Page MenuHomePhabricator

Patrick (Patrick Schleizer)
a maintainer of WhonixAdministrator

User Details

User Since
Nov 20 2014, 4:36 PM (256 w, 12 h)
Roles
Administrator

Recent Activity

Sun, Oct 6

Patrick closed T596: keep an eye on kloak anti keystroke deanonymization tool as Resolved.

Implemented for some time now.

Sun, Oct 6, 9:54 PM · Whonix 16, security, Whonix
Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.
Sun, Oct 6, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research
Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Sun, Oct 6, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, Whonix, research

Sat, Sep 28

Patrick added a project to T930: whonix.SdwdateStatus service starts VMs that were killed: sdwdate-gui.
Sat, Sep 28, 10:44 AM · sdwdate-gui, Whonix

Mon, Sep 23

Patrick updated the task description for T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Mon, Sep 23, 10:10 AM · server-ssh-access-required, website, Whonix
Patrick updated the task description for T895: Proposed Download Directory Structure / download redirects / stable download links / permalinks.
Mon, Sep 23, 10:09 AM · server-ssh-access-required, website, Whonix

Sep 14 2019

Patrick updated the task description for T89: Whonix Control Panel.
Sep 14 2019, 7:45 PM · Whonix, Apps, enhancement, usability

Aug 31 2019

Patrick triaged T929: Whonix XFCE Wallpaper / Background Image as Normal priority.
Aug 31 2019, 3:50 PM · Whonix 16, Whonix, whonix-xfce-desktop-config
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:49 PM · Whonix, live-mode
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:49 PM · Whonix, live-mode
Patrick updated the task description for T919: Whonix Live Branding.
Aug 31 2019, 3:47 PM · Whonix, live-mode

Aug 23 2019

Patrick renamed T900: Installation and setup of Kicksecure tutorials from Installation and setup of Hardened Debian Linux tutorials to Installation and setup of Kicksecure tutorials.
Aug 23 2019, 2:20 PM · user documentation, Whonix

Aug 21 2019

Patrick changed the status of T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on from Open to testing-in-next-build-required.

Should work on manual invocation.

Aug 21 2019, 9:13 AM · Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

For the record, this is the diff being generated.

Aug 21 2019, 8:38 AM · Whonix-Host, whonix-libvirt, live-mode, Whonix

Aug 19 2019

Patrick triaged T928: install xfce4-power-manager on Whonix Host and Kicksecure Host as Normal priority.
Aug 19 2019, 4:22 PM · whonix-libvirt, live-mode, Whonix-Host, Whonix
Patrick closed T903: find new name for Hardened Debian and rename it as Resolved.

https://forums.whonix.org/t/hardened-debian-security-focused-linux-distribution-based-on-debian-in-development-feedback-wanted/5943/30?u=patrick

Aug 19 2019, 4:20 PM · Whonix-Host, Whonix
Patrick added projects to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on: whonix-libvirt, Whonix-Host.
Aug 19 2019, 3:47 PM · Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick claimed T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.
Aug 19 2019, 3:45 PM · Whonix-Host, whonix-libvirt, live-mode, Whonix
Patrick added a comment to T914: Whonix Host Live - enable KVM readonly mode - virt-xml vm-name --edit --disk readonly=on.

By default, the VMs do not start because the virtual disks are not set to readonly. This is only needed when using the ISO though. Might stay this way as long as the user is correctly advised to change to set the disk to readonly mode.

Aug 19 2019, 3:45 PM · Whonix-Host, whonix-libvirt, live-mode, Whonix

Aug 17 2019

Patrick created T927: port to /etc/apparmor.d/abstractions.d in Debian 11 bullseye.
Aug 17 2019, 9:15 AM · Debian version 11 codename Bullseye, Whonix

Aug 16 2019

Patrick updated the task description for T911: xfce theming.
Aug 16 2019, 4:22 PM · Whonix, Whonix 15

Aug 11 2019

Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Aug 11 2019, 2:13 PM · anon-meta-packages, research, Whonix

Aug 9 2019

Patrick added a comment to T215: install electrum bitcoin thin client by default?.

install electrum appimage by default:
https://github.com/Whonix/anon-meta-packages/commit/71d40f5316ee7eb38eb04142d80d23c56a48407b

Aug 9 2019, 11:50 AM · anon-meta-packages, research, Whonix

Jul 27 2019

Patrick added a project to T803: coyIM: Debian version 11 codename Bullseye.
Jul 27 2019, 1:27 PM · Debian version 11 codename Bullseye, Whonix 16, anon-meta-packages, Whonix
Patrick added a comment to T912: qubes integration tools missing.

Looks like mine.

Jul 27 2019, 1:25 PM · Qubes, Whonix

Jul 25 2019

Patrick added a project to T926: TBB removed obfs3 support But still in ACW: graphical user interface.
Jul 25 2019, 5:10 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: python.
Jul 25 2019, 5:10 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick added a project to T926: TBB removed obfs3 support But still in ACW: anon-connection-wizard.
Jul 25 2019, 5:09 PM · graphical user interface, python, anon-connection-wizard, Whonix
Patrick edited projects for T921: Installing git-all will delete some Whonix packages , added: Whonix; removed anon-meta-packages, Whonix 16.
Jul 25 2019, 5:08 PM · Whonix
Patrick updated the task description for T921: Installing git-all will delete some Whonix packages .
Jul 25 2019, 5:08 PM · Whonix
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

remove qubes-core-agent dependency on initscripts
https://github.com/QubesOS/qubes-issues/issues/5133

Jul 25 2019, 5:08 PM · Whonix

Jul 21 2019

Patrick added a comment to T925: whonixcheck false positive in check_journal.

Done in git master.

Jul 21 2019, 6:29 PM · Whonix
Patrick added a comment to T925: whonixcheck false positive in check_journal.

Sounds good?

Jul 21 2019, 6:07 PM · Whonix
Patrick added a comment to T925: whonixcheck false positive in check_journal.
journal keeps metadata about each message, so it's possible to avoid it with `journalctl -p err -b` (I've added `-b` to avoid listing messages from previous boot).
Jul 21 2019, 3:11 PM · Whonix

Jul 19 2019

Patrick placed T896: Hidden onion services GUI in sys-whonix up for grabs.
Jul 19 2019, 10:47 AM · qubes-whonix, usability, Whonix
Patrick added a comment to T896: Hidden onion services GUI in sys-whonix.

https://forums.whonix.org/t/focus-on-whonix-core-development/5036

Jul 19 2019, 10:47 AM · qubes-whonix, usability, Whonix

Jul 16 2019

Patrick added a comment to T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.

Can you give some more context here?

Jul 16 2019, 12:42 AM · whonix-base-files, live-mode, Whonix 15, Whonix

Jul 15 2019

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 15 2019, 6:23 PM · whonix-base-files, live-mode, Whonix 15, Whonix

Jul 14 2019

Patrick updated the task description for T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 14 2019, 9:29 AM · whonix-base-files, live-mode, Whonix 15, Whonix
Patrick updated subscribers of T913: bug: not all files form /etc/skel are copied to /home/user / create user "user" at boot time.
Jul 14 2019, 8:42 AM · whonix-base-files, live-mode, Whonix 15, Whonix

Jul 11 2019

Patrick created T924: rename to bullseye-security.
Jul 11 2019, 9:12 AM · anon-apt-sources-list, Whonix, Debian version 11 codename Bullseye

Jul 8 2019

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Jul 8 2019, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Jul 8 2019, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Jul 8 2019, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Jul 8 2019, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 7 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Jul 7 2019, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 6 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Jul 6 2019, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T600: Integrating Guix/Nix Package Manager.

Any update?

Jul 6 2019, 12:40 PM · Whonix, packaging, research
Patrick added a comment to T622: Run unMessage on Whonix.

Dead upstream.

Jul 6 2019, 12:34 PM · Whonix
Patrick added a comment to T857: Why? Keep? Qubes-Whonix /sbin/ethtool -K ${INTERFACE} sg off | /sbin/ethtool -K ${INTERFACE} tx off.

Any idea? @marmarek

Jul 6 2019, 12:32 PM · Whonix 16, qubes-whonix, Whonix
Patrick closed T859: test as Resolved.
Jul 6 2019, 12:31 PM · Whonix, Restricted Project
Patrick added a comment to T904: make sure there is no swap by default.

There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.

Jul 6 2019, 12:30 PM · Whonix-Host, Whonix
Patrick added a comment to T654: create an unMessage onion-grater profile.

Dead upstream.

Jul 6 2019, 12:28 PM · Whonix, onion-grater (Control Port Filter Proxy)

Jul 4 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Jul 4 2019, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Jul 4 2019, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jul 3 2019

Patrick updated subscribers of T670: Activating Lockdown.

Could you test this please by installing in VM and/or host please? @madaidan

Jul 3 2019, 8:45 AM · Debian version 10 codename Buster, Whonix

Jul 1 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Jul 1 2019, 10:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jun 29 2019

Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Jun 29 2019, 12:13 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Jun 27 2019

Patrick added a comment to T818: simplify tb-starter function tb_detect_starter_bin.

Blocked by Qubes.
Qubes start menu incompatible with DispVMs launching GUI applications into the background
https://github.com/QubesOS/qubes-issues/issues/5129

Jun 27 2019, 3:26 PM · Whonix, Whonix 16, tb-starter
Patrick added a comment to T923: Some texts on whonix connection wizard are truncated.

marmarek (Marek Marczykowski-Górecki):

Is there a reason for fixed geometry of those widgets, instead of letting Qt figure it out based on the content?

Jun 27 2019, 2:40 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick added a project to T923: Some texts on whonix connection wizard are truncated: anon-connection-wizard.

I have no idea why this started happening without changes. Perhaps due to underlying libraries changes. Anyhow, fixed in git master.

Jun 27 2019, 2:15 PM · anon-connection-wizard, Whonix, Whonix 15
Patrick updated the task description for T215: install electrum bitcoin thin client by default?.
Jun 27 2019, 12:59 PM · anon-meta-packages, research, Whonix
Patrick updated the task description for T689: use whonixcheck Whonix News to count Whonix users.
Jun 27 2019, 12:51 PM · Whonix 14, Whonix, whonixcheck
Patrick removed a project from T912: qubes integration tools missing: Whonix 15.
Jun 27 2019, 10:53 AM · Qubes, Whonix
Patrick added a comment to T912: qubes integration tools missing.

Work for me too in new build https://forums.whonix.org/t/qubes-whonix-15-templatevms-debian-buster-based-4-0-1-201906232114-testers-wanted/7601

Jun 27 2019, 10:53 AM · Qubes, Whonix
Patrick added a comment to T769: Add LUKS container GUI or CLI utility by default.

Does this work in https://forums.whonix.org/t/whonix-virtualbox-15-0-0-3-3-debian-buster-based-testers-wanted/7604? @HulaHoop

Jun 27 2019, 10:42 AM · Whonix 15, Debian version 10 codename Buster
Patrick removed a project from T891: upgrade build_sources/rpi-preferences for Debian 10/ buster: Whonix 15.
Jun 27 2019, 10:35 AM · build, Whonix
Patrick added a comment to T869: Install Firejail by default inside Whonix.

Implementation looks good enough for now.

Jun 27 2019, 10:34 AM · Whonix 15, Whonix, firejail
Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Will keep watching what Tails is doing.

Jun 27 2019, 10:33 AM · Whonix 16, research, Whonix
Patrick edited projects for T582: revisit handling of /var/lib/dbus/machine-id, added: Whonix 16; removed Whonix 15.
Jun 27 2019, 10:33 AM · Whonix 16, research, Whonix
Patrick removed a project from T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: Whonix 15.
Jun 27 2019, 10:32 AM · anon-connection-wizard, python, Whonix
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

Seems ok after full removal and re-creation.

Jun 27 2019, 10:31 AM · Whonix 15, Whonix, qubes-template-whonix
Patrick added a comment to T818: simplify tb-starter function tb_detect_starter_bin.

https://github.com/Whonix/tb-starter/commit/11ed26d14ed308891db5fc366a1002da41bdd3c1

Jun 27 2019, 9:13 AM · Whonix, Whonix 16, tb-starter
Patrick edited projects for T921: Installing git-all will delete some Whonix packages , added: Whonix 16, anon-meta-packages; removed Whonix 15.
Jun 27 2019, 9:01 AM · Whonix

Jun 25 2019

Patrick added a comment to T869: Install Firejail by default inside Whonix.

Xpra is only used for GUI isolation.

Jun 25 2019, 3:00 PM · Whonix 15, Whonix, firejail

Jun 24 2019

Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Jun 24 2019, 3:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T921: Installing git-all will delete some Whonix packages .

runit-sysv is incompatible with Whonix and Qubes Debian template. Even sudo apt install runit-sysv --no-install-recommends would uninstall some Whonix or Qubes packages.

Jun 24 2019, 12:52 AM · Whonix
Patrick updated subscribers of T921: Installing git-all will delete some Whonix packages .

git-all also breaks Qubes Debian buster template. @marmarek

Jun 24 2019, 12:42 AM · Whonix
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

Another workaround with full git-all functionality that does not break Whonix:

Jun 24 2019, 12:37 AM · Whonix
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

Another workaround:

Jun 24 2019, 12:32 AM · Whonix
Patrick added a comment to T921: Installing git-all will delete some Whonix packages .

Workaround:
While this should be fixed, note, meanwhile the following works perfectly well for general use of git (I did not ever had any situation where I was missing any features):

Jun 24 2019, 12:30 AM · Whonix
Patrick added a project to T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: anon-connection-wizard.
Jun 24 2019, 12:21 AM · anon-connection-wizard, python, Whonix
Patrick added a project to T922: Tor-Control-Panel has extra bridge (snowflake) feature which are missed in ACW & normal TBB: python.
Jun 24 2019, 12:20 AM · anon-connection-wizard, python, Whonix

Jun 23 2019

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?

Jun 23 2019, 7:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

sudo journalctl -f in dom0 does not show anything when running qvm-sync-appmenus whonix-gw-15 in dom0.

Jun 23 2019, 12:21 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

QVMM applications tab looks good btw. Just the default applications listed in Qubes start menu (without ever using QVMM applications tab) is not properly populated.

Jun 23 2019, 12:19 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick updated subscribers of T631: re-enable tor-controlport-filter.service systemd hardening.

Does not work yet. @madaidan

Jun 23 2019, 10:27 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Jun 21 2019

Patrick added a comment to T521: simplify https://www.whonix.org/wiki/Documentation.

https://forums.whonix.org/t/splitting-whonix-documentation-into-a-short-and-long-edition-for-better-usability/1861/53?u=patrick

Jun 21 2019, 1:34 PM · Whonix, user documentation, usability
Patrick added a comment to T400: re-implement Tor Browser local version number detection.

https://github.com/Whonix/tb-updater/commit/36561b7f8b54605ea33f4842930f2cdabcd17365

Jun 21 2019, 5:05 AM · usability, Whonix, tb-updater

Jun 20 2019

Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

sys-whonix shows sdwdate-gui.desktop by default but not

Jun 20 2019, 4:22 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick updated subscribers of T912: qubes integration tools missing.

Any idea why these are missing? @marmarek

Jun 20 2019, 4:18 PM · Qubes, Whonix
Patrick added a comment to T883: configure Qubes-Whonix XFCE default start menu entries (whitelisted appmenus).

anon-whonix / sys-whonix lacks a lot entries.

Jun 20 2019, 3:51 PM · Whonix 15, Whonix, qubes-template-whonix
Patrick added a comment to T912: qubes integration tools missing.
  • Copy to VM
  • Move to VM
  • Create Archive...
Jun 20 2019, 2:03 PM · Qubes, Whonix
Patrick updated the task description for T912: qubes integration tools missing.
Jun 20 2019, 1:56 PM · Qubes, Whonix
Patrick added a comment to T869: Install Firejail by default inside Whonix.

The problem is, xpra (actually xpra | xserver-xephyr | xvfb) isn't in the list of Recommends: of the firejail package by accident. We don't really know the rationale of that. Could be an optional dependency and without it, some things someone who knows firejail who is happy to find it installed would wonder why it actually does not work.

Jun 20 2019, 7:08 AM · Whonix 15, Whonix, firejail
Patrick closed T817: install jitterentropy by default as Resolved.
Jun 20 2019, 6:59 AM · Whonix 15, Debian version 10 codename Buster, Whonix
Patrick updated the task description for T920: consider /etc/xdg/xfce4/ defaults.
Jun 20 2019, 6:53 AM · Whonix 15, security-misc, whonix-xfce-desktop-config, Whonix

Jun 15 2019

Patrick updated the task description for T918: mediawiki extensions to install for better links.
Jun 15 2019, 4:15 AM · server-ssh-access-required, website, Whonix

Jun 14 2019

Patrick changed the status of T769: Add LUKS container GUI or CLI utility by default from Open to testing-in-next-build-required.
Jun 14 2019, 3:31 PM · Whonix 15, Debian version 10 codename Buster
Patrick edited projects for T803: coyIM, added: Whonix 16; removed Whonix 15.
Jun 14 2019, 3:30 PM · Debian version 11 codename Bullseye, Whonix 16, anon-meta-packages, Whonix