Still works for me, still not reproducible. Old ticket. Therefore closing. Please re-report in the new issue tracker (and link to this old ticket) should this still be an issue.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Dec 8 2022
Dec 8 2022
Aug 13 2020
Aug 13 2020
Patrick closed T542: Keyboard/Mouse Fingerprinting Defense, a subtask of T540: Advanced Attacks Meta Ticket, as Resolved.
Aug 12 2020
Aug 12 2020
After running a bunch of tcp ping tests, the conclusion is this attack
is not really effective against TCP like ICMP. The latency is much lower
for TCP pings and though it slightly decreases with cpu stress it is not
consistent. Reloading pages in TBB with cpu stress
on/off does not impact latency readings while doing so with tc
attached has massive latency foot prints - implying it will ironically make such attacks much easier in addition to degrading performance.
HulaHoop closed T530: CPU-induced latency Covert Channel Countermeasures, a subtask of T540: Advanced Attacks Meta Ticket, as Invalid.
Aug 7 2020
Aug 7 2020
Cyrus recommends adding delays per packet to disrupt inter-packet patterns that remain. The command can be fine tuned as such:
Aug 1 2020
Aug 1 2020
The good news is I think I've figured out the equivalent tc-netem command looking the slot parameter in the manual:
May 30 2020
May 30 2020
Ticket above closed and convo moved to tails-dev.
Dec 23 2019
Dec 23 2019
madaidan added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.
We should be able to create a drop-in file at /lib/systemd/system/user-.slice.d/ and add something such as
Dec 22 2019
Dec 22 2019
Patrick updated subscribers of T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 23 2019
Nov 23 2019
Patrick added a project to T936: apparmor-profile-everything breaks Qubes upgrading : apparmor-profile-everything.
Could you add to git please?
Works.
Try adding:
Oct 15 2019
Oct 15 2019
Oct 13 2019
Oct 13 2019
Analysis by Cyrus cited here for completion:
Oct 6 2019
Oct 6 2019
Reported build failures:
When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0
tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.
Jul 27 2019
Jul 27 2019
Looks like mine.
Jul 25 2019
Jul 25 2019
<?xml encoding="UTF-8" version="1.0"?> <actions> <action> <icon>utilities-terminal</icon> <name>Open Terminal Here</name> <unique-id>1555514114536034-1</unique-id> <command>exo-open --working-directory %f --launch TerminalEmulator</command> <description>Example for a custom action</description> <patterns>*</patterns> <startup-notify/> <directories/> </action> <action> <icon>folder-copy</icon> <name>Copy to VM</name> <unique-id>1507455450991127-4</unique-id> <command>/usr/lib/qubes/qvm-actions.sh copy %F</command> <description></description> <patterns>*</patterns> <directories/> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>folder-move</icon> <name>Move to VM</name> <unique-id>1507455437157027-3</unique-id> <command>/usr/lib/qubes/qvm-actions.sh move %F</command> <description></description> <patterns>*</patterns> <directories/> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>document-open</icon> <name>Open in VM</name> <unique-id>1507455471075266-5</unique-id> <command>/usr/lib/qubes/qvm-actions.sh openvm %F</command> <description></description> <patterns>*</patterns> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>gtk-convert</icon> <name>Convert in DisposableVM</name> <unique-id>1507455488971315-6</unique-id> <command>/usr/lib/qubes/qvm-actions.sh pdf %F</command> <description></description> <patterns>*.pdf</patterns> <other-files/> </action> <action> <icon>gtk-convert</icon> <name>Convert in DisposableVM</name> <unique-id>1507455503129941-7</unique-id> <command>/usr/lib/qubes/qvm-actions.sh img %F</command> <description></description> <patterns>*</patterns> <image-files/> </action> <action> <icon>document-open</icon> <name>Edit in DisposableVM</name> <unique-id>1507455559234996-8</unique-id> <command>/usr/lib/qubes/qvm-actions.sh opendvm %F</command> <description></description> <patterns>*</patterns> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> <action> <icon>document-open</icon> <name>View in DisposableVM</name> <unique-id>1507455559234997-9</unique-id> <command>/usr/lib/qubes/qvm-actions.sh viewdvm %F</command> <description></description> <patterns>*</patterns> <audio-files/> <image-files/> <other-files/> <text-files/> <video-files/> </action> </actions>
Jun 27 2019
Jun 27 2019
Work for me too in new build https://forums.whonix.org/t/qubes-whonix-15-templatevms-debian-buster-based-4-0-1-201906232114-testers-wanted/7601
Jun 21 2019
Jun 21 2019
I cannot reproduce. I've installed qubes-template-whonix-15-4.0.1-201905241112, updated it with qubes testing repository enabled and I see all the actions available in thunar.
