Page MenuHomePhabricator
Feed Advanced Search

Advanced Search
Use Results
Hide Query

Tue, May 16

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

https://wiki.nftables.org/wiki-nftables/index.php/Atomic_rule_replacement

Tue, May 16, 10:32 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Mon, May 15

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

https://wiki.nftables.org/wiki-nftables/index.php/Scripting

Mon, May 15, 6:21 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Some progress.

Mon, May 15, 5:23 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Tue, May 9

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

In other words, iptabels is already symlinked to iptabels-nft anyhow. Therefore Whonix is already using iptabels-nft.

Tue, May 9, 10:34 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Tue, May 9, 10:23 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick added a comment to T28: RELATED,ESTABLISHED -> ESTABLISHED.

related:
https://forums.whonix.org/t/tails-features-ideas/2611

Tue, May 9, 9:24 AM · security, Whonix 10, Whonix, whonix-gw-firewall
Patrick added a comment to T28: RELATED,ESTABLISHED -> ESTABLISHED.

Fixed link:
https://github.com/Whonix/whonix-firewall/commit/414c2105149e02dcff82303e4c5b2dcd60ebbd29

Tue, May 9, 9:00 AM · security, Whonix 10, Whonix, whonix-gw-firewall

Feb 17 2023

Patrick added a comment to T673: document https downgrade sslstrip defenses - wget vs curl vs scurl.

https://forums.whonix.org/t/whonix-linux-installer-development-discussion/15917/20

Feb 17 2023, 10:52 AM · Whonix, user documentation, research, Whonix 14, scurl

Jan 19 2023

Patrick updated the task description for T526: systemd introduces memory protection.
Jan 19 2023, 11:12 AM · sdwdate, Whonix, research
Patrick updated the task description for T526: systemd introduces memory protection.
Jan 19 2023, 11:10 AM · sdwdate, Whonix, research
Patrick updated the task description for T526: systemd introduces memory protection.
Jan 19 2023, 11:02 AM · sdwdate, Whonix, research
Patrick closed T375: Include Debian ReportBug GUI? as Wontfix.

Due to phabricator being deprecated upstream, all tickets need to me migrated. Therefore closing here.

Jan 19 2023, 11:01 AM · enhancement, anon-meta-packages, Whonix, Debian version 8 codename Jessie
Patrick updated the task description for T135: find packages without security support / consider installation of debian-security-support by default.
Jan 19 2023, 10:58 AM · bash, Whonix, research, user documentation, security, usability
Patrick removed a project from T135: find packages without security support / consider installation of debian-security-support by default: Debian version 8 codename Jessie.
Jan 19 2023, 10:57 AM · bash, Whonix, research, user documentation, security, usability
Patrick closed T652: test Thunderbird with Torbirdy / anon-gpg-tweaks changes required? as Resolved.

https://forums.whonix.org/t/torbirdy-replacement/8782

Jan 19 2023, 10:57 AM · Debian version 9 codename Stretch, anon-gpg-tweaks, Whonix
Patrick closed T46: whonixcheck should check for dpkg problems as Resolved.

This is implemented in /usr/libexec/systemcheck/check_dpkg.bsh for a long time already.

Jan 19 2023, 10:55 AM · usability, Whonix, whonixcheck
Patrick closed T931: Testing tpm2-pkcs11with KVM vTPM 2.0 as Invalid.

Due to https://www.whonix.org/wiki/Reporting_Bugs#Transition_to_Discourse_Forums all tickets need to be migrated to forums. Please re-open in forums if this still still relevant.

Jan 19 2023, 10:53 AM · Whonix, Debian version 11 codename Bullseye
Patrick renamed T927: port to /etc/apparmor.d/abstractions/base.d in Debian 11 bullseye from port to /etc/apparmor.d/abstractions.d in Debian 11 bullseye to port to /etc/apparmor.d/abstractions/base.d in Debian 11 bullseye.
Jan 19 2023, 10:51 AM · Whonix, Debian version 11 codename Bullseye
Patrick closed T606: merge /etc/apparmor.d/abstractions/base.anondist from Debian bullseye as Resolved.

This will be done when doing T927.

Jan 19 2023, 10:49 AM · Debian version 11 codename Bullseye, AppArmor, Whonix
Patrick changed Impact from Whonix:triage to Whonix:low on T927: port to /etc/apparmor.d/abstractions/base.d in Debian 11 bullseye.
Jan 19 2023, 10:49 AM · Whonix, Debian version 11 codename Bullseye
Patrick closed T984: convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline as Invalid.

