Page MenuHomePhabricator
Feed All Stories

Thu, May 16

Patrick added a comment to T904: make sure there is no swap by default.

madaidan (madaidan):

madaidan added a comment.

> We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.

I can test it for that too. Where do I download it?
Thu, May 16, 12:16 PM · Whonix-Host, Whonix

Sun, May 12

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Maybe there is no need. It's just when Tails has a ticket, we should
check it at Whonix too. Thank you for looking into this, too!

Sun, May 12, 5:36 PM · research, Whonix 15, Whonix
madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

The way it is now looks fine. Why would it need to be changed?

Sun, May 12, 2:36 PM · research, Whonix 15, Whonix
madaidan added a comment to T904: make sure there is no swap by default.

We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.

Sun, May 12, 2:34 PM · Whonix-Host, Whonix
madaidan added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

Sun, May 12, 2:14 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick added a comment to T729: network hardening.

Could you please review this? @HulaHoop

Sun, May 12, 12:56 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
Patrick added a comment to T875: fix fail closed mechanism.

Seems quite hacky. What's the root cause for failing?

Sun, May 12, 12:55 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
Patrick added a comment to T904: make sure there is no swap by default.

Thanks for testing! Would have been surprising if there was.

Sun, May 12, 12:53 PM · Whonix-Host, Whonix
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

madaidan (madaidan):

madaidan added a comment.

> https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this?
Sun, May 12, 3:21 AM · research, Whonix 15, Whonix

Sat, May 11

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

Sat, May 11, 7:27 PM · research, Whonix 15, Whonix
Patrick assigned T729: network hardening to madaidan.
Sat, May 11, 1:12 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

Sat, May 11, 9:57 AM · research, Whonix 15, Whonix

Fri, May 10

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Would it cause any issues if the machine-id was just deleted or replaced with a bunch of 0s?

Fri, May 10, 7:27 PM · research, Whonix 15, Whonix
madaidan added a comment to T729: network hardening.

My pull request enables all of these except martian packet logging which I doubt would be useful on Whonix.

Fri, May 10, 7:18 PM · whonix-ws-firewall, Whonix, whonix-gw-firewall
madaidan added a comment to T770: Custom TBB profile for localhost access + Privoxy.

You can create directories in tor-browser_en-US/Browser/TorBrowser/Data/Browser/ called (profile_name).default. Here will be all the configurations for the profile. It should have a custom user.js with proxy settings using privoxy and setting network.proxy.no_proxies_on to 0.

Fri, May 10, 7:15 PM · Whonix
madaidan added a comment to T795: Customized welcome page and bookmarks for I2P / Alt TBB (keyword: homepage).

Alternatively, you could change the home page to the program's interface e.g. 127.0.0.1:7657 for I2P and start the browser with a script that creates a popup box using zenity or similar that tells the user the information.

Fri, May 10, 6:48 PM · html, whonix-welcome-page, Whonix
madaidan added a comment to T875: fix fail closed mechanism.

Maybe disable it just for package upgrades?

Fri, May 10, 6:19 PM · whonix-ws-firewall, whonix-gw-firewall, Whonix
madaidan added a comment to T904: make sure there is no swap by default.

There is none. You can run swapon -s or cat /proc/swaps to verify.

Fri, May 10, 5:55 PM · Whonix-Host, Whonix
madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

No, I mean the upstream repository thunar-volman by XFCE developers.

Fri, May 10, 5:47 PM · Whonix-Host, Whonix
Patrick added a comment to T902: disable removable drives auto-mounting - XFCE only.

madaidan (madaidan):

madaidan added a comment.

> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.

debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
Fri, May 10, 2:43 AM · Whonix-Host, Whonix

Thu, May 9

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.

Thu, May 9, 7:24 PM · Whonix-Host, Whonix
Patrick changed the status of T902: disable removable drives auto-mounting - XFCE only from Open to Review.

Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml

Thu, May 9, 3:31 AM · Whonix-Host, Whonix
Patrick updated subscribers of T902: disable removable drives auto-mounting - XFCE only.
Thu, May 9, 3:21 AM · Whonix-Host, Whonix

Wed, May 8

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Automounting can be configured in /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf

Wed, May 8, 10:27 PM · Whonix-Host, Whonix

Tue, May 7

Patrick updated the task description for T89: Whonix Control Panel.
Tue, May 7, 1:59 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Tue, May 7, 1:52 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Tue, May 7, 1:51 PM · Whonix, Apps, enhancement, usability

Sun, May 5

Patrick added a comment to T670: Activating Lockdown.

More kernel hardening:
https://github.com/Whonix/security-misc/pull/5

Sun, May 5, 11:28 PM · Debian version 10 codename Buster, Whonix

Fri, May 3

HulaHoop added a comment to T670: Activating Lockdown.