But I do see some warnings on thunar's stderr, like this:
(Thunar:27375): Gtk-WARNING **: 01:41:41.317: Refusing to add non-unique action 'uca-action-1507455450991127-4' to action group 'ThunarActions'
Looks like actions are added multiple times to /etc/xdg/Thunar/uca.xml, which is later copied to /home/user/.cnfig/Thunar/uca.xml. Relevant code in https://github.com/QubesOS/qubes-core-agent-linux/blob/master/debian/qubes-core-agent-thunar.postinst
Jun 20 2019
Jun 20 2019
Any idea why these are missing? @marmarek
- Copy to VM
- Move to VM
- Create Archive...
Jun 14 2019
Jun 14 2019
Might be fixed with upgrades / (over) next Qubes-Whonix images.
Apr 14 2019
Apr 14 2019
Apr 6 2019
Apr 6 2019
Patrick closed T879: qvm-service infrastructure does not work with whonix-gw-14 template as Wontfix.
Reducing the number of lingering, unrealistic tickets, therefore closing.
Patrick lowered the priority of T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream from High to Normal.
Patrick changed the status of T888: change Qubes-Whonix default applications from KDE-ish to XFCE-ish from Open to testing-in-next-build-required.
Feb 18 2019
Feb 18 2019
Looks like nothing more to do here.
Patrick closed T409: qubes-whonix-network.service doesn't provide helpful error message when !CONFIG_DUMMY as Invalid.
Since grsecurity is not a thing anymore, closing this as invalid.
Patrick updated the task description for T466: Qubes sys-whonix does not do its job as Qubes FirewallVM.
Feb 16 2019
Feb 16 2019
Patrick claimed T894: Tor Browser in whonix-ws-14 based VMs sometimes blocks JavaScript on first start.
I also noticed the file "~/.tb/first-boot-home-population.done" which suggests that whonix does something on first boot
Patrick triaged T894: Tor Browser in whonix-ws-14 based VMs sometimes blocks JavaScript on first start as Normal priority.
Feb 14 2019
Feb 14 2019
To build a package with qubes-builder, you need to add Makefile.builder file with just one line: DEBIAN_BUILD_DIRS := debian. This will tell qubes-builder that given repository contains Debian package.
Alternatively, if that would be too much of a problem, it should be easy to add an option that do auto detection (probably just looks for debian directory).
Patrick added projects to T709: port Whonix package build process to Qubes package build process: build, Qubes, security.
Jan 12 2019
Jan 12 2019
Patrick triaged T888: change Qubes-Whonix default applications from KDE-ish to XFCE-ish as Normal priority.
Dec 9 2018
Dec 9 2018
Patrick lowered the priority of T389: make sure Qubes-Whonix has no access to clocksource=xen from High to Normal.
Patrick lowered the priority of T879: qvm-service infrastructure does not work with whonix-gw-14 template from Normal to Wishlist.
Dec 7 2018
Dec 7 2018
Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Patrick removed a project from T466: Qubes sys-whonix does not do its job as Qubes FirewallVM: Whonix 15.
Nov 12 2018
Nov 12 2018
Apper no longer installed by default.
Sep 20 2018
Sep 20 2018
Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Aug 7 2018
Aug 7 2018
Patrick renamed T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) from make sdwdate-gui Qubes friendly to make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).
Patrick renamed T397: prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that / disable Qubes dom0 /etc/qubes-rpc/qubes.SetDateTime from prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that to prevent dom0 telling Qubes-Whonix VMs the time by using the mgmt stack for that / disable Qubes dom0 /etc/qubes-rpc/qubes.SetDateTime.
Patrick updated the task description for T389: make sure Qubes-Whonix has no access to clocksource=xen.
Aug 3 2018
Aug 3 2018
Patrick added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
In T727#16540, @HulaHoop wrote:Done. Asked about Xen too but they may not be familiar with its innards. You may want to contact the Xen devs directly using my message as a template.
https://lists.nongnu.org/archive/html/qemu-devel/2018-08/msg00368.html
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
Playing devil's advocate here: Ted Ts'o [0] expresses strong skepticism about the efficacy of RNGs that rely on CPU jitter. summary: CPU jitter may not be random as thought to someone who designed the CPU cache and know how its internals "tick" [1]. So while these RNGs may not harm, another solution for RNG-less platforms may be a good idea.
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
An interesting implementation to work around early boot entropy scarcity with havegedis to include it in the initrd. May be hackish but could be easier for Marmarek than writing something at the EFI level.
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
Done. Asked about Xen too but they may not be familiar with its innards. You may want to contact the Xen devs directly using my message as a template.
Aug 2 2018
Aug 2 2018
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
I think its worth asking the hypervisor devs if this applies for the platforms we care about.
Jul 31 2018
Jul 31 2018
Patrick added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
jitterentropy-rng should solve this
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
jitterentropy-rng should solve this and is a mainline Linux solution that works the same way haveged does. Please see: https://phabricator.whonix.org/T817
Jul 24 2018
Jul 24 2018
Jul 21 2018
Jul 21 2018
Jul 17 2018
Jul 17 2018
In T534#16397, @troubadour wrote:The easiest way would be to have a new entry for qubesdb-read, in addition to qubes-gateway which holds the IP address.
Something like qubesdb-read /qubes-gateway-name.
For the time being, the vm's whonix gateway is hard coded in two files, the one watching and sending sdwdate satus and the one sending the shutdown notification.
What happens in case of multiple Whonix-Gateway ProxyVMs? I.e. in case of sys-whonix, sys-whonix-two, etc.? How would anon-whonix-two know it has to connect to sys-whonix-two?
Jul 15 2018
Jul 15 2018
Jul 7 2018
Jul 7 2018
Have run the fuzzer unit test simultaneously in sys-whonix and five anon-vm.
Jul 5 2018
Jul 5 2018
Update, after my post in the forum.
https://forums.whonix.org/t/testers-wanted-blocking-networking-until-sdwdate-finished-status-of-sdwdate-gui/5372/3
Jun 13 2018
Jun 13 2018
Jun 7 2018
Jun 7 2018
Patrick updated the task description for T791: qubes-core-admin-addon-whonix / qvm-features-request whonix-ws=1 / add anon-vm tag to whonix-ws-based VMs.
May 30 2018
May 30 2018
Patrick added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
That's technically too late during boot process. See ticket discussion
above.
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
Perhaps Qubes guys can have the entropybroker package communicate over the qrexec protocol to seed entropy from a reliable source like Dom0 to the other domains.
May 22 2018
May 22 2018
Patrick added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
Asked. Unfortunately not so.
May 18 2018
May 18 2018
HulaHoop added a comment to T727: solve the Xen entropy scarcity problem / implement something like virtio-rng into Xen upstream.
You can probably use virtio-rng since Qubes now runs on HVM mode and uses QEMU
May 9 2018
May 9 2018
Patrick renamed T792: make sure qubes-core-admin-addon-whonix gets installed from qubes-template-whonix-gw should depend on qubes-core-admin-addon-whonix to make sure qubes-core-admin-addon-whonix gets installed.
May 8 2018
May 8 2018
Patrick renamed T791: qubes-core-admin-addon-whonix / qvm-features-request whonix-ws=1 / add anon-vm tag to whonix-ws-based VMs from qvm-features-request whonix-ws 1 to qubes-core-admin-addon-whonix / qvm-features-request whonix-ws=1 / add anon-vm tag to whonix-ws-based VMs.
May 5 2018
May 5 2018
Patrick updated the task description for T792: make sure qubes-core-admin-addon-whonix gets installed.
Patrick updated the task description for T791: qubes-core-admin-addon-whonix / qvm-features-request whonix-ws=1 / add anon-vm tag to whonix-ws-based VMs.
Apr 28 2018
Apr 28 2018
Apr 12 2018
Apr 12 2018
Apr 6 2018
Apr 6 2018
Patrick closed T641: Qubes R4: install pulseaudio-qubes in Whonix 14 for audio support / pulseaudio and vlc should not be installed in sys-whonix as Resolved.
In T641#15836, @unman wrote:Installation of pulseaudio-qubes is now included in the 13-14 upgrade guide under Qubes-Whonix instructions.
Apr 4 2018
Apr 4 2018
unman added a comment to T641: Qubes R4: install pulseaudio-qubes in Whonix 14 for audio support / pulseaudio and vlc should not be installed in sys-whonix.
@Patrick
Installation of pulseaudio-qubes is now included in the 13-14 upgrade guide under Qubes-Whonix instructions.
Mar 7 2018
Mar 7 2018
Patrick renamed T641: Qubes R4: install pulseaudio-qubes in Whonix 14 for audio support / pulseaudio and vlc should not be installed in sys-whonix from install pulseaudio-qubes in Whonix 14 for audio support / pulseaudio and vlc should not be installed in sys-whonix to Qubes R4: install pulseaudio-qubes in Whonix 14 for audio support / pulseaudio and vlc should not be installed in sys-whonix.
Mar 4 2018
Mar 4 2018
A new Tor controller GUI.
Feb 16 2018
Feb 16 2018
Added the relevant icon in show_message (after resizing the sdwdate icons from mediawiki, the original are huge).
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer