Page MenuHomePhabricator
Feed Advanced Search

Fri, Jul 19

Patrick placed T896: Hidden onion services GUI in sys-whonix up for grabs.
Fri, Jul 19, 10:47 AM · qubes-whonix, usability, Whonix
Patrick added a comment to T896: Hidden onion services GUI in sys-whonix.

https://forums.whonix.org/t/focus-on-whonix-core-development/5036

Fri, Jul 19, 10:47 AM · qubes-whonix, usability, Whonix

Tue, Jul 16

Patrick added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Can you give some more context here?

Tue, Jul 16, 12:42 AM · whonix-base-files, live-mode, Whonix, Whonix 15

Mon, Jul 15

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Mon, Jul 15, 6:23 PM · whonix-base-files, live-mode, Whonix, Whonix 15

Sun, Jul 14

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Sun, Jul 14, 9:29 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick updated subscribers of T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Sun, Jul 14, 8:42 AM · whonix-base-files, live-mode, Whonix, Whonix 15

Thu, Jul 11

Patrick created T924: rename to bullseye-security.
Thu, Jul 11, 9:12 AM · anon-apt-sources-list, Whonix, Debian version 11 codename Bullseye

Mon, Jul 8

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Mon, Jul 8, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sun, Jul 7

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Sun, Jul 7, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jul 6

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T600: Integrating Guix/Nix Package Manager.

Any update?

Sat, Jul 6, 12:40 PM · Whonix, packaging, research
Patrick added a comment to T622: Run unMessage on Whonix.

Dead upstream.

Sat, Jul 6, 12:34 PM · Whonix
Patrick added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.

Any idea? @marmarek

Sat, Jul 6, 12:32 PM · Whonix 16, Whonix, qubes-whonix
Patrick closed T859: test as Resolved.
Sat, Jul 6, 12:31 PM · Whonix, Restricted Project
Patrick added a comment to T904: make sure there is no swap by default.

There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.

Sat, Jul 6, 12:30 PM · Whonix-Host, Whonix
Patrick added a comment to T654: create an unMessage onion-grater profile.

Dead upstream.

Sat, Jul 6, 12:28 PM · Whonix, onion-grater (Control Port Filter Proxy)

Thu, Jul 4

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Thu, Jul 4, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Thu, Jul 4, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Wed, Jul 3

Patrick updated subscribers of T670: Activating Lockdown.

Could you test this please by installing in VM and/or host please? @madaidan

Wed, Jul 3, 8:45 AM · Debian version 10 codename Buster, Whonix

Mon, Jul 1

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Mon, Jul 1, 10:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jun 29

Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Sat, Jun 29, 12:13 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Thu, Jun 27

Patrick added a comment to T818: simplify tb-starter function tb_detect_starter_bin.

Blocked by Qubes.
Qubes start menu incompatible with DispVMs launching GUI applications into the background
https://github.com/QubesOS/qubes-issues/issues/5129

Thu, Jun 27, 3:26 PM · Whonix, Whonix 16, tb-starter
Patrick added a comment to T923: Some texts on whonix connection wizard are truncated.

marmarek (Marek Marczykowski-Górecki):

Is there a reason for fixed geometry of those widgets, instead of letting Qt figure it out based on the content?

Thu, Jun 27, 2:40 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick added a project to T923: Some texts on whonix connection wizard are truncated: anon-connection-wizard.

I have no idea why this started happening without changes. Perhaps due to underlying libraries changes. Anyhow, fixed in git master.

Thu, Jun 27, 2:15 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Thu, Jun 27, 12:59 PM · anon-meta-packages, research, Whonix
Patrick updated the task description for T689: use whonixcheck Whonix News to count Whonix users.
Thu, Jun 27, 12:51 PM · Whonix 14, Whonix, whonixcheck
Patrick removed a project from T912: qubes integration tools missing: Whonix 15.
Thu, Jun 27, 10:53 AM · Whonix, Qubes
Patrick added a comment to T912: qubes integration tools missing.

Work for me too in new build https://forums.whonix.org/t/qubes-whonix-15-templatevms-debian-buster-based-4-0-1-201906232114-testers-wanted/7601

Thu, Jun 27, 10:53 AM · Whonix, Qubes
Patrick added a comment to T769: Add LUKS container GUI or CLI utility by default.

Does this work in https://forums.whonix.org/t/whonix-virtualbox-15-0-0-3-3-debian-buster-based-testers-wanted/7604? @HulaHoop

Thu, Jun 27, 10:42 AM · Whonix 15, Debian version 10 codename Buster
Patrick removed a project from T891: upgrade build_sources/rpi-preferences for Debian 10/ buster: Whonix 15.
Thu, Jun 27, 10:35 AM · build, Whonix
Patrick added a comment to T869: Install Firejail by default inside Whonix.

Implementation looks good enough for now.

Thu, Jun 27, 10:34 AM · Whonix 15, Whonix, firejail
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Will keep watching what Tails is doing.

Thu, Jun 27, 10:33 AM · Whonix 16, research, Whonix
Patrick edited projects for T582: revisit handling of /var/lib/dbus/machine-id, added: Whonix 16; removed Whonix 15.
Thu, Jun 27, 10:33 AM · Whonix 16, research, Whonix
Patrick removed a project from T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: Whonix 15.
Thu, Jun 27, 10:32 AM · anon-connection-wizard, python, Whonix
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

Seems ok after full removal and re-creation.

Thu, Jun 27, 10:31 AM · Whonix 15, Whonix, qubes-template-whonix
Patrick added a comment to T818: simplify tb-starter function tb_detect_starter_bin.

https://github.com/Whonix/tb-starter/commit/11ed26d14ed308891db5fc366a1002da41bdd3c1

Thu, Jun 27, 9:13 AM · Whonix, Whonix 16, tb-starter
Patrick edited projects for T921: Installing git-all will delete some Whonix packages , added: Whonix 16, anon-meta-packages; removed Whonix 15.
Thu, Jun 27, 9:01 AM · anon-meta-packages, Whonix 16

Tue, Jun 25

Patrick added a comment to T869: Install Firejail by default inside Whonix.

Xpra is only used for GUI isolation.

Tue, Jun 25, 3:00 PM · Whonix 15, Whonix, firejail

Mon, Jun 24

Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Mon, Jun 24, 3:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T921: Installing git-all will delete some Whonix packages .

runit-sysv is incompatible with Whonix and Qubes Debian template. Even sudo apt install runit-sysv --no-install-recommends would uninstall some Whonix or Qubes packages.

Mon, Jun 24, 12:52 AM · anon-meta-packages, Whonix 16
Patrick updated subscribers of T921: Installing git-all will delete some Whonix packages .

git-all also breaks Qubes Debian buster template. @marmarek

Mon, Jun 24, 12:42 AM · anon-meta-packages, Whonix 16
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

Another workaround with full git-all functionality that does not break Whonix:

Mon, Jun 24, 12:37 AM · anon-meta-packages, Whonix 16
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

Another workaround:

Mon, Jun 24, 12:32 AM · anon-meta-packages, Whonix 16
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

Workaround:
While this should be fixed, note, meanwhile the following works perfectly well for general use of git (I did not ever had any situation where I was missing any features):

Mon, Jun 24, 12:30 AM · anon-meta-packages, Whonix 16
Patrick added a project to T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: anon-connection-wizard.
Mon, Jun 24, 12:21 AM · anon-connection-wizard, python, Whonix
Patrick added a project to T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: python.
Mon, Jun 24, 12:20 AM · anon-connection-wizard, python, Whonix

Sun, Jun 23

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?

Sun, Jun 23, 7:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

sudo journalctl -f in dom0 does not show anything when running qvm-sync-appmenus whonix-gw-15 in dom0.

Sun, Jun 23, 12:21 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

QVMM applications tab looks good btw. Just the default applications listed in Qubes start menu (without ever using QVMM applications tab) is not properly populated.

Sun, Jun 23, 12:19 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick updated subscribers of T631: re-enable tor-controlport-filter.service systemd hardening.

Does not work yet. @madaidan

Sun, Jun 23, 10:27 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Fri, Jun 21

Patrick added a comment to T521: simplify https://www.whonix.org/wiki/Documentation.

https://forums.whonix.org/t/splitting-whonix-documentation-into-a-short-and-long-edition-for-better-usability/1861/53?u=patrick

Fri, Jun 21, 1:34 PM · Whonix, user documentation, usability

Jun 21 2019

Patrick added a comment to T400: re-implement Tor Browser local version number detection.

https://github.com/Whonix/tb-updater/commit/36561b7f8b54605ea33f4842930f2cdabcd17365

Jun 21 2019, 5:05 AM · usability, Whonix, tb-updater

Jun 20 2019

Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

sys-whonix shows sdwdate-gui.desktop by default but not

Jun 20 2019, 4:22 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick updated subscribers of T912: qubes integration tools missing.

Any idea why these are missing? @marmarek

Jun 20 2019, 4:18 PM · Whonix, Qubes
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

anon-whonix / sys-whonix lacks a lot entries.

Jun 20 2019, 3:51 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick added a comment to T912: qubes integration tools missing.
  • Copy to VM
  • Move to VM
  • Create Archive...
Jun 20 2019, 2:03 PM · Whonix, Qubes
Patrick updated the task description for T912: qubes integration tools missing.
Jun 20 2019, 1:56 PM · Whonix, Qubes
Patrick added a comment to T869: Install Firejail by default inside Whonix.

The problem is, xpra (actually xpra | xserver-xephyr | xvfb) isn't in the list of Recommends: of the firejail package by accident. We don't really know the rationale of that. Could be an optional dependency and without it, some things someone who knows firejail who is happy to find it installed would wonder why it actually does not work.

