://github.com/Whonix/security-misc/commit/6485df8126b52a2072824fa442e8d1dd5cb18981 does now hide [sda] Incomplete mode parameter data. However, messages by LKRG are not yet hidden.

Apr 23 2020, 6:40 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick updated subscribers of T961: fix USB auto mounting bug / document.
Apr 23 2020, 4:59 PM · research, bug, Whonix 15, Whonix
onion_knight2 added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

Great news! I am rebuilding the whole package Host+gw+ws now, excited to test it out! Will report asap.

Apr 23 2020, 4:18 PM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick triaged T987: offer rsync over SSH or TLS for download.whonix.org as Normal priority.
Apr 23 2020, 2:42 PM · Whonix, server-ssh-access-required
Patrick reassigned T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on from Patrick to onion_knight2.
echo "options overlay metacopy=on" > /etc/modprobe.d/overlay.conf 
update-initramfs -u
Apr 23 2020, 1:01 PM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix

Apr 21 2020

onion_knight2 added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

That would be OK but this is not my preferred solution. Reason: an unclean shutdown in Whonix installed persistent mode would with a subsequent boot into live mode would result in a failed reboot into Whonix installed live mode.

Apr 21 2020, 8:34 PM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

Awesome analysis and description!

Apr 21 2020, 6:28 PM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick changed the status of T986: Whonix-Host livecheck systray broken from Open to testing-in-next-build-required.

Likely fixed in next build already. Updated, relevant code is here:

Apr 21 2020, 6:25 PM · Whonix 15, Whonix, Whonix-Host
Patrick updated subscribers of T986: Whonix-Host livecheck systray broken.
Apr 21 2020, 5:00 PM · Whonix 15, Whonix, Whonix-Host
Patrick triaged T986: Whonix-Host livecheck systray broken as Normal priority.
Apr 21 2020, 5:00 PM · Whonix 15, Whonix, Whonix-Host
Patrick closed T965: install gvfs by default / fix access LUKS encrypted USB drive with Thunar as Resolved.

Not 100% sure it would also be fixed inside VMs.

Apr 21 2020, 11:01 AM · Whonix 15, Whonix, bug
Patrick closed T929: Whonix XFCE Wallpaper / Background Image as Resolved.
Apr 21 2020, 10:57 AM · Whonix 15, Whonix-Host, Whonix, whonix-xfce-desktop-config
Patrick closed T976: Whonix-Host Low RAM Tests as Resolved.

Excellent work. Thanks for researching this!

Apr 21 2020, 10:56 AM · Whonix 15, Whonix-Host, Whonix
Patrick closed T982: use update-initramfs during installation of Whonix-Host as Resolved.
Apr 21 2020, 10:54 AM · Whonix-Host, Whonix, Whonix 15
onion_knight2 added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

Some progress made as of Whonix-Host 15.0.1.2.7:

Apr 21 2020, 3:15 AM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix
onion_knight2 added a comment to T929: Whonix XFCE Wallpaper / Background Image.

As of Whonix-Host 15.0.1.2.7 each environment (Host, gw, ws) has its own background color.
Should we close this ticket?

Apr 21 2020, 1:39 AM · Whonix 15, Whonix-Host, Whonix, whonix-xfce-desktop-config
onion_knight2 added a comment to T976: Whonix-Host Low RAM Tests.

Do we need more tests or can we close this ticket?

Apr 21 2020, 1:37 AM · Whonix 15, Whonix-Host, Whonix
onion_knight2 added a comment to T982: use update-initramfs during installation of Whonix-Host.

Fixed.
https://forums.whonix.org/t/whonix-host-operating-system/3931/261

Apr 21 2020, 1:37 AM · Whonix-Host, Whonix, Whonix 15
onion_knight2 added a comment to T965: install gvfs by default / fix access LUKS encrypted USB drive with Thunar.

Also, just tried it on Whonix-Host 15.0.1.2.7. It works.

Apr 21 2020, 1:35 AM · Whonix 15, Whonix, bug

Apr 19 2020

Patrick added a comment to T932: fix Git-Mediawiki whonix-wiki-backup.

https://github.com/Git-Mediawiki/Git-Mediawiki/issues/70

Apr 19 2020, 8:26 PM · Whonix, website

Apr 16 2020

Patrick added a comment to T984: convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline.

Something like that. Maybe covering all of /etc/sysctl.conf and
/etc/sysctl.d folder to GRUB_CMDLINE_LINUX expansion.

Apr 16 2020, 10:47 PM · Debian version 11 codename Bullseye, Whonix
madaidan added a comment to T984: convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline.

We shouldn't stop using /etc/sysctl.d for compatibility. I think the best way would be to create /etc/default/grub.d/40_sysctl.cfg with:

Apr 16 2020, 7:31 PM · Debian version 11 codename Bullseye, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Even kernel parameter quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_priority=3
(from https://wiki.archlinux.org/index.php/Silent_boot)
does not hide [sda] Incomplete mode parameter data.

Apr 16 2020, 4:02 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick updated the task description for T911: xfce theming.
Apr 16 2020, 3:34 PM · whonix-xfce-desktop-config, Whonix 15, Whonix
Patrick renamed T946: test sdwdate apparmor profile and remove complain mode from test sdwdate apparmor profile and set to complain mode to test sdwdate apparmor profile and remove complain mode.
Apr 16 2020, 3:32 PM · sdwdate, Whonix 15, Whonix
Patrick updated subscribers of T955: review hardened kernel config.
Apr 16 2020, 3:32 PM · hardened-kernel, Whonix
Patrick removed a project from T955: review hardened kernel config: Whonix 15.

I can't work on this. Please go for T977.

Apr 16 2020, 3:31 PM · hardened-kernel, Whonix
Patrick removed a project from T960: hardened kernel Debian packaging and APT integration - hkapt: Whonix 15.

T977 more important for now.

Apr 16 2020, 3:30 PM · Whonix, hardened-kernel
Patrick changed the status of T966: fix pkexec from Open to testing-in-next-build-required.

https://github.com/Whonix/security-misc/commit/72be31e870057b035651c1b5a7e9a9db149e9d25
https://github.com/Whonix/security-misc/commit/442931529121e9e402e7ac56e27df3dcec43167b
https://github.com/Whonix/security-misc/commit/b3ce18f0f9f1da0552a4a1bd882a5b5dda13626e
https://github.com/Whonix/security-misc/commit/8851c9ed29e79d2ef5df9c7b7086878e69b90bd4

Apr 16 2020, 3:29 PM · bug, Whonix, Whonix 15
Patrick triaged T985: consider post Whonix News that recommends VirtualBox users reducing number of virtual CPUs to 3 as Normal priority.
Apr 16 2020, 3:24 PM · Whonix 15, Whonix, VirtualBox
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Apr 16 2020, 2:07 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Apr 16 2020, 2:04 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

https://github.com/Whonix/security-misc/commit/8d2e4b68dcae87b27f519196488e0ed7e8b95ef2

Apr 16 2020, 2:01 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

kernel.printk = 3 3 3 3

Apr 16 2020, 1:29 PM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Apr 16 2020, 11:37 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick renamed T981: Whonix-Host Tor configuration and anon-connection-wizard (ACW); ipv6 disable; ipv4 forward disable from Whonix-Host Tor configuration and anon-connection-wizard (ACW) to Whonix-Host Tor configuration and anon-connection-wizard (ACW); ipv6 disable; ipv4 forward disable.
Apr 16 2020, 11:34 AM · Whonix 15, Whonix-Host, anon-connection-wizard, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

And of course these messages are attributed to whatever Whonix issue someone is having.

Apr 16 2020, 11:30 AM · Debian version 11 codename Bullseye, Whonix 15, security-misc, Whonix
Patrick triaged T984: convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline as Normal priority.
Apr 16 2020, 11:29 AM · Debian version 11 codename Bullseye, Whonix

Apr 15 2020

Patrick updated the task description for T983: connect to public Tor network by default.
Apr 15 2020, 7:27 PM · Whonix-Host, Whonix 15, anon-connection-wizard, Whonix
Patrick updated the task description for T983: connect to public Tor network by default.
Apr 15 2020, 7:18 PM · Whonix-Host, Whonix 15, anon-connection-wizard, Whonix
Patrick triaged T983: connect to public Tor network by default as Normal priority.
Apr 15 2020, 7:16 PM · Whonix-Host, Whonix 15, anon-connection-wizard, Whonix
Patrick triaged T982: use update-initramfs during installation of Whonix-Host as Normal priority.
Apr 15 2020, 6:36 PM · Whonix-Host, Whonix, Whonix 15

Apr 14 2020

Patrick updated the task description for T978: add Whonix-Host EFI booting support.
Apr 14 2020, 8:47 PM · Whonix 15, Whonix, Whonix-Host

Apr 13 2020

Patrick renamed T974: Whonix Images Quick Rebuild from Whonix Images Quick Refresh to Whonix Images Quick Rebuild.
Apr 13 2020, 9:20 PM · Whonix-Host, Whonix 15, Whonix
Patrick renamed T974: Whonix Images Quick Rebuild from Whonix Image Quick Refresh to Whonix Images Quick Refresh.
Apr 13 2020, 9:18 PM · Whonix-Host, Whonix 15, Whonix
Patrick updated the task description for T974: Whonix Images Quick Rebuild.
Apr 13 2020, 9:18 PM · Whonix-Host, Whonix 15, Whonix
Patrick triaged T981: Whonix-Host Tor configuration and anon-connection-wizard (ACW); ipv6 disable; ipv4 forward disable as Normal priority.
Apr 13 2020, 8:07 PM · Whonix 15, Whonix-Host, anon-connection-wizard, Whonix
Patrick closed T975: Replace Debian mentions in /etc/motd and /etc/issue as Resolved.
Apr 13 2020, 7:56 PM · Whonix 15, Whonix, Whonix-Host

Apr 10 2020

Patrick updated subscribers of T976: Whonix-Host Low RAM Tests.
Apr 10 2020, 11:31 PM · Whonix 15, Whonix-Host, Whonix
onion_knight2 added a comment to T976: Whonix-Host Low RAM Tests.

All tests done in KVM with 4 logical host CPUs, but I would expect to have similar (if not better) results on real hardware.

Apr 10 2020, 1:39 AM · Whonix 15, Whonix-Host, Whonix

Apr 8 2020

Patrick edited projects for T980: Kicksecure handing of /etc/hosts /etc/hostname /etc/machine-id, added: Kicksecure; removed Whonix.
Apr 8 2020, 1:45 PM · Kicksecure
Patrick triaged T980: Kicksecure handing of /etc/hosts /etc/hostname /etc/machine-id as Normal priority.
Apr 8 2020, 1:45 PM · Kicksecure
Patrick created Kicksecure.
Apr 8 2020, 1:43 PM

Apr 7 2020

Patrick added a comment to T947: Qubes-Whonix eth1 static networking.

marmarek (Marek Marczykowski-Górecki):

Have you checked how it behaves with multiple Whonix Gateways?
Apr 7 2020, 11:27 PM · Whonix 15, Whonix

Apr 3 2020

marmarek added a comment to T947: Qubes-Whonix eth1 static networking.
In T947#19761, @Patrick wrote:

But we couldn't just set that IP inside sys-whonix without touching dom0?

Apr 3 2020, 10:23 PM · Whonix 15, Whonix
Patrick added a comment to T947: Qubes-Whonix eth1 static networking.

qvm-prefs sys-whonix ip 10.152.152.10 works great so far. Will test more. And call for testers.

Apr 3 2020, 10:15 PM · Whonix 15, Whonix
marmarek added a comment to T947: Qubes-Whonix eth1 static networking.

qvm-prefs -D sys-whonix ip

Apr 3 2020, 9:46 PM · Whonix 15, Whonix
Patrick added a comment to T947: Qubes-Whonix eth1 static networking.

How can I undo qvm-prefs sys-whonix ip 10.152.152.10 back to default?

Apr 3 2020, 8:44 PM · Whonix 15, Whonix

Mar 30 2020

Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

[1] There is currently no trigger (systemd unit file) to execute /usr/lib/whonix-libvirt/persistent-mode-to-read-write.

Mar 30 2020, 5:27 PM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 30 2020, 4:55 PM · outreach, Whonix, hardened-kernel
Patrick triaged T979: co-install grub-efi-amd64 and grub-pc by default on Whonix-Host ISO as Normal priority.
Mar 30 2020, 4:29 PM · Whonix 15, Whonix, Whonix-Host
Patrick updated the task description for T973: merge duplicate wiki pages?.
Mar 30 2020, 1:19 PM · Whonix, user documentation
Patrick updated the task description for T973: merge duplicate wiki pages?.
Mar 30 2020, 1:17 PM · Whonix, user documentation

Mar 29 2020

Patrick triaged T978: add Whonix-Host EFI booting support as Normal priority.
Mar 29 2020, 10:54 AM · Whonix 15, Whonix, Whonix-Host

Mar 28 2020

Patrick updated subscribers of T977: hardened-kernel outreach.
Mar 28 2020, 9:24 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 9:23 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 9:22 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 9:05 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 9:03 PM · outreach, Whonix, hardened-kernel
Patrick added a project to T977: hardened-kernel outreach: outreach.
Mar 28 2020, 9:02 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 9:02 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 9:00 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 8:57 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 8:57 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 8:56 PM · outreach, Whonix, hardened-kernel
Patrick renamed T977: hardened-kernel outreach from hardened-kernel to hardened-kernel outreach.
Mar 28 2020, 8:54 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 8:53 PM · outreach, Whonix, hardened-kernel
Patrick updated the task description for T977: hardened-kernel outreach.
Mar 28 2020, 8:53 PM · outreach, Whonix, hardened-kernel
Patrick triaged T977: hardened-kernel outreach as Normal priority.
Mar 28 2020, 8:41 PM · outreach, Whonix, hardened-kernel
Patrick added a comment to T964: mediawiki fixes #3.

That looks much better!

Mar 28 2020, 2:19 PM · website, Whonix
Patrick triaged T975: Replace Debian mentions in /etc/motd and /etc/issue as Normal priority.
Mar 28 2020, 1:10 PM · Whonix 15, Whonix, Whonix-Host
Patrick changed the status of T975: Replace Debian mentions in /etc/motd and /etc/issue from testing-in-next-build-required to Open.

https://forums.whonix.org/t/whonix-host-operating-system/3931/213

Mar 28 2020, 1:10 PM · Whonix 15, Whonix, Whonix-Host
Patrick renamed T973: merge duplicate wiki pages? from merge wiki pages? to merge duplicate wiki pages?.
Mar 28 2020, 11:08 AM · Whonix, user documentation

Mar 27 2020

JasonJAyalaP added a comment to T964: mediawiki fixes #3.

another option

Mar 27 2020, 11:27 PM · website, Whonix
Patrick triaged T976: Whonix-Host Low RAM Tests as Normal priority.
Mar 27 2020, 7:15 PM · Whonix 15, Whonix-Host, Whonix
Patrick added a comment to T975: Replace Debian mentions in /etc/motd and /etc/issue .

Included since Whonix 15.0.1.0.8-developers-only.

Mar 27 2020, 12:48 PM · Whonix 15, Whonix, Whonix-Host
Patrick added a project to T975: Replace Debian mentions in /etc/motd and /etc/issue : Whonix 15.
Mar 27 2020, 12:47 PM · Whonix 15, Whonix, Whonix-Host
Patrick changed the status of T975: Replace Debian mentions in /etc/motd and /etc/issue from Open to testing-in-next-build-required.

Implemented.

Mar 27 2020, 12:47 PM · Whonix 15, Whonix, Whonix-Host
onion_knight2 created T975: Replace Debian mentions in /etc/motd and /etc/issue .
Mar 27 2020, 12:36 PM · Whonix 15, Whonix, Whonix-Host

Mar 26 2020

onion_knight2 added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

As of 15.0.1.0.7, the following behavior is observed:

Mar 26 2020, 10:25 PM · Whonix 15, Whonix-Host, whonix-libvirt, live-mode, Whonix

Mar 22 2020

Patrick added a comment to T910: anti-forensics / amnesia testing of Whonix-Host in Live mode.

These tests are fully independent.

Mar 22 2020, 10:53 PM · Whonix 15, Whonix-Host, Whonix
JasonJAyalaP added a comment to T964: mediawiki fixes #3.

another way, with the main menu stuff horizontal

Mar 22 2020, 10:28 PM · website, Whonix
onion_knight2 added a comment to T910: anti-forensics / amnesia testing of Whonix-Host in Live mode.

Ok, so you want me to:

  • boot a Whonix-Host ISO
  • Install on HDD
  • Reboot on Whonix-Host ISO, do some stuff, shutdown
  • See if HDD has been modified (why would it be?)

Correct?

Mar 22 2020, 8:51 PM · Whonix 15, Whonix-Host, Whonix
Patrick changed the status of T958: Write VirtualBox Screen Resolution Bug Report from Open to testing-in-next-build-required.
Mar 22 2020, 8:25 PM · C Code, upstream, bug, Whonix 15, VirtualBox, Whonix
Patrick updated the task description for T958: Write VirtualBox Screen Resolution Bug Report.
Mar 22 2020, 8:25 PM · C Code, upstream, bug, Whonix 15, VirtualBox, Whonix
Patrick added a comment to T910: anti-forensics / amnesia testing of Whonix-Host in Live mode.

Whonix Live ISO runs without an HDD.

Mar 22 2020, 8:23 PM · Whonix 15, Whonix-Host, Whonix