Related thread on general kernel hardening:

Fri, May 3, 6:14 PM · Debian version 10 codename Buster, Whonix
Patrick added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Does this work for you? @tempest

Fri, May 3, 12:13 PM · server-ssh-access-required, website, Whonix
Patrick renamed T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks from Proposed Download Directory Structure / download redirects / stable download links to Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Fri, May 3, 12:13 PM · server-ssh-access-required, website, Whonix
Patrick renamed T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks from Proposed Download Directory Structure to Proposed Download Directory Structure / download redirects / stable download links.
Fri, May 3, 12:08 PM · server-ssh-access-required, website, Whonix
Patrick updated the task description for T670: Activating Lockdown.
Fri, May 3, 6:41 AM · Debian version 10 codename Buster, Whonix

Thu, May 2

Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, May 2, 12:04 PM · VirtualBox, usability, Whonix

Wed, May 1

Patrick added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

HulaHoop (HulaHoop):

HulaHoop added a comment.

https://gitlab.freedesktop.org/spice/spice-protocol/issues/8
Wed, May 1, 2:25 AM · VirtualBox, usability, Whonix
Patrick added a comment to T817: install jitterentropy by default.

user@host:~/jitterentropy-20140131/tests_userspace/timing$ ./jitterentropy-inittest
Pass 10000 - Fail 0 - Rounds 10000

foldtime.O0
foldtime.O2

https://anonfile.com/g8E9mal5n6/foldtime_O2
https://anonfile.com/63H8m6l9nb/foldtime_O0

Wed, May 1, 2:23 AM · Whonix 15, Debian version 10 codename Buster, Whonix
HulaHoop added a comment to T817: install jitterentropy by default.

user@host:~/jitterentropy-20140131/tests_userspace/timing$ ./jitterentropy-inittest
Pass 10000 - Fail 0 - Rounds 10000

Wed, May 1, 2:21 AM · Whonix 15, Debian version 10 codename Buster, Whonix

Tue, Apr 30

HulaHoop added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

https://gitlab.freedesktop.org/spice/spice-protocol/issues/8

Tue, Apr 30, 11:52 PM · VirtualBox, usability, Whonix
Patrick updated the task description for T817: install jitterentropy by default.
Tue, Apr 30, 1:28 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick updated the task description for T817: install jitterentropy by default.
Tue, Apr 30, 1:27 PM · Whonix 15, Debian version 10 codename Buster, Whonix

Fri, Apr 26

Patrick added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Fri, Apr 26, 12:59 PM · VirtualBox, usability, Whonix

Thu, Apr 25

Patrick triaged T911: xfce theming as Normal priority.
Thu, Apr 25, 12:28 PM · Whonix, Whonix 15
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, Apr 25, 11:09 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, Apr 25, 11:08 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Thu, Apr 25, 11:08 AM · VirtualBox, usability, Whonix
HulaHoop added a comment to T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.

Issue was discussed by Libvirt devs on RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c4
I even linked to a secure clipboard proposal that would have given a secure clipboard functionality by copying Qubes style interaction. It went no where and was closed as WONTFIX.

Thu, Apr 25, 4:01 AM · VirtualBox, usability, Whonix

Wed, Apr 24

Patrick updated the task description for T817: install jitterentropy by default.
Wed, Apr 24, 11:05 AM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick renamed T720: post feature request for more secure clipboard sharing against VirtualBox and KVM from Better Clipboard and DragnDrop for Whonix to post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, Apr 24, 10:17 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, Apr 24, 10:07 AM · VirtualBox, usability, Whonix
Patrick updated the task description for T720: post feature request for more secure clipboard sharing against VirtualBox and KVM.
Wed, Apr 24, 10:04 AM · VirtualBox, usability, Whonix

Tue, Apr 23

Patrick updated the task description for T909: instructions how to copy Whonix Host image to disk.
Tue, Apr 23, 3:45 PM · user documentation, Whonix, Whonix-Host
Patrick triaged T910: amnesia testing of Whonix-Host in Live mode as Normal priority.
Tue, Apr 23, 3:29 PM · Whonix-Host, Whonix
Patrick triaged T909: instructions how to copy Whonix Host image to disk as Normal priority.
Tue, Apr 23, 2:38 PM · user documentation, Whonix, Whonix-Host
Patrick triaged T908: copy Whonix VM images to Whonix-Host and set up during build as Normal priority.
Tue, Apr 23, 1:41 PM · build, VirtualBox, Whonix-Host, Whonix
Patrick updated the task description for T906: encrypt Whonix-Host disk after first boot.
Tue, Apr 23, 1:20 PM · Whonix, Whonix-Host
Patrick renamed T907: resize disk image at first boot of Whonix Host from resize disk image at first boot to resize disk image at first boot of Whonix Host.
Tue, Apr 23, 12:54 PM · Whonix-Host, Whonix
Patrick triaged T907: resize disk image at first boot of Whonix Host as Normal priority.
Tue, Apr 23, 12:54 PM · Whonix-Host, Whonix
Patrick triaged T906: encrypt Whonix-Host disk after first boot as Normal priority.
Tue, Apr 23, 12:47 PM · Whonix, Whonix-Host
Patrick updated the task description for T905: emergency shutdown on USB removal.
Tue, Apr 23, 12:40 PM · Whonix-Host, Whonix
Patrick updated the task description for T905: emergency shutdown on USB removal.
Tue, Apr 23, 12:39 PM · Whonix-Host, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Tue, Apr 23, 12:39 PM · Whonix-Host, security, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Tue, Apr 23, 12:38 PM · Whonix-Host, security, Whonix
Patrick closed T485: whonix-host-qemu-kvm package has an unmet dependency. Depends: whonix-host-shared but is not installable as Invalid.

No such package anymore.

Tue, Apr 23, 12:36 PM · anon-meta-packages, Whonix-Host, Whonix
Patrick triaged T905: emergency shutdown on USB removal as Normal priority.
Tue, Apr 23, 12:31 PM · Whonix-Host, Whonix
Patrick triaged T904: make sure there is no swap by default as Normal priority.
Tue, Apr 23, 12:30 PM · Whonix-Host, Whonix
Patrick triaged T903: find new name for Hardened Debian and rename it as Normal priority.
Tue, Apr 23, 12:25 PM · Whonix-Host, Whonix
Patrick triaged T902: disable removable drives auto-mounting - XFCE only as Normal priority.
Tue, Apr 23, 12:24 PM · Whonix-Host, Whonix
Patrick triaged T901: package and test wiperam for Debian as Normal priority.
Tue, Apr 23, 12:22 PM · Whonix, Whonix-Host
mig5 added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

@Patrick I have set it to a temporary redirect now (302). In my tests in Firefox, the request is not being cached (server sends back the 302 each time according to Nginx logs)

Tue, Apr 23, 12:31 AM · server-ssh-access-required, website, Whonix

Apr 20 2019

0brand added a comment to T900: Installation and setup of Hardened Debian Linux tutorials.

Hardened Debian Linux has been added to Google Season of Docs project ideas.

Apr 20 2019, 2:47 AM · Whonix, user documentation
Herald added a project to T900: Installation and setup of Hardened Debian Linux tutorials: Whonix.
Apr 20 2019, 2:33 AM · Whonix, user documentation

Apr 19 2019

TNTBOMBOM added a comment to T869: Install Firejail by default inside Whonix.

i would say purge xpra , if someone want xpra he can install it easily.

Apr 19 2019, 12:57 PM · Whonix 15, Whonix, firejail
Patrick added a comment to T869: Install Firejail by default inside Whonix.
apt-file list xpra | grep desktop
Apr 19 2019, 12:39 PM · Whonix 15, Whonix, firejail
Patrick changed the status of T869: Install Firejail by default inside Whonix from testing-in-next-build-required to Open.

There is one issue with installing xpra:

  • it will install xpra browser (unwanted in Whonix)
  • also it has ability to connect to an outside xpra servers (unwanted in Whonix)

    launch xpra GUI or from terminal and you will find all these stuff.
Apr 19 2019, 12:31 PM · Whonix 15, Whonix, firejail
TNTBOMBOM added a comment to T803: coyIM.

also another reason why CoyIM wont come back in the near future:

Apr 19 2019, 12:29 PM · anon-meta-packages, Whonix 15, Whonix
Patrick added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Works great! Thanks @mig5!

Apr 19 2019, 12:27 PM · server-ssh-access-required, website, Whonix
TNTBOMBOM added a comment to T869: Install Firejail by default inside Whonix.

There is one issue with installing xpra:

Apr 19 2019, 12:26 PM · Whonix 15, Whonix, firejail
Patrick added a comment to T769: Add LUKS container GUI or CLI utility by default.

Merged.

Apr 19 2019, 9:41 AM · Whonix 15, Debian version 10 codename Buster

Apr 18 2019

HulaHoop added a comment to T769: Add LUKS container GUI or CLI utility by default.

I also added the cli version to the non-qubes-vm-enhancements-cli section. It is a dep of a gui install but not vice versa. Zulucrypt plugin package was added there too since enchancements-cli is a subset of enhancements-gui.

Apr 18 2019, 6:36 PM · Whonix 15, Debian version 10 codename Buster
HulaHoop added a comment to T769: Add LUKS container GUI or CLI utility by default.

https://github.com/Whonix/anon-meta-packages/pull/20/commits/0ab1a0aa4b5e22149286d6156a1816e3ca65626c

Apr 18 2019, 6:34 PM · Whonix 15, Debian version 10 codename Buster
marmarek added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

I suggest not permanent redirection, otherwise browsers may cache old version.

Apr 18 2019, 9:22 AM · server-ssh-access-required, website, Whonix
mig5 added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Edited above comment a few times to fix syntax

Apr 18 2019, 7:18 AM · server-ssh-access-required, website, Whonix
mig5 added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Added this to /etc/nginx/sites-enabled/download.whonix.org.conf:

Apr 18 2019, 7:08 AM · server-ssh-access-required, website, Whonix

Apr 17 2019

Patrick added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
In T895#18241, @mig5 wrote:

It doesn't strike me as too hard to just add a 'current' symlink pointing to the latest release?

Apr 17 2019, 6:16 PM · server-ssh-access-required, website, Whonix
Patrick updated subscribers of T803: coyIM.
Apr 17 2019, 6:09 PM · anon-meta-packages, Whonix 15, Whonix
Patrick updated subscribers of T817: install jitterentropy by default.

Could you please test https://github.com/smuellerDD/jitterentropy-rngd/issues/6#issuecomment-483191719 in Qubes / VirtualBox? @TNTBOMBOM

Apr 17 2019, 5:24 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick reopened T817: install jitterentropy by default as "Open".
Apr 17 2019, 5:23 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick reopened T803: coyIM as "Open".

Should remove coyim. Reason:

Apr 17 2019, 3:52 PM · anon-meta-packages, Whonix 15, Whonix
Patrick added a project to T803: coyIM: anon-meta-packages.
Apr 17 2019, 3:51 PM · anon-meta-packages, Whonix 15, Whonix
Patrick added a comment to T769: Add LUKS container GUI or CLI utility by default.
  • Add zulucrypt to Whonix including its extensions?
Apr 17 2019, 3:03 PM · Whonix 15, Debian version 10 codename Buster
HulaHoop added a comment to T769: Add LUKS container GUI or CLI utility by default.

zulucrypt works in Buster. Tomb does not.

Apr 17 2019, 6:08 AM · Whonix 15, Debian version 10 codename Buster

Apr 15 2019

Patrick added a comment to T817: install jitterentropy by default.

Answer by jitterentropy developer:
https://github.com/smuellerDD/jitterentropy-rngd/issues/6#issuecomment-483191719

Apr 15 2019, 12:52 PM · Whonix 15, Debian version 10 codename Buster, Whonix
mig5 added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

Another approach might be to use Nginx redirects (and a shell script or something, to maintain changes as new versions come out), so that URLs like https://download.whonix.org/ova/current/Whonix-XFCE-current.ova redirect to https://download.whonix.org/ova/14.0.1.4.4/Whonix-XFCE-14.0.1.4.4.ova . Useful?

Apr 15 2019, 12:47 AM · server-ssh-access-required, website, Whonix
mig5 added a comment to T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.

It doesn't strike me as too hard to just add a 'current' symlink pointing to the latest release?

Apr 15 2019, 12:44 AM · server-ssh-access-required, website, Whonix

Apr 14 2019

Patrick added a comment to T817: install jitterentropy by default.

consider installing jitterentropy-rngd to improve entropy collection
https://github.com/QubesOS/qubes-issues/issues/4169

Apr 14 2019, 7:00 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick added a comment to T817: install jitterentropy by default.

ask Xen developers about Efficacy of jitterentropy RNG in Xen
https://github.com/QubesOS/qubes-issues/issues/4174

Apr 14 2019, 6:56 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick added a project to T817: install jitterentropy by default: Whonix 15.
Apr 14 2019, 6:55 PM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick changed the status of T869: Install Firejail by default inside Whonix from Open to testing-in-next-build-required.

https://github.com/Whonix/anon-meta-packages/commit/45ea369055d513c07e28ac81ef113e13b33f3a5a

Apr 14 2019, 6:18 PM · Whonix 15, Whonix, firejail
Patrick closed T786: consider installing phonon4qt5-backend-null by default on Whonix-Gateway as Invalid.

Since we no longer install any KDE applications by default (such as dolphin; ark), no dependency pulls phonon anymore so in extension nothing pulls vlc anything anymore. Therefore this is no longer needed.

Apr 14 2019, 5:50 PM · Whonix, anon-meta-packages, Whonix 15
Patrick closed T880: disable maximize window when moving to the top as Resolved.

Awesome!

Apr 14 2019, 4:59 PM · Whonix 15, whonix-xfce-desktop-config, Whonix, Whonix 14