Jun 20 2019, 7:08 AM · Whonix 15, Whonix, firejail
Patrick closed T817: install jitterentropy by default as Resolved.
Jun 20 2019, 6:59 AM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick updated the task description for T920: consider /etc/xdg/xfce4/ defaults.
Jun 20 2019, 6:53 AM · Whonix 15, security-misc, Whonix, whonix-xfce-desktop-config

Jun 15 2019

Patrick updated the task description for T918: mediawiki extensions to install for better links.
Jun 15 2019, 4:15 AM · server-ssh-access-required, website, Whonix

Jun 14 2019

Patrick changed the status of T769: Add LUKS container GUI or CLI utility by default from Open to testing-in-next-build-required.
Jun 14 2019, 3:31 PM · Whonix 15, Debian version 10 codename Buster
Patrick edited projects for T803: coyIM, added: Whonix 16; removed Whonix 15.
Jun 14 2019, 3:30 PM · Whonix 16, anon-meta-packages, Whonix
Patrick created T920: consider /etc/xdg/xfce4/ defaults.
Jun 14 2019, 3:23 PM · Whonix 15, security-misc, Whonix, whonix-xfce-desktop-config
Patrick added a project to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time: whonix-base-files.
Jun 14 2019, 3:00 PM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jun 14 2019, 2:57 PM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick created T919: Whonix Live Branding.
Jun 14 2019, 2:54 PM · live-mode, Whonix
Patrick added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

Probably, when the package is getting updated, it disables the firewall for a minute so it can apply the updates and the fail closed mechanism kicks in.

Jun 14 2019, 1:21 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick created T918: mediawiki extensions to install for better links.
Jun 14 2019, 12:29 PM · server-ssh-access-required, website, Whonix
Patrick created T917: whonix.org server SSL settings enhancement.
Jun 14 2019, 12:20 PM · website, server-ssh-access-required, whonix.org server admin, Whonix
Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jun 14 2019, 11:51 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick added a project to T916: improve sdwdate connectivity check: whonixcheck.
Jun 14 2019, 11:40 AM · whonixcheck, sdwdate-gui, Whonix, sdwdate
Patrick created T916: improve sdwdate connectivity check.
Jun 14 2019, 11:37 AM · whonixcheck, sdwdate-gui, Whonix, sdwdate
Patrick created T915: sdwdate connectivity check host support.
Jun 14 2019, 11:34 AM · Whonix-Host, Whonix
Patrick created T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.
Jun 14 2019, 11:27 AM · live-mode, Whonix
Patrick created T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jun 14 2019, 11:24 AM · whonix-base-files, live-mode, Whonix, Whonix 15
Patrick added a comment to T912: qubes integration tools missing.

Might be fixed with upgrades / (over) next Qubes-Whonix images.

Jun 14 2019, 11:21 AM · Whonix, Qubes
Patrick created T912: qubes integration tools missing.
Jun 14 2019, 11:20 AM · Whonix, Qubes
Patrick closed T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks as Resolved.
Jun 14 2019, 11:18 AM · server-ssh-access-required, website, Whonix

May 22 2019

Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
May 22 2019, 6:51 PM · VirtualBox, usability, Whonix
Patrick added a comment to T803: coyIM.

@Patrick were you able to reproduce this?

May 22 2019, 6:45 PM · Whonix 16, anon-meta-packages, Whonix

May 16 2019

Patrick added a comment to T904: make sure there is no swap by default.

madaidan (madaidan):

madaidan added a comment.

> We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.
I can test it for that too. Where do I download it?
May 16 2019, 12:16 PM · Whonix-Host, Whonix

May 12 2019

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Maybe there is no need. It's just when Tails has a ticket, we should
check it at Whonix too. Thank you for looking into this, too!

May 12 2019, 5:36 PM · Whonix 16, research, Whonix
Patrick added a comment to T729: network hardening.

Could you please review this? @HulaHoop

May 12 2019, 12:56 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
Patrick added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

May 12 2019, 12:55 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick added a comment to T904: make sure there is no swap by default.

Thanks for testing! Would have been surprising if there was.

May 12 2019, 12:53 PM · Whonix-Host, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

madaidan (madaidan):

madaidan added a comment.

> https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.
Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this?
May 12 2019, 3:21 AM · Whonix 16, research, Whonix

May 11 2019

Patrick assigned T729: network hardening to madaidan.
May 11 2019, 1:12 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

May 11 2019, 9:57 AM · Whonix 16, research, Whonix

May 10 2019

Patrick added a comment to T902: disable removable drives auto-mounting - XFCE only.

madaidan (madaidan):

madaidan added a comment.

> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.
debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
May 10 2019, 2:43 AM · Whonix, Whonix-Host

May 9 2019

Patrick changed the status of T902: disable removable drives auto-mounting - XFCE only from Open to Review.

Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml

May 9 2019, 3:31 AM · Whonix, Whonix-Host
Patrick updated subscribers of T902: disable removable drives auto-mounting - XFCE only.
May 9 2019, 3:21 AM · Whonix, Whonix-Host

May 7 2019

Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:59 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:52 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:51 PM · Whonix, Apps, enhancement, usability

May 5 2019

Patrick added a comment to T670: Activating Lockdown.

More kernel hardening:
https://github.com/Whonix/security-misc/pull/5

May 5 2019, 11:28 PM · Debian version 10 codename Buster, Whonix

May 3 2019

Patrick added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Does this work for you? @tempest

May 3 2019, 12:13 PM · server-ssh-access-required, website, Whonix