Page MenuHomePhabricator

Patrick (Patrick Schleizer)
a maintainer of WhonixAdministrator

User Details

User Since
Nov 20 2014, 4:36 PM (269 w, 4 d)
Roles
Administrator

Recent Activity

Yesterday

Patrick added a comment to T868: mediawiki fixes #2.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

**too  much whitespace**
This is unnecessary whitespace from the html line:
  <h5 id="siteSub" class="subtitle"></h5>
which shows nothing + padding all h5's get.
The proper way, I presume, is to tell mediawiki to not display "subtitle", whatever that is. It seems to be similar to "tagline" which is set to "From Whonix" and outputted in html but set to hidden via css (dumb but whatever).
Mon, Jan 20, 1:08 PM · Whonix, website

Sat, Jan 18

Patrick closed T470: Whonix home page redesign as Resolved.
Sat, Jan 18, 1:22 PM · html, Whonix, user documentation
Patrick updated the task description for T868: mediawiki fixes #2.
Sat, Jan 18, 12:42 PM · Whonix, website
Patrick added a comment to T868: mediawiki fixes #2.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

**clickable expand button inside text**
Done. Check: https://www.whonix.org/wiki/Template:Reload_Tor
Sat, Jan 18, 12:39 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Sat, Jan 18, 12:14 PM · Whonix, website
Patrick added a comment to T868: mediawiki fixes #2.

replace Menu bar with hardcoded links
Isn't this a mediawiki configuration option? It should have basic nav choices.

Sat, Jan 18, 12:14 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Sat, Jan 18, 12:12 PM · Whonix, website
Patrick added a comment to T868: mediawiki fixes #2.

two separate pre tags get intermingled and shown as one box
Can you link me to an example (or create a page with one)?

Sat, Jan 18, 12:12 PM · Whonix, website

Fri, Jan 17

Patrick updated the task description for T868: mediawiki fixes #2.
Fri, Jan 17, 9:03 AM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Fri, Jan 17, 8:40 AM · Whonix, website

Wed, Jan 15

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.
In T950#19249, @Patrick wrote:

The loader of tirdad is currently using dmesg.

Wed, Jan 15, 12:11 PM · Whonix 15, security-misc, Whonix

Tue, Jan 7

Patrick updated the task description for T868: mediawiki fixes #2.
Tue, Jan 7, 6:39 AM · Whonix, website

Wed, Jan 1

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

The loader of tirdad is currently using dmesg.

Wed, Jan 1, 12:31 PM · Whonix 15, security-misc, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

quiet

Wed, Jan 1, 12:05 PM · Whonix 15, security-misc, Whonix

Thu, Dec 26

Patrick edited projects for T953: extrepo - safely adding repos, added: Whonix 15; removed Restricted Project.
Thu, Dec 26, 4:06 PM · Whonix 15, Whonix
Patrick triaged T953: extrepo - safely adding repos as Normal priority.
Thu, Dec 26, 4:05 PM · Whonix 15, Whonix

Wed, Dec 25

Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Wed, Dec 25, 10:39 AM · Whonix 15, security-misc, Whonix
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Wed, Dec 25, 10:38 AM · Whonix 15, security-misc, Whonix

Tue, Dec 24

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Still wondering if initramfs modification this can be avoided... Still wondering if kernel.printk can be set through a kernel parameter. Looking again at https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt...

Tue, Dec 24, 6:24 PM · Whonix 15, security-misc, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Sounds good.

Tue, Dec 24, 5:54 PM · Whonix 15, security-misc, Whonix
Patrick closed T943: make /boot and /lib/modules unreadable even for root as Resolved.

Would an audit denyrule for /boot be useful for the sake of audit?

Tue, Dec 24, 4:49 PM · security, apparmor-profile-everything, Whonix
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

I guess because a sysctl.d drop-in config file is easy and catches most.
initramfs hook covers only initramfs users. Not dracut. But
security-misc initramfs hook sounds good enough. dracut support can
come later, if ever. Please implement.

Tue, Dec 24, 4:47 PM · Whonix 15, security-misc, Whonix
Patrick added a comment to T943: make /boot and /lib/modules unreadable even for root.

Still need to add /boot to https://github.com/Whonix/apparmor-profile-everything/blob/master/etc/apparmor.d/abstractions/dangerous-files? Currently cannot find it there.

Tue, Dec 24, 12:17 PM · security, apparmor-profile-everything, Whonix
Patrick closed T937: make /boot and /lib/modules unreadable for non-root users as Resolved.
Tue, Dec 24, 12:15 PM · Whonix, security-misc
Patrick closed T945: /etc/default/grub.d/40_kernel_hardening.cfg fails to detect kernel upgrade as Resolved.

https://github.com/Whonix/security-misc/commit/ede536913daa0c7ddfe55e20c93d7b752daa5de3

Tue, Dec 24, 12:15 PM · Whonix, security-misc
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Yes. Probably both. initramfs for apparmor-profile-everything users and
/etc/sysctl.d/ security-misc.

Tue, Dec 24, 12:02 PM · Whonix 15, security-misc, Whonix

Mon, Dec 23

Patrick triaged T952: warn against superadmin / superroot in grub boot menu or initramfs as Normal priority.
Mon, Dec 23, 4:00 PM · Whonix 16, apparmor-profile-everything, Whonix
Patrick triaged T951: sign kernel modules as Normal priority.
Mon, Dec 23, 3:15 PM · Whonix 16, security-misc, Whonix
Patrick updated the task description for T670: Activating Lockdown.
Mon, Dec 23, 3:14 PM · Debian version 10 codename Buster, Whonix
Patrick triaged T950: set kernel.printk sysctl to prevent kernel info leaks as Normal priority.
Mon, Dec 23, 2:19 PM · Whonix 15, security-misc, Whonix
Patrick updated subscribers of T949: easy remote support VNC alternative, NX, SPICE, X2Go, Remmina.
Mon, Dec 23, 2:14 PM · Whonix, usability
Patrick triaged T949: easy remote support VNC alternative, NX, SPICE, X2Go, Remmina as Normal priority.
Mon, Dec 23, 2:14 PM · Whonix, usability
Patrick triaged T948: /tmp etc. separation through polyinstantiation by using namespaces.conf as Normal priority.
Mon, Dec 23, 2:09 PM · research, Whonix, security-misc
Patrick triaged T947: Qubes-Whonix eth1 static networking as Normal priority.
Mon, Dec 23, 2:03 PM · Whonix 15, Whonix
Patrick triaged T946: test sdwdate apparmor profile and set to complain mode as Normal priority.
Mon, Dec 23, 2:01 PM · sdwdate, Whonix, Whonix 15
Patrick triaged T945: /etc/default/grub.d/40_kernel_hardening.cfg fails to detect kernel upgrade as Normal priority.
Mon, Dec 23, 1:53 PM · Whonix, security-misc

Dec 22 2019

Patrick updated subscribers of T12: virtualizer: enforce maximum system resources a virtual machine may use.

cgroups were mentioned by @madaidan

Dec 22 2019, 9:26 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Dec 11 2019

Patrick edited Description on whonix-gw-firewall.
Dec 11 2019, 9:48 AM
Patrick edited Description on whonix-ws-firewall.
Dec 11 2019, 9:47 AM
Patrick renamed T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables from Consider nftables as a replacement for iptables to Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Dec 11 2019, 2:11 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Or skip nftables and use Berkeley Packet Filter (BPF)?

Dec 11 2019, 2:10 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research
Patrick updated the task description for T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.
Dec 11 2019, 2:09 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Dec 7 2019

Patrick renamed T937: make /boot and /lib/modules unreadable for non-root users from make /boot unreadable for non-root users to make /boot and /lib/modules unreadable for non-root users.
Dec 7 2019, 9:14 AM · Whonix, security-misc
Patrick renamed T943: make /boot and /lib/modules unreadable even for root from make /boot unreadable even for root to make /boot and /lib/modules unreadable even for root.
Dec 7 2019, 9:14 AM · security, apparmor-profile-everything, Whonix
Patrick triaged T943: make /boot and /lib/modules unreadable even for root as Normal priority.
Dec 7 2019, 9:13 AM · security, apparmor-profile-everything, Whonix

Dec 5 2019

Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:16 PM · Whonix, security
Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:12 PM · Whonix, security
Patrick renamed T941: lock down interpreters / compilers (interpreter lock) (compiler lock) from lock down interpreters (interpreter lock) to lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:12 PM · Whonix, security
Patrick updated the task description for T941: lock down interpreters / compilers (interpreter lock) (compiler lock).
Dec 5 2019, 4:07 PM · Whonix, security
Patrick triaged T942: polish Whonix Host Firewall for Whonix Host as Normal priority.
Dec 5 2019, 4:04 PM · security, Whonix, Whonix-Host
Patrick renamed T941: lock down interpreters / compilers (interpreter lock) (compiler lock) from lock down interpreters to lock down interpreters (interpreter lock).
Dec 5 2019, 3:51 PM · Whonix, security
Patrick triaged T941: lock down interpreters / compilers (interpreter lock) (compiler lock) as Normal priority.
Dec 5 2019, 3:51 PM · Whonix, security
Patrick updated the task description for T940: grub boot password.
Dec 5 2019, 3:35 PM · security, Whonix-Host, Whonix
Patrick triaged T940: grub boot password as Normal priority.
Dec 5 2019, 3:22 PM · security, Whonix-Host, Whonix
Patrick updated the task description for T868: mediawiki fixes #2.
Dec 5 2019, 9:14 AM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Dec 5 2019, 9:13 AM · Whonix, website
Patrick updated the task description for T771: install magic-wormhole by default / Implementing an Onionshare alternative.
Dec 5 2019, 6:57 AM · Whonix 14, Whonix, Whonix 15

Nov 25 2019

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 25 2019, 1:32 PM · C Code, security, Whonix

Nov 23 2019

Patrick closed T938: request apparmor environment scrubbing whitelist from AppArmor upstream as Resolved.

Awesome!

Nov 23 2019, 5:53 PM · apparmor-profile-everything, AppArmor, Whonix
Patrick triaged T939: file permissions hardening lockdown as Normal priority.
Nov 23 2019, 5:25 PM · Whonix, security-misc
Patrick triaged T938: request apparmor environment scrubbing whitelist from AppArmor upstream as Normal priority.
Nov 23 2019, 5:23 PM · apparmor-profile-everything, AppArmor, Whonix
Patrick added a member for security-misc: madaidan.
Nov 23 2019, 5:20 PM
Patrick triaged T937: make /boot and /lib/modules unreadable for non-root users as Normal priority.
Nov 23 2019, 5:19 PM · Whonix, security-misc
Patrick closed T936: apparmor-profile-everything breaks Qubes upgrading as Resolved.
Nov 23 2019, 5:07 PM · apparmor-profile-everything, Qubes, AppArmor, Whonix
Patrick added a project to T936: apparmor-profile-everything breaks Qubes upgrading : apparmor-profile-everything.
Nov 23 2019, 5:07 PM · apparmor-profile-everything, Qubes, AppArmor, Whonix
Patrick added a member for apparmor-profile-everything: madaidan.
Nov 23 2019, 5:07 PM
Patrick created apparmor-profile-everything.
Nov 23 2019, 5:06 PM
Patrick added a comment to T936: apparmor-profile-everything breaks Qubes upgrading .

Could you add to git please?

Nov 23 2019, 4:41 PM · apparmor-profile-everything, Qubes, AppArmor, Whonix
Patrick added a comment to T936: apparmor-profile-everything breaks Qubes upgrading .

Works.

Nov 23 2019, 4:38 PM · apparmor-profile-everything, Qubes, AppArmor, Whonix
Patrick triaged T936: apparmor-profile-everything breaks Qubes upgrading as Normal priority.
Nov 23 2019, 4:16 PM · apparmor-profile-everything, Qubes, AppArmor, Whonix

Nov 21 2019

Patrick updated the task description for T470: Whonix home page redesign.
Nov 21 2019, 8:56 PM · html, Whonix, user documentation
Patrick closed T588: improve Troubleshooting / Test as Resolved.

Good enough.

Nov 21 2019, 8:55 PM · Whonix, user documentation
Patrick closed T621: Combatting sclockadj's log spam as Resolved.

Not a problem anymore.

Nov 21 2019, 8:54 PM · Debian version 10 codename Buster, Whonix, research

Nov 16 2019

Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 11:20 AM · C Code, security, Whonix
Patrick added a comment to T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 11:19 AM · C Code, security, Whonix
Patrick updated the task description for T543: TCP ISNs and Temperature induced clock skews.
Nov 16 2019, 11:18 AM · C Code, security, Whonix

Nov 8 2019

Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 4:50 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 4:21 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:59 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:58 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:57 PM · Whonix, website
Patrick closed T809: mediawiki fixes as Resolved.

Migrated remaining task to T868.

Nov 8 2019, 3:56 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:56 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:53 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:52 PM · Whonix, website
Patrick updated the task description for T868: mediawiki fixes #2.
Nov 8 2019, 3:51 PM · Whonix, website

Nov 6 2019

Patrick updated subscribers of T362: systemd SystemCallFilter= containment option seccomp hardening.
Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T362: systemd SystemCallFilter= containment option seccomp hardening as Resolved.

This was done. If not, please create specific tickets where it isn't done.

Nov 6 2019, 3:34 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick closed T444: test if Ricochet IM instructions are functional as Invalid.

https://www.whonix.org/wiki/Chat#Ricochet_IM

Nov 6 2019, 3:33 AM · onion-grater (Control Port Filter Proxy), research, Whonix

Nov 4 2019

Patrick closed T918: mediawiki extensions to install for better links as Resolved.

Installed. See screenshot on how to use:

Nov 4 2019, 3:33 PM · server-ssh-access-required, Whonix, website

Nov 3 2019

Patrick updated the task description for T935: add Whonix newsletter.
Nov 3 2019, 8:33 AM · Whonix, website
Patrick updated subscribers of T935: add Whonix newsletter.
Nov 3 2019, 8:33 AM · Whonix, website
Patrick triaged T935: add Whonix newsletter as Normal priority.
Nov 3 2019, 8:32 AM · Whonix, website

Oct 25 2019

Patrick closed T934: fix whonix-wiki-html backup / fix scrape-whonix-wiki.sh as Resolved.
Oct 25 2019, 1:38 PM · website, Whonix
Patrick added a comment to T934: fix whonix-wiki-html backup / fix scrape-whonix-wiki.sh.

Sitemap was broken. May be unrelated to https://github.com/WhonixBOT/whonix-wiki-html/blob/master/scrape-whonix-wiki.sh. Just a follow up issue. Not cause. In progress of fixing this.

Oct 25 2019, 12:30 PM · website, Whonix
Patrick triaged T934: fix whonix-wiki-html backup / fix scrape-whonix-wiki.sh as Normal priority.
Oct 25 2019, 12:00 PM · website, Whonix
Patrick triaged T933: fix offline documentation - pdfbook as Normal priority.
Oct 25 2019, 11:53 AM · Whonix, website
Patrick triaged T932: fix Git-Mediawiki whonix-wiki-backup as Normal priority.
Oct 25 2019, 11:50 AM · Whonix, website

Oct 23 2019

Patrick updated the task description for T868: mediawiki fixes #2.
Oct 23 2019, 4:00 PM · Whonix, website

Oct 21 2019

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

NonaSuomy:

Added requested NFTables example from duclicsic #netfilter freenode.

Oct 21 2019, 7:33 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research