Patrick renamed T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables from Consider nftables as a replacement for iptables to Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Dec 11 2019, 2:11 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Or skip nftables and use Berkeley Packet Filter (BPF)?

Dec 11 2019, 2:10 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Patrick updated the task description for T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Dec 11 2019, 2:09 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Nov 21 2019

Patrick closed T621: Combatting sclockadj's log spam as Resolved.

Not a problem anymore.

Nov 21 2019, 8:54 PM · Debian version 10 codename Buster, research, Whonix

Nov 6 2019

Patrick closed T444: test if Ricochet IM instructions are functional as Invalid.

https://www.whonix.org/wiki/Chat#Ricochet_IM

Nov 6 2019, 3:33 AM · onion-grater (Control Port Filter Proxy), research, Whonix

Oct 21 2019

Patrick added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

NonaSuomy:

Added requested NFTables example from duclicsic #netfilter freenode.

Oct 21 2019, 7:33 AM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Oct 17 2019

HulaHoop added a comment to T509: Consider nftables / Berkeley Packet Filter (BPF) as a replacement for iptables.

Starting with Bullseye nftables will be the default:

Oct 17 2019, 7:29 PM · iptables, vpn-firewall, whonix-ws-firewall, whonix-gw-firewall, Whonix, refactoring, research

Oct 15 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

https://redmine.tails.boum.org/code/issues/17156

Oct 15 2019, 9:26 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 13 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Analysis by Cyrus cited here for completion:

Oct 13 2019, 4:18 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Oct 6 2019

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Oct 6 2019, 10:53 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Patrick updated subscribers of T530: CPU-induced latency Covert Channel Countermeasures.

Oct 6 2019, 9:50 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Reported build failures:

Oct 6 2019, 9:47 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0

Oct 6 2019, 9:01 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.

Oct 6 2019, 6:04 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Aug 11 2019

Patrick updated the task description for T215: install electrum bitcoin thin client by default?.

Aug 11 2019, 2:13 PM · anon-meta-packages, research, Whonix

Aug 9 2019

Patrick added a comment to T215: install electrum bitcoin thin client by default?.

install electrum appimage by default:
https://github.com/Whonix/anon-meta-packages/commit/71d40f5316ee7eb38eb04142d80d23c56a48407b

Aug 9 2019, 11:50 AM · anon-meta-packages, research, Whonix

Jul 6 2019

Patrick added a comment to T600: Integrating Guix/Nix Package Manager.

Any update?

Jul 6 2019, 12:40 PM · Whonix, packaging, research

Jun 27 2019

Patrick updated the task description for T215: install electrum bitcoin thin client by default?.

Jun 27 2019, 12:59 PM · anon-meta-packages, research, Whonix

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Will keep watching what Tails is doing.

Jun 27 2019, 10:33 AM · Whonix 16, research, Whonix

Patrick edited projects for T582: revisit handling of /var/lib/dbus/machine-id, added: Whonix 16; removed Whonix 15.

Jun 27 2019, 10:33 AM · Whonix 16, research, Whonix

May 12 2019

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

Maybe there is no need. It's just when Tails has a ticket, we should
check it at Whonix too. Thank you for looking into this, too!

May 12 2019, 5:36 PM · Whonix 16, research, Whonix

madaidan added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

The way it is now looks fine. Why would it need to be changed?

May 12 2019, 2:36 PM · Whonix 16, research, Whonix

Patrick added a comment to T582: revisit handling of /var/lib/dbus/machine-id.

madaidan (madaidan):

madaidan added a comment.

> https://lists.ubuntu.com/archives/apparmor/2016-February/009371.html says it is used for various things so it might break some things.

Wouldn't using a fake machine-id e.g. a bunch of zeroes fix this?

May 12 2019, 3:21 AM · Whonix 16, research, Whonix