And we also port to dracut which also does early sysctl loading.
Adding tons of sysctl to an already very long kernel command line (do we got the world record already :) seems excessive.
Since nobody is making the argument anymore, rejecting this ticket.

Jan 19 2023, 10:48 AM · Whonix, Debian version 11 codename Bullseye
Patrick closed T968: Bullseye: live-boot needs GRUB_DISABLE_LINUX_UUID="true" parameter in /etc/grub.d/11_linux_live as Resolved.
Jan 19 2023, 10:43 AM · Debian version 11 codename Bullseye, live-mode, Whonix
Patrick closed T803: coyIM as Invalid.

Now tracked here:
https://forums.whonix.org/t/coyim-in-whonix-development-discussion/5901

Jan 19 2023, 10:41 AM · Debian version 11 codename Bullseye, Whonix 16, anon-meta-packages, Whonix
Patrick closed T924: rename to bullseye-security as Resolved.
Jan 19 2023, 10:40 AM · anon-apt-sources-list, Debian version 11 codename Bullseye, Whonix
Patrick closed T682: Check curl for latests tls support (--tlsv1.3) as Resolved.
Jan 19 2023, 10:40 AM · Whonix, Debian version 10 codename Buster

Dec 13 2022

Patrick updated the task description for T973: merge duplicate wiki pages?.
Dec 13 2022, 3:20 PM · Whonix, user documentation

Dec 9 2022

Patrick updated the task description for T139: device auto mounter broken.
Dec 9 2022, 3:32 PM · bug, usability, Whonix

Dec 8 2022

Patrick renamed T802: whonixcheck should check if torsocks IsolatePID stream isolation is functional from whonixcheck should check if torsocks IsolatePID stream isolation is functinoal to whonixcheck should check if torsocks IsolatePID stream isolation is functional.
Dec 8 2022, 4:46 PM · enhancement, easy, whonixcheck, Whonix 16, Whonix
Patrick updated the task description for T591: whonixcheck --clearnet connectivity test.
Dec 8 2022, 4:46 PM · whonixcheck, Whonix
Patrick closed T921: Installing git-all will delete some Whonix packages as Resolved.

No longer an issue in Whonix 16.

Dec 8 2022, 4:42 PM · Whonix
Patrick closed T912: qubes integration tools missing as Resolved.

Still works for me, still not reproducible. Old ticket. Therefore closing. Please re-report in the new issue tracker (and link to this old ticket) should this still be an issue.

Dec 8 2022, 4:40 PM · Whonix, Qubes
Patrick closed T827: make whonixcheck work outside of Whonix as Resolved.

whonixcheck was renamed to systemcheck and is now functional in Kicksecure.

Dec 8 2022, 4:38 PM · Whonix 16, whonixcheck, Whonix
Patrick closed T812: use onion sources list exclusively for apt-get updating by default as Wontfix.

Not a good idea nowadays due to prolonged DDoS attack on the Tor network. References:

Dec 8 2022, 4:37 PM · anon-apt-sources-list, Whonix
Patrick closed T805: cwtch as Invalid.

Tracked in https://forums.whonix.org/t/cwtch-messaging/5353/ but could use some new forum tag for things which aren't actionable (not in packages.debian.org) that we want to monitor every now and then over the various releases maybe.

Dec 8 2022, 4:35 PM · Whonix
Patrick closed T684: Better instructions for adding bridges as Resolved.
Dec 8 2022, 4:32 PM · Whonix 16, anon-connection-wizard, whonix-setup-wizard, Whonix
Patrick updated the task description for T962: create new release of Whonix Windows Installer.
Dec 8 2022, 4:30 PM · Whonix 16, VirtualBox, Whonix
Patrick closed T997: All pluggable transports stopped working after 11-06-2020 as Invalid.
Dec 8 2022, 4:28 PM · Whonix
Patrick closed T944: Hardened sshd Setup as Wontfix.

This is for whonix.org server security?

Dec 8 2022, 4:28 PM · enhancement, Whonix
Patrick closed T946: test sdwdate apparmor profile and remove complain mode as Resolved.

Done for a long time.

Dec 8 2022, 4:24 PM · sdwdate, Whonix 15, Whonix
Patrick closed T966: fix pkexec as Resolved.
Dec 8 2022, 4:23 PM · bug, Whonix, Whonix 15

Oct 5 2022

Patrick added a comment to T473: test ticket - can be deleted.

test

Oct 5 2022, 8:20 PM · Whonix
Patrick added a comment to T473: test ticket - can be deleted.

test

Oct 5 2022, 8:12 PM · Whonix

Jul 29 2022

Patrick removed a project from T947: Qubes-Whonix eth1 static networking: Whonix 15.
Jul 29 2022, 3:54 PM · Whonix

Jun 5 2022

Patrick updated the task description for T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.
Jun 5 2022, 9:36 AM · Whonix, C Code, sclockadj, sdwdate
Patrick added a comment to T815: sclockadj fingerprinting defense - set time using sclockadj the same way NTP / sntp / chrony / systemd-timesyncd is changing the clock.

https://www.kicksecure.com/wiki/Dev/sdwdate#chrony_as_a_replacement_for_sclockadj

Jun 5 2022, 9:36 AM · Whonix, C Code, sclockadj, sdwdate

Feb 10 2022

Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Feb 10 2022, 6:22 PM · sdwdate-gui, Whonix
Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Feb 10 2022, 6:20 PM · sdwdate-gui, Whonix
Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Feb 10 2022, 6:19 PM · sdwdate-gui, Whonix

Jan 1 2022

Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Jan 1 2022, 11:12 AM · sdwdate-gui, Whonix
Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Jan 1 2022, 11:03 AM · sdwdate-gui, Whonix
Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Jan 1 2022, 10:57 AM · sdwdate-gui, Whonix

Dec 31 2021

Patrick updated the task description for T930: whonix.SdwdateStatus service starts VMs that were killed.
Dec 31 2021, 12:54 PM · sdwdate-gui, Whonix

Dec 15 2021

Patrick added a comment to T984: convert /etc/sysctl.d to /etc/default/grub.d kernel Linux boot cmdline.

Is this still reuqired since we also have early sysctl loading during initramfs?

Dec 15 2021, 10:50 AM · Whonix, Debian version 11 codename Bullseye
Patrick closed T985: consider post Whonix News that recommends VirtualBox users reducing number of virtual CPUs to 3 as Wontfix.
Dec 15 2021, 10:48 AM · Whonix 15, Whonix, VirtualBox

Dec 11 2021

Patrick added a comment to T930: whonix.SdwdateStatus service starts VMs that were killed.

Funding available. Anyone up to implement this?

Dec 11 2021, 1:48 PM · sdwdate-gui, Whonix

Dec 9 2021

Patrick closed T958: Write VirtualBox Screen Resolution Bug Report as Resolved.
Dec 9 2021, 6:10 PM · C Code, upstream, bug, Whonix 15, Whonix, VirtualBox
Patrick closed T933: fix offline documentation - pdfbook as Invalid.

No longer using this extension. Alternatives here:
https://www.whonix.org/wiki/Offline_Documentation

Dec 9 2021, 2:49 PM · Whonix, website
Patrick closed T843: unsubscribing to whonix mailing list sending empty message as Wontfix.

No mailing list at the moment. Deprecating this issue tracker. Can be re-considered in the future.

Dec 9 2021, 2:47 PM · website, Whonix
Patrick closed T932: fix Git-Mediawiki whonix-wiki-backup as Resolved.
Dec 9 2021, 2:46 PM · Whonix, website
Patrick closed T987: offer rsync over SSH or TLS for download.whonix.org as Resolved.

rsync over TLS or even onion is implemented for a long time already and documented here:
https://www.whonix.org/wiki/Hosting_a_Mirror

Dec 9 2021, 2:46 PM · Whonix, server-ssh-access-required
Patrick closed T917: whonix.org server SSL settings enhancement as Resolved.

This was done a long time ago.

Dec 9 2021, 2:45 PM · website, server-ssh-access-required, Whonix, whonix.org server admin

Oct 15 2021

Patrick closed T818: simplify tb-starter function tb_detect_starter_bin as Invalid.

Not possible because of above issue.

Oct 15 2021, 5:34 PM · Whonix, Whonix 16, tb-starter

Sep 8 2021

Patrick closed T911: xfce theming as Resolved.
Sep 8 2021, 3:10 PM · whonix-xfce-desktop-config, Whonix 15, Whonix
Patrick closed T961: fix USB auto mounting bug / document as Resolved.

https://forums.whonix.org/t/disk-usb-automount-in-kicksecure/8728/31

Sep 8 2021, 3:08 PM · research, bug, Whonix, Whonix 15
Patrick closed T953: extrepo - safely adding repos as Resolved.
Sep 8 2021, 3:02 PM · Whonix 15, Whonix
Patrick closed T957: slow shutdown bug as Resolved.

Cannot reproduce anymore in Whonix for VirtualBox.

Sep 8 2021, 2:51 PM · bug, Whonix 15, Whonix

Aug 9 2021

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
In T509#20232, @ak88 wrote:

Any updates on this?

Aug 9 2021, 7:13 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
ak88 added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Any updates on this?

Aug 9 2021, 5:22 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Jun 24 2021

Patrick closed T868: mediawiki fixes #2 as Invalid.

migrated to https://forums.whonix.org/t/mediawiki-css-fixes/11874

Jun 24 2021, 9:42 PM · Whonix, website
Patrick closed T964: mediawiki fixes #3 as Invalid.

migrated to https://forums.whonix.org/t/mediawiki-css-fixes/11874

Jun 24 2021, 9:42 PM · website, Whonix
Patrick updated the task description for T964: mediawiki fixes #3.
Jun 24 2021, 9:35 PM · website, Whonix

Mar 21 2021

Patrick added a comment to T993: improve Windows Hosts / macOS wiki mentions.
In T993#20220, @Patrick wrote:

I don't see what else can be done here. This statement is limited to only what was said in this ticket.

Mar 21 2021, 11:20 AM · Whonix, Whonix 15, user documentation
Patrick closed T993: improve Windows Hosts / macOS wiki mentions as Resolved.

I don't see what else can be done here. This statement is limited to only what was said in this ticket.

Mar 21 2021, 11:20 AM · Whonix, Whonix 15, user documentation

Mar 20 2021

Patrick updated the task description for T993: improve Windows Hosts / macOS wiki mentions.
Mar 20 2021, 2:00 PM · Whonix, Whonix 15, user documentation
Patrick updated the task description for T993: improve Windows Hosts / macOS wiki mentions.
Mar 20 2021, 1:58 PM · Whonix, Whonix 15, user documentation
Patrick updated the task description for T993: improve Windows Hosts / macOS wiki mentions.
Mar 20 2021, 1:57 PM · Whonix, Whonix 15, user documentation

Jan 24 2021

Patrick closed T1001: Updates proxy check fails in whonix-ws-15 as Resolved.

Btw this issue tracker is being phased out:
https://www.whonix.org/wiki/Reporting_Bugs#Issue_Tracker

Jan 24 2021, 11:08 AM · bug, Whonix, Whonix 15

Jan 12 2021

Patrick added a comment to T533: iptables block network access until sdwdate succeeded.

I am not sure sdwdate-gui would be a strong enough notification if networking was actually blocked if sdwdate did not succeed yet.

Jan 12 2021, 7:51 AM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick updated the task description for T533: iptables block network access until sdwdate succeeded.
Jan 12 2021, 3:53 AM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate

Jan 9 2021

Patrick closed T133: url_to_unxtime https support, a subtask of T132: port sdwdate to url_to_unixtime, as Resolved.
Jan 9 2021, 2:48 PM · Whonix 10, sdwdate, Whonix
Patrick closed T133: url_to_unxtime https support as Resolved.
Jan 9 2021, 2:48 PM · python, sdwdate, Whonix
Patrick added a comment to T133: url_to_unxtime https support.

This was implemented. Now using python3 requests.

Jan 9 2021, 2:47 PM · python, sdwdate, Whonix
Patrick closed T916: improve sdwdate connectivity check as Resolved.

No longer required. Was implemented through te_pe_tb_check enhancements.

Jan 9 2021, 2:34 PM · whonixcheck, sdwdate-gui, Whonix, sdwdate
Patrick added a comment to T1001: Updates proxy check fails in whonix-ws-15.

https://gitlab.com/whonix/qubes-whonix/-/commit/53ff72ab6ce59cb2c98401fd701ae782ca100e37

Jan 9 2021, 6:43 AM · bug, Whonix, Whonix 15

Jan 8 2021

marmarek added a comment to T1001: Updates proxy check fails in whonix-ws-15.

I've found why sudo asked for password, it wasn't related to security-misc script mentioned earlier. And should be fixed in newer qubes-core-agent package.

Jan 8 2021, 2:28 PM · bug, Whonix, Whonix 15

Jan 5 2021

marmarek added a comment to T1001: Updates proxy check fails in whonix-ws-15.
In T1001#20201, @Patrick wrote:

/usr/lib/qubes-whonix/init/torified-updates-proxy-check is currently only started by /lib/systemd/system/qubes-whonix-torified-updates-proxy-check.service.

Wondering why this is happening. When root uses sudo, pam shouldn't even be involved.

Jan 5 2021, 5:54 PM · bug, Whonix, Whonix 15
Patrick added a comment to T1001: Updates proxy check fails in whonix-ws-15.

/usr/lib/qubes-whonix/init/torified-updates-proxy-check is currently only started by /lib/systemd/system/qubes-whonix-torified-updates-proxy-check.service.

Jan 5 2021, 6:07 AM · bug, Whonix, Whonix 15
marmarek added a project to T1001: Updates proxy check fails in whonix-ws-15: bug.
Jan 5 2021, 5:03 AM · bug, Whonix, Whonix 15
marmarek created T1001: Updates proxy check fails in whonix-ws-15.
Jan 5 2021, 5:03 AM · bug, Whonix, Whonix 15

Oct 26 2020

Patrick updated the task description for T689: use whonixcheck Whonix News to count Whonix users.
Oct 26 2020, 8:54 PM · Whonix 14, Whonix, whonixcheck
Patrick added a comment to T689: use whonixcheck Whonix News to count Whonix users.

documented here:
https://www.whonix.org/wiki/Whonixcheck_Hardening#Prevent_Downloading_Whonix_.E2.84.A2_News_and_Whonix_.E2.84.A2_User_Census_Counting

Oct 26 2020, 8:53 PM · Whonix 14, Whonix, whonixcheck

Sep 28 2020

Patrick closed T950: set kernel.printk sysctl to prevent kernel info leaks as Resolved.

Looks all good and quite in Whonix 15.0.1.5.1.

Sep 28 2020, 2:32 PM · Debian version 11 codename Bullseye, Whonix 15, Whonix, security-misc

Aug 31 2020

Patrick closed T1000: Add Wasabi Bitcoin wallet as Invalid.

We don't use this tracker for new feature requests anymore either as per:
https://www.whonix.org/wiki/Reporting_Bugs

Aug 31 2020, 10:38 AM · Whonix

Aug 30 2020

ratpoison4 created T1000: Add Wasabi Bitcoin wallet.
Aug 30 2020, 2:33 PM · Whonix

Aug 23 2020

sanyo added a comment to T998: Whonix without systemD.

It is important to understand, that systemD is actually much more than simply an init system:

Aug 23 2020, 12:56 PM · Whonix

Aug 13 2020

Patrick updated the task description for T540: Advanced Attacks Meta Ticket.
Aug 13 2020, 8:33 AM · VirtualBox, KVM, Qubes, security, research, Whonix
Patrick closed T542: Keyboard/Mouse Fingerprinting Defense as Resolved.

Shipping kloak in Whonix stable for a few releases already.

Aug 13 2020, 8:32 AM · security, Whonix
Patrick closed T542: Keyboard/Mouse Fingerprinting Defense, a subtask of T540: Advanced Attacks Meta Ticket, as Resolved.
Aug 13 2020, 8:32 AM · VirtualBox, KVM, Qubes, security, research, Whonix

Aug 12 2020

HulaHoop closed T530: CPU-induced latency Covert Channel Countermeasures as Invalid.

After running a bunch of tcp ping tests, the conclusion is this attack
is not really effective against TCP like ICMP. The latency is much lower
for TCP pings and though it slightly decreases with cpu stress it is not
consistent. Reloading pages in TBB with cpu stress
on/off does not impact latency readings while doing so with tc
attached has massive latency foot prints - implying it will ironically make such attacks much easier in addition to degrading performance.

Aug 12 2020, 4:30 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop closed T530: CPU-induced latency Covert Channel Countermeasures, a subtask of T540: Advanced Attacks Meta Ticket, as Invalid.
Aug 12 2020, 4:30 PM · VirtualBox, KVM, Qubes, security, research, Whonix
Next
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer