Page MenuHomePhabricator
Feed Advanced Search

Mon, Dec 23

Patrick triaged T946: test sdwdate apparmor profile and set to complain mode as Normal priority.
Mon, Dec 23, 2:01 PM · sdwdate, Whonix, Whonix 15

Nov 6 2019

Patrick updated subscribers of T362: systemd SystemCallFilter= containment option seccomp hardening.
Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T362: systemd SystemCallFilter= containment option seccomp hardening as Resolved.

This was done. If not, please create specific tickets where it isn't done.

Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Jun 14 2019

Patrick added a project to T916: improve sdwdate connectivity check: whonixcheck.
Jun 14 2019, 11:40 AM · whonixcheck, sdwdate-gui, sdwdate, Whonix
Patrick created T916: improve sdwdate connectivity check.
Jun 14 2019, 11:37 AM · whonixcheck, sdwdate-gui, sdwdate, Whonix

Apr 14 2019

Patrick edited projects for T551: enter Whonix firewall timesync-fail-closed mode before suspend / enter Whonix firewall full mode after resume and clock-fix, added: Whonix 16; removed Whonix 15.
Apr 14 2019, 3:38 PM · Whonix 16, Whonix, sdwdate
Patrick closed T712: Improve /usr/share/sdwdate/unit_test as Resolved.

Good enough.

Apr 14 2019, 3:37 PM · Whonix, sdwdate, python, Whonix 15

Apr 12 2019

Patrick updated the task description for T850: sdwdate message tor consensus improvement.
Apr 12 2019, 3:59 PM · Whonix, Whonix 15, sdwdate
Patrick triaged T898: sdwdate - check file timestamp of Tor consensus file to detect stale Tor consensus as Normal priority.
Apr 12 2019, 3:59 PM · anon-shared-helper-scripts, sdwdate, Whonix
Patrick closed T850: sdwdate message tor consensus improvement as Resolved.

https://github.com/Whonix/anon-shared-helper-scripts/commit/9198d616889389aa4130e21265646a9d73934db1

Apr 12 2019, 3:56 PM · Whonix, Whonix 15, sdwdate

Apr 6 2019

Patrick closed T503: have sane built-in defaults even if config files are non-existing as Resolved.

https://github.com/Whonix/anon-ws-disable-stacked-tor/commit/128e2312bf58a5c1cea3eecd74d1fa0a1a194b51

Apr 6 2019, 5:17 PM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick updated the task description for T503: have sane built-in defaults even if config files are non-existing.
Apr 6 2019, 5:17 PM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix

Dec 7 2018

Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T533: iptables block network access until sdwdate succeeded: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick removed a project from T629: fix sdwdate sigterm handling during remote_times.py get_time_from_servers: Whonix 15.
Dec 7 2018, 12:03 PM · python, bug, Whonix, sdwdate
Patrick removed a project from T387: Qubes-Whonix-Gateway as ClockVM: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, security, sdwdate, Whonix, Qubes
Patrick removed a project from T362: systemd SystemCallFilter= containment option seccomp hardening: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Oct 1 2018

Patrick placed T503: have sane built-in defaults even if config files are non-existing up for grabs.
Oct 1 2018, 1:17 PM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick placed T731: document sdwdate code flow up for grabs.
Oct 1 2018, 1:16 PM · Whonix, sdwdate

Sep 20 2018

Patrick added a parent task for T856: whonix TemplateVM time fetching qrexec service: T387: Qubes-Whonix-Gateway as ClockVM.
Sep 20 2018, 11:45 AM · sdwdate, Whonix 16, qubes-whonix, Whonix
Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:45 AM · enhancement, security, sdwdate, Whonix, Qubes
Patrick updated subscribers of T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:44 AM · sdwdate, Whonix 16, qubes-whonix, Whonix
Patrick triaged T856: whonix TemplateVM time fetching qrexec service as Normal priority.
Sep 20 2018, 11:44 AM · sdwdate, Whonix 16, qubes-whonix, Whonix
Patrick triaged T850: sdwdate message tor consensus improvement as Normal priority.
Sep 20 2018, 11:35 AM · Whonix, Whonix 15, sdwdate

Sep 18 2018

marmarek added a comment to T691: sdwdate sclockadj change time without spamming logs.

Actually, the "apt-daily.timer: Adding 1h 17min 24.927437s random time" message have real impact, not only noise. Each time sdwdate change time, systemd adds a random delay to those timers. which means the timer will never expire (unless that random delay will happen to be very close to 0 - i.e. below the time until sdwdate change the time, which looks to be 1s).

Sep 18 2018, 3:55 AM · systemd, research, sclockadj, sdwdate, Whonix

Sep 12 2018

Patrick closed T832: sdwdate support for GETINFO “current-time/{local,utc}” as Invalid.

https://forums.whonix.org/t/sdwdate-support-for-getinfo-current-time-local-utc/5909/3

Sep 12 2018, 9:01 AM · sdwdate-server, sdwdate, Whonix

Sep 11 2018

HulaHoop triaged T832: sdwdate support for GETINFO “current-time/{local,utc}” as Normal priority.
Sep 11 2018, 7:32 PM · sdwdate-server, sdwdate, Whonix

Aug 15 2018

Patrick updated the task description for T362: systemd SystemCallFilter= containment option seccomp hardening.
Aug 15 2018, 1:06 PM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix

Aug 7 2018

Patrick renamed T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) from make sdwdate-gui Qubes friendly to make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).
Aug 7 2018, 6:45 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

In theory, we could make sdwdate provide a local (default) (or optional opt-in server) NTP compatible time provider. Could be useful anyhow. -> sdwdate-server No idea how hard that would be.
And then configure NTP to connect only to that local NTP server.

Aug 7 2018, 8:37 AM · Whonix, C Code, sclockadj, sdwdate
HulaHoop closed T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon as Resolved.
Aug 7 2018, 8:16 AM · Whonix, Whonix 15, sclockadj, sdwdate
HulaHoop closed T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon, a subtask of T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock, as Resolved.
Aug 7 2018, 8:16 AM · Whonix, C Code, sclockadj, sdwdate

Aug 6 2018

Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

/usr/sbin/ntpdate as far as I know doesn't accept a command line command to take an offset (or anything). It connects to remote servers in its default design.

Aug 6 2018, 8:59 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Yes, not readily accessible from command line.

Aug 6 2018, 8:48 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

The easy way: calculating the offset between local time and the onion average in timesync then using ntpdate's slew option if the offset is less than 0.5s. Otherwise you tell it to step up the time immediately so that you are accurately mimicking the default behavior. However you can force slewing all the time with -B. This way you won't need to touch kernel syscalls as ntpdate should be able to do the operation for you.

Aug 6 2018, 8:28 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

From what I understand, this code path is only relevant when timesyncd is talking directly with NTP servers and reacting to replies about deltas between local and remote times. There is no way you can call that function from the command line when using timedatectl standalone AFAICT.

Aug 6 2018, 5:46 PM · Whonix, C Code, sclockadj, sdwdate

Aug 5 2018

Patrick updated the task description for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.
Aug 5 2018, 3:58 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

It doesn't seem that timedatectl supports gradual time adjustment.

Aug 5 2018, 3:52 PM · Whonix, C Code, sclockadj, sdwdate

Jul 27 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Since we are interested in ntpd's default behavior (for blending in purposes) it turns out that it performs instant clock jumps once the delta difference is excessively large otherwise its slewing algorithm would take forever to adjust the time.

Jul 27 2018, 7:33 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

It doesn't seem that timedatectl supports gradual time adjustment. Our next best option is ntpd which can do so but cannot coexist with timedatectl - we can only run either but not both. According to popcon, ntpd is the mos widely used time daemon so its the natural choice.

Jul 27 2018, 6:22 PM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

Currently time is set using gnu date (clock jump) (initial run after current boot) or sclockadj (consecutive run) (slow clock adjustment).

Jul 27 2018, 9:35 AM · Whonix, C Code, sclockadj, sdwdate

Jul 25 2018

HulaHoop added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

the time could be set with timedatectl by feeding it the time with this command:

Jul 25 2018, 9:20 PM · Whonix, C Code, sclockadj, sdwdate
HulaHoop added a comment to T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon.

Stretch+ uses systemd-timesyncd by default therefore its the most popular.

Jul 25 2018, 8:38 PM · Whonix, Whonix 15, sclockadj, sdwdate
Patrick added a subtask for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock: T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon.
Jul 25 2018, 9:41 AM · Whonix, C Code, sclockadj, sdwdate
Patrick added a parent task for T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon: T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.
Jul 25 2018, 9:41 AM · Whonix, Whonix 15, sclockadj, sdwdate
Patrick triaged T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock as Normal priority.
Jul 25 2018, 9:22 AM · Whonix, C Code, sclockadj, sdwdate
Patrick triaged T814: find out what the most popular time synchronization daemon is / find out debian's default time synchronization daemon as Normal priority.
Jul 25 2018, 8:53 AM · Whonix, Whonix 15, sclockadj, sdwdate
Patrick closed T691: sdwdate sclockadj change time without spamming logs as Resolved.

This is sorted in a later version of systemd.

Jul 25 2018, 8:39 AM · systemd, research, sclockadj, sdwdate, Whonix
Patrick edited projects for T691: sdwdate sclockadj change time without spamming logs, added: systemd; removed Whonix 16.
Jul 25 2018, 8:39 AM · systemd, research, sclockadj, sdwdate, Whonix
Patrick closed T50: systemd spams journal due to time changed by sclockadj, rewrite of sclockadj, sclockadj2 as Resolved.

sclockadj3 is done -> T686.

Jul 25 2018, 8:35 AM · C Code, python, bug, Whonix, sdwdate, sclockadj

Jul 24 2018

Patrick reopened T503: have sane built-in defaults even if config files are non-existing as "Open".
Jul 24 2018, 5:35 AM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix

Jul 21 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Created [way to find out name of gateway from witin VM - qubesdb-read /qubes-gateway-name](https://github.com/QubesOS/qubes-issues/issues/4117) for it.

Jul 21 2018, 11:38 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 18 2018

marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

The easiest way would be to have a new entry for qubesdb-read, in addition to qubes-gateway which holds the IP address.
Something like qubesdb-read /qubes-gateway-name.

Jul 18 2018, 12:12 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 17 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

For the time being, the vm's whonix gateway is hard coded in two files, the one watching and sending sdwdate satus and the one sending the shutdown notification.

Jul 17 2018, 11:14 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

What happens in case of multiple Whonix-Gateway ProxyVMs? I.e. in case of sys-whonix, sys-whonix-two, etc.? How would anon-whonix-two know it has to connect to sys-whonix-two?

Jul 17 2018, 9:19 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 9 2018

Patrick added a comment to T56: Bridge Sanity Check.

From sdwdate log. Clock was right but I got this using a bridge.

Jul 9 2018, 8:10 AM · Whonix, sdwdate, security, enhancement

Jul 7 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Have run the fuzzer unit test simultaneously in sys-whonix and five anon-vm.

Jul 7 2018, 10:26 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 5 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Update, after my post in the forum.
https://forums.whonix.org/t/testers-wanted-blocking-networking-until-sdwdate-finished-status-of-sdwdate-gui/5372/3

Jul 5 2018, 9:35 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Mar 11 2018

Patrick added a comment to T551: enter Whonix firewall timesync-fail-closed mode before suspend / enter Whonix firewall full mode after resume and clock-fix.

This is implemented but not activated as of Whonix 14.
Whonix 14 uses firewall_mode=full in firewall config generally since T533 / T658.

Mar 11 2018, 2:49 PM · Whonix 16, Whonix, sdwdate
Patrick edited projects for T551: enter Whonix firewall timesync-fail-closed mode before suspend / enter Whonix firewall full mode after resume and clock-fix, added: Whonix 15; removed Whonix 14.
Mar 11 2018, 2:46 PM · Whonix 16, Whonix, sdwdate

Mar 7 2018

Patrick closed T639: implement sdwdate sd_notify systemd watchdog as Resolved.
Mar 7 2018, 1:46 AM · Whonix 14, sdwdate, Whonix
Patrick closed T503: have sane built-in defaults even if config files are non-existing as Resolved.
Mar 7 2018, 1:22 AM · Whonix 15, tb-updater, tb-starter, open-link-confirmation, rads, onion-grater (Control Port Filter Proxy), uwt, sdwdate, whonixcheck, whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick closed T637: port from service to systemctl add --no-pager / --no-block as Resolved.
Mar 7 2018, 1:14 AM · whonixsetup, whonixcheck, whonix-setup-wizard, whonix-legacy, whonix-developer-meta-files, sdwdate-gui, sdwdate, rads, qubes-whonix, bootclockrandomization, anon-shared-helper-scripts, anon-gw-leaktest, anon-gw-anonymizer-config, systemd, bug, Whonix 14, Whonix
Patrick closed T589: disable timedatectl network time synchronization in Debian stretch as Resolved.
Mar 7 2018, 1:10 AM · Debian version 9 codename Stretch, sdwdate, Whonix, Whonix 14
Patrick closed T481: sdwdate should check if clock got changed behind our back as Resolved.
Mar 7 2018, 12:59 AM · Whonix 14, security, enhancement, Whonix, sdwdate

Mar 5 2018

Patrick renamed T56: Bridge Sanity Check from Bridge Sanity Check (sdwdate plugin) to Bridge Sanity Check.
Mar 5 2018, 10:28 PM · Whonix, sdwdate, security, enhancement

Mar 4 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

A new Tor controller GUI.

Mar 4 2018, 11:03 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Mar 1 2018

HulaHoop added a comment to T550: Clock Drift Detection.

NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.

Mar 1 2018, 6:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.

Mar 1 2018, 4:34 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The proper and direct way to use virsh to communicate with guest agent:

Mar 1 2018, 12:53 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.

Mar 1 2018, 12:03 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 28 2018

HulaHoop added a comment to T550: Clock Drift Detection.

https://wiki.libvirt.org/page/Qemu_guest_agent

Feb 28 2018, 11:39 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.

Feb 28 2018, 8:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

https://www.redhat.com/archives/libvirt-users/2018-February/msg00083.html
[libvirt-users] QEMU guest-agent safety in hostile VM?

Feb 28 2018, 7:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 16 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Added the relevant icon in show_message (after resizing the sdwdate icons from mediawiki, the original are huge).

Feb 16 2018, 11:18 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 15 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Some progress here.

Feb 15 2018, 12:55 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 14 2018

HulaHoop added a comment to T550: Clock Drift Detection.

Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.

Feb 14 2018, 1:12 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 12 2018

Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

HulaHoop added a comment.
With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
trigger lockdown.

Feb 12 2018, 11:01 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.

Feb 12 2018, 5:23 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that:

Feb 12 2018, 4:52 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

It's a very good rehash!

Feb 12 2018, 10:43 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 11 2018

HulaHoop added a comment to T550: Clock Drift Detection.

@Patrick I wrote a rehash. If you think is too complicated, let me know. It was the simplest and most reliable way I could think of:

Feb 11 2018, 6:09 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 4 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

If possible: it should only show Tor restart gui / anon-connection-wizard if these are installed. Otherwise not show such a menu entry.

Feb 4 2018, 11:02 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Have pushed an updated version with Restart Tor and Anon Connection Wizard commands from the menu, so you can have an idea of the look and feel. This is of course not written in stone. The standalone restart-tor-gui was updated for testing. https://github.com/troubadoour/restart-tor-gui

Feb 4 2018, 9:10 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Implemented some defensive code against qubes-dband qubes-qrexec-agent just in case. Now if one or both of those services stop, it just ensures that the sdwdate-gui programs don't crash, and that's it.

Feb 4 2018, 4:48 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T550: Clock Drift Detection.

Didn't rehash. What's next here? Looks like we learned a lot, but then things stalled. Could you please rehash, and then create a follow-up ticket with the way forward? @HulaHoop

Feb 4 2018, 4:17 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick edited projects for T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes), added: Whonix 15; removed Whonix 16.
Feb 4 2018, 3:16 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 3 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Implemented some defensive code against qubes-dband qubes-qrexec-agent just in case. Now if one or both of those services stop, it just ensures that the sdwdate-gui programs don't crash, and that's it.

Feb 3 2018, 11:15 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 2 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Only small issues for now.

Feb 2 2018, 3:47 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

sdwdate-gui-qubes will be shortly ready for packaging.
There are files for the gateway, files for the workstations, none for non-qubes environment. At this stage, for review, it would be easier to make a standalone package before merging in sdwdate-gui.

It was actually easier to merge directly, if only for the new user sdwdate-gui created in postint.

Feb 2 2018, 1:47 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 1 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

sdwdate-gui-qubes will be shortly ready for packaging.

Feb 1 2018, 12:22 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 29 2018

marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Json handling looks fine. Not sure about using the data loaded from there - for example if self.message require sanitization. AFAIR some Qt widgets support html formatting, so it may be undesirable to allow that.

Jan 29 2018, 3:44 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Relevant code excerpt sdwdate.

Jan 29 2018, 3:37 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 26 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Probably no. But I,m not an expert in security or attacks.
pickle load deserialize an object, in our case a DICTionary. Anything not in that form would raise an exception.

How do you ensure that? Normally pickle.load would gladly deserialize any object, even if that results in executing code inside of it. See https://docs.python.org/3/library/pickle.html
Better use json or such if really a structure (rather than a single value) is needed.

Jan 26 2018, 9:11 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

What happens if a workstation is killed, and then later restarted?

Jan 26 2018, 8:52 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Probably no. But I,m not an expert in security or attacks.
pickle load deserialize an object, in our case a DICTionary. Anything not in that form would raise an exception.

Jan 26 2018, 6:49 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Probably no. But I,m not an expert in security or attacks.

Jan 26 2018, 5:12 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 25 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Then //pickle.load status-file

Jan 25 2018, 2:35 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Update.
The submenu commands are implemented. Looks nice and handy.

Jan 25 2018, 2:32 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui